We should check before retrieving metadata.
Test plan;
Try /cgi-bin/koha/opac-MARCdetail?biblionumber=X
Replace X by a not-existing biblionumber.
Verify that you get a 404 error page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
JD amended patch: Use ternary op
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Added to the call in opac-password-recovery.pl. This allows
differentiating between password change and password reset when
viewing the logs.
Test plan:
Enable BorrowersLog.
Do a password recovery on OPAC.
Check with log viewer for 'RESET PASS' action.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch moves the OpacMaintenanceNotice system preference into HTML
customizations, making it possible to have language-specific content.
The patch modifies the OPAC maintenance page template so that the
language selection menu can be shown correctly according to the
OpacLangSelectorMode preference.
To test you should have some content in the OpacMaintenanceNotice
system preference before applying the patch. Apply the patch and run the
database update process.
- In the staff client, go to Tools -> HTML customizations and verify
that the content from OpacMaintenanceNotice is now stored there.
- The HTML customization entry form should offer OpacMaintenanceNotice
as a choice under "Display location."
- Update and reinstall active translations (for instance fr-FR):
- perl misc/translator/translate update fr-FR
- perl misc/translator/translate install fr-FR
- Enable the translation if necessary under Administration -> System
preferences -> language.
- Enable the "opaclanguagesdisplay" preference if necessary.
- Enable the "OpacMaintenance" system preference.
- Edit the OpacMaintenanceNotice HTML customization and add unique
content to the "fr-FR" tab.
- Try to view any page in the OPAC. You should see the content you
added to the OpacMaintenanceNotice HTML customization.
- Switch to your updated translation. The page should redisplay with
your translated content.
- Go to Administration -> System preferences and search for
"OpacMaintenanceNotice." The search should return no
results.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a enw system preference SCOLoadCheckoutsByDefault
When enabled, a patron's list o fcurrent checkouts will be loaded when the sign in to the SCO
module. If disabled, they will see link to load their checkouts. In either case, a new section
is added to the SCO to show a brief display of the last checked out it
To test:
1 - Enable WebBasedSelfCheck system preference
2 - Browse to:
http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
3 - Sign in the SCO user (or enable AutoSelfCheck)
4 - Sign in as a user with several items checked out
5 - Confirm you see a list of items checked out
6 - Apply patches, updatedatabase, restart_all
7 - 'Finish' and login patron to SCO again
8 - Confirm you still see the list
9 - 'Finish'
10 - Chenge the system preference
11 - Sign in to SCO, confirm checkouts do not load
12 - Confirm you see 'Load your checkouts' link
13 - Check an item out
14 - Confirm you see the last checkout, but not a list
15 - Attempt to checkout an item that cannot be checked out
16 - Confirm "Return to account summary" does not load checkouts
17 - Click "Load your checkouts"
18 - Confirm they load
19 - Check out another item, confrim they remain and are updated
20 - Checkout an item that cannot be issued
21 - Confirm 'Return to account summary' loads the checkouts again
Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: AndrewA <andrew.auld@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test Plan:
- Enable ILLModule sys pref and install any backend, or run
bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
- Verify you can place new ILL requests in OPAC and Intranet
- Apply patch
- In borrower categories, verify there's a new column for 'can place ILL in opac' and is set to 'yes' by default
- Edit your borrower's patron category and set 'can place ILL in opac' to 'No'
- Verify you can no longer place new ILL requests in OPAC
- Verify you also cannot place new ILL requests through URL:
:8080/cgi-bin/koha/opac-illrequests.pl?method=create&backend=FreeForm
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It adds unnecessary complexity and information.
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
So that pickup delay can have a different value per patron category,
item type or branch.
To test:
1) Update database, restart services
2) Set ReservesMaxPickUpDelay syspref (if not already set)
3) Edit your circulation rules and set a value under 'Holds pickup
period (day) that is DIFFERENT from ReservesMaxPickUpDelay. Set a few
different numbers for different branches as well.
4) Place a hold on a biblio from the staff client.
