This patch corrects the way subscription edit menu items are displayed
according to the user's permissions settings.
To test, apply the patch and log in to the staff client as a user who
has permission to create, edit, and delete subscriptions.
- Locate an subscription and view the details for it.
- Confirm that each "Edit" menu item works correctly.
- Repeat the process when logged in as a user with varying combinations
of create, edit, and delete permissions.
- Test as a user limited by IndependentBranches.
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Includes:
* code factorization
Some code from subscription & Mana-KB has been factorized in order to speed-up next developments
* SytemPreferences:
Mana Activation:
- add a value "no, let me think about it", that is the default value.
- as long as this value is selected, messages ask if user want to activate it ( in Administration and Add-subscription(page 2) )
AutoShareWithMana
- Add the syspref AutoShareWithMana: user can automatically share infos with Mana-KB (not set by default)
* Interface :
- On mana-search, rows are now sorted by date of last import, then by number of users
- Windows redesigned to improve the user experience
* New Feature : report a mistake.
- people can now report an invalid data (wrong, obsolete,...)
- if a data is reported as invalid many time, it will appear differently
- Added few tooltip (to explain the fields last import, nb of users, to explain the new feature)
- When reporting a data as invalid, a comment can also be added. Koha will then display comments related to data in result lists
* API (svc/mana)
- add svc/mana/addvaluetofield: allows to ask mana incrementing a field of a resource
- no hardcoding for resources in the code of api (api needs to be called with a ressourcename)
* New feature : SQL report sharing
- Create Koha::Report.pm and Koha::Reports.pm, objects class for Reports
- New feature: share reports with Mana-KB
- New feature: search report in Mana-KB with keywords
- New feature: load reports from Mana-KB
Test plan:
1 - Apply Patch + update database
2 - Copy the three lines about mana config in etc/koha-conf.xml in ../etc/koha-conf.xml (after <backupdir> for example)
<!-- URL of the mana KB server -->
<!-- alternative value http://mana-test.koha-community.org to query the test server -->
<mana_config>https://mana-kb.koha-community.org</mana_config>
3 - Check Mana syspref and AutoShareWithMana syspref are not activated
4 - Search the syspref ManaToken and follow the instructions
5 - subscriptions
- Try create a new subscription for a first serial => Mana-KB shouldn't show you anything (except if the base hase been filled)
- Share this serial with Mana-KB (on the serial individual's page there must be a Share button)
- Try to create a new subscription for serial nr1 => a message should appear when you click on "next", click on "use", the fields should automaticaly appear
- Activate AutoShareWithMana => Subscriptions
- Create a new subscription for a second serial
- There shouldn't be any Share button
- Create a second subscription => the message should appear, click again on use
6 - SQL Report
- Create a new SQL report, without notes.
- On the table with all report (reports > use saved), there should be the action "Share"
- If you click on share, you have an error message
- Create a new report, with a title and notes longer than 20 characters
- You can share it with mana => you will have a success message
- On (report > use saved), there must be a message inviting you to search on Mana-KB for more results, enter a few word from title, notes, type of the report you shared, it should appear. You can use it, it will load it into your report list.
7 - Report mistakes.
- On any table containing Mana-KB search results, you can report a mistake and add a comment.
8 - For each previous test, try to send wrong data, to delete the security token, to send nothing: it should show a correct warning message.
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Rebased-by: Alex Arnaud <alex.arnaud@biblibre.com> (2018-07-04)
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
- add a class SharedContent.pm to communicate with Mana-KB server
- add a link in serials-menu.inc to serials_search.pl to open
a mana-subscription research form
- modify the research form in serials-search.tt to show the right fields
for Mana-KB
- create datatable in mana-subscription-search-result.inc to show
results from a research on Mana-KB
- modify serials-search.pl to manage research on Mana-KB
- add a mana_id to subscription table
- add a share button on serials-toolbar.inc and a modal to ask
the language of the share and to alert if the subscription is
already link to a Mana-KB subscription model
- add function in C4/Serials to get all the info for a subscription
sharing
- modify subscription-detail.pl to manage sharing to Mana-KB
- modify subscription-add.tt and subscription.pl to manage a
import from Mana-KB during a subscription creation
- add 2 script in svc for ajax calling from subscription-add.tt
to communicate with Mana-KB server during a asubscription creation
- add a function in Subscription.pm to have all the info for a Mana-KB research
from a biblionumber
- modify functions used by subscription-add.pl in C4/Serials to manage a
frequency which came from Mana-KB server and not already created on the
koha database, and modify the tests of the said functions
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Rebased-by: Alex Arnaud <alex.arnaud@biblibre.com> (2018-07-04)
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist, you
should get "This patron does not exist"
Technical note:
A new C4::Output subroutine is created in this patch: "output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all the
different checks to know if the logged in user is authorised to see patron's information.
