Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the admin folder are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I think the "breadcrumbs" ID is worth saving for past and future CSS
customization reasons.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Modified breadcrumbs to be accessible, in particular for a
screen-reader.
Made the block of breadcrumbs be a <nav aria label="Breadcrumb"
class="breadcrumb"> with an ordered list inside. The last breadcrumbs
also has aria-current="page" to specify that it is the current page.
To test:
1) Apply patch
2) Build scss file
3) Ensure each of the files in the admin folder has breadcrumbs that are
in a <nav aria label="Breadcrumb" class="breadcrumb"> block
4) Ensure that there is an ordered list in the block of breadcrumbs
5) Ensure that the last breadcrumb has aria-current="page"
6) Ensure that the breadcrumbs on each page of the staff client
belonging to these files look the same as before, but the '>' symbol
is replaced with '/' and the last breadcrumb has bold text
7) Ensure that when the last breadcrumb is clicked it takes you to the
page you are currently on
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To be consistent with the formatting of the Tools module this patch removes
full stops from administration descriptions.
To test:
1) Go to Administration module and note inconsistent use of full stops
2) Apply the patch
3) Go to Administration module and note absence of full stops on
descriptions
Sponsored-by: Catalyst IT
Signed-off-by: Lisette Scheer <lisettes@latahlibrary.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch introduces a way to define SMTP servers either globally or
per-library.
To test:
1. Apply this patch
2. Find the SMTP servers entry in the admin page
3. Play with adding/removing SMTP servers
=> SUCCESS: All works as expected
4. Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch moves the OPAC problem report management page from the
Administration section to the Tools section.
I think this makes sense because management of reports is an ongoing
task, not a configuration.
To test, apply the patch and enable the OPACReportProblem system
preference.
- Go to Administration. There should be no link to OPAC problem
reports.
- Open an administration page which shows the Administration menu in
the left-hand sidebar, e.g. Libraries. There should be no link to
OPAC problem reports in the menu.
- Go to Tools. There should be a link to OPAC problem reports in the
"Addional tools" section.
- Open the OPAC problem reports page and confirm that it works
correctly.
- The breadcrumbs menu should show "Tools > OPAC problem reports."
- Confirm that the link in the sidebar menu works correctly.
- If necessary, submit an OPAC problem report via the OPAC so that
there is a pending report. Go to the staff interface home page and
check that the "OPAC problem reports pending" link works correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a new 'UseIssueDesks' preference which defaults to
"Don't use" to enabled/disable the 'Desks' functionality added with this
bug.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1 - Set SearchEngine syspref to Zebra
2 - Be a user with permission to manage search engine configuration (manage_search_engine_config)
3 - Confirm you do not see 'Search engine configuration' on Admin main page
4 - Apply patch
5 - Confirm you see it with '(Elasticsearch)' appended
6 - Be a user without above permission
7 - Confirm you cannot see the 'Search engine configuration'
8 - Confirm you cannot access directly:
/cgi-bin/koha/admin/searchengine/elasticsearch/mappings.pl
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
- Branchcode = Library
- Desk id = Desk ID
- Show library name on desk list and when deleting desk instead of code
- Some small changes to the database documentation.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Add a desk and linked it to a library (branch). That's it. In the
future it'll have super features like being able to link waiting
reserve to a specific desk.
Test plan:
1. go to the administration page and notice there isn't any mention of
desk whatsoever
2. apply patches
3. ./installer/data/mysql/updatedatabase.pl
4. prove t/db_dependent/Koha/Desks.t
5. you now have desks links in admin-home and admin-menu
6. click the link
7. add a desk
8. add another one
9. delete one
10. you should have a fair list of all current desks defined
11. Done
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1) Go to Administration
2) Notice neither of the syspref search bars are focussed so you have to
click inside one to begin searching
3) Apply patch and refresh page
4) Notice the header syspref search bar is now focussed so you can begin
typing straight away
Sponsored-by: Catalyst IT
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
It is the same as for debit types.
