This patch restores the plack.middleware.Koha.CSRF plack env setting to
allow passing to the errorDocument.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Update the note for the BlockExpiredPatronOpacActions system preference to
make it clearer, and to follow the standard convention for notes.
Order of options for 'Block expired patron OPAC actions' when editing the
patron category changed to alpabetical order, to match the system preference
order.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
New can_patron_place_ill_in_opac method to include all rules
that need checking to determine if a patron is allowed
to place an ILL request on the OPAC or not.
Added effective_BlockExpiredPatronOpacActions_contains rule to
this new method.
Test plan, k-t-d,:
1) Install FreeForm and enable ILLmodule, run:
bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
1.5) Checkout FreeForm's reorganize_ILL branch:
cd /kohadevbox/koha/Koha/Illbackends/FreeForm
git checkout reorganize_ILL
koha-plack --restart kohadev
2) Edit a patron category, visit:
<staff_url>/cgi-bin/koha/admin/categories.pl
3) Set 'Placing an ILL request' for the "Block expired patrons" input config
4) Add a new patron of one of the above category, make sure this patron is expired (set an expirydate to the past).
5) Login as that user and visit ILL page in OPAC:
/cgi-bin/koha/opac-illrequests.pl
6) Confirm there is no "Create a new request" button
7) Access the create a new request page url directly:
<opac_url>/cgi-bin/koha/opac-illrequests.pl?op=add_form&backend=FreeForm
8) Confirm you get a 403 page
9) Set the 'Block expired actions' to "Follow system preference BlockExpiredPatronOpacActions"
10) Test different values of the BlockExpiredPatronOpacActions system preference and confirm the behaviour matches what's configured
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Access {staff_url}/api/v1/patron_categories and notice all is as expected
Update some patron category's blocked expired patron OPAC actions and access the endpoint again, notice it's okay.
Updated API tests to include to_api confirming attributes are rendered correctly:
prove t/db_dependent/api/v1/patron_categories
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This is a squash of several improvements:
- Override weird blue color being applied from MultipleSelect when all options from an optgroup are selected;
- Fix input width depending on selected value. Now it should always be same width regardless;
- Updated the system preference UI wording to reflect new behavior;
- Updated UI labels in the patron category edit page to enforce that the actions being selected are "actions to be blocked"
- Corrected sysprefs.sql entry
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Address new new version of system pref
Address new version of categories DB table BlockExpiredPatronOpacActions column
Test plan, k-t-d, BEFORE applying patch:
1) Edit some patron categories, visit:
/cgi-bin/koha/admin/categories.pl
2) Set different values for the "Block expired patrons" input config
Set a category to block
Set a category to don't block
Set a category to follow the syspref
3) Take note of the current value of the BlockExpiredPatronOpacActions sys pref
Apply patch, then run the following commands
- koha-plack --restart kohadev
- yarn css:build
- run updatedatabase
4) Visit the patron categories you edited before, make sure they all have the correct values for the new config type
5) Check the BlockExpiredPatronOpacActions sys pref and make sure the new value is correct according to what was before
6) Add a new patron of one of the above categories, test that:
If 'hold' is a blocked action, patron is unable to place a hold in OPAC
If 'renew' is a blocked action, patron is unable to renew in OPAC
If 'follow sys pref' is the option, check that a patron may place a hold or renew an item according to the BlockExpiredPatronOpacActions sys pref value
prove t/db_dependent/Circulation.t
prove t/db_dependent/ILSDI_Services.t
prove t/db_dependent/Koha/Object.t
prove t/db_dependent/Koha/Patron/Categories.t
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The sys pref now allows multipleselect values instead of YesNo
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Account for multiple values param
Input is now multipleselect select
JavaScript
Staff CSS updates to account for multiselect dropdown in categories admin page
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Check for 'renew' when appropriate
Check for 'hold' when appropriate
The following command must return nothing before this is pushed to
master:
git grep "\beffective_BlockExpiredPatronOpacActions\b"
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
effective_BlockExpiredPatronOpacActions
is now
effective_BlockExpiredPatronOpacActions_contains
This method has been updated to now consider an action param.
Returns true if the given action is to be blocked to expired
patrons or not.
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch fixes an error on the B_address2 field which sets it to be
required incorrectly
Test plan:
1) In PatronSelfRegistrationBorrowerMandatoryField, set B_address to be
required.
2) In the OPAC, navigate to the self registration form.
3) In the Alternate address section, fill in the Address field that you
have just set to be required. Ensure that you leave the Address 2
field blank.
