Commit graph

8 commits

Author SHA1 Message Date
80be039d6c Bug 10300: (follow-up) add controls on transfers page
This patch moves the check of IndependentBranchesTransfers pref to templates and adds permission test inside branchtransfers.pl.
It also corrects the libraries combobox in branchtransfers.tt, this list can contain all libraries, it is the access to the page that may be protected.

Additions to test plan :
1)
1.1) Enable CircSidebar
1.2) In circulation home page check the effect of IndependentBranchesTransfers on "Transfer" link
1.3) Go to return page and check then effect of IndependentBranchesTransfers on "Transfer" link

2)
2.1) In circ/branchtransfers.pl, with and without IndependentBranches you see all libraries are in combobox

3)
3.1) Set IndependentBranchesTransfers to no and go to circ/branchtransfers.pl
3.2) You are redirected to page 403 unless you are superlibarian

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-26 11:49:08 +00:00
dc7e886379 Bug 21693: Clean up checkout notes template
This patch modifies the checkout notes template to help compliance with
coding guidelines and interface patterns:

 - Convert to Bootstrap grid
 - Improve DataTables configuration
 - Put buttons into a toolbar and move above selection links

Also corrected: Minor markup error in circ-nav.inc

To test, apply the patch and enable the AllowCheckoutNotes system
preference. Add a few checkout notes via the OPAC.

 - Go to Circulation -> Checkout notes.
   - Confirm that the page looks correct at various browser widths.
   - Confirm that the first and last columns of the table of notes are
     not sortable.
   - The table should be sorted by default by title.
   - Title sorting should ignore articles "a," "an," and "the."
   - Test with the CircSidebar preference both on and off.
     - With CircSidebar turn on, the checkout notes menu item in the
       left hand sidebar should show a count of checkout notes.

Signed-off-by: Pierre-Marc Thibault <pierre-marc.thibault@inLibro.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-12-26 20:47:05 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
d90ff21454 Bug 17698: Do not send pending_checkout_notes from all circ scripts
It's safer to send what we need from C4::Auth it's needed from a whole
module.
The SELECT COUNT(*) query will only be done when needed (so not made
from scripts outside of circ)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:44 +00:00
Aleisha Amohia
4e722eda45 Bug 17698: (follow-up) Changing to Koha Objects style, adding circ sidebar
Marcel, can you please have a look at this patch. I tried to implement
the change
my @notes = $schema->resultset('Issue')->search({ 'me.note' => { '!=', undef } }, { prefetch => [ 'borrower', { item => 'biblionumber' } ] });
to
my @notes = Koha::Checkouts->search({ 'me.note' => { '!=', undef } }, { prefetch => [ 'borrower', { item => 'biblionumber' } ] });
but am having problems on the template side. I can access the item and
biblio information about the issue, but not the borrower information,
even though the query is definitely pulling it correctly. Any
suggestions or ideas as to why this breaks?

This patch also adds the implementation of the circSidebar.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:41 +00:00
0254b4e87d Bug 20931: JS error "ReferenceError: $ is not defined" when CircSidebar is turned on
This patch reorganizes the way sidebar menus get highlighted based on
the current page. A global function is added to handle most cases.
Individual menu-handling scripts have been modified to handle only the
edge cases which aren't covered by the global one.

A new class is added to the global CSS file so that highlighted menu
links can be custom-styled.

To test, apply the patch and clear your cache if necessary.

View various pages to confirm that current-page-highlighting in the
sidebar menu is working correctly and that there are no JS errors in the
browser console. For example:

 - Administration -> Currencies and exchange rates.
 - Acquisitions -> Invoices
 - Tools -> Patron lists
 - Tools -> Export

And with CircSidebar turned on test various circulation pages, e.g.

 - Circulation -> Set library

Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-02 11:10:00 +00:00
7963796978 Bug 16530: Add a new method to the Branches TT Plugin to avoid c/p
We should do the same for the other check (FA exists), but cannot find a
good and quick way to implement.

Doing it this way will avoid regression later, we will no have to check
if the variable is correctly passed to the template.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:34:36 +00:00
Aleisha
1edb8cbeee Bug 16530: Adding a circ sidebar navigation menu and circSidebar syspref to activate/deactivate
Edit: Fast cataloging link should now show on all pages, removed offline circulation links
Edit 2: Creates the syspref to activate or deactivate the sidebar
Edit 3: Fixing merge conflicts, using Koha::BiblioFrameworks to find FA
framework and adding sidebar to on-site checkouts

This adds a sidebar to
circ/branchoverdues.tt
circ/circulation.tt (I also fixed up some of the indentation in this file to make it easier to see where the divs started and ended)
circ/renew.tt
circ/returns.tt
circ/selectbranchprinter.tt
circ/transferstoreceive.tt
circ/view_holdsqueue.tt
circ/waitingreserves.tt
circ/branchtransfers.tt
circ/on-site_checkouts.tt

To test:
1) Confirm syspref CircSidebar is activated
2) Go to all of the above pages and confirm the sidebar menu shows up
3) Confirm fast cataloguing link and transfer link are there
4) Trigger any error messages you can possibly think of (i.e. on renew.pl: barcode does not exist). Confirm that this does not mess up the layout of the page
5) Go to a user account page, Check out tab. (Since this is a circ/circulation.pl page). Ensure the circ nav sidebar doesn't show up (confirm it looks as it usually does)
6) Deactivate circSidebar
7) Confirm pages all look normal

Sponsored-by: Catalyst IT

Signed-off-by: Jan Kissig <jkissig@th-wildau.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:34:36 +00:00