Bug 28786 added the ability to turn on a two-factor authentication,
using a One Time Password (OTP).
Once enabled on the system, librarian had the choice to enable or
disable it for themselves.
For security reason an administrator could decide to force the
librarians to use this second authentication step.
This patch adds a third option to the existing syspref, 'Enforced', for
that purpose.
QA notes: the code we had in the members/two_factor_auth.pl controller
has been moved to REST API controller methods (with their tests and
swagger specs), for reusability reason. Code from template has been
moved to an include file for the same reason.
Test plan:
A. Regression tests
As we modified the code we need first to confirm the existing features
are still working as expected.
1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to
enable and access the second authentication step
2. Turn it on (enabled) and confirm that you are able to enable it in your account
3. Logout and confirm then that you are able to login into Koha
B. The new option
1. Set the pref to "enforced"
2. You are not logged out, logged in users stay logged in
3. Pick a user that does not have 2FA setup, login
4. Notice the new screen (UI is a bit ugly, suggestions welcomed)
5. Try to access Koha without enabling 2FA, you shouldn't be able to
access any pages
6. Setup 2FA and confirm that you are redirected to the login screen
7. Login, send the correct pin code
=> You are fully logged in!
Note that at 6 we could redirect to the mainpage, without the need to
login again, but I think it's preferable to reduce the change to
C4::Auth. If it's considered mandatory by QA I could have a look on
another bug report.
Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We need to replace 0 with 'disabled', and 1 with 'enabled'
Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This amends the system preference description for PrefillItem
to explain what happens when the pref is left empty.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I'll try to keep the test plan simple:
* Go to patron account in OPAC
* Verify that the your from the beginning of the tab
descriptions has been removed
Bonus: This moves the Recalls history tab below the Holds history
as this is the more logical place for it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes not required (for now) query parameters as we can
query using q= on those. They can be added back eventually, if needed.
Attributes now match the database as well.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This feature is awesome, but it's modals all feel a bit off.. this is an
improvement to one of them, but far from perfect.
I opt to work with Owen to create a guideline (and template) for modals going
forward and let this patchset go in as is.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Another minor rebase issue I believe.. relocate the 'Save search as
filter' link back up to sit next to 'Edit this search'.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patchset adds a new ability to save searches on the staff client, and display them in the results
page on staff or opac as a new filter.
New filters can be added from the resuilts page after a search, and there is an admin page for updating
deleting and renaming filters
There is a new permission to control management of these filters
New filters can be added that are not displayed along with facets, this allows for building custom links
using these filters to keep URLs shorter
Due to bug 30528 testing in ES is recommended
To test:
1 - Apply patches and update database and restart all
2 - Enable new system preference 'SavedSearchFilters'
3 - As superlibrarian perform a search in staff client, something broad like 'a'
4 - Note new 'Save search as filter' link on results page
5 - Click it, save search as new filter, check 'Staff client' visibility
6 - Perform another search
7 - Note the filter now appears above facets
8 - Click to it filter results
9 - Note results are limited by the new filter, and it is checked in the facets
10 - Confirm click the [x] removes the filter
11 - Go to administration->search filters
12 - Confirm the filter appears
13 - Edit and mark as OPAC visible
14 - Test OPAC to ensure it shows and can be applied/removed
15 - Copy URL with filter applied
16 - In adminsitration mark filter as not visible on staff or opac
17 - Confirm link above still works
18 - Create a new staff with catalogue and search filters permission
19 - Ensure they can access/save filters
20 - Remove filter permission and ensure they cannot
21 - Disable system preference
22 - Confirm links to search filters page are removed from admin home and admin sidebar
23 - Confirm filters do not appear on results and cannot be created
24 - Enable pref
25 - Create a filter
26 - From search filters page, click 'Edit search'
27 - Confirm you are taken to advanced search page letting you know which filter you are editing
28 - Confirm you can change searhc options and save
29 - Confirm you can perform the search from this page
Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch displays the filters on the results pages with the facets
Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds the new table, permission, and a syspref to enable the feature
Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Moves the div up a few levels to the heading for this part of the page
is included. This also makes it consistent with the page-section for
"Manage orders" directly above.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. Go to the Acquisitions home page.
