Following patron modification partial editor had no age constraint
checking:
/cgi-bin/koha/members/memberentry.pl?op=modify&borrowernumber=3&step=3
Test plan:
1) Apply the patch
2) Open profile of a patron
3) Click Edit under "Library use": http://prntscr.com/d1ghim
4) Change category to an invalid one (eg. Adult instead of Kid)
5) Error saying "Patron's age is incorrect for their category." should
be displayed.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Lucio Moraes <lmoraes@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This bug has been highlighted by bug 15407.
The date limit check on the category code did not work on step 1. But
after bug 15407 the script crashes with
Can't call method "dateofbirthrequired" on an undefined value at
/home/vagrant/kohaclone/members/memberentry.pl line 311.
Test plan:
- Edit "step 1" information of a patron (first 'Edit' on a patron detail
page).
- Save
=> Without this patch it BOOMs
=> With this patch, the info should be correctly saved
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Prevent internal software error when searching patron with invalid birth date
To reproduce:
- Go to Home > Patron
- Expand patron search (click on + at the left of the search button)
- In drop down 'Search fields', select 'Date of birth'
- Enter a valid date (e.g. 11.02.1995 if syspref 'dateformat' is set to dmydot)
Result: Search works OK
- Enter an invalid date, e.g. 11.02 or abcd...
Result: Internal server error
- Do a patron search with many results
- Use filter on results screen, select 'Date of birth' as search field and
enter an invalid date to search (e.g. 'a')
Result: Endless message 'Processing'
To test:
- Apply patch
- Repeat steps above
- In both cases, you should get "No results"
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Lucio Moraes <lmoraes@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
* Koha/Patron.pm (housebound_role): New method.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tt: Add
section for HouseboundRole information
* members/moremember.pl: Pass HouseboundRole info to template.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
I think it's better to prefix the subroutine names used to search with
'search_'.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
* members/housebound.pl: Provide full patron hash keys, extended patron
attributes & picture to template.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt:
Refactor to use new information.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
* members/housebound.pl: Force `borrowernumber` to scalar context.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: Use
".datepicker" class for date input, use `$KohaDates` to filter our iso
dates.
* members/housebound.pl: Use DateTime and Koha::DateUtils to parse
incoming date to ISO format.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
* members/housebound.pl: Refactor & store messages for encountered
errors.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: Show
messages.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
New module to handle management of circulation to Housebound readers.
- Ability to create housebound profiles & scheduled visits for patrons.
- Ability to record users as Deliverers or Choosers (or both), using
extended patron attributes.
- Ability to link choosers and deliverers to individual delivery runs.
- 'Delivery Frequencies' are customizable through authorised
values ('HSBND_FREQ').
* koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc: add
Housebound menu if appropriate.
* Koha/Patron.pm (housebound_profile): New method.
* Koha/Patrons.pm (housebound_choosers, housebound_deliverers): New
methods.
* Koha/Patron/HouseboundProfile.pm: New File.
* Koha/Patron/HouseboundProfiles.pm: New File.
* Koha/Patron/HouseboundVisits.pm: New File.
* Koha/Patron/HouseboundVisit.pm: New File.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: New file.
* members/housebound.pl: New file.
* installer/data/mysql/kohastructure.sql: Add housebound_* tables.
* installer/data/mysql/sysprefs.sql: Add HouseboundModule syspref.
* koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/circulation.pref:
Add HouseboundModule syspref.
* installer/data/mysql/atomicupdate/housebound_tables.sql: New file.
* t/db_dependent/Patron/Borrower_Housebound.t: New file.
* t/db_dependent/Patron/Borrower_HouseboundProfiles.t: New file.
* t/db_dependent/Patron/Borrower_HouseboundVisits.t: New file.
Test plan:
- Apply patch.
- Run atomic update script.
- Run Unit Tests (t/db_dependent/Patron/Housebound*)
- Optionally, add additional authorised values to 'HSBND_FREQ'.
- Switch on 'HouseboundModule' syspref.
- Ensure 'ExtendedPatronAttributes syspref is on.
- On patron pages, when editing, add some to the Housebound deliverer
and chooser groups.
- On a patron page, the Housebound menu should now be present.
- create housebound profile
+ ensure Frequency values seem pulled from 'HSBND_FREQ'.
- create 'housebound visits' (deliveries)
+ ensure chooser/deliverer lists are populated with patrons that
have the Chooser or Deliverer Attribute type.
