Commit graph

11 commits

Author SHA1 Message Date
bf89e4e124 Bug 21398: Make search field mandatory when adding to a basket from an existing record
Test plan:
- Create a basket
- Click the "Add to basket" button
- Click "Search" on the first line
=> Without this patch you get an ugly screen: https://snag.gy/U8X3ZK.jpg
=> With this patch applied you will not be able to submit without
filling the input in

QA note: Yes, we could handle that controller side as well, but much
more work.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-28 19:21:24 +00:00
393b258234 Bug 21333: Add ability to add to basket from a new file
This patch adds a workflow for adding to a basket from a file. It
removes the need to stage the file before going to the basket and allows
you to stage the file and return to the basket

To test:
1 - Have basket in acquissitions
2 - Click add to basket
3 - Note new option to 'Add from new file'
4 - Click it
5 - You will be sent to the record import tool
6 - Stage your file
7 - There is a link after staging 'Add records to basket'
8 - Click it
9 - Your items should be added

Signed-off-by: Sonia <sonia.bouis@univ-lyon3.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-26 19:05:53 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
Jacek Ablewicz
0519c428ef Bug 11665: An ability to place orders directly from hold ratios list
This enhancement introduces a possibility to place orders
from hold ratios list:

- new option "Add order to basket" -> "From titles w/ highest hold ratios";
(user gets redirected from acqusition to "hold ratios" list in circulation)

- "N to order" in "Items needed" column now becomes a link - when clicked,
user gets redirected back to acquisition, directly to order form for
a choosen title (suggested quantity "N to order" is being preserved)

- in the "Items needed" column, there is an additional indication if
there are any pending (not yet received) orders for a given title

This solution is not exactly ideal.. most important drawback: to use
it librarian needs both acquisition & circulation priviledges; if not
having both - new options will not show / wouldn't be active. But it
requires relatively small amount of changes in the code.

To test:
- apply patch,
- test new functions (try to place some orders using an newly added
option, examine resulting order records etc.)
- check modified hold ratios list for possible problems (for user
with only circulation priviledges, additional information regarding
pending orders should be still visible, but not the link
to order form)
- ensure the two following existing options for adding orders to basket
("From an existing record", "From a new (empty) record") a still working
properly.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Minor edit in signoff: Changed "w/" to "with"

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
This works nicely in my tests, neat new addition.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-04 19:13:39 +00:00
baab2a2cb4 Bug 10737: Add "Add to basket" link on vendor search results page
This patch adds an "add to basket" link to the vendor search results
page for each open basket associated with each vendor. Clicking it
triggers a modal window with the "add to basket" choices for that vendor
and basket.

Other changes in this patch:

- The add-to-basket include has been modified in order to make it more
  useful in this context.
- booksellers.pl has been modified to check for an existing budget so
  that the add-to-basket include can properly display a warning if there
  are none.
- "New basket" and "Receive shipment" buttons associated with each
  vendor search result have been converted to Bootstrap-styled buttons.
- Basket closed date has been moved into its own column so that the
  table can be sorted by that value.
- Table columns containing dates now use the "title-string" sort option,
  eliminating the need for a special date sorting algorithm.
- Converted some &'s to &amp;'s

To test, apply the patch and search for a vendor. For each vendor in
your search results baskets which are open should include an "add to
basket" link. Clicking it should open a modal dialog with the same "add
to basket" options offered on the basket page. The correct vendor ID and
basket number should be associated with each link.

The newly-styled "new basket" and "receive shipment" buttons should work
correctly. Table sorting should work correctly, including the new
"closed" column.

Since the add-to-basket include file was modified, the "add to basket"
button on the basket view page should also be tested (acqui/basket.pl).

Signed-off-by: Campbell Reid-Tait <campbellreidtait@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-09-05 15:28:31 +00:00
Jonathan Druart
ed63c13957 Bug 5343: Link serial and acqui modules
DB changements:
- Adds 2 fields: subscription.reneweddate and aqorders.subscriptionid.
- Removes 2 unused fields: aqorders.serialid and aqorders.subscription.

Main test plan:
1) Create a subscription
2) Create a bookseller and a basket
3) Add a new order 'from a subscription'
4) Search your subscription and check if results are correct
5) Click on the "order" link
6) Check the biblio information are filled in the form
7) Select a budget and fill some price information.
8) retry steps 3 and 4. Verify you cannot order the same subscription.
Message:Outstanding order (only one order per subscription is allowed).
9) click on your subscription (already added) and check you have a new
table "Acquisition details" with your price information in the "Ordered
amount" line.
10) receive this order
11) On your subscription detail page, the "Spent amount" line must be
filled with your price information.
12) Re order the same subscription. Now you are allowed to. Prices
information have to be filled with the previous information.
13) Retry some orders and click on a maximum of links in order to find a
bug :)

Signed-off-by: Leila Arkab <koha.aixmarseille@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Comments on last patch.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-22 23:54:43 -04:00
3e358cb993 Bug 2780 - Capitalize strings consistently
Corrections to Acquisitions include files. Patch
also includes some corrections to unescaped ampersands.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-04-04 17:51:23 +02:00
Katrin Fischer
488f4be865 Bug 6994: Wrong 'no budget defined' alert
When ordering from an existing record the 'no budgets and funds defined' error
message was shown below the result list.

To test:
A) No budgets defined for this user and library
Basket summary page shows a warning instead of the link for creation
of orders.

B) Budgets and funds are properly defined for this user and library
Basket summary page shows links for order creation.
Before patch: A search for an existing record had the alert at the bottom
of the search result list.
After patch: The links for creation of orders are shown instead.

Signed-off-by: Liz Rea <lrea@nekls.org>
Verified A and B.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2011-11-06 11:43:30 +01:00
Chris Cormack
5b05ab8bf1 Bug 5072 : Template changes
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2011-08-04 13:53:34 +12:00
Chris Cormack
5884fb1000 Bug 5917 : Swapping templates over 2011-04-10 20:38:30 +12:00
562653bc8d Fix for Bug 3918 - Add to order lists inconsistent
- Added new include to contain add to basket options
- Minor markup corrections

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-01-05 08:46:07 +13:00