Commit graph

567 commits

Author SHA1 Message Date
blou
c67b397236 Bug 10951 - Adding NoLoginInstructions to system preferences
On a failed login, the default message is harcorded into opac-auth.tt.

     It would be preferable to allow for a preference to override that message (for example: ...Please bring an ID to t
     The changes modify
         -opac-auth.tt to allow for custom value
         -admin/preferences/opac.pref to add it to the preferences with a description
         -C4/Auth.pm for the loading of the preference
         -sysprefs.sql
         -updatedatabase.pl

     TESTING
         1) in OPAC, logged out, try login in by entering no or wrong credentials.  Acknowledge the "Don't have a p
         2) Apply the patch
         3) Regression Test: Redo step 1.  Same (default) message should appear.
         4) Log in to intranet,
             - select NoLoginInstructions in system preferences.
             - Enter new (xml) message.  Possible:
             <h5>Welcome to Koha, please bring your passport to the front office</h5>
            - and save
         5) refresh the OPAC, try login again with invalid credentials.  The new message should appear.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
2014-04-19 16:26:50 +00:00
Galen Charlton
914515202d Bug 10952: (follow-up) clear seach history from session after saving it to DB
This patch makes sure that the search history from an
anonymous session is cleared from the session after a user
logs in (and the session history is saved to that user's
record in the database).  This fixes a problem where the
search history from the session got repeatedly added to the
database each time the user did something while logged
into the OPAC.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:49:01 +00:00
Julian Maurice
939d68ea7b Bug 10952: (follow-up) Always flush session after deletion
This is recommended in CGI::Session documentation.

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:21:45 +00:00
Julian Maurice
bbf7cd6876 Bug 10952: (follow-up) comments fixes and unit tests
- Remove unit tests for ParseSearchHistoryCookie, which doesn't exist
  anymore
- Add unit tests for ParseSearchHistorySession and
  SetSearchHistorySession
- Remove/Modify comments about search history cookie

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Tests fixed and moved, and comments tidied up

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:21:18 +00:00
Julian Maurice
d07df7d512 Bug 10952: Store anonymous search history in session
Storing search history into cookie can cause problems, due to the size
limitation of 4KB.

The solution here is to store search history into the CGI::Session
object, so there is no size limitation (but anonymous search history
still remember up to 15 requests max.)

Test plan:
- Go to OPAC in anonymous mode.
- Check that the "Search history" link is *not* shown in the top right
  corner of the page
- Make some searches on /cgi-bin/koha/opac-search.pl
- The "Search history" link should appear. Click.
- Your search history should be displayed.
- Try to log in with invalid username/password
- Go back to search history, it's still there
- Now log in with valid username/password
- Your anonymous search history should be saved into your own search
  history.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Restoring original sign offs and comments below

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. No koha-qa errors

Well, search history saving is similar before and after patch.
i.e. anonmymous search is saved when user logs in, but cookie
KohaOpacRecentSearches is empty.
Shows current an previous session searches

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
All tests and QA script pass, works as described.

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:20:16 +00:00
Srdjan
a0b00e4c8b Bug 11077: Correct more warnings in C4/Auth.pm
This gets rid of some more warnings.

It also corrects a noisy ne condition.
    $userid = $retuserid if ( $retuserid ne '');
became
    $userid = $retuserid if ( $retuserid );

It also integrates Srdjan Jankovic's patch with Petter Goksoyrsen's
patch, while correcting the problems found.

This includes:
    my $q_userid = $query->param('userid') // '';
along with:
    my $s_userid = '';
and:
    my $s_userid = $session->param('id') // '';
Indentation does not reflect actual scoping.

A missing system preference would have triggered a ubiquitous
undef compare check failure message. This makes the flooding
message more useful, so as to help correct it.
The change to accomplish this was:
        my $pki_field = C4::Context->preference('AllowPKIAuth');
        if (!defined($pki_field)) {
            print STDERR "Error: Missing AllowPKIAuth System Preference!\n";
            $pki_field = 'None';
        }

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-05 15:17:33 +00:00
ce5ab3b314 Bug 11077: remove uninitialized value $pki_field warning
During login at the Staff interface you get warnings in the logs
regarding an uninitialized value for the $pki_field variable.

To test:
- tail -f /path/to/your-intranet-logs
- Point your browser to your staff login page
- Login
- Three warnings are showed
- Apply the patch
- Log out
- Log in
- No new warnings, and you can still log in.

Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Petter Goksoyr Asen <boutrosboutrosboutros@gmail.com>

Followed test plan; it works as advertised.
Also works when I deleted AllowPKIAuth system pref.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-05 15:15:07 +00:00
Jonathan Druart
de5d977c49 Bug 11132: don't clear the results list upon adding a biblio to a list
A "busc" param is cleared if the template name is not opac-.*detail.tt.
So if a user adds a biblio to a list, he cannot continue to browse
results.

Test plan:
- launch a search at the OPAC (opac-search.pl).
- click on a result and browse results (using previous/next links).
- a title attract your attention and you add it to a list
  ("Save to yours lists" link on the right).
- save the list.
- browse again results.

Signed-off-by: Joy Nelson <joy@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested according to test plan, also checked some other pages and actions
accessible from the detail page.
Passes all tests and QA script.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-11-01 00:39:30 +00:00
Jonathan Druart
d2052311cb Bug 8435: add permission to enable editing other library's serials if IndependantBranches is on
In the serial module, we want to hide serials from others libraries.
However, to permit central serials manage, this patch introduces a
new permission, 'superserials'. If a staff member has this permission,
that person can override the restriction.

Test plan:
- Switch on the IndependantBranches syspref
- Add the permission 'superserials' for a patron and test you can
  navigate and see all serials
- Remove this permission and test you cannot manage/view subscriptions
  from others libraries

Signed-off-by: Frederic Durand <frederic.durand@unilim.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-31 15:27:19 +00:00
Galen Charlton
0f5dc609e0 Bug 10309: (follow-up) restore setting some OPAC template variables in C4::Auth
These variables still need to be exported to the template by default for
the 'prog' OPAC template to work correctly.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-15 15:27:59 +00:00
eb92d94be1 Bug 10309 - New OPAC theme based on Bootstrap
The goal of this theme is to provide a fully-responsive OPAC which
offers a high level of functionality across multiple devices with varied
viewport sizes. Its style is based on the CCSR theme, with elements of
the Bootstrap framework providing default styling of buttons, menus,
modals, etc.

The Bootstrap grid is used everywhere, but Bootstrap's default
responsive breakpoints have been expanded to allow for better
flexibility for our needs.

All non-translation-depended files are in the root directory of this new
theme:

css, images, itemtypeimg, js, less, and lib. Languages.pm has been
modified to ignore the new directories when parsing the theme language
directories.

This theme introduces the use of LESS (http://lesscss.org/) to build
CSS. Three LESS files can be found in the "less" directory: mixins.less,
opac.less, and responsive.less. These three files are compiled into one
CSS file for production: opac.css. "Base" theme styles are found in
opac.less. A few "mixins" (http://lesscss.org/#-mixins) are found in
mixins.less. Any CSS which is conditional on specific media queries is
found in responsive.less.

At the template level some general sturctural changes have been made.
For the most part JavaScript is now at the end of each template as is
recommended for performance reasons. JavaScript formerly in
doc-head-close.inc is now in opac-bottom.inc.

In order to be able to maintain this structure and accommodate
page-specific scripts at the same time the use of BLOCK and PROCESS are
added. By default opac-bottom.inc will PROCESS a "jsinclude" block:

[% PROCESS jsinclude %]

Each page template in the theme must contain this block, even if it is
empty:

[% BLOCK jsinclude %][% END %]

Pages which require that page-specific JavaScript be inserted can add it
to the jsinclude block and it will appear correctly at the bottom of the
rendered page.

The same is true for page-specific CSS. Each page contains a cssinclude
block:

[% BLOCK cssinclude %][% END %]

...which is processed in doc-head-close.inc:

[% PROCESS cssinclude %]

Using these methods helps us maintain a strict separation of CSS links
and blocks (at the top of each page) and JavaScript (at the bottom). A
few exceptions are made for some JavaScript which must be processed
sooner: respond.js (https://github.com/scottjehl/Respond, conditionally
applied to Internet Explorer versions < 9 to allow for layout
responsiveness), the _() function required for JS translatability, and
Modernizr (http://modernizr.com/, a script which detects browser
features and allows us to conditionally load JavaScript based on
available features--or lack thereof).

Another new JavaScript dependency in this theme is enquire.js
(http://wicky.nillia.ms/enquire.js/), which lets us trigger JavaScript
events based on viewport size.

I have made an effort to re-indent the templates in a sane way,
eliminating trailing spaces and tabs. However, I have not wrapped lines
at a specific line length. In order to improve template legibility I
have also tried to insert comments indicating the origin of closing tags
like <div> or template directives like [% END %]:

</div> <!-- / .container-fluid -->

[% END # / IF ( OpacBrowseResults && busc ) %]

TESTING

Proper testing of this theme is no easy task: Every template has been
touched. Each page should work reasonable well at a variety of screen
dimensions. Pages should be tested under many conditions which are
controlled by toggling OPAC system preferences on and off. A variety of
devices, platforms, and browsers should be tested.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-14 23:13:05 +00:00
Galen Charlton
547c6d2949 Bug 9611: (follow-up) move new password hashing routines to separate module
The move avoids a problem where many modules would gain
a dependency on C4::Auth just because C4::Members needs access
to hash_password().

This patch also adds a couple unit tests for the new password
hashing code.

To test:

[1] Verify that there are no regressions on the test plan for bug
    9611.
[2] Verify that t/AuthUtils.t and t/db_dependent/Auth.t pass.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-09 03:29:22 +00:00
4cb139b9ce Bug 9735 - Build the cookie array correctly
The current implementation didn't build the cookie array correctly,
yielding login problems in some scenarios.

Sponsored-by: Universidad Nacional de Córdoba

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-04 03:26:56 +00:00
3b7c6932e5 Bug 9735 - Let the language be selected through URL parameters
Passing language=<valid_language_code> as a parameter in any Koha's URL
can be used to set the desired language.
This patch touches
 - C4::Templates
 - C4::Auth

Adds a new method getlanguagecookie that does exactly that, for use in
get_template_and_user.
Also modifies getlanguage so it checks (a) if there's a 'language'
parameter in the CGI object and (b) checks if its valid and enabled for
the desired interface.

To test:
* Without the patch
  - access any koha page
  - add ?language=code to the end of the URL (change code for a valid language code
    it needs to be installed using perl translate install code, and enabled either for
    the staff or opac interface, depending where are you testing)
  - Nothing happens with the language parameter
* With the patch
  - access any koha page
  - add ?language=code (the same as before) and hit enter
  - the language should be changed to the one you chose
  - if you browse through some links, you will see
    koha 'remembers' the language you passed as a parameter
    (i.e. the language cookie has been updated).

Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Brendan <brendan@bywatersolutions.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works very well. No errors.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
More comments on last patch.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-04 03:26:09 +00:00
Galen Charlton
419af5db00 bug 9611: (follow-up) add reference to Crypt::Eksblowfish::Bcrypt in POD
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 23:01:47 +00:00
Bernardo Gonzalez Kriegel
e23e8166f1 Bug 9611: (follow-up) fix POD
Small patch to make koha-qa happy.
Fixes small POD error

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 23:01:46 +00:00
Srdjan
4be177c1ae bug 9611: Extract checkpw_internal() and checkpw_hash() from checkpw()
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 22:22:32 +00:00
Srikanth Dhondi
f2162a86b0 Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt
What this patch aims to accomplish?

 * All new passwords are stored as Bcrypt-hashes
 * For password verification:
     - If the user was created before this patch was applied then use
        MD5 to hash the entered password <-- backwards compatibility
     - If the user was created after this patch was applied then use
       Bcrypt to hash the entered password
 * Any password change made via the staff interface or the OPAC will
   be automatically Bcrypt-hashed; this applies to old users whose
   passwords were stored as MD5 hashes previously

Test plan:
  1) Add new users and check whether their passwords are stored as
     Bcrypt hashes or not.
  2) To test that authentication works for both old as well as new
     users:
       a) Login as an existing user whose password is stored as a
          MD5 hash
       b) Login as an existing user whose password is stored as a
          Bcrypt hash
  3) In the staff interface, change the password of an existing user
     whose password is stored as an MD5 hash
	a) Check the new password is stored as a Bcrypt-hash in the database
	b) Try to login with the new password
  4) In the OPAC, verify that
    a) Old user with old pass can change password, new format
    b) New user with new pass can change password
    c) Old and new user with self-updated pass can login

Whitespace cleanup was contributed by  Bernardo Gonzalez Kriegel.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 22:22:32 +00:00
Galen Charlton
961617765e do some validation of the KohaOpacRecentSearches cookie
Add validation of the value of the KohaOpacRecentSearches.  In
particular, this patch avoids the generation of an internal server
error when the OPAC is presented with an old cookie that uses the
old Storable-based serialization.

