Commit graph

745 commits

Author SHA1 Message Date
214a0e6102 Bug 18955 - autocomplete is on in OPAC password recovery
In OPAC password recovery form autocomplete is not disabled.
So when login or email is entered, it is saved in browser input history for autocomplete.
This is a major issue for OPAC on computers with public access.

This patch adds autocomplete off on forms.

Test :
- Enable system preferences OpacPasswordChange and OpacResetPassword
- Go to OPAC
- Be sure to not be logged in
- Click on "Forgot your password?"
- Enter a loggin and email and Submit
=> Without patch there is an autocompletion with values you entered
=> With patch there is no autocompletion

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-24 14:05:38 -03:00
9e54375398 Bug 18276: FIX status display for course reserves
This include file is terribly wrong, it's called from different places
that do not set the same flag.
The status from detail and result page might be different from the one
display on the course reserve table.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 12:22:55 -03:00
dadfeabc37 Bug 18276: Remove GetBiblioFromItemNumber - Course reserves
Values from the items, biblio and biblioitems tables are used in the template,
so we need to pass all of them to the template, but separately.
That way we easily see which field from which table we are displaying.

Test plan:
Create a course reserve and add items.
Correct information must be displayed on the detail page of the course
reserve, on staff and OPAC interface.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 12:09:24 -03:00
Marc Véron
3829020c26 Bug 16711: OPAC Password recovery: Handling if multiple accounts have the same mail address
To reproduce:
- Create 3 Accounts, login names are test01, test02, test03, Email is the same
for all.
- Go to OPAC -> Password recovery and indicate E-Mail only
- You will get an email for only one of the accounts above.

To test:
- Apply patch, restart memcached and plack
- Go to db, delete from borrower_password_recovery;
- Try steps above to reproduce. You will get an error message:
    Account identification with this email address only is ambiguous.
    Please use the field 'Login' as well.
- Verify that other cases work as before (provide valid / invalid login only,
  provide valid email for an existing account, provide unknown email, provide
  both login and email with all combinations of valid / invalid)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 16711: (QA-followup) Use count directly

See comment # 13

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:52:50 -03:00
a58aca056b Bug 18228: Implement the new columns in code
The two new columns as mentioned in the commit message of the table
revision must be used in the codebase now.

Highlighting some changes in Koha::VirtualShel[f|ves]:
[1] Additional methods is_public and is_private.
[2] Method add_biblio did not check permissions. Does now. No impact on the
    interface, but one call in the unit test was affected.
[3] Method remove_biblios is signficantly simplified. Removed a FIXME.
[4] Method can_biblios_be_removed now redirects to can_biblios_be_added.
    A followup report may deal with unifying those routines.
[5] Condition in get_some_shelves changed.
[6] The reference to allow_add in get_shelves_containing_record can simply
    be removed.

opac-shelves.pl and shelves.pl now pass the default setting of Owner only
to the template.
Templates shelves.tt and opac-shelves.tt now include the new permission
field with three choices as mentioned in the table revision patch.

opac-addbybiblionumber.pl and addbybiblionumber now need a check on
allow_change_from_owner; search conditions slightly adjusted to the new
permission scheme.

Test plan:
When we refer to visibility in the test plan, please check the Add to-combo
on opac search results and staff results. And check opac-addbybiblionumber
by clicking Save to Lists from opac results.
The step 'Check delete' means: open the list in opac and check if you see
the Delete button below the entries (only check, do not delete).

[ 1] Create private list I01 (perm=Owner)
[ 2] Check visibility: Seen.
[ 3] Add a book. (Change by owner should be allowed.)
[ 4] Check delete: Yes.
[ 5] Edit list I01, set perm=Nobody
[ 6] Check visibility: Not seen.
[ 7] Check delete: No.
[ 8] Share list I01 with another patron.
[ 9] Check visibility for the other patron: Not seen.
[10] Check delete for the other patron: No.
[11] Change permission of list I01 to Anyone (by owner).
[12] Check visibility for the other patron: Seen.
[13] Let other patron add a book (change is allowed).
[14] Let owner delete the same book again (change allowed).

