Problem arises after applying bugfix 27526 and 28445: with
IndependentBranches on, a librarian without superlibrarian privileges,
can edit (and potentially delete) every item (i.e. also from a foreign
branch). This is because can_be_edited calculation is buggy (in two spots).
Test plan:
1. Have (at least) two branches defined.
2. Have IndependentBranches set.
3. Have a biblio record with items belonging to different branches.
4. Be a librarian without superlibrarian rights, with editcatalogue
and tool permissions set.
Scenario A (Edit items):
1. Go to Edit -> Edit items view (cataloguing/additems.pl).
2. You will be able to edit every item, also ones not from the branch
you are from (cf. the button 'Actions').
3. Apply the patch.
4. Repeat 1.
5. You should be able to edit only the items from your branch.
Scenario B (Edit items in batch):
1. From Normal view go to Edit -> Edit items in batch.
2. You will be able to batch edit every item, also ones not from the branch
you are from.
3. Apply the patch.
4. Repeat 1.
5. You should be able to edit only the items from your branch (and
see 'Cannot edit' for others.
Scenario C (Delete items in batch):
1. From Normal view go to Edit -> Delete items in batch.
2. You will not see the string 'Cannot delete' and only by chance
will not be able to activate the checkboxes next to foreign items.
3. Apply the patch.
4. Repeat 1.
5. You should be able to delete only the items from your branch (and
see 'Cannot delete' for others.
Scenario D and E:
Analogous steps can be executed from Tools -> Batch item modification
and Tools -> Batch item deletion
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Broken by bug 28445.
See also the FIXME from
commit 86156da415
Bug 28445: Adjust code to handle regexs
The problem is that the cataloguing plugins inject JS code in the DOM BEFORE the footer
in somes page we have all the JS loaded at the end of the DOM
and so $ (jQuery) is not defined
It's working on additem as we don't have the JS in the footer, but the
batch item mod tool has it there.
Test plan:
Batch edit items and confirm that cataloguing are working correctly with
this patch applied.
Signed-off-by: Andrew Nugged <nugged@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch applies the changes describe in the main commit message about
the "limitation" and "the behaviour in master was buggy".
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Here we go!
Disclaimer: this patch is huge and does many things, but splitting it in
several chunks would be time consuming and painful to rebase. However it
adds many tests and isolate/refactor code to make it way more reusable.
This patchset will make the "batch item modification" and "batch item
deletion" features use the task queue (reminder: Since bug 28158, and so
21.05.00, we do no longer use the old "background job" functionality and
the user does not get any info about the progress of the job).
More than that, more of the code to build an item form and a list of
items is now isolated in module (.pm) and include files (.inc)
We are reusing the changes made by bug 27526 that simplifies the way we
edit/create items (no more unecessary serialization Koha > MARC > MARCXML
> XML > HTML)
New module:
* Koha::BackgroundJob::BatchDeleteItem
Subclass for process item deletion in batch
* Koha::BackgroundJob::BatchUpdateItem
Subclass for process item modification in batch
* Koha::Item::Attributes
We needed an object to represent item's attributes that are not
mapped with a koha field (aka "more subfields xml")
This module will help us to create the marcxml from a hashref and the
reverse.
* Koha::UI::Form::Builder::Item
The code that was used to build the add/edit item form is
centralised in this module. In conjunction with the
subfields_for_item BLOCK (from html_helpers.inc) it will be really
easy to reuse this code in other places where the item form is used
(acquisition and serials modules)
* Koha::UI::Table::Builder::Items
Same as previously for the table. We are now using this table from 3
different places (batch item mod, batch item del, backgroung job
detail view) and the code is only in one place.
To use with items_table_batchmod BLOCK (still from html_helpers.inc)
This patch is fixing some bugs about repeatable subfields and regex. A UI
change will reflect the limitation: if you want to apply a regex on a
subfield you cannot add several subfields for the same subfield code.
Test plan:
Prepare the ground:
- Make sure you are always using a bibliographic/item record using the framework
you are modifying!
