This makes the POD for the columns() function consistent
with the rest of C4/Members.pm. It also removes a note
that can be relegated to the bug report and the Git
history.
Also, since C4::Members::columns() is not actually a
class method, this patch changes the invocation to
not call it that way.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This routine is not in used and does not make sense. It should not be
used later.
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passes koha-qa.pl, not references to get_branch_code_from_name found.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch makes the pre-population of the fields for the batch
item editor with the default values from the default framework
optional and off by default.
Test Plan:
1) Apply patch
2) Add default values for cost and replacement cost to the
default framework.
3) Browse to Tools / Batch item modification
4) Choose a file, or entire some barcodes in the text area
5) Ensure that the 'Populate fields with default values from default
framework' is *not* checked
6) Click 'Continue'
7) Observe that the fields for cost and replacement cost are blank
8) Click the 'back' button on your browser
9) Check the checkbox to enable the default value
10) Click 'Continue'
11) Observe that the fields for cost and replacement cost now contain
the default values you assigned them in the default MARC framework
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Switch works correctly, all tests and QA script pass.
Note: there is a bug with default values for all non text input
fields. Default values won't be applied for those fields as the
pull downs are not preselected correctly with the default values
defined in the framework.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Remove the unrequired extra processing and pass
the array of itemnumbers as itemnumbers_array
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Small typo in query construction, fixed.
To test:
1) Try filtering a MARC export using "Start date"
2) Notice the lack of filtering
3) Apply patch
4) Try export again, records are filtered by dateaccessioned
Signed-off-by: Cedric Vita <cedric.vita@dracenie.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Test Plan:
1) Enable IndependantBranches
2) Apply this patch
3) Run updatedatabase.pl
4) Verify that the system preference still functions correctly
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The correct matching record was not always shown on the manage staged
MARC page. This patch corrects the issue and provides the template with
the appropriate ID for the matched record regardless what type of record
it is.
To test:
1) Create a matching record for authorities. For MARC21, the following
is a good choice:
Matching rule code: AUTHPER
Description: Personal name main entry
Match threshold: 999
Record type: Authority record
[Match point 1:]
Search index: mainmainentry
Score: 1000
Tag: 100
Subfields: a
2) Create a record that has the appropriate fields for being matched
with that rule (if you don't already have one).
3) Save the authority record as MARC (Unicode/UTF-8).
4) Stage the file choosing your new matching rule.
5) Note that with these patches, you get a link to the existing
authority and without them you could get any number of strange
things.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script. Additional tests done:
- staged bibliographic records and matched with different
rules and actions. Undid the import.
- staged autohrity recods and matched with the example rule.
Undid the import.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Remedied by:
- in Circulation.pm changing AnonymiseIssueHistory so that it returns ($rows, $err_history_not_deleted) instead of $rows
- consequential change to misc/cronjobs/batch_anonymise.pl to handle updated return value, and fail if there is an error
- consequential change to tools/cleanborrowers.pl although this still fails silently (raised as bug 9944)
- update of opac-privacy.pl to check return value and pass on error
- update of opac-privacy.tt to display error if appropriate
Note bug 9942 remains unfixed, which is a similar issue upon issue return.
To test:
1. OPAC
- enable privacy mode (preference OpacPrivacy)
- leave anonymous patron set to zero (preference AnonymousPatron)
- attempt to delete user history
- observe error
- check history - still there
- change anonymous patron to a valid user
- attempt to delete user history
- observe success message
- check history - gone
2. cleanborrowers.pl
- test it functions as before. bug 9944 has been raised for it continuing to silently fail.
3. batch_anonymise.pl
- enable privacy mode (preference OpacPrivacy)
- leave anonymous patron set to zero (preference AnonymousPatron)
- run script (I use --days -1 for testing)
- script should fail with a Carp message
- change anonymous patron to a valid user
- run script as before
- script returns quietly
- check history - gone
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Adds utf8 cgi parameter decoding.