5) Check in an item from that biblio and confirm the hold as waiting
6) Confirm the expiration date is calculated using the 'Holds pickup
period' value instead of the ReservesMaxPickUpDelay syspref
7) Revert the waiting status and delete the hold
8) Re-place the hold on the biblio on the OPAC. Notice that when you
change the pick up location, the number of days in the pickup message
below the dropdown changes based on the circ rules.
9) Create a holiday with a date that will overlap with the 'Holds pickup
period'
10) Check in an item from that biblio and confirm the hold as waiting
11) Confirm the expiration date is calculated using the 'Holds pickup
period' value AND considers the special holiday
12) Confirm tests pass t/db_dependent/Holds/WaitingReserves.t
13) Test Talking Tech:
13a) Enable TalkingTechItivaPhoneNotification
13b) Go to Tools -> Notices & slips. Add content to the HOLD phone
(itiva) notice.
13c) In your terminal, run perl
/path/to/koha/misc/cronjobs/thirdparty/TalkingTech_itiva_outbound.pl -o
~/itiva.tmp -w 0 --type=RESERVE
Sponsored-by: Catalyst IT
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Adds $patron->consent and $consents->available_types.
Incorporates them into script/template.
Provides two unit tests.
Note: A follow-up patch helps you test this with an
example plugin.
Test plan:
Run t/db_dependent/Koha/Patron.t
Run t/db_dependent/Koha/Patron/Consents.t
Toggle the value of pref PrivacyPolicyConsent and look at
OPAC account, tab Consents.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In the design of additional contents the idea of a parent-child relation is implicitly present. You have a default page and translations.
But we do this in one table coming from the old news items.
Several reports show that we would be better off creating a parent table listing the main news items, CMS pages or HTML content. And a child table containing the title, content and lang.
Note that this first step is a prelimenary step to clean this area and make it more robust and extensible. More enhancements to come.
What is this patchset doing?
* DB changes
- Rename additional_contents.idnew with id
- Create a new table additional_contents_localizations(id, additional_content_id, title, content, lang) that will contain the translated contents
- Move the content to this new table
- Remove title, content and lang columns from additional_contents
- Replace the notice templates that are using ''<news>" (should only be ISSUESLIP) and remove support for this syntax. Also add a warning in case other occurrences of uses of the old syntax exist.
* CRUD
- We add a new Koha::AdditionalContentsLocalization[s] couple, and move some logic from Koha::AdditionalContent[s] to there. Note that, to prevent too much drastic changes in notice templates, and to make them easy to use, the different attributes of the content object is accessible from the translated content object (ie. Koha::AdditionalContentsLocatlization->library is available and return $self->additional_content->library). I think it's an elegant way to keep things simple.
- No changes expected for "NewsLog" logging
- Little behaviour changes for pages, see tools/page.pl changes. We are now passing the id of the content, and the desired language, instead of the mix of "page_id" or code and lang. Note that here we certainly need to rename "language" query param to not change the full interface language.
Test plan:
0. Preparation steps, use master
a. Create notice templates that are using "<< additional_contents.code >>". This won't be replaced, but we want the update process to alert us.
b. Create several news, additional contents, pages. Some with translated contents, some without.
c. Make sure ISSUESLIP has the "<news>" section. If you are using the sample data there is nothing to do here
d. Turn on NewsLogs
1. Apply the patches, restart_all, updatedatabase
=> Confirm that the new table is created and filled with the contents you had prior to the update
=> Confirm that additional_contents_localizations.updated_on has been kept to the previous values
=> Confirm that ISSUESLIP has been replaced properly
=> Confirm that you get a warning about the additional_contents
2. Create, update, delete news, html customs, pages
=> Confirm that the additional_contents_localizations.updated_on is only adjusted when required
=> Confirm that the logs are correctly created when NewsLogs is on
3. Check some items out, generate a slip
=> Confirm that the news are displayed at the bottom of the slip, and that the publication date is correctly formatted
4. Have several HTML customizations (like OpacNav, opacheader), in translated in different languages
=> Confirm that the default values is displayed when you are using the interface in a language without translation
=> Confirm that the translated version is picked when it exists
Notes for QA:
* I am not sure we really need the alert during the update DB process about the additional_contents leftover. We should not have them outside of ISSUESLIP.