[15] Create public list U01 (perm=Owner)
[16] Check visibility: Seen.
[17] Add a book. (Change by owner should be allowed.)
[18] Login as other user. Check visibility: Not seen. Check delete: No.
[19] Change permission of U01 to Nobody (by owner)
[20] As owner: Check visibility: Not seen. Check delete: No.
[21] As other user: Check visibility: Not seen. Check delete: No.
[22] Create public list U02 (perm=Anyone)
[23] Add a book by owner.
[24] Delete the same book by other user. Add another book.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2017-07-05 13:35:23 -03:00
b494837c8d Bug 18214: Add check for shared or public list
Following the idea behind bug 10865, we are only showing the permissions
when the list is shared or public.
Adding a simple test in opac-shelves here.

Note 1: Since the owner can always add or delete entries, the permissions
will not be relevant anymore for a strictly private list.

Note 2: Staff view always shows the permissions. This could have been
changed here too, but that change is far less urgent (bug 10865 did not
touch staff view and bug 18228 will rearrange permissions anyway).

Test plan:
[1] Verify on OPAC that you see the permissions for a private list with
    shares or a public list. And you do not see them for a private list
    without shares.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2017-07-05 13:35:20 -03:00
3d2eddaf3d Bug 18214: Cannot edit list permissions of a private list
If you have disabled the pref OpacAllowPublicListCreation, your users are
not able to edit the list permissions for private/shared lists.
For a private list they may only be theoretically relevant, but for a shared
list they are relevant.
Since we do not always know the history of a list (has it been public or
shared, does it contains entries from other users) and therefore permissions
are even relevant for a currently private list, we should just allow editing
these permissions.

Test plan:
[1] Do not yet apply this patch.
[2] Disable OpacAllowPublicListCreation.
[3] Create a private list in OPAC. Edit the list. Verify that you do not
    see the permission combo boxes.
[4] Apply this patch. Edit the list again. Do they appear now?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised.
2017-07-05 13:35:20 -03:00
Marc Véron
628d8391d2 Bug 18630: Translatability (Clubs): 'Cancel' is ambiguous and leads to mistakes
The button to cancel a club enrollement is labelled with 'Cancel'. That is ambiguous and translates e.g. in German to 'Abbrechen' which can lead to
mistakes.

To test:
- Apply patch
- Enroll a patron to a club
- Enable public enrollment in OPAC
- Verify that the button to cancel enrollment in both OPAC and staff client
  reads 'Cancel enrollement' (instead of 'Cancel' without patch)
  (The button appears on the patron's detail pages in OPAC and staff client)

Amended for comment #4 / mv

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-15 15:56:00 -03:00
ab29b5efdc Bug 18762: Remove warnings from xt/author/valid-templates.t
Test plan:
Read the changes and make sure they make sense

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
2017-06-14 14:36:28 -03:00
Marc Véron
953504a076 Bug 18682 - Translatability: Get rid of [%% in translation for 2 files av-build-dropbox.inc
Two files av-build-dropbox.inc has linebreaks inside template directives,
 exposing internals (comments and tt code) to translations as mentioned
in initial comment.
Translators should not be confronted with such interal code.

This patch fixes it.

To test
- Verify, that code changes make sense and have no more line breaks insied
  tt directives.
- Run QA tools in newest version (checking for line breaks inside tt
  directives)
- Bonus test: Create a "language" aa-AA (perl translate create aa-AA
  from folder misc/translator, verify that lines mentioned above do
  no longer appear in aa-AA-staff-prog.po and in aa-AA-opac-bootstrap.po

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:35:56 -03:00
Marc Véron
eddf975cf0 Bug 18653: Possible privacy breach with OPAC password recovery
OPAC password recovery allows to find out which email address belongs to an account. An attacker could systematically guess login names. If they hit an existing one, OPAC displays a message like:
An email has been sent to "xxx@yyy.zz".

Having a combination of login name and email, attackers could use the information e.g. for phishing or other personalized actions.

To reproduce:
- Enable OPAC password recovery (syspref OpacResetPassword)
- 'Guess' a login name e.g. by using a common pattern like ptester for Peter Tester
- If such account exists, you get to know the related email address

This patch removes the email address from the success message. Additionaly, it changes
wording to address Bug 18570 ('will be sent' instead of 'has been sent')

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Simplified the wording. "Will be sent shortly" is used elsewhere too.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 12:56:20 -03:00
281e125377 Bug 13913 - Renewal error message in OPAC is confusing
This patch adds some formatting to the error message a patron receives
when there are renewal failures in the OPAC.

This is pretty much the least which could be done to address this
problem. However, I don't think the issue can be fixed without
re-thinking how renewals are processed. Sending error messages back to
opac-user.pl via URL parameter isn't flexible enough.

