The purpose of this document is to provide insight to Sugar Developers for upgrading custom Sugar code, extensions, and integrations to the Sugar 12.1 (Q3 2022) release. This guide focuses on changes in Sugar 12.1 (Q3 2022) that could cause an immediate impact on Sugar customizations and integrations built for earlier Sugar versions.
Please check out the Q3 2022 Developer Webinar recording for more developer highlights. For Admin and End User release notes, please visit the Sugar 12.1.0 Release Notes.
User Experience Updates
Reports Viewer Facelift
This release brings a long waited facelift in Sugar's Report Viewer. This is our first step on moving away from BWC to a much more modern UI built with Sidecar by using commonly available components.
We created a new collapsable/minimizeable layout that contains:
- Datatable for Rows and columns
- Datatable for "Summation" with and without details
- Datatable for Matrix reports
- Filter Container View
- Runtime filtering
- Report Chart Container
In order to improve speed, quality and compatibility, a few updates were added to the SugarWidgetFields. All the changes are the backward compatible. We've also replaced all links that were previously pointing to BWC Report record to a sidecar route.
Forecast Worksheet Improvements
This release brings our continued efforts improving our Forecast Worksheet. It contains lots of UX and usability enhancements as well as new features as described below:
- Opps LV filtering: ilters created and saved in regular Opps List View show up in the Forecast module Opps List View and vice versa
- Opp Review Tab- Show current Opps not old RLIs: The Forecasting worksheet now displays Opportunities instead of RLIs for both, managers and sellers.
- Moved "Settings" to Forecast Megamenu
- Removed Worksheet Columns from Forecast Settings in Studio
- Forecast Worksheet is sticky: person/team picker, time picker, each of the tabs (Opps vs Commitment), Opp review filter, and metric boxes.
- Quick filter boxes will display a loader until all data has been fetched
- Separating Opps from Commitments:Opportunities and Commitments into two tabs called "Opportunity Review" and "Commitment"
- Implement frontend forecast metrics boxes: We added 7 metric boxes: Forecast, Included Pipeline, Upside Pipeline, Excluded Pipeline, Won, Lost, and All.
- Display Commitment and Quota at the top of the Forecasting Worksheet
- Predicted Period-end Revenue (For Sell Premier only)
Update how datapoint values are loaded for seller worksheets
-
The seller worksheet (ForecastWorksheets
list
layout) is no longer a component of the commitment tab -
Each datapoint in the Commitment tab (Likely/Best/Worst) should have its Opportunity Forecast value loaded as:
-
The sum of the Opportunities
Forecasted Likely
,Best
, orWorst
field where:-
Opportunities
Forecast Stage
is classified as Include -
Opportunities
Expected Close Date
is within the current Forecast time period being viewed -
Opportunities
Assigned User
is the current Forecast user being viewed
-
-
-
If Revenue Line Items are enabled, each datapoint in the Commitment tab (Likely/Best/Worst) should have its Revenue Line Item Forecast value loaded as:
-
The sum of the Revenue Line Items
Likely
,Best
, orWorst
field where:-
Revenue Line Items
Forecast Stage
is classified asInclude
-
Revenue Line Items
Expected Close Date
is within the current Forecast time period being viewed -
Revenue Line Items
Assigned User
is the current Forecast user being viewed
-
-
-
The
Commitment
value of the datapoint should be loaded in the following way:-
If there is a previous commitment, initialize
Commitment
to the previously committed value for the datapoint -
If there is no previous commitment, initialize
Commitment
to the result forOpportunity Forecast
-
[UI] Replace 'Hint' with 'Sugar Hint' throughout the UI
We have also replaced all mentions of "Hint" throughout the entire Sugar application with "Sugar Hint". Previous "Hint" logos will also be replaced by the new string "Sugar Hint".
Improve view panel for long emails in sidecar interface
The emails Record View dashlet will now show the entire email content instead of truncating it and users having to manually expand the dashlet to view long emails.
Prior to 12.1, when viewing a long Email Record from a Focus drawer, users had to either resize the Record View dashlet or scroll in order to see the entire content. We have expanded the Record View dashlet so users are able to see the entire email as seen below.
