Commit graph

50182 commits

Author SHA1 Message Date
cb2c62665a
Bug 34494: DBRev 23.06.00.015
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:26:01 +03:00
3e606c4df1
Bug 34494: (QA follow-up) fiks spelin
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:59 +03:00
158ac7df71
Bug 34494: Table tmp_holdsqueue fails to be created for MySQL 8
It appears that MySQL 8 rejects creating any table where the primary key is nullable. The table tmp_holdsqueue has a nullable pk ( itemnumber ) but there is no reason for this column to be nullable ( generating a holds queue entry with no itemnumber is not possible ) so it make sense to just remove the nullability for MySQL compatiability.

Test Plan:
1) Using MySQL 8.0, attempt to create a database from kohastructure.sql
   If you use ktd, you can try:  DB_IMAGE=mysql:8.0 ktd up
2) Note the failure to create the table
3) Apply this patch
4) Repeat step 1
5) The table is created!

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:58 +03:00
813cfe1eec
Bug 34056: Add -api-client suffit to authorised-values API client
In koha-tmpl/intranet-tmpl/prog/js/vue/fetch all files have the -api-client suffix but authorised-values. For consistency we should add it.

Test plan:
Go to the ERM module and confirm that dropdown lists are correctly
filled in with authorised values.
You can also inspect the console and confirm that a GET query to /authorised_value_categories is done

Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:57 +03:00
Katrin Fischer
ad41643d5a
Bug 34436: (QA follow-up) Move spans to surround full text
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:56 +03:00
8933036742
Bug 34436: Some breadcrumbs lack <span> for translatability
This patch modifies several templates which were updated recently so
that breadcrumbs markup could be built using template wrappers. The
patch wraps strings in <span> in cases where it is necessary to make
them translatable.

To test, apply the patch and view the following pages to confirm that
the breadcrumbs still show up correctly:

- Administration -> MARC bibliographic framework
  - Add framework
  - Edit framework
  - Delete framework
- Administration -> Share content with Mana KB
- Administration -> Circulation and fine rules
- Authorities ->
  - Add authority
  - Edit authority
- Catalog -> Advanced search
  - Bibliographic detail page
    - Must have EasyAnalyticalRecords enabled.
    - Edit -> Link to host record
- Patrons
- Reports -> Average loan time
- Serials -> Serials home

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:55 +03:00
eb224540e2
Bug 34365: Add cancellation request flow to DELETE /holds
This patch adds a new `x-koha-override` header to allow enforcing the
cancellation request flow for waiting holds.

If the hold is not waiting, the header has no effect.

To test:
1. Apply the tests patch
2. Run:
   $ ktd --shell
  k$ prove t/db_dependent/api/v1/holds.t
=> FAIL: The endpoint doesn't implement the required logic
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! The endpoint behavior is changed!
5. Sign off :-D

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:54 +03:00
2a8c43f975
Bug 34365: Unit tests
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:53 +03:00
33f5982c3e
Bug 33909: (follow-up) QA fixes
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:52 +03:00
9bd21c7a38
Bug 33909: Improve translation of title tags: Administration
This patch updates administration templates so that title tags can be
more easily translated.

To test, apply the patch and confirm that the following
Administration pages have the correct title tags:

 - Libraries
 - Library groups
 - Item types
 - Authorized values
 - Patron categories
 - Circulation and fines rules
 - Patron attribute types
 - Library transfer limits
 - Library transfer limits advanced editor
 - Transport cost matrix
 - Item circulation alerts
 - Cities and towns
 - Curbside pickup
 - Patron restriction types
 - Debit types
 - Credit types
 - Cash registers
 - Manage plugins
 - Manage jobs
 - MARC bibliographic framework
 - Koha to MARC mapping
 - MARC Bibliographic framework test
 - Authority types
 - Classification configuration
 - Record matching rules
 - Record overlay rules
 - OAI sets configuration
 - Item search fields
 - Search engine configuration
 - Currencies and exchange rates
 - Budgets
 - Funds
 - EDI accounts
 - Library EANs
 - Network Printers
 - Identity providers
 - Z39.50/SRU servers
 - SMTP servers
 - Did you mean?
 - Table settings
 - Audio alerts
 - Share your usage statistics
 - Share content with Mana KB
 - Additional fields
 - Keyboard shortcuts

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:51 +03:00
Katrin Fischer
19f9240759
Bug 34345: (QA follow-up) Fix some more occurrences
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:50 +03:00
452ac93b92
Bug 34345: 'Circulation and fine rules' vs 'Circulation and fines rules'
This patch corrects two instances of the phrase "Circulation and fines
rules" in favor of the more common "Circulation and fine rules" for
consistency's sake.

