Commit graph

26 commits

Author SHA1 Message Date
0af9d12027
Bug 34478: Fix op variable in item circulation alerts
The AJAX call in the template still used "action" instead of
"op".

The patch also fixes references to "action" in the POD and corrects
"toggle" to "cud-toggle".

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:59:31 +01:00
987938a558
Bug 34478: Rename action with op - admin/item_circulation_alerts
Also fix possible XSS.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:36 +01:00
18e808240f
Bug 34478: op =~ ^cud- in pl/pm
This is the result of
  bash op_must_start_with_cud-perl.sh

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:11 +01:00
5d60b72bcc
Bug 32122: Correct permissions check on item circulation alerts
This patch changes the check from 'item_circ_alerts' to 'manage_item_circ_alerts'

To test:
1 - Give an account catalogue and manage_item_circ_alerts permissions
2 - Log in to staff client iwht this account
3 - Browse to Admin->Item circulation alerts
4 - Error, you do not have permission to view this page
5 - Apply patch
6 - Restart all
7 - Browse to page agian, success!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-11-07 11:17:40 -03:00
d02e91f269 Bug 29859: Use iterator instead of as_list
On bug 29844 we decided to remove wantarray from Koha::Objects->search.
Reviewing the difference occurrences I found some unnecessary uses of ->as_list,
where iterators should be used instead.

This patch only removes the obvious places, not the tricky ones.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:23 -10:00
e53667105d Bug 29844: Fix ->search occurrences
and some more...

There are lot of inconsistencies in our ->search calls. We could
simplify some of them, but not in this patch. Here we want to prevent
regressions as much as possible and so don't add unecessary changes.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:23 -10:00
9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00
f6e0b04f48 Bug 23271: Replace search_limited with search_with_library_limits
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-21 15:25:07 +02:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
Katrin Fischer
252f4674a5 Bug 14391: Add granular permissions to the administration module
So far the administration module only allowed for 2 permissions:
- circulation conditions (manage_circ_rules)
- everything else (parameters_remaining_permissions)

With this patch almost every section of the administration page
will have its own granular permission.

To test:
- Create different staff users:
  1) One with parameters_remaining_permissions
  2) One with parameters
  3) One with catalogue and no parameters
  4) One superlibrarian
- Apply the patch
- Run the database update
- Check the staff users:
  1) All subpermissions, but manage_circ_rules
     should be checked
  2) Nothing should have changed
  3) manage_item_serach_fields shoudl be checked
     (page had catalogue permission before)
  4) Nothing should have changed
- Try different settings of the permissions and
  verify that
  - Administration page behaves correctly
  - Administration menu behaves correctly
  ! You shoudl only see what you have permission for

https://bugs.koha-community.org/show_bug.cgi?id=14391

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-07 12:29:32 +00:00
Jenny Way
3f6a7933b8 Bug 19992: use Modern::Perl in Admin perl scripts
Test plan:
Check use warnings; use strict doesn't exist and use Modern::Perl is written instead in the following files:

admin/admin-home.pl
admin/aqcontract.pl
admin/aqplan.pl
admin/auth_tag_structure.pl
admin/branch_transfer_limits.pl
admin/check_budget_parent.pl
admin/check_parent_total.pl
admin/checkmarc.pl
admin/classsources.pl
admin/clone-rules.pl
admin/didyoumean.pl
admin/edi_accounts.pl
admin/edi_ean_accounts.pl
admin/import_export_framework.pl
admin/item_circulation_alerts.pl
admin/marctagstructure.pl
admin/matching-rules.pl
admin/printers.pl
admin/smart-rules.pl
admin/systempreferences.pl
admin/transport-cost-matrix.pl

Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-05 09:45:46 -03:00
df97814f30 Bug 15758: Koha::Libraries - Remove GetBranches
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 14:36:03 +00:00
6ee8dd3a59 Bug 15407: Koha::Patron::Categories - replace C4::Category->all
The C4::Category module contained only 1 method to return the patron
categories available for the logged in user.
The new method Koha::Patron::Categories->search_limited does exactly the
same thing (see tests) and must be used in place of it.

Test plan:
- Same prerequisite as before
For the following pages, you should not see patron categories limited to
other libraries.
- On the 'Item circulation alerts' admin page
  (admin/item_circulation_alerts.pl), modify the settings for check-in
  and checkout (NOTE: Should not we display all patron categories on
  this page? If yes, it must be done in another bug report to ease
  backporting it).
- Search for patrons in the admin (budget) and acquisition (order) module.
- On the patron home page (search form in the header)

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 13:29:03 +00:00
aafe73eefb Bug 14828: Use Koha::ItemType[s] everywhere C4::ItemType was used
This patch mainly replaces C4::ItemType->all with
Koha::ItemTypes->search.

Test plan:
At the places where the C4::ItemType module was used, confirm there is
no regression:
- acqui/neworderempty.pl
- catalogue/itemsearch.pl
- admin/item_circulation_alerts.pl
and the 2 cataloguing plugins:
- marc21_linking_section.pl
- unimarc_field_4XX.pl

QA step:
prove t/db_dependent/HoldsQueue.t should return green
Note that the tests were buggy.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 20:46:58 +00:00
Jonathan Druart
ba0f84b46c Bug 9978: (followup) Replace license header with the correct license (GPLv3+)
There was another form of the v2.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:43 -03:00
Jonathan Druart
7431f8cfe2 Bug 11944: Fix encoding issue in C4::ItemType
There is no need to encode strings coming from DB.

To reproduce:
go on admin/item_circulation_alerts.pl
The headers contain bad encoded characters.

Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:33 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
Srdjan
c1e5462db1 bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2012-07-23 10:43:59 +02:00
Dobrica Pavlinusic
4905c80974 Bug 7798 - admin/item_circulation_alerts.pl plack scoping
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-03-26 18:09:36 +02:00
ec6aaaebb0 bug 3581: fix staff permission for item circ alerts
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 09:46:39 -04:00
Galen Charlton
ed3621aa47 remove editor settings
Me, I use ed(1) for everything...

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-02-04 14:47:42 -06:00
John Beppu
9035706950 bug 323: Item Circulation Alerts UI Fixes
- fixed cross browser issues.  (IE and Safari don't let you say
  someobject.class, presumably because "class" is a keyword that's reserved
  for future versions of JS.  Firefox and Opera allow it.)

- added text to the grid for added clarity.

Signed-off-by: Daniel Sweeney <daniel.sweeney@liblime.com>
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-02-04 13:59:03 -06:00
John Beppu
2270ecaa90 Brand New UI for Alert Configuration
- grid layout (javascript required now)
- makes distinction between checkin and checkout messages
- no longer have to click on a button to submit the branch selection form

Signed-off-by: Daniel Sweeney <daniel.sweeney@liblime.com>
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-02-04 13:57:48 -06:00
John Beppu
233010f451 Branch Level Notification Config
- This will allow admins to disable notifications for any combination of
  branch, patron category, and item_type.
- Still working on this...

Signed-off-by: Daniel Sweeney <daniel.sweeney@liblime.com>
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-02-04 13:55:38 -06:00