Commit graph

2518 commits

Author SHA1 Message Date
54bdcaef66
Bug 35266: Fix biblio check in opac-MARCdetail
We should check before retrieving metadata.

Test plan;
Try /cgi-bin/koha/opac-MARCdetail?biblionumber=X
Replace X by a not-existing biblionumber.
Verify that you get a 404 error page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>

JD amended patch: Use ternary op

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-15 16:07:04 -03:00
a08dd73621
Bug 21431: Add action parameter to set_password
Added to the call in opac-password-recovery.pl. This allows
differentiating between password change and password reset when
viewing the logs.

Test plan:
Enable BorrowersLog.
Do a password recovery on OPAC.
Check with log viewer for 'RESET PASS' action.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-09 14:50:11 -03:00
b7f0b58ee8
Bug 23798: Convert OpacMaintenanceNotice system preference to additional contents
This patch moves the OpacMaintenanceNotice system preference into HTML
customizations, making it possible to have language-specific content.

The patch modifies the OPAC maintenance page template so that the
language selection menu can be shown correctly according to the
OpacLangSelectorMode preference.

To test you should have some content in the OpacMaintenanceNotice
system preference before applying the patch. Apply the patch and run the
database update process.

- In the staff client, go to Tools -> HTML customizations and verify
  that the content from OpacMaintenanceNotice is now stored there.
- The HTML customization entry form should offer OpacMaintenanceNotice
  as a choice under "Display location."
- Update and reinstall active translations (for instance fr-FR):
  - perl misc/translator/translate update fr-FR
  - perl misc/translator/translate install fr-FR
- Enable the translation if necessary under Administration -> System
  preferences -> language.
- Enable the "opaclanguagesdisplay" preference if necessary.
- Enable the "OpacMaintenance" system preference.
- Edit the OpacMaintenanceNotice HTML customization and add unique
  content to the "fr-FR" tab.

- Try to view any page in the OPAC. You should see the content you
  added to the OpacMaintenanceNotice HTML customization.
- Switch to your updated translation. The page should redisplay with
  your translated content.
- Go to Administration -> System preferences and search for
  "OpacMaintenanceNotice." The search should return no
  results.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-08 17:41:27 -03:00
181cef50f7
Bug 34438: Add lang field to OPAC patron self registration form
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-08 11:41:15 -03:00
8c801ea132
Bug 34557: Add SCOLoadCheckoutsByDefault system preference
This patch adds a enw system preference SCOLoadCheckoutsByDefault

When enabled, a patron's list o fcurrent checkouts will be loaded when the sign in to the SCO
module. If disabled, they will see link to load their checkouts. In either case, a new section
is added to the SCO to show a brief display of the last checked out it

To test:
1 - Enable WebBasedSelfCheck system preference
2 - Browse to:
    http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
3 - Sign in the SCO user (or enable AutoSelfCheck)
4 - Sign in as a user with several items checked out
5 - Confirm you see a list of items checked out
6 - Apply patches, updatedatabase, restart_all
7 - 'Finish' and login patron to SCO again
8 - Confirm you still see the list
9 - 'Finish'
10 - Chenge the system preference
11 - Sign in to SCO, confirm checkouts do not load
12 - Confirm you see 'Load your checkouts' link
13 - Check an item out
14 - Confirm you see the last checkout, but not a list
15 - Attempt to checkout an item that cannot be checked out
16 - Confirm "Return to account summary" does not load checkouts
17 - Click "Load your checkouts"
18 - Confirm they load
19 - Check out another item, confrim they remain and are updated
20 - Checkout an item that cannot be issued
21 - Confirm 'Return to account summary' loads the checkouts again

Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: AndrewA <andrew.auld@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-08 11:41:11 -03:00
57f2ff8459
Bug 18203: Rename column
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-01 18:01:39 -03:00
13720defdd
Bug 18203: Add per borrower category restrictions on placing ILL requests
Test Plan:
    - Enable ILLModule sys pref and install any backend, or run
    bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
    - Verify you can place new ILL requests in OPAC and Intranet
    - Apply patch
    - In borrower categories, verify there's a new column for 'can place ILL in opac' and is set to 'yes' by default
    - Edit your borrower's patron category and set 'can place ILL in opac' to 'No'
    - Verify you can no longer place new ILL requests in OPAC
    - Verify you also cannot place new ILL requests through URL:
    :8080/cgi-bin/koha/opac-illrequests.pl?method=create&backend=FreeForm

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-01 18:01:39 -03:00
Aleisha Amohia
f47c5f09f7
Bug 8367: (follow-up) Remove pickup delay message from OPAC
It adds unnecessary complexity and information.

Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-01 18:01:32 -03:00
Aleisha Amohia
ffde32e0d7
Bug 8367: (follow-up) Fix pickup delay text on OPAC and other bits
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-01 18:01:31 -03:00
Aleisha Amohia
6c0eb32a08
Bug 8367: Add holds_pickup_period circulation rule
So that pickup delay can have a different value per patron category,
   item type or branch.