To test, apply the patch and attempt to renew multiple items in the OPAC
which cannot be renewed for some reason, for instance because they have
been renewed too many times. The error messages should appear in a list
rather than strung together in one long block of text.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:48:34 -03:00
765c7edc8d Bug 18350 (QA Followup) Add classes to elements
Provide classes for easy access in case library wishes to make further
chnages

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:28:59 +00:00
Aleisha Amohia
fbc072d7a5 Bug 18350: Moving call number in subscriptions tab in OPAC biblio detail
This patches moves the call number up to be under the library name, so
it is equivalent to the staff client

To test:
1) Go to the detail page of a biblio with subscriptions in the staff
client
2) Notice callnumber sits under the library name
3) Go to the detail page of the same biblio in OPAC
4) Notice callnumber is not in the same order
5) Apply patch, refresh page
6) Notice callnumber is now in same order

Sponsored-by: Catalyst IT

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:28:59 +00:00
cfc484b173 Bug 18314: Account lockout
To prevent brute force attacks on Koha accounts, staff and opac, we need to
implement an account lockout process to Koha.

After a number of failed login attempts a users account would become locked.
The user would then need to use the reset password functionality to send a reset
token to their email account. After a successful password reset the lockout flag
would be removed.

The number of failed login attempts before lockout is configurable using a new
system preference 'FailedLoginAttempts'.

How does it work?
When a patron enter an invalid password, the borrowers.login_attempts value
for this patron is incremented. When this value reach the value of the
pref FailedLoginAttempts, the password comparison is not done and the
authentication is rejected.
This login_attempts field is reset when a patron correctly logs in. When
the account is locked the patron has to reset his/her password using
the OpacResetPassword feature or ask a staff member to generate a new
password.
If the pref is not set (0, or '') the feature is considered as disabled,
but the failed login attempts are stored anyway.

Test plan:
0/ Apply patch and execute the update DB entry
1/ Switch on the feature by setting FailedLoginAttempts to 3
2/ Use an invalid password to login at the staff or OPAC interface
3/ After the third consecutive failures, you will be asked to reset your
password if OpacResetPassword is set, or contact a staff member
4/ Switch on OpacResetPassword and reset your password
5/ Confirm that you are able to login
6/ Play with the different combinations

QA details: The trick happens in C4::Auth::checkpw, to make things clear
I had to create a return value (note the awesome name: @return) and
replace the 3 successives if statements with elsif. Indeed if one of
the condition is reached, it will return inside the given block.

Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 10:58:44 -04:00
ee53560da6 Bug 15705: Add specific warning messages for auto_too_much_oweing
Signed-off-by: Janet McGowan <janet.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:09:08 +00:00
0c2cfc8ac1 Bug 15179 (QA Followup) Fix comments to 'other classification'
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:04:14 +00:00
Karen Jen
e021bb48a0 Bug 15179 -Field 084 doesnt show on bibliographic record
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:04:14 +00:00
ca50a65cb8 Bug 17936 [Generated CSS] Search bar not aligned on right in small screen sizes
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 09:18:04 -04:00
e94709cd7e Bug 17936 - Search bar not aligned on right in small screen sizes
This patch tweaks the OPAC's CSS so that the main search form's fields
have consistent width at small screen sizes.

To test, apply the patch and process the LESS files. View the OPAC main
page at a very narrow browser width and confirm that the text field
width matches that of the dropdown and button.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 09:10:16 -04:00
6da7ed1d8c Bug 18504 - Amount owed on fines tab should be formatted as price if <10 or credit
To test:
1 - Give a patron a fine of 1
2 - View opac fines tab, it shows as '1'
3 - Give patron a credit of '1'
4 - View opac fines tab, it shows as '1'
5 - Apply patch
6 - Both now show as '1.00'

Signed-off-by: Lisa Gugliotti <lisa@hchlibrary.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 09:06:47 -04:00
e3141c6fff Bug 16515 [Generated CSS] Did you mean? links don't wrap on smaller screens
Processed and minified CSS.

Works as expected and looks much tidier now.
Signed-off-by: Dilan Johnpulle <dilan@calyx.net.au>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 09:05:30 -04:00
893ead43f7 Bug 16515 - Did you mean? links don't wrap on smaller screens
This patch tweaks some CSS in the OPAC to give the "Did you mean" block
better layout on smaller screens.

To test, apply the patch and process LESS files. Enable "Did you mean"
plugins for the OPAC in Administration.

