Commit graph

5773 commits

Author SHA1 Message Date
38094a260e Bug 12267: Remove borrower_attributes.password
When creating a patron attribute type, there is a "Allow password"
checkbox. If checked, the librarian will be able to enter a password for
this patron attribute when editing a patron.
The goal was to allow a patron to log in with a secondary password.
However, this feature has never been implemented.

"""
commit 6fc62bcd32
  CommitDate: Mon May 12 09:03:00 2008 -0500
  extended patron attributes tables & syspref (DB rev 081)

- password_allowed (if set, staff patron editor will
  allow a password to be associated with a value; this
  is mostly a hook for functionality to be implemented
  in the future.
"""

To decrease maintainability, this patch suggest to remove the 2 DB fields
borrower_attributes.password and
borrower_attribute_types.password_allowed
If they have not used by the library.

Test plan:
- Edit a patron attribute type and select "allow password"
- Edit a patron and defined a password for this attribute
- Execute the DB entry
- Note that you get a warning
- Empty the password field
- Execute the DB entry
- You do not get the warning and the 2 DB fields have been removed

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-22 23:08:32 +00:00
Alex Arnaud
0ed37aaf77 Bug 5979 - Follow up: Change ISBD syspref description and fix warning in t/Biblio/Isbd.t
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 03:14:23 +00:00
Alex Arnaud
e6c5107abd Bug 5979 - OPAC ISBD view has its own syspref
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works well, empty OPACISBD removes link.
Test pass.
Small koha-qa error fixed in followup

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 03:14:23 +00:00
e476be5568 Bug 12663 - SCOUserCSS and SCOUserJS ignored on selfcheck login page
Currently if not logged in when browsing to
http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl
You are redirected to opac-auth.tt and SCOUserCSS and SCOUserJS are not
loaded. This page passes through a parameter to the template to indicate
this is an SCO login and appropriate CSS and JS should be loaded.

Additionally this patch ensure that when loggin in using the form you
are redirected to the sco-main.pl instead of the patron account page for
the user.

To test:
1 - Verify that normal login works on both staff and opac
2 - Verify that SCO link goes to login page if AutoSelfCheckAllowed is
set to "Don't allow"
3 - Enter changes into SCOUserJS and SCOUserCSS and observe these are
present on SCO log in page with AutoSelfCheck disabled
4 - Verify that a logged in opac user without permissions cannot access
the self-checkout module
5 - Verify that AutoSelfCheckAllowed and associated system preferences
function as expected
6 - Verify the AutoSelfCheck user is logged out if they attempt to visit
another page

Followed test plan.
If I go to http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl, CSS and JS trigger already on
the login form, I suppose that is intended.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 00:57:44 +00:00
a8491dc156 Bug 15930: Make patron searches defaulting on 'contain'
The default patron search types has changed from 'contain' to
start_with. Users consider it as a bug.
This patch revert the previous changes to default on 'contain'.

Test plan:
Search for patrons in different places (guarantor, checkout, patron
module, acquisition module, etc.) and confirm that the default is always
'contain'

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 00:31:50 +00:00
769728015c Bug 15757: Make GetLoanLength defaults to 0 instead of 21
GetLoanLength arbitrary defaulted to 21. The expected behavior seems to
be to default on 0 (loan will be dued today).

IMPORTANT NOTE: This patch will introduce a change in the behaviors for
configuration with a 0 in issuelength. Before this patch, the rule with
a issuelength==0 was skipped, now it's used!

Test plan:
1/ Do not define any rule: the due date will be today (before this patch
was +21 days)
2/ Define some rules which does not match the patron category, itemtype
or branchcode: the due date will be today (before this patch was +21
days).
3/ Modify a rule to match the checkout and set issuelength=0: the due
date will be today (before this patch, the rule was skipped)
4/ Modify this rule and set the issuelength to something > 0: the due
date will be adjusted (same behavior as before this patch)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works ok, checked 1-4
All test pass
No koha-qa errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-22 00:24:06 +00:00
6efa491d1b [SIGNED-OFF] Bug 16210: Set X-Frame-Options to SAMEORIGIN in 2 other places
The login page should not be displayed if the page is displayed in a
frame.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-20 16:06:32 +00:00
Barton Chittenden
690ab60da2 Bug 14277: add zebra indexes for lexile that respect 521 indicator 1.
Added the following indexes:

Interest-age-level | 591$a ind1=1
Interest-grade-level | 591$a ind1=2
lexile-number | 591$a ind1=8
Reading-grade-level | 591$a ind1=0

Moved 'lex' from a zebra index to a ccl alias to lexile-number.

