Test plan:
Try modrequest with a user having only 'catalogue' perms and the following URLs:
[1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX
Fill the XXs with correct identifiers for some item level hold.
[2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX
Fill the XX with borrowernumber for borrower that has pending holds.
You should see: Error: You do not have permission to access this page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[AMENDED] More consensus for using reserveforothers than circulate_remaining.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the sandboxing of the selfcheckout more robust by
adding a "sco_user" session variable which is turned on when
logging into the self-checkout (either by AutoSelfCheckAllowed or manually).
If a user with this session variable turned on tries to access
other parts of the system (like the rest of the OPAC), it will
"kick out", so that the browser user will lose the authenticated session.
Test plan:
1) Apply the patch
2) koha-plack --restart kohadev
3) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4) Note that you are logged into the self-checkout
So you see the login screen specific to the self-checkout.
To log with the actual patron. It's a nested auth.
5) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
6) Note that you are not logged into the OPAC
7) Log into the staff interface and disable the
system preference AutoSelfCheckAllowed
8) Log out of the staff interface (this step is very important)
9) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
10) Note that you are prompted to log into Koha
11) Login using the "koha" user (when using koha-testing-docker)
12) Note that you are logged into the self-checkout
13) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
14) Note that you are not logged into the OPAC
Without the patch you would still be logged as "koha"
15) Go back to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
16) Note that you will need to log in again as you've lost your
session cookie
Without the patch you will still be logged in the self-checkout
Voila!
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Cardnumber already had it set, adding for username and password
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This updates the language to warn users of risk if using cardnumber for login and auto-self-check is enabled
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Checkin or renew must be restricted to the items they own.
Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1
You should see an error message
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!
This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.
Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Mojo::JWT is installed already, it's not a new dependency.
We need a way to send the patron a token when it's correctly logged in,
and not assumed it's logged in only if patronid is passed
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
It's not used in template
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
It's not needed, we have $patron
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test the process of adding a subscription, entering both a valid vendor
ID and a non-existent vendor ID. The non-existent vendor ID should
trigger a validation alert.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test, perform a search in the catalogue and verify that search term
highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test the process of searching for and selecting an authority record for
use in the basic MARC editor.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Check that mandatory tags and subfields are correctly required when
editing an authority record.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test that preference search term highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the tests set debit_id to undef instead of random data.
This way tests don't break when $article_request->cancel is invoked and
a refund is tried.
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/Letters/TemplateToolkit.t
=> FAIL: Boo, tests fail, random garbage is not a debit
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests pass!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the tests set debit_id to undef instead of random data.
This way tests don't break when $article_request->cancel is invoked and
a refund is tried.
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/Letters/TemplateToolkit.t
=> FAIL: Boo, tests fail, random garbage is not a debit
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests pass!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Unknown column 'patron_expiration_date' in 'field list'
The REST API routes don't need to be aware of the new column patron_expiration_date
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 21729 added to holds table the column patron_expiration_date.
Currently test suite is failing :
https://jenkins.koha-community.org/view/master/job/Koha_Master_D10/516/testReport/
We must fix where TestBuilder is creating with source Reserve and data expirationdate :
t/db_dependent/Holds/WaitingReserves.t
t/db_dependent/Reserves/CancelExpiredReserves.t
Note that t/db_dependent/Reserves/CancelExpiredReserves.t does not fail
without this patch but surely we prefere change it also.
Test plan :
prove t/db_dependent/Holds/WaitingReserves.t
prove t/db_dependent/Reserves/CancelExpiredReserves.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test plan:
Run updatedatabase.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test plan:
Look good at this change, or do a new install :)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds the Yiddish language to Koha. The language codes were
taken from https://www.loc.gov/standards/iso639-2/php/code_list.php
Sponsored-by: Universidad Nacional de San Martín
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
reason and cancellation_reason was inversed, and the enum values were
lower cases
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
It's a PK now
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
NOT NULL was missing when MODIFY
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Up to 50 on bug 23797 but bug 24387 switched it back to 25 (bad
resolution conflict)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Added 100 on 210600016, but 20 in kohastructure
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bad copy paste on the foreign_key_exists condition
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch removes the use of a specific "title-numeric" sorting routine
from the DataTables configuration of the "Most popular" table. We can
use a "data-order" attribute instead.
The patch also removes the now unused code from our custom DataTables JS
file in both the OPAC and the staff interface (where it was unused).
To test, apply the patch and make sure the OpacTopissue system
preference is enabled.
- In the OPAC, view the "Most popular" page.
- Change the filter settings, if necessary, to get multiple results.
- In the results table, confirm that sorting by number of checkouts
still works correctly.
