Commit graph

2032 commits

Author SHA1 Message Date
4452036d1c
Bug 25009: Avoid leakages in opac-showmarc.pl
This patch cleans opac-showmarc.pl so it doesn't allow retrieving
records from import batches without requiring any permissions in the
OPAC.

it does so by just removing the code portion that does that.

It also cleans the record fetch operation and how the record processor
is initialized to it actually works :-D

To test:
1. Perform a successful Z39.50 search in cataloguing (this fetches 20
   records usually)
2. Query your DB for a valid import_record_id:
  $ koha-mysql kohadev
  > SELECT * FROM import_records LIMIT 1;
3. Notice some of the MARCXML details (title, author, etc), and the
   import_record_id
4. Point your browser to the opac-showmarc.pl URL like this:
   http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?importid=20
=> FAIL: You get the record! (Bonus: no field/subfield takes place)
5. Hide some obvious subfield on the framework for a known (to you)
   biblionumber
6. Point your browser to:
   http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?id=<biblionumber_here>
=> FAIL: No filtering takes place
7. Apply this patch
8. Repeat 4
=> SUCCESS: You get an error because you did a bad request (no id param)
9. Repeat 6
=> SUCCESS: Subfield filtering actually works!
10. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-27 10:44:10 +01:00
Aleisha Amohia
3d022f0f27
Bug 24913: Add PatronSelfRegistrationConfirmEmail syspref
To test:
1) update database, restart memcached/plack
2) Go to Administration -> System preferences -> OPAC tab. Enable the
new PatronSelfRegistrationConfirmEmail system preference. Enable other
required self registration sysprefs.
3) Go to the OPAC home page. (You may need to log out). Click the
'Register' link so you are redirected to the member entry form.
4) Notice the 'Confirm primary email' field after the 'primary email'
field. Put 'a@a.com' in primary email, and 'b@b.com' in the confirm
field. Scroll to the end of the form and Submit.
5) Confirm the form is not successfully submitted, and an error message
is shown to indicate the email addresses do not match.
6) Confirm you cannot cut, copy or paste in either the primary email or
confirm primary email fields. Confirm the right click menu doesn't work
in these fields.

7) Disable javascript in your browser.
8) Repeat steps 3 and 4.
9) Confirm there is an error message to indicate the email addresses do
not match.

10) Re-enable javascript. Fill in the form correctly with matching email
addresses and confirm it successfully submits.

11) Disable the PatronSelfRegistrationConfirmEmail syspref.
12) Attempt to register an account on the OPAC again. Confirm the
'confirm email address' field is gone and form works as expected.
13) Re-enable the PatronSelfRegistrationConfirmEmail syspref.
14) Log in to the OPAC and go to your personal details
15) Edit the primary email field
16) Confirm you are able to submit your changes (you should not see an
error about emails not matching).

Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: holly <hc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-21 12:30:40 +01:00
081a4c75be
Bug 25147: (RM follow-up) Update pref references.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-17 09:03:47 +01:00
665c8328d1
Bug 25136: Join the 2 ifs
Highlight that we only need this for action="new"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-16 19:26:48 +01:00
dbf604e141
Bug 25136: Make PatronSelfRegistrationLibraryList only effect new registration
This patch makes it so PatronSelfRegistrationLibraryList will only effect the registration from and not the modification form.
TO TEST:
1. Turn on self reg and add some libaries to PatronSelfRegistrationLibraryList.
2. Notice that the libaries that display in the borrower_branchcode dropdown are the ones you selected on both the new registration from and the modification form.
3. Apply patch.
4. Now only the new registration from should show libaries on PatronSelfRegistrationLibraryList.
5. The modifciation dropdown should still show all libraries.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-16 19:26:14 +01:00
cc6c3f5815
Bug 25137: (bug 23084 follow-up) Fix incorrect grep ternary condition
The lack of parenthesis makes the condition evaluated wrong.

