Commit graph

89 commits

Author SHA1 Message Date
5825026448 Bug 21526: uri escape TT variables when used in 'a href'
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 17:09:57 +00:00
75ee8420ed Bug 21663: Incorrect filter prevents predefined notes from being added to patron acccounts
This patch removes an "html" filter from the template include which
allows one to add predefined nots to a patron's account.

To test, apply the patch and open a patron record for viewing or
checkout. Click the "Add message" button. The "predefined notes"
dropdown should contain the authorised_values you have with the
'BOR_NOTES' category.

Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 16:36:21 +00:00
7c05f4fbe4 Bug 21068: Remove NorwegianPatronDB related code
Bug 11401 introduced code to support Norwegian national library card.
This code is too specific to be part of Koha as it, it should be a
plugin instead.
Moreover nobody uses it, but a modified version (see comment 3).

Test plan:
Add/edit/delete patron and make sure there are no regressions introduced
by these patches

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:29 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
81431ee28a Bug 20226: Centralize update child code (CATCODE_MULTI)
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).

Moreover the strings used by the templates are also in several template
files (or .inc)

To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js

Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 11:58:26 +00:00
Katrin Fischer
db5628e771 Bug 3886: Fix mismatch of required permissions for printing slips
- Print summary (summary-print.pl)
- Print quick slip (printslip.pl)
- Print slip (printslip.pl)
- Print overdues (print_overdues.pl)

Perl scripts all require circulate_remaining_permissions, while
in the template we were checking for edit_borrowers.

Now the print pull down will only be visible if the patron has
circulate or circulate_remaining_permissions.

To test:
- Verify that printing the listed slips works for staff users
  with either circulate or circulate_remaining_permissions
  and without edit_borrowers.

Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-05-29 13:52:34 +00:00
5cf8bbfb7a Bug 20624: Make staff client respect RESTOAuth2ClientCredentials
This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.

To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:02 -03:00
d2454d6868 Bug 20568: Fix bad resolution conflict with bug 18403
borrowers module permission has now several subpermissions

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:00 -03:00
b67e88f429 Bug 20568: Move value => client_id + secret
This patch addresses the request from Julian that api keys are expected
to be client id/secret pairs.

It does so by
- Adding 'client_id' and 'secret' columns
- Removing 'value'

Tests got adjusted and so controller scripts and templates.
Both libs and tests changes have been squashed. This ones remain in
order to keep Owen's attribution on the template changes and avoid
rebase conflicts.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:59 -03:00
05101f0afa Bug 20568: Add mandatory description field for api keys
This patch changes the table structure adding fields usually found on
this kind of api management pages.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:58 -03:00
Julian Maurice
3aa102d0c3 Bug 20568: API keys management in interface
This introduces the concept of API keys for use in the new REST API.
A key is a string of 32 alphanumerical characters (32 is purely
arbitrary, it can be changed easily).
A user can have multiple keys (unlimited at the moment)
Keys can be generated automatically, and then we have the possibility to
delete or revoke each one individually.

Test plan:
1/ Go to staff interface
2/ Go to a borrower page
3/ In toolbar, click on More -> Manage API keys
4/ Click on "Generate new key" multiple times, check that they are
   correctly displayed under the button, and they are active by default
5/ Revoke some keys, check that they are not active anymore
6/ Delete some keys, check that they disappear from table
7/ Go to opac interface, log in
8/ In your user account pages, you now have a new tab to the left "your
   API keys". Click on it.
9/ Repeat steps 4-6

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:58 -03:00
a723bbaf1b Bug 18789: Use Koha::Patron->is_adult where needed
Test plan:
When editing adult's info you must see the "Add child" button

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
d8b8799355 Bug 18789: Use Koha::Patron->is_child where needed
Test plan:
When you are on a page related to a child you should see the "Update
child to adult patron" button

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
0ab22e1c7c Bug 18789: Send Koha::Patron object to the templates
In order to simplify and make uniform the code, the controller scripts send
a Koha::Patron object to the templates instead of all attributes of a patron.

That will make the code much more easier to maintain and will be less
error-prone.

The variable "patron" sent to the templates is supposed to represent the
patron the librarian is editing the detail.