To test:

1) Update database, restart services
2) Set ReservesMaxPickUpDelay syspref (if not already set)
3) Edit your circulation rules and set a value under 'Holds pickup
period (day) that is DIFFERENT from ReservesMaxPickUpDelay. Set a few
different numbers for different branches as well.
4) Place a hold on a biblio from the staff client.
5) Check in an item from that biblio and confirm the hold as waiting
6) Confirm the expiration date is calculated using the 'Holds pickup
period' value instead of the ReservesMaxPickUpDelay syspref
7) Revert the waiting status and delete the hold
8) Re-place the hold on the biblio on the OPAC. Notice that when you
change the pick up location, the number of days in the pickup message
below the dropdown changes based on the circ rules.
9) Create a holiday with a date that will overlap with the 'Holds pickup
period'
10) Check in an item from that biblio and confirm the hold as waiting
11) Confirm the expiration date is calculated using the 'Holds pickup
period' value AND considers the special holiday
12) Confirm tests pass t/db_dependent/Holds/WaitingReserves.t
13) Test Talking Tech:
13a) Enable TalkingTechItivaPhoneNotification
13b) Go to Tools -> Notices & slips. Add content to the HOLD phone
(itiva) notice.
13c) In your terminal, run perl
/path/to/koha/misc/cronjobs/thirdparty/TalkingTech_itiva_outbound.pl -o
~/itiva.tmp -w 0 --type=RESERVE

Sponsored-by: Catalyst IT

Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-01 18:01:30 -03:00
0a471bfeda
Bug 31503: Make opac-patron-consent more generic
Adds $patron->consent and $consents->available_types.
Incorporates them into script/template.
Provides two unit tests.

Note: A follow-up patch helps you test this with an
example plugin.

Test plan:
Run t/db_dependent/Koha/Patron.t
Run t/db_dependent/Koha/Patron/Consents.t
Toggle the value of pref PrivacyPolicyConsent and look at
OPAC account, tab Consents.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-25 10:35:20 -03:00
f5ac2916f2
Bug 31383: Create a parent-child DB relation for additional content
In the design of additional contents the idea of a parent-child relation is implicitly present. You have a default page and translations.
But we do this in one table coming from the old news items.

Several reports show that we would be better off creating a parent table listing the main news items, CMS pages or HTML content. And a child table containing the title, content and lang.

Note that this first step is a prelimenary step to clean this area and make it more robust and extensible. More enhancements to come.

What is this patchset doing?
* DB changes
- Rename additional_contents.idnew with id
- Create a new table additional_contents_localizations(id, additional_content_id, title, content, lang) that will contain the translated contents
- Move the content to this new table
- Remove title, content and lang columns from additional_contents
- Replace the notice templates that are using ''<news>" (should only be ISSUESLIP) and remove support for this syntax. Also add a warning in case other occurrences of uses of the old syntax exist.

* CRUD
- We add a new Koha::AdditionalContentsLocalization[s] couple, and move some logic from Koha::AdditionalContent[s] to there. Note that, to prevent too much drastic changes in notice templates, and to make them easy to use, the different attributes of the content object is accessible from the translated content object (ie. Koha::AdditionalContentsLocatlization->library is available and return $self->additional_content->library). I think it's an elegant way to keep things simple.
- No changes expected for "NewsLog" logging
- Little behaviour changes for pages, see tools/page.pl changes. We are now passing the id of the content, and the desired language, instead of the mix of "page_id" or code and lang. Note that here we certainly need to rename "language" query param to not change the full interface language.

Test plan:
0. Preparation steps, use master
  a. Create notice templates that are using "<< additional_contents.code >>". This won't be replaced, but we want the update process to alert us.
  b. Create several news, additional contents, pages. Some with translated contents, some without.
  c. Make sure ISSUESLIP has the "<news>" section. If you are using the sample data there is nothing to do here
  d. Turn on NewsLogs
1. Apply the patches, restart_all, updatedatabase
=> Confirm that the new table is created and filled with the contents you had prior to the update
=> Confirm that additional_contents_localizations.updated_on has been kept to the previous values
=> Confirm that ISSUESLIP has been replaced properly
=> Confirm that you get a warning about the additional_contents
2. Create, update, delete news, html customs, pages
=> Confirm that the additional_contents_localizations.updated_on is only adjusted when required
=> Confirm that the logs are correctly created when NewsLogs is on
3. Check some items out, generate a slip
=> Confirm that the news are displayed at the bottom of the slip, and that the publication date is correctly formatted
4. Have several HTML customizations (like OpacNav, opacheader), in translated in different languages
=> Confirm that the default values is displayed when you are using the interface in a language without translation
=> Confirm that the translated version is picked when it exists

Notes for QA:
* I am not sure we really need the alert during the update DB process about the additional_contents leftover. We should not have them outside of ISSUESLIP.
Shouldn't it hurt?
* There is something ugly in sample_news.yml, the id is hardcoded. But how do we prevent that and keep translatability?

Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-20 14:43:56 -03:00
891835895c
Bug 33949: Replace GetAllIssues with Koha::Checkouts - opac
Same as bug 33948 for the OPAC side.
Additionally you will test
* OPACMySummaryHTML
* The different cover images services
* Display of ISBN
* Display of UPC
* Ratings

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-18 15:41:26 -03:00
a210aa9f63
Bug 26314: (QA follow-up) Resolve new QA script failures
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-17 14:45:13 -03:00
f14f56a8f4
Bug 26314: Update for changes to bug 11175 methodology
This moves the show_volumes calculation back out of C4::XSLT into the
controller scripts and refined the search query builder slightly based
on the XSLT equivilent.

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-17 14:45:13 -03:00
Hammat Wele
ba8d05cbc8
Bug 33087: OPACHoldsIfAvailableAtPickup considers On order as available
if OPACHoldsIfAvailableAtPickup is set to "Don't allow" (i.e. if patrons cannot place holds on items that are available at their library), patrons cannot place holds on items that are on order (or any negative not for loan value) for pickup at their library.

Technically, those items are not "available", so they shouldn't be affected by this system preference.

To replicate:

Prerequisites :

-  Have at least two libraries (I used the sample libraries)

-  Have a patron in one of the libraries (I used Henry Acevedo), make sure you know the user id and password for that patron

-  Make sure the circulation rules allow holds for the patron category

1. Set OPACHoldsIfAvailableAtPickup to "Don't allow"

   1.1. Go to Administration > Global system preference
   1.2. Search for OPACHoldsIfAvailableAtPickup
   1.3. Change the value to "Don't allow"
   1.4. Click "Save all Circulation preferences"

2. Make an item "On order" at the patron's library (Henry Acevedo is at Midway)

   2.1. If needed, create a bibliographic record and item
   2.2. Edit the item to assign the "On order" not for loan status
   2.3. Change the home and holding library to the patron's library (Midway)
   2.4. Click "Save changes"

3. Try to place a hold on the item through the OPAC

   3.1. In the OPAC, log in as the patron
   3.2. Search for the item
   3.3. Click "Place hold"

   --> Notice the patron's library is greyed out in the pickup location drop-down menu"

4. Apply the patch

5. Repeat step 3

   --> Notice you can select the patron's library in the pickup location drop-down menu and place a hold with it

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-11 12:13:05 -03:00
fe21bbad2a
Bug 28130: (QA follow-up) Tidy
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-11 10:31:39 -03:00
Aleisha Amohia
e790f75c0d
Bug 28130: Manage subscription alerts on OPAC
This patch adds an 'Alert subscriptions' tab to the patron's account on the OPAC, so they can easily view or cancel email alerts they have subscribed to.

To test:

1. Subscribe to email alerts for one or more subscriptions via the OPAC
2. Go to your account, notice the new 'Alert subscriptions' menu option, click here
3. Confirm your subscribed alerts show here. Confirm the table sorting works etc (JS enabled).
4. Test unsubscribing from email alerts, make sure the confirmation pop-up works as expected (JS enabled).
5. Confirm that, when unsubscribing, you are redirected back to this page.
6. Confirm the menu option disappears from the left sidebar navigation if you have no alert subscriptions.

Sponsored-by: Bibliotheksservice-Zentrum Baden-Wuerttemberg
Signed-off-by: Christian Stelzenmüller <christian.stelzenmueller@bsz-bw.de>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-11 10:31:38 -03:00
1a0ccaa991
Bug 33819: Add page numbers to opac results breadcrumb
This patch adds the page number to the breadcrumb in the opac search results to ensure that it is unique to the content on the page. Currently it is not compliant to Accessibility guidelines as the breadcrumb is identical on every page despite the content being different.

To test:
1) Apply patch
2) Run a search in the OPAC that will return more than 20 results.
3) The breadcrumb should say "Results of search for 'search term', page x of y"
4) Run a search that will return less than 20 results
5) The breadcrumb should say "Results of search for 'search term'

