In most authentication forms we see :
Fields "Login:" and "Password:" with a submit button "Log in".
In some places submit button contains "Login", which is confusing for translation.
It is not correct according to terminology https://wiki.koha-community.org/wiki/Terminology#L
Also in opac-user.pl ":" is missing, it generates new translation entries.
Test plan:
1) Log out if you are logged in
2) Go to staff interface
3) Check you see button "Log in"
4) Go to OPAC page /cgi-bin/koha/opac-user.pl
5) Check you see fields "Login:" and "Password:"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Since Bug 23777 added To.json, single quote escaping in value_builder/unimarc_field_4XX.pl is useless.
Test plan:
1) Use UNIMARC database
2) Define value builder unimarc_field_4XX on 463$t
3) Create a record B1 with 200$a : L'avion
4) Create a record B2
5) Click on value builder in 463$t
6) Search for record B1
7) Click on "Choose"
=> Without patch 463$t contains : L\'avion
=> With patch 463$t contains : L'avion
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds an extra unit test, to cover the case where the
UpdateItemLocationOnCheckin System Preference is set to "_ALL_: CART"
and the item being returned has no shelving location set.
Test plan:
1) Apply the patch provided earlier
2) prove -v t/db_dependent/Circulation/issue.t
...and sign off if all tests pass.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
JD amended patch: use 'is' instead of 'ok'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The UpdateItemLocationOnCheckin System Preference can be set to update the
location of ALL items during check in, regardless of their shelving location.
However, this does not currently work 100% as it is excluding items with no
shelving location (i.e. value of NULL in the corresponding database field).
This patch, based on the comment made by Nick Clemens, fixes that.
Test plan (based on the original Bug Description by Andrew Fuerste-Henry):
1) Have a shelving location CART
2) In UpdateItemLocationOnCheckin, enter "_ALL_: CART" (without the quotes)
3) Check in an item that has a shelving location, confirm it changes to CART
4) Check in an item with a NULL shelving location, confirm it doesn't go to CART
5) Apply this patch
6) Repeat step 4): this time the item should move to the CART shelving location
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch updates the JS comparison code to remove the '(All)' hint before comparing
to the current value
To test:
1 - Go to Administration -> Item types
2 - Edit a type to have a parent of another type
3 - Go to Administration -> Circulation and fines rules
4 - Add a rule for all categories for the child itemtype
5 - Add a rule for all categories for the parent itemtype
6 - Click edit on child type, note itemtype dropdown in editor correctly selected
7 - Click edit on parent type - note itemtype dropdown menu refers to 'All' itemtypes
8 - Apply patch
9 - Reload page and edit parent type rule
10 - Itemtype dropdown is correctly populated
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Add to OPAC virtual host in apache conf:
SetEnv OPAC_SEARCH_LIMIT branch:multibranch-1
SetEnv OPAC_LIMIT_OVERRIDE 1
RequestHeader add X-Koha-SetEnv "OPAC_SEARCH_LIMIT branch:multibranchlimit-1"
RequestHeader add X-Koha-SetEnv "OPAC_LIMIT_OVERRIDE 1"
2 - Enable system preference OpacAddMastheadLibraryPulldown
3 - Create a library group enabled as OPAC search group (or make sure existing group 1 is an OPAC search group)
4 - Load the opac - dropdown does not pree-select the search group
5 - Apply patch
6 - Relaod opac - group is pre-selected!
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
We use match_count to determine if a new authority record should be created, however,
we were not adding this count to the cache, so if a record returned too many matches on first
lookup, we would create a new record on the second lookup
To test:
1 - Set Linker Module to 'Default'
2 - Enable AutoCreateAuthorities and BiblioAddsAuthorities and CatalogModuleRelink and LinkerRelink
3 - Add two copies of a single authority via Z39
4 - Add two headings for that authority to a bib record (e.g. a 610 and 710)
5 - Save the record and note a new authority is generated
6 - Repeat and see another is generated
7 - Apply patch
8 - Restart all the things
9 - Save the record again, no new authority created
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds get_column to ensure we are returning a string value of
a field rather than accidentally triggering a relationship accessor.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
commit f6e0b04f48
Bug 23271: Replace search_limited with search_with_library_limits
We were modifying the occurrences of:
Koha::Patron::Categories->search_limited;
with:
Koha::Patron::Categories->search_with_library_limits;
But between the patch submission and the push, another occurrence has
been added by bug 23590.