In the members module and some scripts of the circulation module, the
patron's detail are sent one by one to the template. That leads to
frustration from developpers (making sure everything is passed from all
scripts) and to regression (we got tone of bugs in the last year because
of this way to do).
With this patch set it will be easy access patron's detail, passing only
1 variable from the controllers.

Test plan:
Play with the patron and circulation module and make sur the detail of
the patron you are editing/seeing info are correctly displayed.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
047ca33a93 Bug 19641: Move patron templates to the footer
This patch modifies the staff client patron module templates so that
JavaScript is included in the footer instead of the header.

This patch touches a lot of files because the changes are all
interdependent, affecting a couple of module-wide include files.

To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.

Patrons -> Patrons home, patron search results
  -> Manage pending modification requests
  -> Patron detail page
    -> Edit patron
      -> Set guarantor
    -> Fines
       -> Account, Pay fines, Create manual invoice, Create manual
          credit
       -> Print receipts for different kinds of charges
    -> Routing lists
    -> Circulation history
    -> Holds history
    -> Notices
    -> Statistics
    -> Files
    -> Purchase suggestions
    -> Discharges
    -> Housebound
    -> Set permissions
    -> Change password
    -> Print summary, slips, and overdues
    -> Update child to adult patron type

Patron toolbar and patron search bar operations should work correctly on
all pages.

This patch also updates the template for searching the Norwegian
national patron database, but it has NOT been tested.

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Zoe Bennett <zoebennett1308@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-15 13:30:23 -03:00
cee2cf9ff9 Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos
Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist, you
should get "This patron does not exist"

Technical note:
A new C4::Output subroutine is created in this patch: "output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all the
different checks to know if the logged in user is authorised to see patron's information.
The design here can be discussed, but I did not find an alternative with as less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove them
if required.

Changes in discharge.pl are mainly indentation changes.

With this patch we should now have a $patron variable that refer to the patron we
want to access. That will be very useful to remove plenty of code in members/* and
only pass this variable to the template (instead of 1 variable per patron's attribute).

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:38 -03:00
4bc92169dc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers'
Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your group.

Technical note:
Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
That meant
  borrowers => 1
and
  borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:37 -03:00
Katrin Fischer
82f183c5ea Bug 19129 - Clean up Details tab for Organisation patrons
Problem: A patron category "I" would cause display problems
on the details in the intranet. This is because the templates
confused patron category "I" with patron type "I" (organisation).

Patch:
- Cleans up variable confusion between categorycode and
  categorytype.
- The template contained code to change the labels below
  the address to 'Organisational phone:" etc., I have removed
  this part as it does not match the edit form anymore.
- Initials, date of birth and gender are still hidden for
  organisation - matching the edit form.

Bonus:
- The patron category description was missing on the
  right and left side of the details tab. Now it displays.
- Fixes some html issues:
  - doubled up class attribute in a tag
  - doubled up </li></li>

To test:
- Create 3 patrons
  - patron category code doesn't matter, but category type organisation
  - patron category code 'I', category type NOT organisation
  - patron category code NOT I, category type NOT organisaton
- Check details tab in patron account in staff for all 3
  - Verify patron category description shows correctly
  - Verify information added to the account displays correctly
    (phone numbers, emails, ...)

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:23 -03:00
e28f19f0a8 Bug 18423 - Add child button not always appearing - problem in template variable
This patch removes the retrieval of the syspref borrowerRelationship
from the scripts and moves it to a check using the Template Toolkit
plugin

To test:
1 - Apply patch
2 - Ensure 'Add child' button displays appropriately on all member pages.

Tested 3 pateches together, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-21 07:42:57 -04:00
23cb7ca458 Bug 17874: Bug 16239 followup - polishing things
This patch is made on top of bug 16239 to polish things.

