This new enhancement add the capability to list the different
identifiers of authors. It is helpful for research publications for
instance.
This patch will add a new "Author identifiers" tab on the detail page
(OPAC) of a bibliographic record, with the list of the authors and their
identifiers.
On the detail page of the authority record, the same identifier list
will be displayed.
Test plan:
Create some authority with
024
$a source
$2 number
$6 link to the source
With the pref turned ON you will be able to see the new information.
Sponsored-by: Orex Digital
Signed-off-by: Orex Digital <info@orex.es>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
get_marc_authors actually return authors from 700..712, not the first
author from 200
Sponsored-by: Orex Digital
Signed-off-by: Orex Digital <info@orex.es>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We got some feedback from a patron regarding the default notifications
on the iCal export for the patron checkout summary in the OPAC.
The notifications send 1 minute before the event (the due date), which
is midnight.
Test Plan:
0) Make sure your time zone in Koha is set correctly in koha-conf.xml
1) Apply this patch
2) Restart all the things!
3) Make a checkout due at 23:59
4) Make a checkout due at 11:00
5) Download the iCal file from the OPAC
6) Import this file into Calendar
7) Note the first checkout is an all day event
8) Note the second checkout is an "instantaneous" event at the date and
time the item is due
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
$itemLoopIter->{reservedate} = $first_hold->reservedate,
$itemLoopIter->{ExpectedAtLibrary} = $first_hold->branchcode;
1st line ends with a comma instead of a semicolon.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When $new_pickup_location gets passed as parameter it doesn't make any
sense to also check is_cancelable_from_opac.
Also this makes code more clearer as it seemed like it was possible for
item to get cancelled at the same time as request to change pickup
location.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a way for patrons to change the pickup location for in
transit holds.
This is done in the OPAC on the holds table.
The feature is controlled by a new system preference:
* OPACInTransitHoldPickupLocationChange
To test:
1. Apply this patches
2. Run:
$ updatedatabase
$ restart_all
=> SUCCESS: system preference added
3. Have an in-transit hold for a known patron
4. Visit the holds table for the patron (OPAC)
=> SUCCESS: Hold in transit, cannot change pickup location
5. Enable the OPACInTransitHoldPickupLocationChange system preference
=> SUCCESS: Descriptive text makes sense and is idiomatic
6. Reload the OPAC page
=> SUCCESS: You can now choose a new pickup location
7. Choose one
=> SUCCESS: It works! Reloaded page pre-selects the new pickup location
8. Switch to the new pickup location library on the staff interface
9. Go to Circulation > Transfers to receive
=> SUCCESS: The hold is there!
10. Scan the hold
=> SUCCESS: Usual workflow follows
11. Sign off :-D
Sponsored-by: Montgomery County Public Libraries
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Before this patch the date formatting for the due date was done
in the .pl instead of the template and the branchcode would show
instead of the library's name in the list of items when placing
an item level hold in the OPAC.
To test:
* Find or create a record with mulitple items
* Check out one of the items
* Place a record level hold
* Return an item to set to waiting
* Place an item level hold
* Go to the OPAC and start placing an item level hold
* Verify the messages in the item table show the branchcode
* Apply patch
* Only visible change should be the library name replacing the branchcode
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a helper method for filtering out cancellation
requested-holds from resultsets, and makes use of it in the OPAC to
filter out those in the current holds tab. Holds history now shows
'Waiting (cancellation requested)' on those.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Sponsored-by: Montgomery County Public Libraries
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We could improve this more and add disable the holiday from the date
picker widget, but it's out of the scope here.
