Commit graph

1728 commits

Author SHA1 Message Date
6b75e5b478 Bug 18349: $borrower is a hashref
I guess this code was never called before...

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-12 18:47:01 +00:00
85bd15a83f Bug 18349: SCO - Do not trust the confirmed flag
The "confirmed" flag is used to know if that user confirmed a situation
that needs a confirmation.
But if the issue/renew is impossible the CanBookBeIssued and the
'impossible flags' should be checked.

Otherwise a patron can checkout and renew bypassing the circulation
rules (Understand 'no limit' here...)

Test plan:
Want to renew?
Checkin $barcode, then
/cgi-bin/koha/sco/sco-main.pl?patronid=$cardnumber&barcode=$barcode&confirmed=1&op=checkout

Want to bypass the checkin?
Same url...

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-12 18:47:01 +00:00
60ba1bf5dd Bug 17825: Remove the use of AttributeTypeExists from opac-user.pl
With the introducion of Koha::Object-based
Koha::Patron::Attribute::Type(s) there's no need for using this
function.

This patch replaces it with a regular ->search + ->count call.

To test:
- Have a user with checkouts logged into the OPAC on the opac-user.pl
page
- Set the SHOW_BCODE attribute to 'no' on the staff interface for the
user.
- Reload opac-user.pl
=> SUCCESS: The barcode is not shown for checked out items.
- Set the SHOW_BCODE atttribute to 'yes' on the staff interface for the
user.
- Reload opac-user.pl
=> SUCCESS: The barcode is shown for checked out items.
- Delete the Patron attribute type SHOW_BCODE
- Reload opac-user.pl
=> SUCCESS: No barcode is shown for checked out items
- Sign off :-D

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:37:20 +00:00
Luke Honiss
39bcba540a Bug 17945 - Breadcrumbs broken on opac-serial-issues.pl
==TEST PLAN==
1) Make a subscription with a record
2) Search and view the record in OPAC
3) Click on the subscription tab and click more details
4) The breadcrumb will say 'Detals for' without the record name
5) Apply patch
6) Refresh the page
7) The breadcrumb will display the name of the record

(fixed small error)

Signed-off-by: Sonia BOUIS <sonia.bouis@univ-lyon3.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:57:59 +00:00
c2c3c11005 Bug 14365 - Populate never used saved_sql column last_run when execute_query is called
Signed-off-by: Cab Vinton <director@plaistowlibrary.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:54:22 +00:00
Aleisha Amohia
14814bc9a6 Bug 17946: Show number of subscriptions on tab in OPAC record details
This patch removes some duplicate code.

To test:
1) Edit at least one subscription (or add a new one) to have a record
2) Find that record on the OPAC
3) Confirm that the Subscriptions tab reads the correct number of
subscriptions attached to the record

Sponsored-by: Catalyst IT

Signed-off-by: JMBroust <jean-manuel.broust@univ-lyon2.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:49:49 +00:00
0509d427b9 Bug 17560: Improve strenght of hold existence test
This patch is a QA follow-up to fix several issues:
- 1 call to GetReserveFee was wrong in ModReserveFill
- Update DB entry was wrong and insufficient
- Add robustness to the tests in sco-main

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:06:05 +00:00
164db2833e Bug 17560: Add a message when a patron checking in using the self checkout
Sponsored-by: Cheshire Libraries

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:06:04 +00:00
e83d92a713 Bug 17736: Fix typo ->new vs ->next
while ->new is terrible, let's call that a typo...

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
opac-detail works again !

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:04:17 +00:00
87afa5142b Bug 17736: Replace GetReservesFromBiblionumber with Koha::Biblio->holds
The C4::Reserve::GetReservesFromBiblionumber took 3 parameters, the
biblionumber, an optional itemnumber and a "all_dates" flag.
If set, the subroutine returned all the holds placed on a given bibliographic
record, even the ones placed in the future. Almost all of the calls had this
flag set, they will be replaced with a call to Koha::Biblio->holds.

But 5 did not have it:
- C4::Biblio::DelBiblio
-tools/batch_delete_records.pl
=> These 2 were wrong, we want to retrieve the holds to cancel them
before deleting the record. We need to get all the holds, even the ones
placed in the future /!\ CHANGE IN THE BEHAVIOR

- acqui/parcel.pl
=> 1 call per item were made to this subroutine. They have been replaced
with only 1 call to the new method Koha::Biblios->holds_placed_before_today
Then we filter on the itemnumbers.
I think this is wrong: we need the number of holds to know if the record
can be deleted, so even if future holds exist, the deletion should not
be possible.

- serials/routing-preview.pl
- C4::ILSDI::Services::GetRecords
- C4::SIP::ILS::Item->new
=> Seems ok, we just one to display holds placed before today

Test plan:
I would suggest to test this patch with patches from bug 17737 and bug 17738,
to place different kind of holds (biblio and item level, future and
past).
Then do a whole workflow to detect bug, view a record, delete record,
order, place a hold on an item which has been ordered, etc.
The hold's informations should always be the same without or without
these patches.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:02:14 +00:00
d420e6ae21 Bug 17844: Replace C4::Koha::get_notforloan_label_of with Koha::AuthorisedValues
This patch is more a bugfix than a refactoring.
Indeed the C4::Koha::get_notforloan_label_of behaviors were buggy:
1/ It does not display the opac description at the OPAC, but always the
staff description
2/ It does not care of the framework of the biblio, but retrieve the
first row of the marc_subfield_structure mapped with items.notforloan

These 2 bugs can easily be fixed using the
Koha::AuthorisedValues->search_by_koha_field

Steps to recreate the issues:
- Create 2 authorised value categories for not for loan (NFL1 and NFL2)
with the same values. Define a different description for the OPAC.
- Define link 952$7 to NFL1 for the default framework and to NFL2 for
the BK framework
- Create 2 bibliographic records (B1 using NFL1 and B2 using NFL2) with
2 items each (1 item should have a not for loan value)
- Go to the "Place a hold" view for this record.
- In the item list, you should see the not for loan value
=> The staff description of NFL1 will always be used, even for the OPAC

Test plan:
- Recreate the issues without this patchset
- Apply this patchset
- Recreate the steps to recreate the issues
=> The staff description of NFL2 should be displayed for the B2 item
=> The opac description of NFL2 should be displayed for the B2 item at
the OPAC

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 10:11:08 +00:00
574d48362d Bug 18124: Change the calls to generate and check CSRF tokens
The parameter change in Koha::Token should be applied to the calling
scripts.

Test plan:
Confirm that the different forms of the scripts modified by this patch
still work correctly.

Test the problematic behavior:
Open 2 tabs with in same user's session, go on the edit patron page
(memberentry.pl).
Log out and log in from the other tab.
Submit the form
=> Wrong CSRF token should be raised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-30 09:07:09 +00:00
e06c193187 Bug 13757: (QA followup) Filter out non-editable params before storing
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:45:22 +00:00
ec9ac4d7b9 Bug 13757: (QA followup) Exclude empty attributes from rendering if non-editable
In self registration opac displayable (and not editable) attributes are
displayed as empty. This an empty value is passed to the template for
creating an empty input and it shouldn't when the attribute is not
editable.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:45:21 +00:00
e63e4bb35a Bug 13757: (QA followup) Fix non-editable attrs on failed save
When a field is not editable but displayable in the OPAC, and you submit
an incomplete/wrong update, those attributes are displayed as empty.

This patch fixes that.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:45:14 +00:00
c44a377d9c Bug 13757: (QA followup) Make opac-memberentry.pl handle attrs deletion
The original code on this bug skipped empty-valued attributes. But
emptying attributes is the only way to tell the controller script that
the user wants to delete them.

This patch makes opac-memberentry.pl check the existence of attributes
sharing the code of the empty for the given patron, and it stores the
deletion on the Koha::Patron::Modification as needed. Otherwise
deletions got skipped.

To test:
- Verify setting/deleting attributes that are opac-editable and verify
the results are sound.

https://bugs.koha-community.org/show_bug.cgi?id=13737

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:45:13 +00:00
925e664f42 Bug 13757: (followup) Staff interface changes
This patch adds proper extended attributes display and handling on the
patron modifications moderation page (members-update.pl).

It also adds changes checking to the opac-memberentry.pl page so it
only saves a modification request if there are changes (it only checked
regular fields and not the extended ones).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:44:59 +00:00
bfa3f41032 Bug 13757: (followup) Remove warnings
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:44:58 +00:00
01506e0195 Bug 13757: Add extended attributes to the patron modification
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:44:57 +00:00
Jesse Weaver
0a40e0c60f Bug 13757: OPAC changes
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-24 18:44:54 +00:00
Liz Rea
eaa9882dd1 Bug 14764 - [followup] Addressing QA concerns
* removed Policy:
* put the syspref in alpha order with the others
* added els to the if.

Signed-off-by: Baptiste Wojtkowski <baptiste.wojtkowski@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:27:52 +00:00
Liz Rea
c6ea593971 Bug 14764: OPAC news selector
Test plan:

1) Add more than one library, at least two in total is needed. Make note
   of which is your current user's home branch.
2) Go to Tools -> News and add one global ("All") news item and one
   specific for each branch.
3) Apply the patches.
4) Perform database upgrades when you log in.
5) Go to OPAC main, it should work as before: Showing global news as
   well as the news for your home branch once logged in.
6) Go to System Preferences -> OPAC and set 'OPACNewsBranchSelect' to
   yes.
7) Go to OPAC main, you should see the global news item plus any items
   for your home branch for the current user if logged in.
8) Above the news, you will see a dropdown that lists the branches.
   Select one, and click "Change library."
9) You should now see global news and the news for the selected branch,
   regardless of whether logged in or not.

Sponsored-By: Halland County Library

Fixes QA comments:

* Keep the current selected branch selected

* Change OPACNewsBranchSelect -> OPACNewsLibrarySelect

* fix 'system wide only' view for logged in user. We still show system
  wide even when a library is selected.

* Removed the "change library" link

* Added a label to the field.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Zeno Tajoli <z.tajoli@cineca.it>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:27:51 +00:00
ff647be07c Bug 18169: Make 'before' param non mandatory for Koha::Patrons->anonymise_issue_history
From opac-privacy.pl:

    # delete all reading records for items returned
    # uses a hardcoded date ridiculously far in the future

    my $rows = eval {
        Koha::Patrons->search({ 'me.borrowernumber' => $borrowernumber })->anonymise_issue_history( { before => '2999-12-12' } );
    };

It sounds better to make this before parameter not mandatory, and remove the condition from the sql query if it is not passed.

Test plan:
1. Anonymise your reading history at the OPAC.
2. Confirm that all your reading history has been anonymised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:16:54 +00:00
9b92a494e6 Bug 18037: Hold notes template cleanup (from 15545)
From the second patch of bug 15545:
Removing some unused template code related to a former approach.
Adding some changes for future extension by bug 15545.

This patch was tested by Liz Rea when the routine IsHoldNoteRequired was
called by opac-reserve.pl. The only change here is that we do not yet
call this routine; so leaving her original signoff.

Test plan:
[1] Enable OPACHoldNotes.
[2] Place a hold on a serial record. No behavior change.

Signed-off-by: Liz Rea  <liz@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:11:00 +00:00
b4cd5faeb0 Bug 16966: move parameters to hashref
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 17:20:05 +00:00
286be46e8a Bug 16966: Koha::Patrons - Move GetBorrowersWithIssuesHistoryOlderThan to search_patrons_to_anonymise
The C4::Members::GetBorrowersWithIssuesHistoryOlderThan subroutine is supposed
to return the patrons with an issue history older than a given date.

It would make more sense to return a list of Koha::Patrons.

On the way, the code from AnonymiseIssueHistory will be moved as well to
anonymise_issue_history.

Note that these 2 subroutines are strongly linked: one is used to know the
number of patrons we will anonymise the history, the other one is used to
anonymise the issues history. The problem is that the first one is not used to
do the action, but only for displayed purpose.

In some cases, these 2 values can differ, which could be confusing.
Case 1:
The logged in librarian is not superlibrarian and IndependentBranches is set:
if 2+ patrons from different libraries match the date parameter, the interface
will display "Checkout history for 2 patrons will be anonymized", when actually
only 1 will be.
Case 2:
If 2+ patrons match the date parameter but one of them has his privacy set to
forever (privacy=0), the same issue will appear.

