Commit graph

770 commits

Author SHA1 Message Date
4f1eefdbb8 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
2017-02-23 19:42:36 +00:00
745c4c3da6 Bug 17933: Do not instanciate a patron if not needed
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 11:22:09 +00:00
Dobrica Pavlinusic
083a8f7b72 Bug 17933 - Internal software error when searching patron without birth date
When patrons don't have date of birth (which is not required) patron
search results on moremember page produce internal server error since we
can't convert MySQL invalid date 0000-00-00 to datetime object and
call strfdate on it.

Additionally, since we assign dates to template variables and after
than assign whole $data hash to template, later assigment overrides
previous one, so we see birth date field even for patrons which don't
have one.

This patch fixes both of those problems.

Test:
1. edit patron and remove it's birth date
2. try to search for it, and verify server error
3. apply patch
4. repeat search for patron and verify that it works and doesn't
   have enpty birth date field

Signed-off-by: Grace McKenzie <grace.mcky@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 11:22:09 +00:00
0b2393cd65 Bug 18033: Remove duplicate code in paycollect.pl
Test plan:
0) apply the patch
1) try to pay individual fee, with full amount and partial amount
   it should work the same as before patch

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-07 16:15:39 +00:00
0c3c162f76 Bug 17905: FIX CSRF in member-flags
If an attacker can get an authenticated Koha user to visit their page
with the url below, privilege escalation is possible

The exploit can be simulated triggering
    /cgi-bin/koha/members/member-flags.pl?member=42&newflags=1&flag=superlibrarian

Test plan:
Trigger the url above
=> Without this patch, 42 is now superlibrarian
=> With this patch, you will get the "Wrong CSRF token" error.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-30 11:24:12 +00:00
bcf9fdafab Bug 17588: ->get_issues has been replaced with ->checkouts
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-20 14:25:35 +00:00
90f9a3c6ac Bug 17588: get_account_lines->get_balance has been replace with account->balance
On previous bugs

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-20 14:25:35 +00:00
45cee0cec8 Bug 17588: Koha::Patrons - Move GetMemberIssuesAndFines
The GetMemberIssuesAndFines subroutine used to retrieve the issues,
overdues and fines for a given patron. Most of the time, only 1 or 2 of
these values were used.
This patch removes this subroutine and uses the new get_issues,
get_overdues and get_balance method from Koha::Patron and Koha::Account::Lines.

Test plan:
1/ Add overdues, issues and fines to different patrons
2/ On the checkout, checkin and patron search result and the patron
detail pages, these 3 informations, if displayed before this patch, must be
correctly displayed.
3/ Use the batch patron deletion tool and make sure that patrons with a
balance > 0 are not deleted

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-20 14:25:34 +00:00
3a19e55382 Bug 17894 - Remove and replace WriteOffFee
WriteOffFee is the last of the "payment" subroutines that need to be
merged into Koha::Account::pay ( as a writeoff is really just type of
payment ).

Test Plan:
1) Apply this patch
2) Verify the writeoff, and writeoff all buttons still work

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-19 11:15:26 +00:00
6caac44a94 Bug 6782 [QA Followup] - Remove unused param and limit calls to Koha.Preference
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 11:47:01 +00:00
Meenakshi.R
141d29358f Bug 6782 - Move auto member cardnumber generation to occur when record is "Saved" (avoid collisions).
Currently the card number is generated when the user enters the patron creation form. This creates a problem of concurrency - when two or more simulataneous users are registering members, the error "card no. in use" can occur.

This change moves the card number generation to occur after the "Save" button is pressed.

Changes:
-C4/Members.pm:
Added code to fixup_cardnumber,If the cardnumber is blank and "autoMemberNum" ON.
-koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt:
Added code to display "leave blank for auto calc during registration" in cardnumber label in patron registration form only if "autoMemberNum" ON.
-members/memberentry.pl:
Added code to get weather or not "autoMemberNum" is on or off and removed fixup_cardnumber generation.

Test cases:
-If "autoMemberNum" ON:
->In blank case, must generate auto card number in simulataneous users.
->If user entered, check for unique card number.

