This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several acquisitions templates to use the Bootstrap
grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Acquisitions home page -> Click a "spent" value for a fund.
- Acquisitions -> Vendor -> Vendor details.
- Acquisitions -> Vendor -> Uncertain prices
- Acquisitions -> Vendor -> Receive shipments
- Click an "Invoice number" link in the table of shipments.
- Click "Receive" for one of the titles in pending orders.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies even more staff client acquisitions templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Acquisitions -> Vendor -> Vendor details
- Contracts datatable
- Edit vendor
- Add contacts, form validation
- Acquisitions -> Vendor -> Invoices -> Invoice -> "Go to receipt"
- Datatables, MARC and Card previews
- Transfer
- Confirmation of transfer, window closes
- Acquisitions -> Vendor -> Receive shipments
- Datatables, date pickers
- Acquisitions -> Available funds table -> Spent report
- Datatables
- Acquisitions -> Vendor -> Uncertain prices
- Datatables, form validation
- Acquisitions -> Vendor -> Basket -> Add to basket from external source
- Select and clear all on search form
- Search results
- Datatables, MARC and Card previews, in-table pop-up controls
(click any table cell)
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test
1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx
xx is booksellerid
2. Add a text in the field Vendor invoice that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped
Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The staff client CSS is not language-specific, so it can be moved out of
the en/ directory and thus not be duplicated for every translation.
In order to be able to have a generic path to the YUI CSS files, the YUI
directory is moved by this patch to the staff client's lib/ directory.
To test, apply the patch and visit various pages in the staff client.
Look in particular at pages which include more than the standard CSS.
For example:
- The staff client login page.
- The staff client home page.
- Patron -> Set permissions.
- The advanced cataloging editor.
- Acquisitions -> Vendor -> Basket groups.
- Tools -> News -> Edit news.
- Administration -> System preferences.
Revised: I intended for this to be built on top of Bug 15883. Now it is.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883
Works as described, all pages on test plan
No Errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
EDIT: Added 'validated' class to form and removed 'Required' span (became unnecessary)
To test:
1) Go to Acqui -> Do a vendor search
2) Receive a shipment
3) Attempt to click 'Next' without specifying invoice number. Notice error.
4) Go back to vendor search then apply patch. Click Receive shipment
5) Notice you cannot click 'Next' until you put something in invoice number.
Sponsored-by: Catalyst IT
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The "highlight" class on table rows is unnecessary since we have a CSS
rule which defines colors for alternating row colors. This patch removes
use of the "highlight" class from templates and removes the definition
from staff-global.css
To test, view the affected pages and confirm that the change has not
broken anything.
Acquisitions -> Vendor -> View basket
Acquisitions -> Late orders
Acquisitions -> Ordered
Acquisitions -> Vendor -> Receive shipment
Acquisitions -> Spent
Acquisitions -> Vendor details -> Contracts table
Administration -> MARC frameworks (comment removed only)
Administration -> Class sources
Authorities -> Authority search results
Catalog -> Bibliographic detail page -> Items -> View item's checkout
history
Catalog -> subject.tt (is this template used?)
Cataloging -> Cataloging search results
Patrons -> Patron account
Reports -> Patrons who haven't checked out
Reports -> Statistics wizards -> Patrons
Reports -> Top lists -> Most-circulated items
Reports -> Inactive -> Items with no checkouts
Reports -> Reports dictionary
Reports -> Statistics wizards -> Circulation
Reports -> Statistics wizards -> Holds
Holds -> Place a hold -> Existing holds table
Serials -> New subscription -> Search for a vendor -> Search results
Serials -> Check expiration
Serials -> Subscription -> Serial collection
Serials -> Subscription -> Serial collection -> Edit serials
Suggestions
Tags -> View tags -> View titles with a tag
Tools -> Manage staged MARC records -> Batch (I think the affected
section of this template is obsolete)
Tools -> Log viewer -> Log result
Lists -> View lists (May be broken by Bug 15916)
Note that if you search the templates for instances of a <tr> with a
"highlight" class you'll find two instances in slip templates which
refer to a class defined in printreceiptinvoice.css.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Looks good. Haven't seen any regression.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Changes the 'Fund' to 'Shipping fund' so it's clear
what the fund setting is used for.
