Commit graph

46 commits

Author SHA1 Message Date
Marc Véron
1a54f0916e Bug 13910: Prevent delete of one's own patron account
This patch adds a check to prevent deleting the user's own account.
Additionali it fixes a "missing link" in moremember.pl and wrong comparisions in moremember.tt regarding other forbidden deleting.

To test:
- Apply patch
- Create a user with sufficient privileges to delete users
- Log in as this new user
- Try to delete this user. Confirm message box "Are you sure..."
- Confirm that you get a message "Not allowed to delete own account" and that the user still exists.

Bonus test:
Try to trigger other forbidden deletions (see members/deletemem.pl): 'CANT_DELETE_STAFF', 'CANT_DELETE_OTHERLIBRARY', 'CANT_DELETE'
(You can fake it by using an URL like: /cgi-bin/koha/members/moremember.pl?borrowernumber=115&error=CANT_DELETE_STAFF  etc.)
Without patch, no message appears. With patch, messages appear as appropriate.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

NOTE: Attempted all CANT combinations. From reading the code,
this is kind of an important patch, because I'm not sure
deleting error messages work at all right now based on what
I read.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-14 11:45:40 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
Magnus Enger
1be9f1a0e7 Bug 11401: QA followup
1) Be more careful when checking the NorwegianPatronDBEnable syspref.

Before:
if ( C4::Context->preference('NorwegianPatronDBEnable') == 1 ) {

After:
if ( C4::Context->preference('NorwegianPatronDBEnable') && C4::Context->preference('NorwegianPatronDBEnable') == 1 ) {

This should avoid complaints if the syspref is not initialized.

2) Fix some empty =head2 POD sections

3) Fix some indentation in patrons.pref, to make xt/yaml_valid.t happy

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I couldn't find any regressions with adding, editing and deleting members.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-14 09:42:45 -03:00
Magnus Enger
290341d8db Bug 11401: Add support for Norwegian national library card
This patch makes it possible to sync patron data between Koha and the
Norwegian national patron database, in both directions.

In order to use this, the following information is necessary:
- a username/password from the Norwegian national database of libraries
  ("Base Bibliotek"), available to all Norwegian libraries
- a special key in order to decrypt and encrypt PIN-codes/passwords,
  which is only available to Norwegian library system vendors
- a norwegian library vendor username/password

See http://www.lanekortet.no/ for more information (in Norwegian).

While this is of course an implementation of a specific synchronization scheme
for borrower data, attempts have been made to prepare the ground for other sync
schemes that might be implemented later. Especially the structure of the new
borrower_sync table might be reviewed with an eye to how it might fit other
schemes.

To test:

Since the password and cryptographic key needed to use this functionality
is only available to Norwegian library system vendors, only regression testing
can be done on the submitted code. Suggested things to check:

- Apply the patch and make sure the database update is done. This should add
  the new "borrower_sync" table and five new systmpreferences under the
  "Patrons" > "Norwegian patron database" category:
  - NorwegianPatronDBEnable
  - NorwegianPatronDBEndpoint
  - NorwegianPatronDBUsername
  - NorwegianPatronDBPassword
  - NorwegianPatronDBSearchNLAfterLocalHit
- Check that patrons can be created, edited and deleted as usual, when
  NorwegianPatronDBEnable is set to "Disable"
- Check that the new tests in t/NorwegianPatronDB.pm run ok, e.g. on a
  gitified setup:
  $ sudo koha-shell -c "PERL5LIB=/path/to/kohaclone prove -v t/NorwegianPatronDB.t" instancename
- Check that all the other tests still run ok
- Check that the POD in the new files itroduced by this patch looks ok:
  - Koha/NorwegianPatronDB.pm
  - members/nl-search.pl
  - misc/cronjobs/nl-sync-from-koha.pl
  - misc/cronjobs/nl-sync-to-koha.pl
  - t/NorwegianPatronDB.t

Sponsored-by: Oslo Public Library

Update 2014-09-18:
- Rebase on master
- Split out changes to Koha::Schema
- Incorporate new way of authenticating with NL

Update 2014-10-21:
- Rebase on master
- Use Module::Load to load Koha::NorwegianPatronDB in non-NL-specific
  scripts and modules
- Fix the version number of Digest::SHA
- Fix a missing semicolon in kohastructure.sql

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-14 09:42:23 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
fb4025b67b Bug 10277 - Add C4::Context->IsSuperLibrarian()
The method of checking the logged in user for superlibrarian privileges
is obtuse ( $userenv && $userenv->{flags} % 2 != 1 ) to say the least.
The codebase is littered with these lines, with no explanation given. It
would be much better if we had one subroutine that returned a boolean
value to tell us if the logged in user is a superlibrarian or not.

