Test plan:
Run t/db_dependent/AuthorisedValues.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Several item fields are signed tinyints, connected to
authorised value categories like NOT_LOAN etc. They only
accept -128 up to 127.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
Add category with/without integer restriction.
Test adding/editing values.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
Run updatedatabase.pl
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
I found that when switching from a branch with a default register to one without, the default register for
the last branch was remaining selected (though disabled)
When opening the page if no desk was set (choose 'My library' on initial login) the branch was default to 'No desk' rather than defaulting to the first desk of the current branch
Remove a debugging line as well
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch ties up a couple of loose ends which should have been
included in Bug 36582. The patch includes fixes for the staff interface
login page and the cash register statistics page.
To test you should have multiple libraries, desks, and cash registers
defined. You may need to enable the UseCirculationDesks and
UseCashRegisters system preferences.
- Apply the patch and log out of the staff interface.
- On the login form, test that changing your selected library correctly
affects the desk and cash register dropdowns: Only desks and registers
for your selected library should appear.
- Log in and confirm that your selections were submitted correctly.
- Go to Reports, and under "Statistics wizards" choose "Cash register."
- Confirm that changes to the "Transaction library" correctly change the
available options in the "Cash register" dropdown, including the "All"
option.
Sponsored-By: Athens County Public Libraries
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The userenv (logged in user's info) are stored in
$C4::Context->context->{activeuser}, which persists in plack worker's
memory.
It's really bad in theory as we are not cleaning it before or after the
HTTP request, but only when set_userenv is called (what we are doing
commonly in C4::Auth::get_template_and_user).
If C4::Context->userenv is called before set_userenv we should get undef,
not the userenv from the previous request!
In practice this should not be a problem, but well... who really knows?
This patch suggests to have a middleware to deal with removing the
userenv at the beginning of each request (maybe it should be after, right? - FIXME).
To test:
1 - Edit /etc/koha/sites/kohadev/koha-conf.xml to set <plack_workers>1</plack_workers>
2 - Edit about.pl and add a line after: CGI->new:
warn Data::Dumper::Dumper( C4::Cointext->userenv() );
3 - tail -f /var/log/koha/kohadev/*.log
4 - View about.pl in staff interface, should get a "somethign's wrong" warning
5 - Reload, you get current user info
6 - Open an incognito tab, sign in as a different user and click some stuff
7 - Reload about.pl in other window
8 - You get the opac user info
9 - Apply patch
10 - Edit /etc/koha/sites/kohadev/plack.psgi and add the middleware after "RealIP":
enable "+Koha::Middleware::UserEnv";
11 - Restart all
12 - Reload about.pl - you get a "Something's wrong" warning
13 - Click things in opac on incognito window
14 - Reload about.pl - only "Something's wrong" - you no longer see any user info
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
WNC amended patch: tidied
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To prevent XSS
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Really bad design, NEVER retrieve the logged in user from the CGI
param!
See comment 1 for more info
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
1) Set borrower surname to:
<script>alert("here comes trouble");</script>
2) Save, nothing happens
3) Enable showLastPatron
4) Reload patron
5) Note the alert popup
6) Apply this patch
7) Reload patron
8) No alert!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When using the opac trusted checkout feature it is possible to enter non existant or partial barcodes to check out items.
Testplan:
a) set System preference OpacTrustedCheckout to Allow
b) go to http://localhost:8080/ and login with koha / koha
c) click Self Checkout in navigation bar
d) enter barcode 1234
e) result: Item '39999000011234' was checked out
apply patch and reload the page
a) now enter barcode 1234
b) result: Item '1234' not found
c) enter 39999000011234
d) result: Item '39999000011234' was checked out
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Setting field "Protected" as hidden in patron entry/modification
form via BorrowerUnwantedField syspref doesn't work. Form is
missing condition "UNLESS noprotected".
To test:
1. From BorrowerUnwantedField, check field "Protected" as hidden.
2. Either attempt to create a new patron or modify existing one.
=> Note that "Protected" is still displayed in the form.
3. Apply this patch.
4. Navigate back to create/modify patron form.
=> Note that "Protected" is no longer displayed.
