Bug 10195: hide bib details page for OPAC-suppressed bibs

Records hidden with OpacSuppression are filtered from the search results, but the opac-detail page is still visible if you know the biblio number. This patch hides the detail page for suppressed biblios by redirecting (controlled by the syspref OpacSuppressionRedirect) either to opac-blocked (default), explaining that the record is blocked (including optional explanatory text from the syspref OpacSuppressionMessage) or to Koha's 404 page, giving no hint that a biblio with that number exists in the system. Test plan: Make sure you have at least one record with 942$n == 1. Set OpacSuppression to "Don't hide". Do an OPAC search that should bring up your hidden record and other records. Observe that your record is found. Open the detail page for the record. Observe that it is accessible. Copy the URL for later(!). Set OpacSuppression to "Hide". Leave OpacSuppressionByIPRange blank. Set OpacSuppressionRedirect to "an explanatory page ('This record is blocked')." Leave OpacSuppressionMessage blank for now. Disable queryparser(!) (because of bug 10542). Do a full zebra reindex. Do an OPAC search that should bring up your hidden record and other records. Observe that your record is not found. Open the opac-detail URL of the record (the one you copied before). Observe that you are redirected to opac-blocked and it displays a short standard message. Edit OpacSuppressionMessage and input some text. Open the opac-detail URL of the record again (the one you copied before). Observe that the text you entered in OpacSuppressionMessage is displayed under the standard text you have seen before. Set OpacSuppressionRedirect to "the 404 error page ('Not found')." Open the opac-detail URL of the record again (the one you copied before). Observe that you are redirected to Koha's 404 error page. Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-04 00:50:43 +02:00 · 2013-07-04 00:50:43 +02:00 · f2ad0d7424
commit f2ad0d7424
parent 7134663f48
6 changed files with 120 additions and 1 deletions
--- a/installer/data/mysql/sysprefs.sql
+++ b/installer/data/mysql/sysprefs.sql
@ -284,6 +284,8 @@ INSERT INTO systempreferences ( `variable`, `value`, `options`, `explanation`, `
 ('OpacSuggestionManagedBy',1,'','Show the name of the staff member who managed a suggestion in OPAC','YesNo'),
 ('OpacSuppression','0','','Turn ON the OPAC Suppression feature, requires further setup, ask your system administrator for details','YesNo'),
 ('OpacSuppressionByIPRange','','','Restrict the suppression to IP adresses outside of the IP range','free'),
+('OpacSuppressionMessage','','Display this message on the redirect page for suppressed biblios','70|10','Textarea'),
+('OpacSuppressionRedirect','1','Redirect the opac detail page for suppressed records to an explanatory page (otherwise redirect to 404 error page)','','YesNo'),
 ('opacthemes','bootstrap','','Define the current theme for the OPAC interface.','Themes'),
 ('OpacTopissue','0',NULL,'If ON, enables the \'most popular items\' link on OPAC. Warning, this is an EXPERIMENTAL feature, turning ON may overload your server','YesNo'),
 ('OPACURLOpenInNewWindow','0',NULL,'If ON, URLs in the OPAC open in a new window','YesNo'),
--- a/installer/data/mysql/updatedatabase.pl
+++ b/installer/data/mysql/updatedatabase.pl
@ -8405,6 +8405,14 @@ if ( CheckVersion($DBversion) ) {
    SetVersion($DBversion);
 }

+$DBversion = "3.13.00.XXX";
+if ( CheckVersion($DBversion) ) {
+    $dbh->do("INSERT INTO systempreferences (variable,value,explanation,options,type) VALUES ('OpacSuppressionRedirect','1','Redirect the opac detail page for suppressed records to an explanatory page (otherwise redirect to 404 error page)','','YesNo')");
+    $dbh->do("INSERT INTO systempreferences (variable,value,explanation,options,type) VALUES ('OpacSuppressionMessage', '','Display this message on the redirect page for suppressed biblios','70|10','Textarea')");
+    print "Upgrade to $DBversion done (Bug 10195: Records hidden with OpacSuppression can still be accessed)\n";
+    SetVersion($DBversion);
+}
+
 =head1 FUNCTIONS