Changed the handling of st-numeric in C4/Search.pm to allow for search ranges.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-04-07 10:35:18 -06:00
a3557fd0f2 Bug 15877 - C4::Barcodes does not correctly calculate db_max for 'annual' barcodes
This patch alters the MySQL query to remove a max statement which
incorrectly groups full annual barcodes with numeric values.

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 05:36:13 +00:00
b64e6be1c4 Bug 16157: Move the selected flag from GetAuthorisedValues to the templates
From C4::Koha::GetAuthorisedValues

    # TODO: the "selected" feature should be replaced by a utility function
    # somewhere else, it doesn't belong in here. For starters it makes
    # caching much more complicated. Or just let the UI logic handle it, it's
    # what it's for.

Indeed, it's not a job for a subroutine, the template should take care of that.
Note that a perf gain could be won with this patch \o/

Test plan:
- Edit an itemtype and check the value of the "Search category" dropdown list
- Edit a patron attribute type and check the value of the "Class" dropdown list
- Detail for a catalogue record, the Status column should be correctly
  populated if items are damaged and/or lost
- Item details for a catalogue record, the lost, damaged and withdrawn
  value should be correctly displayed
- Edit a patron, the "street type" should be correctly selected
- Create a patron attribute type linked to an authorised value list.
- Edit a patron, set a value for this attribute, edit it again. The
  correct value should be selected.
- Search for subscriptions. The 'Location' dropdown list should behave
  correctly (select the entry you have choosen before, etc.)
- Edit a subscription, the location dropdown list should select the
  correct value.
- Edit and view a suggestion with a 'reason for suggestion' set (you
  should have at least 1 OPAC_SUG AV defined)

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 00:16:09 +00:00
c564f30155 Bug 16169: Change prototype for C4::Biblio::TransformMarcToKoha
subroutines should not take $dbh in parameter.
C4::Biblio::TransformMarcToKoha has it and does not use it.

Test plan:
Look at the patch and confirm that all occurrences of
TransformMarcToKoha have been modified.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 00:04:21 +00:00
Jacek Ablewicz
eb04d174d9 Bug 16168: Eliminate unneeded C4::Context->dbh calls in C4/Biblio.pm
Right now, ->dbh calls are actually quite expensive (they involve
DB connection health checks, each and every time). Some speed-sensitive
subroutines inside C4/Biblio.pm (GetMarcStructure, GetAuthorisedValueDesc)
have this statement

    my $dbh = C4::Context->dbh;

on top of the code, but they don't always/don't usually need DB
handle - not at that stage at least. This trivial patch eliminates
unneeded ->dbh calls in those subroutines. With it, average
GetMarcStructure() running time goes down from 14 miliseconds
to 9 miliseconds (on top of Bug 16166), it also makes catalogue
search profiling a bit easier.

Test plan:

1) apply patch
2) ensure that catalogue searches are still working
3) run t/*Biblio* tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 00:03:51 +00:00
88dc70f7e6 Bug 16199: Remove C4::Ris::charconv
This subroutine always returns what has been sent in parameter.
It is unecessary and can be removed.

Test plan:
  prove t/Ris.t
should not be noisy

Export a catalogue record in Ris should generate the same file with and
without this patch

NOTE: With/Without were identical in my testing.
      t/Ris.t is nicely silenced.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-06 23:59:45 +00:00
Mark Tompsett
5b909a8269 Bug 16191: t/Ris.t is noisy
TEST PLAN
---------
1) prove t/Ris.t
   -- very noisy
2) apply patch
3) prove t/Ris.t
   -- just one confusing noise.
4) run koha qa test tools

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-06 23:48:16 +00:00
Colin Campbell
e2e9916348 Bug 7736: Support Ordering via Edifact EDI messages
Add support for processing incoming Edifact Quotes, Invoices
and order responses and generating and transmission of
Edifact Orders.
Basic workflow is that an incoming quote generates an aquisition
basket in Koha, with each line corresponding to an order record

The user can then generate an edifact order from this (or another)
basket, which is transferred to the vendor's site

The supplier generates an invoice on despatch and this will
result in corresponding invoices being generated in Koha
The orderlines on the invoice are receipted automatically.

