Somewhere the line undef $userid got removed.
We need it to resolve the second login situation.
Test plan:
Login in staff with user missing privileges.
On the login form login again with another staff user.
Note that you do no longer crash.
Run t/db../Auth.t
Run t/db../Koha/Auth/TwoFactorAuth.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
No change in user experience. But since we can mock safe_exit,
we can enhance test results.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1 - Edit an item record to have a blank date accessioned
2 - Save the record as marcxml from the detail page
3 - Edit the item to have an accession date
4 - Stage and import the file - matching in KohaBiblio and replacing items
5 - Import the file
6 - Confirm the date accessioned is cleared
7 - Apply patch
8 - Provide an accession date for the item
9 - Stage and import the file again
10 - Confirm the date remained
11 - Edit the item to remove the date
12 - Confirm you can manually blank the field
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch joins authority queries together with OR like Elasticsearch.
To the best of the author's knowledge, this code only gets triggered
when using record matching rules, but there may be other situations
where it's used.
Authority search in cataloguing plugins use a different path, and
authority search in authority home doesn't allow multiple queries,
so they'll never trigger this OR joining of queries.
Test plan:
0. Apply patch and koha-plack --restart kohadev
1. Create a record matching rule with the following:
Matching rule code: NID
Description: NormdatenID
Match threshold: 100
Record type: Authority record
Search index: Any
Score: 101
Tag: 035
Subfields: a
Offset: 0
Length: 0
Normalization rule: None
Click "Remove this match check"
2. Stage gnd.xml (from BZ 20596 attachments)
- Choose "MARCXML" for "Format"
- Choose "Authority" for "Record type"
- Choose "NID" for "Record matching rule"
- Click "Stage for import"
3. Note the job gets to "100% Finished"
(Before this patch, it would say "0% Failed")
4. View the batch
5. Import the record
6. Repeat steps 2-4 and note that the record matching rule
worked
7. Go to http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl
8. Search for "e"
9. Note that the search works
10. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?frameworkcode=
11. Click tab 6
12. Click on the tag editor next to "a Personal Name"
13. Type "e" into each box and click "Search"
14. Note that the search works
Signed-off-by: Jan Kissig <jan.kissig@th-wildau.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
update_queue_for_biblio currently
1 - gets the holds on a bib
2 - gets the items available to fill any holds
3 - combines these to build the queue, exiting if there are no holds or items
If there are no holds at step 1, we don't need to do step 2 or 3
This patch simply deletes the queue for this biblio, then exits if there are no holds
To test:
prove -v t/db_dependent/Reserves.t t/db_dependent/Koha/Item.t t/db_dependent/Koha/Hold.t t/db_dependent/Koha/BackgroundJobs/BatchDeleteItem.t t/db_dependent/Koha/BackgroundJobs/BatchDeleteBiblio.t t/db_dependent/HoldsQueue.t t/db_dependent/Circulation_holdsqueue.t t/db_dependent/Biblio_holdsqueue.t t/db_dependent/Biblio.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes a security breach in C4::Auth::check_api_auth introduced by bug 31378, where when someone called an api with the parameters userid and auth_client_login, check_api_auth would automatically asume the user calling was that userid.
This patch also introduces C4::Auth::create_basic_session(), a function that creates a session and adds the minimum basic parameters.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When one tries to check out item which has hold in it,
"Please confirm checkout" message uses patrons home library
instead of holds pick up library. It would be more logical
to use latter here.
To test:
1. Find record with holds.
2. For first priority hold, change it's pick up library to differ from patrons homebranch if needed.
3. Check out records item for a different patron.
=> Note that notice reads: "Item ... has been on hold for ... at [patrons homebranch] since ...".
4. Apply this patch.
5. Repeat steps 2 and 3.
=> Notice should now read: "Item ... has been on hold for ... at [holds pick up branch] since ...".
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Axelle Clarisse <axelle.clarisse@univ-amu.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We should not write:
if ($kwfield != undef) {
Test plan:
Pick record with UTF8 chars.
Download via cart or shelf in RIS format.