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-09 11:41:22 -03:00
Julian Maurice
ee381ca702
Bug 33074: Take ReservesControlBranch into account in opac-reserve.pl
Test plan:
1. Set system preferences:
   - Disable OPACAllowUserToChooseBranch
   - Set ReservesControlBranch to "item's home library"
   - Enable UseBranchTransferLimits
   - Set BranchTransferLimitsType to "item type"
   - Enable canreservefromotherbranches
   - Disable IndependantBranches
2. Create two libraries: ITEM_LIB and PATRON_LIB
3. Set circulation rules:
   - Remove all circulation rules (DELETE FROM circulation_rules)
   - Set a default rule that allow some holds and with "OPAC item level
     holds" = "force". Allow "on shelf" holds for easier testing.
   - In the rules for ITEM_LIB, under "Default checkout, hold and return
     policy",
     - set "Hold policy" to "From any library"
     - set "Hold pickup library match" to "item's home library"
   - In the rules for PATRON_LIB, under "Default checkout, hold and
     return policy",
     - set "Hold policy" to "From any library",
     - set "Hold pickup library match" to "any library"
4. In "Library transfer limits" disable all transfers from ITEM_LIB to
   PATRON_LIB for an item type (let's say "BOOK")
5. Create a biblio with an item:
   - item type must be the same as in previous step ("BOOK")
   - home branch and holding branch must be ITEM_LIB
6. Create a patron at PATRON_LIB, give it a password so it can log in.
7. Go to OPAC, and login with this patron
8. Try to place a hold for the new item. You should be allowed to place
   a hold, but when doing it, no holds will be created.
9. Apply patch, restart Koha
10. Try to place a hold for the new item. This time the hold should be
    created

Signed-off-by: Jessie Zairo <jzairo@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Merged tidy patch and switch to Koha::Policy::Holds here.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-03 08:51:12 -04:00
4fadf73a95
Bug 34836: Add patron check to isbd and marc detail pages
Test plan:
- Go to circulation rules and set On shelf holds allowed to If all unavailable
- Log out
- Visit a MARC detail or ISBD detail bib record on OPAC:
http://localhost:8080/cgi-bin/koha/opac-MARCdetail.pl?biblionumber=76
http://localhost:8080/cgi-bin/koha/opac-ISBDdetail.pl?biblionumber=76
- Notice it blows up with error 500, on both occasions
- Apply patch. Repeat.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-10-03 08:51:11 -04:00
e9d8cc08c5
Bug 30825: Move holds_control_library to Koha::Policy::Holds
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:46 -03:00
752fb21b47
Bug 30825: Remove GetReservesControlBranch in favour of Koha::Item->holds_control_library
This patch removes the GetReservesControlBranch method, and replaces its
uses with the newly introduced method.

To test:
1. Apply this patch
2. Verify that placing holds from the OPAC works
=> SUCCESS: Things work as expected
3. Run:
   $ kshell
  k$ prove t/db_dependent/Reserves* \
           t/db_dependent/Hold* \
           t/db_dependent/Koha/Hold* \
           t/db_dependent/Koha/Biblio.t
=> SUCCESS: Tests pass!
4. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:46 -03:00
David Gustafsson
f726558510
Bug 32496: Reduce unnecessary unblessings of objects in Circulation.pm
Refactor the most performance critical subroutines in Circulation.pm
to take objects instead of unblessed ones to reduce unnecessary
unblessings and generally clean up the code.

To test:

1) Ensure the following tests all pass:
  t/db_dependent/Circulation.t
  t/db_dependent/Circulation/CalcDateDue.t
  t/db_dependent/Circulation/CheckIfIssuedToPatron.t
  t/db_dependent/Circulation/GetPendingOnSiteCheckouts.t
  t/db_dependent/Circulation/GetTopIssues.t
  t/db_dependent/Circulation/IsItemIssued.t
  t/db_dependent/Circulation/MarkIssueReturned.t
  t/db_dependent/Circulation/ReturnClaims.t
  t/db_dependent/Circulation/Returns.t
  t/db_dependent/Circulation/SwitchOnSiteCheckouts.t
  t/db_dependent/Circulation/TooMany.t
  t/db_dependent/Circulation/dateexpiry.t
  t/db_dependent/Circulation/issue.t
  t/db_dependent/Circulation/maxsuspensiondays.t
  t/db_dependent/Circulation/transferbook.t
  t/db_dependent/Circulation_holdsqueue.t
  t/db_dependent/DecreaseLoanHighHolds.t
  t/db_dependent/Holds/DisallowHoldIfItemsAvailable.t
  t/db_dependent/Holds/RevertWaitingStatus.t
  t/db_dependent/ILSDI_Services.t
  t/db_dependent/Illrequests.t
  t/db_dependent/Koha/Account/Line.t
  t/db_dependent/Koha/Biblio.t
  t/db_dependent/Koha/Items.t
  t/db_dependent/Koha/Object.t
  t/db_dependent/Koha/Patrons.t
  t/db_dependent/Koha/Pseudonymization.t
  t/db_dependent/Koha/Template/Plugin/CirculationRules.t
  t/db_dependent/Letters/TemplateToolkit.t
  t/db_dependent/Members/GetAllIssues.t
  t/db_dependent/Members/IssueSlip.t
  t/db_dependent/Patron/Borrower_Discharge.t
  t/db_dependent/Patron/Borrower_PrevCheckout.t
  t/db_dependent/SIP/ILS.t
  t/db_dependent/Holds.t
  t/db_dependent/Holds/LocalHoldsPriority.t
  t/db_dependent/Holds/HoldFulfillmentPolicy.t
  t/db_dependent/Holds/HoldItemtypeLimit.t
  t/db_dependent/Reserves/GetReserveFee.t
  t/db_dependent/api/v1/return_claims.t
  t/db_dependent/api/v1/biblios.t
  t/db_dependent/api/v1/checkouts.t
  t/db_dependent/Reserves.t
  t/db_dependent/HoldsQueue.t
  t/db_dependent/selenium/regressions.t
  t/db_dependent/Koha/Plugins/Circulation_hooks.t
  t/db_dependent/Koha/Plugins/Recall_hooks.t
  t/db_dependent/Koha/Recalls.t
  t/db_dependent/Koha/Recall.t
  t/db_dependent/Circulation/_CalculateAndUpdateFine.t

