Commit graph

79 commits

Author SHA1 Message Date
53ef5a4078
Bug 24384: Add Access-Control-Allow-Origin support to OPAC reports svc
This patch makes the opac/svc/report script use output_with_http_headers
so it sets the Access-Control-Allow-Origin header.

To test:
1. Create a new public report and remember the report id
2. Use your favourite too to fetch the report in JSON by issuing:
   GET http://localhost:8080/cgi-bin/koha/svc/report?id=1
=> FAIL: There is no Access-Control-Allow-Origin header
3. Apply this patch
4. Restart Plack
   $ sudo koha-plack --restart kohadev
5. Set the AccessControlAllowOrigin to anything (for example,
   https://koha-community.org)
6. Repeat 2
=> SUCCESS: On the response headers you find
Access-Control-Allow-Origin: https://koha-community.org
7. Sign off :-D

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-19 09:23:13 +00:00
20952a7b2d
Bug 22821: Rename method with ->inbound_email_address
The method has been renamed in the previous bug report.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
67bda71a45
Bug 22821: Correct to_address for issue notes
This patch updates the controller and service code to use the newly
introduced 'get_effective_email' routine from bug 22823 to obtain the
branches most appropriate email address.

Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
04dcca4321
Bug 22821: Use 'reply-to' address in issue notes
This patch updates the issue notices to not pass from_address and so
default to the branch email of the user for from_address. We now pass
the patrons email (cascading through email, emailpro, B_email) into the
reply_address field so mail servers are less likely to report emails as
spam and mail clients still have access to the patron address via the
reply-to header when staff want to hit 'reply' and have the email go to
the user.

Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
7d8b96803f
Bug 24545: Fix license statements
Bug 9978 should have fixed them all, but some were missing.
We want all the license statements part of Koha to be identical, and
using the GPLv3 statement.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-24 13:31:26 +00:00
ab4fa77eb0
Bug 23623: Remove the svc/patron/show* scripts
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-09-23 10:55:32 +01:00
Kyle M Hall
1ad03f5509
Bug 20691: Add ability to turn feature on and off
This patch adds two preferences
1. AllowPatronToSetFinesVisibilityForGuarantor: Allow/Don't allow patrons to choose their own privacy settings for showing the patron's fines to the patron's guarantor
2. AllowStaffToSetFinesVisibilityForGuarantor: Allow/Don't allow staff to set the ability for a patron's fines to be viewed by linked patrons in the OPAC

Also adds a tinyint, non nullable, default to 0 column in borrower and deletedborrower named privacy_guarantor_fines.
1. privacy_guarantor_fines = 0 => don't allow guarantor to see guarantee's fines
2. privacy_guarantor_fines = 1 => allow guarantor to see guarantee's fines

To test:
1) git reset --hard master
2) apply patches (including dependencies)
3) perl installer/data/mysql/updatedatabase.pl
4) dbic
5) restart_all
6) in intranet search for AllowPatronToSetFinesVisibilityForGuarantor and AllowStaffToSetFinesVisibilityForGuarantor preferences
SUCCESS => both preferences should be present
7) search for a patron with guarantor
SUCCESS => in details tab, in "Library use" section you should see a row labeled "Show fines to guarantor"
8) edit
CHECK => in Guarantor information there is no "Show fines to guarantor" select
9) set AllowStaffToSetFinesVisibilityForGuarantor preference to "Allow"
10) return to patron with guarantor and edit
SUCCESS => in Guarantor information section there is a "Show fines to guarantor" select
11) change "Show fines to guarantor" select to "Yes" and save
SUCCESS => Value is saved
12) go to details tab
SUCCESS => in "Library use" section you see a row labeled "Show fines to guarantor" with value "Yes"
13) set OPACPrivacy preference to "Allow"
14) open 2 opacs, one with a patron that has a guarantor and another that hasn't and go to "your privacy" tab.
CHECK => in both opacs you should not see a "Allow your guarantor to view your current fines?" select
15) in intranet set AllowPatronToSetFinesVisibilityForGuarantor to "Allow"
16) refresh both opacs
SUCCESS => in Patron that has guarantor you see a "Allow your guarantor to view your current fines?" select
	=> in Patron without guarantor you don't see a "Allow your guarantor to view your current fines?" select
17) in Patron with guarantor change value of select and save
SUCCESS => Value is saved
18) in intranet set OPACPrivacy preference to "Don't allow" and AllowPatronToSetFinesVisibilityForGuarantor to "Don't allow"
19) got to "your personal details" in both opacs
CHECK => in both opacs you should not see no Privacy section with a "Allow your guarantor to view your current fines?" select
20) in intranet set AllowPatronToSetFinesVisibilityForGuarantor to "Allow"
21) refresh both opacs
SUCCESS => in Patron that has guarantor you see a "Allow your guarantor to view your current fines?" select in a Privacy section
        => in Patron without guarantor there is no Privacy section
22) in Patron with guarantor change value of select and update
SUCCESS => Value is saved
23) Sign off