To test:
- Receive a new shipment
- Verify that 'Shipping fund' displays on the parcels page
- Search for your invoice
- View invoice details
- Verify that 'Shipping fund' displays on the invoice page
Followed test plan (changed lines: '...cost' -> '...fund')
Display OK on both places.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch replaces all use of C4::Dates with Koha::DateUtils, which is
the best practice to follow.
It also fixes a bug on the invoice search, the shipment date (from and
to) were not passed correctly from one page to the other.
Test plan:
1/ Search for orders using the different filters
2/ Create an invoice, try with setting and leaving empty the date
fields.
Default should be an undefined value (not today)
3/ Search for invoices and use the 4 different filters.
Close and reopen invoices.
The filters should be kept from one page to the other (not that it does
not work with shipment date before this patch).
4/ Receive an order, on creating the invoice, the default date should be
today.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It does not make sense to have 2 paginations here.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Numbered links have incorrect url. Links to result pages
don't work in Receive Shipment List (but fortunately, Next
and Previous buttons work) It's because the booksellerid is
not furnished in the url.
Test Plan :
1) Go to Acquisitions module, enter a bookseller name that you
know you can get many page of invoices for and search for it.
2) click on Receive shipment button.
3) On bottom of the first results page, click on page number 2
link. (cf joined screencast)
You'll see that the results include invoices from other
booksellerid. Indeed, I suppose that you get results from all booksellerid.
Intall patch and redo 3 steps.
NOTE: I did not follow this test plan.
I read the acqui/parcels.pl code.
The template parameter numbers is assigned in a function which has
no reference to booksellerid at all!
Additionally, the booksellerid is set directly elsewhere.
It is also strange that the booksellerid references before and after
this loop do not use the numbers.booksellerid, but just booksellerid.
The change from numbers.booksellerid to booksellerid is correct!
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
'Show all' in acquisition makes the inactive funds in the fund list
box visible. This patch changes the text to 'Show inactive' to be more
clear about the functionality.
Patch changes 2 pages. To test:
1) Order from staged file
- make sure you have uploaded a few records via the tools
- create a new order using the 'From a staged file' option
- select a file to order from - 'Add orders'
- Verify the 'Select to import' tab now displayed the text
'Show inactive funds' and that it works as expected
- Switch to the 'Default accounting details' tab
- Verify the text there is also changed to 'Show inactive' and
works like expected.
2) Receive shipment
- receive a new shipment for a vendor with unreceived orders
- Verify the label next to the fund list has changed to
'Show inactive' and works as expected.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Simple string change, no errors.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch replaces the last occurrence of <acronym> with <abbr>.
To test:
- Apply this patch on top of the first patch and check that
"grep -r "<acronym" koha-tmpl/*/*/en/*" does not return any hits.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The date filters on the parcel page would only work with
dates formatted YYYY-MM-DD.
To test:
- Select a vendor, that already has a few invoices
- "Receive shipment" - you are on the parcels page
- Use the From and To filters on the left, notice there
is now a date picker on those fields
- Verify the search works correctly for different date
formats
Signed-off-by: Nicole <nicole@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
When creating an invoice which has a duplicated number, if the user chooses to 'Create new invoice anyway', previously entered shipment date (todays date by default) is not being saved, because the date value is passed to the script in the wrong format (acqui/parcels.pl expects shipmentdate parameter to be in the system-configured date format, but what it's getting in such cases is ISO-formatted date instead). As a consequence (when receiving orders from invoice whith empty shipment date) 'datereceived' field in order records are also not being populated. Here and there, Koha is using datereceived field to establish if the order was received or not received, so such not-quite-complete orders:
- can be cancelled from the basket (even when they are de facto already received),
- it's not possible to cancel receipt of those orders from the invoice (because Koha is considering them as not yet received).
To reproduce:
1) Make sure you have some system date format configured in your test environment which is different from ISO format (e.g., DD/MM/YYYY) and the AcqWarnOnDuplicateInvoice syspref is enabled
2) Create some invoice with e.g. '11111' number,
3) Create another invoice with the same number (using 'Create new invoice anyway' button)
4) Try to create yet another invoice with the same number; observe that already existing invoice created in step 3) does have empty shipment date.
