Link the new delete_borrowers sub-permission to the delete actions.
Test plan
1/ Remove the delete_borrowers permission from a staff user
2/ Check that the user cannot use the 'Delete' option from the members
menu.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch moves translatable strings out of members-menu.inc into
members-menu.js where they can be translated using the double-underscore
i18n function.
To test, apply the patch and go to Patrons.
- Expand the search options in the search header by clicking the [+]
link.
- Select "Date of birth" from the "Search fields" dropdown.
- A tooltip should appear above the search form, "Dates of birth
should be entered in the format..." with your current date format.
- Remove all "Adult" type patron categories but one.
- Check out to a child patron.
- From the "More" menu choose "Update child to adult patron."
- You should see a confirmation.
- From the checkout screen, from the "More" menu, choose "Renew patron"
- You should get a confirmation.
TESTING TRANSLATABILITY
- Update a translation, e.g. fr-FR:
> cd misc/translator
> perl translate update fr-FR
- Open the corresponding .po file for JavaScript strings, e.g.
misc/translator/po/fr-FR-messages-js.po
- Locate strings pulled from
koha-tmpl/intranet-tmpl/prog/js/members-menu.js for translation,
e.g.:
msgid "Are you sure you want to renew this patron's registration?"
msgstr ""
- Edit the "msgstr" string however you want (it's just for testing).
- Install the updated translation:
> perl translate install fr-FR
- Switch to your newly translated language in the staff client
and repeat the test plan above. The translated strings should
appear.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds HTML comments to Template::Toolkit include files which
contain <script> tags so that it is clear where the embedded scripts can
be found in the code.
To test, apply the patch and view source on the following pages to
verify the presence of the comments:
Acquisitions home page:
- acquisitions-toolbar.inc
- validtor-strings.inc
- js_includes.inc
- format-price.inc
Acquisitions -> Add order from new record,
Acquisitions -> Receive order:
- additem.js.inc
Cataloging -> Add/Edit item:
- columns_settings.inc
- strings.inc
- select2.inc
- calendar.inc
- str/cataloging_additem.inc
Authorities home page:
- authorities_js.inc
Bibliographic detail page:
- catalog-strings.inc
Cataloging -> Advanced editor:
- cateditor-ui.inc
- cateditor-widgets-marc21.inc
Administration -> Item types:
- greybox.inc
ILL requests:
- ill-list-table-strings.inc
Web installer
- installer-intranet-bottom.inc
Web installer -> Onboarding
- installer-strings.inc
Lists -> List contents -> Merge records
- merge-record-strings.inc
Patrons -> Patron -> Change password
- password_check.inc
- str/members-menu.inc
Patrons -> Patron -> Print summary
- slip-print.inc
Circulation -> Check out
- timepicker.inc
Administration -> System preferences:
- str/tinymce_i18n.inc
- wysiwyg-systempreferences.inc
Cataloging -> Z39.50 Search:
- z3950_search.inc
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch moves several English strings out of members-menu.js and into
str/members-menu.inc where they can be picked up by the translation
process. The following strings are affected:
"Are you sure you want to renew this patron's registration?"
"Are you sure you want to update this child to an Adult category? This
cannot be undone."
"Dates of birth should be entered in the format 'MM/DD/YYYY'"
"Dates of birth should be entered in the format 'YYYY-MM-DD'"
"Dates of birth should be entered in the format 'DD/MM/YYYY'"
"Dates of birth should be entered in the format 'DD.MM.YYYY'"
This patch also makes a correction to members-toolbar.inc in order to
enable the presence of the "Update child to Adult" menu item.
To test:
- Install and update a language.
- Check the po-file for that language. You should find no msgid for
the strings listed above.
- Apply the patch.
- Update the language you installed.
- You should find entries for all the strings above.
- Translate those messages and update the translated templates.
- Reinstall the translation.
In the staff client:
- Select your updated translation.
- Open an expired patron's account and choose "Renew patron" from the
"More" button in the toolbar. You should be prompted for confirmation
using the translation you provided.
- To test the "Update child" confirmation you should have only one
patron category in the "Adult" category.
- Open a patron record with a child category and choose "Update
child" from the "More" menu in the toolbar. You should be prompted
for confirmation using the translation you provided.
- To test the date format messages: From the patrons home page, expand
the advanced search options in the header search form. Select "Date
of birth" under "Search fields." A correctly-translated tooltip
should appear above the search field.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This follow-up modifies JavaScript so that the confirmation dialog is
triggered when deleting a patron image from the modal window.
The CSS is modified to improve the alignment of patron image and edit
button.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 11401 introduced code to support Norwegian national library card.
This code is too specific to be part of Koha as it, it should be a
plugin instead.
Moreover nobody uses it, but a modified version (see comment 3).
Test plan:
Add/edit/delete patron and make sure there are no regressions introduced
by these patches
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).
Moreover the strings used by the templates are also in several template
files (or .inc)
To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js
Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
