Commit graph

537 commits

Author SHA1 Message Date
85c387f848 Bug 12683: (followup) use the Koha.Preference plugin and add ids
It is kosher now to use the Koha template toolkit plugin for retrieving
system preferences values. This followup does that.

It also changes the class for ids, for people considering this patch
introduces too much noise on the home screen being able to control
its visibility.

Regards
To+

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-15 10:50:06 -03:00
simith
eb6d44d5a2 Bug 12683: Use NoLoginInstructions to customize text for OPAC user/pass information
Enable staff to setting a text for OPAC user/pass information

Modified:

C4/Auth.pm
koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc   -add a text to the popup login page
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-main.tt   -add a text to the main login page

Testing:

I Apply the patch

0) Search NoLoginInstructions preference
1) Add/modify a text
2) Open OPAC main page
3) Validate the text added under Login button
4) Click in "Log in to your account" link
5) Validate the text added under input password (popup)

Sponsored-by: CCSR ( http://www.ccsr.qc.ca )

Patch behaves as expected.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-15 10:30:15 -03:00
Dobrica Pavlinusic
c9351807e9 Bug 8148 - LDAP auth_by_bind doesn't fallback to local auth
This patch covers LDAP auth_by_bind configuration so that wrong
LDAP password will return -1 to C4::Auth so we can abort local auth
and prevent users logging in with stale database passwords.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-07 16:22:49 -03:00
Frédérick
56f3b542bd Bug 8148: Prevent local authentification fallback if an invalid LDAP password was entered.
http://bugs.koha-community.org/show_bug.cgi?id=8148
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-07 16:22:21 -03:00
243fd9fd38 Bug 12512 - PROG/CCSR deprecation: Remove OpacShowFiltersPulldownMobile system preference
CCSR having been deprecated there is no longer a use for the
OpacShowFiltersPulldownMobile system preference. This patch removes
it.

To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2014-08-07 14:01:36 +12:00
9a77c4a38c Bug 11347 - PROG/CCSR deprecation: Remove opacsmallimage system-preference
The opacsmallimage system preference is unused in the bootstrap theme.
It can be removed now that prog and ccsr are deprecated. This patch does
so.

To test, apply the patch and run updatedatabase. Confirm that the OPAC
works properly and the preference can no longer be found.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2014-07-22 09:57:17 +12:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
d9749756ca Bug 11575 - OPACBaseURL sometimes set by ENV variable and not system preference
This patch changes how the OPACBaseURL parameter gets set in the subroutine
get_template_and_user in Auth.pm.

Currently, it's being set by the $ENV{'SERVER_NAME'} variable. In many
cases, this will probably match the URL that the user uses to access a
page. However, this causes problems with reverse proxies.

There are ways to compensate for proxy servers (such as inspecting
other variables set by the web server), but such a solution seems
a bit convoluted...especially since we already use the system preference
OPACBaseURL in many other parts of Koha.

We probably shouldn't be passing OPACBaseURL from Auth.pm at all, and
instead use the Koha TT plugin and using_https param to determine
protocol. However, that's outside the scope of this bug/patch.

This patch is just meant to fix an existing bug.

I did leave the $ENV{'SERVER_NAME'} as a full back if OPACBaseURL isn't
set, but that's it.

_TEST PLAN_

Before applying:

1) Clear your OPACBaseURL preference
2) Perform a search in the OPAC
3) Click on or hover over the orange RSS icon
4) Note that the URL used for the RSS links is either:
  a) The same URL you used to access Koha (no reverse proxy)
  b) The ServerName from your Koha apache conf which isn't the
  same URL you used to access Koha (reverse proxy)
5) Add an OPACBaseURL that isn't the same as the actual OPAC URL
6) Note that the OPACBaseURL system preference has no effect here

After applying the patch:

7) Refresh the page
8) Note that the URL you see now is actually the OPACBaseURL system
preference that you set
9) Clear your OPACBaseURL system preference
10) Refresh your search page
11) Note that the URL has reverted back to the URL that you saw before
(either the original Koha site URL or the Koha ServerName defined
in Apache and not the URL of the proxy)

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-15 10:33:47 -03:00
Jonathan Druart
7b161b5bbe Bug 11715: Update POD for get_template_and_user
If flagsrequired is set, authnotrequired should be 0.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-06-25 12:27:24 -03:00
Chris Cormack
0599c9b6e9 Bug 11715: Set the default of authnotrequired = 0 in get_template_and_user
To test:

Verify that pages in the OPAC and staff interface display correctly.

Note that there are cases where 'authnotrequired' was not passed
at all to get_template_and_user, so there may be pages that start
requiring authentication.  Whether that is correct or not depends
on context.

Follow up patches are to remove all the unnessecary setting of this
value, so that the only places we set are when we do want
authnotrequired=1

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-06-25 12:26:33 -03:00
Bernardo Gonzalez Kriegel
cb878c35a1 Bug 12226 - A user with the database username/userid can access staff with full permissions
This patch implements 2 suggestions on comment #3

- Prevents creation of a new user with same userid
of database user

- When checking password, if userid matches database user,
only check against pass on config file

To test:
1. Create a new user with same login as database user
any password different from real db user
2. Check that you can login on staff using this user/pass
and you are superlibrarian

3. Apply the patch

4. Login again using new pass, it must fail
5. Login again using db pass, you are now superuser,
but system does not warn you :( No problem, that's
for having one borrower with that login
6. Delete user with same login as db user
7. Try to create one again as in 1, system must return
an error of duplicate login!

8. Check for no regressions on user/pass authentication

Resubmited, has an error

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
This works nicely and as described.
Also editing the former 'superuser' will force you to
change the userid in order to save any other change.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-06-20 21:13:10 -03:00
Paul Poulain
2626311e5e Bug 10798: (follow-up) replace tabs by spaces
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 22:13:31 +00:00
b2484b22f7 Bug 10798: make OPAC_SEARCH_LIMIT behaves better with search groups
Since the addition of search groups to Koha, the branch limiting
parameter in multiple PAC by URL support should also support
limiting by these search groups.  This patch adds this ability.

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 22:13:02 +00:00
Fridolyn SOMERS
c8a18f5eef Bug 11219: make CAS authentication work with URL parameters
Bug 10029 tries to fix the use of URL parameters in CAS authentication.
But is does not work.
The full URL must be used in all methods of C4::Auth_with_cas.
Also, in checkpw_cas(), the 'ticket' parameter must be removed to find
the original URL.

This patch removes the 'ticket' parameter from query before calling
checkpw_cas() since the ticket is passed as method arguemnt.
In C4::Auth_with_cas, many methods use the same code to get the CAS
handler and the service URI. This patch adds a private method
_get_cas_and_service() to do the job.

Test plan:
- Enable CAS
- Go to opac without been logged-in
- Try to place hold on a record
=> You get to /cgi-bin/koha/opac-reserve.pl?biblionumber=XXX showing
   authentication page
=> Check that CAS link contains query param "biblionumber"
- Click on CAS link and log in
=> Check you return well logged-in to reserve page with biblionumber
   param
- Check CAS loggout
- Check Proxy CAS auth

Signed-off-by: Koha team AMU <koha.aixmarseille@gmail.com>

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests in t, xt, and t/db_dependent/Auth.t.
Also passes QA script.

As I have no working CAS server, I focused on regression testing:
Activated Persona and casAuthentication.
- Verified normal login against database still works.
- Verified Persona login works.
  Note: With Persona you are always forwarded to the patron
  account - so you have to search for the record again before
  you can place a hold.
- Verified that the CAS URL contains the biblionumber when
  logging in while placing a hold.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Retested 2014-04-12

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 05:15:11 +00:00
Julian Maurice
76e39750b7 Bug 11848: Move language detection function in C4::Languages
Also store interface (intranet, opac) in context to not have to pass it
as parameter.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No koha-qa errors

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Comments on last patch.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 04:29:34 +00:00
Jonathan Druart
3070650200 Bug 8952: (follow-up) using_https does not deal with Plack
When using Plack, the https method returns 'OFF'.
We have to test this value before sending the value to templates.

Test plan:
1/ Fill your OPACBaseUrl

2/ Configure apache for using http
3/ Check the social networks links (should be http://OPACBaseUrl)

4/ Launch Plack
5/ Check the social networks link (should be http://OPACBaseUrl)
6/ Stop Plack

7/ Configure apache for using https
  sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -out
/etc/apache2/server.crt -keyout /etc/apache2/server.key
and add in you virtualhost (with :443)
    SSLEngine on
    SSLCertificateFile /etc/apache2/server.crt
    SSLCertificateKeyFile /etc/apache2/server.key
  a2enmod ssl
  service apache2 restart
8/ Check the social networks links (should be https://OPACBaseUrl)

FIXME: Under Plack, with ssl actived, the CGI->https() method always
returns 'OFF'.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 04:01:28 +00:00
Jonathan Druart
a6a954efa8 Bug 10862: Add search history to the intranet interface
Like OPAC, the search history is now available for intranet.  This
is controlled by the EnableSearchHistory system preference.

Test plan:
 1/ Switch on the 'EnableSearchHistory' syspref.
 3/ Launch some biblio and authority searches.
 4/ Go on your search history page (top right, under "Set library").
 5/ Check that all yours searches are displayed.
 6/ Click on some links and check that results are consistent.
 7/ Delete your biblio history searches.
 8/ Delete your authority searches history searches.
 9/ Launch some biblio and authority searches
10/ Play with the 4 delete links (current / previous and biblio /
authority).

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 03:06:33 +00:00
Galen Charlton
18cce456d9 Bug 10807: (follow-up) use 24-hour time when storing search times to session
This ensures that if an anonymous session is converted to a logged-in
session, that search history times from the anonymous session get
stored corectly.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 02:55:41 +00:00
Jonathan Druart
ba41b7da79 Bug 10807: Add an authority search history for the OPAC
Like biblio, this feature provides an authority search history.
This history is available for connected and disconnected user.
If the user is not logged in Koha, the history is stored in an
anonymous user sessin.

The search history feature is now factorized in a new module.

This patch adds:
- 1 new db field search_history.type. It permits to distinguish the
  search type (biblio or authority).
- 1 new module C4::Search::History. It deals with 2 different storages:
  DB or cookie
- 2 new UT files: t/Search/History.t and t/db_dependent/Search/History.t
- 1 new behavior: the 'Search history' link (on the top-right corner of
  the screen) is always displayed.

Test plan:
 1/ Switch on the 'EnableOpacSearchHistory' syspref.
 2/ Go on the opac and log out.
 3/ Launch some biblio and authority searches.
 4/ Go on your search history page.
 5/ Check that all yours searches are displayed.
 6/ Click on some links and check that results are consistent.
 7/ Delete your biblio history searches.
 8/ Delete your authority searches history searches.
 9/ Launch some biblio and authority searches
10/ Delete all your history (cross on the top-right corner)
11/ Check that all your history search is empty.
12/ Launch some biblio and authority searches.
13/ Login to your account.
14/ Check that all previous searches are displayed.
15/ Launch some biblio and authority searches.
16/ Check that these previous searches are displayed under "Current
session".
17/ Play with the 4 delete links (current / previous and biblio /
authority).

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All patches together pass QA script and tests.
Also, new tests in t/db_dependent/ pass.

Tested in all 4 OPAC themes, being logged in and anonymous.
Anonymous search history will be appended to personal search
history after logging in.
Also verified that cleanup_database still purges search history,
now also including the authority searchs.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 02:32:27 +00:00
Galen Charlton
08fe85950a Bug 10951: (follow-up) use Koha.Preference() template function
This patch uses the TT helper function Koha.Preference() to
retrieve the value of NoLoginInstructions rather than passing
it to all templates as a template variable.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-04-19 16:53:26 +00:00
blou
c67b397236 Bug 10951 - Adding NoLoginInstructions to system preferences
On a failed login, the default message is harcorded into opac-auth.tt.

