Commit graph

98 commits

Author SHA1 Message Date
Hammat Wele
ee24e53a66
Bug 25079: Add a 'edit' functionality to the Clubs tool in the staff interface
A club enrollment can be cancel but it can't be edited
This patch add a 'edit' functionality to the Clubs tool in the staff interface

Test plan
1. Create a club template
    1.1. Go to Tools > Patron clubs
    1.2. Click on 'New Club Template'
    1.3. Fill the form
    1.4. on the 'Club fields' section, Click on Add new field
    1.5. Fill in the form
    1.6. on the 'Enrollment fields' section, Click on Add new field
    1.7. Fill in the form
    1.8. Click on Save button

2. Creation of the club
    2.1. Go to Tools > Patron clubs > 'Clubs' section (bottom)
    2.2. Click on the 'New Club' button and select the club template create on step 1
    2.3. Fill in the form
    2.4. Click on Save button

3. Club enrollement
    On the intranet
    3.1. Search for a pratron and open the patron folder
    3.2. Click on the 'Clubs' tab
    3.3. Find the name of the club and click on 'Enroll'
    3.4. Fill the questionnaire
    3.5. Confirm registration
        ---> Note that the enrollement can be canceled but it cannot be modified

4.  Apply the patch
5. Click one more time on the 'Clubs' tab
   ---> Note that the enrollement can now be modified

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-23 11:00:49 -03:00
8b9355088a
Bug 33697: Remove RecordedBooks (rbdigital) integration
RecordedBooks search API integration is now obsolete following
rbdigital's incorporation into OverDrive. Associated code should be
removed.

https://company.overdrive.com/2020/06/23/overdrive-to-acquire-rbdigital-from-rbmedia/

Test plan:
use git grep extensively and confirm that this patch removes all
occurrences of this feature.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-05 15:36:11 -03:00
0200a65d4f Bug 30426: Add missing C4::Auth and C4::Output imports
This patch adds missing function imports for C4::Auth and C4::Output
in the opac/svc/suggestion script.

Test plan:

1. Go to http://localhost:8081/cgi-bin/koha/admin/didyoumean.pl
2. Turn on some plugins
3. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1
4. Note in your browser's Network tab that the call to
   http://localhost:8080/cgi-bin/koha/svc/suggestion?render=stub&q=test
   generates a 200 response instead of a 500 error

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-13 15:55:38 +02:00
3b2322ea1f Bug 29859: Fix club/enroll
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-05 17:36:59 +02:00
be67a035be Bug 26669: (QA follow-up) Update last run when report run by name
This alters the svc scripts to set the report id after fetchign the report object
to ensure it is passed to exectue query

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
affd0caea5 Bug 26669: Last Run if report not always updated
The last run of a report is updated only if method execute_query() is
called with report_id.
This whas missing for :
- when report is run publicly
- when report is sent by email
- when report is exported

Patch changes the method signature to use a hash of params, in order to
easily avoid some params.

Test plan :

1) Create a report.
2) Run report.
3) Check the report listing.  Confirm that the last run info on the report is updated.
4) Make report public.
5) Run report via public url.
6) Check the report listing.  Confirm that the last run info on the report IS NOT updated.
7) Schedule the report to run at a given time and e-mailed to an address.
8) After the report runs at the scheduled time, check the report listing.  Confirm that the last run info on the report IS NOT updated.
9) Run report.
10) Export results.
11) Check the report listing.  Confirm that the last run info on the report IS NOT updated AT THE TIME OF THE EXPORT.

Questionable (I don't know if this is addressed):
12) Run report on backend through a cron job and send results via e-mail.
13) Check the report listing.  Confirm that the last run info on the report IS NOT updated.

14) Apply patch.
15) Rerun steps 2-13.  Confirm that steps 3, 6, 8, 11, and 13 DO UPDATE the last run info.

