Resolve:
Can't call method "borrowernumber" on an undefined value at /usr/share/koha/opac/opac-illrequests.pl line 66
Test plan:
Put an unexisting illrequest_id in the URL parameter.
You should see a 404, not a crash.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Same as previous patch, but for 'update' and 'cancreq'.
We remove the redirect, but here we only want to focus on the security
fix.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Confirmed. Without this patch a patron can modify and cancel any ILL
request in the OPAC. With this patch the patron is redirected to the
404 page if modification or cancellation is attempted.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To reproduce:
- Enable the ILL module
- Install the FreeForm backend as described here:
https://wiki.koha-community.org/wiki/ILL_backends
- Go to the ILL module and add two different ILL requests by
clicking on "New ILL request" and entering the necessary details.
- Make sure you connect the two requests to two *different* patrons
in the field marked "Card number, username or surname"
- Make the two titles different, and make a not of which title is
connected to which patron
- Log in as one of the two patrons who now have an ILL request each,
in the OPAC
- Go to the "Interlibrary loan requests" tab
- Click on "View" for the request connected to this patron. The URL
will look like something like this:
http://<opac>/cgi-bin/koha/opac-illrequests.pl?method=view&illrequest_id=2
- Now change the number at the end to correspond to the the ILL request
connected to the *other* patron
- Verify you can see the details of an ILL request conncted to another
patron than the patron you are logged in as
To test:
- Apply the patch
- Restart all the things if you are testing with ktd
- Reload the detail view of the ILL request that belongs to the patron
you are not logged in as
- Verify you are redirect to the 404 page and can not see the details
of the request that belongs to the patron you are not logged in as
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When adding patrons to a patron list we get a JS error about undefined
variables. We can easily fix this problem by defining them even if the
pref is not set.
We are enabling the auto complete even if PatronAutoComplete if off.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If the logged in librarian modifies their own userid they will get the
following error when submitting the form:
Can't call method "password_expired" on an undefined value at /kohadevbox/koha/C4/Auth.pm line 1780
We could handle this situation and flag the session as expired. Better
would be to deal with this specific user case and update the cookie (?)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the GET request results more deterministic so we avoid
random failures. It does so by adding a fixed value to each ILL request
and then sorting by it.
To test:
1. Run:
$ DB_IMAGE=mysqli:8.0 ktd up -d
# wait until it finished:
$ ktd --logs
2. Run:
$ ktd --shell
k$ prove t/db_dependent/api/v1/ill_requests.t
(repeat a few times)
=> FAIL: It sometimes fails
3. Apply this patch
4. Repeat 2
=> SUCCESS: It doesn't fail
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test Plan:
1) Check out an item
2) Claim return on it, moving it to the old_issues table
3) Delete the old_issue via koha-mysql or Use cleanup_database.pl
4) Attempt to resolve the claim
5) Note the error
6) Apply this patch set
7) Restart all the things!
8) Attempt to resolve the claim
9) No errors!
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch fixes record matching for authorities to correctly apply required match checks.
To test:
1) Create a record matching rule:
Threshold: 100
Record type: Authority record
Match point 1
Search index: subject-topical
Score: 100
Tag: 150
Subfields: a
Match check 1
Both source and target record check fields:
Tag: 040
Subfields: a
This rule says we want to match on the topical term heading, then confirm the match with 040$a.
2) Create two topical term authority records
Authority 1:
150$a: Test
040$a: A
Authority 2:
150$a: Test
040$a: B
3) Export authority 2 and save
4) Go to Cataloging -> Stage records for import
5) Upload your downloaded authority 2 file. Change the record type to Authority. Choose your new record matching rule.
6) Stage for import.
7) Confirm that with the record matching rule applied, both authorities 1 and 2 show as possible matches, even though only authority 2 has a matching 040$a.
8) Apply the patch and restart services
9) Change the matching rule to "Do not look for matching records" and apply. This is to essentially refresh the page.
10) Change the matching rule to your new matching rule and apply. Confirm only the matching authority 2 shows and is selected.
Sponsored-by: Waikato Institute of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes dismissing the modal equivalent to cancelling the
receipt and thus returning to parcel.pl.
The 'Save' button is renamed to 'Confirm' and is disabled when no items
are selected for receiving.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
With bug 8179, a new step was added when receiving a single item.
