This patch makes a number of changes in order to improve the way the
staff client's header menu adjusts at narrower browser widths:
- Updated version of Bootstrap 3.3.7 which includes the "collapse"
JavaScript plugin.
- Modified default Bootstrap CSS using Bootstrap's customization tool.
These changes facilitate the removal of some custom CSS (overriding
Bootstrap) from staff-global.scss.
- Added Bootstrap config file for loading customizations at
https://getbootstrap.com/docs/3.3/customize/
- Revised button classes for buttons in Bootstrap-styled toolbars.
The modified default CSS resets the base font size in Bootstrap to
better match our global CSS. A side-effect of this is that toolbar
buttons ended up looking smaller than they should. Changing the
button class solves this.
- Restructure the header menu in order to allow different rules to
govern the appearance of the navigational part of the menu
(Circulation, Search, etc) and the user menu (Set library, My
account, Log out).
- Modify the cart JS to so that the popup works well at narrow widths.
To test, apply the patch, regenerate the staff client CSS, and clear
your browser cache.
- Log in to the staff client and observe the layout of the header menu
as you adjust the browser to various widths.
- Confirm that sections of the menu "collapse" as the window gets
narrower.
- Confirm that dropdown menus behave correctly and that links work.
- Confirm that the Cart link works as expected when the cart empty
and when it has items.
- Install and enable multiple translations, including at least one
set of sub-languages (e.g. fr-FR and fr-CA).
- Test the appearance of the language menus in the footer at
various browser widths.
- View pages with button toolbars and confirm that they appear unchanged
(e.g. biblio detail page, patron detail page).
NOTE: While this patch is intended to make improvements to staff client
responsiveness, it does so within a limited scope. There are still many
pages which do not work well at narrower browser widths.
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The buttons in patron-toolbar.inc lack unique IDs, making them
hard to style/remove with CSS. This patch adds IDs to all three
buttons.
To test:
- Look in koha-tmpl/intranet-tmpl/prog/en/includes/patron-toolbar.inc
and verify there are no IDs
- Apply the patch and look at the file again to verify the IDs have
been added
- Test the "New patron" and "Quick add new patron" buttons to verify
they still work as intended
- Check that the new buttons are globally unique:
$ grep -rn "new-patron-button" *
$ grep -rn "patron-lists-button" *
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist, you
should get "This patron does not exist"
Technical note:
A new C4::Output subroutine is created in this patch: "output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all the
different checks to know if the logged in user is authorised to see patron's information.
The design here can be discussed, but I did not find an alternative with as less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove them
if required.
Changes in discharge.pl are mainly indentation changes.
With this patch we should now have a $patron variable that refer to the patron we
want to access. That will be very useful to remove plenty of code in members/* and
only pass this variable to the template (instead of 1 variable per patron's attribute).
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>
To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
On page Home > Patrons the button 'Patron lists' misses a space between
icon and text. This patch adds it to make the button display like the other
ones.
To test, apply patch and verify that the button displays as expected.
Signed-off-by: fcouffignal <fcouffignal@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds a new system preference:
PatronQuickAddFields
When either this pref or BorrowerMandatoryField is populated this will add a new dropdown to the bew patron toolbar.
When a category is chosen from this dropdown the fields in PatronQuickAddFields and BorrowerMandatoryField will be displayed.
There will be a button allowing a user to switch from the quickadd to the full form and fields will be copied between the forms when toggling.
The Quick add will only be displayed on add of a new patron, future edits should display the full form.
Test plan:
1 - Apply patch
2 - run updatedatabase.pl
3 - Add a new patron and ensure nothing has changed
4 - Populate either PatronQuickAddFields or BorrowerMandatory fields
and note the new button for adding a patron
5 - Click the Quick add and choose a type
6 - Only required or quick add fields should be displayed
7 - Verify toggling forms copies information
8 - Ensure you cannot save patron without filling required fields
(quick add fields should be optional)
9 - Ensure you can save patron with fields filled out
10 - Ensure that a duplicate patron brings up the duplicate/add new
buttons with full form displayed
11 - Verify that subsequent edits use only full form
12 - Verify that data on form submitted is the data saved to patron
13 - Test with various values in both MandatoryBorrowerFields and PatronQuickAddFields
Sponsored by: VOKAL (Vermont Organization of Koha Automated Libraries)
Followed test plan, works as expected.
Re-tested together with followup, works as expected (2016-06-02)
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
We should be using Font Awesome for our icons instead of Glyphicons, for
the reasons discussed on bug 13696.
Test Plan:
1) Apply this patch
2) Note all Glyphicons have been replaced with FA icons in the staff intranet
3) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/modules/
should give no results
4) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/includes/
should give no results
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
We need a follow-up to cover the files changes since this
patch was written. Especially to cover the changes in the
label creator modules.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes includes/patron-toolbar.inc (the one in charge of
rendering the 'New patron' dropdown) make use of the Categories
Template Toolkit plugin to create the list of categories.