Sponsored-by: Gothenburg University Library

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 10:52:39 -03:00
753e5a86d9
Bug 33716: ILL Type Disclaimer - OPAC
Update the way Availability is handled
Add the new type disclaimer workflow operation
after Availability

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-19 16:34:31 -03:00
Aleisha Amohia
e7707b768b
Bug 34760: Confirm session ID is set to save OPAC search history to logged in user
This patch confirms that a session ID has been set before trying to save search history to a logged in user on the OPAC.

This depends on EnableOpacSearchHistory system preference being enabled.

Apply the patch and test that you don't see an Error 500 page at any point through this plan:

1. Do an OPAC search, ensure you are not logged in
2. Confirm your search was saved to search history
3. Do another search, then log in
4. Confirm you are brought back to the search results after logging in
5. Confirm all search history from the session is visible

Sponsored-by: Toi Ohomai Institute of Technology
Signed-off-by: Salah Ghedda <salah.ghedda@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-19 16:34:27 -03:00
17b384ee3b
Bug 27634: Turn off patron self-registration if no default category is set
If there is no default category defined in PatronSelfRegistrationDefaultCategory the full feature must be displayed.

We already hide the link from the OPAC main page, but the form is still accessible.

Test plan (for the whole patch set):
1. Turn on PatronSelfRegistration
2. Don't set PatronSelfRegistrationDefaultCategory
3. Go to the OPAC main page and confirm that the "Register here" link is
not displayed
4. Hit opac-memberentry.pl and confirm that you are redirected to the
OPAC main page
5. Go to the about page and confirm that you see a warning in the
"System information" tab
6. Set PatronSelfRegistrationDefaultCategory to an invalid patron's
category
7. Repeat 3, 4, 5
8. Set PatronSelfRegistrationDefaultCategory to a valid patron's
category
9. Self-register a patron and confirm it works as expected
10. Edit PatronSelfRegistrationBorrowerUnwantedField and confirm that
you cannot remove dateexpiry and categorycode

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-19 16:34:17 -03:00
b987fd5afd
Bug 33940: Move C4::Members cardnumber sub to Koha::Policy::Patrons::Cardnumber
Test plan:
The idea here is to confirm this patch does not introduce regression.
For that you will play with the CardnumberLength syspref and create a
new user, modify an existing one, and check that the UI does not let you
modify an invalid cardnumber.
The onboarding process and the patron import tool will also have to be tested

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 33940: Fix selfreg

please squash with first patch

Bug 33940: Fix messages we sent to templates

please squash with the first patch

Bug 33940: Fix what we send to memberentry

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-15 11:57:06 -03:00
e0b3a6c2aa
Bug 34731: Don't call SendQueuedMessages if message_id is bad
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-12 09:44:59 -03:00
1742913a05
Bug 34694: Only check for IsAvailableForItemLevelRequest if is authenticated
- Go to circulation rules and set On shelf holds allowed to If all unavailable
- Log out
- Visit a bib record on OPAC:
http://localhost:8080/cgi-bin/koha/opac-detail.pl?biblionumber=76
- Notice it blows up with error 500
- Apply patch. Repeat

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-05 11:52:27 -03:00
Pascal Uphaus
af60975fbc
Bug 34441: Fixed Typo "Paramater"
To test:
1. git grep paramater
2. notice 3 files have spelling mistakes
3. apply the patch
4. git grep paramater
5. notice there are no spelling mistakes for that word

Signed-off-by: Thomas Klausner <domm@plix.at>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-01 11:23:21 -03:00
Hammat Wele
a09a926458
Bug 30846: 'If any unavailable' doesn't consider negative notforlan values as unavailable
When we set up a circulation rule where 'On shelf holds allowed' is 'If any unavailable' and we have a record with one 'Ordered' item, we cannot place this item on hold.

