Commit graph

7932 commits

Author SHA1 Message Date
Chris Nighswonger
f3088a211a Correcting code to pass total number of hits returned to the template.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-14 23:46:59 -05:00
Paul POULAIN
d7637da3af removing some spaces in record.abs, that make the file invalid for Zebra
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-14 23:46:58 -05:00
Paul POULAIN
7fb1eaf246 my .gitignore, to avoid having files suggested to be commited.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-14 23:46:56 -05:00
Paul POULAIN
ba0827b631 BUGFIX : don't displayt "Place Hold" when RequestOnOpac is OFF
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-14 23:46:55 -05:00
Paul POULAIN
d853be943f BUGFIX : encoding problem & security problem
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-14 23:46:53 -05:00
daa0c79642 Correct bad encoding of fr-FR data loaded by web installer
Some informations imported into MySQL DB by web installer
were wrongly encoded. It was the case for example with
opac_news table.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-14 23:46:35 -05:00
Joshua Ferraro
a3430082bd adding license tab to about page
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-14 16:50:48 -05:00
7c284da9bd Displays Languages selector on opac-main.pl page
On bottom of each OPAC pages, a languages selector is displayed
(depending of syspref). But this selector wasn't available
on OPAC home page.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-12 15:05:12 -05:00
Joe Atzberger
b1fbee40d5 Total overhaul of bor_issues_top report, removal from CGI::scolling_list.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-12 15:05:10 -05:00
Joe Atzberger
bde1ac3e13 Add authorised values descriptions to selector for "location".
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:37 -05:00
Andrew Moore
49be89c735 bug 1953: removing possible SQL injections from C4::Acquisition::GetHistory
I think this is the last sub in this module that needs to be changed.
there should be no functionality or no documentation changes with this patch.
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=1953

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:36 -05:00
Ryan Higgins
5966f77b5c Remove redundant name from breadrumbs, make casing consistent in patron edit
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:34 -05:00
Ryan Higgins
3b43368abf show zipcode with address in patron search results list
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:33 -05:00
f36beeec74 Bug #1855
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:32 -05:00
Chris Nighswonger
f6f01deca5 Correcting class.labels_conf to be classification.labels_conf
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:31 -05:00
Henri-Damien LAURENT
288b74cf3a Bug Fixing : Forcing USMARC format for xml
using as_xml uses default MARC::File::XML format which is UNIMARC for marcflavour UNIMARC
And thus, causing a problem when encoding simple items marc records.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:30 -05:00
Joe Atzberger
60262720f0 Item-level_itypes fix, addition of ccode vector and filter.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:27 -05:00
Andrew Moore
2df965f4ea bug 1953: removing possible SQL injections from C4::Acquisition::GetLateOrders
I decided to not make chagnes the the query that's executed on databases other than MySQL as I have no good way to test that.
This change provides no functinality change and requires no documentation change.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:25 -05:00
Paul POULAIN
4f283bc0fa BUGFIX : encoding problem & security problem
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:56:24 -05:00
Chris Nighswonger
e15e2f9118 Bugfix: Handling cases where the image is the correct pixel dimensions
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 16:54:54 -05:00
Joshua Ferraro
bedb9fffa0 avoid crashes if record in result set is corrupted
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-11 04:51:40 -05:00
Galen Charlton
419d8fc0d8 added jQuery plugin Treeview 1.4.0
This plugin by Jörn Zaeffererr handles creating an
expandable and collapsible tree from an unordered list, and
will initially be used for the enhanced user permissions page.
The plugin is dual-licensed: MIT and GPL.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:54:23 -05:00
Ryan Higgins
c2b932869e Add Default location to Staff client login.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:54:20 -05:00
Ryan Higgins
9ff307e881 remove hardcoded ccode & loc authorized values from opac-detail.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:54:16 -05:00
d43b8d6ba8 Still tinkering with moredetail.tmpl; Haven't solved anchor problem.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:54:11 -05:00
078741e657 Adding anchor link to updateitem redirect; Markup corrections for cat_issues_top.tmpl
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:54:07 -05:00
1d862b7877 Quotes in shelf name prevented editing of shelf name.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:54:03 -05:00
446f19fdd3 Quotes in shelf name were causing js error.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:58 -05:00
7ccbc7c671 Markup corrections and standardizations.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:53 -05:00
Chris Nighswonger
cd4c9aac43 Bugfix for 1931 as well as a major overhaul in the presentation of the search results.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:49 -05:00
Galen Charlton
83f8e22aec renamed CheckSpecificUserPermissions to GranularPermissions
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:45 -05:00
Galen Charlton
7a2a241fa3 fix crash when attempting login as user w/o 'catalogue' permission
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:38 -05:00
Galen Charlton
fc6ccb1a61 granular permissions - updated Tools
Updated all scripts appearing on the tools page
to respect a granular permission defined for
each of them.