Test plan: Enter diacritics in librarian field. Submit. Check.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
This is ok in this case, as we are not doing any post/get of binary
data, but I note from the man page
This makes CGI.pm treat all parameters as UTF-8 strings. Use this with
care, as it will interfere
with the processing of binary uploads. It is better to
manually select which fields are expected
to return utf-8 strings and convert them using code like
this:
use Encode;
my $arg = decode utf8=>param('foo');
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
The calendar management page uses the old tablesorter plugin. This patch
replaces tablesorter code with DataTables.
In order to easily sort date columns under various dateformat system
preference settings, date columns now sort based on an unformatted date
in a <span>'s title attribute (requiring the patch for Bug 9887).
To test, view the calendar page--preferably with plenty of existing
holiday data to populate the holiday summary tables. Confirm that
sorting works correctly on all sorted tables with the dateformat
preference set in all settings.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Note: This has to be tested together with the patch for bug 9887.
All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
The routing list tab displays on patron pages even if the RoutingSerials
preference is OFF. Display of the tab should be conditional on that pref
being turned on.
This patch adds a check for the RoutingSerials preference to the menu
include files and amends the affected scripts to make the variable
available on the pages where those includes are used.
To test, view the following pages with RoutingSerials both on and off.
The routing list tab should be shown and hidden accordingly:
- Circulation
- Patron details
- Patron fines
- Pay fines
- Pay amount/selected (click from the Pay fines page)
- Create manual invoice
- Create manual credit
- Patron circulation history
- Patron modification log
- Patron notices
- Patron routing lists
- Patron statistics
- Patron files
- Patron permissions
- Set patron password
- "Can't delete patron" page (try to delete a patron with checkouts).
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Touches a lot of files, but only a tiny change in each, works well.
Could perhaps be set in C4/Auth instead, but that's no reason not to
sign off
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This allows users to select any columns from items and adds new
items.fine field introduced by previous patch to user interface.
Note: This works as expected. items.fine appears as an option and gets inserted in the notice template as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
When exporting some biblio or authorities records with tools/export.pl (via web client or command-line) :
If choosing XML format, you get a concatenation of full XML records.
This patch uses MARC::File::XML to create a well formated file.
See http://search.cpan.org/~gmcharlt/MARC-XML-0.93/lib/MARC/File/XML.pm#close%28%29
Test plan:
- Go to Tools/Export data
- Enter numbers in from and to biblio number
(make sure that at least two records will
be exported).
- Select xml in file format
- Click "Export bibliographic records"
- Save file somewhere
- Look at downloaded file
=> File should look like :
<?xml version="1.0" encoding="UTF-8"?>
<collection
...
<record>
...
</record>
<record>
...
</record>
</collection>
=> "collection" is the root node and XML declaration exists only once
- Do the same for authorities export and command-line use of tools/export.pl
Second test plan:
- From the command line, run tools/export.pl, e.g.,
tools/export.pl --format=xml --filename=bibs.xml
- Verify that the output is valid XML, e.g.,
xmllint --noout bibs.xml # if the file is valid, no error messages will be displayed
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
When there are no notices for the selected library, the
interface displays a table header with an empty table.
This patch adds a message which appears when there are no
notices for the selected library, or if no library selected
and there are no notices at all.
To test, visit the notices and slips page and
select a library for which there are no notices. A message
should be displayed, "There are no notices for this library."
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Work as described. No errors.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch avoids using file-level private variables in subroutines
by passing the needed variables as parameters to the subroutines.
To test (under Plack):
1) Try uploading a patron image without applying the patch. Notice
it fails.
2) Apply patch.
3) Try uploading a patron image again, noticing this time it succeeds.
To test (under Apache):
1) Apply patch.
2) Try uploading a patron image, confirm that it works.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Fixes Plack, does not break Apache. Works as expected.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Test plan:
1) Browse to Tools › Batch item deletion
2) Enter a list of barcodes, make sure you have at
least one barcode listed more than once
3) Click continue
4) Verify the duplicated barcode shows up multiple times in the table
5) Apply patch
6) Refresh the page
7) Verify each barcode now displays only once
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
verified bug and fix - both good.