2. Look and the bugdets and funds table and notice the page-section class.
3. Make sure everything looks good.
Note: I made some indentation changes.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. Apply patch
2. Set the system preference 'StockRotation' to enable.
3. Go to Cataloging / Stock rotation
4. Add some new rotas
5. Make sure the page looks good with the new page-section div
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. Apply patch
2. Go to the rotating collections page. Tools / Rotating collections
3. Add some new collections
4. Note that the page looks good with the new page section div.
Note:
I made some indentation changes and fixed a small typo where the 'dropdown-toggle' class was not being properly applied.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes a minor modification to the padding and margin of
<fieldset class="action"> nested in a .brief fieldset. This markup is
seen most often in sidebar filter form. The change allows the submit
button to line up better with other form fields.
The patch also corrects and inconsistency by modifying the holds queue
template so that the .action fieldset is inside the .brief fieldset.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client)
- If necessary, place one or more holds for pickup at your logged-in
library and rebuild the holds queue
(misc/cronjobs/holds/build_holds_queue.pl)
- Go to Circulation -> Holds queue.
- The form should look correct.
- Submit the form and check the form in the sidebar. It should look
correct as well, with the submit button aligned left with the other
form fields.
- Check pages with similar sidebar forms, e.g.:
- Administration -> Budgets -> Funds -> Planning
- Circulation -> Overdues
- Circulation -> Holds to pull
- Acquisitions -> Invoices -> Search results
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
OK.. colors are hard!.. This patch increases the 'lighten' parameter a
little and hopefully improves the headers and footers of modals slighty
back to being less 'bright' green.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes some tweaks to the style of Bootstrap modals in the
staff interface, including making a correction to the style of .dialog
<div>s within modals.
The patch makes a correction to the modal markup generated by the guided
reports template for SQL previews so that the modal footer displays
correctly.
The patch also removes CSS which makes links inside headings the same
color as the heading text. The effect of this was to make links
invisible in the headings of hold confirmation modals.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Test the hold confirmation modal in check-in:
- Place a hold on an available title.
- Check in an item from that record and confirm that the modal
looks correct. The "Check in message" box should take up the whole
width of the modal, and the links in the modal header should be the
standard green.
- Test the SQL preview modal in reports:
- Go to Reports -> Use saved.
- Click the actions menu associated with one of your saved reports and
choose "Preview SQL." The modal should look correct.
- Other modals which might be tested: MARC previews from the
bibliographic detail page, the cataloging search page, the Z39.50
search page, etc.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds hinting to display the required state of the cash
register fields.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a row to the transactions table for credits without
corresponding offsets
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The payment type include has changed since the patch was first written,
we now require a 'type' is passed to properly set the field name.
This should fix the 'bankable' issue raised.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds the register and transaction type selection options to
the manual credit page.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a very simple controller and template to allow patron
slip printing without all the boilerplate.
See bug 31713 for an example use.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch modifies CSS related to the "Remove from cart" button
associated with bibligraphic record views. A change in specificity of
buttons made by Bug 30952 made it so that the button was no longer
hidden correctly.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Locate a bibliographic record in the staff interface and view the
detail page.
- In the toolbar you should see an "Add to cart" button but not a
"Remove from cart" button.
- The buttons should correctly toggle on and off as you add and remove
the title from the cart.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch gives the fieldset on member-password.tt the class row. It also moves the hints below the list.
To test:
1. Apply patch
2. Pull up a patron record and go to 'Change password'.
3. Make sure the form now looks good.
4. Also check and make sure the form is still functional.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Submit button in renew page is the most important action on this form, it should be yellow
Test plan :
1) Go to renew page /cgi-bin/koha/circ/renew.pl
2) Check submit button 'Submit' as class 'btn-primary' and is yellow
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes no changes which affect the style of the page.
All changes are corrections to formatting.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes some minor tweaks to the CSS controlling the appearance
of the toolbar shown in the basic cataloging editor.
To test, apply the patch and go to Cataloging -> New record.
- Confirm that the page looks correct, with the toolbar the same width
as the main content of the page.
- Confirm that the toolbar looks correct when you scroll and the toolbar
"floats"
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds "page-section" divs to the MARC modification templates
template so that sections are properly defined and content has adequate
contrast.
Note: The patch includes indentation changes, so please ignore
whitespace when checking the diff.
To test, apply the patch and go to Cataloging -> MARC modification
templates.
