Commit graph

2348 commits

Author SHA1 Message Date
64176acbc9
Bug 29697: tracklinks should not explode on invalid marc record
Caught by t/db_dependent/www/regressions.t

    #   Failed test '404 for itemnumber containing different URI'
    #   at t/db_dependent/www/regressions.t line 124.
    #          got: '500'
    #     expected: '404'

    #   Failed test '302 for itemnumber with matching URI'
    #   at t/db_dependent/www/regressions.t line 126.
    #          got: '500'
    #     expected: '302'

    #   Failed test '404 for itemnumber containing different URI'
    #   at t/db_dependent/www/regressions.t line 139.
    #          got: '500'
    #     expected: '404'

    #   Failed test '302 for itemnumber with matching URI'
    #   at t/db_dependent/www/regressions.t line 141.
    #          got: '500'
    #     expected: '302'
    # Looks like you failed 4 tests of 36.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-25 10:19:42 -03:00
45de338715
Bug 29697: Use flag embed_items
Includes:
    Bug 29697: (follow-up) Use flag embed_items

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:24:11 -03:00
0a37e8f7fd
Bug 29697: Remove GetHiddenItemnumbers
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

JD amended patch:
-    my @items        = $biblio->items->filter_by_visible_in_opac({ patron => $logged_in_user })->unblessed;
-    foreach my $item (@items) {
+    my $items        = $biblio->items->filter_by_visible_in_opac({ patron => $logged_in_user })->unblessed;
+    foreach my $item (@$items) {

-    for my $itm (@items) {
+    for my $itm (@$items) {

-    $dat->{ITEM_RESULTS}   = \@items;
+    $dat->{ITEM_RESULTS}   = $items;

-        @items_to_show = Koha::Items->search( { itemnumbers => [ map { $_->{itemnumber} } @all_items ] } )
-                                    ->filter_by_visible_in_opac( { patron => $patron } );
+        @items_to_show = Koha::Items->search( { itemnumber => [ map { $_->{itemnumber} } @all_items ] } )
+                                    ->filter_by_visible_in_opac( { patron => $patron } )->as_list;

-            my @items_to_show = $items->filter_by_visible_in_opac({ opac => 1, patron => $patron });
+            my @items_to_show = $items->filter_by_visible_in_opac({ opac => 1, patron => $patron })->as_list;

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:24:11 -03:00
70d61d80fb
Bug 29697: Replace GetMarcBiblio occurrences with $biblio->metadata->record
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

JD Amended patch:
-# FIXME Special case here

-    print "Biblio not found\n,";
+    print "Biblio not found\n";

- my $biblio = Koha::Biblio->find($hostbiblionumber);
+ my $biblio = Koha::Biblios->find($hostbiblionumber);

Rebased-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:24:11 -03:00
790bab24b1
Bug 29697: Special case - opac not needed
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:24:10 -03:00
dec2a44f00
Bug 30678: (follow-up) Change call in opac scripts
Test plan:
See first patch. Add orgcode OCoLC.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 14:58:12 -03:00
ff0da4944c
Bug 30678: Add OCLC_NO as option to OPACSearchForTitleIn
We need to pass OCLC_NO as key to C4::Output::parametrized_url.
We get it from MARC21 035$a and strip the organizational code.

Test plan:
Add e.g. 62385712 in 035$a in a record.
Add e.g. following link to pref OPACSearchForTitleIn:
    <a  href="https://worldcat.org/search?q={OCLC_NO}" target="_blank">WorldCat (via OCLC number)</a>
Open that record on detail page. Click More searches. Follow that link.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 14:58:11 -03:00
2ce5f0532c
Bug 31213: Auto search simple term quoted
This patch does a second search if the first had no results and was a simple single term search

We simply quote the term, rebuild the query, and rerun the search

This targets both Zebra and ES, but is more relevant for ES

To test:
0 - Have Koha running using ES
1 - Add titles your system "Ivy + Bean" "The 6:20 Man"
2 - Search for these titles without quotes - NO results under ES
3 - Search with quotes - you find them
4 - Apply patch, restart all
5 - Search again without quotes
6 - Success!
7 - Confirm search still works under Zebra

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 11:11:19 -03:00
d7647052f2
Bug 31186: Fix the hidingrules test for result numbering
We should not test the $hidingrules variable but the number
of keys it contains.

