Commit graph

19 commits

Author SHA1 Message Date
4ede366268
Bug 33702: (QA follow-up) Do not crash on borrowernumber
Resolve:
Can't call method "borrowernumber" on an undefined value at /usr/share/koha/opac/opac-illrequests.pl line 66

Test plan:
Put an unexisting illrequest_id in the URL parameter.
You should see a 404, not a crash.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-05-29 09:21:51 -03:00
b5cae12aef
Bug 33702: Prevent ILL requests to be modified by somebody else
Same as previous patch, but for 'update' and 'cancreq'.
We remove the redirect, but here we only want to focus on the security
fix.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Confirmed. Without this patch a patron can modify and cancel any ILL
request in the OPAC. With this patch the patron is redirected to the
404 page if modification or cancellation is attempted.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-05-29 09:21:50 -03:00
Magnus Enger
1ad43fd47f
Bug 33702: Patrons should only see their own ILLs in the OPAC
To reproduce:
- Enable the ILL module
- Install the FreeForm backend as described here:
  https://wiki.koha-community.org/wiki/ILL_backends
- Go to the ILL module and add two different ILL requests by
  clicking on "New ILL request" and entering the necessary details.
- Make sure you connect the two requests to two *different* patrons
  in the field marked "Card number, username or surname"
- Make the two titles different, and make a not of which title is
  connected to which patron
- Log in as one of the two patrons who now have an ILL request each,
  in the OPAC
- Go to the "Interlibrary loan requests" tab
- Click on "View" for the request connected to this patron. The URL
  will look like something like this:
  http://<opac>/cgi-bin/koha/opac-illrequests.pl?method=view&illrequest_id=2
- Now change the number at the end to correspond to the the ILL request
  connected to the *other* patron
- Verify you can see the details of an ILL request conncted to another
  patron than the patron you are logged in as

To test:
- Apply the patch
- Restart all the things if you are testing with ktd
- Reload the detail view of the ILL request that belongs to the patron
  you are not logged in as
- Verify you are redirect to the 404 page and can not see the details
  of the request that belongs to the patron you are not logged in as

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-05-29 09:21:46 -03:00
9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00
Andrew Isherwood
1a7f09709a Bug 22818: Add generation and sending of notices
This patch adds the ability for ILL to send notices, both triggered by
staff and triggered by events.

Staff can trigger notices to patrons from the "Manage ILL request" screen:
- ILL request ready for pickup
- ILL request unavailable
- Place request with partners

The following notices to staff are triggered automatically:
- Request has been modified by patron
- Request has been cancelled by patron

Branches can now specify an "ILL email" address to which notices
intended to inform staff of changes to requests by patrons can be sent.

The sending of notices is controlled by a few new sysprefs:
- "ILLDefaultStaffEmail" - Fallback email address for staff ILL notices
to be sent to in the absence of a branch address
- "ILLSendStaffNotices" - To specify which staff notices should be sent
automatically when requests are manipulated by patrons

Patron notices are also controlled by the patron's messaging
preferences

Sponsored-by: PTFS Europe
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@it-tallaght.ie>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-11 08:35:10 +01:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
Andrew Isherwood
f5edd39e61
Bug 23173: Provide core infrastructure
This patch adds the required infrastructure to enable ILL availability
plugins to intercept the request creation process and, using the
supplied metadata, search for and display possible relevant items from
whichever availability plugins are installed.

Currently three availability plugins exist:

z39.50 - Searches any number of the Koha instance's configured Z targets
https://github.com/PTFS-Europe/koha-plugin-ill-avail-z3950

EDS - Searches the EBSCO Discovery Service
https://github.com/PTFS-Europe/koha-plugin-ill-avail-eds

Unpaywall - Searches the Unpaywall API for possible open access versions
of the requested item
https://github.com/PTFS-Europe/koha-plugin-ill-avail-unpaywall

The Unpaywall plugin is intended to serve as a "reference" plugin as the
API it deals with is extremely simple

Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@tudublin.ie>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:04:19 +01:00
6a0246e248 Bug 22542: Force back button to display personal data
This is a follow-up of bug 5371

The following command must not return anything:
grep ^output_html_with_http_headers `git grep -l -P "authnotrequired\s*=>\s*0" opac`|grep -v force_no_caching

This must be a test somehwere to prevent further regressions.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-05-02 13:43:48 +00:00
Andrew Isherwood
6d3136c7e8 Bug 20639: (follow-up) Fix population of backends
The OPAC view wasn't correctly restricting the display of backends when
the ILLOpacbackends preference was set.

