Problem arises after applying bugfix 27526 and 28445: with
IndependentBranches on, a librarian without superlibrarian privileges,
can edit (and potentially delete) every item (i.e. also from a foreign
branch). This is because can_be_edited calculation is buggy (in two spots).
Test plan:
1. Have (at least) two branches defined.
2. Have IndependentBranches set.
3. Have a biblio record with items belonging to different branches.
4. Be a librarian without superlibrarian rights, with editcatalogue
and tool permissions set.
Scenario A (Edit items):
1. Go to Edit -> Edit items view (cataloguing/additems.pl).
2. You will be able to edit every item, also ones not from the branch
you are from (cf. the button 'Actions').
3. Apply the patch.
4. Repeat 1.
5. You should be able to edit only the items from your branch.
Scenario B (Edit items in batch):
1. From Normal view go to Edit -> Edit items in batch.
2. You will be able to batch edit every item, also ones not from the branch
you are from.
3. Apply the patch.
4. Repeat 1.
5. You should be able to edit only the items from your branch (and
see 'Cannot edit' for others.
Scenario C (Delete items in batch):
1. From Normal view go to Edit -> Delete items in batch.
2. You will not see the string 'Cannot delete' and only by chance
will not be able to activate the checkboxes next to foreign items.
3. Apply the patch.
4. Repeat 1.
5. You should be able to delete only the items from your branch (and
see 'Cannot delete' for others.
Scenario D and E:
Analogous steps can be executed from Tools -> Batch item modification
and Tools -> Batch item deletion
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch reuse the (awesome) Koha::Result::Boolean module to retrieve
the return of Koha::Item->safe_to_delete.
Test plan:
Try to delete an item that has previously been checked out and confirm
that you are still blocked.
Try using the cronjobs, the item and biblio detail pages, as well as the
batch delete item tool.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
The selector is not correct, we must to not rely on the number.
This patch fixes a regression caused by bug 28445, but also a
long-standing bug.
* Regression:
The barcode plugin is broken is autoBarcode=<branchcode>yymm0001
There is a JS error in the console:
Uncaught TypeError: form.field_value is undefined
Focustag_952_subfield_p_878344
Focustag_952_subfield_p_878344_handler
jQuery 11
BindEventstag_952_subfield_p_878344
* Long standing bug:
If there are several item forms on the same page, the branchcode is not
correctly retrieved. For instance on the "Serial edition" page there are
2 item forms, the homebranch that is used by the barcode plugin will be
the one from the last form.
Test plan:
* regression
Set autoBarcode=<branchcode>yymm0001
Catalogue a new item, click into the barcode input
Notice that without this patch you get a JS error in the console
* long standing bug
Create a new subscription, select "Create an item record when receiving this serial".
Receive a serial
Open the 2 item forms ("Click to add item")
Select 2 different home library and click the barcode inputs.
The prefix (branchcode) should be correct with this patch applied.
QA Note: it would be way easier if all add item forms were using the new
methods, it could be:
let loc = document.getElementsByName('items.homebranch')[0].value;
Yes, that's all!
Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the code for itemtypeslimit work, and adds options for shelving location and collection code
This also remove the 'post' method from the form to allow easy bookmarking
To test:
1 - Add holds to your system
2 - Run the holds queue builder
3 - Browse to Circulation->Holds queue
4 - Note the library dropdown
5 - Apply patch
6 - Reload and note new options
7 - Test that both limits and 'All' options work as expected
8 - Note that description at top includes options when selected
"### items found for All libraries and item type:(Books)"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The value of the checkbox was not correct
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Here we go!
Disclaimer: this patch is huge and does many things, but splitting it in
several chunks would be time consuming and painful to rebase. However it
adds many tests and isolate/refactor code to make it way more reusable.
This patchset will make the "batch item modification" and "batch item
deletion" features use the task queue (reminder: Since bug 28158, and so
21.05.00, we do no longer use the old "background job" functionality and
the user does not get any info about the progress of the job).