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
e4a402cd50 Bug 29544: Ensure logged in user is allowed to modify checkout note
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-02 21:05:29 -10:00
4413276810 Bug 29320: Update OverDrive availability to V2
This patch updates the call to overdrive_proxy to allow passing a version
and updates the code to use V2 for availability

To test:
1 - Enable OverDrive integration by setting the sysprefs
2 - Log in to your overdrive account in the Koha opac
3 - Perform a search and note availability display
4 - Confirm you can checkout/hold/return books
5 - Apply patch
6 - Repeat search and test functionality
7 - Note that title with '0 out of 0 copies available' now say 'Currently unavailable'

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-01-28 21:52:54 -10:00
46d3d63e46 Bug 29686: Adapt Koha to use new fulfillment API for OverDrive
This patch modifies the checkout_download_url routine in
WebSerivce::ILS::OverDrive::Patron

We now directly hit the fulfillment endpoint with redirects disabled
and fetch the URL

The overdrive.js is modified to use a single 'Get item' button for all
checked out items and to refer to the fulfillment page

To test:
1 - Enable all OverDrive system preferences
2 - Search on opac and confirm OD results returned
3 - Checkout an item
4 - Confirm you have the new 'Get item' button on 'OverDrive account'
    tab on opac-user.pl
5 - Confirm the 'Get item' button works

NOTE:
Most items will also show the 'Get item' button in results, however,
magazines may not as each checkout has a unique 'reserve id' and the
'parent' id is not checked in our current code

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-01-28 11:09:06 -10:00
4390b7be04 Bug 28785: Adjust check_cookie_auth calls
The previous patch makes check_cookie_auth return the session instead of
$sessionID, so we are adjusting the different calls to prevent
confusion.
However they are mainly used to check the authentication status and
don't care about this second variable.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-18 11:28:41 +02:00
9e249435f9 Bug 28931: Use EXPORT_OK from Koha::DateUtils
It has been missed on bug 17600.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Adjusted commit title.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-07 11:01:05 +02:00
a005865b81 Bug 17600: Fix overdrive_proxy and recordedbooks
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-20 16:14:13 +02:00
d609e42a3c Bug 17600: Fix opac/svc/overdrive
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-14 18:23:28 +02:00
3748efc8ab Bug 28731: (bug 17600 follow-up) Import necessary subroutines in reports svc endpoint
TO test:
 1 - Write a report
 2 - Click the svc link in the saved reports list
 3 - ISE
 4 - Make report public
 5 - Click the svc link in saved reports list
 6 - ISE
 7 - Apply patch
 8 - Comfirm opac/public link works
 9 - Make report not public
10 - Confirm the internal svc link works

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-21 17:04:06 +02:00
9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00
e2f5ecc069 Bug 27380: (follow-up) Remove earlier declaration and unused assignment
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-12 12:30:58 +01:00
45ec6ba3a4 Bug 27380: Move get_prepped_report to object and use for svc/reports
This patch moves get_prepped_report to Koha:Report->prep_report
and adds some basic tests

To test:
1 - Using the report created in last test, hit the report svc api like:
http://localhost:8081/cgi-bin/koha/svc/report?id=6&param_name=One&sql_params=One&param_name=Listy|list&sql_params=2345%0D%0A423%0D%0A3%0D%0A2%0D%0A12
2 - Note the use of %0D%0A to separate list params
3 - Test with combinations with and without param_name specified
http://localhost:8081/cgi-bin/koha/svc/report?id=6&sql_params=5&sql_params=2345%0D%0A423%0D%0A3%0D%0A2%0D%0A12

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

JD Amended patch: Perltidy prep_report

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-12 12:29:56 +01:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
53ef5a4078
Bug 24384: Add Access-Control-Allow-Origin support to OPAC reports svc
This patch makes the opac/svc/report script use output_with_http_headers
so it sets the Access-Control-Allow-Origin header.