- edit visits.
- delete visits.
- Switch off 'HouseboundModule'
- the Housebound menu should disappear
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Bug 5670: [Followup] Rename test files.
* t/db_dependent/Patron/Borrower_Housebound.t: Rename to
t/db_dependent/Patron/Housebound.t.
* t/db_dependent/Patron/Borrower_HouseboundProfiles.t: Rename to
t/db_dependent/Patron/HouseboundProfiles.t.
* t/db_dependent/Patron/Borrower_HouseboundVisits.t: Rename to
t/db_dependent/Patron/HouseboundVisits.t.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Bug 5670: [QA Followup] Fix category_type ref.
* koha-tmpl/intranet-tmpl/prog/en/modules/members/housebound.tt: Replace
references to `category_type` with `categorycode`.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This job should be done each time patron data are deleted. It's better
to do it just before deleting the patron than assuming the caller did
the job by itself.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch moves the C4::Members::DelMember subroutine to the
Koha::Patron module.
The delete method must be overwritten to permit handling of patron's
holds.
Test plan:
(With the 2 patches applied)
1/ Create a patron with holds and owner of lists
2/ Delete patrons using the web interface:
- More > Delete on a patron page
- Batch patron deletion tools
3/ and the cronjob script
- perl misc/cronjobs/delete_patrons.pl -c [more options]
The patron should have been moved to the deletedborrowers table, his/her
holds and lists should have been deleted.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the C4::Members::MoveMemberToDeleted subroutine in
order to replace it with the Koha::Patron->move_to_deleted method.
Next after this change, we will move C4::Members::HandleDelBorrower and
C4::Members::DelMember to the same module to simplify the code in
members/deletemem.pl and misc/cronjobs/delete_patrons.pl
Test plan:
1/ Delete a patron from the staff interface and make sure (s)he has been moved to
the deletedborrowers table.
2/ Use the "Batch patron deletion" tool (tools/cleanborrowers.pl) to
remove patron. Make sure the "Permanently delete these patrons" and "Move
these patrons to the trash" options work as before
3/ Same as previously but using the cronjob
misc/cronjobs/delete_patrons.pl.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tested the delete_patrons.pl script and cleanborrowers.pl too.
Tests (are relevant and) pass and the qa scripts are happy too :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The subroutine C4::Koha::GetAuthorisedValueByCode returned the
description (staff or opac) for a given authorised value.
Note that we may need a unique key to ->find instead of ->search.
Test plan:
- Checkin an item that cannot be checked in because it's lost, the
message should display the AV description
- Generate a letter with borrowers.streettype equals an ROADTYPE AV, the
description should be displayed.
- Edit a patron attribute type, the AV dropdown list should be
displayed
- Create the PA_CLASS AV category (see bug 7154) and make sure it
behaves as before when editing a patron
- The checkout list should display descriptions for LOC, LOST and
DAMAGED
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When displaying Fines > Account tab for a patron, you can see on screen a Note column that is missing if you click on Print
Test plan :
* Find a patron with accountlines or add them manually (Create manual invoice/credit).
* Be sure some of them got a Note
* Clik on Print fior those lines
Without patch, the printed receipt does not show the Note column
with the patch, the printed receipt shows a Note column and Note content is correctly printed for accountline with a note.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 14566 added the permission "borrowers" on patronimage.pl.
This perm is too restrictive because circulation pages also uses this page.
I propose to simply use "catalogue" perm.
Test plan
- Set an image to borrower xx
- Create a user with only catalogue permission
- Log with this user
- Go to page (replace xx by borrower number) : /cgi-bin/koha/members/patronimage.pl?borrowernumber=xx
=> Without patch you get the page saying you do not have the permission
=> With patch you get the image
- Log out and retest the page patronimage.pl
=> You get 403 error
Signed-off-by: remy <remy.gonzalves@iepg.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch adds escaping to url params in mambers/pay.pl
To test:
- Apply patch
- Go to Home > Patrons > Manual invoice and create an invoice with a
description containing a #
- Go to tab "Pay fines"
- Write off the fine
Expected result: Fine is written off and does no longer display in pay tab.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch fixes a Internal Server Error while deleting patrons.
To reproduce:
- Go to a patron's detail page
- Toolbar : More : Delete
- Confirm "Are you sure you want to delete..."