This extra step is not useful and adds clicks for the staff member who is receiving orders.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This preselect cuts off all next available holds that are in reserves,
as well as holds filled by checkout without confirm (see 33791).
Test plan:
Go to reporting. Click Hold statistics.
Verify that Holding library and Home library are not selected.
Test that you can still filter by one of those.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We don't need it for the staff interface. The previous patch is removing
the only occurrence using it.
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We don't want to depend on the pref for the staff interface.
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Without this patch:
Place next available level on some book for patron A.
Checkout this book directly to patron A.
Check old_reserves table for this reserve; does not have itemnumber.
With this patch:
Do the same.
In old_reserves the itemnumber should be saved.
Run again t/db_dependent/Koha/Hold.t. Should pass.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Run t/db_dependent/Koha/Hold.t
NOTE: This test should fail without following patch, but pass with it.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch fixes the regression cashed by bug 32450 where we
accidentally introduced the option to archive system debit types.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch corrects a minor regression in template markup caused by Bug
33774. The Bootstrap tab attributes were lost (presumably in a merge)
causing the whole tab structure to break.
To test, you should have at least one club defined.
Apply the patch and view the patron details page. Each tab should load
its contents correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. Apply patch
2. Follow the steps in Bug 8179 to generate the modal on orderreceive.tt
3. Check that the following issues have been corrected:
-The select2 dropdown for #bookfund is splitting onto multiple lines in the modal.
-The modal header has a green line extending through it.
-At smaller screen sizes the modal close button ( upper right corner of modal ) drops down below the h4. It should stay on the same line as the h4.
-The modal is not centered on the screen.
-The toogle inactive/active checkbox can become it's own list element.
-The #current-fund can become a hint
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Added 'ACQUISITION CLAIM' and 'ACQUISITION ORDER' to the log viewer form.
Please test this well (making sure there are log entries of these types and they show properly upon searching for them)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
to test
- install current package
- note following $message on install
'Failed to enable unit: Unit /run/systemd/generator.late/koha-common.service is transient or generated.'
- apply patch, build package, install new package
- note $message is gone! :)
- test koha-common.service
# systemctl start koha-common
# systemctl status koha-common | grep running
Active: active (running) since Sun 2023-04-02 00:27:31 NZDT <<<
# systemctl stop koha-common
# systemctl status koha-common | grep dead
Active: inactive (dead) since Sun 2023-04-02 00:25:34 NZDT <<<
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch replaces an h6 with a span to avoid a jump from h2 to h6.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the OAuth/OIDC client pass a `state` parameter with a
CSRF protection token, to be validated back when the flow returns to
Koha.
Ideally, the Mojolicious::Plugin::OAuth2 library should deal with this
implicitly, probably making use of JWT. But as of now, this is the best
way to implement it.
To test:
1. Have a working SSO solution (ktd --sso)
2. Click to login using SSO
=> SUCCESS: Notice a 'state' parameter on the URL, looks like a random
thing
3. When you login, no error is reported
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We need to 'mock' the new pref EmailFieldPrecedence
Test plan:
Run t/Auth_with_shibboleth.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch reintroduces the dropdown that got lost in some refactoring
of the patchset. It also introduces a couple minor fixes.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch fixed the following on orderreceive.tt:
-One of the <th> is closed with a </td>
-The #jobpanel element div is not properly closed
-Style tags are in the HTML body and they should be in the HTML head
-The #modal-order-main needs a class of 'row', this has been added.
Apply the pacth and follow the steps in 8179 until you get to the orderreceive.tt. There should be no visual changes but the markup has been corrected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch corrects an instance of the term "reserved" and replaces it
with "on hold."
The string is shown when the user tries to add an item which is on
hold to a bundle.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The first line would not show in the system preference editor
due to missing quotes.
Also added information on the option names, link to the schema
and an example.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch modifies the link in EmailFieldPrecedence to reflect the new
name of EmailFieldPrimary. It also adds a note in the latter to set the
'first valid' order in the former.
To test:
1. Go to Administration > Global system preferences
2. Search for EmailFieldPrecedence
3. Click on the link in the description
--> It should lead to EmailFieldPrimary
4. Read the note in EmailFieldPrimary, make sure the grammar and
spelling are correct.