4) Fill in all other required fields and submit the form, it should show
you that the Address 2 field is required, even though it shouldn't be
5) Apply patch
6) Refresh the page and repeat steps 1-5, it should allow youto submit
the form
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch fixes the ILL request table to display authors for journal article request types
Test plan:
1) Create an ILL request with the type of Journal Article and add an author in the Article author field
2) Click on the List requests button to see the table
3) The Author field should be blank for the request you created
4) Apply patch
5) Hard refresh the browser to reload the javascript
6) The author field should now be visible
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We keep OPEN when people still use log_file or setsid.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
My Koha testing docker SIP started dying repeatedly after launch. After investigation, I
found it was a problem with logging and default ports.
In D12 there is no syslog anymore, everythign uses journal. Four our purposes, lets log SIP issues
to sip.log by default
Attaching a patch to clear things up.
To test:
1 - Open KTD/D12
2 - tail -f /var/log/koha/kohadev/*.log
3 - On another terminal 'restart_all'
4 - Wait a bit, notice SIP dying
5 - Apply patch
6 - Update SIPconfig:
server-params:
log_file='/var/log/koha/kohadev/sip.log'
service with port 8023:
port="127.0.0.1:8023/tcp"
7 - Restart all
8 - Confirm SIP no longer dies
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Certain configurations of MySQL will not allow a column to be changed
from nullable to non-nullable if the column has a foreign key constraint.
Add the foreign key constraint last to avoid issues from this.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds a series of fallthroughs to ensure pickup_library_id is
always set prior to adding the NOT NULL constraint.
We initially only looked at items.homebranch but as that's a nullable
field itself, we now look at items.holdingbranch before finally
defaulting to the first available branch in the branches table in the
worst case.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1. Have a patron with some checkouts, holds, and charges that can login into the SCO module.
2. To go sco-main.pl and login
3. Try changing tabs and notice the console error:
dataTables is not defined
4. APPLY PATCH
5. Try again, there should be no error.
6. Make sure you can switch the tabs without any issues.
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Thomas Klausner <domm@plix.at>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
With ES and QueryAutoTruncate on, a search with punctuation surrounded
by spaces (like ISBD punctuation copied from other catalogue or
bibliography) returns no results. E.g.: in a search for "Maria Stuart ;
Die Jungfrau von Orleans / Schiller" (coded in record as 245 10 $a Maria
Stuart ; $b Die Jungfrau von Orleans / $c Schiller) -- both semicolon
and slash cause problems. One had to remove them manually to get
results which is not what is desired.
Test plan
=========
1. Use ktd with Elasticsearch and ktd's test data
(http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=1):
2. Make a search for the first ISBD zone taken verbatim from the first record:
E Street shuffle : the glory days of Bruce Springsteen & the E Street Band / Clinton Heylin
There should be no result.
3. Apply teh patch, restart plack.
4. Repeat the search. You should get the record (and onother one).
Sponsored-by: Ignatianum University in Cracow
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Thomas Klausner <domm@plix.at>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Looking at the template, for every section after the main rules block we loop over categories or itemtypes, and lookup the value for each rule name.
In systems with large numbers of categories and item types this becomes very slow.
In the rules section, we have already built a hash of rules by category and itemtype - we should continue to use this throughout the page.
Test Plan:
1) Apply this patch
2) For each rule section, create and delete a rule
3) No change in behavior should be noted!
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
1. Make sure AutoSelfCheckAllowed is Allowed and AutoSelfCheckID and AutoSelfCheckPass are in use.
2. Make sure AnonymousPatron is pointed to an account.
3. Set SelfCheckoutByLogin to cardnumber.
4. Verify that if you go to the anonymous patron account in the staff interface, you cannot checkout items.
5. Go to the selfcheck path of the library. It should auto login. Put in the cardnumber for the anonymous user.
6. Proceed to check out items!
7. APPLY PATCH, restart_all
8. Try step 5 again, you should not be able to log in as the AnonymousPatron. Instead you should be redirected to OPAC home page
9. Switch SelfCheckoutByLogin to 'username and pasword'.
10. Again try to log in as the AnonymousPatron, you should not be able to.
11. Make sure you can login as a regular patron when SelfCheckoutByLogin is set to 'cardnumber' and when it is set to 'username and pasword'.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When implemented, the keyboard shortcuts could not use the system clipboard so
Citrl-C was mapped to use the editor clipboard. As this now works with the system clipboard
we should allow standard functionality and remap the Koha shortcut.
This will not affect existing installations, however, they can modify the keyboard shortcut if they
wish by visting:
Administration->Keyboard shortcuts
or
Clicking the 'Redefine shortcuts' link under 'Keyboard shortcuts' in the advanced editor.