Signed-off-by: Agustin Moyano <agustinmoyano@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-09-11 08:53:46 +01:00
90d85eaeb9
Bug 23390: Introduce placeholder syntax for report column names
This patch adds the ability to rename columns in MySQL reports using a syntax:
[[column|alias]]

To test:
 1 - Write a report like:
     SELECT cardnumber FROM borrowers WHERE cardnumber LIKE '%9'
 2 - Run report
 3 - Note you can batch modify the patrons
 4 - Update report:
     SELECT cardnumber AS library_barcode FROM borrowers WHERE cardnumber LIKE '%9'
 5 - Run report
 6 - Note batch options are no longer present
 7 - Apply patch
 8 - Run report, no change
 9 - Update report like:
     SELECT [[cardnumber|library_barcode]] FROM borrowers WHERE cardnumber LIKE '%9'
10 - Run report
11 - Batch options work!
12 - Update report like:
    SELECT cardnumber FROM borrowers WHERE cardnumber LIKE '%9'
13 - Verify batch options still work
14 - Set report 'public'
15 - Verify report can be run via JSON URLs:
     http://kohadev.mydnsname.org:8080/cgi-bin/koha/svc/report?id=1
     http://kohadev.mydnsname.org:8081/cgi-bin/koha/svc/report?id=1

Signed-off-by: George Williams <george@nekls.org>
Signed-off-by: George Williams <george@nekls.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-08-13 11:46:06 +01:00
6a0246e248 Bug 22542: Force back button to display personal data
This is a follow-up of bug 5371

The following command must not return anything:
grep ^output_html_with_http_headers `git grep -l -P "authnotrequired\s*=>\s*0" opac`|grep -v force_no_caching

This must be a test somehwere to prevent further regressions.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-05-02 13:43:48 +00:00
7a44c9edb9 Bug 22010: Check preferences for ebook integration
To test:
1 - Enable OverDrive and RecordedBooks (you can put anything in the
        prefs)
2 - Search on the opac - verify you get results (or search error) on
first page of results'
3 - Go to second page of results - OD and RB are not searched
4 - Apply patch
5 - Verify nothing has changed

If you have valid credentials:
1 - Enable RB prefs
2 - Sign in with an account that has an email matching your registered
account for recordedbooks
3 - Confirm you RB account loads on opac-user.pl

Otherwise:
Read the patches, verify it all makes sense

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-30 11:42:51 +00:00
59b740613e Bug 22717: (bug 20287 follow-up) Fix Google OpenId auto registration
Silly bug caused by:
  commit ef410fd62f
  Bug 20287: Replace occurrences of AddMember with Koha::Patron->new->store->borrowernumber

Constructors take a hashref!

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-30 11:30:55 +00:00
96adab7af8 Bug 22030: Use preference to determine username sent to overdrive
Overdrive configuration generally defaults to cardnumber, however, they
have confirmed that some libraries use usernames. We need to allow for
both scenarios.

To test:
1 - Have an OverDrive account setup with SIP authentication
    Note: You can apply for a testing account at developer.overdrive.com
    and setup an environment
2 - Fill in all your OverDrive system preferences
3 - Test with a patron whose username is their cardnumber
4 - Confirm their overdrive account tab on opac loads
5 - Change the username to be another value like "borked_wont_work"
6 - Note the overdrive account tab won't load
7 - Apply patch, update database, not new system preference
OverDriveUsername (default to 'cardnumber)
8 - Note the OD account loads successfully
9 - Change the system preference to 'user name' - the account load fails

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-08 13:59:46 +00:00
bfbbe52ff7 Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart
Resolve things like:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_prodclone_opac_svc_report line 42, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

The cache key in both script looks like:
    opac:report:id:602018
but should for consistency be:
    opac:report:id:60:2018
Note: The 2018 here is part of the sql_params and should not be
concatenated to the report id.

