Decodes userid on two places in checkauth of C4/Auth.pm
Test plan:
Include some non-Latin characters in your userid (loginname). Arab, Chinese?
Login into opac and check user page.
Go to staff (no new login), check your login name at various places.
Logout, login via staff.
Do the same.
Go to opac again (no new login), check user page.
Optionally: Remove all your sessions from table. Do a login. Check sessions.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works as described. No errors.
This patch fixes this problem, but I wonder if
there is a general solution that handle all as utf8.
Tested in opac and staff.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Bug 6554 patched output_html_with_http_headers to encode utf8 data, and Templates.pm to expect utf8 data to be encoded.
(At least) the staff login screen outputs directly to STDOUT (Auth.pm does, WHICH IS WRONG!) and wasn't fixed to do the encoding first.
This patch makes it use output_html_with_http_headers and solves the problem.
Changed 'use' for 'require' as jcamins and marcelr suggested.
Regards
To+
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch adds the ability to add groups to the library select
pulldown on the opac, if it is enabled.
Test Plan:
1) Apply patch
2) Run updatedatabase.pl
3) Go to Administration › Libraries and groups
4) Create a new group, or edit an existing one
5) Ensure the 'Show in search pulldown' checkbox is checked
6) Save the group
7) Enable OpacAddMastheadLibraryPulldown if it is not already enabled
8) Load the OPAC, try the group search from the libraries pulldown menu
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Yes! Now this works, and well.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Adds support for custom plugins. At the moment the Plugins
feature supports two types of plugins, reports and tools.
Plugins are installed by uploading KPZ ( Koha Plugin Zip )
packages. A KPZ file is just a zip file containing the
perl files, template files, and any other files neccessary
to make the plugin work.
Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Create the directory /var/lib/koha/plugins
4) Add the lines
<pluginsdir>/var/lib/koha/plugins</pluginsdir>
<enable_plugins>1</enable_plugins>"
to your koha-conf.xml file
5) Add the line
Alias /plugin/ "/var/lib/koha/plugins/"
to your koha-httpd.conf file
6) Restart your webserver
7) Access the plugins system from the "More" pulldown
8) Upload the example plugin file provided here
9) Try it out!
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch removes 'insecure' system preference.
Also removes remaining code that make use of
the preference. It's broken anyway.
Only remains a reference in POD of C4/Boolean.pm
To test:
1) If you like, enable 'insecure' syspref. Broken system.
WARN: be prepared to revert value in database.
2) Apply the patch
3) Run updatedatabase.pl
4) Check that Staff login proceeds as usual.
5) Check that 'insecure' syspref is no more.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Amended patch: Remove 2 occurrences of insecure (in comment only)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Removed NoZebra vestiges. This comprises several code blocks that depend on the NoZebra syspref and NZ related functions/methods.
C4::Biblio->
GetNoZebraIndexes
_DelBiblioNoZebra
_AddBiblioNoZebra
C4::Search->
NZgetRecords
NZanalyse
NZoperatorAND
NZoperatorOR
NZoperatorNOT
NZorder
C4::Installer->
set_indexing_engine
Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Solve that problem, but now koha-qa complains about tabs
in C4/Context.pm.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tests done:
1) System preference 'Persona' added correctly.
2) Persona off, normal login still possible
3) Persona on, Persona login works
4) Persona logout works
5) normal login still possible
6) normal logout still possible
Persona is off by default and uses the primary email address
from the patron account.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Not introduced by this work but no reason not to clean it
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: no more complains from koha-qa
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
And translation problem in masthead.inc
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Working on Mozilla Persona support (browser id)
This will let a user log into Koha using browser id, if their email
address used matches the email address inside Koha.
Once an assertion is received, we simply need to find the user that
matches that email address, and create a session for them.
opac/svc/login handles this part.
The nice thing about it is, the user doesn't have to do anything, like
linking their account. As long as the email address they are using to
identify themselves in browserid is the same as the one in Koha it
will just work.
This is covered by a systempreference, to allow people to do it, and
is of course totally opt in, it works alongside normal Koha (or any
other method) of login. So only those choosing to use it, need use it
Test Plan
1/ Make sure OPACBaseURL is set correctly
2/ Switch on the Persona syspref
3/ Make a borrower (or edit one) to have the email you plan to use as
the primary email
4/ Click sign in with email, make or use a persona account
5/ Logout
6/ Check you can still login and logout the normal way
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works great.
