This patch removes a security breach in C4::Auth::check_api_auth introduced by bug 31378, where when someone called an api with the parameters userid and auth_client_login, check_api_auth would automatically asume the user calling was that userid.
This patch also introduces C4::Auth::create_basic_session(), a function that creates a session and adds the minimum basic parameters.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The new item templates above the item edit form should only show, when at least one template has been defined.
Test Plan:
1) Browse to the item editor
2) Delete all templates
3) Note the template toolbar is displayed
4) Apply this patch
5) Reload the page, note the toolbar is not displayed
6) Create a new template, note the toolbar is now displayed
7) Delete that template, note the toolbar is no longer displayed
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. Go to HTML customization, News, or Pages and make a new entry using the text editor ( CodeMirror )
2. It is hard to focus on the Content field because the wrapper width is very small.
3. Apply patch and try again
4. The CodeMirror wrapper width should be normal again.
5. Check the other language tabs.
6. Also test the WYSIWYG editor, it should also be normal.
Note: I added some CSS to make the labels appear bold.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in various assorted
templates so that all submit buttons and any buttons that should should
be styled as primary buttons have the Bootstrap class "btn btn-primary."
To test, apply the patch and view the following pages to confirm that
everything looks correct. In most cases there are no visible changes.
- Staff interface login
- Authorities -> Add/edit
- Authorities -> Merge
- ILL -> ILL requests
- Tools -> Patron lists
- Administration -> Manage plugins -> Upload plugin
- Point of sale
- Point of sale -> Transaction history
- Holds
- Suggestions
- Tags
- Calendar
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in clubs and rotating
collections templates so that all submit buttons and any buttons that
should should be styled as primary buttons have the Bootstrap class "btn
btn-primary."
To test, apply the patch and view patron clubs and rotating collections
pages to confirm that everything looks correct. In most cases there are
no visible changes.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in various tool
templates so that all submit buttons and any buttons that should should
be styled as primary buttons have the Bootstrap class "btn btn-primary."
To test, apply the patch and view pages in the tools section to confirm
that everything looks correct. In most cases there are no visible
changes.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in serials templates so that
all submit buttons and any buttons that should should be styled as
primary buttons have the Bootstrap class "btn btn-primary."
To test, apply the patch and view serials pages to confirm that
everything looks correct. In most cases there are no visible
changes.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in patron
module templates so that all submit buttons and any buttons that should
should be styled as primary buttons have the Bootstrap class "btn
btn-primary."
To test, apply the patch and view patron module pages to confirm
that everything looks correct. In most cases there are no visible
changes.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test prove t/db_dependent/Circulation.t
Sponsored-by: Koha-Suomi Oy
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When one tries to check out item which has hold in it,
"Please confirm checkout" message uses patrons home library
instead of holds pick up library. It would be more logical
to use latter here.
To test:
1. Find record with holds.
2. For first priority hold, change it's pick up library to differ from patrons homebranch if needed.
3. Check out records item for a different patron.
=> Note that notice reads: "Item ... has been on hold for ... at [patrons homebranch] since ...".
4. Apply this patch.
5. Repeat steps 2 and 3.
=> Notice should now read: "Item ... has been on hold for ... at [holds pick up branch] since ...".
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Axelle Clarisse <axelle.clarisse@univ-amu.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When you are not logged in and OPACViewOthersSuggestions is
deactivated, you don't see any suggestions.
When we see no suggestions, we should also not show the option
to serach in suggestions.
To test:
* as a logged in user and logged out, try various combinations of:
* OPACViewOthersSuggestions
* AnonSuggestions
* Verify display matches expectations (new button, shown suggestions,
search input)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When you enable AnonSuggestions and ALLOW patrons that aren't logged
in to make purchase suggestions, once a suggestion has successfully
been submitted, anonymous purchase suggestions will show on OPAC even
when system preference OPACViewOthersSuggestions, is set to Don't show.
The suggestions will show on opac-suggestions.pl. However, if you search
for the title you suggested, you will get a message saying
"You are not authorized to see pending purchase suggestions."
This patch fixes the error, ie if OPACViewOthersSuggestions is set to
false not other suggestions are shown (if you are not logged in and AnonSuggestions)
OR ONLY your own suggestions if you are logged in
To test:
1) activate AnonSuggestions
2) create an anon suggestion
3) create a suggestion with a logged in user
4) toggle OPACViewOthersSuggestions Show/Don't show
5) all suggestions are shown cgi-bin/koha/opac-suggestions.pl in either case
6) apply patch
7) OPACViewOthersSuggestions is now respected ie suggestions from other users are only shown if activated
8) Please sign off
Sponsored-by: Library of the Natural History Museum Vienna
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This removes the %] showing for not for loan items disappear.
To test:
* Create a record with multiple items, mark one 'not for loan'
* Place an item level request on this record in the OPAC
* Make sure you 'Show nonholdable items'
* Verify the %] shows in the column with the not for loan status
* Apply patch
* Verify display is now improved
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
That let us use future + today, and it's working perfectly for our use
case :)
Sponsored-by: Association KohaLa - https://koha-fr.org/
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When creating a new pickup the dates in the past won't display any
available slots. It would be better to disable them in the date picker.
Test plan:
Setup curbside pickups for your library (see bug 30650 test plan if
needed)
Create a new pickup (staff and OPAC) and confirm that the date picker widget
has the dates in the past disabled.
QA note: More work would be needed to sync calendar.inc code between
OPAC and staff. Also note that the "clear date" code wasn't needed
(please confirm).
Sponsored-by: Association KohaLa - https://koha-fr.org/
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
On 30578 we replace circ/ysearch.pl with a call to the /api/v1/patrons
route. A new patron_autocomplete JS function has been written
(js/patron-autocomplete.js) for that purpose.