Test plan:
Do not yet apply this patch.
Make a report public, set cache to 300 secs.
Check its output with opac/svc/report.
Check for the warn in your log.
Apply the patch, restart Plack and flush cache.
Check opac/svc/report.
Modify your report; e.g. add a simple string to the SELECT.
Check opac/svc/report. You should still see cached output.
Flush the cache.
Check opac/svc/report. You should now see the added text.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested also by clearing individual keys with $cache->clear_from_cache.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-15 13:45:42 +00:00
d83d5ec5a4 Bug 21082: (RM follow-up) address QA issues
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 11:04:24 +00:00
e762bdb9b2 Bug 21082: Update OverDrive authentication method
Testing will require an OverDrive account, you should be able to obtain a
developer account here:
https://developer.overdrive.com/

You will need to register a SIP connection for patron authentication

To test authentication:
 1 - Set authname default in OD prefs
 2 - Sign in as a patron whose branch matches authname
 3 - Verify the patron can sign into OverDrive
 4 - Set the patrons branch authname to be incorrect
 5 - Verify branch specific authname is used and patron cannot sign in
 6 - Set the default authname to be incorrect and patron's branch
 authname to be correct
 7 - Verofy patron can sign in

To test circulation:
 1 - Fill out all OD prefs and enable circulation
 2 - Sign in to opac
 3 - Verify you have an OverDrive tab
 4 - Click 'Login to Overdrive'
 5 - If password required you shoudl be prompted, otherwise you should be
signed in and see account info
 6 - Test logging out and in
 7 - Log-in, perform a search on the opac - you should see hold/checkout
buttons
 8 - Test the buttons
 9 - After holding/checking out items, check your account page
10 - Verify info is correct
11 - Log out of overdrive
12 - Search catalog click overdrive results
13 - Test "Login to Overdrive" link on OD results
14 - Verify page is reloaded, buttons show and work

Signed-off-by: Sandy Allgood <sandy.allgood@citruslibraries.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 11:04:23 +00:00
Srdjan
eb4be268d8 Bug 17602: OPAC integration of RecordedBooks
Add RecordedBooks to the users page in the public interface

To Test:
1/ Apply all 3 patches
2/ Set the sysprefs to valid values (you will need a test account with RecordedBooks)
3/ Try a search
4/ Login to the OPAC, try to place a hold, or check an item out
5/ Check the opac-user page, see if your items are showing on the oneclickdigital tab

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:39 +00:00
Charlotte Cordwell
59d436ee60 Bug 19991: use Modern::Perl in OPAC perl scripts
Test Case:
Check the following files have been updated from
use strict;
use warnings;
to
use Modern::Perl;

errors/400.pl
errors/401.pl
errors/402.pl
errors/403.pl
errors/404.pl
errors/500.pl
opac-account-pay-paypal-return.pl
opac-alert-subscribe.pl
opac-authorities-home.pl
opac-authoritiesdetail.pl
opac-browser.pl
opac-ics.pl
opac-image.pl
opac-imageviewer.pl
opac-messaging.pl
opac-modrequest-suspend.pl
opac-modrequest.pl
opac-mymessages.pl
opac-overdrive-search.pl
opac-passwd.pl
opac-patron-image.pl
opac-privacy.pl
opac-ratings-ajax.pl
opac-ratings.pl
opac-readingrecord.pl
opac-renew.pl
opac-sendshelf.pl
opac-serial-issues.pl
opac-showreviews.pl
opac-suggestions.pl
opac-tags_subject.pl
opac-topissues.pl
opac-user.pl
sco/help.pl
sco/printslip.pl
sco/sco-patron-image.pl
svc/overdrive_proxy
svc/suggestion
unapi

Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:32 +00:00
Aleisha Amohia
4a3eaf02e2 Bug 17698: Make patron notes show up on staff dashboard
This patch adds a user permission for managing issue notes, and a 'noteseen'
column to the issues table.