This patch moves the code from C4::Members::GetBorrowersWithIssuesHistoryOlderThan
to Koha::Patrons->search_patrons_to_anonymise and from
C4::Circulation::AnonymiseIssueHistory to
Koha::Patrons->anonymise_issue_history

Test plan:
1/ Confirm the 2 issues and make sure they are fixed using the Batch
patron anonymization tool (tools/cleanborrowers.pl)
2/ At the OPAC, use the 'Immediate deletion' button to delete all your
reading history (regardless the setting of the privacy rule)
3/ Use the cronjob script (misc/cronjobs/batch_anonymise.pl) to
anonymise patrons.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 17:20:03 +00:00
Kyle M Hall
8255344215 Revert "Bug 12461 - Add patron clubs feature"
This reverts commit 4f1eefdbb8.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-26 20:41:27 -05:00
4f1eefdbb8 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
2017-02-23 19:42:36 +00:00
Srdjan
c7a2ef261e bug_16034 Add overdrive info to the users page in the public interface
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-21 19:58:21 +00:00
Srdjan
88aa2ebf9d bug_16034 Koha::ExternalContent::OverDrive - a wrapper around WebService::ILS::Overdrive::Patron
* Using the upstream module for all the heavy lifting
* opac/external/overdrive/auth.pl - 3-legged authentication handler

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-21 19:58:20 +00:00
61c752a98b Bug 17453: Take into account items that are lost or damaged
If all the items are either lost, damaged or checked out, then pickup
should be allowed.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=14753

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 17:15:07 +00:00
0d55faa9a9 Bug 17453: Allow pickup at a library where all items are checked out
If all items are checked out then it should be possible to select the pickup
library for that record.

Signed-off-by: Janet McGowan <janet.mcgowan@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=14753

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 17:15:06 +00:00
d1d12fc770 Bug 17453: Add exceptions
This patch adds the ability to define patron categories not affected by
the behavior of OPACHoldsIfAvailableAtPickup.
The new pref OPACHoldsIfAvailableAtPickupExceptions get a list of patron
categories (separated by pipes |).

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=14753

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 17:15:06 +00:00
00c5929c1a Bug 17453: Inter-site holds improvement
At the moment users can reserve items and choose any library as a pick up
location, but there is no mechanism to prevent users from reserving items that
are available on the shelf at any given location from reserving the item at the
same location, essentially creating a Fetch and Collect scenario.
This has an impact on staff workloads as they are having to process reservations
and check shelves for items that students can already come and collect from the
open library shelves.
The aim of this enhancement is to decrease the impact on staff workload there
should be a restriction in place that prevents users from requesting items for
collection at a library where the item is currently available.

Implementation:
We first tried to add a new circulation rule adding a 4th
“NotIfAvailableAtPickupLibrary” option to "On shelf holds allowed".
That would make the development more flexible.
But in that case we quickly faced non-trivial problematics:
Let's say you have 3 items I1, I2 and I3. The first one has onshelfholds
set to Yes and 2 others has it set to “NotIfAvailableAtPickupLibrary”.
What would be the expected behavior if a hold is placed at biblio level?
And if a hold is placed at item level for I1?
This second point could be answered by reworking the interface to move
the libraries dropdown list elsewhere (1 list per item) or by adding a
lot of JS code to handle the different situation. But it would be
much more complicated to implement.
So finally I moved back to the simple approach and added a new pref to
handle the behavior globally.

Test plan:
0/ Switch off OPACHoldsIfAvailableAtPickup
1/ Let's say you have 3 libraries L1, L2, L3, create 2 items owned by L1
and L2
2/ Place a biblio level hold. You should only be able to pick it up at
L3
2/ Place a item level hold. You should only be able to pick it up at
L3
3/ Create a third items owned by L3
4/ Now you should not be able to place a hold on this record anymore

Sponsored-by: University of the Arts London

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=14753

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 17:15:05 +00:00
a3d2273b35 Bug 17627: Move C4::Koha::GetItemTypesByCategory to Koha::ItemTypes
C4::Koha::GetItemTypesByCategory can be easily replaced with
Koha::ItemTypes->search({ searchcategory => ? });

So let's replace it where it is used.

Test plan:
Make sure this patch does not break the test plan of bug 10937

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 15:31:32 +00:00
a471ad80bb Bug 18025: Simplify logic and avoid 1 call to ValidateBorrowernumber
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
This is fine with me.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 11:24:39 +00:00
Liz Rea
e87dab6411 Bug 18025 - Expired password recovery links cause sql crash
When a user gets an email, but doesn't act or visit it within two days,
     attempting to create a new one causes a collision. We should just
     delete the old one, assuming they still want to reset their
     password.

To test:
create yourself a borrower with a userid and password.
Attempt a password recovery on the OPAC
update the entry in the database for that user to have an expired token
e.g. update borrower_password_recovery set valid_until = '2017-01-25
03:25:26' where borrowernumber = 12;
Attempt another password recovery operation - should error
apply the patch
Try it again - no error, new token is generated and additional email
with new link is sent.

Issue reproduced - is resolved by patch
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 11:24:39 +00:00
Emma
9081637540 Bug 17134: Replace item types codes with category in facets (opac)
To test:
-Search in OPAC for two or more items
-Note that item types display category codes rather than names
-Make change to file and test in OPAC

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-14 13:55:44 +00:00
cb4fa17a27 Bug 17901: Force context to scalar
See bug 15809 for more references.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-30 11:20:49 +00:00
45cffd874c Bug 17901: Fix possible SQL injection in shelf editing
It has been reported that
/cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1

Could lead to SQL injection
Actually it explodes because the generated SQL query is not correctly formated.

However it would be good to limit the possible values for sortfield.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-30 11:20:48 +00:00
ba5cd24553 Bug 17501: Move getCategories and httpheaders from Upload.pm
Class method getCategories has no strict binding to Upload.pm. While
Upload.pm is now restricted to the actual uploading process with CGI
hook, this routine fits better in the UploadedFile package.

Class method httpheaders can be moved as well for the same reason. Note
that it actually is an instance method. The parameter $name is dropped.

Test plan:
[1] Run t/db_dependent/Upload.t.
[2] Check the categories in the combo box of tools/upload.
[3] Check a download via tools/upload and opac-retrieve-file.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-20 14:20:05 +00:00
158442eb9e Bug 17501: Remove Koha::Upload::get from Koha::Upload
The get routine actually returns records from uploaded_files. It should be
possible to replace its calls by direct calls of Koha::UploadedFiles.

This patch is the crux of this patch set. It deals with all scripts that
use Koha::Upload.

In the process we do:
[1] Add a file_handle method to Koha::UploadedFile. This was previously
    arranged via the fh parameter of get.
[2] Add a full_path method to UploadedFile. Previously returned in the
    path hash key of get. (Name is replaced by filename.)
[3] Add a search_term method too (implementing get({ term => .. }).
    This logic came from _lookup.
[4] Add a keep_file parameter to delete method. Only used in test now.

Test plan:
[1] Run t/db_dependent/Upload.t
[2] Go to Tools/Upload. Add an upload, download and delete.
[3] Add another public upload , search for it.
    Use the hashvalue to download via opac with URL:
        cgi-bin/koha/opac-retrieve-file.pl?id=[hashvalue]
[4] Go to Tools/Stage MARC for import. Import a marc file.
[5] Go to Tools/Upload local cover image. Import an image file.
    Enable OPACLocalCoverImages to see result.
[6] Test uploading a offline circulation file:
    Enable AllowOfflineCirculation, and create a koc file (plain text):
    Line1: Version=1.0\tA=1\tB=2
    Line2: 2016-11-23 16:00:00 345\treturn\t[barcode]
    Note: Replace tabs and barcode. The number of tabs is essential!
    Checkout the item with your barcode.
    Go to Circulation/Offline circulation file upload.
    Upload and click Apply directly.
    Checkout again. Repeat Offline circulation file upload.
    Now click Add to offline circulation queue.
[7] Connect the upload plugin to field 856$u.
    Enable HTML5MediaEnabled.
    Upload a webm file via the plugin. Click Choose to save the URL,
    and put 'video/webm' into 856$q. Save the biblio record.
    Check if you see the media tab with player on staff detail.
    (See also: Bug 17673 about empty OPACBaseURL.)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-20 14:20:05 +00:00
c6e488f4af Bug 17196: Move marcxml out of the biblioitems table
Two discussions on koha-devel lead to the same conclusion:
biblioitems.marcxml should be moved out this table
- biblio and biblioitems
http://lists.koha-community.org/pipermail/koha-devel/2013-April/039239.html
- biblioitems.marcxml & biblioitems.marc / HUGE performance issue !
http://lists.koha-community.org/pipermail/koha-devel/2016-July/042821.html

There are several goals to do it:
- Performance
As Paul Poulain wrote, a simple query like
  SELECT publicationyear, count(publicationyear) FROM biblioitems GROUP BY publicationyear;
takes more than 10min on a DB with more than 1M bibliographic records
but only 3sec (!) on the same DB without the biblioitems.marcxml field
Note that priori to this patch set, the biblioitems.marcxml was not
retrieved systematically, but was, at least, in
C4::Acquisition::GetOrdersByBiblionumber and C4::Acquisition::GetOrders
- Flexibility
Storing the marcxml in a specific table would allow use to store several
kind of metadata (USMARC, MARCXML, MIJ, etc.) and different formats (marcflavour)
- Clean code
It would be a first step toward Koha::MetadataRecord for bibliographic
records (not done in this patch set).

Test plan:
- Update the DBIC Schema
- Add / Edit / Delete / Import / Export bibliographic records
- Add items
- Reindex records using ES
- Confirm that the following scripts still work:
    * misc/cronjobs/delete_records_via_leader.pl
    * misc/migration_tools/build_oai_sets.pl
- Look at the reading history at the OPAC (opac-readingrecord.pl)
- At the OPAC, click on a tag, you must see the result

Note: Changes in Koha/OAI/Server/ListRecords.pm is planned on bug 15108.

Signed-off-by: Mason James <mtj@kohaaloha.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Zeno Tajoli <z.tajoli@cineca.it>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 13:49:26 +00:00
e55b38928a Bug 17486: Remove Mozilla Persona
Persona never really took off, and although many browsers currently
support it, very few services actually implement it.

This has lead to it's founders, Mozilla, to end the project. In their
own words:

=============================================================================
Persona is no longer actively developed by Mozilla. Mozilla has
committed to operational and security support of the persona.org
services until November 30th, 2016.

On November 30th, 2016, Mozilla will shut down the persona.org services.
Persona.org and related domains will be taken offline.

If you run a website that relies on Persona, you need to implement an
alternative login solution for your users before this date.

For more information, see this guide to migrating your site away from
Persona:

https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

=============================================================================

Given the above, and that the Persona authentication methods as a whole
are no longer being actively maintained by anyone anywhere to ensure
ongoing security, we should deprecate the option from koha.

Test plan:
Apply this patch and make sure you do not find any references of Persona
Have a look at patches from bug 9587 and confirm that everything has
been reverted

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Code looks good to me.
Also ran several tests including: Auth.t, Auth_with_shibboleth.t.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 12:32:19 +00:00
c3685f041c Bug 15907 - Remove use of makepayment in opac/opac-account-pay-paypal-return.pl
Test Plan:
1) Apply this patch
2) Make a payment via PayPal in sandbox mode
3) Note the payment succeeds

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 15907 [QA Followup] - Simplify code and call pay() only once

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-12 13:42:47 +00:00
4e40339db3 Bug 17830: CSRF - Handle unicode characters in userid
If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
  Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.

Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

You can also test the other files modified by this patch.

Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-30 17:47:18 +00:00
631d3006bc But 17578: (followup) amountoutstanding
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:45 +00:00
b59df2bce7 Bug 17578: GetMemberDetails - Remove GetMemberDetails
All the values different from the ones GetMember returned has been
managed outside of GetMemberDetails.
It looks safe to replace all the occurrences of GetMemberDetails with
GetMember.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:44 +00:00
43dda64381 Bug 17578: GetMemberDetails - Remove reservefee
Same as other patches, reservefee is only used in opac-reserve.pl

Test plan;
Set reserve fee for a patron category
Place a hold at the OPAC with one of these patrons.
You must get a message about the reserve fee.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:43 +00:00
5a0a2ce584 Bug 17578: GetMemberDetails - Remove is_expired
The is_expired value is used in 2 places, let's use
Koha::Patron->is_expired instead.

Test plan:
Depending on the different value of BlockExpiredPatronOpacActions for
the patron category, a patron must be blocked if he has expired.
Confirm that behavior from opac-renew and opac-reserve scripts

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:43 +00:00
4e78f1000d Bug 17578: GetMemberDetails - Remove amountoutstanding
The amountoutstanding value set by GetMemberDetails was only used in a
few places. In that case it makes sense to only retrieve it when needed.

