Commit graph

1761 commits

Author SHA1 Message Date
Mark Tompsett
c4113dce70 Bug 18956: Fix empty to in message queue
Follow the test plan in comment #20.
Also tweaked string, because it was really 'or' before too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended text in added comment.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
6336e53aed Bug 18956: (QA follow-up) Resolve a CGI::Param in list context warn
From the plack-error.log:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_masterclone_opac_opac_2dpassword_2drecovery_2epl line 129, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:56:59 -03:00
Mark Tompsett
e08a0afa26 Bug 18956: Prevent leaking during password recovery
TEST PLAN
---------

It is assumed you have set the OpacResetPassword to 'allowed',
and likely in combination with OpacPasswordChange to 'Allowed'.

You will have two patrons: one with and another without
any email address entered. You will want to test this test plan
with both patrons.

$ git checkout -b bug_18956 origin/master

Prepend the following as understood between step sections:
opac -> forgot password and then enter...

correct login/cardnumber, it will email
delete from borrower_password_recovery;

correct email, it will email
delete from borrower_password_recovery;

correct login/cardnumber && correct email, it will email
delete from borrower_password_recovery;

wrong login/cardnumber && correct email, error page as expected
delete from borrower_password_recovery;

correct login/cardnumber && wrong email, error page as expected
delete from borrower_password_recovery;

wrong login/cardnumber && wrong email, error page as expected
delete from borrower_password_recovery;

submit empty -- INTERNAL SERVER ERROR?!
delete from borrower_password_recovery;

-- None of the above step sections displayed email.

correct login/cardnumber, it will email

correct login/cardnumber again, but it leaks email address!
delete from borrower_password_recovery;

correct email, it will email

correct email again, but it leaks login/cardnumber!
delete from borrower_password_recovery;

$ git bz apply 18956
-- choose interactive, and choose this counter patch.

repeat the same test set again
-- no leaks will occur, error message pages returned should
   be reasonable, code should read reasonably.

run koha qa test tools.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 10:59:05 -03:00
e711c8e418 Bug 19038: Remove the OPACShowBarcode syspref
This patch removes the OPACShowBarcode syspref in favour of the new
columns settings option introduced by bug 16759.

On the upgrade step, it picks the value for OPACShowBarcode and uses it
to populate the columns_settings table.

To test:
- Verify the upgrade process maintains the current behaviour

Regards

Sponsored-by: Dover

Followed test plan and works as expected. Functionality of patch from bug 16759
appears intact too.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 16:12:46 -03:00
662a98345a Bug 19028: Add 'shelving location' to holdings table in detail page
This patch adds the option to show shelving locations on a separate
column. This is controlled by a new syspref, 'OpacLocationOnDetail',
which replaces 'OpacLocationBranchToDisplayShelving', adding a
conveniente 'column' option.

The new 'Shelving location' column is conveniently added to the columns
configuration entry added by bug 16759 for this purpose.

The current behaviour is preserved.

To test:
- Apply this patches
- Run the upgrade:
  $ sudo koha-shell kohadev
 k$ cd kohaclone
 k$ perl installer/data/mysql/updatedatabase.pl
=> SUCCESS: Upgrade doesn't fail
- Have an item with shelving location set to something not void
- Have the item set home and holding libraries for testing purposes.
- Set 'OpacLocationBranchToDisplay' to 'home and holding libraries' [*]
- Visit the OPAC detail page for the record containing the item
=> SUCCESS: Both home and holding libraries are displayed.
- Loop through all OpacLocationOnDetail options (except from 'column', we leave it for later).
=> SUCCESS: Works as expected.
- Go to Administration > Columns settings
- Make item_shelving_location available in the OPAC section
- Reload the OPAC detail page
=> SUCCESS: No change
- Set OpacLocationOnDetail to 'on a separate column'
- Reload the OPAC detail page
=> SUCCESS: Shelving location is displayed on a separate column
- Sign off :-D

Sponsored-by: Dover

[*] For testing purposes

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:41 -03:00
db14275db4 Bug 19298: Placing a hold from a list at the OPAC should respect issuing rules
The issuing rule retrieve to know if a hold can be placed on a record of
a list is not correct.

Test plan:
0/ With item-level_itypes = item level
1/ Define a item.itype=BK and biblioitems.itemtype=CF
2/ Create a default rule to allow on shelf holds
3/ Create a specific rule for CF with on shelf holds="If any
unavailable"
4/ Add this bibliographic record to a list and view the list
=> Without this patch you will not see "Place hold"
=> With this patch applied you will see the "Place hold" button,
respecting the correct issuing rule

Followed test plan, patches worked as described.

Note: Just to clarify the test plan slightly in step 4 where it says you will not see 'Place Hold' it means to
the left of the 'Save to another List' link below the item availability
in the opac-shelves.pl page. Not the 'Place hold' button in the grey
page header box.

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:39 -03:00
3f9da34683 Bug 18298: Add server-side checks and refactor stuffs
Now that we have a check client-side, nothing prevents us from a smart guy to
bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side. It is used
only once (self-registration) but could be useful later.

Moreover the 3 different cases of password rejection (too leak, too
short, contains leading or trailing whitespaces) were not tested
everywhere. Now they are!

This patch makes things consistent everywhere and clean up some code.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
ec4e666bc5 Bug 18298: minPaswordLength should not be < 3
Indeed if RequireStrongPassword is set we need at least 3 characters to
match 1 upper, 1 lower and 1 digit.
We could make things more complicated to allow minPasswordLength < 3
but, really, 3 is already too low...

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
f18af55a39 Bug 15685: (follow-up) K:A:O->find and ->fetch are no longer used
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:08:46 -03:00
Jesse Weaver
b29493265b Bug 15685: Allow creation of items (AcqCreateItem) to be customizable per-basket
This adds a new basket attribute (create_items) that can optionally be
set to override AcqCreateItem.

The following have been modified to reflect this (with the value of
create_items that causes them to behave differently in parentheses):
  * Cancelling receipt of an order (receiving)
  * Creating an order by hand or from MARC (ordering)
  * Receiving an order (receiving)
  * Showing orders with uncertain price (ordering)
  * Showing orders (receiving)
  * Showing acquisition details in the OPAC (ordering)

Test plan:
  1) Create baskets with "Create items when:" set to ordering,
     receiving, cataloging and unset.
  2) Test each of the above for each of these baskets, verifying that
     the basket-specific attribute overrides AcqCreateItem if set and
     falls back to the syspref otherwise.

NOTE: A check of AcqCreateItem in opac-detail.tt was removed because it
was redundant; the code path in question cannot be triggered unless
create_items/AcqCreateItems is set to the correct value anyway.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Barbara Fondren <bfondren@roundrocktexas.gov>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:06:06 -03:00
fed86d5042 Bug 19440: Existing calls need to be done in scalar context
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:52 -03:00
Aleisha Amohia
69ee06a490 Bug 13205: [FOLLOW-UP] Fixing math and variable names
Have changed
  my $last_page = $pages * ( $results_per_page - 1 );
to
  my $last_page = ( $pages - 1) * $results_per_page;
which seems to fix the 'last' button offset! (Comment 10)

Will add the box to jump to a page in a separate patch.
Adding the pagination to the top on the staff client will be dealt with
in Bug 18916 as it is slightly out of the scope of this bug.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:49 -03:00
Aleisha Amohia
5fc0a1f5b1 Bug 13205: [FOLLOW-UP] Some extra logic
See Comment 8.

Test:
When on first page of results, confirm that the 'First' and 'Previous'
buttons do not show. Confirm they come back on the second page and every
page after.
When on last page of results, confirm that the 'Last' and 'Next' buttons
do not show. Confirm they come back on all previous pages.
Check on both staff side and OPAC.

Sponsored-by: Catalyst IT

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:49 -03:00
Aleisha Amohia
1a157575d3 Bug 13205: Last/first page options for result list paging for OPAC
Same fix but on OPAC side. Same test plan

Sponsored-by: Catalyst IT

Signed-off-by: Dilan Johnpulle <dilan@calyx.net.au>
Signed-off-by: Your Full Name <your_email>

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:49 -03:00
David Bourgault
078eb77451 Bug 19345: Add missing error flag to template
Adds a missing error flag to the template->param { } call.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-06 12:09:55 -03:00
Aleisha Amohia
89528af3b0 Bug 16463: Replace discharge link with error message if user has checked out items
To test:
1) Ensure the useDischarge syspref is enabled
2) Check out an item to a borrower
3) Log in to the OPAC as this borrower
4) Click the 'ask for a discharge' link in the nav
5) Click the 'Ask for a discharge' link
6) Notice you cannot be discharged because you have checkouts
7) Apply the patch, click the 'ask for a discharge' link in the nav
8) Notice the link has been replaced with an appropriate error message
9) Attempt to force the discharge URL:
/cgi-bin/koha/opac-discharge?op=request
10) Notice the message and you cannot be discharged.
11) Confirm that when you check in your item, the discharge link shows
again and works as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:37:00 -03:00
ae02cf97e4 Bug 19366: Do not block patron's detail update if EmailMustBeUnique
If the pref PatronSelfRegistrationEmailMustBeUnique is set ("consider"),
a patron is not allowed to register with an existing email address.
The existing code is wrong and reject a patron that is updating their
personal details with "This email address already exists in our
database.", even if the patron did not modify their email address.