To test, apply the patch and go to Administration.

- In the description under the "Circulation and fine rules" link it
  should read, "Define circulation and fine rules..."
- Open the Circulation and fine rules page and confirm that the link in
  the sidebar menu is correct.

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:49 +03:00
Emily Lamancusa
a3c64f62c0
Bug 34470: Initialize random seed after spawning a child worker process
When background_jobs_worker.pl spawns a new child process, it needs to
explicitly reinitialize the random seed - otherwise each child process
will inherit the same random seed from the parent process, and any
randomization will produce identical results each time.

This patch adds a call to srand immediately after the fork to
reinitialize the seed. Note that child processes should not call
srand with no parameter anywhere else, as the Perl documentation
indicates that srand should not be called with no parameter more than
once per process.

To test:
1. Apply the logging patch only
2. Set system preferences:
    a. RealTimeHoldsQueue -> Enable
    b. RandomizeHoldsQueueWeight -> in random order
3. Watch the logs for the staff interface
   in ktd:
   ktd --shell
   koha-intra-err
4. Place a hold. Note that the logs display the branch list before and
   after it is randomized.
5. Place some more holds. Note that the branch order after randomization
   is identical each time.
6. Apply both patches and restart_all
7. Repeat steps 3-5.
   -> Note that the branch order before randomization hasn't changed
   -> Note that the branch order after randomization is now different
      each time.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:48 +03:00
Emily Lamancusa
3ff1430bb4
Bug 34117: Add unit tests
To test:
prove t/db_dependent/Koha/Patron/Categories.t

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:47 +03:00
Emily Lamancusa
bba9feff5c
Bug 34117: Remove side effect from get_expiry_date
If get_expiry_date is passed a DateTime object as a parameter,
it modifies and returns the original object. When memberentry.pl
prefills the input fields for duplicating a patron, it passes the
enrollment date object to get_expiry_date. This causes the enrollment
date object to be modified with the expiry date value.

This patch modifies get_expiry_date to clone the DateTime object that it
receives as a parameter and return the clone, so that references to an
enrollment date object can be passed in safely.

To test:
1. Have or make a patron
2. Duplicate that patron
3. Before saving the new patron, scroll down to Registration Date and
   see that it's defaulting to a date in the future.
4. Apply patch and restart_all
5. Try duplicating a patron again
6. Registration Date should correctly set to today

Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:46 +03:00
Julian Maurice
9b1bd01a42
Bug 34155: Hide 'Next available' at OPAC when item-level hold is forced
This was a regression caused by bug 24860

Test plan:
1. Set up circulation rules so that OPAC users can place holds only on
   specific items ("OPAC item level holds" = "force")
2. Try to place a hold at OPAC. The "Next available item" option should
   not appear.
3. Set "OPAC item level holds" to "allow"
4. Try to place a hold at OPAC. The "Next available item" option should
   appear

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:45 +03:00
e211d8b34b
Bug 34269: (QA follow-up) Add missing TT filters
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:44 +03:00
e0fdb2db51
Bug 34269: Convert to using codes in select compares
This patch updates the logic in smart rules to compare option values to
codes as apposed to option texts to value descriptions.

0. Apply patch
1. Install another language in the staff interface
   1. ./translate install xx-XX
   2. Check the box of the language in the 'language' system preference
   3. Refresh
2. Create an item type with a parent
   1. Go to Administration > Item types
   2. Create a new item type or modify an existing one, assigning a parent type
      Example: Create a 'Children's books' itemtypetype
      and assig 'Books' as its parent
   3. Create a third item type with the same description but something added in ():
      Example: 'Children's books (3-5)'
3. Create a circulation rule for the parent type
   Example: All/Books, with 2 checkouts allowed
4. Create a circulation rule for:
   All/All with 3 checkouts allowed
5. In English, click on "Edit" next to the parent type rule (All/Books)
   --> Note that the item type in the bottom row (the modifiable row) is changed to 'Books (All)'
6. Modify the number of checkouts allowed (e.g. 99)
   --> The All/Books rule is modified
7. Switch the interface to the other language
8. Click on "Edit" next to the parent type rule (All/Books)
   --> The All/Books rule is modified
9. Add rules for Children's books and Children's books (3-5)
10. Click on "Edit" next to each rule and change a value
   --> Verify that the changed values are always saved for the correct rule