Perform a search in the OPAC and confirm that the "Did you mean" block
looks correct. Resize your browser to various widths and confirm that
the block handles all sizes well.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 09:05:29 -04:00
693dde521d Bug 18529 - Template cleanup of patron clubs pages
This patch addresses template issues with the newly-added patron clubs
pages.

- Move Clubs tab out of second position in Circulation page tabs.
- Link patron name in enrollments list to the patron record
- Make page titles on some pages more specific
- Correct label "for" attributes so that it matches input id
- Correst style of buttons: Buttons in tables must be "btn-xs," all
  Bootstrap buttons must have "btn-default."
- Correct "Edit" icons: Should be "fa-pencil"

This patch also revises the club template editing form to make it more
consistent with similar interfaces in Koha and (hopefully) make it more
clear.

To test, apply the patch and test adding clubs and club templates and
enrolling patrons in clubs via the staff client and OPAC. Confirm that
everything looks and work okay.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 09:02:28 -04:00
Mark Tompsett
463c5a0f25 Bug 4460: Amazon's AssociateID tag not used in links so referred revenue lost
Reworking based on output of:
git grep "gp\/reader"
Additionally, some changes might be in order though gp/reader works.
https://affiliate-program.amazon.com/help/topic/t64/a1
suggests using dp
A dp was discovered, so that part of the URL was left unchanged.
The "/ref..." part was changed to just an Amazon tag ("?tag={AAT}")
if defined.

TEST PLAN
---------
 1) Added:
     "100 years of Canadian foreign policy /
      edited by Robert Bothwell and Jean Daudelin."
 2) Added a second book with the word foreign in the title.
 3) Waited for reindex
 4) Checked out the Canadian foreign policy book.
 5) Applied patch
 6) Made sure that:
    - AmazonAssocTag was set to TEST (easy to notice)
    - AmazonCoverImages was set to 'Show'
    - OPACAmazonCoverImages was set to 'Show'
 7) Searched intranet for 'foreign' to find the detail page
    -- hovering over picture shows URL with ?tag=TEST in it.
 8) Went to the OPAC Detail page
 9) Toggling OPACURLOpenInNewWindow, confirmed that URL for
    the picture contained ?tag=TEST in it.
10) Logged into the OPAC
11) Confirmed the URL in the checked out list on your summary
    page contained ?tag=TEST in it.
12) Confirmed the URL in the checked out list on your reading
    history page contained ?tag=TEST in it.
13) Confirmed links worked (went to expected page)
14) run koha qa test tools

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 08:51:44 -04:00
8823b41d17 Bug 18573: (bug 17847 follow-up) Update av-build-dropbox.inc for OPAC
On bug 17847, av-build-dropbox.inc has been updated for the intranet,
not OPAC

There is only one call to av-build-dropbox.inc at the OPAC, from
opac-suggestion.tt

Test plan:
Create a new suggestion, anonymous or with a logged in user
=> Without this patch you got
  Template process failed: undef error - The method default is not
  covered by tests! at /home/vagrant/kohaclone/C4/Templates.pm line 121.
=> With this patch applied you should see the item type dropdown list
correctly filled

Reproduced without patch, OK with patch
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 08:46:35 -04:00
Alex Arnaud
d477cc24f6 Bug 12063 - Remove Koha::Hold::waiting_expires_on since dateexpiration is set on database
Signed-off-by: sonia BOUIS <sonia.bouis@univ-lyon3.fr>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 08:59:39 -04:00
f71e3a78b9 Bug 17993 - Do not use modal authentication with CAS - tags bis
Bug 12046 corrected the fact that modal dialog does not allow to use the
CAS authentication in main authentication link. This must also be
corrected in link for tags in detail tags page: "Log in to see your own
saved tags."

Test plan :
- Enable syspref casAuthentication
- Go to OPAC, not authenticated
- Click on "Tag cloud"
- Click on "Log in to see your own saved tags"
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-08 09:02:17 -04:00
34e813c8d0 Bug 17993 - Do not use modal authentication with CAS - tags
Bug 12046 corrected the fact that modal dialog does not allow to use the CAS authentication in main authentication link.
This must also be corrected in link for tags in detail page : "Log in to add tags"

Test plan :
- Enable syspref casAuthentication
- Go to OPAC
- Go to a record detail page opac-detail.pl
- Click on "Log in to add tags"
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-08 09:02:17 -04:00
dc2a6e5d32 Bug 17993 - Do not use modal authentication with CAS - lists
Bug 12046 corrected the fact that modal dialog does not allow to use the CAS authentication in main authentication link.
This must also be corrected in link of lists popup : "Log in to create your own lists"

Test plan :
- Enable syspref casAuthentication
- Go to OPAC
- Click on Lists > Log in to create your own lists
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-08 09:02:17 -04:00
Marc Véron
a0cc3703bf Bug 18405: Self checkout: Fix broken silent printing
Fix broken 'silent printing' (without printer dialog) in self checkout.