Test plan:
1/ Add fines to a patron, on the OPAC patron info page, you should see a
"Fines" tab
2/ Add credit to a patron, you should see the credit displayed
3/ Set the pref maxoutstanding to 3
4/ Add a fine of 4 to a patron
5/ Try to place an hold for this patron
=> You should get a "too much oweing" message

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:41 +00:00
492280102f Bug 17578: GetMemberDetails - Remove BlockExpiredPatronOpacActions
The correct way to get the value of BlockExpiredPatronOpacActions from a
patron object is to get the patron category then call the
effective_BlockExpiredPatronOpacActions:
  $patron->category->effective_BlockExpiredPatronOpacActions

So this patch applies this change and remove this value from the
GetMemberDetails subroutine.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-16 13:12:40 +00:00
8edb7f6fb9 Bug 17720: CSRF - Handle unicode characters
From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""

Test plan:
- Set a MySQL/MariaDB password with unicode characters:
  UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
  FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Edit: removed debugging leftover

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-05 15:20:18 +00:00
8dce1cde3a Bug 16873: Improve renewal error messages on self check
When a patron is not allowed to renew from the self check module, the
only message displayed is "No renewals allowed".
It would be nicer to let him/her know that the renewal is not allowed
because it's a on-site checkout or automatic renewal.

To do so we can call CanBookBeRenewed instead of CanBookBeIssued and get
the renewal error.

Test plan:
0/ Switch off AllowSelfCheckReturns
1/ check out an item and tick "auto renewal"
2/ Go on the self check module
=> auto renewal message is displayed
3/ check out an item and tick "on-site checkout"
4/ Go on the self check module
=> on-site checkout message is displayed
5/ check out an item without ticking any checkboxes (regular checkout)
Renew it to reach the max renew allowed
6/ Go on the self check module
=> regular checkout message is displayed
7/ Switch on AllowSelfCheckReturns and repeat previous steps
=> "Return this item" button is displayed in addition of the renewal
error message

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-29 17:44:09 +00:00
a16a750180 Bug 17642: Add and use get_descriptions_by_koha_field
Ok I am silly, we needed to replace to use the cache mechanism for
search_by_koha_field, not find_by_koha_field...
Let's create another subroutine

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-18 15:52:00 +00:00
Koha Team Lyon 3
660be0e019 Bug_17484 Search with date range limit (lower and upper) does not work
If the period is entered without spaces wrapping the hyphen
You can't get any result

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
I can't reproduce the error, search still works after applying the patch

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-18 13:46:00 +00:00
f6148ab777 Bug 17494: Prevent duplicate tokens from getting stored
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-04 15:45:40 +00:00
df3a9105e8 Bug 17494: Make sure the same verification token won't be generated twice
Well, this patch does not enforce the unique constraint but mimic what
is already done in C4::ImportExportFramework and Koha::Upload where
md5_hex is used.

Test plan:
Have a look at the code and confirm that it adds more randomness to the
hashed string

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-04 15:45:40 +00:00
Katrin Fischer
85e95d069d Bug 15581: Follow-up - suggested change to the OPAC message
Instead of showing "Automatic renewal" to the user, this
changes it to show "No longer renewable" when the
automatic renewal won't happen any longer because of the
days the item has already been checked out.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-02 10:28:58 +00:00
81a04af278 Bug 14610 - Add and update scripts
Signed-off-by: Jennifer Schmidt <jschmidt@switchinc.org>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-26 12:15:14 +00:00
cbe96a3b70 Bug 17080: borrowers table - use default values defined in the DBIx::Class schema
This patch basically just revert bug 16960 - Fix error on validating the
registration

This job is now done by the Koha::Object constructor, no need to clean
the hash before sending it to AddMember.

Test plan:
Make sure there is no regression on bug 16960 (validate a self registration).

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 17:33:19 +00:00
ed2c2213a7 Bug 15131: Make SCO use the new syspref.
This patch just makes SCO use the new syspref (AllowItemsOnHoldCheckoutSCO)
instead of the old one, thus making it configurable, separate from the
non-SCO syspref.

Sponsored-by: NEKLS

Signed-off-by: George <george@nekls.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 17:27:07 +00:00
baf78b2a33 Bug 17253: Koha::AuthorisedValues - Remove GetKohaAuthorisedValues
This patch replaces the call to C4::Koha::GetKohaAuthorisedValues with
Koha::AuthorisedValues->search_by_koha_field

Test plan:
AV descriptions should be displayed on the following pages:
- XSLT view - location and ccode
- Bibliographic detail, moredetail and OPAC pages - location, ccode, copynumber
- returns - location
- opac-basket - ccode, location
- The 3 reports: catalogue_stats.pl, issues_stats.pl and
  reserves_stats.pl - location, ccode

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 15:35:34 +00:00
35de8aa1ef Bug 17393: Fix non-Latin chars handling in self reg
If you fill the patron self reg with non-latin characters, they will be
encoded with HTML entities (&eacute;)
This bug leads to generate a userid with weird behaviors:
é => eacute
ł => x

Test plan:
0/ Do not apply the patch
1/ Set up the Self reg feature
2/ fill surname, fistname with something like "Michał pouéàç"
3/ Save
4/ See the bad encoding/replacement on the screen and look at the data
The accentued chars are replaced with their html representation and the
non-Latin chars with a 'x'
in the DB
5/ Apply this patch
6/ Repeat steps 2, 3
7/ Everything should be ok
8/ Try to make sure this HTML::Entities escape was not useful:
fill surname with "surname <script>alert("xss?")</script>"
Save and look at the data

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-21 14:21:55 +00:00
f1298dc782 Bug 17367 - Showing all items must keep show holdings tab in OPAC details
In OPAC details page, when record as too many items (depending on syspref OpacMaxItemsToDisplay), they are not displayed in holdings tab.
You can click on link "Click here to view them all" to show them : page reloads with a new arg viewallitems=1.
Also you can choose which tab is shown by default using syspref opacSerialDefaultTab.

The bug is that when default tab is not holdings, clicking on link to show all items will show another tab. So one must reclick on holings tab to see all items.

This patch corrects by forcing holdings tab when arg viewallitems is defined.

Test plan :
- Create a serial record with more items than syspref OpacMaxItemsToDisplay (or decrease this syspref)
- Select "Subscriptions tab" for syspref opacSerialDefaultTab
- Go to opac details on this record : /cgi-bin/koha/opac-detail.pl?biblionumber=xxx
=> You see Subscriptions tab selected
- Click on Holdings tab
=> You see no items but a link "Click here to view them all"
- Click on this link
=> Without patch you see Subscriptions tab selected
=> Wih patch you see Holdings tab selected and the items

Signed-off-by: Juliette <juliette.levast@iepg.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-17 23:47:27 +00:00
f28460bdb7 Bug 17392 - opac/svc/overdrive_proxy is not plack safe
This patch simply replaces the ';'  in the param passed to OverDrive
with '&'

To test:
1 - Enable overdrive (requires an account)
2 - Perform an opac search
3 - Note the number of overdrive results reported
4 - Click the link to view the actual overdrive results
5 - Note the result numbers don't match
6 - Apply patch
7 - Repeat 1-4 and note results numbers match and results are relevant
8 - Test a search with a ';' to ensure this patch isn't breaking
searches

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>
Verified by reading code - couldn't verify using Overdrive.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 16:16:02 +00:00
ef0b0f13fc Bug 17094: Make Koha::Virtualshelf methods return Koha::Objects-based objects
Instead of DBIx::Class objects.

Test plan:
1/ Add content to a list and share it with another patron
2/ Try to view the list with the other patron
3/ download and send a shelf and check if the biblio list is correct
4/ prove t/db_dependent/Virtualshelves.t should return green

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 13:14:46 +00:00
bb1e9c500c Bug 17248 - Koha::AuthorisedValues - Remove GetKohaAuthorisedValueLib
The subroutine C4::Koha::GetKohaAuthorisedValueLib just retrieves a description
(lib) for a given authorised value.

We can easily replace it using:
  Koha::AuthorisedValues->search({ category => $cat, authorised_value => $av })->lib
or
  Koha::AuthorisedValues->search({ category => $cat, authorised_value => $av })->opac_description

Test plan:
- On the detail page of a bibliographic record, the description for notforloan,
restricted and stack (?) should be correctly displayed
- View a shelf, the location (LOC) description should be displayed
- On the search result page, the location description should be displayed in the
  facets
- Set AcqCreateItem=ordering and receiving items.
The description for notforloan, restricted, location, ccode, etc. field
should be displayed.
- When creating item in the acquisition module, the dropdown list for
  field linked to AV should display the AV' descriptions
- On the transfers page, the description of the location should be
  displayed.
- On the checkout list from the circulation.pl and returns.pl pages, the
  description for "materials" should be displayed
- Fill some OPAC_SUG AV and create a suggestion, the reason dropdown
  list should display the description of OPAC_SUG

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 13:11:55 +00:00
649956b216 Bug 17386: Simplify code
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-10 14:08:20 +00:00
Marc Véron
d63f02a8c4 Bug 17386: Add opac notes for patron to self checkout screen
Display patron messages from OPAC summary page on SCO screen as well.

To test:
- Make sure you have patrons with and without OPAC note and OPAC messages
- Log in to OPAC and go to patrons 'your summary' page to display note
  and messages
- Apply patch
- Refresh patrons detail page. Verify that it looks the same as before
- Go to SCO
- Log in as such patron
- Verify that note and messages appear the same as on OPAC summary page

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-10 14:08:20 +00:00
c39eaca298 Bug 16551: Display the name of lists to the search results at the OPAC
This new enhancement will allow to add the name of lists containing a
biblio to the search results at the OPAC.

Test plan:
0/ Regenerate the css file to get the style change:
 % lessc --clean-css="--s0 --advanced --compatibility=ie7"
   koha-tmpl/opac-tmpl/bootstrap/less/opac.less >
   koha-tmpl/opac-tmpl/bootstrap/css/opac.css
1/ Create some lists and add items to them
2/ On the search results you should see the name of the lists which
contains the record.

Note that we could add a syspref to make this new behavior optional.

Sponsored-by: University of the Arts London
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-25 15:43:07 +00:00
f89400a8ff Bug 16519: Replace 'our' with 'my' in [opac-]addbybiblionumbers.pl
To avoid bug like bug 16518 and to ease the readability/maintainability
of these scripts, this patch replaces the use of 'our' with 'my' to
avoid the use of global variables.

Basically the code has been moved from subroutines to the appropriate places.

Test plan:
At the intranet and OPAC sides
1/ Add items to a list
2/ Add items to a list using an existing name
3/ Add items to a list you don't have right on it (by modifying the
biblionumber in the url)
4/ At the OPAC, use the opac-addbybiblionumber.pl without being logged
in to add items to a list

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-25 15:42:40 +00:00
b1daa66aad Bug 17213 - Add HTML5 validation to cardnumber field on patron self registration
To test:
Verify that different values in 'CardnumberLength' system preference
display correctly in the self reigstration form

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-25 13:44:09 +00:00
31ca4849ef Bug 17316: Do not display the list's name if the user does not have permission - OPAC
At the OPAC, if a user manipulate the URL to show a list (s)he is not
allowed to view, the list's name will be displayed anyway.

Test plan:
- Create a private list with user A
- Copy the op=view URL and access it with user B logged in
=> Without this patch, you will see the rss icon, the list's name and
the "add list" button
=> Without this patch, only the "unauthorized" box will be displayed

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-25 13:13:58 +00:00
386f7ae9af Bug 17299: Display date due correctly on SCO
Unless it's an hourly loan, date due should not display the time part
(23:59).
Because of bad code in GetPendingIssues, date_due is replaced with a
DateTime object and is copied into date_due_sql.
We need to use this date_due_sql to correctly display the date due in
the sco module.

Test plan:
1/ Enable WebBasedSelfCheck syspref
2/ Check out an item to User A -- Do not use an hourly loan.
3/ Log in to Koha self check ( {OPAC URL}/cgi-bin/koha/sco/sco-main.pl).
4/ Enter User A's cardnumber.
Without this patch, checkouts are
   MM/DD/YYYY 12:00 AM (Timeformat: 12 hour)
or MM/DD/YYYY 00:00    (Timeformat: 24H)
With this patch applied, only the date is displayed

Followed test plan, works as expected.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-15 13:22:34 +00:00
85288b8f15 Bug 16274: Limit the patron self registration to some libraries
Currently a patron can select a home library in the list of all
libraries defined in the system.
However some of these libraries might not accept self registration.
This patch adds a new pref to display only the allowed libraries.