To test:
1. Create a new public report and remember the report id
2. Use your favourite too to fetch the report in JSON by issuing:
   GET http://localhost:8080/cgi-bin/koha/svc/report?id=1
=> FAIL: There is no Access-Control-Allow-Origin header
3. Apply this patch
4. Restart Plack
   $ sudo koha-plack --restart kohadev
5. Set the AccessControlAllowOrigin to anything (for example,
   https://koha-community.org)
6. Repeat 2
=> SUCCESS: On the response headers you find
Access-Control-Allow-Origin: https://koha-community.org
7. Sign off :-D

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-19 09:23:13 +00:00
20952a7b2d
Bug 22821: Rename method with ->inbound_email_address
The method has been renamed in the previous bug report.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
67bda71a45
Bug 22821: Correct to_address for issue notes
This patch updates the controller and service code to use the newly
introduced 'get_effective_email' routine from bug 22823 to obtain the
branches most appropriate email address.

Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
04dcca4321
Bug 22821: Use 'reply-to' address in issue notes
This patch updates the issue notices to not pass from_address and so
default to the branch email of the user for from_address. We now pass
the patrons email (cascading through email, emailpro, B_email) into the
reply_address field so mail servers are less likely to report emails as
spam and mail clients still have access to the patron address via the
reply-to header when staff want to hit 'reply' and have the email go to
the user.

Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
7d8b96803f
Bug 24545: Fix license statements
Bug 9978 should have fixed them all, but some were missing.
We want all the license statements part of Koha to be identical, and
using the GPLv3 statement.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-24 13:31:26 +00:00
ab4fa77eb0
Bug 23623: Remove the svc/patron/show* scripts
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-09-23 10:55:32 +01:00
Kyle M Hall
1ad03f5509
Bug 20691: Add ability to turn feature on and off
This patch adds two preferences
1. AllowPatronToSetFinesVisibilityForGuarantor: Allow/Don't allow patrons to choose their own privacy settings for showing the patron's fines to the patron's guarantor
2. AllowStaffToSetFinesVisibilityForGuarantor: Allow/Don't allow staff to set the ability for a patron's fines to be viewed by linked patrons in the OPAC

Also adds a tinyint, non nullable, default to 0 column in borrower and deletedborrower named privacy_guarantor_fines.
1. privacy_guarantor_fines = 0 => don't allow guarantor to see guarantee's fines
2. privacy_guarantor_fines = 1 => allow guarantor to see guarantee's fines

To test:
1) git reset --hard master
2) apply patches (including dependencies)
3) perl installer/data/mysql/updatedatabase.pl
4) dbic
5) restart_all
6) in intranet search for AllowPatronToSetFinesVisibilityForGuarantor and AllowStaffToSetFinesVisibilityForGuarantor preferences
SUCCESS => both preferences should be present
7) search for a patron with guarantor
SUCCESS => in details tab, in "Library use" section you should see a row labeled "Show fines to guarantor"
8) edit
CHECK => in Guarantor information there is no "Show fines to guarantor" select
9) set AllowStaffToSetFinesVisibilityForGuarantor preference to "Allow"
10) return to patron with guarantor and edit
SUCCESS => in Guarantor information section there is a "Show fines to guarantor" select
11) change "Show fines to guarantor" select to "Yes" and save
SUCCESS => Value is saved
12) go to details tab
SUCCESS => in "Library use" section you see a row labeled "Show fines to guarantor" with value "Yes"
13) set OPACPrivacy preference to "Allow"
14) open 2 opacs, one with a patron that has a guarantor and another that hasn't and go to "your privacy" tab.
CHECK => in both opacs you should not see a "Allow your guarantor to view your current fines?" select
15) in intranet set AllowPatronToSetFinesVisibilityForGuarantor to "Allow"
16) refresh both opacs
SUCCESS => in Patron that has guarantor you see a "Allow your guarantor to view your current fines?" select
	=> in Patron without guarantor you don't see a "Allow your guarantor to view your current fines?" select
17) in Patron with guarantor change value of select and save
SUCCESS => Value is saved
18) in intranet set OPACPrivacy preference to "Don't allow" and AllowPatronToSetFinesVisibilityForGuarantor to "Don't allow"
19) got to "your personal details" in both opacs
CHECK => in both opacs you should not see no Privacy section with a "Allow your guarantor to view your current fines?" select
20) in intranet set AllowPatronToSetFinesVisibilityForGuarantor to "Allow"
21) refresh both opacs
SUCCESS => in Patron that has guarantor you see a "Allow your guarantor to view your current fines?" select in a Privacy section
        => in Patron without guarantor there is no Privacy section
22) in Patron with guarantor change value of select and update
SUCCESS => Value is saved
23) Sign off