-If "autoMemberNum" OFF:
Must work normal.

Followed test plan, works as expected.
Note: Syspref PorrowerMandatoryField must not include cardnumber, otherwise
      you can not save. Maybe that should be mentioned in the comment for
      syspref autoMemberNum.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 11:47:00 +00:00
1e0becf915 Bug 15908 - Remove use of recordpayment_selectaccts
Test Plan:
1) Apply this patch
2) prove t/db_dependent/Accounts.t
3) Test fine payment via the "Pay selected" button

Signed-off-by: Laura Slavin <lslavin@hmcpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-11 14:41:42 +00:00
9f51f7a7ad Bug 15909 - Remove the use of makepartialpayment
Test Plan:
1) Apply this patch
2) prove t/db_dependent/Accounts.t
3) Test fine payment via the "Pay" button,
   but make the payment for less then the full amount

Signed-off-by: Laura Slavin <lslavin@hmcpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-11 14:41:04 +00:00
275aa1c8d7 Bug 15897 - Folowup Revert "Bug 15896: [QA Follow-up] Add accountlines_id parameter in paycollect"
This reverts commit b6d5748c00.

As this bug report no more uses the accounline_id parameter to identify
account lines to pay in Koha::Account->pay, it should revert this, to
use the new notation everywhere.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-10 13:33:18 +00:00
4e40339db3 Bug 17830: CSRF - Handle unicode characters in userid
If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
  Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.

Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

You can also test the other files modified by this patch.

Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-30 17:47:18 +00:00
b59df2bce7 Bug 17578: GetMemberDetails - Remove GetMemberDetails
All the values different from the ones GetMember returned has been
managed outside of GetMemberDetails.
It looks safe to replace all the occurrences of GetMemberDetails with
GetMember.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:44 +00:00
41493004f6 Bug 17578: GetMemberDetails - Remove flags
Same as authflags, a flags key is set containing all the patron flags.
It is only used in a few places and it's better to call
C4::Members::patronflags when we need it.

Test plan:
Look at the diff and confirm that the change make sense
Use git grep to confirm we do not use the flags somewhere else.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:42 +00:00
fbb50b517f Bug 17578: GetMemberDetails - Remove authflags - 1
GetMemberDetails create a authflags key, but this key is only used from
2 different places.
One is a very simple script, which does not seem very usefull
C4/SIP/interactive_members_dump.pl. I propose to simply remove it.
The other one is the member-flags.pl script. What is done in this one is
a bit weird since we a doing twice the same query (it was not highlighted
before this patch). We will need to fix that later.
At the moment the goal it to remove the GetMemberDetails subroutine
without introducing any regressions (and so without adding big changes)

Test plan:
Select/unselect permissions for a patron, save and edit again.
The behavior of the permission checkboxes should be ok

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:41 +00:00
01226c61a1 Bug 17557: Koha::Patrons - Move GetAge to ->set_age (and remove SetAge)
As said in the previous commit, I considered SetAge as unnecessary and
removed it.

Test plan:
1/ Edit a patron using the different 'Edit' links
2/ Play with the patron category limited to age ranges, and date of
birth
3/ You should get the expected warning if the date of birth is inside
the patron category date range.

To finish:
  prove t/Circulation/AgeRestrictionMarkers.t t/db_dependent/Reserves.t \
        t/db_dependent/Koha/Patrons.t t/db_dependent/Members.t
should return green

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 11:57:38 +00:00
b6d5748c00 Bug 15896: [QA Follow-up] Add accountlines_id parameter in paycollect
We can solve the minor problem reported on 15906 now by using the
accountlines_id parameter of this report.

