Commit graph

934 commits

Author SHA1 Message Date
1e5e9f5e80 Bug 20629: (QA follow-up) Remove actions_col
The actions_col template param requires a DB search, only to display the
'Actions' column header vs. an empty string. But there will always be
buttons in there, that were added *after*.
It made sense when only the 'Reverse' button was displayed, but now both
'Print' and 'Details' are displayed anyway.

This patch removes it for good :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-06 16:32:42 +00:00
146f1ca3a6 Bug 20629: Rename reverse_col to actions_col
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-06 16:32:42 +00:00
Mark Tompsett
b6c8f9f7ef Bug 20629: (follow-up) fix reverse_col value
Before this patch the Void button didn't appear.
After this patch the Void button appears on payments.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-06 16:32:42 +00:00
9f112ff75c Bug 20629: Pass accountline objects to template instead of hashref
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-06 16:32:41 +00:00
fb15a96310 Bug 20629: Remove ability to 'reverse' payments
Test Plan:
1) Apply this patch
2) Note all references to reversing payments have been removed
3) Note ability to void payments remains unchanged

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-06 16:32:34 +00:00
a90502043f Bug 21702: (follow-up) Simplify checks and use standard fallback behaviour
This patch acknowledges the fact that some checks here are done in a way
that is not standard these days. This checks are originally done
multiple times in different ways. output_and_exit_if_error should be
used.

This implies a minor behaviour change: if the passed (in the URL)
borrowernumber doesn't exist, it sends the user to a 'Patron doesn't
exist page' instead of the circulation page for the borrowernumber.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-31 13:15:01 +00:00
466e292639 Bug 21702: Make mancredit.pl use the patron id for the staff user
I think unsafe SQL modes and the fact that manager_id has no FK allowed this to go unnoticed. But now we catch it!

To test:
- On a patron, try adding a new manual credit of any type
=> FAIL: It fails telling the userid of the logged user is not a valid integer!
- Apply this patch
- Try adding a manual credit of any type
=> SUCCESS: Manual credit added!
- Sign off!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-31 13:15:01 +00:00
Katrin Fischer
184c44ee31 Bug 21167: Fix price formatting on printed fee invoice and receipt
The prices were not formatted correctly on the printed receipts
for fines and payments in the patron account.

This patch introduces the use of the Price TT plugin to those
templates.

Also:
- Fixes a few capitalization errors
- Removes spaces in front of :
- Updates accounttype-to-description list to the one used
  in other templats as a lot of values were missing (Credit etc.)

To test:
- Create several fines, use some .00 and some with other values
- Pay some fines
- Create a manual credit
- Use print button for all of those (credit, fee, payment)
- Verify that:
  - prices ending in .00 are displayed without the decimal part
  - instead of Credit only C is shown in the description
- Apply patch
- Print invoices and receipts again
- Verify that:
  - prices are now formatted according to CurrencyFormat system
    preference, decimal part always included
  - verify that correct description for Credit is shown

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-28 19:41:36 +00:00
270a408949 Bug 21397: Mark "Routing list" tab as active when selected
/members/routing-lists.pl?borrowernumber=5 show the different tab of the
menu but "Routing lists" is not displayed as the selected one (active).

"routinglistview" must be set and passed to the template

Test plan:
Enable the RoutingSerials pref
and hit /members/routing-lists.pl?borrowernumber=42

The "Routing lists" tab must be selected/active

Followed test plan and tab now shows as active.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-26 16:18:16 +00:00
0fd329724b Bug 20656: Don't print lines that have no balance on print summary
To test:
1 - Add at least two fines to a patron
2 - Pay off one of them
3 - Print summary - all 3 lines show
4 - Apply patch
5 - Print summary - only line with balance shows

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-20 13:45:28 +00:00
2b1b168ec4 Bug 21183: Replace C4::Items::GetItemnumberFromBarcode calls
C4::Items::GetItemnumberFromBarcode calls can be replaced with
  Koha::Items->find({ barcode => $barcode });

We should make sure the barcode existed in DB and so that ->find
returns an object. Note that most of the time we just wanted to know if
the barcode existed.
The changes are very simple, the only one that need attention is
the one in batchMod.pl. It is basically reusing what we did on
bug 21141.

Test plan:
Use the batch item modification/deletion tools to modify/delete items
from their barcode (using the textarea or a file)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:35 +00:00
7c05f4fbe4 Bug 21068: Remove NorwegianPatronDB related code
Bug 11401 introduced code to support Norwegian national library card.
This code is too specific to be part of Koha as it, it should be a
plugin instead.
Moreover nobody uses it, but a modified version (see comment 3).