Signed-off-by: Agustin Moyano <agustinmoyano@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-09-11 08:53:46 +01:00
90d85eaeb9
Bug 23390: Introduce placeholder syntax for report column names
This patch adds the ability to rename columns in MySQL reports using a syntax:
[[column|alias]]

To test:
 1 - Write a report like:
     SELECT cardnumber FROM borrowers WHERE cardnumber LIKE '%9'
 2 - Run report
 3 - Note you can batch modify the patrons
 4 - Update report:
     SELECT cardnumber AS library_barcode FROM borrowers WHERE cardnumber LIKE '%9'
 5 - Run report
 6 - Note batch options are no longer present
 7 - Apply patch
 8 - Run report, no change
 9 - Update report like:
     SELECT [[cardnumber|library_barcode]] FROM borrowers WHERE cardnumber LIKE '%9'
10 - Run report
11 - Batch options work!
12 - Update report like:
    SELECT cardnumber FROM borrowers WHERE cardnumber LIKE '%9'
13 - Verify batch options still work
14 - Set report 'public'
15 - Verify report can be run via JSON URLs:
     http://kohadev.mydnsname.org:8080/cgi-bin/koha/svc/report?id=1
     http://kohadev.mydnsname.org:8081/cgi-bin/koha/svc/report?id=1

Signed-off-by: George Williams <george@nekls.org>
Signed-off-by: George Williams <george@nekls.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-08-13 11:46:06 +01:00
6a0246e248 Bug 22542: Force back button to display personal data
This is a follow-up of bug 5371

The following command must not return anything:
grep ^output_html_with_http_headers `git grep -l -P "authnotrequired\s*=>\s*0" opac`|grep -v force_no_caching

This must be a test somehwere to prevent further regressions.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-05-02 13:43:48 +00:00
7a44c9edb9 Bug 22010: Check preferences for ebook integration
To test:
1 - Enable OverDrive and RecordedBooks (you can put anything in the
        prefs)
2 - Search on the opac - verify you get results (or search error) on
first page of results'
3 - Go to second page of results - OD and RB are not searched
4 - Apply patch
5 - Verify nothing has changed

If you have valid credentials:
1 - Enable RB prefs
2 - Sign in with an account that has an email matching your registered
account for recordedbooks
3 - Confirm you RB account loads on opac-user.pl

Otherwise:
Read the patches, verify it all makes sense

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-30 11:42:51 +00:00
59b740613e Bug 22717: (bug 20287 follow-up) Fix Google OpenId auto registration
Silly bug caused by:
  commit ef410fd62f
  Bug 20287: Replace occurrences of AddMember with Koha::Patron->new->store->borrowernumber

Constructors take a hashref!

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-30 11:30:55 +00:00
96adab7af8 Bug 22030: Use preference to determine username sent to overdrive
Overdrive configuration generally defaults to cardnumber, however, they
have confirmed that some libraries use usernames. We need to allow for
both scenarios.