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:43 +03:00
72ef65edbe
Bug 34452: Restore fund label and 'Update adjustments' button
This patch fixed 2 small and recent regressions:

* The "Update adjustments" button used to always display. It's
  required to save a new first adjustment, but also to save
  changes to existing adjustments edited inline. It now would
  only display after "Add adjustments" was clicked. We retore
  to display it always. (bug 32746)

* We have several "Fund" pull downs on this page, but they are
  for different things and require different labelling.
  "Fund" was changed to "Shipping fund" which matches at the top,
  but doesn't work for the adjustments table and single adjustment
  form. Now we use "Shipping fund" "Fund" and no label in the table
  as the table header covers it there. (bug 33721)

To test.
  * Add a vendor
  * Receive shipment
  * Add invoice and save
  * Click on "Finish receiving"
  * Verify the button "Update adjustments" appears after clicking
    "Add new adjustment"
  * Verify the button is gone after you clicked it and the table shows
  * Change something in the table - no button to save change :(
  * Apply patch
  * Repeat steps, button "Update adjustments" should not always be
    visible.

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:42 +03:00
2e40b1c356
Bug 30451: DBRev 23.06.00.014
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:41 +03:00
765d3d85b5
Bug 30451: Update FK constraint on aqorders.subscriptionid
This updates the FK constrant from ON DELETE CASCADE to ON DELETE
SET NULL. This means that if a subscription linked to an order is
deleted, we no longer will also delete the order, but we will just
set subscrptinid in the order to NULL. This will avoid data loss
that can cause the budgets/funds not to add up anymore with the
real espenses of the library.

To test:

Preparation:
* Create 2 subscriptions on different records
* Create a new basket
* Use the "order from subscription" functionality to create order
  lines for both of your subscriptions
* Close basket

Without patch:
* Delete the first subscription
* Verify the order line for this subscription is gone from your basket

Apply patch:
* Run database update and restart_all
* Delete the second subscription
* Verify the order line now remained in the basket

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>

JD amended patch: perl tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:40 +03:00
39e6b100cb
Bug 34059: Add only issues from the branch that is creating the notice
Test plan, on k-t-d
1) Go to 'my account' on top right user menu
2) On 'Patron messaging preferences', click 'Edit'
3) On the 'Item due' row, check the 'Email' and 'Digests only' checkboxes and save
4) On the top search bar, press 'Check out' and enter '42' (koha user cardnumber)
5) On the checkout input bar, enter 39999000001372 and press checkout
7) Go to 'Set library' on top right user menu and pick a different library
8) Repeat step 4), then, on the checkout input, enter 39999000004571 and press checkout
9) Verify that this user now has 2 items checked out, from 2 different libraries at /cgi-bin/koha/circ/circulation.pl?borrowernumber=51
9) Run the following 2 queries to force the due_date to be equal to 'today's' date for both issues:
NOTE: change the YYYY-MM-DD below to whatever day it is you're running this test plan

UPDATE issues SET date_due = '2023-06-19 23:59:00' where issue_id = 1;
UPDATE issues SET date_due = '2023-06-19 23:59:00' where issue_id = 2;

10) Run the cronjob:
./koha/misc/cronjobs/advance_notices.pl -c --digest-per-branch

11) Verify that two DUEDGEST notices were created, one per each library, but both notices contain both issues:
SELECT letter_code, time_queued, content FROM message_queue ORDER BY message_id DESC LIMIT 2;

12) Apply patch, then do 10) and 11) again
13) Verify that each notice only contains the issue for its respective library

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Stephen Graham <s.graham4@herts.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:39 +03:00
Katrin Fischer
e88fe2fe60
Bug 34387: (QA follow-up) Fix display of 'Import batches'
Fixes the heading and sidebar display of the 'Import batches'
section.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: I removed the wrongly introduced import_batches.yaml file
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:38 +03:00
ca77df5350
Bug 34387: (follow-up) Minor spelling and quoting fixes
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:37 +03:00
75cff54c53
Bug 34387: Improve API docs naming consistency
This patch aims to make our API docs be more consistent.
It addresses two particular things:

* There's no consistency on the `tags` used across the spec, and not all
  of them are correctly described and have an `x-displayName` entry.
  More on this later.
* This are not sorted either by some for of grouping, or at least
  alphabetically.

