The numerical restricted value was overwritten in GetItemsInfo
with the description. So OpacHiddenItems would only work for
restricted using the description, not the numerical value
of the authorised value like for other similar status fields.
This changes GetItemsInfo to use a separate variable for
the description, as it's already done for notforloan and
changes the template files where the variable is used
accordingly.
To test
- Before applying patch
- Configure OpacHiddenItems with:
restricted: [1]
- Find a record with more than one item and mark one of the items
as "Restricted Access"
(assume standard sample data - check authorised value if status doesn't exist)
- Verify the item is still shown in OPAC.
- Apply patch
- Verify that the item is now hidden
- Verify that the status still displays nicely in the staff detail page
- Delete OpacHiddenItems
- Verify that the status is showing nicely in the OPAC detail page
Signed-off-by: Pierre-Marc Thibault <pierre-marc.thibault@inLibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Why? Because we must filter the variables when we display them.
If we escape them on assignement, they will be double escaped:
[% XXX = "<span>pouet</span>" | html %]
[% XXX | html %]
=> <span>pouet</span>
Also it will bring trouble if we are assigning a structure (see bug
21663 for instance).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Actually catalog detail page shows for damaged and lost items the authorized value description if exists.
We must do the same for withdrawn information.
Test plan :
1) Set for items a subfield linked to items.withdrawn and using the authorized value category 'WITHDRAWN'
2) Edit the authorized value category to add value '2' and description 'Eaten by dog'
3) Edit an item to set this withdrawn value
4) Go to staff interface and look at items in record detail page /cgi-bin/koh/catalogue/detail.pl :
=> Without patch you see 'Withdrawn' and with patch you see 'Eaten by dog'
5) Go to OPAc and look at items in record detail page /cgi-bin/koha/opac-detail.pl :
=> Without patch you see 'Withdrawn' and with patch you see 'Eaten by dog'
Signed-off-by: delaye <stephane.delaye@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In course reserves, if an item which was added to a course is checked
out, it is not possible to show details for that course on OPAC.
The error says: "Template process failed: undef error - The method
onsite_checkout is not covered by tests! at
/home/koha/src/C4/Templates.pm line 121."
onsite_checkout is an attribute of Koha::Checkout, not Koha::Item
Test plan:
Create a course with 2 items that are checked out (standard and on-site)
At the OPAC, add them to your cart and confirm the status of these 2
items is correct
Confirm that on the detail page of the bib record as well as the detail
of the course.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The file opac-tmpl/bootstrap/en/includes/item-status.inc exposes a template directive where translators should not be confronted with.
"%s %s [%%#- This include takes two parameters: an item structure and an "
"optional loan (issue) structure. The issue structure is used by course "
"reserves pages, which do not use an API to fetch items that populates item."
"datedue. -%%] %s %s %s %s "
This patch fixes new lines inside a tt directive (comment).
It is merely a string patch.
To test:
Verify that the code changes make sense.
(Bonus test: create a new language 'aa-AA', verify that line above does not
show up in aa-AA-opac-bootstrap.po)
NOTE: Followed test plan similar to bug 18776 comment 3.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This include file is terribly wrong, it's called from different places
that do not set the same flag.
The status from detail and result page might be different from the one
display on the course reserve table.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by
sysprefs.sql and does not appear in updatedatabase.pl, we could easily
imagine that nobody uses it.
With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set. Otherwise you need to turn
the XSLT off. In this case you will see the images on the result list
(OPAC+Staff interfaces) and OPAC detail page, but not the Staff detail
page.
This patch suggests to remove completely this feature as it does not
work correctly.
The ability to assign an image to an authorised value is now always
displayed, but the image will only be displayed on the advanced search
if defined.
Test plan:
Confirm that the authorised value images are no longer visible at the
opac and the staff interfaces.
The prefs should have been removed too.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Item statuses in the OPAC displayed according to a cascading hierarchy:
If something is lost it will appear as lost, "else if" it is checked out
it will appear as checked out, etc. I don't think there is a logical
reason why statuses should appear this way.
This patch modifies the logic in the template so that multiple statuses
can be displayed at the same time. The patch also wraps each status in
its own class so that libraries can apply custom CSS if they wish.
Some tweaks have been made to the LESS file adding some style to the
common "item-status" class for display of item statuses.
To test, apply the patch and view one or more titles in the OPAC which
have items with the following statuses: lost, checked out, damaged, not
for loan, waiting, on order, in transit, withdrawn, and available.
Modify items to have more that one status simultaneously, in particular
not for loan and damaged.
Also test the display of item statuses in the OPAC cart and the OPAC's
course details page (Course reserves -> [Course name]) since these pages
use the same include file.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Fixing some simple display issues caused by missing/misnamed
variables, probably consequence of the renaming before.
Amended test plan:
- Make sure that if OnSiteCheckoutsForce is set, you can
still perform onsite checkouts and only those.
- Check the detail page in staff says *currently in local use by*
for an on-site checked out item
- Check the detail page in OPAC with OPACShowCheckoutName active
for the same.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch implements the In-House Use feature for Koha.
It adds:
- 2 new sysprefs:
'In-House Use' to enable/disable this feature
'In-House Use Forced' to enable/disable the feature for *all* users.
- 2 new columns issues.inhouse_use and old_issues.inhouse_use
- Datatable on the circulation history pages (readingrec) at the OPAC
and the intranet.
A new checkbox in the Circulation tab. If checked, the issue become a
in-house use (in the statistics and issues tables).
When you check it, the due date changes to the today date.
