As a simple alternative to the solution in bug 9949 or just as an
additional measure, this patch adds a rewrite rule for intranet
in order to intercept potential misuse of perl scripts that could be
reached on a dev package install via the cgi-bin/koha scriptalias.
It simply rewrites them to the nonexistent "notfound", resulting in a
regular 404 error.
The rewrite rule does not harm regular installs and is just a little extra
step in securing a dev install. You should have more security measures in
place to secure your staff client.
QA Note: Although a rewrite rule may not be our first choice, this one
rule is more elegant and easier to maintain than e.g. a whole bunch of
aliases.
Note: This patch should have a regular and a dev install signoff.
Test plan:
[1] Make sure that this rewrite rule is inserted in your actual apache
config via /etc/koha/apache-shared-intranet.conf. Restart Apache.
[2] For regular package installs:
Try one of the URLs in step 3.
Verify that your staff client still operates as usual. Test a few
URLs inside some modules.
[3] For dev installs:
Try some URLs like below.
Expect 404 errors only, not 500s. If you do not see a 404, go back!
/misc/stage_file.pl
/t/db_dependent/default_search_class.pl
/installer/data/mysql/updatedatabase.pl
/Makefile.PL
[4] Do you see an additional directory to add to the regex? Please report.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
# Failed test 'checkpw_ldap tests'
# at t/db_dependent/Auth_with_ldap.t line 324.
{UNKNOWN}: Configuration not defined at /usr/share/perl5/Log/Log4perl/Config.pm line 579. at /kohadevbox/koha/Koha/Patron.pm line 395
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
I don't understand how that could be useful. We do not want to test if
the logfile is writable every time we log something!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We do not want to fail silently for the logger.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Until now, there was only "General" and "Privacy". This patch
breaks the "General" prefs up into multiple sections.
To test:
- Go to Administration > Patrons
- Verify the current state of things
- Apply patch
- Reload patch
- Verify headings make sense and groups make sense as well
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1 - You will need to enable SIP on your testing instance
cp etc/SIPconfig.xml /etc/koha/sites/kohadev/
sudo koha-start-sip
add a user listed in the SIPconfig to your system and give them permissions (superlibrarian works)
on koha-testing-docker you should be able to start sip with user koha/koha without any adjustments
2 - If you copied the above file you should be set to get custom field DE with dateexpiry
Otherwise edit the sip login for the user to have a custom section like:
<login id="koha" password="koha" delimiter="|" error-detect="enabled" institution="kohalibrary" encoding="utf8" >
<custom_patron_field field="DE" template="[% patron.dateexpiry %]" />
</login>
3 - send a status test using the sip cli tester:
perl misc/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su koha -sp koha -l kohalibrary --patron 23529001000463 -m patron_status_request
4 - send an information test using the sip cli tester:
perl misc/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su koha -sp koha -l kohalibrary --patron 23529001000463 -m patron_information
5 - confirm you receive the DE field with a dateexpiry
6 - Add your own custom fields and confirm it works with several
<custom_patron_field field="EW" template="Phone: [% patron.phone %] Email: [% patron.email %]" />
7 - prove -v t/db_dependent/SIP/Patron.t
8 - prove -v t/db_dependent/SIP/
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch removes the use of event attributes like "onclick" from the
serial collection template. Events are now defined in JavaScript.
To test, apply the patch and go to Serials
- Locate or create a subscription for which an item record is NOT
created when receiving.
- On the serial collection page for this subscription, test that the
"Multi receiving" button works correctly.
- For any subscription, test that the "Generate next" button works
correctly.
- In each tab, test that the "select all" and "clear all" links work
correctly and affect only that tab.
- On a subscription which has expired, test that the "Renew" button
works correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The height for each section was the height of the highest section.
Now the height is set to the length of the section.
Test plan:
Go to Administration > Column configuration
Open the sections and confirm that the height fits its content.
