There are missing quotes, and the translate script is messing up with
the generated template.
Error is:
Template process failed: file error - parse error - holds_table.inc line 216-217: unexpected token (hold)
The generated line, without this patch is:
216 <td><input %]="%]" class="printholdslip" data-reserve_id="[%" hold.reserve_id="hold.reserve_id" html="html" name="printholdslip" type="button" value="Recibo" |="|"></td>
With this patch applied:
216 <td><input class="printholdslip" data-reserve_id="[% hold.reserve_id | html %]" name="printholdslip" type="button" value="Recibo"></td>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patchset introduces the Two-factor authentication (2FA) idea in
Koha.
It is far for complete, and only implement one way of doing it, but at
least it's a first step.
The idea here is to offer the librarian user the ability to
enable/disable 2FA when logging in to Koha.
It will use time-based, one-time passwords (TOTP) as the second factor,
an application to handle that will be required.
https://en.wikipedia.org/wiki/Time-based_One-Time_Password
More developements are possible on top of this:
* Send a notice (sms or email) with the code
* Force 2FA for librarians
* Implementation for OPAC
* WebAuthn, FIDO2, etc. - https://fidoalliance.org/category/intro-fido/
Test plan:
0.
a. % apt install -y libauth-googleauth-perl && updatedatabase && restart_all
b. To test this you will need an app to generate the TOTP token, you can
use FreeOTP that is open source and easy to use.
1. Turn on TwoFactorAuthentication
2. Go to your account, click 'More' > 'Manage Two-Factor authentication'
3. Click Enable, scan the QR code with the app, insert the pin code and
register
4. Your account now requires 2FA to login!
5. Notice that you can browse until you logout
6. Logout
7. Enter the credential and the pincode provided by the app
8. Logout
9. Enter the credential, no pincode
10. Confirm that you are stuck on the second auth form (ie. you cannot
access other Koha pages)
11. Click logout => First login form
12. Enter the credential and the pincode provided by the app
Sponsored-by: Orex Digital
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds a new 'Send welcome email' option to the 'More' dropdown
menu in the patrons toolbar.
Clicking the button will queue the welcome email again for the patron and
redirect the user to the Notices tab to view it's contents.
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Jessie Zairo <jzairo@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test:
1) Look at Staff Client and the logo
2) Apply patch
3) Check Koha logo moves to the middle of the page when zooming in
4) Ensure page source shows logo inside <div> and not <h1>
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To be nicer with translators.
Update the PO files for whichever languages will show how this is useful.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Rebased-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To be nicer with translators.
Update the PO files for whichever languages will show how this is
useful.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Rebased-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Regression from bug 30063. If you are searching all patrons (not search term passed) from the header, the patron search result is not displayed.
Test plan:
Go to the Koha homepage, search patrons, don't enter a search term and
click "submit"
All patrons must be returned.
Regression test: on the other patron search forms, confirm that there is
no regression, ie. no patron displayed until you search for something
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
EDIFACT is an abreviation, so it should be ALLCAPS.
* Electronic Data Interchange for Administration, Commerce and Transport
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Adds an "Edifact" systempreference to govern whether edifact processing
is enabled. In most places this is hidden if the current
vendor does not appear in the edi vendors table. This preference
hides the admin screens which define this and a couple of links.
Also fixes an anomaly whereby the basketgroup screen was not
making the same check on whether edi ordering should be enabled as
the basket screen. Both now use the same logic.
Rebased-by: Mark Tompsett <mtompset@hotmail.com>
Rebased-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch modifies the way Koha sets cookies so that the "sameSite"
attribute is explicitly set to "Lax." This option is chosen because it
is the value which is currently assumed by browsers when the sameSite
attribute is not set.
To test, apply the patch and restart services.
- Log in to the staff interface and open your browser's developer tools.
- In Firefox, look for a "Storage" tab.
- In Chrome, look for an "Application" tab.
- Under "Cookies," click the URL of the staff interface.
- You should see all the cookies which are set for that domain.
- The CGISESSID cookie should have sameSite set to "Lax."
- Go to Cataloging -> New record.
- Check the "marcdocs" and "marctags" cookies.
- Switch to the Advanced MARC editor (you may need to enable
theEnableAdvancedCatalogingEditor preference).