To test:
1 - Have an OverDrive account setup with SIP authentication
    Note: You can apply for a testing account at developer.overdrive.com
    and setup an environment
2 - Fill in all your OverDrive system preferences
3 - Test with a patron whose username is their cardnumber
4 - Confirm their overdrive account tab on opac loads
5 - Change the username to be another value like "borked_wont_work"
6 - Note the overdrive account tab won't load
7 - Apply patch, update database, not new system preference
OverDriveUsername (default to 'cardnumber)
8 - Note the OD account loads successfully
9 - Change the system preference to 'user name' - the account load fails

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-08 13:59:46 +00:00
bfbbe52ff7 Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart
Resolve things like:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_prodclone_opac_svc_report line 42, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

The cache key in both script looks like:
    opac:report:id:602018
but should for consistency be:
    opac:report:id:60:2018
Note: The 2018 here is part of the sql_params and should not be
concatenated to the report id.

Test plan:
Do not yet apply this patch.
Make a report public, set cache to 300 secs.
Check its output with opac/svc/report.
Check for the warn in your log.
Apply the patch, restart Plack and flush cache.
Check opac/svc/report.
Modify your report; e.g. add a simple string to the SELECT.
Check opac/svc/report. You should still see cached output.
Flush the cache.
Check opac/svc/report. You should now see the added text.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested also by clearing individual keys with $cache->clear_from_cache.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-15 13:45:42 +00:00
d83d5ec5a4 Bug 21082: (RM follow-up) address QA issues
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 11:04:24 +00:00
e762bdb9b2 Bug 21082: Update OverDrive authentication method
Testing will require an OverDrive account, you should be able to obtain a
developer account here:
https://developer.overdrive.com/

You will need to register a SIP connection for patron authentication

To test authentication:
 1 - Set authname default in OD prefs
 2 - Sign in as a patron whose branch matches authname
 3 - Verify the patron can sign into OverDrive
 4 - Set the patrons branch authname to be incorrect
 5 - Verify branch specific authname is used and patron cannot sign in
 6 - Set the default authname to be incorrect and patron's branch
 authname to be correct
 7 - Verofy patron can sign in

To test circulation:
 1 - Fill out all OD prefs and enable circulation
 2 - Sign in to opac
 3 - Verify you have an OverDrive tab
 4 - Click 'Login to Overdrive'
 5 - If password required you shoudl be prompted, otherwise you should be
signed in and see account info
 6 - Test logging out and in
 7 - Log-in, perform a search on the opac - you should see hold/checkout
buttons
 8 - Test the buttons
 9 - After holding/checking out items, check your account page
10 - Verify info is correct
11 - Log out of overdrive
12 - Search catalog click overdrive results
13 - Test "Login to Overdrive" link on OD results
14 - Verify page is reloaded, buttons show and work

Signed-off-by: Sandy Allgood <sandy.allgood@citruslibraries.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 11:04:23 +00:00
Srdjan
eb4be268d8 Bug 17602: OPAC integration of RecordedBooks
Add RecordedBooks to the users page in the public interface

To Test:
1/ Apply all 3 patches
2/ Set the sysprefs to valid values (you will need a test account with RecordedBooks)
3/ Try a search
4/ Login to the OPAC, try to place a hold, or check an item out
5/ Check the opac-user page, see if your items are showing on the oneclickdigital tab

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:39 +00:00
Charlotte Cordwell
59d436ee60 Bug 19991: use Modern::Perl in OPAC perl scripts
Test Case:
Check the following files have been updated from
use strict;
use warnings;
to
use Modern::Perl;

errors/400.pl
errors/401.pl
errors/402.pl
errors/403.pl
errors/404.pl
errors/500.pl
opac-account-pay-paypal-return.pl
opac-alert-subscribe.pl
opac-authorities-home.pl
opac-authoritiesdetail.pl
opac-browser.pl
opac-ics.pl
opac-image.pl
opac-imageviewer.pl
opac-messaging.pl
opac-modrequest-suspend.pl
opac-modrequest.pl
opac-mymessages.pl
opac-overdrive-search.pl
opac-passwd.pl
opac-patron-image.pl
opac-privacy.pl
opac-ratings-ajax.pl
opac-ratings.pl
opac-readingrecord.pl
opac-renew.pl
opac-sendshelf.pl
opac-serial-issues.pl
opac-showreviews.pl
opac-suggestions.pl
opac-tags_subject.pl
opac-topissues.pl
opac-user.pl
sco/help.pl
sco/printslip.pl
sco/sco-patron-image.pl
svc/overdrive_proxy
svc/suggestion
unapi

Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:32 +00:00
Aleisha Amohia
4a3eaf02e2 Bug 17698: Make patron notes show up on staff dashboard
This patch adds a user permission for managing issue notes, and a 'noteseen'
column to the issues table.