Shouldn't it hurt?
* There is something ugly in sample_news.yml, the id is hardcoded. But how do we prevent that and keep translatability?
Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Same as bug 33948 for the OPAC side.
Additionally you will test
* OPACMySummaryHTML
* The different cover images services
* Display of ISBN
* Display of UPC
* Ratings
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This moves the show_volumes calculation back out of C4::XSLT into the
controller scripts and refined the search query builder slightly based
on the XSLT equivilent.
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
if OPACHoldsIfAvailableAtPickup is set to "Don't allow" (i.e. if patrons cannot place holds on items that are available at their library), patrons cannot place holds on items that are on order (or any negative not for loan value) for pickup at their library.
Technically, those items are not "available", so they shouldn't be affected by this system preference.
To replicate:
Prerequisites :
- Have at least two libraries (I used the sample libraries)
- Have a patron in one of the libraries (I used Henry Acevedo), make sure you know the user id and password for that patron
- Make sure the circulation rules allow holds for the patron category
1. Set OPACHoldsIfAvailableAtPickup to "Don't allow"
1.1. Go to Administration > Global system preference
1.2. Search for OPACHoldsIfAvailableAtPickup
1.3. Change the value to "Don't allow"
1.4. Click "Save all Circulation preferences"
2. Make an item "On order" at the patron's library (Henry Acevedo is at Midway)
2.1. If needed, create a bibliographic record and item
2.2. Edit the item to assign the "On order" not for loan status
2.3. Change the home and holding library to the patron's library (Midway)
2.4. Click "Save changes"
3. Try to place a hold on the item through the OPAC
3.1. In the OPAC, log in as the patron
3.2. Search for the item
3.3. Click "Place hold"
--> Notice the patron's library is greyed out in the pickup location drop-down menu"
4. Apply the patch
5. Repeat step 3
--> Notice you can select the patron's library in the pickup location drop-down menu and place a hold with it
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds an 'Alert subscriptions' tab to the patron's account on the OPAC, so they can easily view or cancel email alerts they have subscribed to.
To test:
1. Subscribe to email alerts for one or more subscriptions via the OPAC
2. Go to your account, notice the new 'Alert subscriptions' menu option, click here
3. Confirm your subscribed alerts show here. Confirm the table sorting works etc (JS enabled).
4. Test unsubscribing from email alerts, make sure the confirmation pop-up works as expected (JS enabled).
5. Confirm that, when unsubscribing, you are redirected back to this page.
6. Confirm the menu option disappears from the left sidebar navigation if you have no alert subscriptions.
Sponsored-by: Bibliotheksservice-Zentrum Baden-Wuerttemberg
Signed-off-by: Christian Stelzenmüller <christian.stelzenmueller@bsz-bw.de>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds the page number to the breadcrumb in the opac search results to ensure that it is unique to the content on the page. Currently it is not compliant to Accessibility guidelines as the breadcrumb is identical on every page despite the content being different.
To test:
1) Apply patch
2) Run a search in the OPAC that will return more than 20 results.
3) The breadcrumb should say "Results of search for 'search term', page x of y"
4) Run a search that will return less than 20 results
5) The breadcrumb should say "Results of search for 'search term'
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
1. Set system preferences:
- Disable OPACAllowUserToChooseBranch
- Set ReservesControlBranch to "item's home library"
- Enable UseBranchTransferLimits
- Set BranchTransferLimitsType to "item type"
- Enable canreservefromotherbranches
- Disable IndependantBranches
2. Create two libraries: ITEM_LIB and PATRON_LIB
3. Set circulation rules:
- Remove all circulation rules (DELETE FROM circulation_rules)
- Set a default rule that allow some holds and with "OPAC item level
holds" = "force". Allow "on shelf" holds for easier testing.