More than that, more of the code to build an item form and a list of
items is now isolated in module (.pm) and include files (.inc)
We are reusing the changes made by bug 27526 that simplifies the way we
edit/create items (no more unecessary serialization Koha > MARC > MARCXML
> XML > HTML)
New module:
* Koha::BackgroundJob::BatchDeleteItem
Subclass for process item deletion in batch
* Koha::BackgroundJob::BatchUpdateItem
Subclass for process item modification in batch
* Koha::Item::Attributes
We needed an object to represent item's attributes that are not
mapped with a koha field (aka "more subfields xml")
This module will help us to create the marcxml from a hashref and the
reverse.
* Koha::UI::Form::Builder::Item
The code that was used to build the add/edit item form is
centralised in this module. In conjunction with the
subfields_for_item BLOCK (from html_helpers.inc) it will be really
easy to reuse this code in other places where the item form is used
(acquisition and serials modules)
* Koha::UI::Table::Builder::Items
Same as previously for the table. We are now using this table from 3
different places (batch item mod, batch item del, backgroung job
detail view) and the code is only in one place.
To use with items_table_batchmod BLOCK (still from html_helpers.inc)
This patch is fixing some bugs about repeatable subfields and regex. A UI
change will reflect the limitation: if you want to apply a regex on a
subfield you cannot add several subfields for the same subfield code.
Test plan:
Prepare the ground:
- Make sure you are always using a bibliographic/item record using the framework
you are modifying!
- Add some subfields for items that are not mapped with a koha field
(note that you can use 'é' for more fun, don't try more funny
characters)
- Make some subfields (mapped and not mapped with a kohafield)
repeatable
- Add default values to some of your subfields
There are 4 main screens to test:
1. Add/edit item form
The behaviour should be the same before and after this patch.
See test plan from bug 27526.
Those 2 prefs must be tested:
* SubfieldsToAllowForRestrictedEditing
* SubfieldsToUseWhenPrefill
2. Batch modification
a. Fill some values, play with repeatable and regex.
Note that the behaviour in master was buggy, only the first value was modified by the regex:
* With subfield = "a | b"
1 value added with "new"
=> "new | b"
* With subfield = "a | b"
2 new fields "new1","new2"
=> "new2 | b"
Important note: For repeatable subfields, a regex will apply on the subfields in
the "concatenated form". To apply the regex on all the different subfields of a given
subfield code you must use the "g" modifier.
This could be improved later, but keep in mind that it's not a regression or behaviour
change.
b. Play with the "Populate fields with default values from default framework" checkbox
c. Use this tool to modify items and play with the different sysprefs that
interfer with it:
* NewItemsDefaultLocation
* SubfieldsToAllowForRestrictedBatchmod
* MaxItemsToDisplayForBatchMod
* MaxItemsToProcessForBatchMod
3. Batch deletion
a. Batch delete some items
b. Check items out and try to delete them
c. Use the "Delete records if no items remain" checkbox to delete
bibliographic records without remaining items.
d. Play with the following sysprefs and confirm that it works as
expected:
* MaxItemsToDisplayForBatchDel
e. Stress the tool: Go to the confirmation screen with items that can be
deleted, don't request the job to be processed right away, but check the
item out before.
4. Background job detail view
You must have seen it already if you are curious and tested the above.
When a new modification or deletion batch is requested, the confirmation
screen will tell you that the job has enqueued. A link to the progress
of the job can be followed.
On this screen you will be able to see the result of the job once it's
fully processed.
QA notes:
* There are some FIXME's that are not blocker in my opinion. Feel free to
discuss them if you have suggestions.
* Do we still need MaxItemsToProcessForBatchMod?
* Prior to this patchset we had a "Return to the cataloging module" link
if we went from the cataloguing module and that the biblio was deleted.
We cannot longer know if the biblio will be deleted but we could display
a "Go to the cataloging module" link on the "job has been enqueued"
screen regardless from where we were coming from.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To ease reusability
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the html_helper for the cash register selection block
to remove the 'empty option' such that it can be correclty set for each
select case and updates all existing cases where we used the process
block previously to include the relevant blank option '-- Select an
option --', '-- None --', 'Library default' and finally the new '-- All
--' options introduced with this bug.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The hidden attribute for loading an element hidden is known to have
issues and inconsistencies accross browsers.