- Check the "catalogue_editor" cookie.
- Add a new item to an existing bibliographic record.
- Check the "LastCreatedItem" cookie which is set after you save the
new item.
- Go to Authorities -> Authority search.
- In authority search results, click "Merge" from the "Actions" menu
next to one of the results..
- Check the "auth_to_merge" cookie.
- Go to Administration -> MARC bibliographic framework
- Choose "MARC structure" from the menu corresponding to one of the
frameworks.
- Check the "Display only used tags/subfields" checkbox.
- Check the "marctagstructure_selectdisplay" cookie.
- Go to Circulation -> Check out to a patron with checkouts.
- Check the "Always show checkouts immediately" checkbox.
- Check the "issues-table-load-immediately-circulation" cookie.
- Go to Tools -> Patron clubs. You will need at least one active club
with one or more patrons enrolled.
- From the list of clubs, click Actions -> Search to hold.
- Check the "holdforclub" cookie.
- Go to Tools -> Batch item modification and submit a batch of items.
- Uncheck one or more checkboxes in the "Show/hide columns" area.
- Check the "showColumns" cookie.
- View a patron -> Search to hold.
- Check the 'holdfor' cookie.
- With WebBasedSelfCheck enabled, log in to the self-checkout page.
- Check the "JWT" cookie.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
If a staff member has access to the staff client (either because
'catalogue' permission is enabled or they're a superlibrarian
then that user can add items (from OPAC or staff client) to a list
marked 'Staff only'
Test plan:
1. In the staff client go to: Lists > 'New list'. Notice under 'Allow changes to contents
from' there are three options: Nobody, Owner only, Anyone seeing this
list
2. Apply first 3 patches and run updatedatabase.pl
cd installer/data/mysql
sudo koha-shell <instance>
./updatedatabase.pl
3. Restart memcached and plack
4. Create 4 patron accounts:
- User A : Superlibrarian permissions
- User B : 'Staff access, allows viewing of catalogue in staff interface
(catalogue)'
- User C : No permissions
- User D : 'Staff access, allows viewing of catalogue in staff
interface' and 'Lists' > Edit public lists (edit_public_lists)' sub-permission
5. Login to staff client as User A.
Create a public list and select the new 'Staff only' option under 'Allow changes to contents from'
6. Log into the staff client as User B.
Confirm you can add items to the list from the following staff client pages:
- Individual list page using the 'Add items' button
- Staff client search result page
- Staff client biblio detail page
7. Confirm you can remove items from the list
8. Confirm you can perform an OPAC search when not logged in
9. Log into the OPAC as User B. Confirm you can add items to the list
from the following OPAC pages:
- OPAC search result page
- OPAC biblio detail page
10. Log into the OPAC as User C. Do an OPAC search and confirm you
can view the list, but not add items to it
11. Login to the staff client as User B. Create a new list with the
following settings:
- 'Category'='Private',
- 'Allow changes to contents from'='Staff only'
Notice a red hint message is displayed.
Change 'Category'='Public' and notice the hint is removed
12. Log into the OPAC as User C. Notice the 'Staff only' option is not
available when creating a list
13. Log into the OPAC as User B. Repeat step 11. Confirm the same
outcome
14. Log into the staff client as User A. Create a list with the
following settings:
- Public = 'Public'
- Allow changes to contents from = 'owner only'
15. Log into the staff client as User D. Edit the list from step 14
confirm you can edit the list to have 'Allow changes to contents from' =
'Staff only'
16. Run Patron.t and Virtualshelves.t unit tests:
sudo koha-shell <instance>
prove t/db_dependent/Koha/Patron.t
prove t/db_dependent/Virtualshelves.t
Sponsored-by: Horowhenua District Council, New Zealand
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates the authority merge page to use Bootstrap tabs
instead of jQueryUI.
To test, apply the patch go to Authorities in the staff interface.
- Perform an authority search which will return more than one
authority record.
- On the results page, click Actions -> Merge for two authority
records.
- Click "Next" after selecting a merge reference.
- On the next page you should see two tabs under "Source records."
Confirm that they work correctly.
- Confirm that tag and subfield selection still works correctly.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds a new page providing an interface for generating
barcodes using svc/barcode. A form allows the user to choose various
parameters and see the resulting barcode image.
