Enhanced the permission-checking functions in C4::Auth
(e.g., get_template_and_user, checkauth, check_api_auth, etc.).
If the CheckSpecificUserPermissions syspref is OFF, the behavior
of those APIs is unchanged.
If CheckSpecificUserPermissions is ON, then the value of each
key in the flagsrequired hash is considered during
the permissions check:
1. if the value is 1, the staff user must have
all privileges for the userflags flag (or module)
referred to by the hash key, e.g.,
{ flaqsrequired => { tools => 1 } }
In terms of the database, this means that the
corresponding bit must be set in borrowers.flags.
2. If the value is '*', the staff user must
have at least one of the permissions for the
userflag/module, but it doesn't matter which one.
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there at least is one row in user_permissions
for the staff user and bit/module combination.
3. If the value is any other string, it must be
a permissions code defined in the permissions table.
The staff user must have that specific permission
or have access to all functions of the module
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there is a matching row in user_permissions
for the staff user, bit/module, subpermission
code combination.
In addition, get_template_and_user is modified so that the
CAN_user_XXX variables that it sets also includes the
subpermissions available (CAN_user_XXX_YYY, e.g.,
CAN_user_tools_import_patrons). The template variables
for the specific permissions are set regardless of whether
CheckSpecificUserPermissions is ON or OFF so that the templates
don't have to test for that syspref explicitly.
In addition, the meaning of CAN_user_XXX has changed slightly -
CAN_user_tools, for example, is set to 1 in the template if the
user has access to *any* of the tools functions. This was done
to simply the logic for deciding whether to display a menu
item in the staff interface are not. This does mean that
when specific subpermissions are added to (say) the circulate
module, each use of CAN_user_circulate will need to be examined
to see if the intent is to allow the user to get at a circ
menu or page or if the user really should be required to have
all circulate functions.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Qualified call to MarkIssueReturned with 'C4::Circulation'.
It looks like there is still a subtle bug with exporting
subs between modules that use each other.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The history start date and enddate is also useful to modify manually for the same reason : your serial collection may be older than your Koha serial management.
This commit reintroduce the feature.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
in fact, i'm not 100% sure of this bugfix : I don't see the case where a return should be done directly to homebranch, when the check out has been done at holdingbranch
so maybe we could hardcode 'holdingbranch' instead of using HomeOrHoldingBranch
the patch as written won't break anything existing.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
* Added items.location and items.ccode to list of
columns available for limiting
* choice of item type column (i.e., biblioitems.itemtype
or items.itype) to limit by now respects
item-level_itypes syspref
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Billing.pl -- new, gives bills that occur in a range, works
pendingreserves.pl -- fixed, works now, with branches also
reserveratios.pl -- indicates distressed reserves
itemslost.pl -- Fix to this to make it more useful and fix bugs
Itmes.pm -- small change to work for itemslost, should not affect
anything else
and all tmpl files.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Because of a bug in MARC::Charset 0.98, if a string to convert from
MARC-8 to UTF-8 has (a) one or more diacritics that (b) are only in character positions
128 to 255 inclusive, the resulting converted string is not in
UTF-8, but the legacy 8-bit encoding (e.g., ISO-8859-1). As a result,
when such a record is converted to XML using ->as_xml_record(), the resulting
XML can be truncated at the offending character. An example of such a record
is one that has a price in Briish pounds in the 260$c but no other diacritics.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Koha software and DB version numbers now reported;
also improved formatting of multi-line error messages.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The semantics of MARC::Record->delete_field() changed
slightly in the latest CVS version of MARC::Record.
delete_field() will now croak if passed an undef
scalar, while the version of MARC::Record from CPAN
accepts that input. Since some packages of MARC::Record
in the wild appear to be based on the CVS version, not
the CPAN version, added a check where needed to avoid
the croak.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The Notes field should now be displayed correctly
when editing an order - the query in GetOrder
was modified to have aqorder's notes column
appear last, which means that it is the one
selected for the data hash (instead of biblio.notes
or biblioitems.notes).
This is an ugly fix - GetOrder needs to be
refactored so that it doesn't depend on
selecting all columns from several different
tables.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
I improved the tests a bit for this module so that they at least skip
if there's not enough data in the database to test with.
I was unable to test the actual execution path through the change I actually made.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This fix should resolve in whole or in part several bugs
characterized by the error message 'Can't use string ("0")
as a HASH ref while "strict refs" in use', including
bugs 1101, 1899, and 1910.