To reproduce:
Set up silent printing to slip printers as described in:
https://wiki.koha-community.org/wiki/Setting_up_slip_printer_to_print_silently

Verify that it works for check-outs in staff client.
Verify that it does not work in Self checkout.

To test:
Apply patch
Verify that silent printing works on SCO

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-08 09:01:41 -04:00
57f28f9ee4 Bug 7550: SCO - Restrict access of patron's image
With this patch if SelfCheckoutByLogin is set to 'username and
password', only the logged in user will be able to see the image linked
to his/her logged in account.
If set to "barcode" we generate a token but it can be easily generated.
You should add a warning in the about page if
SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show".

How I tested:
- Go to SCO
- Log - Enable self checkout, go to [Your
  Server]//cgi-bin/koha/sco/sco-main.pl
- Log in with a user 'A' who has a patron image
- Copy the address of the patron image into an other browser window
- Change the borrowernumber to on of an other user 'B' having a patron
  image
- Verify that the patron image is NOT displayed

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-08 09:00:26 -04:00
c4dd097d20 Bug 14224: Replace AllowIssueNotes with AllowCheckoutNotes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
88852ffbb0 Bug 14224: Make strings translatable
The strings should be translatable.
This patch also removes the error as it appears that we only have 1
error.
To improve we could surround the store with an eval.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
a7df1afe60 Bug 14224: Fix prevent submit
That did not work, the form was submitted anyway

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
0159908ca1 Bug 14224: Allow patron notes about item shown at check in
This patch adds a "Note" input field to checked out items in the "your summary"
section. The field allows patrons to write notes about the item checked out,
such as "this DVD is scratched", "the binding was torn", etc. The note will be
emailed to the library and displayed on item check in.

Patch adds two fields to the "issues" table - "note" and "notedate".
Patch adds syspref "AllowIssueNotes" - default off.

Test Plan:
1) Apply this patch
2) Update database
3) Rebuild schema
4) Turn on 'AllowIssueNote' syspref
5) Check out three different items to a borrower (may be easiest to check
    out to yourself)
6) Log in as that borrower (or yourself) on the OPAC side and go to your
summary
7) Confirm text field shows under Note column for all checkouts. Set a
note for each issue, confirm all save.
8) Check the message_queue in mysql for the entries for ALL THREE issue
notes.
9) Disable javascript in your browser
10) Refresh your summary page. Confirm that you can no longer edit the
notes in the text field. Click the 'Create/edit note' button and confirm
you are redirected to a new page.
11) Confirm that the correct title and author show for the note button
you clicked.
12) Set the note and click Submit -> confirm you are redirected
back to summary page and note is saved
13) Confirm there is a new entry in message_queue
14) Enable javascript and go back to the your checkouts page in the
staff client for the borrower you issued the items to
15) Check in TWO items
16) Confirm that the issue notes show under the "Date due" column for
the two items you checked in, and are accurate to the item (i.e. the
right issue note under the right item)
17) Go to circ/returns.pl and check in the final item using the barcode.
Confirm the issue note shows and the date is formatted correctly.

Sponsored-by: Region Halland

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marc Véron <veron@veron.ch>
2017-04-28 09:03:22 -04:00
6f334aab06 Bug 18484 - opac-advsearch.tt missing closing div tag for .container-fluid
This patch corrects HTML validation errors by adding back a missing
</div> which was removed accidentally by Bug 9043 (2014!).

This patch also removes "border" attributes from <img> tags because the
attribute is obsolete.

To test, apply the patch and test the validity of the OPAC's advanced
search page. The only error should be one about 'Bad value
"api-server,"' which isn't really resolvable.

Signed-off-by: Barton Chittenden <barton@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:02:46 -04:00
589aa06991 Bug 12461 [QA Followup]
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 08:37:44 -04:00
95429af685 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 08:37:44 -04:00
fdc6b033a5 Bug 18479 - Holds 'Placed on' column in opac-user.pl not sorting correctly
Two columns in the user's holds table in the OPAC do not sort correctly
because they are not marked up correctly to enable date sorting: 'Placed
on' and 'Expires on.' This patch corrects it.