To test, apply the patch and rebuild the staff interface SCSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to the "Tools" home page. Follow the link to "Barcode image
generator."
- On the barcode image generator page, confirm that there is a "Barcode
image generator" link in the sidebar and that it is displayed with
bold text.
- Test the features of the form:
- Enter a numeric value in the "Barcode" field and tab out of the
field or click "Show barcode" button. A barcode of type "Code39"
should be shown with the text of the barcode included in the
image below the barcode.
- A text area below the barcode image should show the HTML used to
generate the preview image.
- Clicking in this textarea should automatically add the contents to
the clipboard. You should be shown a message, "HTML copied to the
clipboard."
- Check the "hide text" checkbox. The barcode should be redisplayed
without the text.
- Check that changing the "barcode height" value is reflected
correctly in the barcode image.
- Try adding non-numeric data in the "Barcode" field. You should be
shown an error message, "Barcodes of type [type] must be numeric."
- Test these other numeric barcode types: Code39, COOP2of5, EAN13,
EAN8, IATA2of5, Industrial2of5, ITF, Matrix2of5, NW7, UPCA, and
UPCE.
Note that EAN13, EAN8, UPCA, and UPCE expect specific patterns. Test
values (found here: https://barcode.tec-it.com/en/UPCE):
EAN13: 978020137962
EAN8: 9031101
UPCA: 72527273070
UPCE: 0123456
- Change the barcode type to "QRcode."
- The form should change, hiding the "Hide text" checkbox and
showing a new ranger slider for "QR Code module size."
- The barcode field should now be labeled "Text, URL, or barcode,
etc"
- The barcode field hint should change to a hint about QRcode
dimensions.
- Changing the "module size" slider should change the size of the
generated QR code. As you change the slider the selected value
should be reflected in the box.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
There are 2 prefs that control the default view of biblio detail pages:
IntranetBiblioDefaultView for staff and BiblioDefaultView for OPAC.
There are as well viewISBD, viewLabeledMARC and viewMARC to allow/don't
allow access to those page for staff members.
This code need to be in a single place to avoid discrepancy.
Test plan:
Play with BiblioDefaultView and IntranetBiblioDefaultView and confirm
that the links of biblio point to the correct view.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates templates to include the new version of jQueryUI. It
removes some references to the now unused datepicker widget as well as
the jQuery timepicker addon.
Some minor JavaScript and style updates to fix issues resulting from the
upgrade.
To test, apply the patch and update the CSS in the staff interface AND
in the OPAC
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
IN THE OPAC:
- The OPAC only uses the tabs jQueryUI widget.
- View pages where tabs are used: Bibliographic details, user summary,
advanced search.
IN THE STAFF INTERFACE:
- The staff interface uses four jQueryUI widgets: accordion,
autocomplete, sortable, and tabs
- Test the accordion widget on two pages: Administration -> Table
settings and Patrons -> Patrons requesting modifications.
- Test autocomplete (requires PatronAutoComplete to be enabled) on
various pages. For example:
- From the "Check out" tab in the header search box.
- From the "Search patrons" tab in the header search box, e.g. from
the main Patrons page.
- Place hold -> Search patrons.
- Tools -> Patron lists -> Add patrons to list -> Patron search.
- Test sortable:
- Administration -> System preferences -> Language.
- With more than one language installed you should be able to
drag to re-order the enabled languages. Confirm that your change
is saved successfully.
- Administration -> MARC bibliographic framework -> MARC structure ->
Edit subfields on a tag with multiple subfields. You should be able
to drag to re-order the tabs at the top of the subfield constraints
edit page. Confirm that your changes are saved successfully.
- Cataloging -> New record. Test that you can re-order subfields
under a tag with multiple subfields and that your changes are
saved.
- Tabs: View various pages with tabs: Check out, bibliographic details,
basic MARC editor. They're everywhere.
Also confirm that the removal of the leftover datepicker doesn't affect
pages which use the calendar include: Test various pages which use
Flatpickr, e.g. check out, renew, reports, etc.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
DataTables excel export is broken if number decimal separator is a comma.
Test plan:
1 - Set syspref CurrencyFormat to US
2 - Export as excel a table with decimal numbers, patrons list with fines
for example.
3 - Open in libreoffice or excel, numbers are ok.
