v5.7.0

This release introduces a capability to the template to handle viewing rights on a private marketplace.

Translations changes

New translation keys

  "NoAccessPage.viewListings.schemaTitle": "No viewing rights",
  "NoAccessPage.viewListings.heading": "You don't have viewing rights",
  "NoAccessPage.viewListings.content": "To view this content, you need to receive viewing rights from the {marketplaceName} team.",

Changes 2024-10-08

• [add] Access control: Viewing rights.

  When a user's viewing rights have been revoked:

  • SearchPage redirects to NoAccessPage
  • ListingPage redirects to NoAccessPage unless the user is viewing their own listing. Reviews are
    not displayed.
  • ProfilePage redirects to NoAccessPage unless the user is viewing their own profile. Reviews are
    not displayed.
  • TransactionPage does not show the OrderPanel for transactions at the inquiry state of booking or
    purchase processes.

  #459

v5.6.1

This release changes the logic of how a Call To Action button is rendered, as a change was made on how the permission assets are structured. Instead of using the enabled attribute, the CTA is enabled using the type attribute.

Note: The Call To Action button is not yet enabled in Console.

Changes 2024-10-07

• [fix] Updated JSON asset schema structure from Console: Removed the enabled field, now using only
  the type attribute for CTA status. #463
• [add] Add currently available translations for DE, ES, FR.
  #461

v5.6.0

This release introduces support for restricting user transaction rights and adding a Call To Action link on the NoAccessPage component.

Note that a change to how the Call To Action link functions has been introduced in the newest release v5.6.1.

Translations changes

New translation keys

"InquiryForm.noTransactionRightsError": "Oops, something went wrong. You don't have transaction rights. <NoAccessLink>Read more about transaction rights.</NoAccessLink>",
"NoAccessPage.initiateTransactions.schemaTitle": "No transaction rights",
"NoAccessPage.initiateTransactions.heading": "You don't have transaction rights",
"NoAccessPage.initiateTransactions.content": "To start a transaction, you need to receive transaction rights from the {marketplaceName} team.",

Changed translations

- "InquiryForm.userPendingApprovalError": "Oops, something went wrong. You don't have permission to make inquiries",
- "NoAccessPage.postListings.heading": "You can't publish listings",
- "NoAccessPage.postListings.content": "You need to receive publishing rights from the {marketplaceName} team.",
+ "InquiryForm.userPendingApprovalError": "Oops, something went wrong. Your account is waiting for approval.",
+ "NoAccessPage.postListings.heading": "You don't have publishing rights",
+ "NoAccessPage.postListings.content": "To publish listings, you need to receive publishing rights from the {marketplaceName} team.",

Changes 2024-10-01

• [add] Add support for CTAs on NoAccessPage
  #455

• [add] Add currently available translations for DE, ES, FR.
  #458

• [fix] Topbar: malformed custom link causes a 500 error on server.
  #457

• [fix] ListingPage.shared.js: import for convertMoneyToNumber was not made for priceForSchemaMaybe
  function. #456

• [add] Access control: Transaction rights

  • When a user does not have the "initiateTransactions" permission in their
    effectivePermissionSet relationship and they try to initiate an order or send an inquiry, they
    are redirected to the NoAccessPage.

  #450

• [fix] InquiryForm: test code was committed earlier.
  #452

• [fix] EmailVerification: enforce that currentUser is fetched after verification.
  #451

• [fix] ListingPage: fix 0 as value of listing fields.
  #449

• [fix] EditListingDetailsPanel: fix 0 as value of listing fields.
  #448

• [fix] Currencies that the Stripe does not support should not cause 500 errors.
  #447

v5.5.0

This release fixes the visibility of a no-payout-details banner on ListingPage. It also updates Sentry integration and CSP policy.

Translation changes

+   "NoAccessPage.userPendingApproval.content": "Your account needs to be approved by the {marketplaceName} team before you can start using it.",  
-   "NoAccessPage.userPendingApproval.content": "You need approval from the {marketplaceName} team to get access to the marketplace.",

Changes 2024-09-03

• [add] Add currently available translations for DE, ES, FR.
  #445
• [change] Make the propType blockId optional for all Block types.
  #444
• [change] Update Sentry (v6.19.7 -> v8.26.0). Add ignoreErrors setup, add CSP directives and avoid
  some errors. #441
• [fix] ListingPage: the optional chaining for processType variable was faulty.
  #443
• [change] Updates to the configuration script. Marketplace name is now prompted in the mandatory
  settings. #440
• [change] Update one copy text. #439

v5.4.0

This release prepares the template to work with 2 new access control features:

• The currentUser entity will have state attribute.
  • The possible values are 'pending-approval', 'active', and 'banned'.
  • The 'pending-approval' state is a completely new state.
    • This state is only used if marketplace operator has manually enabled the user approval process from Access control asset
  • Read more: #428
• Private marketplace mode
  • Set through Access control page on Console
  • The asset /general/access-control.json is fetched o check marketplace.private: true/false flag
  • Read more: #434

Note: It might take some time before those features are fully released. I.e. this release just prepares Sharetribe Web Template for the upcoming change.