5) Optional: create some orders and receive them from the invoice with empty shipment date; observe that such orders are not being treated as received in all places (e.g. it's not possible to cancel receipts of such orders, and the message displayed is not in any way helpfull to determine why not).
To test:
1) Apply patch
2) Retest
3) Ensure that the issue is no longer reproductible, and that there are no apparent regressions of any kind.
Signed-off-by: simith <simith@inlibro.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tiny change fixing a bad bug. No problems found, passes tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If there is an error during the receive shipment process the error
message is incorrectly styled. This patch fixes it.
To test you can trigger the error by accessing the page with incorrect
or missing parameters:
/cgi-bin/koha/acqui/parcels.pl?op=confirm
This should trigger the message. Apply the patch and confirm that the
error is now styled consistently with others in the staff client.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Small template change, works as described.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch removes instances of dt_add_type_uk_date() from acquisitions
templates and updates sorting configurations according to current
guidelines.
In cases where a formatted date was passed from a Perl script, the
script has been modified to pass an unformatted date.
Several instances of the no longer valid align attribute have been
removed from <td> tags in favor of an existing "data" class which is
suitable for display of currency values.
To test, view the following pages in Acquisitions. Columns containing
dates should sort correctly regardless of dateformat system preference
setting. Columns containing bibliographic titles should ignore articles
when sorting.
- Add to an order from a staged file: The table of staged files should
sort correctly. After clicking "add orders" for one of the staged
files, the table of titles in that staged file should also be sorted
correctly.
- Add to an order from a subscription. The table of subscription search
results should sort correctly.
- Orders search results should sort correctly.
- Late orders should sort correctly.
- Search for a vendor. Click on the vendor name to view the vendor
detail page. The table of contracts on this page should sort
correctly.
- From the Acquisitions home page click a number in the "spent" column
of the table of available funds. The table of orders should sort
correctly.
- From the Acquisitions home page click a number in the "ordered" column
of the table of available funds. The table of orders should sort
correctly.
- From a vendor detail page, click the "Receive shipments" button. On
the receive shipments page the table of shipments should be sorted
correctly.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Found this typo while testing bug 11170.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adapts the fund-handling code from neworderempty.pl
in order to limit the display of funds by default to active ones,
with the option to check a box to display all funds.
This patch also adds "(inactive)" to the display of funds on this and
the neworderempty.tt template because it seemed like that was useful
information.
To test, make sure you have both active and inactive funds.
Start the process of receiving a shipment. The "fund" option
in the receive shipment form should show only active funds.
Checking the "show all" checkbox should allow you to choose
from both active and inactive funds.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
To test:
[1] From (e.g.) vendor search results, click on one of the
receive shipment buttons. Verify that the focus
is on the 'vendor invoice' field.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds an upgraded copy of the DataTables plugin to the jQuery
plugin directory outside the theme directories. Copies of the old
DataTables plugin scripts have been left in the old location while
templates are incrementally updated.
To test, visit each affected page in Acquisitions and confirm that table
sorting still words correctly:
- Acquisitions home
- Acquisitions -> Late orders
- Acquisitions -> Order search
- Acquisitions -> Ordered (from table of available funds)
- Acquisitions -> Spent (from table of available funds)
- Acquisitions -> Vendor search
- Acquisitions -> Vendor detail
- Acquisitions -> Vendor -> Basket
- Acquisitions -> Vendor -> Basket -> Add order from existing record
-> Add order from suggestion
-> Add order from subscription
-> Add order from external source
-> Add order from staged file
- Acquisitions -> Vendor -> Basket groups
- Acquisitions -> Vendor -> Uncertain prices
- Acquisitions -> Vendor -> Invoices
- Acquisitions -> Vendor -> Invoices -> Invoice
- Acquisitions -> Vendor -> Receive shipments
- Acquisitions -> Vendor -> Receive shipments -> Receipt summary (click
invoice number)
Also test one or more pages which have not been modified to confirm that
old DataTables assets are still in place and working (ex: Circulation,
Quotes editor, Saved reports, etc.)