- In the rules for ITEM_LIB, under "Default checkout, hold and return
policy",
- set "Hold policy" to "From any library"
- set "Hold pickup library match" to "item's home library"
- In the rules for PATRON_LIB, under "Default checkout, hold and
return policy",
- set "Hold policy" to "From any library",
- set "Hold pickup library match" to "any library"
4. In "Library transfer limits" disable all transfers from ITEM_LIB to
PATRON_LIB for an item type (let's say "BOOK")
5. Create a biblio with an item:
- item type must be the same as in previous step ("BOOK")
- home branch and holding branch must be ITEM_LIB
6. Create a patron at PATRON_LIB, give it a password so it can log in.
7. Go to OPAC, and login with this patron
8. Try to place a hold for the new item. You should be allowed to place
a hold, but when doing it, no holds will be created.
9. Apply patch, restart Koha
10. Try to place a hold for the new item. This time the hold should be
created
Signed-off-by: Jessie Zairo <jzairo@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Merged tidy patch and switch to Koha::Policy::Holds here.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes the GetReservesControlBranch method, and replaces its
uses with the newly introduced method.
To test:
1. Apply this patch
2. Verify that placing holds from the OPAC works
=> SUCCESS: Things work as expected
3. Run:
$ kshell
k$ prove t/db_dependent/Reserves* \
t/db_dependent/Hold* \
t/db_dependent/Koha/Hold* \
t/db_dependent/Koha/Biblio.t
=> SUCCESS: Tests pass!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Update the way Availability is handled
Add the new type disclaimer workflow operation
after Availability
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch confirms that a session ID has been set before trying to save search history to a logged in user on the OPAC.
This depends on EnableOpacSearchHistory system preference being enabled.
Apply the patch and test that you don't see an Error 500 page at any point through this plan:
1. Do an OPAC search, ensure you are not logged in
2. Confirm your search was saved to search history
3. Do another search, then log in
4. Confirm you are brought back to the search results after logging in
5. Confirm all search history from the session is visible
Sponsored-by: Toi Ohomai Institute of Technology
Signed-off-by: Salah Ghedda <salah.ghedda@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If there is no default category defined in PatronSelfRegistrationDefaultCategory the full feature must be displayed.
We already hide the link from the OPAC main page, but the form is still accessible.
Test plan (for the whole patch set):
1. Turn on PatronSelfRegistration
2. Don't set PatronSelfRegistrationDefaultCategory
3. Go to the OPAC main page and confirm that the "Register here" link is
not displayed
4. Hit opac-memberentry.pl and confirm that you are redirected to the
OPAC main page
5. Go to the about page and confirm that you see a warning in the
"System information" tab
6. Set PatronSelfRegistrationDefaultCategory to an invalid patron's
category
7. Repeat 3, 4, 5
8. Set PatronSelfRegistrationDefaultCategory to a valid patron's
category
9. Self-register a patron and confirm it works as expected
10. Edit PatronSelfRegistrationBorrowerUnwantedField and confirm that
you cannot remove dateexpiry and categorycode
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
The idea here is to confirm this patch does not introduce regression.
For that you will play with the CardnumberLength syspref and create a
new user, modify an existing one, and check that the UI does not let you
modify an invalid cardnumber.
The onboarding process and the patron import tool will also have to be tested
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 33940: Fix selfreg
please squash with first patch
Bug 33940: Fix messages we sent to templates
please squash with the first patch
Bug 33940: Fix what we send to memberentry
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
- Go to circulation rules and set On shelf holds allowed to If all unavailable
- Log out
- Visit a bib record on OPAC:
http://localhost:8080/cgi-bin/koha/opac-detail.pl?biblionumber=76
- Notice it blows up with error 500
- Apply patch. Repeat
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. git grep paramater
2. notice 3 files have spelling mistakes
3. apply the patch
4. git grep paramater
5. notice there are no spelling mistakes for that word
Signed-off-by: Thomas Klausner <domm@plix.at>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When we set up a circulation rule where 'On shelf holds allowed' is 'If any unavailable' and we have a record with one 'Ordered' item, we cannot place this item on hold.
