The method Koha::Items->itemnumber is not covered by tests!
Trace begun at /kohadevbox/koha/Koha/Objects.pm line 592
Koha::Objects::AUTOLOAD('Koha::Items=HASH(0x55981fd94790)') called at /kohadevbox/koha/opac/opac-reserve.pl line 465
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch leverages on bug 24254's
Koha::Items->filter_by_visible_in_opac to filter out items that
shouldn't be presented to the end user in the OPAC interface.
To test:
1. Circulation and Fine rules for item-level holds are set to allow.
2. Setting the OpacHiddenItems preference to "ccode: [SUPPRESS]"
3. An item with collection Code Suppress is set.
4. Search for the title in the OPAC.
=> SUCCESS: The Suppress ccode item isn't shown.
5. View the detail page for the title.
=> SUCCESS: The suppress ccode item isn't shown.
6. Place a hold on the item:
-- Click "Show more options"
-- Select "A specific item"
=> FAIL: the ccode with the opachiddenitems rule has an item that appear in the list to place a hold
7. Apply this patch and repeat 6
=> SUCCESS: The item doesn't show!
8. Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1. Apply patch, restart_all
2. Add some OPAC messages by clicking 'Add a message' on Home › Circulation › Checkouts › patron
3. Log into the OPAC as that patron and you should see a notice about how many messages you have with a link to opac-user.pl
4. Add multiple OPAC messages and make sure it all continues to work.
5. Also add an OPAC note from memberentry.pl. Refresh the OPAC and you should see a 1 message added to the total
6. Try an OPAC without any messages. If there are no messages or any other kind of notification the dashboard should NOT appear at all.
7. Add a 'staff - internal' note. It should not count towards your total messages in the dashboard.
8. Test it with some other notices that would appear on the dashboard, checkouts, holds, overdues.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The authorised values OPAC_SUG displayed at the OPAC show the staff
description.
Test plan:
1. Create an auth value in opac_sug, with different text for the description and OPAC description.
2. Go to the OPAC and open the purchase suggestion form.
3. Note in the Reason for purchase drop down, the descriptions appear, the text entered in the OPAC description field.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the browse search interface to confirm to new
interface patterns in the Bootstrap 4 framework, especially in the form
markup.
The results list has been changed to a Bootstrap "Collapse" component
configured as an accordion
(https://getbootstrap.com/docs/4.5/components/collapse/#accordion-example).
Instead of loading the bibliographic record results below the list of
terms returned, the bibliographic results are now displayed in the
"panel" expanded below the selected term. Subtitle has been added to the
information displayed about the bibliographic record.
To test you must be using ElasticSearch and the OpacBrowseSearch
preference must be enabled. Apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Open the "Browse search" page in the OPAC.
- Test various searches: Author, Subject, and Title.
- When results are found, the should be displayed as a Bootstrap-styled
accordion widget. Clicking any individual result should expand the
panel containing the corresponding records.
- Clicking the record link should open the bibliographic detail page in
a new window.
- When no results are found, a Bootstrap-style "alert" box should
appear.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch fixes the bug when there is no patron category available for
selection in self registration form. It uses PatronSelfRegistrationDefaultCategory
to get patron's password length and strength.
To test:
1. Do not apply this patch
2. Allow SeflRegistration, set PatronSelfRegistrationDefaultCategory to
a valid patron category and finally add categorycode to PatronSelfRegistrationBorrowerUnwantedField
3. Go to opac and enter self registration form
CHECK => There is no patron category available for selection
=> Password's info alert shows "Password must contain at least
undefined characters"
4. Fill the form setting a password and send.
CHECH => You get an exception saying "You must provide a patron's
category to validate password's strength and length"
5. Apply this patch and restart_all
6. repeat steps 3 and 4
SUCCESS => Password's info alert message shows a number instead of
"undefined"
=> Password's strength and length checks are working
=> If you change default category's lenght or strength parameter it get's reflected when you refresh the page
=> When you click send, patron is saved
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In OPAC password recovery perl opac/opac-password-recovery.pl
there are some error codes not in Template koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
This patch fixes several bugs:
- remove 'use Koha::Patrons' defined twice
- remove vars $errTooManyEmailFound $errBadEmail, not used in any template
- add in template text for error 'errNoBorrowerEmail'
1) Create a patron A with login but no email
2) Create a patron B with login and valid email
3) Go to system preferences set 'OpacResetPassword' to ON
4) Make sure that OpacPasswordChange is also ON
5) Go to 'Forgot your password' in OPAC
6) Enter login if patron A and save
=> You get message 'This account has no email address we can send the email to.'
7) Enter login if patron B and save
=> Password recovery is send, no error message
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
As highlighted by Katrin, the selfcheckin module was not aware of this
work. This commits gives it awareness of the too_unseen renew error and
the "seen" argument that can be passed to AddRenewal
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds support for unseen renewals.
