Commit graph

947 commits

Author SHA1 Message Date
Katrin Fischer
ecc3a55917 Bug 20456: Switch routling list tab in staff to use Koha::Object
Bug 20400 added a routing list tab to the patron account in the
OPAC using Koha::Object.

This patch switches the routing list tab in the patron account
in intranet over to the new code. It also adds an additional
column showing the position of the patron on the routing list
and fixes the search.

To test:
- Create some subscriptions with routing lists
- Take a look at the patron accounts of several patrons having
  - no entries on routing lists
  - 1 entry on a routing list
  - entries on several routing lists
- Make sure the display works correctly.
- Search for a subscription and make sure search works.

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-22 15:02:46 +00:00
20c927c5d0 Bug 13655: Same fix for partial edit
Test plan:
- Create an organisation with surname='xxx'
userid will be autogenerated with 'xxx''
- Edit the surname with 'yyy'
userid will be unchanged, 'xxx'
- Parial edit and blank userid
userid will be autogenerated with 'yyy'

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-22 13:12:54 +00:00
320978997b Bug 13655: Allow creation of organisations without entering userid
See comment 1 of the bug report for defails of the issue.

Test plan:
Good luck (you will need to test all combinations (category type eq and
ne 'I'), then quick edition and partial edit)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-22 13:12:54 +00:00
20bd2d2bd5 Bug 20120: (QA follow-up) display correct amount in redirect
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-08 12:03:01 +00:00
11223294b6 Bug 20120: force scalar context for CGI->param
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-08 11:45:26 +00:00
Kyle M Hall
515cab0c46 Bug 20120: Prevent writeoffs of more than the amount owed for a fee
In short, it is possible to 'over-writeoff' a fee such that the value of the fee is now a credit.

Test Plan:
1) Attempt to writeoff a single fee, set the amount input to more than
   the amount of the fee.
2) Note the writeoff makes the fee go negative.
3) Apply this patch
4) Attempt to repeat step 1, you should be unable to write-off an
   amount more than the amount outstanding for the fee!

Signed-off-by: George Williams <george@nekls.org>

Signed-off-by: George Williams <george@nekls.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-08 11:45:23 +00:00
aa3a2943f6 Bug 20701: Add csrf protection to mancredit.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-23 13:01:59 -03:00
d6f99f0df1 Bug 20701: Add csrf protection to maninvoice.pl
TO test:
1 - Be signed in to Koha
2 - Add a manual invoice to an account, works fine
3 - Now do it via url: http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=5&type=test&amount=5&add=Save
4 - Apply patches
5 - Test that everything continues to work as expected (but more securely)
6 - Try adding a new invoice via URL
7 - Should get 'internal server error' and wrong csrf token in logs

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-23 12:19:33 -03:00
5cf8bbfb7a Bug 20624: Make staff client respect RESTOAuth2ClientCredentials
This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.

To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:02 -03:00
2a8c3fad0a Bug 20568: fix shebang
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:00 -03:00
d2454d6868 Bug 20568: Fix bad resolution conflict with bug 18403
borrowers module permission has now several subpermissions

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:00 -03:00
45841d9ec7 Bug 20568: CSRF protection
Edit: fix warning introduced by this patch

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:59 -03:00
28a750fb76 Bug 20568: (QA follow-up) Get rid of the id column
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:59 -03:00
b67e88f429 Bug 20568: Move value => client_id + secret
This patch addresses the request from Julian that api keys are expected
to be client id/secret pairs.

It does so by
- Adding 'client_id' and 'secret' columns
- Removing 'value'

Tests got adjusted and so controller scripts and templates.
Both libs and tests changes have been squashed. This ones remain in
order to keep Owen's attribution on the template changes and avoid
rebase conflicts.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:59 -03:00
05101f0afa Bug 20568: Add mandatory description field for api keys
This patch changes the table structure adding fields usually found on
this kind of api management pages.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:58 -03:00
Julian Maurice
3aa102d0c3 Bug 20568: API keys management in interface
This introduces the concept of API keys for use in the new REST API.
A key is a string of 32 alphanumerical characters (32 is purely
arbitrary, it can be changed easily).
A user can have multiple keys (unlimited at the moment)
Keys can be generated automatically, and then we have the possibility to
delete or revoke each one individually.

