This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This alternate patch adds a new icon to the sprite image which gives
icons to the link on the staff client home page. It modifies the CSS
positioning for all the links as the new image sprite is somewhat
different.
The SVG file from which the sprite image was generated is also updated,
and the about page has been updated to give credit to the creator of the
icon.
Unrelated change: The cataloging link is moved to the second column.
Although it's probably rare for all modules to be enabled and available,
this puts the same number of links in each column.
To test, apply the patch and clear your browser cache if necessary. With
interlibrary loan enabled, view the staff client home page and confirm
that all the module links look correct, including when you hover your
mouse over them.
Confirm that the about page lists the new icon under the "licenses" tab.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Without this patch only catalogue permission was required
for managing suggestions. This patch adds a new permission
in the acquisition module do manage suggestions and updates
staff user permissions accordingly.
To test:
- Make sure there is a pending suggestion
- Create a few users with different permission sets:
- User 1: only catalogue
- User 2: any acquisition permission
- User 3: cataloguing permission
- Check all of them can access: /cgi-bin/koha/suggestion/suggestion.pl
- Apply the patch
- Verify all of them now have the suggestions_manage permission
- Verify everything displays correctly on:
- intranet start page
- patron account in staff
- acquisition start page
- suggestion page (try to access by URL too)
- Remove suggestions_manage for a staff user
- Repeat tests above, access should be denied/links not visible
Bonus:
- Fixes the link on the acquisition start page for late orders
to mage the permissions of the page itself: order_receive
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
It's safer to send what we need from C4::Auth it's needed from a whole
module.
The SELECT COUNT(*) query will only be done when needed (so not made
from scripts outside of circ)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Fixing the comments in Comment 42
Ready to test
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a user permission for managing issue notes, and a 'noteseen'
column to the issues table.
To test:
1) Apply Bug 14224 first
2) Apply this patch, update database, rebuild schema.
3) Restart koha-common and memcached
4) Turn on AllowCheckoutNotes syspref if haven't already
5) Issue two items to two different users (one item each)
6) Log into the OPAC as one of the users and add an issue note to their
issue
7) Log out and log back into the OPAC as the other user
8) Disable Javascript
9) Refresh opac-user.pl
10) Leave a checkout note on their issue
11) Enable javascript and log into the Staff Client as a superlibrarian
user
12) Go to your user's account and edit their permissions to have
everything ticked EXCEPT circulate->manage checkout notes.
13) Go to main intranet page. There should be no message saying
'checkout notes pending'.
14) Go to circulation home page. There should be no link to Checkout notes.
15) Go back to user's permissions and tick circulate->manage checkout notes.
16) Go back to main intranet page. There should now be a message at the
bottom saying 'Checkout notes pending: 2'
17) Go to circulation home page. There should be a link to Checkout notes
with a 2 next to it. Click this link
18) Attempt to mark an checkout note as seen. This should update the status
of the checkout note to 'seen' and disable to 'mark as seen' button while
enabling the 'mark as not seen' button.
19) Test both buttons with both issues.
20) Test select all and clear all buttons
21) Confirm that buttons at the bottom are only enabled if a checkbox is
checked
22) Try selecting both issues and using the buttons at the bottom to
mark multiple issue notes at once.
23) Confirm the barcode link to the item works as expected.
24) Confirm the cardnumber link to the user works as expected.
25) Confirm all table details show correctly.
Sponsored-by: Catalyst IT
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Remove self-checkout permissions
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Removed the test for CAN_user_superlibrarian as requested
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the following additional conditions to the display of
both the ILL Requests drop down "More" menu option and the "ILL Requests"
option on the intranet front page:
Before:
[% IF Koha.Preference('ILLModule') %]
After:
[% IF Koha.Preference('ILLModule') && (CAN_user_ill || CAN_user_superlibrarian) %]
This prevents the options being displayed to users who have no
permissions to work with ILL.
Test plan:
View both the intranet front page and "More" dropdown while logged in as
a user without ILL permissions, ensure the options do not display. Then
do the same with a user with ILL permissions, ensure the options do
display.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes template and CSS changes so that the staff client main
page doesn't get an unwanted top margin from the Bootstrap-grid
conversion.
- The unused "main" class is removed from the login page
- The "main" class on the staff client home page is changed to
"intranet-main."
- The CSS for the staff client home page has been modified accordingly.
To test, apply the patch and clear your browser cache if necessary.
- Open the staff client login page. It should look as it always does.
- Log in and check the style of the main page. There should be no white
margin at the top of the page.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your group.
Technical note:
Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
That meant
borrowers => 1
and
borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch rewrites the markup of the staff client home page to use the
Bootstrap grid instead of the YUI grid, taking advantage of Bootstrap's
built-in responsiveness.