QA: note that I guess "autoHeight: false" was meant to achieve that,
but it does not exist in the API of the plugin.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We removed UseKohaPlugins in bug 20415 but incidentally added a
reference to it bug 24183. This patch corrects that error.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When you click Unhighlight on the search results of a search in the staff client
when the search terms contain the same word twice, like "ma ma", the highlighted
words disappear, and don't reappear if you click Highlight.
This patch makes the same change to the intranet copy of jquery.highlight-3.js that
bug 5844 made to the OPAC copy.
Test plan:
1) Without this patch, search in the intranet for ma ma and verify you have at least
two matching records.
2) Notice that the Ma in Material type: Book is highlighted.
3) Click Unhighlight, and notice that it has become terial type: Book
4) Apply this patch, repeat the search with a shift+reload to reload the .js
5) Click Unhighlight, and verify that Material type: Book remains Material
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This is simply a SQL change that makes things a bit easier to read
and also prevents too much data being returned in a large system
To test:
1 - Have some orders in your system in the ordered status
2 - Click the 'Ordered' amount for your budget from Acquisitions home
3 - Note the view of orders, possibly screen shot
4 - Apply patch
5 - Restart all the things
6 - Reload the ordered page
7 - Confirm nothing has changed
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1) update database, restart memcached/plack
2) Go to Administration -> System preferences -> OPAC tab. Enable the
new PatronSelfRegistrationConfirmEmail system preference. Enable other
required self registration sysprefs.
3) Go to the OPAC home page. (You may need to log out). Click the
'Register' link so you are redirected to the member entry form.
4) Notice the 'Confirm primary email' field after the 'primary email'
field. Put 'a@a.com' in primary email, and 'b@b.com' in the confirm
field. Scroll to the end of the form and Submit.
5) Confirm the form is not successfully submitted, and an error message
is shown to indicate the email addresses do not match.
6) Confirm you cannot cut, copy or paste in either the primary email or
confirm primary email fields. Confirm the right click menu doesn't work
in these fields.
7) Disable javascript in your browser.
8) Repeat steps 3 and 4.
9) Confirm there is an error message to indicate the email addresses do
not match.
10) Re-enable javascript. Fill in the form correctly with matching email
addresses and confirm it successfully submits.
11) Disable the PatronSelfRegistrationConfirmEmail syspref.
12) Attempt to register an account on the OPAC again. Confirm the
'confirm email address' field is gone and form works as expected.
13) Re-enable the PatronSelfRegistrationConfirmEmail syspref.
14) Log in to the OPAC and go to your personal details
15) Edit the primary email field
16) Confirm you are able to submit your changes (you should not see an
error about emails not matching).
Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: holly <hc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
If maxFine is set, we total the patrons outstanding fines when making an adjustment, however, we neglect to count the amount of a currently updating fine when doing so.
To test:
1 - Set maxFine to 5
2 - Create an overdue amount of 4.99 for a patron
3 - Set an itemtype to have a fine of $.10 per day
4 - Checkout an item of that type to a patron and backdate the due date so it is overdue
5 - Run fines.pl with -v
6 - Note the fine is reduced from $.10 (or a multiple) to .01
7 - Run it again, a second cent is added
8 - Repeat and note it keeps happening until the amount of the fine is reached, exceeding the maxFine setting
9 - Apply patch
10 - Note the fine is now reduced to 0 and nothing is added to account
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The label creator won't be able to add a batch for items, if they are
not imported into the database (missing itemnumber). This patch hides
the link, when the status is not imported, to avoid the error situation.
To test:
- Export a record with items from your Koha installation
- Delete items and record from Koha
- Stage the record with the items - the "Create labels" link should be showing
- Try to create the labels - note error
- Apply patch
- Retry - the link should no longer show
- Import the records - the link should show now
- Create labels again - a new batch should have been created
- Verify the link on the batch # leads to the batch in the labels module
Bonus: Moves the message from the .pl file to the template to make
it translatable.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This adds a link to the accounting tab from the patron search results by
making the amount in the Fines column clickable.
To test:
- Make sure you have some patrons with fines, credits and 0,00
- Search for your patrons using the patron search, make sure you
get more than one result for your search
- Check the results table - the amount should always be linked
and lead to the patron account accounting > transactions tab.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
I believe I suggested a typo - trying to fix it here.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Sometimes librarians are creating purchase suggestions that came from patrons
which didn't use the opac (but sent an email, or told the librarian verbally...)