This patch allows placing hold on item with negative not for loan values, when using rule with 'On shelf holds allowed' set to 'If any unavailable'

To test:

1. Set up a circulation rule where on shelf holds are not allowed and force the choosing of an item (to facilitate the test)
    1.1. Go to Administration > Circulation and fines rules
    1.2. In the matrix, add a circulation like this
          - Patron category: All
          - Item type: Books
          - Current checkouts allowed: 10
          - Current on-site checkouts allowed: 10
          - Loan period: 21
          - Holds allowed (total): 10
          - Holds allowed (daily): 10
          - Holds per record (count): 10
          - On shelf holds allowed: If any unavailable
          - OPAC item level holds: Force
    1.3. Click Save
2. Create a record with one 'Ordered' item (or any negative value not for loan status)
    2.1. Go to Cataloging
    2.2. Click New record
    2.3. Fill out the mandatory fields (by default in MARC21: 000, 003, 005, 008,  040, 245, and 942 (942 should be set to Books))
    2.4. Click Save
    2.5. Fill out the following item fields
          - Not for loan: Ordered
          - Koha item type: Books
    2.6. Click Add item
    2.7. Click Normal to go to the detailed record
3. Try to place a hold on the 'Ordered' item
    3.1. From the detailed record, click OPAC view: Open in new window.
    --> Note that the 'Place hold' option is not present
4. Add a second 'Available' item
    4.1. Back in the staff interface tab with the detailed record, click New > New item
    4.2. Make sure the item type is set to Books
    4.3. Add a barcode in p
    4.4. Click Add item
5. Try again to place a hold on the 'Ordered' item
    5.1. Go back to the OPAC tab and refresh the page
    --> Note that the 'Place hold' option is still not present
6. Check out the available item to a patron
    6.1. In the staff interface tab, copy the barcode from the available item
    6.2. Go to Patrons
    6.3. Click on Search
    6.4. Click Check out next to one of the patrons
    6.5. Paste the barcode in the box and click Check out
7. Try again to place a hold on the 'Ordered' item
    7.1. Go back to the OPAC tab and refresh the page
    --> Note that the 'Place hold' option is now present
    7.2. Click Place hold
    --> Note that only the checked out item is available to place on hold, if you click Show unholdable items, it will show the Ordered item, but you can't place a hold on it.
8. Apply the patch
9. Go to the OPAC tab and click on the book title right next to 'Place a hold on' checkbox to go back to the record details.
        --> Note that the 'Place hold' option is still present
        9.1. Click Place hold
        --> Note that you can now place a hold on the 'Checked out' or the 'Ordered' item.
10. Check in the item to make it available again
    10.1. In the staff interface tab, click on 'Show checkouts' button
    10.2. Select the Checked out item and click on 'Renew or check in selected items' button.
11. Try again to place a hold on the 'Ordered' item
    11.1. Go back to the OPAC tab and click on the book title right next to 'Place a hold on' checkbox to go back to the record details.
    --> Note that the 'Place hold' option is still present
    11.2. Click Place hold
    --> Note that only the 'Ordered' item is available to place on hold, if you click Show unholdable items, it will show the Available item and you can't place a hold on it.
12. Delete the available item to keep only the Ordered item
    12.1 in the staff interface tab, click on 'Search catalog' and search for the record
    12.2 click on 'Edit' then 'Edit items'
    12.3 Delete the available item
13. Try to place a hold on the remain 'Ordered' item
    13.1 Go back to the OPAC tab and click on the book title right next to 'Place a hold on' checkbox to go back to the record details.
        --> Note that the 'Place hold' option is present
    13.2. Click Place hold
    --> Note that you can place a hold on the Ordered item.

Signed-off-by: Amaury GAU <amaury.gau@bulac.fr>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 15:14:11 +03:00
Michał Górny
3241671cdd
Bug 34023: Prevent HTML injection in "back to results" link from search page
It is possible inject raw HTML into the "Back to search results" link by leading the user to a search with specially crafted URL.

For example, using the demo instance:

1. Visit https://koha.adminkuhn.ch/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1&%22%3Etest%3Ca%20foo=%22

2. Refresh the page (for some reason, "back to results" doesn't appear unless I do that at least once).

3. Click any result.

Note that the result page now contains:

  <a href="opac-search.pl?idx=&amp;q=test&amp;weight_search=1&amp;">test<a foo=%22" title="...

i.e. `">test<a ...` was successfully injected into the HTML.