Test plan:
Clear OpacHiddenItems.
Check with and without this patch search result numbering on
the OPAC.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-20 11:51:38 -03:00
b70ae1d50f
Bug 30933: (follow-up) Use cannot_be_transferred in shelves scripts
Test plan:
Verify if transfer shared list on OPAC still works as expected.
Same for intranet counterpart for public lists.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-20 09:04:07 -03:00
5182341cd1
Bug 25498: (follow-up) Show error message when no sharee has email
Test plan:
Share a list with a patron that has no email address.
Try to transfer ownership. Verify that you get the error message.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-20 09:02:18 -03:00
443c71fa00
Bug 25498: (QA follow-up) Rename virtualshelfshare->patron
This patron is a 'sharee' (not the sharer).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-19 11:25:26 -03:00
52154c6e90
Bug 25498: Transfer ownership shared list on OPAC
Test plan:
Pick or create a shared list. Login as owner.
Transfer to one of the other members.
Verify that you do no longer have Transfer, but see Remove share.
Login as the other member. Transfer it back.

Bonus: Working with two tabs, you can open the Transfer form and
in the meantime delete the list, the patron or remove the share.
Or change permissions. Submit after that and check the error message.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-19 11:25:25 -03:00
da8f05f7c5
Bug 25498: Show transfer button for shared lists on OPAC
Test plan:
Pick or create a shared list.
Verify that OPAC only shows the Transfer button when you are the
owner of a shared list.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-19 11:25:24 -03:00
fd49601079
Bug 20439: Sort SMS providers in alphabetical order by DB field
To test:
1/ Add 'Email' to the 'SMSSendDriver' system preference.
2/ Make sure 'EnhancedMessagingPreferencesOPAC' and 'EnhancedMessagingPreferences' are turned on.
3/ Add some SMS providers (/cgi-bin/koha/admin/sms_providers.pl) with different names.
4/ Notice on memberentry.pl and opac-messaging.pl the SMS providers sort by when they were added, not alphabetically.
5/ Apply patch and restart services.
6/ Look at memberentry.pl and opac-messaging.pl and notice that they SMS providers now sort alphabetically.

Signed-off-by: George Williams <george@nekls.org
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-18 14:51:57 -03:00
0938a735de
Bug 28854: (follow-up) Link to 'In bundle' on OPAC
This patch adds the 'In bundle: Link' to the OPAC to mirror what we have
on the staff client.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-13 10:36:08 -03:00
0efae9ed05
Bug 30918: Allow passing filtered record to get_marc_notes
This patch does the absolute bare minimum to prevent private notes from
appearing on the OPAC.

Test plan
1. Go to Koha Administration -> Koha bibliographic frameworks
2. View the MARC structure for your BKS framework (or something else)
3. Search for tag 583, edit subfields
4. Go to subfield 'x' - nonpublic note. Confirm the OPAC visibility
   checkbox is UNCHECKED.
5. Edit or create a record using the BKS framework. Put a note in the
   583$x.
6. View this record in the OPAC
7. Go to the Title notes tab. Confirm the non-public note is
   showing, even though the framework says it should not be
   visible via the OPAC.
8. Apply patch
9. Confirm the non-public note is no longer visible

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-01 09:17:20 -03:00
d533a92aa8
Bug 23991: Move SearchSuggestion to Koha::Suggestions
The C4::Suggestions::SearchSuggestion subroutine is badly written and
can be replaced by calls to Koha::Suggestions->search.
The hard part in this patch is suggestion.pl, the other occurrences have
been replaced easily.

