Koha-community/Koha - Koha - Koha: The world's first free and open source library system

Commit Graph

Author	SHA1	Message	Date
Julian Maurice	96cc447045	Bug 25898: Prohibit indirect object notation Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	3 years ago
Jonathan Druart	eaee34f47a	Bug 24018: Remove die "Not logged in" Signed-off-by: Michal Denar <black23@gmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>	4 years ago
Jonathan Druart	607c66e436	Bug 18403: Fix few errors found with hit_pages.t Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	6 years ago
Jonathan Druart	cee2cf9ff9	Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos Test plan: Login with a patron that is not allowed to see patron's information for patrons outside of his group. Try to access patron's information from scripts of the patron module (members/) and circ/circulation.pl. You should be able to access patron's information of patrons outside of your group and get "You are not allowed to see the information of this patron." If you try and access a patron page with a borrowernumber that does not exist, you should get "This patron does not exist" Technical note: A new C4::Output subroutine is created in this patch: "output_and_exit_if_error" Executed at the beginning of the script it will permit not to copy/paste all the different checks to know if the logged in user is authorised to see patron's information. The design here can be discussed, but I did not find an alternative with as less changes. On the way I refactor what we did with 'unknowuser' previously: it will now work with all patron pages, not only the few that used it. Note that the 'or die "Not logged in";' part should not be needed, but... who trusts C4::Auth? I think it could be used as a safeguard later. I am willing to sed and remove them if required. Changes in discharge.pl are mainly indentation changes. With this patch we should now have a $patron variable that refer to the patron we want to access. That will be very useful to remove plenty of code in members/ and only pass this variable to the template (instead of 1 variable per patron's attribute). Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	7 years ago
Jonathan Druart	4bc92169dc	Bug 18403: Update permissions - borrowers => 1\|* becomes borrowers => 'edit_borrowers' Test plan: Login with a patron that only have the 'edit_borrowers' permission. You should be able to access patron's information of patrons inside of your group. Technical note: Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'. That meant borrowers => 1 and borrowers => '*' had the same behavior. Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all permissions of 'borrowers' are set. We need to update the different occurrences of these tests. Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	7 years ago
Te Rauhina Jackson	f2502c9499	Bug 20009: use Modern::Perl in Members perl scripts Test Plan: Check the following files have been updated from use strict; use warnings; to use Modern::Perl; boraccount.pl default_messageprefs.pl deletemem.pl files.pl mancredit.pl maninvoice.pl member-flags.pl member-password.pl memberentry.pl members-home.pl members-update-do.pl moremember.pl notices.pl pay.pl paycollect.pl printfeercpt.pl printinvoice.pl printslip.pl readingrec.pl routing-lists.pl setstatus.pl update-child.pl Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	6 years ago
Jonathan Druart	f48409bb8d	Bug 16911: Rename extend_subscription with renew_account Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>	8 years ago
Jonathan Druart	e4e90ea0da	Bug 16911: Koha::Patrons - Move ExtendMemberSubscriptionTo to ->extend_subscription This patch moves the code from C4::Members::ExtendMemberSubscriptionTo to Koha::Patron->extend_subscription. The expected behavior is: When a new patron is created, the enrolment period defined for the patron category is used unless an enrolment period date is defined. In that case, this date is used. When an account is renewed, the pref BorrowerRenewalPeriodBase is used to determine if the subscription is renewed from today or from the day when his/her account has expired. Test plan: Confirm that the behavior is correct before this patch and that it's still the same after this patchset applied. Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>	8 years ago
Jonathan Druart	653d305452	Bug 14910: Redirect to the circulation module after a renew iIf a patron is renewed from the circulation module, the librarian should be redirected to the circulation module. This works correctly if the renew is done from the patron module (members). This is caused by a typo in the template: desintation vs destination. This patch also removes the cardnumber parameter to the setstatus.pl script, it is not needed given that borrowernumber is always passed. This has a good side-effect, it will fix bug 14691. The cardnumber does not exist anymore, so no need to escape it :) Test plan: 0/ Do not apply this patch 1/ Create a patron with a cardnumber with a quote (rm'me) and another one without a quote (rmme) 2/ Go on the checkouts page (circ/circulation.pl) 3/ Renew the 2 patrons => With rm'me you are redirected to the circ module - ok => With rmme you are redirected to the member module - nok 4/ Go on the patron detail page (members/moremember.pl) 5/ Renew the 2 patrons => you are redirected to the member module - ok 6/ Delete the patrons => Nothing happend with rm'me, there is a JS error on the page - nok => rmme is deleted - ok 7/ Apply the patch and recreate rmme 8/ Repeat 2, 3, 4, 5 => You are redirected to the correct module 9/ Delete the patrons => They are successfully deleted Signed-off-by: Magnus Enger <magnus@libriotech.no> Followed the test plan, works as advertised. (I did have some problems initially, but that was caused by me not using the interface in English...) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>	8 years ago