We also support order response messages. This may include
simple order acknowledgements, supplier reports/amendments
on availability. Cancellation messages cause the koha order
to be cancelled, other messages are recorded against the order

Which messages are to be supported/processed is specifiable on a
vendor by vendor basis via the admin screens

You can also specify auto order i.e. to generate orders from quotes
without user intervention - This reflects existing
workflows where most work is done on the suppliers website
then generating a dummy quote

Received messages are stored in the edifact_messages table
and the original can be viewed via the online

Database changes are in installer/data/mysql/atomicchanges/edifact.sql
Note new perl dependencies:
    Net::SFTP:Foreign
    Text::Unidecode

Signed-off-by: Paul Johnson <p.johnson@staffs.ac.uk>

Signed-off-by: Sally Healey <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 20:03:17 +00:00
9658085d1e Bug 10612: (QA followup)
Rename not_borrowered_since to not_borrowed_since

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:52:14 +00:00
7f9d5b27ae Bug 10612 - Add ability to delete patrons with batch patron deletion tool
This patch adds the ability to select a patron list for deletetion
when using the Batch patron deletion/anonymization tool. It also adds
buttons to the the patron lists table to access both the batch deletion
and batch modification directly from the lists view.

This is a squash of previous patches but now adds a patron_list_id
parameter to C4::Members::GetBorrowersToExpunge and uses that routine to
fetch patrons from a list.

Test Plan:
1) Apply this patch
2) Create a list of patrons with the new Patron Lists feature
3) Try using the batch edit link form the lists table
4) Try using the batch delete link from the lists table
5) Verify previous functionality has not changed

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Patron batches are correctly passed to the edit and delete pages.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:52:13 +00:00
Nicholas van Oudtshoorn
722a098eac Bug 10988 - Fixes for comments 57 and 58
Test Plan (remains the same):
     0) Back up your database
     1) Apply all these patches
     2) In your mysql client use your Koha database and execute:
        > DELETE FROM systempreferences;
        > SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
        -- Should be no errors.
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see 4 entries.
        > QUIT;
     3) Restore your database
     4) Run ./installer/data/mysql/updatedatabase.pl;
     5) In your mysql client use your Koha database and execute:
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see the same 4 entries.
     6) Log into the staff client
     7) Home -> Koha administration -> Global system preferences
     8) -> OPAC
        -- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
     9) -> Administration
        -- There should be a 'Google OAuth2' section with the ability
           to set those 4 system preferences.
    10) In a new tab, go to https://console.developers.google.com/project
    11) Click 'Create Project'
    12) Type in a project name that won't freak users out, like your
        library name (e.g. South Pole Library).
    13) Click the 'Create' button.
    14) Click the 'APIs & auth' in the left frame.
    15) Click 'Credentials'
    16) Click 'Create new Client ID'
    17) Select 'Web application' and click 'Configure consent screen'.
    18) Select the Email Address.
    19) Put it a meaningful string into the Product Name
        (e.g. South Pole Library Authentication)
    20) Fill in the other fields as desired (or not)
    21) Click 'Save'
    22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
        (http://library.yourDNS.org)
    23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
        googleoauth2 script
        (http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
    24) Click 'Create Client ID'
    25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
        system preference.
    26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
        system preference.
    27) Change the GoogleOpenIDConnect preference to 'Use'.
    28) Click 'Save all Administration preferences'
    29) In the OPAC, click 'Log in to your account'.
        -- You should get a confirmation request, if you are
            already logged in, OR a login screen if you are not.
        -- You need to have the primary email address set to one
           authenticated by Google in order to log in.
    30) Run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:35 +00:00
Joonas Kylmälä
85ea73db9d Bug 11807: (follow-up) remove date conversions
To test

1/ Apply both patches

2/ This patch lets you easily configure mappings for categorycode values.
These mapping will be used when updating the user's account after a successful LDAP login.