Test plan:
- confirm you have a branch with code X
- enter X in PatronSelfRegistrationLibraryList
- go to cgi-bin/koha/opac-memberentry.pl (either as a logged in patron or as a self-reg patron)
- confirm branch dropdown is not empty and contain X
- empty out PatronSelfRegistrationLibraryList
- reload cgi-bin/koha/opac-memberentry.pl and confirm branches show

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-15 08:35:04 +01:00
Nazlı Çetin
70ea3e39a8
Bug 22774: (follow-up) Limit purchase suggestion in a specified time period
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-14 16:42:17 +01:00
Devinim
675ab180b0
Bug 22774: Limit Purchase Suggestion in a specified Time period
Test plan:
 1 - Apply this patch
 2 - Run updatedatabase.pl
 3 - By default the preferences are blank and do not limit.
 4 - Set the limits to 3 in 30 days
 5 - Go to purchase suggestion page from OPAC as a logged in patron
 6 - Place 3 suggestions and confirm you cannot place any more
 7 - Alter one of the suggestions to have been made more than 30 days ago
    UPDATE suggestions SET suggesteddate = '2020-01-01' WHERE suggestionid=3;
 8 - Confirm you can place another suggestion
 9 - Log out of OPAC
10 - Make sure AnonSyggestions is set to 'Allow' and AnonymousPatron is set
11 - Confirm anonymous suggestions are not limited by the syspref
12 - Confirm that a blank value in either  MaxTotalSuggestions  or  NumberOfSuggestionDays  does not limit suggestions

Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Rhonda Kuiper <rkuiper@roundrocktexas.gov>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-14 16:42:10 +01:00
6ac037f817
Bug 24840: Replace DateTime->now with dt_from_string
We should use Koha::DateUtils instead of Date::Time directly

This patch simplay replaces calls to now() with a call to dt_from_string()
which does effectively the same thing.

Probably reading the code and verifying changes is sufficient but...

To test:
1 - confirm the files all compile
2 - confirm all tests pass
3 - confirm Koha still works

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-08 11:54:23 +01:00
a5301a99ab
Bug 4461: Use inbound_email_address to know if we display the dropdown list
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:19:44 +01:00
c98d6f14ee
Bug 4461: Correctly deal with encoding/escaping chars
This patch deals (hopefully) correctly with encoding and escaping chars.
It also remove OPACBaseURL from the url stored in DB, and readd is on
display, to avoid possible attacks.

Test plan:
Go to the authority search
fill term with something hacky
<script>alert('booh!')</script>And Ŝ♥m€ E★tr₳
Search
Click the "Report a problem" link
Fill the form and make sure the url is displayed correctly
submit
Check problem_reports.problempage in DB => Should be correctly displayed
Go to staff interface, "OPAC problem reports"
=> Confirm the link is correctly display
Click it
=> Confirm that you are at the OPAC, and the URL is correct

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:19:40 +01:00
01c3067a7c
Bug 4461: get_effective_email has been renamed inbound_email_address
On commit 027051c938
   Bug 22823: Rename method with ->inbound_email_address

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:19:04 +01:00
Aleisha Amohia
b8b2301f13
Bug 4461: Checks on library email before enqueuing letter
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:18:48 +01:00
282b85ef69
Bug 4461: Use get_effective_email from bug 22823
Use the get_effective_email from Koha::Library to get an appropriate
inbound address for the branch as aposed to using branchemail directly.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:17:58 +01:00
fc8f2d261b
Bug 4461: Drop 'from_address' use 'reply_address'
This patch adds support for using the reply-to field added in bug 10269
and drops 'from_address' as it will get defined at a later stage in the
emailing process anyway.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:17:45 +01:00
ffb5a071cb
Bug 4461: Better error handling
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:17:32 +01:00
d198aaec04
Bug 4461: Simplify recipients code
As the feature is now turned off without KohaAdminEmailAddress, we only
need to check if the email address of the library if defined.
Not that we should not check for $library->branchreplyto or
ReplytoDefault, but only $library->branchemail, as we do everywhere else
(I think)