Check your logs.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lukasz Koszyk <lukasz.koszyk@kit.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Rebecca Coert <rcoert@arlingtonva.us>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Rebecca Coert <rcoert@arlingtonva.us>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Rebecca Coert <rcoert@arlingtonva.us>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Rebecca Coert <rcoert@arlingtonva.us>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Also removes commented out Data::Dumper.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1) Create a few new tags to any biblio by visiting the biblio's detail
page on OPAC
2) The visit http://localhost:8080/cgi-bin/koha/opac-tags.pl and try
deleting those tags.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It has been moved to a Koha object.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If not counting patrons holds, found or unfound, we no longer need this option
introduced by bug 28078
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes three changes:
1 - The borrower's own holds are not counted towards HighHolds limit
2 - We exclude all hold counts from CanItemBeReserved
3 - Static mode should only decrease hold when over the decreaseLoanHighHoldsValue, not when equal
Previously a patron's hold could put the count over the threshhold, and
if the patron is only allowed 1 hold per record, and the hold wasn't found before
the checkout, it would make all items unholdable, thus lowering the theshhold for
dynamic HighHolds
To test:
1 - Set sysaprefs:
decreaseLoanHighHolds - enable
decreaseLoanHighHoldsDuration - 1
decreaseLoanHighHoldsValue - 1
decreaseLoanHighHoldsControl - "over the number of holdable items on the record" / dynamic
decreaseLoanHighHoldsIgnoreStatuses - blank
2 - Set circ rules to allow 1 hold per record and loan period of 5
3 - Find/create a record with 3 items
4 - Place a title level hold for two different patrons
5 - Attempt to checkout item - note warning about high holds
6 - Cancel checkout
7 - Set decreaseLoanHighHoldsControl - "on the record" / static
8 - Attempt checkout - note warning about high holds
9 - Apply patch
10 - Checkout item - no warning
11 - checkin item, replace hold
12 - Set decreaseLoanHighHoldsControl - "over the number of holdable items on the record" / dynamic
13 - Checkout item - no warning
14 - prove t/db_dependent/DecreaseLoanHighHolds.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The TooMany() function and fine calculation functions were incorrectly
hard coded to use homebranch for fetching the circulation rules. Those
ignored completely the syspref HomeOrHoldingBranch where the user
might have set it to holdingbranch and therefore the fines and whether
patron has too many checkouts (TooMany()) were counted using the
unintended branch's rules. This problem only arises in the cases where
there are branch specific circulation rules defined.
Test plan:
1. Make sure following tests pass:
$ prove t/db_dependent/Circulation/_CalculateAndUpdateFine.t
$ prove t/db_dependent/Circulation/TooMany.t
Test plan for fines.pl:
1. Add branch specific fine rules for branches A and B. A having a
fine of 1 per day and B having a fine of 0 per day.
2. Set sysprefs:
CircControl = the library the items is from
finesMode = Calculate and charge
HomeOrHoldingBranch = holdingbranch
3. Create an item with home and holding branch of A
4. Checkout the item with a due date in the past (the past due date can be
specified by clicking "Checkout settings" in the checkout page) and
make sure the branch you are checking from is B.
5. Run perl /usr/share/koha/bin/cronjobs/fines.pl
6. Notice that fines have popped up now to the patron incorrectly
7. Apply patch
8. Pay fines, Check-in the item and check it out again
9. Run perl /usr/share/koha/bin/cronjobs/fines.pl
10. Notice that fine is now 0. This means that the branch
B (holdingbranch of the checked-out item) specific rule is used.
Test plan for staticfines.pl:
1. Add branch specific fine rules for branches A and B. A having a
fine of 1 per day and B having a fine of 0 per day.
2. Set sysprefs:
CircControl = the library the items is from
finesMode = Calculate and charge
HomeOrHoldingBranch = holdingbranch
3. Create an item with homebranch A and holding branch of A
4. Checkout the item with a due date in the past (the past due date can be
specified by clicking "Checkout settings" in the checkout page) and
make sure the branch you are checking from is B.
5. Run perl staticfines.pl --library A --library B --category <PATRONS_CATEGORYCODE>
and notice that now there is inccorectly fines
6. Apply patch
7. Pay fines, Check-in the item and check it out again
8. Run perl staticfines.pl --library A --library B --category <PATRONS_CATEGORYCODE>
and notice the fines are now not generated
Rebased-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Petro Vashchuk <stalkernoid@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Without this patch:
1. Set the syspref TwoFactorAuthentication (enforce or enabled)
2. Configure 2FA for a patron
3. Logout
4. Authenticate but don't enter the 2FA code
5. Switch off the syspref (disabled) [via another browser or so]
6. Patron is stuck on the [original] login screen. [Only removing
the session cookie would resolve it.]
