because of desc
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
PatronsPerPage should be done on a separate bug report, not trivial
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
because of desc
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
No change expected here for ILL
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
For some reason, with the combination of jQuery 3.6.0 and jQueryUI
1.13.1, the way to access the current active tab's link has changed.
Previously the tab activate event would provide information about the
link as "ui.newTab.context." It appears that "context" is no longer
available.
This patch updates the two instances in Koha where this process is
broken.
To test, apply the patch and check out to a patron with holds on their
account.
- When the checkout page loads, confirm that each tab loads its contents
correctly when clicked.
- Check that the correct tab is activated when you append the tab link
to the page url, e.g.
/cgi-bin/koha/circ/circulation.pl?borrowernumber=XXX#reldebarments
...which should select the "Restrictions" tab for you. You may need to
try this in a new tab or shift-reload to get the browser to look for
the hash.
- Perform the same tests on the patron details page.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
FAIL members/two_factor_auth.pl
FAIL file permissions
File must have the exec flag
FAIL koha-tmpl/intranet-tmpl/prog/en/modules/members/two_factor_auth.tt
FAIL filters
missing_filter at line 42 ( <p>Account: [% issuer %]</p>)
missing_filter at line 43 ( <p>Key: [% key_id %]</p>)
missing_filter at line 54 ( <input type="hidden" name="secret32" value="[% secret32 %]" />)
missing_filter at line 58 ( <img id="qr_code" src="[% qr_code_url %]" />)
FAIL Koha/Auth/TwoFactorAuth.pm
FAIL pod coverage
POD is missing for 'new'
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patchset introduces the Two-factor authentication (2FA) idea in
Koha.
It is far for complete, and only implement one way of doing it, but at
least it's a first step.
The idea here is to offer the librarian user the ability to
enable/disable 2FA when logging in to Koha.
It will use time-based, one-time passwords (TOTP) as the second factor,
an application to handle that will be required.
https://en.wikipedia.org/wiki/Time-based_One-Time_Password
More developements are possible on top of this:
* Send a notice (sms or email) with the code
* Force 2FA for librarians
* Implementation for OPAC
* WebAuthn, FIDO2, etc. - https://fidoalliance.org/category/intro-fido/
Test plan:
0.
a. % apt install -y libauth-googleauth-perl && updatedatabase && restart_all
b. To test this you will need an app to generate the TOTP token, you can
use FreeOTP that is open source and easy to use.
1. Turn on TwoFactorAuthentication
2. Go to your account, click 'More' > 'Manage Two-Factor authentication'
3. Click Enable, scan the QR code with the app, insert the pin code and
register
4. Your account now requires 2FA to login!
5. Notice that you can browse until you logout
6. Logout
7. Enter the credential and the pincode provided by the app
8. Logout
9. Enter the credential, no pincode
10. Confirm that you are stuck on the second auth form (ie. you cannot
access other Koha pages)
11. Click logout => First login form
12. Enter the credential and the pincode provided by the app
Sponsored-by: Orex Digital
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes some corrections to issues found during testing:
Some duplicate headings, a markup error in labeledMARCdetail.tt, a
change of the transfers heading from "Branch transfers" to "Item
transfers."
This patch also undoes the changes to the position of the toolbar on
several pages. I think those changes don't belong in this bug.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Changed each of the pages in the labels and members folders to have one
<h1> tag showing that describes the page, rather than the <h1>
describing the logo.
The hierarchy of heading tags may be broken in many pages, but this
will be dealt with in an additional bug.
To test:
1) Go to the Staff Client
2) Apply patch
3) Go to each of the pages in the labels and members folders and check
that they have an obvious and descriptive heading
4) Ensure that the heading in the page is <h1>
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To be nicer with translators.
Update the PO files for whichever languages will show how this is
useful.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Rebased-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch removes the definition of translatable strings out of
templates and into the corresponding JavaScript file, using the new JS
i81n function.
Note: I was unable to trigger the confirmation message in the
check_form_borrowers function. I think the form is now structured in a
way that it is never triggered, thus a candidate for removal.
To test:
- Apply the patch and go to Patrons.
- Add or edit a patron.
- Select a date of birth at least one month in the past and confirm that
the patron's age is displayed in the hint below.
- Test multiple variations to confirm that the singular and plural of
'year' and 'month' display correctly. (e.g. 1 year 9 months, 2 years,
etc).
- Set some patron messaging preferences for the patron.
- Change the patron category.
- You should get a confirmation: "Change messaging preferences to
default for this category?"