The syspref "In-House Use Force" allows to force the in-house use to
permit the checkout even if the borrower is debarred or others problems.
In the issue table, a new string (in red) marks the issue as "in-house use".
The circulation history contains 3 tabs : "all", "checkout" and
"in-house use" (OPAC and intranet).
The cronjob script:
If AutomaticItemReturn if off, a library would like not to do a transit
operation manually. This script (to launch each night) do returns
for a specific branches.
Test plan:
1/ Execute the updatedatabase entry
2/ Enable the 'In-House Use' pref.
3/ Checkout a biblio for a patron and check the 'in-house use' checkbox.
4/ Check that the due date is the today date (with 23:59) and is not modifiable.
5/ Click on the check out button and check that the new check out
appears in the table bellow with the "(In-house use)" string.
6/ Go on the circulation history pages (readingrec and opac-readingrec)
and try the 3 tabs. In the last one, your last checkout should appear.
7/ Check in.
8/ Check readingrec pages.
9/ Choose a debarred patron and check that you cannot checkout a biblio
for him.
10/ Switch on the 'In-House Use Forced' pref
11/ You are now allowed to checkout a biblio for the debarred patron.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds a new system preference 'OPACAcquisitionDetail'.
If it is enabled, information about items on order will be displayed on
the OPAC detail page.
Test plan:
- switch on the OPACAcquisitionDetails pref.
- set the AcqCreateItems pref to 'receiving'.
- create some orders on 1 or more items.
- go to the opac detail page and verify the "Holdings" tab contains the
line "X item are on order." (at the bottom of the table containing the
item list).
- receive the items.
- verify the number of items has decreased.
- set the AcqCreateItems pref to 'ordering'.
- create some orders on 1 or more items.
- go to the opac detail page and verify the item list contains the items
with the "on order" status.
- receive the items.
- verify the received items no longer have the the "on order" status.
To test completely this feature, you should verify there is no
regression on the pref OpacMaxItemsToDisplay, OpacSeparateHoldings and
OpacSeparateHoldingsBranch.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Also removed some blank lines from the original patch and bumped up
the DBRev.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This follow-up applies the same fix to the Bootstrap theme. This patch
also includes the changes to item-status.inc in the Bootstrap theme
which were made to the prog theme in Bug 10820: display item status as
lost if item is both lost and on loan.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Bootstrap theme looking so nice. Also the patch works.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The goal of this theme is to provide a fully-responsive OPAC which
offers a high level of functionality across multiple devices with varied
viewport sizes. Its style is based on the CCSR theme, with elements of
the Bootstrap framework providing default styling of buttons, menus,
modals, etc.
The Bootstrap grid is used everywhere, but Bootstrap's default
responsive breakpoints have been expanded to allow for better
flexibility for our needs.
All non-translation-depended files are in the root directory of this new
theme:
css, images, itemtypeimg, js, less, and lib. Languages.pm has been
modified to ignore the new directories when parsing the theme language
directories.
This theme introduces the use of LESS (http://lesscss.org/) to build
CSS. Three LESS files can be found in the "less" directory: mixins.less,
opac.less, and responsive.less. These three files are compiled into one
CSS file for production: opac.css. "Base" theme styles are found in
opac.less. A few "mixins" (http://lesscss.org/#-mixins) are found in
mixins.less. Any CSS which is conditional on specific media queries is
found in responsive.less.
At the template level some general sturctural changes have been made.
For the most part JavaScript is now at the end of each template as is
recommended for performance reasons. JavaScript formerly in
doc-head-close.inc is now in opac-bottom.inc.
In order to be able to maintain this structure and accommodate
page-specific scripts at the same time the use of BLOCK and PROCESS are
added. By default opac-bottom.inc will PROCESS a "jsinclude" block:
[% PROCESS jsinclude %]
Each page template in the theme must contain this block, even if it is
empty:
[% BLOCK jsinclude %][% END %]
Pages which require that page-specific JavaScript be inserted can add it
to the jsinclude block and it will appear correctly at the bottom of the
rendered page.
The same is true for page-specific CSS. Each page contains a cssinclude
block:
[% BLOCK cssinclude %][% END %]
...which is processed in doc-head-close.inc:
[% PROCESS cssinclude %]
Using these methods helps us maintain a strict separation of CSS links
and blocks (at the top of each page) and JavaScript (at the bottom). A
few exceptions are made for some JavaScript which must be processed
sooner: respond.js (https://github.com/scottjehl/Respond, conditionally
applied to Internet Explorer versions < 9 to allow for layout
responsiveness), the _() function required for JS translatability, and
Modernizr (http://modernizr.com/, a script which detects browser
features and allows us to conditionally load JavaScript based on
available features--or lack thereof).
Another new JavaScript dependency in this theme is enquire.js
(http://wicky.nillia.ms/enquire.js/), which lets us trigger JavaScript
events based on viewport size.
I have made an effort to re-indent the templates in a sane way,
eliminating trailing spaces and tabs. However, I have not wrapped lines
at a specific line length. In order to improve template legibility I
have also tried to insert comments indicating the origin of closing tags
like <div> or template directives like [% END %]:
</div> <!-- / .container-fluid -->
[% END # / IF ( OpacBrowseResults && busc ) %]
TESTING
Proper testing of this theme is no easy task: Every template has been
touched. Each page should work reasonable well at a variety of screen
dimensions. Pages should be tested under many conditions which are
controlled by toggling OPAC system preferences on and off. A variety of
devices, platforms, and browsers should be tested.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