This patch also moves parsing of the cookie value into a
new routine in C4::Auth, ParseSearchHistoryCookie, and adds
a test case.

To test (in conjunction with the previous patch):

Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:

- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verify that all searches
  are listed
- Apply this patch and the previous one.
- Do *not* clear the KohaOpacRecentSearches cookie
- Check the search history and verify that no searches
  are listed any more
- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verify that all searches
  are listed
- Log into the OPAC
- Verify that current and past searches are listed in
  search history.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-28 02:52:13 +00:00
Galen Charlton
488a3d6fed use JSON rather than Storable for the OPAC search history cookie
To test:

Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:

- Clear the KohaOpacRecentSearches cookie
- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verified that all searches
  are listed
- Log into the OPAC
- Verify that current and past searches are listed in
  search history.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-28 01:52:06 +00:00
04dd98fa84 Bug 10552: make several sysprefs available to the OPAC login page
Several system preference variables are unavailable to the OPAC login
template because they are not explicitly enabled for that page. Instead
of adding them to Auth.pm using the old method this patch uses the new
system preference check syntax using the Koha TT plugin.

The following preferences are now checked using this syntax in
masthead.inc:

OpacAddMastheadLibraryPulldown
UseCourseReserves
reviewson
OpacShowRecentComments

In order for the call in masthead.inc to the new plugin to work on all
OPAC pages "[% USE Koha %]" must be added to any template which
includes it (most of them).

Also in this patch: A change to Auth.pm to enable correct display of the
LibraryName in the title of the OPAC login page.

To test, turn on the above system preferences and confirm that the
relevant links appear under the OPAC's main search bar on all pages
including the login page.

Confirm that the text specified in the LibraryName system preference is
shown as the title of the login page.

Confirm that course reserves and comments are displayed correctly on the
biblio detail page.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I checked both prog and ccsr - all seems well and the links are appearing and disappearing in accordance with the appropriate sysprefs.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-22 14:54:15 +00:00
651f810f68 Bug 10553: make public lists available on OPAC login page
If you are not logged in to the OPAC, looking at the login page, and you
click the Lists button to see public lists it says there are none. This
patch corrects Auth.pm so that it loads the list of public lists in this
situation.

To test you must have at least one public list. Make sure you are logged
out of the OPAC and visit the login page (/cgi-bin/koha/opac-user.pl).
Clicking the "Lists" button should show you a list of public shelves.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
works as described, and list button is not shown when opacpublic is disabled.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-18 16:29:41 +00:00
Galen Charlton
968f337728 Bug 10515: (follow-up) fix use of GetBranchCategories
Adjusting to reflect the removal of the branchcode parameter
to GetBranchCategories; also filter on the 'searchdomain'
library group type, as appears to have been intended.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-17 18:02:13 +00:00
71b79d5990 Bug 9541: make OPAC login page respect OPAC_CSS_OVERRIDE
When clicking the login link for opac-user.pl in a multiple branch
scenario the environment variable for OPAC_CSS_OVERRIDE was ignored from
the koha-conf.xml file.  It seems like is is working on every page in
the opac except for the login page.

Test Plan:
1) Set up a Koha server with 2 separate catalog configurations
   ( e.g. opac1.kohatest, opac2.kohatest )
2) Set the OPAC_CSS_OVERRIDE directive for separate css files
   in each opac
3) Browse to the opac login page, note the css is not applied
4) Apply this patch
5) Reload the page, note the css is now applied

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-06-18 07:03:51 -07:00
b00ec06968 Bug 10080 - Change system pref IndependantBranches to IndependentBranches
Test Plan:
1) Enable IndependantBranches
2) Apply this patch
3) Run updatedatabase.pl
4) Verify that the system preference still functions correctly

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-22 07:58:23 -07:00
be869ab279 Bug 8215 - Course Reserves
Adds a course reserves system for academic libraries.

The course reserves system allows libraries to create courses
and put items on reserves for those courses.

Each item with at least one reserve can have some of its attributes
modified while it is on reserve for at least one active course.
These attributes include item type, collection code, shelving location,
and holding library. If there are no active courses with this item
on reserve, it's attributes will revert to the original attributes
it had before going on reserve.

Test Plan:
  1) Create new authorised value categories DEPARTMENT and TERM
  2) Create a new course, add instructors to that course.
  3) Reserve items for that course, verify item attributes have changed.
  4) Disable course, verify item attributes have reverted.
  5) Enable course again, verify item attributes again.
  6) Delete course, verify item attributes again.
  7) Create two new courses, add the same item(s) to both courses.
  8) Disable one course, verify item attributes have not reverted.
  9) Disable both courses, verify item attributes have reverted.
 10) Enable one course, verify item attributes are again set to the
     new values.
 11) Edit reserve item attributes, verify.
 12) Disable all courses, edit reserve item attributes, verify
     the item itself still has its original attributes, verify
     the reserve item attributes have been updated.
 13) Verify the ability to remove instructors from a course.
 14) Verify new permissions, top level coursereserves, with
     subpermissions add_reserves and delete_reserves.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Corinne Bulac <corinne.hayet@bulac.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

http://bugs.koha-community.org/show_bug.cgi?id=8125
2013-05-21 15:50:55 -07:00
Jonathan Druart
537c664038 Bug 9508: Standardize the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files

- Remove "all" occurrences (those I found!) of dateformat_*
From now the only way to get the date format is a string comparaison
(dateformat == "metric")

Checked with the command:
  git grep "\(dateformat_us\|dateformat_metric\|dateformat_iso\)" | grep
  -v translator

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tested all the datepickers I could find, looks good.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-20 09:05:01 -07:00
Galen Charlton
3536b10acf Revert "Bug 10074 - Encoding problems at login time"
This reverts commit 5805b5f363.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:10:23 -07:00
Galen Charlton
327b6c6ce3 Revert "Bug 10019: Fix for userid containing UTF8 chars"
This reverts commit 7e90e1524f.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:05:22 -07:00
7e90e1524f Bug 10019: Fix for userid containing UTF8 chars
Decodes userid on two places in checkauth of C4/Auth.pm

Test plan:
Include some non-Latin characters in your userid (loginname). Arab, Chinese?
Login into opac and check user page.
Go to staff (no new login), check your login name at various places.
Logout, login via staff.
Do the same.
Go to opac again (no new login), check user page.
Optionally: Remove all your sessions from table. Do a login. Check sessions.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works as described. No errors.
This patch fixes this problem, but I wonder if
there is a general solution that handle all as utf8.
Tested in opac and staff.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:13:09 -04:00
5805b5f363 Bug 10074 - Encoding problems at login time
Bug 6554 patched output_html_with_http_headers to encode utf8 data, and Templates.pm to expect utf8 data to be encoded.
(At least) the staff login screen outputs directly to STDOUT (Auth.pm does, WHICH IS WRONG!) and wasn't fixed to do the encoding first.

This patch makes it use output_html_with_http_headers and solves the problem.

Changed 'use' for 'require' as jcamins and marcelr suggested.

Regards
To+

Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:07:01 -04:00
719044f771 Bug 9257 - Add "groups" to normal search pulldown
This patch adds the ability to add groups to the library select
pulldown on the opac, if it is enabled.

Test Plan:
1) Apply patch
2) Run updatedatabase.pl
3) Go to Administration › Libraries and groups
4) Create a new group, or edit an existing one
5) Ensure the 'Show in search pulldown' checkbox is checked
6) Save the group
7) Enable OpacAddMastheadLibraryPulldown if it is not already enabled
8) Load the OPAC, try the group search from the libraries pulldown menu

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Yes! Now this works, and well.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-22 08:20:08 -04:00
Kyle M Hall
5eabc672fd Bug 7804 - Add Koha Plugin System
Adds support for custom plugins. At the moment the Plugins
feature supports two types of plugins, reports and tools.

Plugins are installed by uploading KPZ ( Koha Plugin Zip )
packages. A KPZ file is just a zip file containing the
perl files, template files, and any other files neccessary
to make the plugin work.

Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Create the directory /var/lib/koha/plugins
4) Add the lines
      <pluginsdir>/var/lib/koha/plugins</pluginsdir>
      <enable_plugins>1</enable_plugins>"
   to your koha-conf.xml file
5) Add the line
       Alias /plugin/ "/var/lib/koha/plugins/"
   to your koha-httpd.conf file
6) Restart your webserver
7) Access the plugins system from the "More" pulldown
8) Upload the example plugin file provided here
9) Try it out!

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-20 14:49:47 -04:00
Bernardo Gonzalez Kriegel
9205e732fb Bug 9827: remove 'insecure' system preference
This patch removes 'insecure' system preference.

Also removes remaining code that make use of
the preference. It's broken anyway.

Only remains a reference in POD of C4/Boolean.pm

To test:
1) If you like, enable 'insecure' syspref. Broken system.
WARN: be prepared to revert value in database.

2) Apply the patch

3) Run updatedatabase.pl

4) Check that Staff login proceeds as usual.

5) Check that 'insecure' syspref is no more.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Amended patch: Remove 2 occurrences of insecure (in comment only)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 21:46:34 -04:00
4dcee58a4d Bug 7440 - Remove NoZebra vestiges
Removed NoZebra vestiges. This comprises several code blocks that depend on the NoZebra syspref and NZ related functions/methods.

C4::Biblio->
 GetNoZebraIndexes
 _DelBiblioNoZebra
 _AddBiblioNoZebra

C4::Search->
 NZgetRecords
 NZanalyse
 NZoperatorAND
 NZoperatorOR
 NZoperatorNOT
 NZorder

C4::Installer->
 set_indexing_engine

Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 21:17:04 -04:00
d03c8443a4 Bug 9587 Follow up to fix the problem Katrin identified
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Solve that problem, but now koha-qa complains about tabs
in C4/Context.pm.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tests done:
1) System preference 'Persona' added correctly.
2) Persona off, normal login still possible
3) Persona on, Persona login works
4) Persona logout works
5) normal login still possible
6) normal logout still possible

Persona is off by default and uses the primary email address
from the patron account.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
8cb1ac85a2 Bug 9587 : Followup removing a commented out warn that was annoying the qa tools
Not introduced by this work but no reason not to clean it

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: no more complains from koha-qa

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
3e8f39015b Bug 9587 : Follow up, fixing tabs in C4/Auth.pm
And translation problem in masthead.inc

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
493dcede48 Bug 9587 : Mozilla Persona login
Working on Mozilla Persona support (browser id)

    This will let a user log into Koha using browser id, if their email
    address used matches the email address inside Koha.

    Once an assertion is received, we simply need to find the user that
    matches that email address, and create a session for them.

    opac/svc/login handles this part.

    The nice thing about it is, the user doesn't have to do anything, like
    linking their account. As long as the email address they are using to
    identify themselves in browserid is the same as the one in Koha it
    will just work.

    This is covered by a systempreference, to allow people to do it, and
    is of course totally opt in, it works alongside normal Koha (or any
    other method) of login. So only those choosing to use it, need use it

Test Plan

1/ Make sure OPACBaseURL is set correctly
2/ Switch on the Persona syspref
3/ Make a borrower (or edit one) to have the email you plan to use as
the primary email
4/ Click sign in with email, make or use a persona account
5/ Logout
6/ Check you can still login and logout the normal way

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works great.
It's not browser dependent, but tested with chrome, firefox, opera and safari.
Old an new login system works.
Minor errors, addresed in follow-up.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:35 -05:00
Jared Camins-Esakov
0db3cccf87 Merge branch 'bug_9102' into 3.12-master 2013-02-01 10:50:27 -05:00
Jonathan Druart
bc5f5f4f01 Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-01 10:50:12 -05:00
Jonathan Druart
a469663d7b Bug 9108: Followup: send the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
 - opac/sco/sco-main.pl
 - reports/acquisitions_stats.pl
 - tools/cleanborrowers.pl

All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.

Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
  adding dates

Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-17 21:59:30 -05:00
Chris Cormack
a51a78b71c Bug 9102 : Set HttpOnly on the CGISESSID cookie
https://www.owasp.org/index.php/HttpOnly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>

To test, use curl

Before the patch

% curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 06:56:49 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=19689f6e7d8ec94c25269fecebf2f009; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

After patch

 % curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 07:01:04 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=da25baf03c0bc1e2c512a627028e43e6; path=/; HttpOnly
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-04 08:14:01 -05:00
Jared Camins-Esakov
7535f2bfa3 Revert "Bug 7167: New version for updatedatabase"
This reverts commit c9cb55ef47.
2012-12-27 14:02:56 -05:00
Jared Camins-Esakov
72f9f2239f Revert "Bug 7167 follow-up setting DBrevision, before pushing"
This reverts commit 49d6b750cd.
2012-12-27 14:02:55 -05:00
Jared Camins-Esakov
38f8bf4776 Revert "Bug 7167: Set final updatedatabase.pl version"
This reverts commit c34017336c.
2012-12-27 14:02:50 -05:00
Jared Camins-Esakov
c34017336c Bug 7167: Set final updatedatabase.pl version 2012-12-27 11:55:22 -05:00
Paul Poulain
49d6b750cd Bug 7167 follow-up setting DBrevision, before pushing
The 2 files C4/Auth.pm and install.pl *must* have the $version variable
set to what is the last old-mechanism for updatedatabase

This patch set to 3.11.00001 that is the last number when I QA this patch

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
2012-12-27 11:13:58 -05:00
Jonathan Druart
c9cb55ef47 Bug 7167: New version for updatedatabase
This patch use DataTable, see BUG|BZ 6836
      - css/datatables.css
      - lib/jquery/plugins/jquery.dataTables.min.js
      - js/datatables.js

http://bugs.koha-community.org/show_bug.cgi?id=7167

Bug 7167 follow-up

Major changes:
* creating database tables for update on the fly, the  1st time the update script is called
* version is checked on mainpage.pl (and here only). If syspref Version differ from kohaversion.pl, the old updatedatabase is launched. If there are updates missing from new mechanism, the updatedatabase page is reached
* kohaversion check on each page is now useless in Auth.pm, removed dead code
* Updated installer: at the end of the process, retrieve all updates and automatically mark them "OK", as they're included in installer

Minor changes:
* adding copyright
* adding poddoc
* updating a warning, for better clarity
* switching from $$var to $var->
* small TT glitch fixed in updatedatabase.tt
* about.pl now returns the Version systempreference PLUS all the patches that have been applied

Bug 7167 follow-up perlcritic & numbers display & partial apply depending on DEBUG

* add use strict to updatedatabase, that is now perlcritic compliant
* partial apply of DB revs is now managed by DEBUG env variable = if DEBUG=0, the user can just apply every DBrev. If DEBUG=1, we're in a dev env, the user know has the option to apply DBrevs one by one
Display:
* in updatedatabase, small spelling changes
* in about.pl, remove 0 just after . (3.06.01 is displayed as 3.6.1)
* improve the display of applied numbers on about.pl
 - before this patch, if you have N, N+1, N+2, N+3 and N+10 DB rev applied, about was displaying : , N+1 / N+2 / N+3 / N+10
 - after this patch you have N......N+3 / N+10
* add ORDER BY into list_versions_already_knows to have number retrieved in the same order whatever the order they are applied

http://bugs.koha-community.org/show_bug.cgi?id=6679
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Improve the update.pl script

 * Added CLI options to update.pl
 * Call update.pl from the installer.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Now, we check versions on mainpage.pl and after login

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Reimplementing Marcel's suggestions & fixes

 * Fixing the bugguy old version check (that was made against 3.0900000 instead of 3.0900027 -the last current kohaversion number
 * in the CLI script, if there is nothing to report, just say it

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>

Bug 7167: Remove check_coherency

As suggested by Katrin, we've removed the call to check_coherency. It intended to provide readable comments when some SQL was wrong. Removing this sub result in the SQL error being displayed. That's OK because the sysadmin or the developer can google the error, understand it, then fix it.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Changing in .sql parsing

We first split on delimiter and then extract comments. You can now put
\n for delimiter comments.
ex:

DELIMITER ;
-- this is a comment
SELECT * FROM  my_table;
-- another comment

Before this patch, we had to write:
DELIMITER ;
-- this is a comment;
SELECT * FROM  my_table;
-- another comment;

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add .pl and .sql examples

Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)

Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Improve display + factorize get_queries

Despite it's size, this patch is dealing with display questions only:
 * The text "comments" and "queries" was hardcoded in ajax-updatedb-getinfo.pl script. It has been replaced by a JSON call, returning 2 separate values, "comments:" and "queries:" is now in the template, making it translatable
 * Some minor tweak in the display (like putting things in bold, displaying OK in green, warnings in yellow and KO in red)
 * Reordering the column headers for more readability:
    * Status column is merged with availability, column is after status
    * Status/availability terms more clear: "Not applied" instead of "unknown", "Applied and OK", "Applied and failed", "Applied and forced" are the 3 other statuses
    * Removed one click to display comments on DBREv not yet applied: before the patch, one had to click "Show details", then "Get comments", now, "Get comments" is enough

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: FIX typos & moving a script to a proper place

* renamed availables to available
* renamed already_knows to already_applied
* fixed FSF & copyright headers
* removing a "use strict" because we already had use Modern::Perl
* fixed a tiny typo in about.tt

* moving update.pl to misc/bin because it's a CLI script

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add dependency File::Find::Rule

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: We want to execute non-numeric version with the -all option

Dealing with Marcel comment 100:
> Note that the current code around line 52/53 does not
> handle that correctly:
> Argument "\x{74}\x{65}..." isn't numeric in numeric ge (>=) at
> installer/data/mysql/update.pl line 52.

Now, a non-numeric DBRev will be applied if you provide the --all parameter, without throwing the error

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167 reindentation & removing dead code

* The if (! defined $ENV{PERL5LIB}... block was wrongly intented
* The 3 lines running update.pl are useless: the update (new mechanism) is run from admin/updatedatabase.pl script. This part of install.pl is run only when you have "old style" DB revisions.

Summary:
 * old mechanism = it's run as previously, by reaching the installer/install.pl?step=3 page, that applies all revisions
 * new mechanism = when you log-in or reach mainpage.pl, you reach admin/updatedatabase.pl, where you can see what will be run, and run it

Tiny side effect = the check for old mechanism is now done *after* authentification (thus it's not done on each page call). It means that the user will have to enter login/password twice :
 * first to log-in to Koha
 * second to run installer/updatedatabase.pl?step=3
As the old mechanism is deprecated, we can expect this will happend only a few time in the history of a setup, it's not a big deal.

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Don't raise an error in routine TableExists

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: FIX merge

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add .pl and .sql examples

Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)

Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167 follow-up fix POD syntax to please koha-qa.pl
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-27 11:13:54 -05:00
Nadia Nicolaides
4d644c6930 Follow-up Bug 5634: Ordering branches should be case independent
This patch fix the order of branches in the log-in page,
on Branch.pm we added the variable branchcode to the
hash returned by GetBranchesLoop, and this function is used
on Auth.pm to get a list of branches ordered by branchname

To test
1) Use an installation with some branches
2) On login screen the branches are ordered by branchcode
3) apply the patch
4) On login screen the branches are now ordered by branchname

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch works as expected. Before applying the patch the branches
with lower case was at the end of the list. Now they are well ordered.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-21 07:42:18 -05:00
92782d3832 Bug 7067 - OPAC Borrower Self Registration
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.

Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.

For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).

NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay

NEW NOTICE
* Verify by email notice

NEW SLIP
* Temporary card slip

NEW CRON JOB
* delete_expired_opac_registrations.pl
  - Deletes patrons that have not been upgraded from the temporary
    status within the specified delay
* delete_unverified_opac_registrations.pl
  - Deletes the unverified patrons based on the length of time specified
    in the PatronSelfRegistrationExpireTemporaryAccountsDelay

The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.

Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
   of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
    verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.

Test Plan - Part 2 - Borrower Modifications

1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
  Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
   submit.
8) Check the records, you should see the changes take affect on the
   approved one, and no changes to the other two. You should also see
   "Patrons requesting modifications: 1" at the bottom of mainpage.pl
   now.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 7067 - OPAC Borrower Self Registration - Followup

* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
  PatronSelfRegistrationVerifyByEmail is enabled.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:08:59 -05:00
5b8e1548e4 Bug 8804 [Revised] Quiet errors in the log from Auth.pm
Found three cases where variables were being
referenced which did not (in each case) exist. Adding
checks for those variables' existence.

Errors appeared when logged in and viewing a detail
page in the OPAC.

Revision simplifies logic as per RM suggestion.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-01 16:57:19 -04:00
Jonathan Druart
fd9f025889 But 8787: don't load the page if OpacMaintenance is ON
If the syspref OpacMaintenance is ON, it is useless to loaded the
requested page.

To test:
- switch on the syspref OpacMaintenace
- check in your apache access log, zebra log, etc. the requested page is
  not loaded (i.e. on the opac-search.pl page)

Signed-off-by: Marc Veron <veron@veron.ch>
Checked by watching  other_vhosts_access.log
Works as expected

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-24 18:15:19 +02:00
Jared Camins-Esakov
e883a0f065 Bug 8829: Fix authority importing
A subroutine was not being imported by C4::ImportBatch (ironic, no?)
so this patch makes the call fully-qualified. This patch also cleans
up two warnings in C4::Auth that are raised when logged in as the
database user.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-08 18:06:55 +02:00
Fridolyn SOMERS
bd8f01fec0 Bug 8497: Strange behavior when modifying the timeout system preference
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Tested standard login, patron auto-complete, and system preferences.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-05 16:49:24 +02:00
Mark Tompsett
4c8cfd0c29 Bug 8737 - Incorrect icon at login in staff client
Added the following missing code to ensure the correct icon
is used when logged out:
   IntranetFavicon => C4::Context->preference('IntranetFavicon')
This was added into an existing $template->param() call.

Not to be confused with the koha logo on the login page, the
icon is a 16x16 pixel graphic in the browser tab. The default
is found at .../intranet-tmpl/prog/en/includes/favicon.ico.

If the "IntranetFavicon" system preference is set, it should be
used by the staff client regardless of login state. It was not
being used in the "AUTH rejected" section of Auth.pm, but the
OpacFavicon variable was being set. This explains why the
"OpacFavicon" system preference works for the OPAC client, but
not the staff client upon logout.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-03 11:07:14 +02:00
50759af6fe Bug 6679 - fix 3 perlcritic violations in C4/Auth.pm, and enabled warnings
Subroutine prototypes used at line 561, column 1.  See page 194 of PBP.  (Severity: 5)

Bareword file handle opened at line 606, column 5.  See pages 202,204 of PBP.  (Severity: 5)

Two-argument "open" used at line 606, column 5.  See page 207 of PBP.  (Severity: 5)

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch reintroduces 'use warnings' in C4/Auth.pm.
Keep attentive to new warning messages in your log

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-20 12:18:14 +02:00
Frédérick
f913ebe49f Bug 8597: Add system preferences to configure the mobile view.
This patch adds the following system preferences:
* OpacMainUserBlockMobile - alternate content for the MainUserBlock for
  mobile
* OPACMobileUserCSS - custom CSS for mobile views only
* OpacShowFiltersPulldownMobile - whether or not to show the index
  dropdown on the mobile view
* OpacShowLibrariesPulldownMobile - whether or not to show the library
  dropdown on the mobile view

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-09-18 13:42:18 +02:00
ff7417fa91 Bug 8679 [REVISED] Remove usage of Amazon API
This patch removes the AmazonReviews and AmazonSimilarItems
features from the OPAC and staff client. With on Amazon
feature remaining, cover images, the *AmazonEnabled preference
is also removed in favor of checking the *AmazonCoverImages
preference. Two other system preferences, AWSAccessKeyID and
AWSPrivateKey are removed as they were required only by the
removed features.

Handling of book cover images from Amazon is unchanged.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

Turned on amazon covers in opac and staff client and all
worked as expected. Then tested to make sure other cover image
services still worked and they do.

Signing off.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-29 16:05:29 +02:00
daeb964996 8263 Consistent stylesheet prefs
This patch makes the use of opaccolorstylesheet and opaclayoutstylesheet more consistent. They may be: 1) just a file name, 2) a complete local path or 3) a full URL starting with http: for a remote css file.
This makes the syspref opacstylesheet that was only used for a remote css file obsolete.

June 20, 2012 Rebased.
July 18, 2012: Regex allows https too (thanks to Owen Leonard).

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-03 12:03:30 +02:00
Paul Poulain
ba7ac6d3ec Revert "Bug 4460 - Amazon's AssociateID tag not used in links so referred revenue lost"
This reverts commit 68ba16afe8.
2012-07-11 12:33:36 +02:00
68ba16afe8 Bug 4460 - Amazon's AssociateID tag not used in links so referred revenue lost
Rewrite of patch authored by Reed Wade <reed@catalyst.net.nz>

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-07-10 10:59:01 +02:00
Jared Camins-Esakov
36f1fb6308 Bug 8311: Fix scoping error in C4::Auth
There is a mis-scoped function call in C4::Auth, on line 154, where
GetMembers is called without explicit scoping and before
'require C4::Members;'. This does not actually have any functional
ramifications as far as I can tell, but it would be a good idea to fix
it.

This patch also corrects a bit of indenting in that area, because it was
an unnecessary challenge to understand the code with the mis-indenting.

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-29 16:16:55 +02:00
76b80ac33c Bug 8130 - attach PDF files to a patron record
Adds the ability to attach unlimited arbitrary files to
a borrower record.

Test Plan:
1) Enable system preference EnableBorrowerFiles
2) Look up borrower record, click 'Files' tab on left
3) Upload a file, download the file, delete the file.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
rebased for current master.

Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
rebased again; some indentation issues in include menus.
2012-06-28 10:55:51 +02:00
Paul Poulain
a163be4113 Bug 3708 - Add another customizable region to the OPAC: right sidebar nav
This patch creates a new system preference, OpacNavRight, in
which the librarian can add HTML which will appear on the OPAC
main page under the login form. If the user is logged in the content
will appear in place of the login form.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-20 23:11:06 +02:00
Jared Camins-Esakov
3aaaf2f2e4 Bug 7943: Authority search results are untranslatable
The HTML for authority search results was previously generated in
C4::AuthoritiesMarc::BuildSummary, which meant that it couldn't be
translated. This patch moves the HTML generation into the templates
by introducing a new authorities-search-results.inc include file for
both the OPAC and the Intranet which contains a Template::Toolkit BLOCK
for rendering the authority results. Fixes the authority autocomplete
by removing the untranslatable strings, and returning only data from
the database.

To test:
1. Apply patch.
2. Test authority searching in the authority module in the staff client
3. Test authority searching in the authority control plugin in the
   cataloguing module (and the plugin for UNIMARC field 210$c, if you
   can figure out how)
4. Test authority searching in the OPAC

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with MARC21 data.

1) Applies cleanly on current HEAD.

2) Authority search in staff

Patch works wonderfully, only some small notes found while testing that have
not been changed by this patch:

ENH note: Search terms show up nowhere. So if I want to change the sorting, I have to
repeat typing in my search term. Even if the form does not keep the term, it
should be visible somewhere on the screen what I searched for.

ENH note: The pagination on top and at the bottom of the result list are formatted
differently. Maybe some missing CSS?

ENH note: Also the authority type is not shown at all in the result list.

3) Cataloguing and authority plugins

The autocomplete function works nicely.

ENH note: There is only one small enhancement
I could imagine. If I start my search from 100 it will limit the search to
'persons' but the autocomplete will also suggest other authorities. It would
be a bit cleaner, if the autocomplete could limit by the appropriate authority
type too. Very nice feature.

Plugins overall work nicely. Created links include the authority numbers and work
correctly.

4) Authority search in OPAC

Works nicely. Display is consistent, but translatability greatly improved.

ENH note: In staff we use 'Details' in OPAC we use 'View full heading' - I wonder
if maybe 'details' would be better understandable for users?

Note: Code reveals a system preference 'AuthDisplayHierarchy' that is
not available in the system preference editor. I talked to Jared and he
will work on this feature later on. For now it's no regression, as the
preference has never been visible.
2012-06-20 10:07:30 +02:00
Dobrica Pavlinusic
91bf568114 Bug 7810 - C4/Auth.pm - on plack restart session is undefined
So we shouldn't try to delete it. This produces application error
instead of redirection to login page.

I had similar problems with CGI, especially when session in browser
is still active, and one on filesystem or database is already expired.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Solved the problem when my Plack installation started acting up due to
stale cookies.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-11 18:11:52 +02:00
Chris Cormack
509d673f10 Bug 7941 : Fix version numbers in modules
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-11 17:29:38 +02:00
Katrin Fischer
47fac215af Bug 7935: Introduce sys pref to control 'browse results' in OPAC
Patch introduces a new system preference "OpacBrowseResults" to control
the feature for browsing and paging through results shown on top of the
left menu on detail pages in OPAC.

Preference is activated by default and can be deactivated using the
system preference.

To test:
 - Check database update works correctly
 - Check that browsing and paging still works with after database update
 - Deactivate the feature by setting 'OpacBrowseResults' to 'Disable'
 - Check the feature does no longer show up in OPAC
 - Check that a new installation also has the system preference with correct default

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2012-04-10 15:26:37 +02:00
7eef4c8c70 Bug 5668 - Star ratings in the opac
patch applied to commit eb3dc448d2

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

Turned on star ratings in the opac on details and results
Searched for titles - saw the stars
Clicked on a title
Clicked on the stars
Clicked on the stars to change my rating
Logged out
Tried to click on stars
Logged in as different user
Rated items that were rated already and saw average change
Changed preference to show only on detail and repeated tests
Changed preference to now show stars

All above tests passed. Signing off.

Rebased 3-19-12 by Ian Walls

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-04-10 14:40:49 +02:00
Dobrica Pavlinusic
d0b2d72e0b Bug 7766 - C4/Auth.pm: emit DEBUG output to STDERR
writing to STDOUT breaks plack when running with DEBUG=1

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-04-04 18:09:24 +02:00
c4d21bcbfe Bug 7310: Code changes for Improving list permissions
This lays the foundation for further changes for report 7310.
Implements following points from the wiki page List permissions:
1) Preference that controls if users may create public lists in opac.
2) New add/delete own/delete other permissions per list.

Code has been changed (in some cases refactored). New permissions are not yet visible; with this patch current functionality is kept as much as possible while resolving several issues, improving permissions and extending the code for further developments (using the new permissions and sharing lists).

Feb 23, 2012 (revision): Changed defaults for new lists. Could also remove routine GetRecentShelves by using GetSomeShelfNames in catalogue/search.pl just as opac-search.pl already did. (More consistent.)

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>

Feb 29, 2012: Automerge version.
March 5, 2012: Rebase for pushed 4912 patch.
March 21, 2012: Rebased. Resolving some conflicts in relation to pushed report 7719.
2012-03-21 16:46:40 +01:00
Robin Sheat
4cbeeedbe8 Bug 6296: allow users to be authenticated by SSL client certs
This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress

If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.

The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.

This is an example of what might go in the Apache configuration for the
virtual host:

    #SSLVerifyClient require # only allow PKI authentication
    SSLVerifyClient optional
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
    SSLOptions +StdEnvVars

The last line ensures that the required details are
passed to Koha.

To test the PKI authentication, use the following curl command:
    curl -k --cert client.crt --key client.key  https://URL/
(look through the output to find the "Welcome," line to indicate that a user
has been authenticated or the "Log in to Your Account" to indicate that a
user has not been authenticated)

To create the certificates needed for the above command, the following series
of commands will work:
    # Create the CA Key and Certificate for signing Client Certs
    openssl genrsa -des3 -out ca.key 4096
    openssl req -new -x509 -days 365 -key ca.key -out ca.crt
    # This is the ca.crt file that the Apache config needs to know about,
    # so put the file at /etc/apache2/ssl/test/ca.crt

    # Create the Server Key, CSR, and Certificate
    openssl genrsa -des3 -out server.key 1024
    openssl req -new -key server.key -out server.csr

    # We're self signing our own server cert here.  This is a no-no in
    # production.
    openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
        -set_serial 01 -out server.crt

    # Create the Client Key and CSR
    openssl genrsa -des3 -out client.key 1024
    openssl req -new -key client.key -out client.csr

    # Sign the client certificate with our CA cert. Unlike signing our own
    # server cert, this is what we want to do.
    openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key \
        -set_serial 02 -out client.crt
    openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
    # In theory we can install this client.p12 file in Firefox or Chrome, but
    # the exact steps for doing so are unclear, and outside the scope of this
    # patch

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Tested with Common Name and E-mail authentication, as well as with PKI
authentication disabled. Regular logins continue to work in all cases when
SSL authentication is set to optional on the server.

Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA comment: synchronized updatedatabase.pl version of syspref with sysprefs.sql
version, to avoid divergent databases between new and upgrading users.
2012-03-19 17:02:44 +01:00
2577e0b6c5 7261 Followup to make tests consistent
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2012-03-14 14:14:24 +01:00
Juan Romay Sieira
68ddf79121 Bug 7261 System Preference to select the first day of week
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
2012-03-14 14:14:12 +01:00
808b2a44c4 Bug 7616 - Remove unused template markup for css_libs, css_module, js_libs, etc.
Removing references to unused template variables and markup.

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-03-08 16:06:04 +01:00
52afe06ddd Bug 6193 - Follow up: use SetEnv and remove memcached from koha-conf.xml
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Confirmed that memcached is still being used after the memcached configuration
in koha-conf.xml was removed, and the following two lines were added to
both virtual hosts in koha-httpd.conf:
SetEnv MEMCACHED_SERVERS "127.0.0.1:11211"
SetEnv MEMCACHED_NAMESPACE "KOHA"
2012-02-20 23:24:02 +01:00
Paul Poulain
e780e0669c Bug 6875 de-nesting Auth.pm
* removed use C4::Koha that is useless
* moved "use C4::Members" to "require C4::Members" just before GetMemberDetails call. This will avoid loading C4::Member everytime a page is called by someone not logged

* still to do = work on C4::VirtualShelves, that can be optimized, definetly !

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master, 28 Jan 2012

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Please WAIT with virtual shelves. Working on that..
Tested and marked as Passed QA.
2012-02-15 14:58:42 +01:00
MJ Ray
d4b132136c Bug 7476 Remove executable bit from files that probably should not be executed
Signed-off-by: Aleksa Vujicic <aleksa@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended to replace some copy-and-paste comments only with consent of MJR.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-03 14:22:15 +01:00
Paul Poulain
81cf767b17 Merge remote-tracking branch 'origin/new/bug_7367' 2012-01-27 12:38:00 +01:00
9c0ce2bf3b 7367 Removing reintroduced debugging statement from Auth.pm
Commit 07d1eae7cc removed this statement from the module, but some months later commit 7b12e07d3b reintroduced it again while reindenting code ;)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2012-01-27 12:30:48 +01:00
Jared Camins-Esakov
587e2e920e Bug 1633: QA follow-up
* Show the "Upload images" button when OPACLocalCoverImages is enabled but
LocalCoverImages (i.e. local cover images on the staff client) is not
* Correct copyright and license comments in new files
* perltidy and replace tabs by four spaces

Signed-off-by: Koustubha Kale <kmkale@anantcorp.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-24 11:16:10 +01:00
Jared Camins-Esakov
b4fb5d4095 Bug 1633: [SIGNED-OFF] Add support for uploading images to Koha
A frequently-requested feature for Koha, especially by special libraries, is
the ability to upload local cover images into Koha.

This patch adds a bibliocoverimage table, and image handling code in the
C4::Images module. Key features of the implementation include:
1. The ability to have multiple cover images for a biblio
2. Handling for "full size" (800x600) and thumbnail-size (200x140) images
3. Uploading images directly from the record view

The image display functionality by Koustubha Kale of Anant Corporation will
follow in a second patch.

Special thanks to Koustubha Kale and Anant Corporation for the initial
implementation of local cover images, and to Chris Nighswonger of Foundation
Bible College for his prior work on patron images.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Will add comments on Bugzilla.

Patch failed to apply because installer/data/mysql/sysprefs.sql had changed in master.
Corrected the same with this new patch.
2012-01-24 11:16:02 +01:00
Julian Maurice
8ffbf4e88c Bug 6694: Problem with casAuthentication syspref
A missing test in checkauth caused anonymous session to be destroyed and
re-created at every call when this syspref was set.
Almost the same issue is also fixed in check_api_auth, which caused
C4::Service->init to fail.

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-20 14:19:56 +01:00
Duncan Tyler
00290e8619 Bug 6627 [Signed Off] - Update to improve security in specified log files - bug 6627
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Verified sessionlog file is not written to /tmp when patch is applied. Also verified original bug - logging in did in fact log to /tmp.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-06 14:20:34 +01:00
Salvador Zaragoza Rubio
4a2a95cc25 Bug 6483 - Paging in opac-detail when coming from a search
Add paging in opac-detail when coming from a search to be
able to continue viewing the previous and next register
from the detail without returning to the results.
The partial list pagination can be showed to increase forwarding
or rewinding in the pagination.
It's implemented for Zebra search and not build_grouped_results.

The param busc with all the information from the search is stored
on the session when running opac-search and opac-detail, outside these
pages the busc param is removed from the session.

A list of the biblionumbers inside the OPACnumSearchResults range
is passed to avoid repeating the searching everytime we see the
previous or next biblio. The searching will be run again when
we are going to exceed the list and a new one will be calculated
from the new search.

Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-21 04:57:09 +13:00
bf64266e99 Follow-up fix for Bug 4473 - Recent comments view for the OPAC
This follow-up adds a system preference which controls display
of a link to recent comments in the OPAC masthead alongside
"Advanced search," "Tag cloud," etc.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-20 12:12:45 +13:00
Chris Cormack
a118102d4e Merge remote-tracking branch 'kc/new/bug_5995' into kcmaster 2011-10-15 12:59:34 +13:00
Ian Walls
dcb4ac77fb Bug 5995 Followup: checkpw was returning inconsistent values
In the case of LDAP, checkpw was returning the cardnumber of there user, but it was being treated as the
userid.  This patch updates checkpw_ldap to return the cardnumber AND the userid, and updates checkpw to
uniformly return cardnumber and userid in all instances, so that whoever is authenticating can use the
desired value in the right way.
2011-10-15 12:58:10 +13:00
d7cbdd3d0b Bug 6825 OpacNav menu hide user menu on opac-user.pl page
This patch add a new syspref OpacNavBottom which is placed on all pages
after OpacNav. On Patron pages, specif patron links are placed between
OpacNav and OpacNavBottom, like this:

  OpacNav
  Patron links
  OpacNavBottom

To test:

  1 Apply this patch
  2 For RM, modify kohaversion.pl and updatedatabase.pl appropriately
  3 Test that OPAC pages are displayed as before, OpacNav on the left
  4 Test OPAC patron pages: OpacNav is as before displayed after patron
    links
  5 Split OpacNav between itself and OpacNavBottom
  6 Patron pages display patron links between OpacNav and OpacNavBottom

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-14 11:20:06 +13:00
Paul Poulain
1c0702c76e Bug 5630, follow-up
Fixes chris comment 28, that was a consequence of Marcel comment 27
Recent error
[Thu Sep 01 14:22:45 2011] [error] [client 192.87.126.61] [Thu Sep  1 14:22:45
2011] opac-MARCdetail.pl: DBD::mysql::st execute failed: Unknown column
'limit_desc' in 'field list' at /usr/share/koha/testclone/C4/Auth.pm line 276.
Seems to come from this commit 9a3950f673 (5630
CAS Improvements)

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:51:12 +13:00
Ian Walls
74c7c4e3a5 Bug 5630 Followup: checkpw_ldap not imported
If LDAP authentication is used, Koha barks that C4::Auth::checkpw_ldap is
undefined, which is true.  checkpw_ldap needs to be imported from C4::Auth_with_ldap,
like it was before the bug fix for 5630

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:50:50 +13:00
Chris Cormack
046c996c2f Bug 5630 CAS improvements
Squashed commit of the following:

commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:39 2011 +0100

    Bug 5630 : fixing C4/Auth.pm

commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:38 2011 +0100

    Bug 5630 : Adds CAS documentation

commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:37 2011 +0100

    Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on

    Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>

commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:36 2011 +0100

    Bug 5630 : Adds the ability to authenticate against multiple CAS servers

commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:34 2011 +0100

    Auth_with_cas : removing a warning

    $sth was defined twice in a function
    Removing the second definition

commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:33 2011 +0100

    Bug 6012 : MT 2270: CAS proxy

    CAS Proxy
    Examples included are now really usable

    Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:49:49 +13:00
Jared Camins-Esakov
f09e2ca27e Bug 5528: Analytic records support
Display links to parent biblios, show linked items in holdings, allow holds on
linked items. This uses MARC to maintain relationships.

Sponsored by the Mississippi Department of Archives and History and RapidRadio
Solution. Originally developed by Savitra Sirohi and Amit Gupta at OSSLabs, with
UNIMARC support added by Zeno Tajoli. Commits squashed and merge conflicts
resolved by Chris Cormack from Catalyst. Respect for NORMARC and some small
framework portability fixes made by Jared Camins-Esakov of C & P Bibliography
Services.

IMPORTANT NOTE: A bug in the 773 coding for MARC21 was corrected from the
original OSS Labs code. The 773s generated by the pre-release code did not have
the first indicator set to '0', which means that they were not supposed to
display. Going forward, the first indicator will be set correctly, but existing
records created with this code will no longer appear (they appeared before only
due to another bug). To correct this, you could globally (or, to make sure you
only modify records created with the Analytics tool, for records with 773$0)
change the first indicator of the 773 from blank to '0'.

== Background ==
An analytic record for an item is a more detailed, monographic biblio for an
item attached to a serial record .  This is often used for special issues of a
journal that are released as books on their own (assigned an ISBN, as well as an
ISSN/volume/issue).  It is important for researchers to be able to search for
these items both as issues of the serial, and as monographs.  It is equally
important for the library to not have duplicate item records for the item in
question to have to keep synchronized.

== Establishing relationships ==
Analytical records are connected to items belonging to parent or host
bibliographic records. This can be accomplished by:
* From an analytical bibliographic record linking to an host item by providing
  the item barcode as input
* From a host item by using option "analyze", this creates a new empty
  bibliographic record with field 773 (MARC21) populated
* Running a new CLI script that establishes a relationship between the
  analytical record and the host item identified by the barcode in the
  analytical record's 773$o (MARC21)

== Connecting Records ==
The relationships are maintained in the MARC records, we have not used database
tables at all.

== MARC Representation ==
In MARC21/NORMARC we have used:
* 773$9 to store the Koha item number of the host item
* 773$0 to store the Koha biblio number of the host bibliographic record

The above fields are used to display the relationships in various screens in the
OPAC and the staff interface. Additionally, when populating field 773 with host
item's details, we have used following MARC 21 mapping:
* 'a' <= 100/110/111 $a (author main)
* 'b' <= 250$a (edition)
* 'd' <= 260$a, 260$b, 260$c (place, publisher, year)
* 'o' <= barcode
* 't' <= 245$a (title)
* 'w' <= (003)001 --> if no 001 is available, we can populate biblionumber
* 'x' <= 022$a (issn)
* 'z' <= 020$a (isbn)

In UNIMARC, this code uses:
* 461$9 to store the Koha item number of the host item
* 461$0 to store the Koha biblio number of the host bibliographic record

When populating field 461 in UNIMARC, the following mapping is used:
* 't' <= 200$a (title)

== Treatment of Holds ==
A key requirement was to allow holds to be placed on host items from the
analytical record. We have accomplished this by allowing holds on specific
copies only. Biblio level holds are not allowed. This ensures that holds are
placed on specific items that are relevant to the analytical record.

== Deleting host items with linked analytical records ==
As we have not used database tables to maintain relationships, we had to use
search to find out if any linked analytical records are present. If 1 or more
analytical are present, we do not allow deletion of items. This is similar to
what we see when we try to delete authority records.

== Importing analytical records ==
Analytical records can be imported using bulkmarcimport or the GUI tools. The
new CLI script can be executed after the import to establish relationships with
host items. The script will establish relationships using the host item's
barcode, the barcode must be present in 773$o of the analytical record.

== What if there are two or more copies of the host item? ==
The current design will require that there be two host (773) fields, one for
each copy.

== What if there is no barcode available for the host item? ==
It is still possible to establish a relationship, by populating 773$9 with the
host's item number. However the CLI script uses barcode in 773$o to establish
relationships so it won't work where barcodes are unavailable. Also from an
analytical record, it is possible to establish a relationship to a host item by
providing the barcode as input, this option will not be available as well.

Commits that added the following features were squashed by Chris Cormack (this
is not a list of every commit):
* Display links to host records from biblio detail screens
* Support for UNIMARC, respecting the system preference 'marcflavor'
* Support holds from the OPAC
* Ability to link to items belong to host records from a analytical record
* Display items belonging to host records in the moredetail page
* Ability to edit items belonging to host records, also ability to delink from
  them
* Move get host items code into a C4 routine, also calling the new routine in
  related perl scripts
* Move host field population to a C4 routine, all changes in pl files to call
  new routine
* Allow only specific copy holds for analytical records plus changes to use new
  C4 routines
* Support for holds on items linked via host records
* Storing bibnumber and itemnumber in subfields 0 and 9, plus other mapping
  changes
* New command line script that establishes relationships between analytical
  records and host items and bibs. The script looks for host field (MARC21 773)
  in records, and based on barcode in subfield 'o' populates host bibnumber in
  subfield '0' and host itemnumber in subfield '9'. The script can be run after
  an import of analytical records, it can also be run in the crontab to maintain
  the relationships
* Ability to create analytical records from items, to view linked analytics, and
  prevent deletion of items that have linked analytics
* New template for catalogue/detail.pl (NOTE: not a new template file, just a
  new way of displaying analytics), template displays linked analytics and
  allows creation of analytical records
* New zebra index for item number in host fields. This index will be used to
  display links to analytical records from host records
* Display title of host record instead of the phrase host record
* Using detail.tmpl for analytics tab instead of a new template file
* Improved qualification info prepration in Prephostmarcfield
* Check for linked analytics before deleting item
* Display link to host record and more meaningful anchor text for edit item link
* Analytical record: Unimarc index in record.abs and help in
  create_analytical_rel.pl
* Adding a sys pref that controls display of options to create analytical
  relationships
* Add host entry in XSLT stylesheet in staff item detail
* Added host record support to OPAC detail XSLT
* Adding 773$0 and 773$9 to all frameworks
* Adding 773 subfields 0 and 9 to default marc framework via updatedatabase.pl
* Display create analytics and used in links in catalog detail
* Fixed problem where analytical records not showing in OPAC search results
  because GetMarcBiblio now needs a flag to add item records
* Fixed problem where analytics count was set to 1 for all records, not just
  those with analytics
* Fixed catalogue detail page not to show analytics counts if count is 0

Conflicts:
	installer/data/mysql/updatedatabase.pl
	koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbiblio.tt
	kohaversion.pl

Co-author: Savitra Sirohi <savitra.sirohi@osslabs.biz>
Co-author: Zeno Tajoli <tajoli@cilea.it>

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:03:39 +13:00
Robin Sheat
85b1d6d558 Bug 6636 - add 'powered by Koha' text to OPAC footer
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
  QA control: added () inside 2 [% IF %]

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-09 20:13:09 +13:00
6b8be20497 Bug 6755 Problems with switching languages
This patch solves the situation that news is in another language than
the Koha interface AND makes that themelanguage routine is always called
the same way in order to prevent mixed display.

It fixes also a bug related to language preselection based on web
browser prefered language.

September 9: Adjusted with input of Frederic Demians.

Septembre 10: Avoid circular dependency, as pointed by Chris Cormack.
Templates related functions are moved from C4::Output to C4::Templates

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-09-23 09:47:09 +12:00
Chris Cormack
e8f654fcd2 Revert "Bug 5630 CAS improvements"
This reverts commit 9a3950f673.
2011-09-02 13:22:20 +12:00
Chris Cormack
9a3950f673 Bug 5630 CAS improvements
Squashed commit of the following:

commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:39 2011 +0100

    Bug 5630 : fixing C4/Auth.pm

commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:38 2011 +0100

    Bug 5630 : Adds CAS documentation

commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:37 2011 +0100

    Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on

    Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>

commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:36 2011 +0100

    Bug 5630 : Adds the ability to authenticate against multiple CAS servers

commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:34 2011 +0100

    Auth_with_cas : removing a warning

    $sth was defined twice in a function
    Removing the second definition

commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:33 2011 +0100

    Bug 6012 : MT 2270: CAS proxy

    CAS Proxy
    Examples included are now really usable

    Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-10 13:16:35 +12:00
cbf473d592 Bug 5429 : Open Library book covers
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-04 13:30:23 +12:00
Colin Campbell
306dc79217 Bug 5453 : Move declarations out of conditionals
Patched for C4 Modules

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-07-15 15:50:24 +12:00
Francois Marier
413f306961 Bug 6298 : Create new ShowReviewerPhoto preference
This new system preference (in OPAC Features) allows libraries to
turn off reviewer photos entirely if they want to. The default is
for these photos to be shown.

Note that this setting is linked to ShowReviewer in that both of
them need to be turned ON for the avatars to be displayed.

Signed-off-by: Francois Marier <francois@debian.org>
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-07-05 15:01:13 +12:00
Matthias Meusburger
417c9084b4 Bug 5995 : MT2892: Fix security issue in CAS intranet login
Users could log in intranet using their cardnumber, with superlibrarian
rights.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-05-14 04:31:59 +12:00
Colin Campbell
0d663c7e8a Bug 6237: remove compile time warning
Remove a 'variable in void context' warning from
C4::Auth which shows up as a compile warning in all users of
the module and generates log noise

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-22 07:30:55 +12:00
Chris Cormack
1e7c5166aa Merge remote branch 'kc/master' into new/enh/bug_5917 2011-04-08 14:29:21 +12:00
Colin Campbell
0cf2eccfe9 Bug 5529 Absence or Presence of lists not being reliably returned
C4::VirtualShelves::GetRecentShelves contained some rather confused
code The contents of the requested list are returned in an arrayref
which was in its turn being wrapped needlessly in an array
As a result the returned array always consisted of a single element
irrespective of the number of lists.
Made the routine return the arrayref, which can now be tested directly
Unfortunately rather than fixing this we had previously coded around it
assuming it to be a "design" decision. Have amended other calls of
the subroutine resulting in some hopefully less obscure code

Fixed logic error in the results template which displayed new list
within a test for the presence of lists

Removed the offset parameter from the sql in the routine as it was hardcoded
to 0 i.e. the default value

Signed-off-by: fdurand <frederic.durand@univ-lyon2.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-08 10:51:47 +12:00
Chris Cormack
363ea5ce08 Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/updatedatabase.pl
2011-04-05 15:39:12 +12:00
Chris Cormack
cd62e6ed02 Bug 5917 : Fixing a problem with login 2011-04-04 12:56:01 +12:00
Chris Cormack
ead56def26 bug 4865: Enable session storage in Memcached
Note: this requires CGI::Session::Driver::memcached to be installed

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-04 10:38:50 +12:00
Chris Cormack
eb4ad6e44e Merge remote branch 'kc/master' into new/enh/bug_5917 2011-04-03 22:35:24 +12:00
Katrin Fischer
284cfbc234 Bug 5897: Add new syspref ShowReviewer
This patch adds a new syspref ShowReviewer.

