Mendix 9 compatibility, rules, and UX
Released 18th of May 2021.
Mendix 9 compatible
We are Mendix 9 compatible🎉. For the early adopters out there, #gomakeit, we got your back.
“They are more like guidelines than actual rules.”
New
- We added the rule: Access rules with an Xpath constrain should only use read or none access. An access rule that uses an XPath constraint should only refer to attributes and associations with Read or None access. If the XPath uses attributes or associations with Read, Write access, it may cause a security breach.
- We added the rule: Minimize the use of self-relations. Self-relations are harder to understand in the domain model and especially in XPath queries. Mendix even introduced a reversed() function to determine the direction of the XPath association to be used in a self-relation. The advice is to minimize the use. And if self relations are needed, document them well, test them well and use the allow list for the violation.
- We added the rule: Retrieve by association from persistent to non-persistent is not advised. Non-persistent objects can be created in microflows and exist during execution in a Mendix runtime. The browser maintains a cache of non-persistent objects. However, this browser cache is cleared when the object is no longer needed. This can be on closing a page or after some time or switching a row in a grid. When the microflow retrieves the persistent entity from the database, the association from the non-persistent entity is not linked to this copy.
Improved
- We improved the rule: Entity access default rights for new members should be None or Read. The rule no longer generates duplicate violations—this rule checks per user role since you might want to exclude specific user roles. Consequently, the rule also checks per module role since user roles can have multiple module roles. The checks are now done, and if numerous user roles or module roles match the reason text is extended:
- We improved the unique key for access rule violations. It is now per access rule instead of per entity to place specific access rule violations on the allowlist.
Fixes
- We improved the rule: Retrieve & aggregate combo should not be nullified by using the list. The rule no longer generates duplicate violations. If list variables are used multiple times, a number is added.
- We improved the rule: Microflow called from the client should apply entity access rules. The rule no longer generates duplicate violations. All user and module roles are combined now.
UX improvements
The myth of the documentation button
- We know… we hid the documentation button pretty well. So well that people might even question the button’s existence as only a few have encountered it😉. So about time, we shed some light on this myth. We made it easier for you to go to the documentation. When you hover over a rule, a documentation icon appears that brings you to the rule documentation.
Other improvements
- We made sure fixed violations align with the rest of the violations.
- You can now mark a violation as read or copy its name from the more options.
We hope you enjoy this new release as much as we enjoyed building it. Please let us know if you have any feedback. We greatly appreciate it.