Test plan:
The idea is to test the whole suggestion workflow.
1. Create a suggestion on OPAC
2. Create a suggestion on the staff interface
3. Edit suggestions
4. Filter suggestions (use the different filters and "organize by"
values)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Remove SearchSuggestion tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (QA follow-up) Save some DB queries

This patch makes the suggestion-related pages rely on array size instead
of querying the DB each time they need to. In the case of
suggestion/suggestion.pl it goes from 4 COUNT(*) to 1.

To test, with KTD:
1. Run on the host machine:
    $ docker exec -ti koha_db_1 bash
    $ mysql -ppassword
    > SET GLOBAL general_log_file='/var/log/mysql/mycustom.log';
    > SET GLOBAL log_output = 'FILE';
    > SET GLOBAL general_log = 'ON';
    > \q
    $ tail -f /var/log/mysql/mycustom.log | grep suggestions
2. Visit the different pages changed on this bug
=> SUCCESS: Some queries
3. Apply this patch
4. Repeat 2
=> SUCCESS: Less queries!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix branchcode and budgetid filtering

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix conflict with bug 28941

Well, this patchset fixed the security bug...
Redoing on top of bug 28941

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (follow-up) Missing semicolon

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix 'all' libraries

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (follow-up) Add value to filter_archived

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-27 12:30:28 -03:00
de63c2abb1
Bug 30327: Add options for sorting components
This patch adds two new sysprefs:
 ComponentSortField
 ComponentSortOrder

These allow the user to choose how components should be sorted when displaying on the details page
of a record, and the corresponding search for all components

This also updates our search from simple_search_compat to search_compat to allow for sorting options

Note:
Some sorting under ES is unclear - this is a separate issue to be invesitgated
Our Zebra index does not offer 'record number' sorting, I will file a bug for that

To test:
 1 - Enable UseControlNumber (or not)
 2 - Add some components to a record by control number or title depending on above
 3 - Enable  ShowComponentRecords  syspref
 4 - View the record that has components
 5 - Note they are not sorted
 6 - Apply patch, updatedatabase
 7 - reload record
 8 - Note components are sorted by title ascending
 9 - Try different values for ComponentSortField and ComponentSortOrder
10 - Confirm sorting changes with system preferences
11 - Repeat test on staff and opac, with ES and Zebra search engines

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-25 15:25:18 -03:00
Kevin Carnes
cc40bbf195
Bug 30844: Ensure that allow_nonref is enabled when using older versions of JSON
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-09 09:37:43 -03:00
ee669178f6
Bug 30813: Update TransformMarcToKoha to accept a hashref
This patch updates all the calls to pass a hasref rather than an array

It also removes the no longer used framework parameter

To test:
prove -v t/Biblio.t t/db_dependent/Biblio/TransformMarcToKoha.t

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-08 11:40:29 -03:00
b74ce12b85
Bug 29871: Remove marcflavour param in Koha::Biblio->get_marc_notes
Test plan :
Display a biblio record with some MARC notes in details page and basket,
OPAC and staff
Run prove t/db_dependent/Koha/Biblio.t

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-06 14:26:51 -03:00
Kevin Carnes
71f54a7571
Bug 30844: The OPAC detail page's browser is limited to the current page of results when using Elasticsearch
When viewing the detail page of the first or last record of a result page,
it's not possible to browse to another page when using Elasticsearch.

To test:
1) Search for "*" in the OPAC
2) Click on the last result of the page
3) Observe that you cannot browse to the next page
4) Apply the patch
5) Search for "*" in the OPAC
6) Click on the last result of the page
7) Observe that you can browse to the next page
8) Sign off

Sponsored-by: Lund University Library

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-06 11:52:34 -03:00
Aleisha Amohia
8f09ef75c3
Bug 30886: Show pending recall on item on OPAC
The 'completed' flag was causing the wrong status to be shown, but we
can also give a more useful message to the patron.