4 - Set syspref CurrencyFormat to FR
5 - Export and open again, number are wrong 25,10 is imported as 2510
6 - Apply patch
7 - Redo 1 to 4
8 - Excel export, number is 25,10
Signed-off-by: hakam <hakam@inlibro.com>
Signed-off-by: Florian Bontemps <florian.bontemps@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
On later follow-ups (ERM) we need to filter columns that contain AVs,
and so be more flexible. Here we are expecting a _id and _str keys we
are gonna use to build the select's options
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test:
* Length menu (PatronsPerPage)
* Query description
* Highlight of the current library
* sticky header - Does not work (?)
If the table does not show when you submit the filter form, make sure
you regenerated the compiled CSS.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
In this patch we want to reuse what has been done in the previous bug
report to search patrons using the REST API route.
The code is mainly in members/search.tt, for all the patron searches
that "add" or "select" a patron (popup windows).
The patron search for holds is a bit different, we don't want to open a
popup window.
We are moving to code to an include file (patron-search.tt) to make it
reusable easily.
Note that we are improving how the patron's addresses are displayed, and
provide a JS equivalent to the TT includes files.
Test plan:
Search for patrons from the "Place a hold on" view.
You should see the same view as behaviour, with more filters.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
We will use 'patron-search.inc' in the next patch
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch will rewrite some of our patron searches to make them use the
REST API routes (and so the powerful the DataTables wrapper which will
bring all the nice DT feature to filter, sort, etc.)
The patron searches we will take into account here are those that we use
to select a patron in a pop-up:
* Guarantor
* Suggestion's manager
* Patron's card
* Serial routing list
* Users to notify when order is received
* Manager of an acquisition basket
* Owner and users of a fund
Regarding permissions there are two main problematics:
* Filter a patron set by patrons having a
specific subpermissions (in case of adding a manager to a suggestion or
when we deal with acquisition and funds). We added a new
Koha::Patrons->filter_by_have_subpermission method that will take in
parameter a subpermission. To make thing transparent for the callers we
are adding new routes, like /suggestions/managers to list the possible
managers of suggestions.
* Restrict/allow access to the default patron searches /patrons
We need to access it when a logged in patron does not have borrowers
permission.
Ideally we need a separate "search_borrowers" subpermissions but it's
considered outside the scope of this change.
For each patch you will take care of testing the different permissions
that are into effect (either for the logged in patron or the patrons
returned by the search).
The tables should contain the same columns as prior to this patch,
except for "categories" and "library". We have the filter on top of the
page and so we need to add them to the table as new columns if they
weren't there before.
Test plan (for this patch):
Search for guarantor and select
Test plan (for all patches):
Add/Select patrons from the correct place where you can search for
patrons, play extensively with the filters/pagination/etc
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Items can now only be filtered by 'Checked out' or 'not' rather than
looking at damaged/itemlost/withdrawn/notforloan status.
Removed availability column as Checked out items are made clear by the
due date column.
Signed-off-by: Christian Stelzenmüller <christian.stelzenmueller@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This enhancement adds the availability of an item to the item search
results (i.e. shows if checked out or not). If checked out,
shows due date in item search results. The due
date column will also show when exporting results to a CSV file.
To test:
1) Apply patch and restart services
2) Set up two items. Check out Item A to a borrower. Leave Item B as
is not checked out, and not unavailable status.
3) Go to Search -> Item search. Scroll down and notice the Availability
radio options - Ignore, and Checked out.
4) Leave the Ignore option selected and do a search so that both items show.
5) Confirm the availability and due date columns are showing at the
right end of the table. Confirm Item A says Checked out and has a due
date. Confirm Item B says available.
6) Export all result to CSV. Confirm the results show in the CSV file as
expected.
7) Go to edit your search. Select the 'Checked out' radio option for
Availability and submit the search. Confirm only Item A shows in the
results (not Item B).
Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: Christian Stelzenmüller <christian.stelzenmueller@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
On bug 30055 we are going to use the REST API to display the patron
search result, we will then need to calculate patron's age client-side.
This is moved to its own bug report in case we need to reuse it
somewhere else.
Test plan:
Copy/paste the JS function in your browser's console then call it and
confirm that the result is correct
For instance:
$get_age('2000-01-01')
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
moremember-patronimage.pl|tt were not needed.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>