Commit graph

50624 commits

Author SHA1 Message Date
c6ef2aba6b
Bug 34369: Require CSRF token for updating system preferences
This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)

0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:40 -03:00
4e32b76198
Bug 34761: Prevent XSS for searches and saved search filters
</script> tags are interpreted in JSON strings as HTML, which can
lead to XSS attacks.

This patch puts HTML escaped JSON in the value of a hidden HTML element.
The Javascript then takes the value as a string, parses it as JSON,
and is able to use it to save search filters without triggering a
XSS attack.

This patch also adds DataTable's built-in HTML escaping for the query
and limits on the admin UI for the search filters.

Test plan:
0. Apply patch
1. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=SavedSearchFilters
2. Enable the system preference
3. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=e
4. Click "Save search as filter"
5. Checkbox "Show in staff interface?"
6. Type "E-TEST" into box and click 'Save'
7. Go to
http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=e
8. Click "E-TEST" under "Custom search filters"
9. Note that you see search results
10. Go to
http://localhost:8081/cgi-bin/koha/admin/search_filters.pl
11. Note that for "E-TEST" you see a "Query" like
{"operators":[],"operands":["e"],"indexes":[]}
12. Note that for "E-TEST" you see a "Limits" like
{"limits":[]}

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:39 -03:00
dcd698a4b4
Bug 34349: Validate/escape inputs for task scheduler
This change validates and escapes inputs for task scheduler.

Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/tools/scheduler.pl
3. Input a time a minute in the future and leave the date blank
4. Choose an existing report and output format
5. Type a malicious string which is also a valid email address
into the Email field
6. Click "Save"
7. Note that the job is added but the Email is wrapped in single
quotes
8. Try using a non-malicious email address with a single quote.
9. Note that the single quote is escaped, so that it will still
be used by runreport.pl

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed pars for $email =~ regex, removed old commented lines.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:38 -03:00
332b95b250
Bug 34513: (QA follow-up) Tidy
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:37 -03:00
abbbc5924d
Bug 34513: Add checkauth unit test for resetting auth state when changing users
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:37 -03:00
bb581fe78b
Bug 34513: Add end-to-end test for authorization check after first failed authorization
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:36 -03:00
16da12cbbc
Bug 34513: Set auth state correctly when changing auth sessions
This patch sets the $auth_state to failed when changing auth sessions,
so that the new login attempt gets processed correctly (instead
of skipping the authorization step).

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=baseurl
3. Log in as an OPAC user with 0 permissions
4. Note the auth screen "Error: You do not have permission to access this page"
5. Click "Log in"
6. Note that you're still shown a login screen (and that you've been logged out of
your previous authenticated session)

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:35 -03:00
Evan Giles
d9849aaa3a
Bug 34653: Make koha-foreach return the correct status code
I think the correct behavior for this script should be that koha-foreach
will return 0 (success) if all the commands it tried to run succeeded, but
1 (failure) if any of the commands failed.

To test:
1. $ koha-create --create-db test
2. $ vi test.sh
if [ $USER = 'kohadev-koha' ]; then
    echo "FAILED";
    exit 1;
else
    echo "SUCCESS";
    exit 0;
fi

3. $ debian/scripts/koha-foreach sh test.sh
FAILED
kohadev: 1 status returned by "sh test.sh"
SUCCESS
4. $ echo $?
5. Note that the exit status is 0 (success)

6. Apply patch

7. $ debian/scripts/koha-foreach sh test.sh
FAILED
kohadev: 1 status returned by "sh test.sh"
SUCCESS
8. $ echo $?
9. Note that the exit status is 1 (failure)

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:56:40 -03:00
7ac91b24cf
Bug 30843: Add unit test for Koha::Auth::TwoFactorAuth::verify
This change adds a unit test to test Koha::Auth::TwoFactorAuth::verify

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:52 -03:00
6a0955946e
Bug 30843: Add mfa_range configuration option for TOTP
This change adds a mfa_range configuration option for TOTP
to koha-conf.xml, and overrides the "verify" method from
Auth::GoogleAuth in order to provide a new default for "range"

Test plan:
0. Apply the patch
1. koha-plack --restart kohadev
2. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=TwoFactorAuthentication
3. Change the syspref to "Enable"
4. Go to
http://localhost:8081/cgi-bin/koha/members/moremember.pl?borrowernumber=51
5. Click "More" and "Manage two-factor authentication"
6. Register using an app
7. In an Incognito window, go to
http://localhost:8081/cgi-bin/koha/mainpage.pl
8. Sign in with the "koha" user
9. Note down a code from your Authenticator app
10. Wait until after 60 seconds and try it
11. Note it says "Invalid two-factor code"
12. Try a new code from the app
13. Note that it works