This patch does not affect the logo and search form in the header. It
will be necessary to address search forms in another patch.
To test, apply the patch and clear your browser cache if necessary. For
better results, apply the patch for Bug 19851 as well.
- View the staff client home page and test the layout at various browser
widths.
- Test with and without news items
- Test with and without content in IntranetmainUserblock
Signed-off-by: Dominic Pichette <dominic.pichette@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This Commit is at the heart of adding an interlibrary loans framework
for Koha. The framework does not prescribe a particular workflow.
Instead it provides a general framework that can be extended &
implemented by individual backends whose responsibility it is to
implement a specific workflow.
The module is largely self-sufficient: it adds new tables to the Koha
database and touches only a few files in the Koha source tree.
Primarily, we add our files to the Makefile and the koha-conf.xml,
define ill paths for the REST API, and introduce links from the main
intranet, opac pages & user permissions.
Outside of this we simply add new files & functionality.
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
From
commit 0492fcf87f
Bug 17855: Onboarding tool
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
@@ -1,5 +1,3 @@
-[% USE Koha %]
-[% SET footerjs = 1 %]
+[% USE Koha %] has been re-added by
commit 151cdcd133
Bug 18673: News author does not display on staff client home page
But not the footerjs = 1
Test plan:
From the main page of the staff interface, delete a news item
Without this patch applied you will not get a JS confirmation message
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Trivial fix.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There are some more files that expose parts of tt diretives to translations, mostly due to
line breaks inside directives.
Files covered with this Bug:
koha-tmpl/intranet-tmpl/prog/en/includes/authorities-search-results.inc
koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
koha-tmpl/intranet-tmpl/prog/en/includes/search_indexes.inc
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/issuehistory.tt
koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
koha-tmpl/intranet-tmpl/prog/en/modules/members/members-update.tt
To test:
- Review code, verify that line breaks are removed
- Run QA tools
- Bonus test: Create a "language" aa-AA and verify that no fragments
containign %%] are picked for the 6 files
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
News authors do not display on staff client homepage, independently of
syspref 'NewsAuthorDisplay'. This patch fixes the issue.
To verify:
- Create news with display location 'All'
- Set syspref NewsAuthorDisplay to 'Staff client only' or 'Both OPAC and staff client'
- Go to staff client
- Verify that news author does not appear (but it should)
To test:
- Applly patch
- Verify that news author is displayed as expected
Followed test plan works as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Tested 3 patches together on current master
- Dropped database
- Recreated database
- Went through installer
- Language en, Marc21
- Installed mandatory data only
- Went through Onboarding tool
- After finishing, logged in as superlibrarian
that was created by onboarding tool
Everything worked fine.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch alters the header and footer include files so that JavaScript
can be included in either one or the other. As a proof of concept, the
staff client home page is updated to include JS in the footer instead
of the header.
The processing of JavaScript included on individual pages can now be
similar to how it is done in the OPAC. A block is created with the
page's JavaScript which is then processed in js_includes.inc in the
correct order, after other required js assets.
On pages which have been modified to allow JavaScript to be moved to the
footer you must add a variable to the template: [% SET footerjs = 1 %].
Eventually all staff client templates should be modified so that setting
a flag is not required.
"[% MACRO jsinclude BLOCK %]" is used instead of "[% BLOCK %]" and "[%
PROCESS %]" because MACRO allows the template directives to be
processed correctly when included by intranet-bottom.inc.
To test, apply the patch and view the staff client home page.
- Confirm that you get a confirmation when deleting a news item from the
home page.
- Enable the CircAutocompl system preference and test that patron
autocomplete works from the "Check out" tab from the staff home page
and from other pages where the "Check out" tab is present.
- Test that JavaScript is working correctly on other pages like
Circulation, Preferences, etc.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch fixes two minor errors in the markup around displaying news
on the staff client home page: Adding a missing "class" attribute, and
changing the container around news items from <p> to <div> (because news
items might contain <p> and nesting them is incorrect).
To test, apply the patch and view the staff client home page with news
items showing. Validate the page and confirm that there are no errors.
Signed-off-by: Marc <veron@veron.ch>
Revision for QA removes an extra </div> from elsewhere in the template
to make the validator return no errors.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jennifer Schmidt <jschmidt@switchinc.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the use of event attributes from several templates
where the attributes were used to handle deletion operations. I've
grouped these changes in one patch because each template had only small
changes to be made.
Unrelated change: Reformatted the "no news items" message which is
displayed if there are no news items.
To test, apply the patch and test deletion operations on the following
pages. Clicking "delete" should prompty you to confirm. Test both the
confirm and cancel actions.
- On the staff client home page, test deletion of a news item.
- On the patron lists page, test deletion of a patron list.