If ON (default) the reviewer/author of an OPAC comment will show.
If OFF the reviewer's name will be hidden.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-01 20:15:46 +13:00
Chris Cormack
6350a7d1cb Bug 5917 : Fixing a bug with signedin users 2011-03-31 08:59:27 +13:00
Chris Cormack
76184e1db0 Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
2011-03-30 08:39:10 +13:00
b5a050d759 Fix for Bug 5833, opacstylesheet not loading on all pages
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-29 21:58:14 +13:00
Chris Cormack
96f7cfabca Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
	installer/data/mysql/ru-RU/mandatory/system_preferences_full_optimal_for_install_only.sql
2011-03-23 21:47:03 +13:00
Jared Camins-Esakov
637cf26045 Bug 5641: Replace Favicon through staff client
This patch adds two sysprefs:
OpacFavicon
IntranetFavicon

The two sysprefs take full URLs to an alternate favicon.ico file for the OPAC
and Staff Client, respectively. Leaving them blank will use the favicon.ico file
that is included with Koha.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-23 21:41:32 +13:00
Chris Cormack
dbf6bd4be0 Merge remote branch 'kc/master' into new/enh/bug_5917 2011-03-22 15:06:44 +13:00
Jared Camins-Esakov
0a1f05a5a2 Bug 5390: OPAC loses library selection
This patch ensures that the OPAC library selection masthead will always default
to the branch that is currently being searched. This only applies to systems
with multiple branches and OpacAddMastheadLibraryPulldown turned on.

To test: do a search in the OPAC, limiting by branch. The search results will
still have that branch selected in the masthead dropdown.

This patch also fixes bug 5852 and bug 3778.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Liz Rea <lrea@nekls.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-22 14:59:16 +13:00
Chris Cormack
03890c90ac Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/en/mandatory/sysprefs.sql
2011-03-21 19:54:11 +13:00
Colin Campbell
7f0a326da5 Bug 5890 Correct Mismatched operator in comparison
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-18 10:47:52 +13:00
6709d0e4f7 Follow-up correction for Bug 5462 - Fix variable names for template::toolkit
Previous commit modified checks for the item-level_itypes preference
to look for a different variable name but didn't update where that
variable is set in Auth.pm.

Other scripts perform a direct check of item-level_itypes and must
continue to use the name of the variable in the database.

Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-08 21:03:28 +13:00
Ian Walls
a0dc124a95 Bug 3881: OPAC Privacy reimplementation
Reimplements Paul Poulain's original OPAC Privacy patch, with some minor improvements and changes to wording

If the library enables the OPACPrivacy system preference along with the opacreadinghistory preference, and sets
an AnonymousPatron (must be a valid patron number in the database), the user will see a new tab upon login to
the OPAC, My Privacy.  From there, the user can:

- Set their OPAC Privacy to one of three values
  0 - Forever.  This keeps their reading history unless they explicitly delete it; the bulk anonymiser won't touch it
  1 - Default.  Keep reading history until either they delete it or the library does
  2 - Never.    Instantly anonymises reading history upon item return

- Instantly delete their reading history
  There is a warning and a popup to confirm.  I've removed Paul's extra confirm checkbox, which seemed redundant

A note of which preference the patron has selected is added to the Patorn Details page in the staff client.  This is read-only.

This patch also consolidates Privacy system preferences into the Privacy section of the OPAC tab.

Thank you to BibLibre for the original implmentation of this patch, and Los Gatos Public Library for funding and
testing the reimplementation.

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-01-31 22:23:50 +13:00
Mason James
f46b03cf2d Bug 4289: 'OpacPublic' feature
applied to git tag 'v3.02.00-rc'

Frédéric Demians:

  - Rebased this patch to HEAD
  - Solved a merge conflict
  - The patch works as described here:
    http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4289

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-01-19 14:30:34 +13:00
Katrin Fischer
c6a9141413 Bug 3381 - Add an IntranetUserCSS system preference
Add an IntranetUserCSS sys pref that works like OPACUserCSS in OPAC only for intranet.
2010-12-13 08:01:41 +01:00
1bd67e28e5 Bug 5066 (Log timestamp consistently in _session_log)
Small fix with thanks to Galen.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-18 09:00:10 +13:00
d4f02c469b Fix for Bug 4359, noItemTypeImages not active in OPAC
- Auth.pm put the noItemTypeImages preference under "intranet only."
  Moved it to "OPAC or intranet."
- Added check for the preference on the OPAC advanced search page.
- Improved logic for displaying images on the reading history page.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-13 20:19:12 +13:00
Chris Cormack
f9299b1a76 Merge remote branch 'kc/master' 2010-11-01 10:56:05 +13:00
2b8470ddf8 bug 3756: start removing references to disused sysprefs
holdCancelLength
PINESISBN
sortbynonfiling
TemplateEncoding

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-10-21 20:35:35 -04:00
Chris Cormack
f245998ac9 Merge commit 'kc/master'
Conflicts:
	docs/history.txt
2010-06-25 10:43:18 +12:00
0700a8b732 bug 4896: granular permissions now always on (DB rev 138)
Per the following koha-devel thread, the use of
staff user subpermissions, AKA granular permissions, is
now the default behavior in Koha.  This patch removes
the GranularPermissions system preference.

[1] http://lists.koha-community.org/pipermail/koha-devel/2010-February/033670.html

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-06-19 07:56:03 -04:00
Chris Cormack
4c14cd317e Merge commit 'kc/master' 2010-06-14 09:15:00 +12:00
Andrew Elwell
8480f56370 Another batch of POD cleanups
Signed-off-by: Andrew Elwell <Andrew.Elwell@gmail.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-06-09 08:38:56 -04:00
Jane Wagner
fde1abd82e Bug 4394 REVISED Allow opaccolorstylesheet syspref to use an external URL
Previous code would only allow for an auxiliary stylesheet on the same server.  This checks for
http in the opaccolorstylesheet syspref.  If it's found, sets a different variable pointing to the
remote server location.  If not found, retains the previous css directory path.

Also modifies the description of opaccolorstylesheet in the installer files to reflect current
usage as an auxiliary stylesheet.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-05-17 12:32:46 +12:00
46737a702c fixed Syndetics breakage
Reverts part of commit 7b12e07 that removed references
to the Syndetics sysprefs in C4::Auth for no apparent reason.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-05-05 12:11:30 -04:00
86c82d0aaa Fix to enable Amazon cover images in the staff client.
Since this fix enables the previously-missing variable
'AmazonEnabled' in Auth.pm, this will also enable other
Amazon content in the staff client like Product
Descriptions and Amazon Similar Items (See Bug 3863)

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-29 21:03:58 -04:00
Donovan Jones
593a7d8e6a Bug 2505 - Add commented use warnings where missing in *.pm 2010-04-21 20:28:51 +12:00
Lars Wirzenius
4523a2df0d Fix file permissions: if it is not a script, it should not be executable.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-16 00:40:34 -04:00
777e5d53cd fix typo in variable name
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-17 09:15:45 -04:00
Srdjan Jankovic
863938f16c Escape input that goes in HTML; Reworked search history insert SQL
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-17 09:12:01 -04:00
b340fb834c bug 4314: add using_https environment variable
Added new HTML template variable, using_https, for use
of OPAC or staff-side templates that may need to know
whether to use http:// or https:// links to off-site
content.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:23:35 -04:00
Lars Wirzenius
7279f55b60 Fix FSF address in directory C4/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:56 -04:00
79b8fca2b1 Additional changes to fix Bug 3920, XSLTdetailDisplay syspref controls both OPAC and Intranet
This patch adds XSLTDetailsDisplay and XSLTResultsDisplay variables
for the staff client, OPACXSLTDetailsDisplay and OPACXSLTResultsDisplay
variables to the OPAC. Note that the XSLTResultsDisplay doesn't actually
do anything because no one has added an XSLT version of search results
to the staff client.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-10 22:36:25 -05:00
ff4d456072 Bug 3920 - Add 2 syspref to activate XSLT use in OPAC/Intranet
- Add two syspref:
  - OPACXSLTResultsDisplay
  - OPACXSLDetailsDispay
- Add them to .pref files and dispatch them beetween OPAC and Search
  tab.
- Upgrade DB version to 3.2 .113
- Fix something wrong in UNIMARCslim2intranetDetail.xsl
- Display OPAC result and detail pages using those syspref.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 08:08:44 -05:00
1f54d10475 Fix for Bug 4073, Add globally template variable for dateformat setting
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-02 18:37:37 -05:00
Nahuel ANGELINETTI
800494a5ef (bug #4004) disallow access for non-logged in users in opac
This doesn't define borrowernumber = 0 if a borrower is NOT logged.
We know borrowernumber 0 is mysqluser... So in virtualshelves, a non logged user have all permissions.
2010-01-28 15:11:52 +01:00
Kyle M Hall
2d1d4cd6e7 OpacAddMastheadLibraryPulldown
In the current OPAC, there is no easy way to search a particular library.
By default, a user searches all libraries, or with SearcMyLibraryFirst turn on,
the user's home library. In dev_week, a library pulldown menu existed in the search masthead.

This commit adds the option to bring that pulldown menu back
by turning on the system preference OpacAddMastheadLibraryPulldown
2010-01-20 22:38:23 +01:00
9cdf370f67 Fix for Bug 3589, OpacHighlightedWords sys pref does nothing 2010-01-15 10:12:28 +01:00
ec48133f71 Bug 3863 - Amazon Content Not Working
Sysprefs were not sent to templates.
2009-12-20 14:27:03 +01:00
Henri-Damien LAURENT
5b9ed679c5 haspermission signature had changed 2009-11-23 17:05:55 +01:00
Matthias Meusburger
54b6b9bd1d Remove ticket parameter from auto added hidden fields.
(Normal login directly after a failed CAS login didn't work previously to this removal)
2009-11-23 16:37:54 +01:00
Matthias Meusburger
c92bc8d73b Added debug mode for CAS warn messages 2009-11-23 16:34:31 +01:00
Matthias Meusburger
26d85c3cd6 Add missing return when CAS user is invalid 2009-11-23 16:32:40 +01:00
Henri-Damien LAURENT
36a01ea347 Second CAS version : CAS and non-CAS login can coexist
Conflicts solved :

	C4/Auth.pm
	opac/opac-main.pl
2009-11-23 16:26:35 +01:00
Matthias Meusburger
77ab8970f1 Add a syspref for CAS logout 2009-11-23 16:23:27 +01:00
Matthias Meusburger
acdd090246 Moved CAS configuration from config file to sysprefs 2009-11-23 16:23:20 +01:00
Henri-Damien LAURENT
7126496210 First CAS version : when CAS is enabled, login through CAS is mandatory
Conflicts solved C4/Auth.pm
2009-11-23 16:21:37 +01:00
Nahuel ANGELINETTI
2bf19bc97a (bug #3674) allow users creation with disabled password 2009-11-19 10:40:28 +01:00
Paul Poulain
ed047fead8 adding XSLT for intranet (UNIMARC only, MARC21 will be done by kf)
- the XSLTParse4Display sub now has a new parameter : the interface (intranet or opac)
- the XSLTdisplay sysprefs is common to staff & opac (Auth.pm)
- added UNIMARC xslt in intranet templates (modified to deal with staff/opac differences)
2009-11-10 22:23:50 +01:00
Matthias Meusburger
38b3a375b4 MT 1110, Follow-up : Balance cart and lists : cart is now in the intranet 2009-10-14 15:27:40 +02:00
Paul Poulain
7b12e07d3b adding acquisition as sub-perm managed module
+ some reindenting
2009-09-30 11:30:14 +02:00
Henri-Damien LAURENT
feeafa8168 Adding Opac-SearchHistory feature
Enables ppl to store their search history and delete the whole history

Adding Storable required by Opac-Search-History

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-30 11:22:21 +02:00
Michael Hafen
5de6ec3c15 Avoid potentially unnecessary database call in Auth
Auth, after verifying the session/logging in the user, calls to the database
to get the users borrowernumber.  This call is probably unnecessary because
borrowernumber is part of userenv.  Check userenv before going to the database.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-14 20:29:39 -04:00
Nicole Engard
6dd6af59c2 Bug 2576: Added OPACFinesTab Syspref
This preference allows library staff to decide whether to show
the fines tab in the OPAC for logged in patrons.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:47:35 -04:00
Nicole Engard
e71c8a4343 Bug 1172: Added OPACPatronDetails system preference
This patch allows library staff to disable the patron details
tab on the OPAC.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:47:34 -04:00
de66ef5c49 bug 3564 follow: ensure NoZebra is passed to templates
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-30 22:07:09 -04:00
Joe Atzberger
41d3e534d2 Fix Maintenance page.
Without this, the mainenance page would not display because of:
Cannot use undefined value as a HASH reference in C4/Auth.pm

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-09 13:08:43 -04:00
MJ Ray
d3c734c750 Use strftime to format sessionlog times
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-15 12:43:28 -05:00
Joe Atzberger
f35b144668 Pull the last OPAC-specific tmpl vars out of gettemplate.
These don't belong every template, only on OPAC:
~ opacstylesheet
~ opaccolorstylesheet
~ opacsmallimage

The latter 2 were already being populated in C4::Auth anyway.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-05 17:03:13 -05:00
Ryan Higgins
ca5e412c1b bug 3244: Support for multiple PAC interfaces.
Adds three env vars allowing url-specific search limits, and defining
how the limit interacts with 'SearchMyLibraryFirst'.
See http://wiki.koha.org/doku.php?id=en:development:rfcs3.2:rfc32_multiple_opac

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-27 10:52:23 -05:00
Joe Atzberger
ccb64c18ee Bug 3177 - haspermission offers bogus option
$intflags was never used or returned if hashref instead of userid was passed.
Also cleaned up needless passing of $dbh.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-01 07:16:20 -05:00
Joshua Ferraro
65ddce02f2 Serials Display Enhancement
Allows specification of how many issues of a subscription to display
at a global and subscription-specific level. Also adds a link to the
detail page to a specific subscription.