14. Add <mfa_range>10</mfa_range> to /etc/koha/sites/kohadev/koha-conf.xml
15. Clear memcached and koha-plack --restart kohadev
16. Sign in with the "koha" user
17. Note down a code from your Authenticator app
18. Wait 4 minutes and then try it
19. Note that it works

20. Disable your two-factor authentication and click to re-enable it
21. Use a code older than 60 seconds when registering for the two
factor authentication
22. Note that the code works

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:51 -03:00
120b991529
Bug 33926: Add ability to specify fields allowed in a response
At this time, we can specify fields to hide in SIP response at the login level. From a security perspective, it would be useful to also be able to specify which fields are allowed in a response.

Test Plan:
1) Apply this patch
2) prove t/db_dependent/SIP/Message.t

Signed-off-by: Sam Lau <samalau@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:50 -03:00
06c2b4898b
Bug 28449: Add column with invoice number to basket summary page
At the moment it's quite a lot of clicks to get from the basket
summary to the invoice something was received in. This adds a nice
shortcut by creating a new column for the invoicenumber in the basket
summary table.

To test:
* Make sure you have a basket with some received and unreceived
  order lines
* Verify that the (received) shows for your received lines
* Verify no invoice number or link to it in sight
* Apply patch
* Verify that there is now a column for the Invoice containing
  the invoice number as a link to the invoice
* Test with a staff patron, that doesn't have edit_invoices permission
* Verify that now instead of a link you see the invoice number as text

Be happy, sign off ;)

Note: this doesn't change the CSV export. The way the CSV is built is
quite different to the summary table, so it would be better handled
in a separate bug/patch. The columns are already quite different!

Sponsored-by: The Research University in the Helmholtz Association (KIT)

Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Émily-Rose Francoeur <emily-rose.francoeur@inLibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:50 -03:00
8922fb1863
Bug 34618: Add sort 1 and 2 fields to basket in acquisitions
This patch adds the option to display sort1 and sort2 columns in the
view of the contents of a basket in acquisitions. The columns are
labeled "Statistic 1" and "Statistic 2" to match the labels in the
order creation/edit form.

The fields are hidden by default in the updated table configuration.

To test, apply the patch and restart services.

- Go to acquisitions and create a basket if necessary:
  - Search for a vendor and click New -> Basket from the vendor
    toolbar on the vendor search results screen.
  - Create a basket, then click "Add to basket" from the basket details
    page.
  - Add an order to the basket.
- With at least one order in the basket, check the table of orders in
  the basket.
- The columns should be unchanged.
- The table configuration button should show the two statistics fields
  as hidden. Test that they can be displayed.

- Go to Administration -> Table settings.
  - Under Acquisitions -> basket, try changing the settings for the
    Statistic 1 and Statistic 2 fields, and check that your changes are
    reflected in the basket view.

- Test with a vendor which has an EDI account:
  - Enable the EDIFACT system preference.
  - Go to Administration -> EDI accounts and create an account for your
    vendor.
  - Confirm that the table of orders in your basket still displays
    correctly now that the "Supplier report" column is present.

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Ray Delahunty <r.delahunty@arts.ac.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:49 -03:00
384f9282e1
Bug 33428: (follow-up): Default to searching 'standard' fields
Before this patch set, a search for patrons from article requests or
reserves would search the attributes by default. They were not considered
'standard' searches, however.

This patch simply defaults to searching the 'standard' fields unless a value is passed

To test:
1 - Apply other patches
2 - Have patrons with searchable attributes
3 - From a title, click the holds or artickle requests tab
4 - Search for the attribute values and confirm patrons are not returned
5 - Apply this patch
6 - Search again, patrons are now returned

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:48 -03:00
bfdee70f24
Bug 33428: (QA follow-up) Fix escaping in a split call
We'd missed an escape case in one of the calls to .split for the pipe
delimited split operations.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:48 -03:00
47a2029161
Bug 33428: Adjust Unit Tests
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:47 -03:00
b1b92cb9a4
Bug 33428: Parse search fields in buildPatronSearchQuery
This patch moves the parsing of standard search_field into the buildPatronQuery subroutine
and adds a check for 'standard' field before adding attributes to the search