Advanced Forecasting in Dark Mode (For Sell Premier only)
Sell Premier users will now be able to see their “Discover” Dashlets in Dark Mode. .
Sugar REST API updates
This Sugar release introduces REST v11_17.
Supported Platforms Update
DocMerge Deployed on Supported Regions
DocMerge services have been deployed on EU, APAC and CAC regions for better performance and compliance.
Configurability updates
Sugar Config Settings
Setting Name |
Default |
Override Example |
Description |
email_recipient_chunk_size |
10 |
email_recipient_chunk_size '] = 10 |
Defines maximum number of addresses in email's To: field. |
uninstallOnError |
true |
uninstallOnError '] = false |
Disable MLP uninstall when an error happens. |
cache.disable_gz |
false |
$sugar_config['cache']['disable_gz'] = true; | This will modify Sugar's caching behavior to disable compression of the cached data. |
cache.gz_level |
9 |
$sugar_config['cache']['gz_level'] = 2; | Defines the SugarCache compression level, which is not applicable without cache.multi_tenant. |
moduleInstaller.enableEnhancedModuleChecks |
false |
$sugar_config['moduleInstaller']['enableEnhancedModuleChecks'] = false |
Defines whether the curl_*, socket_*, and stream_* functions should be allowed in MLPs. |
security.private_ips |
[ '10.0.0.0|10.255.255.255', '172.16.0.0|172.31.255.255', '192.168.0.0|192.168.255.255', '169.254.0.0|169.254.255.255', '127.0.0.0|127.255.255.255', ] |
$sugar_config['security']['private_ips'] = [ '127.0.0.0|127.255.255.255', '8.8.8.0|8.8.8.8', ]; |
Defines a range of IPs considered to be private. Such IPs and corresponding domains are not reachable via ExternalResourceClient |
Removed Features
Removed Roles module from Sugar
We have removed Roles module from Sugar in this release. As per our research this is an old module and is no longer in use.
Removed Assignment notification email template
Before 10.1 users were able to use different templates for each module after changes from 10.1 went into effect, all modules started using a one-size-fits-all template, which made it hard to pull relevant information for each module. This works for most modules, but not for the Assignment template. In this ticket, we are undoing the work done in 10.1 for the Assignment template only. Users are going to be able to pull relevant info from Assignment template now.
Removed Inline Edit in reports
We have removed inline edit in reports that has been deprecated in previous releases.
Data Changes
Add new "Lost" calculated field to Opportunities
Created a "Lost" read-only calculated field in Opps only (not RLIs) that adds the Likely amount of RLIs that have a Sales Stage = Closed Lost. Users will be able to filter and report on the new field. Field will be available on instances using Opps+ RLIs only.
Lost field was added by default in different sugar layouts. Worst and Best will no longer be displayed be default.
Platform Updates
Introduce safe replacement for curl in MLPs
As part of our ongoing efforts to improve the reliability and security of Sugar, we are introducing a replacement for CURL in MLPs. Sugar now provides a safe way to communicate to external APIs, it should prevent SSRF (Server-side request forgery) attacks on local endpoints and be not vulnerable to DNS rebinding attacks.
This new client has been design to be as secure and simple to use as possible, see below:
<?php
require vendor/autoload.php;
use Sugarcrm\Sugarcrm\Security\HttpClient\ExternalResourceClient;
// Set timeout to 3 seconds and 4 max redirects
$client = new ExternalResourceClient(3, 4);
// Send GET request
echo $client->get('https://httpbin.org/get');
// Send POST
echo $client->post('https://httpbin.org/post', http_build_query(['foo' => 'bar']));
When creating a new instance of this client you can specify the timeout as well as the max redirects it show follow.
It's highly recommended to use HTTPS for all requests when using this client, however, HTTP (non-secure) will be allowed, even though is not recommended.
This client does not support requests to IP addresses. It only supports URL domains/hostnames.
To prevent SSRF in local networks, it reads IP ranges from the Sugar Config ($sugar_config['security']['private_ips’]
).
If you have proxy enabled, this client recognizes it and will use it before making the call.