This is caused by the query we made, we must search for patron with this
email address but who is not the current patron.

Test plan:
- Set PatronSelfRegistrationEmailMustBeUnique to "consider"
- Register a new patron with an existing email address
=> you should not be allowed
- Use a non-existent email address
=> You should be allowed
- Edit your patron details
- Modify some infos
=> Should pass
- Modify your email address with an existing one
=> You should not be allowed to do that

Followed test plan, patches worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:36:59 -03:00
402c7f7567 Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list
Edit: fixed tab-for-space errors (tcohen).

Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 14:15:52 -03:00
323b1553b0 Bug 19173: Make OPAC online payments pluggable
While PayPal is fairly universal, there is a plethora of online
payment system that are far more localized, servicing a single
country ( e.g. Bug 18968 ) or even a single  city! Instead of
adding support for each and every one of these payment options
directly into Koha, it makes more sense to add the ability to
create online payment plugins.

Test Plan:
1) Apply this patch
2) Download and install the Kitchen Sink plugin version 2.1.1 or later
   https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases
3) In the plugin options, enable the opac payments option
4) Create a patron with one or more fines
5) Log into the opac as that patron, note you now have the option
   to pay online via KitchenSink ImaginaryPay
6) Make an online payment
7) Note the payment was processed correctly

Sponsored-by: Washoe County Library System

Signed-off-by: Kyle M Hall <kyle@gmail.com>

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Awesome enhancement! I know we want to add at least one Norwegian
payment service at some point.
I followed the test plan and everything works as advertised. Turning
off the "opac payments option" makes the option dissappear cleanly
from the OPAC. I have *not* looked at the code or done any
considerations about security.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 14:15:52 -03:00
e722c0a29f Bug 18149: Move CountUsage calls to Koha namespace
After the introduction of Koha::Authorities->get_usage_count with bug
9988, we can now replace the remaining occurrences of CountUsage.

At the same time we remove CountUsageChildren. This was an empty sub.
The typo get_count_usage in a subtest title is adjusted.

Test plan:
[1] Run t/db_dependent/Koha/Authorities.t
[2] Perform a search on authorities-home.pl and verify that you see
    plausible numbers for 'used in xx records'.
[3] Click on Details for one authority. See the same number?
[4] Do the same as in 2/3 for Authority search on OPAC.
[5] Remember the authid and enter this in the record numbers box on
    tools/batch_delete_records.pl. Select Authorities and click
    Continue. The next form shows a column "Used in". Do you see
    the same count again?
[6] Git grep CountUsage.
    You should see just one hit in a comment that can be kept in
    Koha/Authorities.pm.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:32 -03:00
82115d164a Bug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel
This patch adds a new Koha::Hold->cancel method and replaces the calls
to C4::Reserves::CancelReserve with it.

Test plan:
- Add and cancel holds
- Change priority of holds

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 12:42:58 -03:00
Aleisha Amohia
3c31e6e795 Bug 12691: Use Koha.Preference in Self-Checkout
For calls to SCOUserJS, SCOUserCSS, OPACUserCSS, AllowSelfCheckReturns,
OpacFavicon, ShowPatronImageInWebBasedSelfCheck, SelfCheckoutByLogin

Sponsored-by: Catalyst IT

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 12691: [FOLLOW-UP] Follow-up patch

This patch fixes merge conflicts and fixes the problems in Comment 7

QA tools complain about missing bracket, will be fixed in next followup
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 12691: [FOLLOW-UP] Missing bracket

Patch adds bracket to template file (Comment 16)

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 12691: [FOLLOW-UP] Fixing some logic

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Patches have been squashed for readability and 1 removal occurrence of
display_patron_image has been reintroduced.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 14:03:45 -03:00
f1b0dae9a6 Bug 18946 [QA Followup] - code cleanup
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:26 -03:00
Karam Qubsi
48f54016a7 Bug 18946 - Change language from external web fails
How to reproduce:
1. Get a multilingüal Koha like
http://demo1.orex.es/cgi-bin/koha/opac-changelanguage.pl?language=en
http://demo1.orex.es/cgi-bin/koha/opac-changelanguage.pl?language=es-ES

2. Copy that urls to any web page in an other domain -it must be in some
host - and try to link to the spanish or english version,it will keep you in the same position.

3. Apply this patch and try again , everything should work fine .

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:26 -03:00
ae7e0ee56a Bug 17797: Add XSLT_Handler in opac/unapi
Replaces some code by a call to existing module.
Removes the $@->code and $@->message calls.

Test plan
[1] Run /cgi-bin/koha/unapi?id=koha:biblionumber:[number]&format=marcxml
[2] Try some variations.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:06 -03:00
10311769d4 Bug 19007 - Allow paypal payments via debit or credit card again
A recent change in Paypal has removed the previous default option of paying via debit or credit card without an account. To bring this option back, we need to send an additional parameter to the PayPal API.

Test Plan:
1) Enable paypal for your Koha instance
2) Ensure you are not logged in to PayPal
3) Attempt to pay a fine via PayPal
4) Not the the "Pay with Debit or Credit Card" option is missing
5) Apply this patch
6) Refresh opac-account.pl
7) Attempt to make a payment via PayPal again
8) Note the option "Pay with Debit or Credit Card" is now available

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: George Williams <gwilliams@nekls.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:05 -03:00
Mark Tompsett
8ed19fedca Bug 16892: Address error checking in comment #47
Tweaked logic to include error check for category
and branch being valid. If not, the user is told
about a configuration error to share with the
library. Otherwise, it should proceed as normal.

TEST PLAN is comment #35 still.
Though include a run with an invalid category
and/or branch code in the two system preferences:
GoogleOpenIDConnectDefaultBranch and/or
GoogleOpenIDConnectDefaultCategory

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
88f616277a Bug 16892: Follow up use AddMember as per QA comment
Same Test plan as before.

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
ae45243fae Bug 16892: Add automatic patron registration via OAuth2 login
10988 added the ability to log into the OPAC authenticating with
Google Open ID Connect. This extends it, by allowing an
unregistered patron to have an account automatically created
with default category code and branch.

This is accomplished by adding 3 system preferences.
- GoogleOpenIDConnectAutoRegister
      whether it will attempt to auto-register the patron.
- GoogleOpenIDConnectDefaultCategory
      This category code will be used to create Google OpenID Connect patrons.
- GoogleOpenIDConnectDefaultBranch'
      This branch code will be used to create Google OpenID Connect patrons.

Sponsored-by: Tulong Aklatan

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
d5986c9b97 Bug 19040: Refactor GetMarcBiblio parameters
Change parameters to a hashref.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Looks good to me.
Two calls in migration_tools/22_to_30 still in old style.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:23:42 -03:00
64a0aa541e Bug 19048: (bug 17829 follow-up) Fix regression in self checkout
$patronid is not necessarily set or does not match a valid cardnumber.
These cases must be taken into account to avoid the script to crash and
raise the following error:
Can't call method "unblessed" on an undefined value at
(...)/koha/opac/sco/sco-main.pl line 117

Test plan:
Hit sco/sco-main.pl and confirm that the error is gone with this patch
applied

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-08 09:20:50 -03:00
9b92d79817 Bug 18572 - QA Followup
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-24 13:38:31 -03:00
e9374dcf63 Bug 18572 - Improper branchcode set during OPAC renewal
To test:
1 - Set 'OpacRenewalBranch' to various settings
2 - Renew an item for a ptron under each setting
3 - Confirm action_log entries reflect the correct branch for each
secnario
4 - prove t/db_dependent/Circulation/issue.t

Signed-off-by: David Kuhn <techservspec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-24 13:38:31 -03:00
bd3b1c1a33 Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1
Most of the time C4::Biblio::GetBiblioData is used to retrieve the title
and/or the author of a bibliographic record.

This patch replaces the easy occurrences of GetBiblioData, the ones
where the 2 joins are needed, but only data from biblio and biblioitems
table are.

