Test plan:
- Create a basket
- Click the "Add to basket" button
- Click "Search" on the first line
=> Without this patch you get an ugly screen: https://snag.gy/U8X3ZK.jpg
=> With this patch applied you will not be able to submit without
filling the input in
QA note: Yes, we could handle that controller side as well, but much
more work.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a workflow for adding to a basket from a file. It
removes the need to stage the file before going to the basket and allows
you to stage the file and return to the basket
To test:
1 - Have basket in acquissitions
2 - Click add to basket
3 - Note new option to 'Add from new file'
4 - Click it
5 - You will be sent to the record import tool
6 - Stage your file
7 - There is a link after staging 'Add records to basket'
8 - Click it
9 - Your items should be added
Signed-off-by: Sonia <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This enhancement introduces a possibility to place orders
from hold ratios list:
- new option "Add order to basket" -> "From titles w/ highest hold ratios";
(user gets redirected from acqusition to "hold ratios" list in circulation)
- "N to order" in "Items needed" column now becomes a link - when clicked,
user gets redirected back to acquisition, directly to order form for
a choosen title (suggested quantity "N to order" is being preserved)
- in the "Items needed" column, there is an additional indication if
there are any pending (not yet received) orders for a given title
This solution is not exactly ideal.. most important drawback: to use
it librarian needs both acquisition & circulation priviledges; if not
having both - new options will not show / wouldn't be active. But it
requires relatively small amount of changes in the code.
To test:
- apply patch,
- test new functions (try to place some orders using an newly added
option, examine resulting order records etc.)
- check modified hold ratios list for possible problems (for user
with only circulation priviledges, additional information regarding
pending orders should be still visible, but not the link
to order form)
- ensure the two following existing options for adding orders to basket
("From an existing record", "From a new (empty) record") a still working
properly.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Minor edit in signoff: Changed "w/" to "with"
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
This works nicely in my tests, neat new addition.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds an "add to basket" link to the vendor search results
page for each open basket associated with each vendor. Clicking it
triggers a modal window with the "add to basket" choices for that vendor
and basket.
Other changes in this patch:
- The add-to-basket include has been modified in order to make it more
useful in this context.
- booksellers.pl has been modified to check for an existing budget so
that the add-to-basket include can properly display a warning if there
are none.
- "New basket" and "Receive shipment" buttons associated with each
vendor search result have been converted to Bootstrap-styled buttons.
- Basket closed date has been moved into its own column so that the
table can be sorted by that value.
- Table columns containing dates now use the "title-string" sort option,
eliminating the need for a special date sorting algorithm.
- Converted some &'s to &'s
To test, apply the patch and search for a vendor. For each vendor in
your search results baskets which are open should include an "add to
basket" link. Clicking it should open a modal dialog with the same "add
to basket" options offered on the basket page. The correct vendor ID and
basket number should be associated with each link.
The newly-styled "new basket" and "receive shipment" buttons should work
correctly. Table sorting should work correctly, including the new
"closed" column.
Since the add-to-basket include file was modified, the "add to basket"
button on the basket view page should also be tested (acqui/basket.pl).
Signed-off-by: Campbell Reid-Tait <campbellreidtait@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
DB changements:
- Adds 2 fields: subscription.reneweddate and aqorders.subscriptionid.
- Removes 2 unused fields: aqorders.serialid and aqorders.subscription.
Main test plan:
1) Create a subscription
2) Create a bookseller and a basket
3) Add a new order 'from a subscription'
4) Search your subscription and check if results are correct
5) Click on the "order" link
6) Check the biblio information are filled in the form
7) Select a budget and fill some price information.
8) retry steps 3 and 4. Verify you cannot order the same subscription.
Message:Outstanding order (only one order per subscription is allowed).
9) click on your subscription (already added) and check you have a new
table "Acquisition details" with your price information in the "Ordered
amount" line.
10) receive this order
11) On your subscription detail page, the "Spent amount" line must be
filled with your price information.
12) Re order the same subscription. Now you are allowed to. Prices
information have to be filled with the previous information.
13) Retry some orders and click on a maximum of links in order to find a
bug :)
Signed-off-by: Leila Arkab <koha.aixmarseille@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Comments on last patch.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Corrections to Acquisitions include files. Patch
also includes some corrections to unescaped ampersands.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
When ordering from an existing record the 'no budgets and funds defined' error
message was shown below the result list.
To test:
A) No budgets defined for this user and library
Basket summary page shows a warning instead of the link for creation
of orders.
B) Budgets and funds are properly defined for this user and library
Basket summary page shows links for order creation.
Before patch: A search for an existing record had the alert at the bottom
of the search result list.
After patch: The links for creation of orders are shown instead.
Signed-off-by: Liz Rea <lrea@nekls.org>
Verified A and B.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
- Added new include to contain add to basket options
- Minor markup corrections
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