To test:
1) Enable the UseRecalls system preference and set up your
recalls-related circulation rules.
2) Check out an item to Patron B.
3) Log into the OPAC as Patron A and search for the item.
4) Place a recall on that item.
5) Go back to the staff client and check the item in. Confirm the recall
as waiting for Patron A.
6) Go back to the OPAC record page and look at the holdings table.
Notice the status still says the item is Available.
7) Apply patch, restart services, refresh the OPAC.
8) Confirm the holdings table status now says the item has a pending
recall.

Sponsored-by: Catalyst IT

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-06 11:30:14 -03:00
81bdce5c43
Bug 28529: Make biblio-level hold itemtype count against max rules
The current situation is that biblio-level holds can be assigned an item
type, so they can only be fulfilled by items matching that specified
item type (be it item-level itype or the fallback to biblio-level).

But there's the situation in which max holds limits for a specific item
type can be overridden by using biblio-level holds with item type
selection (AllowHoldItemTypeSelection) enabled.

To test:
1. Have a patron of category 'Staff' (S)
2. Have 3 records with items with the 'BK' item type, and maybe others
3. Enable AllowHoldItemTypeSelection
4. Set a limit of 2 max holds for that category+item type
5. In the OPAC. Place bibio-level holds, with item type contraint to 'BK' on those 3 records
=> FAIL: You can place the 3 holds
6. Cancel the holds
7. Apply this patch and restart all
8. Repeat 5
=> SUCCESS: You can only place 2 holds
9. Run:
   $ kshell t/db_dependent/Reserves.t
=> SUCCESS: Tests pass!
10. Sign off :-D

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-01 16:26:44 -03:00
e941dfdc99 Bug 29925: Add a password reset page for expired passwords
This patch adds a new page opac-reset-password where a user cna enter their login
(userid or carndumber), current password, and new password.

If the user has a password expiration date and the current password is correct and
the new passwords match and meet requirements their password will be updated and the
expiration date reset

A patron whose password does not expire will be reidrected to login to change their password

To test:
 1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset
 2 - Set 'Password expiration' for a patron category
     Home->Administration->Patron categories->Edit
 3 - Create a new patron in this category with a userid/password set, and an email
 4 - Update the patron with an expiration to be expired
     UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51;
 5 - Give the borrower catalogue permission
 6 - Attempt to log in to Straff interface
 7 - Confirm you are signed out and notified that password must be reset
 8 - Click 'Reset your password' link
 9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password
10 - enter invalid/incomplete credentials
11 - Confirm you are notified of invlaid credentials
12 - Fill in all fields, but enter current password as new password
13 - Confirm you are notified of no change
14 - Set minimum password length / strong password requirement for category
15 - Confirm you receive error if new password too short or not secure
16 - Enter a valid new password and submit and confirm update is successful
17 - Confirm you have buttons to go to OPAC or Staff and that both work
18 - Confirm you cna log in (i.e. expiration has been reset)
19 - Expire the users password
20 - Remove catalogue permission
21 - Reset password again and confirm only OPAC link

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
Aleisha Amohia
39c010a87a Bug 30291: Changes to OPAC files
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-05 11:17:36 -10:00
8de0a02bd2 Bug 30167: (follow-up) Return a hash with soonest_renew_date
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 14:29:23 -10:00
175182f064 Bug 30167: Use returned renewal date rather than fetching
This patch updates the three scripts that fetched the soonest renewal date
to use the return from CanBookBeRenewed

To test:
1 - Set a circulation rule with a 'no renewal before' set to 3, loan length set to 5
2 - Check out an item to a patron that uses this rule
3 - Verify the checkouts for the patron show the correct 'No renewal before' date
4 - Sign in to the patron's opac account
5 - Verify the item shows it cannot be renewed, and shows the correct date
6 - Go to Circulation->Renew
7 - Attempt to renew using barcode
8 - Confirm error shows the soonest renewal date