Test plan:
1/ Go to staff interface
2/ Go to a borrower page
3/ In toolbar, click on More -> Manage API keys
4/ Click on "Generate new key" multiple times, check that they are
   correctly displayed under the button, and they are active by default
5/ Revoke some keys, check that they are not active anymore
6/ Delete some keys, check that they disappear from table
7/ Go to opac interface, log in
8/ In your user account pages, you now have a new tab to the left "your
   API keys". Click on it.
9/ Repeat steps 4-6

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:58 -03:00
Mark Tompsett
fde5422d80 Bug 20666: Correct executable permissions
TEST PLAN
---------
On a kohadevbox:
 1) sudo koha-plack --enable kohadev
 2) restart_all
 3) Enter fines for a patron in the staff client
 4) Go to the 'Fines' tab (left pane)
 5) Go to the 'Account' tab (below the row of buttons)
 6) Click 'Details'
    -- no issues
 7) sudo koha-plack --disable kohadev
 8) restart_all
 9) refresh page
    -- Error 500
10) apply patch
11) restart_all
12) refresh page
    -- no issues
13) sudo koha-plack --enable kohadev
14) restart_all
15) refresh page
    -- no issues

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-03 13:26:48 -03:00
0c45edcebb Bug 20100: (QA follow-up) Pref description and improve code in member-flags
Two points as mentioned on Bugzilla comment29.
[1] Improve pref description. Feedback from comment30 incorporated.
[2] Improve code in member-flags. Check if we change librarian flag first.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested the die with "disable_superlibrarian_privs => 0" in member-flags.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-25 10:23:53 -03:00
0f1ebf68a6 Bug 20100: (QA follow-up) Change syspref name to full version
As per RM request, changing the shorter name to its full form.
Result of a git grep | sed.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
No occurrences to be found anymore with git grep -i.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-25 10:23:53 -03:00
f26b68a07f Bug 20100: Disallow access to superlib privileges at server side
Depends on pref ProtectSuperlibPrivs.
If enabled, script member-flags.pl will not allow you to add or remove
superlib privs when you are no superlibrarian.
The follow-up patch will enable the check at client side.

Test plan:
[1] Enable the pref. Do not apply the third patch (client side).
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
    and staff_access). Verify that you have an internal server error when
    you add or remove superlib privs. The log contains a warning.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-25 10:23:53 -03:00
Kyle M Hall
0269200bc6 Bug 2696: (QA follow-up) Fix POD, results sorting, permissions
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-24 14:01:47 -03:00
Katrin Fischer
2730659213 Bug 2696: (QA follow-up) Several fixes to template variables
- Fix link to patron account in breadcrumbs
- Fix includes for accounttype.inc to display type correctly
  - in Details for fee
  - in Payments list
- Fix use CGI qw ( -utf8 );
- Remove <br> from within a string for better translation

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-24 14:01:47 -03:00
5643de4d79 Bug 2696: Fine payments should show what was paid for
Test Plan:
1) Apply this patch and its' dependencies
2) Create and pay some various fees and fines
3) View the payments for fees, and fees paid by payments by
   using the new 'Details' button available on boraccount.pl

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Running updatedatabase.pl after patch application makes dependencies
happy. Passes QA Tools and works as intended.

Rebased (2017-12-21): Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 2696: (QA follow-up) - Remove use of GetMember

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-24 14:01:44 -03:00
b75d9dc258 Bug 19855: Remove getalert from moremember.pl
This is not used later and seems unused since:
commit b38997925f
Date:   Wed Oct 26 09:11:02 2005 +0000
    big commit, still breaking things...

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-23 14:22:14 -03:00
51b774dc61 Bug 9302: Add error message if keeper patron is invalid
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-20 13:34:41 -03:00
Kyle M Hall
a72911d701 Bug 9302: Use new 'edit borrowers' permission
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-20 13:34:41 -03:00
253dbb758a Bug 9302: (QA follow-up) Consistency follow-up
This patch moves the Koha::Patrons->merge method into
Koha::Patron->merge_with in the line of the discussed implementation for
bug 15336. I agree with that implementation so I provide this follow-up.

Tests are adjusted, the controller script is adapted too. The behaviour
remains.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-20 13:34:41 -03:00
310b9b00b9 Bug 9302: (QA follow-up) Merge should be a transaction
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-20 13:34:41 -03:00
11a2970d0e Bug 9302: Add ability to merge patron records
It would be great if there were a merge patrons feature. If you
accidentally end up with one patron with two cards it would be nice to
merge their records together so that you don't lose their history or
holds or anything.

This patch adds a basic patron merge feature. It attempts to relink all
patron related tables from the patron(s) to be merged. It does not
attempt to relink librarian account related tables at this time. This
feature does not attempt to automatically resolve issues such as
duplicate holds. Such a feature could build upon this one though.