To test:
1) Apply Bug 14224 first
2) Apply this patch, update database, rebuild schema.
3) Restart koha-common and memcached
4) Turn on AllowCheckoutNotes syspref if haven't already
5) Issue two items to two different users (one item each)
6) Log into the OPAC as one of the users and add an issue note to their
issue
7) Log out and log back into the OPAC as the other user
8) Disable Javascript
9) Refresh opac-user.pl
10) Leave a checkout note on their issue
11) Enable javascript and log into the Staff Client as a superlibrarian
user
12) Go to your user's account and edit their permissions to have
everything ticked EXCEPT circulate->manage checkout notes.
13) Go to main intranet page. There should be no message saying
'checkout notes pending'.
14) Go to circulation home page. There should be no link to Checkout notes.
15) Go back to user's permissions and tick circulate->manage checkout notes.
16) Go back to main intranet page. There should now be a message at the
bottom saying 'Checkout notes pending: 2'
17) Go to circulation home page. There should be a link to Checkout notes
with a 2 next to it. Click this link
18) Attempt to mark an checkout note as seen. This should update the status
of the checkout note to 'seen' and disable to 'mark as seen' button while
enabling the 'mark as not seen' button.
19) Test both buttons with both issues.
20) Test select all and clear all buttons
21) Confirm that buttons at the bottom are only enabled if a checkbox is
checked
22) Try selecting both issues and using the buttons at the bottom to
mark multiple issue notes at once.
23) Confirm the barcode link to the item works as expected.
24) Confirm the cardnumber link to the user works as expected.
25) Confirm all table details show correctly.

Sponsored-by: Catalyst IT

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Remove self-checkout permissions

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:40 +00:00
ef410fd62f Bug 20287: Replace occurrences of AddMember with Koha::Patron->new->store->borrowernumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:47 +00:00
1b13c453e2 Bug 20287: Move fixup_cardnumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:44 +00:00
cdb6b68488 Bug 20495: (follow-up) Correct search for report by name
Ultimately we should probably remove name access as it is not a unique
id, but this should preserve existing behaviour

To test:
Create a report
Use the service link to confirm the report runs
Replace id=# parameter with name=XXXXXX
Confirm URL works

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Note: We should not remove the param "name", it's a feature, see bug 8256.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-02 12:06:54 +00:00
4ec5a67c6f Bug 20495: Remove get_saved_report
To test:
1 - prove t/db_dependent/Reports/Guided.t
2 - grep "get_saved_report" - ensure there are no occurences of the
singular form
3 - create, save, edit, and convert a report
4 - access a public report and report json from opac and staff client
5 - Ensure all function as expected

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-02 12:06:54 +00:00
Aleisha Amohia
dd77236371 Bug 18915: Renaming svc/patron_notes to svc/checkout_notes
For consistency.

Signed-off-by: Marjorie Barry-Vila <marjorie.barry-vila@collecto.ca>

https://bugs.koha-community.org/show_bug.cgi?id=19801

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
Aleisha Amohia
d8963726d0 Bug 18915: Giving CHECKOUT_NOTE access to issues table
This patch allows the notice to reference the issues table so that the
checkout note itself can be added to the note if wanted, such as in
Comment 9.