5. Uncheck field "Protected" from BorrowerUnwantedField.
=> Field should now be displayed in create/modify form.
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
I checked the UNIMARC authResults counterpart file. And it only
contained a single case of generated elements like the previous patch.
To test:
1. On latest main
$ ktd --shell
k$ cd misc/translator/po
k$ git fetch
k$ git reset --hard origin/main
k$ cd /kohadevbox/koha
k$ gulp po:update --lang es-ES
k$ cd misc/translator/po
k$ git add -u ; git commit -mWIP --no-verify
2. Apply this patches
3. Run:
k$ cd /kohadevbox/koha
k$ gulp po:update --lang es-ES
k$ cd misc/translator/po
k$ git diff
=> SUCCESS: Notice CSS class names are not translated anymore
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch makes the XSLT contain HTML tags instead of building them
from scratch with static attribute values. This made it awkward for
translators as CSS classes ended up being extracted for translation
purposes. Plus, there's no need to spend CPU cycles on static content
generation.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The main entry form of corporate names (110), uniform titles (130), topical
terms (150), geographical names (151), and genre/form (155) are not indexed
with 'Match' search field in Elasticsearch standard mapping. As a result,
the respective records are not present on the result list when performing
an 'All headings' search for the authority records with the main heading form
(MARC 21).
Test plan
=========
0. Have a test installation with Elasticsearch.
1. In Authorities, make an 'All headings' search for a main entry
form from the corporate names, uniform titles, topical terms,
geographical names, or genre/form
--> e.g., in ktd: UK Archiving. You will get no results.
2. Apply the patch, reindex with:
sudo koha-elasticsearch --rebuild -r -a kohadev
3. Repeat the test. You should see 'UK Archiving' on the result list.
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We can get into a scenario what a user cannot stay logged in for more than a single page load.
If AutoLocation is enabled with branch IP addresses being set to a space, you will be logged out with every page load.
Test Plan:
1) Set your branch ip to a space
2) Enable AutoLocation
3) Restart all the things!
4) Log out
5) Log in
6) Browse to another page
7) You are logged out
8) Apply patch
9) Repeat 1-6
10) You are not logged out!
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1- Find or create a circulation rule with a 'Holds allowed (total)' limit of 3 (or another number) and no value in 'No automatic renewal after (hard limit)'
2- Select to edit the rule, and note that 'No automatic renewal after (hard limit)' box in the editing line is now populated with a date
3- Note also that 'Holds allowed (total)' is empty in your editing line
4- If you save your edits without clearing the new 'No automatic renewal after (hard limit)' date, it will save as part of the rule. Also, 'Holds allowed (total)' will save as Unlimited unless you re-add your numerical value.
5- APPLY PATCH
6- Try again, the values should save corrected and not erroneously fill the No automatic renewal after (hard limit) column.
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We were no longer getting a match here and so ended up with 2 forms on
the budget page (where we have two modals for patron: owner and users).
Caught be selenium tests patrons_search.t :
Error while executing command: element not interactable: Element <a class="patron_name patron_preview" href="/cgi-bin/koha/circ/circulation.pl?borrowernumber=511"> could not be scrolled into view
It fixes the following UI issues:
When you open a modal, start a search, close the modal
open the other modal search: the results from the other modal were shown
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The aside element is now a parent of the form block, in
patron-search.inc (BLOCK patron_search_filters).
On members/members-home.pl there were 2 nested aside
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Previous patch "Bug 35362: (follow-up) Fix guaruntor preview modal close in test"
didn't adjust the other occurrences.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch updates the test files to correctly create authorities and/or correctly
mock the needed data for authorities.
the tests in t/db_dependent/Authority/Merge.t cover the case of 'Default' authorities
which don't have valid headings - so I had to add handling for blanking the heading field
when Default type is used.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The JavaScript for approving or rejecting tags in the staff interface's
tag review interface lacked a CSRF token for the POSTed requests. This
patch adds the token for "approve" and "reject" operations.
To test, apply the patch and clear your browser cache if necessary.
- If necessary, enable tags in system preferences.