It adds a new column `archived` in table `account_credit_types` that has
the same purpose than `account_debit_types.archived`
Test plan:
0. Apply patch && run updatedatabase && update_dbix_class_files
1. Go to Admin » Credit types
2. Add a new credit type, give it a code and a description and check
'Can be manually added'
3. Go to a patron's accounting section, 'Create manual credit' tab
4. Verify that the new credit type appears
5. Return to Admin » Credit types and archive the credit type
6. Verify that the new credit type is not available anymore in 'Create
manual credit'
7. Restore the credit type and verify that it is available again
8. Create a manual credit with the new credit type
9. Go to Reports » Cash register and make sure you can find the
transaction by filtering on transaction type
10. Edit the new credit type and set some library limitations, make sure
that the credit type doesn't appear if you're connected to a library
you didn't selected, and that it appears if you're connected to a
library you selected.
Note to QA team:
The change in Koha/Account.pm, I added it because otherwise Koha died
when adding a manual credit with a custom type.
In that case, offset type will default to 'Manual Credit'. I'm not sure
if that is the best thing to do. I'm open to suggestions :)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch updates the admin menu include and admin home page to reflect
the updated permissions name for cash registers
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch changes "HEA" (incorrectly capitalized) to "Hea" on the
staff client administration home page.
To test, apply the patch and set the "UsageStats" system preference to
"No, let me think about it."
- Go to Administration in the staff client.
- There should be a message at the top asking if you want to share
anonymous usage statisitcs with the community. The word "Hea" in this
message should be capitalized correctly.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
1) Go to admin home, note there is new Debit types page in Accounting
section
2) Go to any other admin page and confirm there is link to Debit types
in the admin menu as well
3) Go to Debit types page
4) You should see a datatable listing existing debit types, ensure they
are working as expected.
5) Try to create, edit and delete some debit types. Note: Some debit
types cannot be deleted as they are needed for koha functionality.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Add in administrative interfaces to allow the management of cash
registers.
Test plan:
1) Enable the use of cash registers by setting 'UseCashRegisters' to
'Do'
2) Check that the 'Accounts > Manage cash registers' option now appears
in the 'Administration' area.
3) Click through to 'Manage cash registers' and note the message
suggesting you add your first register
4) Add you're first cash register
5) Note that the message has now been replaced by a table of cash
registers including the one you have added in the previous step.
6) Edit the cash register created in step 4 and note that the table
reflects the changes
7) Signoff
Sponsored-by: PTFS Europe
Sponsored-by: Cheshire Libraries Shared Services
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Agustin Moyano <agustinmoyano@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Right now, to check if a plugin is functional and what methods it exposes we load the module and test for a given method at run time. This is highly inefficient. It makes far more sense to do this at install time and store the data in the db. I believe we should store a table of methods that each plugin exposes and check that instead. Then, at install time we can test that a) the plugin can be loaded and b) add the available methods to the plugin_methods table.
Test Plan:
1) Apply this patch
2) Restart all the things
3) Run updatedatabase.pl
4) Verify you can use existing plugins
5) Verify you can install new plugins
Signed-off-by: Agustin Moyano <agustinmoyano@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Removed comma from description.
Test plan:
1. Go to Admin homepage
2. Check Classification Sources description
3. Verify that comma after i.e. has gone removed
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Fixes 2 typos.
Test:
- Review patch
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Move to admin
Add a permission
Remove descriptions from table
Clean up template
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Have three borrowers, one with order_manage permission, one with
edit_subscription permisson, andone with both
2 - Apply patch, updatedatabase
3 - Verify all three now have the manage_additional_fields permission
4 - Visit the admin page with these users, they should all see the
'Manage additional fields' link
5 - Click the link
6 - User with order_manage should see 'Order baskest'
7 - User with edit_subscription should see 'Subscriptions'
8 - User with both should see both
9 - Remove the additional permissions from a user - they should see a
note about needing additional permissions
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This also moves the admin page for additional fields for all tables to a
single common screen, and factors out display/input parsing logic.