To test:
1) Apply Bug 14224 first
2) Apply this patch, update database, rebuild schema.
3) Restart koha-common and memcached
4) Turn on AllowCheckoutNotes syspref if haven't already
5) Issue two items to two different users (one item each)
6) Log into the OPAC as one of the users and add an issue note to their
issue
7) Log out and log back into the OPAC as the other user
8) Disable Javascript
9) Refresh opac-user.pl
10) Leave a checkout note on their issue
11) Enable javascript and log into the Staff Client as a superlibrarian
user
12) Go to your user's account and edit their permissions to have
everything ticked EXCEPT circulate->manage checkout notes.
13) Go to main intranet page. There should be no message saying
'checkout notes pending'.
14) Go to circulation home page. There should be no link to Checkout notes.
15) Go back to user's permissions and tick circulate->manage checkout notes.
16) Go back to main intranet page. There should now be a message at the
bottom saying 'Checkout notes pending: 2'
17) Go to circulation home page. There should be a link to Checkout notes
with a 2 next to it. Click this link
18) Attempt to mark an checkout note as seen. This should update the status
of the checkout note to 'seen' and disable to 'mark as seen' button while
enabling the 'mark as not seen' button.
19) Test both buttons with both issues.
20) Test select all and clear all buttons
21) Confirm that buttons at the bottom are only enabled if a checkbox is
checked
22) Try selecting both issues and using the buttons at the bottom to
mark multiple issue notes at once.
23) Confirm the barcode link to the item works as expected.
24) Confirm the cardnumber link to the user works as expected.
25) Confirm all table details show correctly.

Sponsored-by: Catalyst IT

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Remove self-checkout permissions

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:40 +00:00
ef410fd62f Bug 20287: Replace occurrences of AddMember with Koha::Patron->new->store->borrowernumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:47 +00:00
1b13c453e2 Bug 20287: Move fixup_cardnumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:44 +00:00
cdb6b68488 Bug 20495: (follow-up) Correct search for report by name
Ultimately we should probably remove name access as it is not a unique
id, but this should preserve existing behaviour

To test:
Create a report
Use the service link to confirm the report runs
Replace id=# parameter with name=XXXXXX
Confirm URL works

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Note: We should not remove the param "name", it's a feature, see bug 8256.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-02 12:06:54 +00:00
4ec5a67c6f Bug 20495: Remove get_saved_report
To test:
1 - prove t/db_dependent/Reports/Guided.t
2 - grep "get_saved_report" - ensure there are no occurences of the
singular form
3 - create, save, edit, and convert a report
4 - access a public report and report json from opac and staff client
5 - Ensure all function as expected

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-02 12:06:54 +00:00
Aleisha Amohia
dd77236371 Bug 18915: Renaming svc/patron_notes to svc/checkout_notes
For consistency.

Signed-off-by: Marjorie Barry-Vila <marjorie.barry-vila@collecto.ca>

https://bugs.koha-community.org/show_bug.cgi?id=19801

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
Aleisha Amohia
d8963726d0 Bug 18915: Giving CHECKOUT_NOTE access to issues table
This patch allows the notice to reference the issues table so that the
checkout note itself can be added to the note if wanted, such as in
Comment 9.

Sponsored-by: Catalyst IT

Signed-off-by: Marjorie Barry-Vila <marjorie.barry-vila@collecto.ca>

https://bugs.koha-community.org/show_bug.cgi?id=19801

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
Aleisha Amohia
5239269216 Bug 18915: Fix checkout note email message
This patch replaces the <<biblio.item>> in the email with
<<biblio.title>> and uses CHECKOUT_NOTE instead of PATRON_NOTE.
This patch also adds the notice to
installer/data/mysql/en/mandatory/sample_notices.sql, and updates the
PATRON_NOTE entry in installer/data/mysql/updatedatabase.pl

To test:
1) Apply patch and update database
2) View the message_queue table in mysql
3) Check out an item if haven't already
4) Go to OPAC and set a checkout note for an item
5) View message_queue table and confirm it the title is included in the
email and all instances of 'patron note' have been replaced with
'checkout note'
6) Disable javascript in browser
7) repeat steps 4 and 5 and confirm all works as expected

Sponsored-by: Catalyst IT

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
2d10327e98 Bug 19496: ReplytoDefault is a pref, not a C4::Context method
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-07 10:52:28 -03:00
Aleisha Amohia
d5292616ac Bug 19496: Fixing to_address for patron notes
This patch ensures the patron note to_address is the branch email or the
Koha Admin email, and the from_address is the patron's email.