Test plan:
[1] Add two manual fines (say 20 and 30).
[2] Pay the second one in full, and check that the first one is not paid
    first. So the 20 should remain and not the 30 with 20 outstanding.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-09 17:53:07 +00:00
e716299c32 Bug 15906 - Remove use of makepayment in paycollect.pl
Test plan:
1) Apply this patch
2) Make a payment in full using the "Pay" button
3) Note payment succeeds

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-09 17:51:35 +00:00
8edb7f6fb9 Bug 17720: CSRF - Handle unicode characters
From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""

Test plan:
- Set a MySQL/MariaDB password with unicode characters:
  UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
  FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Edit: removed debugging leftover

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-05 15:20:18 +00:00
Lari Taskula
88e0264413 Bug 17419: Fix smsalertnumber and mobile confusion in moremember.pl
members/moremember.pl will set mobile number as smsalertnumber in template if
smsalertnumber is not defined. This will cause incorrect display for SMS number
in patron's Details-tab. This confusion between smsalertnumber and mobile is
already fixed in Bug 14683, but members/moremember.pl was not fixed yet.

This is a minor issue since it won't occur for manually added new patrons due to
fixes already pushed in Bug 14683, but in case patron's smsalertnumber is null
in database, this bug can be replicated:

To test:
1. Set EnhancedMessagingPreferences to "Allow" and make sure SMSSendDriver
   has been set.
2. Add a new patron, give it a mobile/other phone number.
3. Run a SQL query:
   update koha.borrowers set smsalertnumber=NULL where borrowernumber=XXX;
   (replace XXX with your new patron's borrowernumber)
4. Go to patron's details tab and observe that SMS number shows the mobile/
   other phone you provided earlier.
5. Apply patch.
6. Refresh patron's details tab.
7. Observe that smsalertnumber is now empty, as it should be.

Followed test plan, works as expected.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-21 16:28:51 +00:00
radiuscz
d711d62a48 Bug 17521: Added missing age limit check
Following patron modification partial editor had no age constraint
checking:
/cgi-bin/koha/members/memberentry.pl?op=modify&borrowernumber=3&step=3

Test plan:
1) Apply the patch
2) Open profile of a patron
3) Click Edit under "Library use": http://prntscr.com/d1ghim
4) Change category to an invalid one (eg. Adult instead of Kid)
5) Error saying "Patron's age is incorrect for their category." should
be displayed.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Lucio Moraes <lmoraes@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-07 16:42:07 +00:00
9e82c921a6 Bug 17548: Fix step 1 of memberentry
This bug has been highlighted by bug 15407.

The date limit check on the category code did not work on step 1. But
after bug 15407 the script crashes with
  Can't call method "dateofbirthrequired" on an undefined value at
  /home/vagrant/kohaclone/members/memberentry.pl line 311.

Test plan:
- Edit "step 1" information of a patron (first 'Edit' on a patron detail
page).
- Save
=> Without this patch it BOOMs
=> With this patch, the info should be correctly saved

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-07 16:33:10 +00:00
9b34b07d62 Bug 17375: Search by dateofbirth - handle invalid dates
Prevent internal software error when searching patron with invalid birth date

To reproduce:

- Go to Home > Patron
- Expand patron search (click on + at the left of the search button)
- In drop down 'Search fields', select 'Date of birth'
- Enter a valid date (e.g. 11.02.1995 if syspref 'dateformat' is set to dmydot)
Result: Search works OK
- Enter an invalid date, e.g. 11.02 or abcd...
Result: Internal server error

- Do a patron search with many results
- Use filter on results screen, select 'Date of birth' as search field and
  enter an invalid date to search (e.g. 'a')
Result: Endless message 'Processing'

To test:
- Apply patch
- Repeat steps above
- In both cases, you should get "No results"

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Lucio Moraes <lmoraes@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-27 13:18:32 +00:00
bbcb2fbeaf Bug 14610 [QA Followup] - Implement staff patron tab
Also fixes a few other minor issues