Test Plan:
1) Apply this patch
2) Find two or more patrons
3) Perform a patron search that will bring them up on the same page of
   results, or add them all to a list of patrons.
4) Use the 'merge' button to begin the merging process
5) Choose a patron to keep
6) Verify the deleted patrons data ( checkouts, holds, etc )
   are now linked to the kept patron

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Ed Veal <eveal@mckinneytexas.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-20 13:34:41 -03:00
d68fe07bf8 Bug 20489: Prevent DB user login
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-20 12:24:00 -03:00
5372faf4e5 Bug 18790: Add ability to void payments
We've had the ability to 'reverse' a payment for a long time, but it
would be much better if we had a true void payment function that
replaces the paid amounts into the fee so that it appears as if the
payment was never made.

Test Plan:
1) Apply this patch and dependent patches
2) Run updatedatabase.pl
3) Create some fines
4) Pay those fines
5) Use the new 'void' button to void the payments
6) Note the fines were restored to their pre-payment amounts

Signed-off-by: Koha-us conference <koha-us@koha-us.net>
Signed-off-by: BWS Sandboxes <ByWaterSandboxes@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-19 12:32:21 -03:00
fde5ea23fc Bug 18786: Add ability to create custom payment types
Some libraries would like to be able to specify more specific payment types such as cash, check, credit card, or even canned food ( for food drives ). This feature will allow a library to specify payment types as authorised values of the type PAYMENT_TYPE.

Test Plan:
1) Apply patches
2) Update database
3) Add authorised value PAYMENT_TYPE with values 'Cash', 'Check', 'Credit card'
4) Go to the fines section of a patron who has several fines
5) Tab 'Fines'
6) Click on 'Pay' for an individual fine
7) Verify that in the form a 'Pay an individual fine' dropdown appears with payment types
8) Select a payment type, confirm payment
9) Verify that payment type appears in "Description of charges" in tab 'Account'

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 18786: Remove use of Koha::Patron::Images

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 18786: Remove duplicate block with bad IF

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-19 12:32:21 -03:00
7b1d08df0f Bug 19936: Replace Generate_Userid - Update the occurrences
Test plan:
Same test plan as previous patch:
add/update/import patrons and watch the userid

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-12 09:36:41 -03:00
bd147a3832 Bug 19936: Replace Check_userid - Update the occurrences
We previously prove that the method and the subroutine were equivalent,
we know update the controller calls.

Test plan:
- Add and update a patron with different variations of userid
(automatically generated or not)
- Import patrons with and without userid, as well as with existing
userid

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-12 09:36:41 -03:00
f3b8f17395 Bug 20518: Don't show "Messages" header and link on patron details if there are no messages
This patch modifies the patron detail page so that the "Messages" header
is not displayed if there are no messages.

Unrelated: A minor change was made to moremember.pl to quiet an error in
the log, "Use of uninitialized value $print in string eq at
members/moremember.pl line 219."

To test, apply the patch and open the detail page for a patron who has
no messages. There should be no "Messages" header or "add message" link.

Add a message to the patron's account. The message should appear, along
with the "Messages" header and "add message" link.

The error logs should show no errors.

Signed-off-by: Maksim Sen <maksim.sen@inlibro.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-11 16:45:09 -03:00
Kyle M Hall
e2214f2b25 Bug 20008: Fix restrictions added from memberentry.pl if TimeFormat is 12hr
Test Plan:
1) Set TimeFormat to 12 hour
2) Add a restriction with an expiration date via memberentry.pl
3) Note the restriction exists, but has no expiration date
4) Apply this patch
5) Repeat step 2
6) Note the restriction exists and has an expiration date!

Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-04 15:45:44 -03:00
6e32e62d46 Bug 19935: Use ->checkouts when ->pending_checkouts->count was used
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-03 11:43:39 -03:00
0161a106e7 Bug 19935: Replace GetPendingIssues - summary-print
We are in the notices part, so we need to fetch all the data to avoid
regressions.

Test plan:
Print a summary slip before and after this patch.
They must be the same

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-03 11:43:38 -03:00
0b4e3dd343 Bug 19935: Replace GetPendingIssues - deletemem.pl
Same as previously, we just want Koha::Patron->checkouts->count to know
if a patron has checkouts.

Test plan:
Confirm that you cannot delete a patron's card if they have pending checkouts

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-03 11:43:37 -03:00
d4b6801552 Bug 17553: Move GetOverduesForPatron to Koha::Patron->get_overdues
With the help of Koha::Object->unblessed_all_relateds we are going to
replace GetOverduesForPatron without introducing regressions (hopefully)
on both template notice syntaxes.

