Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Add a form under report's result that allow to configure and draw a
chart (pie, bar, line and combination).
Pie: Usefull only for a two-column report's result
bar: Horizontal: Can be horizontal or vertical (check/uncheck
horizontal checkbox),
Group: allows to group columns (stacked bar chart),
Line: show some columns as line in a bar chart (combination)
line: line chart :)
This patch adds 2 new js libraries: d3js and c3js:
- c3.min.css
- c3.min.js
- d3.min.js
Test plan:
- Apply this patch,
- execute a report,
- click on show chart settings button (in the tool bar),
- draw chart (click on draw button),
- check the chart
Features:
- Include all rows (ignore pagination),
- Download the chart (svg),
- Choose x column and y columns,
- Exclude last line (Rollup)
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
TO test:
1 - Create a report that takes a parameter
2 - Enter a parameter containing '%'
3 - Attempt to download report, note link is misconstructed
4 - Apply patch
5 - Reload
6 - Note URL is now correct
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch combines report paramters with the same name and data type
(authorised value)
This presereves the past ability to provide all parameters as
'sql_params' in order to preserve existing public report links
To test:
1 - Create a report that takes multiple parameters, e.g.:
SELECT <<cat>> AS one, <<dog|branches>> AS two, <<dog|YES_NO>> as three,
<<cat>> as four, <<dog|branches>> as five
2 - Run this report, note you are asked for five parameters
3 - Apply patch
4 - Update database
5 - Run report, note you are asked for three params
6 - Verify the results reflect the supplied parameters
7 - Export the report and verify results
8 - Alter the URL and provide 5 params as sql_params and no param_name
variables i.e.
http://localhost:8081/cgi-bin/koha/reports/guided_reports.pl?reports=1&phase=Run+this+report&sql_params=Banana&sql_params=CPL&sql_params=0&sql_params=Orange&sql_params=LPL
9 - Verify results come out as expected. i.e. 5 different values that
are those of the URL.
Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1 - Set delimiter syspref to anything but comma
2 - Download report results as comma separated text
3 - They actually follow the syspref
4 - Apply patch
5 - Download link should now match pref selection
6 - Change pref, note link changes
7 - Verify things still work as expected
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist, you
should get "This patron does not exist"
Technical note:
A new C4::Output subroutine is created in this patch: "output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all the
different checks to know if the logged in user is authorised to see patron's information.
The design here can be discussed, but I did not find an alternative with as less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove them
if required.
Changes in discharge.pl are mainly indentation changes.
With this patch we should now have a $patron variable that refer to the patron we
want to access. That will be very useful to remove plenty of code in members/* and
only pass this variable to the template (instead of 1 variable per patron's attribute).
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
Run report
Validate results page at: https://validator.w3.org/
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch takes some of the code when executing report and moves it to
a sub to be reused when downloading
To test:
1 - Run some very long report (see comment #1)
2 - Try to download, erk!
3 - Apply patch
4 - Run report, results hould not have changed
5 - Try to download, success!
6 - Ensure reports work as before
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client's reports templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of
reports pages: All button controls, DataTables functionality, form
validation, etc.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Fix for QA: Remove unused Dopop function.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes small display improvements to the report results page.
-Add toggle link for SQL code
-Change results count wording
-Add 'Notes:' label report notes
To test:
1 - Apply patch
2 - Run some reports
3 - Check that results page makes sense
4 - Hide and display code and ensure toggle works
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If a report is duplicated from the report list, the new report will
contain the tag (<<YEAR>> for instance), but from the reports results
page it copies the values used for the results.
Test plan:
Create a new sql report with tags
Duplicate it from the report list: no expected changes
Run it and duplicate it: the tags must not have been replaced
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Ran and duplicated a report, the tags remained intact.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This splits off the delete capability from the create reports permission.
From a UI perspective there were CSS issues, that this patch set hackily
bypasses. Perhaps someone else can amend this enhancement with the required
changes so that the extra column at the beginning of the table can be
removed when the user does not have delete capability.
TEST PLAN
---------
1) back up db
2) apply patch
3) ./installer/data/mysql/updatedatabase.pl
-- should run without issue.
4) in mysql:
> drop database ...
> create database ...
-- totally blanks it for fresh web install
5) run web install
-- installing should have no issues
6) go to a patron
7) set permissions
8) expand the reports permission
-- should have delete reports now
9) click help and scroll down to
'Granular Reports Permissions' right at the bottom.
-- there should be a new delete_reports section
10) Head over to guided reports and build a few reports.
-- as system account user, delete stuff should all be visible.
11) Find a patron, set all permissions, except delete reports.
12) log out and then log in as the modified patron
13) Head over the save reports
-- none of the delete options should be available to the user.
14) run koha qa test tools
15) restore db
Followed test plan. Additionally tried to delete using params in URL
(not possible, OK)
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes changes to Font Awesome icons in order to make icon
choice consistent for common actions.
<i class="fa fa-trash"></i> where something is deleted, removed, or
emptied.
<i class="fa fa-remove"></i> where an operation is cancelled (also where
selections are cancelled, as in checkboxes).
<i class="fa fa-times-circle"></i> for "close," as in baskets and
windows.
To test, apply the patch and view the following pages to confirm that
the correct icon is used:
- Acquisitions -> Vendor -> Vendor delete button.
- Acquisitions -> Vendor -> Edit -> Delete contact button.
- Acquisitions -> Invoices -> Delete menu item.