Test plan:
0/ Apply the patch, do not fill the new pref
1/ Self register a new patron
=> All the libraries defined should be displayed in the "Home library"
dropwdown list
2/ Fill the pref PatronSelfRegistrationLibraryList with some of the
branchcode defined in the system
=> Self register a new patron and confirm that the dropdown list has
been filtered.

Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-12 15:36:04 +00:00
130733a013 Bug 17109: [QA Follow-up] Die when wrong token
Removes template var csrf_error and associated handling.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Restested with opac and intranet: Still sends or dies elegantly..

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:37:47 +00:00
1a3b92bc76 Bug 17109: Use Koha.Preference in sendbasket template
No need to send OPACBaseURL to the template, if you load the Koha TT
plugin inside the template.

Test plan:
Send a few items in your cart from OPAC and intranet.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:37:47 +00:00
dc4617ba3b Bug 17109: Add CSRF token to [opac-]sendbasket
If you have no (valid) token, you will not be able to send the message.

Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
    using the following URL:
    /cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
    This should now result in a csrf error.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:37:47 +00:00
36b9fa32b1 Bug 17109: Remove second authentication from (opac-)sendbasket
Patch deals with opac and intranet variant.
If we authenticated the first time, it is not necessary to do it
a second time rightaway.

Replaces a call to get_template_and_user (including checkauth) by
gettemplate.

Also removes duplicate use C4::Biblio statements.

Test plan:
[1] Put a few books in the cart.
[2] Send the cart from OPAC.
[3] Send the cart from intranet.

Tested 3 patches together. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:37:46 +00:00
Aleisha
7da5fb8175 Bug 16507: Show play media tab first if record has no holdings
To test:
1) Go to Admin -> Global sysprefs
2) Turn on HTML5MediaEnabled and HTML5MediaYouTube
3) Go to Cataloging and create a new record
4) Catalogue a YouTube link in 856$u and save record. Do not add any items (click Normal tab)
5) Confirm that Play media tab is the selected tab by default
6) View record on OPAC and confirm Play media tab is selected by default
7) Go back to staff client, add an item then go back to Normal tab
8) Confirm that Holdings tab is now selected by default
9) Confirm Holdings tab is selected by default on OPAC

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 12:10:40 +00:00
23d5d0fbd3 Bug 16275: Do not allow a self registration with an existing email address
To avoid multiple registrations, it would be good to check the unicity
of the primary email address.
This patchset adds a new pref PatronSelfRegistrationEmailMustBeUnique.
If on, a patron will get "This email address already exists in our
database" if he try to register with an existing email address.

Test plan:
1/ Register a new patron with an email address
2/ Make an other registration using the same email address
=> With the pref PatronSelfRegistrationEmailMustBeUnique on, you won't be allowed
=> With the pref off, no change should be noticed.

Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described, no errors.

Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 11:57:54 +00:00
177542bf52 Bug 15839: [QA Follow-up] Error checking in opac-review.pl
[1] Adds a check on biblionumber. (Prevents a DBIx error.)
[2] If you have a reviewid, search on that and check results.
    Add an unauthorized error in template.
[3] If you add a new review, check that there is no review yet.
    If so, edit the existing one.
    This supports the added FIXME on a unique constraint.

Note: This script could receive further attention.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested all crud ops with opac-review.pl (incl URL manipulation).

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:31:06 +00:00
b5c3b1c974 Bug 15839: [QA Follow-up] Paging on opac-showreviews
Paging is kind of messy here. This patch at least improves somewhat.
The page number should be rounded.
The results per page should be passed to the template too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested a number of reviews and played with count parameter in URL.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:31:05 +00:00
54044e05c5 Bug 15839: Koha::Reviews - Remove C4::Review residue
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:31:00 +00:00
092ae340ce Bug 15839: Koha::Reviews - Remove savereview
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:29:59 +00:00
41fa333ec9 Bug 15839: Koha::Reviews - Remove updatereview
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:29:58 +00:00
3cf4d92a5f Bug 15839: Koha::Reviews - Remove getnumberofreviews
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:29:58 +00:00
48fe93e945 Bug 15839: Koha::Reviews - Remove getreview
Note that this (biblionumber, borrowernumber) pair should be defined as
a unique key at the DB level (FIXME added)

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:29:58 +00:00
f1e4e83008 Bug 15839: Koha::Reviews - Remove getallreviews
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:29:57 +00:00
ba8f552ab6 Bug 15839: Koha::Reviews - Remove getreviews
The C4::Reviews::getreviews subroutine retrieved the reviews for a given
record, depending on their status.
This can be achieve with a call to Koha::Reviews->search.
There were 2 calls to this subroutine. The one from opac-ISBDdetail.pl
does not look in used: the reviews are not display on this page. It
certainly comes from an old copy/paste from opac-detail.pl.
The one from opac-detail only asked for the approved reviews. So the
logged in user does not see its own review if it is pending approval.
Actually this pending approval review is only displayed when the user
submits it (because of a unecessary complex text replacement done in
JS).
With this patch, the approved reviews AND the unaproved review from the
logged in user will be displayed.
It will allow a future enhancement to add a way to delete our own
reviews.

Moreover, the reviews were retrieved even if they were not displayed (if
reviewson is off), it's now fixed.

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:29:53 +00:00
09d00bf040 Bug 17089: Improve errors handling
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 09:31:30 +00:00
70a31874a7 Bug 17089: Koha::Ratings - Remove GetRating
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 09:31:29 +00:00
6f67992ffa Bug 17089: Koha::Ratings - Remove DelRating
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 09:31:29 +00:00
a7f831404e Bug 17089: Koha::Ratings - Remove ModRating
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 09:31:28 +00:00
d9af985de6 Bug 17089: Koha::Ratings - Remove AddRating
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 09:31:28 +00:00
c840c93835 Bug 15758: Koha::Libraries - Ultimate duel for C4::Branch
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 14:36:04 +00:00
df97814f30 Bug 15758: Koha::Libraries - Remove GetBranches
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 14:36:03 +00:00
9b9803b69c Bug 15758: Koha::Libraries - Remove GetBranchesLoop
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 14:36:02 +00:00
19a977dc7b Bug 15758: Koha::Libraries - Remove GetBranchName
This is the fourth and last patch set to remove C4::Branch.
The real purpose of this patch is to standardise and refactor some code
which is related to the libraries selection/display.
Its unconfessed purpose is to remove the C4::Branch package.

Before this patch set, only 6 subroutines still existed in the C4::Branch
package:
- GetBranchName
- GetBranchesLoop
- mybranch
- onlymine
- GetBranches
- GetBranch

GetBranchName basically returns the branchname for a given branchcode.
The branchname is only used for a display purpose and we don't need to
retrieve it in package or pl scripts (unless for a few exceptions).
We have a `Branches` template plugin with a `GetName` method which does
exactly this job.
To achieve this removal, we will use this template plugin and delete the
GetBranchName from pl and pm files.
The `Branches.all()` will now select the library of the logged in user
if no `selected` parameter has been passed.
This new behavior could cause regressions, for instance there are some
places where we do not want an option preselected (batch item
modification for instance), keep that in mind when testing.

GetBranchesLoop took 3 parameters: $branch and $onlymine.
The first one was used to set a "selected" flag, for a display purpose:
select an option in the libraries dropdown lists.
The second one was useless: If not passed or set to 0, the
`C4::Branch::onlymine` subroutine was called.
This onlymine flag was use to know if the logged in user was able to see
other libraries infos.
A patron can see the infos from other libraries if IndependentBranches
is not set OR if he has the superlibrarian permission.
Prior to this patch set, the "onlymine test" was done on different
places (neworderempty.pl, additem.pl, holidays.pl, etc.), including the
Branches TT plugin. In this patch set, this test is only done on one
place (C4::Context::only_my_library, code moved from
C4::Branch::onlymine).
To accomplish the same job as this subroutine, we just need to call the
`Branches.all()` method from the `Branches` TT plugin. It already
accepts a `selected` parameter to set a flag on the option to select.
To avoid the repetitive
  [% IF selected %]<option selected="selected">[% ELSE %]<option>[% END %]
pattern, a new `html_helpers` TT include file has been created, it
defines an `options_for_libraries` block, which takes a `selected`
parameter. We could imagine to use this include file for other
selects.

The 'mybranch` and `onlymine` subroutines of the C4::Branch package have
been moved to C4::Context. onlymine has been renamed with
only_my_library. There are only 4 occurrences of it, against 11 before
this patch set.
There 2 subroutines are Context-centric and it makes sense to put them
in `C4::Context` (at least it's the least worst place!)

GetBranches is the tricky part of this patch set: It retrieves all the
libraries, independently of the value of IndependentBranches.
To keep the same way as the existing calls of `Branches.all()`, I have
added a `unfiltered` parameter. If set, the `Branches.all()` will call
a usual Koha::Libraries->search method, otherwise
Koha::Libraries->search_filtered will be called. This new method will
check if the logged in user is allowed to see other libraries or only
its library.
Note that this `GetBranches` subroutine also created a `category` key:
it allowed to get the list of groups (of libraries) where this library
existed. Thanks to a previous patch set (bug 15295), this value was
not used anymore (I may have missed something!).

Note that the only use of `GetBranch` was buggy (see bug 15746).

Test plan (for the whole patch set):
The best way to test this whole patch set is to test with 2 instances: 1
with the patch set applied, 1 using master, to be sure there is no
regression.
It would be good to test the same with `IndependentBranches` and the
without `IndependentBranches`.
No difference should be found.
The tester must focus on the library dropdowns on as many forms as
possible.
You will notice changes in the order of the options: the libraries will
now be ordered by branchname (instead of branchcode in some places).
A special attention will be given to the following page:
- acqui/neworderempty.pl
- catalogue/search.pl
- members/members-home.pl (header?)
- opac/opac-topissues.pl
- tools/holidays.pl
- admin/branch_transfer_limits.pl
- admin/item_circulation_alerts.pl
- rotating_collections/transferCollection.pl
- suggestion/suggestion.pl
- tools/export.pl

Notes for QA:
- There are 2 FIXMEs in the patch set, I have kept the existing behavior,
but I am not sure it's the good one. Feel free to open a bug report and
I will fill a patch if you think it's not correct. Otherwise, remove the
FIXME lines in a follow-up patch.
- The whole patch set is huge and makes a lot of changes.
But it finally will tremendously reduce the number of lines:
716 insertions for 1910 deletions

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 14:36:01 +00:00
39487d634e Bug 11592: (QA followup) Add missing framework code to ViewPolicy filter calls
This patch adds the frameworkcode option param, using each record's frameworkcode
as expected by the filter. Otherwise the ViewPolicy filter falls back to the
default framework.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 11:54:22 +00:00
ea27569334 Bug 11592: (QA followup) Simplify code
Koha::RecordProcessor and the defined filters are supposed to bring us
joy and happiness. Let's keep the code compact, simple and clean.

This patch removes record cloning all over the place.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 11:54:22 +00:00
Mark Tompsett
cadf5aea81 Bug 11592: MARCView and ISBD followup
There are still some leaks, but it is not as a result
of the filter, but rather a result of poorly written
template files.

Bug fixing template files is beyond the scope of this
set of patches.