Test Plan:
1) Apply this patch
2) Verify superlibrarian behavior remains unchanged

Signed-off-by: Joel Sasse <jsasse@plumcreeklibrary.net>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Comments on second patch.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-30 15:47:23 +00:00
09b8ce2a5f Bug 10636 - patronimage should have borrowernumber as PK, not cardnumber
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Enable patronimages
4) Verify patron images are still displaying correctly
5) Test deleting a patron image
6) Test adding a patron image from moremember.pl
7) Test adding a patron image from tools/picture-upload.pl

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-14 21:08:02 +00:00
b00ec06968 Bug 10080 - Change system pref IndependantBranches to IndependentBranches
Test Plan:
1) Enable IndependantBranches
2) Apply this patch
3) Run updatedatabase.pl
4) Verify that the system preference still functions correctly

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-22 07:58:23 -07:00
a4e804fceb Bug 9917 - Routing list tab on patron account should depend on syspref/permission
The routing list tab displays on patron pages even if the RoutingSerials
preference is OFF. Display of the tab should be conditional on that pref
being turned on.

This patch adds a check for the RoutingSerials preference to the menu
include files and amends the affected scripts to make the variable
available on the pages where those includes are used.

To test, view the following pages with RoutingSerials both on and off.
The routing list tab should be shown and hidden accordingly:

- Circulation
- Patron details
- Patron fines
- Pay fines
- Pay amount/selected (click from the Pay fines page)
- Create manual invoice
- Create manual credit
- Patron circulation history
- Patron modification log
- Patron notices
- Patron routing lists
- Patron statistics
- Patron files
- Patron permissions
- Set patron password
- "Can't delete patron" page (try to delete a patron with checkouts).

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Touches a lot of files, but only a tiny change in each, works well.
Could perhaps be set in C4/Auth instead, but that's no reason not to
sign off

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-31 08:52:35 -04:00
2dc8a260c5 Bug 7310: Improving list permissions: Deleting patron
Implements following points from the wiki page List permissions:
5) Delete or move list information when deleting a patron.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
2012-03-21 16:47:03 +01:00
Aleksa Vujicic
3982d97af3 Bug 6964 - 'Add child' function should be dependant on system preference 'borrowerRelationship'
The 'Add Child' button is not shown if 'borrowerRelationship' is empty.

System preference description changed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-02 11:36:05 +01:00
f7b3b0c75b Fix for Bug 5029 - Update patron deletion error page
- Styling error message with "dialog alert" class
- Adding sidebar patron details to match other patron pages

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-12-02 09:13:38 +13:00
Matthias Meusburger
6710641eee MT2582: Fix user deletion without permission
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-05-11 08:39:19 -04:00
Donovan Jones
0718cc8b6d Bug 2505 - Add commented use warnings where missing in the members/ directory 2010-04-21 20:19:50 +12:00
Lars Wirzenius
e8df566734 Fix FSF address in directory members/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:55 -04:00
Nahuel ANGELINETTI
86b0f37067 (bug #3284) fix superlibrarian check
This fix the superlibrarian check in the previous fix.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-29 14:27:22 -05:00
Nahuel ANGELINETTI
1be2c411f0 (bug #3284) fix borrower deletion in independantbranches mode
This patch fix the checks deleting a borrower in independantbranches mode.
Now, we check the user and the librarian are from the same branch, else we deny the deletion(and disable the link to delete).

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-06-29 14:27:15 -05:00
Paul Poulain
6924e7d6b4 fix for 2997 : superlibrarian's ability to edit item/patron home branch affected if all other privileges are selected
Before this patch, we used to test for flags == 1, which was wrong when patron had all privileges.
This patch just adds a %2 to check that patron has superlibrarian privilege, and maybe something else we don't care.

I think I fixed it everywhere except in acquisition, that will be addressed by BibLibre new acquisition module.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-28 17:06:46 -05:00
Joe Atzberger
ccb64c18ee Bug 3177 - haspermission offers bogus option
$intflags was never used or returned if hashref instead of userid was passed.
Also cleaned up needless passing of $dbh.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-01 07:16:20 -05:00
Joe Atzberger
c70cd87d54 Bug 2900: fix GetPendingIssues.
GetPendingIssues did several bad things:
~ select * on a 4 table join,
~ including multiple namespace collisions,
~ including large fields marc and marcxml from biblioitems,
~ return ($count, \@array_being_counted).

