There is a security issue in the self checkout module.
The user used to check items out must have the circulate =>
circulate_remaining_permissions permissions.
So even if a user does not have a login/password or a barcode he cans
access to the circulation module of the intranet.
Imagine if the sco patron used is a superlibrarian...
This patch set will change the behavior and adds a new permission to
access to the sco module (circulate => self_checkout).
This permission should be the only one defined for this patron.
IMPORTANT NOTE: Hopefully, this only works if both interfaces use the
same domains (but different ports).
Test plan:
0/ Does not apply this patch set
1/ Create a patron with the circulate => circulate_remaining_permissions
and some others. Note his userid/pwd (later 'sco/sco').
Turn on WebBasedSelfCheck and AutoSelfCheckAllowed
Fill the AutoSelfCheckID and AutoSelfCheckPass wich 'sco' and 'sco'
2/ Log you out from the OPAC and the intranet
3/ Go on the sco page
4/ Note that your are automatically logged in
5/ Go on the circulation module on the intranet side
6/ Oops
7/ Apply this patch
8/ Execute the updatedatabase
9/ Note that the sco user only has the new permission circulate =>
self_checkout, others have been removed
10/ Try to reproduce the issue, it should not access anything on the
intranet side
11/ Confirm that there is no regression in the sco module
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Works well no regressions, changes the permissions appropriately.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Follow-up for reports.
Test plan:
1/ Use a translated template (fr-FR or ar-Arab)
2/ Go on the report guided page, step 3
3/ The field names should be correctly encoded.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
1/ Use a translated template (fr-FR or ar-Arab)
2/ Go on the tools/import_patrons.pl page
3/ The field names in the "default values" block should be correctly
encoded.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan: See Bugzilla.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Koha needs a script to automate the importing of Lexile score data for
titles that have available scores but are not currently in the title's
record.
This script will take a CSV file of Lexile scores, and locate any
matching records in the Koha database ( by ISBN ). If the record already
has a score, it will be updated. If not, the Lexile score field will be
created.
Test Plan:
1) Apply this patch
2) Catalog a record for each of the following ISBNs:
0789170191
9780673779410
3) Download the file LexileTitlesTruncated.txt attached
to this bug report
4) Run the script from the command line:
./misc/migraction_tools/import_lexile.pl -v --file /path/to/LexileTitlesTruncated.txt
5) View those records in Koha
6) Note those records now have valid Lexile scores
7) Edit the Lexile score ( 521$a ) and change the value to something else
8) Repeat step 4
9) Note the original Lexile score has been restored
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
If (for some reason) the user has created more than one matching rule
with the 'ISSN' code, the updatedabase.pl script fails, because it was
written with the default data in mind, and didn't consider the scenario
described above.
Thanks Liz for pointing this out!
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
To test:
1) Go to home page of staff client and click the Help
2) Notice: 'you should now 'got to' Koha'
'settings found in 'a'dministration.' (should be capitalized)
'Once that user is set you should use that user to log in rather than the root user set up as part of installation.' (could be worded better)
3) Apply patch, close Help, reload page, reopen Help
4) Notice: 'got to' --> 'go to'
'administration' --> 'Administration'
'Once that user is set you should use that user to log in rather than the root user set up as part of installation.'
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Fall back more smoothly when items subfields are not mapped to a
kohafield. Note, however, that this development does not allow applying
default settings to subfields that aren't mapped. A note has been added
to the columns settings page, as there is no known workaround for this.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Per a conversation with Jonathan Druart, add all columns that could be
reasonably mapped, and order them the same as in kohastructure.sql.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch adds the table of items on additem.pl to the columns
customizer.
Test plan:
1. Open item editor on a record, and verify that all columns are visible.
2. Apply patch.
3. Reload editor, and verify that column visibility hasn't changed.
4. Open "Hide/show columns," and verify that you can add and remove
columns.
5. Change the visibility and togglability of some columns in
columns_settings.pl, and verify that these correctly apply to
additem.pl.
NOTE: The columns that are configurable are selected from the non-hidden
columns that have mappings to MARC subfields in the default MARC21
framework (and can thus be displayed in the item editor).
Signed-off-by: Jenny Schmidt <jschmidt@switchinc.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Theres was two missing heading columns Location and Fines in the Check out section of a Patron
Tested both patches together. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
There was two missing heading columns (location and fine) and one hidden heading missing column (this hidden column is needing for sorting the table) it was taking the due_date column for the hidden column, so I added them
Both patches tested together. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Previous patches attached to this bug have been refactored to merge bug
3206 and bug 13568 features. So OAI server must be carrefully tested to
ensure that there is no regression in this area: deleted records and
resumption token.