TEST PLAN
---------
 1) Backup your DB
 2) run the following SQL on your DB.
    > UPDATE marc_subfield_structure set hidden=-8;
    -- this should set EVERYTHING to hidden across the board.
 3) In staff client, set OPACXSLTDetailsDisplay to blank
 4) In OPAC, view any detail.
    -- Normal view may mostly leak values still.
    -- MARC view may leak values.
    -- ISBD view may leak values.
 5) In staff client, set OPACXSLTDetailsDisplay to default
 6) In OPAC, view any detail.
    -- same issues as step 4
    -- 'View Plain' may leak too.
 7) 'Save record' -> 'Dublin Core'
 8) Apply this patch
 9) run koha qa test tools
    -- should be fine
10) prove -v t/db_dependent/Filter_MARC_ViewPolicy.t
    -- should pass
    -- this proves Koha/Filter/MARC/ViewPolicy.pm tweaks too
11) In OPAC, view any detail.
    -- Normal view:
       -- Material type comes from the LEADER field.
       -- Lists this is on will still display
       -- 'Tags from this library' will still display
       -- Item information in table will still display
          (THIS IS BEYOND SCOPE)
    -- MARC view:
       -- Record number is leaked
          (THIS IS BEYOND SCOPE)
       -- 'View plain' leaks LEADER field.
    -- ISBD view may leak field headings, but not values.
       (THIS IS BEYOND SCOPE)
12) In staff client, set OPACXSLTDetailsDisplay to blank
13) In OPAC, view any detail.
    -- same kind of output as step 10
14) 'Save record' -> BIBTEXT
    -- Should be next to nothing leaked.
15) 'Save record' -> Dublin Core
    -- Should be the same or less leaked between the two versions.
    -- (XML FILTERING IS BEYOND SCOPE)
16) In the staff client, go view the same record.
    -- it should be mostly hidden in ISBD View.
17) run the following SQL on your DB.
    > UPDATE marc_subfield_structure set hidden=1;
    -- this should set EVERYTHING to hidden in OPAC, but not
       the STAFF across the board.
18) Refresh the staff ISBD page
    -- values should reappear.
19) View the ISBD details in the OPAC
    -- values should still be hidden.
20) Check out the OPAC Cart and List
    -- while the intermediate pages may still leak
       the download links should leak very minimally.
    -- (CARTS AND LISTS ARE BEYOND SCOPE, THOUGH
        THE INTRANET ISBD AND SOME CART/LIST STUFF
        WERE FIXED BECAUSE OF THE GetISBDView REFACTOR)

Expectations:
Before Patch - all the OPAC Detail pages will display things
After Patch - all the OPAC Detail pages will display much less,
              and hopefully nothing (though there are known limits).
              the ISBD detail page in the Staff client will be
              filtered as well based on STAFF settings.
              The saving/exporting should generate nearly empty
              files.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 11:54:22 +00:00
Mark Tompsett
6cbae9c3cb Bug 11592: Applying filtering to opac interface.
Applying the filtering and then...
Debugging opac/opac-detail.pl filtering
Debugging opac/opac-ISBDdetail.pl more
Debugging opac/opac-export.pl
Tweak opac/opac-export.pl fix variable declarations, conditional assignments
Debugging opac/opac-showmarc.pl

https://bugs.koha-community.org/show_bug.cgi?id=11592

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 11:54:21 +00:00
Mark Tompsett
16f74b546e Bug 11592: Updated License Text and use Modern::Perl
Why not clean up the License Agreement stuff while the files
are being changed? Used the current one found at:
http://wiki.koha-community.org/wiki/Coding_Guidelines#Licence

Changed the strict and warning lines into just a Modern::Perl.

Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 11:52:11 +00:00
658f603511 Bug 17189: Replace occurrences of 'use Koha::Cache'
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

https://bugs.koha-community.org/show_bug.cgi?id=11921

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 10:24:47 +00:00
f753220701 Bug 17189: Add the ability to define several memcached namespaces - replace existing occurrences
s/Koha::Cache->get_instance/Koha::Caches->get_instance

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

https://bugs.koha-community.org/show_bug.cgi?id=11921

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 10:24:46 +00:00
bc39f0392b Bug 14695 - Add ability to place multiple item holds on a given record per patron
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jason M. Burds <JBurds@dubuque.lib.ia.us>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
2016-09-03 00:17:56 +00:00
Jacek Ablewicz
c1d75885a6 Bug 10848 - Allow configuration of mandatory/required fields on the suggestion form in OPAC
This patch adds a configuration option which allows to define which
fields should be mandatory for a patron purchase suggestion form in OPAC.

Test plan:

1/ Apply patch.
2/ Play with the new OPACSuggestionMandatoryFields system preference
(select some fields as manadatory, select all, deselect all, try to
submit some suggestions with mandatory fields filled and/or not
filled etc.) to ensure that required fields (and only required fields)
are enforced in the browser to be filled.
3/ With all options deselected, 'Title' field should still be
mandatory (by default).

Signed-off-by: barbara johnson <barbara.johnson@bedfordtx.gov>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 16:00:50 +00:00
Magnus Enger
11315ef090 Bug 5456 - Create a link to opac-ics.pl
opac-ics.pl was added to Koha back in 2007, but there has not been a link to it
from anywhere. This patch adds the link from the main view on
/cgi-bin/koha/opac-user.pl, and makes some changes to opac-ics.pl itself.

Changes to opac-ics.pl:
- Update the code to use date and time for when a loan is due
- Use dt_from_string to turn a MySQL time and date into a DateTime
- Add a timestamp and a UID (these were reported as necessary by a couple of
  iCal validators)
- Remove DTEND from events, since we now have time as well as date for when a
  loan is due
- For loans that are overdue, set the DTSTART to now(), to avoid creating
  calendar events in the past
- Use a template to generate text strings, to make them translatable

To test:
- Apply the patch
- Make sure you have at least a couple of loans, including one overdue
- Go to /cgi-bin/koha/opac-user.pl and click on the link labeled "Download as
  iCal/.ics file"
- Inspect the file in a text editor and/or view the result in a calendar
  appplication. Make sure the data makes sense.
- Sign off and go thee merrily on thine way.

Update 2016-07-25
- Force date_due to UTC to avoid problematic timezone info like this:
  DTSTART:TZID=Europe/Zurich:20160724T235900
- Remove quotes from summary and description

Followed test plan, koha.ics file successfully imported to Thunderbird calendar
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 15:55:32 +00:00
931ed0ec9b Bug 16464: Add FIXME
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 15:49:36 +00:00
e67fc1806c Bug 16464 - If a patron has been discharged, show a message in the OPAC
This patch adds a message to the patron home page in the OPAC to be
shown if the user is restricted because of a discharge.

To test, apply the patch and log into the OPAC as a patron who has been
discharged.
 - You should see a message which says so, including a link to
   the discharge notice.
 - Log in to the OPAC as a patron with a manual restriction and confirm
   that the correct notice is displayed.

Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 15:49:36 +00:00
bff08b9962 Bug 17048: Fix pagination offset for authority searches
At the intranet, the pagination has been broken by bug 12478 (Elastic
Search). There was a confusion between the offset and the page number.

At the OPAC, it is broken since bug 2735 which has mimicked the intranet
script.

Test plan:
Search for a term which will return more than 1 page of results.
Click on the second page
=> Without this patch, the first result of the second page is the second
result of the first page
=> With this patch applied, the offset will be corrected

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 13:49:51 +00:00
68407f4cf0 Bug 16960: Delete previous patron modifications
If a patron edit his/her details a second time, we need to delete the
first ones to avoid a "duplicate entry for key PRIMARY" error.

Test plan:
Log in at the OPAC
Edit your details
Edit them again
=> Without this patch, Koha will crash
=> With the patch applied, everything should work as expected

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
7a33e3ba75 Bug 16960: Fix error on validating the registration
Followed steps in comment #14, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
1016139132 Bug 16960 - Patron::Modifications should be fixed
The changes from opac-memberentry do not reach the table, since the
Patron::Modifications object does not work well.

Test Plan:
1) Apply this patch
2) Create some patron modification requests
3) Ensure you can approve and deny modifications
4) Ensure patron self registration works

Signed-off-by: Bob Birchall <bob@calyx.net.au>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
8c5cb134ee Bug 16996: Do not explode if mandatory fields are missing
At the OPAC, if a patron modify his/her information and at least 1
mandatory field is missing, Koha will crash with
  Template process failed: undef error - Can't call method "description"

It is raised by Koha::Template::Plugin::Categories::GetName called with
an undefined categorycode.
The problem is that the values sent originaly are not sent back to the
template if the user missed something.
This patch makes that all info are resent to the template in order to
show the same form to the user.

Test plan:
0. Apply patch

1. Make sure that the categorycode is not hidden in the OPAC in:
     PatronSelfRegistrationBorrowerUnwantedField or PatronSelfModificationBorrowerUnwantedField

2. Add a required field in PatronSelfRegistrationBorrowerMandatoryField, for example email.

3. Go to Your Personal Details in the OPAC (opac-memberentry.pl) and leave blank the required field of point 2

4. Press "Submit update request"

There should be no software error.

NOTE: The warns will be floody on the logs.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 15:43:01 +00:00
d1eb706153 Bug 14642: Add logging for Holds
This patch adds logging for several holds actions. Specifically for:

- CREATE
- CANCEL
- DELETE
- RESUME
- SUSPEND
- MODIFY

To test:
- Enable the HoldsLog syspref
- Add a hold on a record/item
=> SUCCESS: The log view shows the CREATE action
- Click on the <Suspend> button
=> SUCCESS: The log view shows the SUSPEND action
- Click on the <Unsuspend> button
=> SUCCESS: The log view shows the RESUME action
- Click on the red cross, to delete the hold
=> SUCCESS: The log view shows the CANCEL action

Note: The DELETE action is logged when DelMember is called, with bug 16819 patches applied.

Sponsored-by: NEKLS
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I also wonder about this going in defaulted on, but since the other logs are as well it seems ok to me.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:13 +00:00
Chris Cormack
0ef3b19dbd Bug 16969 cgi->param used in list context in opac-memberentry.pl
To test
1/ Hit the page, notice the warning in the log
2/ Apply patch
3/ Hit page, notice no warning in the log
4/ Test functionality all still works

Works as expected. (Note: See Bug 16960 for updating patron details).
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:02:05 +00:00
62d16aa6b7 Bug 16776: Do not forget external language choice in language switcher
If language is set by external link language switcher does not work

To reproduce:

- Have a multilingual koha installation, let's say en, de-CH, fr-FR and it-IT
- Create external links e.g. from your multilingual library website to each language variant of OPAC:

...cgi-bin/koha/opac-main.pl?language=en
...cgi-bin/koha/opac-main.pl?language=de-CH
...cgi-bin/koha/opac-main.pl?language=fr-FR
...cgi-bin/koha/opac-main.pl?language=it-IT

Each link opens fine displaying the language as appropriate.

Now try to switch language on the page you just opened via the external link.

It won't work, it will always stay on the language defined by the external link.

To test:
- Apply patch
- Repeat steps above
- Verify that the language switcher works
- Verify in browser address field that after switching language, the param 'language= 'has vanished from url string
- Try links with multiple params and with params containing 'language', e.g.
  ...cgi-bin/koha/opac-search.pl?language=fr-FR&q=language&mylanguage=test
- Verify that only the parameter 'language=' vanishes

Tested counter patch, works as well.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:51:33 +00:00
0fe7a4aa8e Bug 16929: [QA Follow-up] Shortcut methods and use statements
Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:26:00 +00:00
523d0be9dc Bug 16929: Prevent opac-memberentry waiting for random chars
Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
    take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:25:59 +00:00
9bdea2e369 Bug 16878: Fix XSS in opac-memberentry
The vars are gotten from the url and sent to the template as it. They
must be escaped.

Test plan:
I have not managed to create the original issue, so there is no test
plan for the XSS fix, but you can confirm there is no regression.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 19:22:00 +00:00
131002e623 Bug 16847: Remove C4::Members::GetTitles
This subroutine just reads the content of a pref, split it, add an
empty string and returns.
It is not really useful and the code in the script (memberentry.pl) uses
the only occurrence of CGI::popup_menu
Let's remove it and build the dropdown list in the template.

Test plan:
1/ Empty BorrowersTitles, edit a patron and confirm that the "Salutation"
does not appear
2/ Fill BorrowersTitles with "Mr|Mrs|Miss|Ms", edit a patron and confirm
that the "Salutation" dropdown list is correctly filled.
The default option should be selected if you are editing a patron with a
title defined.
This should also be tested at the OPAC.

Followed test pan, works as expected in Staff and OPAC
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-22 17:23:42 +00:00
f3d7f27107 Bug 15451: Koha::CsvProfiles - Remove the residue
This patch erase all traces of C4::Csv since it's not used anymore.
All occurrences have been replaced by previous patches to use
Koha::CsvProfiles.

Note that GetMarcFieldsForCsv was not used prior this patch set.

Test plan:
  git grep 'C4::Csv'
should not return any result.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No more traces of the file.
This produces a koha-qa fail, due to the missing file.
No other errors

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-22 17:18:36 +00:00
814a1d4231 Bug 15451: Koha::CsvProfiles - Remove GetCsvProfilesLoop
This subroutine returned the csv profiles for a given type.
This could be done easily with the new Koha::CsvProfiles->search method.

Test plan:
To do at the OPAC and staff interface!
1/ Export a list using a CSV profile
2/ Export your CART using a CSV profile
Note that only MARC profiles should be available.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested on staff/opac & cart/list
Small problem on filename extension fixed in followup.
No errors

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-22 17:18:34 +00:00
afc008b2fa Bug 16853: Move changepassword to Koha::Patron->update_password
This patch moves the code from C4::Members::changepassword to
Koha::Patron->update_password

Test plan:
Change your password at the OPAC and the staff interface
This should work as before

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I rebased this on top of 16849 because they were conflicting.
Tests pass, code looks good (as usual) and I checked both OPAC
and staff password change work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 18:09:17 +00:00
e1e38896bb Bug 16849: Move IsDebarred to Koha::Patron->is_debarred
In order to move IsMemberBlocked to Koha::Patron it makes sense to move
the code from Koha::Patron::Debarments::IsDebarred to
Koha::Patron->is_debarred.