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-26 12:15:17 +00:00
c517689bb6 Bug 5670: Use Koha.Preference to retrieve syspref from templates
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:18:09 +00:00
Alex Sassmannshausen
8ef116a922 Bug 5670: [QA Followup] HouseboundRole CRUD from UI.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt: Add
  HouseboundRole form.
* members/memberentry.pl: Handle HouseboundRole CRUD.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:18:07 +00:00
Alex Sassmannshausen
88f4b828f5 Bug 5670: [QA Followup] Display HouseboundRole info.
* Koha/Patron.pm (housebound_role): New method.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tt: Add
  section for HouseboundRole information
* members/moremember.pl: Pass HouseboundRole info to template.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:18:06 +00:00
47fb829694 Bug 5670: remove useless call to ->new when ->search is enought
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:18:02 +00:00
01ebef46e7 Bug 5670: mv housebound_* to search_housebound_*
I think it's better to prefix the subroutine names used to search with
'search_'.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:18:02 +00:00
Alex Sassmannshausen
01873ebd51 Bug 5670: [QA Followup] Fix div.patroninfo.
* members/housebound.pl: Provide full patron hash keys, extended patron
  attributes & picture to template.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt:
  Refactor to use new information.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:18:01 +00:00
Alex Sassmannshausen
9929583a84 Bug 5670: [QA Followup] Small QA fixes.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: Remove
  `console.log` invocations.
* members/housebound.pl ($houseboundvisits, $chooser, $deliverer):
  Remove unused variables.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:18:00 +00:00
Alex Sassmannshausen
867444c15e Bug 5670: [QA Followup] Avoid CGI::param in list context.
* members/housebound.pl: Force `borrowernumber` to scalar context.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:17:59 +00:00
Alex Sassmannshausen
01b9e646f5 Bug 5670: [QA Followup] Don't force ISO dates.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: Use
  ".datepicker" class for date input, use `$KohaDates` to filter our iso
  dates.
* members/housebound.pl: Use DateTime and Koha::DateUtils to parse
  incoming date to ISO format.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:17:59 +00:00
Alex Sassmannshausen
656efcb536 Bug 5670: [Followup] Refactor .pl; error messages.
* members/housebound.pl: Refactor & store messages for encountered
  errors.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: Show
  messages.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:17:58 +00:00
A. Sassmannshausen
afb81e6c0f Bug 5670: Housebound Readers Module
New module to handle management of circulation to Housebound readers.

- Ability to create housebound profiles & scheduled visits for patrons.
- Ability to record users as Deliverers or Choosers (or both), using
  extended patron attributes.
- Ability to link choosers and deliverers to individual delivery runs.
- 'Delivery Frequencies' are customizable through authorised
  values ('HSBND_FREQ').

* koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc: add
  Housebound menu if appropriate.
* Koha/Patron.pm (housebound_profile): New method.
* Koha/Patrons.pm (housebound_choosers, housebound_deliverers): New
  methods.
* Koha/Patron/HouseboundProfile.pm: New File.
* Koha/Patron/HouseboundProfiles.pm: New File.
* Koha/Patron/HouseboundVisits.pm: New File.
* Koha/Patron/HouseboundVisit.pm: New File.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: New file.
* members/housebound.pl: New file.
* installer/data/mysql/kohastructure.sql: Add housebound_* tables.
* installer/data/mysql/sysprefs.sql: Add HouseboundModule syspref.
* koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/circulation.pref:
  Add HouseboundModule syspref.
* installer/data/mysql/atomicupdate/housebound_tables.sql: New file.
* t/db_dependent/Patron/Borrower_Housebound.t: New file.
* t/db_dependent/Patron/Borrower_HouseboundProfiles.t: New file.
* t/db_dependent/Patron/Borrower_HouseboundVisits.t: New file.

Test plan:
- Apply patch.
- Run atomic update script.
- Run Unit Tests (t/db_dependent/Patron/Housebound*)
- Optionally, add additional authorised values to 'HSBND_FREQ'.
- Switch on 'HouseboundModule' syspref.
- Ensure 'ExtendedPatronAttributes syspref is on.
- On patron pages, when editing, add some to the Housebound deliverer
  and chooser groups.
- On a patron page, the Housebound menu should now be present.
  - create housebound profile
    + ensure Frequency values seem pulled from 'HSBND_FREQ'.
  - create 'housebound visits' (deliveries)
    + ensure chooser/deliverer lists are populated with patrons that
      have the Chooser or Deliverer Attribute type.
  - edit visits.
  - delete visits.
- Switch off 'HouseboundModule'
  - the Housebound menu should disappear

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Bug 5670: [Followup] Rename test files.