It's not browser dependent, but tested with chrome, firefox, opera and safari.
Old an new login system works.
Minor errors, addresed in follow-up.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
- the dateformat value is send to all templates (from
C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
- opac/sco/sco-main.pl
- reports/acquisitions_stats.pl
- tools/cleanborrowers.pl
All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.
Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
adding dates
Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
The 2 files C4/Auth.pm and install.pl *must* have the $version variable
set to what is the last old-mechanism for updatedatabase
This patch set to 3.11.00001 that is the last number when I QA this patch
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
This patch use DataTable, see BUG|BZ 6836
- css/datatables.css
- lib/jquery/plugins/jquery.dataTables.min.js
- js/datatables.js
http://bugs.koha-community.org/show_bug.cgi?id=7167
Bug 7167 follow-up
Major changes:
* creating database tables for update on the fly, the 1st time the update script is called
* version is checked on mainpage.pl (and here only). If syspref Version differ from kohaversion.pl, the old updatedatabase is launched. If there are updates missing from new mechanism, the updatedatabase page is reached
* kohaversion check on each page is now useless in Auth.pm, removed dead code
* Updated installer: at the end of the process, retrieve all updates and automatically mark them "OK", as they're included in installer
Minor changes:
* adding copyright
* adding poddoc
* updating a warning, for better clarity
* switching from $$var to $var->
* small TT glitch fixed in updatedatabase.tt
* about.pl now returns the Version systempreference PLUS all the patches that have been applied
Bug 7167 follow-up perlcritic & numbers display & partial apply depending on DEBUG
* add use strict to updatedatabase, that is now perlcritic compliant
* partial apply of DB revs is now managed by DEBUG env variable = if DEBUG=0, the user can just apply every DBrev. If DEBUG=1, we're in a dev env, the user know has the option to apply DBrevs one by one
Display:
* in updatedatabase, small spelling changes
* in about.pl, remove 0 just after . (3.06.01 is displayed as 3.6.1)
* improve the display of applied numbers on about.pl
- before this patch, if you have N, N+1, N+2, N+3 and N+10 DB rev applied, about was displaying : , N+1 / N+2 / N+3 / N+10
- after this patch you have N......N+3 / N+10
* add ORDER BY into list_versions_already_knows to have number retrieved in the same order whatever the order they are applied
http://bugs.koha-community.org/show_bug.cgi?id=6679
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Improve the update.pl script
* Added CLI options to update.pl
* Call update.pl from the installer.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Now, we check versions on mainpage.pl and after login
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Reimplementing Marcel's suggestions & fixes
* Fixing the bugguy old version check (that was made against 3.0900000 instead of 3.0900027 -the last current kohaversion number
* in the CLI script, if there is nothing to report, just say it
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 7167: Remove check_coherency
As suggested by Katrin, we've removed the call to check_coherency. It intended to provide readable comments when some SQL was wrong. Removing this sub result in the SQL error being displayed. That's OK because the sysadmin or the developer can google the error, understand it, then fix it.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Changing in .sql parsing
We first split on delimiter and then extract comments. You can now put
\n for delimiter comments.
ex:
DELIMITER ;
-- this is a comment
SELECT * FROM my_table;
-- another comment
Before this patch, we had to write:
DELIMITER ;
-- this is a comment;
SELECT * FROM my_table;
-- another comment;
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Add .pl and .sql examples
Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)
Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Improve display + factorize get_queries
Despite it's size, this patch is dealing with display questions only:
* The text "comments" and "queries" was hardcoded in ajax-updatedb-getinfo.pl script. It has been replaced by a JSON call, returning 2 separate values, "comments:" and "queries:" is now in the template, making it translatable
* Some minor tweak in the display (like putting things in bold, displaying OK in green, warnings in yellow and KO in red)
* Reordering the column headers for more readability:
* Status column is merged with availability, column is after status
* Status/availability terms more clear: "Not applied" instead of "unknown", "Applied and OK", "Applied and failed", "Applied and forced" are the 3 other statuses
* Removed one click to display comments on DBREv not yet applied: before the patch, one had to click "Show details", then "Get comments", now, "Get comments" is enough
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: FIX typos & moving a script to a proper place
* renamed availables to available
* renamed already_knows to already_applied
* fixed FSF & copyright headers
* removing a "use strict" because we already had use Modern::Perl
* fixed a tiny typo in about.tt
* moving update.pl to misc/bin because it's a CLI script
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Add dependency File::Find::Rule
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: We want to execute non-numeric version with the -all option
Dealing with Marcel comment 100:
> Note that the current code around line 52/53 does not
> handle that correctly:
> Argument "\x{74}\x{65}..." isn't numeric in numeric ge (>=) at
> installer/data/mysql/update.pl line 52.