Test plan:
Add/edit/delete patron and make sure there are no regressions introduced
by these patches

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:29 +00:00
644de1c4e7 Bug 21222: (bug 20226 follow-up) Fix patron creation
Since bug 20226 you cannot longer creation a patron, memberentry.pl will
explode with
Template process failed: undef error - DBIC result _type  isn't of the
_type Category at /home/vagrant/kohaclone/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc
line 22.

The problem is that "patron" is actually defined and the test in
str/members-menu.inc does not work as expected.

It comes from
  commit 7b1d08df0f
  Bug 19936: Replace Generate_Userid - Update the occurrences
where I needed $patron to be defined in order to use Koha::Patron->generate_userid
on an blessed object.
But this was actually wrong, as it could have side-effects.

Test plan:
Create a new patron
Edit it
Retest bug 19936 and make sure the userid is generated correctly in the
different situations

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-16 13:19:54 +00:00
51933c7753 Bug 21221: Shortcut memberentry scripts if patron does not exist
If borrowernumber is passed and that it does not refer to a valid patron
in DB, we should not continue the script and display an error instead.

Test plan:
Create a patron
Edit a patron
=> Both should work ok
You can also test the other action memberentry.pl manage.

Edit it again but modify the borrowernumber parameter
=> You should see a friendly user message saying that the patron does
not exist.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-16 13:19:51 +00:00
81431ee28a Bug 20226: Centralize update child code (CATCODE_MULTI)
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).

Moreover the strings used by the templates are also in several template
files (or .inc)

To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js

Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 11:58:26 +00:00
9d4c735061 Bug 20828: Step 4 of moremember is used for Housebound and additional attributes
This patch modifies the patron edit process so that "Housebound roles"
can be edited as a separate step.

To test, apply the patch and open an existing patron's detail page
(moremember.tt). Test the "edit" links for 'Housebound roles' and
'Additional attributes and identifiers' and confirm that each opens its
own edit page, and saving changes works correctly.

Signed-off-by: Cab Vinton <bibliwho@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-09 11:28:58 +00:00
b7fa3b9b43 Bug 21136: Fix add/edit patron when cities are defined
Same as bug 21085.

When cities are defined, there is a select with name="select_city" added
to the DOM and its value will be passed to memberentry.pl
We must remove it from the attribute list before creating the
Koha::Patron object

No property select_city for Koha::Patron at
/usr/share/perl5/Exception/Class/Base.pm line 73

Test plan:
Define cities
Add or edit a patron, save

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2018-08-02 10:11:40 -03:00
ce1f9033fb Bug 21087: Fix one wrong call
Signed-off-by: John Doe <you@example.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2018-07-30 14:58:06 -03:00
2e6fb40ef8 Bug 21087: Hash passwords in ->update_password
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: John Doe <you@example.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2018-07-30 14:58:06 -03:00
Katrin Fischer
b8a2365a34 Bug 11911: Add a separate permission for managing suggestions
Without this patch only catalogue permission was required
for managing suggestions. This patch adds a new permission
in the acquisition module do manage suggestions and updates
staff user permissions accordingly.

To test:
- Make sure there is a pending suggestion
- Create a few users with different permission sets:
  - User 1: only catalogue
  - User 2: any acquisition permission
  - User 3: cataloguing permission
- Check all of them can access: /cgi-bin/koha/suggestion/suggestion.pl
- Apply the patch
- Verify all of them now have the suggestions_manage permission
- Verify everything displays correctly on:
  - intranet start page
  - patron account in staff
  - acquisition start page
  - suggestion page (try to access by URL too)
- Remove suggestions_manage for a staff user
- Repeat tests above, access should be denied/links not visible

Bonus:
- Fixes the link on the acquisition start page for late orders
  to mage the permissions of the page itself: order_receive

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:34:20 +00:00
c95f5c17a6 Bug 21085: Fix add/edit of patrons when HouseboundModule is set
This script takes all the parameters then set it to create/edit the
patron. We must list housebound_chooser and housebound_deliverer as not
part of patron's attributes

Test plan:
- Enable HouseboundModule
- Create a patron
=> When you save, if the patch is not applied, you will get:
No property housebound_deliverer for Koha::Patron

- Edit a patron
=> When you save, if the patch is not applied, you will get:
Patron creation failed! - DBIx::Class::Row::store_column(): No such column 'housebound_chooser' on Koha::Schema::Result::Borrower at /home/vagrant/kohaclone/Koha/Object.pm line 75

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-19 15:44:03 +00:00
4a25b95e14 Bug 20287: generate_userid now set the userid
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:54 +00:00
1bb6cec902 Bug 20287: Fix update of patrons, clean the data before ->store
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:54 +00:00
d2a2d973ce Bug 20287: Move ModMember to Koha::Patron
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:50 +00:00
ef410fd62f Bug 20287: Replace occurrences of AddMember with Koha::Patron->new->store->borrowernumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:47 +00:00
5995275b74 Bug 21008: Use Koha::Patron->is_child
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: I removed the category parameter as it is not really used.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-13 13:22:02 +00:00
14f818edf6 Bug 21008: Use patron object to get category_type
This patch makes borrower_add_additional_fields() in both pay.pl and
paycollect.pl use the right object to pick the category_type.