     It would be preferable to allow for a preference to override that message (for example: ...Please bring an ID to t
     The changes modify
         -opac-auth.tt to allow for custom value
         -admin/preferences/opac.pref to add it to the preferences with a description
         -C4/Auth.pm for the loading of the preference
         -sysprefs.sql
         -updatedatabase.pl

     TESTING
         1) in OPAC, logged out, try login in by entering no or wrong credentials.  Acknowledge the "Don't have a p
         2) Apply the patch
         3) Regression Test: Redo step 1.  Same (default) message should appear.
         4) Log in to intranet,
             - select NoLoginInstructions in system preferences.
             - Enter new (xml) message.  Possible:
             <h5>Welcome to Koha, please bring your passport to the front office</h5>
            - and save
         5) refresh the OPAC, try login again with invalid credentials.  The new message should appear.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
2014-04-19 16:26:50 +00:00
Galen Charlton
914515202d Bug 10952: (follow-up) clear seach history from session after saving it to DB
This patch makes sure that the search history from an
anonymous session is cleared from the session after a user
logs in (and the session history is saved to that user's
record in the database).  This fixes a problem where the
search history from the session got repeatedly added to the
database each time the user did something while logged
into the OPAC.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:49:01 +00:00
Julian Maurice
939d68ea7b Bug 10952: (follow-up) Always flush session after deletion
This is recommended in CGI::Session documentation.

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:21:45 +00:00
Julian Maurice
bbf7cd6876 Bug 10952: (follow-up) comments fixes and unit tests
- Remove unit tests for ParseSearchHistoryCookie, which doesn't exist
  anymore
- Add unit tests for ParseSearchHistorySession and
  SetSearchHistorySession
- Remove/Modify comments about search history cookie

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Tests fixed and moved, and comments tidied up

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:21:18 +00:00
Julian Maurice
d07df7d512 Bug 10952: Store anonymous search history in session
Storing search history into cookie can cause problems, due to the size
limitation of 4KB.

The solution here is to store search history into the CGI::Session
object, so there is no size limitation (but anonymous search history
still remember up to 15 requests max.)

Test plan:
- Go to OPAC in anonymous mode.
- Check that the "Search history" link is *not* shown in the top right
  corner of the page
- Make some searches on /cgi-bin/koha/opac-search.pl
- The "Search history" link should appear. Click.
- Your search history should be displayed.
- Try to log in with invalid username/password
- Go back to search history, it's still there
- Now log in with valid username/password
- Your anonymous search history should be saved into your own search
  history.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Restoring original sign offs and comments below

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. No koha-qa errors

Well, search history saving is similar before and after patch.
i.e. anonmymous search is saved when user logs in, but cookie
KohaOpacRecentSearches is empty.
Shows current an previous session searches

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
All tests and QA script pass, works as described.

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:20:16 +00:00
Srdjan
a0b00e4c8b Bug 11077: Correct more warnings in C4/Auth.pm
This gets rid of some more warnings.

It also corrects a noisy ne condition.
    $userid = $retuserid if ( $retuserid ne '');
became
    $userid = $retuserid if ( $retuserid );

It also integrates Srdjan Jankovic's patch with Petter Goksoyrsen's
patch, while correcting the problems found.

This includes:
    my $q_userid = $query->param('userid') // '';
along with:
    my $s_userid = '';
and:
    my $s_userid = $session->param('id') // '';
Indentation does not reflect actual scoping.

A missing system preference would have triggered a ubiquitous
undef compare check failure message. This makes the flooding
message more useful, so as to help correct it.
The change to accomplish this was:
        my $pki_field = C4::Context->preference('AllowPKIAuth');
        if (!defined($pki_field)) {
            print STDERR "Error: Missing AllowPKIAuth System Preference!\n";
            $pki_field = 'None';
        }

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-05 15:17:33 +00:00
ce5ab3b314 Bug 11077: remove uninitialized value $pki_field warning
During login at the Staff interface you get warnings in the logs
regarding an uninitialized value for the $pki_field variable.

To test:
- tail -f /path/to/your-intranet-logs
- Point your browser to your staff login page
- Login
- Three warnings are showed
- Apply the patch
- Log out
- Log in
- No new warnings, and you can still log in.

Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Petter Goksoyr Asen <boutrosboutrosboutros@gmail.com>

Followed test plan; it works as advertised.
Also works when I deleted AllowPKIAuth system pref.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-05 15:15:07 +00:00
Jonathan Druart
de5d977c49 Bug 11132: don't clear the results list upon adding a biblio to a list
A "busc" param is cleared if the template name is not opac-.*detail.tt.
So if a user adds a biblio to a list, he cannot continue to browse
results.

Test plan:
- launch a search at the OPAC (opac-search.pl).
- click on a result and browse results (using previous/next links).
- a title attract your attention and you add it to a list
  ("Save to yours lists" link on the right).
- save the list.
- browse again results.

Signed-off-by: Joy Nelson <joy@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested according to test plan, also checked some other pages and actions
accessible from the detail page.
Passes all tests and QA script.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-11-01 00:39:30 +00:00
Jonathan Druart
d2052311cb Bug 8435: add permission to enable editing other library's serials if IndependantBranches is on
In the serial module, we want to hide serials from others libraries.
However, to permit central serials manage, this patch introduces a
new permission, 'superserials'. If a staff member has this permission,
that person can override the restriction.

Test plan:
- Switch on the IndependantBranches syspref
- Add the permission 'superserials' for a patron and test you can
  navigate and see all serials
- Remove this permission and test you cannot manage/view subscriptions
  from others libraries

Signed-off-by: Frederic Durand <frederic.durand@unilim.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-31 15:27:19 +00:00
Galen Charlton
0f5dc609e0 Bug 10309: (follow-up) restore setting some OPAC template variables in C4::Auth
These variables still need to be exported to the template by default for
the 'prog' OPAC template to work correctly.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-15 15:27:59 +00:00
eb92d94be1 Bug 10309 - New OPAC theme based on Bootstrap
The goal of this theme is to provide a fully-responsive OPAC which
offers a high level of functionality across multiple devices with varied
viewport sizes. Its style is based on the CCSR theme, with elements of
the Bootstrap framework providing default styling of buttons, menus,
modals, etc.

The Bootstrap grid is used everywhere, but Bootstrap's default
responsive breakpoints have been expanded to allow for better
flexibility for our needs.

All non-translation-depended files are in the root directory of this new
theme:

css, images, itemtypeimg, js, less, and lib. Languages.pm has been
modified to ignore the new directories when parsing the theme language
directories.

This theme introduces the use of LESS (http://lesscss.org/) to build
CSS. Three LESS files can be found in the "less" directory: mixins.less,
opac.less, and responsive.less. These three files are compiled into one
CSS file for production: opac.css. "Base" theme styles are found in
opac.less. A few "mixins" (http://lesscss.org/#-mixins) are found in
mixins.less. Any CSS which is conditional on specific media queries is
found in responsive.less.

At the template level some general sturctural changes have been made.
For the most part JavaScript is now at the end of each template as is
recommended for performance reasons. JavaScript formerly in
doc-head-close.inc is now in opac-bottom.inc.

In order to be able to maintain this structure and accommodate
page-specific scripts at the same time the use of BLOCK and PROCESS are
added. By default opac-bottom.inc will PROCESS a "jsinclude" block:

[% PROCESS jsinclude %]

Each page template in the theme must contain this block, even if it is
empty:

[% BLOCK jsinclude %][% END %]

Pages which require that page-specific JavaScript be inserted can add it
to the jsinclude block and it will appear correctly at the bottom of the
rendered page.

The same is true for page-specific CSS. Each page contains a cssinclude
block:

[% BLOCK cssinclude %][% END %]

...which is processed in doc-head-close.inc:

[% PROCESS cssinclude %]

Using these methods helps us maintain a strict separation of CSS links
and blocks (at the top of each page) and JavaScript (at the bottom). A
few exceptions are made for some JavaScript which must be processed
sooner: respond.js (https://github.com/scottjehl/Respond, conditionally
applied to Internet Explorer versions < 9 to allow for layout
responsiveness), the _() function required for JS translatability, and
Modernizr (http://modernizr.com/, a script which detects browser
features and allows us to conditionally load JavaScript based on
available features--or lack thereof).

Another new JavaScript dependency in this theme is enquire.js
(http://wicky.nillia.ms/enquire.js/), which lets us trigger JavaScript
events based on viewport size.

I have made an effort to re-indent the templates in a sane way,
eliminating trailing spaces and tabs. However, I have not wrapped lines
at a specific line length. In order to improve template legibility I
have also tried to insert comments indicating the origin of closing tags
like <div> or template directives like [% END %]:

</div> <!-- / .container-fluid -->

[% END # / IF ( OpacBrowseResults && busc ) %]

TESTING

Proper testing of this theme is no easy task: Every template has been
touched. Each page should work reasonable well at a variety of screen
dimensions. Pages should be tested under many conditions which are
controlled by toggling OPAC system preferences on and off. A variety of
devices, platforms, and browsers should be tested.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-14 23:13:05 +00:00
Galen Charlton
547c6d2949 Bug 9611: (follow-up) move new password hashing routines to separate module
The move avoids a problem where many modules would gain
a dependency on C4::Auth just because C4::Members needs access
to hash_password().

This patch also adds a couple unit tests for the new password
hashing code.

To test:

[1] Verify that there are no regressions on the test plan for bug
    9611.
[2] Verify that t/AuthUtils.t and t/db_dependent/Auth.t pass.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-09 03:29:22 +00:00
4cb139b9ce Bug 9735 - Build the cookie array correctly
The current implementation didn't build the cookie array correctly,
yielding login problems in some scenarios.

Sponsored-by: Universidad Nacional de Córdoba

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-04 03:26:56 +00:00
3b7c6932e5 Bug 9735 - Let the language be selected through URL parameters
Passing language=<valid_language_code> as a parameter in any Koha's URL
can be used to set the desired language.
This patch touches
 - C4::Templates
 - C4::Auth

Adds a new method getlanguagecookie that does exactly that, for use in
get_template_and_user.
Also modifies getlanguage so it checks (a) if there's a 'language'
parameter in the CGI object and (b) checks if its valid and enabled for
the desired interface.

To test:
* Without the patch
  - access any koha page
  - add ?language=code to the end of the URL (change code for a valid language code
    it needs to be installed using perl translate install code, and enabled either for
    the staff or opac interface, depending where are you testing)
  - Nothing happens with the language parameter
* With the patch
  - access any koha page
  - add ?language=code (the same as before) and hit enter
  - the language should be changed to the one you chose
  - if you browse through some links, you will see
    koha 'remembers' the language you passed as a parameter
    (i.e. the language cookie has been updated).

Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Brendan <brendan@bywatersolutions.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works very well. No errors.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
More comments on last patch.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-04 03:26:09 +00:00
Galen Charlton
419af5db00 bug 9611: (follow-up) add reference to Crypt::Eksblowfish::Bcrypt in POD
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 23:01:47 +00:00
Bernardo Gonzalez Kriegel
e23e8166f1 Bug 9611: (follow-up) fix POD
Small patch to make koha-qa happy.
Fixes small POD error

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 23:01:46 +00:00
Srdjan
4be177c1ae bug 9611: Extract checkpw_internal() and checkpw_hash() from checkpw()
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 22:22:32 +00:00
Srikanth Dhondi
f2162a86b0 Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt
What this patch aims to accomplish?