I'm attaching a quick patch I've used to patch up our instance.  It just indiscriminately URI-escapes all parameter keys.  I didn't decode them back since as far as I understand all valid keys do not contain special characters.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:04 -03:00
105750acb1
Bug 34178: Cache ItemsAnyAvailableAndNotRestricted in memory and don't precalculate
There are several places in the code where we precalculate ItemsAnyAvailableAndNotRestricted to avoid
looping on this routine when calling IsAvailableForItemLevelRequest on a list of items form a biblio

The value of ItemsAnyAvailableAndNotRestricted is only used when there is a circulation rule for
'onshelfholds' with a value of '2' (If all unavailable)

Rather than calculate a value that may never be used, let's cache this value per request when we do
calculate it - and reuse the cached value

To test:
 1 - Apply patch
 2 - Set circulation rule 'On shelf holds allowed' as 'If all unavailable'
    make sure the rule applies to all of the items/patrons you test with
 3 - Find a record with two items that are available
 4 - Try to place a hold for a patron - not allowed
 5 - Check out one item to another patron
 6 - Attempt hold - still not allowed
 7 - Check out second item to another patron
 8 - Attempt hold - allowed!
 9 - Apply patch
10 - Cancel and replace hold - it is allowed!
11 - Check in one item, and cancel hold
12 - Place hold - not allowed!
13 - Check in second item
14 - Place hold - not allowed!
15 - prove -v t/db_dependent/Holds/DisallowHoldIfItemsAvailable.t

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-19 13:00:42 -03:00
7afbba200d
Bug 33444: Update AddRenewal to take a hashref of params
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed skip_record_index => 1 from automatic_renewals.pl. See BZ.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-19 12:06:52 -03:00
3f3503f103
Bug 33956: Use Koha::Biblio->opac_summary_html from opac-user.pl
This code is currently duplicated in controllers opac-readingrecord.pl
and opac-user.pl.

After bug 33949 it will be removed from opac-readingrecord.pl, and bug
33956 aims to remove it from opac-user.pl.

Final situation will be: we have the code in a module, covered by tests
\o/

Test plan:
Check an item out
Setup OPACMySummaryHTML ("biblionumber: {BIBLIONUMBER}" for instance)
Go to the "Your summary" at the OPAC and notice the "Links" column
Everything should work identically before and after this patch

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-13 15:19:39 -03:00
Thibaud Guillot
cbd0c15c87
Bug 34218: Send a record copy to avoid loss of information and display problems
As I wrote in the bug description, I encountered this problem in a particular case,
so I'll explain it in the test plan, but it's certainly likely to be encountered in different ways.

Test plan:

1) Link authorised values with  a field on a MARC framework, like a 942a related to branches
2) Set it on a record with no items
3) Activate syspref "AlternateHoldingsField" and set it to field 942a
4) Go to OPAC View and you will see "Holdings: " without any values
5) Apply this patch
6) Do step 4) again and now it's fixed

Signed-off-by: Sam Lau <samalau@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-10 15:43:16 -03:00
5f43478512
Bug 33047: Return 404 instead of 500 when biblio does not exist
If the biblionumber or the itemnumber passed in parameter does not
exist we should return 404 instead of exploding with a 500.

Test plan:
Attach cover images to biblio and items
Notice that the UI is working correctly (staff and OPAC)
Hit catalogue/image.pl and opac/opac-image.pl with non-existent
biblionumber and imagenumber
Notice that you now get 404 instead of 500

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-10 15:43:14 -03:00
Hammat Wele
ee24e53a66
Bug 25079: Add a 'edit' functionality to the Clubs tool in the staff interface
A club enrollment can be cancel but it can't be edited
This patch add a 'edit' functionality to the Clubs tool in the staff interface

Test plan
1. Create a club template
    1.1. Go to Tools > Patron clubs
    1.2. Click on 'New Club Template'
    1.3. Fill the form
    1.4. on the 'Club fields' section, Click on Add new field
    1.5. Fill in the form
    1.6. on the 'Enrollment fields' section, Click on Add new field
    1.7. Fill in the form
    1.8. Click on Save button

2. Creation of the club
    2.1. Go to Tools > Patron clubs > 'Clubs' section (bottom)
    2.2. Click on the 'New Club' button and select the club template create on step 1
    2.3. Fill in the form
    2.4. Click on Save button

3. Club enrollement
    On the intranet
    3.1. Search for a pratron and open the patron folder
    3.2. Click on the 'Clubs' tab
    3.3. Find the name of the club and click on 'Enroll'
    3.4. Fill the questionnaire
    3.5. Confirm registration
        ---> Note that the enrollement can be canceled but it cannot be modified

4.  Apply the patch
5. Click one more time on the 'Clubs' tab
   ---> Note that the enrollement can now be modified

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-23 11:00:49 -03:00
45852c950e
Bug 30860: Cache CanItemBeReserved return value
This patch caches the return value of CanItemBeReserved that could
be then returned *on
demand*
We don't want to introduce side-effects hard to catch from this simple
change, so let's return the cache value only from the 2 scripts we are
dealing with.