Now, a non-numeric DBRev will be applied if you provide the --all parameter, without throwing the error
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167 reindentation & removing dead code
* The if (! defined $ENV{PERL5LIB}... block was wrongly intented
* The 3 lines running update.pl are useless: the update (new mechanism) is run from admin/updatedatabase.pl script. This part of install.pl is run only when you have "old style" DB revisions.
Summary:
* old mechanism = it's run as previously, by reaching the installer/install.pl?step=3 page, that applies all revisions
* new mechanism = when you log-in or reach mainpage.pl, you reach admin/updatedatabase.pl, where you can see what will be run, and run it
Tiny side effect = the check for old mechanism is now done *after* authentification (thus it's not done on each page call). It means that the user will have to enter login/password twice :
* first to log-in to Koha
* second to run installer/updatedatabase.pl?step=3
As the old mechanism is deprecated, we can expect this will happend only a few time in the history of a setup, it's not a big deal.
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Don't raise an error in routine TableExists
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: FIX merge
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Add .pl and .sql examples
Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)
Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167 follow-up fix POD syntax to please koha-qa.pl
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch fix the order of branches in the log-in page,
on Branch.pm we added the variable branchcode to the
hash returned by GetBranchesLoop, and this function is used
on Auth.pm to get a list of branches ordered by branchname
To test
1) Use an installation with some branches
2) On login screen the branches are ordered by branchcode
3) apply the patch
4) On login screen the branches are now ordered by branchname
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch works as expected. Before applying the patch the branches
with lower case was at the end of the list. Now they are well ordered.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.
Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.
For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).
NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay
NEW NOTICE
* Verify by email notice
NEW SLIP
* Temporary card slip
NEW CRON JOB
* delete_expired_opac_registrations.pl
- Deletes patrons that have not been upgraded from the temporary
status within the specified delay
* delete_unverified_opac_registrations.pl
- Deletes the unverified patrons based on the length of time specified
in the PatronSelfRegistrationExpireTemporaryAccountsDelay
The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.
Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.
Test Plan - Part 2 - Borrower Modifications
1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
submit.
8) Check the records, you should see the changes take affect on the
approved one, and no changes to the other two. You should also see
"Patrons requesting modifications: 1" at the bottom of mainpage.pl
now.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 7067 - OPAC Borrower Self Registration - Followup
* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
PatronSelfRegistrationVerifyByEmail is enabled.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Found three cases where variables were being
referenced which did not (in each case) exist. Adding
checks for those variables' existence.
Errors appeared when logged in and viewing a detail
page in the OPAC.
Revision simplifies logic as per RM suggestion.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
If the syspref OpacMaintenance is ON, it is useless to loaded the
requested page.
To test:
- switch on the syspref OpacMaintenace
- check in your apache access log, zebra log, etc. the requested page is
not loaded (i.e. on the opac-search.pl page)
Signed-off-by: Marc Veron <veron@veron.ch>
Checked by watching other_vhosts_access.log
Works as expected
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
A subroutine was not being imported by C4::ImportBatch (ironic, no?)
so this patch makes the call fully-qualified. This patch also cleans
up two warnings in C4::Auth that are raised when logged in as the
database user.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Tested standard login, patron auto-complete, and system preferences.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Added the following missing code to ensure the correct icon
is used when logged out:
IntranetFavicon => C4::Context->preference('IntranetFavicon')
This was added into an existing $template->param() call.
Not to be confused with the koha logo on the login page, the
icon is a 16x16 pixel graphic in the browser tab. The default
is found at .../intranet-tmpl/prog/en/includes/favicon.ico.
If the "IntranetFavicon" system preference is set, it should be
used by the staff client regardless of login state. It was not
being used in the "AUTH rejected" section of Auth.pm, but the
OpacFavicon variable was being set. This explains why the
"OpacFavicon" system preference works for the OPAC client, but
not the staff client upon logout.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Subroutine prototypes used at line 561, column 1. See page 194 of PBP. (Severity: 5)
Bareword file handle opened at line 606, column 5. See pages 202,204 of PBP. (Severity: 5)
Two-argument "open" used at line 606, column 5. See page 207 of PBP. (Severity: 5)
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch reintroduces 'use warnings' in C4/Auth.pm.