Makes these changes:
- Buttons on add circulation message modal
- Dropdowns has top and bottom margin 4px instead of 3px
- btn-link class (for example in toolbar on advanced search pages)
- Delete circ message is btn-link
- Add new circ message is btn-link

Test plan:
- Confirm that all changes are as described above and that they make sense

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 14:42:27 +00:00
804677265e Bug 16239: Update templates
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 14:41:22 +00:00
194d5898c8 Bug 17398: Enhance circulation messages UI
Test plan:
1) Apply patch
2) Add same circulation messages, note that both buttons are in bootstrap style and the whole form is a bit cleaner
3) Confirm that adding works as expected
4) Try to delete some of your messages, note the delete link is also button now
5) Confirm that deleting works as expected

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-23 11:45:00 +00:00
1d0d5f1398 Bug 17365: Fix XSS in moremember.pl and memberentry.pl
There are certainly hundred of places where they are not escaped...

Test plan:
Create a patron with "Arun <script>alert('code injection');</script>" in
some of the fields.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 16:19:56 +00:00
Andreas Roussos
0f4644a5bf Bug 17312 - Typo in members-toolbar.inc / moremember-brief.tt / moremember.tt
The following three templates are using [% guarantorborrowernumber %]
while they should be using [% guarantor.borrowernumber %]:

members/members-toolbar.inc
members/moremember-brief.tt
members/moremember.tt

This doesn't result in any breakage; just a couple of 'Edit' links that
do not pass the guarantorid in the URL, and one case where guarantor
information is not shown in the staff client.

This patch fixes that.

Test plan:
0) [PREREQUISITE] Create a patron with a guarantor if you don't have one.
1) Go to Home > Patrons and search for a patron that has a guarantor. In
   the Details page for that patron, the 'Edit' link in the toolbar does
   not pass the guarantor's id in the URL (...&guarantorid=&...).
2) In the same page, the 'Edit' link under the patrons name (immediately
   under 'Guarantor') again does not include the guarantor id in the URL.
3) Go to Home > Patrons and click on 'New patron'. Pick any category from
   the drop down menu. Enter the Surname, First name, and Date of birth
   of the patron you used in step 1). This triggers the 'Duplicate patron
   record?' warning -- click on 'View existing record' and notice how the
   guarantor information is missing.
4) Apply the patch.
5) Repeat steps 1), 2), and 3) above. The URLs are fixed and patron info
   is showing.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-25 13:51:56 +00:00
8984ea2f41 Bug 16995 - Remove event attributes from two include files
This patch removes event attributes from two include files:
cat-toolbar.inc and members-toolbar.inc.

In cat-toolbar.inc an unused <form> tag with an "onsubmit" attribute has
been removed.

To test, apply the patch and:

- View the detail page for any bibliographic record. All toolbar buttons
  ("New," "Edit," "Save," etc.) should work as expected.
- View the detail page for any patron. Click the "Add message" button in
  the toolbar. Selecting a predefined note should correctly populate the
  textarea with your selected message.

Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:28:50 +00:00
13a6127952 Bug 17097: Add a confirmation page when deleting a patron
It won't hurt to have a confirmation page when deleting a patron.
Moreover it's the more easy way to protect against CSRF attacks :)

Test plan:
Make sure you get a confirmation page when deleting a patron
Confirm that approving or denying the confirmation work as expected

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 15:55:23 +00:00
71ea7e2ba5 Bug 3669: Remove parameters passed to action of form
Sounds weird to pass parameters to the action of a POST form.
This patch adds a workaround.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:20:14 +00:00
Aleisha
573f1ac474 Bug 3669: Moving 'Add a new message' into a pop up box and adding to patron toolbar
This patch moves all the code into an include which can be accessed from the 'Add a new message' link or the patron toolbar.

EDIT: Ensuring modal opens on all pages
EDIT2: Once the form has been submitted the page will redirect to where you submitted the form from.
EDIT3: Fixing indentation of member-add-message.inc
       Ensuring messages save on every page
       Fill branch
       Ensure predefined notes appear
       Form redirects to where it was submitted from, or just the circulation page.
EDIT4: Removing the new include file and moving it all into the modal in the toolbar
EDIT5: Removing swp file and unnecessary code duplication by utilising plugins
EDIT6: Batch checkout fixes
EDIT7: Ensure you do not get JS error from Comment 24 (Batch checkout syspref must be turned on)