Test plan:
It will be hard to test everything, I'd suggest a QAer to review this
patch and confirm that the difference occurrences of GetBiblioData have
been correctly replaced by calling Koha::Biblios->find or
$biblio->bibioitem

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-14 12:22:23 -03:00
2f1a1fc4b9 Bug 18938: (bug 17829 follow-up) Replace 2 occurrences of GetMember left behind
Between patch submission and push, 2 new occurrences appeared in the
codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-14 12:19:13 -03:00
99b32717cd Bug 18854 - Protect from DOS
There was a bug that meant a very large offset in the search params
will cause the search script to run forever (or long enough to crash
the machine)

To test

1/ Get ready with sudo top so you can kill the thread before it causes
your machine to OOM
2/ Hit a page like yourdomain.com/cgi-bin/koha/opac-search.pl?q=1&offset=-9999999999999999999
3/ Notice the process runs for a long time
4/ Kill the process
5/ Apply the patch
6/ Hit the page again, notice the it loads (offset is set to zero)
7/ Do the same to search in the staff client

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: changed -2 to 0 in opac-search.pl.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-14 12:02:04 -03:00
c91eb80efb Bug 17829: (follow-up) Move GetMember to Koha::Patron
Prevent crash at the opac when no user is logged in

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-11 15:43:38 -03:00
9cad748de7 Bug 17829: (followup) Fix small rebasing errors
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:14:34 -03:00
2b90ea2cb0 Bug 17829: Move GetMember to Koha::Patron
GetMember returned a patron given a borrowernumber, cardnumber or
userid.
All of these 3 attributes are defined as a unique key at the DB level
and so we can use Koha::Patrons->find to replace this subroutine.
Additionaly GetMember set category_type and description.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:14:19 -03:00
c73e269a13 Bug 18260: Koha::Biblio - Remove GetBiblio
C4::Biblio::GetBiblio can be replaced with Koha Biblio->find

Test plan:
Import batch, view issue history, search for items, see the image of a
bibliographic record, modify and delete records in a batch

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:03:38 -03:00
fa467223ea Bug 18277: Remove GetBiblionumberFromItemnumber - Easy ones
To retrieve a biblionumber from an itemnumber, we can use:
  Koha::Item->biblio->biblionumber

This is only what this patchset does.
Doing that we will be able to get rid of the
C4::Biblio::GetBiblionumberFromItemnumber subroutine.

Test plan:
- Acquisition module: cancel a receipt
- Export a record to CSV
- Modify items in a batch

Item's info should be correct

Other changes with be checked by QA team, by reading the code.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:03:37 -03:00
f4ded893c5 Bug 18276: [QA Follow-up] Fix two new calls
Found two calls in opac-issue-note.pl and svc/patron_notes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:02:54 -03:00
6eade474ed Bug 18276: Remove GetBiblioFromItemNumber - Easy ones
The subroutine C4::Biblio::GetBiblioFromItemNumber was wrong for several
reasons:
- badly named, we can get biblio info from a barcode
- SELECT * from items, biblio and biblioitems
makes things hard to follow and debug, we never know where do come from
the value we display
- sometimes called only for trivial information such as biblionumber,
author or title

This patchset suggests to replace it with calls to:
- Koha::Items->find for item's info
- $item->biblio for biblio's info
- $item->biblio->biblioitem for biblioitem's info

Test plan:
Item's info should correctly be displayed on the following pages:
- circulation history
- transfer book
- checkin
- waiting holds

QA will check the other changes reading the code, it's trivial

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 12:22:29 -03:00
546379cc92 Bug 17680: C4::Circulation - Remove GetItemIssue, simple calls
C4::Circulation::GetItemIssue returned all the issue and item
informations for a given issue. Moveover it also did some date
manipulations. Most of the time this subroutine was called, there
additional information were useless as the caller usually just needed
the basic issue's infos 'from the issue table).

This first patch updates the simple calls, ie. the ones that just need
the issue's infomations.

Test plan:
The following operations should success:
- transfer a book
- create a rule for on-site checkouts and confirm that a patron cannot
check more items out that it's defined in the rule.
- Renew an issue using ILSDI
- Using SIP confirm that you are able to see your issues

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 12:06:37 -03:00
David Kuhn
e29163af4c Bug 18616 - The "Add forgot password link to OPAC" should allow patrons to use their library card number in addition to username
Allow patrons to enter either their library card number or user name in the "Log in" box for password recovery.

Most patrons at our library use their card number to log in and are unaware of what their userid is. However there are some who have set a

customized userid and would prefer to use that. This patch would allow either to be entered for password recovery.

To test:
1. Enable the password recovery feature.
2. In the OPAC, click on "Forgot you password?" link and enter a valid library card number.
3. The error message "No account found with the provided information" appears.
4. Apply the patch.
5. Repeat step 2. The recovery email is now sent.

Note: Moved patch from 16711 back here and re-tested.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:52:53 -03:00
Marc Véron
3829020c26 Bug 16711: OPAC Password recovery: Handling if multiple accounts have the same mail address
To reproduce:
- Create 3 Accounts, login names are test01, test02, test03, Email is the same
for all.
- Go to OPAC -> Password recovery and indicate E-Mail only
- You will get an email for only one of the accounts above.

To test:
- Apply patch, restart memcached and plack
- Go to db, delete from borrower_password_recovery;
- Try steps above to reproduce. You will get an error message:
    Account identification with this email address only is ambiguous.
    Please use the field 'Login' as well.
- Verify that other cases work as before (provide valid / invalid login only,
  provide valid email for an existing account, provide unknown email, provide
  both login and email with all combinations of valid / invalid)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 16711: (QA-followup) Use count directly

See comment # 13

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:52:50 -03:00
adff45cd8d Bug 17738: [QA Follow-up] Remove second find of same patron
We can just use the $patron from line 77 here.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2017-07-05 13:42:52 -03:00
57ebe9aefc Bug 17738: Remove warning about redeclaration of $patron
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2017-07-05 13:42:52 -03:00
bbe2216887 Bug 17738: Replace GetReservesFromBorrowernumber with Koha::Patron->get_holds
This patch replace the different calls to GetReservesFromBorrowernumber
with a calls to Koha::Patron->get_holds.
In some places we need to get a restricted set of holds, that's why we
process a search on this holds returned by ->get_holds (on the found
status for instance).

The changes are quite trivial and reading the diff should be enough to
catch bugs.

Test plan:
I would suggest to test this patch with patches from bug 17736 and bug 17737,
to place different kind of holds (biblio and item level, future and
past).
Then do a whole workflow to detect bug, view a record, delete record,
order, place a hold on an item which has been ordered, etc.
The hold's informations should always be the same without or without
these patches.

Tested both patches together, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2017-07-05 13:42:52 -03:00
ca0bde1e7e Bug 17843: [QA Follow-up] Some polishing
Resolve warning from members/summary-print.pl:
    "my" variable $itemtype masks earlier declaration in same scope

Test if find returns a Koha object in GetDescription.
Test if find returns a Koha object too in shelves.pl. While testing, I had
a crash on a biblioitem with itemtype NULL (bad record, but these things
tend to happen somehow.)
Can't call method "imageurl" on an undefined value at virtualshelves/shelves.pl line 253.
Same for opac/opac-shelves.pl.

Note: Did not add tests everywhere but generally, I have the impression that
we do not sufficiently test on the results of Koha::Object->find. Mostly we
just assume that it will find a record. Several reports include fixes to
resolve that wrong assumption.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2017-07-05 13:42:21 -03:00
091d6c513b Bug 17843: Replace C4::Koha::getitemtypeinfo with Koha::ItemTypes
The C4::Koha::getitemtypeinfo subroutine did the almost same job as
GetItemTypes. On top of that it returned the imageurl value processed by
C4::Koha::getitemtypeimagelocation.
This value is only used from the 2 [opac-]shelves.pl scripts. Then it's
better not retrieve it only when we need it.

Test plan:
Play with the different scripts touched by this patch and focus on item
types. The same description as prior to this patch must be displayed.
Note that sometimes it is not the translated description which is
displayed, but that should be fixed on another bug report. Indeed we do
not expect this patch to change any behaviors.

Signed-off-by: Lari Taskula <lari.taskula@jns.fi>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2017-07-05 13:42:21 -03:00
a58aca056b Bug 18228: Implement the new columns in code
The two new columns as mentioned in the commit message of the table
revision must be used in the codebase now.

Highlighting some changes in Koha::VirtualShel[f|ves]:
[1] Additional methods is_public and is_private.
[2] Method add_biblio did not check permissions. Does now. No impact on the
    interface, but one call in the unit test was affected.
[3] Method remove_biblios is signficantly simplified. Removed a FIXME.
[4] Method can_biblios_be_removed now redirects to can_biblios_be_added.
    A followup report may deal with unifying those routines.
[5] Condition in get_some_shelves changed.
[6] The reference to allow_add in get_shelves_containing_record can simply
    be removed.

opac-shelves.pl and shelves.pl now pass the default setting of Owner only
to the template.
Templates shelves.tt and opac-shelves.tt now include the new permission
field with three choices as mentioned in the table revision patch.

opac-addbybiblionumber.pl and addbybiblionumber now need a check on
allow_change_from_owner; search conditions slightly adjusted to the new
permission scheme.

Test plan:
When we refer to visibility in the test plan, please check the Add to-combo
on opac search results and staff results. And check opac-addbybiblionumber
by clicking Save to Lists from opac results.
The step 'Check delete' means: open the list in opac and check if you see
the Delete button below the entries (only check, do not delete).

[ 1] Create private list I01 (perm=Owner)
[ 2] Check visibility: Seen.
[ 3] Add a book. (Change by owner should be allowed.)
[ 4] Check delete: Yes.
[ 5] Edit list I01, set perm=Nobody
[ 6] Check visibility: Not seen.
[ 7] Check delete: No.
[ 8] Share list I01 with another patron.
[ 9] Check visibility for the other patron: Not seen.
[10] Check delete for the other patron: No.
[11] Change permission of list I01 to Anyone (by owner).
[12] Check visibility for the other patron: Seen.
[13] Let other patron add a book (change is allowed).
[14] Let owner delete the same book again (change allowed).