This patch instead updates the relevent input options to use an inline
style of 'display: none' to hide the elements on page load and then
.show, .hide for subsquent changes linked to the library branch picker
change.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The trailing space after branch in the class attribute for the register
select options cause issues in the 'hasClass' javascript selector
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds handling to allow for the use of the session cash
register by default if it has been set, otherwise it defaults to '--
None --' and requires the end user to select the register to proceed
with the payment.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds handling to allow for the use of the session cash
register by default if it has been set, otherwise it defaults to '--
None --' and requires the end user to select the register to proceed
with the sale.
Test plan
1/ Enable cash registers via the 'UseCashRegisters' system preference
2/ Enable point of sale via the 'EnablePointOfSale' system preference
3/ Navigate to the point of sale page
4/ Note that if you are logged in at a branch with no cash registers yet
defined, then an alert should appear
5/ Note that when you are logged in at a branch with cash regsiters
defined, but without a cash register associated with your session then
the cash 'Cash register' select box is populated with '-- None --' and
you are required to select a register prior to submission
6/ Note that upon selection, the '-- None --' option is disabled
7/ Note that when you have a register associated with your session then
the 'Cash register' select box is pre-populated with that register.
8/ Signoff
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the ability to set a register for the current session
from the 'set library' page.
Upon entering the page, the current selection will be displayed.
Changing the branch will trigger the register select list to update to
display only those registers associated with the updated branch and will
automatically select either 'no register' or the 'branch default'
register. The user can then override that selection to choose a
different register for the session.
Test plan
1/ Enable cash registers with the 'UseCashRegisters' system preference
2/ Select the 'Set library' option from the top right menu
3/ Note that you can now select a cash register from the subsequent page
4/ Change the branch and note that the cash register selection is
updated to reflect the change
5/ Note that the 'branch default' register is auto-selected upon branch
selection if one has been defined, otherwise '-- None --' is selected
6/ You can then alter the selection before submitting the form
7/ Once submitted note that you are returned to the page you were on
prior to attempting to change the library and register
8/ Note the present of the register name next to the library name at the
top of the screen.
9/ Signoff
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
You should be able to add desk choice when you are logging in or
changing library.
Test plan:
1. apply patch
2. have at least three libraries, one without desk, one with one and
one with a few.
3. At login, when choosing a library, it should enable all desks it
has. Pick one.
4. the desk id and name should be set in your session and appear in
the top right, next to the library name.
5. change library and desks from intranet (at the set-library.pl page)
6. you should have the same behaviours
7. if you have a library without a desk, it should prompt you a '---'
option and no desks will be attached to the session.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The ACQ MARC framework is only used for the ‘Item’ block.
This patch add the ability to define biblio fields (!= 995 or 952) to
customize the display of the bibliographic details when ordering.
This new feature is controlled by a new pref:
UseACQFrameworkForBiblioRecords
Test plan:
- Create a new installation to populate the ACQ framework correctly
- Set the pref UseACQFrameworkForBiblioRecords to "Use"
- Create a new order
=> You will see the lib from the ACQ framework
- Add/remove/update biblio subfields in the ACQ framework
- Create a new order
=> You should see the new subfields displayed
Note for QA: I though I would be able to refactor existing code to make
it more flexible, but it is a bit messy and lost a lot of time. I
finally decided to copy/paste the existing code. I simplified it as, I
think, we do not want the plugin, etc. like in the full biblio editor.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Patch applies and functions as described.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>
To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The subroutine C4::Koha::GetAuthorisedValueCategories just retrieves all
the authorised value categories.
We already have a method in the Koha::AuthorisedValues module to do this
job, let's use it!
Technical explanations:
The new subroutine of the AuthorisedValues TT plugin will allow to get
the authorised value categories from the templates.
The new html_helpers include file will get rid of the if selected else
end statements. Bug 15758 already uses this file, see the commit
description for more informations.
Test plan:
1/ Create or edit a new fund (aqbudgets.pl), the fields "statistic 1"
and "statistic 2" should be correctly filled with the list of authorised
value categories
2/ Edit subfields for a biblio and authority framework.
The "Authorized value" dropdown list should be correctly filled on both
pages
3/ Create new items search fields (from the administration area), same
as previously, the authorised value category dropdown list should be
correctly filled
4/ Add and edit patron attribute types, check the authorised value
category list.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>