It also populates the extendedattributes template variable in pay.pl
which was missed by a change.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-13 13:22:01 +00:00
94b2b6c4f9 Bug 20805: Update child to adult patron process broken on several patron-related pages
This patch fixes a problem with several patron-related pages, where the
"Update child to adult patron" menu item doesn't work. With some pages,
the right category information wasn't being passed from the script to
the template. With some, the right JavaScript variable weren't being
passed from the template to the included JavaScript file.

To test, apply the patch locate some patrons with "child" type patron
categories. With each patron, go to one of the following pages and test
the "update child" process in the toolbar's "More" menu.

 - Circulation ->
   - Batch check out
   - Notices
   - Statistics
   - Files
   - Housebound
   - Delete (test from the deletion confirmation screen).

All test should be performed on a system with multiple adult patron
categories configured AND on a system with only a single adult patron
category.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-13 12:23:09 +00:00
Kyle M Hall
3f85c9b16b Bug 19617: Allow 'writeoff of selected'
This patch adds a writeoff equivilent to 'Pay selected'

Test Plan:
1) Apply this patch
2) Find a patron with fines
3) On the "Pay fines" tab, select one or more fines and use the
   "Write off selected" button.
4) Note the fine amount you used was written off for those fines.

Signed-off-by: Kyle M Hall <kyle@bywatetsolutions.com>

Signed-off-by: Martha Fuerst <mfuerst@hmcpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-06 14:29:47 +00:00
cc30dc39bf Bug 20980: Make mancredit.pl use Koha::Account::add_credit
This patch makes creating a manual credit from the UI record the account
offset as 'Manual Credit', and properly set account_offsets.credit_id
instead of account_offsets.debit_id.

To test:
- Create a manual credit (of 'Credit' type) for a known patron (acevedo?)
- Run:
  $ sudo koha-mysql kohadev
  > SELECT * FROM account_offsets;
=> FAIL: The account offset for the manual credit has type=Manual Debit,
    credit_id=NULL and debit_id=accountlines_id
- Run the atomic update:
  $ updatedatabase
- Run:
  $ sudo koha-mysql kohadev
  > SELECT * FROM account_offsets;
=> SUCCESS: The account offset has been corrected and now has
type=Manual Credit, credit_id=accountlines_id and debit_id=NULL
- Create a new manual credit (of 'Forgiven' type) for a known patron
- Run:
  $ sudo koha-mysql kohadev
  > SELECT * FROM account_offsets;
=> SUCCESS: The account offset has been stored correctly as a credit!
- Sign off :-D

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-06 12:50:06 +00:00
Kyle M Hall
462ec9601a Bug 20703: Add ability to void any credit
At this time, only payments may be voided. There is no reason to have this limitation. There are situations where a librarian may need to void an accidental writeoff, or perhaps void an automatic credit that was created by Koha. For illustration, this is directly from a partner library:

"For example a lost book refund becomes a credit on account.  Presently the credit may be applied to a fine for a different item charged to patron. We perform a write off to clear the remaining credit, then add the fine back to the account and give the patron a refund for the lost/refunded amount. Our accounting system ask that we keep the Lost funds/refunds separate from all fines."

Test Plan:
1) Create a fine and write it off
2) Note there is no 'void' button for the writeoff
3) Apply this patch
4) Note the buttons now show
5) Test each button on a writeoff

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-06 10:36:07 +00:00
72058d2741 Bug 20946: (QA follow-up) make outstanding_debits return the account lines only
This patch was discussed with Jonathan on a QA conversation. It is
better to keep this simpler and more reusable. And is the right approach
in this case.

This patch makes Koha::Account::outstanding_debits return the account
lines, and a method is added to Koha::Account::Lines so the outstanding
amount is calculated on the resultset. This is done the dame way it was
done before, and the tests got adjusted.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-06 10:33:14 +00:00
b0cb7f44ef Bug 20946: Use K::Account->outstanding_debits in pay.pl and paycollect.pl
This patch changes the how account lines are fetched (using
Koha::Account->outstanding_debits) so credits are not picked.

To test:
- Add a $5 credit to a patron
- Add a $1 fine
- Go to the 'Pay fines' tab
=> FAIL: Credit is displayed
- Try to pay all fines
=> FAIL: You are told to enter a value less than or equal to -4.00
         (Observe you cannot do that)
- Apply this patch
- Reload
=> SUCCESS: Credit is not displayed
=> SUCCESS: You are able to pay all fines
- Sign off :-D

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-06 10:33:13 +00:00
7f79a9a5f8 Bug 20991: Do not lost patron's category when editing a patron
If there is an error in the edit patron form the patron's category is
lost.
This seems to be a long standing bug.