Test plan:
1/ Add a restriction to a patron
2/ make sure he is not able to checkout items any more
3/ Make sure he cannot get a discharge
4/ Put a hold and make sure you get "Patron has restrictions"

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 18:08:14 +00:00
Marc Véron
dc1ff4efff Bug 16621: Translatability: Issues in opac-user.tt (sentence splitting)
This patch fixes issues due to sentence splitting in
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt

Note: This is a string patch. It does not add or change functionallity.

To test:
- Examine code and verify that the text changes remove sentence splitting
  and that the changes make sense.
- Log in to OPAC and verify that messages look correct
  - with blocked /debarred user (with and without comment and date)
  - with user who has to much fines (needs syspref OpacRenewalAllowed
    and syspref OPACFineNoRenewals)
  - with user who has his card marked as lost
  - with user with an account that is about to expire
  - with user with expired account
  - with user with uncertain address information (with and without
    syspref OPACPatronDetails set to Allow)

Note: Amended to make patch apply 2016-07-10 mv
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 15:09:00 +00:00
de2df0dfe8 Bug 2735: Fix authority search pagination at the OPAC
The authority search pagination displays only 15 pages, even when there
are more.
To fix that, this patch mimic the authorities-home.pl intranet script to
manage the pagination.

Test plan:
Without this patch, do some authority search and click on different
pages.
Apply this patch, redo the same search and make sure the same records
are displayed (i.e. confirm that the pagination still works as before).

Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 14:05:59 +00:00
Mark Tompsett
dee29d9f0b Bug 16805: Log in with database admin user breaks OPAC
TEST PLAN
---------
1) Apply Jonathan's test patch
2) prove t/db_dependent/Letters.t
   -- dies before finishing tests
3) Apply second test patch
4) prove t/db_dependent/Letters.t
   -- dies before finishing tests
   -- 'addalert' is changed to 'getalert'
5) Log into OPAC with database admin user.
   -- see error given in comment #0
6) Apply this patch
7) prove t/db_dependent/Letters.t
   -- says 'getalert'
   -- all tests pass.
8) Log into OPAC with database admin user.
   -- logs in, but gives warning with a nice logout button.
9) run koha qa test tools.

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
No kaha qa errors
In debian display diferent error:
Can't use an undefined value as an ARRAY reference at /usr/lib/perl5/DBI.pm line 2054.
Works as advertised

NOTE: Revised test plan, as Jonathan added useful test case.
      Works as I've tested above.
      Hector tested older test plan which was steps
      5,6,8 and 9.

      Revised test plan again while tweaking to address comment #9.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:45:04 +00:00
1b89150d42 Bug 15128: Do not display "New suggestion" if limit has just been reached
If limit is X and patrons has X-1 pending suggestions, when a new one is
added, the "New suggestion" should not been added.
to avoid another call to SearchSuggestions, we assume than the
suggestion has been correctly added.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:50 +00:00
2c2efbf4a6 Bug 15128: Revert Display all purchase suggestions whether or not suggestion was added
This does not work correctly and should be handle on another bug report.
The behavior existed prior to this patchset.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:49 +00:00
7cde3e216b Bug 15128 - (QA Followup) Don't get patrons suggestions if limit not set
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:49 +00:00
074a3ee338 Bug 15128 - (QA Followup) Fix use of 'my' variable causing loss of data
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:49 +00:00
b6a774028a Bug 15128 (QA Followup) Display all purchase suggestions whether or not suggestion was added Correct enforcement of 0 limit
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
9ebeb9acb3 Bug 15128 - Followup
Only check limit for signed in borrower
Show all suggestions after a new one is added

Signed-off-by: Barbara Walters <bwalters@ncrl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
1bfe7c7512 Bug 15128 [QA Followup 2] - Only count pending suggestions for the limit
Signed-off-by: Barbara Walters <bwalters@ncrl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
5aa3313239 Bug 15128 [QA Followup] - Make suggestion display after being added
Also fixes the issue that the add suggestion link would sometimes
show even if the patron could not make an additional suggestion.

Signed-off-by: Barbara Walters <bwalters@ncrl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
7445b8f897 Bug 15128 - Add ability to limit patrons open purchase suggestions
To test:
1 - Define a number of MaxOpenSuggestions
2 - Add some suggestions for a patron
3 - Note they cannot add any more suggestions if limit is reached
4 - Delete a suggestion and note you can add another
5 - Add them to limit again
6 - Accept a suggestion in the staff client and note user can add more
7 - Repeat above with rejecting or deleting
8 - Sign off.

Sponsored by:
    North Central Regional Library (http://ncrl.org/)

Signed-off-by: Barbara Walters <bwalters@ncrl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
609f537128 Bug 15485: (QA followup) Simplify logic and use *ResultsDisplay value during upgrade
This patch makes the new sysprefs work as the previously defined. Instead of falling back
to what *ResultsDisplay is set, it now has its own 'default' (that still defaults to the
*Results*.xslt).

The default values are set to 'default' as the rest of XSLT-related sysprefs, and the upgrade
picks whatever is set in OPACXSLTResultsDisplay and XSLTResultsDisplay so current behaviour
is preserved.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
New XSLTs for Lists work as advertised

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:30:31 +00:00
add61ef614 Bug 15485: (QA followup) Fix behaviour and default values
Jonathan noticed the current behaviour is that the lists rendering
falls back to the XSLTResults, and if not defined (i.e. != 'default' and
!= some_path) it falls back to a legacy display (non-XSLT).

The patchset changed this behaviour because 'default' is not a valid value
for the lists. So it should fallback to the current behaivour (i.e. Results
XSLT configuration) if not defined. This patch fixes this by adding
 || C4::Context->preference('XSLTResultsDisplay')
(and the OPAC counterpart).

It also fixes minor glitches on the update message (oops) and bad default value
in sysprefs.sql  for 'XSLTListsDisplay'.

Thanks Jonathan!

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:30:31 +00:00
04143f6a9c Bug 15485: Use lists-specific XSLT sysprefs
This patch makes the shelves.pl (staff) and opac-shelves.pl scripts
use the new sysprefs for specifying custom XSLTs for lists display.

XSLT.pm is patched so it defaults to the corresponding *Results.xsl
files if none is specified.

To test:
- Create a list
- Open the list in the staff interface
- On a new tab, open the list in the OPAC.
- Apply this patches
=== default behaviour
- Open the list (both opac and staff) on new tabs
=> SUCCESS: They look exactly the same (hint: the syspref is set to ''
   so it should fallback to using the one we were using.
=== using the new functionality
- Create custom XSLTs for lists, for example:
  $ cd /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/xslt
  $ cp MARC21slim2OPACResults.xsl MARC21slim2OPACLists.xsl
- Edit your sysprefs, setting OPACXSLTListsDisplay to:
  /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/{langcode}/xslt/MARC21slim2OPACLists.xsl
- Reload the OPAC list view
=> SUCCESS: Looks exactly as before
- Make some minor tweak (for example in line 423 replace
  <xsl:text> </xsl:text>
for
  <xsl:text> BLAH </xsl:text>
- Reload the list
=> SUCCESS: BLAH shows in several places on the title.
- Repeat for the staff interface
- Sign off :-D

So we can now set custom XSLTs for lists.

Sponsored-by: Carnegie Stout Library

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Deb Stephenson <DStephen@dubuque.lib.ia.us>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:30:30 +00:00
779fa7c6da Bug 16591: Fix CSRF in opac-memberentry
If an attacker can get an authenticated Koha user to visit their page
with the code below, they can update the victim's details to arbitrary
values.

Test plan:

Trigger
/cgi-bin/koha/opac-memberentry.pl?action=update&borrower_B_city=HACKED&borrower_firstname=KOHA&borrower_surname=test

=> Without this patch, the update will be done (or modification
request)
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Do some regression tests with this patch applied (Update patron infos)

QA note: I am not sure it's useful to create a digest of the DB pass,
but just in case...

Reported by Alex Middleton at Dionach.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:55:15 +00:00
0d690ca383 Bug 16707: Fix software error in OPAC password recovery when leaving form fields empty
The $search_results is considered as an arrayref but is not defined if
no patron matches the recovery infos.

Test plan:
- Set syspref OpacResetPassword to "Allow"
- Go to OPAC
- Click link "Forgot your password?
- On the following screen "Forgotten password recovery", do not fill in
  form fields, click "Submit"
=> Without this patch you got the software error
=> With this patch apply, you will get "No account was found with the
provided information."

Sign-off on counter patch.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:49:32 +00:00
f01720808a Bug 16593: Do not allow patrons to delete search history of others patrons
A malicious user can delete the search history of all other users by
correctly guessing the ID value assigned to the victim's search. As
searches are assigned values sequentially, an attacker could quickly
remove the searches belonging to all of the application's users.

To reproduce:
Login with patron A
launch a search
Note the id generated for this search history:
select id from search_history order by id desc limit 1;
Login with patron B
Hit /cgi-bin/koha/opac-search-history.pl?action=delete&id=<ID>
Note that the row is deleted in the DB

Test plan
Confirm that this patch fixes the issue.
The same test can be made at the staff interface

Reported by Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:47:29 +00:00
7d4844e171 Bug 16578: Fix wide character errors in opac-export.pl
This simple patch fixes wide character warning raised by opac-export.pl when
'MARC (Unicode/UTF-8)' and 'MARC (Unicode/UTF-8, Standard)' formats are chosen for downloading records.

To test:
- Have records indexed
- Open your OPAC logs:
  $ tail -f /var/log/koha/kohadev/opac-error.log
- Open the detail page in the opac for a record
- Choose Save record > MARC (Unicode/UTF-8)
=> FAIL: opac-export.pl: Wide character in print at /home/vagrant/kohaclone/opac/opac-export.pl line 116., referer: http://localh...
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> FAILE opac-export.pl: Wide character in print...
- Apply the patch
- Choose Save record > MARC (Unicode/UTF-8)
=> SUCCESS: No warnings raised.
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> SUCCESS: No warnings raised.
- Sign off :-D

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-10 16:49:43 +00:00
ab1beed06f Bug 16518: Fix Plack variable scoping problem in opac-addbybiblionumber.pl
The script opac/opac-addbybiblionumber.pl is not plack safe because the
variable @biblios is declared with our and is not assigned to an empty
array (so not reset).

The issue:
When trying to add items to a list (virtualshelf), the biblionumbers are
added to the @biblios variable and the list is not reset between each
run.

Test plan:
Check from records from the result list and add them
to a list.
Cancel or save and re-add them (or others) to a list (same or
different).
=> Without this patch, the list of records will never stop growing, the
previous items added are still listed when adding new ones.
=> With this patch, the behavior is the one expected.

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-06 17:30:33 +00:00
70498b1566 Bug 16476: Do not call CGI->param in list context, some more
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-16 17:11:46 +00:00
Marc Véron
a07db3537d Bug 15823: Redirect opac-discharge.pl to 404 page
See comment #17: Redirect to 404 in opac-discharge.pl and remove
message in template because with the redirect it will never be
reached.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-06 04:20:48 +00:00
c4eabeda0b Bug 16447: Remove occurrence of the borrow permission which does no longer exist
Bug 7976 has removed this permission, but other patches re-added it...
Note that the occurrences in sendbasket.pl, edithelp.pl, opac/svc/login should
have been removed by bug 7976.

Test plan:
  git grep 'borrow.*=> 1'
should not return any results.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-05-05 21:28:14 +00:00
49acdc73d3 Bug 15263: (QA followup) Use the new XSLTParse4Display everywhere
Edit: fixed catalogue/detail.pl and opac/opac-detail.pl so they use the right
XSLT syspref.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-04 13:40:35 +00:00
a484334fed Bug 15263: (QA followup) Make *shelves.pl use the new API
This patch makes the lists work as the search results for rendering on
XSLT-driven context. No behaviour change is expected.

To test:
- Apply the patch
- Navigate lists (OPAC and intranet)
=> SUCCESS: the only difference is speed (faster)
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-04 13:40:35 +00:00
a9274186b9 Bug 12528: redirect to 404 if at least 1 pref is off
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 17:54:10 +00:00
85e7d186ec Bug 16167: Remove Authorised value images prefs
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by
sysprefs.sql and does not appear in updatedatabase.pl, we could easily
imagine that nobody uses it.

With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set. Otherwise you need to turn
the XSLT off. In this case you will see the images on the result list
(OPAC+Staff interfaces) and OPAC detail page, but not the Staff detail
page.

This patch suggests to remove completely this feature as it does not
work correctly.

The ability to assign an image to an authorised value is now always
displayed, but the image will only be displayed on the advanced search
if defined.

