Upadates for CSRF are inadvertently stopping AddReturn from being trigger
when a hold is canceled. This is necessary to generate the transfer
back to the originating library.
Test Plan:
1) Find item with a waiting hold, and check it in
2) In the popup notifying me of the waiting hold, select 'Cancel hold'
3) Note no second popup appears notifying you of the need to transfer the item to its home library
4) Apply this patch
5) Restart all the things!
6) Repeat steps 1-2
7) Second popup appears!
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1. Check some items out to a patron
2. Set the username and apssword for the patron so that you can log in as that patron.
3. Log in to the OAPC as that patron.
4. Go to Your account > Summary (the default landing page after you log in).
5. Click "Renew" for one of the items.
6. You get the error as above.
7. APPLY PATCH
8. Try steps 1 -5 again, you should not get an error.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Alexander Wagner <alexander.wagner@desy.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Alexander Wagner <alexander.wagner@desy.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1. Find a any date picker in Koha, like DOB in the patron record.
2. Add a date, either manually or using the date picker.
3. Once there is a date like 07/15/2024 try to edit only part of the
date, or the '15'.
4. The date easily becomes malformed.
5. APPLY PATCHSET, maybe clear your browser cache too
6. Try directly inputing dates. I would suggest the following places:
-Patron record DOB
-Specify due date on circ/circulation.pl as this includes time
-Add item screen, this is the dateaccessioned plugin
-OPAC self reg/self modify
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
In our case I think overwriteMode needs to be set to replace:
https://maskito.dev/core-concepts/overwrite-mode
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch fixes deletion of saved reports in two instances which
were broken by the CSRF changes: From the dropdown menu in the table of
saved reports, and in the modal window which appears if you click the
"Preview" dropdown menu in the table of saved reports.
The patch also makes a minor change to form-submit.js so that the event
handler will attach to dynamically-generated elements (as is the case
with the preview modal).
To test, apply the patch and go to Reports -> Use saved.
- Add one or more reports if necessary.
- In the table of reports, click the secondary dropdown link in the
"Run" button.
- Click "Delete." You should be asked to confirm, and confirming should
correctly delete the report.
- Now test the "Preview SQL" link in the menu.
- A modal window should appear showing you the SQL of the report.
- In the footer of the modal, test the "Delete" button.
Sponsored-by: Athens County Public Libraries
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch fixes the orders search in Acquisitions.
The form method is GET no need to prepend with cud-
Test plan:
1. Create an order that you can search for
2. Try order search, nothing happens
3. Apply patch restart all, refresh browser
4. Try order seach again and get results
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We have a Toolbar component that must be used everywhere for
consistency.
This patch adds it when missing:
* ERM/AgreementsShow
Show an agreement
* ERM/EHoldingsLocalPackagesShow
Show a local package
* ERM/EHoldingsLocalTitlesShow
Show a local title
* ERM/LicensesShow
Show a license
* ERM/UsageStatisticsDataProvidersShow
Show a data provider
* Preservation/SettingsProcessingsShow
Show the the settings of a processing (Preservation module)
Confirm that the "Edit" and "Delete" icons are now replaced with buttons
(in a toolbar) on those views.
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit adds unit tests for the two new methods introduced and also updates all unit tests that use the noissuecharge sysprefs
Test plan:
1. Choose a patron and note their patron category
2. Create a manual invoice on that patron for 6.00
3. Try to check an item out to the patron and it will show a message saying that checkout is blocked because the fine balance is over the limit.
4. This is because the default global value for the ‘noissuescharge’ is 5.00 and we are now over that limit
5. Navigate to Administration > Patron categories and click to edit the category relevant to your patron
6. At the bottom of the form will be fields called No Issues Charge, No Issues Charge Guarantees and No Issues Charge Guarantors With Guarantees. Set those fields to 7
7. Now try and checkout again - this time you will be allowed to checkout as the category level limit is higher than the fine we set.
8. Choose a different patron (patron 2) with a category that is different to the first patron (patron 1).
9. Repeat steps 2 and 3. This time checkout will be blocked again because the limit for this patron category is still the global value of 5.00
10. Choose a third patron with a category of child or similar (patron 3)
11. Make patron 1 a guarantor for patron 3
12. Edit patron 3’s patron category and set the limit for No Issues Charge, No Issues Charge Guarantees and No Issues Charge Guarantors With Guarantees to 5.