A search of the code for instances of "title-numeric" should return only
one in a comment in the official DataTables library.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test:
-Go to Administration > Authorized values
-In any category, new or existing, look at an authoized value.
-The description and OPAC description inputs both have a maxlenght of 200 but you cannot see very many characters.
-Apply patch
-Look again, the inputs are much bigger and you can see many more characters.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test:
1- Before applying the patch add some content to the system preference
OpacMoreSearches
2- Apply patch
3- restart_all and updatedatabase
4. Go to additional-content.pl ( HTML customizations )
5. You should now see your content from the system preference under
OpacMoreSearches in HTML customizations
6. Try searching for the system preference, OpacMoreSeaches. It has been
removed and you should not be able to find it.
7. Try changing/removing/adding content from OpacMoreSearches in HTML
customizations
8. Make sure your edits are reflected when you look at the
OpacMoreSearch area in the OPAC.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch restores the "Clear date to suspend indefinitely" link
associated with the "Suspend all holds" date input field.
The patch also introduces a generic ".clear-flatpickr" click handler for
Flatpickr instances.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds the "futuredate" attribute to the "Hold not needed
after" date field in the OPAC hold process.
To test, apply the patch and log into the OPAC.
- Locate a bibliographic record and being the process of placing a hold.
- Click "Show more options" to display the date fields.
- If the OPACAllowHoldDateInFuture system preferences is enabled:
- Set "Hold starts on date" to a date in the future.
- Trigger the date-picker in the "Hold not needed after" field: You
should be limited to dates *after* the date you selected above.
- If OPACAllowHoldDateInFuture is disabled:
- The "Hold starts on date" will no longer be present.
- Trigger the date-picker in the "Hold not needed after" field: You
should be limited to dates after today.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch reworks the process of suspending an individual hold from the
patron's hold list. Instead of repeating the modal markup in each line
of the holds table, a single modal is re-used.
A "focus: false" is added to the modal via a data-attribute in order to
overcome problems with selecting months and using keyboard navigation in
the calendar popup.
To test, apply the patch and log into the OPAC as a user with holds.
- View the holds tab under "Your summary."
- Click the "Suspend" button next to one of the holds.
- You should see a modal which shows the title of the item in question.
- Test that the date picker works correctly:
- Test selecting a month and year
- Test selecting a date both with the mouse and by using arrow keys.
- Test that you can clear the selected date both by clicking the X and
by clicking the text link.
- Select a date and close the modal without submitting the suspension.
- Click the "Suspend" link on another title to confirm that the date
picker still works correctly.
- Submit a suspension and confirm that the it completes successfully.
-
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
I missed the "Suspend all holds" date input in previous patches.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds Flatpickr assets to the OPAC (JS and SCSS). A few pages
are updated to use Flatpickr instead of jQueryUI datepickers.
jQueryUI CSS files are updated because they contain some font family
definitions which are simple to remove but overly complicated to
override. Without this change some Font Awesome icons are broken when
they appear inside jQueryUI widgets like tabs.
We don't run the risk of having this change overwritten by a future
jQueryUI upgrade because there won't be any more.
To test, apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Log into the OPAC and check that date pickers on the following pages
work correctly, including month selection, year selection, forward
and back arrows, and "Clear date" controls:
- Go to the "Your personal details" page.
- Check the "Date of birth" field.
- With SuspendHoldsOpac enabled, view the "Your summary" page for a
patron with pending holds.
- Click "Suspend" to confirm that the "Suspend until" datepicker
works correctly for more than one hold.
- From the catalog search results page, select multiple results and
click the "Place hold" link.
- On the hold confirmation page, click "Show more options" to test
the "Hold starts on date" (with OPACAllowHoldDateInFuture enabled)
and the "Hold not needed after" fields.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test:
1. Do a Z39.50/SRU search
2. In the search results click on MARC to get the MARC preview. Choose
something with lots of MARC data so it is both wide and long.
3. See the Y axis scrollbar
4. You must scroll bottom of the modal to see the X axis scrollbar,
annoying.
5. Apply patch
6. Try steps 1-4 again. This time you should see the X axis scrollbar
without having to scroll to the bottom.
7. It's not a bad idea to test in multiple browsers.
Note: I also put the CSS onto multiple lines to increase readability
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Button [Add multiple items] stops responding when it's pressed and some multiple items added to basket
It has a "visibility: hidden" we are trying to remove setting "display:
inline"
This is pretty ugly and certainly does not clean the code, but it's too
messy and this patch fixes the problem easily.
Test plan:
Add a new order
Click "Add multiple items", enter "2", click "Add".
Confirm that you can use the "Add multiple items" again.
Signed-off-by: Samu Heiskanen <samu.heiskanen@hypernova.fi>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