To test:
1 - Apply this patch
2 - Reset all
3 - Confirm Ctrl-Alt-C is the command to 'Copy current field' in Keyboard shortcuts in the advanced editor
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When you try to dislpay a bibliographic record on unimarc that has subjects
linked with authorities then only the $9 is displayed as link instead of the
content of $a and it's subdivisions, if any.
To test:
1) You will need to have a bibliographic record with at least one subject
autority connected in unimarc framework.
2) View that record on OPAC on detail display. The subject will display as
a number ( $9 ) and you cannot see the text/term of the subject ( $a )
3) Apply patch
4) Repeat step 2
5) The subject display in a normal way based on content $a - or more subfields
Sponsored-by: National Library of Greece
Signed-off-by: David Nind <david@davidnind.com>
Bug 29539: (follow-up) remove tag_onesubject template
Also:
Restores the <span class="value">
Replaces "not(position()=last())" with the more used "position() != last()"
Removes unecessary change in <xsl:param name="spanclass" />
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The OPAC discharge page used a link with a GET parameter, but the script
expects a POST request. This patch converts the link to a form with CSRF
token included.
To test, apply the patch and enable the useDischarge system preference
if necessary.
- Log in to the OPAC as a user with no checkouts or outstanding fees.
- Click the "Ask for discharge" tab in the sidebar of the user summary
page.
- Click the "Ask for a discharge" button.
- You should be redirected to a page that says "Your discharge request
has been sent."
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This check is required because when the existing_statuses method checks for the existing status_alias, it'll leave out the status from the query, so the status will be NULL for those particular query results when calling strings_map, throwing a warning
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Because its highly likely that at least one request will have status_alias null in the database, the select MAX query will always return at least one result with NULL status_alias, throwing a warning, so we skip that
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
I'm not 100% happy with this but I'm out of ideas.
I think the problem warning happens because there is no method status or status_alias directly defined in Object.pm so it tries to define it, but it has already been defined by AUTOLOAD previously.
Test plan:
prove t/db_dependent/Koha/Illbackend.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
QA tests were failing for tidyness so this patch addresses that
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This change improves the mechanism for preventing the CSRF middleware
being activated by ErrorDocument subrequests.
This change was necessary due to a subtle issue identified by
Bug 37041.
Test plan:
0. Apply the patch
1. Restart Koha
koha-plack --restart kohadev
2. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=9908
3. Log in
4. Note that you get a pretty 403 and not an ugly plain text error
5. Go to http://localhost:8081
6. Fill in the login details, but use the HTML inspector to delete
the csrf_token from the hidden inputs
7. Submit the login
8. Note a pretty 403 page
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The update wasn't checking for index pre-existance and as such could
fail in certain cases.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patches removes the "cud-" prefix from the "delete_confirm"
parameter check in Library EAN management. The confirm step is a GET
operation.
To test, apply the patch and restart services;
- Go to Administration -> Library EANs.
- Add an entry if necessary, then click "Delete."
- You should be taken to a confirmation page: "Confirm deletion of
EAN..."
- Confirm deletion and verify that the EAN was deleted.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Removed extraneous sort_1 data elements
Update selectors to use field names for statistics field
Updated code to set the value after finding the correct selector
To test:
* Make sure you have at least 2 funds with different stat settings, using AV and not
* Create a basket with an order line
* Close it and receive shipment
* Create an invoice and receive the order line
* Finish receiving
* Click "Modify fund"
* Switch fund, verify the stat fields are updated accordingly
* Change values for statistical values
* Update fund
* Edit fund again, pull downs are correct
* Change values in form and close, do not update
* Click 'Modify fund' - confrim form is filled with the saved values
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Some file tidying to pass the QA tests
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Before this patch if a record had a 751 and a 781 you could have fields repeated.
This patch reduces the scope of the fields to subdivision variable as it is only used in processing 7xx
fields and should not be shared between fields.
I also add unit tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Currently when searching for a geographic authority record the search will fail if the record has a heading in a 78X field. The system tries to do a regex match against an undefined variable causing an error. This patch makes that regex match conditional on the variable being defined to allow the search to succeed.
Test plan:
1) Navigate to Authorities
2) In the search bar at the top of the page, click on the dropdown options and in the 'Authority type' field, select 'Geographic Name'
3) Click search
4) You should have a list of authorities
5) Click on any authority record and then click edit and select to edit the record
6) Click on the "7" button
7) Click on the green text next to the '781' field to get the list of fields
8) In field 'v' enter any string you like
9) Click save
10) Repeat steps 1-3, this time it should display an error message for an Unmatched [ in regex
11) Apply patch
12) restart_all
13) Refresh the page, the results should show and the string you entered in the 'v' field should display on the record you edited
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