Signed-off-by: Daniel Sweeney <daniel.sweeney@liblime.com>
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-04-03 16:41:38 -05:00
Joshua Ferraro
3d65e44d5c Syndetics and Amazon bugfix enhancements
This patch resolves a number of problems related to Enhanced Content:

1. Previously, there was no syspref for controlling whether or not to display
Amazon.com cover images apart from other content. This had the side effect
of preventing use of amazon.com content alongside use of another provider's
images. This patch introduces AmazonCoverImages and OPACAmazonCoverImages,
and changes the name of AmazonContent to AmazonEnabled.

So, for instance, you can now enable OPACAmazonSimilarItems yet utilize
SyndeticsCoverImages for displaying those similar items.

NOTE TO DOCUMENTATION TEAM: please update references to AmazonContent
and OPACAmazonContent to comply with the above.

2. Fixes some semantically incorrect uses of AmazonContent (now OPACAmazonEnabled)
on the OPAC side.

3. Resolves once and for all, the normalization of ISBN,UPC,EAN and OCLC numbers
for all enhanced content elements; These elements can be normalized using the
new functions in C4::Koha; I've replaced use of the various previously used
variables $xisbn,$norm_isbn,$clean_isbn, etc with $isbn, and the template
variable normalized_isbn.

We finally have a single, consistant place to retrieve normalize values for
these fields given a particular record.

4. Adds Syndetics attribution statements to display of all Syndetics content
'enhanced content provide by Syndetics' or 'Enhanced Description from Syndetics'

5. Adds an option to view the large cover image on the detail page on the OPAC
when using SyndeticsCoverImages; this option is controlled by a new system
preference: SyndeticsCoverImageSize which has two values: MC (medium) LC (large)

6. Adds UPC and OCLC numbers for Syndetics enhanced content queries especially
helpful for finding enhanced content for DVD and Music materials

7. Adds capability to display Syndetics images to opac-user for checkouts and overdues

8. Updates to systempreferences.sql, and updatedatabase.pl database revision 015

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:51 -05:00
Joshua Ferraro
9abcd844f5 Add Syndetics AuthorNotes, Awards, Series
This patch also includes a new function to retrieve the index
page from Syndetics and parse it for available content prior to
retrieving content; this is done to speed up syndetics content
by not retrieving content that doesn't exist for an item. However,
Syndetics continues to be a very slow service compared to Amazon.com
and other enhanced content services

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:50 -05:00
Joshua Ferraro
11bd4a7660 Adds Syndetics Reviews
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:50 -05:00
Joshua Ferraro
9806abf865 Adds support for Syndetics Excerpts and Editions
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:50 -05:00
Joshua Ferraro
3d46ed59ee Add System Prefs for Syndetics to Auth
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-27 17:23:49 -05:00
Galen Charlton
638482cf1a fix permissions error 2009-03-06 13:18:00 -06:00
Nahuel Angelinetti
3213ffc859 fix the sql request to work in all mysqls
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-06 13:18:00 -06:00
Mason James
f295d4d223 fixes missing 'STDERR', causing 500 error below..
malformed header from script. Bad header=## checkpw - checking LDAP: mainpage.pl,

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-03-04 08:07:29 -06:00
Andrew Elwell
b49d937e2c more Minor documentation fixes
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-02-26 14:45:58 -06:00
Joe Atzberger
07d1eae7cc Remove hardcoded "Freelist" line from Auth.
Apparently a leftover debugging snippet.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-10-01 12:21:49 -05:00
Galen Charlton
a670f1817e bug 2509: fix file permissions
Following suggestion by Vincent Danjean for Debian
packaging, 0755 -> 0644 for non-executable
files.

Also removed shebang from a few modules in C4.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-08-21 18:55:02 -05:00
Jesse Weaver
c77969022b fix for bug 2477: Improve Speed of the Shelf Browser
This patch updates the queries for the shelf browser in opac-detail.pl for a
slight performance gain. It also adds a param for dateformat to C4::Auth to
fix a warning.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-08-21 16:49:49 -05:00
Galen Charlton
0bf4cdba9a bug 2459: fix module depedency error blocking SIP2
Ror a poorly understood (by me) reason, use of 'use
UNIVERSAL' and 'use C4::Auth' in the SIP2 code is resulting
in a compilation error, thus blocking SIP2 from working.

The error (prior to this patch) could be reproduced as follows:

cd C4/SIP
perl -I. -wc Sip/MsgType.pm
"get_session" is not exported by the C4::Auth module
Can't continue after import errors at /home/gmc/koha/dev/C4/VirtualShelves.pm
line 51
BEGIN failed--compilation aborted at /home/gmc/koha/dev/C4/VirtualShelves.pm
line 51.
Compilation failed in require at /home/gmc/koha/dev/C4/Auth.pm line 34.
BEGIN failed--compilation aborted at /home/gmc/koha/dev/C4/Auth.pm line 34.
Compilation failed in require at Sip/MsgType.pm line 21.
BEGIN failed--compilation aborted at Sip/MsgType.pm line 21.

or more minimally

perl -ce 'use UNIVERSAL; use C4::Auth;'

This patch works around the problem by making C4::Auth
and C4::VirtualShelves not import any symbols
from each other.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-08-04 15:26:54 -05:00
Chris Nighswonger
8bbef6380a kohabug 2456 Moving certain C4::VirtualShelves.pm subs from EXPORT
to EXPORT_OK and correcting associated syntax

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-08-04 15:26:52 -05:00
Chris Nighswonger
542c54e067 kohabug 2392 Changing array dereferencing syntax
It appears that Perl 5.10 does not like ${@$foo}[0] but rather wants $foo->[0]
The latter is also much more readable. This patch makes the change.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-24 11:26:16 -05:00
Chris Nighswonger
ed762eb989 Correcting bad session var that caused Lists link not to be displayed in anonymous sessions
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-23 06:49:51 -05:00
Chris Nighswonger
9971756a24 kohabug 2159 Improving "Lists" button list refreshes after adding/changing lists/shelves
Adding code to refresh "Lists" button lists display in OPAC masthead.inc

Adding javascript to force refresh of parent window to update "Lists" button menu

Adding query limits and ability to specify row count and offset in queries related to Virtualshelves.
Also added the ability to return total record counts for specified virtualshelves.

Adding C4::VirtualShelves::GetRecentShelves which returns a list of the most recently modified shelves for
a given set of parameters. This allows the user to be offered active private and open lists to add books
to in drop down menus while also allowing drop down menus to be limited to a reasonable length.
This also limits the shelves stored in the user's session to a fixed number. A further enhancement might
be to add a syspref to enable a staff member to define the limit. Currently it is hardcoded at 10 per
list type (private/public-open).

Adding pagination to list/shelf related screens

Moving refresh shelves code into C4::VirtualShelves::RefreshShelvesSummary and tidying up a bit

Correcting several inconsistancies in the shelves templates as well as handling shelf management on
the intranet side correctly.

Correcting "Add To:" drop-down list to show only lists the patron has permission to add to

Correcting a few C4::VirtualShelves::GetShelvesSummary API calls

Modifications for template consistancy

Breaking up a 1367 char line of javascript in opac-results.tmpl

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-22 15:48:13 -05:00
Joshua Ferraro
52145c1589 Fix for bug 2115: OpacMaintenance wasn't working 2008-07-14 11:01:44 -05:00
60d585aed6 Hide User Tags link when TagsEnabled preference is turned off. Change to Auth.pm allows TagsEnabled preference to work on login screens.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-12 08:59:39 -05:00
Galen Charlton
c80b328aae clean up old-style calls to GetMemberDetails
GetMemberDetails() returns only one hashref now,
not two.  In all cases where the caller was
expecting two output values, the $flags return
was ignored anyway.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-25 11:39:22 -05:00
Joshua Ferraro
66b2a15f13 fix for 1913: Remove opaclargeimage system preference 2008-06-20 18:38:10 -05:00
Chris Nighswonger
14e2e4d540 bugfix for bug introduced by anonymous session code
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-20 16:48:51 -05:00
Andrew Moore
401c84cc09 Bug 2176 (2/5): adding patron interface to update messaging preferences
This patch allows patrons to update their messaging preferences. This
includes methods in C4::Members to manage patron messaging preferences.

added cgi script to allow patron to edit their messaging preferences

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-20 13:04:50 -05:00
Andrew Moore
3c547de448 refactor C4::Auth::get_template_and_user for readability
I'd like to add another template parameter to geta_template_and user, but found it diffiult due to unreadability.

I stanadardized the whitespace in a portion of get_template_and_user,
alphabetized the parameters, finding a duplicate in one spot,
and then extracted the common template parameters that are set the same
regardless of template type.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-20 13:04:48 -05:00
Chris Nighswonger
3cb7a9ac28 kohabug 2238 This patch allows patrons to add books to public open/free lists whether they are logged in or not.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-20 12:48:11 -05:00
Chris Nighswonger
3d377cd7c1 kohabug 1875 Public lists/virtualshelves are displayed and viewable whether a patron is logged in or not.
NOTE: This patch introduces code which generates an anonymous session when a patron first browses to OPAC.
This anonymous session contains a minimal amount of information including the results of a query to discover
all public lists/shevles. When the user logs in, the anonymous session is cleared and a new session created
for that user.

kohabug 1875 - fix error when editing a patron record

C4::Auth::checkauth was not distinguishing between a
'userid' input from an OPAC or staff login form and
a 'userid' input from (e.g.,) the patron editor.
Consequently, adding or editing a patron record would
result in Koha trying to log in as the new patron.

To resolve this, added a hidden input to all login
forms, 'koha_login_context', to explicitly signal
when a login is occurring.  The value of this input
can be 'opac', 'intranet', or 'sco' - the value is
not used at present, but may be of use later.

C4::Auth - added debug flag to two warns

kohabug 1875 - create anonymous sessions only for OPAC

No need to create an anonymous session for the intranet.

set yuipath correct for login pages

When preparing the template parameters for a login form,
C4::Auth was overriding the value of yuipath set
by C4::Output::gettemplate(), thus causing 404 errors
if the 'yuipath' syspref was set to 'local'.

kohabug 1875 - avoid warns viewing lists anonymously

During an anonymous OPAC session, the $loggedinuser variable
is not set.  As the undefined value causes warns in
C4::VirtualShelves::Page::shelfpage, for the purpose of the
shelfpage call the loggedinuser is set to -1, which should
not correspond to any real borrower number.

This is admittedly a hack to avoid digging through all
of C4::VirtualShelves to deal with lists viewed anonymously.

kohabug 1875 Refactoring of &ModShelf to avoid overwriting list owner needlessly

kohabug 1875 Avoid warning if can't find owner of shelf

Since virtualshelves.owner is not a true FK of borrowersnumber.number,
set ownername to '' if can't find the patron

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-20 12:44:27 -05:00
Joshua Ferraro
7304a2e89b Revert "Bug fixing : get_user_permissions SQL Fixing"
From Galen: because code is part of the join, there is in fact no ambiguity

This reverts commit 3a05ae40f6.
2008-06-09 09:53:23 -05:00
Henri-Damien LAURENT
3a05ae40f6 Bug fixing : get_user_permissions SQL Fixing
user_sub_permissions join introduced ambivalence for permissions field

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-09 06:51:05 -05:00
Henri-Damien LAURENT
00adf3d9af Bugfix : generating session id on some systems was not defined
Explicitly naming the method to generate id is required on some systems
(SUN 4)

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-09 06:51:02 -05:00
Galen Charlton
fe65447e5b OPACBaseURL - do not tack on :443 if using SSL
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-03 05:59:47 -05:00
Galen Charlton
5e5ce6b7f9 calculate OPACBaseURL instead of using syspref
Calculate OPACBaseURL from the
CGI environment variables instead of using the
system preference.  As a result of this patch,
it should be possible to change the hostname,
protocol, or port of the OPAC without having to
reset a system preference.