TESTING TRANSLATABILITY
- Update a translation, e.g. fr-FR:
> cd misc/translator
> perl translate update fr-FR
- Open the corresponding .po file for JavaScript strings, e.g.
misc/translator/po/fr-FR-messages-js.po
- Locate strings pulled from
koha-tmpl/intranet-tmpl/prog/js/members.js for translation, e.g.:
msgid "%s years"
msgstr ""
- Edit the "msgstr" string however you want (it's just for testing).
- Install the updated translation:
> perl translate install fr-FR
- Switch to your newly translated language in the staff client
and repeat the test plan above. The translated strings should
appear.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates the circulation history page to replace jQueryUI tabs
with Bootstrap tabs. A minor JavaScript change is required to work
with the new HTML structure.
To test you'll view the staff interface circulation history page with
the OnSiteCheckouts system preference on and off.
- With OnSiteCheckouts off, locate a patron who has current and/or
past checkouts.
- View the "Circulation history" page for that patron.
- The table of checkouts should display with no tabbed interface.
- With OnSiteCheckouts on, the page should show three tabs: All,
Checkouts, and On-site checkouts.
- Confirm that clicking on each tab correctly filters the table, e.g.
the On-site checkouts tab should show only on-site checkouts.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Petro Vashchuk <stalkernoid@gmail.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates templates to include the new version of jQueryUI. It
removes some references to the now unused datepicker widget as well as
the jQuery timepicker addon.
Some minor JavaScript and style updates to fix issues resulting from the
upgrade.
To test, apply the patch and update the CSS in the staff interface AND
in the OPAC
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
IN THE OPAC:
- The OPAC only uses the tabs jQueryUI widget.
- View pages where tabs are used: Bibliographic details, user summary,
advanced search.
IN THE STAFF INTERFACE:
- The staff interface uses four jQueryUI widgets: accordion,
autocomplete, sortable, and tabs
- Test the accordion widget on two pages: Administration -> Table
settings and Patrons -> Patrons requesting modifications.
- Test autocomplete (requires PatronAutoComplete to be enabled) on
various pages. For example:
- From the "Check out" tab in the header search box.
- From the "Search patrons" tab in the header search box, e.g. from
the main Patrons page.
- Place hold -> Search patrons.
- Tools -> Patron lists -> Add patrons to list -> Patron search.
- Test sortable:
- Administration -> System preferences -> Language.
- With more than one language installed you should be able to
drag to re-order the enabled languages. Confirm that your change
is saved successfully.
- Administration -> MARC bibliographic framework -> MARC structure ->
Edit subfields on a tag with multiple subfields. You should be able
to drag to re-order the tabs at the top of the subfield constraints
edit page. Confirm that your changes are saved successfully.
- Cataloging -> New record. Test that you can re-order subfields
under a tag with multiple subfields and that your changes are
saved.
- Tabs: View various pages with tabs: Check out, bibliographic details,
basic MARC editor. They're everywhere.
Also confirm that the removal of the leftover datepicker doesn't affect
pages which use the calendar include: Test various pages which use
Flatpickr, e.g. check out, renew, reports, etc.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test:
* Length menu (PatronsPerPage)
* Query description
* Highlight of the current library
* sticky header - Does not work (?)
If the table does not show when you submit the filter form, make sure
you regenerated the compiled CSS.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
In this patch we want to reuse what has been done in the previous bug
report to search patrons using the REST API route.
The code is mainly in members/search.tt, for all the patron searches
that "add" or "select" a patron (popup windows).
The patron search for holds is a bit different, we don't want to open a
popup window.
We are moving to code to an include file (patron-search.tt) to make it
reusable easily.
Note that we are improving how the patron's addresses are displayed, and
provide a JS equivalent to the TT includes files.
Test plan:
Search for patrons from the "Place a hold on" view.
You should see the same view as behaviour, with more filters.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
We will use 'patron-search.inc' in the next patch
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
For libraries and categories we need to use an exact match.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
At this point it does not change anything, all calls to
members/search.pl has "name" in second column, but that will be helpful
in follow-up bugs.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
We lost the DefaultPatronSearchFields behaviour, we don't want to search
on all data but only DefaultPatronSearchFields
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
No idea why we need that.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Last patches remove the ability to search on extended attributes.
C4::Utils::DataTables::Members::search is searching on all the
attributes that are flagged as "searchable", we want to keep this
behaviour.