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Edit: Rebased on current master
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests und QA script pass. I found some smaller bugs, that
also appeared on master without the patch applied. For some datatables
I struggled with a result set of over 5.000 lines - there is room for
improvement where a lot of data can be shown.
testing notes:
- Acquisitions home
- Amounts don't sort correctly before and after the patch, see bug 10792.
- Acquisitions -> Late orders
- OK.
- Acquisitions -> Order search
- OK.
- Acquisitions -> Ordered (from table of available funds)
- OK.
- Acquisitions -> Spent (from table of available funds)
- OK.
- Acquisitions -> Vendor detail
- OK.
- Acquisitions -> Vendor -> Basket
- OK.
- Acquisitions -> Vendor -> Basket -> Add order from existing record
- Datatables seems not to be in use here?
-> Add order from suggestion
- OK.
-> Add order from subscription
- OK.
-> Add order from external source
- OK.
-> Add order from staged file
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Some vendors ship materials from the same invoice in multiple packages.
In those cases, it would be good to notify the librarian when they enter
a duplicate invoice number, so that they can continue receiving on the
previously-created invoice, rather than creating an invoice with a
duplicate number.
To test:
1) Apply patch and run database update.
2) Make sure that you have created at least one invoice on
acqui/parcels.pl and take note of the invoice number.
3) Try to create an invoice with the same invoice number.
4) Note that without changing your configuration this works exactly
the same as before.
5) Turn on the AcqWarnOnDuplicateInvoice system preference.
6) Try to create a new invoice with the same number as the one you
noted earlier.
7) Make sure you get a warning about a duplicate invoice.
8) Choose to receive on the existing invoice.
9) Confirm that you are receiving on said existing invoice.
10) Start the receiving process over, and this time choose "Create new
invoice anyway."
11) Confirm that you are now receiving on a new invoice.
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
I have followed the test plan, but also checked some more things:
- Checking the duplicate check works when you have the entered
invoice number in your database multiple times already.
- Checking that no duplicate message is shown if you enter the
invoice number and it's already been used for an invoice from
another vendor.
Looks all good. I think the only thing we could argue about here
is if this could be activated by default for new installations.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Changes are:
budget > where actually fund is meant
branch > library
bookseller, supplier > vendor
To test:
1) Receive a shipment, check the little form where you
enter your invoice number for correct use of terms.
2) Receive some orders and save finish receiving.
3) Search for your created invoice. Check filters and
results table for correct use of terms.
4) Look at the details of your invoice, repeat check there.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch adds the JS required to enable correct sorting
of dates in DD/MM/YYYY format to pages which require it.
To test, set your dateformat accordingly and confirm on the
affected pages that dates are sorted correctly.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Resolved conflict in serials/serials-search.tt.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
- New pages:
- invoices.pl: allow to search in invoices on several criteria
- invoice.pl: permit to view and modify invoice details
- shipment date
- billing date
- shipment cost and budget used for shipment cost
Invoice informations are now stored in their own sql table and aqorders
have a link to it
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
All instances of the old DynArch calendar have been replaced with
jQueryUI versions and the old library files have been removed.
calendar.inc has been modified to include jQueryUI localization
strings and global configuration options. Just add a "datepicker"
class to an input field to trigger a datepicker prompt.
If you would like two fields in one from to limit each other (one
is date from, one is date to), add these classes to each:
"datepickerfrom" and "datepickerto." This will prevent an invalid
entry, e.g. a date in the latter which falls before the former.
jQueryUI is now upgraded to the latest verision, 1.8.21.
Edit: Now with proper translatability, date formatting, first day
of the week handling, and RTL support.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA Comment: rebased on current master; minor merge conflicts with other patches pushed
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This is the first patch for bug 7760 and touches all pages in acquisitions.
This adds a unique id "acq_<filename>" and a class "acq" to the body tag of
each page in acquisitions.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
New revision updates for current master and cleans up new
instances introduced by recent commits.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
2 problems found, fixing those in follo up patches:
- late orders don't allow more than 1 order to be selected
- basketgroups: 'Edit vendor' does the same as 'Manage orders'