For the former, I did my best trying to harmonize (specially on the ERM
front) with what we do in the rest of the use cases.

For the latter, I opted for sorting everything alphabetically, as a
first step. Hoping someone else could work on grouping things.

To test (ON YOUR HOST MACHINE):
1. On current master run:
   $ cd api/v1/swagger
   $ docker run --rm -v $(pwd):/api --workdir /api redocly/cli \
           build-docs swagger.yaml --output index.html
=> SUCCESS: It doesn't break or anything
2. Open your browser, open the generated api/v1/swagger/index.html file
=> FAIL: The left column has
         * several lower case entries
         * not everything is correctly grouped (ERM? packages?)
         * Things are not sorted. There's an attempt but looks messy
3. Apply this patch
4. Repeat 1 and 2
=> SUCCESS: Things look much better!
5. Sign off :-D

CAVEAT1: I'm not sure why, but import_batches doesn't work. Ideas are
welcome, I'll keep looking for fixes.
CAVEAT2: I don't have enough eHoldings background to weight in, but I
feel like 'ERM eHoldings packages' could just be 'ERM packages'.
Follw-up patches with better ideas are welcome.
CAVEAT3: Patron credits, debits, balance... They could all go in to
'Patrons accounts' or similar. Open to ideas.
CAVEAT4: Old redocly didn't support mapping an endpoint to more than one
target section. Something to explore if we want (for example) to reach
'credits' through the 'Patrons' section but also from 'Accounting'.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-15 11:25:35 +03:00
7957368c34
Bug 33117: Make dbrev idempotent
QA didn't spot the issue, nor I. So fixing now.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:09 -03:00
bbe1bffd9e
Bug 33881: Clear self-check JWT during auth kick out
This patch clears the JWT cookie during auth kick out (ie
when a web user navigates from the self-check out/in to
the rest of Koha).

Test plan:
0. Apply patch and koha-plack --reload kohadev
1. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
2. Log in as the "koha" user
3. In another tab, go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=a&weight_search=1
5. Note that you are prompted to "Log in to your account" via the normal Koha prompt
6. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
7. Note that you are prompted to "Log in to your account" within the "Self checkout system",
and note that your self-checkout session for the "koha" user has *not* persisted like
it did before the patch was applied

Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:08 -03:00
6e0afe7b04
Bug 30524: (QA follow-up) Fix tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:07 -03:00
68a03b7f4c
Bug 30524: (QA follow-up) Unit tests for GenerateCSRF()
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:06 -03:00
98a4b52be1
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used
This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:06 -03:00
Michał Górny
3241671cdd
Bug 34023: Prevent HTML injection in "back to results" link from search page
It is possible inject raw HTML into the "Back to search results" link by leading the user to a search with specially crafted URL.

For example, using the demo instance:

1. Visit https://koha.adminkuhn.ch/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1&%22%3Etest%3Ca%20foo=%22

2. Refresh the page (for some reason, "back to results" doesn't appear unless I do that at least once).

3. Click any result.

Note that the result page now contains:

  <a href="opac-search.pl?idx=&amp;q=test&amp;weight_search=1&amp;">test<a foo=%22" title="...

i.e. `">test<a ...` was successfully injected into the HTML.

I'm attaching a quick patch I've used to patch up our instance.  It just indiscriminately URI-escapes all parameter keys.  I didn't decode them back since as far as I understand all valid keys do not contain special characters.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:04 -03:00
043e818176
Bug 22990: (follow-up) Fix suggestion.pl
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:04 -03:00
75d66cd266
Bug 22990: Fix template toolkit syntax issues in shelves_results.tt
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:03 -03:00
30a763a9be
Bug 22990: Fix for shelves table
Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:02 -03:00
Amit Gupta
1a64c1c1db
Bug 22990: Add CSRF protection to boraccount, pay and suggestion
Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Test plan would have been nioe.
Tested by changing MAX_AGE with suggestions.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:01 -03:00
593e1dc584
Bug 34368: Add CSRF token to Content Management pages
This change adds a CSRF token to the Content Management pages
at additional-contents.pl.