The tools menu and home page have been changed so
that only the specific tools that a user has
access are displayed.  This is simple, but depending on
the module and circumstance, it may be better to
display functions that the user has does not have
access to, but disable the links and do some sort
of visual styling to indicate that a function exists
but requires additional privileges to access.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:30 -05:00
Galen Charlton
0f7ed0ebb4 granular permissions - update CGI script for permissions editor
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:26 -05:00
Galen Charlton
bb770a8d9d granular permissions - setting user permissions
Adjusted the user permissions editing page as follows:

* Replaced table with a list
* Implemented a tree control using the jQuery Treeview plugin
* When CheckSpecificUserPermissions is ON, if a module
  flag has specific (i.e., children) permissions, allow
  them to be edited - this is where the tree control
  comes in.
* Added some hooks and an initial stab at the CSS
  to style the permissions editor tree.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:22 -05:00
Galen Charlton
a7e852794c CAN_user_permission => CAN_user_permissions
Adjusted so that there wasn't a difference between
the 'permissions' code in userflags.flag and the
template variable.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:17 -05:00
Galen Charlton
70d33a82bb granular permissions - C4::Auth
Enhanced the permission-checking functions in C4::Auth
(e.g., get_template_and_user, checkauth, check_api_auth, etc.).

If the CheckSpecificUserPermissions syspref is OFF, the behavior
of those APIs is unchanged.

If CheckSpecificUserPermissions is ON, then the value of each
key in the flagsrequired hash is considered during
the permissions check:

  1. if the value is 1, the staff user must have
     all privileges for the userflags flag (or module)
     referred to by the hash key, e.g.,

     { flaqsrequired => { tools => 1 } }

     In terms of the database, this means that the
     corresponding bit must be set in borrowers.flags.

  2. If the value is '*', the staff user must
     have at least one of the permissions for the
     userflag/module, but it doesn't matter which one.

     In terms of the database, this means ether that the
     corresponding bit must be set in borrowers.flags or
     that there at least is one row in user_permissions
     for the staff user and bit/module combination.

  3. If the value is any other string, it must be
     a permissions code defined in the permissions table.
     The staff user must have that specific permission
     or have access to all functions of the module

     In terms of the database, this means ether that the
     corresponding bit must be set in borrowers.flags or
     that there is a matching row in user_permissions
     for the staff user, bit/module, subpermission
     code combination.

In addition, get_template_and_user is modified so that the
CAN_user_XXX variables that it sets also includes the
subpermissions available (CAN_user_XXX_YYY, e.g.,
CAN_user_tools_import_patrons).  The template variables
for the specific permissions are set regardless of whether
CheckSpecificUserPermissions is ON or OFF so that the templates
don't have to test for that syspref explicitly.

In addition, the meaning of CAN_user_XXX has changed slightly -
CAN_user_tools, for example, is set to 1 in the template if the
user has access to *any* of the tools functions.  This was done
to simply the logic for deciding whether to display a menu
item in the staff interface are not.  This does mean that
when specific subpermissions are added to (say) the circulate
module, each use of CAN_user_circulate will need to be examined
to see if the intent is to allow the user to get at a circ
menu or page or if the user really should be required to have
all circulate functions.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:13 -05:00
Galen Charlton
cafaa26b45 granular permissions - created DB tables
First big commit in a project to add more granular
staff user permissions to Koha.

* Created two new database tables

permissions:
  stores a list of defined permissions; each
  permission is to be interpreted as a child
  of a top-level permission defined in the
  existing user flags.  For example, Tools (bit 13)
  now has a separate sub-permission for each
  individual tool.