Test plan:
Create a new suggestion from staff and click "select manager"
Without the patch, notice the error:
The method Koha::Patron::Categories->search_limited is not covered by tests!
With the patch applied everything is working correctly
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Koha::ApiKeys is no longer the simple object we need to test
Koha::Object->store, let use Koha::Library::Groups
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the Koha::OAuth library use the new validation method
To test:
1. In master, enable RESTOAuth2ClientCredentials and have your
superlibrarian patron a client_id/secret pair generated
2. Use Postman to gain an access token with the client_id/secret pair
=> SUCCESS: This works in Koha
3. Use the access token to GET /api/v1/patrons
=> SUCCESS: It works
4. Apply this patchset up to the regression tests
5. Run:
$ updatedatabase
$ koha-plack --restart kohadev
=> SUCCESS: All good
6. Repeat 2
=> FAIL: You get an error trying to acquire an access token. Boo
7. Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail!
8. Apply this patch
9. Run:
$ koha-plack --restart kohadev
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
10. Repeat 2
=> SUCCESS: Your original client_id/secret pair works!
11. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove tt/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
https://bugs.koha-community.org/show_bug.cgi?id=28772
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the apikeys.pl display the generated API secret once,
when generated. After that, it won't be displayed by the UI.
To test:
1. Generate a new API key
=> FAIL: The secret is displayed in the API keys table
2. Visit some other page, and go back to the API keys page
=> FAIL: The API key secret is there
3. Apply this patch
4. Go to More > Manage API keys
=> SUCCESS: It no longer displays the secret
5. Generate a new API key
=> SUCCESS: The API key details (including the secret) are displayed.
=> SUCCESS: A message telling to copy the secret because it won't be
displayed again is shown.
6. Repeat 4
=> SUCCESS: The secret is no longer displayed
7. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch refactors the Koha::ApiKey class so:
- It encrypts the generated secret
- Allows accessing the plain text secret only immediately after the key
creation (this implies that it won't be accessible if the key is
fetched from the DB).
- It implements an allow list for attributes, that are not read only.
Changing any other of them will make ->store throw an exception.
- A method for validating plain text secrets against the encrypted one
is added.
- A method for accessing the plain text secret is added. Returns undef
if the object is not 'fresh'.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/ApiKey.t
=> SUCCESS: Tests pass! Expected behavior is confirmed
3. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch limits the accessibility for "Manage API keys" section only
to superlibrarians and the owner of that said API key account.
The way it does it is by checking if user is superlibrarian or if
logged-in user is the same as a patron id/borrower number is the same
as logged-in user number both in template and apikeys.pl and making sure
the link is inaccessible or redirects to the 403 page if user tries to
go there directly.
To reproduce:
1) create/pick existing patron, set Staff access, allows viewing
of catalogue in staff interface (catalogue)" and "Add, modify and
iew patron information (borrowers)" permissions on;
2) enable "RESTOAuth2ClientCredentials" in sysprefs;
3) login with that user into staff interface;
4) check any other patron, go to the "More"->"Manage API keys" and
check that you can see, add delete their API keys;
5) apply patch;
6) with that same user try to access "Manage API keys" page again.
Ensure that you can't access that page of other patrons but can
access your own page and manage your own API keys.
7) log in with superlibrarian now and ensure that you can access every
"Manage API keys" page of every patron and apply changes there.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Remove fields from OPACSuggestionUnwantedFields before creating the
suggestion
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
JD amended patch: remove useless sort
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The following sequence is bad:
46 my $suggestion = $input->Vars;
181 &NewSuggestion($suggestion);
All columns can be set when we insert the suggestion into the DB
We definitely want to avoid the following fields to be set by the final
user: acceptedby, accepteddate, STATUS, etc...
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch prevents an existing user from exploiting the patron edit form in order to
force create new patrons
To test:
Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
with and without this patch.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Security patch. Follow-up for 28929.
Including correction for gonenoaddress and two others.