Here we retrofit knowledge of unseen renewals and add the display of unseen
renewal counts and warnings, in addition to adding the ability to
specify a renewal as being "unseen".
The functionality added here is goverened by the UnseenRenewals syspref.
Signed-off-by: Sally Healey <sally.Healey@cheshirewestandchester.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds patron's hold history in OPAC.
To test:
1. apply this patch
2. Find a patron, place several holds and cancel or fulfill them
3. Go to patron's opac
CHECK => There is no 'your holds history' option in menu
4. In admin preferences enable OPACHoldsHistory
5. Go back to patron's opac
SUCCESS => There is a 'your holds history' menu option
=> Holds history displays all holds
6. Change order, and list limit
SUCCESS => All controls work as expected
7. Sign off.
Signed-off-by: Todd <tgoatley@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the ability for ILL to send notices, both triggered by
staff and triggered by events.
Staff can trigger notices to patrons from the "Manage ILL request" screen:
- ILL request ready for pickup
- ILL request unavailable
- Place request with partners
The following notices to staff are triggered automatically:
- Request has been modified by patron
- Request has been cancelled by patron
Branches can now specify an "ILL email" address to which notices
intended to inform staff of changes to requests by patrons can be sent.
The sending of notices is controlled by a few new sysprefs:
- "ILLDefaultStaffEmail" - Fallback email address for staff ILL notices
to be sent to in the absence of a branch address
- "ILLSendStaffNotices" - To specify which staff notices should be sent
automatically when requests are manipulated by patrons
Patron notices are also controlled by the patron's messaging
preferences
Sponsored-by: PTFS Europe
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@it-tallaght.ie>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When using OPAC password recovery form, opac/opac-password-recovery.pl :
if one provides correct login and an email, there is a check that this email is one of patron's.
This check uses RegExp with case insensitive :
if ( $email && !( any { /^$email$/i } @emails ) )
This is a security issue since one can simply enter '.*'.
Severity is normal because the login must be a correct.
I propose to use simple string compare with lowercase to be case insensitive.
Test plan :
1) Don't apply patch
2) Enable system preference 'OpacResetPassword'
3) Go to 'OPAC > Log in to your account > Forgot your password?'
4) Enter an existing userid or cardnumber and '.*' in 'Email'
5) The password recovery is created ! (check table 'borrower_password_recovery')
6) Apply patch
7) Enter an existing userid or cardnumber and '.*' in 'Email'
8) You get the message 'No account was found with the provided information.'
9) Enter an existing userid or cardnumber and in 'Email' the corresponding email but with different case
10) The password recovery is created (check table 'borrower_password_recovery')
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the OPAC list page so that download options are
shown in a dropdown menu instead of a modal dialog. This solves a bug
introduced by the Bootstrap 4 upgrade and makes it consistent with the
cart interface.
To test, apply the patch and view the contents of a list in the OPAC
which has multiple items on it.
- In the toolbar at the top of the list contents table the "Download"
button should now be a dropdown menu.
- Selecting any of the download options should trigger a download
prompt.
- Test with and without some CSV profiles which have been
configured for use in the OPAC
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Some libraries would like to not only block the circulation of a guarantor based on fines owed by guarantees, but would also like to block circulation for all guarantees as well. Basically, if a family as a whole reaches a certain threshold of fines, the entire family will be blocked from checking out items.
Test Plan:
1) Apply this patch
2) Set NoIssuesChargeGuarantorsWithGuarantees to $14
3) Create a family of four ( 2 guarantors, 2 guarantees ) where the parents guarantee both children
4) Give 3 of the 4 a $5 fine
5) None of them should be able to check out items
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In this patch we remove the limitation of 1 cover image per item
Sponsored-by: Gerhard Sondermann Dialog e.K. (presseplus.de, presseshop.at, presseshop.ch)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1. git grep -i AllowPurchaseSuggestionBranchChoice **/*.pm **/*.pl **/*.t
2. There should no longer be any code related to the old sys pref AllowPurchaseSuggestionBranchChoice
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
-Apply patch
-Check OPACSuggestionUnwantedFields
-Check some fields as unwanted
-Go to the OPAC suggestion page and make sure these correct fields are hidden
-Turn on the system preference AllowPurchaseSuggestionBranchChoice to see the branch choice on the form
-Make sure you can correctly hide this one and still submit the purchase suggestion for without error.
-Go through each option and make sure it hides properly.
Note: You will only see the patron reason field when there are authorised values in the OPAC_SUG category
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
At a later development stage, exceptions where added for bad addresses.
This wasn't addressed in the controllers.
This patch makes the basket and list sending controller scripts move
email creation inside the try/catch block to handle those situations. It
also UTF-8 encodes the attached marc.