With this patch:
1. Follow the steps above again. But note that you can refresh
your browser window to get in now.
2. Verify that Auth.t passes now too.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch ensures HoldFeeMode is considered when displaying a message
to patrons on the OPAC that says they'll be charged a hold fee when
placing or collecting the hold.
When HoldFeeMode is set to not_always or "only if all items are checked
out and the record has at least one hold already" then the hold fee
message should only show if all items on the record are checked out, AND
the record has at least one hold already - both of these conditions must
be met.
To test:
1. Go to Administration -> Patron categories
2. Edit your patron category and give a hold fee of $1.
3. Go to Administration -> System preferences and search for
HoldFeeMode. Set to 'only if all items are checked out and the record
has at least one hold already' if not already set. Keep this tab open.
4. In another tab, open the OPAC.
5. Search the OPAC for a record with one item which is NOT checked out.
6. Go to place a hold on this record. Confirm you see a message saying
that you will be charged a hold fee, even though not all items are
checked out and the record does not have a hold --> This is the bug.
7. Apply patch and restart services.
Items available, no holds placed
8. Repeat steps 5-6. This time, you should NOT see the hold fee message.
Items available, holds placed
9. In your staff interface tab, find the same record.
10. Place a hold for a different patron on this record.
11. In your OPAC tab, find this record again and go to place a hold. You
should NOT see the hold fee message.
No items available, no holds placed
12. In your staff interface tab, cancel the hold placed on this record.
13. Check out the item to a different patron.
14. In your OPAC tab, find this record again and go to place a hold. You
should NOT see the hold fee message.
No items available, holds placed
15. In your staff interface tab, keep the item checked out to another
patron.
16. Place a hold for a third patron on this record.
17. In your OPAC tab, find this record again and go to place a hold. You
SHOULD see the hold fee message.
Multiple holds
18. Search the OPAC for a record. Make sure your search will return more
than one result, including our test record.
19. Check the checkbox for our test record, plus another record where
the item is not checked out.
20. Click the Place hold button to place holds on all of our selected
records. You should only see the hold fee message above our test record.
21. In your staff interface tab, test setting HoldFeeMode to the other
values and confirm the hold message shows on the OPAC as expected.
22. Confirm tests pass t/db_dependent/Reserves/GetReserveFee.t
Sponsored-by: Horowhenua Libraries Trust
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This can be used to instruct staff how the item should handled when
it's checked in. For example items notforloan status has been
changed as "Invoiced item" while item has been on loan. When it's
checked in staff sees that they should put item aside for further
processing.
To test:
1. Apply patch and update database if needed
2. Set items notforloan status as -1 (or create new one)
3. Add line "-1: ONLYMESSAGE" to UpdateNotForLoanStatusOnCheckin
4. Check item out for patron.
5. Check item in.
=> Description of notforloan status should be displayed.
=> Confirm notforloan status hasn't changed.
Also prove t/db_dependent/Circulation/issue.t
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This enhancement gives the ability to set a policy for the lost item
processing fee that may get charged additional to the lost item
replacement cost. The processing fee can be:
- refunded
- refunded if unpaid
- kept
To test:
Set-up
1. Find an item, Item A. Go to Administration -> Item types and edit the
item type for Item A. Add a default replacement cost and a processing
fee and Save.
2. Go to Administration -> system preferences and set the following:
- WhenLostChargeReplacementFee: Charge
- BlockReturnOfLostItems: Don't block
3. Scroll down to the default lost item fee refund on return policy. Set
the refund lost item replacement fee policy to 'refund lost item charge'.
4. Edit Item A and set a replacement cost.
Reproduce
5. Check out Item A to Patron A.
6. Click the barcode to view Item A's information. Edit Item A and set
the Lost status to 'lost'.
7. Go back to Patron A's checkouts. The item should now be checked in
with two new charges applied - a lost item fee (the item's replacement
cost) and a lost item processing fee (set in item types).
8. Check in Item A to mark it as found.
9. Go back to Patron A's account. Notice the lost item fee has been
refunded, but the processing fee remains.
10. Manually pay or write off the processing fee. This enhancement
removes the need for this manual step.