 * All new passwords are stored as Bcrypt-hashes
 * For password verification:
     - If the user was created before this patch was applied then use
        MD5 to hash the entered password <-- backwards compatibility
     - If the user was created after this patch was applied then use
       Bcrypt to hash the entered password
 * Any password change made via the staff interface or the OPAC will
   be automatically Bcrypt-hashed; this applies to old users whose
   passwords were stored as MD5 hashes previously

Test plan:
  1) Add new users and check whether their passwords are stored as
     Bcrypt hashes or not.
  2) To test that authentication works for both old as well as new
     users:
       a) Login as an existing user whose password is stored as a
          MD5 hash
       b) Login as an existing user whose password is stored as a
          Bcrypt hash
  3) In the staff interface, change the password of an existing user
     whose password is stored as an MD5 hash
	a) Check the new password is stored as a Bcrypt-hash in the database
	b) Try to login with the new password
  4) In the OPAC, verify that
    a) Old user with old pass can change password, new format
    b) New user with new pass can change password
    c) Old and new user with self-updated pass can login

Whitespace cleanup was contributed by  Bernardo Gonzalez Kriegel.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 22:22:32 +00:00
Galen Charlton
961617765e do some validation of the KohaOpacRecentSearches cookie
Add validation of the value of the KohaOpacRecentSearches.  In
particular, this patch avoids the generation of an internal server
error when the OPAC is presented with an old cookie that uses the
old Storable-based serialization.

This patch also moves parsing of the cookie value into a
new routine in C4::Auth, ParseSearchHistoryCookie, and adds
a test case.

To test (in conjunction with the previous patch):

Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:

- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verify that all searches
  are listed
- Apply this patch and the previous one.
- Do *not* clear the KohaOpacRecentSearches cookie
- Check the search history and verify that no searches
  are listed any more
- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verify that all searches
  are listed
- Log into the OPAC
- Verify that current and past searches are listed in
  search history.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-28 02:52:13 +00:00
Galen Charlton
488a3d6fed use JSON rather than Storable for the OPAC search history cookie
To test:

Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:

- Clear the KohaOpacRecentSearches cookie
- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verified that all searches
  are listed
- Log into the OPAC
- Verify that current and past searches are listed in
  search history.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-28 01:52:06 +00:00
04dd98fa84 Bug 10552: make several sysprefs available to the OPAC login page
Several system preference variables are unavailable to the OPAC login
template because they are not explicitly enabled for that page. Instead
of adding them to Auth.pm using the old method this patch uses the new
system preference check syntax using the Koha TT plugin.

The following preferences are now checked using this syntax in
masthead.inc:

OpacAddMastheadLibraryPulldown
UseCourseReserves
reviewson
OpacShowRecentComments

In order for the call in masthead.inc to the new plugin to work on all
OPAC pages "[% USE Koha %]" must be added to any template which
includes it (most of them).

Also in this patch: A change to Auth.pm to enable correct display of the
LibraryName in the title of the OPAC login page.

To test, turn on the above system preferences and confirm that the
relevant links appear under the OPAC's main search bar on all pages
including the login page.

Confirm that the text specified in the LibraryName system preference is
shown as the title of the login page.

Confirm that course reserves and comments are displayed correctly on the
biblio detail page.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I checked both prog and ccsr - all seems well and the links are appearing and disappearing in accordance with the appropriate sysprefs.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-22 14:54:15 +00:00
651f810f68 Bug 10553: make public lists available on OPAC login page
If you are not logged in to the OPAC, looking at the login page, and you
click the Lists button to see public lists it says there are none. This
patch corrects Auth.pm so that it loads the list of public lists in this
situation.

To test you must have at least one public list. Make sure you are logged
out of the OPAC and visit the login page (/cgi-bin/koha/opac-user.pl).
Clicking the "Lists" button should show you a list of public shelves.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
works as described, and list button is not shown when opacpublic is disabled.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-18 16:29:41 +00:00
Galen Charlton
968f337728 Bug 10515: (follow-up) fix use of GetBranchCategories
Adjusting to reflect the removal of the branchcode parameter
to GetBranchCategories; also filter on the 'searchdomain'
library group type, as appears to have been intended.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-17 18:02:13 +00:00
71b79d5990 Bug 9541: make OPAC login page respect OPAC_CSS_OVERRIDE
When clicking the login link for opac-user.pl in a multiple branch
scenario the environment variable for OPAC_CSS_OVERRIDE was ignored from
the koha-conf.xml file.  It seems like is is working on every page in
the opac except for the login page.

Test Plan:
1) Set up a Koha server with 2 separate catalog configurations
   ( e.g. opac1.kohatest, opac2.kohatest )
2) Set the OPAC_CSS_OVERRIDE directive for separate css files
   in each opac
3) Browse to the opac login page, note the css is not applied
4) Apply this patch
5) Reload the page, note the css is now applied

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-06-18 07:03:51 -07:00
b00ec06968 Bug 10080 - Change system pref IndependantBranches to IndependentBranches
Test Plan:
1) Enable IndependantBranches
2) Apply this patch
3) Run updatedatabase.pl
4) Verify that the system preference still functions correctly

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-22 07:58:23 -07:00
be869ab279 Bug 8215 - Course Reserves
Adds a course reserves system for academic libraries.

The course reserves system allows libraries to create courses
and put items on reserves for those courses.

Each item with at least one reserve can have some of its attributes
modified while it is on reserve for at least one active course.
These attributes include item type, collection code, shelving location,
and holding library. If there are no active courses with this item
on reserve, it's attributes will revert to the original attributes
it had before going on reserve.

Test Plan:
  1) Create new authorised value categories DEPARTMENT and TERM
  2) Create a new course, add instructors to that course.
  3) Reserve items for that course, verify item attributes have changed.
  4) Disable course, verify item attributes have reverted.
  5) Enable course again, verify item attributes again.
  6) Delete course, verify item attributes again.
  7) Create two new courses, add the same item(s) to both courses.
  8) Disable one course, verify item attributes have not reverted.
  9) Disable both courses, verify item attributes have reverted.
 10) Enable one course, verify item attributes are again set to the
     new values.
 11) Edit reserve item attributes, verify.
 12) Disable all courses, edit reserve item attributes, verify
     the item itself still has its original attributes, verify
     the reserve item attributes have been updated.
 13) Verify the ability to remove instructors from a course.
 14) Verify new permissions, top level coursereserves, with
     subpermissions add_reserves and delete_reserves.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Corinne Bulac <corinne.hayet@bulac.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

http://bugs.koha-community.org/show_bug.cgi?id=8125
2013-05-21 15:50:55 -07:00
Jonathan Druart
537c664038 Bug 9508: Standardize the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files

- Remove "all" occurrences (those I found!) of dateformat_*
From now the only way to get the date format is a string comparaison
(dateformat == "metric")

Checked with the command:
  git grep "\(dateformat_us\|dateformat_metric\|dateformat_iso\)" | grep
  -v translator

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tested all the datepickers I could find, looks good.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-20 09:05:01 -07:00
Galen Charlton
3536b10acf Revert "Bug 10074 - Encoding problems at login time"
This reverts commit 5805b5f363.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:10:23 -07:00
Galen Charlton
327b6c6ce3 Revert "Bug 10019: Fix for userid containing UTF8 chars"
This reverts commit 7e90e1524f.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:05:22 -07:00
7e90e1524f Bug 10019: Fix for userid containing UTF8 chars
Decodes userid on two places in checkauth of C4/Auth.pm

Test plan:
Include some non-Latin characters in your userid (loginname). Arab, Chinese?
Login into opac and check user page.
Go to staff (no new login), check your login name at various places.
Logout, login via staff.
Do the same.
Go to opac again (no new login), check user page.
Optionally: Remove all your sessions from table. Do a login. Check sessions.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works as described. No errors.
This patch fixes this problem, but I wonder if
there is a general solution that handle all as utf8.
Tested in opac and staff.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:13:09 -04:00
5805b5f363 Bug 10074 - Encoding problems at login time
Bug 6554 patched output_html_with_http_headers to encode utf8 data, and Templates.pm to expect utf8 data to be encoded.
(At least) the staff login screen outputs directly to STDOUT (Auth.pm does, WHICH IS WRONG!) and wasn't fixed to do the encoding first.

This patch makes it use output_html_with_http_headers and solves the problem.

Changed 'use' for 'require' as jcamins and marcelr suggested.

Regards
To+

Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:07:01 -04:00
719044f771 Bug 9257 - Add "groups" to normal search pulldown
This patch adds the ability to add groups to the library select
pulldown on the opac, if it is enabled.

Test Plan:
1) Apply patch
2) Run updatedatabase.pl
3) Go to Administration › Libraries and groups
4) Create a new group, or edit an existing one
5) Ensure the 'Show in search pulldown' checkbox is checked
6) Save the group
7) Enable OpacAddMastheadLibraryPulldown if it is not already enabled
8) Load the OPAC, try the group search from the libraries pulldown menu

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Yes! Now this works, and well.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-22 08:20:08 -04:00
Kyle M Hall
5eabc672fd Bug 7804 - Add Koha Plugin System
Adds support for custom plugins. At the moment the Plugins
feature supports two types of plugins, reports and tools.

Plugins are installed by uploading KPZ ( Koha Plugin Zip )
packages. A KPZ file is just a zip file containing the
perl files, template files, and any other files neccessary
to make the plugin work.

Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Create the directory /var/lib/koha/plugins
4) Add the lines
      <pluginsdir>/var/lib/koha/plugins</pluginsdir>
      <enable_plugins>1</enable_plugins>"
   to your koha-conf.xml file
5) Add the line
       Alias /plugin/ "/var/lib/koha/plugins/"
   to your koha-httpd.conf file
6) Restart your webserver
7) Access the plugins system from the "More" pulldown
8) Upload the example plugin file provided here
9) Try it out!

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-20 14:49:47 -04:00
Bernardo Gonzalez Kriegel
9205e732fb Bug 9827: remove 'insecure' system preference
This patch removes 'insecure' system preference.

Also removes remaining code that make use of
the preference. It's broken anyway.

Only remains a reference in POD of C4/Boolean.pm

To test:
1) If you like, enable 'insecure' syspref. Broken system.
WARN: be prepared to revert value in database.

2) Apply the patch

3) Run updatedatabase.pl

4) Check that Staff login proceeds as usual.

5) Check that 'insecure' syspref is no more.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Amended patch: Remove 2 occurrences of insecure (in comment only)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 21:46:34 -04:00
4dcee58a4d Bug 7440 - Remove NoZebra vestiges
Removed NoZebra vestiges. This comprises several code blocks that depend on the NoZebra syspref and NZ related functions/methods.

C4::Biblio->
 GetNoZebraIndexes
 _DelBiblioNoZebra
 _AddBiblioNoZebra

C4::Search->
 NZgetRecords
 NZanalyse
 NZoperatorAND
 NZoperatorOR
 NZoperatorNOT
 NZorder

C4::Installer->
 set_indexing_engine

Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 21:17:04 -04:00
d03c8443a4 Bug 9587 Follow up to fix the problem Katrin identified
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Solve that problem, but now koha-qa complains about tabs
in C4/Context.pm.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tests done:
1) System preference 'Persona' added correctly.
2) Persona off, normal login still possible
3) Persona on, Persona login works
4) Persona logout works
5) normal login still possible
6) normal logout still possible

Persona is off by default and uses the primary email address
from the patron account.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
8cb1ac85a2 Bug 9587 : Followup removing a commented out warn that was annoying the qa tools
Not introduced by this work but no reason not to clean it

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: no more complains from koha-qa

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
3e8f39015b Bug 9587 : Follow up, fixing tabs in C4/Auth.pm
And translation problem in masthead.inc

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
493dcede48 Bug 9587 : Mozilla Persona login
Working on Mozilla Persona support (browser id)

    This will let a user log into Koha using browser id, if their email
    address used matches the email address inside Koha.

    Once an assertion is received, we simply need to find the user that
    matches that email address, and create a session for them.

    opac/svc/login handles this part.