[15] Create public list U01 (perm=Owner)
[16] Check visibility: Seen.
[17] Add a book. (Change by owner should be allowed.)
[18] Login as other user. Check visibility: Not seen. Check delete: No.
[19] Change permission of U01 to Nobody (by owner)
[20] As owner: Check visibility: Not seen. Check delete: No.
[21] As other user: Check visibility: Not seen. Check delete: No.
[22] Create public list U02 (perm=Anyone)
[23] Add a book by owner.
[24] Delete the same book by other user. Add another book.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2017-07-05 13:35:23 -03:00
7457f278af Bug 8612: [Follow-up] Make usage and type different columns in table
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 12:02:08 -03:00
bb22703dca Bug 18179: Update existing calls
This patch updates the existing occurrences of ->find called in a list
context.
There are certainly others that are not easy to catch with git grep.
Test plan:
Confirm that the 4 modified scripts still works as expected.

We need this one ASAP in master to make sure we will not get other
side-effects of this kind and to catch possible uncaught occurrences
before the release.

Tested scripts changed by this patch, they work as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:35:58 -03:00
a80366439e Bug 18632: Remove 'CGI::param called in list context' warnings
Once again, after bug 16154 and bug 16259 we need to remove more
occurrence of CGi->param called in list context.
Refer to bug 15809 for more information.

Test plan:
Make sure you do not see the error on the modified scripts.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-28 22:25:22 -04:00
LeireDiez
d4e3e6af9f Bug 18204 - Authority searches are not saved in Search history
When you search an authority in Authority search, this search is not saved in Search history.

EnableOpacSearchHistory is enabled

Steps to test:
 1- Login your account (opac)
 2- Search an authority in Authority search
 3- Go to Search history -> Authority
 4- It says "Your authority search history is empty"

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-28 22:12:01 -04:00
ee53560da6 Bug 15705: Add specific warning messages for auto_too_much_oweing
Signed-off-by: Janet McGowan <janet.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:09:08 +00:00
f7b11f38e8 Bug 17762: Send lang to GetPreparedLetter
This patch set the lang parameter when C4::Letters::GetPreparedLetter is
called to generate the notice.
Note that we do not need to pass it if want_librarian is set.

TODO: I do not know what to do with TransferSlip

Sponsored-by: Orex Digital

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 20:56:41 +00:00
e10a415ef9 Bug 18400: [QA Follow-up] Move sort outside the loop
GetItemTypesCategorized can return descriptions that are still undef since
Authorized values does not enforce a description in lib and lib_opac.
When I add one ITEMTYPECAT auth value without descriptions, I can still
generate the string comparison warnings on the itemtypes sort.
In order to prevent the warning, we should add an empty string in the
assignment on line 229.

We do not need to copy the itemtypes hash if we move the sort outside the
@advanced_search_types foreach. There is no need to sort it more than once.
Note that I did not see any reasons btw for corruption of the structure
inside this loop.

Note: If we use ITEMTYPECAT without descriptions, we should probably leave
them out. No need to show a checkbox without description on Advanced Search,
but I would recommend to solve that on its own report. The whole ITEMTYPECAT
functionality has imo not been designed properly.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 08:57:07 -04:00
91171650ac Bug 18400 - Noisy warns in opac-search.pl during itemtype sorting
To fix the warns we use a copy of itemtypes which is not touched by
other code

To test:
Apply patches
Ensure search still works

Followed test plan, search works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 08:57:07 -04:00
Mark Tompsett
f3167a5259 Bug 18560: RSS link in opac shelves is broken
TEST PLAN
---------
1) have books entered
2) log in create a list
3) add books to list
4) display list
5) click the RSS link button.
   -- bad HASH error.
6) apply patch
7) repeat steps 4&5
   -- readble junk without error messages.
8) run koha qa test tools

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 08:45:02 -04:00
94e09b6a18 BUG 18505: opac-search-history does not respect opacPublic
The opac-search-history page was available regardless of the opacPublic setting, this
patch corrects that.

Test plan, set opacPublic to 'No', test whether opac-search-history page is available
when not logged in, note that it is.
Apply patch, test whether opac-search-history is still available when not logged in,
note that you should be redirected to the login page.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-08 10:16:20 -04:00
57f28f9ee4 Bug 7550: SCO - Restrict access of patron's image
With this patch if SelfCheckoutByLogin is set to 'username and
password', only the logged in user will be able to see the image linked
to his/her logged in account.
If set to "barcode" we generate a token but it can be easily generated.
You should add a warning in the about page if
SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show".

How I tested:
- Go to SCO
- Log - Enable self checkout, go to [Your
  Server]//cgi-bin/koha/sco/sco-main.pl
- Log in with a user 'A' who has a patron image
- Copy the address of the patron image into an other browser window
- Change the borrowernumber to on of an other user 'B' having a patron
  image
- Verify that the patron image is NOT displayed

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-08 09:00:26 -04:00
c1d9a7dab7 Revert "Bug 18179: Update existing calls"
This reverts commit 2a2b973911.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 12:48:56 -04:00
f5b1154e70 Bug 14224: Use encode_json instead of to_json
To handle unicode characters properly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
e54152a90b Bug 14224: Improve escaped characters
To recreate the problem, submit a note like
  doh"doh

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
ba658d5919 Bug 14224: Update Copyright
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
c4dd097d20 Bug 14224: Replace AllowIssueNotes with AllowCheckoutNotes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
88852ffbb0 Bug 14224: Make strings translatable
The strings should be translatable.
This patch also removes the error as it appears that we only have 1
error.
To improve we could surround the store with an eval.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
0159908ca1 Bug 14224: Allow patron notes about item shown at check in
This patch adds a "Note" input field to checked out items in the "your summary"
section. The field allows patrons to write notes about the item checked out,
such as "this DVD is scratched", "the binding was torn", etc. The note will be
emailed to the library and displayed on item check in.

Patch adds two fields to the "issues" table - "note" and "notedate".
Patch adds syspref "AllowIssueNotes" - default off.

Test Plan:
1) Apply this patch
2) Update database
3) Rebuild schema
4) Turn on 'AllowIssueNote' syspref
5) Check out three different items to a borrower (may be easiest to check
    out to yourself)
6) Log in as that borrower (or yourself) on the OPAC side and go to your
summary
7) Confirm text field shows under Note column for all checkouts. Set a
note for each issue, confirm all save.
8) Check the message_queue in mysql for the entries for ALL THREE issue
notes.
9) Disable javascript in your browser
10) Refresh your summary page. Confirm that you can no longer edit the
notes in the text field. Click the 'Create/edit note' button and confirm
you are redirected to a new page.
11) Confirm that the correct title and author show for the note button
you clicked.
12) Set the note and click Submit -> confirm you are redirected
back to summary page and note is saved
13) Confirm there is a new entry in message_queue
14) Enable javascript and go back to the your checkouts page in the
staff client for the borrower you issued the items to
15) Check in TWO items
16) Confirm that the issue notes show under the "Date due" column for
the two items you checked in, and are accurate to the item (i.e. the
right issue note under the right item)
17) Go to circ/returns.pl and check in the final item using the barcode.
Confirm the issue note shows and the date is formatted correctly.

Sponsored-by: Region Halland

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marc Véron <veron@veron.ch>
2017-04-28 09:03:22 -04:00
95429af685 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 08:37:44 -04:00
Aleisha Amohia
ac2e6b1b26 Bug 15738: Show rental fees on OPAC summary page
This patch adds a few lines that check for a rental fee on an item. If
yes, it will show in brackets as a rental fee on the OPAC summary page.

To test:
1) Have a borrower with an overdue item accruing fines, a lost item and
an item with a rental fee. Confirm the Fines column on the OPAC summary
page now shows you what you may expect to see for each item.

Sponsored-by: Catalyst IT

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 06:53:59 -04:00
2a2b973911 Bug 18179: Update existing calls
This patch updates the existing occurrences of ->find called in a list
context.
There are certainly others that are not easy to catch with git grep.
Test plan:
Confirm that the 4 modified scripts still works as expected.

We need this one ASAP in master to make sure we will not get other
side-effects of this kind and to catch possible uncaught occurrences
before the release.