- Add some subfields for items that are not mapped with a koha field
(note that you can use 'é' for more fun, don't try more funny
characters)
- Make some subfields (mapped and not mapped with a kohafield)
repeatable
- Add default values to some of your subfields
There are 4 main screens to test:
1. Add/edit item form
The behaviour should be the same before and after this patch.
See test plan from bug 27526.
Those 2 prefs must be tested:
* SubfieldsToAllowForRestrictedEditing
* SubfieldsToUseWhenPrefill
2. Batch modification
a. Fill some values, play with repeatable and regex.
Note that the behaviour in master was buggy, only the first value was modified by the regex:
* With subfield = "a | b"
1 value added with "new"
=> "new | b"
* With subfield = "a | b"
2 new fields "new1","new2"
=> "new2 | b"
Important note: For repeatable subfields, a regex will apply on the subfields in
the "concatenated form". To apply the regex on all the different subfields of a given
subfield code you must use the "g" modifier.
This could be improved later, but keep in mind that it's not a regression or behaviour
change.
b. Play with the "Populate fields with default values from default framework" checkbox
c. Use this tool to modify items and play with the different sysprefs that
interfer with it:
* NewItemsDefaultLocation
* SubfieldsToAllowForRestrictedBatchmod
* MaxItemsToDisplayForBatchMod
* MaxItemsToProcessForBatchMod
3. Batch deletion
a. Batch delete some items
b. Check items out and try to delete them
c. Use the "Delete records if no items remain" checkbox to delete
bibliographic records without remaining items.
d. Play with the following sysprefs and confirm that it works as
expected:
* MaxItemsToDisplayForBatchDel
e. Stress the tool: Go to the confirmation screen with items that can be
deleted, don't request the job to be processed right away, but check the
item out before.
4. Background job detail view
You must have seen it already if you are curious and tested the above.
When a new modification or deletion batch is requested, the confirmation
screen will tell you that the job has enqueued. A link to the progress
of the job can be followed.
On this screen you will be able to see the result of the job once it's
fully processed.
QA notes:
* There are some FIXME's that are not blocker in my opinion. Feel free to
discuss them if you have suggestions.
* Do we still need MaxItemsToProcessForBatchMod?
* Prior to this patchset we had a "Return to the cataloging module" link
if we went from the cataloguing module and that the biblio was deleted.
We cannot longer know if the biblio will be deleted but we could display
a "Go to the cataloging module" link on the "job has been enqueued"
screen regardless from where we were coming from.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Now that it's reusable, let use it somewhere else!
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
== Test plan ==
1 - In the default framework make sure the 952$1 is visible in opac & catalog & editor
2 - Set WhenLostChargeReplacementFee to charge
3 - Set MarkLostitemsAsReturned to return from batch modification
4 - Find/edit an item with a replacement cost
5 - Check out the item to a patron
6 - Batch modify the item
7 - Set the lost status
8 - Item is not returned or charged
9 - with the patch, it is
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the tools folder are swapped around
to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to
these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the "size" attribute from <select> tags where the
value of the attribute is 1. The attribute is unnecessary because the
default value when the attribute is undefined is 1.
This will allow for more careful sizing of <select> tags without a size
attribute while preserving the desired behavior of <select> tags which
have a size greater than 1.
The patch modifies 83 files but makes the same minor corrections to
each. I think examining the diff is sufficent, or testing a
representative set of pages:
- Administration -> MARC frameworks -> MARC structure -> Edit tag:
The "Authorized value" select.
- Patrons -> New patron: The "Library" select.
- Reports -> Patrons with no checkouts: The "Into an
application" selects.
If anyone would like help testing any particular template I can
follow-up.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I think the "breadcrumbs" ID is worth saving for past and future CSS
customization reasons.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Modified breadcrumbs to be accessible, in particular for a
screen-reader.
Made the block of breadcrumbs be a <nav aria label="Breadcrumb"
class="breadcrumb"> with an ordered list inside. The last breadcrumbs
also has aria-current="page" to specify that it is the current page.