Test plan:
1. Create an additional field for a subscription (under Serials -> Add
subscription fields).
2. Apply patch.
3. Visit Additional fields under administration, and verify that
the field created above still shows under the list for the
subscription table.
4. Create at least four fields for aqbasket for each combination of
searchable/not-searchable and with/without an authorized value.
5. Create an order basket, and verify that all fields are visible and
correctly save.
6. Edit the basket, verifying that changes to these additional fields
are saved.
7. Add an order to the basket (contents are irrelevant).
8. Go to advanced search within acquisitions.
9. Verify that only the searchable fields show in the form, and that
their contents may be searched.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a separate permission for managing Mana KB.
To test, apply the patch and update the database.
- Open the permissions page for a patron with staff client privileges
- Confirm that there is a "Manage Mana KB content sharing
(manage_mana)" permission.
- Leaving this new permission unchecked, log into the staff client
with as that patron and go to the Administration home page.
- The "Using Mana-KB" link should not appear.
- Navigate directly to /cgi-bin/koha/admin/share_content.pl. You
should get a "permission denied" message.
- Modify the patron's permissions to grant them access to Mana KB.
- Confirm that the link now appears on the Administration home
page and that the user can access the page.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes language changes to the Mana KB administration
template, and corresponding language changes to the Web Services
preference file.
Some markup errors have been fixed:
- Correct title and breadcrumbs, copied and pasted from another
template
- Add ids to form fields to match their label "for" attributes
- Make <input>s self-closing
- Correct class names on alert dialogs
- Wrap text in JavaScript with _() to make it translatable
Also changed: Some language revisions to the Mana dialogs on the
Administration home page.
To test, apply the patch and go to Administration -> Share content with
Mana KB.
Test the process for enabling and configuring Mana KB. Check that
forms work correctly and that the language of instructions and labels
reads well.
Go to Administration -> System preferences -> Web services, and confirm
that the language changes to the Mana KB preference look good.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This adds the "No, let me think about it" option.
It is the default option. If the Mana system preference
is set to "No, let me think about it", the user is warned
on the admin home page that he has not decided yet to use
or not Mana knowlegde base.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Includes:
* code factorization
Some code from subscription & Mana-KB has been factorized in order to speed-up next developments
* SytemPreferences:
Mana Activation:
- add a value "no, let me think about it", that is the default value.
- as long as this value is selected, messages ask if user want to activate it ( in Administration and Add-subscription(page 2) )
AutoShareWithMana
- Add the syspref AutoShareWithMana: user can automatically share infos with Mana-KB (not set by default)
* Interface :
- On mana-search, rows are now sorted by date of last import, then by number of users
- Windows redesigned to improve the user experience
* New Feature : report a mistake.
- people can now report an invalid data (wrong, obsolete,...)
- if a data is reported as invalid many time, it will appear differently
- Added few tooltip (to explain the fields last import, nb of users, to explain the new feature)
- When reporting a data as invalid, a comment can also be added. Koha will then display comments related to data in result lists
* API (svc/mana)
- add svc/mana/addvaluetofield: allows to ask mana incrementing a field of a resource
- no hardcoding for resources in the code of api (api needs to be called with a ressourcename)
* New feature : SQL report sharing
- Create Koha::Report.pm and Koha::Reports.pm, objects class for Reports
- New feature: share reports with Mana-KB
- New feature: search report in Mana-KB with keywords
- New feature: load reports from Mana-KB
Test plan:
1 - Apply Patch + update database
2 - Copy the three lines about mana config in etc/koha-conf.xml in ../etc/koha-conf.xml (after <backupdir> for example)
<!-- URL of the mana KB server -->
<!-- alternative value http://mana-test.koha-community.org to query the test server -->
<mana_config>https://mana-kb.koha-community.org</mana_config>
3 - Check Mana syspref and AutoShareWithMana syspref are not activated
4 - Search the syspref ManaToken and follow the instructions
5 - subscriptions
- Try create a new subscription for a first serial => Mana-KB shouldn't show you anything (except if the base hase been filled)
- Share this serial with Mana-KB (on the serial individual's page there must be a Share button)
- Try to create a new subscription for serial nr1 => a message should appear when you click on "next", click on "use", the fields should automaticaly appear
- Activate AutoShareWithMana => Subscriptions
- Create a new subscription for a second serial
- There shouldn't be any Share button
- Create a second subscription => the message should appear, click again on use
6 - SQL Report
- Create a new SQL report, without notes.