Sponsored-by: Association KohaLa - https://koha-fr.org/
Signed-off-by: Koha Team University Lyon 3 <koha@univ-lyon3.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
A bit of cleaning
Sponsored-by: Association KohaLa - https://koha-fr.org/
Signed-off-by: Koha Team University Lyon 3 <koha@univ-lyon3.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Sponsored-by: Association KohaLa - https://koha-fr.org/
Signed-off-by: Koha Team University Lyon 3 <koha@univ-lyon3.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Sponsored-by: Association KohaLa - https://koha-fr.org/
Signed-off-by: Koha Team University Lyon 3 <koha@univ-lyon3.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Caught by t/db_dependent/www/regressions.t
# Failed test '404 for itemnumber containing different URI'
# at t/db_dependent/www/regressions.t line 124.
# got: '500'
# expected: '404'
# Failed test '302 for itemnumber with matching URI'
# at t/db_dependent/www/regressions.t line 126.
# got: '500'
# expected: '302'
# Failed test '404 for itemnumber containing different URI'
# at t/db_dependent/www/regressions.t line 139.
# got: '500'
# expected: '404'
# Failed test '302 for itemnumber with matching URI'
# at t/db_dependent/www/regressions.t line 141.
# got: '500'
# expected: '302'
# Looks like you failed 4 tests of 36.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Includes:
Bug 29697: (follow-up) Use flag embed_items
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
JD Amended patch:
-# FIXME Special case here
- print "Biblio not found\n,";
+ print "Biblio not found\n";
- my $biblio = Koha::Biblio->find($hostbiblionumber);
+ my $biblio = Koha::Biblios->find($hostbiblionumber);
Rebased-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
See first patch. Add orgcode OCoLC.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We need to pass OCLC_NO as key to C4::Output::parametrized_url.
We get it from MARC21 035$a and strip the organizational code.
Test plan:
Add e.g. 62385712 in 035$a in a record.
Add e.g. following link to pref OPACSearchForTitleIn:
<a href="https://worldcat.org/search?q={OCLC_NO}" target="_blank">WorldCat (via OCLC number)</a>
Open that record on detail page. Click More searches. Follow that link.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch does a second search if the first had no results and was a simple single term search
We simply quote the term, rebuild the query, and rerun the search
This targets both Zebra and ES, but is more relevant for ES
To test:
0 - Have Koha running using ES
1 - Add titles your system "Ivy + Bean" "The 6:20 Man"
2 - Search for these titles without quotes - NO results under ES
3 - Search with quotes - you find them
4 - Apply patch, restart all
5 - Search again without quotes
6 - Success!
7 - Confirm search still works under Zebra
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We should not test the $hidingrules variable but the number
of keys it contains.
Test plan:
Clear OpacHiddenItems.
Check with and without this patch search result numbering on
the OPAC.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Verify if transfer shared list on OPAC still works as expected.
Same for intranet counterpart for public lists.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Share a list with a patron that has no email address.
Try to transfer ownership. Verify that you get the error message.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patron is a 'sharee' (not the sharer).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Pick or create a shared list. Login as owner.
Transfer to one of the other members.
Verify that you do no longer have Transfer, but see Remove share.
Login as the other member. Transfer it back.
Bonus: Working with two tabs, you can open the Transfer form and
in the meantime delete the list, the patron or remove the share.
Or change permissions. Submit after that and check the error message.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Pick or create a shared list.
Verify that OPAC only shows the Transfer button when you are the
owner of a shared list.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1/ Add 'Email' to the 'SMSSendDriver' system preference.
2/ Make sure 'EnhancedMessagingPreferencesOPAC' and 'EnhancedMessagingPreferences' are turned on.
3/ Add some SMS providers (/cgi-bin/koha/admin/sms_providers.pl) with different names.
4/ Notice on memberentry.pl and opac-messaging.pl the SMS providers sort by when they were added, not alphabetically.
5/ Apply patch and restart services.
6/ Look at memberentry.pl and opac-messaging.pl and notice that they SMS providers now sort alphabetically.
Signed-off-by: George Williams <george@nekls.org
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds the 'In bundle: Link' to the OPAC to mirror what we have
on the staff client.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch does the absolute bare minimum to prevent private notes from
appearing on the OPAC.
Test plan
1. Go to Koha Administration -> Koha bibliographic frameworks
2. View the MARC structure for your BKS framework (or something else)
3. Search for tag 583, edit subfields
4. Go to subfield 'x' - nonpublic note. Confirm the OPAC visibility
checkbox is UNCHECKED.
5. Edit or create a record using the BKS framework. Put a note in the
583$x.
6. View this record in the OPAC
7. Go to the Title notes tab. Confirm the non-public note is
showing, even though the framework says it should not be
visible via the OPAC.