On broadly testing this I found that if the TT templates that are used
to build the email contains non-latin characters, those get
double-encoded. So this patch also removes an explicit encoding that is
done, which colides with Email::MIME implicit encoding.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adapts controller scripts that used sendmail. Also the syntax
for Koha::Email has changed and this patch adapts it.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a block to capture attempts to return items with
attached materials when checking in via the self checkout when the
relevant system preference is set.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch capitalizes the 'ADDITIONAL_MATERIALS' key in the
needsconfirm hash return value for CanBookBeIssued to restore
consistency with previous code and ensure SIP Checkout works as
expected.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan
1/ Enable the feature as per previous patches
2/ Attempt to return an item with materials attached via the SCI
3/ Note that the return is blocked with the message '(The item
cannot be returned at a self service terminal, please see library
staff for assistance)'
4/ Signoff
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan
1/ Enable the feature as per previous patches
2/ Attempt to checkout an item with materials attached via the SCO
3/ Note that the checkut is blocked with the message 'Item must be
issued at a circulation desk'
4/ Signoff
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Currently we apply weighting to all searches except advanced search. The theory
being that when selecting indexes we don't want to apply weights. When searching
in ES weights are only applied to relevant results so it doesn't matter.
i.e. if weighting author*100 but searching subject, a term matching the subject search in author
is not boosted.
Given this, we should always apply weights, unless the user wishes not to
To test:
1 - Set some weighting
2 - Do some searches
3 - Note your terms and results, try advanced and regular searches specifying indexes or not
4 - Apply patch
5 - Note that opac and staff advanced search have option to apply weights
6 - Compare searches after the patch to see how weighting affects, it should be beneficial or not at all
Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
0) Activate password reset in system preferences.
1) Initiate a password recovery.
2) Try to submit with an invalid password.
3) Confirm that validation occurs.
4) Try to submit with mismatching passwords.
5) Confirm that validation occurs.
6) Sign off.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Theoretical change. If somehow the search would return more than one result, the code is wrong.
The if test can be simplified: remove scalar and >0.
We should not pass @array to one param. It would theoretically add wrong items or
trigger an odd number warning. If it is only one, it is no problem. But it is buggy.
Test plan:
Pass an existing news_id to opac-main. Item visible?
And pass a not-existing. Error message?
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Currently, if you have OverduesBlockCirc set to "Ask for confirmation"
and OverduesBlockRenewing set to "allow renewing", you get caught
in a loop where you can never renew an overdue material.
This patch uses CanBookBeRenewed for renewals, rather than CanBookBeIssued,
which means the correct rules are applied to the correct scenario.
To test:
a. Set OverduesBlockCirc to "Ask for confirmation"
b. Ensure "OverduesBlockRenewing" set to "allow renewing"
0. Apply the patch
1. Checkin item barcode 3999900000001
2. Go to http://localhost:8081/cgi-bin/koha/circ/circulation.pl?borrowernumber=51
3. Checkout item barcode 3999900000001 to 1 year ago
4. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
5. Login as the "koha" user
6. Click on "Renew item"
7. Note that the item is renewed
8. Checkin item barcode 3999900000001
9. Go to http://localhost:8081/cgi-bin/koha/circ/circulation.pl?borrowernumber=51
10. Checkout item barcode 3999900000001 to 1 year ago
11. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
12. Login as the "koha" user
13. Type "3999900000001" into the box under "Scan a new item or enter its barcode"
14. Click "Submit"
15. Note the system says the item is already checked out and it prompts
you to click "Renew item" in this screen
16. Click "Renew item"
17. Note the system says "Item renewed" near the top of the screen, and the "Due"
date near the bottom of the screen is more recent than the original due date
18. Checkin item barcode 3999900000001
19. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
20. Login as the "koha" user
21. Type "3999900000001" into the box under "Scan a new item or enter its barcode"
22. Click "Submit"
23. Note the system says "Item checked out" and the item appears in the checkouts
at the bottom of the screen
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category
To test:
1. koha-shell kohadev
2. koha-mysql kohadev
3. drop database koha_kohadev;
4. create database koha_kohadev;
5. go to admin page and start webinstaller. There continue the steps until onboarding.
6. reach step 3 of onboarding and create a new administrator patron
CHECH => Password control woks as normal (Minimum length 3 and strong required)
7. finish Koha installation and enter admin with your new administrator
8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require”
9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password
10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2)
CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password.
CHECK => Try changing patron category before saving. Password requirements will change with category change.
11. Edit CAT1 and set minimum password length to 5
12. Go to patron1 details page, and change password.
CHECH => Now password minimum length is 5, but still it doesn’t require strong password
13. Edit CAT1, leave blank minimum password length and set require strong password to yes.
14. Go to patron1 details page, and change password.
CHECH => Password minimum length is back to 3, but now strong password is required
15. Set minimum password length in CAT2 to 12.
16. Go to patron2 details page, and click to fill a random generated password
CHECK => generated password should be 12 characters length
17. Set PatronSelfRegistration to Allow in admin settings
18. Go to OPAC and fill self registration from.
CHECK => Play with patron category. For each change in category, password requirements are modified.
CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input.