- On the table with all report (reports > use saved), there should be the action "Share"
- If you click on share, you have an error message
- Create a new report, with a title and notes longer than 20 characters
- You can share it with mana => you will have a success message
- On (report > use saved), there must be a message inviting you to search on Mana-KB for more results, enter a few word from title, notes, type of the report you shared, it should appear. You can use it, it will load it into your report list.
7 - Report mistakes.
- On any table containing Mana-KB search results, you can report a mistake and add a comment.
8 - For each previous test, try to send wrong data, to delete the security token, to send nothing: it should show a correct warning message.
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Rebased-by: Alex Arnaud <alex.arnaud@biblibre.com> (2018-07-04)
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Currently the call number splitting seems to be mostly implemented for
DDC and LC classifications.
Those are both not very common in some countries.
A lot of libraries use their own custom classification schemes so the call number
plitting is something that should be individually configurable.
This enhancement adds the ability to define custom splitting rules based
on regular expressions.
How does it work so far?
From C4/Labels/Label.pm there are 3 differents splitting methods defined, depending on items.cn_source.
if cn_source is "lcc' or 'nlm' we split using Library::CallNumber::LC
if cn_source is 'ddc' we split using a in-house method
Finally there is a fallback method to split on space
And nothing else is done for other cn_source
The idea of this patch is to mimick what was done for the "filing rules" and add
the ability to define "splitting rules" that will be used by the "Classification sources".
A classification source will then have:
* a filing rule used to sort items by callnumbers
* a splitting rule used to print labels
To acchieve this goal this enhancement will do the following
modifications at DB level:
* New table class_split_rules
* New column class_sources.class_split_rule
Test plan:
* Execute the update database entry to create the new table and
column.
I. UI Changes
a) Create/modify/delete a filing rule
b) Create/modify/delete a splitting rule
c) Create/modify/delete a classification source
=> A filing rule or splitting rule cannot be removed if used by a
classification source
II. Splitting rule using regular expressions
a) Create a splitting rule using the "Splitting routine" "RegEx"
b) Define several regular expressions, they will be applied one after
the other in the same order you define them.
Something like:
s/\s/\n/g # Break on spaces
s/(\s?=)/\n=/g # Break on = (unless it's done already)
s/^(J|K)\n/$1 / # Remove the first break if callnumber starts with J or K
c) You can test the regular expressions using filling the textarea with
a list of callnumbers. Then click "Test" and confirm the callnumbers are
split how you expected.
d) Finally create a new classification source that will use this new
splitting rule.
III. Print the label!
a) Create a layout. It should have the "Split call numbers" checkbox
ticked, and display itemcallnumber
b) Use this layout to export labels, use items with different
classification source ('lcc', 'ddc', but also the new one you have
create)
=> The callnumbers should have been split according to the regex you
defined earlier!
Notes:
* The update database entry fill the class_sources.class_split_rule
with the value of class_sources.class_sort_rule
If default rules exist it will not work, we should add a note in the
release notes (would be enough?)
* C4::ClassSplitRoutine::* should be moved to Koha::ClassSplitRule,
but it sounded better to keep the same pattern as ClassSortRoutines
* Should not we use a LONGTEXT for class_split_rules.split_regex instead
of VARCHAR(255)?
* class_sources.sql should be filled for other languages before pushed
to master!
IMPORTANT NOTES: The regular expressions are stored as it, and eval is
used to evaluate it (perlcritic raises a warning about it (Expression
form of "eval"). It can lead to serious security issues (execution of
arbitrary code on the server), especially if the modifier 'e' is used.