11. Apply the patch and restart services
Test with lost item - refund
12. Go to Administration -> circulation and fines rules. Scroll down to
the default lost item fee refund on return policy. Notice there is now a
refund lost item processing fee policy. Set this to 'refund lost item
processing charge'.
13. Repeat steps 6 to 9.
14. Go back to Patron A's account. Both the lost item fee and processing
fee should have been refunded.
15. Repeat steps 6 to 8 (do not check it yet).
16. Go back to Patron A's account. Pay the processing fee.
17. Repeat step 9.
18. Go back to Patron A's account. Both the lost item fee and processing
fee should have been refunded (you'll now be in a credit because the
paid processing fee was also refunded).
Test with lost item - refund_unpaid
19. Go to Administration -> circulation and fines rules. Scroll down to
the default lost item fee refund on return policy. Notice there is now a
refund lost item processing fee policy. Set this to 'refund lost item
processing charge (only if unpaid)'.
20. Repeat steps 6 to 9.
21. Go back to Patron A's account. Both the lost item fee and processing
fee should have been refunded.
22. Repeat steps 16 to 19.
23. Go back to Patron A's account. The lost item fee should have been
refunded but not the processing fee, as this was already paid.
Test with lost item - leave
24. Go to Administration -> circulation and fines rules. Scroll down to
the default lost item fee refund on return policy. Notice there is now a
refund lost item processing fee policy. Set this to 'leave lost item
processing charge'.
25. Repeat steps 6 to 9.
26. Go back to Patron A's account. The lost item fee and processing fee
should have been refunded but not the processing fee.
Other tests
27. Confirm tests pass
- t/db_dependent/Koha/Item.t
- t/db_dependent/Koha/CirculationRules.t
Sponsored-by: Auckland University of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Add some page under Additional contents.
Enforce GDPR policy.
Test with user that has no consent (yet or anymore).
Check if you can reach additional contents with opac-page.pl.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The test
$MARCfrom->field('1..', '2..'))[0]->tag ne ($MARCto->field('1..', '2..'))[0]->tag
is not completely consistent with following code in sub merge.
I decided to get the authtype code from the old record that comes
from Koha and should include the type.
Remaining changes refer to indentation/comments.
Test plan:
Run t/db_dependent/Authority/Merge.t
Note: The test actually could be extended a bit for mocking MARC
flavor, but needs some additional framework support to work.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In those rare cases when authorities are updated by an external agency (or
even internally, by reviewing and correcting an exported authority file)
when the heading tag will be changed (seems odd but happens:
111 Congress ==> 110 Corporate body.Congress ;
100 Person ==> 110 Corporate body (a company named with person's name ;
151 City--object ==> 150 Object (city) etc.)
and then the authority record in Koha database will be updated with
bulkmarcimport or by calling directly ModAuthority from a custom script,
the merge function "doesn't know" that the change to the authority type
has been made and, consequently, doesn't adequately change the tag in
related fields in biblio records (as it would if two different records
with different authtypecode were merged with Koha interface).
This is because at the moment when merge function is being called
by ModAuthority:
Koha::Authority::Types->find($autfrom->authtypecode)
Koha::Authority::Types->find($authto->authtypecode)
both have the same value (because $mergefrom == $mergeto).
Therefore in case when $mergefrom == $mergeto and the heading tag changes,
$authtypefrom and $authfrom calculated in merge in the ordinar way are
misleading and should not be taken unto consideration.
Test plan:
==========
1. run t/db_dependent/Authority/Merge.t
2. you should see problems in "Test update A with modified heading tag
(changing authtype)"
3. apply the patch
4. run t/db_dependent/Authority/Merge.t again
5. the test should pass
Alternatively:
1. have an authority record used in biblio;
export it to file;
change 1XX heading tag to a different (but reasonable) value
and possibly change also the content of the heading
(one can delete also 942 but it doesn't matter);
make bulkmarcimport.pl -a -update -file <modified_auth_file> and
see that the tag in biblio record has not been changed (whereas
the type of authority record did change);
2. make orders in database (so that the authority type and the tag of
the field in biblio record correspond); apply the patch;
3. repeat the test from 1.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds support for searching additional_fields when retrieving
invoices using C4::Acquisition::Invoices.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Acquisition.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Sponsored-by: The Research University in the Helmholtz Association (KIT)
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If we do not clear this session, the first login directly after setup
does not really enhances user experience ;)
Test plan:
Make sure 2FA is enforced.