8. Apply patch
9. Confirm the non-public note is no longer visible
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The C4::Suggestions::SearchSuggestion subroutine is badly written and
can be replaced by calls to Koha::Suggestions->search.
The hard part in this patch is suggestion.pl, the other occurrences have
been replaced easily.
Test plan:
The idea is to test the whole suggestion workflow.
1. Create a suggestion on OPAC
2. Create a suggestion on the staff interface
3. Edit suggestions
4. Filter suggestions (use the different filters and "organize by"
values)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 23991: Remove SearchSuggestion tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 23991: (QA follow-up) Save some DB queries
This patch makes the suggestion-related pages rely on array size instead
of querying the DB each time they need to. In the case of
suggestion/suggestion.pl it goes from 4 COUNT(*) to 1.
To test, with KTD:
1. Run on the host machine:
$ docker exec -ti koha_db_1 bash
$ mysql -ppassword
> SET GLOBAL general_log_file='/var/log/mysql/mycustom.log';
> SET GLOBAL log_output = 'FILE';
> SET GLOBAL general_log = 'ON';
> \q
$ tail -f /var/log/mysql/mycustom.log | grep suggestions
2. Visit the different pages changed on this bug
=> SUCCESS: Some queries
3. Apply this patch
4. Repeat 2
=> SUCCESS: Less queries!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 23991: Fix branchcode and budgetid filtering
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 23991: Fix conflict with bug 28941
Well, this patchset fixed the security bug...
Redoing on top of bug 28941
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 23991: (follow-up) Missing semicolon
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 23991: Fix 'all' libraries
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 23991: (follow-up) Add value to filter_archived
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds two new sysprefs:
ComponentSortField
ComponentSortOrder
These allow the user to choose how components should be sorted when displaying on the details page
of a record, and the corresponding search for all components
This also updates our search from simple_search_compat to search_compat to allow for sorting options
Note:
Some sorting under ES is unclear - this is a separate issue to be invesitgated
Our Zebra index does not offer 'record number' sorting, I will file a bug for that
To test:
1 - Enable UseControlNumber (or not)
2 - Add some components to a record by control number or title depending on above
3 - Enable ShowComponentRecords syspref
4 - View the record that has components
5 - Note they are not sorted
6 - Apply patch, updatedatabase
7 - reload record
8 - Note components are sorted by title ascending
9 - Try different values for ComponentSortField and ComponentSortOrder
10 - Confirm sorting changes with system preferences
11 - Repeat test on staff and opac, with ES and Zebra search engines
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates all the calls to pass a hasref rather than an array
It also removes the no longer used framework parameter
To test:
prove -v t/Biblio.t t/db_dependent/Biblio/TransformMarcToKoha.t
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan :
Display a biblio record with some MARC notes in details page and basket,
OPAC and staff
Run prove t/db_dependent/Koha/Biblio.t
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When viewing the detail page of the first or last record of a result page,
it's not possible to browse to another page when using Elasticsearch.
To test:
1) Search for "*" in the OPAC
2) Click on the last result of the page
3) Observe that you cannot browse to the next page
4) Apply the patch
5) Search for "*" in the OPAC
6) Click on the last result of the page
7) Observe that you can browse to the next page
8) Sign off
Sponsored-by: Lund University Library
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The 'completed' flag was causing the wrong status to be shown, but we
can also give a more useful message to the patron.
To test:
1) Enable the UseRecalls system preference and set up your
recalls-related circulation rules.
2) Check out an item to Patron B.
3) Log into the OPAC as Patron A and search for the item.
4) Place a recall on that item.
5) Go back to the staff client and check the item in. Confirm the recall
as waiting for Patron A.
6) Go back to the OPAC record page and look at the holdings table.
Notice the status still says the item is Available.
7) Apply patch, restart services, refresh the OPAC.
8) Confirm the holdings table status now says the item has a pending
recall.
Sponsored-by: Catalyst IT
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The current situation is that biblio-level holds can be assigned an item
type, so they can only be fulfilled by items matching that specified
item type (be it item-level itype or the fallback to biblio-level).