5. Click the link to EmailFieldPrecedence
--> It should lead to EmailFieldPrecedence
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch update the Koha::Patron->first_valid_email_address method to
use the newly defined EmailFieldPrecedence preference.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a new EmailFieldPrecidence systempreference to allow
users to set the precicence in which patron email fields should be used
for communications.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. Add a new notice in the Circulation module with a letter code of 'ABC'. Give the new notice a name of 'Overdue notice'.
2. Now to go Overdue notice/status triggers and look at the dropdown, notice 2 choices that both read 'Overdue notice'.
3. Apply patch and try again.
4. The new notice should now read "Overdue notice (ABC)" and should be easy to distinguish from the original.
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Users needs anonymous access to OAuth endpoints so that they can
login, and then use authenticated access for other endpoints.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This change fixes the definition for the non-public endpoint for the OAuth/OIDC
implementation.
It also uses the non-public endpoint for the staff interface UI.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the URL for staff login not point to the `/public`
namespace. The behavior is not changed for the protocol, but as
`/public` requires several settings to be available, it effectively
requires to enable the OPAC, the public API, etc. This patch
diferentiates both to solve the problem.
I've tested following the Wiki instructions to set keycloak [1] using
the *--sso* switch for `ktd` as well [2].
It is important to set the following URLs as allowed redirect in order
to replicate the issue and verify the fix:
http://localhost:8080/api/v1/public/oauth/login/test/opachttp://localhost:8081/api/v1/oauth/login/test/staff
To test:
1. Login into the staff interface using the SSO link:
=> FAIL: Results in a 'Bad redirect URL' error
2. Apply this patch and repeat 1
=> SUCCESS: You get a permission denied error or you just login,
depending on your setup.
[1] https://wiki.koha-community.org/wiki/Testing_SSO
[2] ktd --sso up -d
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
1. Verify in "About" page that SMS::Send is installed.
If not, install it.
2. Set system preferences:
- SMSSendDriver = 'Test'
- MembershipExpiryDaysNotice = 30
3. In "Notices and Slips" tool, edit the 'MEMBERSHIP_EXPIRY' letter and
verify that both email and sms parts are filled. Use a different
title and body for the sms part
4. Create a new borrower with an email address and an SMS number. Set
their expiry date to a date next week
5. Run misc/cronjobs/membership_expiry.pl --confirm
6. Verify in the patron "Notices" tab that two notices are pending, one
for email, one for sms
Sponsored-by: Médiathèque de Montauban
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We shouldn't be including tag 147 in every authority MARC framework we
install, since like all 1xx authority tags there should only be
one per record. It only belongs in a NAME_EVENT framework, which we
don't install.
Test plan:
1. Apply patch, kd && ku or however you like to restart
2. Administration - Authority types - Actions button for Default
- MARC structure
3. In the search box below the text "Select an authority framework"
enter 147 and click OK
4. Once you see that it exists in Default, switch the dropdown to
each of the other frameworks and verify it doesn't appear in
any.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test Plan:
1) Enable autobarcode
2) Create a new item template, leave the barcode field blank
3) Apply that item template
4) Note the template prefills the barcode field
5) Delete that item template
6) Apply this patch
7) Restart all the things!
8) Repeat steps 2-4
9) Note the barcode field remains empty!
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
1. Have items that include itemcallnumber.
2. Enable OPACShelfBrowser.
3. Enable SyndeticsCoverImages and SyndeticsEnabled.
4. Go the an OPAC detail page and open the shelf browser.
5. Use the Next/Previous buttons.
6. Notice that no Syndetics images populate after using Next/Previous buttons.
7. Apply patch and try again, cover images for Syndetics should be generating.
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>
Rebased-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When there is only one result line, the text "Checked out" would
show directly after the icon at the end of the title. This makes sure
there will always be a little space between them.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If one tries to print checkin slip for checkins that
have been checked out from different branch, list
of checkins is empty. One has to change their branch
as checkout library to be able to print checkins.
This happens because we filter (or rather search) patrons
old checkouts with logged in patrons branch. This patch
removes this search so that checkout are filtered using
just filter_by_todays_checkins.
To test:
1. Checkout items for patron from branch A.
2. Switch to branch B and checkin items.
3. Print checkin slip.
=> Checkins list is empty.
4. Switch back to branch A.
5. Print checkin slip again.
=> Checkins are printed.
6. Apply this patch, restart services if needed.
7. Switch back to branch B and print checkin slip.
=> Checkins should now print.
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