To test:
1) Apply patch
2) Build scss file
3) Ensure each of the files in the tools and virtualshelves folders have
breadcrumbs that are in a <nav aria label="Breadcrumb"
class="breadcrumb"> block
4) Ensure that there is an ordered list in the block of breadcrumbs
5) Ensure that the last breadcrumb has aria-current="page"
6) Ensure that the breadcrumbs on each page of the staff client
belonging to these files look the same as before, but the '>' symbol
is replaced with '/' and the last breadcrumb has bold text
7) Ensure that when the last breadcrumb is clicked it takes you to the
page you are currently on
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the batch item modification template so that the
JavaScript is in the footer, conforming with best practices.
The items form can contain <script> tags injected by cataloging plugins.
These are moved from the body of the page into the footer be repeating
the template loop that previously output the script tag.
To test, apply the patch and test the process of submitting items for
batch modification.
After submitting a batch of items, test the "Edit items" form.
Confirm that JavaScript-dependent interactions work correctly:
- Select2-styled dropdowns
- RegEx checkboxes
- Datepicker
- Plugins like:
- dateaccessioned.pl on 952d
- stocknumberam123.pl on 952i
- callnumber.pl on 952o
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds comments to the template to highlight the markup
structure.
This patch should have no effect on the page's appearance or
functionality.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch reindents the batch item modification template to make
indentation consistent. Some lines have been split up.
Some markup issues have been corrected: Removed script "type" attribute,
removed obsolete "CDATA" markers, removed obsolete IE-specific
conditional comment.
To test, apply the patch and go to Tools -> Batch item
modification.
- Test the process of submitting a barcode file, and item number file,
and a list of barcodes.
- Confirm that everything works as expected.
Use your preferred method for checking the differences between files
while ignoring whitespace. I use diff with the "-w" flag, but I've been
known to leave my car keys in the refrigerator from time to time. The
only changes you see should be split lines.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch replaces remaining instances of <script type="javascript"> in
templates with "<script>."
To test, apply the patch and check the changes to the template. Verify
that the changes look correct.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the use of the jquery.checkboxes plugin from the
batch item modification and batch item deletion pages.
To test, apply the patch and go to Tools -> Batch item
modification.
- Submit a batch of barcodes.
- On the results page, test the "Select all" and "Clear all" controls
at the top of the page. These should work correctly on the checkboxes
in the table of results.
- Test that the "Clear on loan" control still works to uncheck
checkboxes corresponding to items which are checked out.
- Test the "Show all columns" and "Hide all columns" checkboxes in the
"Show/hide columns" section. These should work correctly on the
checkboxes for showing and hiding columns in the table.
- Go to Tools -> Batch item deletion.
- Submit a batch of barcodes.
- Repeat the same testing steps above (except the "Clear on loan"
step).
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
JD amended patch: remove unecessary indentation changes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the ability to exclude patrons (by category) from local
holds, and items, by editing the item itself or by batch item
modification tool.
To test:
1. apply patches
2. updatedatabase
3. Enable LocalHoldsPriority preference, and leave
LocalHoldsPriorityPatronControl in pickup library, and
LocalHoldsPriorityItemControl in holding library.