Nice test plan, thanks!
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
- the dateformat value is send to all templates (from
C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
- opac/sco/sco-main.pl
- reports/acquisitions_stats.pl
- tools/cleanborrowers.pl
All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.
Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
adding dates
Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch fixes a problem where if a staff user has the
upload_local_cover_images permission (and is not a superlibrarian
and does not have all of the tools permissions), trying to use the
"Tools -> Upload local cover image" will fail with "You do not have
permissions [...]".
To test after applying the patch:
- Create a staff uesr that has just the catalogue and
upload_local_cover_images permission.
- Log in as that staff user.
- Go to "Tools -> Upload local cover image".
- Verify that one is given the form to upload a cover image.
- Without the patch, one will be presented with the login
form instead.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
mysql> select * from permissions where code="upload_cover_images";
Empty set (0.00 sec)
mysql> select * from permissions where code="upload_local_cover_images";
+------------+---------------------------+---------------------------+
| module_bit | code | description |
+------------+---------------------------+---------------------------+
| 13 | upload_local_cover_images | Upload local cover images |
+------------+---------------------------+---------------------------+
1 row in set (0.00 sec)
"git grep upload_cover_images" returns 0 result.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Tested per plan, works. Staff category is not shown, and patch passes automated testing.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Only changing some documentation about GetXmlBiblio
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Added the word 'contain'
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
In a librairies network, we would like to declare specific values just
for one (or more) library.
Here we implement the ability to associate categories, patron attributes
types and/or authorised_values with librairies (branches).
This patch adds 3 new association tables:
- categories_branches ( association table between categories and branches )
- authorised_values_branches ( association table between
authorised_values and branches )
- borrower_attribute_types_branches (association table between
borrower_attribute_types and branches )
Plan test:
- Create (or modify) categories, patron attributes and
authorised_values and link it with one (or more) library.
- Set one of these librairies
- Go to one of the multiple pages where this specific value must be displayed
and check that it does appear.
- Set a library not concerned.
- Check on the same pages this value is doest not appear.
A page list:
cataloguing/addbiblio.pl
cataloguing/additems.pl
members/members-home.pl
members/memberentry.pl
acqui/neworderempty.pl
tools/modborrowers.pl
and others :)
Please say me if filters don't work on some pages.
Signed-off-by: Delaye Stephane <stephane.delaye@biblibre.com>
Signed-off-by: Koha Team Lyon 3 <koha@univ-lyon3.fr>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Melia Meggs <melia@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
After applying Serhij's patch I had still troubles with umlauts, e.g. while editing or adding a new quote.
Added explicit utf-8 encoding at 3 places.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
the internal sub add_holiday uses some variables that are defined in the main script, usual fix
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
There are 2 Plack scoping errors in tools/overduerules.pl:
the local sub blank_row require that @rule_params and input are global
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Mason James <mtj@kohaaloha.com>y
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch removes the declaration of interface labels
from the script and puts it in the template where the
labels can be translated. The labels have been modified
to match those used on the patron entry form.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Initialized $op, and changed lines like "$op => 1" and
"$error => 1" into separate, conditional template param calls.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
When building the query for exports by call number the script
has the logic reversed. It tries to select records with call
numbers less than the starting call number and greater than
the ending call number. This should be reversed.
To test, test an export in an unpatched system. An export by
call number will return an empty file. After applying the patch
an export by call number should give valid results.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Works as expected.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Fixed problem with re-declaration of $filesuffix
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
patch pushed onto master directly, doesn't merge properly from
new/bug_7643 branch
In catalogue/detail.pl you can now select "Delete items in batch" in
"Edit" menu. You are redirected to batchMod.pl for chosing which items
have to be deleted.
You need to have 'tools.items_batchdel' permission to see this menu
entry.
Signed-off-by: Marc Veron <veron@veron.ch>
Works as expected.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Four new options, one for single holidays, one for the repeatable holidays.