To test:
1) Ensure syspref 'allowcheckoutnotes' is turned on
2) Go to OPAC, leave a note on a checkout
3) Confirm that the note is received (in mysql message_queue) but the
to_address is the patron's email - this is wrong
4) Apply patch and refresh OPAC
5) Leave a note on a checkout
6) Confirm that the note is received in message queue
7) Confirm that the to_address is one of:
- branch email
- branch reply to
- syspref ReplytoDefault
- syspref KohaAdminEmailAddress
8) Confirm that the from_address is one of:
- patron email
- patron emailpro
- patron B_email

Sponsored-by: Catalyst IT

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-07 10:26:53 -03:00
27b99bb80b Bug 18118: Unexpected behaviour with 'GoogleOpenIDConnect' and 'OpacPublic' syspref combination.
TEST PLAN
----------
1/ configure a working 'GoogleOpenIDConnect' account

See comment #5 which also links back to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16892#c3

2/ set 'OpacPublic' (under OPAC) to 'Disabled' and
   'GoogleOpenIDConnect' (under Administration) to 'Yes'.

3/ log in user successfully via google-auth, observe redirect to
   opac-user.pl (bad)

4/ apply patch
   -- on kohadevbox remember to restart all! Plack is unforgiving. :)

5/ log in user successfully via google-auth, observe expected
   redirect to opac-main.pl (good)

While I would normally suggest running koha qa test tools, because
this file doesn't end in .pl, it doesn't get picked up by them.

6/ perlcritic -4 opac/svc/auth/googleopenidconnect
   -- notice this is a level better than required. :)

This also eyeballs easily well.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
Mark Tompsett
8ed19fedca Bug 16892: Address error checking in comment #47
Tweaked logic to include error check for category
and branch being valid. If not, the user is told
about a configuration error to share with the
library. Otherwise, it should proceed as normal.

TEST PLAN is comment #35 still.
Though include a run with an invalid category
and/or branch code in the two system preferences:
GoogleOpenIDConnectDefaultBranch and/or
GoogleOpenIDConnectDefaultCategory

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
88f616277a Bug 16892: Follow up use AddMember as per QA comment
Same Test plan as before.

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
ae45243fae Bug 16892: Add automatic patron registration via OAuth2 login
10988 added the ability to log into the OPAC authenticating with
Google Open ID Connect. This extends it, by allowing an
unregistered patron to have an account automatically created
with default category code and branch.

This is accomplished by adding 3 system preferences.
- GoogleOpenIDConnectAutoRegister
      whether it will attempt to auto-register the patron.
- GoogleOpenIDConnectDefaultCategory
      This category code will be used to create Google OpenID Connect patrons.
- GoogleOpenIDConnectDefaultBranch'
      This branch code will be used to create Google OpenID Connect patrons.

Sponsored-by: Tulong Aklatan

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
2f1a1fc4b9 Bug 18938: (bug 17829 follow-up) Replace 2 occurrences of GetMember left behind
Between patch submission and push, 2 new occurrences appeared in the
codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-14 12:19:13 -03:00
f4ded893c5 Bug 18276: [QA Follow-up] Fix two new calls
Found two calls in opac-issue-note.pl and svc/patron_notes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:02:54 -03:00
f5b1154e70 Bug 14224: Use encode_json instead of to_json
To handle unicode characters properly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
e54152a90b Bug 14224: Improve escaped characters
To recreate the problem, submit a note like
  doh"doh

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
ba658d5919 Bug 14224: Update Copyright
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
c4dd097d20 Bug 14224: Replace AllowIssueNotes with AllowCheckoutNotes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
88852ffbb0 Bug 14224: Make strings translatable
The strings should be translatable.
This patch also removes the error as it appears that we only have 1
error.
To improve we could surround the store with an eval.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
0159908ca1 Bug 14224: Allow patron notes about item shown at check in
This patch adds a "Note" input field to checked out items in the "your summary"
section. The field allows patrons to write notes about the item checked out,
such as "this DVD is scratched", "the binding was torn", etc. The note will be
emailed to the library and displayed on item check in.

Patch adds two fields to the "issues" table - "note" and "notedate".
Patch adds syspref "AllowIssueNotes" - default off.