* t/db_dependent/Patron/Borrower_Housebound.t: Rename to
  t/db_dependent/Patron/Housebound.t.
* t/db_dependent/Patron/Borrower_HouseboundProfiles.t: Rename to
  t/db_dependent/Patron/HouseboundProfiles.t.
* t/db_dependent/Patron/Borrower_HouseboundVisits.t: Rename to
  t/db_dependent/Patron/HouseboundVisits.t.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Bug 5670: [QA Followup] Fix category_type ref.

* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: Replace
  references to `category_type` with `categorycode`.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 18:17:57 +00:00
c4a923bdf7 Bug 16907: Koha::Patrons - Move HandleDelBorrower to ->delete
This job should be done each time patron data are deleted. It's better
to do it just before deleting the patron than assuming the caller did
the job by itself.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 16:20:41 +00:00
26c034d1f5 Bug 16907: Koha::Patrons - Move DelMember to ->delete
This patch moves the C4::Members::DelMember subroutine to the
Koha::Patron module.
The delete method must be overwritten to permit handling of patron's
holds.

Test plan:
(With the 2 patches applied)
1/ Create a patron with holds and owner of lists
2/ Delete patrons using the web interface:
 - More > Delete on a patron page
 - Batch patron deletion tools
3/ and the cronjob script
 - perl misc/cronjobs/delete_patrons.pl -c [more options]

The patron should have been moved to the deletedborrowers table, his/her
holds and lists should have been deleted.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 16:20:41 +00:00
20c44f0051 Bug 16891: Move C4::Members::MoveMemberToDeleted to Koha::Patron->move_to_deleted
This patch removes the C4::Members::MoveMemberToDeleted subroutine in
order to replace it with the Koha::Patron->move_to_deleted method.
Next after this change, we will move C4::Members::HandleDelBorrower and
C4::Members::DelMember to the same module to simplify the code in
members/deletemem.pl and misc/cronjobs/delete_patrons.pl

Test plan:
1/ Delete a patron from the staff interface and make sure (s)he has been moved to
the deletedborrowers table.
2/ Use the "Batch patron deletion" tool (tools/cleanborrowers.pl) to
remove patron. Make sure the "Permanently delete these patrons" and "Move
these patrons to the trash" options work as before
3/ Same as previously but using the cronjob
misc/cronjobs/delete_patrons.pl.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tested the delete_patrons.pl script and cleanborrowers.pl too.
Tests (are relevant and) pass and the qa scripts are happy too :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2016-10-21 16:20:27 +00:00
cd7b84f675 Bug 17252 - Koha::AuthorisedValues - Remove GetAuthorisedValueByCode
The subroutine C4::Koha::GetAuthorisedValueByCode returned the
description (staff or opac) for a given authorised value.

Note that we may need a unique key to ->find instead of ->search.

Test plan:
- Checkin an item that cannot be checked in because it's lost, the
  message should display the AV description
- Generate a letter with borrowers.streettype equals an ROADTYPE AV, the
  description should be displayed.
- Edit a patron attribute type, the AV dropdown list should be
  displayed
- Create the PA_CLASS AV category (see bug 7154) and make sure it
  behaves as before when editing a patron
- The checkout list should display descriptions for LOC, LOST and
  DAMAGED

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 15:35:21 +00:00
Sophie Meynieux
734d08c2af Bug 17154 : Note column is missing on account lines receipt
When displaying Fines > Account tab for a patron, you can see on screen a Note column that is missing if you click on Print

    Test plan :
    * Find a patron with accountlines or add them manually (Create manual invoice/credit).
    * Be sure some of them got a Note
    * Clik on Print fior those lines

    Without patch, the printed receipt does not show the Note column
    with the patch, the printed receipt shows a Note column and Note content is correctly printed for accountline with a note.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 15:12:21 +00:00
e78f81d615 Bug 17423 - patronimage.pl permission is too restrictive
Bug 14566 added the permission "borrowers" on patronimage.pl.
This perm is too restrictive because circulation pages also uses this page.