Translations

  "InquiryForm.userPendingApprovalError": "Oops, something went wrong. You don't have permission to make inquiries",
  "NoAccessPage.userPendingApproval.schemaTitle": "No user approval",
  "NoAccessPage.userPendingApproval.heading": "Your account is waiting for approval",
  "NoAccessPage.userPendingApproval.content": "Your account needs to be approved by the {marketplaceName} team before you can start using it.",  

Changes v5.4.0

• [change] auth.duck.js: login flow should wait for currentUser entity be loaded.
  #436

• [add] Access control: private marketplace mode

  • Fetch a new asset: /general/access-control.json to check private: true/false flag
  • Make SearchPage, ListingPage, ProfilePage, Styleguide require authentication
  • Ensure currentUser entity is loaded before loadData on client-side
  • Restrict data load & add redirections for SearchPage, ListingPage, and ProfilePage

  #434

• [add] Access control: 'pending-approval' state for users.

  • Users will get "state", which is exposed through currentUser's attribute
  • A new state is "pending-approval", which restricts user from initiating transactions and posting
    listings.
  • In addition, 'banned' users will also have state 'banned'.
  • Extra: Routes.js: do not allow banned users to auth pages
  • [fix]: InboxPage.duck.js: include deleted and banned attributes
  • [fix]: ModalMissingInformation: only 'active' users get this modal shown
  • [fix]: Inquiry modal: open the modal after authentication
  • Some util-file imports have been reordered (might cause conflicts)

  #428

• [fix] SearchPage: SearchFiltersMobile (modal) should be above topbar.
  #432

v5.3.0

The main feature here is the introduction of Permission Management for Marketplace Operators

This release introduces support for the upcoming permission feature, allowing marketplace operators to grant or remove a user's right to post listings. The fetchCurrentUser call now includes a new relationship: effectivePermissionSet. This resource serves as the source of truth to determine whether a user can post listings, or reopen previously closed listings. For more detailed information, please refer to the pull request.

Check API endpoint restrictions: https://www.sharetribe.com/api-reference/marketplace.html#currentuser-permissionset

Additional Fixes and Improvements
In addition to the main feature, this update includes several smaller fixes and enhancements. Here are a couple of highlights:

Improved Stripe Onboarding Experience:
Stripe requires a business URL for each seller during onboarding. However, a seller's profile page may be too sparse at the time of creating their first listing (e.g., it might only display "Hi, I'm John"). This has led to some reports from new marketplaces where Stripe blocked sellers due to insufficient profile content. To mitigate this, we now redirect Stripe to the landing page, which typically has more comprehensive content, helping Stripe's algorithm better understand the nature of the business. See PR #430

Enhanced URL Autolinking:
We've added support for parentheses in autolinked URLs within listing descriptions, user bios, and messages.

Translations

New translations

  "NoAccessPage.postListings.schemaTitle": "No publishing rights",
  "NoAccessPage.postListings.heading": "You can't publish listings",
  "NoAccessPage.postListings.content": "You need to receive publishing rights from the {marketplaceName} team.",

Changes v5.3.0

• [change] ProfilePage: redirect Stripe's crawler to landing page (profile page might be empty).
  #430

• [add] Add currently available translations for DE, ES, FR.
  #429

• [add] Handle API's new permission model & permission to post listings

  • CurrentUser fetch includes a new relationship: effectivePermissionSet
  • There is a new Page component: NoAccessPage
  • If user has no posting rights: they can't create or edit a draft listing and they can't open a
    previously closed published listing. Instead, they are redirected to NoAccessPage

  #426

• [fix] Routes.js: reTry can be undefined in some cases (reTry.scrollIntoView)
  #427

• [change] ProfilePage: remove withViewport and refactor a bit.
  #424

• [change] Update express.js (v4.19.2) and nodemon (3.1.4).
  #421

• [add] richText.js: support parentheses on autolinked URLs.
  #419

• [fix] Safari has a bug related to reading array directly from JSON-LD script tag.
  #418

• [fix] There could be rare time-windows when indexing has not caught up with deleted & closed
  listings. This might result those listings to be included to listing queries.
  #417

v5.2.1

This is a patch release to fix one significant bug: when additional shipping fee was set to 0, there was no shipping fee included.
In addition, listing page schema for bookable listings mentioned out-of-stock flag even though stock was not relevant for bookable listings.