Test plan:
0/ Do not apply any patches
1/ Check some items in to a given patron, with and without overdues.
2/ Print the overdues slip (Circulation module > Print > Print overdues)
3/ Apply these patches
4/ Print again and compare the result
=> The 2 generated slips must be exactly the same

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-03 11:43:06 -03:00
Kyle M Hall
58dccaee26 Bug 19933: Move instantiation of in deletemem.pl
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-23 11:45:38 -03:00
dc2339247b Bug 19933: (follow-up) Remove patronflags - easy ones
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-23 11:45:38 -03:00
8b61e7145e Bug 19933: Remove patronflags - easy ones
This patch replaces the easy occurrences of patronflags.

These calls only need the CHARGES->amount value, that is the non issues
charges. Luckily we now have a Koha::Account->non_issues_charges that
deal with that.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-23 11:45:38 -03:00
Lari Taskula
6d479dc5e5 Bug 20367: Avoid resetting userid when BorrowerUnwantedField contains userid
To test:
1. In staff client, set your username to firstname
2. Add userid to BorrowerUnwantedField system preference
3. Go to your patron modification screen (memberentry.pl) and click Save
4. Observe you get kicked out into login screen, saying:
Error: You do not have permission to access this page.
Log in as a different user

5. Apply patch and restart plack

6. Set your username back to firstname
7. Repeat step 3
8. Observe you were not kicked out and your userid stays the same

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-19 12:23:18 -03:00
efa894e625 Bug 12001: (QA follow-up) Fix showing links to items on boraccount page
Test plan:
Go to the Fines -> Account page of a patron with fees linked to items
--> without patch there is no link to related item
--> with patch the link is presented in description column

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-23 10:57:30 -03:00
1d9245d7b2 Bug 12001: (QA follow-up) Fix printinvoice page
Test plan:
Try to print a fee
--> without patch it explodes
--> with patch it works and the date is formatted according to
system wide date format setting

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-23 10:57:30 -03:00
51aa6db46c Bug 12001: Move GetMemberAccountRecords to the Koha namespace
The GetMemberAccountRecords may be a perf killer, it retrieves all the
account lines of a patron and then the related item and biblio
information.
Most of the time we only want to know how much the patron owns to the
library (sum of amountoutstanding). We already have this information in
Koha::Patron->account->balance.

This patch replaces the occurrences of this subroutine by fetching only
the information we need, either the balance, the detail, or both.
It removes the formatting done in the module, to use the TT plugin
'Price' instead.
There is a very weird and error-prone behavior/feature in
GetMemberAccountBalance (FIXME): as the accountlines.accounttype is a
varchar(5), the value of the authorised value used for the
ManInvInNoissuesCharge pref (category MANUAL_INV) is truncated to the 5
first characters. That could lead to unexpected behaviors.

On the way, this patchset also replace the GetMemberAccountBalance
subroutine, which returns the balance, the non issues charges and the
other charges. We only need to have the balance and the non issues
charges to calcul the third one.

Test plan:
Add several fees for a patron and play with HoldsInNoissuesCharge,
RentalsInNoissuesCharge and ManInvInNoissuesCharge.
The information (biblio and item info, as well as the account line) must
be correctly displayed on the different screens: 'Fines' module, fine
slips, circulation module

Note that this patchset could introduce regression on price formatting,
but will be easy to fix using the TT plugin.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-23 10:57:30 -03:00
c48ac7a05a Bug 18789: (follow-up) Fix perlcritic issue - housebound.pl
"$branch" is declared but not used at line 65, column 1.  Unused
variables clutter code and make it harder to read.  (Severity: 3)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 15:05:34 -03:00
0b2c4ff551 Bug 18789: (QA follow-up) Update holdshistory.pl, fix is_child, is_adult, patron->image, clear template params
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
9c8b420dd7 Bug 18789: (QA follow-up) Fix loading saved address data to edit patron form
Test plan:
1) Have patron with address filled in
2) Edit the patron
-- without this patch the fields for address are blank
-- with patch the fields are filled with actual data

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
9773923bc0 Bug 18789: Update other occurences where is_child should be used
Trivial changes here, just do a code review on the QA step

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
2ee70dd082 Bug 18789: Remove adultborrower from the pay* scripts
This flag is not used in the templates

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
82474cad84 Bug 18789: Remove useless IS_ADULT variable
Test plan:
  git grep IS_ADULT
must not return any results

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
a723bbaf1b Bug 18789: Use Koha::Patron->is_adult where needed
Test plan:
When editing adult's info you must see the "Add child" button

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
d8b8799355 Bug 18789: Use Koha::Patron->is_child where needed
Test plan:
When you are on a page related to a child you should see the "Update
child to adult patron" button

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
b4c23e1a3e Bug 18789: Use Koha::Patron->image from the templates
Now that we have the 'patron' variable in all our templates, we can call
Koha::Patron->image and do the check from the templates.