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:17:21 +01:00
a0775299e2
Bug 4461: Redirect to 404 if KohaAdminEmailAddress is not defined
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:17:16 +01:00
7fd92fcce9
Bug 4461: Use our local_referer instead of HTTP_REFERER
Cannot remember why exactly, but it seems that we should not use
HTTP_REFERER directly.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:17:08 +01:00
fa23374d06
Bug 4461: Use KohaAdminEmailAddress pref as 'from'
We usually do not specify the from_address on enqueuing the notice, but
when sending it (from _send_message_by_email). That way a) the code is
centralized (as we must use $patron->notice_email_address) and b) the
email used is the one that is in the DB when the letter is effectively
sent.
Here I guess you need to give it when the notice is enqueued as you want
to default to the koha admin address.

I do not think it's a good idea, we should not send an email with "from"
if not really sent by the user.
We have the borrowernumber anyway to know who filled the form.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:16:51 +01:00
499c6e45d2
Bug 4461: Rename report date with created_on
And make it a timestamp type column

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:16:45 +01:00
Aleisha Amohia
96883e69b5
Bug 4461: (follow-up) Creating sample notice and other fixes
- filters
- capitalisation
- atomic update

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:16:38 +01:00
Aleisha Amohia
414da449dd
Bug 4461: (follow-up) Redirect to 404 if OPACProblemReport not enabled
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:16:31 +01:00
Aleisha Amohia
5d05b4d01c
Bug 4461: Submit a problem report
To test:
1) Apply patch, update database, rebuild schema file
2) Restart koha-common and memcached
3) Confirm that your user has an email address.
4) Confirm that your library does NOT have an email address.
5) Confirm that syspref KohaAdminEmailAddress and syspref ReplytoDefault are not filled. Enable the OPACReportProblem syspref.
6) Log into OPAC
7) Click the 'Report a problem' link at the bottom of whatever page
you're on
8) Notice that there is no form is and there is an error message alerting that reports cannot be submitted
9) Add an email address for your library (in either the email field or the replyto field). Refresh the OPAC problem report page. The form should now show, and the recipient field should say 'library'.
10) Complete the form and submit. Check the message_queue in the database and confirm the to_address is correct. Confirm there is a success message.
11) Add an email address for the syspref KohaAdminEmailAddress and refresh the OPAC problem report page again. The recipient field should now be a dropdown. Select the Koha Administrator option.
12) Complete the form and submit. Check the message_queue in the database and confirm the to_address is the value in KohaAdminEmailAddress. Confirm there is a success message.
13) Ensure all details in the message_queue are correct.
14) Log out of the OPAC
15) Click the Report a problem link again and confirm you are forced to log in

Sponsored-by: Catalyst IT
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:16:23 +01:00
Andrew Isherwood
f5edd39e61
Bug 23173: Provide core infrastructure
This patch adds the required infrastructure to enable ILL availability
plugins to intercept the request creation process and, using the
supplied metadata, search for and display possible relevant items from
whichever availability plugins are installed.

Currently three availability plugins exist:

z39.50 - Searches any number of the Koha instance's configured Z targets
https://github.com/PTFS-Europe/koha-plugin-ill-avail-z3950

EDS - Searches the EBSCO Discovery Service
https://github.com/PTFS-Europe/koha-plugin-ill-avail-eds

Unpaywall - Searches the Unpaywall API for possible open access versions
of the requested item
https://github.com/PTFS-Europe/koha-plugin-ill-avail-unpaywall

The Unpaywall plugin is intended to serve as a "reference" plugin as the
API it deals with is extremely simple

Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@tudublin.ie>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:04:19 +01:00
dd55209f25
Bug 24537: Tidy code
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:01:03 +01:00
cede9bbe43
Bug 24537: Allow IP ranges in ILS-DI:AuthorizedIPs using Net::Netmask
This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs
against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses
in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24,
10.0.0, and so on.