Here is an example configuration :

<config>
  <ldapserver id="ldapserver>
    <mapping>
      <categorycode is="usertype">STU</categorycode>
      ...
    </mapping>

    <categorycode_mapping>
      <categorycode value="STU">STUDENT</categorycode>
      <categorycode value="EMP">EMPLOYEE</categorycode>
    </categorycode_mapping>
  </ldapserver>
</config>

3/ With this configuration, LDAP users with the usertype value "EMP" on the LDAP server should have the "EMPLOYEE" categorycode in Koha.

Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:23:42 +00:00
Frédérick
b3311913b3 Bug 11807 : Add support for categorycode conversions when updating an user using a LDAP server.
To test

1/ Apply both patches

2/ This patch lets you easily configure mappings for categorycode values.
These mapping will be used when updating the user's account after a successful LDAP login.

Here is an example configuration :

<config>
  <ldapserver id="ldapserver>
    <mapping>
      <categorycode is="usertype">STU</categorycode>
      ...
    </mapping>

    <categorycode_mapping>
      <categorycode value="STU">STUDENT</categorycode>
      <categorycode value="EMP">EMPLOYEE</categorycode>
    </categorycode_mapping>
  </ldapserver>
</config>

3/ With this configuration, LDAP users with the usertype value "EMP" on the LDAP server should have the "EMPLOYEE" categorycode in Koha.

Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:23:42 +00:00
6e8d24231c Bug 16068: Do not cache overridden prefs
These prefs do not need to be cached, a quick access to $ENV permit to
get the value.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:19:31 +00:00
fcbd81049f Bug 15745: C4::Matcher gets CCL parsing error if term contains ? (question mark)
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Also fixes ! and +
Rebased to master
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
It makes perfect sense and works as expected. This part of the code is too
under-tested so no point requiring a regression test for such a simple change.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:12:51 +00:00
fc66eedcc4 Bug 16177: Fix tests for ColumnsSsettings.t
This failure has been introduced by
  commit 243b797dd1
    Bug 15285: Update common files

This is because the cannot_be_modified key is not always created by
C4::Utils::DataTables::ColumnsSettings subroutines

Test plan:
  prove t/db_dependent/ColumnsSettings.t
should return green
And you can also test a table where the feature is set and a column
cannot be modified from the admin page.

NOTE: Works as described. I was pondering this potential
      solution when I found it in bugzilla.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:08:23 +00:00
2d961b5ad4 Bug 16056: Do not crash when searching for an authority if zebra's index is not up-to-date
This patch fixes a regression introduced by
commit 7e70202d34
  Bug 15381: Remove GetAuthType and GetAuthTypeCode

This first version will reintroduce the same behavior as before bug
15381: the record will be displayed even if it's no in the DB

Test plan:
Search for authorities
delete one
The zebra's index is not updated yet and the results will contain the
record you have deleted.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:04:38 +00:00
da052b3d10 Bug 16129: Remove URL::Encode dependency
This patch makes the PayPal integration feature independent from the
URL::Encode library, which is absent in some supported distributions.

It uses the URI package which is already a Koha dependency.

To test:
- Apply the patch
- Notice there are no deps for URL::Encode
- Follow the steps from the original patch
=> SUCCESS: It works as expected
- Sign-off :-D

Note: I deleted the line in which $amount_to_pay was url-encoded, because that's
one of the things query_form does (and the variable is only used as a parameter to it).

Sponsored-by: ByWater Solutions

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 18:48:18 +00:00
Alex Arnaud
c74678a1d2 Bug 15889: LDAP authentication: Only update mapped attributes
Test plan:

- Update your configuration file to use LDAP authentication and enable update
  (<update>1</update>) option,
- login with an existing user with extended attrbitutes that are not in
LDAP mapping,
- check that all attributes are still here.

Signed-off-by: Chris <chrisc@catalyst.net.nz>

Signed-off-by: Philippe Blouin <philippe.blouin@inlibro.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-03-31 16:33:31 -06:00
Martin Persson
ead5b9c0e2 Bug 14257 - Add show_attributes to GetPatronInfo
This patch adds the ability to query the extended patron
attributes via the ILSDI web service's GetPatronInfo service.