To test:
1) Go to a patron circ page (circ/circulation.pl?borrowernumber=X)
2) Click 'Add a new message' under Messages
3) Confirm this brings up the modal to add a message. Confirm clicking Save saves your message. If it is an OPAC message (for the user), confirm it shows as expected on the OPAC.
4) Click Cancel. Confirm this closes the modal.
5) Click 'Add message' button in toolbar. Complete steps 3 and 4.
6) Confirm the modal opens from all other pages with the members toolbar. Confirm predefined notes shows.
	circ/circulation.pl
	members/moremember.pl
	members/routing-lists.pl
	members/statistics.pl
	members/boraccount.pl
	members/pay.pl
	members/maninvoice.pl
	members/mancredit.pl
	members/readingrec.pl
	members/notices.pl
	members/member-flags.pl
	members/member-password.pl
	members/paycollect.pl
	members/files.pl
        turn on BatchCheckouts syspref and put in appropriate patron category
        circ/circulation.pl?borrowernumber=X&batch=1
7) Confirm that the page redirects to where you submitted the form from once you have submitted it.
8) Go to Check Out tab and confirm your message saved (or OPAC, wherever you saved it)

Sponsored-by: Catalyst IT

Followed test plan, works as expected. (Re-tested for comment #24)
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:20:13 +00:00
981302a473 Bug 16127 - Add discharge menu item to patron toolbar
This patch changes the "Discharge" menu in the patron sidebar to read
"Discharges," and adds a "Discharge" menu item to the patron toolbar.

This adds some redunancy, but fits with the pattern of including "views"
in the sidebar and "actions" in the menu. The discharge feature can be
thought of either way.

To test you must have the 'useDischarge' system preference enabled.

- View the detail page for any patron.
- Confirm that the sidebar menu reads "Discharges."
- Confirm that the "More" menu contains a "Discharge" link which works
  correctly.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-17 15:21:56 +00:00
Marc Véron
3ea6e78909 Bug 15096: Export today's checked in barcodes: Display warning if reading history is set to "never"
If a patron's privacy settings are set to "Never" for keeping a reading history, "Export today's
checked in barcodes" returns an empty file. This patch does not allow to export in such case.

To test:

- Apply patch
- Check out / check in in some items

-Test toolbar:
- On user's detail page, go to More->Export today's checked in barcodes
- Verify that the menu item does not appear if syspref 'intranetreadinghistory'
  is set to 'Don't allow'
- Verify that the menu item appears if syspref 'intranetreadinghistory'
  is set to allow and
  - that the menu item is grayed out with a tooltip if the user has set privacy
    settings to never keep a reading history
  - that the menu item works as before if user's privacy settings allow reading history.

- Test left tab "Circulation history":
- Verify that the left tab "Circulation history" does not appear if syspref
  'intranetreadinghistory' is set to 'Don't allow'
- Verify that the tab appars if syspref 'intranetreadinghistory' is set to 'Allow' and
  - that a message appears if user's privacy settings do not allow to keep the reading history
  - that the export works as before if user's privacy settings allow to keep the reading history

(Amended and changed test plan for comment #9)

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-01-27 06:02:43 +00:00
eb542fb1ff Bug 15571 [QA Followup] - Remove tabs
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-01-27 05:41:21 +00:00
Briana
f118addf0f Bug 15571 reserveforothers permission does not remove Search to hold button from patron account
To Test:
1. Create a user without 'reserveforothers' permission
2. Go onto user details
3. 'Search to hold' button should not be there
4. Create a user with 'reserveforothers' permission
5. Repeat steps
6. 'Search to Hold' button should be there

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Briana <brianagreally@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-01-27 05:41:21 +00:00
Katrin Fischer
3efbad2ce9 Bug 12933: (QA followup) Add missing notice templates and other small fixes
- Fixes page title of slip print window: Members > Patrons
- Fixes error message if no notice template is found
- Fixes a stray template variable that resulted in the
  borrower number showing in the 'Print' pull down
- Fixes xt/sample_notices.t by adding the sample notice to
  it-IT and es-ES

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-04 12:41:29 -03:00
e6127b1bc0 Bug 12933: Add ability to print overdue slip from staff intranet
Some librarians would like to be able to print an overdues slip from the
staff intranet. This slip would be defined as the print transport
version of the ODUE slip.