13. Try to check out to patron 3 and it will be blocked due to the fines on patron 1’s account
14. Try to checkout to patron 1 - it should still be possible
15. Add a fine to patron 3’s account for 2.00
16. Try to check out to patron 1 - the checkout will be blocked due to the total of 8 now owed by the patron and its guarantees
Test plan:
prove t/db_dependent/SIP/Transaction.t
prove t/db_dependent/SIP/Patron.t
prove t/db_dependent/Circulation/NoIssuesChargeGuarantees.t
prove t/db_dependent/Koha/Patron.t
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds a method to be used in the template where currently the Koha.Preference('noissuescharge') method is used. This currently does not take into account the new patron category level limits and so needs to be updated to its own method to handle these.
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch updates all instances where the current noissuescharge sysprefs are used. They will now use the is_patron_inside_charge_limits method to handle the patron category level limits
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds two new methods. can_borrow is a top-level method for determining whether a patron is able to borrow. Currently this logic is repeataed in multiple methods and shuld be more DRY. This bug is specific to patron charge limits so that is the focus but the method can be developed in follow-up bugs to cover all areas.
The is_patron_inside_charge_limits method is now to be used where any of the three noissuescharge sysprefs are used. It will look at the patron category based on either a borrowernumber or patron object and return a hash detailing the charges, the charge limit and whether the patron is over the limit
Test plan:
1. Choose a patron and note their patron category
2. Create a manual invoice on that patron for 6.00
3. Try to check an item out to the patron and it will show a message saying that checkout is blocked because the fine balance is over the limit.
4. This is because the default global value for the ‘noissuescharge’ is 5.00 and we are now over that limit
5. Navigate to Administration > Patron categories and click to edit the category relevant to your patron
6. At the bottom of the form will be fields called No Issues Charge, No Issues Charge Guarantees and No Issues Charge Guarantors With Guarantees. Set those fields to 7
7. Now try and checkout again - this time you will be allowed to checkout as the category level limit is higher than the fine we set.
8. Choose a different patron (patron 2) with a category that is different to the first patron (patron 1).
9. Repeat steps 2 and 3. This time checkout will be blocked again because the limit for this patron category is still the global value of 5.00
10. Choose a third patron with a category of child or similar (patron 3)
11. Make patron 1 a guarantor for patron 3
12. Edit patron 3’s patron category and set the limit for No Issues Charge, No Issues Charge Guarantees and No Issues Charge Guarantors With Guarantees to 5.
13. Try to check out to patron 3 and it will be blocked due to the fines on patron 1’s account
14. Try to checkout to patron 1 - it should still be possible
15. Add a fine to patron 3’s account for 2.00
16. Try to check out to patron 1 - the checkout will be blocked due to the total of 8 now owed by the patron and its guarantees
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds the columns in the table and also updates the controller to allow these fields to be updated in the database from the UI form
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds three new columns to the patron categories table:
noissuescharge
noissueschargegurantees
noissueschargeguarantorswithguarantees
These values will allow charge limits to be set at category level rather than globally for all patrons. If the values are not set at category level then the system will use the global level values
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We have a ?rules=a,b parameter available for specifying a subset of
rules in the set to return. This patch adds a test to confirm that works
(and fixes the controller and specification as the test proved it wasn't
working)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When using the effective route, we were missing some rule kinds if a
rule hadn't yet been defined for them. We should instead return the rule
as undefined.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch updates the existing /circulation_rules endpoint introduced
in this patchset to allow return of all rule sets rather than only the
effective set.
We continue to default to the effective set for the parameters passed
which will mean by default you will get an arrayref containing one
hashref entry with each rule kind as a key in that hashref.
However, if you add 'effective=false' as a query parameter, you will now
have an arrayref of all rule sets that match your passed criteria
including rules that may have fallen back to defaults in the effective
case.
WIP: Need to add support for * in branch, itemtype, patron category
query parameters to allow explicit return of default rules vs no filter
passed. (i.e. for the effective=false case where all rules for should be
returned when no filters are passed vs * passed to filter to just default
rules vs specifics passed for branch/item/patron filtering.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds the missing try/catch and unhandled exception error
handler to the new list_effective_rules endpoint.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds an endpoint for fetching ciruclations rules given the
constraints of the passed parameters.
We optionally expect item_type, library and patron_category as query
parameters and we return a list of relevant circulation rules pertaining
to that combination of requirements.