To test:
1 - Add a new attribute type and make it searchable
2 - Add a value to a patron
3 - Search for this value using 'Standard' fields, confirm you get the patron
4 - Search for the value using 'Cardnumber' field, confirm you get the patron - BAD!
5 - Apply patch
6 - Repeat cardnumebr search, confirm patron not found - Yay!
7 - Search standard, confirm patron is found
8 - Add a new field to 'DefaultPatronSearchFields
9 - Confirm it appears in patron search dropdown
10 - Confirm a search of this field with the attribute value does not return the patron

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:46 -03:00
a06396c282
Bug 34748: DBRev 23.06.00.026
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:46 -03:00
Katrin Fischer
f9f9c3a7fa
Bug 34748: Fix column name in columns configuration for basket table
The first column was named basket_number, but it's actually the
order_line.

To test:
* Edit column configuration for acquisition > basket
* Make sure to set at least one checkbox for 'basket_number'
* Apply patch, run database update
* Verify that the first column is now 'order_line', but your
  settings have been preserved

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:45 -03:00
82234aba24
Bug 29822: DBRev 23.06.00.025
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:45 -03:00
cdedd6f2db
Bug 29822: (QA follow-up) Use pipe for all field separators
- Tidy atomic update

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:44 -03:00
bfcdbeb9a8
Bug 29822: Update unit tests
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:43 -03:00
6a98a8ef83
Bug 29822: Database and Preference description updates
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:43 -03:00
ffcfc13c7e
Bug 29822: Update code to reference by pipe
Moving to modalselect also has the effect of moving from comma delimited
to pipe delimitation for the preference contents

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:42 -03:00
0b4a37a29d
Bug 29822: Use the modal
As requested by Katrin.. switch to the modal and expose all fields from
the borrowers database table

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:41 -03:00
4d2a3d58b4
Bug 29822: Update 'DefaultPatronSearchFields' to a select list
This patch updates the `DefaultPatronSearchFields` preference from
freetext expecting a comma delimited list of borrower fields to a
multi-select with a sensible list of fields available.

I opted to not use the Modal approach with all borrower fields listed as
I felt it made more sense to only expose a more limited subset of the
fields available to us.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:41 -03:00
Aleisha Amohia
1bd3f2cc1b
Bug 34016: Manage recalls via SIP
This enhancement allows SIP to better handle recalled items - preventing the check-out of recalled items if they have been allocated to another patron, or fulfilling recalls if the item was recalled and allocated to this patron.

To test:

1. Run test `prove t/db_dependent/SIP/Transaction.t`
2. Confirm the test fails when trying to fulfill the recall
3. Apply the patch and restart services
4. Run test again `prove t/db_dependent/SIP/Transaction.t`
5. Confirm tests pass

Sponsored-by: Auckland University of Technology
Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:40 -03:00
Aleisha Amohia
b1126cfcef
Bug 34016: Tests for fulfilling recalls via SIP
Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 10:53:39 -03:00
872c4ba2dc
Bug 34114: Replace the use of jQueryUI sortable
This patch adds a replacement for jQueryUI sortable, a standalone
library called Sortable. The patch updates pages which previously used
jQueryUI for sorting.

The patch updates the style of most sortable elements to use the
"grip-vertical" Font Awesome icon.

To test, apply the patch and test the following pages, confirming that
sortable elements are sortable and that the newly sorted state is saved
correctly:

- Administration -> System prefernces -> I18N/L10N
  - With multiple languages installed, test that languages listed in the
    'language' and 'OPACLanguages' preferences can be sorted and that
    after saving your changes the interface relfects your changes: In
    the footer and header of the OPAC and in the footer of the staff
    interface.
- Administration -> MARC bibliographic framework -> MARC structure ->
  Edit subfields of a tag.
  - Test using a tag with multiple subfields, e.g. MARC21 245.
    - Test that you can click and drag to reorder the tabs in the
      subfield edit view.
    - Test that when you save your changes, including changes to the
      "New" tab position, that fields are ordered correctly both in the
       display on this page and in the basic MARC editor.
  - Perform the same tests on Authorities: Administration -> Authority
    types -> MARC structure -> Edit subfields of a tag.
- Authorities -> New (or edit) authority
  - Multiple subfields of a tag should be sortable.
  - Multiple copies of the same tag should be sortable relative to each
    other.
  - Confirm that your changes are saved correctly and that the detail
    view of your updated authority record is correct.
  - Perform the same tests on Cataloging -> New (or edit) record in the
    basic MARC editor.
- Enable the StockRotation system preference if necessary.
  - Go to Cataloging -> Stock rotation
    - If necessary, create a new rota and add multiple stages
      - In the "Manage stages" view you should be able to click and drag
        to reorder stages. The new position should be saved immediately
        via AJAX.