The main content should be surrounded by a white box whether you're
looking at the list of templates, the the action add/edit form.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test translation:
1. Apply patch and update your po files using:
https://wiki.koha-community.org/wiki/Translating_Koha#Updating_the_po_files_in_your_installation
2. Verify the string appears in po files now and translate it
3. Install the language
To test functionality:
1. Turn on recalls
1.1. In Administration > Global system preferences, enable UseRecalls
1.2. Add recalls permissions in your circulation rules
2. In the OPAC, log in as a patron
3. Find a record with checked out items and place a recall
4. In the intranet, go to the patron file of the patron who currently has that item checked out
--> In the Checkouts table at the bottom of the page, there is a red message next to the recalled title
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When placing a hold in staff, the 'Place hold' button should be yellow for the most important action on this form.
Patch changes this button from btn-default to btn-primary.
Test plan :
Play with placing hold, one and several, with cases :
- normal
- override required
- none available
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Check in button in check in page is the most important action on this form, it should be yellow
Test plan :
1) Go to check in page /cgi-bin/koha/circ/returns.pl
2) Check submit button 'Check in' as class 'btn-primary' and is yellow
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes some markup which duplicates markup now in a
separate include file. modal-claims.inc contains the same
markup for #claims-returned-modal as checkouts.table.inc.
To test, apply the patch and make sure a LOST authorized value code
is defined in the ClaimReturnedLostValue system preference.
- Check an item out to a patron, e.g. item 39999000001334 to patron
23529000179433.
- In the table showing the patron's checkouts, click the "Claim
returned" button.
- A "Claim returned" modal should appear.
- Click "Make claim."
- Switch to the "Claims" tab. You should see the item listed there.
- Check out another item, e.g. 39999000013313, to the patron and test
the return claim process again from the patron detail page.
- Check out another item, e.g. 39999000018691, to the patron with a due
date specified which is in the past.
- Go to Circulation -> Overdues. You should see the item in the list of
overdues. Test that the "Claim returned" button works correctly on
this page too.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Set searchable to false for opac_info.
Test plan:
Check if DT search for libraries works again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Reverted the data/render function change as requested
by Jonathan. Considering the fact that dataTables or custom
extensions do not check col.data.split as a clear bug btw.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch reinstates the cat-menu.inc include and references it from
the various 'tools' that are closely tied to cataloging.
We use the new cataloging home page submission as a reference for which
options should appear in the menu.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This migrates the start page to the new page structure using
WRAPPERs instead of includes. One visible problem before
was the missing help link.
Also makes sure the help link leads to the correct page :)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a new cataloging-home template and controller and
replaces most cases of links to addbooks. This serves to provide a new
cataloging home page for the cataloging module and keeps it distinct
from the current addbooks page it partially replaces as a starting point
for cataloging.
We migrate most cataloging related tools from the 'Tools' module whilst
opting to move 'Rotating collections' to the 'Circulation' section of
the 'Tools' homepage. We also add links to the cataloging tab of system
preferences and a the adminstration pages if the user has the correct
permissions to have access to these areas.
Signed-off-by: KIT <michaela.sieber@kit.edu>
Signed-off-by: Emmanuel Bétemps <e.betemps@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This adds a note to the circulation rules page that already
explained about ReservesControlBranch to also include information
about the new CircControlReturnsBranch system preference.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Rephrased in hope to make its use a little clearer:
* 'logged in at' replaced with 'checked in at' keeping self checks in mind
* 'At checkin' rephrased a bit to explain possible options
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
1) Apply this patch
2) Run updatedatabase.pl
3) Verify CircControlReturnsBranch is set to home library by default
4) Set a Return policy for Branch A to "Item returns home" ( homebranch )
5) Set a Return polity for Branch B to "Item returns to issuing library" ( holdingbranch )
6) Set a Return polity for Branch C to "Item floats" ( noreturn )
7) Create an item with homebranch of Branch A, holding branch of branch B
8) Log in as Branch C
9) Set CircControlReturnsBranch to "the library the item is currently held by"
10) Check the item in, note it should be returned to the holding library
11) Set CircControlReturnsBranch to "the library the item is owned by"
12) Check the item in, note it should be returned to the home library
13) Set CircControlReturnsBranch to "the library you are logged in at"
14) Check the item in, note it should float
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. Apply patch
2. Make some holds and then run build_holds_queue.pl
3. Look at the holds queue and make sure everything looks right with the new page-section.
Note:
I made some indentation and whitespace changes.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>