Koha-community/Koha - Koha - Koha: The world's first free and open source library system

Commit Graph

Author	SHA1	Message	Date
Marcel de Rooy	7175627cb6	Bug 24151: (QA follow-up) Fix POD warnings from QA tools POD is missing for get_hash POD is missing for new_from_statistic POD is missing for 'object_class' Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	4 years ago
Marcel de Rooy	716e520355	Bug 24151: (QA follow-up) Correct license in two modules Still listing the address.. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	4 years ago
Jonathan Druart	5ce968e0e5	Bug 24151: Copy info to the pseudonymized table when a transaction is done This is the commit where you will find useful information about this development. The goal of this new feature is to add a way to pseudonymize patron's data, in a way they could not be personally identifiable. https://en.wikipedia.org/wiki/Pseudonymization There are different existing way to anonymize patron's information in Koha, but we loose the ability to make useful report. This development proposes to have 2 different tables: * 1 for transactions and patrons data (pseudonymized_transactions) * 1 for patrons' attributes (pseudonymized_borrower_attributes) Entries to pseudonymized_transactions are added when a new transaction (checkout, checkin, renew, on-site checkout) is done. Also, anonymized_borrower_attributes is populated if patron's attributes are marked as "keep for pseudonymization". To make those informations not identifiable to a patron, we are having a hashed_borrowernumber column in pseudonymized_transactions. This hash will be generated (Blowfish-based crypt) using a key stored in the Koha configuration. To make things configurable, we are adding 3 sysprefs and 1 new DB column: * syspref Pseudonymization to turn on/off the whole feature * syspref PseudonymizationPatronFields to list the informations of the patrons to sync * syspref PseudonymizationTransactionFields to list the informations of the transactions to copy * DB column borrower_attribute_types.keep_for_pseudonymization that is a boolean to enable/disable the copy of a given patron's attribute type. Test plan: 1/ Turn on Pseudonymization 2/ Define in PseudonymizationPatronFields and PseudonymizationTransactionFields the different fields you want to copy 3/ Go to the about page => You will see a warning about a missing config entry 4/ You need to generate a key and put it in the koha-conf.xml file. The following command will generate one: % htpasswd -bnBC 10 "" password \| tr -d ':\n' \| sed 's/$2y/$2a/' Then edit $KOHA_CONF and add it before of the end of the config section (</config) it should be something like: <key>$2a$10$PfdrEBdRcL2MZlEtKueyLegxI6zg735jD07GRnc1bt.N/ZYMvBAB2</key> 5/ Restart memcached then plack (alias restart_all) => Everything is setup! 6/ Create a new transaction (checkin for instance) => Confirm that a new entry has been added to pseudonymized_transaction with the data you expect to be copied 7/ Edit some patron attribute types and tick "Keep for pseudonymization" 8/ Create a new transaction => Confirm that new entries have been added to pseudonymized_borrower_attributes 11/ Delete the patrons => Confirm that the entries still exist in the pseudonymized_* tables 12/ Purge the patrons (ie. use cleanup_database.pl to remove them from the deleted_borrowers table) => Confirm that the entries still exist in the pseudonymized_* tables See bug 24152 to remove data from the anonymized_* tables Sponsored-by: Association KohaLa - https://koha-fr.org/ Signed-off-by: Signed-off-by: Sonia Bouis <sonia.bouis@univ-lyon3.fr> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	5 years ago
Kyle Hall	7d15ff3404	Bug 23727: Editing course reserve items is broken Adding an item to course reserves and trying to edit any values in a second step does not work. Values are not saved and the table shows all values as "Unchanged". This patch set adds two new sets of columns to the course_items table. The first set determines if the specified column should be swapped or not. The was previously 'implied' by the column being set to undef which has been the root problem with that way of knowing if a column should swap or not. The second set of new columns are for storing the item field values while the item is on course reserve. Previously, the column values were swapped between the items table and the course_items table, which leaves ambiguity as to what each value is. Now, the original columns always store the value when the item is on course reserve, and the new storage columns store the original item value while the item is on reserve, and are NULL when an item is not on reserve. Test Plan: 1) Apply this patch 2) Add and edit course items, not the new checkboxes for enabling fields 3) Everything should function as before Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>	4 years ago
Kyle Hall	6229b51d66	Bug 23727: Add Koha Object(s) related to course reserves Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>	4 years ago
Nicolas Legrand	c5f4a558c6	Bug 13881: Add desk management Add a desk and linked it to a library (branch). That's it. In the future it'll have super features like being able to link waiting reserve to a specific desk. Test plan: 1. go to the administration page and notice there isn't any mention of desk whatsoever 2. apply patches 3. ./installer/data/mysql/updatedatabase.pl 4. prove t/db_dependent/Koha/Desks.t 5. you now have desks links in admin-home and admin-menu 6. click the link 7. add a desk 8. add another one 9. delete one 10. you should have a fair list of all current desks defined 11. Done Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>	5 years ago
Joonas Kylmälä	86bc36508f	Bug 18936: (QA follow-up) Add missing POD Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>	4 years ago
Jesse Weaver	18570614c4	Bug 18936: (follow-up) Update REST definition for /.../kinds Signed-off-by: Minna Kivinen <minna.kivinen@hamk.fi> Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>	7 years ago
Jesse Weaver	f2dfa17f0e	Bug 18936: (follow-up) Add foreign key and scope enhancement to circ rules This necessitates moving the circ rules from using '*' to using undef/NULL. Signed-off-by: Minna Kivinen <minna.kivinen@hamk.fi> Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>	7 years ago
Tomás Cohen Arazi	3ada121431	Bug 20402: Add missing POD Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	6 years ago
Julian Maurice	43a4b3c22c	Bug 20402: Implement OAuth2 authentication for REST API It implements only the "client credentials" flow with no scopes support. API clients are tied to an existing patron and have the same permissions as the patron they are tied to. API Clients are defined in $KOHA_CONF. Test plan: 0. Install Net::OAuth2::AuthorizationServer 0.16 1. In $KOHA_CONF, add an <api_client> element under <config>: <api_client> <client_id>$CLIENT_ID</client_id> <client_secret>$CLIENT_SECRET</client_secret> <patron_id>X</patron_id> <!-- X is an existing borrowernumber --> </api_client> 2. Apply patch, run updatedatabase.pl and reload starman 3. Install Firefox extension RESTer [1] 4. In RESTer, go to "Authorization" tab and create a new OAuth2 configuration: - OAuth flow: Client credentials - Access Token Request Method: POST - Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token - Access Token Request Client Authentication: Credentials in request body - Client ID: $CLIENT_ID - Client Secret: $CLIENT_SECRET 5. Click on the newly created configuration to generate a new token (which will be valid only for an hour) 6. In RESTer, set HTTP method to GET and url to http://$KOHA_URL/api/v1/patrons then click on SEND If patron X has permission 'borrowers', it should return 200 OK with the list of patrons Otherwise it should return 403 with the list of required permissions (Please test both cases) 7. Wait an hour (or run the following SQL query: UPDATE oauth_access_tokens SET expires = 0) and repeat step 6. You should have a 403 Forbidden status, and the token must have been removed from the database. 8. Create a bunch of tokens using RESTer, make some of them expires using the previous SQL query, and run the following command: misc/cronjobs/cleanup_database.pl --oauth-tokens Verify that expired tokens were removed, and that the others are still there 9. prove t/db_dependent/api/v1/oauth.t [1] https://addons.mozilla.org/en-US/firefox/addon/rester/ Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	6 years ago

3 Commits (bbf0d21284924d6b7529017fc78178b98242aaee)