But there's the situation in which max holds limits for a specific item
type can be overridden by using biblio-level holds with item type
selection (AllowHoldItemTypeSelection) enabled.
To test:
1. Have a patron of category 'Staff' (S)
2. Have 3 records with items with the 'BK' item type, and maybe others
3. Enable AllowHoldItemTypeSelection
4. Set a limit of 2 max holds for that category+item type
5. In the OPAC. Place bibio-level holds, with item type contraint to 'BK' on those 3 records
=> FAIL: You can place the 3 holds
6. Cancel the holds
7. Apply this patch and restart all
8. Repeat 5
=> SUCCESS: You can only place 2 holds
9. Run:
$ kshell t/db_dependent/Reserves.t
=> SUCCESS: Tests pass!
10. Sign off :-D
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a new page opac-reset-password where a user cna enter their login
(userid or carndumber), current password, and new password.
If the user has a password expiration date and the current password is correct and
the new passwords match and meet requirements their password will be updated and the
expiration date reset
A patron whose password does not expire will be reidrected to login to change their password
To test:
1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset
2 - Set 'Password expiration' for a patron category
Home->Administration->Patron categories->Edit
3 - Create a new patron in this category with a userid/password set, and an email
4 - Update the patron with an expiration to be expired
UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51;
5 - Give the borrower catalogue permission
6 - Attempt to log in to Straff interface
7 - Confirm you are signed out and notified that password must be reset
8 - Click 'Reset your password' link
9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password
10 - enter invalid/incomplete credentials
11 - Confirm you are notified of invlaid credentials
12 - Fill in all fields, but enter current password as new password
13 - Confirm you are notified of no change
14 - Set minimum password length / strong password requirement for category
15 - Confirm you receive error if new password too short or not secure
16 - Enter a valid new password and submit and confirm update is successful
17 - Confirm you have buttons to go to OPAC or Staff and that both work
18 - Confirm you cna log in (i.e. expiration has been reset)
19 - Expire the users password
20 - Remove catalogue permission
21 - Reset password again and confirm only OPAC link
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates the three scripts that fetched the soonest renewal date
to use the return from CanBookBeRenewed
To test:
1 - Set a circulation rule with a 'no renewal before' set to 3, loan length set to 5
2 - Check out an item to a patron that uses this rule
3 - Verify the checkouts for the patron show the correct 'No renewal before' date
4 - Sign in to the patron's opac account
5 - Verify the item shows it cannot be renewed, and shows the correct date
6 - Go to Circulation->Renew
7 - Attempt to renew using barcode
8 - Confirm error shows the soonest renewal date
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
We got
Can't call method "value" on unblessed reference at /kohadevbox/koha/opac/opac-messaging.pl line 86
$cookie can be an arrayref, we should retrieve the session id using
CGI->cookie('CGISESSID')
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch replaces the AutoEmailOpacUser system preference with a new
AutoEmailNewUser preference. This makes the functionof the preference
clearer.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates all references to the former ACCTDETAILS notice to
use the new WELCOME email notice instead.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
The error pages wrote a HTTP status code of 200 for all PSGI requests, even
though it should have only done it for PSGI requests from the ErrorDocument
middleware. This patch fixes that.
0) Do not apply patch
1) Open F12 dev tools and go to Network tab
2) Go to http://localhost:8081/files/blah
3) Note that the webpage is a 404 error but HTTP status code is 200
4) Go to http://localhost:8081/cgi-bin/koha/circ/blah
5) Note that the webpage is a 404 error and HTTP status code is 404
6) Apply patch
7) Go to http://localhost:8081/files/blah
8) Note that the webpage is a 404 error and HTTP status code is 404
9) Go to http://localhost:8081/cgi-bin/koha/circ/blah
10) Note that the webpage is a 404 error and HTTP status code is 404
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch modifies the way Koha sets cookies so that the "sameSite"
attribute is explicitly set to "Lax." This option is chosen because it
is the value which is currently assumed by browsers when the sameSite
attribute is not set.
To test, apply the patch and restart services.
- Log in to the staff interface and open your browser's developer tools.
- In Firefox, look for a "Storage" tab.