Test plan:
On the different pages of the patron module, you should see the default
image if there is no image attached or the one that has been attached
(see pref patronimages)

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
0ab22e1c7c Bug 18789: Send Koha::Patron object to the templates
In order to simplify and make uniform the code, the controller scripts send
a Koha::Patron object to the templates instead of all attributes of a patron.

That will make the code much more easier to maintain and will be less
error-prone.

The variable "patron" sent to the templates is supposed to represent the
patron the librarian is editing the detail.

In the members module and some scripts of the circulation module, the
patron's detail are sent one by one to the template. That leads to
frustration from developpers (making sure everything is passed from all
scripts) and to regression (we got tone of bugs in the last year because
of this way to do).
With this patch set it will be easy access patron's detail, passing only
1 variable from the controllers.

Test plan:
Play with the patron and circulation module and make sur the detail of
the patron you are editing/seeing info are correctly displayed.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
607c66e436 Bug 18403: Fix few errors found with hit_pages.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:43 -03:00
a037b80ee3 Bug 18403: Deal with the DB user
On first login, Koha explodes before the logged in user does not exist
in DB.
This patch deals with that by adding several checks when it's needed.

Test plan:
Use the DB user to create a superlibrarian user.
The DB user should no be allowed to do anything else.

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Bug 18403: Fix patron creation

memberentry.pl can be called to create a new patron, in that case the
patron does not exist yet.

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:42 -03:00
fda87270ad Bug 18403: Guarantors
Technically a kid from your library group could have a guarantor
attached to another
group of library, let's deal with this case.

Test plan:
- Create a kid from your library group
- With a superlibrarian staff user create a guarantor that is outside of
the group of
libraries of the kid
- Login with a limited staff user and confirm that on the patron detail
page you do not
see the link to the guarantor detail page.

Note that you see the firstname and surname of the guarantor
Q. should it be hidden?

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:41 -03:00
dc1e7f478f Bug 18403: Patron discharges
This patch deals with patron's discharges.

Test plan:
Same as previously you will need to request dischages at the OPAC.
On the staff interface the logged in user should not be allowed to see
discharge
from patrons outside his library group.
The number of discharges waiting displayed on the mainpage should be
correct as well.

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Bug 18403: (follow-up) Patron discharges

Fix QA issue:
forbidden pattern: Do not assume male gender, use they/them instead (bug 18432) (line 150)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:41 -03:00
7809a6bd13 Bug 18403: Add new methods Koha::Patrons->search_limited and use it where needed
Most of the time when we search for patrons we do not want to search for all patrons,
but just the ones the logged in user is allowed to see the information.
This patch takes care of that by adding a new search_limited method to Koha::Patrons.
When called this method only search for patrons that the logged in user is allowed
to see.

Test plan:
Patron autocomplete search should be limited

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:39 -03:00
cee2cf9ff9 Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos
Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist, you
should get "This patron does not exist"

Technical note:
A new C4::Output subroutine is created in this patch: "output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all the
different checks to know if the logged in user is authorised to see patron's information.
The design here can be discussed, but I did not find an alternative with as less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove them
if required.

Changes in discharge.pl are mainly indentation changes.

With this patch we should now have a $patron variable that refer to the patron we
want to access. That will be very useful to remove plenty of code in members/* and
only pass this variable to the template (instead of 1 variable per patron's attribute).

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:38 -03:00
4bc92169dc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers'
Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your group.

Technical note:
Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
That meant
  borrowers => 1
and
  borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:37 -03:00
Liz Rea
0927962b45 Bug 19801: Display messages on user details page as well as on check out page
To test:

Look up a borrower, add a message (internal or opac)
Click the Details tab for that borrower
Messages should be displayed above the user information [is this the right place? it could go below]
adding messages on this page should make them immediately available
deleting messages on this page should delete them immediately and bring you back to the detail page.

Basically, make sure messages work from both the Check out and detail pages and that there are no typos.

Messages should work the same as they always have from the Check Out page.

sponsored-by: Catalyst IT
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Bug 19801 - Fixes for QA

- Fixes indentation
- changes messages to patron_messages (even though it's not like that on the circulation page.)