There are some possibilities for future work:
[1] Dealing with an operator override, e.g., where
a circ operator needs to get a supervisor
to enter a login and password and escalate
the original operator's privileges for a
transaction, e.g., to forgive a fine. This
is an enhancement, of course.
[2] Creating a dummy operator to represent
batch job runs; or alternatively, give
each batch job an option to log its work
under a specified user ID.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
adding some parameters to the call to opac-auth.tmpl in C4::Auth::checkauth
This displays the additional navigational links in the masthead on the login page to unauthenticated users.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
As announced this past February, Amazon.com will no longer be
accepting web services requests to Amazon E-Commerce Service
(Amazon ECS) version 3.0 beginning on March 31, 2008.
This patch upgrades to Amazon.com's Associates Web Service 4.0
for the following components:
1. Amazon.com Locale support for: Canada, Germany, France, Japan,
UK, and US (see the new syspref called AmazonLocale)
2. Jacket Covers
3. Editorial Reviews
4. Customer Reviews
5. Amazon.com Similar Items
The following changes MUST be made to continue using Amazon.com
content:
1. Delete the system preference: AmazonDevKey (AmazonDevKeys used
with AmazonECS 3.0 are no longer valid)
2. Add the system preferences: AmazonLocale, AWSAccessKeyID
NOTE: steps 1, 2 are done by the web installer
3. Verify your AWSAccessKeyID:
You may already have an Access Key ID. You can access your Access
Key ID by going to http://aws.amazon.com, pointing to Your Web
Services Account, then clicking View Access Key Identifiers.
Depending on when you signed up for ECS 3.0, you may need to
re-register for an AWS account, which includes an Access Key ID.
4. Enter your AWSAccessKeyID in the Koha syspref called
AWSAccessKeyID
For complete details on the changes in Amazon.com Associates Web
Service 4.0, and the migration process, please see: http://tinyurl.com/ysorqy
Other changes with this patch:
* added $tabsysprefs{PatronsPerPage}="Patrons";
* Moved OPAC Features to OPAC in sysprefs
* removed experimental OPACXISBNAmazonSimilarItems and XISBNAmazonSimilarItems features
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The new tables have the same structure and constraints
as the tables they archive with the following exceptions:
* borrowernumber and biblionumber in old_reserves can be
NULL
* the FK constraints (e.g., for itemnumber) on old_reserves
set the child column to NULL if the parent row is deleted
instead of deleting the child row.
* there is no FK constraint on old_issues.branchcode, allowing
a branch to be deleted without changing archived requests.
Some miscellaneous cleanup was done as part of this patch:
* GetMemberIssuesAndFines (C4::Members) now uses bind variables
* fixed POD for GetMemberIssuesAndFines
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This replaces using the package variable $prefformat directly, and
specifically, doing a call to C4::Context->preference() during
module initialization. That way, C4::Dates no longer has a
compile-time dependency on having a valid $dbh.
The inspiration for this is making it easier for
zebraqueue_daemon to have code that detects when
the database connection goes down and then try to
reconnect to the DB.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Because NoZebra indexing requires having both
the old and new versions of a record when processing
an updated, I adjusted the ModZebra sub to require
that the old version be explicitly passed to it.
That way, the zebraqueue row (for Zebra mode) can
now be added *after* the biblio and biblioitems
updates have been completed.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Next step would be to add a checkbox to have everything on screen whatever the consequences (the user is warned)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
To make this feature work :
- create a "notice" (tools/letter.pl) of the category "serials"
- choose this notice in each subscription you want to enable this feature
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Also implementing useDaysMode syspref 3 modes:
Calendar: every 'closed' day increments loan length by one.
Days: ignore the calendar when calculating loan length.
Datedue: increase loan length only to prevent due date from falling on 'closed' date.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This is an improvement of a patch that has previously been rejected: I wanted to display holdingbranch, kados prefer homebranch
(and in fact it depends on the library choice...)
now, the library can choose, thanks to HomeOrHoldingBranch syspref.
Note that I have changed the description of the syspref to reflect this new use
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Added invocations of StripNonXmlChars to uses
of new_from_xml() that involve records
saved to Koha fields via MARC::Record->as_xml();
for batch jobs that work on MARC XML files
coming from external sources, StripNonXmlChars
should not necessarily be used, as it may
be better to reject a file or record if it
contains that kind of encoding error.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