This patch allows the librarian to change the creator of the purchase suggestion
when entering it.
This way, the patron will be able to receive notifications during the purchase
suggestion workflow.
Test plan:
- Apply the patch
- Check that you can change the default creator of the purchase suggestion when
creating a new suggestion by clicking on 'Set to patron'
(Home > Acquisitions > Suggestions management > New purchase suggestion)
- Check that you can also change the creator of the purchase suggestion when
editing an existing suggestion
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1 - Set SearchEngine syspref to Zebra
2 - Be a user with permission to manage search engine configuration (manage_search_engine_config)
3 - Confirm you do not see 'Search engine configuration' on Admin main page
4 - Apply patch
5 - Confirm you see it with '(Elasticsearch)' appended
6 - Be a user without above permission
7 - Confirm you cannot see the 'Search engine configuration'
8 - Confirm you cannot access directly:
/cgi-bin/koha/admin/searchengine/elasticsearch/mappings.pl
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes some modifications to the columns setting
administration template so that the headings are a little clearer.
In-page navigation is added for each section.
To test, apply the patch and go to Administration -> Columns settings.
- Confirm that the collapsing panels work correctly.
- Expand a section and confirm that the "jump to" links work correctly.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Looks good, works good.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch corrects the translation function inside results.js. It
should be two underscores instead of one.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds three new options to the staff interface catalog search
results for users with cataloging permission: batch edit, batch delete,
and merge. The choices are found in an "Edit" menu which is disabled by
default. Checking any boxes in the search results table enables the
button.
To test, apply the patch and log in to Koha as a user with
edit_catalogue permission.
- Perform a search in the catalog
- You should see a disabled "Edit" button in the toolbar at the top of
the search results table.
- Check a single checkbox. The button should become enabled.
- Test the "Batch edit" and "Batch delete" menu items. They should
work correctly.
- Test the "Merge records" item. It should warn you that you must
select at least two records.
- Check more than one checkbox and test each menu item again. All
should work as expected.
- Log in to the staff client as a user who does not have edit_catalogue
permission. The "Edit" menu should no longer appear on the search
results page.
Signed-off-by: Abbey Holt <aholt@dubuque.lib.ia.us>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
In the list of checkouts it's currently not possible for the
patront or tell the difference between normal checkouts (item
is at home with them) and on-site checouts (items remained at
the library). This patch adds a hint to the list of checkouts to
allow differentiating these kinds of checkouts.
To test:
- In your patron account, have multiple checkouts, some on-site,
some others, overdue items, etc.
- Go to: OPAC > your summary > Checked out
- Verify that there is no hint for the on-site checkouts
- Apply patch
- Check again, there should now be a note
The note also has a class, so would be easy to be hidden
or formatted differently: class="onsite_checkout".
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When paging through the patron account in staff, using the tabs on
the right, you notice that some pages are missing the patron toolbar
on top and that the headings, where they exist, vary in size.
This patch adds the patron toolbar to 3 more tabs and changes headings
to h1 to be consistent with older tabs. It has also been suggested on
another tab that this is preferrable for screen readers.
Note: Modification log was left out for now, as this is also used in tools.
To test:
- Activate ILL (ILLModule pref)
- Activate discharges (UseDischarge pref)
- Go to any patron account, tab through the tabs...
- Verify that discharge, purchase suggestions and ill requests are
missing the toolbar
- Apply patch
- Verify that the toolbar now appears on these pages and works
correctly
- Also veriy that the headings are now consistently h1 on all pages
Signed-off-by: David Roberts <david@koha-ptfs.co.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When using sort1/sort2 with authorised values to create a pull down
list, there will be no empty entry unless one is manually added to
the authorised values list.
This is not a good default behaviour, as it can easily
cause errors on patron creation. Without the empty entry, the first
alphabetic value is pre-selected and will be saved if not explicitly
changed. It also doesn't allow to mark sort1/sort2 as mandatory,
as the value is always 'set', the required message won't be triggered.