Test Plan:
1) Apply this patch
2) Locate a patron with overdues
3) Define a print version of the OVERDUES_SLIP slip
4) Try Print > Print overdues

Signed-off-by: Amy Purvis <APurvis@galencollege.edu>
Signed-off-by: Laurie McKee <lmckee@littleelm.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-04 12:41:29 -03:00
0cab6f2ef3 Bug 14915: Use Font Awesome instead of Glyphicons for the staff intranet
We should be using Font Awesome for our icons instead of Glyphicons, for
the reasons discussed on bug 13696.

Test Plan:
1) Apply this patch
2) Note all Glyphicons have been replaced with FA icons in the staff intranet
3) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/modules/
   should give no results
4) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/includes/
   should give no results

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
We need a follow-up to cover the files changes since this
patch was written. Especially to cover the changes in the
label creator modules.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-10-27 10:02:42 -03:00
653d305452 Bug 14910: Redirect to the circulation module after a renew
iIf a patron is renewed from the circulation module, the librarian
should be redirected to the circulation module.
This works correctly if the renew is done from the patron module
(members).

This is caused by a typo in the template: desintation vs destination.

This patch also removes the cardnumber parameter to the setstatus.pl
script, it is not needed given that borrowernumber is always passed.

This has a good side-effect, it will fix bug 14691. The cardnumber does
not exist anymore, so no need to escape it :)

Test plan:
0/ Do not apply this patch
1/ Create a patron with a cardnumber with a quote (rm'me) and another
one without a quote (rmme)
2/ Go on the checkouts page (circ/circulation.pl)
3/ Renew the 2 patrons
=> With rm'me you are redirected to the circ module - ok
=> With rmme you are redirected to the member module - nok
4/ Go on the patron detail page (members/moremember.pl)
5/ Renew the 2 patrons
=> you are redirected to the member module - ok
6/ Delete the patrons
=> Nothing happend with rm'me, there is a JS error on the page - nok
=> rmme is deleted - ok

7/ Apply the patch and recreate rmme
8/ Repeat 2, 3, 4, 5
=> You are redirected to the correct module
9/ Delete the patrons
=> They are successfully deleted

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Followed the test plan, works as advertised. (I did have some problems
initially, but that was caused by me not using the interface in
English...)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-10-02 14:22:16 -03:00
Jonathan Druart
c345694808 Bug 13970: Remove category_type related code
Working on bug 13497 and bug 9314, I run into some Koha vestiges.
The category_type parameter should not be passed to memberentry.
On creating a new patron, the categorycode should be passed, and on
editing, it's useless. We can work with the borrowernumber and retrieve
these values.

Details of the changes:
- members-toolbar.inc: Remove the category_type parameter passed to
memberentry.pl
- memberentrygen.tt: Just remove the useless category_type parameter on
  editing a patron. Also remove the unused one passed to
  guarantor_search.pl.
- tables/members_results.tt: the borrowernumber is enough to edit a
  patron.
- memberentry.pl: check_categorytype is never used in the template, all
  the process to calculate/retrieve it is unnecessary.
- members/nl-search.tt: The borrowernumber is enough to edit a patron.

Test plan:
Try to create and edit patrons and verify that
- the guarantor search still work
- the form (memberentry) behave as before

Edit a patron from the nl-search.pl script (Magnus?)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

On top of 9314 (13497 already pushed)

No evident regressions found, add/edit patron works,
search/set guarantor works.

Cant test nl-patron.pl save for exec it.
prove -v t/NorwegianPatronDB.t runs

No koha-qa errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-11 10:11:01 -03:00
255f02cad1 Bug 12971 - Regression: Patron print summary doesn't show checkouts
A patron's print summary should contain a list of checked out items
as it did in 3.16.2 and earlier.

Please note, as of 3.16.2 reserves were no longer part of the print
summary and thus are not part of this bug fixing patch.

Test Plan:
1) Find a patron with checked out items
2) Choose Print -> Print summary
3) Note the lack of a list of checkouts
4) Apply this patch
5) Reload the page
5) Print the summary again
6) Note the list of checkouts

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works as described, apart from the missing status information
that Owen already noted on the bug.
Passes tests and QA script.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-19 09:49:01 -03:00
Magnus Enger
290341d8db Bug 11401: Add support for Norwegian national library card
This patch makes it possible to sync patron data between Koha and the
Norwegian national patron database, in both directions.