It is important to notice that all CURL/Stream/Socket functions have been added to the "Blocked/Restricted" list and will prevent upgrades and/or installs of MLPs (Module Loadable Package) in future releases (see deprecation section).
// curl
'curl_copy_handle',
'curl_exec',
'curl_file_create',
'curl_init',
'curl_multi_add_handle',
'curl_multi_exec',
'curl_multi_getcontent',
'curl_multi_info_read',
'curl_multi_init',
'curl_multi_remove_handle',
'curl_multi_select',
'curl_multi_setopt',
'curl_setopt_array',
'curl_setopt',
'curl_share_init',
'curl_share_setopt',
'curl_share_strerror',
//sockets
'socket_accept',
'socket_addrinfo_bind',
'socket_addrinfo_connect',
'socket_addrinfo_explain',
'socket_addrinfo_lookup',
'socket_bind',
'socket_clear_error',
'socket_close',
'socket_cmsg_space',
'socket_connect',
'socket_create_listen',
'socket_create_pair',
'socket_create',
'socket_export_stream',
'socket_get_option',
'socket_getopt',
'socket_getpeername',
'socket_getsockname',
'socket_import_stream',
'socket_last_error',
'socket_listen',
'socket_read',
'socket_recv',
'socket_recvfrom',
'socket_recvmsg',
'socket_select',
'socket_send',
'socket_sendmsg',
'socket_sendto',
'socket_set_block',
'socket_set_nonblock',
'socket_set_option',
'socket_setopt',
'socket_shutdown',
'socket_write',
'fsockopen',
// streams
'stream_bucket_append',
'stream_bucket_make_writeable',
'stream_bucket_new',
'stream_bucket_prepend',
'stream_context_create',
'stream_context_get_default',
'stream_context_get_options',
'stream_context_get_params',
'stream_context_set_default',
'stream_context_set_option',
'stream_context_set_params',
'stream_copy_to_stream',
'stream_filter_append',
'stream_filter_prepend',
'stream_filter_register',
'stream_filter_remove',
'stream_get_contents',
'stream_get_filters',
'stream_get_line',
'stream_get_meta_data',
'stream_get_transports',
'stream_get_wrappers',
'stream_is_local',
'stream_isatty',
'stream_notification_callback',
'stream_register_wrapper',
'stream_resolve_include_path',
'stream_select',
'stream_set_blocking',
'stream_set_chunk_size',
'stream_set_read_buffer',
'stream_set_timeout',
'stream_set_write_buffer',
'stream_socket_accept',
'stream_socket_client',
'stream_socket_enable_crypto',
'stream_socket_get_name',
'stream_socket_pair',
'stream_socket_recvfrom',
'stream_socket_sendto',
'stream_socket_server',
'stream_socket_shutdown',
'stream_supports_lock',
'stream_wrapper_register',
'stream_wrapper_restore',
'stream_wrapper_unregister',
Any MLP/Customization that contains any of the blocked/restricted functions will continue to work unless it requires updates.
New installs, updates or upgrades that go through Package Scanner will be enforced.
Improved SugarIcons
We have added few more icons based on feedback we received from previous versions. New Icons are:
-
Sign-in
-
Social Media: Linkedin, Twitter, Facebook, Instagram, Snapchat, TickTock
-
Travel
-
Legal
-
Laptop
Cloud Drive now supports Dropbox
We have created an external API and a dropbox client for handling requests to dropbox. The standard functionalities found on the other drive integrations were added as well and the sync options for dropbox were added on the subpanel.
With the DropBox integration users are allowed to work directly with the files stored in their space:
- Navigate through the file directory and easily find data related to their customers.
- Avoid manual uploading of the files necessary in Sugar.
- Upload files to the DropBox directly from the Dashlet.
- Share files among other Sugar users.
- Visualize Shared files from other users DropBox.
Web Logic Hooks no longer providing standard logic hook event arguments
We have fixed the after_save
event in the WebLogic Hook that wasn't providing all of it's arguments, so now you can expect: isUpdate, dataChanges, stateChanges.