19. Create a patron for CAT1 and another for CAT2, leaving password blank
CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12
20. In admin set PatronSelfRegistrationVerifyByEmail to require
21. Fill self registration form again with CAT2 as category
CHECK => Password requirements works as previous case.
22. Leave password blank and click submit
23. select * from message_queue;
24. Copy the link in the message and paste it in OPAC
CHECH => Generated password is 12 characters long. (Copy user id for next steps)
25. In admin set OpacResetPassword to Allow
26. Go back to OPAC, reload and click on “Forgot password?” link
27. Paste user id and click submit
28. Repeat steps 23 and 24
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in warning.
29. Login OPAC with the last user and your newly created password
30. Go to “Change your password” option
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in below “New password” input.
31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t
32. Sign off
Sponsored-by: Northeast Kansas Library - NEKLS
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Additionally, only include renewable items in 'Renew all'
To test:
1 - Check out some items to a patron, ideally:
Some not renewable because set for auto renewal
Some not renewable because of holds
Some renewable
2 - Confirm 'Renew selected' and 'Renew all' show on the opac
3 - Click 'Renew all'
4 - You get errors about the non-renewable items?
5 - Check in all renewable items
6 - Confirm you still see renew buttons
7 - Apply patch
8 - Refresh and you shoudl not see renew buttons
9 - Check out a renewable item
10 - Click 'Renew all'
11 - Renewable item is renewed with no error
12 - Try again with 'Renew selected'
13 - Confirm it works as expected
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes opac-detail.pl query for analytics the same way it
would do with the generated link (i.e. based on UseControlNumber) and
passes a flag to the XSLT so it displays (or not) the 'Analytics' link.
To test:
1. Apply the first patch
2. Have a known record without analytics
3. Open the record in the OPAC
=> FAIL: It shows the 'Analytics' link
4. Have a record known to have analytics and open in OPAC, on a separate
tab
=> SUCCESS: It shows the 'Analytics' link
5. Apply this patch and restart_all
6. Reload the tabs
=> SUCCESS: It shows the link where it has to, and hides it where it
shouldn't be displayed
7. Sign off :-D
Sponsored-by: Orex Digital
Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It defaults to 0 in get_template_and_user
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Testplan for this patch:
1. Apply patch.
2. Make sure syspref "AutoApprovePatronProfileSettings" is set to "Disable".
3. Edit patron personal details via opac interface.
4. Expect modifications to require manual approval by staff via link on main page.
5. Set syspref "AutoApprovePatronProfileSettings" to "Enable".
6. Edit patron personal details via OPAC interface again.
7. Expect modifications to have been approved automatically.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
This works, we may want some different text for this situation in the OPAC, it still says the librarian has to approve the change.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch combines get_daily_quote and get_daily_quote_for_interface
methods and moves them from Koha::Quote to Koha::Quotes. Also removes
some unused code and adjusts datetime parsing.
To test apply this patch and confirm 'QuoteOfTheDay' syspref still
works as expected (quote is shown in correct mainpage(s)).
Also prove t/db_dependent/Koha/Quotes.t
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Set 'QuoteOfTheDay'-syspref to 'opac intranet' to allow displaying news in the
opac and the staff client.
Add 'commandline' to allow news in the commandline (where applicable)
Accepts all values accepted by the C4::Context->interface()
Test plan:
1. Set 'QuoteOfTheDay' syspref as 'intranet' or 'opac' or both
2. Check that quote is visible on both mainpages
Prove t/db_dependent/Koha/Quotes.t
Sponsored-by: Koha-Suomi Oy
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch moves subroutine 'GetDailyQuote' to new
Koha::Quote object and adjusts tests.
To test:
1. Set 'QuoteOfTheDay' as 'enable'
2. Check that quote is displayed on OPAC mainpage
Prove t/db_dependent/Koha/GetDailyQuote.t
Sponsored-by: Koha-Suomi Oy
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There are several calls in catalogue/detail.pl that can be removed:
GetMarcISBN, GetMarcAuthors, GetMarcSubjects, GetMarcSeries, GetMarcUrls and GetMarcHosts
They pass a variable to the template that is never used.
Test plan:
Confirm that this TT variable is never used.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The Google Transliterate API was deprecated on May 26, 2011. This patch
removes the feature and associated system preference.
To test, apply the patch and run the database update process.
- Go to Administration -> System preferences and search for
'GoogleIndicTransliteration.' There should be no results.
- Search the Koha codebase for references to
'GoogleIndicTransliteration.' There should be no current references..
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Output rss feed as text/xml
Test plan:
1) have books entered
2) log in create a list
3) add books to list
4) display list in OPAC
5) click the RSS link button.
-- output is displayed as html text
6) apply patch
7) repeat steps 4&5
-- output is displayed as xml tree
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the following plugin hooks:
- opac_results_xslt_variables
- opac_detail_xslt_variables
This hooks will inject variables returned by the plugin in the form of a
hashref, into the ones that are passed to the XSLT processing code.