Also added a FIXME to opac/unapi - the URL of
the SRU/W server has no necessary relationship
to the URL of the OPAC.

Once this patch is confirmed, the syspref can
be removed.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-02 00:51:08 -05:00
Galen Charlton
a7ba1bb941 kohabug 2105: prevent crash on IE7
Three scripts were incorrect setting the HTTP type
header to 'utf-8' instead of something appropriate
like 'text/html' - Firefox evidentally can ignore that
mistake, but IE7 does not.

Fixed by replacing an invalid print of the HTTP header
and template output with a call to
C4::Output::output_html_with_http_headers.

Also corrected POD in C4::Auth and InstallAuth to
reflect correct use of output_html_with_http_headers.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-05-13 17:40:36 -05:00
Henri-Damien LAURENT
f59c9706a4 change in yuipath management 1/2 Noupdatedatabase.pl
now yuipath is added in C4::Output and uses themelang
In my opinion, all the general variables that are used in output should get in C4::Output (since there is theme lang computed.)
rather than in C4::Auth

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-05-12 15:46:35 -05:00
Joshua Ferraro
f093a84974 Fixing bug 1629: RSS Feeds of Search Results in OPAC 2008-05-01 18:55:13 -05:00
Joshua Ferraro
d83a055504 Adding authorised value icons display in the search results
pages.
2008-04-30 21:07:29 -05:00
cfc2b0e184 Adding a couple missing variables for opac login screen (opacheader,OpacUserCSS); Minor tweak to OPAC tags on opac-detail
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-28 05:55:57 -05:00
Joshua Ferraro
ad0d08ef33 Improvements to the results display in the OPAC, merging style
between the XSL and non-XSL stuff. Refining style of tags display,
adding back links to place hold, add to list, and add to cart on
results page
2008-04-23 16:00:46 -05:00
Joshua Ferraro
dfe310868f Adding TagsEnabled to list of known sysprefs, adding 'my tabs'
to the OPAC user portal
2008-04-22 21:00:56 -05:00
Galen Charlton
83f8e22aec renamed CheckSpecificUserPermissions to GranularPermissions
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:45 -05:00
Galen Charlton
7a2a241fa3 fix crash when attempting login as user w/o 'catalogue' permission
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:38 -05:00
Galen Charlton
70d33a82bb granular permissions - C4::Auth
Enhanced the permission-checking functions in C4::Auth
(e.g., get_template_and_user, checkauth, check_api_auth, etc.).

If the CheckSpecificUserPermissions syspref is OFF, the behavior
of those APIs is unchanged.

If CheckSpecificUserPermissions is ON, then the value of each
key in the flagsrequired hash is considered during
the permissions check:

  1. if the value is 1, the staff user must have
     all privileges for the userflags flag (or module)
     referred to by the hash key, e.g.,

     { flaqsrequired => { tools => 1 } }

     In terms of the database, this means that the
     corresponding bit must be set in borrowers.flags.

  2. If the value is '*', the staff user must
     have at least one of the permissions for the
     userflag/module, but it doesn't matter which one.

     In terms of the database, this means ether that the
     corresponding bit must be set in borrowers.flags or
     that there at least is one row in user_permissions
     for the staff user and bit/module combination.

  3. If the value is any other string, it must be
     a permissions code defined in the permissions table.
     The staff user must have that specific permission
     or have access to all functions of the module

     In terms of the database, this means ether that the
     corresponding bit must be set in borrowers.flags or
     that there is a matching row in user_permissions
     for the staff user, bit/module, subpermission
     code combination.

In addition, get_template_and_user is modified so that the
CAN_user_XXX variables that it sets also includes the
subpermissions available (CAN_user_XXX_YYY, e.g.,
CAN_user_tools_import_patrons).  The template variables
for the specific permissions are set regardless of whether
CheckSpecificUserPermissions is ON or OFF so that the templates
don't have to test for that syspref explicitly.

In addition, the meaning of CAN_user_XXX has changed slightly -
CAN_user_tools, for example, is set to 1 in the template if the
user has access to *any* of the tools functions.  This was done
to simply the logic for deciding whether to display a menu
item in the staff interface are not.  This does mean that
when specific subpermissions are added to (say) the circulate
module, each use of CAN_user_circulate will need to be examined
to see if the intent is to allow the user to get at a circ
menu or page or if the user really should be required to have
all circulate functions.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:13 -05:00
c51316a594 Correction to prevent js error when table has no data.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-01 06:41:11 -05:00
Joshua Ferraro
556721e86a Experimental XSLT-based display of results and details pages To enable, create two new YesNo sysprefs: XSLTDetailsDisplay and XSLTResultsDisplay, and set them to ON. Feature to be expanded in a future version, this experimental code is for proof of concept only and doesn't introduce any changes if sysprefs are not created.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-21 21:49:04 -05:00
7ec49e693a Fix to enable OPACUserCSS preference (allows user to add CSS globally in the OPAC via an embedded style block)
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-19 15:46:21 -05:00
a4e22029cc Updates to tweak the way suggestions and suggestions links display when various suggestions-related prefs are on or off.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-19 15:46:16 -05:00
Chris Nighswonger
73dde7a03a Correcting warn concerning kohaversion.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-19 15:44:44 -05:00
80de0e0692 Fix for Bug 1951, OPACURLOpenInNewWindow doesn't do anything.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-18 15:18:45 -05:00
Joshua Ferraro
9b1d024b4c adding a <meta> field to make Koha's OPAC discoverable
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-18 10:40:17 -05:00
Andrew Moore
a59c28db3e fixing bug 1801
adding some parameters to the call to opac-auth.tmpl in C4::Auth::checkauth
This displays the additional navigational links in the masthead on the login page to unauthenticated users.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-18 09:44:43 -05:00
Joshua Ferraro
db101d35d0 fix for bug 1781 for NOZebra=OFF
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-17 22:35:19 -05:00
8a01737202 Fix for Bug 1939, OpacMainUserBlock not displaying with news.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-17 16:28:57 -05:00
Joshua Ferraro
f51890c407 Adding experimental OPACShelfBrowser feature -- to try, create a new syspref called OPACShelfBrowser, and set it to 1
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-16 20:26:30 -05:00
Joshua Ferraro
4c92790fc0 IMPORTANT: Upgrading to Amazon.com Associates Web Service 4.0
As announced this past February, Amazon.com will no longer be
accepting web services requests to Amazon E-Commerce Service
(Amazon ECS) version 3.0 beginning on March 31, 2008.

This patch upgrades to Amazon.com's Associates Web Service 4.0
for the following components:

1. Amazon.com Locale support for: Canada, Germany, France, Japan,
   UK, and US (see the new syspref called AmazonLocale)
2. Jacket Covers
3. Editorial Reviews
4. Customer Reviews
5. Amazon.com Similar Items

The following changes MUST be made to continue using Amazon.com
content:

1. Delete the system preference: AmazonDevKey (AmazonDevKeys used
   with AmazonECS 3.0 are no longer valid)
2. Add the system preferences: AmazonLocale, AWSAccessKeyID
   NOTE: steps 1, 2 are done by the web installer
3. Verify your AWSAccessKeyID:
   You may already have an Access Key ID. You can access your Access
   Key ID by going to http://aws.amazon.com, pointing to Your Web
   Services Account, then clicking View Access Key Identifiers.
   Depending on when you signed up for ECS 3.0, you may need to
   re-register for an AWS account, which includes an Access Key ID.
4. Enter your AWSAccessKeyID in the Koha syspref called
AWSAccessKeyID

For complete details on the changes in Amazon.com Associates Web
Service 4.0, and the migration process, please see: http://tinyurl.com/ysorqy

Other changes with this patch:
 * added $tabsysprefs{PatronsPerPage}="Patrons";
 * Moved OPAC Features to OPAC in sysprefs
 * removed experimental OPACXISBNAmazonSimilarItems and XISBNAmazonSimilarItems features

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-16 12:27:55 -05:00
Galen Charlton
ba19a4ffc1 disable OPAC login form if opacuserlogin syspref is off
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-02-20 20:15:28 -06:00
Henri-Damien LAURENT
552d77c8ad ordering branches by branchcodes on Auth page.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-02-11 06:10:00 -06:00
ba001f10b1 Working on the language-picker menu in the footer
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-25 16:52:07 -06:00
Joe Atzberger
0b2aeb3b2d Backend for "Session" Shelves in toolbar. Affects Auth and Context, so please test.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-23 21:31:20 -06:00
Joe Atzberger
36b609126e Auth.pm - Clarify logout conditionals, debug messages. Die on failure of get_session("").
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-23 21:31:17 -06:00
Joe Atzberger
a6e333d15b Auth.pm - _session_log calls moved before undef of vars logged, LibraryName double => removed
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-23 21:31:15 -06:00
db91682c80 Adding noItemTypeImages syspref to Auth.pm; Beginning the process of adding support for noItemTypeImages preference to intranet templtes.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-23 21:30:50 -06:00
83d8e095ae Cleanup for member entry: XHTML-compliance (close inputs, ids must match labels) and translator-friendliness (can't embed TMPL_IF inside tags); Cleanup of circ and members menus; Menu context flag for readingrec.pl; Correction to Auth.pm (updatecharge -> updatecharges)
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-09 14:50:02 -06:00
Chris Cormack
53f3f1d2c3 Fix for bug 1442, if you have independent branches on and autolocation on,
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-07 01:57:49 -06:00
Joshua Ferraro
c2513fb4ba additional fixes to permissions
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-04 21:30:22 -06:00
4afc512039 Fix to enable reading history in the staff client.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-28 12:30:54 -06:00
Galen Charlton
a858e8a8b8 session management: use YAML::Syck for serialization
When using mysql and a sufficiently recent version
of DBD::mysql that actually respects the mysql_enable_utf8
option, setting the current branch to a name that
includes a diacritic causes the session to fail
and forces the user to the login screen upon
clicking another link.

This turned out to be due to the default (Data::Dumper)
serialization used by CGI::Session, which truncated the
session object at the diacritic.  By enabling
that module's YAML serialization option, the problem
was resolved.

This patch introduces a dependency on the YAML::Syck
module.

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-27 17:24:02 -06:00
Joshua Ferraro
58d425cf7b fix for bug 1696: Reading record page fails
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-25 12:28:55 -06:00
Joshua Ferraro
43334b8cec bugfixing request.pl
Major Fix:
Fixing bug where 'expected' label existed for items that
were 'waiting'

Minor Cleanup:
Show correct statuses
Show itemtypes at correct levels depending on
global system preference
Display branch names, not branch codes
Adding in visibility option for 'canreservefromotherbranches' syspref

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-24 00:43:26 -06:00
Joshua Ferraro
e4799032d2 Warning: big commit Fixing moredetail.pl
Previously, about 50% of the data on this page was either incorrect or missing.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-23 20:32:34 -06:00
Joe Atzberger
90a0dcd223 Auth.pm - 3 changes: $debug instead of warn, LDAP require/import, $timeout regexp (+ instead of *).
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-14 10:02:21 -06:00
Joe Atzberger
377db43117 C4 and misc: permissions fixes
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-13 19:00:34 -06:00
Ryan Higgins
df9296696b get_template_and_user returns $flags from checkauth for in-page perms.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-12 08:03:08 -06:00
Galen Charlton
902176da56 bugfix: made yuipath available to login page template
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-06 11:27:08 -06:00
Ryan Higgins
ac12ba03fb Able to call haspermission w/o $dbh, and add error msg on deletemember.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-05 15:41:10 -06:00
Joe Atzberger
9b062e128c Auth.pm -- just the start of trying to make Auth intelligible and extensible
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-04 17:27:08 -06:00
Ryan Higgins
92e89f48f4 disable actions in moremember based on staff_access permission
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-02 15:17:56 -06:00
Ryan Higgins
06d1995848 Slight mod to getuserflags and haspermission in prep for perms bugfix
Also adding some pod

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-02 15:17:38 -06:00
Ryan Higgins
105adc6ccd changing haspermission() to require that user has ALL requiredflags, not ANYOF requiredflags
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-02 14:57:12 -06:00
8d5c262682 Moving holdings, description, editions, and related into tabs, enabling AmazonSimilarItems global preference for the staff client (but not working?)
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-27 15:57:27 -06:00
bbae57c926 More work on editions in the OPAC; Need both a staff client and OPAC system pref for turning on and off XISBN stuff.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-26 19:59:42 -06:00
96fcc7137c Enabling FRBR system pref for OPAC, to enable/disable display of other editions. Adding editions display to opac-detail, and making some other cosmetic changes. Adding alterating table row colors in opac-user.pl
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-26 19:59:32 -06:00