 =head2 TableExists($table)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/cataloguing.pref
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/cataloguing.pref
@ -156,10 +156,19 @@ Cataloging:
                  yes: Hide
                  no: "Don't hide"
            - items marked as suppressed from OPAC search results. Note that you must have the <code>Suppress</code> index set up in Zebra and at least one suppressed item, or your searches will be broken.
-            - Restrict the suppression to IP adresses outside of the IP range
+            - <br />Restrict the suppression to IP adresses outside of the IP range
            - pref: OpacSuppressionByIPRange
              class: short
            - (Leave blank if not used. Define a range like <code>192.168.</code>.)
+            - <br />Redirect the opac detail page for suppressed records to
+            - pref: OpacSuppressionRedirect
+              choices:
+                  yes: "an explanatory page ('This record is blocked')."
+                  no: "the 404 error page ('Not found')."
+            - <br />Display the following message on the redirect page for suppressed biblios
+            - pref: OpacSuppressionMessage
+              type: textarea
+              class: code
        -
            - pref: SeparateHoldings
              choices:
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-blocked.tt
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-blocked.tt
@ -0,0 +1,32 @@
+[% USE Koha %]
+[% INCLUDE 'doc-head-open.inc' %][% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo;  Blocked
+[% INCLUDE 'doc-head-close.inc' %]
+</head>
+<body id="opac-blocked">
+[% IF ( OpacNav ) %]<div id="doc3" class="yui-t1">[% ELSE %]<div id="doc3" class="yui-t7">[% END %]
+<div id="bd">
+[% INCLUDE 'masthead.inc' %]
+
+<div id="yui-main">
+<div class="yui-b">
+<div class="yui-g">
+            <div id="opac-blocked-message">
+                <h3>Blocked</h3>
+                <p>You are not authorized to view this record.</p>
+                [% IF ( OpacSuppressionMessage ) %]
+                    <div id="opacsuppressionmessage">
+                        <p>[% OpacSuppressionMessage %]</p>
+                    </div>
+                [% END %]
+            </div>
+</div>
+</div>
+</div>
+[% IF ( OpacNav ) %]
+<div class="yui-b">
+<div id="leftmenus" class="container">
+[% INCLUDE 'navigation.inc' %]
+</div>
+</div>[% END %]
+</div>
+[% INCLUDE 'opac-bottom.inc' %]
--- a/opac/opac-blocked.pl
+++ b/opac/opac-blocked.pl
@ -0,0 +1,38 @@
+#!/usr/bin/perl
+
+# This file is part of Koha.
+#
+# Koha is free software; you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# Koha; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+use strict;
+use warnings;
+use CGI;
+use C4::Auth;
+use C4::Output;
+use C4::Context;
+
+my $query = new CGI;
+my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
+    {
+        template_name   => "opac-blocked.tt",
+        query           => $query,
+        type            => "opac",
+        authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
+    }
+);
+
+$template->param ( OpacSuppressionMessage => C4::Context->preference('OpacSuppressionMessage'));
+
+output_with_http_headers $query, $cookie, $template->output, 'html';
--- a/opac/opac-detail.pl
+++ b/opac/opac-detail.pl
@ -89,6 +89,36 @@ if ( ! $record ) {
    print $query->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
    exit;
 }
+
+# redirect if opacsuppression is enabled and biblio is suppressed
+if (C4::Context->preference('OpacSuppression')) {
+    my $opacsuppressionfield = '942';
+    my $opacsuppressionfieldvalue = $record->field($opacsuppressionfield);
+    # redirect to opac-blocked info page or 404?
+    my $opacsuppressionredirect;
+    if ( C4::Context->preference("OpacSuppressionRedirect") ) {
+        $opacsuppressionredirect = "/cgi-bin/koha/opac-blocked.pl";
+    }
+    else {
+        $opacsuppressionredirect = "/cgi-bin/koha/errors/404.pl";
+    }
+    if ( $opacsuppressionfieldvalue->subfield("n") == 1) {
+        # if OPAC suppression by IP address
+        if (C4::Context->preference('OpacSuppressionByIPRange')) {
+            my $IPAddress = $ENV{'REMOTE_ADDR'};
+            my $IPRange = C4::Context->preference('OpacSuppressionByIPRange');
+            if ($IPAddress !~ /^$IPRange/)  {
+                print $query->redirect($opacsuppressionredirect);
+                exit;
+            }
+         }
+        else {
+            print $query->redirect($opacsuppressionredirect);
+            exit;
+        }
+    }
+}
+
 $template->param( biblionumber => $biblionumber );

 # get biblionumbers stored in the cart