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 14:29:23 -10:00
2ee5b5b124 Bug 30532: (bug 29957 follow-up) Fix '$cookie->value'
We got
 Can't call method "value" on unblessed reference at /kohadevbox/koha/opac/opac-messaging.pl line 86

$cookie can be an arrayref, we should retrieve the session id using
CGI->cookie('CGISESSID')

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-21 13:41:36 -10:00
3d5e974f8f Bug 30237: Replace AutoEmailOpacUser with AutoEmailNewUser
This patch replaces the AutoEmailOpacUser system preference with a new
AutoEmailNewUser preference. This makes the functionof the preference
clearer.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
a4da023bae Bug 30237: Reference new WELCOME notice
This patch updates all references to the former ACCTDETAILS notice to
use the new WELCOME email notice instead.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
437e584407 Bug 29420: HTTP status code incorrect when calling error pages directly under Plack/PSGI
The error pages wrote a HTTP status code of 200 for all PSGI requests, even
though it should have only done it for PSGI requests from the ErrorDocument
middleware. This patch fixes that.

0) Do not apply patch
1) Open F12 dev tools and go to Network tab
2) Go to http://localhost:8081/files/blah
3) Note that the webpage is a 404 error but HTTP status code is 200
4) Go to http://localhost:8081/cgi-bin/koha/circ/blah
5) Note that the webpage is a 404 error and HTTP status code is 404

6) Apply patch
7) Go to http://localhost:8081/files/blah
8) Note that the webpage is a 404 error and HTTP status code is 404
9) Go to http://localhost:8081/cgi-bin/koha/circ/blah
10) Note that the webpage is a 404 error and HTTP status code is 404

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
0200a65d4f Bug 30426: Add missing C4::Auth and C4::Output imports
This patch adds missing function imports for C4::Auth and C4::Output
in the opac/svc/suggestion script.

Test plan:

1. Go to http://localhost:8081/cgi-bin/koha/admin/didyoumean.pl
2. Turn on some plugins
3. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1
4. Note in your browser's Network tab that the call to
   http://localhost:8080/cgi-bin/koha/svc/suggestion?render=stub&q=test
   generates a 200 response instead of a 500 error

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-13 15:55:38 +02:00
59ff962caa Bug 26019: Koha should set SameSite attribute on cookies
This patch modifies the way Koha sets cookies so that the "sameSite"
attribute is explicitly set to "Lax." This option is chosen because it
is the value which is currently assumed by browsers when the sameSite
attribute is not set.

To test, apply the patch and restart services.

- Log in to the staff interface and open your browser's developer tools.
  - In Firefox, look for a "Storage" tab.
  - In Chrome, look for an "Application" tab.
- Under "Cookies," click the URL of the staff interface.
- You should see all the cookies which are set for that domain.
- The CGISESSID cookie should have sameSite set to "Lax."

- Go to Cataloging -> New record.
  - Check the "marcdocs" and "marctags" cookies.
- Switch to the Advanced MARC editor (you may need to enable
  theEnableAdvancedCatalogingEditor preference).
  - Check the "catalogue_editor" cookie.
- Add a new item to an existing bibliographic record.
  - Check the "LastCreatedItem" cookie which is set after you save the
    new item.
- Go to Authorities -> Authority search.
  - In authority search results, click "Merge" from the "Actions" menu
    next to one of the results..
    - Check the "auth_to_merge" cookie.
- Go to Administration -> MARC bibliographic framework
  - Choose "MARC structure" from the menu corresponding to one of the
    frameworks.
  - Check the "Display only used tags/subfields" checkbox.
    - Check the "marctagstructure_selectdisplay" cookie.
- Go to Circulation -> Check out to a patron with checkouts.
  - Check the "Always show checkouts immediately" checkbox.
    - Check the "issues-table-load-immediately-circulation" cookie.
- Go to Tools -> Patron clubs. You will need at least one active club
  with one or more patrons enrolled.
  - From the list of clubs, click Actions -> Search to hold.
    - Check the "holdforclub" cookie.
- Go to Tools -> Batch item modification and submit a batch of items.
  - Uncheck one or more checkboxes in the "Show/hide columns" area.
    - Check the "showColumns" cookie.
- View a patron -> Search to hold.
  - Check the 'holdfor' cookie.
- With WebBasedSelfCheck enabled, log in to the self-checkout page.
  - Check the "JWT" cookie.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-13 15:55:38 +02:00
b933a44441 Bug 26346: Add option to make public lists editable by all staff
If a staff member has access to the staff client (either because
'catalogue' permission is enabled or they're a superlibrarian
then that user can add items (from OPAC or staff client) to a list
marked 'Staff only'