This patch also removes a stray </td> which was causing validation
errors.

To test, apply the patch and log into the OPAC with an account which has
multiple holds with differnt hold dates and expiration dates. Confirm
that sorting on these columns works correctly.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 08:33:45 -04:00
Aleisha Amohia
ac2e6b1b26 Bug 15738: Show rental fees on OPAC summary page
This patch adds a few lines that check for a rental fee on an item. If
yes, it will show in brackets as a rental fee on the OPAC summary page.

To test:
1) Have a borrower with an overdue item accruing fines, a lost item and
an item with a rental fee. Confirm the Fines column on the OPAC summary
page now shows you what you may expect to see for each item.

Sponsored-by: Catalyst IT

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 06:53:59 -04:00
Aleisha Amohia
82943de12c Bug 18452: Correcting 'url' to say 'URL' in catalog detail
To test:
1) Edit a record, put a URL in 856u and hit save
2) Confirm that url shows as URL in OPAC and staff client

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-24 13:26:10 -04:00
phette23
736afd6d01 Bug 18466: article requests box outline in opac
To test:
1) apply patch
2) ensure ArticleRequests is set to Enable
3) sign in as a user with no article requests on the OPAC side
4) click the 'article requests' tab & see the box & message

Sponsored-By: California College of the Arts

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-24 13:24:58 -04:00
039bb200de Bug 10357: Do not change the alerttype
Previous patch modified the alerttype from "issue" to "issue_det" or
"issue_ser". This is wrong, we do not want to modify this value,
especially because it's used in C4::Letters::SendAlerts
This patch uses a $referer variable instead, like it is already used in
other scripts for redirection.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-21 10:58:33 -04:00
Aleisha Amohia
925734ee78 Bug 10357: Adding link for email notification for new subscription issues to opac-detail
This patch adds the link to the opac-detail.pl page so it is less hard
to find.
Update: Fixing link to look like button, adding span ID around element
Update: Changing ID to Class
Update: Comment 14 fixes

To test:
1) Add a subscription, attach it to a record and select a notice under
'Patron notification'. Hit Next, fill in some fields and save the
subscription
2) Go to that record detail page in the OPAC. Go to the subscriptions
tab, click 'More details'. Notice how many clicks it takes to see the
'Subscribe' button
3) Apply patch and go back to the details page for the record
4) Notice now there is a 'subscribe' button
5) Confirm this button works as expected and you are redirected to
the detail page
6) Confirm 'Cancel' works and redirect works too
7) Go down to 'More details' and confirm the buttons work and you are
redirected back to the serial-issues plage from here

Sponsored-by: Catalyst IT

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Re-tested, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-21 10:58:33 -04:00
Alex Arnaud
2be6625d1a Bug 18388 - Standardize serials volume information displaying
OPAC: Home > Details for (serial)
Compared information in tab 'Holdings' col 'Vol info' with
same information in staff client. With patch it's the same.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-13 08:36:15 -04:00
392641ff1e Bug 18349: [QA Follow-up] Add four missing error messages
The error codes come from CanBookBeIssued.
The warnings speak for themselves. Note that the GNA message is similar
to the one used in opac-user.tt (gonenoaddress is translated to the patron
as contact information not up-to-date).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-12 18:47:03 +00:00
b61f73c488 Bug 18349: Remove useless info in alert message
Empty tags should be removed, and message id
Note that not all error codes are covered here.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-12 18:47:02 +00:00
2370695fb9 Bug 18304: [QA Follow-up] Add id to paragraph tag
See Bugzilla, comment 4.

Note: the id is unique in the Koha codebase (git grepped).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:27:36 +00:00
37550a1d69 Bug 18304: Do not mail cart or list contents to the library
Sometimes we receive mails from patrons, sent from opac-sendbasket or
opac-sendshelf. Instead of placing a hold on books they send the contents
of the cart (or even a list).

This patch simply puts a note on both forms saying that they should not
use the mail to request or renew books. If both options are disabled on
the OPAC, the message is not shown.

Test plan:
[1] Enable RequestOnOPAC.
[2] Put a book in the cart.
[3] Open the cart, click on Send. Verify presence of the message.
[4] Open a list.
[5] Click on Send list. Verify presence of the message.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-03-31 14:27:36 +00:00