Test the above. Disable your 2FA, logout and login.
Verify that you can access pages with this patch now. Without this
patch you could not.
Run these tests to provide more confidence:
t/db_dependent/Auth.t
t/db_dependent/api/v1/two_factor_auth.t
t/db_dependent/Koha/Auth/TwoFactorAuth.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Resolves:
Use of uninitialized value $request_method in string eq at /usr/share/koha/C4/Auth.pm line 1122.
Use of uninitialized value $return in numeric gt (>) at /usr/share/koha/C4/Auth.pm line 1155.
We also remove the double logout from Auth.t
Test plan:
Run t/db_dependent/Auth.t
Check if you do not see the warns anymore.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 28786 added the ability to turn on a two-factor authentication,
using a One Time Password (OTP).
Once enabled on the system, librarian had the choice to enable or
disable it for themselves.
For security reason an administrator could decide to force the
librarians to use this second authentication step.
This patch adds a third option to the existing syspref, 'Enforced', for
that purpose.
QA notes: the code we had in the members/two_factor_auth.pl controller
has been moved to REST API controller methods (with their tests and
swagger specs), for reusability reason. Code from template has been
moved to an include file for the same reason.
Test plan:
A. Regression tests
As we modified the code we need first to confirm the existing features
are still working as expected.
1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to
enable and access the second authentication step
2. Turn it on (enabled) and confirm that you are able to enable it in your account
3. Logout and confirm then that you are able to login into Koha
B. The new option
1. Set the pref to "enforced"
2. You are not logged out, logged in users stay logged in
3. Pick a user that does not have 2FA setup, login
4. Notice the new screen (UI is a bit ugly, suggestions welcomed)
5. Try to access Koha without enabling 2FA, you shouldn't be able to
access any pages
6. Setup 2FA and confirm that you are redirected to the login screen
7. Login, send the correct pin code
=> You are fully logged in!
Note that at 6 we could redirect to the mainpage, without the need to
login again, but I think it's preferable to reduce the change to
C4::Auth. If it's considered mandatory by QA I could have a look on
another bug report.
Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We need to replace 0 with 'disabled', and 1 with 'enabled'
Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch alters the code in the ES QueryBuilder. Reflecting
how things are handled in build_query_compat we clean the query,
but not the limits. In Zebra we simply recursivly call buildQuery,
but the ES query structure
This patchset adds a new ability to save searches on the staff client, and display them in the results
page on staff or opac as a new filter.
New filters can be added from the results page after a search, and there is an admin page for updating
deleting and renaming filters
There is a new permission to control management of these filters
New filters can be added that are not displayed along with facets, this allows for building custom links
using these filters to keep URLs shorter
Due to bug 30528 testing in ES is recommended
To test:
1 - Apply patches and update database and restart all
2 - Enable new system preference 'SavedSearchFilters'
3 - As superlibrarian perform a search in staff client, something broad like 'a'
4 - Note new 'Save search as filter' link on results page
5 - Click it, save search as new filter, check 'Staff client' visibility
6 - Perform another search
7 - Note the filter now appears above facets
8 - Click to it filter results
9 - Note results are limited by the new filter, and it is checked in the facets
10 - Confirm click the [x] removes the filter
11 - Go to administration->search filters
12 - Confirm the filter appears
13 - Edit and mark as OPAC visible
14 - Test OPAC to ensure it shows and can be applied/removed
15 - Copy URL with filter applied
16 - In adminsitration mark filter as not visible on staff or opac
17 - Confirm link above still works
18 - Create a new staff with catalogue and search filters permission
19 - Ensure they can access/save filters
20 - Remove filter permission and ensure they cannot
21 - Disable system preference
22 - Confirm links to search filters page are removed from admin home and admin sidebar
23 - Confirm filters do not appear on results and cannot be created
24 - Enable pref
25 - Create a filter
26 - From search filters page, click 'Edit search'
27 - Confirm you are taken to advanced search page letting you know which filter you are editing
28 - Confirm you can change searhc options and save
29 - Confirm you can perform the search from this page
Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/]
Signed-off-by: Michal Urban <michalurban177@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates the query building code to expand filters when searching
and pass them back as part of the cgi and descriptive search strings
Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Previous patch added interface parameter passed on each call. There was an
existing one that 'guessed' - this patch removes that
Fixes missing comma
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patchset adds an 'interface' parameter to XSLTParseForDisplay to avoid fetching
coins when not needed
Additionally we move some logic from the scripts to searchResults to avoid an extra fetch fo the biblio object
To test:
1 - Enable COinSinOPACResults syspref
2 - Also enable OPACShowOpenURL and OPACOpenURLItemTypes - adding an itemtype that you can find
3 - Perform a search on the OPAC and confirm coins are included and openurl shown
4 - Perform a search on staff client and confirm openurls do not show
5 - Apply patch
6 - Results should be the same
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It can be useful to know exactly what template was used to generate a notice. To this end, it would be useful to store the letter id as a foreign key in the message queue table.