    The nice thing about it is, the user doesn't have to do anything, like
    linking their account. As long as the email address they are using to
    identify themselves in browserid is the same as the one in Koha it
    will just work.

    This is covered by a systempreference, to allow people to do it, and
    is of course totally opt in, it works alongside normal Koha (or any
    other method) of login. So only those choosing to use it, need use it

Test Plan

1/ Make sure OPACBaseURL is set correctly
2/ Switch on the Persona syspref
3/ Make a borrower (or edit one) to have the email you plan to use as
the primary email
4/ Click sign in with email, make or use a persona account
5/ Logout
6/ Check you can still login and logout the normal way

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works great.
It's not browser dependent, but tested with chrome, firefox, opera and safari.
Old an new login system works.
Minor errors, addresed in follow-up.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:35 -05:00
Jared Camins-Esakov
0db3cccf87 Merge branch 'bug_9102' into 3.12-master 2013-02-01 10:50:27 -05:00
Jonathan Druart
bc5f5f4f01 Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-01 10:50:12 -05:00
Jonathan Druart
a469663d7b Bug 9108: Followup: send the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
 - opac/sco/sco-main.pl
 - reports/acquisitions_stats.pl
 - tools/cleanborrowers.pl

All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.

Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
  adding dates

Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-17 21:59:30 -05:00
Chris Cormack
a51a78b71c Bug 9102 : Set HttpOnly on the CGISESSID cookie
https://www.owasp.org/index.php/HttpOnly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>

To test, use curl

Before the patch

% curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 06:56:49 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=19689f6e7d8ec94c25269fecebf2f009; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

After patch

 % curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 07:01:04 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=da25baf03c0bc1e2c512a627028e43e6; path=/; HttpOnly
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-04 08:14:01 -05:00
Jared Camins-Esakov
7535f2bfa3 Revert "Bug 7167: New version for updatedatabase"
This reverts commit c9cb55ef47.
2012-12-27 14:02:56 -05:00
Jared Camins-Esakov
72f9f2239f Revert "Bug 7167 follow-up setting DBrevision, before pushing"
This reverts commit 49d6b750cd.
2012-12-27 14:02:55 -05:00
Jared Camins-Esakov
38f8bf4776 Revert "Bug 7167: Set final updatedatabase.pl version"
This reverts commit c34017336c.
2012-12-27 14:02:50 -05:00
Jared Camins-Esakov
c34017336c Bug 7167: Set final updatedatabase.pl version 2012-12-27 11:55:22 -05:00
Paul Poulain
49d6b750cd Bug 7167 follow-up setting DBrevision, before pushing
The 2 files C4/Auth.pm and install.pl *must* have the $version variable
set to what is the last old-mechanism for updatedatabase

This patch set to 3.11.00001 that is the last number when I QA this patch

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
2012-12-27 11:13:58 -05:00
Jonathan Druart
c9cb55ef47 Bug 7167: New version for updatedatabase
This patch use DataTable, see BUG|BZ 6836
      - css/datatables.css
      - lib/jquery/plugins/jquery.dataTables.min.js
      - js/datatables.js

http://bugs.koha-community.org/show_bug.cgi?id=7167

Bug 7167 follow-up

Major changes:
* creating database tables for update on the fly, the  1st time the update script is called
* version is checked on mainpage.pl (and here only). If syspref Version differ from kohaversion.pl, the old updatedatabase is launched. If there are updates missing from new mechanism, the updatedatabase page is reached
* kohaversion check on each page is now useless in Auth.pm, removed dead code
* Updated installer: at the end of the process, retrieve all updates and automatically mark them "OK", as they're included in installer

Minor changes:
* adding copyright
* adding poddoc
* updating a warning, for better clarity
* switching from $$var to $var->
* small TT glitch fixed in updatedatabase.tt
* about.pl now returns the Version systempreference PLUS all the patches that have been applied

Bug 7167 follow-up perlcritic & numbers display & partial apply depending on DEBUG

* add use strict to updatedatabase, that is now perlcritic compliant
* partial apply of DB revs is now managed by DEBUG env variable = if DEBUG=0, the user can just apply every DBrev. If DEBUG=1, we're in a dev env, the user know has the option to apply DBrevs one by one
Display:
* in updatedatabase, small spelling changes
* in about.pl, remove 0 just after . (3.06.01 is displayed as 3.6.1)
* improve the display of applied numbers on about.pl
 - before this patch, if you have N, N+1, N+2, N+3 and N+10 DB rev applied, about was displaying : , N+1 / N+2 / N+3 / N+10
 - after this patch you have N......N+3 / N+10
* add ORDER BY into list_versions_already_knows to have number retrieved in the same order whatever the order they are applied

http://bugs.koha-community.org/show_bug.cgi?id=6679
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Improve the update.pl script

 * Added CLI options to update.pl
 * Call update.pl from the installer.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Now, we check versions on mainpage.pl and after login

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Reimplementing Marcel's suggestions & fixes

 * Fixing the bugguy old version check (that was made against 3.0900000 instead of 3.0900027 -the last current kohaversion number
 * in the CLI script, if there is nothing to report, just say it

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>

Bug 7167: Remove check_coherency

As suggested by Katrin, we've removed the call to check_coherency. It intended to provide readable comments when some SQL was wrong. Removing this sub result in the SQL error being displayed. That's OK because the sysadmin or the developer can google the error, understand it, then fix it.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Changing in .sql parsing

We first split on delimiter and then extract comments. You can now put
\n for delimiter comments.
ex:

DELIMITER ;
-- this is a comment
SELECT * FROM  my_table;
-- another comment

Before this patch, we had to write:
DELIMITER ;
-- this is a comment;
SELECT * FROM  my_table;
-- another comment;

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add .pl and .sql examples

Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)

Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Improve display + factorize get_queries

Despite it's size, this patch is dealing with display questions only:
 * The text "comments" and "queries" was hardcoded in ajax-updatedb-getinfo.pl script. It has been replaced by a JSON call, returning 2 separate values, "comments:" and "queries:" is now in the template, making it translatable
 * Some minor tweak in the display (like putting things in bold, displaying OK in green, warnings in yellow and KO in red)
 * Reordering the column headers for more readability:
    * Status column is merged with availability, column is after status
    * Status/availability terms more clear: "Not applied" instead of "unknown", "Applied and OK", "Applied and failed", "Applied and forced" are the 3 other statuses
    * Removed one click to display comments on DBREv not yet applied: before the patch, one had to click "Show details", then "Get comments", now, "Get comments" is enough

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: FIX typos & moving a script to a proper place

* renamed availables to available
* renamed already_knows to already_applied
* fixed FSF & copyright headers
* removing a "use strict" because we already had use Modern::Perl
* fixed a tiny typo in about.tt

* moving update.pl to misc/bin because it's a CLI script

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add dependency File::Find::Rule

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: We want to execute non-numeric version with the -all option

Dealing with Marcel comment 100:
> Note that the current code around line 52/53 does not
> handle that correctly:
> Argument "\x{74}\x{65}..." isn't numeric in numeric ge (>=) at
> installer/data/mysql/update.pl line 52.

Now, a non-numeric DBRev will be applied if you provide the --all parameter, without throwing the error

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167 reindentation & removing dead code

* The if (! defined $ENV{PERL5LIB}... block was wrongly intented
* The 3 lines running update.pl are useless: the update (new mechanism) is run from admin/updatedatabase.pl script. This part of install.pl is run only when you have "old style" DB revisions.

Summary:
 * old mechanism = it's run as previously, by reaching the installer/install.pl?step=3 page, that applies all revisions
 * new mechanism = when you log-in or reach mainpage.pl, you reach admin/updatedatabase.pl, where you can see what will be run, and run it

Tiny side effect = the check for old mechanism is now done *after* authentification (thus it's not done on each page call). It means that the user will have to enter login/password twice :
 * first to log-in to Koha
 * second to run installer/updatedatabase.pl?step=3
As the old mechanism is deprecated, we can expect this will happend only a few time in the history of a setup, it's not a big deal.

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Don't raise an error in routine TableExists

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: FIX merge

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add .pl and .sql examples

Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)

Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167 follow-up fix POD syntax to please koha-qa.pl
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-27 11:13:54 -05:00
Nadia Nicolaides
4d644c6930 Follow-up Bug 5634: Ordering branches should be case independent
This patch fix the order of branches in the log-in page,
on Branch.pm we added the variable branchcode to the
hash returned by GetBranchesLoop, and this function is used
on Auth.pm to get a list of branches ordered by branchname

To test
1) Use an installation with some branches
2) On login screen the branches are ordered by branchcode
3) apply the patch
4) On login screen the branches are now ordered by branchname

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch works as expected. Before applying the patch the branches
with lower case was at the end of the list. Now they are well ordered.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-21 07:42:18 -05:00
92782d3832 Bug 7067 - OPAC Borrower Self Registration
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.

Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.

For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).

NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay

NEW NOTICE
* Verify by email notice

NEW SLIP
* Temporary card slip

NEW CRON JOB
* delete_expired_opac_registrations.pl
  - Deletes patrons that have not been upgraded from the temporary
    status within the specified delay
* delete_unverified_opac_registrations.pl
  - Deletes the unverified patrons based on the length of time specified
    in the PatronSelfRegistrationExpireTemporaryAccountsDelay

The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.

Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
   of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
    verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.

Test Plan - Part 2 - Borrower Modifications

1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
  Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
   submit.
8) Check the records, you should see the changes take affect on the
   approved one, and no changes to the other two. You should also see
   "Patrons requesting modifications: 1" at the bottom of mainpage.pl
   now.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 7067 - OPAC Borrower Self Registration - Followup

* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
  PatronSelfRegistrationVerifyByEmail is enabled.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:08:59 -05:00
5b8e1548e4 Bug 8804 [Revised] Quiet errors in the log from Auth.pm
Found three cases where variables were being
referenced which did not (in each case) exist. Adding
checks for those variables' existence.

Errors appeared when logged in and viewing a detail
page in the OPAC.

Revision simplifies logic as per RM suggestion.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-01 16:57:19 -04:00
Jonathan Druart
fd9f025889 But 8787: don't load the page if OpacMaintenance is ON
If the syspref OpacMaintenance is ON, it is useless to loaded the
requested page.

To test:
- switch on the syspref OpacMaintenace
- check in your apache access log, zebra log, etc. the requested page is
  not loaded (i.e. on the opac-search.pl page)

Signed-off-by: Marc Veron <veron@veron.ch>
Checked by watching  other_vhosts_access.log
Works as expected

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-24 18:15:19 +02:00
Jared Camins-Esakov
e883a0f065 Bug 8829: Fix authority importing
A subroutine was not being imported by C4::ImportBatch (ironic, no?)
so this patch makes the call fully-qualified. This patch also cleans
up two warnings in C4::Auth that are raised when logged in as the
database user.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-08 18:06:55 +02:00
Fridolyn SOMERS
bd8f01fec0 Bug 8497: Strange behavior when modifying the timeout system preference
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Tested standard login, patron auto-complete, and system preferences.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-05 16:49:24 +02:00
Mark Tompsett
4c8cfd0c29 Bug 8737 - Incorrect icon at login in staff client
Added the following missing code to ensure the correct icon
is used when logged out:
   IntranetFavicon => C4::Context->preference('IntranetFavicon')
This was added into an existing $template->param() call.

Not to be confused with the koha logo on the login page, the
icon is a 16x16 pixel graphic in the browser tab. The default
is found at .../intranet-tmpl/prog/en/includes/favicon.ico.