4. Search for a biblio with one item.
5. Place a hold with a patron (patron1) and set pickup location to a different
library of the item's home library
6. Place another hold with another patron (patron2) and set pickup location to be
the same as the item's home library
7. ./misc/cronjobs/holds/build_holds_queue.pl
8. Go to circulation -> holds queue
9. Search by the item's home library
CHECK => only the hold for patron2 (with the pickup location the same as the
item's home library) appears in the table
10. Go back to the biblio details page and click on "Items" tab
CHECK => There is a new section in the item's details between "Statuses"
and "History" called "Priority"
11. Set exclude to "Yes" and update
12. repeat steps 7 to 9
SUCCESS => only the hold for patron1 now appears, even the other hold had local
hold priority
13. Repeat step 10 and 11 but this time set exclude to "No"
14. repeat steps 7 to 9
CHECK => the hold for patron2 is back
15. Edit patron2's category and set exclude from local holds priority to
"Yes"
16. Repeat steps 7 to 9
SUCCESS => the hold for patron1 is back
17. Go to tools -> Batch item modification and in barcode list place
several (existing) barcodes and press continue
CHECK => There is a new section in the bottom called "Priority"
18. Set exclude to "Yes" and save
SUCCESS => all items in the list now have exclude setted to "Yes"
19. Try to checkout the first item to a patron3
SUCCESS => Alert message appears saying that patron1 has a hold on that
item
20. Click on Yes and then checkin that item
SUCCESS => There is a modal window saying that a hold was found for
patron1
21. prove t/db_dependent/HoldsQueue.t t/db_dependent/Holds/LocalHoldsPriority.t
22. Sign off
Sponsored-by: Cooperative Information Network (CIN)
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
0 - Perform a search in the staff client
1 - Click a title to go to the details page for a record
2 - Click the 'Edit' button and select 'Edit items in a batch'
3 - Note the searchid is in the url
4 - Make a change and hit 'Save'
5 - Note the 'Return the the record' link at the top, and the button on the bottom include searchid in URL
6 - Click one and note the brwoser is stil there
7 - Click 'Edit' and select 'Delete items in a batch'
8 - Delete one item
9 - Click return to record
10 - Browser is there
11 - Click 'Delete items in a batch again
12 - Select all and check 'Delete records if no items remain'
13 - Delete them
14 - Note you have a link to 'Go back to the results'
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Fixes a tiny string issue: Edit Items --> Edit items
To test:
- Go to tools / batch item edit
- Enter a barcode
- Check the heading above the edit item form
- Apply patch
- Verify the heading is now properly capitalized
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The JavaScript used to process background uploads calls the humanMsg
library under some circumstances. There are several templates which use
background-job-progressbar.js which don't include the humanMsg assets.
This patch corrects those templates.
Note: upload-images.tt has been modified to remove the inclusion of
background-job-progressbar.js because it was unused.
To test, apply the patch and test the following processes which include
background job processing:
- Batch item modification -- the background job is triggered when you
submit your changes
- Batch record modification -- the background job is triggered when you
submit your changes
- Stage MARC for import -- the background job is triggered when you
click the "Sage for import" button after uploading a file
- Staged MARC management -- the background job is triggered when you
click "Import this batch into the catalog"
In each case the process should complete correctly. If you would like to
test the error message handling provided by the humanMsg library you can
deliberately introduce an error into the JavaScript. After applying the
patch you can modify js/background-job-progressbar.js to alter line 63
from:
url: f.action,
...to:
url: f.action + "foo",
Perform the same tests and confirm that you see an error message. Don't
forget to undo your changes to background-job-progressbar.js before
signing off.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Same problem as previous patch in Batch item modification as well as
serial-edit.pl.
Test plan:
[1] Go to Tools/Batch item modification.
Test cloning subfield on batchMod-edit.
[2] Go to a serial with "Create item when receiving".
Receive an issue. Click add item.
Test cloning subfield.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
- go to Tools > Batch item modification,
- select items to modify,
- for one or some text fields, check the second checkbox (Use regular
expression) and type your regex,
- check the regex has been applied.
Signed-off-by: Pierre-Marc Thibault <pierre-marc.thibault@inLibro.com>
Signed-off-by: Mathilde Formery <mathilde.formery@ville-nimes.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
In Tools > Batch item modification, one can modify or delete a subfield.
When deleting a subfield et modifying another, the wrong subfield gets modified.
This is caused by the fact that disabled inputs are not posted in form.
So for a subfield to delete :
Input name=field_value is not posted. But input name=subfield is posted with subfield code.
So these 2 arrays does not have the same size :
my @subfields = $input->multi_param('subfield');
my @values = $input->multi_param('field_value');
For exemple, deleting $2, not changing $u and modidying $v will modify $u with value for $v o_O
This patch correts but setting disabled all inputs of a deleted subfield : field_value, tag, subfield and mandatory. Like it was not present in the form.