One to create exceptions on a range of dates, one to delete exceptions in a range of dates.
Note that the exceptions are not deleted if you delete a range of repeatable dates.
But if you delete a range of single holidays the exeptions inside will be deleted.
Signed-off-by: Stephane Delaye <stephane.delaye@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The staged MARC management script was not correctly informing
the decoder ring that we had UNIMARC authorities, and the decoder
ring was dutifully trying to turn the authority records into a
bibliographic box of cereal.
Expose authority import functionality to the command line import
scripts, and rename them from commit_biblios_file.pl and
stage_biblios_file.pl to commit_file.pl and stage_file.pl.
To test (note that these instructions assume you have a MARC21
installation and are using the provided sample file):
1. Find a file of authorities (a sample file with MARC21 authorities
is attached to bug 7475) and download it to your server
2. Stage the file using the following command (replace <filename> with
the name of the file you saved in step 1):
> misc/stage_file.pl --file <filename> --authorities
3. Note the batch number the script assigns to your batch
4. Commit the records using the following command (replace <batchnumber>
with the batch number you made note of in step 3):
> misc/commit_file.pl --batch-number <batchnumber>
5. Index the authorities Zebraqueue (or wait)
6. Confirm that the new authorities appear.
7. Create a matching rule with the following settings:
Code: AUTHTEST
Description: Personal name main entry
Match threshold: 999
Record type: Authority record
Search index: Heading-main
Score: 1000
Tag: 100
Subfields: a
Offset: 0
Length: 0
(note the ID of this matching rule)
8. Stage the authority file again, this time using the following
command:
> misc/stage_file.pl --file <filename> --authorities \
--match <matchingrule>
7. Revert the import with the following command:
> misc/commit_file.pl --batch-number <batchnumber> --revert
8. Index the authorities Zebraqueue (or wait)
9. Confirm that the records have been removed
10. Import an authority record with the Stage MARC/Manage staged MARC
tools in exactly the way you would for a bibliographic record,
but choose "Authority" instead of "Bibliographic" for the record
type.
Signed-off-by: Elliott Davis <elliott@bywatersolutions.com>
Testing plan delivers as it should.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master 11 September 2012
* Add the code necessary to handle authorities with matching rules and
import batches.
* Update all the scripts that use the matcher and import batch code
to use the new API.
* Add authority records to the matching rules interface in the staff
client.
http://bugs.koha-community.org/show_bug.cgi?id=2060
Signed-off-by: Elliott Davis <elliott@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master 11 September 2012
In the circulation page, you can now export (as csv or iso2709) a list
of items which are currently checked out by a borrower.
3 export types:
- iso2709 with items: Export the items list in iso2709 format with item
informations.
- iso2709 without items: Export the items list in iso2709 format without
item informations.
- CSV: Export the items list based on a csv profil.
2 new system preferences:
- DontExportFields: a list of fields not to be export
- CsvProfileForExport: The Csv profile name used for the csv export
Test plan:
- Fill the CsvProfileForExport syspref
- go on the borrower circulation page containing checkouts
- Select one or more items and export them to the 3 different formats.
- check if the result file is what you expected
- Test there is no regression with the export authority
- Test there is no regression using tools/export.pl with the command
line interface
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Valid download attempts were being denied thanks to an incorrect
regular expression. This patch fixes that, and makes it easier to
understand what's going on in the code.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
With plackup, @ARGV can contains elements so we can't check the size of
@ARGV to tell whether we are in command line mode or not.
Instead we check environment variable GATEWAY_INTERFACE.