Test plan:
- Edit an existing patron
- Change the patron category to a category that triggers the error that
the user is not in the right age range for that new category
- Save, error is triggered
=> Without this patch the patron category has been reset

You should also test different ways to edit/add a patron (quick add,
step 1)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-29 20:32:17 +00:00
a09643ca23 Bug 20903: Remove unnecessary category code parameters
Test plan:
0) Do no apply the patch
1) Have only one adults patrons category defined
2) Add a fine to child patron and pay it
3) Try to print the payment receipt (file printfeercpt.pl)
4) You see only ISE
5) Apply the patch
6) Try the printing again
7) Now you should see right receipt

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-29 19:13:16 +00:00
46d288a61c Bug 20998: Simplify the conditional statement
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-29 19:05:57 +00:00
fe9f7cef3b Bug 20998: Only perform quicksearch if patron found with cardnumber
This patch makes sure we have a patron before we try to access their
branchcode and allows search to work

To recreate:
1 - Enable 'IndependentBranches'
2 - Setup a patron with all permissions, but not a superlibrarian
3 - Login to staff client as that patron
4 - Click 'Patrons' in the toolbar and try a search
5 - Internal server error
6 - Apply patch
7 - Try the search again
8 - Success!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-29 19:05:57 +00:00
Katrin Fischer
ecc3a55917 Bug 20456: Switch routling list tab in staff to use Koha::Object
Bug 20400 added a routing list tab to the patron account in the
OPAC using Koha::Object.

This patch switches the routing list tab in the patron account
in intranet over to the new code. It also adds an additional
column showing the position of the patron on the routing list
and fixes the search.

To test:
- Create some subscriptions with routing lists
- Take a look at the patron accounts of several patrons having
  - no entries on routing lists
  - 1 entry on a routing list
  - entries on several routing lists
- Make sure the display works correctly.
- Search for a subscription and make sure search works.

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-22 15:02:46 +00:00
20c927c5d0 Bug 13655: Same fix for partial edit
Test plan:
- Create an organisation with surname='xxx'
userid will be autogenerated with 'xxx''
- Edit the surname with 'yyy'
userid will be unchanged, 'xxx'
- Parial edit and blank userid
userid will be autogenerated with 'yyy'

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-22 13:12:54 +00:00
320978997b Bug 13655: Allow creation of organisations without entering userid
See comment 1 of the bug report for defails of the issue.

Test plan:
Good luck (you will need to test all combinations (category type eq and
ne 'I'), then quick edition and partial edit)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-22 13:12:54 +00:00
20bd2d2bd5 Bug 20120: (QA follow-up) display correct amount in redirect
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-08 12:03:01 +00:00
11223294b6 Bug 20120: force scalar context for CGI->param
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-08 11:45:26 +00:00
Kyle M Hall
515cab0c46 Bug 20120: Prevent writeoffs of more than the amount owed for a fee
In short, it is possible to 'over-writeoff' a fee such that the value of the fee is now a credit.

Test Plan:
1) Attempt to writeoff a single fee, set the amount input to more than
   the amount of the fee.
2) Note the writeoff makes the fee go negative.
3) Apply this patch
4) Attempt to repeat step 1, you should be unable to write-off an
   amount more than the amount outstanding for the fee!

Signed-off-by: George Williams <george@nekls.org>

Signed-off-by: George Williams <george@nekls.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-08 11:45:23 +00:00
aa3a2943f6 Bug 20701: Add csrf protection to mancredit.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-23 13:01:59 -03:00
d6f99f0df1 Bug 20701: Add csrf protection to maninvoice.pl
TO test:
1 - Be signed in to Koha
2 - Add a manual invoice to an account, works fine
3 - Now do it via url: http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=5&type=test&amount=5&add=Save
4 - Apply patches
5 - Test that everything continues to work as expected (but more securely)
6 - Try adding a new invoice via URL
7 - Should get 'internal server error' and wrong csrf token in logs

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-23 12:19:33 -03:00
5cf8bbfb7a Bug 20624: Make staff client respect RESTOAuth2ClientCredentials
This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.

To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:02 -03:00
2a8c3fad0a Bug 20568: fix shebang
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:00 -03:00
d2454d6868 Bug 20568: Fix bad resolution conflict with bug 18403
borrowers module permission has now several subpermissions

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:00 -03:00
45841d9ec7 Bug 20568: CSRF protection
Edit: fix warning introduced by this patch

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:59 -03:00
28a750fb76 Bug 20568: (QA follow-up) Get rid of the id column
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:59 -03:00