This patch requests all item values from CanBookBeReserved on request.pl

Before this we either:
- Looped every item to find out that book could not be reserved
- Looped until we found an item that could be reserved, then looped all items to get statuses

In the worst case we avoid double processing a single item, in the best case we avoid double
processing all items (if only last on record is holdable)

To test:
1 - Find a record in staff client with several items
2 - Set AllowHoldsOnDamagedItems  to 'Dont allow'
3 - Add a damaged item to record
4 - Set a hold rule to only allow holds form homebranch and ensure record has items from other branches
5 - Setup things to prevent more items from being held
6 - Attempt hold for patron
7 - Note item statuses
8 - Apply patch
9 - Confirm statuses are as they were before

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-23 10:01:07 -03:00
c1f628fbc9
Bug 29691: Use template to display news on opac homepage
This patch moves the fetching of news to the template and
adds a p[lugin method to get news by id

TO test:
1 - Define some general and library specific news items
2 - Define in various languages
3 - Define some 'Additional contents' as well
4 - Apply patch
5 - Confirm onlly 'all libraries' news show if not loigged in to opac
6 - Confirm correct library news show when logged in
7 - View specific news items:
    http://localhost:8080/cgi-bin/koha/opac-main.pl?news_id=12
8 - Confirm that non-existent ids show " This news item does not exist. "
9 - Confirm if you enter ID for additional contents you get 'does not exist'

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-15 08:48:13 -03:00
a59f757fd7
Bug 33957: Add normalized_oclc and only fetch when needed
opac-user.tt wants to normalized_oclc number if using syndetics or B&T images

We don't need to fetch it if not, but we need to pass it if so

To test:
1 - Switch all Syndetics prefs to 'Show' or 'Use' except
    SyndeticsClientCode = just enter 'test'
2 - Checkout some items to a patron, ensure the records have:
    - ISBN
    - UPC
    - OCLC number
3 - View opac-user.pl (sign in to opac as the user)
4 - View the network console tab (may need to reload)
5 - Note requests like:
    https://secure.syndetics.com/index.aspx?isbn=1780335792/MC.GIF&client=test&type=xw10&upc=&oclc=
6 - Note that oclc parameter is not filled for record with an oclc number
7 - Apply patch
8 - Reload
9 - Confirm the link now has oclc as expected
10 - Disable syndetics, enable google books or another source
11 - Confirm images display as expected

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-09 08:41:54 -03:00
b10b840577
Bug 33951: (QA follow-up) Import GetNormalizedOCLCNumber
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-08 09:02:17 -03:00
8e93668796
Bug 33951: Set normalized_oclc in opac/opac-readingrecord.pl
normalized_oclc is used in the template to build the link to syndetics,
but it's not passed from the controller. Is this patch correct? Is
syndetics broken on this page? Should we remove it or keep it?
Is oclc parameter in the URL unecessary and should be removed?

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-08 09:02:13 -03:00
c4e016f4df
Bug 33950: Don't get marcxml if not necessary - opac-readingrecord.pl
We are retrieving normalized_upc from the MARC XML in the controller (opac-readingrec.pl)
for all issues to display, but this is only used if BakerTaylor or Syndetics are enabled.

Test plan:
Have some checkouts and confirm that the checkout history is displayed
the same before and after this patch.
You should also test BakerTaylor or Syndetics and see if they are
working correctly, but I have no idea how to test them!

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-08 08:32:39 -03:00
fb877da7d3
Bug 33236: Move NewSuggestion to Koha::Suggestion->store
The NewSuggestion routine saved the suggestion to the DB
and returned the id

This patch moves the code to Koha::Suggestion->store and
handles emailing upon creation, this adds that functionality to
suggestions added via api

To test:
1 - Apply patch
2 - Test adding a suggestion on the opac and staff client
3 - Confirm the suggestions are added correctly

Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
2023-06-06 10:08:35 -03:00
399eb51d34
Bug 33803: Remove comment about tab width
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-06 09:58:47 -03:00
8b9355088a
Bug 33697: Remove RecordedBooks (rbdigital) integration
RecordedBooks search API integration is now obsolete following
rbdigital's incorporation into OverDrive. Associated code should be
removed.

https://company.overdrive.com/2020/06/23/overdrive-to-acquire-rbdigital-from-rbmedia/

Test plan:
use git grep extensively and confirm that this patch removes all
occurrences of this feature.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-05 15:36:11 -03:00
4ede366268
Bug 33702: (QA follow-up) Do not crash on borrowernumber
Resolve:
Can't call method "borrowernumber" on an undefined value at /usr/share/koha/opac/opac-illrequests.pl line 66

Test plan:
Put an unexisting illrequest_id in the URL parameter.
You should see a 404, not a crash.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-05-29 09:21:51 -03:00
b5cae12aef
Bug 33702: Prevent ILL requests to be modified by somebody else
Same as previous patch, but for 'update' and 'cancreq'.
We remove the redirect, but here we only want to focus on the security
fix.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Confirmed. Without this patch a patron can modify and cancel any ILL
request in the OPAC. With this patch the patron is redirected to the
404 page if modification or cancellation is attempted.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-05-29 09:21:50 -03:00