To Test:
1. Apply the patch
2. Empty the 'ILS-DI:AuthorizedIPs' system preference
3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
3b. Note that the request is successful
4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including
your IP address (e.g. 192.168.1.0/24)
5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
5b. Note that the request is successful
6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include
your IP address (e.g. 1.1.1)
7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
7b. Note that your request is refused
8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values
(e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:00:44 +01:00
21c9b685bf
Bug 20415: Remove UseKohaPlugins system preference
Owen Leonard 2018-03-16 10:47:47 UTC :
<<
I don't think the system preference adds any security. There are already multiple permissions required for working with plugins:

- Configure plugins
- Manage plugins ( install / uninstall )
- Use report plugins
- Use tool plugins

And even with those permissions your server must be configured to allow the use of plugins.
>>

Test plan :
1) Install kitchen sink plugin https://github.com/bywatersolutions/koha-plugin-kitchen-sink
2) Run misc/devel/install_plugins.pl
3) Set config enable_plugins=1
4) Check all parts of the plugin are working
5) Set config enable_plugins=0
6) Check all parts of the plugin are disabled

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-26 11:42:02 +00:00
649bfe1ee2
Bug 24673: Add CSRF token support to opac-messaging.pl
This patch adds CSRF token support to opac-messaging.pl,
which allows users to manually update their messaging preferences,
but prevents bad actors from tricking people into updating their
preferences from cross-site requests.

Test plan:
0. Set SMSSendDriver global system preference to "Test" if unset
1. Log into the OPAC
2. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl?modify=yes
&1=email&digest=1&2-DAYS=5&2=email&digest=2&4=email&SMSnumber=0444444444
3. Observe that the preference and SMS number update

4. Apply the patch

5. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl?modify=yes
&1=email&digest=1&2-DAYS=5&2=email&digest=2&4=email&SMSnumber=0444444444
6. Observe that you get an error message of "Wrong CSRF token" instead
of the previous behaviour
7. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl
8. Update "Advance notice" to 3 and update "SMS number" to 61111111111
9. Observe that the "Advance notice" and "SMS number" fields update
correctly

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-26 11:34:28 +00:00
2754423879
Bug 24754: (QA follow-up) Add timestamp, remove 11th parameter
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-25 09:32:48 +00:00
b3ecb4644e
Bug 24754: Set userenv for ilsdi requests
Currently ILSDI scripts do not have a userenv set. This affects both
action_logs and statistics.

For action_logs we either get no user or, if there is an active session, we use that one. This can have unintended consequences and we should explicitly set the env so that system user (0) is recorded

For statistics we need to specify a branch to record for actions like renewals. With bug 24759 we add an items method for this. We should take advantage of this method and use the 'opac' interface as the ilsdi scripts live there.

To test:
1 - Enable ILSDI in systempreferences
2 - Checkout an item to a patron
3 - Enable Renewal logs
4 - Ensure you will be able to renew the item several times
5 - Open an incognito/private browser
6 - Renew item via ilsdi:
    http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=RenewLoan&patron_id=5&item_id=1128
7 - Check action logs, interface may be random, user should be 0, if not make sure the user in step 9 is a different one
8 - In private browser open a new tab
9 - Sign in to staff client
10 - Return to other tab
11 - Refresh page to repeat renewal
12 - Check action_logs
13 - The second renewal indicates it was renewed via intranet by logged in staff member
14 - Apply patch
15 - restart_all
16 - Ensure staff client still signed in
17 - Repeate renewal again
18 - Check logs, renewal now indicates opac again (as it should), user is 0 even if logged in on other tab

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-25 09:32:37 +00:00
ec4b769ddb
Bug 24476: Allow direct editing of autorenew_checkouts by patron
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-24 11:23:58 +00:00
6de018f65f
Bug 24759: Move OpacRenewalBranch code to Koha::Item
This patchset moves all code to calculate the correct renewal branch into Koha::Item.pm

When interface is opac we follow the syspref, otherwise we use the current userenv, or pass through
a defined branch

To test:
1 - Check out an item to a patron
2 - Set allowed renewals in the circ rules to 100 (just so you can keep testing)
3 - Renew the item in staff interface, confirm it is recorded correctly in statistics table (as signed in branch)
4 - Renew via the opac, testing with each setting of OpacRenewalbranch
5 - prove -v t/db_dependent/Koha/Item.t

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-24 10:47:49 +00:00
2bf171acaf
Bug 24052: Rename XSLT_Handler
Should be XSLT::Base now.
Removes old XSLT_Handler stub too (from bug 23290).
Result of a git grep | sed statement.