- Cataloging -> Edit record -> Authority search pop-up (triggered from
the tag editor for a tag linked to an authority) -> Clear field button
- Authorities -> Authority detail -> Delete button.
- Tools -> Quotes editor -> Quotes delete button.
- Reports -> View saved report -> Delete button.
- Reports -> Saved reports -> Delete menu item.
- Serials -> Subscription details -> Subscription close button.
- Administration -> Budgets -> Delete menu item.
- Administration -> Item search fields -> Delete button.
- Administration -> Z39.50/SRU servers -> Delete menu item.
- Catalog -> Advanced search -> Clear fields link.
- Cataloging -> Advanced editor -> Macros -> Delete macro button.
- Circulation -> Checkout -> Check out an item which is on hold for
another patron. "Cancel checkout and place hold" button now uses the
icon used elsewhere for holds.
- Course reserves -> Course -> Delete course button.
- Patrons -> Patron lists -> Add patrons -> Remove selected button.
- Acquisitions -> Suggestions -> Suggestion details -> Delete button.
- Lists -> List contents -> Remove selected button.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
An existing 'execute' parameter is already passed to the template when
we need to display the 'Download' button, so let's use it instead of
creating a new one.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
To test:
1) Create a new SQL report or edit a report
2) Ensure that the download option does NOT show in the toolbar
3) Save and run the report
4) Confirm that download option DOES show in toolbar as a dropdown with
the 3 options (csv, tab and ods)
5) Confirm that downloading all 3 file types works as expected
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch corrects a problem with the reports toolbar include file
which can cause a problem with the "duplicate" button. The duplicate
button passes the entire report SQL as a URL parameter, but the template
variable was not escaped as a URL variable.
This patch also adds the "uri" filter to the report name and notes
fields just to be safe.
To reproduce the bug, create a new SQL report using the SQL in the bug
report. When you run the report you should see a broken "Duplicate"
button.
Apply the patch and run the report again. The duplicate button should
look correct and work correctly.
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
EDIT: Removing unnecessary functions
To test:
1) Go to Reports -> Dictionary
a) Attempt to delete a definition. Confirm the Ok and cancel
buttons in confirm dialog work as expected
2) Go to Reports -> Build new
a) On each step of building a report, confirm the back button
works as expected
b) Confirm add column and delete column on step 3 works as
expected
3) Confirm deleting a report from the toolbar triggers confirm dialog
and it works as expected
4) Create a report with an SQL error and run it. Confirm that the
'Return to previous page' link works as expected
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Reports -> Use saved (or build a new one if you have none saved)
2) Click on the Actions drop down and confirm that when you click Delete from here, a confirm message shows up. Click Cancel.
3) Click Show in the drop down menu
4) Click Delete in the Reports toolbar. Confirm you now get a confirm message. Clicking Cancel will cancel the delete, and clicking OK deletes the report and takes you to the saved reports page.
Spponsored-by: Catalyst IT
Signed-off-by: Magnus Enger <magnus@libriotech.no>
After applying the patch I get a JavaScript popup confirmation when
I click on the delete button, in the Show, Edit and Run views. Nice!
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To test:
1) Go to Reports -> Use saved
2) Click 'Show' on the dropdown for any report
3) Confirm that 'Duplicate and 'Schedule' are now on the toolbar and work as expected
Sponsored-by: Catalyst IT
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Currently, if you are editing or viewing the results of running a
report and you decide you want to delete it, you have to go back
to the list of saved reports to do so. This patch adds a "Delete"
link in some convenient places.
To test:
- Apply the patch
- Make sure you have at least one saved report
- Make sure you have the create_reports permission
- Go to the Show, Edit and Run screens and verify the Delete link
is present and functional, including the JavaScript confirmation
dialogue
- Change to a user without the create_reports permission and check
that the Delete link is not displayed on the Show, Edit and Run
screens
- Sign ye off merrily!
Version 2: This version makes sure the JavaScript confirmation is
shown before an actual delete is carried out.
Signed-off-by: Heather Braum <hbraum@nekls.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
We should be using Font Awesome for our icons instead of Glyphicons, for
the reasons discussed on bug 13696.
Test Plan:
1) Apply this patch
2) Note all Glyphicons have been replaced with FA icons in the staff intranet
3) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/modules/
should give no results
4) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/includes/
should give no results
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
We need a follow-up to cover the files changes since this
patch was written. Especially to cover the changes in the
label creator modules.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch converts the toolbar include file used by guided/SQL report
pages to Bootstrap, replacing YUI button and menu code with Bootstrap
markup.
To test, view any page in reports/ which uses reports-toolbar.inc
(Saved reports, Guided reports, SQL reports). Buttons and menus should
look correct and work correctly.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works as described. No errors.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, logic is correct. Toolbar differs, depending
on the action: show report, list of reports, edit report.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Creating new include, reports-toolbar.inc for presenting "action"
options to the user, in contrast with "view" options in the left-
hand navigation menu.
In the toolbar: New (guided report, SQL report), Edit, Run.
The presence of the toolbar allows the user to access functions
more flexibly: Getting directly to 'edit' or 'run' from the 'view'
page for instance.
Modifications to guided_reports.pl pass report id and name to
the template for clarity and for the purpose of enabling the
edit/run buttons.
To test: Apply the patch and go through the process of creating
a new saved SQL report. Note that the toolbar is present and
the buttons are functional at appropriate times.
New and Edit options should only be displayed if the user has
permission to create reports. Test with a user who does not
have create permission to confirm.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