I have tried several things and this is the simplest I have found.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Two new routes that do the same thing
/api/v1/acquisitions/funds/owners
/api/v1/acquisitions/funds/users
To list the possible owners and users for a fund
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test plan:
Add a manager to a basket
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test plan:
Select a manager for a suggestion
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch will rewrite some of our patron searches to make them use the
REST API routes (and so the powerful the DataTables wrapper which will
bring all the nice DT feature to filter, sort, etc.)
The patron searches we will take into account here are those that we use
to select a patron in a pop-up:
* Guarantor
* Suggestion's manager
* Patron's card
* Serial routing list
* Users to notify when order is received
* Manager of an acquisition basket
* Owner and users of a fund
Regarding permissions there are two main problematics:
* Filter a patron set by patrons having a
specific subpermissions (in case of adding a manager to a suggestion or
when we deal with acquisition and funds). We added a new
Koha::Patrons->filter_by_have_subpermission method that will take in
parameter a subpermission. To make thing transparent for the callers we
are adding new routes, like /suggestions/managers to list the possible
managers of suggestions.
* Restrict/allow access to the default patron searches /patrons
We need to access it when a logged in patron does not have borrowers
permission.
Ideally we need a separate "search_borrowers" subpermissions but it's
considered outside the scope of this change.
For each patch you will take care of testing the different permissions
that are into effect (either for the logged in patron or the patrons
returned by the search).
The tables should contain the same columns as prior to this patch,
except for "categories" and "library". We have the filter on top of the
page and so we need to add them to the table as new columns if they
weren't there before.
Test plan (for this patch):
Search for guarantor and select
Test plan (for all patches):
Add/Select patrons from the correct place where you can search for
patrons, play extensively with the filters/pagination/etc
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
moremember-patronimage.pl|tt were not needed.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch builds on a patch by Mark Tompsett, adding the option to take
a patron's picture using the computer's webcam. The photo can then be
saved to the patron's account.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to Administration -> System preferences and enable the
'patronimages' preference.
- View a patron record. In the sidebar, hover your mouse over the blank
patron image. Click the "Edit" button which appears.
- A modal window should appear with two sections, "Upload patron photo"
and "Take patron photo."
- If your computer has a webcam, your browser should ask permission to
access it. Grant access.
- You should see the view of your webcam shown under the "Take photo"
button.
- Click the "Take photo" button. The captured photo should be shown in
place of the live video from the webcam.
- You should now see three buttons: "Retake photo," "Download photo,"
and "Upload photo."
- Clicking "Retake photo" should hide those buttons and return you
to a live video view.
- Clicking "Download" should make your browser download the image.
- Clicking "Upload" should cause the page to redirect back to the
patron detail page where you should see the new patron image
displayed in the sidebar.
- Trigger the modal again and click the "cancel" button. The
modal should disappear and camera access should stop.
- If your computer has no webcam the modal should appear correctly but
there should be a banner at the bottom indicating that a camera is not
available.
- Try the test again but this time deny your browser access to the
webcam. You may need to reset the camera permissions in your browser's
settings. When the modal appears you should see a message saying
access to the camera is denied.
- The patron image edit modal should be available on all pages which
show the patron image in the sidebar: Check out, Batch check out,
Details, Accounting, Routing lists, Circulation history, Holds
history, Modification log, Notices, Statistics, Files, Purchase
suggestions, Discharges, Housebound, and ILL requests history.
- Test adding an image to a patron record using the "Upload photo"
option. It should still work correctly.
- If the patron has an image attached, the "Upload photo" section should
have a "Delete" button. Test that it works correctly.
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 30098 fixed patron search behavior when a later page has only 1 result, but broke the redirect when there is only a single result from search.
To test:
1 - Perform a patron search that returns 41 results, on koha-testing-docker, 'a' works
2 - Go to second page of results, works
3 - On third page you remain in results and are not redirected
4 - Perform a patron search that return only 1 result, name or cardnumber
5 - You get redirected to this patron page
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To reproduce (paycollect.pl):
1) Prepare or use some existing patron with outstanding fines, go to
the accounting section and open page where you make payment towards all
fines.
2) The error message should have appeared in your log file about
"File not found : default/js/locale_data.js".
3) Apply the patch.
4) Open the edit page again, ensure that the new error massage like
that didn't appear.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To reproduce (memberentry.pl):
1) Head over to the patron details page, press edit button to open the
memberentry.pl page.
2) The error message should have appeared in your log file about
"File not found : default/js/locale_data.js".
3) Apply the patch.
4) Open the edit page again, ensure that the new error massage like
that didn't appear.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>