Not everything is fixed here (see FIXMEs), but the situation is
improved considerably, with bug 2900 resolved.  The "timestamp"
namespace collision in query should be resolved by separate patch.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-01-08 11:08:27 -06:00
Joshua Ferraro
37ca0cac1f fix for bug 1697, as well as repairing inability to change category to Staff
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-04 21:30:25 -06:00
Ryan Higgins
a2a234a1e1 Able to call haspermission w/o $dbh, and add error msg on deletemember.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-12 08:02:52 -06:00
Ryan Higgins
7e5eb3846e Adding in permission blocks for staff members as per previous commits.
Much of this is repeat of previous commits, and then some to finish off.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-12 08:02:00 -06:00
Ryan Higgins
ac12ba03fb Able to call haspermission w/o $dbh, and add error msg on deletemember.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-05 15:41:10 -06:00
Ryan Higgins
16c5d8b0ce Adding in permission blocks for staff members as per previous commits.
Much of this is repeat of previous commits, and then some to finish off.

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-05 15:41:04 -06:00
Chris Cormack
edee16037d Uncommenting delete code as deleting now works fine
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-04 10:07:51 -06:00
Chris Cormack
4a373f27b0 Fix for bug 1575
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-02 16:15:57 -06:00
Chris Cormack
606ecb532a Patch from Joe Atzberger to remove $Id$ and $Log$ from scripts
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-18 16:27:04 -05:00
toins
8a5a39a034 syspref already writed in Auth.pm 2007-07-10 15:18:27 +00:00
rangi
c75b84fac7 Fix for bug 1365 2007-07-02 00:38:17 +00:00
hdl
a171035f1d GetBorrowerIssues is deleted from C4::Circulation
Use GetPendingIssues from C4::Members instead.
2007-04-25 14:07:34 +00:00
hdl
100e6a9808 functions that were in C4::Interface::CGI::Output are now in C4::Output.
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
2007-04-24 13:54:28 +00:00
hdl
0b66bd800d Code Cleaning Members.
- checkaccount and getborraccountno => GetBorrowerAcctRecord

Many changes in names,
some changes in function signature.
Will be detailed in a mail to kohadevel.
2007-04-23 13:10:07 +00:00
tipaul
7bd99ef365 removing all useless %env / $env 2007-04-18 17:00:14 +00:00
tipaul
c596d55374 HUGE COMMIT : code cleaning circulation.
some stuff to do, i'll write a mail on koha-devel NOW !
2007-04-04 16:46:22 +00:00
tipaul
a3999812e6 rel_3_0 moved to HEAD 2007-03-09 14:52:58 +00:00
toins
cc9524a875 Head & rel_2_2 merged 2006-07-04 14:36:51 +00:00
btoumi
72363f4a1e updatedatabase.pl: add change of borrowers table to deletedborrowers table
deletemem.pl: delete use of warn function
2006-06-16 09:45:02 +00:00
btoumi
743fb92ee9 bug fix:
deletemem.pl:
 syntax error in sql request ( bad field name)
memberentry.pl
syntax error (bad variable name)
2006-06-06 16:18:00 +00:00
tipaul
b38997925f big commit, still breaking things...
* synch with rel_2_2. Probably the last non manual synch, as rel_2_2 should not be modified deeply.
* code cleaning (cleaning warnings from perl -w) continued
2005-10-26 09:11:02 +00:00
hdl
8a87b560ac Fixing bug in deletemem.pl :
flags verification was not good.

Adding branch Independancy management.
In memberentry.pl and deletemem.pl
2005-07-29 16:12:53 +00:00
oleonard
f1264c2ecf Adding member number to template so that template can show link back to patron record 2004-10-27 15:33:55 +00:00
tipaul
6763e2a764 templating deletemember impossible when issues/debts/guarantees 2004-10-05 08:59:56 +00:00
tipaul
a0b7a81f14 fixing redirection after member deletion (due to script move to members/ ) 2004-09-20 13:21:12 +00:00
tipaul
2951d20c69 moving members related scripts to "members" directory 2004-03-10 15:10:45 +00:00
Renamed from deletemem.pl (Browse further)