Changes v5.2.1

• [fix] fix: calculateShippingFee (when shippingPriceInSubunitsAdditionalItems is 0, no shipping fee
  was included) #414
• [fix] Remove stock from schema if there's no stock in use.
  #405
• [fix] Remove left-behind slash from inquiry-new-inquiry email template reference.
  #406
• [fix] The subject line of purchase-new-order email had a wrong variable name.
  #413
• [change] Fix another typo in FR translations.
  #409
• [change] Fix a typo in FR translations.
  #408
• [add] Add currently available translations for de, es, fr.
  #404
• [fix] The example files of SignupForm and ConfirmSignupForm had wrong data.
  #403
• [change] FilterComponent: relax generated name-attribute for inputs: allow camelCase.
  #402

v5.2.0

This release prepares the codebase for User types!
Read more from the pull request.

In addition, it's going to be possible to

• Toggle the visibility of unselected options on SectionMultiEnumMaybe through hosted assets.
• StripeConnectAccount: use 'collectionOptions' instead of deprecated 'collect'. The
  future_requirements uses 'include' by default.

Translation changes

New translations

  "ConfirmSignupForm.displayNameLabel": "Display name",
  "ConfirmSignupForm.displayNamePlaceholder": "Jane D",
  "ConfirmSignupForm.displayNameRequired": "You need to add a display name.",
  "ConfirmSignupForm.phoneNumberLabel": "Phone number",
  "ConfirmSignupForm.phoneNumberPlaceholder": "Enter your phone number.",
  "ConfirmSignupForm.phoneNumberRequired": "You need to add a phone number.",
  "ContactDetailsForm.phoneRequired": "A phone number is required.",
  "EditListingDetailsForm.listingTypeRequired": "You need to select a listing type.",
  "FieldSelectUserType.label": "User type",
  "FieldSelectUserType.placeholder": "Choose a user type",
  "FieldSelectUserType.required": "You need to select a user type.",
  "ListingPage.errorInvalidListingMessage": "The listing contained invalid data. Please contact the marketplace operator.",
  "ProfileSettingsForm.displayNameHeading": "Your display name",
  "ProfileSettingsForm.displayNameInfo": "The display name defaults to first name plus initial of last name.",
  "ProfileSettingsForm.displayNameLabel": "Display name",
  "ProfileSettingsForm.displayNamePlaceholder": "Jane D",
  "ProfileSettingsForm.displayNameRequired": "This field is required.",
  "SignupForm.displayNameLabel": "Display name",
  "SignupForm.displayNamePlaceholder": "Jane D",
  "SignupForm.displayNameRequired": "You need to add a display name.",
  "SignupForm.phoneNumberLabel": "Phone number",
  "SignupForm.phoneNumberPlaceholder": "Enter your phone number.",
  "SignupForm.phoneNumberRequired": "You need to add a phone number.",

Changed translations

  "ModalMissingInformation.verifyEmailText": "Please verify your email address so we can send you your receipt and information on your order status. We are unable to send you emails before your email has been verified.",
  "StripeConnectAccountForm.stripeToSText": "By saving the details, you agree to the {stripeConnectedAccountTermsLink}.",

Changes v5.2.0

• [add] add currently available translations for de, es, fr.
  #400

• [add] This adds user types. User fields can be tied to user types

  • User fields contain multiple default user fields
    • Only displayName and phoneNumber can be toggle on/off
      • You can also toggle wether those are shown on sign up forms.
  • Custom user fields can be tied to user types.
  • AuthenticationPage: SignupForm and ConfirmSignupForm show a dropdown to select user type if it's
    not preselected
    • Default
  • New route SignupForUserTypePage with path /signup/:userType
    • This route preselects one user type for the sign up forms.
    • If preselected userType is there (/signup/:userType), then
      • Dropdown selector is not shown.
      • Toggling between login & signup tabs should keep the userType in memory
      • Using SSO, saves the preselected user type to a temporary cookie (to be used in
        ConfirmSignupForm after returning from ID provider's website)
    • An unknown (e.g. outdated) userType in the route will show 404 page.

  #399

• [add] Toggle the visibility of unselected options on SectionMultiEnumMaybe through hosted assets.
  #382

• [fix] Update SDK to v1.21.1. Fixes bug with extended data with a key length and a number type
  value. #398

• [fix] util/sanitize.js: handle publicData = null case which happens with banned user
  #397

• [fix] en.json: typo on 'ModalMissingInformation.verifyEmailText'
  #396

• [fix] Ensure that there is listingType, transactionProcessAlias and unitType defined.
  #394

• [fix] en.json: typo on 'StripeConnectAccountForm.stripeToSText'
  #395

• [change] StripeConnectAccount: use 'collectionOptions' instead of deprecated 'collect'. The
  future_requirements uses 'include' by default.
  #392

• [fix] mergeDefaultTypesAndFieldsForDebugging was set to true, which is wrong. The 0 handling with
  min and max was wrong. #393

v5.1.0

This release contains several small updates:

• Updates SDK to v1.21.0
• Changes login-as feature
• Adds autolinking to bio on profile page, description on listing page, listing fields & user fields that are of schema type 'text', and messages between customer and provider.
  • Note: only links starting with http are considered and the link is detected and added on UI rendering phase.
• Prepares codebase to get the color of <PrimeryButton> from branding asset.
• Prepares codebase to handle listing fields with schema type ’long’: adds a new filter.

