Koha-community/Koha - Koha - Koha: The world's first free and open source library system

Commit Graph

Author	SHA1	Message	Date
Julian Maurice	96cc447045	Bug 25898: Prohibit indirect object notation Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	3 years ago
Jonathan Druart	eaee34f47a	Bug 24018: Remove die "Not logged in" Signed-off-by: Michal Denar <black23@gmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>	4 years ago
Jonathan Druart	607c66e436	Bug 18403: Fix few errors found with hit_pages.t Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	6 years ago
Jonathan Druart	cee2cf9ff9	Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos Test plan: Login with a patron that is not allowed to see patron's information for patrons outside of his group. Try to access patron's information from scripts of the patron module (members/) and circ/circulation.pl. You should be able to access patron's information of patrons outside of your group and get "You are not allowed to see the information of this patron." If you try and access a patron page with a borrowernumber that does not exist, you should get "This patron does not exist" Technical note: A new C4::Output subroutine is created in this patch: "output_and_exit_if_error" Executed at the beginning of the script it will permit not to copy/paste all the different checks to know if the logged in user is authorised to see patron's information. The design here can be discussed, but I did not find an alternative with as less changes. On the way I refactor what we did with 'unknowuser' previously: it will now work with all patron pages, not only the few that used it. Note that the 'or die "Not logged in";' part should not be needed, but... who trusts C4::Auth? I think it could be used as a safeguard later. I am willing to sed and remove them if required. Changes in discharge.pl are mainly indentation changes. With this patch we should now have a $patron variable that refer to the patron we want to access. That will be very useful to remove plenty of code in members/ and only pass this variable to the template (instead of 1 variable per patron's attribute). Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	7 years ago
Jonathan Druart	4bc92169dc	Bug 18403: Update permissions - borrowers => 1\|* becomes borrowers => 'edit_borrowers' Test plan: Login with a patron that only have the 'edit_borrowers' permission. You should be able to access patron's information of patrons inside of your group. Technical note: Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'. That meant borrowers => 1 and borrowers => '*' had the same behavior. Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all permissions of 'borrowers' are set. We need to update the different occurrences of these tests. Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	7 years ago
Aleisha Amohia	7ed66a6c8a	Bug 18858: Prevent warn when deleting a borrower debarment To test: 1) Look at intranet log 2) Go to delete a debarment on a borrower 3) Notice warn 4) Apply patch 5) Add a new debarment 6) Delete this debarment 7) Notice warn is gone Sponsored-by: Catalyst IT Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	7 years ago
Jonathan Druart	f3e4b5bbb6	Bug 16154: CGI->multi_param - Force scalar context This patch replaces the occurrences of $template->param( foo => $cgi->param('foo') ); with $template->param( foo => scalar $cgi->param('foo') ); perl -p -i -e 's/(\s=>\s)\$(cgi\|input\|query)\->param\(/$1scalar \$$2\->param\(/xms' */.pl Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>	8 years ago
Jonathan Druart	3691bd8419	Bug 15548: Move new patron related code to Patron* The 'borrower' should not be used anymore, especially for new code. This patch move files and rename variables newly pushed (i.e. in the Koha namespace). Test plan: 1/ git grep Koha::Borrower should not return code in use. 2/ Prove the different modified test files 3/ Do some clicks in the member^Wpatron module to be sure there is not an obvious error. Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com> Works as described. Tested with Circulation, Members/Patrons, Discharge, Restrictions modules and the must common functionalities Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>	8 years ago
Jonathan Druart	e20270fec4	Bug 11944: use CGI( -utf8 ) everywhere Signed-off-by: Paola Rossi <paola.rossi@cineca.it> Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com> Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>	10 years ago
Owen Leonard	cbcfb847e0	Bug 12069: redirect to staff login if you access members/mod_debarment.pl when logged out members/mod_debarment.pl's call to checkauth should pass 'intranet' so that if the user happens to be logged out they will be redirected to the staff client login form, rather than the OPAC. To test, apply the patch and log in to the staff client: - Add a restriction to a patron's account. - View the restrictions tab on the patron's account. You should see the restriction and a "Remove" link for that restriction. - In another tab, log out of the staff client. - In the first tab, click the "Remove" link. You should be redirected to the staff client login page. Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Good catch! Works as described, passes all tests and QA script. Signed-off-by: Galen Charlton <gmc@esilibrary.com>	10 years ago
Jonathan Druart	3804b17745	Bug 2720: (follow-up) change license version to GPLv3+ Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>	10 years ago
Kyle Hall	80897930b7	Bug 2720 - Overdues which debar automatically should undebar automatically when returned This patch adds a more extensible and flexible debarments system to Koha. The fields borrowers.debarred and borrowers.debarredcomment are retained for compatibility and speed. This system supports having debarments for multiple reasons. There are currently three types of debarments: OVERDUES - Generated by overdue_notices.pl if the notice should debar a patron SUSPENSION - A punative debarment generated on checkin via an issuing rule MANUAL - A debarment created manually by a librarian OVERDUE debarments are cleared automatically when all overdue items have been returned, if the new system preference AutoRemoveOverduesRestrictions is enabled. It is disabled by default to retain current default functionality. Whenever a borrowers debarments are modified, the system updates the borrowers debarment fields with the highest expiration from all the borrowers debarments, and concatenates the comments from the debarments together. Test plan: 1) Apply patch 2) Run updatedatabase.pl 3) Verify the borrower_debarments table has been created and populated with the pre-existing debarments 4) Run t/db_dependent/Borrower_Debarments.t 5) Manually debar a patron, with an expiration date 6) Verify the patron cannot be issued to 7) Add another manual debarment with a different expiration date 8) Verify the 'restricted' message lists the date farthest into the future 9) Add another manual debarment with no expiration date 10) Verify the borrower is now debarred indefinitely 11) Delete the indefinite debarment 12) Verify the debarment message lists an expiration date dagain 13) Enable the new system preference AutoRemoveOverduesRestrictions 14) Set an overdue notice to debar after 1 day of being overdue 15) Check out an item to a patron and backdate the due date to yesterday 16) Run overdue_notices.pl 17) Verify the OVERDUES debarment was created 18) Return the item 19) Verify the OVERDUES debarment was removed 20) Disable AutoRemoveOverduesRestrictions 21) Repeat steps 15 though 18, verify the OVERDUES debarment was not removed 22) Add issuing rules so that an overdue item causes a temporary debarment 23) Check out an item to a patron and backdate the due date by a year 24) Return the item 25) Verify the SUSPENSION debarment was added to the patron Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>	11 years ago

12 Commits (4d011bd9983926488f783730ca43e98e6e07dabe)