Test plan:
Run qa tools (so modules compile).
Run t/db_dependent/Breeding.t
Run t/db_dependent/Koha/XSLT/Base.t (This test fails when only this patch
has been applied; see subsequent patch.)
Enable XSLT use on results and details display. Check search results and
detail view on OPAC and staff.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-24 10:42:23 +00:00
Katrin Fischer
117b55c702
Bug 24854: Remove IDreamBooks integration
The IDreamBooks service has not seen updates in a long time, so
we should remove the service from Koha as it's no longer operational.

To test:
- Apply patch and run the database update
- Verify that the IDreamBooks related system preferences are gone
- Verify that opac detail pages and result lists still work
  as expected
- Run t/db_dependent/UsageStats.t

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-24 08:07:23 +00:00
37e634bb5b
Bug 20443: Remove C4::Members::AttributeTypes
We do no longer need this package, we can use
Koha::Patron::Attribute::Types directly instead.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:41 +00:00
5dd44a8f08
Bug 20443: Remove CheckUniqueness
There is already a method in Koha::Patron::Attribute to check the
uniqueness constraint, let us it to replace CheckUniqueness

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:30 +00:00
ccfc6572f7
Bug 20443: Remove UpdateBorrowerAttribute and SetBorrowerAttributes
This patch replace Koha::Patron->get_extended_attributes with
->extended_attributes
It's now a getter a setter method.

It permits to replace UpdateBorrowerAttribute and use
create_related from DBIx::Class

Notes:
* We face the same variable names difference than in a previous patch
(value vs attribute)

Bug 20443: Remove SetBorrowerAttributes

squash  + RM get_extended_attributes

 RM get_extended_attributes

SQUASH Bug 20443: Remove UpdateBorrowerAttribute and SetBorrowerAttribute

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:16 +00:00
a1e3a79913
Bug 20443: Remove DeleteBorrowerAttribute
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:12 +00:00
9707167a48
Bug 20443: Move GetBorrowerAttributes to Koha::Patron->extended_attributes
The GetBorrowerAttributes subroutine return the attributes for a given
patron.

Using get_extended_attributes we can acchieve it easily. The problematic
here is to restore the method's name (value vs attribute,
value_description vs description of the authorised value, as well as
display_checkout that should not be a method of Attribute, but
Attribute::Type instead)

value_description was used when the attribute types were attached to an
authorised value category. To avoid the necessary test in template and
controller there is now a $attribute->description method that will
display either the attribute's value OR the value of the authorised
value when needed. We should certainly use this one from few other
places.

Notes:
* This patch rename Koha::Patron->attributes with Koha::Patron->get_extended_attributes.
It will be renamed with Koha::Patron->extended_attributes in ones of the next
patches when it will become a setter as well.
* GetBorrowerAttributes did not care about the library limits, we still
do not
* The opac_only flag was not used outside of test, we drop it off.
* To maintain the existing behavior we add a default order-by clause to
the search method [code, attribute]
* From C4::Letters::_parseletter we always display the staff description
of the AV, There is now a FIXME to warn about it
* FIXMEs are not regressions, existing behaviors must be kept
* TODO add a new check to bug 21010 to search for inconsistencies in
patron's attributes attached to non-existent authorised values
* One test has been updated in Modifications.t, order_by is now
by default set to ['code', 'attribute']

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:39:25 +00:00
1dc9daf5b3
Bug 20443: Move GetBorrowerAttributeValue to Koha::Patron->get_extended_attribute_value
We want to retrieve a specific patron's attribute for a given patron.
We then add a new method to Koha::Patron.