Example: ilsdi.pl?service=GetPatronInfo&patron_id=3&show_attributes=1

A new element <attributes> will be added if there
are any attributes available from the database.

We need to discuss the security implications of showing the
attributes. At present it will allow querying of non-public
(OPAC-visible) information. We might want to change this.

Sponsored-By: Halland County Library

Test plan:

* Configure Koha to make use of extended attributes:
  Under 'Administration' -> 'Global system preferences' ->
  'Patrons' tab -> Set 'ExtendedPatronAttributes' to 'Enable',
  press save and switch to 'Web services' tab.

* Enable the ILS-DI service:
  Under 'Administration' -> 'Global system preferences' ->
  'Web services' tab -> 'ILS-DI' section:
  Set 'ILS-DI' to 'Enable' and save.

* Create an attribute to query:
  Under 'Administration' -> 'Patrons and circulation' ->
  'Patron attribute types' press 'New patron attribute type':
  Enter a type code, like 'DOORCODE', description and assign
  a category that your test patron is a member of, then save.

* Set value for test user:
  Locate the test patron, the new attribute should be listed
  under 'Additional attributes and identifiers'.
  Click 'Edit' and assign a value, like '1337' and save.

* Query the ILS-DI service:
  http://127.0.1.1/cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=1&show_attributes=1
  The output XML should have an element named 'attributes'
  containing the data you entered.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 20:31:06 +00:00
59266cbd61 Bug 14512 - Add support for AV field to Koha's SIP2 Server
Koha's SIP2 server should have support for the AV field ( field items ).
The biggest problem with this field is that its' contents are not really
defined in SIP2 protocol specification. All it says is "this field
should be sent for each fine item". Due to this, I think the contents of
the field need to be configurable at the login level, so that the
contents can be defined based on the SIP2 devices requirements for the
AV field.

Test Plan:
1) Apply this patch
2) Find a patron with outstanding fines
3) Run a patron information request using misc/sip_cli_emulator.pl using the new -s option with the value "   Y      "
4) Note there is an AV field for each fee containing the description and amount
5) Edit your sip config, add an av_field_template parameter to the login you are using such as
    av_field_template="TEST [% accountline.description %] [% accountline.amountoutstanding | format('%.2f') %]"
6) Restart your SIP server
7) Repeat the patron information request
8) Note your custom AV field is being used!

Signed-off-by: Chris Davis <cgdavis@uintah.utah.gov>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 20:29:18 +00:00
038b5f8156 Bug 16004: Replace items.new with items.new_status
The items.new column is badly named, the Koha::Item->new accessor will
never returns this value, but the constructor will be called instead.
This patch renames it with new_status to avoid the ambiguity.

Test plan:
0/ Do not apply this patch
1/ Define some rules in the "Automatic item modifications by age" tool
with at least one items.new field used
2/ Apply this patch
3/ Execute the update DB entry
4/ Reload the tool page and confirm that the changes have been taken
into account

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 16:57:13 +00:00
Colin Campbell
6325277c64 Bug 16011 reintroduced VERSION variable needs declaration
$VERSION reintroduced into External/BakerTaylor.pm but was
not declared. Causes tests to fail.
Readd VERSION to the package vars

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-29 22:38:54 +00:00
dda7a0a25f Bug 16044: Use the L1 cache for any objects set in cache
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 19:44:43 +00:00
ea0258be0d Bug 16011: Reintroduce $VERSION for 2 pm
These files should be managed on their own bug reports.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:45 +00:00
3cfedcf238 Bug 16011: $VERSION - Remove empty BEGIN block
perl -p -i -0 -e 's/BEGIN \{\n?\n?\}\n//' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:41 +00:00
4c0e309677 Bug 16011: $VERSION - Remove use vars qw();
perl -p -i -e 's/use vars qw\(\s*\);\n//' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:39 +00:00
798d38e4c7 Bug 16011: $VERSION - Remove comments
perl -p -i -e 's/^.*set the version for version checking.*\n//' **/*.pm

+ manual adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:29 +00:00
017699c345 Bug 16011: $VERSION - Remove the $VERSION init
Mainly a
  perl -p -i -e 's/^.*3.07.00.049.*\n//' **/*.pm
Then some adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:28 +00:00
3830d78d46 Bug 16011: $VERSION - remove use vars $VERSION
perl -p -i -e 's/^(use vars .*)\$VERSION\s?(.*)/$1$2/' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:26 +00:00
92fbb1f3d0 Bug 15741: Fix rounding in total fines calculations
C4::Members::GetMemberAccountRecords wrongly casts float to integer
It's common to use sprintf in Perl to do this job.