- Log in to the OPAC and submit multiple tags on various records.
- In the staff interface, go to Tools -> Tags.
- Test the process of approving and rejecting tags by clicking the
buttons in each row of the table of tags.
- The browser console should show no errors, and the lists of approved
and rejected tags should correctly show the tags you moderated.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Testing plan:
1. Start up KTD with Elasticsearch: ktd --es8 up
2. Apply the patch and restart everything (restart_all).
3. Reset the mappings: Administration > Catalog > Search engine configuration (Elasticsearch) > Reset mappings (at the bottom of the page)
4. Reindex: koha-elasticsearch --rebuild -d -b -a kohadev
5. Alternative to steps 3 and 4: reset_all
6. Update the visibility for 254$a in the default framework so that it is visible in the Editor (OPAC, Staff interface should already be selected).
7. Add a new record using the default framework and put a term in 254$a, such as 'Full score'.
Sponsored-by: Education Services Australia SCIS
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds the authority search header include to the authorities
editor page.
To test, apply the patch and go to Authorities -> New authority.
There should now be a set of authority search forms at the top of the
page.
Signed-off-by: Michelle Spinney <mspinney@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Enable EnableItemGroups and EnableItemGroupHolds
2. Go to the OPAC and log in as a patron
3. Go to any record that doesn't have grouped items and try to place a hold
4. Click on "Show more options"
5. See "Request specific item group:" and dropdown
6. APPLY PATCH
7. Try again, this time if the record has no item groups you should not see the dropdown at all.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Add edit buttons for patron flags in attention box and show
flag status in detail view
To test:
1) Go to patron details for a patron with address in
doubt and card lost flags set and verify these are
highlighted under "Library use" and the patron messages
has edit buttons that links to the modfiy patron page.
Sponsored-by: Gothenburg University
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1. Apply patch
2. Do an item search and notice the column containing the item number
Signed-off-by: Michelle Spinney <mspinney@clamsnet.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This follow-up:
1. Updates the OPACAuthorIdentifiersAndInformation system preference
description.
2. Changes the OPAC heading used on the bibliographic record and
authority record detail pages from "Author identifiers/information"
to "Author information". Identfiers are a subset of author information
and having just "Author information" is sufficient. In addition,
the authority record doesn't have to include identifiers.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The values were correctly inserted but the display was not sorting
correctly
Signed-off-by: Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
With this patch the different info can be ordered when editing the
syspref
Sponsored-by: Orex Digital
Signed-off-by: Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch merge the previous patch attempt with the existing OPACAuthorIdentifiers syspref.
It creates a new syspref OPACAuthorIdentifiersAndInformation and remove
OPACAuthorIdentifiers.
"identifiers" become an entry of the new syspref.
Test plan:
Select some entries in OPACAuthorIdentifiersAndInformation
Edit an authority record and enter data in the corresponding subfield
(the list is on the syspref entry)
Go to the biblio detail page or the authority detail page at the OPAC
and notice that the info you selected are correctly displayed.
Sponsored-by: Orex Digital
Signed-off-by: Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sponsored-by: Orex Digital
Signed-off-by: Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch removes unwanted whitespace between the tabs and the tab content
Test plan:
1) Enable the ERM module and navigate to the eUsage > Reports sections
2) Observe the whitespace between the tabs and the content
3) Apply patch and run yarn build
4) Hard refresh the page, the whitespace should be gone
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1) Look at the patch diff and observe that the commented out code has been removed
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 31123 added new feature with preference ContentWarningField.
Add this behavior to UNMARC XSLT files.
This patch adds new template 'tag_content_warning' in UNIMARCslimUtils.xsl
called in results and details pages.
New field is placed after 3xx.
Test plan (in both interfaces OPAC and staff):
1) Create a new field 599 in framework
2) Set system preference ContentWarningField to 599
3) Edit a record to add a 599 with text in $a$b and an URL in $u
4) Perform a search to find this record
=> Check you see content_warning: <a href="$u">$a</a> $b
5) Click on details page
=> Check you see content_warning: <a href="$u">$a</a> $b
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