This patch allows placing hold on item with negative not for loan values, when using rule with 'On shelf holds allowed' set to 'If any unavailable'
To test:
1. Set up a circulation rule where on shelf holds are not allowed and force the choosing of an item (to facilitate the test)
1.1. Go to Administration > Circulation and fines rules
1.2. In the matrix, add a circulation like this
- Patron category: All
- Item type: Books
- Current checkouts allowed: 10
- Current on-site checkouts allowed: 10
- Loan period: 21
- Holds allowed (total): 10
- Holds allowed (daily): 10
- Holds per record (count): 10
- On shelf holds allowed: If any unavailable
- OPAC item level holds: Force
1.3. Click Save
2. Create a record with one 'Ordered' item (or any negative value not for loan status)
2.1. Go to Cataloging
2.2. Click New record
2.3. Fill out the mandatory fields (by default in MARC21: 000, 003, 005, 008, 040, 245, and 942 (942 should be set to Books))
2.4. Click Save
2.5. Fill out the following item fields
- Not for loan: Ordered
- Koha item type: Books
2.6. Click Add item
2.7. Click Normal to go to the detailed record
3. Try to place a hold on the 'Ordered' item
3.1. From the detailed record, click OPAC view: Open in new window.
--> Note that the 'Place hold' option is not present
4. Add a second 'Available' item
4.1. Back in the staff interface tab with the detailed record, click New > New item
4.2. Make sure the item type is set to Books
4.3. Add a barcode in p
4.4. Click Add item
5. Try again to place a hold on the 'Ordered' item
5.1. Go back to the OPAC tab and refresh the page
--> Note that the 'Place hold' option is still not present
6. Check out the available item to a patron
6.1. In the staff interface tab, copy the barcode from the available item
6.2. Go to Patrons
6.3. Click on Search
6.4. Click Check out next to one of the patrons
6.5. Paste the barcode in the box and click Check out
7. Try again to place a hold on the 'Ordered' item
7.1. Go back to the OPAC tab and refresh the page
--> Note that the 'Place hold' option is now present
7.2. Click Place hold
--> Note that only the checked out item is available to place on hold, if you click Show unholdable items, it will show the Ordered item, but you can't place a hold on it.
8. Apply the patch
9. Go to the OPAC tab and click on the book title right next to 'Place a hold on' checkbox to go back to the record details.
--> Note that the 'Place hold' option is still present
9.1. Click Place hold
--> Note that you can now place a hold on the 'Checked out' or the 'Ordered' item.
10. Check in the item to make it available again
10.1. In the staff interface tab, click on 'Show checkouts' button
10.2. Select the Checked out item and click on 'Renew or check in selected items' button.
11. Try again to place a hold on the 'Ordered' item
11.1. Go back to the OPAC tab and click on the book title right next to 'Place a hold on' checkbox to go back to the record details.
--> Note that the 'Place hold' option is still present
11.2. Click Place hold
--> Note that only the 'Ordered' item is available to place on hold, if you click Show unholdable items, it will show the Available item and you can't place a hold on it.
12. Delete the available item to keep only the Ordered item
12.1 in the staff interface tab, click on 'Search catalog' and search for the record
12.2 click on 'Edit' then 'Edit items'
12.3 Delete the available item
13. Try to place a hold on the remain 'Ordered' item
13.1 Go back to the OPAC tab and click on the book title right next to 'Place a hold on' checkbox to go back to the record details.
--> Note that the 'Place hold' option is present
13.2. Click Place hold
--> Note that you can place a hold on the Ordered item.
Signed-off-by: Amaury GAU <amaury.gau@bulac.fr>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It is possible inject raw HTML into the "Back to search results" link by leading the user to a search with specially crafted URL.
For example, using the demo instance:
1. Visit https://koha.adminkuhn.ch/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1&%22%3Etest%3Ca%20foo=%22
2. Refresh the page (for some reason, "back to results" doesn't appear unless I do that at least once).
3. Click any result.
Note that the result page now contains:
<a href="opac-search.pl?idx=&q=test&weight_search=1&">test<a foo=%22" title="...
i.e. `">test<a ...` was successfully injected into the HTML.