Signed-off-by: paul <paul.poulain@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 13:00:00 -03:00
Andreas Roussos
fe18b05692
Bug 21828: build $bib_heading_fields only once per invocation
In UNIMARC instances, the run time of link_bibs_to_authorities.pl
can be reduced by up to 80% and the number of DBI calls
can be reduced by up to 90% with a very simple fix that
optimises the constructor of the C4::Heading::UNIMARC object.

Currently, the constructor resets the $bib_heading_fields hash
*in each invocation* (i.e. for every field the bibliographic
record contains), then populating it again with the results
fetched from the database! This is inefficient.

The patch/fix is trivial: we take advantage of the fact that
$bib_heading_fields is declared at the top of the
C4::Heading::UNIMARC module and is thus a package variable
that is in scope for the entire execution of the program
(more info here: https://stackoverflow.com/q/75317862).

Placing the section that generates the $bib_heading_fields
hash inside a "unless ( defined $bib_heading_fields )" code
block is enough to cause a significant reduction in the
number of "expensive" SQL SELECT queries that must be run.

Test plan:

0) Have a UNIMARC instance with some sample data (the KTD one
   will do just fine for this experiment).

1) Run the following commands:

    $ ktd --shell
   k$ DBI_PROFILE=1 ./misc/link_bibs_to_authorities.pl -t

   Observe the output from the script and the DBI profiling info.
   [You may want to play with different DBI_PROFILE levels (such as
   2, 4, 6, 8, etc.) to see what's going on under the hood DBI-wise,
   for reference see: https://metacpan.org/pod/DBI::Profile]

2) Apply this patch.

3) Rerun the script from step 1), it should run a lot faster!

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:57:46 -03:00
7d80a1df25
Bug 34302: (bug 28653 follow-up) Do not refresh the table if an error happened
If checkin or renew failed, we should not refresh the table or it will
hide the error message.

Test plan:
Apply the DO NOT PUSH patch
Do a renew
=> No error in the table
Apply this patch
Do a renew
=> You see the error
Revert the DO NOT PUSH patch
Do a renew
=> The table is refreshed

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:50 -03:00
9f59ea2f61
Bug 34835: Highlight logged-in library in patron searches fix for new staff interface
Since Bug 30952 the feature from Bug 10902 does not work anymore.
The class "currentlibrary" is there but no background color in CSS.
Bug 30952 removed it :
-    background-color: #E6FCB7;

This patch restores this rule plus '!important' that is used by
class 'ac-currentlibrary'

Test plan:
1) Perform a patrons search
2) Check you see green background color for patrons with same branch as
   currently logged in.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:50 -03:00
7fd26e069e
Bug 33948: Replace GetAllIssues with Koha::Checkouts - staff
This patch replace GetAllIssues in readingrec.pl which is the only
occurrence in the staff code.

To test this patch you will need several items in your checkout history
in order to confirm that the display is the same before and after the
patch.

However there is one change! And it's a bug fix (or an enhancement, it
depends on how you see things). It includes checkouts with deleted items, which is
a long standing bug (see bug 8483).

Performance will be compared as well.

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:49 -03:00
Katrin Fischer
8dcdeaf23d
Bug 33499: (QA follow-up) Open external links in new tab
Adds target="_blank" to the vendor website and interface URLs,
as we can expect them to be external sites.

Also changes mark-up a little so that the URL is shown without
an additional space in front, lining up with the other fields.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:48 -03:00
f6b9f25a4f
Bug 33499: Make interface URL clickable on vendor details
This patch adds markup around the vendor details interface URL so that
it is a clickable link.

To test, apply the patch and go to Acquisitions.

- Search for a vendor
- If you don't have a vendor with interfaces defined, edit one
  - Under Interfaces -> Interface details, fill out the form, including
    the URI field.
  - Add more than one interface
- Save your changes and then view the vendor details page
- In the Interfaces section the interfaces you defined should have
  clickable links.