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Restart all the things!
4) Run an action that will send a notice to a patron
5) Note the letter id is now in the message_queue table for that notice!
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
1) Apply this patch
2) Run updatedatabase.pl
3) Verify CircControlReturnsBranch is set to home library by default
4) Set a Return policy for Branch A to "Item returns home" ( homebranch )
5) Set a Return polity for Branch B to "Item returns to issuing library" ( holdingbranch )
6) Set a Return polity for Branch C to "Item floats" ( noreturn )
7) Create an item with homebranch of Branch A, holding branch of branch B
8) Log in as Branch C
9) Set CircControlReturnsBranch to "the library the item is currently held by"
10) Check the item in, note it should be returned to the holding library
11) Set CircControlReturnsBranch to "the library the item is owned by"
12) Check the item in, note it should be returned to the home library
13) Set CircControlReturnsBranch to "the library you are logged in at"
14) Check the item in, note it should float
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It would be nice to be able to combine several types in a single run,
but exclude others, without having to have multiple cron lines
Test Plan:
1) Apply this patch
2) Run process_message_queue.pl with a single -c parameter
3) Note behavior is unchanged
4) Run process_message_queue.pl with multiple -c parameters
5) Note all the codes specified are processed
6) Repeat 2-5 with -t for type limits
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Koha::Object->store is triggering an UPDATE because the datelastseen is
different than the value in DB (comparing a datetime with a date)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 28730 added the ability to format due dates based on Koha's date format, but missed formatting the due date field in the item information response.
Test Plan:
1) Apply this patch
2) prove t/db_dependent/SIP/Message.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds <zebra_connection_timeout>30</zebra_connection_timeout>
to the koha-conf.xml file.
Sometimes, a Zebra search might take longer than 30 seconds. If it does,
Koha will say that 0 records have been found. While slow searching
is not desirable, it's more desirable to get the result set regardless.
Test plan:
0. Apply patch
1. Add <zebra_connection_timeout>.1</zebra_connection_timeout> to
your relevant koha-conf.xml file (e.g. /etc/koha/sites/kohadev/koha-conf.xml)
2. echo 'flush_all' | nc -q 1 memcached 11211
3. koha-plack --restart kohadev
4. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=test
5. Note that no results are returned
6. Change zebra_connection_timeout to 30
7. echo 'flush_all' | nc -q 1 memcached 11211
8. koha-plack --restart kohadev
9a. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=test
9b. Note that 3 results are returned
10. Remove zebra_connection_timeout from koha-conf.xml
11. echo 'flush_all' | nc -q 1 memcached 11211
12. koha-plack --restart kohadev
13a. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=test
13b. Note that 3 results are returned
14. Celebrate
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The POD had $issue in the example, but $checkout in
explanation. Also standardized a bit of other terminology.
(borrower, issue) = (patron, checkout)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In the subroutine ModDateLastSeen we unset an item's lost status when
checked in.
This routine passes a noi log parameter to the store request, this is
to avoid spamming the cataloguing log on every checkin.
When marking an item unlost we should record this change.
To test:
1 - Enable cataloguing log
2 - Mark an item lost
3 - View the log and confirm this chagne was recorded
4 - Check the item in
5 - The message indicates item is now found, but logs have no new entry
6 - Apply patch, restart all
7 - Mark the item lost and verify it is logged
8 - Check the item in, reported found and log entry recorded
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The question whether item is denied renewal doesn't depend on
circulation rules or the patron, it is only a property of the item and
only changes to the item's attributes can cause the return value of
the check to change, thus we should move this to be a method of
Koha::Item.
To test:
1) Run unit tests
$ prove t/db_dependent/Circulation.t
$ prove t/db_dependent/Koha/Item.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