The design here can be discussed, but I did not find an alternative with as less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove them
if required.
Changes in discharge.pl are mainly indentation changes.
With this patch we should now have a $patron variable that refer to the patron we
want to access. That will be very useful to remove plenty of code in members/* and
only pass this variable to the template (instead of 1 variable per patron's attribute).
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies even more staff client serials templates so
that JavaScript is included in the footer instead of the header.
This patch adds a new JavaScript include, serials-toolbar.js, which is
required on pages which include serials-toolbar.inc.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Serials
- Search for a subscription
- Tabs, datatables, date pickers
- Open a subscription for viewing
- Tabs, toolbar buttons for delete, renew, and close.
- Serial collection (in the sidebar menu)
- Select all / clear all
- Datatable
- Print slip
- Generate next
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
It would be very helpful for librarians to have links directly to the
record and items editor from a serial. Right now moving from the serial
to those editors requires jumping through a number of pages.
Test Plan:
1) Apply this patch
2) Browse subscription-detail.pl for a given serial
3) Under the Edit button, note the "Edit record" link
4) Verify the link takes you to the marc editor for that record
5) Create or find a serial that is set to create items on receiving
6) Under the Edit button, note the new "Edit items" link
7) Verify the link takes you to the items editor for that record
8) Create of find a serial that is *not* set to create items on receiving
9) Verify the "Edit items" link does not exists for that serial
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch modifies several include files, removing "onclick" attributes
in favor of defining events in JavaScript.
A reusable "toggle" function has been added to the global JS file so
that clicking elements with the class "toggle_element" will toggle the
display of elements as defined in the click target's "data-element"
attribute.
Also changed: In subtypes_unimarc.inc some capitalization errors have
been fixed and label/id pairs corrected.
To test, apply the patch and clear your browser cache if necessary.
- On the Acquisitions home page, click the "Orders search" header search
tab. Clicking the [+] link should expand and collapse the additional
search fields.
- On the checkout or patron detail page, view the "Restrictions" tab.
Click to add a restriction and use the datepicker to select a date.
Clicking the "Clear date" link should clear the date.
- Trigger the help window on any page. Clicking the "close window"
button should work correctly.
- Go to Administration -> Patron categories -> Edit. Checking and
unchecking messaging preference options should work correctly. The "do
not notify" checkbox should clear other checkboxes in that row and
vice versa.
- In Serials, from a subscription detail page, clicking the "Renew"
button should trigger the renew popup.
- Go to Acquisitions -> Vendor -> Add to basket -> From a subscription.
Clicking the "Advanced search" link in the left hand sidebar should
toggle the sidebar search form.
- In a UNIMARC system, view the advanced search page. Clicking the "Show
coded information filters" link should show additional search fields.
(I tested in my MARC21 system by temporarily moving line 174 of
advsearch.tt to line 172).
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes changes to Font Awesome icons in order to make icon
choice consistent for common actions.
<i class="fa fa-trash"></i> where something is deleted, removed, or
emptied.
<i class="fa fa-remove"></i> where an operation is cancelled (also where
selections are cancelled, as in checkboxes).
<i class="fa fa-times-circle"></i> for "close," as in baskets and
windows.
To test, apply the patch and view the following pages to confirm that
the correct icon is used:
- Acquisitions -> Vendor -> Vendor delete button.
- Acquisitions -> Vendor -> Edit -> Delete contact button.
- Acquisitions -> Invoices -> Delete menu item.
- Cataloging -> Edit record -> Authority search pop-up (triggered from
the tag editor for a tag linked to an authority) -> Clear field button
- Authorities -> Authority detail -> Delete button.
- Tools -> Quotes editor -> Quotes delete button.
- Reports -> View saved report -> Delete button.
- Reports -> Saved reports -> Delete menu item.
- Serials -> Subscription details -> Subscription close button.
- Administration -> Budgets -> Delete menu item.
- Administration -> Item search fields -> Delete button.
- Administration -> Z39.50/SRU servers -> Delete menu item.
- Catalog -> Advanced search -> Clear fields link.
- Cataloging -> Advanced editor -> Macros -> Delete macro button.
- Circulation -> Checkout -> Check out an item which is on hold for
another patron. "Cancel checkout and place hold" button now uses the
icon used elsewhere for holds.
- Course reserves -> Course -> Delete course button.
- Patrons -> Patron lists -> Add patrons -> Remove selected button.
- Acquisitions -> Suggestions -> Suggestion details -> Delete button.
