GetMemberDetails() returns only one hashref now,
not two. In all cases where the caller was
expecting two output values, the $flags return
was ignored anyway.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch allows patrons to update their messaging preferences. This
includes methods in C4::Members to manage patron messaging preferences.
added cgi script to allow patron to edit their messaging preferences
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
I'd like to add another template parameter to geta_template_and user, but found it diffiult due to unreadability.
I stanadardized the whitespace in a portion of get_template_and_user,
alphabetized the parameters, finding a duplicate in one spot,
and then extracted the common template parameters that are set the same
regardless of template type.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
NOTE: This patch introduces code which generates an anonymous session when a patron first browses to OPAC.
This anonymous session contains a minimal amount of information including the results of a query to discover
all public lists/shevles. When the user logs in, the anonymous session is cleared and a new session created
for that user.
kohabug 1875 - fix error when editing a patron record
C4::Auth::checkauth was not distinguishing between a
'userid' input from an OPAC or staff login form and
a 'userid' input from (e.g.,) the patron editor.
Consequently, adding or editing a patron record would
result in Koha trying to log in as the new patron.
To resolve this, added a hidden input to all login
forms, 'koha_login_context', to explicitly signal
when a login is occurring. The value of this input
can be 'opac', 'intranet', or 'sco' - the value is
not used at present, but may be of use later.
C4::Auth - added debug flag to two warns
kohabug 1875 - create anonymous sessions only for OPAC
No need to create an anonymous session for the intranet.
set yuipath correct for login pages
When preparing the template parameters for a login form,
C4::Auth was overriding the value of yuipath set
by C4::Output::gettemplate(), thus causing 404 errors
if the 'yuipath' syspref was set to 'local'.
kohabug 1875 - avoid warns viewing lists anonymously
During an anonymous OPAC session, the $loggedinuser variable
is not set. As the undefined value causes warns in
C4::VirtualShelves::Page::shelfpage, for the purpose of the
shelfpage call the loggedinuser is set to -1, which should
not correspond to any real borrower number.
This is admittedly a hack to avoid digging through all
of C4::VirtualShelves to deal with lists viewed anonymously.
kohabug 1875 Refactoring of &ModShelf to avoid overwriting list owner needlessly
kohabug 1875 Avoid warning if can't find owner of shelf
Since virtualshelves.owner is not a true FK of borrowersnumber.number,
set ownername to '' if can't find the patron
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Calculate OPACBaseURL from the
CGI environment variables instead of using the
system preference. As a result of this patch,
it should be possible to change the hostname,
protocol, or port of the OPAC without having to
reset a system preference.
Also added a FIXME to opac/unapi - the URL of
the SRU/W server has no necessary relationship
to the URL of the OPAC.
Once this patch is confirmed, the syspref can
be removed.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Three scripts were incorrect setting the HTTP type
header to 'utf-8' instead of something appropriate
like 'text/html' - Firefox evidentally can ignore that
mistake, but IE7 does not.
Fixed by replacing an invalid print of the HTTP header
and template output with a call to
C4::Output::output_html_with_http_headers.
Also corrected POD in C4::Auth and InstallAuth to
reflect correct use of output_html_with_http_headers.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
now yuipath is added in C4::Output and uses themelang
In my opinion, all the general variables that are used in output should get in C4::Output (since there is theme lang computed.)
rather than in C4::Auth
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Enhanced the permission-checking functions in C4::Auth
(e.g., get_template_and_user, checkauth, check_api_auth, etc.).
If the CheckSpecificUserPermissions syspref is OFF, the behavior
of those APIs is unchanged.
If CheckSpecificUserPermissions is ON, then the value of each
key in the flagsrequired hash is considered during
the permissions check:
1. if the value is 1, the staff user must have
all privileges for the userflags flag (or module)
referred to by the hash key, e.g.,
{ flaqsrequired => { tools => 1 } }
In terms of the database, this means that the
corresponding bit must be set in borrowers.flags.
2. If the value is '*', the staff user must
have at least one of the permissions for the
userflag/module, but it doesn't matter which one.
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there at least is one row in user_permissions
for the staff user and bit/module combination.
3. If the value is any other string, it must be
a permissions code defined in the permissions table.
The staff user must have that specific permission
or have access to all functions of the module
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there is a matching row in user_permissions
for the staff user, bit/module, subpermission
code combination.
In addition, get_template_and_user is modified so that the
CAN_user_XXX variables that it sets also includes the
subpermissions available (CAN_user_XXX_YYY, e.g.,
CAN_user_tools_import_patrons). The template variables
for the specific permissions are set regardless of whether
CheckSpecificUserPermissions is ON or OFF so that the templates
don't have to test for that syspref explicitly.
In addition, the meaning of CAN_user_XXX has changed slightly -
CAN_user_tools, for example, is set to 1 in the template if the
user has access to *any* of the tools functions. This was done
to simply the logic for deciding whether to display a menu
item in the staff interface are not. This does mean that
when specific subpermissions are added to (say) the circulate
module, each use of CAN_user_circulate will need to be examined
to see if the intent is to allow the user to get at a circ
menu or page or if the user really should be required to have
all circulate functions.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
adding some parameters to the call to opac-auth.tmpl in C4::Auth::checkauth
This displays the additional navigational links in the masthead on the login page to unauthenticated users.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
As announced this past February, Amazon.com will no longer be
accepting web services requests to Amazon E-Commerce Service
(Amazon ECS) version 3.0 beginning on March 31, 2008.
This patch upgrades to Amazon.com's Associates Web Service 4.0
for the following components:
1. Amazon.com Locale support for: Canada, Germany, France, Japan,
UK, and US (see the new syspref called AmazonLocale)
2. Jacket Covers
3. Editorial Reviews
4. Customer Reviews
5. Amazon.com Similar Items
The following changes MUST be made to continue using Amazon.com
content:
1. Delete the system preference: AmazonDevKey (AmazonDevKeys used
with AmazonECS 3.0 are no longer valid)
2. Add the system preferences: AmazonLocale, AWSAccessKeyID
NOTE: steps 1, 2 are done by the web installer
3. Verify your AWSAccessKeyID:
You may already have an Access Key ID. You can access your Access
Key ID by going to http://aws.amazon.com, pointing to Your Web
Services Account, then clicking View Access Key Identifiers.
Depending on when you signed up for ECS 3.0, you may need to
re-register for an AWS account, which includes an Access Key ID.
4. Enter your AWSAccessKeyID in the Koha syspref called
AWSAccessKeyID
For complete details on the changes in Amazon.com Associates Web
Service 4.0, and the migration process, please see: http://tinyurl.com/ysorqy
Other changes with this patch:
* added $tabsysprefs{PatronsPerPage}="Patrons";
* Moved OPAC Features to OPAC in sysprefs
* removed experimental OPACXISBNAmazonSimilarItems and XISBNAmazonSimilarItems features
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
When using mysql and a sufficiently recent version
of DBD::mysql that actually respects the mysql_enable_utf8
option, setting the current branch to a name that
includes a diacritic causes the session to fail
and forces the user to the login screen upon
clicking another link.
This turned out to be due to the default (Data::Dumper)
serialization used by CGI::Session, which truncated the
session object at the diacritic. By enabling
that module's YAML serialization option, the problem
was resolved.
This patch introduces a dependency on the YAML::Syck
module.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Major Fix:
Fixing bug where 'expected' label existed for items that
were 'waiting'
Minor Cleanup:
Show correct statuses
Show itemtypes at correct levels depending on
global system preference
Display branch names, not branch codes
Adding in visibility option for 'canreservefromotherbranches' syspref
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