I'm attaching a quick patch I've used to patch up our instance. It just indiscriminately URI-escapes all parameter keys. I didn't decode them back since as far as I understand all valid keys do not contain special characters.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
There are several places in the code where we precalculate ItemsAnyAvailableAndNotRestricted to avoid
looping on this routine when calling IsAvailableForItemLevelRequest on a list of items form a biblio
The value of ItemsAnyAvailableAndNotRestricted is only used when there is a circulation rule for
'onshelfholds' with a value of '2' (If all unavailable)
Rather than calculate a value that may never be used, let's cache this value per request when we do
calculate it - and reuse the cached value
To test:
1 - Apply patch
2 - Set circulation rule 'On shelf holds allowed' as 'If all unavailable'
make sure the rule applies to all of the items/patrons you test with
3 - Find a record with two items that are available
4 - Try to place a hold for a patron - not allowed
5 - Check out one item to another patron
6 - Attempt hold - still not allowed
7 - Check out second item to another patron
8 - Attempt hold - allowed!
9 - Apply patch
10 - Cancel and replace hold - it is allowed!
11 - Check in one item, and cancel hold
12 - Place hold - not allowed!
13 - Check in second item
14 - Place hold - not allowed!
15 - prove -v t/db_dependent/Holds/DisallowHoldIfItemsAvailable.t
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed skip_record_index => 1 from automatic_renewals.pl. See BZ.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This code is currently duplicated in controllers opac-readingrecord.pl
and opac-user.pl.
After bug 33949 it will be removed from opac-readingrecord.pl, and bug
33956 aims to remove it from opac-user.pl.
Final situation will be: we have the code in a module, covered by tests
\o/
Test plan:
Check an item out
Setup OPACMySummaryHTML ("biblionumber: {BIBLIONUMBER}" for instance)
Go to the "Your summary" at the OPAC and notice the "Links" column
Everything should work identically before and after this patch
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
As I wrote in the bug description, I encountered this problem in a particular case,
so I'll explain it in the test plan, but it's certainly likely to be encountered in different ways.
Test plan:
1) Link authorised values with a field on a MARC framework, like a 942a related to branches
2) Set it on a record with no items
3) Activate syspref "AlternateHoldingsField" and set it to field 942a
4) Go to OPAC View and you will see "Holdings: " without any values
5) Apply this patch
6) Do step 4) again and now it's fixed
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If the biblionumber or the itemnumber passed in parameter does not
exist we should return 404 instead of exploding with a 500.
Test plan:
Attach cover images to biblio and items
Notice that the UI is working correctly (staff and OPAC)
Hit catalogue/image.pl and opac/opac-image.pl with non-existent
biblionumber and imagenumber
Notice that you now get 404 instead of 500
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
A club enrollment can be cancel but it can't be edited
This patch add a 'edit' functionality to the Clubs tool in the staff interface
Test plan
1. Create a club template
1.1. Go to Tools > Patron clubs
1.2. Click on 'New Club Template'
1.3. Fill the form
1.4. on the 'Club fields' section, Click on Add new field
1.5. Fill in the form
1.6. on the 'Enrollment fields' section, Click on Add new field
1.7. Fill in the form
1.8. Click on Save button
2. Creation of the club
2.1. Go to Tools > Patron clubs > 'Clubs' section (bottom)
2.2. Click on the 'New Club' button and select the club template create on step 1
2.3. Fill in the form
2.4. Click on Save button
3. Club enrollement
On the intranet
3.1. Search for a pratron and open the patron folder
3.2. Click on the 'Clubs' tab
3.3. Find the name of the club and click on 'Enroll'
3.4. Fill the questionnaire
3.5. Confirm registration
---> Note that the enrollement can be canceled but it cannot be modified
4. Apply the patch
5. Click one more time on the 'Clubs' tab
---> Note that the enrollement can now be modified
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch caches the return value of CanItemBeReserved that could
be then returned *on
demand*
We don't want to introduce side-effects hard to catch from this simple
change, so let's return the cache value only from the 2 scripts we are
dealing with.