Tested scripts changed by this patch, they work as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 06:48:31 -04:00
039bb200de Bug 10357: Do not change the alerttype
Previous patch modified the alerttype from "issue" to "issue_det" or
"issue_ser". This is wrong, we do not want to modify this value,
especially because it's used in C4::Letters::SendAlerts
This patch uses a $referer variable instead, like it is already used in
other scripts for redirection.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-21 10:58:33 -04:00
Aleisha Amohia
925734ee78 Bug 10357: Adding link for email notification for new subscription issues to opac-detail
This patch adds the link to the opac-detail.pl page so it is less hard
to find.
Update: Fixing link to look like button, adding span ID around element
Update: Changing ID to Class
Update: Comment 14 fixes

To test:
1) Add a subscription, attach it to a record and select a notice under
'Patron notification'. Hit Next, fill in some fields and save the
subscription
2) Go to that record detail page in the OPAC. Go to the subscriptions
tab, click 'More details'. Notice how many clicks it takes to see the
'Subscribe' button
3) Apply patch and go back to the details page for the record
4) Notice now there is a 'subscribe' button
5) Confirm this button works as expected and you are redirected to
the detail page
6) Confirm 'Cancel' works and redirect works too
7) Go down to 'More details' and confirm the buttons work and you are
redirected back to the serial-issues plage from here

Sponsored-by: Catalyst IT

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Re-tested, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-21 10:58:33 -04:00
Chris Cormack
da172a560f Bug 18432 : Follow up - Updating to use they/them
Updating to use they/them and skipping the ones changed to it

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-21 10:56:43 -04:00
phette23
553ce38225 Bug 18432: code comments assume male gender
Comments throughout the Koha codebase assume that
all librarians or borrowers are male by using the
pronoun 'he' universally. This patch changes to
'he or she' / 'him or hers'.

Testing plan:

- ensuring modifying tests still pass:
	+ C4/SIP/t/06patron_enable.t
	+ t/db_dependent/Circulation.t
	+ t/db_dependent/Koha/Patrons.t
	+ t/db_dependent/Reserves.t

Sponsored-By: California College of the Arts

No code changes detected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-21 10:56:43 -04:00
36fd404689 Bug 17835: [QA Follow-up] Fix opac-search.pl
Resolves:
Global symbol "$itemtypes_nocategory" requires explicit package name.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested the added line with a debug statement. See itemtype facets in the
search results.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-14 10:43:52 -04:00
8d5b4306e0 Bug 17835: Replace GetItemTypes with Koha::ItemTypes
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Lari Taskula <lari.taskula@jns.fi>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-14 10:43:51 -04:00
71f34c7b34 Bug 17737: [QA Follow-up] Remove unused reservedfor variable
The changes in this patch set obsolete this variable.
Remove confusing comment about reserve via host record.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-13 08:49:12 -04:00
b01fe1a666 Bug 17737: Rename holds_placed_before_today with current_holds
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-13 08:49:12 -04:00
95c96f823d Bug 17737: Replace GetReservesFromItemnumber with Koha::Item->get_holds_placed_before_today
On the same way of Koha::Biblio->get_holds,
Koha::Biblio->get_holds_placed_before_today and Koha::Patron->get_holds,
this new subroutin will permit to retrieve the holds placed on a
specific item.
Note that at the moment we do not need a Koha::Item->get_holds method:
we do not want to display future holds placed in the future.

Test plan:
I would suggest to test this patch with patches from bug 17736 and bug 17738,
to place different kind of holds (biblio and item level, future and
past).
Then do a whole workflow to detect bug, view a record, delete record,
order, place a hold on an item which has been ordered, etc.
The hold's informations should always be the same without or without
these patches.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-13 08:49:11 -04:00
d28d5a280d Bug 18349: If a confirmation is required, consider as blocker
Only RENEW_ISSUE should not be considered as blocker, others should.
Note that this code is not robust and the whole script as well as the
return of CanBookBeIssued should be rewrittent completely.
We need a small patch to easy backport to stable releases

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-12 18:47:02 +00:00
6b75e5b478 Bug 18349: $borrower is a hashref
I guess this code was never called before...

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-12 18:47:01 +00:00
85bd15a83f Bug 18349: SCO - Do not trust the confirmed flag
The "confirmed" flag is used to know if that user confirmed a situation
that needs a confirmation.
But if the issue/renew is impossible the CanBookBeIssued and the
'impossible flags' should be checked.

Otherwise a patron can checkout and renew bypassing the circulation
rules (Understand 'no limit' here...)

Test plan:
Want to renew?
Checkin $barcode, then
/cgi-bin/koha/sco/sco-main.pl?patronid=$cardnumber&barcode=$barcode&confirmed=1&op=checkout

Want to bypass the checkin?
Same url...

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-12 18:47:01 +00:00
60ba1bf5dd Bug 17825: Remove the use of AttributeTypeExists from opac-user.pl
With the introducion of Koha::Object-based
Koha::Patron::Attribute::Type(s) there's no need for using this
function.

This patch replaces it with a regular ->search + ->count call.

To test:
- Have a user with checkouts logged into the OPAC on the opac-user.pl
page
- Set the SHOW_BCODE attribute to 'no' on the staff interface for the
user.
- Reload opac-user.pl
=> SUCCESS: The barcode is not shown for checked out items.
- Set the SHOW_BCODE atttribute to 'yes' on the staff interface for the
user.
- Reload opac-user.pl
=> SUCCESS: The barcode is shown for checked out items.
- Delete the Patron attribute type SHOW_BCODE
- Reload opac-user.pl
=> SUCCESS: No barcode is shown for checked out items
- Sign off :-D

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:37:20 +00:00
Luke Honiss
39bcba540a Bug 17945 - Breadcrumbs broken on opac-serial-issues.pl
==TEST PLAN==
1) Make a subscription with a record
2) Search and view the record in OPAC
3) Click on the subscription tab and click more details
4) The breadcrumb will say 'Detals for' without the record name
5) Apply patch
6) Refresh the page
7) The breadcrumb will display the name of the record

(fixed small error)

Signed-off-by: Sonia BOUIS <sonia.bouis@univ-lyon3.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:57:59 +00:00
c2c3c11005 Bug 14365 - Populate never used saved_sql column last_run when execute_query is called
Signed-off-by: Cab Vinton <director@plaistowlibrary.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:54:22 +00:00
Aleisha Amohia
14814bc9a6 Bug 17946: Show number of subscriptions on tab in OPAC record details
This patch removes some duplicate code.

To test:
1) Edit at least one subscription (or add a new one) to have a record
2) Find that record on the OPAC
3) Confirm that the Subscriptions tab reads the correct number of
subscriptions attached to the record

Sponsored-by: Catalyst IT

Signed-off-by: JMBroust <jean-manuel.broust@univ-lyon2.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:49:49 +00:00
0509d427b9 Bug 17560: Improve strenght of hold existence test
This patch is a QA follow-up to fix several issues:
- 1 call to GetReserveFee was wrong in ModReserveFill
- Update DB entry was wrong and insufficient
- Add robustness to the tests in sco-main

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:06:05 +00:00
164db2833e Bug 17560: Add a message when a patron checking in using the self checkout
Sponsored-by: Cheshire Libraries

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:06:04 +00:00
e83d92a713 Bug 17736: Fix typo ->new vs ->next
while ->new is terrible, let's call that a typo...

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
opac-detail works again !

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:04:17 +00:00
87afa5142b Bug 17736: Replace GetReservesFromBiblionumber with Koha::Biblio->holds
The C4::Reserve::GetReservesFromBiblionumber took 3 parameters, the
biblionumber, an optional itemnumber and a "all_dates" flag.
If set, the subroutine returned all the holds placed on a given bibliographic
record, even the ones placed in the future. Almost all of the calls had this
flag set, they will be replaced with a call to Koha::Biblio->holds.

But 5 did not have it:
- C4::Biblio::DelBiblio
-tools/batch_delete_records.pl
=> These 2 were wrong, we want to retrieve the holds to cancel them
before deleting the record. We need to get all the holds, even the ones
placed in the future /!\ CHANGE IN THE BEHAVIOR

- acqui/parcel.pl
=> 1 call per item were made to this subroutine. They have been replaced
with only 1 call to the new method Koha::Biblios->holds_placed_before_today
Then we filter on the itemnumbers.
I think this is wrong: we need the number of holds to know if the record
can be deleted, so even if future holds exist, the deletion should not
be possible.

- serials/routing-preview.pl
- C4::ILSDI::Services::GetRecords
- C4::SIP::ILS::Item->new
=> Seems ok, we just one to display holds placed before today

Test plan:
I would suggest to test this patch with patches from bug 17737 and bug 17738,
to place different kind of holds (biblio and item level, future and
past).
Then do a whole workflow to detect bug, view a record, delete record,
order, place a hold on an item which has been ordered, etc.
The hold's informations should always be the same without or without
these patches.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:02:14 +00:00
d420e6ae21 Bug 17844: Replace C4::Koha::get_notforloan_label_of with Koha::AuthorisedValues
This patch is more a bugfix than a refactoring.
Indeed the C4::Koha::get_notforloan_label_of behaviors were buggy:
1/ It does not display the opac description at the OPAC, but always the
staff description
2/ It does not care of the framework of the biblio, but retrieve the
first row of the marc_subfield_structure mapped with items.notforloan

These 2 bugs can easily be fixed using the
Koha::AuthorisedValues->search_by_koha_field

Steps to recreate the issues:
- Create 2 authorised value categories for not for loan (NFL1 and NFL2)
with the same values. Define a different description for the OPAC.
- Define link 952$7 to NFL1 for the default framework and to NFL2 for
the BK framework
- Create 2 bibliographic records (B1 using NFL1 and B2 using NFL2) with
2 items each (1 item should have a not for loan value)
- Go to the "Place a hold" view for this record.
- In the item list, you should see the not for loan value
=> The staff description of NFL1 will always be used, even for the OPAC

Test plan:
- Recreate the issues without this patchset
- Apply this patchset
- Recreate the steps to recreate the issues
=> The staff description of NFL2 should be displayed for the B2 item
=> The opac description of NFL2 should be displayed for the B2 item at
the OPAC

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 10:11:08 +00:00
574d48362d Bug 18124: Change the calls to generate and check CSRF tokens
The parameter change in Koha::Token should be applied to the calling
scripts.