- In Chrome, look for an "Application" tab.
- Under "Cookies," click the URL of the staff interface.
- You should see all the cookies which are set for that domain.
- The CGISESSID cookie should have sameSite set to "Lax."
- Go to Cataloging -> New record.
- Check the "marcdocs" and "marctags" cookies.
- Switch to the Advanced MARC editor (you may need to enable
theEnableAdvancedCatalogingEditor preference).
- Check the "catalogue_editor" cookie.
- Add a new item to an existing bibliographic record.
- Check the "LastCreatedItem" cookie which is set after you save the
new item.
- Go to Authorities -> Authority search.
- In authority search results, click "Merge" from the "Actions" menu
next to one of the results..
- Check the "auth_to_merge" cookie.
- Go to Administration -> MARC bibliographic framework
- Choose "MARC structure" from the menu corresponding to one of the
frameworks.
- Check the "Display only used tags/subfields" checkbox.
- Check the "marctagstructure_selectdisplay" cookie.
- Go to Circulation -> Check out to a patron with checkouts.
- Check the "Always show checkouts immediately" checkbox.
- Check the "issues-table-load-immediately-circulation" cookie.
- Go to Tools -> Patron clubs. You will need at least one active club
with one or more patrons enrolled.
- From the list of clubs, click Actions -> Search to hold.
- Check the "holdforclub" cookie.
- Go to Tools -> Batch item modification and submit a batch of items.
- Uncheck one or more checkboxes in the "Show/hide columns" area.
- Check the "showColumns" cookie.
- View a patron -> Search to hold.
- Check the 'holdfor' cookie.
- With WebBasedSelfCheck enabled, log in to the self-checkout page.
- Check the "JWT" cookie.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
If a staff member has access to the staff client (either because
'catalogue' permission is enabled or they're a superlibrarian
then that user can add items (from OPAC or staff client) to a list
marked 'Staff only'
Test plan:
1. In the staff client go to: Lists > 'New list'. Notice under 'Allow changes to contents
from' there are three options: Nobody, Owner only, Anyone seeing this
list
2. Apply first 3 patches and run updatedatabase.pl
cd installer/data/mysql
sudo koha-shell <instance>
./updatedatabase.pl
3. Restart memcached and plack
4. Create 4 patron accounts:
- User A : Superlibrarian permissions
- User B : 'Staff access, allows viewing of catalogue in staff interface
(catalogue)'
- User C : No permissions
- User D : 'Staff access, allows viewing of catalogue in staff
interface' and 'Lists' > Edit public lists (edit_public_lists)' sub-permission
5. Login to staff client as User A.
Create a public list and select the new 'Staff only' option under 'Allow changes to contents from'
6. Log into the staff client as User B.
Confirm you can add items to the list from the following staff client pages:
- Individual list page using the 'Add items' button
- Staff client search result page
- Staff client biblio detail page
7. Confirm you can remove items from the list
8. Confirm you can perform an OPAC search when not logged in
9. Log into the OPAC as User B. Confirm you can add items to the list
from the following OPAC pages:
- OPAC search result page
- OPAC biblio detail page
10. Log into the OPAC as User C. Do an OPAC search and confirm you
can view the list, but not add items to it
11. Login to the staff client as User B. Create a new list with the
following settings:
- 'Category'='Private',
- 'Allow changes to contents from'='Staff only'
Notice a red hint message is displayed.
Change 'Category'='Public' and notice the hint is removed
12. Log into the OPAC as User C. Notice the 'Staff only' option is not
available when creating a list
13. Log into the OPAC as User B. Repeat step 11. Confirm the same
outcome
14. Log into the staff client as User A. Create a list with the
following settings:
- Public = 'Public'
- Allow changes to contents from = 'owner only'
15. Log into the staff client as User D. Edit the list from step 14
confirm you can edit the list to have 'Allow changes to contents from' =
'Staff only'
16. Run Patron.t and Virtualshelves.t unit tests:
sudo koha-shell <instance>
prove t/db_dependent/Koha/Patron.t
prove t/db_dependent/Virtualshelves.t
Sponsored-by: Horowhenua District Council, New Zealand
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>