To test:
1. Apply the 'DO NOT PUSH' commit
2. Install the Kitchensink plugin
3. Restart all
4. Search biblios in the OPAC
=> SUCCESS: A text is injected in front of the biblio title
5. Enter the detail page of any of the results
=> SUCCESS: A text is injected in front of the biblio title
6. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If a user to access a CSV profile that is not available at the OPAC we
should redirect to 404.
It will also handle undefined csv_profiles
For instance:
kohadev.mydnsname.org:8080/cgi-bin/koha/opac-downloadshelf.pl?shelfnumber=1&format=3
kohadev.mydnsname.org:8080/cgi-bin/koha/opac-downloadcart.pl?bib_list=1/2/&format=3
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch renames the introduced attribute for later usage on the API,
and changes the logic to use it the other way around.
It also adds a KEY for the flag, as it will be used in WHERE statements.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Update database
2) Update schema
3) In staff side, go to Tools -> CSV profiles
4) Make a CSV profile with profile type = MARC and usage = Export
records
5) Leave 'Show option in OPAC' unchecked and save
6) Go to OPAC and add an item to your cart
7) Click Cart, click Download, confirm that your newly created CSV
profile does not show as an option
8) Go back and edit CSV profile on staff side
9) Check the 'Show option in OPAC' checkbox and save
10) Go back to download cart in OPAC
11) Confirm the CSV profile now shows in the dropdown
Sponsored-by: Catalyst IT
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Note: The GetItemsInfo call is now suboptimal. Leaving it as-is
for now in the hope that item refactoring picks it up ;)
Test plan:
Test opac-detail via biblionumber (regular use).
Test opac-detail by passing an itemnumber in the URL:
/cgi-bin/koha/opac-detail?itemnumber=999
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
- Set 1+ patron's attribute(s) mandatory
- Use the self-registration feature and confirm that you cannot selfreg
if the attribute has no value (or empty string)
- Same with the modification form (logged in)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the "opac_option" parameter from opac-basket.pl. It
was included in Bug 25402 because the bug was dependent on 5087.
To test, apply the patch and add some items to the Cart in the OPAC.
Click the Cart button to show the cart. The pop-up window should load
correctly without errors.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a .perlcriticrc (copied from qa-test-tools) and fixes
almost all perlcrictic violations according to this .perlcriticrc
The remaining violations are silenced out by appending a '## no critic'
to the offending lines. They can still be seen by using the --force
option of perlcritic
This patch also modify t/00-testcritic.t to check all Perl files using
the new .perlcriticrc.
I'm not sure if this test script is still useful as it is now equivalent
to `perlcritic --quiet .` and it looks like it is much slower
(approximatively 5 times slower on my machine)
Test plan:
1. Run `perlcritic --quiet .` from the root directory. It should output
nothing
2. Run `perlcritic --quiet --force .`. It should output 7 errors (6
StringyEval, 1 BarewordFileHandles)
3. Run `TEST_QA=1 prove t/00-testcritic.t`
4. Read the patch. Check that all changes make sense and do not
introduce undesired behaviour
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Patron should be allowed to modify this setting without asking a staff
member.
The setting is not configurable and cannot be hidden via a syspref.
Test plan:
- Turn the pref TranslateNotices on
- Install some languages
- Edit your messaging settings at the OPAC
=> Notice the "Preferred language for notices" dropdown list
- Select one
=> Confirm that the value is saved in DB
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the process of downloading a cart so that it doesn't
involve a separate popup window.
To test, apply the patch and add some titles to the cart in the OPAC.
- Open the cart
- The "Download" button should now be a dropdown menu.
- Selecting any of the download options should trigger a download
prompt.
- Test with and without some CSV profiles which have been configured
for use in the OPAC
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If PatronSelfModificationBorrowerUnwantedField contains dateofbirth, all
patron self modification requests will attempt to set dateofbirth to
null instead of ignoring the field.
Test Plan:
1) Add dateofbirth to PatronSelfModificationBorrowerUnwantedField
2) Run a patron self modification
3) Note the request sets dateofbirth to null on the staff side
4) Apply this patch
5) Restart all the things!
6) Run another self-modification
7) Note of the staff side that dateofbirth is unaffected
Signed-off-by: Emmi Takkinen <emmi.takkinen@outlook.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If the pref TagsEnabled is off we should not display the tags at the
OPAC.
There is a message to tell that tags system is disabled, but the tags
are displayed.
We should redirect to 404 like we do in opac-topissues.pl and
opac-suggestions.pl.
Test plan:
- Turn TagsEnabled on
- Add some tags
- Turn TagsEnabled off
- Hit /cgi-bin/koha/opac-tags.pl
=> Without this patch you see a warning messaging saying that the tag
system is disabled, but the tags are displayed
=> With this patch you get a 404 redirect
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There is no need for all the conditions.