Sponsored-by: Catalyst IT

Signed-off-by: Marjorie Barry-Vila <marjorie.barry-vila@collecto.ca>

https://bugs.koha-community.org/show_bug.cgi?id=19801

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
Aleisha Amohia
5239269216 Bug 18915: Fix checkout note email message
This patch replaces the <<biblio.item>> in the email with
<<biblio.title>> and uses CHECKOUT_NOTE instead of PATRON_NOTE.
This patch also adds the notice to
installer/data/mysql/en/mandatory/sample_notices.sql, and updates the
PATRON_NOTE entry in installer/data/mysql/updatedatabase.pl

To test:
1) Apply patch and update database
2) View the message_queue table in mysql
3) Check out an item if haven't already
4) Go to OPAC and set a checkout note for an item
5) View message_queue table and confirm it the title is included in the
email and all instances of 'patron note' have been replaced with
'checkout note'
6) Disable javascript in browser
7) repeat steps 4 and 5 and confirm all works as expected

Sponsored-by: Catalyst IT

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
2d10327e98 Bug 19496: ReplytoDefault is a pref, not a C4::Context method
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-07 10:52:28 -03:00
Aleisha Amohia
d5292616ac Bug 19496: Fixing to_address for patron notes
This patch ensures the patron note to_address is the branch email or the
Koha Admin email, and the from_address is the patron's email.

To test:
1) Ensure syspref 'allowcheckoutnotes' is turned on
2) Go to OPAC, leave a note on a checkout
3) Confirm that the note is received (in mysql message_queue) but the
to_address is the patron's email - this is wrong
4) Apply patch and refresh OPAC
5) Leave a note on a checkout
6) Confirm that the note is received in message queue
7) Confirm that the to_address is one of:
- branch email
- branch reply to
- syspref ReplytoDefault
- syspref KohaAdminEmailAddress
8) Confirm that the from_address is one of:
- patron email
- patron emailpro
- patron B_email

Sponsored-by: Catalyst IT

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-07 10:26:53 -03:00
27b99bb80b Bug 18118: Unexpected behaviour with 'GoogleOpenIDConnect' and 'OpacPublic' syspref combination.
TEST PLAN
----------
1/ configure a working 'GoogleOpenIDConnect' account

See comment #5 which also links back to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16892#c3

2/ set 'OpacPublic' (under OPAC) to 'Disabled' and
   'GoogleOpenIDConnect' (under Administration) to 'Yes'.

3/ log in user successfully via google-auth, observe redirect to
   opac-user.pl (bad)

4/ apply patch
   -- on kohadevbox remember to restart all! Plack is unforgiving. :)

5/ log in user successfully via google-auth, observe expected
   redirect to opac-main.pl (good)

While I would normally suggest running koha qa test tools, because
this file doesn't end in .pl, it doesn't get picked up by them.

6/ perlcritic -4 opac/svc/auth/googleopenidconnect
   -- notice this is a level better than required. :)

This also eyeballs easily well.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
Mark Tompsett
8ed19fedca Bug 16892: Address error checking in comment #47
Tweaked logic to include error check for category
and branch being valid. If not, the user is told
about a configuration error to share with the
library. Otherwise, it should proceed as normal.

TEST PLAN is comment #35 still.
Though include a run with an invalid category
and/or branch code in the two system preferences:
GoogleOpenIDConnectDefaultBranch and/or
GoogleOpenIDConnectDefaultCategory

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
88f616277a Bug 16892: Follow up use AddMember as per QA comment
Same Test plan as before.

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
ae45243fae Bug 16892: Add automatic patron registration via OAuth2 login
10988 added the ability to log into the OPAC authenticating with
Google Open ID Connect. This extends it, by allowing an
unregistered patron to have an account automatically created
with default category code and branch.

This is accomplished by adding 3 system preferences.
- GoogleOpenIDConnectAutoRegister
      whether it will attempt to auto-register the patron.
- GoogleOpenIDConnectDefaultCategory
      This category code will be used to create Google OpenID Connect patrons.
- GoogleOpenIDConnectDefaultBranch'
      This branch code will be used to create Google OpenID Connect patrons.

Sponsored-by: Tulong Aklatan

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00