Result: Internal Server Error
Plack error log:
exited nonzero: 1 at /home/marc/koha/members/deletemem.pl
Note: Patron is deleted
Additional tests: Try to delete yourself, to delete a staff member
without having superlibrarian permission etc.
To test:
- Apply patch
- Re-start plack
- Try to reproduce steps above (with other patron)
Expected result:
No Internal Server Error, Redirect to Home > Patrons
Amended to include all occurences of 'exit 1'
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Good catch Marc
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
To reproduce:
- Go to Home > Administration > Patron categories
- Make sure that you have only one category for a category type.
Examples: Only one category "Staff" for category type "Staff" or
Only one category "Library" for category type "Org."
- Edit a patron or create a new patron
- Verify that categories of examples above do not show up in category drop down
- Go back to Home > Administration > Patron categories and add categories to
both category types
- Edit or create a new patron. Veryfy that categories show up in dropdown.
To test:
- Apply patch
- Make sure you have a category type with only one category assigned
(e.g. category taype Staff with category Staff)
- Edit a patron or create a new patron. Verify that the category
shows up in categroy drop down.
- Additional test: Verify that template param 'catcode' from removed line
is not used in template memberentrygen.tt
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Test Plan:
1) Apply this patch
2) Pay a fine via the "Pay amount" button
3) Payment should succeed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Given that the issue is trying to call a method on something that isn't
an object, because the category code doesn't exist, then why is it
even trying to change the expiry date? A simple postfix if fixes it.
Applied counter-patch by M. Tompsett. All three patron 'Edit' links
mentioned in previous patch's test plan work fine.
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If an attacker can get an authenticated Koha user to visit their page
with the
url below, they can change or delete patrons' images
/tools/picture-upload.pl?op=Delete&borrowernumber=42
Test plan:
1/ Hit /tools/picture-upload.pl?op=Delete&borrowernumber=42
And confirm that you get a "Wrong CSRF token" error
2/ Go on the patron detail page with a patron's image
3/ Click on the Delete link (note the csrf_token param)
4/ The image will be deleted and you are redirected to the patron detail
page.
Regression tests:
Upload an image from the patron detail page and from the "upload patron
images" tool.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The patron details page always show the logged in library as the
patron's home library instead of the true home library. This bug is
particular to moremember.pl and does not affect other patron pages.
Test Plan:
1) Find a patron with a home library other than the logged in library
2) Note the patron home library as shown on moremember.pl matches
the logged in library and not the patron's true home library
3) Apply this patch
4) Reload moremember.pl, the correct home library should display!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This subroutine was only used in one script and its job is the same as
GetAuthorisedValueByCode.
It's better to use the AuthorisedValues TT plugin to retrieve AV
descriptions.
Test plan:
Edit a patron with sort1 and/or sort2 defined.
On the patron details page (members/moremember.pl) you should see the
sort1 and/or sort2 info displayed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch moves the code from C4::Members::ExtendMemberSubscriptionTo
to Koha::Patron->extend_subscription.
The expected behavior is:
When a new patron is created, the enrolment period defined for the
patron category is used unless an enrolment period date is defined. In
that case, this date is used.
When an account is renewed, the pref BorrowerRenewalPeriodBase is used to
determine if the subscription is renewed from today or from the day when his/her
account has expired.
Test plan:
Confirm that the behavior is correct before this patch and that it's
still the same after this patchset applied.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch moves the code from C4::Members::GetExpiryDate to
Koha::Patron::Categories.
Nothing much exiting, please follow test plan in next patches.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This is the fourth and last patch set to remove C4::Branch.
The real purpose of this patch is to standardise and refactor some code
which is related to the libraries selection/display.
Its unconfessed purpose is to remove the C4::Branch package.
Before this patch set, only 6 subroutines still existed in the C4::Branch
package:
- GetBranchName
- GetBranchesLoop
- mybranch
- onlymine
- GetBranches
- GetBranch
GetBranchName basically returns the branchname for a given branchcode.
The branchname is only used for a display purpose and we don't need to
retrieve it in package or pl scripts (unless for a few exceptions).
We have a `Branches` template plugin with a `GetName` method which does
exactly this job.
To achieve this removal, we will use this template plugin and delete the
GetBranchName from pl and pm files.
The `Branches.all()` will now select the library of the logged in user
if no `selected` parameter has been passed.