Test plan:
1. In the staff client go to: Lists > 'New list'. Notice under 'Allow changes to contents
from' there are three options: Nobody, Owner only, Anyone seeing this
list

2. Apply first 3 patches and run updatedatabase.pl
cd installer/data/mysql
sudo koha-shell <instance>
./updatedatabase.pl

3. Restart memcached and plack

4. Create 4 patron accounts:
- User A : Superlibrarian permissions
- User B : 'Staff access, allows viewing of catalogue in staff interface
(catalogue)'
- User C : No permissions
- User D : 'Staff access, allows viewing of catalogue in staff
interface' and 'Lists' > Edit public lists (edit_public_lists)' sub-permission

5. Login to staff client as User A.
Create a public list and select the new 'Staff only' option under 'Allow changes to contents from'

6. Log into the staff client as User B.
Confirm you can add items to the list from the following staff client pages:
- Individual list page using the 'Add items' button
- Staff client search result page
- Staff client biblio detail page

7. Confirm you can remove items from the list

8. Confirm you can perform an OPAC search when not logged in

9. Log into the OPAC as User B. Confirm you can add items to the list
from the following OPAC pages:
- OPAC search result page
- OPAC biblio detail page

10. Log into the OPAC as User C. Do an OPAC search and confirm you
can view the list, but not add items to it

11. Login to the staff client as User B. Create a new list with the
following settings:
- 'Category'='Private',
- 'Allow changes to contents from'='Staff only'

Notice a red hint message is displayed.
Change 'Category'='Public' and notice the hint is removed

12. Log into the OPAC as User C. Notice the 'Staff only' option is not
available when creating a list

13. Log into the OPAC as User B. Repeat step 11. Confirm the same
outcome

14. Log into the staff client as User A. Create a list with the
following settings:

- Public = 'Public'
- Allow changes to contents from = 'owner only'

15. Log into the staff client as User D. Edit the list from step 14
confirm you can edit the list to have 'Allow changes to contents from' =
'Staff only'

16. Run Patron.t and Virtualshelves.t unit tests:
sudo koha-shell <instance>
prove t/db_dependent/Koha/Patron.t
prove t/db_dependent/Virtualshelves.t

Sponsored-by: Horowhenua District Council, New Zealand

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 17:13:02 +02:00
c73967d87c Bug 17018: Split AdvancedSearchTypes for staff and OPAC
This patch adds a new system preference, OpacAdvancedSearchTypes, as an
OPAC-specific version of the AdvancedSearchTypes preference. Values from
AdvancedSearchTypes are copied to OpacAdvancedSearchTypes so that
behavior is consistent.

The patch also alters the output of the "Most popular" page so that:
1. The page heading is correct ("Most popular titles" instead of "Top
issues").
2. The table show both item type and collection whether or not the user
has submitted query with one of those fields as a filter.

To test, apply the patch and run the database update process.