You can also add a list of `rules` as a query parameter to limit the
response to only the rules you are interested in for this combination.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch introduces a new 'render_invalid_parameter_value' helper
method that accepts 'path' and 'values' parameters to denote which field
has failed validation and where the end user can get valid options.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
0. Enable unseen renewals
i. Set the system preference UnseenRenewals to Allowed
ii. Edit the circulation rules to specify the maximum number of
unseen renewals allowed
1. Check out an item to a patron
2. In the checkouts table on that patron's account, check the "Renew"
checkbox for that item
3. Select a custom renewal date using the Renewal due date flatpicker
4. Check the checkbox labeled "Renew as unseen if appropriate"
4. Click Renew selected items
--> The item renews, but its new due date follows the renewal period
specified in the circulation rules, regardless of what date was
entered in the Renewal due date field
--> The checkout still has all of its unseen renewals remaining,
indicating that the renewal was not processed as an unseen renewal
5. Enter another custom renewal date and renew checkout with the Renew
all button
--> Same result
6. Apply patch and restart_all
7. Repeat test plan
--> Custom renewal date is now respected
--> Number of unseen renewals remaining decreases when "Renew as unseen"
checkbox is checked
8. Renew the item with the "Renew as unseen" checkbox unchecked
--> Confirm that number of unseen renewals is reset (i.e. the checkout
once again has all of its unseen renewals remaining), indicating
that the renewal was processed as a "seen" renewal
Signed-off-by: CJ Lynce <cj.lynce@westlakelibrary.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1) Apply only this patch, skipping the next one (patch 'Use varchar instead of mediumtext')
2) Run ktd up with default DBMS mariadb:10.5: ktd up
3) Confirm the database state is wrong:
DESC categories BlockExpiredPatronOpacActions;
^ This should return type = mediumtext
4) Run updatedatabase, make sure green success message shows
Running the above query again will show type = varchar(128)
5) Run updatedatabase again, notice blue info message notifies its already varchar
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds the missing library embed from the patron search forms.
This embed is required for the case where a patron is missing both first
and last name or is from a different library group and thus falls into
the 'Patron from library X' block.
I also update the 'Patron from library X' to 'Patron from X' as I feel
it reads more clearly.
Finally, we need to sync the available embeds to ensure 'library' is
embeddable from the different endpoints this search can be triggered on.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch simply switches to a GET as the operation is not cud
To test:
1 - Go to cataloging -> new record
2 - If not in basic editor, switch
3 - Go to tab 100
4 - Enter a name that has no authority in your system: McNotExist, Falsy
5 - Click 'Link authorities automatically'
6 - subfield 9 should turn red, and have an X and a + button
7 - Click the green +
8 - Boom
9 - Apply patch
10 - Reload page and repeat (clear cache so js reloads)
11 - Success! Authority window launches
Signed-off-by: Jake Deery <jake.deery@ptfs-europe.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch corrects an error in the description of the
intranetreadinghistory system preference description.
To test:
1. Apply patch
2. Go to Administration > System preferences > Patrons
3. Look at the description of intranetreadinghistory
--> It should say "... access a patron's checkout history..."
4. Make sure the description's spelling and grammar is correct
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Serials -> Create or find a subscription
2. Receive the subscription
3. Save
4. Click 'Generate next'
5. Nothing happens
6. APPLY PATCH
7. Try again, now the "Generate next" button should work as expected.
Signed-off-by: Kelly <kelly@bywatersoutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Follow original test plan and apply first patch.
Select a user and notice the patron's name and the button have no spacing.
Apply this patch.
Notice there is now spacing.
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Apply patch and yarn build
2. In system preferences search and enable ERMModule
3. E-resource management -> Agreements -> New agreement
4. Click Add new user and notice the parenthesis around the +Select user button are removed
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When duplicating a child card with a guarantor, the guarantor information
appears during the card creation process, but disappears as soon as saving
the card. To recreate:
1. Find a card with a guarantor, either patron or non-patron guarantor.
2. Duplicate the card. Note that it appears to be working on the card
creation screen.
3. Save the patron after completing the form. The guarantor is now gone.
New test plan:
1. Find a card with a guarantor, either patron or non-patron guarantor.
2. Duplicate the card. Note that it appears to be working on the card
creation screen.
3. Save the patron after completing the form. The guarantor is now gone.
Apply patch and repeat, the guarantor should stay after 3.
Note, I may not have understood the code but it looks like nothing is
searching for the content of the displayed information. Therefore I add
hidden fields that are copies of those provided in guarantor_template
class
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>