In order to use this, the following information is necessary:
- a username/password from the Norwegian national database of libraries
  ("Base Bibliotek"), available to all Norwegian libraries
- a special key in order to decrypt and encrypt PIN-codes/passwords,
  which is only available to Norwegian library system vendors
- a norwegian library vendor username/password

See http://www.lanekortet.no/ for more information (in Norwegian).

While this is of course an implementation of a specific synchronization scheme
for borrower data, attempts have been made to prepare the ground for other sync
schemes that might be implemented later. Especially the structure of the new
borrower_sync table might be reviewed with an eye to how it might fit other
schemes.

To test:

Since the password and cryptographic key needed to use this functionality
is only available to Norwegian library system vendors, only regression testing
can be done on the submitted code. Suggested things to check:

- Apply the patch and make sure the database update is done. This should add
  the new "borrower_sync" table and five new systmpreferences under the
  "Patrons" > "Norwegian patron database" category:
  - NorwegianPatronDBEnable
  - NorwegianPatronDBEndpoint
  - NorwegianPatronDBUsername
  - NorwegianPatronDBPassword
  - NorwegianPatronDBSearchNLAfterLocalHit
- Check that patrons can be created, edited and deleted as usual, when
  NorwegianPatronDBEnable is set to "Disable"
- Check that the new tests in t/NorwegianPatronDB.pm run ok, e.g. on a
  gitified setup:
  $ sudo koha-shell -c "PERL5LIB=/path/to/kohaclone prove -v t/NorwegianPatronDB.t" instancename
- Check that all the other tests still run ok
- Check that the POD in the new files itroduced by this patch looks ok:
  - Koha/NorwegianPatronDB.pm
  - members/nl-search.pl
  - misc/cronjobs/nl-sync-from-koha.pl
  - misc/cronjobs/nl-sync-to-koha.pl
  - t/NorwegianPatronDB.t

Sponsored-by: Oslo Public Library

Update 2014-09-18:
- Rebase on master
- Split out changes to Koha::Schema
- Incorporate new way of authenticating with NL

Update 2014-10-21:
- Rebase on master
- Use Module::Load to load Koha::NorwegianPatronDB in non-NL-specific
  scripts and modules
- Fix the version number of Digest::SHA
- Fix a missing semicolon in kohastructure.sql

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-14 09:42:23 -03:00
01c101a6b9 Bug 2310: display tooltips explaining why patron menu items are disabled
With some staff client menus options are displayed as disabled when the
logged in user doesn't have permission to perform that function. This
patch adds Bootstrap tooltips to patron menu items with text explaining
why they are disabled.

To test, log in as a user who lacks permission to modify patrons or set
permissions. Open a patron record in circulation or patrons. Hovering
over renew, delete, and set permissions links (in the patron toolbar
"More" menu) should trigger a tooltip with a brief explanation.

Test the "Update child to adult patron" link by viewing an adult patron.

A separate patch will address catalog menu items.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
New tooltip texts are translatable, patch passes all tests
and QA script.
Tested according to test plan in Chromium and Firefox.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-05 16:36:43 +00:00
cb75b23921 Bug 11097 - Hide duplicate patron button if logged in user lacks CAN_user_borrowers permission
The "duplicate" button on the circ/patron toolbar should not appear if
the logged in user lacks permission to edit patron records. This patch
wraps the button in the required logic.

To test, open a patron record in circulation or patrons and view as a
staff client user who both has and doesn't have CAN_user_borrowers
permission. The button should be shown and not shown accordingly.

Signed-off-by: Ed Veal <ed.veal@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-22 12:48:39 +00:00
Galen Charlton
259163d1d7 Bug 9406: ensure confirmation of patron renewal is displayed
When renewing a patron from the patron details page, ensure that
the "Patron's account has been renewed until XXX" is actually
displayed.

This patch introduces a was_renewed CGI and template parameter
to clarify the intent of the relevent template sections.