This new behavior could cause regressions, for instance there are some
places where we do not want an option preselected (batch item
modification for instance), keep that in mind when testing.
GetBranchesLoop took 3 parameters: $branch and $onlymine.
The first one was used to set a "selected" flag, for a display purpose:
select an option in the libraries dropdown lists.
The second one was useless: If not passed or set to 0, the
`C4::Branch::onlymine` subroutine was called.
This onlymine flag was use to know if the logged in user was able to see
other libraries infos.
A patron can see the infos from other libraries if IndependentBranches
is not set OR if he has the superlibrarian permission.
Prior to this patch set, the "onlymine test" was done on different
places (neworderempty.pl, additem.pl, holidays.pl, etc.), including the
Branches TT plugin. In this patch set, this test is only done on one
place (C4::Context::only_my_library, code moved from
C4::Branch::onlymine).
To accomplish the same job as this subroutine, we just need to call the
`Branches.all()` method from the `Branches` TT plugin. It already
accepts a `selected` parameter to set a flag on the option to select.
To avoid the repetitive
[% IF selected %]<option selected="selected">[% ELSE %]<option>[% END %]
pattern, a new `html_helpers` TT include file has been created, it
defines an `options_for_libraries` block, which takes a `selected`
parameter. We could imagine to use this include file for other
selects.
The 'mybranch` and `onlymine` subroutines of the C4::Branch package have
been moved to C4::Context. onlymine has been renamed with
only_my_library. There are only 4 occurrences of it, against 11 before
this patch set.
There 2 subroutines are Context-centric and it makes sense to put them
in `C4::Context` (at least it's the least worst place!)
GetBranches is the tricky part of this patch set: It retrieves all the
libraries, independently of the value of IndependentBranches.
To keep the same way as the existing calls of `Branches.all()`, I have
added a `unfiltered` parameter. If set, the `Branches.all()` will call
a usual Koha::Libraries->search method, otherwise
Koha::Libraries->search_filtered will be called. This new method will
check if the logged in user is allowed to see other libraries or only
its library.
Note that this `GetBranches` subroutine also created a `category` key:
it allowed to get the list of groups (of libraries) where this library
existed. Thanks to a previous patch set (bug 15295), this value was
not used anymore (I may have missed something!).
Note that the only use of `GetBranch` was buggy (see bug 15746).
Test plan (for the whole patch set):
The best way to test this whole patch set is to test with 2 instances: 1
with the patch set applied, 1 using master, to be sure there is no
regression.
It would be good to test the same with `IndependentBranches` and the
without `IndependentBranches`.
No difference should be found.
The tester must focus on the library dropdowns on as many forms as
possible.
You will notice changes in the order of the options: the libraries will
now be ordered by branchname (instead of branchcode in some places).
A special attention will be given to the following page:
- acqui/neworderempty.pl
- catalogue/search.pl
- members/members-home.pl (header?)
- opac/opac-topissues.pl
- tools/holidays.pl
- admin/branch_transfer_limits.pl
- admin/item_circulation_alerts.pl
- rotating_collections/transferCollection.pl
- suggestion/suggestion.pl
- tools/export.pl
Notes for QA:
- There are 2 FIXMEs in the patch set, I have kept the existing behavior,
but I am not sure it's the good one. Feel free to open a bug report and
I will fill a patch if you think it's not correct. Otherwise, remove the
FIXME lines in a follow-up patch.
- The whole patch set is huge and makes a lot of changes.
But it finally will tremendously reduce the number of lines:
716 insertions for 1910 deletions
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This unnecessary complicated subroutine returned an arrayref and an
hashref of the patron categories available for the logged in user, for a given
category_type, ordered by categorycode.
This can now be done with the search_limited method.
Test plan:
- Same prerequisite as before
For the following pages, you should not see patron categories limited to other
libraries. They should be ordered as before this patch, by categorycode.
- Add/edit a patron, change his/her patron category value.
- On the 3 following reports:
reports/bor_issues_top.pl
reports/borrowers_out.pl
reports/cat_issues_top.pl
The display for these 3 reports are different than the 2 from the first
patch (borrowers_stats.pl issues_avg_stats.pl): they are ordered by
categorycode and the ones limited to other libraries are not displayed
(should certainly be fixed).
Note that the big part of this patch has already been tested before
(update child related: CATCODE_MULTI).