If the "IntranetFavicon" system preference is set, it should be
used by the staff client regardless of login state. It was not
being used in the "AUTH rejected" section of Auth.pm, but the
OpacFavicon variable was being set. This explains why the
"OpacFavicon" system preference works for the OPAC client, but
not the staff client upon logout.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-03 11:07:14 +02:00
50759af6fe Bug 6679 - fix 3 perlcritic violations in C4/Auth.pm, and enabled warnings
Subroutine prototypes used at line 561, column 1.  See page 194 of PBP.  (Severity: 5)

Bareword file handle opened at line 606, column 5.  See pages 202,204 of PBP.  (Severity: 5)

Two-argument "open" used at line 606, column 5.  See page 207 of PBP.  (Severity: 5)

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch reintroduces 'use warnings' in C4/Auth.pm.
Keep attentive to new warning messages in your log

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-20 12:18:14 +02:00
Frédérick
f913ebe49f Bug 8597: Add system preferences to configure the mobile view.
This patch adds the following system preferences:
* OpacMainUserBlockMobile - alternate content for the MainUserBlock for
  mobile
* OPACMobileUserCSS - custom CSS for mobile views only
* OpacShowFiltersPulldownMobile - whether or not to show the index
  dropdown on the mobile view
* OpacShowLibrariesPulldownMobile - whether or not to show the library
  dropdown on the mobile view

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-09-18 13:42:18 +02:00
ff7417fa91 Bug 8679 [REVISED] Remove usage of Amazon API
This patch removes the AmazonReviews and AmazonSimilarItems
features from the OPAC and staff client. With on Amazon
feature remaining, cover images, the *AmazonEnabled preference
is also removed in favor of checking the *AmazonCoverImages
preference. Two other system preferences, AWSAccessKeyID and
AWSPrivateKey are removed as they were required only by the
removed features.

Handling of book cover images from Amazon is unchanged.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

Turned on amazon covers in opac and staff client and all
worked as expected. Then tested to make sure other cover image
services still worked and they do.

Signing off.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-29 16:05:29 +02:00
daeb964996 8263 Consistent stylesheet prefs
This patch makes the use of opaccolorstylesheet and opaclayoutstylesheet more consistent. They may be: 1) just a file name, 2) a complete local path or 3) a full URL starting with http: for a remote css file.
This makes the syspref opacstylesheet that was only used for a remote css file obsolete.

June 20, 2012 Rebased.
July 18, 2012: Regex allows https too (thanks to Owen Leonard).

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-03 12:03:30 +02:00
Paul Poulain
ba7ac6d3ec Revert "Bug 4460 - Amazon's AssociateID tag not used in links so referred revenue lost"
This reverts commit 68ba16afe8.
2012-07-11 12:33:36 +02:00
68ba16afe8 Bug 4460 - Amazon's AssociateID tag not used in links so referred revenue lost
Rewrite of patch authored by Reed Wade <reed@catalyst.net.nz>

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-07-10 10:59:01 +02:00
Jared Camins-Esakov
36f1fb6308 Bug 8311: Fix scoping error in C4::Auth
There is a mis-scoped function call in C4::Auth, on line 154, where
GetMembers is called without explicit scoping and before
'require C4::Members;'. This does not actually have any functional
ramifications as far as I can tell, but it would be a good idea to fix
it.

This patch also corrects a bit of indenting in that area, because it was
an unnecessary challenge to understand the code with the mis-indenting.

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-29 16:16:55 +02:00
76b80ac33c Bug 8130 - attach PDF files to a patron record
Adds the ability to attach unlimited arbitrary files to
a borrower record.

Test Plan:
1) Enable system preference EnableBorrowerFiles
2) Look up borrower record, click 'Files' tab on left
3) Upload a file, download the file, delete the file.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
rebased for current master.

Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
rebased again; some indentation issues in include menus.
2012-06-28 10:55:51 +02:00
Paul Poulain
a163be4113 Bug 3708 - Add another customizable region to the OPAC: right sidebar nav
This patch creates a new system preference, OpacNavRight, in
which the librarian can add HTML which will appear on the OPAC
main page under the login form. If the user is logged in the content
will appear in place of the login form.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-20 23:11:06 +02:00
Jared Camins-Esakov
3aaaf2f2e4 Bug 7943: Authority search results are untranslatable
The HTML for authority search results was previously generated in
C4::AuthoritiesMarc::BuildSummary, which meant that it couldn't be
translated. This patch moves the HTML generation into the templates
by introducing a new authorities-search-results.inc include file for
both the OPAC and the Intranet which contains a Template::Toolkit BLOCK
for rendering the authority results. Fixes the authority autocomplete
by removing the untranslatable strings, and returning only data from
the database.

To test:
1. Apply patch.
2. Test authority searching in the authority module in the staff client
3. Test authority searching in the authority control plugin in the
   cataloguing module (and the plugin for UNIMARC field 210$c, if you
   can figure out how)
4. Test authority searching in the OPAC

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with MARC21 data.

1) Applies cleanly on current HEAD.

2) Authority search in staff

Patch works wonderfully, only some small notes found while testing that have
not been changed by this patch:

ENH note: Search terms show up nowhere. So if I want to change the sorting, I have to
repeat typing in my search term. Even if the form does not keep the term, it
should be visible somewhere on the screen what I searched for.

ENH note: The pagination on top and at the bottom of the result list are formatted
differently. Maybe some missing CSS?

ENH note: Also the authority type is not shown at all in the result list.

3) Cataloguing and authority plugins

The autocomplete function works nicely.

ENH note: There is only one small enhancement
I could imagine. If I start my search from 100 it will limit the search to
'persons' but the autocomplete will also suggest other authorities. It would
be a bit cleaner, if the autocomplete could limit by the appropriate authority
type too. Very nice feature.

Plugins overall work nicely. Created links include the authority numbers and work
correctly.

4) Authority search in OPAC

Works nicely. Display is consistent, but translatability greatly improved.

ENH note: In staff we use 'Details' in OPAC we use 'View full heading' - I wonder
if maybe 'details' would be better understandable for users?

Note: Code reveals a system preference 'AuthDisplayHierarchy' that is
not available in the system preference editor. I talked to Jared and he
will work on this feature later on. For now it's no regression, as the
preference has never been visible.
2012-06-20 10:07:30 +02:00
Dobrica Pavlinusic
91bf568114 Bug 7810 - C4/Auth.pm - on plack restart session is undefined
So we shouldn't try to delete it. This produces application error
instead of redirection to login page.

I had similar problems with CGI, especially when session in browser
is still active, and one on filesystem or database is already expired.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Solved the problem when my Plack installation started acting up due to
stale cookies.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-11 18:11:52 +02:00
Chris Cormack
509d673f10 Bug 7941 : Fix version numbers in modules
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-11 17:29:38 +02:00
Katrin Fischer
47fac215af Bug 7935: Introduce sys pref to control 'browse results' in OPAC
Patch introduces a new system preference "OpacBrowseResults" to control
the feature for browsing and paging through results shown on top of the
left menu on detail pages in OPAC.

Preference is activated by default and can be deactivated using the
system preference.

To test:
 - Check database update works correctly
 - Check that browsing and paging still works with after database update
 - Deactivate the feature by setting 'OpacBrowseResults' to 'Disable'
 - Check the feature does no longer show up in OPAC
 - Check that a new installation also has the system preference with correct default

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2012-04-10 15:26:37 +02:00
7eef4c8c70 Bug 5668 - Star ratings in the opac
patch applied to commit eb3dc448d2

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

Turned on star ratings in the opac on details and results
Searched for titles - saw the stars
Clicked on a title
Clicked on the stars
Clicked on the stars to change my rating
Logged out
Tried to click on stars
Logged in as different user
Rated items that were rated already and saw average change
Changed preference to show only on detail and repeated tests
Changed preference to now show stars

All above tests passed. Signing off.

Rebased 3-19-12 by Ian Walls

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-04-10 14:40:49 +02:00
Dobrica Pavlinusic
d0b2d72e0b Bug 7766 - C4/Auth.pm: emit DEBUG output to STDERR
writing to STDOUT breaks plack when running with DEBUG=1

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-04-04 18:09:24 +02:00
c4d21bcbfe Bug 7310: Code changes for Improving list permissions
This lays the foundation for further changes for report 7310.
Implements following points from the wiki page List permissions:
1) Preference that controls if users may create public lists in opac.
2) New add/delete own/delete other permissions per list.

Code has been changed (in some cases refactored). New permissions are not yet visible; with this patch current functionality is kept as much as possible while resolving several issues, improving permissions and extending the code for further developments (using the new permissions and sharing lists).

Feb 23, 2012 (revision): Changed defaults for new lists. Could also remove routine GetRecentShelves by using GetSomeShelfNames in catalogue/search.pl just as opac-search.pl already did. (More consistent.)

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>

Feb 29, 2012: Automerge version.
March 5, 2012: Rebase for pushed 4912 patch.
March 21, 2012: Rebased. Resolving some conflicts in relation to pushed report 7719.
2012-03-21 16:46:40 +01:00
Robin Sheat
4cbeeedbe8 Bug 6296: allow users to be authenticated by SSL client certs
This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress

If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.

The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.

This is an example of what might go in the Apache configuration for the
virtual host:

    #SSLVerifyClient require # only allow PKI authentication
    SSLVerifyClient optional
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
    SSLOptions +StdEnvVars

The last line ensures that the required details are
passed to Koha.

To test the PKI authentication, use the following curl command:
    curl -k --cert client.crt --key client.key  https://URL/
(look through the output to find the "Welcome," line to indicate that a user
has been authenticated or the "Log in to Your Account" to indicate that a
user has not been authenticated)

To create the certificates needed for the above command, the following series
of commands will work:
    # Create the CA Key and Certificate for signing Client Certs
    openssl genrsa -des3 -out ca.key 4096
    openssl req -new -x509 -days 365 -key ca.key -out ca.crt
    # This is the ca.crt file that the Apache config needs to know about,
    # so put the file at /etc/apache2/ssl/test/ca.crt

    # Create the Server Key, CSR, and Certificate
    openssl genrsa -des3 -out server.key 1024
    openssl req -new -key server.key -out server.csr

    # We're self signing our own server cert here.  This is a no-no in
    # production.
    openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
        -set_serial 01 -out server.crt

    # Create the Client Key and CSR
    openssl genrsa -des3 -out client.key 1024
    openssl req -new -key client.key -out client.csr

    # Sign the client certificate with our CA cert. Unlike signing our own
    # server cert, this is what we want to do.
    openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key \
        -set_serial 02 -out client.crt
    openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
    # In theory we can install this client.p12 file in Firefox or Chrome, but
    # the exact steps for doing so are unclear, and outside the scope of this
    # patch

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Tested with Common Name and E-mail authentication, as well as with PKI
authentication disabled. Regular logins continue to work in all cases when
SSL authentication is set to optional on the server.

Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA comment: synchronized updatedatabase.pl version of syspref with sysprefs.sql
version, to avoid divergent databases between new and upgrading users.
2012-03-19 17:02:44 +01:00
2577e0b6c5 7261 Followup to make tests consistent
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2012-03-14 14:14:24 +01:00
Juan Romay Sieira
68ddf79121 Bug 7261 System Preference to select the first day of week
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
2012-03-14 14:14:12 +01:00
808b2a44c4 Bug 7616 - Remove unused template markup for css_libs, css_module, js_libs, etc.
Removing references to unused template variables and markup.

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-03-08 16:06:04 +01:00
52afe06ddd Bug 6193 - Follow up: use SetEnv and remove memcached from koha-conf.xml
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Confirmed that memcached is still being used after the memcached configuration
in koha-conf.xml was removed, and the following two lines were added to
both virtual hosts in koha-httpd.conf:
SetEnv MEMCACHED_SERVERS "127.0.0.1:11211"
SetEnv MEMCACHED_NAMESPACE "KOHA"
2012-02-20 23:24:02 +01:00
Paul Poulain
e780e0669c Bug 6875 de-nesting Auth.pm
* removed use C4::Koha that is useless
* moved "use C4::Members" to "require C4::Members" just before GetMemberDetails call. This will avoid loading C4::Member everytime a page is called by someone not logged

* still to do = work on C4::VirtualShelves, that can be optimized, definetly !