% perl -e 'print int(1000*64.60)."\n"';
64599
% perl -e 'print sprintf("%.0f", 1000*64.60)."\n"';
64600

Test plan:
1) Create manual invoice for 64.60 (or 1.14, 1.36, ...)
2) Try to pay it using "Pay amount" or "Pay selected" buttons

Signed-off-by: Sally Healey <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 16:11:09 +00:00
94dde6b48d Bug 15809: Redefine multi_param is CGI < 4.08 is used
On debian Jessie, the CGI version is >= 4.08
Since this version, the param method raise a warning
"CGI::param called in list context".
Indeed, it can cause vulnerability if called in list context

https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/

There is a long journey to get rid of these warnings.
First I suggest to redefine the multi_param method when the CGI version
 installed is < 4.08, it will allow us to move the wrong ->param calls to
 ->multi_param without waiting for everybody to upgrade.

The different ways to call these 2 methods are:

my $foo = $cgi->param('foo'); # OK

my @foo = $cgi->param('foo'); # NOK, will raise the warning
my @foo = $cgi->multi_param('foo'); #OK

$template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning
                                               # and vulnerable
$template->param( foo => scalar $cgi->param('foo') ); # OK

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested a call to multi_param with CGI < 4.08.
With reference to the comments on Bugzilla, this workaround is arguable,
but provides a base to move to multi_param. If we come up with a better
solution, it should be easy to adjust.

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-22 23:23:39 +00:00
charles
db0ecc3cc5 Bug 15585 - Move C4::Passwordrecovery to the new namespace Koha::Patron::Password::Reset
As promised, here is the long-awaited sequel to #8753.

What has changed :

    - The Koha::Patron::Password::Reset is now used in place of C4::Passwordrecovery
    - That ugly shift-grep contraption is no more (goodbye old friend)
    - The generated unique key won't end in a dot anymore

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-22 23:08:21 +00:00
4a3404594f Bug 15163: Do not erase patron attributes if limited to another library
The patron attributes displayed on editing a patron are not displayed if
limited to another library.

C4::Members::Attributes::SetBorrowerAttributes will now only delete attributes
the librarian is editing.
SetBorrowerAttributes takes a new $no_branch_limit parameter. If set,
the branch limitations have not effect and all attributes are deleted
(same behavior as before this patch).

Test plan:
1/ Create 2 patron attributes, without branch limitations.
2/ Edit a patron and set a value for these attributes
3/ Limit a patron attributes to a library (one you are not logged in
with).
4/ Edit again the patron.
=> You should not see the limited attributes
5/ Edit the patron attributes and remove the branch limitation
=> Without this patch, it has been removed from the database and is not
displayed anymore.
=> With this patch, you should see it.

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-21 16:56:37 +00:00
47fbbb7cf5 Bug 11998: Add a L1 cache for sysprefs
Accessing to the cache for each call to C4::Context->preference might
have an impact on performances.
To avoid that this patch introduces a L1 cache (simple hashref). It will
be populated by accessing the L2 cache (Koha::Cache).
If a pref is retrieved 10x, the first one will get the value from the L2
cache, then the L1 cache will be check.
To do so we will need to clear the L1 cache every time a page is loaded.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-15 07:08:29 +00:00
56a782c666 Bug 11998: Use t::lib::Mocks::mock_preference in tests
Unless in t/db_dependent/Context.t where we want to test the cache
behaviors.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-15 07:08:28 +00:00
9820f9dfbd Bug 11998: Use Koha::Cache to cache sysprefs
At the moment, the sysprefs are only cache in the thread memory
executing the processus
When using Plack, that means we need to clear the syspref cache on each
page.
To avoid that, we can use Koha::Cache to cache the sysprefs correctly.

A big part of the authorship of this patch goes to Robin Sheat.