- Go to Administration -> System preferences.
- Search for AdvancedSearchTypes. You should get two results, one for
  the OPAC preference and one for the staff interface.
- Check that the OpacAdvancedSearchTypes settings match the
  AdvancedSearchTypes settings.
- View the advanced search pages in the staff interface and OPAC to
  confirm that the tabs look correct.
- Change the OpacAdvancedSearchTypes and AdvancedSearchTypes settings to
  be different and confirm that each is applied separately to each
  interface.
- Enable the OpacTopissue system preference.
- View the "Most popular" page in the OPAC.
  - The page heading should be correct.
  - The OpacAdvancedSearchTypes settings should be reflected in the
    "Refine your search" sidebar: If "Collection" is checked, a filter
    for collection should appear. If "Item types" is checked, a filter
    for item types should appear.
  - The output of your search should include collection and item type
    regardless of what filters you've submitted.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 17:13:02 +02:00
Marion Durand
69b9e1ddf4 Bug 22347: Translatability of ILSDI GetAvailability
Some discovery tools can't translate ISL-DI results, it would be useful
if we can get ISL-DI output already translate.

This patch add an optional parameter language to GetAvailability, and
make GetAvailability results translatable.
If no parameter is given the output language is the language of the
cookies is present or the first language in the opac language list.

Test plan:
1. Enable the ILS-DI system preference
2. Locate a record
3. Test these URLs:
   [OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[BIBLIONUMBER]&id_type=biblio
   and
   [OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[ITEMNUMBER]&id_type=item
   (Where the [OPACBASEURL] is the OPAC URL of your test instance,
   [BIBLIONUMBER] and [ITEMNUMBER] are a record number and item number of
   your choice.)
4. Apply the patch
5. Test these URLs:
   [OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[BIBLIONUMBER]&id_type=biblio&language=[LANGUAGE]
   and
   [OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[ITEMNUMBER]&id_type=item&language=[LANGUAGE]
   (Where the [OPACBASEURL] is the OPAC URL of your test instance,
   [BIBLIONUMBER] and [ITEMNUMBER] are a record number and item number of
   your choice, [LANGUAGE] is a language code ex: 'en' or 'fr-FR')
6. The results should now be in the requested langugage

Sponsored-by: University Lyon 3

Signed-off-by: Sonia <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 17:13:02 +02:00
051dd6bf0b Bug 29609: Centralized code to build the link to a biblio detail page
There are 2 prefs that control the default view of biblio detail pages:
IntranetBiblioDefaultView for staff and BiblioDefaultView for OPAC.
There are as well viewISBD, viewLabeledMARC and viewMARC to allow/don't
allow access to those page for staff members.

This code need to be in a single place to avoid discrepancy.

Test plan:
Play with BiblioDefaultView and IntranetBiblioDefaultView and confirm
that the links of biblio point to the correct view.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-08 15:49:16 +02:00
bcfc1bea3e Bug 30120: Save and apply extended attributes during self registration verification by email
The self registration form stores a new borrower as a borrower modification when verifying by email.

Borrower modifications can  handle extended attributes.

This patch simply sotres the extended attributes in the modifications table, and approves a modification
to the extended attributes only after patron is created

To test:
1 - Apply patch
2 - Create a patron attribute and set it as viewable/editable in the OPAC
3 - Set system preference PatronSelfRegistrationVerifyByEmail
4 - Reigster a new patron on the OPAC, provide an email and populate the extended attribute
5 - Retrieve the verification token, the last on in the messages table
    SELECT * FROM message_queue;
6 - Go tot he url from above
7 - Confirm successful patron creation
8 - View patron record and confirm attribute was set

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-08 15:49:16 +02:00
3b2322ea1f Bug 29859: Fix club/enroll
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-05 17:36:59 +02:00
be67a035be Bug 26669: (QA follow-up) Update last run when report run by name
This alters the svc scripts to set the report id after fetchign the report object
to ensure it is passed to exectue query

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
affd0caea5 Bug 26669: Last Run if report not always updated
The last run of a report is updated only if method execute_query() is
called with report_id.
This whas missing for :
- when report is run publicly
- when report is sent by email
- when report is exported

Patch changes the method signature to use a hash of params, in order to
easily avoid some params.