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master, 28 Jan 2012

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Please WAIT with virtual shelves. Working on that..
Tested and marked as Passed QA.
2012-02-15 14:58:42 +01:00
MJ Ray
d4b132136c Bug 7476 Remove executable bit from files that probably should not be executed
Signed-off-by: Aleksa Vujicic <aleksa@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended to replace some copy-and-paste comments only with consent of MJR.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-03 14:22:15 +01:00
Paul Poulain
81cf767b17 Merge remote-tracking branch 'origin/new/bug_7367' 2012-01-27 12:38:00 +01:00
9c0ce2bf3b 7367 Removing reintroduced debugging statement from Auth.pm
Commit 07d1eae7cc removed this statement from the module, but some months later commit 7b12e07d3b reintroduced it again while reindenting code ;)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2012-01-27 12:30:48 +01:00
Jared Camins-Esakov
587e2e920e Bug 1633: QA follow-up
* Show the "Upload images" button when OPACLocalCoverImages is enabled but
LocalCoverImages (i.e. local cover images on the staff client) is not
* Correct copyright and license comments in new files
* perltidy and replace tabs by four spaces

Signed-off-by: Koustubha Kale <kmkale@anantcorp.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-24 11:16:10 +01:00
Jared Camins-Esakov
b4fb5d4095 Bug 1633: [SIGNED-OFF] Add support for uploading images to Koha
A frequently-requested feature for Koha, especially by special libraries, is
the ability to upload local cover images into Koha.

This patch adds a bibliocoverimage table, and image handling code in the
C4::Images module. Key features of the implementation include:
1. The ability to have multiple cover images for a biblio
2. Handling for "full size" (800x600) and thumbnail-size (200x140) images
3. Uploading images directly from the record view

The image display functionality by Koustubha Kale of Anant Corporation will
follow in a second patch.

Special thanks to Koustubha Kale and Anant Corporation for the initial
implementation of local cover images, and to Chris Nighswonger of Foundation
Bible College for his prior work on patron images.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Will add comments on Bugzilla.

Patch failed to apply because installer/data/mysql/sysprefs.sql had changed in master.
Corrected the same with this new patch.
2012-01-24 11:16:02 +01:00
Julian Maurice
8ffbf4e88c Bug 6694: Problem with casAuthentication syspref
A missing test in checkauth caused anonymous session to be destroyed and
re-created at every call when this syspref was set.
Almost the same issue is also fixed in check_api_auth, which caused
C4::Service->init to fail.

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-20 14:19:56 +01:00
Duncan Tyler
00290e8619 Bug 6627 [Signed Off] - Update to improve security in specified log files - bug 6627
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Verified sessionlog file is not written to /tmp when patch is applied. Also verified original bug - logging in did in fact log to /tmp.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-06 14:20:34 +01:00
Salvador Zaragoza Rubio
4a2a95cc25 Bug 6483 - Paging in opac-detail when coming from a search
Add paging in opac-detail when coming from a search to be
able to continue viewing the previous and next register
from the detail without returning to the results.
The partial list pagination can be showed to increase forwarding
or rewinding in the pagination.
It's implemented for Zebra search and not build_grouped_results.

The param busc with all the information from the search is stored
on the session when running opac-search and opac-detail, outside these
pages the busc param is removed from the session.

A list of the biblionumbers inside the OPACnumSearchResults range
is passed to avoid repeating the searching everytime we see the
previous or next biblio. The searching will be run again when
we are going to exceed the list and a new one will be calculated
from the new search.

Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-21 04:57:09 +13:00
bf64266e99 Follow-up fix for Bug 4473 - Recent comments view for the OPAC
This follow-up adds a system preference which controls display
of a link to recent comments in the OPAC masthead alongside
"Advanced search," "Tag cloud," etc.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-20 12:12:45 +13:00
Chris Cormack
a118102d4e Merge remote-tracking branch 'kc/new/bug_5995' into kcmaster 2011-10-15 12:59:34 +13:00
Ian Walls
dcb4ac77fb Bug 5995 Followup: checkpw was returning inconsistent values
In the case of LDAP, checkpw was returning the cardnumber of there user, but it was being treated as the
userid.  This patch updates checkpw_ldap to return the cardnumber AND the userid, and updates checkpw to
uniformly return cardnumber and userid in all instances, so that whoever is authenticating can use the
desired value in the right way.
2011-10-15 12:58:10 +13:00
d7cbdd3d0b Bug 6825 OpacNav menu hide user menu on opac-user.pl page
This patch add a new syspref OpacNavBottom which is placed on all pages
after OpacNav. On Patron pages, specif patron links are placed between
OpacNav and OpacNavBottom, like this:

  OpacNav
  Patron links
  OpacNavBottom

To test:

  1 Apply this patch
  2 For RM, modify kohaversion.pl and updatedatabase.pl appropriately
  3 Test that OPAC pages are displayed as before, OpacNav on the left
  4 Test OPAC patron pages: OpacNav is as before displayed after patron
    links
  5 Split OpacNav between itself and OpacNavBottom
  6 Patron pages display patron links between OpacNav and OpacNavBottom

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-14 11:20:06 +13:00
Paul Poulain
1c0702c76e Bug 5630, follow-up
Fixes chris comment 28, that was a consequence of Marcel comment 27
Recent error
[Thu Sep 01 14:22:45 2011] [error] [client 192.87.126.61] [Thu Sep  1 14:22:45
2011] opac-MARCdetail.pl: DBD::mysql::st execute failed: Unknown column
'limit_desc' in 'field list' at /usr/share/koha/testclone/C4/Auth.pm line 276.
Seems to come from this commit 9a3950f673 (5630
CAS Improvements)

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:51:12 +13:00
Ian Walls
74c7c4e3a5 Bug 5630 Followup: checkpw_ldap not imported
If LDAP authentication is used, Koha barks that C4::Auth::checkpw_ldap is
undefined, which is true.  checkpw_ldap needs to be imported from C4::Auth_with_ldap,
like it was before the bug fix for 5630

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:50:50 +13:00
Chris Cormack
046c996c2f Bug 5630 CAS improvements
Squashed commit of the following:

commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:39 2011 +0100

    Bug 5630 : fixing C4/Auth.pm

commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:38 2011 +0100

    Bug 5630 : Adds CAS documentation

commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:37 2011 +0100

    Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on

    Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>

commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:36 2011 +0100

    Bug 5630 : Adds the ability to authenticate against multiple CAS servers

commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:34 2011 +0100

    Auth_with_cas : removing a warning

    $sth was defined twice in a function
    Removing the second definition

commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:33 2011 +0100

    Bug 6012 : MT 2270: CAS proxy

    CAS Proxy
    Examples included are now really usable

    Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:49:49 +13:00
Jared Camins-Esakov
f09e2ca27e Bug 5528: Analytic records support
Display links to parent biblios, show linked items in holdings, allow holds on
linked items. This uses MARC to maintain relationships.

Sponsored by the Mississippi Department of Archives and History and RapidRadio
Solution. Originally developed by Savitra Sirohi and Amit Gupta at OSSLabs, with
UNIMARC support added by Zeno Tajoli. Commits squashed and merge conflicts
resolved by Chris Cormack from Catalyst. Respect for NORMARC and some small
framework portability fixes made by Jared Camins-Esakov of C & P Bibliography
Services.

IMPORTANT NOTE: A bug in the 773 coding for MARC21 was corrected from the
original OSS Labs code. The 773s generated by the pre-release code did not have
the first indicator set to '0', which means that they were not supposed to
display. Going forward, the first indicator will be set correctly, but existing
records created with this code will no longer appear (they appeared before only
due to another bug). To correct this, you could globally (or, to make sure you
only modify records created with the Analytics tool, for records with 773$0)
change the first indicator of the 773 from blank to '0'.

== Background ==
An analytic record for an item is a more detailed, monographic biblio for an
item attached to a serial record .  This is often used for special issues of a
journal that are released as books on their own (assigned an ISBN, as well as an
ISSN/volume/issue).  It is important for researchers to be able to search for
these items both as issues of the serial, and as monographs.  It is equally
important for the library to not have duplicate item records for the item in
question to have to keep synchronized.

== Establishing relationships ==
Analytical records are connected to items belonging to parent or host
bibliographic records. This can be accomplished by:
* From an analytical bibliographic record linking to an host item by providing
  the item barcode as input
* From a host item by using option "analyze", this creates a new empty
  bibliographic record with field 773 (MARC21) populated
* Running a new CLI script that establishes a relationship between the
  analytical record and the host item identified by the barcode in the
  analytical record's 773$o (MARC21)

== Connecting Records ==
The relationships are maintained in the MARC records, we have not used database
tables at all.

== MARC Representation ==
In MARC21/NORMARC we have used:
* 773$9 to store the Koha item number of the host item
* 773$0 to store the Koha biblio number of the host bibliographic record

The above fields are used to display the relationships in various screens in the
OPAC and the staff interface. Additionally, when populating field 773 with host
item's details, we have used following MARC 21 mapping:
* 'a' <= 100/110/111 $a (author main)
* 'b' <= 250$a (edition)
* 'd' <= 260$a, 260$b, 260$c (place, publisher, year)
* 'o' <= barcode
* 't' <= 245$a (title)
* 'w' <= (003)001 --> if no 001 is available, we can populate biblionumber
* 'x' <= 022$a (issn)
* 'z' <= 020$a (isbn)

In UNIMARC, this code uses:
* 461$9 to store the Koha item number of the host item
* 461$0 to store the Koha biblio number of the host bibliographic record

When populating field 461 in UNIMARC, the following mapping is used:
* 't' <= 200$a (title)

== Treatment of Holds ==
A key requirement was to allow holds to be placed on host items from the
analytical record. We have accomplished this by allowing holds on specific
copies only. Biblio level holds are not allowed. This ensures that holds are
placed on specific items that are relevant to the analytical record.

== Deleting host items with linked analytical records ==
As we have not used database tables to maintain relationships, we had to use
search to find out if any linked analytical records are present. If 1 or more
analytical are present, we do not allow deletion of items. This is similar to
what we see when we try to delete authority records.

== Importing analytical records ==
Analytical records can be imported using bulkmarcimport or the GUI tools. The
new CLI script can be executed after the import to establish relationships with
host items. The script will establish relationships using the host item's
barcode, the barcode must be present in 773$o of the analytical record.

== What if there are two or more copies of the host item? ==
The current design will require that there be two host (773) fields, one for
each copy.

== What if there is no barcode available for the host item? ==
It is still possible to establish a relationship, by populating 773$9 with the
host's item number. However the CLI script uses barcode in 773$o to establish
relationships so it won't work where barcodes are unavailable. Also from an
analytical record, it is possible to establish a relationship to a host item by
providing the barcode as input, this option will not be available as well.