Keep attentive to new warning messages in your log
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch adds the following system preferences:
* OpacMainUserBlockMobile - alternate content for the MainUserBlock for
mobile
* OPACMobileUserCSS - custom CSS for mobile views only
* OpacShowFiltersPulldownMobile - whether or not to show the index
dropdown on the mobile view
* OpacShowLibrariesPulldownMobile - whether or not to show the library
dropdown on the mobile view
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch removes the AmazonReviews and AmazonSimilarItems
features from the OPAC and staff client. With on Amazon
feature remaining, cover images, the *AmazonEnabled preference
is also removed in favor of checking the *AmazonCoverImages
preference. Two other system preferences, AWSAccessKeyID and
AWSPrivateKey are removed as they were required only by the
removed features.
Handling of book cover images from Amazon is unchanged.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Turned on amazon covers in opac and staff client and all
worked as expected. Then tested to make sure other cover image
services still worked and they do.
Signing off.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch makes the use of opaccolorstylesheet and opaclayoutstylesheet more consistent. They may be: 1) just a file name, 2) a complete local path or 3) a full URL starting with http: for a remote css file.
This makes the syspref opacstylesheet that was only used for a remote css file obsolete.
June 20, 2012 Rebased.
July 18, 2012: Regex allows https too (thanks to Owen Leonard).
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
There is a mis-scoped function call in C4::Auth, on line 154, where
GetMembers is called without explicit scoping and before
'require C4::Members;'. This does not actually have any functional
ramifications as far as I can tell, but it would be a good idea to fix
it.
This patch also corrects a bit of indenting in that area, because it was
an unnecessary challenge to understand the code with the mis-indenting.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Adds the ability to attach unlimited arbitrary files to
a borrower record.
Test Plan:
1) Enable system preference EnableBorrowerFiles
2) Look up borrower record, click 'Files' tab on left
3) Upload a file, download the file, delete the file.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
rebased for current master.
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
rebased again; some indentation issues in include menus.
This patch creates a new system preference, OpacNavRight, in
which the librarian can add HTML which will appear on the OPAC
main page under the login form. If the user is logged in the content
will appear in place of the login form.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The HTML for authority search results was previously generated in
C4::AuthoritiesMarc::BuildSummary, which meant that it couldn't be
translated. This patch moves the HTML generation into the templates
by introducing a new authorities-search-results.inc include file for
both the OPAC and the Intranet which contains a Template::Toolkit BLOCK
for rendering the authority results. Fixes the authority autocomplete
by removing the untranslatable strings, and returning only data from
the database.
To test:
1. Apply patch.
2. Test authority searching in the authority module in the staff client
3. Test authority searching in the authority control plugin in the
cataloguing module (and the plugin for UNIMARC field 210$c, if you
can figure out how)
4. Test authority searching in the OPAC
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with MARC21 data.
1) Applies cleanly on current HEAD.
2) Authority search in staff
Patch works wonderfully, only some small notes found while testing that have
not been changed by this patch:
ENH note: Search terms show up nowhere. So if I want to change the sorting, I have to
repeat typing in my search term. Even if the form does not keep the term, it
should be visible somewhere on the screen what I searched for.
ENH note: The pagination on top and at the bottom of the result list are formatted
differently. Maybe some missing CSS?
ENH note: Also the authority type is not shown at all in the result list.
3) Cataloguing and authority plugins
The autocomplete function works nicely.
ENH note: There is only one small enhancement
I could imagine. If I start my search from 100 it will limit the search to
'persons' but the autocomplete will also suggest other authorities. It would
be a bit cleaner, if the autocomplete could limit by the appropriate authority
type too. Very nice feature.
Plugins overall work nicely. Created links include the authority numbers and work
correctly.
4) Authority search in OPAC
Works nicely. Display is consistent, but translatability greatly improved.
ENH note: In staff we use 'Details' in OPAC we use 'View full heading' - I wonder
if maybe 'details' would be better understandable for users?