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:48 -03:00
d550bcd909
Bug 32496: Fix tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:47 -03:00
e9d8cc08c5
Bug 30825: Move holds_control_library to Koha::Policy::Holds
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:46 -03:00
752fb21b47
Bug 30825: Remove GetReservesControlBranch in favour of Koha::Item->holds_control_library
This patch removes the GetReservesControlBranch method, and replaces its
uses with the newly introduced method.

To test:
1. Apply this patch
2. Verify that placing holds from the OPAC works
=> SUCCESS: Things work as expected
3. Run:
   $ kshell
  k$ prove t/db_dependent/Reserves* \
           t/db_dependent/Hold* \
           t/db_dependent/Koha/Hold* \
           t/db_dependent/Koha/Biblio.t
=> SUCCESS: Tests pass!
4. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:46 -03:00
e0b5542b07
Bug 30825: Add Koha::Item->holds_control_library
This simple method takes care of calculating the control branch for an
item and a patron, depending on a syspref.

It targets replacing C4::Reserves::GetReservesControlBranch

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/Item.t
=> SUCCESS: Tests pass!
3. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:45 -03:00
f32ca2b8bd
Bug 30825: Add unit tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 12:35:44 -03:00
31f850cb58
Bug 32496: (follow-up) Fix t/db_dependent/SIP/Message.t
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:54 -03:00
2ff3b14e93
Bug 34720: DBRev 23.06.00.024
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:53 -03:00
cd79c78dbd
Bug 34720: Say if syspref has been inserted
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:53 -03:00
Emmi Takkinen
d91ea53e90
Bug 34720: Fix bug 30403 atomic update
Bug 30403 had wrong syspref name in its
atomic update file. This patch fixes this in
db_rev 221200018.pl and adds new atomic
update file.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:52 -03:00
b07842d243
Bug 34848: (QA follow-up) Resolve warn on useless constant
Useless use of a constant ("Dies if sip user cannot be found") in void context at t/db_dependent/SIP/Message.t line 582.

We should remove the comma..

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:51 -03:00
4fd7857e3f
Bug 34848: Fix SIP/Message.t if DB has been upgraded
There were a lot of failures (in the context of bug 34841)

t/db_dependent/SIP/Message.t .. 2/16
    #   Failed test 'Found AH field as timestamp in response'
    #   at t/db_dependent/SIP/Message.t line 820.

    #   Failed test 'Found AH field as SQL date in response'
    #   at t/db_dependent/SIP/Message.t line 825.
    # Looks like you failed 2 tests of 8.
t/db_dependent/SIP/Message.t .. 3/16

    #   Failed test 'Desensitize flag was set for patron category not in inhouse_patron_categories'
    #   at t/db_dependent/SIP/Message.t line 1133.
    #          got: 'N'
    #     expected: 'Y'

    #   Failed test 'Desensitize flag was set for empty inhouse_patron_categories'
    #   at t/db_dependent/SIP/Message.t line 1139.
    #          got: 'N'
    #     expected: 'Y'

Because renewalsallowed is 0 for upgraded DB, when it's 5 for new
install.

We need to set the value.

This patch also adds some missing transaction

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:51 -03:00
aea9fce4b0
Bug 34843: DBRev 23.06.00.023
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:50 -03:00
f809c272af
Bug 34843: Fix database comment inconsistency on toc_request
Bug 29093 had a dbrev without comment, but added comment to
kohastructure.

Test plan:
Check (or remove) comment on article_requests.toc_request.
Run dbrev.
Check if comment was added (if you removed).
Run t/db/Koha/Database/Commenter.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:49 -03:00
60f0aee9b6
Bug 34215: Introduce a ToolbarButton Vue component
Our toolbar component is not flexible enough, we cannot:
* have something else than a router-link
* have a link outside of the app (it needs to be a Vue route)

This patch adds a ToolbarButton component that is used for existing
button. But other buttons can be added without being a router-link.

Test plan:
No change in behaviour here! Test the buttons in the 4 existing toolbar
(in the ERM module)

Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:48 -03:00
3da3e6e8ff
Bug 34453: Update background of quick spine label pop-up
This patch updates the quick spine label popup so that the footer uses
the same markup as the recently updated Z39.50 popup window in
cataloging.

To test, apply the patch and rebuild the staff interface CSS.

Go to Cataloging -> Quick spine label creator.

 - Test the form with both an existing barcode and a non-existent
   barcode.
   - In the pop-up window, confirm that the footer looks correct and
     that the buttons in the footer, in both cases, work correctly.

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-22 11:35:48 -03:00