I propose to simply use "catalogue" perm.

Test plan
- Set an image to borrower xx
- Create a user with only catalogue permission
- Log with this user
- Go to page (replace xx by borrower number) : /cgi-bin/koha/members/patronimage.pl?borrowernumber=xx
=> Without patch you get the page saying you do not have the permission
=> With patch you get the image
- Log out and retest the page patronimage.pl
=> You get 403 error

Signed-off-by: remy <remy.gonzalves@iepg.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-17 23:44:25 +00:00
Marc
692014c817 Bug 11217: The # in accountlines descriptions makes them un-writeoffable
This patch adds escaping to url params in mambers/pay.pl

To test:
- Apply patch
- Go to Home > Patrons > Manual invoice and create an invoice with a
  description containing a #
- Go to tab "Pay fines"
- Write off the fine
Expected result: Fine is written off and does no longer display in pay tab.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 16:23:06 +00:00
Marc
b588babdb2 Bug 17403: Internal Server Error while deleting patron
This patch fixes a Internal Server Error while deleting patrons.

To reproduce:

- Go to a patron's detail page
- Toolbar : More : Delete
- Confirm "Are you sure you want to delete..."

Result: Internal Server Error
Plack error log:
exited nonzero: 1 at /home/marc/koha/members/deletemem.pl
Note: Patron is deleted

Additional tests: Try to delete yourself, to delete a staff member
without having superlibrarian permission etc.

To test:

- Apply patch
- Re-start plack
- Try to reproduce steps above (with other patron)
Expected result:
No Internal Server Error, Redirect to Home > Patrons

Amended to include all occurences of 'exit 1'

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Good catch Marc

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 00:40:29 +00:00
Marc Véron
6f4f32f4bc Bug 17384 - Categories do not display in patron editing form if they have only one category assigned
To reproduce:
- Go to Home > Administration > Patron categories
- Make sure that you have only one category for a category type.
  Examples: Only one category "Staff" for category type "Staff" or
  Only one category "Library" for category type "Org."
- Edit a patron or create a new patron
- Verify that categories of examples above do not show up in category drop down
- Go back to Home > Administration > Patron categories and add categories to
  both category types
- Edit or create a new patron. Veryfy that categories show up in dropdown.

To test:
- Apply patch
- Make sure you have a category type with only one category assigned
  (e.g. category taype Staff with category Staff)
- Edit a patron or create a new patron. Verify that the category
  shows up in categroy drop down.

- Additional test: Verify that template param 'catcode' from removed line
  is not used in template memberentrygen.tt

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-10 07:59:19 +00:00
acd0f6f116 Bug 15903 - Remove use of recordpayment in paycollect.pl
Test Plan:
1) Apply this patch
2) Pay a fine via the "Pay amount" button
3) Payment should succeed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-27 13:54:14 +00:00
Mark Tompsett
f020babef0 Bug 17307: Smaller counter-patch
Given that the issue is trying to call a method on something that isn't
an object, because the category code doesn't exist, then why is it
even trying to change the expiry date? A simple postfix if fixes it.

Applied counter-patch by M. Tompsett. All three patron 'Edit' links
mentioned in previous patch's test plan work fine.

Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-25 13:47:31 +00:00
11bf7e7bef Bug 17146: Fix CSRF in picture-upload.pl
If an attacker can get an authenticated Koha user to visit their page
with the
url below, they can change or delete patrons' images
/tools/picture-upload.pl?op=Delete&borrowernumber=42

Test plan:
1/ Hit /tools/picture-upload.pl?op=Delete&borrowernumber=42
And confirm that you get a "Wrong CSRF token" error
2/ Go on the patron detail page with a patron's image
3/ Click on the Delete link (note the csrf_token param)
4/ The image will be deleted and you are redirected to the patron detail
page.

Regression tests:
Upload an image from the patron detail page and from the "upload patron
images" tool.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-15 13:33:58 +00:00