Skip to content

3.10.0 (10-19-2021)
Compare
Choose a tag to compare
@ndobb ndobb released this 19 Oct 21:39
· 86 commits to master since this release
v3.10.0
d5558cf

Leaf 3.10.0 focuses on adding community-requested features for user authorization, custom attestations, maintenance and more.

New features

  • #465 - Leaf now allows for user Authorization to be handled by SQL tables within the Leaf app database. Note that this is not Authentication, which still relies on SAML2 for determining the user.

    To enable app database-based authorization:

    1. Set Authorization.Mechanism to "APPDB"

    image

    1. Run the 3.9.2__3.10.0 database migration script to add two SQL new tables for user authorization.

    This feature has no UI component and is designed to be managed purely by admins via SQL. User roles and groups can be added like the example below, with ScopedIdentity matching the username sent by the IdP:

    image


  • #466 - In cases where all authenticated users should be allowed as Leaf users (rather than only members of a specific group), you can now allow them by adding Authorization.AllowAllAuthenticatedUsers: true:

    image

    AllowAllAuthenticatedUsers can be used with both SAML2 and APPDB Authorization.

  • #419 - Custom attestations can now be entered, superseding the default Leaf attestation text shown in the UI upon login (if enabled). This can be used by adding Attestation.Type and Attestation.Text to the appsettings.json file, where Attestation.Type is either "HTML" or "TEXT", and Attestation.Text is an array of strings.

    HTML usage example:
    image

    Text usage example:
    image

    The custom attestation will then be displayed to users:

    image

Minor features and changes

  • #417 - The logout button and feature can now be disabled, requiring a small modification to the appsettings.json file:

    Change

    image

    to

    image

    Where the previous Authentication.LogoutURI is now Authentication.Logout.URI, and can be disabled used Authenication.Logout.Enabled = false.

  • #425 - On the NIH table on the Visualize screen, the subtext now notes that patients without demographic information are excluded from the counts.

Bug fixes

  • #460 - When creating a concept in the Admin UI, Leaf would crash if dropdowns were added before first saving the concept.
  • #447 - Leaf would incorrectly assume a SQL query to be illegal if the token WITH appeared within the WHERE clause.
  • #426 - Concept search would occasionally show a blank (no concepts) if the same search string was used twice.
  • #421 - Long concept text within Timelines would occasionally be cutoff.
  • #418 - Timestamps shown in the Patient List would not match those of the database due to timezone shifting behavior in the browser.
  • #420 - In cases where the user access token had been invalidated but was still cached in the browser, the web client would attempt to re-use it and fail. It now attempts to request a new token on failure.

Upgrading to 3.10.0

  1. Client app and server API - Download and deploy the latest client and server compiled files under Assets, included in this release (or compile on your own as described in the Leaf installation instructions), making sure to first remove any previously deployed instances.
  2. Database - execute the 3.9.2__3.10.0 database update script on your Leaf application database.
  3. appsettings.json - Update your appsettings.json file to include the changes outlined above.
Assets 4
Loading