This last patch fixed the way items are returned. They are returned only
if OAI server operates in extended mode, and specifically for format
having the parameter include_item set to 1 (true). For example this
configuration file set via OAI-PMH:ConfFile syspref will return items:
Signed-off-by: Signed-off-by: Gaetan Boisson <gaetan.boisson@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Signed-off-by: Gaetan Boisson <gaetan.boisson@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Signed-off-by: Gaetan Boisson <gaetan.boisson@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Same in spirit to the other patch, this also includes the item detail in
ListRecords.
Test plan:
* Fetch a URL like:
http://koha/cgi-bin/koha/oai.pl?verb=ListRecords&metadataPrefix=marcxml
* Verify that there are 952 entries in the returned records where
appropriate.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
ListRecords OAI verb returns a list of records including items in 952/995 which
are not hidden based on OpacHiddenItems syspref.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Signed-off-by: Gaetan Boisson <gaetan.boisson@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This allows the OAI-PMH service to not provide item information when
there is a rule that would supress it in OpacHiddenItems.
Test plan:
* Find an OAI-PMH URL that shows you some items.
* Add an entry to OpacHiddenItems that would block that.
* Check that it's blocked.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Tested, playing with OpacHiddenItems. GetRecord OAI verb returns a record
complying with OpacHiddenItems rules, for example without items from a specific
library.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Signed-off-by: Gaetan Boisson <gaetan.boisson@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
GetRecord for OAI-PMH was pulling the MARCXML directly from the
database. Now it uses GetMarcBiblio and includes the item data with it,
making it more generally useful.
Test plan:
* Run an OAI-PMH query, for example:
http://koha/cgi-bin/koha/oai.pl?verb=GetRecord&identifier=KOHA-OAI-TEST:52&metadataPrefix=marcxml
to fetch biblionumber 52
* Note that it doesn't include the 952 data
* Apply the patch
* Do the same thing, but this time see that the 952 data is at the
bottom of the MARCXML.
Note:
* This patch also includes a small tidy-up in C4::Biblios to group
things semantically a bit better, so I don't spend ages looking for a
function that was staring me in the face all along again.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Works as described. Simple yet useful patch.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
952/995 item fields are back in response to GetRecord OAI verb.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Signed-off-by: Gaetan Boisson <gaetan.boisson@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The original patch correctly unmasks the global variable (by
removing the 'my' on the marc2ris function, but wrongly introduces
a new global variable.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Variable $itype is used an all C4/Ris.pm to switch
between marc falvors, but is local and not passed along
as argument.
As a quick solution, is defined as global
To test:
1) On UNIMARC setup, export a record as RIS,
check that author (and other fields) are displayed
incorrectly
2) Apply the patch
3) Export again, improved results
4) Run t/Ris.t
There are other problems in this script, needs maintenance
(e.g. no Modern::Perl friendly)
Signed-off-by: Victor do Rosário <jvr@fct.unl.pt>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This bug is dealing with the situation where an item is checked out to a
patron that is not the next in line hold-wise for an item. In this case,
Koha will warn the librarian that there are holds on the item and
show the first person in line. Again, I want to stress that this
is the case where the item *is not waiting* for a patron. The
hold for the patron listed will just have a priority of 1.
The only situation where the "Cancel hold" checkbox will function
is when the priority 1 hold is an item level hold. This is due to
the fact that CancelReserve is being passed the trio of
biblionumber, borrowernumber, and itemnumber rather than the
singular reserve_id.
1) place biblio level hold on a book to borrower A.
2) check out an item of the book to borrower B.
3) When confirming checkout, check the 'Cancel hold' check-box, and
click the "Yes, check out" button.
4) Note the hold was not canceled
5) Apply this patch
6) Repeat steps 1 through 3
7) Note the hold was indeed canceled
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The inventory tools automatically check in items, this patch adds it as
an option.
Test plan:
1/ Check an item out, fill a file with its barcode, and use this file in
the inventory tools.
2/ Check the new checkbox and confirm that the item is not checked in
3/ Repeat again and don't check it, the behavior should be the same as before
this patch.
Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Added a missing </li>.
Patch works as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The permanent_location is correctly filled when an item is added from
the cataloguing module (routine set_item_default_location from
cataloguing/additem.pl).
But when records are imported, this filled is not managed. It's only on
editing (_do_column_fixes_for_mod called from ModItem).
This patch set the permanent_location item fields to the location value for all
items created, even the imported ones.
Test plan:
0/ Do not apply this patch
1/ Import a record with items using the "Stage MARC for import" tool
2/ Check the values for the permanent_location in the items table.
They are set to NULL
3/ Apply this patch
4/ Repeat 2 and confirm that now the permanent_location values are set
to the location values.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch just fixed a master bug, if your database already has some
items.homebranch set to CPL
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
NOTE: Before patch "./misc/cronjobs/batch_anonymise.pl --help" had no
message, and neither did the anonymizing tool in the staff client.