Same is true for the after_relationship_add
and after_relationship_delete
that are now returning: id, related_id, name, related_name, module, related_module, link, relationship
Add sugar_config option to disable automatic rollback of MLP
If a Sugar developer is trying to debug a failure within a MLP then they may try to install it on a local development instance. If the install triggers an error as expected then Sugar will now promptly uninstall the package which complicates the debugging effort, as well as if a developer is working on a local dev instance and makes a customization that causes a 500 error then it's possible that a recently installed MLP unrelated to the actual error will be uninstalled.
For that reason, we've added the following sugar_config [uninstallOnError
] to disable rollback to make the Sugar developer life easier for debug (use with caution, it's a development utility only)
Compose Email for multiple recipients
If you try to send an email to multiple recipients that exceeds the "to" emailer capacity/limitation you'd receive an internal server error. We've implemented a new setting [email_recipient_chunk_size
] that defines the maxium number of addresses in the email's "To" field.
If an email is to be sent to more than email_recipient_chunk_size
addresses, the list will be split and multiple identical emails will be sent, each one with at most email_recipient_chunk_size recipients in the To: field.
Redis is sometimes slowed down and even causes a failover under the high load
We've improved performance on Redis cache server that was caused by very high traffic from Redis to PHP (outgoing traffic from the Redis perspective).
As Sugar Admin I would like to have the ability to enable compression for Redis data to decrease the traffic. It should be enabled by default, and it should be able to disable it with a config option.
We've added the config cache.disable_gz (true or false) and cache.gz_level (0, 1, 2, 3, 4, 5, 6, 7, 8, 9) (see description in the config section).
Impossible to authorize the default outgoing email account per user when "Allow users to use this account for outgoing email" is disabled
When the admin has configured the system email account to use OAuth2 by unchecking the “Allow users to use this account for outgoing email” checkbox, we'll replace the existing username/password input in the user profile and email settings with an Authorize button and the authorized email account will be displayed under Email Provider upon authorization validation.
Enable Modules by Default in Sugar Mobile
In this release we are enabling modules like Document Templates, Documents, Escalations, Messages, and Purchases to be available by default in Sugar Mobile so users no longer have to go to studio to enable them.
Create new "External Users" object
As we are creating a new platform for Kiosk, we are also designing the user management for Kiosk users separately in the Kiosk platform and there is a need to link the users in Kiosk with different components/objects in CRM e.g. Contact, Lead, Cases etc. In order to achieve this we need to create a new external users object in CRM so that this CRM external user can be mapped to an external user in an external system like Kiosk. This external user in CRM can then be related to any of the objects in CRM.
CRM Endpoint for SugarLive for Kiosk
In this release we have created an endpoint for SugarLive so that Amazon Connect chat can be integrated with Kiosk. We need an endpoint that exposes all of the configs associated with SugarLive and the Portal Chat. We need to be able to connect to the Amazon Connect instance from Kiosk and we need all the configurations for the customers chat window for Kiosk.
Update Forecasting calculations when the refresh button is clicked
The refresh button in the Opps review tab updates changes made to the metric boxes, and Commitment and Quota in the Commitment tab. When inline editing, this one refreshes the metric boxes calculations but not the list view.
Rest Service failures to be logged as fatal
In this release we've updated the RestService (./include/api/RestService.php)
that handles exceptions, specifically for the handleException function, we output exceptions to sugarcrm.log at error level. Failures at API level will now be logged at the fatal level to enable troubleshooting and capturing failures.
$GLOBALS['log']->fatal('An exception happened: ( '.$httpError.': '.$errorLabel.')'.$message);
Deprecated functions
curl_*, socket_*, and stream_* functions should be allowed in MLPs.
Those functions are now blocked/restricted as per release 12.1. The following plan has been put in place to ease the transition:
-
For the Sugar_12.1.0 release, the config parameter (
enableEnhancedModuleChecks
) will be disabled by default allowing MLPs with HTTP clients like curl, socket, and streams to be updated/installed. -
For Sugar_12.2.0 and Sugar_12.3.0 we will enable the config so that MLPs with the above functions will be blocked however Cloud Support has the ability to turn this off.
-
For Sugar_13.0.0 we will be removing the config, by this time we will have given everyone 4 releases time as per our deprecation policy.
-
This client should be backported to all supported sugar versions.