If something explodes in Koha::REST::V1::Auth chances are that no logging will happen.
This patch makes sure they are!
To test:
1. Make sure you do NOT have 36420 on your tree
2. Make sure you are looking at the logs:
$ ktd --shell
k$ koha-plack --restart kohadev; tail -f /var/log/koha/kohadev/*.log
3. Use Postman or similar for hitting some known endpoint. Use
the user's cardnumber instead of the userid. On a default KTD launch, the
generated user's cardnumber is '42'.
GET /patrons
=> FAIL: You get a 500 error (expected, fixed on 36420) but no useful logging found.
4. Apply this patch
5. Ctrl+c on the logs and re-run the command
6. Repeat 3
=> SUCCESS: You get a 500, but you also get the exception information logged!
7. Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[OK] prove t/db_dependent/api/v1/items.t t/db_dependent/api/v1/unhandled_exceptions.t
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Test from OPAC. Any item group without items in it should not display as an option in the "Request specific item group:" dropdown
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Enable EnableItemGroups and EnableItemGroupHolds
2. Find a bib and add an item group but do not attach any items to the item group.
3. Place a hold from the staff interface.
4. Under Hold next available item from an item group you see the option for your item group, select it and place the hold.
5. It's a hold that can not be filled
6. APPLY PATCH
7. How on the hold page under Hold next available item from an item group there is a 3rd column called 'Holdable items'.
8. Your item group, without any items, should have a disabled radio button and a warning "No holdable items in this item group."
9. Add items to your item group.
10. Now on the hold page in the new 'Holdable items' you should see links for each item, make sure those links work.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Some system preference descriptions have been updated in order
to replace "books" with items, checkouts or bibliographic records.
To test:
* Check system preference descriptions for following system
preferences with and without the patch applied:
* virtualshelves
* AutoSwitchPatron
* SyndeticsSeries
* OPACFineNoRenewals
* OpacRenewalAllowed
* If they read better than before, sign off :)
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Make a new suggestion in the staff interface and attempt to set the "Created by" patron to someone other than the logged in user.
2. Submit the suggestion.
3. select suggestedby from suggestions where suggestionid = X; ( Where X is the suggestionid )
4. The value is NULL
5. On suggestion/suggestion.pl the "Suggested by" column is blank.
6. APPLY PATCH
7. Try 1 - 3 again. This time the suggestedby should be correctly set.
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Running cataloguing pluings (in cataloguing/value_builder) now requires
authentification.
This patch adds in failing unit tests a mock of C4::Auth::check_cookie_auth
Test with:
prove t/db_dependent/FrameworkPlugin.t t/db_dependent/Koha/UI/Form/Builder/Biblio.t t/db_dependent/Koha/UI/Form/Builder/Item.t t/db_dependent/Serials.t
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This can certainly be improved to adjust the permissions, but at least
they are no longer opened to the world..
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Installer scripts cannot be run from the UI:
debian/templates/apache-shared-intranet.conf:RewriteRule ^/cgi-bin/koha/(C4|debian|etc|installer/data|install_misc|Koha|misc|selenium|t|test|tmp|xt)/|\.PL$ /notfound [PT]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
It is not used, if we need it back it must be moved to misc.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://localhost:8081/cgi-bin/koha/docs/CAS/CASProxy/examples/proxy_cas.pl
Test plan:
Hit the link
=> Erk
Copy the apache config to /etc/koha/apache-shared-intranet-git.conf
restart_all
Hit the link
=> 404
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1. Log out
2. Go to /cgi-bin/koha/mainpage.pl#somestring"with<html>char
3. Open the brower's inspector and find "auth_forwarded_hash" input
4. Make sure the value attribute is there and corresponds to the URL's
fragment. It should be URI-encoded.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fixed some typos in bug numbers and text.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.
Test plan:
* review subtest 'Template toolkit syntax in
parameters' in t/db_dependent/Letters.t
* Run the unit test:
prove t/db_dependent/Letters.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
defer_loading is now a patron_search_js BLOCK param - default on
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
It seems that we loop all categories and item types to build the circ
matrix. We should only loop over values that have actually been used
in circulation rules.
Test Plan:
1) Create 1000 itemtypes and category codes. You can use the following
script:
use t::lib::TestBuilder;
my $builder = t::lib::TestBuilder->new();
$builder->build( { source => 'Category' } ) for 0..1000;
$builder->build( { source => 'Itemtype' } ) for 0..1000;
2) Note the lengthy load time for smart-rules.pl
3) Apply this patch
4) Restart all the things!
5) Reload the page
6) Note the much faster load time!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When importing patrons we assume a default of '' for borrower columns not supplied in the file.
When saving we compare the new object we built to the one form the database - for columns are that are not text type we get undef from the db and '' in the object we make. This means we see a difference and log into the BorrowersLog:
"date_renewed" : {
"after" : "",
"before" : null
},
"dateofbirth" : {
"after" : "",
"before" : null
},
"debarred" : {
"after" : "",
"before" : null
},
"flags" : {
"after" : "",
"before" : null
},
"gonenoaddress" : {
"after" : "",
"before" : null
},
"lost" : {
"after" : "",
"before" : null
},
"password_expiration_date" : {
"after" : "",
"before" : null
},
"sms_provider_id" : {
"after" : "",
"before" : null
}
}
This can mean a lot of useless logging in sites that do automated imports
Test Plan:
1) Enable 'BorrowersLog' system preference
2) Import the borrowers file attach do this bug report file, matchig on cardnuber, and overwriting
Contents of the borrowers file are :
surname,firstname,branchcode,categorycode,cardnumber,dateenrolled,patron_attributes,lastseen
Acosta,Ednb,CPL,PT,23529001000463,02/01/2013,,
3) Check the logs, note the modification of columns that have no date
4) Import the file again with the same settings
5) Note the new action log
6) Apply this patch
7) Restart all the things!