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
2018-02-08 17:01:14 -03:00
Te Rauhina Jackson
f2502c9499 Bug 20009: use Modern::Perl in Members perl scripts
Test Plan:
Check the following files have been updated from
use strict;
use warnings;
to
use Modern::Perl;

boraccount.pl
default_messageprefs.pl
deletemem.pl
files.pl
mancredit.pl
maninvoice.pl
member-flags.pl
member-password.pl
memberentry.pl
members-home.pl
members-update-do.pl
moremember.pl
notices.pl
pay.pl
paycollect.pl
printfeercpt.pl
printinvoice.pl
printslip.pl
readingrec.pl
routing-lists.pl
setstatus.pl
update-child.pl

Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-05 09:46:44 -03:00
585453fe20 Bug 19921: Fix update child when only one adult patron category exist
We are passing the Koha::Patron::Category object to the template instead
of the categorycode.

To reproduce this bug you must test in a system which has only one
patron category of the "adult" type. View the details of a patron with a
child-type patron category and choose More -> Update child to adult
patron.

This results in an error:

Can't call method "category_type" on an undefined value at
/home/vagrant/kohaclone/members/update-child.pl line 84.

The URL of the error page shows a problem with the parameters being
passed:

members/update-child.pl?op=update&borrowernumber=12345&catcode=Koha::Patron::Category=HASH(0xa168a18)&catcode_multi=

Test plan:
Make sure you have only 1 adult patron category
Update a child to adult
=> With this patch applied the error is gone and the patron has been
correctly updated

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:13:59 -03:00
96a42b873a Bug 19621: Use Koha.Preference on template side to display/hide "Routing lists" tab
Patch applies without issue and functions as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-22 13:15:36 -03:00
David Bourgault
0ab5a3cf92 Bug 11210: Writeoff partial amounts
Minor changes to pay.pl and paycollect.tt to allow writing off a partial amount of a fine.

Test plan:
0) Go to the Fines tab of a test patron's profile
1) Create a fine if there are none (under the Manual invoice tab)
2) Go to the "Pay fines" tab
3) Press the write off button on the corresponding account line

Without patch, you'll be asked to confirm, but will not be able to edit the amount
With patch, you'll be able to edit the amount.

Followed test plan, patch worked as described. Also ran QA test tool and
modified files passed

Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-11 14:30:42 -03:00
34cdd536cb Bug 10021: Only display outstanding fines in 'Pay fines'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-11 13:59:13 -03:00
528f647ae8 Bug 10021: (QA follow-up) Rename variables
To avoid $account, $accounts and @accounts variables in the same scope

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-11 11:34:19 -03:00
4247994e46 Bug 10021: Restore "Pay fines" list
Previous changes were wrong, the notify_id was always equal to 1 and
GetBorNotifyAcctRecord was used to retrieved the account lines to pay

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-11 11:34:19 -03:00
f54693ac86 Bug 10021: Drop columns notify_id and notify_level from accountlines
It appears that has never worked.
Could someone confirm?

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-11 11:34:18 -03:00
Lari Taskula
8c094e2dc3 Bug 19400: Reminder to unset gone no address flag after patron makes a modification request
Our librarians requested a reminder to unset "gone no address" flag from patron's
record once the patron has made a modification request to update their address.

I propose adding a message box under patron modification request to notify
librarians about patrons that have gone no address flag on, and an option to
unset the flag without the need of having to navigate into patron's details.

To test:
1. Apply patch
2. Set "Gone no address" flag for your test patron. You can do this by going
   to patron modification screen in staff client.
3. Go to OPAC with your test patron
4. Make a modification request for your personal details
5. Go to staff client and see pending modification requests
6. Open the request you just created
7. Observe a message dialog that says this patron has gone no address flag set
8. Check the checkbox to unset the flag and approve the modification request
9. Click Submit
10. Observe your test patron no longer has gone no address flag set
11. Repeat steps 2-7
12. Do not check the checkbox, but approve the modification request
13. Observe your test patron still has gone no address flag set
14. Remove the gone no address flag from your test patron
15. Repeat steps 3-6
16. Observe there is no message dialog for gone no address

Followed test plan, patch worked as described. Also ran QA test tools
and all modified files passed

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:51 -03:00
b20db441fe Bug 14919: (QA follow-up) Make script executable, fix typo
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:43 -03:00
4fa34acc41 Bug 14919: Add holds history for patron
Test plan:
0) Have a patron with some current and old reserves
1) Go to patron circulation page
2) Notice, there is new item called "Holds history" in the left
circulation menu
3) Go to this page and confirm the data on this page are OK, and that
ui does behave as expected
4) Go to adminitration, columns setting, try to change the setting for
holdshistory table and confirm it is taken into account on holds history
page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:02 -03:00
3b4e0e6978 Bug 19493: Force scalar context to prevent future error
If someone decide the reuse the template->param statement to pass values
to the template, we will get the same issue.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
30a0d4f6c9 Bug 19531: When saving patron record do not redirect to circ if not authorised
If the logged in patron does not have the necessary permission we should
not redirect to circulation.pl but moremember.pl instead

Test plan:
With the borrowers permission, you should be able to edit a patron and
be redirect to the moremember page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
3f2c1c879c Bug 19117: Add CSRF protection to paycollect.pl
Security bug, trivial changes, no need to provide procedure for script
kiddies.