- In the patron card creator, choose Manage -> Images. Test the "Delete"
button for a single image.
- On the news page, test deletion of a single news item.
- On the news page, test deletion of multiple items.
Signed-off-by: Arslan Farooq <arslanone@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The staff client CSS is not language-specific, so it can be moved out of
the en/ directory and thus not be duplicated for every translation.
In order to be able to have a generic path to the YUI CSS files, the YUI
directory is moved by this patch to the staff client's lib/ directory.
To test, apply the patch and visit various pages in the staff client.
Look in particular at pages which include more than the standard CSS.
For example:
- The staff client login page.
- The staff client home page.
- Patron -> Set permissions.
- The advanced cataloging editor.
- Acquisitions -> Vendor -> Basket groups.
- Tools -> News -> Edit news.
- Administration -> System preferences.
Revised: I intended for this to be built on top of Bug 15883. Now it is.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883
Works as described, all pages on test plan
No Errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds a confirm message for deleting a news item from the home page in the staff client. It also gives the ability to delete an individual news item from koha-news.pl with a confirm message. The buttons on koha-news.pl are now styled as font awesome buttons.
To test:
1) Go to main intranet page. Click 'Delete' for a news item.
2) Confirm that Cancel stops the Delete, and OK deletes the item and takes you to tools/koha-news.pl
3) Confirm that the buttons (Edit and Delete) on koha-news.pl are now styled as font awesome buttons and the buttons don't wrap on a narrow browser.
4) Confirm that the column heading for the buttons is now "Actions".
5) Confirm that clicking Delete triggers a confirm message. Confirm that Cancel stops the Delete, and OK deletes the item and it no longer shows in the News table or anywhere else.
Sponsored-by: Catalyst IT
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended-patch: just split the td on several lines for readability.
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch removes sentence splitting of the database administrator warning with
a button styled link.
Additionally, it uses the same wording as in the warning on the 'About' page.
To test:
- Apply patch
- Log in to Staff client as database administration user
- Verify that the wording of the warning is the same as on the About page (Tab
'System information')
- Verify that the link to the patron administration page is styled as a button
and behaves correctly
NOTE: Actually, the category is irrelevant. But I like the improved message.
Categories may or may not be set up at the initial log in.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
If permission 'circulate_remaining_permissions' is not set, links to 'Circulation'
(/circ/circulation-home.pl) on the intranet home page lead to an error
message: "Error: You do not have permission to access this page."
This patch hides the links if the permission is not set.
To test:
- Apply patch
- Log in to the intranet (staff client) with a patron who has the permission
'circulate_remaining_pernissions' not set
- Verify that no links to Circulation appear on the intranet start page
(menu top left and menu in main page area)
- Log in as a user who has the permission set.
- Verify that te links appear as appropriate.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
I think showing the title with the user name is quite unusual for
Koha. Wrapping the title in a span with a unique class makes it
possible to hide it.
http://bugs.koha-community.org/show_bug.cgi?id=14248
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
* Apply dependant patches 14246 and 14247.
* Apply current patch.
* Log into the Staff client, go to
'Administration' -> 'Global Preferences' -> 'Tools',
a new section titled 'News' should appear with a single option named 'NewsAuthorDisplay'.
Available values should be 'Not at all', 'OPAC only', 'Staff client only' and
Both OPAC and staff client'. By default the value should be 'Not at all'
(to mimic existing behaviour, important!).
* Change the value to something different and save the changes.
* Go to 'Tools' -> 'News' and add some news items (at least 2).
* Use the MySQL command line tool to edit the opac_news table,
removing the user id from one of the news items:
$ mysql -u kohaadmin -p -D koha
> SELECT `idnew`, `title`, `borrowernumber` FROM `opac_news`;
* Make a mental note of one of the 'newid' numbers to change.
> UPDATE `opac_news` SET `borrowernumber` = NULL WHERE `idnew` = <your-id-here>;
* Now one of the news items will have no user id, and no author should be shown for it.
* Go to OPAC and Staff client and make sure the display modes works as intended.
* Repeat for all values, making sure that the settings works as intended.
* The changed news item should have no author info shown at any time.
* The unchanged news item should show your own user name if the
settings match the section where it is displayed.
Sponsored-By: Halland County Library
Tested on top of Bugs 1246 and 1247, works as advertised.
Note: Some whitespaces changed / removed in koha-news.tt to pass qa tools.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds:
- links to the new pages.
- syspref description
- links on the main page (intranet)
- the DISCHARGE type for debarment
Signed-off-by: Lucie <lucie.rousseaux@dracenie.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
A link to course reserves is in the global header menu but not on the
home page. All links from the global header should be present on the
home page as well. This patch adds it.