Test plan:
Confirm that the authorised value images are no longer visible at the
opac and the staff interfaces.
The prefs should have been removed too.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:59:58 +00:00
78605bceb3 Bug 16041: Turn off StaffAuthorisedValueImages by default
This feature is enabled by default, but the users are not aware of it
and it costs a lot of time processing to get the images.

There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by sysprefs.sql and
does not appear in updatedatabase.pl, we could easily imagine that
nobody uses it.
With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set.
Otherwise you need to turn the XSLT off. In this case you will see the
images on the result list (OPAC+Staff interfaces) and OPAC detail page,
but not the Staff detail page.

The idea of this patch is to introduce a quick switch if the feature is
not used by the library.

Test plan:
1/ Turn the pref on and set authorised_values.imageurl to NULL
Execute the DB entry
=> The pref have been turned off
2/ Turn the pref on and set an image for an authorised value
Execute the DB entry
You will get a warning
3/ Turn the pref off and set an image for an authorised value
Execute the DB entry
You will get a warning
4/ Turn the pref off and set authorised_values.imageurl to NULL
Execute the DB entry
You won't get a warning

Note that the opac detail page now checks the pref before retrieving the
images.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed update message 'that means'.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:47:26 +00:00
Martin Persson
eca286349b Bug 14305: View arbitrary branch's news
This patch adds an input named 'branch' to opac-main.pl that
allows overriding the home library to view news from any branch.

This is part of the 'Use Koha as a CMS' development.

To reviewers: Does this create any security implications?
              The column is text; it is possbile to push SQL
              statemens into the DB via the opac-membership.pl
              page, but all the code there seems to use DBIx::Class
              and prepared statements. When attemped, accepting the
              changes were rejected because of the foreign key
              constraint placed on the main borrowers table.

It is recommended to use this patch in conjunction with 11584
which adds a WYSIWYG editor to System Preferences.

Test plan:
* Make sure your Koha installation has multiple branches:
  * Log in to the Staff interface and select 'Koha administration'
  * Select 'Libraries and groups', the first item in the list
  * Add an extra branch named 'BRANCH1':
    * Press the 'New library' button
    * Set 'Library code' to 'BRANCH1'
    * Enter an arbitrary name
    * Press 'Submit'

* Add at least two news items with different branches:
  * Log in to the Staff interface and select 'Tools'
  * Under 'Additional tools' select 'News'
  * On the 'Koha news' page, create a news item for all libraries:
    * Press the 'New entry' button
    * Set 'Library' to 'All libraries' and enter a title.
    * Press 'Submit'
  * On the 'Koha news' page, create a news item for one library:
    * Press the 'New entry' button
    * Set 'Library' to 'BRANCH1' and enter a title
    * Press 'Submit'

* Add links to OPAC to select branch:
  * Select 'System preferences' and then the 'OPAC' tab
  * Scroll down to the 'OpacNav' preference and click 'Click to Edit'
  * Create two hyperlinks with a parameter named 'branch':
    * '<a href="?branch=BRANCH1">BRANCH1</a>'
    * '<a href="?branch=">none</a>'
  * Click 'Save all OPAC preferences'

* Test OPAC:
  * By default, global news and news for home branch should show.
  * When clicking the 'BRANCH1' link, you should see global news
    plus news for the BRANCH1 branch.
  * When the parameter 'branch' is set but has no value,
    news from the home branch should be shown.

Issues: Tricky to create a link to the same page
        which removes existing paramters.

The user normally has a home branch set.
We can override it with the parameter.
If undefined, the home branch should be shown.

Sponsored-by: Halland County Library

http://bugs.koha-community.org/show_bug.cgi?id=14305

Changed 2015-12-14: Whitespace fix

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 12:44:08 +00:00
Martin Persson
497cd04df0 Bug 14305: View arbitrary branch's news, RSS fix
This fix changes the RSS link to reflect the URL paramter override.

This is less elegant than the existing solution which uses the
Branches TT module, perhaps there is a better way?

Sponsored-By: Halland County Library

Test plan:
* Follow instructions in the original patch but also check the
  URLs and contents of the RSS link at the bottom the OPAC page.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 12:44:07 +00:00
f0b60f712c Bug 16283 - Make OPAC registration captcha case insensitive
The OPAC registration captcha should not be case sensitive. This patch
was moved here from bug 9393.

Test Plan:
1) Enable patron self registration
2) Test the captcha by typing in the captcha in lower case. Registration
should still succeed.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 11:55:07 +00:00
b87af43c47 Bug 15533 [QA Followup] - All itemtypes for all items showing in OPAC multi-hold
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:05 +00:00
fc81ee5004 Bug 15533 - Allow patrons and librarians to select itemtype when placing hold
Some libraries would like the ability to select the itemtype to request
when placing holds. For example, if a record has 3 copies of BookA and 3
copies of BookA in large print, this feature would allow a person to
place a hold on the record, but still be able to target only the Large
Print edition so that the first Large Print copy that becomes available
is targeted, rather than forcing the patron to select a particular copy
to hold.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Create a record with items of two or more itemtypes
4) Place a record level hold on the record while choosing one particular
   itemtype
5) Check in an item from the record that is not of that itemtype
6) Notee it is not trapped for the hold
7) Check in an item from the record that does match the selected itemtype
8) Note the item is trapped for the hold

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:03 +00:00
a159d2b067 Bug 16154: CGI->multi_param - Assign a list
This patch replaces the occurrences of
  @foo = $cgi->param('foo');
with
  @foo = $cgi->multi_param('foo');

perl -p -i -e
's/^(\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00
f3e4b5bbb6 Bug 16154: CGI->multi_param - Force scalar context
This patch replaces the occurrences of
  $template->param( foo => $cgi->param('foo') );
with
  $template->param( foo => scalar $cgi->param('foo') );

perl -p -i -e 's/(\s*=>\s*)\$(cgi|input|query)\->param\(/$1scalar
\$$2\->param\(/xms' **/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00
ac5a1bfece Bug 16154: CGI->multi_param - Manual changes
This patch does the same as the previous one, but affects lines which
have not been caught by the regex.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00
66aacace08 Bug 16154: CGI->multi_param - Declare a list
This patch replaces the occurrences of
  my @foo = $cgi->param('foo');
with
  my @foo = $cgi->multi_param('foo');

perl -p -i -e
's/^(\s*my\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:42 +00:00
Jesse Weaver
37ea74669c Bug 12748: (QA followup) fix several tiny QA tools warnings
* admin/searchengine/elasticsearch/mappings.yaml:
    * Fix indentation so QA tools believe it's valid YAML
  * C4::AuthoritiesMarc: Remove tab character
  * C4::Search: Fix POD
  * Koha::BiblioUtils: remove "return undef"
  * Koha::Schema::Result::Search*: rename type to _type
  * Koha::SE::ES::Search:
    * Fix spelling/@_[0]
    * Add my to loop variable
    * Remove unused var $error
    * Add use Modern::Perl
    * Fix undefined variables
  * Koha::ES::Indexer: fix POD
  * Koha::SE::ES::QueryBuilder:
    * Don't define variables in conditionals
    * Fix POD
  * Koha::SE::Zebra::Search:
    * Fix debug warns/POD/barewords
    * Koha::SE::Zebra::Search: add use Modern::Perl
  * kohastructure.sql: remove old, unused elasticsearch_mappings table,
    add new tables
  * labels/label-item-search.pl: remove C4::Dates
  * opac/elasticsearch.pl: remove old file

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:13 +00:00
8d04291153 Bug 12478: Display facet terms ordered by number of occurrences
By default ES returns the facet terms ordered by most used, which makes
sense.

This patch removes resort done in the scripts (catalogue/search.pl and
opac/opac-search.pl) and moves it to the module.

For Zebra it's now done in C4::Search::getRecords, and there is no
change to expect (still alphabetically).

On the Elastic search side, we could imagine to let the library define
the order of the facets. The facet terms are now sorted by most used.

To test easily this change, turn on the displayFacetCount pref.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:12 +00:00
Robin Sheat
a792e84719 Revert "Bug 12478: Display facet terms ordered by number of occurrences"
This reverts commit cd4905c2969b067476881016d0b03271f0bcc7c8.

This commit caused an error in C4::Search::GetFacets when running in
zebra mode.

Conflicts:
	Koha/SearchEngine/Elasticsearch/Search.pm

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:12 +00:00
2de8fd9e33 Bug 12478: Take the FacetMaxCount pref into account
The system preference FacetMaxCount should work as expected with ES.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:11 +00:00
246f2dddaf Bug 12478: Display facet terms ordered by number of occurrences
By default ES returns the facet terms ordered by most used, which makes
sense.

This patch removes resort done in the scripts (catalogue/search.pl and
opac/opac-search.pl) and moves it to the module.

For Zebra it's now done in C4::Search::getRecords, and there is no
change to expect (still alphabetically).

On the Elastic search side, we could imagine to let the library define
the order of the facets. The facet terms are now sorted by most used.

To test easily this change, turn on the displayFacetCount pref.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:11 +00:00
Robin Sheat
2e79ea0f74 Bug 12478: allow more granular sorting configuration
This allows sorting to be configured within a field. For example, while
many values are included for search on author, sorting should only be
done on the main entry values. This permits that by have a sort value,
which can be true, false, or null. true and null are pretty much the
same, but false means that a field isn't available for sorting on. By
default (null), fields can be sorted on.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:08 +00:00
Robin Sheat
841cb93701 Bug 12478: paging is fixed now too
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:05 +00:00
Robin Sheat
b76d61a24b Bug 12478: authority paging works
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:05 +00:00
Robin Sheat
dfbe20e4dc Bug 12478 - more authorites
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:04 +00:00
Robin Sheat
0002bbc72a Bug 12478 - more authority searching
Queries are being built, but they seem to be wrong as no results are
returned.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:04 +00:00
Robin Sheat
05fa9bccb0 Bug 12478 - fix syntax errors so that stuff runs
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:04 +00:00
Robin Sheat
faa4e1f6ec Bug 12478 - authority work in progress
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:04 +00:00
Robin Sheat
0536ef37cc Bug 12478 - authorities can now be stored in ES
(Not fetched yet though.)

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:03 +00:00
Robin Sheat
7dbd13e66f Bug 12478 - pile of elasticsearch code
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:03 +00:00
Alex Arnaud
8c807b9466 Bug 16296 - Fix records displaying in virtualshelves
Test plan:
- Empty OPACXSLTResultsDisplay system preference,
- select a virtual shelf in the dropdown list "Lists" on navigation bar
  (Or create one and add records),
- check that records are correctly displayed (title, author, publisher
  etc...).

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Display is now correct
No errors

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-22 22:50:41 +00:00
ce47345c21 Bug 16317 - Attempt to share private list results in error
When sharing a private list, the the receiver of the share link will get
the following error when they are logged in and try to click the link:

DBIx::Class::Storage::DBI::_dbh_execute(): Unknown column 'sharedate
desc' in 'order clause' at /home/koha/kohaclone/Koha/Objects.pm line 150

Test Plan:
1) Create a private list
2) Share that list to another account
3) Log in as the other account
4) Click the link in the email you recieved
5) Note the error
6) Apply this patch
7) Click the link again
8) You should see no error and be able to view the list!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-22 22:47:34 +00:00
Henri-Damien LAURENT
05486da41f Bug 5979 : OPAC : using OPACISBD systempreference to display link
The OPACISBD system preference is used in order to be able to have one ISBD for OPAC another one for intranet.
But the link ISBD at OPAC was depending on the presence or absence of value in ISBD which is for intranet.
This patch fixes the behaviour to depend on the correct system preference at OPAC

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Verified that new system preference is added cleanly and
ISBD view can be configured independently for staff and OPAC
using OPACISBD and viewISBD system preferences.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 03:14:21 +00:00
e476be5568 Bug 12663 - SCOUserCSS and SCOUserJS ignored on selfcheck login page
Currently if not logged in when browsing to
http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl
You are redirected to opac-auth.tt and SCOUserCSS and SCOUserJS are not
loaded. This page passes through a parameter to the template to indicate
this is an SCO login and appropriate CSS and JS should be loaded.

Additionally this patch ensure that when loggin in using the form you
are redirected to the sco-main.pl instead of the patron account page for
the user.