Test plan :
- Go to Tools > Batch item modification
- Enter a barcode and submit
- Lets say there are subfields : $2 (not mandatory), $u and $v
- Check the subfield $2 to be deleted
=> $2 input is disabled
- Enter a text in $v
- Submit the form
=> Without patch, the text for $v gets into $u
=> With patch, the text for $v gets into $v
- Check the subfield $2 is well deleted
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1 - Set MaxItemsToDisplayForBatchMod to some number
2 - Modify less items than that
3 - Note they show
a - Note if over 1000 they show in a simple display
4 - Modify more items
5 - Note they do not show and you see a note
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Get a list of itemnumbers or barcodes
2 - Set MaxItemsToProcessForBatchMod to less than this number of items
3 - Attempt to batch edit, you arent allowed
4 - Set MaxItemsToProcessForBatchMod to some hugh number like 60000
5 - Try a list of as many items as possible 30000 was good for me (they
should exist in your system)
6 - Try to batch edit, system will timeout on displaying these items
7 - Apply patch, update database
8 - Set MaxItemsToDisplayForBatchMod to 1000 (default)
9 - Try large file again, should not display items, but allow
modification, wait for this to finish
10 - SetMaxItemsToProcessForBatchMod to 1000 and try large file again
11 - Should be prohibited as before
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
DataTables are used on enough pages in the staff client that it
doesn't make sense to put inclusion of the CSS into each template
where it is needed. This patch moves includes of datatables.css from
individual templates into the global header file.
To test, apply the patch and view various pages which have DataTables.
View various styles of DataTables, e.g.
- Full pagination, like item search results
- Four-button, like Saved SQL reports
Everything should look the same as it was.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies staff client templates to remove the "type"
attribute from <style> tags. The attribute is no longer valid.
To test, apply the patch and confirm the changes to the templates. The
appearance of the staff client should be unchanged.
Validating pages from the staff client should not return any errors
related to the <style> "type" attribute.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
1. Navigate to tools, then batch item modification.
2. Input a valid barcode into the barcode list input field, and press
continue.
3. Under the Edit items heading, text should display "Checking the box
right next the subfield ..."
4. Apply patch and refresh page, text should now display "Checking the
box right next to the subfield ..."
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1 - Run batch modification on some items
2 - Hover over the holds column
3 - Note the tool tip
4 - PLace some holds to verify combinations of item/record level holds
show appropriately
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Add some items to bathc modification
2 - Note there is no indication fo holds
3 - Apply patch
4 - Reload and note you can see how many holds (or none)
5 - Note you can hide this column with css:
#batchMod-edit .holds_count { display: none; }
6 - Note the column has a tooltip to indicate item vs. record holds
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The itemnumber list passed from a file in the batch item
modification/deletion tools is not tested.
Like barcodes we should make sure they refer to a valid items in the DB.
Test plan:
- Create a file with barcodes, itemnumbers and random lines
- Use the batch item modification and deletion tools with this file
You should see a table with a list of invalid barcodes and itemnumbers.
Without this patch you got the following error:
Can't call method "title" on an undefined value at
/home/vagrant/kohaclone/tools/batchMod.pl line 580
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates several single-column Tools templates to
use the Bootstrap grid.
- batchMod-del.tt - Tools -> Batch item deletion -> Submit barcodes or
item numbers for deletion. The grid is changed for the results and
confirmation screens.
- batchMod-edit.tt - Tools -> Batch item modification -> Submit barcodes
or item numbers for modification. The grid is changed for the results
and confirmation screens.
- koha-news.tt - Tools -> News -> Edit or create a new news item. The
grid is changed for the edit screen.
- letter.tt - Tools -> Notices and Slips -> Edit or create a notice. The
grid is changed for the edit screen.
Each of these pages should look correct. The News and Notices page
should have a single centered column with wide margins on either side.
At lower browser widths the margins should disappear.
The batch mod screens should be displayed at full screen width.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Whe checking a subfield to be deleted, the code
$(this).val($(this).siblings("[name='subfield']").val());
is useless, the checkbox already contains the subfield code :
<input type="checkbox" ... name="disable_input" value="[% ite.subfield %]" />
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