Commits that added the following features were squashed by Chris Cormack (this
is not a list of every commit):
* Display links to host records from biblio detail screens
* Support for UNIMARC, respecting the system preference 'marcflavor'
* Support holds from the OPAC
* Ability to link to items belong to host records from a analytical record
* Display items belonging to host records in the moredetail page
* Ability to edit items belonging to host records, also ability to delink from
  them
* Move get host items code into a C4 routine, also calling the new routine in
  related perl scripts
* Move host field population to a C4 routine, all changes in pl files to call
  new routine
* Allow only specific copy holds for analytical records plus changes to use new
  C4 routines
* Support for holds on items linked via host records
* Storing bibnumber and itemnumber in subfields 0 and 9, plus other mapping
  changes
* New command line script that establishes relationships between analytical
  records and host items and bibs. The script looks for host field (MARC21 773)
  in records, and based on barcode in subfield 'o' populates host bibnumber in
  subfield '0' and host itemnumber in subfield '9'. The script can be run after
  an import of analytical records, it can also be run in the crontab to maintain
  the relationships
* Ability to create analytical records from items, to view linked analytics, and
  prevent deletion of items that have linked analytics
* New template for catalogue/detail.pl (NOTE: not a new template file, just a
  new way of displaying analytics), template displays linked analytics and
  allows creation of analytical records
* New zebra index for item number in host fields. This index will be used to
  display links to analytical records from host records
* Display title of host record instead of the phrase host record
* Using detail.tmpl for analytics tab instead of a new template file
* Improved qualification info prepration in Prephostmarcfield
* Check for linked analytics before deleting item
* Display link to host record and more meaningful anchor text for edit item link
* Analytical record: Unimarc index in record.abs and help in
  create_analytical_rel.pl
* Adding a sys pref that controls display of options to create analytical
  relationships
* Add host entry in XSLT stylesheet in staff item detail
* Added host record support to OPAC detail XSLT
* Adding 773$0 and 773$9 to all frameworks
* Adding 773 subfields 0 and 9 to default marc framework via updatedatabase.pl
* Display create analytics and used in links in catalog detail
* Fixed problem where analytical records not showing in OPAC search results
  because GetMarcBiblio now needs a flag to add item records
* Fixed problem where analytics count was set to 1 for all records, not just
  those with analytics
* Fixed catalogue detail page not to show analytics counts if count is 0

Conflicts:
	installer/data/mysql/updatedatabase.pl
	koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbiblio.tt
	kohaversion.pl

Co-author: Savitra Sirohi <savitra.sirohi@osslabs.biz>
Co-author: Zeno Tajoli <tajoli@cilea.it>

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:03:39 +13:00
Robin Sheat
85b1d6d558 Bug 6636 - add 'powered by Koha' text to OPAC footer
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
  QA control: added () inside 2 [% IF %]

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-09 20:13:09 +13:00
6b8be20497 Bug 6755 Problems with switching languages
This patch solves the situation that news is in another language than
the Koha interface AND makes that themelanguage routine is always called
the same way in order to prevent mixed display.

It fixes also a bug related to language preselection based on web
browser prefered language.

September 9: Adjusted with input of Frederic Demians.

Septembre 10: Avoid circular dependency, as pointed by Chris Cormack.
Templates related functions are moved from C4::Output to C4::Templates

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-09-23 09:47:09 +12:00
Chris Cormack
e8f654fcd2 Revert "Bug 5630 CAS improvements"
This reverts commit 9a3950f673.
2011-09-02 13:22:20 +12:00
Chris Cormack
9a3950f673 Bug 5630 CAS improvements
Squashed commit of the following:

commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:39 2011 +0100

    Bug 5630 : fixing C4/Auth.pm

commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:38 2011 +0100

    Bug 5630 : Adds CAS documentation

commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:37 2011 +0100

    Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on

    Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>

commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:36 2011 +0100

    Bug 5630 : Adds the ability to authenticate against multiple CAS servers

commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:34 2011 +0100

    Auth_with_cas : removing a warning

    $sth was defined twice in a function
    Removing the second definition

commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:33 2011 +0100

    Bug 6012 : MT 2270: CAS proxy

    CAS Proxy
    Examples included are now really usable

    Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-10 13:16:35 +12:00
cbf473d592 Bug 5429 : Open Library book covers
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-04 13:30:23 +12:00
Colin Campbell
306dc79217 Bug 5453 : Move declarations out of conditionals
Patched for C4 Modules

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-07-15 15:50:24 +12:00
Francois Marier
413f306961 Bug 6298 : Create new ShowReviewerPhoto preference
This new system preference (in OPAC Features) allows libraries to
turn off reviewer photos entirely if they want to. The default is
for these photos to be shown.

Note that this setting is linked to ShowReviewer in that both of
them need to be turned ON for the avatars to be displayed.

Signed-off-by: Francois Marier <francois@debian.org>
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-07-05 15:01:13 +12:00
Matthias Meusburger
417c9084b4 Bug 5995 : MT2892: Fix security issue in CAS intranet login
Users could log in intranet using their cardnumber, with superlibrarian
rights.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-05-14 04:31:59 +12:00
Colin Campbell
0d663c7e8a Bug 6237: remove compile time warning
Remove a 'variable in void context' warning from
C4::Auth which shows up as a compile warning in all users of
the module and generates log noise

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-22 07:30:55 +12:00
Chris Cormack
1e7c5166aa Merge remote branch 'kc/master' into new/enh/bug_5917 2011-04-08 14:29:21 +12:00
Colin Campbell
0cf2eccfe9 Bug 5529 Absence or Presence of lists not being reliably returned
C4::VirtualShelves::GetRecentShelves contained some rather confused
code The contents of the requested list are returned in an arrayref
which was in its turn being wrapped needlessly in an array
As a result the returned array always consisted of a single element
irrespective of the number of lists.
Made the routine return the arrayref, which can now be tested directly
Unfortunately rather than fixing this we had previously coded around it
assuming it to be a "design" decision. Have amended other calls of
the subroutine resulting in some hopefully less obscure code

Fixed logic error in the results template which displayed new list
within a test for the presence of lists

Removed the offset parameter from the sql in the routine as it was hardcoded
to 0 i.e. the default value

Signed-off-by: fdurand <frederic.durand@univ-lyon2.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-08 10:51:47 +12:00
Chris Cormack
363ea5ce08 Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/updatedatabase.pl
2011-04-05 15:39:12 +12:00
Chris Cormack
cd62e6ed02 Bug 5917 : Fixing a problem with login 2011-04-04 12:56:01 +12:00
Chris Cormack
ead56def26 bug 4865: Enable session storage in Memcached
Note: this requires CGI::Session::Driver::memcached to be installed

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-04 10:38:50 +12:00
Chris Cormack
eb4ad6e44e Merge remote branch 'kc/master' into new/enh/bug_5917 2011-04-03 22:35:24 +12:00
Katrin Fischer
284cfbc234 Bug 5897: Add new syspref ShowReviewer
This patch adds a new syspref ShowReviewer.

If ON (default) the reviewer/author of an OPAC comment will show.
If OFF the reviewer's name will be hidden.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-01 20:15:46 +13:00
Chris Cormack
6350a7d1cb Bug 5917 : Fixing a bug with signedin users 2011-03-31 08:59:27 +13:00
Chris Cormack
76184e1db0 Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
2011-03-30 08:39:10 +13:00
b5a050d759 Fix for Bug 5833, opacstylesheet not loading on all pages
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-29 21:58:14 +13:00
Chris Cormack
96f7cfabca Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
	installer/data/mysql/ru-RU/mandatory/system_preferences_full_optimal_for_install_only.sql
2011-03-23 21:47:03 +13:00
Jared Camins-Esakov
637cf26045 Bug 5641: Replace Favicon through staff client
This patch adds two sysprefs:
OpacFavicon
IntranetFavicon

The two sysprefs take full URLs to an alternate favicon.ico file for the OPAC
and Staff Client, respectively. Leaving them blank will use the favicon.ico file
that is included with Koha.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-23 21:41:32 +13:00
Chris Cormack
dbf6bd4be0 Merge remote branch 'kc/master' into new/enh/bug_5917 2011-03-22 15:06:44 +13:00
Jared Camins-Esakov
0a1f05a5a2 Bug 5390: OPAC loses library selection
This patch ensures that the OPAC library selection masthead will always default
to the branch that is currently being searched. This only applies to systems
with multiple branches and OpacAddMastheadLibraryPulldown turned on.

To test: do a search in the OPAC, limiting by branch. The search results will
still have that branch selected in the masthead dropdown.

This patch also fixes bug 5852 and bug 3778.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Liz Rea <lrea@nekls.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-22 14:59:16 +13:00
Chris Cormack
03890c90ac Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/en/mandatory/sysprefs.sql
2011-03-21 19:54:11 +13:00
Colin Campbell
7f0a326da5 Bug 5890 Correct Mismatched operator in comparison
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-18 10:47:52 +13:00
6709d0e4f7 Follow-up correction for Bug 5462 - Fix variable names for template::toolkit
Previous commit modified checks for the item-level_itypes preference
to look for a different variable name but didn't update where that
variable is set in Auth.pm.

Other scripts perform a direct check of item-level_itypes and must
continue to use the name of the variable in the database.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-08 21:03:28 +13:00
Ian Walls
a0dc124a95 Bug 3881: OPAC Privacy reimplementation
Reimplements Paul Poulain's original OPAC Privacy patch, with some minor improvements and changes to wording

If the library enables the OPACPrivacy system preference along with the opacreadinghistory preference, and sets
an AnonymousPatron (must be a valid patron number in the database), the user will see a new tab upon login to
the OPAC, My Privacy.  From there, the user can:

- Set their OPAC Privacy to one of three values
  0 - Forever.  This keeps their reading history unless they explicitly delete it; the bulk anonymiser won't touch it
  1 - Default.  Keep reading history until either they delete it or the library does
  2 - Never.    Instantly anonymises reading history upon item return

- Instantly delete their reading history
  There is a warning and a popup to confirm.  I've removed Paul's extra confirm checkbox, which seemed redundant

A note of which preference the patron has selected is added to the Patorn Details page in the staff client.  This is read-only.

This patch also consolidates Privacy system preferences into the Privacy section of the OPAC tab.

Thank you to BibLibre for the original implmentation of this patch, and Los Gatos Public Library for funding and
testing the reimplementation.

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-01-31 22:23:50 +13:00
Mason James
f46b03cf2d Bug 4289: 'OpacPublic' feature
applied to git tag 'v3.02.00-rc'

Frédéric Demians:

  - Rebased this patch to HEAD
  - Solved a merge conflict
  - The patch works as described here:
    http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4289

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-01-19 14:30:34 +13:00
Katrin Fischer
c6a9141413 Bug 3381 - Add an IntranetUserCSS system preference
Add an IntranetUserCSS sys pref that works like OPACUserCSS in OPAC only for intranet.
2010-12-13 08:01:41 +01:00
1bd67e28e5 Bug 5066 (Log timestamp consistently in _session_log)
Small fix with thanks to Galen.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-18 09:00:10 +13:00
d4f02c469b Fix for Bug 4359, noItemTypeImages not active in OPAC
- Auth.pm put the noItemTypeImages preference under "intranet only."
  Moved it to "OPAC or intranet."
- Added check for the preference on the OPAC advanced search page.
- Improved logic for displaying images on the reading history page.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-13 20:19:12 +13:00
Chris Cormack
f9299b1a76 Merge remote branch 'kc/master' 2010-11-01 10:56:05 +13:00
2b8470ddf8 bug 3756: start removing references to disused sysprefs
holdCancelLength
PINESISBN
sortbynonfiling
TemplateEncoding

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-10-21 20:35:35 -04:00
Chris Cormack
f245998ac9 Merge commit 'kc/master'
Conflicts:
	docs/history.txt
2010-06-25 10:43:18 +12:00
0700a8b732 bug 4896: granular permissions now always on (DB rev 138)
Per the following koha-devel thread, the use of
staff user subpermissions, AKA granular permissions, is
now the default behavior in Koha.  This patch removes
the GranularPermissions system preference.

[1] http://lists.koha-community.org/pipermail/koha-devel/2010-February/033670.html

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-06-19 07:56:03 -04:00
Chris Cormack
4c14cd317e Merge commit 'kc/master' 2010-06-14 09:15:00 +12:00
Andrew Elwell
8480f56370 Another batch of POD cleanups
Signed-off-by: Andrew Elwell <Andrew.Elwell@gmail.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-06-09 08:38:56 -04:00
Jane Wagner
fde1abd82e Bug 4394 REVISED Allow opaccolorstylesheet syspref to use an external URL
Previous code would only allow for an auxiliary stylesheet on the same server.  This checks for
http in the opaccolorstylesheet syspref.  If it's found, sets a different variable pointing to the
remote server location.  If not found, retains the previous css directory path.