This adds an empty parameter to av-build-dropbox.inc to allow selectively
adding this empty entry without causing side-effects in other places
this include is used.
To test:
- Create authorised values for either Bsort1 or Bsort2 authorised
value category
- Create a new patron:
- you should see a pull down list on one and an input field for the other
- for the pull down list, there will be no empty entry and the first
alphabetic value will be preselected
- Make your sort1 and sort2 mandatory using BorrowerMandatoryField
- Verify there is still on empty entry
- Apply patch
- Repeat tests and verify that the behaviour is as expected
- There should now be an empty entry
- When the field is marked mandatory and empty is left, the required
warning will be shown.
Signed-off-by: David Roberts <david@koha-ptfs.co.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
As the pref removes the whole 'line' of information, this tries to makes
the behaviour a little clearer by adding a 'and descriptions' to the pref
text. It now reads:
[Show|Don't show] the format, audience, and material type icons and
descriptions in XSLT MARC21 results and detail pages in ...
To test:
- Check both preference descriptions in the staff client
- Verify the text reads correctly and this helps things
Signed-off-by: David Roberts <david@koha-ptfs.co.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The table borrower_modifications has no FK constraint on the borrowernumber
and will remain untouched when the patron is deleted.
If the borrowernumber doesn't exist in the database, the modification entry is no longer visible in Koha.
The problem is that this table is used for the borrower modifications and the self-registration features.
So far borrowernumber is the PK (int(11) NOT NULL DEFAULT '0'), for the self-registration feature we can have borrowernumber that is not defined (0 is used)
Ideally we would like to have borrowernumber a DEFAULT NULL, and use NULL for self-reg, but then we will loose the PK (PK cannot be NULL).
As we cannot keep the correct constraints at DB level anyway, we will need to handle consistency at code-level.
Test plan:
Create a new patron
Do some modification at the OPAC
Delete the patron
Confirm that the modifications as been removed (directly in DB)
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes a small CSS change in order to fix a display problem
with the checkout form where the form's width doesn't match that of the
"last checked out" message.
To test, apply the patch and regenerate the staff client CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
Check an item out to a patron. Confirm that the green-bordered "Checked
out" message under the checkout form matches the width of the form.
Signed-off-by: David Roberts <david@koha-ptfs.co.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The checkouts tables on the checkouts and details tabs in the staff
patron account support column confiugration, but the new column
"Return claims" was missing.
This patch adds the column to the column configuration.
To test:
- Make sure to test with a patron having return claims and without
- Verify cou can toggle the visibility of the return claims column
from top of the tables in the checkouts and details tabs
- Go to administrastion > column configuration
- Change the settings for the issues tables in the Patrons and
Circulation sections
- Verify the changes have been applied to the tables as configured
Signed-off-by: David Roberts <david@koha-ptfs.co.uk>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This fixes the navigation on the Point of sale page:
Branch details => Library details
And the heading and the 'no register defined for this branch/library'
message on the page it links to.
To test:
- Activate cash registers and point of sales features
- Go to the point of sales page
- Verify text on the menu to the left
- Click on the Branch/library details - verify text and heading
Signed-off-by: Devinim <kohadevinim@devinim.com.tr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Adding an item to course reserves and trying to edit any values in a second step does not work. Values are not saved and the table shows all values as "Unchanged".
This patch set adds two new sets of columns to the course_items table.
The first set determines if the specified column should be swapped or
not. The was previously 'implied' by the column being set to undef which
has been the root problem with that way of knowing if a column should
swap or not.
The second set of new columns are for storing the item field values
while the item is on course reserve. Previously, the column values
were swapped between the items table and the course_items table,
which leaves ambiguity as to what each value is. Now, the original
columns *always* store the value when the item is on course reserve,
and the new storage columns store the original item value while the
item is on reserve, and are NULL when an item is *not* on reserve.
Test Plan:
1) Apply this patch
2) Add and edit course items, not the new checkboxes for enabling fields
3) Everything should function as before
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>