Test plan:
0. Apply patch
1. koha-plack --restart kohadev
2. Try to add "News", "HTML customizations", and "Pages".
3. Try to delete these new content entries
4. Note that you were successful in your endeavours

JD amended patch: remove empty line removal (no need to create
unecessary conflicts)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 21:00:00 -03:00
9497556fef
Bug 30524: Unit tests
Test plan:
Run t/Output.t
Run t/db_dependent/Auth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 20:59:59 -03:00
0221fec5ac
Bug 30524: Core CSRF checking code
Split out from bug 22990 as requested.

Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-07 20:59:58 -03:00
2fd6625abc
Bug 28966: (QA follow-up) tmp_holdsqueue no longer an iterator
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-26 17:48:28 -03:00
64d63cba2e
Bug 28966: DBRev 23.06.00.013
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-26 15:41:14 -03:00
40d343ee15
Bug 28966: DBIC schema
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-26 15:41:13 -03:00
c195ffa9b1
Bug 28966: (QA follow-up) Fix failing unit tests
Test Plan:
1) prove t/db_dependent/TestBuilder.t
2) Note tests fail
3) Apply this patch
4) Run updatedatabase.pl
5) Update the schema files ( alias 'dbic' can be used in
   koha-testing-docker )
6) prove t/db_dependent/TestBuilder.t
7) Tests now pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-26 15:41:12 -03:00
328baf44b4
Bug 34258: (QA follow-up) Tidy the test
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-26 11:06:06 -03:00
Andreas Roussos
5d0b4b4433
Bug 34258: update SIP-related unit test
Test plan:

1) Run the updated SIP-related unit test *without* having applied
   the other patch from this bug report -- it should fail:

   $ prove t/db_dependent/SIP/ILS.t

2) Apply the patch that fixes C4/SIP/ILS/Transaction/Renew.pm

3) Re-run the unit test -- it should pass.

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-26 11:06:05 -03:00
Andreas Roussos
54924681d2
Bug 34258: pass an unblessed hash to AddIssue()
In Koha 23.05, we lost the ability to renew an item via SIP2.

The relevant commit is ddc2906b77 from Bug 31735, where the
file C4/SIP/ILS/Transaction/Renew.pm was modified to no longer
pass an unblessed $patron hash to C4::Circulation::AddIssue()

This patch fixes that.

Test plan:

1) Using the SIP emulator, check out an item to a patron, then
   try to renew it. Example commands for a KTD instance:

   $ misc/sip_cli_emulator.pl -a localhost -p 6001 -l CPL -su term1 -sp term1 -m checkout --patron koha --item 3999900000001
   $ misc/sip_cli_emulator.pl -a localhost -p 6001 -l CPL -su term1 -sp term1 -m renew --patron koha --item 3999900000001

   Notice that the second command will fail!

2) Apply this patch.

3) Repeat the 2nd command -- this time the renewal should work.

4) Run the SIP-related unit tests, they should all pass:

   $ prove t/db_dependent/SIP/
   t/db_dependent/SIP/ILS.t .......... ok
   t/db_dependent/SIP/Message.t ...... ok
   t/db_dependent/SIP/Patron.t ....... ok
   t/db_dependent/SIP/SIPServer.t .... ok
   t/db_dependent/SIP/Transaction.t .. ok

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-26 11:06:05 -03:00
54b8a6433a
Bug 28966: (QA follow-up) Remove superfluous joins
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-25 16:25:39 -03:00
bdf5f94bfa
Bug 28966: (QA follow-up) Changes for Koha objects
Trivial edits.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-25 16:25:39 -03:00
96187695d7
Bug 28966: Prefetch patron data for holds queue viewer
Test Plan:
1) Generate the holds queue
2) Load the holds queue viewer page
3) Apply this patch
4) Restart all the things!
5) Reload the page
6) Note nothing has changed

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-25 16:25:38 -03:00
e997b4b3a3
Bug 28966: Add Koha::Object(s) for tmp_holdsqueue
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-25 16:25:38 -03:00
3c90dbcb82
Bug 32739: (follow-up) QA Cleanup
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-07-25 16:25:37 -03:00