To test, apply the patch and if necessary clear your browser cache. View
the staff client home page. If you have "UseCourseReserves" enabled you
should see a link for the course reserves page which is visually
consistent with the other module links. If you do not have course
reserves enabled you should not see the link.
Unrelated: I positioned the admin link after the tools link because it
bugged me.
Signed-off-by: Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: marjorie barry-vila <marjorie.barry-vila@ccsr.qc.ca>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script, works as described.
Course reserves is still accessible without permissions, but
you can't make any changes to the reserves then.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
It should be possible for staff client users to search and view
authority records even if they don't have permission to edit them.
To test, apply the patch and view the staff client as a user with and
without "editauthorities" permission.
With "editauthorities" permission, authority search results should show
both an edit and delete link. Viewing the details of an authority
record, one should see a toolbar with edit/delete/new options.
The detail view has been altered to use the term "record" in place of
"biblio" ("Used in X record(s)).
Without "editauthorities" permission, authority search results should
show no edit or delete link. Viewing the details of an authority, the
only option shown in the toolbar should be "Save."
On the staff client home page and in the header's "More" menu the link
to the authorities module should now appear with and without permission
to edit authorities.
This patch also corrects the permissions in the authority export script
to allow saving of authority records by users who do not have permission
to edit.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Pending suggestion link from staff client home directs to accepted
suggestions instead of pending suggestions. This patch changes the link
so that it directs to pending suggestions.
To test :
1 - create 2 suggestions, accept 1 of them
2 - click on the link on home page
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Currently, the link from the "logged in as mysql-user"-warning goes to
add a patron in a seemingly random category code. This patch changes
the link to point to Home > Patrons, where a category for the new
patron can be chosen.
A small typo in the warning message is also corrected.
To test:
- Apply the patch
- Login as the MySQL user
- Check that the warning appears on the intranet home page
- Check that the typo in the first line is fixed: "This *is* a bad idea"
- Check that the link in the warning leads to Home > Patrons
Signed-off-by: Brendan <brendan@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All happy with this.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
- Adding simple style to register link on home page
- Adding unique ids to new pages and to blocks containing
registration links
- Adding better page titles and breadcrumb links to some pages
- Correcting bug which meant incorrect message showed on registration
page when OPACPatronDetails preferences is turned off
- Passing patron details to opac-memberentry.tt so that patron's
name can be displayed in breadcrumbs
- Improving display in staff client of patron record updates
waiting to be approved.
- Adding a sort by name to output of pending patron record updates
- Adding updated JqueryUI library files to include expanded widget
options.
The changes in this patch require the addition of the jQueryUI
Accordion widget. Other pending patches are seeking to add
enough of the other remaining missing widgets that it seems time
to go ahead and add the rest.
Future submissions which add usage of these widgets will have
to be careful to make changes to Koha's CSS where necessary.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.
Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.
For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).
NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay
NEW NOTICE
* Verify by email notice
NEW SLIP
* Temporary card slip
NEW CRON JOB
* delete_expired_opac_registrations.pl
- Deletes patrons that have not been upgraded from the temporary
status within the specified delay
* delete_unverified_opac_registrations.pl
- Deletes the unverified patrons based on the length of time specified
in the PatronSelfRegistrationExpireTemporaryAccountsDelay
The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.
Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.
Test Plan - Part 2 - Borrower Modifications
1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
submit.
8) Check the records, you should see the changes take affect on the
approved one, and no changes to the other two. You should also see
"Patrons requesting modifications: 1" at the bottom of mainpage.pl
now.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 7067 - OPAC Borrower Self Registration - Followup
* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
PatronSelfRegistrationVerifyByEmail is enabled.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
- Correcting typo
- Adding markup tweaks
- Adjusting the wording of the warning
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Test plan:
* log-in staff interface with admin (mysql) account => there's a large warning on the homepage
* log-in with another account => nothing displayed
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch adds similar IDs to the tags and comments <div>
Signed-off-by: jorgia <jorgia_m_kelsey@hotmail.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch wraps cataloging links on the staff client home
page and in the header menu with checks for edit_catalogue
OR edit_items permission.
To test, access the staff client as a user with various
permissions. The "cataloging" link on the main page and
in the header menu should only appear to a user with
edit_catalogue permission, edit_items permission, or both.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
A few tiny string changes have been introduced, that I revert with this patch as we're string freeze
* Advanced search had been changed to Advanced Search (useless capital S). this is a mistake, I've reverted
* same thing for Koha administration
* the suggestions/comment/tags links have had a <span> and : added, the translator tool consider them as being changed. Switching back to the previous display.
The suggestion/comment/tags change can probably be reintroduced later
Fixes display of pending links (with necessary permissions being
enforced).
(patch made by Adrien Saurat, does not apply on my computer for an unknown reason)