Includes unwanted fields too now.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 28929: (follow-up) Add exec flag to tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
* selfreg and selfmod for OPAC
* patron's edition on staff
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested OPAC and staff side. Prevents mangling flags column.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds some logic to the background jobs template in order to
make job status and job type translatable. Output of dates has been
changed to use the KohaDates plugin, using the "with_hours" flag.
This patch also modifies the page title and breadcrumbs so that if one
is viewing the details of a background job the page title and
breadcrumbs reflect this.
I've also added inclusion of the preferences search form in the header,
the default for administration pages which don't have their own search.
To test, apply the patch and go to Administration -> Background jobs.
- If there are no background jobs listed, submit at least one batch of
bibliograhpic records and at least one batch of authorty records for
modification (Tools -> Batch record modification).
- In the table of background jobs, the status should be shown
correctly. If you see it capitalized ("Finished") you're seeing the
new string in the template which will be used for translation.
- In the "Type" column, you should see either "Batch authority record
modification" or "Batch bibliographic record modification"
- In the "Queued," "Started," and "Ended" columns the date should be
formatted according to your system's dateformat system preference,
including the time.
- View the details of a background job. The same changes to status and
type should be seen on this page, as well as the date formatting of
the date fields.
- In the breadcrumbs, confirm that it shows a link to the
background jobs page followed by "Details if job #X".
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1. Add values to the AV ROADTYPE
2. Go to the BorrowerUnwantedField system preference and attempt to hide streettype and B_streettype.
3. It doesn't work, the fields still show.
4. Apply patch
5. Repeat step 2, it should work now.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If only the city and country address information was provided they ended
up being glued together like this: CityCountry. (AddressFormat=US style)
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If the city field was not filled out on the main or alternate address,
the content of state, country and zipcode wouldn't display on the
Details tab in the patron account in staff.
To test:
- Enter main contact and alternate address without city
- Verify that the address information isn't shown on the details
tab after saving
- Apply patch
- Verify that the information is displayed now
- Toggle AddressFormat and check display is correct for all settings
- Switch back to US address format
- Try several combinations of empty fields for city, zipcode, country
and state. The punctuation and whitespace should always appear
correctly.
Examples:
- Enter just country
- Enter zipcode and country
- ...
Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To Test:
1. Check the BorrowerMandatoryField and BorrowerUnwantedField system preferences, sort1 and sort2 cannot be hidden or required
2. Apply patch
3. Check the BorrowerMandatoryField and BorrowerUnwantedField system preferences again, you should see sort1 and sort2
4. Since sort1 and sort2 are now added to borrowers.json we must also check the system preferences PatronQuickAddFields & PatronDuplicateMatchingAddFields
5. They should both now include sort1 and sort2, check to make sure they work with these two system preferences
6. Look at the system preferences PatronSelfRegistrationBorrowerMandatoryField, PatronSelfRegistrationBorrowerUnwantedField, and PatronSelfModificationBorrowerUnwantedField
7. sort1 and sort2 should be disabled in these OPAC system preferences
This patch does not attempt to add sort1 or sort2 to the self reg or borrower mod pages. If they should be added, which I am not sure they should, we should do so in a seperate bug
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
# Failed test 'use Koha::OAI::Server::Repository;'
# at t/00-load.t line 62.
# Tried to use 'Koha::OAI::Server::Repository'.
# Error: "transformMARCXML4XSLT" is not exported by the C4::XSLT module
# Can't continue after import errors at /kohadevbox/koha/Koha/OAI/Server/Repository.pm line 39.
The != '' version doesn't check for the whitespace existing and thus
might have added the punctuation without the partNumber or partName being
inserted at all.
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At the moment the punctuation entered for $n $p and is
removed in the part template, which leads to displaying the subfields
without any punctuation and spaces in between.
To test:
- Catalog records with various combinations of 8xx series added
entry fields. Subfield a, t, n, p and v are the most important.
- Verify the display in OPAC and staff is not great.
- Apply the patch.
- Verify the display in OPAC and staff is improved.
For examples see:
https://www.loc.gov/marc/bibliographic/bd80x83x.html
Important note: At the moment 8xx series added entry fields will only display, when
there is also a 490 ind. 1 = 1 field present.
Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bad conflict resolution
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