Test plan:
Pay fines using the different options from the "Pay fines" tab.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
9136c3dbf8 Bug 18298: (QA followup) Use Koha.Preference on the template
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:33 -03:00
3f9da34683 Bug 18298: Add server-side checks and refactor stuffs
Now that we have a check client-side, nothing prevents us from a smart guy to
bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side. It is used
only once (self-registration) but could be useful later.

Moreover the 3 different cases of password rejection (too leak, too
short, contains leading or trailing whitespaces) were not tested
everywhere. Now they are!

This patch makes things consistent everywhere and clean up some code.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
ec4e666bc5 Bug 18298: minPaswordLength should not be < 3
Indeed if RequireStrongPassword is set we need at least 3 characters to
match 1 upper, 1 lower and 1 digit.
We could make things more complicated to allow minPasswordLength < 3
but, really, 3 is already too low...

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
ac50959dcf Bug 18298: Move password generation to template side
This patch removes a really ugly way to generate a password: the whole
template was sent and parsed to retrieve the "#defaultnewpassfield" node.
To avoid the password to be sent plain text it is certainly better to
generate it client-side.
The same kind of passwords will be generated: 0-9a-zA-Z
The while loop prevents to get an invalid generated password.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
38526ca13a Bug 14039: Add the title to all places
There are other scripts where the borrower variable is not defined and
the fields are passed one by one.
To have a consistent behaviour we should add the title at the different
places.

Note that this script also add the use of the include file for
statistics.tt and remove the pass of parameters to the template, already
done later:
 99 $template->param(%$borrower);

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
4efe251f35 Bug 12346: Display the correct number of pending patron modifications on the patron module home page
Due to the way members-home.pl handles the variable $branch, the number
of patron modifications listed on members-home.pl may differ from the
number listed on mainpage.pl. When the librarian clicks this link, he or
she may see a different number than was listed, or none at all!

Test Plan:
0) Set IndependentBranchesPatronModifications = Yes
1) Create a number of modification request for BranchA
2) Log into the staff intranet with a patron without superlibrarian
permissions and set your branch to BranchB
3) Note the modifications alert to does not display on mainpage.pl
4) Click the "Patrons" link to take you to members-home.pl
5) Note the modifictions alert does display on this page
6) Apply this patch
7) Reload members-home.pl, note the alert no longer displays

QA notes: What was the point of the branch variable?

Followed test plan, patch worked as described. Also passed QA test tool
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 12:08:45 -03:00
Aleisha Amohia
b56c19528e Bug 19258: Prevent warn when reversing a payment
The following warn is triggered when I click the Reverse button next to
an individual payment on the Account tab:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_boraccount_2epl line
63, this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at /usr/share/perl5/CGI.pm
line 436.

To test:
1) Go to a members detail page in staff side, create a manual invoice,
pay it
2) Go to the Account tab, click Reverse next to the payment you just
made
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 14:39:09 -03:00
Aleisha Amohia
ddf494b18f Bug 19258: Preventing warns when paying a fine or charge from Pay selected button
The following warns are triggered when I click the Pay selected button:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line 267,
this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at
usr/share/perl5/CGI.pm line 436.
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line
273, this can lead to vulnerabilities. See the warning in "Fetching
the value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 436.

To test:
1) Go to a members detail page in staff side and create a manual
invoice
2) Go to the pay fines tab, select the fine you just created and click
Pay selected
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 14:39:09 -03:00
Aleisha Amohia
693cc1122b Bug 19258: Prevent warns when writing off an individual fine
The following warns are triggered when I click the Write Off button next
to an individual fine or charge:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line 171,
this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 436. (this shows many times)
Use of uninitialized value in subroutine entry at
/usr/share/perl5/URI/Escape.pm line 184.