Jonathan Druart	a6c9bd0eb5	Bug 9978: Replace license header with the correct license (GPLv3+) Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> http://bugs.koha-community.org/show_bug.cgi?id=9987 Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>	9 years ago
Jonathan Druart	e20270fec4	Bug 11944: use CGI( -utf8 ) everywhere Signed-off-by: Paola Rossi <paola.rossi@cineca.it> Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com> Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>	10 years ago
Galen Charlton	259163d1d7	Bug 9406: ensure confirmation of patron renewal is displayed When renewing a patron from the patron details page, ensure that the "Patron's account has been renewed until XXX" is actually displayed. This patch introduces a was_renewed CGI and template parameter to clarify the intent of the relevent template sections. To test: - Before applying the patch, renew a patron from the patron details page and verify that you don't see the renewal confirmation. - After applying the patch, renew the patron from the details page and verify that the "Patron's account has been renewed until XXX" message shows up. - Renew the patron from the checkout page and verify that the confirmation message shows up. Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Message now displays for both tabs. Fixed tab to make QA script pass. Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>	11 years ago
Fridolyn SOMERS	ab0b5b5283	Bug 9953 - When OpacMaintenance breaks lifting debarment When OpacMaintenance is on, any opac page will redirect to maintenance.pl. Some pages of intranet have the same behavior and you get 404 error. This is because in checkauth, if type arg is undefined it is "opac" by default. This patch adds type arg in all intranet calls of checkauth. Test plan : - Set syspref OpacMaintenance=Show - Go to a borrower page - Click on "Fines" and "Create manual invoice" - Enter an amount and save => Check you go to members/boraccount.pl and not maintenance.pl with 404 error OK - Click on "Fines" and "Create manual credit" - Enter an amount and save => Check you go to members/boraccount.pl and not maintenance.pl with 404 error OK - Edit borrower - Set "Restricted" to yes and save - Click on "Lift restriction" in messages => Check you keep in member page and not maintenance.pl with 404 error OK - Edit borrower - Set "Expiry date" to a day in the past and save - Click on "Renew" in messages => Check you keep in member page and not maintenance.pl with 404 error OK Signed-off-by: Liz Rea <liz@catalyst.net.nz> Good catch, a tricky bug. http://bugs.koha-community.org/show_bug.cgi?id=9952 Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Removed a few tabs from mancredit. All tests and QA script pass now. Good test plan. Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>	11 years ago
Owen Leonard	8fd75227fc	Bug 6261 [Revised] Consolidate patron toolbar include files The staff client has two almost identical include files which can be consolidated: circ-toolbar.inc and members-toolbar.inc. This patch marges the slight differences between them and eliminates circ-toolbar.inc, that being the one which was used on fewer pages. In order to accommodate the different "destination" variable for operations which redirect back either to circ or patrons, circulation.pl defines "destination" in the template. Revision corrects a redirect error in setstatus.pl which predates this patch but which never showed up until now. To test, perform various operations from the toolbar on at least two pages: circulation.pl and moremember.pl. Operations: Edit, add child, duplicate, change password, print (all options), search to hold, renew, set permissions, delete, update child to adult, and export checked-in barcodes. In most cases simply confirming that the link takes you to the right place is enough. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>	11 years ago
Robin Sheat	4cbeeedbe8	Bug 6296: allow users to be authenticated by SSL client certs This adds a new syspref: AllowPKIAuth. It can have one of three states: * None * Common Name * emailAddress If a) this is set to something that's not "None", and b) the webserver is passing SSL client cert details on to Koha, then the relevant field in the user's certificate will be matched up against the field in the database and they will be automatically logged in. This is used as a secure form of single sign-on in some organisations. The "Common Name" field is matched up against the userid, while "emailAddress" is matched against the primary email. This is an example of what might go in the Apache configuration for the virtual host: #SSLVerifyClient require # only allow PKI authentication SSLVerifyClient optional SSLVerifyDepth 2 SSLCACertificateFile /etc/apache2/ssl/test/ca.crt SSLOptions +StdEnvVars The last line ensures that the required