This patch removes a security breach in C4::Auth::check_api_auth introduced by bug 31378, where when someone called an api with the parameters userid and auth_client_login, check_api_auth would automatically asume the user calling was that userid.
This patch also introduces C4::Auth::create_basic_session(), a function that creates a session and adds the minimum basic parameters.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test prove t/db_dependent/Circulation.t
Sponsored-by: Koha-Suomi Oy
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Some libraries need to recalculate a patron's expiration date any time they are updated via a patron import from file.
Test Plan:
1) Apply this patch
2) prove t/db_dependent/Koha/Patrons/Import.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Yes, it should be the last statement.
Actually the preceding delete is unneeded.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Triggered by seeing Koha::Account. Copy and paste ;)
But a bunch of other modules should (at least formally) be there.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Hooks added:
after_recall_action with new action add
How to test:
Run tests in t/db_dependent/Koha/Plugins/Recall_hooks.t
Sponsored by: Gothenburg University Library
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT} Adding get_from_storage ;) For current consistency.
See further bug 32107.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates the `av_expand` occurences to `strings` to match the
change of the return structure of `_strings`.
We replace `+av_expand` in the headers with `+strings`, the expected
object method name from `api_av_mapping` to `api_strings_mapping` and
the internal hash key from `av_expand` to `strings`.
Test plan
1) Run the included unit tests.. all should still pass.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates the last remaining test that mentioned the now defunkt
x-koha-av-expand header.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Instead of a global av-expand flag (through a header) this patch
proposes to allow specifying +av_expand at the x-koha-embed header
level. This allows a more fine-grained control on what objects get avs
expanded. e.g.:
GET /patrons/123
x-koha-expand: +av_expand,checkouts.item+av_expand
=>
{
"_str": {
"city": { "str": "Córdoba", ... }
},
...
"checkouts": [
{
...,
"item": {
"_str": {
"not_for_loan_status": { "str": "Reference material", ... },
...
},
...
}
}
]
}
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/Koha/Object.t \
t/Koha/REST/Plugin/Query.t \
t/db_dependent/Koha/REST/Plugin/Objects.t
=> SUCCESS: Tests pass!
2. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the returned data structure be simpler:
_str => {
attribute_1 => {
category => 'some_category_name',
str => 'description',
type => 'av'
},
...
}
The description is sensible to context, so if public => 1 is passed,
then lib_opac is passed, and lib is returned otherwise. Whenever we add
language to the combo, we will add it to the implementation.
Tests are adjusted accordingly, also to reflect the public => 1 use
case.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Object.t \
t/db_dependent/Koha/REST/Plugin/Objects.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Add tests in t/db_dependent/Koha/Object.t and
t/db_dependent/Koha/REST/Plugin/Objects.t
Sponsored-by: Virginia Polytechnic Institute and State University
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Hook actions added:
after_hold_action adds new actions transfer, waiting and processing
How to test:
Run tests in t/db_dependent/Koha/Plugins/Holds_hooks.t
Sponsored by: Gothenburg University Library
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This module now fetches a https stylesheet and returns it as a
string to Base. (As a workaround waiting for a real solution
in the underlying libraries.)
The module can be extended to resolve includes but this requires
parsing the xslt code.
Test plan:
[1] Run t/Koha_XSLT_HTTPS.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch perltidys the tests added lately. It also removes some
commented debugging lines.
Note: There's an attempt to write tests on the full auth workflow that
is commented out but left there on purpose for now.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Several FIXME comments added on the report addressed here.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lukasz Koszyk <lukasz.koszyk@kit.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds routes for handling authentication providers to the REST
API.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/auth_providers.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lukasz Koszyk <lukasz.koszyk@kit.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lukasz Koszyk <lukasz.koszyk@kit.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lukasz Koszyk <lukasz.koszyk@kit.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
- Agreements: Added tests for search and filter_expired as well as some missing comments; fix user flags
- Licenses: Updated tests to be on par with agreements; fix user flags
- EHoldings Packages: New tests on par with others
- EHoldings Titles: New tests on par with others plus import titles tests
- EHoldings Resources: New tests - get and list
- Documents: New tests; Only has GET endpoint; Tests to better mirror real documents lifecycle through a license;
- Users: New tests
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
assume that tinyint are boolean (not really true but shouldn't hurt)
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Rollback should really be the last statement.
I am leaving get_from_storage here, but add a comment that it seems
unneeded at this moment. The Koha::Account::Offset->new and
C4::Stats::UpdateStats wont change the line.. But since the distance
in code is becoming a bit larger, I wont complain.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Hooks added:
after_account_action with new action add_credit
How to test:
Run tests in t/db_dependent/Koha/Plugins/Account_hooks.t
Sponsored by: Gothenburg University Library
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
On bug 29697, an explicit call to 'warn' was added, but no tests were
added for that behavior.
This patch adds that.
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/Koha/Biblio/Metadata.t
=> FAIL: There's a warn, no tests for it :-(
2. Apply this patch
3. Repeat 1
=> SUCCESS: A new test was added, no more warns printed
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch simplipfies the tests, and highlighs the fact the introduced
method should add filters to the current resultset.
It also aligns the tests with the currently adopted style.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
1. Make sure syspref "opacbookbag" is set to "Allow".
2. Make sure syspref "HoldsNeedProcessingSIP" is set to "Don't fulfill".
3. Place a hold on an item.
4. Return item via SIP at the pickup library.
5. View biblio in Opac.
6. Note that it says "Available" as status.
7. Add biblio to Cart.
8. Open Cart.
9. Note that it says "Available" as status.
10. Apply patch.
11. Reload Opac page.
12. It should now say "On hold".
13. Reload Card page.
14. It should also say "On hold".
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Rebecca Coert <rcoert@arlingtonva.us>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>