To test:

- Before applying the patch, renew a patron from the patron
  details page and verify that you don't see the renewal confirmation.
- After applying the patch, renew the patron from the details page
  and verify that the "Patron's account has been renewed until XXX"
  message shows up.
- Renew the patron from the checkout page and verify that the confirmation
  message shows up.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Message now displays for both tabs.
Fixed tab to make QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-30 21:22:00 -04:00
2244905303 Bug 9420 [Revised] Work on Bootstrap for Koha: Circ toolbar
This patch converts the toolbar include file used by Circ and
Patron pages to Bootstrap, replacing YUI button and menu code
with Bootstrap markup.

To test, view any page in circ/ or members/ which uses
members-toolbar.inc (circulation.pl, moremember.pl, etc).
Buttons and menus should look correct and work correctly.

This version adds icons to the toolbar from the icon sprite included
with Bootstrap and revises the sprite to include two new ones, for
"copy" and "place hold" (for use in later patch). This customized
version is left in intranet-tmpl/img in order to keep
koha-tmpl/lib/bootstrap free of customized files.

Also added in this patch, a CSS tweak to override a style in the default
Bootstrap CSS for a class "close" which is already in use by Koha. To
replicate the Boostrap "close" class use "closebtn"

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: All buttons works, and they look good.
Tested with Chrome and Firefox. In Chrome I see the buttons with
drop-down a little (1px) below the others.
In Firefox the alignment is ok.
No errors.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-15 09:04:17 -05:00
Fridolyn SOMERS
714075d5c1 Bug 8942: Translation process breaks javascript
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I tested most scripts affected by this patch and visually verified
all changes. Functionality is unaffected.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-31 11:00:24 -05:00
Liz Rea
f13de4bdb6 Bug 6574 - js error in en-GB and en-NZ translations due to improper quoting
To replicate:

* install en-NZ translation (or en-GB)
* activate the new language, and select it for use
* pretend you are going to issue a book to a member (search for a member from "check out" in header)
* without the patch, the toolbar will be incorrect. The toolbar will also be incorrect on moremember.pl.

To test:
* apply the patch
* re-generate the en-NZ or en-GB translation
* activate the new language, or select it for use
* pretend you are going to issue a book to a member (search for a member from "check out" in header)
* with the patch, the toolbar will appear to be correct. It will also be correct on moremember.pl.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-14 23:17:08 -05:00
8fd75227fc Bug 6261 [Revised] Consolidate patron toolbar include files
The staff client has two almost identical include files which
can be consolidated: circ-toolbar.inc and members-toolbar.inc.
This patch marges the slight differences between them and
eliminates circ-toolbar.inc, that being the one which was used
on fewer pages.

In order to accommodate the different "destination" variable
for operations which redirect back either to circ or patrons,
circulation.pl defines "destination" in the template.

Revision corrects a redirect error in setstatus.pl which
predates this patch but which never showed up until now.

To test, perform various operations from the toolbar on at least
two pages: circulation.pl and moremember.pl.

Operations: Edit, add child, duplicate, change password, print (all
options), search to hold, renew, set permissions, delete, update child
to adult, and export checked-in barcodes. In most cases simply
confirming that the link takes you to the right place is enough.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-27 18:36:42 -05:00
Lyon3 Team
ce138ac96f Permission for change password button in members toolbar should be borrowers instead of staffaccess
http://bugs.koha-community.org/show_bug.cgi?id=8242
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-07-04 16:32:18 +02:00
f87085e65e Bug 2733 - Can't print patron account
Changing "print page" link to "print summary." I hope this will
alleviate the suggstion that the option prints the current page.

- Changed "Quick slip" to "Print quick slip" to make it consistent
  with the other options in the menu

- Corrected the case of other text strings as required by
  Bug 2780.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-04-06 18:30:35 +02:00
85592866ab Bug 2780 - Capitalize strings consistently (Patrons)
Correcting Patron-related includes

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-04-04 17:54:37 +02:00
Aleksa Vujicic
3982d97af3 Bug 6964 - 'Add child' function should be dependant on system preference 'borrowerRelationship'
The 'Add Child' button is not shown if 'borrowerRelationship' is empty.

System preference description changed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-02 11:36:05 +01:00