Bug 37914: Forms for budget planning filters and export should GET rather than POST
Because of the bug 36192 CSRF protection, we intend not to have forms that POST without a param named 'op' with a value starting with 'cud-'. Because of bug 37728, a few were missed, including the 'Filters' form that lets you switch between planning budgets by month or by itemtype or by library, and the 'Export' form that lets you save your planning as a .csv file. Neither one has any need to POST, they can just be the GET they naturally are. Alas, the default data won't let you exercise everything, so there's a lot of setup before the actual testing. Test plan: 1. Patrons - search for Acevedo - More-> Set permissions - check Acquisitions management and Save 2. Administration - Authorized values - Asort1 - New authorized value for Asort1 - value Q1, description First Quarter, then repeat for Q2, Q3, Q4 3. Administration - Budgets - New budget - give it a start date of today, end date of a year from today, a description, a total amount of 100000.00, for Statistic 1 done on choose Asort1 4. Click the name of your new budget - New-> New fund for (name) - give it the code my, name My money, amount 75000.00 and Submit 5. New-> New fund for (name) - give it the code his, name Henry's money, amount 25000.00, and click Select owner, find Henry and Select, then Submit 6. Acquisitions - click Search on an empty search box to find the only vendor - New-> Basket - Give it a name and Save 7. Add to basket - From an existing record (search for something like Perl) click any bib record - Add order - set the required item type and click Add item 8. Scroll down to the Accounting details form, change Fund to My money, and enter 20.00 for the Vendor price and click Save. You just made that fund "active" in the eyes of the Filter form, by spending some of it. 9. Finally set up. Administration - Budgets - click the name of your budget 10. Planning-> Plan by months 11. In the upper left Filter box, check Show my funds only and Submit - you should see Henry's money disappear 12. Uncheck Show my funds only and check Show active funds only and Submit - you should see Henry's money disappear 13. Check Show actual/estimated values and Submit, you should see text for the actual (only in this month, since that's all you spent) and wee little shrunken text boxes for the planning numbers 14. Uncheck all the boxes and change the dropdown from by months to by Asort1 (either one of it, there being two is bug 34159) and Submit, you should have four columns for Q1 - Q4 and only for My money, since Henry doesn't use Asort1 15. Click the Auto-fill row button, and Save 16. In the Export form (which isn't much of a form, since you only have a choice for the filename) click Submit 17. You should have downloaded a .csv file, and if you open it it should have the info from your current planning form. 18. Apply patch, restart_all 19. Repeat steps 9-17, getting the same results you did without the patch Sponsored-by: Chetco Community Public Library Signed-off-by: Sukhmandeep Benipal <sukhmandeep.benipal@inLibro.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
parent
9e43658e6f
commit
e21419b733
1 changed files with 2 additions and 5 deletions
|
@ -206,8 +206,7 @@
|
|||
<div class="col-md-2 order-sm-2 order-md-1">
|
||||
<aside>
|
||||
|
||||
<form method="post" action="/cgi-bin/koha/admin/aqplan.pl">
|
||||
[% INCLUDE 'csrf-token.inc' %]
|
||||
<form method="get" action="/cgi-bin/koha/admin/aqplan.pl">
|
||||
<input type="hidden" name="budget_period_id" value="[% budget_period_id | html %]" />
|
||||
<fieldset class="brief">
|
||||
<h4>Filter</h4>
|
||||
|
@ -263,12 +262,10 @@
|
|||
</fieldset>
|
||||
<fieldset class="action">
|
||||
<input type="submit" name="option_submit" class="btn btn-primary" value="Submit" />
|
||||
<input type="hidden" name="budget_period_id" value="[% budget_period_id | html %]" />
|
||||
</fieldset>
|
||||
</form>
|
||||
[% IF ( budget_lines ) %]
|
||||
<form method="post" action="/cgi-bin/koha/admin/aqplan.pl">
|
||||
[% INCLUDE 'csrf-token.inc' %]
|
||||
<form method="get" action="/cgi-bin/koha/admin/aqplan.pl">
|
||||
<fieldset class="brief">
|
||||
<h4>Export</h4>
|
||||
<ol>
|
||||
|
|
Loading…
Reference in a new issue