Also modifies the description of opaccolorstylesheet in the installer files to reflect current
usage as an auxiliary stylesheet.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-05-17 12:32:46 +12:00
46737a702c fixed Syndetics breakage
Reverts part of commit 7b12e07 that removed references
to the Syndetics sysprefs in C4::Auth for no apparent reason.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-05-05 12:11:30 -04:00
86c82d0aaa Fix to enable Amazon cover images in the staff client.
Since this fix enables the previously-missing variable
'AmazonEnabled' in Auth.pm, this will also enable other
Amazon content in the staff client like Product
Descriptions and Amazon Similar Items (See Bug 3863)

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-29 21:03:58 -04:00
Donovan Jones
593a7d8e6a Bug 2505 - Add commented use warnings where missing in *.pm 2010-04-21 20:28:51 +12:00
Lars Wirzenius
4523a2df0d Fix file permissions: if it is not a script, it should not be executable.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-16 00:40:34 -04:00
777e5d53cd fix typo in variable name
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-17 09:15:45 -04:00
Srdjan Jankovic
863938f16c Escape input that goes in HTML; Reworked search history insert SQL
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-17 09:12:01 -04:00
b340fb834c bug 4314: add using_https environment variable
Added new HTML template variable, using_https, for use
of OPAC or staff-side templates that may need to know
whether to use http:// or https:// links to off-site
content.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:23:35 -04:00
Lars Wirzenius
7279f55b60 Fix FSF address in directory C4/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:56 -04:00
79b8fca2b1 Additional changes to fix Bug 3920, XSLTdetailDisplay syspref controls both OPAC and Intranet
This patch adds XSLTDetailsDisplay and XSLTResultsDisplay variables
for the staff client, OPACXSLTDetailsDisplay and OPACXSLTResultsDisplay
variables to the OPAC. Note that the XSLTResultsDisplay doesn't actually
do anything because no one has added an XSLT version of search results
to the staff client.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-10 22:36:25 -05:00
ff4d456072 Bug 3920 - Add 2 syspref to activate XSLT use in OPAC/Intranet
- Add two syspref:
  - OPACXSLTResultsDisplay
  - OPACXSLDetailsDispay
- Add them to .pref files and dispatch them beetween OPAC and Search
  tab.
- Upgrade DB version to 3.2 .113
- Fix something wrong in UNIMARCslim2intranetDetail.xsl
- Display OPAC result and detail pages using those syspref.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 08:08:44 -05:00
1f54d10475 Fix for Bug 4073, Add globally template variable for dateformat setting
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-02 18:37:37 -05:00
Nahuel ANGELINETTI
800494a5ef (bug #4004) disallow access for non-logged in users in opac
This doesn't define borrowernumber = 0 if a borrower is NOT logged.
We know borrowernumber 0 is mysqluser... So in virtualshelves, a non logged user have all permissions.
2010-01-28 15:11:52 +01:00
Kyle M Hall
2d1d4cd6e7 OpacAddMastheadLibraryPulldown
In the current OPAC, there is no easy way to search a particular library.
By default, a user searches all libraries, or with SearcMyLibraryFirst turn on,
the user's home library. In dev_week, a library pulldown menu existed in the search masthead.

This commit adds the option to bring that pulldown menu back
by turning on the system preference OpacAddMastheadLibraryPulldown
2010-01-20 22:38:23 +01:00
9cdf370f67 Fix for Bug 3589, OpacHighlightedWords sys pref does nothing 2010-01-15 10:12:28 +01:00
ec48133f71 Bug 3863 - Amazon Content Not Working
Sysprefs were not sent to templates.
2009-12-20 14:27:03 +01:00
Henri-Damien LAURENT
5b9ed679c5 haspermission signature had changed 2009-11-23 17:05:55 +01:00
Matthias Meusburger
54b6b9bd1d Remove ticket parameter from auto added hidden fields.
(Normal login directly after a failed CAS login didn't work previously to this removal)
2009-11-23 16:37:54 +01:00
Matthias Meusburger
c92bc8d73b Added debug mode for CAS warn messages 2009-11-23 16:34:31 +01:00
Matthias Meusburger
26d85c3cd6 Add missing return when CAS user is invalid 2009-11-23 16:32:40 +01:00
Henri-Damien LAURENT
36a01ea347 Second CAS version : CAS and non-CAS login can coexist
Conflicts solved :

	C4/Auth.pm
	opac/opac-main.pl
2009-11-23 16:26:35 +01:00
Matthias Meusburger
77ab8970f1 Add a syspref for CAS logout 2009-11-23 16:23:27 +01:00
Matthias Meusburger
acdd090246 Moved CAS configuration from config file to sysprefs 2009-11-23 16:23:20 +01:00
Henri-Damien LAURENT
7126496210 First CAS version : when CAS is enabled, login through CAS is mandatory
Conflicts solved C4/Auth.pm
2009-11-23 16:21:37 +01:00
Nahuel ANGELINETTI
2bf19bc97a (bug #3674) allow users creation with disabled password 2009-11-19 10:40:28 +01:00
Paul Poulain
ed047fead8 adding XSLT for intranet (UNIMARC only, MARC21 will be done by kf)
- the XSLTParse4Display sub now has a new parameter : the interface (intranet or opac)
- the XSLTdisplay sysprefs is common to staff & opac (Auth.pm)
- added UNIMARC xslt in intranet templates (modified to deal with staff/opac differences)
2009-11-10 22:23:50 +01:00
Matthias Meusburger
38b3a375b4 MT 1110, Follow-up : Balance cart and lists : cart is now in the intranet 2009-10-14 15:27:40 +02:00
Paul Poulain
7b12e07d3b adding acquisition as sub-perm managed module
+ some reindenting
2009-09-30 11:30:14 +02:00
Henri-Damien LAURENT
feeafa8168 Adding Opac-SearchHistory feature
Enables ppl to store their search history and delete the whole history

Adding Storable required by Opac-Search-History

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-30 11:22:21 +02:00
Michael Hafen
5de6ec3c15 Avoid potentially unnecessary database call in Auth
Auth, after verifying the session/logging in the user, calls to the database
to get the users borrowernumber.  This call is probably unnecessary because
borrowernumber is part of userenv.  Check userenv before going to the database.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-14 20:29:39 -04:00
Nicole Engard
6dd6af59c2 Bug 2576: Added OPACFinesTab Syspref
This preference allows library staff to decide whether to show
the fines tab in the OPAC for logged in patrons.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:47:35 -04:00
Nicole Engard
e71c8a4343 Bug 1172: Added OPACPatronDetails system preference
This patch allows library staff to disable the patron details
tab on the OPAC.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:47:34 -04:00
de66ef5c49 bug 3564 follow: ensure NoZebra is passed to templates
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-30 22:07:09 -04:00
Joe Atzberger
41d3e534d2 Fix Maintenance page.
Without this, the mainenance page would not display because of:
Cannot use undefined value as a HASH reference in C4/Auth.pm

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-09 13:08:43 -04:00
MJ Ray
d3c734c750 Use strftime to format sessionlog times
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-15 12:43:28 -05:00
Joe Atzberger
f35b144668 Pull the last OPAC-specific tmpl vars out of gettemplate.
These don't belong every template, only on OPAC:
~ opacstylesheet
~ opaccolorstylesheet
~ opacsmallimage

The latter 2 were already being populated in C4::Auth anyway.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-05 17:03:13 -05:00
Ryan Higgins
ca5e412c1b bug 3244: Support for multiple PAC interfaces.
Adds three env vars allowing url-specific search limits, and defining
how the limit interacts with 'SearchMyLibraryFirst'.
See http://wiki.koha.org/doku.php?id=en:development:rfcs3.2:rfc32_multiple_opac

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-27 10:52:23 -05:00
Joe Atzberger
ccb64c18ee Bug 3177 - haspermission offers bogus option
$intflags was never used or returned if hashref instead of userid was passed.
Also cleaned up needless passing of $dbh.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-01 07:16:20 -05:00
Joshua Ferraro
65ddce02f2 Serials Display Enhancement
Allows specification of how many issues of a subscription to display
at a global and subscription-specific level. Also adds a link to the
detail page to a specific subscription.

Signed-off-by: Daniel Sweeney <daniel.sweeney@liblime.com>
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-04-03 16:41:38 -05:00
Joshua Ferraro
3d65e44d5c Syndetics and Amazon bugfix enhancements
This patch resolves a number of problems related to Enhanced Content:

1. Previously, there was no syspref for controlling whether or not to display
Amazon.com cover images apart from other content. This had the side effect
of preventing use of amazon.com content alongside use of another provider's
images. This patch introduces AmazonCoverImages and OPACAmazonCoverImages,
and changes the name of AmazonContent to AmazonEnabled.

So, for instance, you can now enable OPACAmazonSimilarItems yet utilize
SyndeticsCoverImages for displaying those similar items.

NOTE TO DOCUMENTATION TEAM: please update references to AmazonContent
and OPACAmazonContent to comply with the above.

2. Fixes some semantically incorrect uses of AmazonContent (now OPACAmazonEnabled)
on the OPAC side.

3. Resolves once and for all, the normalization of ISBN,UPC,EAN and OCLC numbers
for all enhanced content elements; These elements can be normalized using the
new functions in C4::Koha; I've replaced use of the various previously used
variables $xisbn,$norm_isbn,$clean_isbn, etc with $isbn, and the template
variable normalized_isbn.

We finally have a single, consistant place to retrieve normalize values for
these fields given a particular record.

4. Adds Syndetics attribution statements to display of all Syndetics content
'enhanced content provide by Syndetics' or 'Enhanced Description from Syndetics'

5. Adds an option to view the large cover image on the detail page on the OPAC
when using SyndeticsCoverImages; this option is controlled by a new system
preference: SyndeticsCoverImageSize which has two values: MC (medium) LC (large)

6. Adds UPC and OCLC numbers for Syndetics enhanced content queries especially
helpful for finding enhanced content for DVD and Music materials

7. Adds capability to display Syndetics images to opac-user for checkouts and overdues

8. Updates to systempreferences.sql, and updatedatabase.pl database revision 015

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:51 -05:00
Joshua Ferraro
9abcd844f5 Add Syndetics AuthorNotes, Awards, Series
This patch also includes a new function to retrieve the index
page from Syndetics and parse it for available content prior to
retrieving content; this is done to speed up syndetics content
by not retrieving content that doesn't exist for an item. However,
Syndetics continues to be a very slow service compared to Amazon.com
and other enhanced content services

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:50 -05:00
Joshua Ferraro
11bd4a7660 Adds Syndetics Reviews
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:50 -05:00
Joshua Ferraro
9806abf865 Adds support for Syndetics Excerpts and Editions
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:50 -05:00
Joshua Ferraro
3d46ed59ee Add System Prefs for Syndetics to Auth
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:49 -05:00
Galen Charlton
638482cf1a fix permissions error 2009-03-06 13:18:00 -06:00
Nahuel Angelinetti
3213ffc859 fix the sql request to work in all mysqls
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-06 13:18:00 -06:00
Mason James
f295d4d223 fixes missing 'STDERR', causing 500 error below..
malformed header from script. Bad header=## checkpw - checking LDAP: mainpage.pl,

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-04 08:07:29 -06:00
Andrew Elwell
b49d937e2c more Minor documentation fixes
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-02-26 14:45:58 -06:00
Joe Atzberger
07d1eae7cc Remove hardcoded "Freelist" line from Auth.
Apparently a leftover debugging snippet.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-10-01 12:21:49 -05:00