Translation changes

New translation keys

  "CustomExtendedDataField.numberTooSmall": "The number must be larger than or equal to {min}",
  "CustomExtendedDataField.numberTooBig":  "The number must be less than or equal to {max}",
  "LimitedAccessBanner.fullRightsMessage": "You're logged in as {firstName} {lastName}. You have full access rights. In a Live environment, you will have limited rights.",
  "LimitedAccessBanner.fallbackMessage": "You're logged in as {firstName} {lastName}.",
  "IntegerRangeFilter.labelSelectedPlain": "{minValue} - {maxValue}",

Changed translations

-  "LimitedAccessBanner.message": "You are logged in as {firstName} {lastName}. You have limited rights for actions. You cannot initiate transactions, take actions in them or send messages on behalf of transacting parties.",
+  "LimitedAccessBanner.message": "You're logged in as {firstName} {lastName}. You have limited access rights. You can't initiate transactions, move them forward, or send messages on the user's behalf.",

Changes v5.1.0

• [add] support for extended data fields with type long
  #364

• [change] the login-as feature has changed:

  • Update SDK to v1.21.0
  • Use sdk.loginAs instead of sdk.login, which is deprecated for this purpose
  • Use authInfo.isLoggedInAs instead of relying on auth token's scope to determine if current
    session is operator user logged in as marketplace user.
  • Note: when taking update from upstream, check also commit be7e2b9.

  #386

• [fix] the email template for default-purchase process
  (purchase-order-canceled-from-disputed-provider-html.html) contained copy-paste related typo.
  #390

• [add] Autolink text on the UI. Those links must start with 'http' to be recognized.

  • ListingPage > Listing's description
  • ListingPage > Listing fields with schema type ‘text’
  • ListingPage > User's bio on
  • ProfilePage > User's bio
  • ProfilePage > User fields with schema type ‘text’
  • TransactionPage > Messages
  • TransactionPage > inquiryMessage

  #385

• [change] handle listings with draft and pending-approval state with login-as feature.
  #387

• [Add] Get the color of the PrimeryButton from branding asset.
  #379

• [change] Add preview resolution for listing in PreviewResolverPage
  #384

• [add] Support for a target path parameter (target_path) in the login as user functionality
  #383

• [change] listingMinimumPriceSubUnits: update code comments (0 is not valid value in hosted asset).
  #381

• [fix] Styleguide shows multiple versions of some components. The 'id' attributes need to be
  unique. #380

v5.0.1

Changes v5.0.1

• [fix] Fix: currentUser was not passed to billing details, which resulted email address missing on
  Stripe side. #377
• [fix] currentUserHasListings info. This is an old bug that emerged when we introduced draft status
  to listing. The fetched listing might not be a published one but a draft listing. The ownListings
  API endpoint is not queryable to get only published listings but luckily we have introduced
  authorId filter to listings end point later on.
  #376
• [add] Update translations for de.json, es.json, and fr.json.
  #374
• [change] Update one copy text. #373
• [change] EditListingDetailsForm: pass categoryLevel as argument to translations.
  #372
• [fix] Fix: when changing categories, clear previously saved ones
  #371
• [fix] util/search.js: fix pickInitialValuesForFieldSelectTree.
  #369

Translation changes

Changed translations

• A new argument categoryLevel is passed for category input field
• Gif is not mentioned as it caused confusion. Animated gifs are not supported by the service we use for generating responsive images.

  "EditListingDetailsForm.categoryLabel": "{categoryLevel, select, categoryLevel1 {Category} other {Subcategory}}",
  "EditListingDetailsForm.categoryPlaceholder": "{categoryLevel, select, categoryLevel1 {Select category} other {Select subcategory}}",
  "EditListingDetailsForm.categoryRequired": "{categoryLevel, select, categoryLevel1 {You need to select a category.} other {You need to select a subcategory.}}",
  "EditListingPhotosForm.imageTypes": ".JPG or .PNG. Max. 20 MB",
  "ProfileSettingsForm.fileInfo": ".JPG or .PNG. Max. 20 MB",

Deleted translation keys

  "EditListingDetailsForm.subCategoryLabel": "Subcategory",