This patch requests all item values from CanBookBeReserved on request.pl
Before this we either:
- Looped every item to find out that book could not be reserved
- Looped until we found an item that could be reserved, then looped all items to get statuses
In the worst case we avoid double processing a single item, in the best case we avoid double
processing all items (if only last on record is holdable)
To test:
1 - Find a record in staff client with several items
2 - Set AllowHoldsOnDamagedItems to 'Dont allow'
3 - Add a damaged item to record
4 - Set a hold rule to only allow holds form homebranch and ensure record has items from other branches
5 - Setup things to prevent more items from being held
6 - Attempt hold for patron
7 - Note item statuses
8 - Apply patch
9 - Confirm statuses are as they were before
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch moves the fetching of news to the template and
adds a p[lugin method to get news by id
TO test:
1 - Define some general and library specific news items
2 - Define in various languages
3 - Define some 'Additional contents' as well
4 - Apply patch
5 - Confirm onlly 'all libraries' news show if not loigged in to opac
6 - Confirm correct library news show when logged in
7 - View specific news items:
http://localhost:8080/cgi-bin/koha/opac-main.pl?news_id=12
8 - Confirm that non-existent ids show " This news item does not exist. "
9 - Confirm if you enter ID for additional contents you get 'does not exist'
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
opac-user.tt wants to normalized_oclc number if using syndetics or B&T images
We don't need to fetch it if not, but we need to pass it if so
To test:
1 - Switch all Syndetics prefs to 'Show' or 'Use' except
SyndeticsClientCode = just enter 'test'
2 - Checkout some items to a patron, ensure the records have:
- ISBN
- UPC
- OCLC number
3 - View opac-user.pl (sign in to opac as the user)
4 - View the network console tab (may need to reload)
5 - Note requests like:
https://secure.syndetics.com/index.aspx?isbn=1780335792/MC.GIF&client=test&type=xw10&upc=&oclc=
6 - Note that oclc parameter is not filled for record with an oclc number
7 - Apply patch
8 - Reload
9 - Confirm the link now has oclc as expected
10 - Disable syndetics, enable google books or another source
11 - Confirm images display as expected
JD amended patch: tidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
normalized_oclc is used in the template to build the link to syndetics,
but it's not passed from the controller. Is this patch correct? Is
syndetics broken on this page? Should we remove it or keep it?
Is oclc parameter in the URL unecessary and should be removed?
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We are retrieving normalized_upc from the MARC XML in the controller (opac-readingrec.pl)
for all issues to display, but this is only used if BakerTaylor or Syndetics are enabled.
Test plan:
Have some checkouts and confirm that the checkout history is displayed
the same before and after this patch.
You should also test BakerTaylor or Syndetics and see if they are
working correctly, but I have no idea how to test them!
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The NewSuggestion routine saved the suggestion to the DB
and returned the id
This patch moves the code to Koha::Suggestion->store and
handles emailing upon creation, this adds that functionality to
suggestions added via api
To test:
1 - Apply patch
2 - Test adding a suggestion on the opac and staff client
3 - Confirm the suggestions are added correctly
Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
RecordedBooks search API integration is now obsolete following
rbdigital's incorporation into OverDrive. Associated code should be
removed.
https://company.overdrive.com/2020/06/23/overdrive-to-acquire-rbdigital-from-rbmedia/
Test plan:
use git grep extensively and confirm that this patch removes all
occurrences of this feature.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Resolve:
Can't call method "borrowernumber" on an undefined value at /usr/share/koha/opac/opac-illrequests.pl line 66
Test plan:
Put an unexisting illrequest_id in the URL parameter.
You should see a 404, not a crash.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Same as previous patch, but for 'update' and 'cancreq'.
We remove the redirect, but here we only want to focus on the security
fix.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Confirmed. Without this patch a patron can modify and cancel any ILL
request in the OPAC. With this patch the patron is redirected to the
404 page if modification or cancellation is attempted.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>