Also fix the use of a global variable in a subroutine
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
export.pl [--format=format] [--date=date] [--dont_export_items]
[--deleted_barcodes] [--clean] --filename=outputfile
* format is either 'xml' or 'marc' (default)
* date should be entered as the 'dateformat' syspref is set
(dd/mm/yyyy for metric, yyyy-mm-dd for iso, mm/dd/yyyy for us)
* records exported are the ones that have been modified since 'date'
* if --deleted_barcodes is used, a list of barcodes of items deleted
since 'date' is produced (or from all deleted items if no date is
specified)
* --clean removes NSE/NSB
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch touches a lot of code, but basically it removes version
information from use C4::* in our code.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
All script still compiles after the patch (confirmed by pre-applypatch hook)
Fixes the following things:
1. Sanitizes log output to prevent an attacker from using a specially
crafted POST to add extra lines to the log
2. Simplify a regular expression since "..file" cannot be used to
escape the current directory
3. Makes sure directories are consistent
4. Correct logic issues in misc/cronjobs/backup.sh
Thanks to Frere Sebastien Marie for catching these issues.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch builds on work by Lars Wirzenius for the Koha packages.
To date, the only way for a Koha librarian to obtain a complete backup
of their system has been to log into the system via SSH (or FTP) to
download the mysqldump file. This patch makes it possible for
superlibrarians in properly configured systems to download night backups
via the staff client's Export tool.
Recognizing that this is functionality with potentially very grave
security implications, system administrators must manually enable these
features in the koha-conf.xml configuration file.
The following configuration settings have been added to the koha-conf.xml
file:
* backupdir => directory where backups should be stored.
* backup_db_via_tools => whether to allow superlibrarians to download
database backups via the Export tool. The default is disabled, and
there is no way -- by design -- to enable this option without manually
editing koha-conf.xml.
* backup_conf_via_tools => whether to allow superlibrarians to download
configuration backups via the Export tool (this may be applicable to
packages only). The default is disabled, and there is no way -- by
design -- to enable this option without manually editing koha-conf.xml.
This commit modifies the following scripts to make use of the new
backupdir configuration option:
* koha-dump and koha-run-backups in the Debian packages
* The sample backup script misc/cronjobs/backup.sh
Note that for security reasons, superlibrarians will not be allowed
to download files that are not owned by the web server's effective user.
This imposes a de facto dependency on ITK (for Apache) or running the
web server as the Koha user (as is done with Plack).
To test:
1. Apply patch.
2. Go to export page as a superlibrarian. Notice that no additional
export options appear because they have not been enabled.
3. Add <backupdir>$KOHADEV/var/spool</backup> to the <config> section
of your koha-conf.xml (note that you will need to adjust that so that
it is pointing at a logical directory).
4. Create the aforementioned directory.
5. Go to export page as a superlibrarian. Notice that no additional
export options appear because they have not been enabled.
6. Add <backup_db_via_tools>1</backup_db_via_tools> to the <config>
section of your koha-conf.xml
7. Go to the export page as a superlibrarian. Notice the new tab.
8. Go to the export page as a non-superlibrarian. Notice there is no
new tab.
9. Run: mysqldump -u koha -p koha | gzip > $BACKUPDIR/backup.sql.gz
(substituting appropriate user, password, and database name)
10. Go to the export page as a superlibrarian, and look at the "Export
database" tab. If you are running the web server as your Koha user,
and ran the above command as your Koha user, you should now see the
file listed as an option for download.
11. If you *did* see the file listed, change the ownership to something
else: sudo chown root:root $BACKUPDIR/backup.sql.gz
11a. Confirm that you no longer see the file listed when you look at the
"Export database" tab.
12. Change the ownership on the file to your web server (or Koha) user:
sudo chown www-data:www-data backup.sql.gz
13. Go to the export page as a superlibrarian, and look at the "Export
database" tab. You should now see backup.sql.gz listed.
14. Choose to download backup.sql.gz
15. Confirm that the downloaded file is what you were expecting.
If you are interested, you can repeat the above steps but replace
<backup_db_via_tools> with <backup_conf_via_tools>, and instead of
creating an sql file, create a tar file.
To test packaging: run koha-dump, confirm that it still creates a
usable backup.
------
This signoff contains two changes:
10-1. If no backup/conf files were present, then the message telling you
so doesn't appear and the download button does. Made them behave
correctly.
10-2. The test for a file existing required it to be owned by the
webserver UID. This change makes it so it only has to be readable.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