- Lists -> List contents -> Remove selected button.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
We should be using Font Awesome for our icons instead of Glyphicons, for
the reasons discussed on bug 13696.
Test Plan:
1) Apply this patch
2) Note all Glyphicons have been replaced with FA icons in the staff intranet
3) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/modules/
should give no results
4) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/includes/
should give no results
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
We need a follow-up to cover the files changes since this
patch was written. Especially to cover the changes in the
label creator modules.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
There are some issues with serial permissions.
For instance it's not possible to receive serials if the
edit_subscription is not set.
Also the toolbar is empty.
Test plan:
1/ Set the serials => receive_serials permissions to a patron (and only
this one for the serials module).
2/ Verify you cannot create a new subscription, you can search
subscriptions but cannot edit them.
3/ On the serial result list, receive a serial (action > Serial
receive).
You can now change the status and receive it.
4/ On the serial collection, you can edit 1+ serials to reveice it.
5/ Set the serials => edit_subscription permission and confirm there is
no regression.
QA note: I think we should introduce a C4::Serials::can_receive_serials
subroutine, to test the IndependentBranches pref, but I don't want to
add to much processing to check permissions.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
When you search for serials in the Serials module the results table is
often too wide for the screen (depending on your browser window size).
This is partly due to the fixed width of the search fields in the table
footer.
This patch applies a flexible width to those <input>s and reduces the
font size of their text.
This patch also moves the "action" links for each table row into an
"action" menu (similar to the change made by Bug 10615 in Reports) to
further conserve screen space.
This patch also revises the page's DataTables configuration to use table
header classes for sorting configuration.
To test you should be able to perform a search which returns multiple
open and closed subscriptions.
- Test that table sorting works correctly, including for titles with
articles and for dates.
- Test that the Action menu items work correctly and that they correctly
reflect the permissions of the logged-in user with regard to
receive_serials and routing.
- Perform these tests on both the "Open" and "Closed" tabs.
Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely and improves the display significantly.
Passes tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch converts the toolbar include file used by Serials pages to
Bootstrap, replacing YUI button and menu code with Bootstrap markup.
To test, view any page in serials/ which uses serials-toolbar.inc
(subscription-detail.pl, serials-home.pl, etc).
Buttons and menus should look correct and work correctly, including:
- New subscription
- Edit subscription
- Edit as new (duplicate)
- Delete subscription
- Renew
- Receive
- Close
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Work as described. No errors.
For me it would be better to use icon-remove, because icon-remove-circle
shows a little cross, think that a bigger cross is more clear.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, no problems found.
I think there is a point in differentiating between closing and deleting,
so the icon-remove-circle is maybe not ideal, but the icon-remove
would falsely indicate a delete. Maybe we can find another icon that
expresses the functionality a bit better later on.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
If a subscription is no longer enough published (or we are not waiting
for a new periodical) we are allowed to close it.
If a subscription is closed, we are not able to receive or generate a
new serial.
On the serial module, we can now
- close a subscriptionn
- reopen a closed subscription
On serial search 2 tabs is displayed (opened and closed subscriptions).
This patch adds:
- a new field subscription.closed in DB
- a new status for serials (8 = stopped)
Test plan:
- search subscriptions
- close a subscription and check that you cannot receive or generate a
new serial
- launch another search and check that the closed serial is into the "closed"
tab.
- You are allowed to reopen a subscription on the subscription detail
page and on the subscription result page. A javascript alert ask you
if are certain to do this operation.
- Check the serial status "stopped" everywhere the status is
displayed (catalogue/detail.pl, serials/claims.pl,
serials/serial-issues-full.pl, serials/serials-collection.pl,
serials/serials-edit.pl, serials/serials-recieve.pl,
serials/subscription-detail.pl and opac-full-serial-issues.pl)
- The report statistics does not include the closed subscriptions if you
don't check the "Include expired subscriptions" checkbox.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 8782: Followup: add some minor modifications
- Show 'closed' information in biblio detail page
- Add a column in serials report table
- Search subscriptions on title words instead of string
- Prevent serials editing when subscription is closed
- Don't change status of "disabled" serials
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 8782 - Close a subscription - Followup - Fix updatedatabase.pl
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This seems to fix the problem with editing existing subscriptions. Please test.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
When viewing the subscription details page of a bib that already
has at least one subscription, clicking on the 'New Subscription'
button in the toolbar will fill in the biblionumber and title
in the new subscription form.
Clicking on the 'New Subscription' button in other context (e.g.,
when viewing the results of a search) will leave the biblionumber
and title fields unpopulated, as there is no specific bib to
use.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>