This patch add a getter method ->get_extended_attribute_value
to use the DBIx::Class relation

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:39:16 +00:00
37f464e1cf
Bug 20443: Remove opac_display and opac_editable from Patron::Attribute
Same as previously for methods that have been added by bug 17792.
It's better to be explicite and tell we are fetch the related attribute's type

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:39:10 +00:00
3944f20beb
Bug 24892: Resolve uninitialized warns from opac-memberentry
Especially line 500 (current master).

Use of uninitialized value $new_data{"sort2"} in string eq at /usr/share/koha/opac/opac-memberentry.pl line 500.
Use of uninitialized value in string eq at /usr/share/koha/opac/opac-memberentry.pl line 500.

Simple fix, not completely trivial due to adding xor ;)

Test plan:
Do not apply, update from opac memberentry. Check warns in log.
Apply patch, update again. Less warns?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-20 15:40:43 +00:00
53ef5a4078
Bug 24384: Add Access-Control-Allow-Origin support to OPAC reports svc
This patch makes the opac/svc/report script use output_with_http_headers
so it sets the Access-Control-Allow-Origin header.

To test:
1. Create a new public report and remember the report id
2. Use your favourite too to fetch the report in JSON by issuing:
   GET http://localhost:8080/cgi-bin/koha/svc/report?id=1
=> FAIL: There is no Access-Control-Allow-Origin header
3. Apply this patch
4. Restart Plack
   $ sudo koha-plack --restart kohadev
5. Set the AccessControlAllowOrigin to anything (for example,
   https://koha-community.org)
6. Repeat 2
=> SUCCESS: On the response headers you find
Access-Control-Allow-Origin: https://koha-community.org
7. Sign off :-D

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-19 09:23:13 +00:00
Aleisha Amohia
b8f85fccc2
Bug 15775: Show message on OPAC summary if holds are blocked due to fines
To test:
1) Set maxoutstanding syspref to 5
2) Create a manual invoice for a borrower for $6
3) Log in to the OPAC as this borrower
4) Go to opac-user.pl, your summary page
5) Confirm there is a warning box explaining that the borrower is
blocked from holds due to fines
6) Back on the staff side, pay some or all of the borrower's fines so
they are no longer over the max outstanding amount
7) Refresh the summary page in the OPAC and confirm the warning is gone

Sponsored-by: Catalyst IT
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-19 09:09:19 +00:00
20952a7b2d
Bug 22821: Rename method with ->inbound_email_address
The method has been renamed in the previous bug report.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
67bda71a45
Bug 22821: Correct to_address for issue notes
This patch updates the controller and service code to use the newly
introduced 'get_effective_email' routine from bug 22823 to obtain the
branches most appropriate email address.

Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
04dcca4321
Bug 22821: Use 'reply-to' address in issue notes
This patch updates the issue notices to not pass from_address and so
default to the branch email of the user for from_address. We now pass
the patrons email (cascading through email, emailpro, B_email) into the
reply_address field so mail servers are less likely to report emails as
spam and mail clients still have access to the patron address via the
reply-to header when staff want to hit 'reply' and have the email go to
the user.

Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 15:44:27 +00:00
c8bf308e1b
Bug 23531: fix ILSDI non-implemented but documented parameters
test plan :
1/ Submit a hold through ILSDI with start_date and expiry_date parameters
2/ Verify in Koha those parameters are not applied to the newly created
reserve. Delete reserve.
3/ Apply patch and repeat 1.
4/ Verify the reserve created by same request as 1 now has both dates
applied and visible in Koha.

Signed-off-by: Christophe Croullebois <christophe.croullebois@biblibre.com>
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 08:42:31 +00:00
Andreas Roussos
1d26fb3a9d
Bug 24827: Standardise on 'UTF-8' as the encoding name
This patch standardises the encoding name used in direct calls
to new_from_xml() to 'UTF-8' instead of 'utf8' or 'utf-8'.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-16 14:45:39 +00:00