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The purpose of C4::Members::GetBorrowercategory was to return the patron
category for a given categorycode. This can be done easily with the
Koha::Patron::Categories->find method.
Test plan:
- Same prerequisite as before
- Edit a guarantor and confirm the information will be updated for his/her
guarantee(s).
- Update a child to adult patron (Note: Should not we hide the patron
categories limited to others libraries? If yes, it must be done on another
bug report).
There is a special behavior if there is only 1 adult category, the
user does not need to select a category. So the same as before with
only 1 adult patron category.
- Import a patron with a category_code which does not exist. You should
be warned.
- Modify some patron using the batch patron modification tool. The
patron category descriptions should correctly be displayed.
Note that the overduerules page has already been tested in a previous
patch.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The C4::Category module contained only 1 method to return the patron
categories available for the logged in user.
The new method Koha::Patron::Categories->search_limited does exactly the
same thing (see tests) and must be used in place of it.
Test plan:
- Same prerequisite as before
For the following pages, you should not see patron categories limited to
other libraries.
- On the 'Item circulation alerts' admin page
(admin/item_circulation_alerts.pl), modify the settings for check-in
and checkout (NOTE: Should not we display all patron categories on
this page? If yes, it must be done in another bug report to ease
backporting it).
- Search for patrons in the admin (budget) and acquisition (order) module.
- On the patron home page (search form in the header)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
$borrowernumber is used in build_issue_data but not correctly defined
(Variable "$borrowernumber" is not available)
That may cause wrong charge displayed in the summary slip.
Test plan:
- Set rental charge for an item type
- Define a rental discount for that item type in the circ rules
- check in an item matching this rule
Without this patch the charge displayed in the summary slip won't be
calculated with the discount
With this patch applied, the warning in the logs will no longer appear
and the values will be correctly calculated.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The changes from opac-memberentry do not reach the table, since the
Patron::Modifications object does not work well.
Test Plan:
1) Apply this patch
2) Create some patron modification requests
3) Ensure you can approve and deny modifications
4) Ensure patron self registration works
Signed-off-by: Bob Birchall <bob@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This alternative patch moves logic and formatting to the template file.
To test:
* without patch
1/ find a patron with no lines in accountlines table : print summary shows no "account fines and payments" => OK
2/ find a patron with some lines in accountlines table and the total amount > 0 : print summary shows a table "account fines and payments" with fines to recover => OK
3/ find a patron with some lines in accountlines table but the total amount = 0 : print summary shows a table "account fines and payments" with nothing in it => NOK
* with the patch, same cases as before :
1/ same as without patch
2/ same as without patch
3/ print summary does not show "account fines and payments"
- Additionally, verify that formatting follows syspref 'CurrencyFormat'
- Verify that amount column is right-aligned
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Adds one exit statement, and some whitespace.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Verified deleting a patron again.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If an attacker can get an authenticated Koha user to visit their page
with the url below, they can delete patrons details.
/members/deletemem.pl?member=42
Test plan:
0/ Do not apply any patches
1/ Adapt and hit the url above
=> The patron will be deleted without confirmation
2/ Apply first patch
3/ Hit the url
=> you will get a confirmation page
4/ Hit /members/deletemem.pl?member=42&delete_confirmed=1
=> The patron will be deleted without confirmation
5/ Apply the second patch (this one)
6/ Hit /members/deletemem.pl?member=42&delete_confirmed=1
=> you will get a crash "Wrong CSRF token" (no need to stylish)
7/ Delete a patron from the detail page and confirm the deletion
=> you will be redirected to the patron module home page and the patron
has been deleted
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
It won't hurt to have a confirmation page when deleting a patron.
Moreover it's the more easy way to protect against CSRF attacks :)
Test plan:
Make sure you get a confirmation page when deleting a patron
Confirm that approving or denying the confirmation work as expected
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The patron category description is not passed to the template in
paycollect.pl
Note: The Categories TT plugin should be used here...
Test plan:
Go on paycollect.pl and confirm that the patron category description is
now displayed in the sidebar.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If an attacker can get an authenticated Koha user to visit their page with the
url below, they can change patrons' passwords
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked
Test plan:
Trigger
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked
=> Without this patch, the password will be updated
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If we do not fill a new userid, we should keep the old one.
Script member-password should pass that to Koha::Patron.
Otherwise things go wrong.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Without this patch, you could effectively disable a login.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