However 3 occurrences were using an existing patron_autocomplete
function, and 30578 didn't take care of adjusting correctly the call to
the REST API route.
On this patchset I am suggesting to copy/paste the JS functions defined
in js/autocomplete/patrons.js, because we are very close of the 22.11
release. But ideally we should improve js/patron-autocomplete.js to add
a new 'on-select-add-to' option that will take care of add/remove/hide
behaviour. IMO that must be done on a separate bug, and after 22.11 is
released (to not need to retest the other occurrences of the patron
autocomplete)
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Add a new order to a basket from an existing order
Search for the order to duplicate using the "Basket created by" field
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Search for order using the "Basket created by" field
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Add new patrons to a patron list
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We missed the page-section addition when ERM was updated for the new UI
prior to push.
Test plan
1) Start a koha-testing-docker
2) Build the ERM module with 'kshell > yarn install > yarn build_js'
3) Enable the ERM module via the system preferences
4) Enable both 'EBSCO' and 'Local' as providers
4) Check the following pages
* ERM > Agreements
* ERM > Licenses
* ERM > eHoldings > Local > Packages
* ERM > eHoldings > Local > Titles
* ERM > eHoldings > Local > Titles > Add from a list
* ERM > eHoldings > EBSCO > Packages
* ERM > eHoldings > EBSCO > Titles
5) Apply this patch
6) Build the app again 'yarn build_js'
7) Confirm page-sections appear as expected on the pages mentioned in
step 4.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in Cataloging templates
so that all submit buttons and any buttons that should should be styled
as primary buttons have the Bootstrap class "btn btn-primary."
To test, apply the patch and view pages in Cataloging to confirm
that everything looks correct. In most cases there are no visible
changes.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the `decoded_contents` method UTF-8 encode the data
before calling the relevant decode_json, as expected by the JSON library
[1].
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Item/Template.t
=> FAIL: Tests fail!
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
[1] `Any decoding or encoding (e.g. to UTF-8 or UTF-16) needs to be done
yourself, e.g. using the Encode module.` https://metacpan.org/pod/JSON
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We should not write:
if ($kwfield != undef) {
Test plan:
Pick record with UTF8 chars.
Download via cart or shelf in RIS format.
Check your logs.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a reasonable width to the "specify due date" date field
on the circulation page.
To test, apply the patch and rebuild the staff interface CSS.
Check out to a patron and click the "setting" icon on the "Enter item
barcode" field.
In the checkout setting panel, confirm that the date field isn't
unreasonably wide.
Signed-off-by: Barbara Johnson <barbara.johnson@swbell.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
run t/db_dependent/TestBuilder.t and confirm that the error related to
this module is gone. Another one may still fail however
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
run t/db_dependent/TestBuilder.t and confirm that the error related to
this module is gone. Another one may still fail however
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The aforementioned TestBuilder should display "Koha::ERM::UserRole", not be empty.
This patch adds a primary key to the erm_user_roles table and fixes that.
Also includes atomicupdate file to update database schema as well as updates to
kohastructure.sql provided by Jonathan Druart.
Looked into the vue files but didn't find anywhere or a need to include the new
primary key in any of the requests as there is no request of users by role_user_id
being made.
Erm users are being created/updated as a relationship through licenceses/agreements.
Furthermore, when editing a role of an existing user, this new primary key is already
being supplied embeded in the license/agreement.
Test plan:
Add users to license and agreement
Run the cypress tests
Confirm that the change fix the test that was failing in TestBuilder.t
(another one may still fail however)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Confirm that this change fixes the related TestBuilder.t failure
Confirm that it does not break the eRM app, try to attach an agreement
to a package.
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
Test plan
1) Confirm the styling change for top level tabs on patron details or catalog
details pages.
2) Confirm the styling change is ok for a nested set of tabs (catalog
holds page is a good example).
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
https://bugs.koha-community.org/show_bug.cgi?id=31759
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In order to test, you need to add items on order and add
at least one to make the list appear above the item section
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I propose that we add CSS to the page to fix this since it's fairly
specific to the way this page is broken.
To test, apply the patch and view a basket in Acquisitions.
- Click "Add to basket" and choose "From a new (empty) record."
- Confirm that the item form layout looks correct.
- Perform the same test when adding to a basket from an existing record.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds style to the staff client's global SCSS which adds
correct styling to buttons classed with .btn-danger.
This isn't the correct way to fix this, but it's the fast way.
Rebuilding Bootstrap with custom colors is the correct way, but
Bootstrap 3.x doesn't use SCSS. I consider this is a FIXME for an
upgrade of Bootstrap in the staff interface.
To test, apply the patch and rebuild the staff interface CSS. Test
instances where the .btn-danger class is used. Two examples:
Holds:
- Locate a bibliographic records with holds and view the holds.
- Click the "trash" icon to delete one of the holds.
- In the confirmation modal, check that the "Confirm cancellation"
button looks correct in its default, hover, and active ("clicked")
state.
Cataloging:
- Open a new blank record in the basic MARC editor.
- Click "Save" without filling any mandatory fields.
- You should see a warning about the empty fields.
- Scroll down until the warning is offscreen. An "Errors" button should
appear in the toolbar.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in Circulation templates --
including offline circulation -- so that all submit buttons and any
buttons that should should be styled as primary buttons have the
Bootstrap class "btn btn-primary."
To test, apply the patch and view pages in Circulation to confirm
that everything looks correct. In most cases there are no visible
changes.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The QA test tools complained about tabs in 2 lines, this is fixed here.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan
1) Confirm the issue history view now uses page-section appropriately
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We fix some whitespace and move the toolbar above the H1 too.
Test plan
1) Confirm the headings and page-sections now look correct on the ISBD
details view
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>