Test plan:
Confirm that the different forms of the scripts modified by this patch
still work correctly.

Test the problematic behavior:
Open 2 tabs with in same user's session, go on the edit patron page
(memberentry.pl).
Log out and log in from the other tab.
Submit the form
=> Wrong CSRF token should be raised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-30 09:07:09 +00:00
e06c193187 Bug 13757: (QA followup) Filter out non-editable params before storing
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:45:22 +00:00
ec9ac4d7b9 Bug 13757: (QA followup) Exclude empty attributes from rendering if non-editable
In self registration opac displayable (and not editable) attributes are
displayed as empty. This an empty value is passed to the template for
creating an empty input and it shouldn't when the attribute is not
editable.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:45:21 +00:00
e63e4bb35a Bug 13757: (QA followup) Fix non-editable attrs on failed save
When a field is not editable but displayable in the OPAC, and you submit
an incomplete/wrong update, those attributes are displayed as empty.

This patch fixes that.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:45:14 +00:00
c44a377d9c Bug 13757: (QA followup) Make opac-memberentry.pl handle attrs deletion
The original code on this bug skipped empty-valued attributes. But
emptying attributes is the only way to tell the controller script that
the user wants to delete them.

This patch makes opac-memberentry.pl check the existence of attributes
sharing the code of the empty for the given patron, and it stores the
deletion on the Koha::Patron::Modification as needed. Otherwise
deletions got skipped.

To test:
- Verify setting/deleting attributes that are opac-editable and verify
the results are sound.

https://bugs.koha-community.org/show_bug.cgi?id=13737

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:45:13 +00:00
925e664f42 Bug 13757: (followup) Staff interface changes
This patch adds proper extended attributes display and handling on the
patron modifications moderation page (members-update.pl).

It also adds changes checking to the opac-memberentry.pl page so it
only saves a modification request if there are changes (it only checked
regular fields and not the extended ones).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:44:59 +00:00
bfa3f41032 Bug 13757: (followup) Remove warnings
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:44:58 +00:00
01506e0195 Bug 13757: Add extended attributes to the patron modification
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:44:57 +00:00
Jesse Weaver
0a40e0c60f Bug 13757: OPAC changes
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:44:54 +00:00
Liz Rea
eaa9882dd1 Bug 14764 - [followup] Addressing QA concerns
* removed Policy:
* put the syspref in alpha order with the others
* added els to the if.

Signed-off-by: Baptiste Wojtkowski <baptiste.wojtkowski@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:27:52 +00:00
Liz Rea
c6ea593971 Bug 14764: OPAC news selector
Test plan:

1) Add more than one library, at least two in total is needed. Make note
   of which is your current user's home branch.
2) Go to Tools -> News and add one global ("All") news item and one
   specific for each branch.
3) Apply the patches.
4) Perform database upgrades when you log in.
5) Go to OPAC main, it should work as before: Showing global news as
   well as the news for your home branch once logged in.
6) Go to System Preferences -> OPAC and set 'OPACNewsBranchSelect' to
   yes.
7) Go to OPAC main, you should see the global news item plus any items
   for your home branch for the current user if logged in.
8) Above the news, you will see a dropdown that lists the branches.
   Select one, and click "Change library."
9) You should now see global news and the news for the selected branch,
   regardless of whether logged in or not.

Sponsored-By: Halland County Library

Fixes QA comments:

* Keep the current selected branch selected

* Change OPACNewsBranchSelect -> OPACNewsLibrarySelect

* fix 'system wide only' view for logged in user. We still show system
  wide even when a library is selected.

* Removed the "change library" link

* Added a label to the field.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Zeno Tajoli <z.tajoli@cineca.it>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:27:51 +00:00
ff647be07c Bug 18169: Make 'before' param non mandatory for Koha::Patrons->anonymise_issue_history
From opac-privacy.pl:

    # delete all reading records for items returned
    # uses a hardcoded date ridiculously far in the future

    my $rows = eval {
        Koha::Patrons->search({ 'me.borrowernumber' => $borrowernumber })->anonymise_issue_history( { before => '2999-12-12' } );
    };

It sounds better to make this before parameter not mandatory, and remove the condition from the sql query if it is not passed.

Test plan:
1. Anonymise your reading history at the OPAC.
2. Confirm that all your reading history has been anonymised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:16:54 +00:00
9b92a494e6 Bug 18037: Hold notes template cleanup (from 15545)
From the second patch of bug 15545:
Removing some unused template code related to a former approach.
Adding some changes for future extension by bug 15545.

This patch was tested by Liz Rea when the routine IsHoldNoteRequired was
called by opac-reserve.pl. The only change here is that we do not yet
call this routine; so leaving her original signoff.

Test plan:
[1] Enable OPACHoldNotes.
[2] Place a hold on a serial record. No behavior change.

Signed-off-by: Liz Rea  <liz@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:11:00 +00:00
b4cd5faeb0 Bug 16966: move parameters to hashref
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 17:20:05 +00:00
286be46e8a Bug 16966: Koha::Patrons - Move GetBorrowersWithIssuesHistoryOlderThan to search_patrons_to_anonymise
The C4::Members::GetBorrowersWithIssuesHistoryOlderThan subroutine is supposed
to return the patrons with an issue history older than a given date.

It would make more sense to return a list of Koha::Patrons.

On the way, the code from AnonymiseIssueHistory will be moved as well to
anonymise_issue_history.

Note that these 2 subroutines are strongly linked: one is used to know the
number of patrons we will anonymise the history, the other one is used to
anonymise the issues history. The problem is that the first one is not used to
do the action, but only for displayed purpose.

In some cases, these 2 values can differ, which could be confusing.
Case 1:
The logged in librarian is not superlibrarian and IndependentBranches is set:
if 2+ patrons from different libraries match the date parameter, the interface
will display "Checkout history for 2 patrons will be anonymized", when actually
only 1 will be.
Case 2:
If 2+ patrons match the date parameter but one of them has his privacy set to
forever (privacy=0), the same issue will appear.

This patch moves the code from C4::Members::GetBorrowersWithIssuesHistoryOlderThan
to Koha::Patrons->search_patrons_to_anonymise and from
C4::Circulation::AnonymiseIssueHistory to
Koha::Patrons->anonymise_issue_history

Test plan:
1/ Confirm the 2 issues and make sure they are fixed using the Batch
patron anonymization tool (tools/cleanborrowers.pl)
2/ At the OPAC, use the 'Immediate deletion' button to delete all your
reading history (regardless the setting of the privacy rule)
3/ Use the cronjob script (misc/cronjobs/batch_anonymise.pl) to
anonymise patrons.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 17:20:03 +00:00
Kyle M Hall
8255344215 Revert "Bug 12461 - Add patron clubs feature"
This reverts commit 4f1eefdbb8.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-26 20:41:27 -05:00
4f1eefdbb8 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
2017-02-23 19:42:36 +00:00
Srdjan
c7a2ef261e bug_16034 Add overdrive info to the users page in the public interface
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-21 19:58:21 +00:00
Srdjan
88aa2ebf9d bug_16034 Koha::ExternalContent::OverDrive - a wrapper around WebService::ILS::Overdrive::Patron
* Using the upstream module for all the heavy lifting
* opac/external/overdrive/auth.pl - 3-legged authentication handler

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-21 19:58:20 +00:00
61c752a98b Bug 17453: Take into account items that are lost or damaged
If all the items are either lost, damaged or checked out, then pickup
should be allowed.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=14753

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 17:15:07 +00:00
0d55faa9a9 Bug 17453: Allow pickup at a library where all items are checked out
If all items are checked out then it should be possible to select the pickup
library for that record.

Signed-off-by: Janet McGowan <janet.mcgowan@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=14753

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 17:15:06 +00:00
d1d12fc770 Bug 17453: Add exceptions
This patch adds the ability to define patron categories not affected by
the behavior of OPACHoldsIfAvailableAtPickup.
The new pref OPACHoldsIfAvailableAtPickupExceptions get a list of patron
categories (separated by pipes |).

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=14753

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 17:15:06 +00:00
00c5929c1a Bug 17453: Inter-site holds improvement
At the moment users can reserve items and choose any library as a pick up
location, but there is no mechanism to prevent users from reserving items that
are available on the shelf at any given location from reserving the item at the
same location, essentially creating a Fetch and Collect scenario.
This has an impact on staff workloads as they are having to process reservations
and check shelves for items that students can already come and collect from the
open library shelves.
The aim of this enhancement is to decrease the impact on staff workload there
should be a restriction in place that prevents users from requesting items for
collection at a library where the item is currently available.