See the test plan on comment 7

Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-07 20:51:11 +00:00
ef6ad443a8 Bug 20639: Add ILLOpacbackends syspref
This adds the ILLOpacbackends syspref, allowing users to refine the ill
backends available to opac users for initiating ill requests

Remove default assignment for backends

We don't need a default assignment for the ILLOpacbackends assignment,
if the pref isn't set, it returns undef anyway. Also, having this
default assignment actually breaks the fetching of the preference

Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-07 20:51:11 +00:00
Andrew Isherwood
74f2a90324 Bug 20941: (follow-up) Switch 'media' -> 'types'
Clearing up the inconsistency mentioned in comment #35. There is one
place where we use the term 'media' for a template variable, everywhere
we refer to material types as 'types'.

NOTE: This is a breaking change for existing backends that still use
'media'. Of the PTFS Europe backends, only the Koha backend uses it,
this will be modified as necessary. Generally backends will supply this
variable themselves, so the breaking-ness of this change should be
minimal.

No test plan as it's backend dependent.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-31 13:45:57 +00:00
Andrew Isherwood
ad35c9702e Bug 20548: Remove copyright clearance for staff
This patch removes the erroneously added workflow that requires staff
users to agree to the copyright clearance declaration defined in the
ILLModuleCopyrightClearance preference. Only OPAC users should be
required to accept the declaration.

To test:
1) Ensure you have at least one ILL backend available:
  https://wiki.koha-community.org/wiki/ILL_backends
2) Ensure you have the "ILLModule" preference enabled
3) Add some text to the "ILLModuleCopyrightClearance" preference
4) As an OPAC user make an ILL request:
  a) Navigate to a search results page in the catalog
  b) Click the "Make an Interlibrary Loan request" link at the bottom
  c) Choose "Create a new request", then select a backend
  d) Observe the text you added earlier is displayed with buttons for
  agreeing or disagreeing
5) As a staff user, select the "ILL requests" button on the front page of
the intranet site
  a) Choose "Create a new request", then select a backend
  b) Observe that you are NOT prompted to agree to the text you added
  earlier

Assigned-to: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>
Signed-off-by: Barry Cannon <bc@interleaf.ie>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:02:46 +00:00
ab52b1f3ac Bug 20284: Fix minor compilation errors
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-07 11:55:01 -03:00
Andrew Isherwood
1b67f20823 Bug 20284: (follow-up) Added missing 'exit's
This patch adds the exits that were missing after the redirects

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-07 11:55:01 -03:00
Andrew Isherwood
b12d5e7c20 Bug 20284: ILLModuleCopyrightClearance text breaks
This patch fixes the display of the copyright notice text that is defined
in ILLModuleCopyrightClearance preference when placing ILL requests from
the OPAC. Handling of the copyrightclearance stage was missing,
this has been added.

To test:
1) Ensure you have at least one ILL backend available:
   https://wiki.koha-community.org/wiki/ILL_backends
2) Ensure you have the "ILLModule" preference enabled
3) Add some text to the "ILLModuleCopyrightClearance" preference
4) Navigate to a search results page in the catalog
5) Click the "Make an Interlibrary Loan request" link at the bottom
6) Choose "Create a new request", then select a backend
7) Observe the text you added earlier is displayed with buttons for
   agreeing or disagreeing (prior to this patch, this screen displayed
   an error)
8) Observe that clicking "Yes" takes you to the form for adding request
   details
9) Observe that clicking "No" takes you back to the "Interlibrary loan
   requests" page

Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-07 11:55:01 -03:00
84d6c23edd Bug 20536: (ILL) authnotrequired should be explicitly unset on opac
* koha/opac-illrequest.pl - Added explicit setting of authnotrequired

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-11 16:45:09 -03:00
06f9e5fe3a Bug 7317: Handle backend absense more gracefuly
5/ This patch makes Koha::Illrequest->load_backend raise an exception
if the passed backend is invalid. This way we will catch more errors introduced.

The patch also disables the 'New Ill request' when no backends are available. Gets
rid of a related warnings.

Both OPAC and Intranet now display a warning message when no backends
are available.

Tests are added for the load_backend changes.

4/ This patch fixes the path for the checkboxes jquery plugin, and removes the include
for tablesorter, as this implementation uses Datatables. This is obviously code for older
Koha, ported to master.

TODO: There's something wrong on the styling. My idea is to get rid
of the custom column visualization tool, and have it display as regular
DataTables. We can then introduce the use of colvis on a separate bug
report.

Note: POD coverage for the exceptions file is wrongly tested. It is a false positive.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:14 -03:00
Alex Sassmannshausen
8e86b5e093 Bug 7317: Interlibrary loans framework for Koha.
This Commit is at the heart of adding an interlibrary loans framework
for Koha.  The framework does not prescribe a particular workflow.
Instead it provides a general framework that can be extended &
implemented by individual backends whose responsibility it is to
implement a specific workflow.

The module is largely self-sufficient: it adds new tables to the Koha
database and touches only a few files in the Koha source tree.

Primarily, we add our files to the Makefile and the koha-conf.xml,
define ill paths for the REST API, and introduce links from the main
intranet, opac pages & user permissions.

Outside of this we simply add new files & functionality.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:12 -03:00