From Encode::encode POD:
"If the $string is undef, then undef is returned."
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The cart was outputing ISO2709 MARC records with Latin-1
encoding. Records containing non-latin1 characters were
automatically re-encoded as UTF-8 by browsers, which led to
inconsistent character encodings for downloaded MARC files.
This patch explicitly encodes ISO2709 MARC characters from
the cart download as UTF-8 encoded bytes, which resolves the problem.
Test Plan:
0) Don't apply patch
1) Create bib record with only ASCII characters
2) Add a ü character to the title
3) Save bib record
4) Download bib record from cart (opac and staff client)
5) Using xxd or some other program, note that the ü is
represented by a FC byte (latin-1 encoded)
6) Apply the patch
7) Download bib record from cart (opac and staff client)
8) Using xxd or some other program, note that the ü is
represented by C3 BC bytes (utf-8 encoded)
9) Success
(Note that you could potentially use Notepad++ or some other
program to open the downloaded file and just note the encoding
that it finds. You could also try "chardetect" instead. Lots
of options for figuring out the encoding.)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes use of the 'variables' parameter in XSLTParse4Display
method in the different places that it is used in the OPAC. It does by
passing this parameter with
anonymous_session => 1|0
The value will depend on the output from get_template_and_user (i.e. if
there's a returned borrowernumber).
A special case takes place in search results, as the call to
XSLTParse4Display happens in C4::Search::searchResults. So a new
parameter 'xslt_variables' is added to it.
To test:
1. Apply the [DO NOT PUSH] patch
2. Open the OPAC in your browser
3. Try detail pages, search results, tags and lists/shelves pages with
or without an active session
=> FAIL: It always says (somewhere) 'Anonymous session: Yes'
4. Apply this patch, restart_all
5. Repeat 3
=> SUCCESS: It will tell the Yes/No correctly regarding anonymous
sessions!
6. Sign off :-D
Sponsored-by: Universidad ORT Uruguay
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
1- View a record with Materials specified (field 3) data in the opac
2- Apply patch
3- Log in to staff client
4- Home->Administration->Column Settings->OPAC->holdingst
5- Set item_materials visibility
6- Refresh OPAC page
7- Confirm that the materials specified column has been added after the
Call number column.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds a script and a template for showing library information
pages in the OPAC. A "libraries" page lists all the libraries in the
system, linking to individual pages for each library showing more
information..
If there is only one library in the system the page shows all of that
library's information.
To test, apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to /cgi-bin/koha/opac-library.pl in the OPAC.
- Verify that all the correct information is displayed for the
libraries in your system.
- Verify that page title and breadcrumbs look correct.
- Click to view details for a library.
- The details page should show the full contents of
branches.opac_info
- A menu should show links to other libraries' detail pages.
EDIT: This revised patch adds a "Libraries" link to the links under the
search bar; Corrects encoding in the breadcrumb link; Makes the page
title more specific when viewing an individual library.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch modifies the OPAC comments system so that the biblio object
is passed to the template. This allows the biblio-title include to
properly access the title and subtitle information.
Unrelated change: Remove some custom CSS from the page which was
obsolete.
To test, apply the patch and make sure the "reviewson" preference is
enabled.
- Log in to the OPAC and open a bibliographic record's detail page.
- Under the "Comments" tab, click the "Post your comments" link to
trigger the pop-up window.
- In the pop-up window, verify that the item's title is correct in the
page title and the heading. Author should display correctly, if
present.
- Test submitting a comment and editing a comment. Everything should
work correctly.
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the ability for logged-in patrons to add star ratings to
titles in their list of current checkouts and on the reading history
page.
The reading history page previously only showed existing ratings. Now it
will allow the entry of ratings as well.
The JS and markup for the feature are in separate include files to
facilitate re-use. It includes markup for non-js display of ratings and
js-driven ratings controls.
To test, apply the patch and set the OpacStarRatings to all, "results,
details, and user" pages.
- Log in to the OPAC as a user with checkouts.
- On the "your summary" page, test the features of setting star
ratings:
- Any title with existing ratings should show the rating and the
average rating number.
- Set a rating. Confirm that it shows a message with your rating.
- Click the "cancel rating" link, and confirm that your rating is
removed.
- Set a rating and reload the page. Confirm that the rating was
saved.
- Test the "cancel rating" link on the title you set before you
reloaded the page. The rating should be cancelled.
- Test the same functionality on the "your reading history" page.
- Test these pages with the OpacStarRatings preference set to "only
details" or "no." The pages should function correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch cleans opac-showmarc.pl so it doesn't allow retrieving
records from import batches without requiring any permissions in the
OPAC.
it does so by just removing the code portion that does that.