We could then remedy the situation with one of these following points:
- Assume that this DB data is safe (We can add a new permission?)
- Assume that the data is not safe and deal with possible attack
Cons: how be sure we are exhaustive? Making sure it matches ^s///[^e/]*$
would be enough?
- Use Template Toolkit syntax instead (Really safer?)
[% callnumber.replace('\s', '\n').replace ... %]
- Cut the regex parts: find, replace, modifiers
like we already do for Marc modification template. Cons: we are going to
have escape problems, the "find" and "replace" parts should not be
handle the same way (think "\n", "\\n", "\1", "\s", etc.)
I did not manage to implement this one easily.
Sponsored-by: Goethe-Institut
Signed-off-by: Christian Stelzenmüller <christian.stelzenmueller@bsz-bw.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
So far the administration module only allowed for 2 permissions:
- circulation conditions (manage_circ_rules)
- everything else (parameters_remaining_permissions)
With this patch almost every section of the administration page
will have its own granular permission.
To test:
- Create different staff users:
1) One with parameters_remaining_permissions
2) One with parameters
3) One with catalogue and no parameters
4) One superlibrarian
- Apply the patch
- Run the database update
- Check the staff users:
1) All subpermissions, but manage_circ_rules
should be checked
2) Nothing should have changed
3) manage_item_serach_fields shoudl be checked
(page had catalogue permission before)
4) Nothing should have changed
- Try different settings of the permissions and
verify that
- Administration page behaves correctly
- Administration menu behaves correctly
! You shoudl only see what you have permission for
https://bugs.koha-community.org/show_bug.cgi?id=14391
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
At the moment staff users need parameters or parameters_remaining_permissions
in order to be able to change exchange rates for acquisition orders.
This patch adds a new separate permission currencies_manage and
updates staff users currently having those permissions to get the
new permission as well.
To test:
- Create some staff users with different permission sets
1) superlibrarian
2) parameters
3) parameters_remaining_permissions
4) manage_circ_rules, but not parmeters_remaining_permissions
5) all acquisition permissions
- Apply patch and run database update
- Verify new permission has been added and staff users updated
1) remains the same
2) + 3) will have currencies_manage
4) remains unchanged, doesn't have new permission
5) remains the same, will have access now because of having
the top level acquisition permission
- Verify the changed pages work correctly:
- navigation on admin home page
NOTE: the acquisition parameters section will now honor all
different related permissions (edi_manage, budget_manage,...)
- navigation on acquisition home page
- try to access currencies page directly
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates various unrelated templates to use the Bootstrap
grid.
- about.tt - The about page
- auth.tt - The login page
These pages should look correct.
- reports/reports-home.tt - The reports home page
- admin/admin-home.tt - The administration home page
These pages should look correct, with a single centered column
with wide margins on either side. At lower browser widths the margins
should disappear.
- serials/subscription-add.tt - Serials -> Add subscription. The entry
form should look correct during each step of the add/edit process.
- suggestion/suggestion.tt - Acquisitions -> Suggestions -> New
suggestion. The page with the new suggestion form should look correct.
Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a check in admin-home.pl to see whether plugins are
enabled. If plugins are disabled, the link to plugins management is
hidden even if the user has plugin management permission.
To test, view the administration home page with plugins enabled and
disabled via the enable_plugins flag in the Koha configuration file.
Also test using users with different plugins permissions:
- Plugins enabled
- CAN_user_plugins = 1
-> Plugins link appears
- CAN_user_plugins = 0
-> Plugins link hidden
- Plugins disabled
- CAN_user_plugins = 1,
- CAN_user_plugins = 0
-> Plugins link hidden
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test Plan:
1) Apply this patch set
2) Note your existing search groups have been ported over to the new
__SEARCH_GROUPS__ group if you had any
3) Create the group __SEARCH_GROUPS__ if one does not already exist
4) Add some first level subgroups to this group, add libraries to those groups
5) Search the library group searching in the intranet and opac
6) Note you get the same results as pre-patch
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