details are passed to Koha. To test the PKI authentication, use the following curl command: curl -k --cert client.crt --key client.key https://URL/ (look through the output to find the "Welcome," line to indicate that a user has been authenticated or the "Log in to Your Account" to indicate that a user has not been authenticated) To create the certificates needed for the above command, the following series of commands will work: # Create the CA Key and Certificate for signing Client Certs openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 365 -key ca.key -out ca.crt # This is the ca.crt file that the Apache config needs to know about, # so put the file at /etc/apache2/ssl/test/ca.crt # Create the Server Key, CSR, and Certificate openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr # We're self signing our own server cert here. This is a no-no in # production. openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \ -set_serial 01 -out server.crt # Create the Client Key and CSR openssl genrsa -des3 -out client.key 1024 openssl req -new -key client.key -out client.csr # Sign the client certificate with our CA cert. Unlike signing our own # server cert, this is what we want to do. openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key \ -set_serial 02 -out client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 # In theory we can install this client.p12 file in Firefox or Chrome, but # the exact steps for doing so are unclear, and outside the scope of this # patch Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com> Tested with Common Name and E-mail authentication, as well as with PKI authentication disabled. Regular logins continue to work in all cases when SSL authentication is set to optional on the server. Signed-off-by: Ian Walls <koha.sekjal@gmail.com> QA comment: synchronized updatedatabase.pl version of syspref with sysprefs.sql version, to avoid divergent databases between new and upgrading users.	13 years ago
Paul Poulain	1fe3514c3c	Bug 6328 fine in days does not work Some code coming from BibLibre has been lost in the process of inclusion in 3.4. The result is that fine in days does not work at all (you can setup rules, but it does nothing) Step to reproduce: - Koha > Admin > circ rules > set 1 day fine every day of overdue for default rule - Issue a book return date last week - check-in the book => no debarment is set The following patch will fix all of those problems by : * updating borrowers.debarred to a date field (instead of tinyint). It contains the limit of the debarment * changing API of DebarMember and UpdateBorrowerDebarred to pass a date * display debarrdate where applicable. Note that a debarrdate of 31/12/9999 is considered as unlimited and not displayed * added a debarrcomment, usefull to explain why a patron is debarred (this is independant from debarrdate changes and can be used when placing an unlimited debarment too) [2011-05-12] F. Demians. It works as described. And I can confirm this functionality is impatiently awaited by French libraries since one year. Thanks BibLibre for the good work and for contributing this code. Bug 6328 Followup--update DB structure Thanks Katrin. Bug 6328: make comment a textbox / fix debar by notice trigger Debarring by notice triggers was broken, because the new function expects a date as second parameter. The comment field in patron account details was a very long text field. Patch changes it to be a textbox instead. Bug 6328: Lift debarment leaves patron account 'Lift debarment' redirects to an empty circulation page. BZ6328 follow-up 3 Fixes comment 23 from Fernando L. Canizo : when the patron was debarred and debar removed he still could not check-out. The changes in the IsMemberBlocked (that were on biblibre/master) were lost somewhere The sub was still checking for old_issues instead of calling CheckBorrowerDebarred to get a debardate if applicable Note : this bug was appearing only is you had issuing rules defined for itemtype/categorycode/branch. Seemed to work if you had only default rules. That's probably why it hadn't been spotted before BZ6328 follow-up 4 Comments fron Zeno Tajoli: The patch is OK and I sign-off it. Two little changes done on installer/data/mysql/kohastructure.sql and installer/data/mysql/updatedatabase.pl Signed-off-by: koha <koha@kohabase.localdomain>	13 years ago
Paul Poulain	ddbedbfc2f	Bug 4330 : Adding some copyright BibLibre statements	13 years ago
Lars Wirzenius	e8df566734	Fix FSF address in directory members/ Signed-off-by: Galen Charlton <gmcharlt@gmail.com>	14 years ago
Garry Collum	7f25142410	Bug 2505: Added warnings to members/members-home.pl and members/setstatus.pl Signed-off-by: Galen Charlton <gmcharlt@gmail.com>	14 years ago
Owen Leonard	0e675ef820	- Changes to the way patron renewals are handled. Circulation page now offers 'renew' link alongside warning about patron expiration (as in dev_week), using the new setstatus script. - Member pages now use member toolbar include instead of circ one - setstatus.pl now uses 3.0's patron renewal function - Adding missing item-bullet.gif (Bug 1659) Signed-off-by: Chris Cormack <crc@liblime.com> Signed-off-by: Joshua Ferraro <jmf@liblime.com>	16 years ago
Joshua Ferraro	6f28205b09	adding setstatus.pl from dev_week Signed-off-by: Joshua Ferraro <jmf@liblime.com>	16 years ago

21 Commits (4d011bd9983926488f783730ca43e98e6e07dabe)