(1) To check the setup is sane:
- Go to the Patrons page
=> SUCCESS: The 'New patron' dropdown is populated
- Click on the [+] symbol on the Patron search on the top
=> SUCCESS: The Categories dropdown is populated
(2) To test the patch:
- On the checkout form, perform a patron search that
(a) returns more than one result
(b) returns zero results
- Click the dropdown menu to create a new patron
=> FAIL: Dropdown is empty
- Repeat for (a) or (b)
- Apply the patch and reload
=> SUCCESS: The dropdown is correctly populated
- Repeat (1)
=> SUCCESS: Nothing got broken
- Verify the logs
=> SUCCESS: No new warnings
- Sign off :-D
- Get a cookie
- Smile
Regards
Discussion: we might need a new bug to start cleaning stuff like this:
@categories=C4::Category->all;
if(scalar(@categories) < 1){
$no_add = 1;
$template->param(no_categories => 1);
}
else {
$template->param(categories=>\@categories);
}
but it belongs to a new bug me thinks. Well, suggestions are welcome, but this must
be fixed on stable ASAP so hurry :-D
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The patron lists are only accessible from the tools module, which is not
easily accessible when you are in the patron module.
Test plan:
Go on the patron home page.
In the toolbar, you should see a link to the patron lists.
NOTE: Tweaked button to a to get the click to work.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The pref AddPatronLists does not work as expected if 'generic' is
selected.
Indeed a patron should be linked to a valid patron category (see the
constraint borrowers_ibfk_1 in the DB structure).
Test plan:
0/ Confirm that the AddPatronLists does not work as expected if you choose
the generic patron types.
1/ Delete all you patron categories and check that the interface invites
you to create one.
2/ Confirm that you are able to create a patron and to link it to a patron
category you have created.
I could not verify step 1/, because at least one Patron category
can not be deleted (Staff, since I'm logged in as a Staff patron
and you can not delete categories that are in use).
Tested 0/ and 2/
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes QA script and tests.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch
- removes all html_entity usages in tt file which hide utf8 bugs
- removes all encode utf8 in tt plugins because we should get correctly
marked data from DBIC and other sources directly (cf plugin EncodeUTF8
used in renew.tt)
- adds some cleanup in C4::Templates::output: we now use perl utf8 file
handler output so we don't need to decode tt variables manually.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 9811 removes useful code.
Actually the AddPatronLists pref is not sent to the template from
members/member.pl.
To fix this issue, we can use the existing not clean way, or compare the
syspref value directly in the template. This second solution is
implemented in this patch.
Test plan:
1/ Set the AddPatronLists pref to 'specific'
2/ On the patron home page (members/members-home/pl), the patron search
result page (members/member.pl after launching a search) and on the
checkouts page/patron search result (circ/circulation.pl after searching
a patron using the check out), verify that the patron category list is
the specific ones.
3/ Test there are no regression with the AddPatronLists pref set to
'general'.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works as described and fixes the problem.
Note: I am not sure if AddPatronLists makes sense -
if you set it to general patron types, it still preselects the
wrong category type (tried organization, a child patron category
was selected). Also the name is confusiong nowadays with the
Patron list feature.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To reproduce:
- Install Norwegian translation
- Run through the web installer in Norwegian, and make sure you choose
the optionl ("2-Valgfritt") patron_categories.sql data
- Log in and visit the "Patrons" page
- The dropdown should contain black diamonds with question marks instead
of the Norwegian chars æøå
To test
- Apply the patch to the situation above
- Check the dropdown again - æøå should be displayed
- If you want to check with other interface languages than Norwegian,
remember to re-install the nb-NO translation after the patch has been
applied
This feels slightly like curing the symptom instead of the disease,
alternative patches are welcome!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I agree that this doesn't seem like a broad enough solution, but it
doesn't do any harm to apply an incomplete fix as long as the underlying
problem can be followed up on. Note that this problem isn't specific to
Norwegian, but doesn't happen with all non-basic characters.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
I tested with German umlauts and the Norwegian characters given
on the bug report and problem went away after applying the patch.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch converts the toolbar include file used to create the "New
patron" menu to Bootstrap, replacing YUI button and menu code
with Bootstrap markup.
To test, view any page which uses patron-toolbar.inc (members-home.pl or
circulation.pl after searching for a non-existent patron). Button and
menu should look correct and work correctly with the AddPatronLists
preference in both states.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works as described. No errors. Looks very good!
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, no problems found.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
"New" for adding new patrons is hard to translate and is not consistent
with the naming of similar buttons in other parts of Koha.
Patch changes "New" to "New patron".
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Patch does what it says and ii makes sense to change the wording.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
- Hiding patron add toolbar when branches or categories are undefined
- Blocking patron entry form if branches or categories are undefined
- Removing nonfunctional template logic for displaying missing category
error message.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
- Changed 'categorycode' to 'category'
- Formatted additional options to be more compact
- Returning patron search page to wide layout following
removal of patron filter from the sidebar
- Corrected some other markup that was causing validation errors
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Adding New Systempreference AddPatronLists
This systempreference allow administrator to choose if patrons are created on categorycode lists or category_type ones.
Overloading GetBorrowerCategory so that if no parameter provided, it returns the list of category records
Changing memberentry.pl in order to use the categorycode when provided.
Bug Fixing Circulation.pl so that doesnot come up with Error 500
with no category selected for GetBorrowerCategory
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