To test:
1) Go to a members detail page in staff side and create a manual
invoice
2) Go to the pay fines tab, click the Write off button next to the
invoice you just created
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 14:39:09 -03:00
Aleisha Amohia
9ffda7a7bc Bug 19258: Prevent warn when paying a fine or charge
To test:
 1) Go to a members detail page in staff client
 2) Select the Fines tab in the left pane
 3) Select the Create manual invoice tab below the button menu bar
 4) Create a fine and click save (e.g. Type: Fine, Amount: 5.00)
 5) Select the Pay fines tab below the button menu bar
 6) Click Pay on the item
 7) Blank the staff error log
 8) click confirm
    -- staff error log has message
 9) apply this first patch
10) repeat steps 3-8
    -- staff error log is blank
11) run koha qa test tools

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 14:39:09 -03:00
Katrin Fischer
82f183c5ea Bug 19129 - Clean up Details tab for Organisation patrons
Problem: A patron category "I" would cause display problems
on the details in the intranet. This is because the templates
confused patron category "I" with patron type "I" (organisation).

Patch:
- Cleans up variable confusion between categorycode and
  categorytype.
- The template contained code to change the labels below
  the address to 'Organisational phone:" etc., I have removed
  this part as it does not match the edit form anymore.
- Initials, date of birth and gender are still hidden for
  organisation - matching the edit form.

Bonus:
- The patron category description was missing on the
  right and left side of the details tab. Now it displays.
- Fixes some html issues:
  - doubled up class attribute in a tag
  - doubled up </li></li>

To test:
- Create 3 patrons
  - patron category code doesn't matter, but category type organisation
  - patron category code 'I', category type NOT organisation
  - patron category code NOT I, category type NOT organisaton
- Check details tab in patron account in staff for all 3
  - Verify patron category description shows correctly
  - Verify information added to the account displays correctly
    (phone numbers, emails, ...)

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:23 -03:00
831d75d09c Bug 19208 - Pay select option doesn't pay the selected fine
The "Pay selected" option on the Fines tab in the borrower account page doesn't work as intended.
The fine on top of the list gets the amount deducted, even if another fine is choosen from the list.

Test Plan:
1) Create two or three fines, using the Create manual invoice function.
2) Choose one of the fines (not the one on the top) and click Pay selected
3) Pay a partial amount
4) Go back to the Pay fines tab an notice that the fine you selected has not changed. Instead, either the top fine or the total (see attachment) has ben affected.
5) Apply this patch
6) Repeat steps 1-3
7) Note the correct fine is paid

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:04 -03:00
86e8612c02 Bug 19205 - Pay selected fine generates 500 error
Using the pay selected option from the borrowers account, to pay for one specific fine among other gives a 500 error, despite the payment going through.

Test Plan:
1) Add two fines using the Create manual invoice function.
2) Select one fine and "pay selected".
3) Pay a part of the amount.
4) Note error
5) Apply this patch
6) Repeat steps 1-3
7) No error!

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 15:05:22 -03:00
Amit Gupta
fbdfbc64f0 Bug 19079 - XSS Flaws in Membership page
1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber
2. Notice the java script is executed.
4. Apply patch.
5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
01e02364c9 Bug 19080: Fix perlcritic in routing-lists.pl
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 11:03:37 -03:00
2480474cdf Bug 19080: Fix member vs borrowernumber in delmember
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 11:03:37 -03:00
9af6c4e34b Bug 19080: Handle non-existing patrons gratefully
This is a recurrent bug we have over the last years. When a script is
called with non-existent borrowernumber it will crashes.
We need to handle this gracefully instead of letting the script crashes.

On bug 18403 a new subroutine is added to the codebase
(output_and_exit_if_error) to handle this kind of errors correctly.
Since it is not pushed yet, I propose to just redirect to a script that
handle it correctly (circulation.pl) instead of adding this message to
all these scripts.

Test plan:
Hit different scripts from the members module and pass a non-existent
borrowernumber.
You must be redirected to circulation.pl with a friendly message.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 11:03:37 -03:00
a66c0b1dd7 Bug 18469: QA Follow-up
Restore datepicker class
Use Koha.Preference
Copy changes to moremember

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:43 -03:00
1da4721551 Bug 17829: (follow-up) Move GetMember to Koha::Patron - routing-lists.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-09 16:52:21 -03:00
Aleisha Amohia
7ed66a6c8a Bug 18858: Prevent warn when deleting a borrower debarment
To test:
1) Look at intranet log
2) Go to delete a debarment on a borrower
3) Notice warn
4) Apply patch
5) Add a new debarment
6) Delete this debarment
7) Notice warn is gone

Sponsored-by: Catalyst IT

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-13 18:23:29 -03:00
9cad748de7 Bug 17829: (followup) Fix small rebasing errors
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:14:34 -03:00