It also cleans the record fetch operation and how the record processor
is initialized to it actually works :-D
To test:
1. Perform a successful Z39.50 search in cataloguing (this fetches 20
records usually)
2. Query your DB for a valid import_record_id:
$ koha-mysql kohadev
> SELECT * FROM import_records LIMIT 1;
3. Notice some of the MARCXML details (title, author, etc), and the
import_record_id
4. Point your browser to the opac-showmarc.pl URL like this:
http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?importid=20
=> FAIL: You get the record! (Bonus: no field/subfield takes place)
5. Hide some obvious subfield on the framework for a known (to you)
biblionumber
6. Point your browser to:
http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?id=<biblionumber_here>
=> FAIL: No filtering takes place
7. Apply this patch
8. Repeat 4
=> SUCCESS: You get an error because you did a bad request (no id param)
9. Repeat 6
=> SUCCESS: Subfield filtering actually works!
10. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1) update database, restart memcached/plack
2) Go to Administration -> System preferences -> OPAC tab. Enable the
new PatronSelfRegistrationConfirmEmail system preference. Enable other
required self registration sysprefs.
3) Go to the OPAC home page. (You may need to log out). Click the
'Register' link so you are redirected to the member entry form.
4) Notice the 'Confirm primary email' field after the 'primary email'
field. Put 'a@a.com' in primary email, and 'b@b.com' in the confirm
field. Scroll to the end of the form and Submit.
5) Confirm the form is not successfully submitted, and an error message
is shown to indicate the email addresses do not match.
6) Confirm you cannot cut, copy or paste in either the primary email or
confirm primary email fields. Confirm the right click menu doesn't work
in these fields.
7) Disable javascript in your browser.
8) Repeat steps 3 and 4.
9) Confirm there is an error message to indicate the email addresses do
not match.
10) Re-enable javascript. Fill in the form correctly with matching email
addresses and confirm it successfully submits.
11) Disable the PatronSelfRegistrationConfirmEmail syspref.
12) Attempt to register an account on the OPAC again. Confirm the
'confirm email address' field is gone and form works as expected.
13) Re-enable the PatronSelfRegistrationConfirmEmail syspref.
14) Log in to the OPAC and go to your personal details
15) Edit the primary email field
16) Confirm you are able to submit your changes (you should not see an
error about emails not matching).
Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: holly <hc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Highlight that we only need this for action="new"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes it so PatronSelfRegistrationLibraryList will only effect the registration from and not the modification form.
TO TEST:
1. Turn on self reg and add some libaries to PatronSelfRegistrationLibraryList.
2. Notice that the libaries that display in the borrower_branchcode dropdown are the ones you selected on both the new registration from and the modification form.
3. Apply patch.
4. Now only the new registration from should show libaries on PatronSelfRegistrationLibraryList.
5. The modifciation dropdown should still show all libraries.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The lack of parenthesis makes the condition evaluated wrong.
Test plan:
- confirm you have a branch with code X
- enter X in PatronSelfRegistrationLibraryList
- go to cgi-bin/koha/opac-memberentry.pl (either as a logged in patron or as a self-reg patron)
- confirm branch dropdown is not empty and contain X
- empty out PatronSelfRegistrationLibraryList
- reload cgi-bin/koha/opac-memberentry.pl and confirm branches show
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
1 - Apply this patch
2 - Run updatedatabase.pl
3 - By default the preferences are blank and do not limit.
4 - Set the limits to 3 in 30 days
5 - Go to purchase suggestion page from OPAC as a logged in patron
6 - Place 3 suggestions and confirm you cannot place any more
7 - Alter one of the suggestions to have been made more than 30 days ago
UPDATE suggestions SET suggesteddate = '2020-01-01' WHERE suggestionid=3;
8 - Confirm you can place another suggestion
9 - Log out of OPAC
10 - Make sure AnonSyggestions is set to 'Allow' and AnonymousPatron is set
11 - Confirm anonymous suggestions are not limited by the syspref
12 - Confirm that a blank value in either MaxTotalSuggestions or NumberOfSuggestionDays does not limit suggestions
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Rhonda Kuiper <rkuiper@roundrocktexas.gov>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We should use Koha::DateUtils instead of Date::Time directly
This patch simplay replaces calls to now() with a call to dt_from_string()
which does effectively the same thing.
Probably reading the code and verifying changes is sufficient but...
To test:
1 - confirm the files all compile
2 - confirm all tests pass
3 - confirm Koha still works
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch deals (hopefully) correctly with encoding and escaping chars.
It also remove OPACBaseURL from the url stored in DB, and readd is on
display, to avoid possible attacks.
Test plan:
Go to the authority search
fill term with something hacky
<script>alert('booh!')</script>And Ŝ♥m€ E★tr₳
Search
Click the "Report a problem" link
Fill the form and make sure the url is displayed correctly
submit
Check problem_reports.problempage in DB => Should be correctly displayed
Go to staff interface, "OPAC problem reports"
=> Confirm the link is correctly display
Click it
=> Confirm that you are at the OPAC, and the URL is correct
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
On commit 027051c938
Bug 22823: Rename method with ->inbound_email_address
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Use the get_effective_email from Koha::Library to get an appropriate
inbound address for the branch as aposed to using branchemail directly.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds support for using the reply-to field added in bug 10269
and drops 'from_address' as it will get defined at a later stage in the
emailing process anyway.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
As the feature is now turned off without KohaAdminEmailAddress, we only
need to check if the email address of the library if defined.