Implementation:
We first tried to add a new circulation rule adding a 4th
“NotIfAvailableAtPickupLibrary” option to "On shelf holds allowed".
That would make the development more flexible.
But in that case we quickly faced non-trivial problematics:
Let's say you have 3 items I1, I2 and I3. The first one has onshelfholds
set to Yes and 2 others has it set to “NotIfAvailableAtPickupLibrary”.
What would be the expected behavior if a hold is placed at biblio level?
And if a hold is placed at item level for I1?
This second point could be answered by reworking the interface to move
the libraries dropdown list elsewhere (1 list per item) or by adding a
lot of JS code to handle the different situation. But it would be
much more complicated to implement.
So finally I moved back to the simple approach and added a new pref to
handle the behavior globally.

Test plan:
0/ Switch off OPACHoldsIfAvailableAtPickup
1/ Let's say you have 3 libraries L1, L2, L3, create 2 items owned by L1
and L2
2/ Place a biblio level hold. You should only be able to pick it up at
L3
2/ Place a item level hold. You should only be able to pick it up at
L3
3/ Create a third items owned by L3
4/ Now you should not be able to place a hold on this record anymore

Sponsored-by: University of the Arts London

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=14753

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 17:15:05 +00:00
a3d2273b35 Bug 17627: Move C4::Koha::GetItemTypesByCategory to Koha::ItemTypes
C4::Koha::GetItemTypesByCategory can be easily replaced with
Koha::ItemTypes->search({ searchcategory => ? });

So let's replace it where it is used.

Test plan:
Make sure this patch does not break the test plan of bug 10937

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 15:31:32 +00:00
a471ad80bb Bug 18025: Simplify logic and avoid 1 call to ValidateBorrowernumber
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
This is fine with me.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 11:24:39 +00:00
Liz Rea
e87dab6411 Bug 18025 - Expired password recovery links cause sql crash
When a user gets an email, but doesn't act or visit it within two days,
     attempting to create a new one causes a collision. We should just
     delete the old one, assuming they still want to reset their
     password.

To test:
create yourself a borrower with a userid and password.
Attempt a password recovery on the OPAC
update the entry in the database for that user to have an expired token
e.g. update borrower_password_recovery set valid_until = '2017-01-25
03:25:26' where borrowernumber = 12;
Attempt another password recovery operation - should error
apply the patch
Try it again - no error, new token is generated and additional email
with new link is sent.

Issue reproduced - is resolved by patch
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 11:24:39 +00:00
Emma
9081637540 Bug 17134: Replace item types codes with category in facets (opac)
To test:
-Search in OPAC for two or more items
-Note that item types display category codes rather than names
-Make change to file and test in OPAC

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-14 13:55:44 +00:00
cb4fa17a27 Bug 17901: Force context to scalar
See bug 15809 for more references.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-30 11:20:49 +00:00
45cffd874c Bug 17901: Fix possible SQL injection in shelf editing
It has been reported that
/cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1

Could lead to SQL injection
Actually it explodes because the generated SQL query is not correctly formated.

However it would be good to limit the possible values for sortfield.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-30 11:20:48 +00:00
ba5cd24553 Bug 17501: Move getCategories and httpheaders from Upload.pm
Class method getCategories has no strict binding to Upload.pm. While
Upload.pm is now restricted to the actual uploading process with CGI
hook, this routine fits better in the UploadedFile package.

Class method httpheaders can be moved as well for the same reason. Note
that it actually is an instance method. The parameter $name is dropped.

Test plan:
[1] Run t/db_dependent/Upload.t.
[2] Check the categories in the combo box of tools/upload.
[3] Check a download via tools/upload and opac-retrieve-file.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-20 14:20:05 +00:00
158442eb9e Bug 17501: Remove Koha::Upload::get from Koha::Upload
The get routine actually returns records from uploaded_files. It should be
possible to replace its calls by direct calls of Koha::UploadedFiles.

This patch is the crux of this patch set. It deals with all scripts that
use Koha::Upload.

In the process we do:
[1] Add a file_handle method to Koha::UploadedFile. This was previously
    arranged via the fh parameter of get.
[2] Add a full_path method to UploadedFile. Previously returned in the
    path hash key of get. (Name is replaced by filename.)
[3] Add a search_term method too (implementing get({ term => .. }).
    This logic came from _lookup.
[4] Add a keep_file parameter to delete method. Only used in test now.

Test plan:
[1] Run t/db_dependent/Upload.t
[2] Go to Tools/Upload. Add an upload, download and delete.
[3] Add another public upload , search for it.
    Use the hashvalue to download via opac with URL:
        cgi-bin/koha/opac-retrieve-file.pl?id=[hashvalue]
[4] Go to Tools/Stage MARC for import. Import a marc file.
[5] Go to Tools/Upload local cover image. Import an image file.
    Enable OPACLocalCoverImages to see result.
[6] Test uploading a offline circulation file:
    Enable AllowOfflineCirculation, and create a koc file (plain text):
    Line1: Version=1.0\tA=1\tB=2
    Line2: 2016-11-23 16:00:00 345\treturn\t[barcode]
    Note: Replace tabs and barcode. The number of tabs is essential!
    Checkout the item with your barcode.
    Go to Circulation/Offline circulation file upload.
    Upload and click Apply directly.
    Checkout again. Repeat Offline circulation file upload.
    Now click Add to offline circulation queue.
[7] Connect the upload plugin to field 856$u.
    Enable HTML5MediaEnabled.
    Upload a webm file via the plugin. Click Choose to save the URL,
    and put 'video/webm' into 856$q. Save the biblio record.
    Check if you see the media tab with player on staff detail.
    (See also: Bug 17673 about empty OPACBaseURL.)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-20 14:20:05 +00:00
c6e488f4af Bug 17196: Move marcxml out of the biblioitems table
Two discussions on koha-devel lead to the same conclusion:
biblioitems.marcxml should be moved out this table
- biblio and biblioitems
http://lists.koha-community.org/pipermail/koha-devel/2013-April/039239.html
- biblioitems.marcxml & biblioitems.marc / HUGE performance issue !
http://lists.koha-community.org/pipermail/koha-devel/2016-July/042821.html

There are several goals to do it:
- Performance
As Paul Poulain wrote, a simple query like
  SELECT publicationyear, count(publicationyear) FROM biblioitems GROUP BY publicationyear;
takes more than 10min on a DB with more than 1M bibliographic records
but only 3sec (!) on the same DB without the biblioitems.marcxml field
Note that priori to this patch set, the biblioitems.marcxml was not
retrieved systematically, but was, at least, in
C4::Acquisition::GetOrdersByBiblionumber and C4::Acquisition::GetOrders
- Flexibility
Storing the marcxml in a specific table would allow use to store several
kind of metadata (USMARC, MARCXML, MIJ, etc.) and different formats (marcflavour)
- Clean code
It would be a first step toward Koha::MetadataRecord for bibliographic
records (not done in this patch set).

Test plan:
- Update the DBIC Schema
- Add / Edit / Delete / Import / Export bibliographic records
- Add items
- Reindex records using ES
- Confirm that the following scripts still work:
    * misc/cronjobs/delete_records_via_leader.pl
    * misc/migration_tools/build_oai_sets.pl
- Look at the reading history at the OPAC (opac-readingrecord.pl)
- At the OPAC, click on a tag, you must see the result

Note: Changes in Koha/OAI/Server/ListRecords.pm is planned on bug 15108.

Signed-off-by: Mason James <mtj@kohaaloha.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Zeno Tajoli <z.tajoli@cineca.it>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 13:49:26 +00:00
e55b38928a Bug 17486: Remove Mozilla Persona
Persona never really took off, and although many browsers currently
support it, very few services actually implement it.

This has lead to it's founders, Mozilla, to end the project. In their
own words:

=============================================================================
Persona is no longer actively developed by Mozilla. Mozilla has
committed to operational and security support of the persona.org
services until November 30th, 2016.

On November 30th, 2016, Mozilla will shut down the persona.org services.
Persona.org and related domains will be taken offline.

If you run a website that relies on Persona, you need to implement an
alternative login solution for your users before this date.

For more information, see this guide to migrating your site away from
Persona:

https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

=============================================================================

Given the above, and that the Persona authentication methods as a whole
are no longer being actively maintained by anyone anywhere to ensure
ongoing security, we should deprecate the option from koha.

Test plan:
Apply this patch and make sure you do not find any references of Persona
Have a look at patches from bug 9587 and confirm that everything has
been reverted

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Code looks good to me.
Also ran several tests including: Auth.t, Auth_with_shibboleth.t.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 12:32:19 +00:00
c3685f041c Bug 15907 - Remove use of makepayment in opac/opac-account-pay-paypal-return.pl
Test Plan:
1) Apply this patch
2) Make a payment via PayPal in sandbox mode
3) Note the payment succeeds

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 15907 [QA Followup] - Simplify code and call pay() only once

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-12 13:42:47 +00:00
4e40339db3 Bug 17830: CSRF - Handle unicode characters in userid
If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
  Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.

Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

You can also test the other files modified by this patch.

Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-30 17:47:18 +00:00
631d3006bc But 17578: (followup) amountoutstanding
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:45 +00:00
b59df2bce7 Bug 17578: GetMemberDetails - Remove GetMemberDetails
All the values different from the ones GetMember returned has been
managed outside of GetMemberDetails.
It looks safe to replace all the occurrences of GetMemberDetails with
GetMember.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:44 +00:00
43dda64381 Bug 17578: GetMemberDetails - Remove reservefee
Same as other patches, reservefee is only used in opac-reserve.pl

Test plan;
Set reserve fee for a patron category
Place a hold at the OPAC with one of these patrons.
You must get a message about the reserve fee.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:43 +00:00
5a0a2ce584 Bug 17578: GetMemberDetails - Remove is_expired
The is_expired value is used in 2 places, let's use
Koha::Patron->is_expired instead.

Test plan:
Depending on the different value of BlockExpiredPatronOpacActions for
the patron category, a patron must be blocked if he has expired.
Confirm that behavior from opac-renew and opac-reserve scripts

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:43 +00:00
4e78f1000d Bug 17578: GetMemberDetails - Remove amountoutstanding
The amountoutstanding value set by GetMemberDetails was only used in a
few places. In that case it makes sense to only retrieve it when needed.

Test plan:
1/ Add fines to a patron, on the OPAC patron info page, you should see a
"Fines" tab
2/ Add credit to a patron, you should see the credit displayed
3/ Set the pref maxoutstanding to 3
4/ Add a fine of 4 to a patron
5/ Try to place an hold for this patron
=> You should get a "too much oweing" message

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:41 +00:00
492280102f Bug 17578: GetMemberDetails - Remove BlockExpiredPatronOpacActions
The correct way to get the value of BlockExpiredPatronOpacActions from a
patron object is to get the patron category then call the
effective_BlockExpiredPatronOpacActions:
  $patron->category->effective_BlockExpiredPatronOpacActions

So this patch applies this change and remove this value from the
GetMemberDetails subroutine.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:40 +00:00
8edb7f6fb9 Bug 17720: CSRF - Handle unicode characters
From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""

Test plan:
- Set a MySQL/MariaDB password with unicode characters:
  UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
  FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Edit: removed debugging leftover

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-05 15:20:18 +00:00
8dce1cde3a Bug 16873: Improve renewal error messages on self check
When a patron is not allowed to renew from the self check module, the
only message displayed is "No renewals allowed".
It would be nicer to let him/her know that the renewal is not allowed
because it's a on-site checkout or automatic renewal.

To do so we can call CanBookBeRenewed instead of CanBookBeIssued and get
the renewal error.

Test plan:
0/ Switch off AllowSelfCheckReturns
1/ check out an item and tick "auto renewal"
2/ Go on the self check module
=> auto renewal message is displayed
3/ check out an item and tick "on-site checkout"
4/ Go on the self check module
=> on-site checkout message is displayed
5/ check out an item without ticking any checkboxes (regular checkout)
Renew it to reach the max renew allowed
6/ Go on the self check module
=> regular checkout message is displayed
7/ Switch on AllowSelfCheckReturns and repeat previous steps
=> "Return this item" button is displayed in addition of the renewal
error message

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-29 17:44:09 +00:00
a16a750180 Bug 17642: Add and use get_descriptions_by_koha_field
Ok I am silly, we needed to replace to use the cache mechanism for
search_by_koha_field, not find_by_koha_field...
Let's create another subroutine

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-18 15:52:00 +00:00
Koha Team Lyon 3
660be0e019 Bug_17484 Search with date range limit (lower and upper) does not work
If the period is entered without spaces wrapping the hyphen
You can't get any result

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
I can't reproduce the error, search still works after applying the patch

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-18 13:46:00 +00:00
f6148ab777 Bug 17494: Prevent duplicate tokens from getting stored
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-04 15:45:40 +00:00
df3a9105e8 Bug 17494: Make sure the same verification token won't be generated twice
Well, this patch does not enforce the unique constraint but mimic what
is already done in C4::ImportExportFramework and Koha::Upload where
md5_hex is used.

Test plan:
Have a look at the code and confirm that it adds more randomness to the
hashed string

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-04 15:45:40 +00:00
Katrin Fischer
85e95d069d Bug 15581: Follow-up - suggested change to the OPAC message
Instead of showing "Automatic renewal" to the user, this
changes it to show "No longer renewable" when the
automatic renewal won't happen any longer because of the
days the item has already been checked out.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-02 10:28:58 +00:00
81a04af278 Bug 14610 - Add and update scripts
Signed-off-by: Jennifer Schmidt <jschmidt@switchinc.org>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-26 12:15:14 +00:00
cbe96a3b70 Bug 17080: borrowers table - use default values defined in the DBIx::Class schema
This patch basically just revert bug 16960 - Fix error on validating the
registration

This job is now done by the Koha::Object constructor, no need to clean
the hash before sending it to AddMember.

Test plan:
Make sure there is no regression on bug 16960 (validate a self registration).

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 17:33:19 +00:00
ed2c2213a7 Bug 15131: Make SCO use the new syspref.
This patch just makes SCO use the new syspref (AllowItemsOnHoldCheckoutSCO)
instead of the old one, thus making it configurable, separate from the
non-SCO syspref.

Sponsored-by: NEKLS

Signed-off-by: George <george@nekls.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 17:27:07 +00:00
baf78b2a33 Bug 17253: Koha::AuthorisedValues - Remove GetKohaAuthorisedValues
This patch replaces the call to C4::Koha::GetKohaAuthorisedValues with
Koha::AuthorisedValues->search_by_koha_field

Test plan:
AV descriptions should be displayed on the following pages:
- XSLT view - location and ccode
- Bibliographic detail, moredetail and OPAC pages - location, ccode, copynumber
- returns - location
- opac-basket - ccode, location
- The 3 reports: catalogue_stats.pl, issues_stats.pl and
  reserves_stats.pl - location, ccode

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 15:35:34 +00:00
35de8aa1ef Bug 17393: Fix non-Latin chars handling in self reg
If you fill the patron self reg with non-latin characters, they will be
encoded with HTML entities (&eacute;)
This bug leads to generate a userid with weird behaviors:
é => eacute
ł => x

Test plan:
0/ Do not apply the patch
1/ Set up the Self reg feature
2/ fill surname, fistname with something like "Michał pouéàç"
3/ Save
4/ See the bad encoding/replacement on the screen and look at the data
The accentued chars are replaced with their html representation and the
non-Latin chars with a 'x'
in the DB
5/ Apply this patch
6/ Repeat steps 2, 3
7/ Everything should be ok
8/ Try to make sure this HTML::Entities escape was not useful:
fill surname with "surname <script>alert("xss?")</script>"
Save and look at the data

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 14:21:55 +00:00
f1298dc782 Bug 17367 - Showing all items must keep show holdings tab in OPAC details
In OPAC details page, when record as too many items (depending on syspref OpacMaxItemsToDisplay), they are not displayed in holdings tab.
You can click on link "Click here to view them all" to show them : page reloads with a new arg viewallitems=1.
Also you can choose which tab is shown by default using syspref opacSerialDefaultTab.

The bug is that when default tab is not holdings, clicking on link to show all items will show another tab. So one must reclick on holings tab to see all items.

This patch corrects by forcing holdings tab when arg viewallitems is defined.

Test plan :
- Create a serial record with more items than syspref OpacMaxItemsToDisplay (or decrease this syspref)
- Select "Subscriptions tab" for syspref opacSerialDefaultTab
- Go to opac details on this record : /cgi-bin/koha/opac-detail.pl?biblionumber=xxx
=> You see Subscriptions tab selected
- Click on Holdings tab
=> You see no items but a link "Click here to view them all"
- Click on this link
=> Without patch you see Subscriptions tab selected
=> Wih patch you see Holdings tab selected and the items

Signed-off-by: Juliette <juliette.levast@iepg.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-17 23:47:27 +00:00
f28460bdb7 Bug 17392 - opac/svc/overdrive_proxy is not plack safe
This patch simply replaces the ';'  in the param passed to OverDrive
with '&'

To test:
1 - Enable overdrive (requires an account)
2 - Perform an opac search
3 - Note the number of overdrive results reported
4 - Click the link to view the actual overdrive results
5 - Note the result numbers don't match
6 - Apply patch
7 - Repeat 1-4 and note results numbers match and results are relevant
8 - Test a search with a ';' to ensure this patch isn't breaking
searches

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>
Verified by reading code - couldn't verify using Overdrive.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 16:16:02 +00:00
ef0b0f13fc Bug 17094: Make Koha::Virtualshelf methods return Koha::Objects-based objects
Instead of DBIx::Class objects.

Test plan:
1/ Add content to a list and share it with another patron
2/ Try to view the list with the other patron
3/ download and send a shelf and check if the biblio list is correct
4/ prove t/db_dependent/Virtualshelves.t should return green

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 13:14:46 +00:00