After the patch, both had informative messages.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
There are at least 2 wrong behaviors if the AnonymousPatron pref is not
defined (0 or empty string).
1/ If you use the clean borrower tools, you will get a successful
message when the nothing happened (the history has not been anonymised).
2/ At the OPAC, if a patron ask for delete his reading history, he will
get an error message "The deletion of your reading history failed,
because there is a problem with the configuration of this feature.
Please help to fix the system by informing your libr ary of this
error". IMO this should not happen, the history should be anonymised.
With this patch, the old_issues.borrowernumber field will be set to NULL
if the AnonymousPatron pref if not defined.
Test plan:
1/ Fill the pref with "" or 0
2/ At the OPAC, go on the privacy tab and click on the "Immedia deletion" button.
You should get a green and friendly message. Confirm that the history
has been anonymised.
3/ Use the "Batch patron anonymization" tools (tools/cleanborrowers.pl)
to anonymize the checkout history.
Confirm that a) it works and b) you get a message.
Try again with AnonymousPatron set to a valid patron. You should not see
any changes with the current behaviors.
NOTE: This patch tweaks C4/Circulation.pm and provides tests.
applying just this, and running prove success. Reverting just
C4/Circulation.pm fails, as expected.
Tested OPAC stuff with both patches applied.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This report adds a few unit tests for datonly flag in notices.
This patch adds (very trivial) unit test descriptions.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
For some needs, a librarian would like to display a datetime or
timestamp field without the time.
This patch adds filter logic in the notice/letter parsing process.
Test plan:
1/ Defined a notice using a datetime or timestamp DB field
(biblio.timestamp for instance).
2/ Generate the notice
3/ Verify that the letter is generated with the time
4/ Use the "dateonly" filter like:
<<your_table.your_field | dateonly>>
<<biblio.timestamp | dateonly>>
5/ Generate the notice
6/ Confirm the the letter is generated without the time for this field.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Updated the count of tests to 64 for t/db_dependent/Letters.t to pass
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
It has been introduced by bug 11944.
Test plan:
1/ Install and set the fr-FR language (or ar-Arab).
2/ Go on the help page and edit it.
3/ The textarea should not contain encoding issues with this patch.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
DBD::mysql::db begin_work failed: Already in a transaction at /usr/share/perl5/DBIx/Class/Storage/DBI.pm line 1560.
DBIx::Class::Storage::DBI::txn_rollback(): Storage transaction_depth 0 does not match false AutoCommit of DBI::db=HASH(0xa429648), attempting ROLLBACK anyway at t/lib/TestBuilder.pm line 363
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This module will be called by db_dependent tests, which already create a
transaction.
TestBuilder creates a new one (which is certainly useless) and the
rollback does not do anything.
To see the warning see patches on bug 14045.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Same as previous patch for 3 other tables.
Test plan:
Same as before but the hold should exist to the 3 tables before the
move.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
If an item is moved from a biblio to another, the holds should be
updated too.
See discussion on the bug report for more information.
Test plan:
1/ Place a item-level hold on biblio1
2/ Move the item to biblio2
3/ Confirm that the hold still exists and point to the biblio2
This patch should not change the existing behavior for bib-level holds.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch cover the MoveItemFromBiblio subroutine
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch makes it possible to search for users using the username (userid / login name).
To test:
- Apply patch
- Do searches from Home > Patrons
- Search after a full username or parts of a username with Search fields = Standard and Search fields = Userid
- Perform the searches from the top bar (expand with [+]) and from the "Filters" part at the left
- Make sure that other searches behave as before
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The problem making some tests fail, actually was the unneeded addition
of zero accountline records by ChargeReserveFee, called by AddReserve.
The balance is still zero, but a test like !$var responds differently
when var is 0.00 instead of 0 or undef.
This patch adjusts the test in ChargeReserveFee in order to prevent
adding these records with 0.00.
The first patch that adjusts the tests in Reserves.t is not strictly
needed anymore, but can stay.
Test plan:
[1] Run t/db_dependent/Reserves.t
[2] Run t/db_dependent/Reserves/GetReserveFee.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Fix the following errors:
not ok 59 - Bug 14464 - No fines at beginning
ok 60 - Bug 14464 - 1st reserve correctly created
not ok 61 - Bug 14464 - No fines after cancelling reserve with no charge configured
ok 62 - Bug 14464 - 2nd reserve correctly created
not ok 63 - Bug 14464 - No fines after cancelling reserve with no charge desired
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended the x==0 test with !x || x==0 to include 0.00 and prevent warn.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed a missing space after Error: :)
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
New warning on the about page if at least a patron has requested a
privacy on checkin but the AnonymousPatron is not set to a valid patron.
Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>