Not that we should not check for $library->branchreplyto or
ReplytoDefault, but only $library->branchemail, as we do everywhere else
(I think)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Cannot remember why exactly, but it seems that we should not use
HTTP_REFERER directly.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We usually do not specify the from_address on enqueuing the notice, but
when sending it (from _send_message_by_email). That way a) the code is
centralized (as we must use $patron->notice_email_address) and b) the
email used is the one that is in the DB when the letter is effectively
sent.
Here I guess you need to give it when the notice is enqueued as you want
to default to the koha admin address.
I do not think it's a good idea, we should not send an email with "from"
if not really sent by the user.
We have the borrowernumber anyway to know who filled the form.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
And make it a timestamp type column
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1) Apply patch, update database, rebuild schema file
2) Restart koha-common and memcached
3) Confirm that your user has an email address.
4) Confirm that your library does NOT have an email address.
5) Confirm that syspref KohaAdminEmailAddress and syspref ReplytoDefault are not filled. Enable the OPACReportProblem syspref.
6) Log into OPAC
7) Click the 'Report a problem' link at the bottom of whatever page
you're on
8) Notice that there is no form is and there is an error message alerting that reports cannot be submitted
9) Add an email address for your library (in either the email field or the replyto field). Refresh the OPAC problem report page. The form should now show, and the recipient field should say 'library'.
10) Complete the form and submit. Check the message_queue in the database and confirm the to_address is correct. Confirm there is a success message.
11) Add an email address for the syspref KohaAdminEmailAddress and refresh the OPAC problem report page again. The recipient field should now be a dropdown. Select the Koha Administrator option.
12) Complete the form and submit. Check the message_queue in the database and confirm the to_address is the value in KohaAdminEmailAddress. Confirm there is a success message.
13) Ensure all details in the message_queue are correct.
14) Log out of the OPAC
15) Click the Report a problem link again and confirm you are forced to log in
Sponsored-by: Catalyst IT
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the required infrastructure to enable ILL availability
plugins to intercept the request creation process and, using the
supplied metadata, search for and display possible relevant items from
whichever availability plugins are installed.
Currently three availability plugins exist:
z39.50 - Searches any number of the Koha instance's configured Z targets
https://github.com/PTFS-Europe/koha-plugin-ill-avail-z3950
EDS - Searches the EBSCO Discovery Service
https://github.com/PTFS-Europe/koha-plugin-ill-avail-eds
Unpaywall - Searches the Unpaywall API for possible open access versions
of the requested item
https://github.com/PTFS-Europe/koha-plugin-ill-avail-unpaywall
The Unpaywall plugin is intended to serve as a "reference" plugin as the
API it deals with is extremely simple
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@tudublin.ie>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs
against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses
in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24,
10.0.0, and so on.
To Test:
1. Apply the patch
2. Empty the 'ILS-DI:AuthorizedIPs' system preference
3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
3b. Note that the request is successful
4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including
your IP address (e.g. 192.168.1.0/24)
5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
5b. Note that the request is successful
6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include
your IP address (e.g. 1.1.1)
7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
7b. Note that your request is refused
8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values
(e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard 2018-03-16 10:47:47 UTC :
<<
I don't think the system preference adds any security. There are already multiple permissions required for working with plugins:
- Configure plugins
- Manage plugins ( install / uninstall )
- Use report plugins
- Use tool plugins
And even with those permissions your server must be configured to allow the use of plugins.
>>
Test plan :
1) Install kitchen sink plugin https://github.com/bywatersolutions/koha-plugin-kitchen-sink
2) Run misc/devel/install_plugins.pl
3) Set config enable_plugins=1
4) Check all parts of the plugin are working
5) Set config enable_plugins=0
6) Check all parts of the plugin are disabled
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds CSRF token support to opac-messaging.pl,
which allows users to manually update their messaging preferences,
but prevents bad actors from tricking people into updating their
preferences from cross-site requests.
Test plan:
0. Set SMSSendDriver global system preference to "Test" if unset
1. Log into the OPAC
2. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl?modify=yes
&1=email&digest=1&2-DAYS=5&2=email&digest=2&4=email&SMSnumber=0444444444
3. Observe that the preference and SMS number update
4. Apply the patch
5. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl?modify=yes
&1=email&digest=1&2-DAYS=5&2=email&digest=2&4=email&SMSnumber=0444444444
6. Observe that you get an error message of "Wrong CSRF token" instead
of the previous behaviour
7. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl
8. Update "Advance notice" to 3 and update "SMS number" to 61111111111
9. Observe that the "Advance notice" and "SMS number" fields update
correctly
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