8) Import the file again with the same settings
9) Note no new action log was created!
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
As Emmy stated on comment9, this line is indeed unneeded (and wrong).
A successful cud-insert/cud-save does not come here.
And it is set for add_form, edit_form and duplicate later on.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
If an error occurs while adding new patron, after fixing the error and
hitting save, patron entry page reloads to "Modify patron" section
and error "Patron not found. Return to search" is displayed. But no
patron is saved.
This happens because we declare template param op too early in the
code and it receives value "cud-insert" instead of "add_form" as it should.
To test:
1. Add new patron and cause an error (wrong age etc.).
2. Attempt to save patron, error message is displayed.
3. Fix your errors and attempt to save again.
=> Error message "Patron not found. Return to search" is displayed and new
patron is not saved to database.
4. Apply this patch.
5. Repeat steps from 1 to 3.
=> Saving patron should now work.
=> To be save, test if modifying patron also works as it should.
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
These tests highlight the fact that the 'place hold' button visibility in the
search results page **does not** match the 'place hold' button visibility in
the detail page, given the same conditions.
Since that this is a known behavior, these tests should be commented out as they
are failing by design.
prove t/db_dependent/selenium/opac_holds.t
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tests added to cover different use cases and combinations of circulation rules values for authenticated and unauthenticated users
At the moment, 2 tests are failing, documented on the [DO NOT PUSH] commit.
These 2 failing tests fail for the search results page but pass on the detail page counterpart. Ideally they should match, for consistency sake.
But this may be the use case "details page should be more correct, results page is always an approximation" mentioned by Nick.
More test combinations may be added in the future.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Same chanegs as before, but for MARC and ISBD details pages
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch tries to simplify some of the logic here to match that on the search results. When we don't have a patron, we fallback to determining if an item can be held buy determining whether there are any items that don't have holds disallowed at the all libraries level. We also remove items with non-holdable statuses like withdrawn etc (and check some system preferences)
If we don't have a patron, then we are done, however, if we do, then we need to check each item against the policies related to that patron.
This patch also removes two checks at the end:
CountItemsIssued($biblionumber)
$biblio->has_items_waiting_or_intransit
These seem to be from bug 4319 - however, those rules are checked by IsAvailableForItemLevelRequest and are only relevant when we have a patron. These checks essentially assumed 'onshelfholds' policy of 'If any unavailable' For consistency sake I think we should follow the same logic as the results page.
To test:
1 - Find a record with two items, of different types, set a 'Default checkout, hold and return policy' of 'No holds allowed'
2 - Search opac, not logged in, and verify neither the results page or details page shows the place hold button
3 - Delete that rule, make both items withdrawn
4 - Search opac, not logged in, and verify neither the results page or details page shows the place hold button
5 - Mark one item as not withdrawn
6 - Search opac, not logged in, and verify both the results page or details page shows the place hold button
7 - Log in to opac
8 - Search opac, logged in, and verify both the results page or details page shows the place hold button
9 - Place an 'On shelf holds policy' rule for that patron category of 'If any unavailable'
10 - Search opac, logged in, and verify the results and details page shows the place hold button
11 - Set the other item to not withdrawn
12 - Search opac, logged in, and verify the results page shows the place hold button, but details does not
13 - Try various other scenarios - details page should be more correct, results page is always an approximation
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We need to set the content type to application/json for the svc scripts
returning json
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Add some checkouts and load the issues-table
2. Select 'Check in' checkbox for that item and click "Check in selected items"
3. The row becomes read and reads "Unable to check in"
4. Reload the page, the item has actually checked in
5. Try the 'Renew' checkbox and click "Renew selected items"
6. It just spins and spins.
7. Reload the page, the item has actually renewed.
8. APPLY PATCH and restart_all
9. Try the steps again and this time everything should work properly.
10. tests these URLs
http://localhost:8081/cgi-bin/koha/svc/recallhttp://localhost:8080/cgi-bin/koha/svc/club/enrollhttp://localhost:8081/cgi-bin/koha/svc/mana/increment : empty response
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch updates the cookie consent template logic to always display
the 'Accept essential cookies' button and only expose the 'Accept all
cookies' button when there are additional cookies to accept, i.e. when
JSConsents is populated.
Test plan
1) Enable CookieConsent
2) Note you see 'Accept essential cookies' in both OPAC and Staff client
until you have accepted them
3) Add a cookie to ConsentJS
4) Note that you will now see 'Accept all cookies' as well as the 'Accept
essential cookies' button.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch moves the "More informatin" button outside of the JSConsents
block so that you are able to access the information modal regardless of
whether you have tracking cookies added to your configuration or not.
Test plan
1) Enable CookieConsent
2) Note that the 'More information' button now appears in the footer on
both staff and opac until you have accepted cookies.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds the appropriate table classes to the Popup html
customisation block. This ensure we have proper table display formatting
in the modal on the OPAC.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The modal is not always about consent, but rather about displaying the
libraries cookie policy. It makes sense to update the heading to reflect
that.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds some default html customisation content for the cookie
consent feature.
Test plan
1) Run through the installer and pick to import the sample news items
2) Confirm that after enabling the CookieConsent preference that the
default content appears in the cookie bar at the bottom of the page
and in the modal that appears after clicking 'More information'
Mentored-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>