Test Plan:
1) Apply this patch
2) Update database
3) Rebuild schema
4) Turn on 'AllowIssueNote' syspref
5) Check out three different items to a borrower (may be easiest to check
    out to yourself)
6) Log in as that borrower (or yourself) on the OPAC side and go to your
summary
7) Confirm text field shows under Note column for all checkouts. Set a
note for each issue, confirm all save.
8) Check the message_queue in mysql for the entries for ALL THREE issue
notes.
9) Disable javascript in your browser
10) Refresh your summary page. Confirm that you can no longer edit the
notes in the text field. Click the 'Create/edit note' button and confirm
you are redirected to a new page.
11) Confirm that the correct title and author show for the note button
you clicked.
12) Set the note and click Submit -> confirm you are redirected
back to summary page and note is saved
13) Confirm there is a new entry in message_queue
14) Enable javascript and go back to the your checkouts page in the
staff client for the borrower you issued the items to
15) Check in TWO items
16) Confirm that the issue notes show under the "Date due" column for
the two items you checked in, and are accurate to the item (i.e. the
right issue note under the right item)
17) Go to circ/returns.pl and check in the final item using the barcode.
Confirm the issue note shows and the date is formatted correctly.

Sponsored-by: Region Halland

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marc Véron <veron@veron.ch>
2017-04-28 09:03:22 -04:00
95429af685 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 08:37:44 -04:00
c2c3c11005 Bug 14365 - Populate never used saved_sql column last_run when execute_query is called
Signed-off-by: Cab Vinton <director@plaistowlibrary.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:54:22 +00:00
Kyle M Hall
8255344215 Revert "Bug 12461 - Add patron clubs feature"
This reverts commit 4f1eefdbb8.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-26 20:41:27 -05:00
4f1eefdbb8 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
2017-02-23 19:42:36 +00:00
Srdjan
c7a2ef261e bug_16034 Add overdrive info to the users page in the public interface
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-21 19:58:21 +00:00
e55b38928a Bug 17486: Remove Mozilla Persona
Persona never really took off, and although many browsers currently
support it, very few services actually implement it.

This has lead to it's founders, Mozilla, to end the project. In their
own words:

=============================================================================
Persona is no longer actively developed by Mozilla. Mozilla has
committed to operational and security support of the persona.org
services until November 30th, 2016.

On November 30th, 2016, Mozilla will shut down the persona.org services.
Persona.org and related domains will be taken offline.

If you run a website that relies on Persona, you need to implement an
alternative login solution for your users before this date.

For more information, see this guide to migrating your site away from
Persona:

https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

=============================================================================

Given the above, and that the Persona authentication methods as a whole
are no longer being actively maintained by anyone anywhere to ensure
ongoing security, we should deprecate the option from koha.

Test plan:
Apply this patch and make sure you do not find any references of Persona
Have a look at patches from bug 9587 and confirm that everything has
been reverted

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Code looks good to me.
Also ran several tests including: Auth.t, Auth_with_shibboleth.t.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 12:32:19 +00:00
f28460bdb7 Bug 17392 - opac/svc/overdrive_proxy is not plack safe
This patch simply replaces the ';'  in the param passed to OverDrive
with '&'

To test:
1 - Enable overdrive (requires an account)
2 - Perform an opac search
3 - Note the number of overdrive results reported
4 - Click the link to view the actual overdrive results
5 - Note the result numbers don't match
6 - Apply patch
7 - Repeat 1-4 and note results numbers match and results are relevant
8 - Test a search with a ';' to ensure this patch isn't breaking
searches

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>
Verified by reading code - couldn't verify using Overdrive.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 16:16:02 +00:00
658f603511 Bug 17189: Replace occurrences of 'use Koha::Cache'
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

https://bugs.koha-community.org/show_bug.cgi?id=11921

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 10:24:47 +00:00
f753220701 Bug 17189: Add the ability to define several memcached namespaces - replace existing occurrences
s/Koha::Cache->get_instance/Koha::Caches->get_instance

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

https://bugs.koha-community.org/show_bug.cgi?id=11921

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 10:24:46 +00:00
c4eabeda0b Bug 16447: Remove occurrence of the borrow permission which does no longer exist
Bug 7976 has removed this permission, but other patches re-added it...
Note that the occurrences in sendbasket.pl, edithelp.pl, opac/svc/login should
have been removed by bug 7976.

Test plan:
  git grep 'borrow.*=> 1'
should not return any results.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-05-05 21:28:14 +00:00
Nicholas van Oudtshoorn
9472711921 Bug 10988 - Fix some wording Fix some outdated wording in googleopenidconnect
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:36 +00:00