Note: Code reveals a system preference 'AuthDisplayHierarchy' that is
not available in the system preference editor. I talked to Jared and he
will work on this feature later on. For now it's no regression, as the
preference has never been visible.
So we shouldn't try to delete it. This produces application error
instead of redirection to login page.
I had similar problems with CGI, especially when session in browser
is still active, and one on filesystem or database is already expired.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Solved the problem when my Plack installation started acting up due to
stale cookies.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Patch introduces a new system preference "OpacBrowseResults" to control
the feature for browsing and paging through results shown on top of the
left menu on detail pages in OPAC.
Preference is activated by default and can be deactivated using the
system preference.
To test:
- Check database update works correctly
- Check that browsing and paging still works with after database update
- Deactivate the feature by setting 'OpacBrowseResults' to 'Disable'
- Check the feature does no longer show up in OPAC
- Check that a new installation also has the system preference with correct default
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
patch applied to commit eb3dc448d2
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Turned on star ratings in the opac on details and results
Searched for titles - saw the stars
Clicked on a title
Clicked on the stars
Clicked on the stars to change my rating
Logged out
Tried to click on stars
Logged in as different user
Rated items that were rated already and saw average change
Changed preference to show only on detail and repeated tests
Changed preference to now show stars
All above tests passed. Signing off.
Rebased 3-19-12 by Ian Walls
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
writing to STDOUT breaks plack when running with DEBUG=1
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This lays the foundation for further changes for report 7310.
Implements following points from the wiki page List permissions:
1) Preference that controls if users may create public lists in opac.
2) New add/delete own/delete other permissions per list.
Code has been changed (in some cases refactored). New permissions are not yet visible; with this patch current functionality is kept as much as possible while resolving several issues, improving permissions and extending the code for further developments (using the new permissions and sharing lists).
Feb 23, 2012 (revision): Changed defaults for new lists. Could also remove routine GetRecentShelves by using GetSomeShelfNames in catalogue/search.pl just as opac-search.pl already did. (More consistent.)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Feb 29, 2012: Automerge version.
March 5, 2012: Rebase for pushed 4912 patch.
March 21, 2012: Rebased. Resolving some conflicts in relation to pushed report 7719.
This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress
If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.
The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.
This is an example of what might go in the Apache configuration for the
virtual host:
#SSLVerifyClient require # only allow PKI authentication
SSLVerifyClient optional
SSLVerifyDepth 2
SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
SSLOptions +StdEnvVars
The last line ensures that the required details are
passed to Koha.
To test the PKI authentication, use the following curl command:
curl -k --cert client.crt --key client.key https://URL/
(look through the output to find the "Welcome," line to indicate that a user
has been authenticated or the "Log in to Your Account" to indicate that a
user has not been authenticated)
To create the certificates needed for the above command, the following series
of commands will work:
# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# This is the ca.crt file that the Apache config needs to know about,
# so put the file at /etc/apache2/ssl/test/ca.crt
# Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
# We're self signing our own server cert here. This is a no-no in
# production.
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
-set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
# Sign the client certificate with our CA cert. Unlike signing our own
# server cert, this is what we want to do.
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key \
-set_serial 02 -out client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
# In theory we can install this client.p12 file in Firefox or Chrome, but
# the exact steps for doing so are unclear, and outside the scope of this
# patch
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Tested with Common Name and E-mail authentication, as well as with PKI
authentication disabled. Regular logins continue to work in all cases when
SSL authentication is set to optional on the server.
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA comment: synchronized updatedatabase.pl version of syspref with sysprefs.sql
version, to avoid divergent databases between new and upgrading users.
Removing references to unused template variables and markup.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Confirmed that memcached is still being used after the memcached configuration
in koha-conf.xml was removed, and the following two lines were added to
both virtual hosts in koha-httpd.conf:
SetEnv MEMCACHED_SERVERS "127.0.0.1:11211"
SetEnv MEMCACHED_NAMESPACE "KOHA"
* removed use C4::Koha that is useless
* moved "use C4::Members" to "require C4::Members" just before GetMemberDetails call. This will avoid loading C4::Member everytime a page is called by someone not logged
* still to do = work on C4::VirtualShelves, that can be optimized, definetly !
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master, 28 Jan 2012
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Please WAIT with virtual shelves. Working on that..
Tested and marked as Passed QA.
Signed-off-by: Aleksa Vujicic <aleksa@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended to replace some copy-and-paste comments only with consent of MJR.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