Test plan :

1) Create a report.
2) Run report.
3) Check the report listing.  Confirm that the last run info on the report is updated.
4) Make report public.
5) Run report via public url.
6) Check the report listing.  Confirm that the last run info on the report IS NOT updated.
7) Schedule the report to run at a given time and e-mailed to an address.
8) After the report runs at the scheduled time, check the report listing.  Confirm that the last run info on the report IS NOT updated.
9) Run report.
10) Export results.
11) Check the report listing.  Confirm that the last run info on the report IS NOT updated AT THE TIME OF THE EXPORT.

Questionable (I don't know if this is addressed):
12) Run report on backend through a cron job and send results via e-mail.
13) Check the report listing.  Confirm that the last run info on the report IS NOT updated.

14) Apply patch.
15) Rerun steps 2-13.  Confirm that steps 3, 6, 8, 11, and 13 DO UPDATE the last run info.

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
56107babc7 Bug 30377: Fix two CGI::param called in list context-warnings
Trivial fix.

Test plan:
Delete two lines from opac search history.
Verify results. Check plack-opac-error.log.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
d753755590 Bug 30199: Do not generate jwt if patron does not exist
This is a follow-up patch for bug 29543. If an invalid cardnumber has
been used we should not generate a token.

Test Plan:
1. Set SelfCheckoutByLogin to 'cardnumber'.
2. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
3. Enter an invalid carnumber like 'thisisabadcardnumber'
4. See the appropriate message "Sorry The userid thisisabadcardnumber was not found in the database. Please try again."
5. Try again with a different cardnumber and notice the same exact error message including the 'thisisabadcardnumber' cardnumber.
6. Apply this patch
7. Restart all the things!
8. Repeat steps 2-4
9. Try again with a different cardnumber, you should now see the correct
   cardnumber!

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-24 14:22:10 -10:00
4ff027f99e Bug 29940: Don't surround value by quote
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-22 10:17:34 -10:00
Katrin Fischer
b9458f6c79 Bug 30214: (QA follow-up) Clarify code comment
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
12d5107369 Bug 30214: Add ACCTDETAILS notice to verified self registration
This patch adds the ACCTDETAILS notice trigger to the opac self
registration process. Allowing new users, with varification enabled,
to receive the ACCTDETAILS notice immediately after their account is
varified.

Test plan
1) Enable AutoEmailOpacUser system preference
2) Ensure the ACCTDETAILS notice is configured
3) Ensure `PatronSelfRegistrationVerifyByEmail` is enabled
4) Register a new user via the opac self registration process using an
   email address you have access to
5) Verify the user by following the link in the verification email you
   should have received.
6) The new user should have been created and you should be able to see
   the account details notice in their associated notices
7) Confirm that the email address used above has received the notice.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
59df6a114e Bug 30214: Add ACCTDETAILS notice to self registeration
This patch adds the ACCTDETAILS notice trigger to the opac self
registration process. Allowing new users, without varification enabled,
to receive the ACCTDETAILS notice immediately after their account is
created.

Test plan
1) Enable AutoEmailOpacUser system preference
2) Ensure the ACCTDETAILS notice is configured
3) Ensure `PatronSelfRegistrationVerifyByEmail` is disabled
4) Register a new user via the opac self registration process using an
   email address you have access to
5) The new user should have been created and you should be able to see
   the account details notice in their associated notices
6) Confirm that the email address used above has received the notice.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
197425b450 Bug 29931: (follow-up) Similar thing in opac-patron-image.pl
Although less harmful indeed. No borrowernumber, no image.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested: logged in, logged out, prefs toggled. All fine.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-15 22:30:50 -10:00