Test plan:
1/ Add/Update/Delete local use prefs
2/ Update pref values and confirm that the changes are correctly taken
into account

Signed-off-by: Chris <chrisc@catalyst.net.nz>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Tested with plack with syspref cache enabled, there is some time between setting the syspref and applying it, but it takes just one reload of page, it shouldn't be problem, should it?
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Tested with CGI and CGI + memcache; some small issues still remain,
but it would be better to deal with them in separate bug reports
if necessary

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-15 07:08:28 +00:00
fb167c0e4b Bug 15111: Change X-Frame-Options with SAMEORIGIN
There are some places where frames are used, the greybox JS plugin for
instance.

We need either to allow them from Koha or replace this plugin.
The easier for now is to switch the value from DENY with SAMEORIGIN.

Test plan:
- modify a record in a batch (tools/batch_record_modification.pl)
- click on preview marc
=> With only the previous patch you will get a blank page.
=> With this patch apply, it will work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-14 16:30:08 +00:00
dc03bca76c Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks
Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-14 16:30:08 +00:00
aa73c96aed Bug 15656: Move guarantor/guarantees code - GetMemberRelatives
Note:
QA question: Does the Koha::Patron->siblings method should return undef
if there is no guarantor?
It would avoid the weird  != undef, = $borrowernumber conditions.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-12 23:40:10 +00:00
bff0ca0b0b Bug 15656: Move guarantor/guarantees code - GetGuarantees
2 subroutines of C4::Members deal with guarantor/guarantees:
GetGuarantees and GetMemberRelatives.
Since we already have a Koha::Patron->guarantor method, it makes sense
to move these 2 subroutines to this module.

This first patch deals with GetGuarantees.

Test plan for the entire patch set:
1/ Create 5 patrons A (adult), B (child), C (child), D (child), E
(child), F (adult)
2/ Add relation between them: A is father of B, C and D.
E does not have a guarantor
F does not have guarantees
3/ Check some items out for all of these patrons
4/ On the "Check out" and "Details" tabs, you should not see any
differences with these patch applied : The "Relatives' checkouts" tabs
should list all of the guarantor/guarantee/siblings checkouts

Note:
$template->param('C' => 1);
I have not found any reference of this 'C' in the template.
It seems it's an old c/p from members/memberentrygen.tt

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-12 23:40:10 +00:00
186f630407 Bug 15653: Remove unused C4::Members::UpdateGuarantees subroutine
Looking at the code, there is some broken with the guarantees code.
It seems that the expected behavior would be to update address, fax,
B_city, mobile, city and phone info of the guarantees when a guarantor
is modified.
But the code in C4::Members::ModMember is broken:

 668         my $borrowercategory= GetBorrowercategory(
$data{'category_type'} );
 669         if ( exists  $borrowercategory->{'category_type'} &&
$borrowercategory->{'category_type'} eq ('A' || 'S') ) {
 670             # is adult check guarantees;
 671             UpdateGuarantees(%data);
 672         }

First, GetBorrowerCategory expects a categorycode, not a category_type.
Then UpdateGuarantees retrieves the param like:

 989 sub UpdateGuarantees {
 990     my %data = shift;

Which means that %data will always be something like ( a_key => undef )
And nothing more.

The updateguarantees subroutine (It has been renamed) has been introduced by

commit 56825e415f
Date:   Mon Aug 30 13:48:58 2004 +0000
    modularizing (with Members.pm) members management
    (beginning of...)

And the `%data = shift` already existed...

This code has never worked and could be removed.

See http://lists.koha-community.org/pipermail/koha-devel/2016-January/042241.html

Test plan:
Confirm the previous assertions.

Note that I have found this bug working on bug 15631, see patch "Bug
15631: Koha::Cities - remove getidcity and GetCities"

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-12 23:39:09 +00:00
Nicole C Engard
39f9b9ddb0 Bug 15694: Add aliases for date/time last modified
This patch will add indexes for Date/time-last-modified.

To test:

1. apply patch
2. reindex
3. search for dtlm:DATE and date-time-last-modified:DATE
4. confirm that you get results

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
  I confirm Hector signing-off. A simple Zebra server restart suffice to get
  working the searches on date-time-last-modified and dtlm.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-11 21:56:50 +00:00