To test:
1 - Verify that normal login works on both staff and opac
2 - Verify that SCO link goes to login page if AutoSelfCheckAllowed is
set to "Don't allow"
3 - Enter changes into SCOUserJS and SCOUserCSS and observe these are
present on SCO log in page with AutoSelfCheck disabled
4 - Verify that a logged in opac user without permissions cannot access
the self-checkout module
5 - Verify that AutoSelfCheckAllowed and associated system preferences
function as expected
6 - Verify the AutoSelfCheck user is logged out if they attempt to visit
another page

Followed test plan.
If I go to http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl, CSS and JS trigger already on
the login form, I suppose that is intended.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 00:57:44 +00:00
b679cac964 Bug 16179: Do not crash if "rate me" is clicked and not rate selected
If JS is disabled and a user clicks on the "Rate me" button, Koha will
crashes with:
DBIx::Class::ResultSet::create(): Column 'rating_value' cannot be null
at /usr/share/koha/lib/C4/Ratings.pm line 208

To avoid that, opac-ratings.pl will check if a rate has been selected.

Test plan:
Disable JS
On a record detail page, click on the "Rate me" button

TESTED PLAN:
1) go to /cgi-bin/koha/opac-ratings.pl?biblionumber=1
   -- kaboom as above.
2) apply patch
3) refresh
   -- either login screen (don't know why)
   -- or if already logged in, detail page.
4) koha qa test tool

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I tested successfully by temporarily removing the modification made by
Bug 16210.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-20 19:50:00 +00:00
b64e6be1c4 Bug 16157: Move the selected flag from GetAuthorisedValues to the templates
From C4::Koha::GetAuthorisedValues

    # TODO: the "selected" feature should be replaced by a utility function
    # somewhere else, it doesn't belong in here. For starters it makes
    # caching much more complicated. Or just let the UI logic handle it, it's
    # what it's for.

Indeed, it's not a job for a subroutine, the template should take care of that.
Note that a perf gain could be won with this patch \o/

Test plan:
- Edit an itemtype and check the value of the "Search category" dropdown list
- Edit a patron attribute type and check the value of the "Class" dropdown list
- Detail for a catalogue record, the Status column should be correctly
  populated if items are damaged and/or lost
- Item details for a catalogue record, the lost, damaged and withdrawn
  value should be correctly displayed
- Edit a patron, the "street type" should be correctly selected
- Create a patron attribute type linked to an authorised value list.
- Edit a patron, set a value for this attribute, edit it again. The
  correct value should be selected.
- Search for subscriptions. The 'Location' dropdown list should behave
  correctly (select the entry you have choosen before, etc.)
- Edit a subscription, the location dropdown list should select the
  correct value.
- Edit and view a suggestion with a 'reason for suggestion' set (you
  should have at least 1 OPAC_SUG AV defined)

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 00:16:09 +00:00
c564f30155 Bug 16169: Change prototype for C4::Biblio::TransformMarcToKoha
subroutines should not take $dbh in parameter.
C4::Biblio::TransformMarcToKoha has it and does not use it.

Test plan:
Look at the patch and confirm that all occurrences of
TransformMarcToKoha have been modified.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 00:04:21 +00:00
833afc1245 Bug 16198: Fix regression in OPAC suggestions
Introduced by
  commit d564d3732d
  Bug 15629: Koha::Libraries - Remove GetBranchInfo

If the branchcodesuggestedby is not defined, the find won't return
anything and ->branchname on an undefined value will raise
  Can't call method "branchname" on an undefined value at
  /home/katrin/kohaclone/opac/opac-suggestions.pl line 153.

Test plan:
-Staff
Create a patron
Use this patron to create a suggestion
Delete the patron

-OPAC
Logout and trigger opac/opac-suggestions.pl

Without this patch, you will get an error
With this patch applied, everything should be ok

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works ok following test plan
No errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-06 22:05:49 +00:00
Nicholas van Oudtshoorn
9472711921 Bug 10988 - Fix some wording Fix some outdated wording in googleopenidconnect
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:36 +00:00
Nicholas van Oudtshoorn
722a098eac Bug 10988 - Fixes for comments 57 and 58
Test Plan (remains the same):
     0) Back up your database
     1) Apply all these patches
     2) In your mysql client use your Koha database and execute:
        > DELETE FROM systempreferences;
        > SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
        -- Should be no errors.
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see 4 entries.
        > QUIT;
     3) Restore your database
     4) Run ./installer/data/mysql/updatedatabase.pl;
     5) In your mysql client use your Koha database and execute:
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see the same 4 entries.
     6) Log into the staff client
     7) Home -> Koha administration -> Global system preferences
     8) -> OPAC
        -- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
     9) -> Administration
        -- There should be a 'Google OAuth2' section with the ability
           to set those 4 system preferences.
    10) In a new tab, go to https://console.developers.google.com/project
    11) Click 'Create Project'
    12) Type in a project name that won't freak users out, like your
        library name (e.g. South Pole Library).
    13) Click the 'Create' button.
    14) Click the 'APIs & auth' in the left frame.
    15) Click 'Credentials'
    16) Click 'Create new Client ID'
    17) Select 'Web application' and click 'Configure consent screen'.
    18) Select the Email Address.
    19) Put it a meaningful string into the Product Name
        (e.g. South Pole Library Authentication)
    20) Fill in the other fields as desired (or not)
    21) Click 'Save'
    22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
        (http://library.yourDNS.org)
    23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
        googleoauth2 script
        (http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
    24) Click 'Create Client ID'
    25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
        system preference.
    26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
        system preference.
    27) Change the GoogleOpenIDConnect preference to 'Use'.
    28) Click 'Save all Administration preferences'
    29) In the OPAC, click 'Log in to your account'.
        -- You should get a confirmation request, if you are
            already logged in, OR a login screen if you are not.
        -- You need to have the primary email address set to one
           authenticated by Google in order to log in.
    30) Run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:35 +00:00
da052b3d10 Bug 16129: Remove URL::Encode dependency
This patch makes the PayPal integration feature independent from the
URL::Encode library, which is absent in some supported distributions.

It uses the URI package which is already a Koha dependency.

To test:
- Apply the patch
- Notice there are no deps for URL::Encode
- Follow the steps from the original patch
=> SUCCESS: It works as expected
- Sign-off :-D

Note: I deleted the line in which $amount_to_pay was url-encoded, because that's
one of the things query_form does (and the variable is only used as a parameter to it).

Sponsored-by: ByWater Solutions

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 18:48:18 +00:00
Martin Persson
ead5b9c0e2 Bug 14257 - Add show_attributes to GetPatronInfo
This patch adds the ability to query the extended patron
attributes via the ILSDI web service's GetPatronInfo service.

Example: ilsdi.pl?service=GetPatronInfo&patron_id=3&show_attributes=1

A new element <attributes> will be added if there
are any attributes available from the database.

We need to discuss the security implications of showing the
attributes. At present it will allow querying of non-public
(OPAC-visible) information. We might want to change this.

Sponsored-By: Halland County Library

Test plan:

* Configure Koha to make use of extended attributes:
  Under 'Administration' -> 'Global system preferences' ->
  'Patrons' tab -> Set 'ExtendedPatronAttributes' to 'Enable',
  press save and switch to 'Web services' tab.

* Enable the ILS-DI service:
  Under 'Administration' -> 'Global system preferences' ->
  'Web services' tab -> 'ILS-DI' section:
  Set 'ILS-DI' to 'Enable' and save.

* Create an attribute to query:
  Under 'Administration' -> 'Patrons and circulation' ->
  'Patron attribute types' press 'New patron attribute type':
  Enter a type code, like 'DOORCODE', description and assign
  a category that your test patron is a member of, then save.

* Set value for test user:
  Locate the test patron, the new attribute should be listed
  under 'Additional attributes and identifiers'.
  Click 'Edit' and assign a value, like '1337' and save.

* Query the ILS-DI service:
  http://127.0.1.1/cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=1&show_attributes=1
  The output XML should have an element named 'attributes'
  containing the data you entered.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 20:31:06 +00:00
3fa2b10150 Bug 14076: Do not use CGI->param in list context - opac-authorities-home.pl
See bug 15809 for more info on why we should not use CGI->param in list
context.

Note: I have not found any places where several values for the same
params are passed to this script but, just in case, this patch won't
change this ability.

Test plan:
Do an authority search at the OPAC
Test with several values of the form.
Confirm that the results are always the same before and after this
patch.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-25 21:28:06 +00:00
6303016736 Bug 16143: Make opac-shelves.pl generate OPAC itype images path
This patch makes icons point to the OPAC path instead of intranet's.

To test:
- On current master/3.22.x
- Have some itemtypes with icons set
- Have some biblios matching the itemtypes
- Add them to a public list
- Do a search in the OPAC for any of those biblios
=> SUCCESS: icons show correctly
- Choose the list
=> FAIL: icons fail to show, URL points to /intranet-tmpl/....
- Apply the patch, reload
=> SUCCESS: icons show correctly
- Sign off :-D

Sponsored-by: American Numismatic Society

NOTE: I had to set item-level_itypes to 'biblio record'
      in order to trigger this. My icon's showed, but the
      path was wrong. This patch corrects it.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 15:34:38 +00:00
charles
db0ecc3cc5 Bug 15585 - Move C4::Passwordrecovery to the new namespace Koha::Patron::Password::Reset
As promised, here is the long-awaited sequel to #8753.

What has changed :

    - The Koha::Patron::Password::Reset is now used in place of C4::Passwordrecovery
    - That ugly shift-grep contraption is no more (goodbye old friend)
    - The generated unique key won't end in a dot anymore

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-22 23:08:21 +00:00
cf04868450 Bug 14306: Remove call to GetMarcNotes from sendshelf
Just as mentioned in the first patch for sendbasket, I discovered that
the call of GetMarcNotes is not really used in sendshelf. The array is
passed to the template, but the template does not use it. (It uses the
information from GetBiblioData.)

Test plan:
[1] Send a list that includes a record with some notes (opac and staff).

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:58:33 +00:00
caae161a4e Bug 14306: Show URL from MARC21 field 555$u under Title Notes/Descriptions
This patch includes:
[1] Add some logic to GetMarcNotes to embed the contents of MARC21 field
    555$u in a html anchor tag.
[2] Add a unit test for GetMarcNotes in Biblio.t
[3] Remove calls to GetMarcNotes from sendbasket.pl (opac and staff).
    A closer look revealed that the data was not used; the notes in the
    mail of sendbasket are taken from GetBiblioData.

Test plan:
[1] Edit a record. Add one or two URLS in 555$u. Add something in 500$a too.
[2] Check if you can click the URLs in opac and staff detail tab Notes or
    Descriptions.
[3] Run the unit test t/db../Biblio.t
[4] Add something in the cart. Click More Details and send the cart.
    Verify that you have something in Notes (from 500$a).

Signed-off-by: Marc Veron <veron@veron.ch>
Followed test plan. Works as expected. QA tools OK.

Tested with all patches together, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:58:32 +00:00
2237e0f871 Bug 5404: C4::Koha - remove subfield_is_koha_internal_p
The commit b5ecefd485
Date:   Mon Feb 3 18:46:00 2003 +0000

had a funny description:
Added function to check if a MARC subfield name is "koha-internal"
(instead of checking it for 'lib' and 'tag' everywhere); temporarily
added to Koha.pm

"Temporarily", since 2003, everything is relative, isn't it? :)

The thing is that GetMarcStructure returns hash like

field_200 => {
    subfield_a => {
        %attributes_of_subfield_a
    },
    %attributes_of_field_200
}

The attributes for field_200 can be 'repeatable', 'mandatory', 'tag', 'lib'.
We don't want to loop on these values when looping on subfields.
Since there are just { k => v } with v is a scalar (string), it's easier
to test if we are processing a subfield testing the reference.

At some places, we don't need to test that, we are looping on values
from MARC::Field->subfields which are always valid subfields.

Test plan:
1/ Edit items using the batch item mod tool
2/ display and edit items via the cataloguing module.

You should not see any changes between before and after the patch
applied.

Tech notes:
We need to check what we are processing when we loop on 'subfields' from
GetMarcStructure, not from MARC::Field->subfields.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:30:09 +00:00
59bef628b6 Bug 15084 [QA Followup] - Fix new uses of GetCurrency
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-07 13:33:43 +00:00
545b64f869 Bug 15635: Koha::Patron::Images - Remove GetPatronImage
To retrieve a patron image, we can call Koha::Patron::Images->find or
Koha::Patrons->find->image
Both will return a Koha::Patron::Image object.

Test plan:
1/ From the patron/member module, open all tabs on the left (Checkouts,
detail, fines, etc.)
The image should be correctly displayed.
2/ At the OPAC, on the patron details page (opac-memberentry.pl) the
image should be displayed as well.
3/ Same on the sco module.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-04 12:54:15 +00:00
77e1e7c4ef Bug 15548 [QA Followup] - More new uses of Koha::Borrower
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-03-03 14:39:00 -07:00