  The columns are
    module_bit  = FK referencing userflags.bit
    code        = code, e.g., import_patrons
    description = e.g., "Import patron data"

user_permissions:
  stores a list of the specific permissions that
  a staff user actually has.   For example, if
  staff user 123 has only the 'import_patrons' subpermission
  of 'Tools' (module_bit = 13), that would be represented
  by having (123, 13, 'import_patrons' in user_permissions.

  user_permissions and borrowers.flags are now interpreted
  as follows (assuming the CheckSpecificUserPermissions syspref
  is ON):
    * If the appropriate bit (e.g., bit 13 for Tools) is set
      in borrowers.flags, the staff user can access all
      Tools functions.  There should be no rows in user_permissions
      for that staff user and userflag bit combination.
    * If the bit is not set in borrowers.flags, but one or
      more rows are present in user_permissions for that
      staff user and bit combination, the staff user can
      access the specified sub-functions.
    * If the bit is not set in borrower.flags and there are
      no rows in user_permissions for that staff user and
      bit combination, the user cannot access any of the functions.

  Note that this means that if a staff user can access all
  functions for a module (because the bit is set in borrowers.flags),
  the user will automatically be able access any new subfunctions
  added to permissions by a database update.

  The columns are:
    borrowernumber = FK referencing borrowers.borrowernumber
    module_bit, code = FK referencing permissions

* Added a new system preference, CheckSpecificUserPermissions

If this system preference is ON, staff users can be assigned
specific permissions which will be respected during
authorization checks.  If this system preference is OFF, the
current userflags semantics will continue to apply.

* Defined sub-permissions for Tools.  The list of specific
  tools permissions is now:

  edit_news          Write news for the OPAC and staff interfaces
  label_creator      Create printable labels and barcodes from catalog and patron data
  edit_calendar      Define days when the library is closed
  moderate_comments  Moderate patron comments
  edit_notices       Define notices
  edit_notice_status_triggers     Set notice/status triggers for overdue items
  view_system_logs   Browse the system logs
  inventory          Perform inventory (stocktaking) of your catalogue
  stage_marc_import  Stage MARC records into the reservoir
  manage_staged_marc Manage staged MARC records, including completing and reversing imports
  export_catalog     Export bibliographic and holdings data
  import_patrons     Import patron data
  delete_anonymize_patrons    Delete old borrowers and anonymize circulation history (deletes borrower reading history)
  batch_upload_patron_images  Upload patron images in batch or one at a time
  schedule_tasks     Schedule tasks to run

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:08 -05:00
Galen Charlton
2173ee7b9e fixed XHTML error
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:02 -05:00
Galen Charlton
90290c4551 bug 2006: do not crash when paying a lost item fine
Qualified call to MarkIssueReturned with 'C4::Circulation'.
It looks like there is still a subtle bug with exporting
subs between modules that use each other.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:52:55 -05:00
Joshua Ferraro
3c030be172 Fix for installer languages so that only the staff client languages are visible to the installer
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:52:49 -05:00
Joshua Ferraro
201204e865 improving english of maintenance page
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:52:41 -05:00
Andrew Moore
e8da5f250d bug 1953: removing potential SQL injection in C4::Acquisition::GetParcels
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 03:00:40 -05:00
Andrew Moore
b5d356e6be bug 2009: fix to include "type" so that adding items to label batches works.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 03:00:36 -05:00
12273aa88d Include file required after modifications to opac-topissues.tmpl
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 02:59:42 -05:00
14249c0082 Changes to "Most Popular" interface: adding some default parameters to link so that page displays results right away. When results are shown, search form is moved into side bar, like facets. Adding tablesorter and 'place hold' links.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 02:59:40 -05:00
5c2c039854 Adding whitespace to allow wrapping of long subject hierarchies
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 02:59:38 -05:00
6594407b73 Formatting patron expiration date output (or was there a reason why this was commented out previously?)
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 02:59:32 -05:00
28e9427c0e Fix for Bug 1828 (
Edit Details link for expired member in circulation.pl incorrect)

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 02:59:31 -05:00
193207c614 Identifying "waiting at" branch on screen.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 02:59:29 -05:00