Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It defaults to 0 in get_template_and_user
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds two preferences
1. AllowPatronToSetFinesVisibilityForGuarantor: Allow/Don't allow patrons to choose their own privacy settings for showing the patron's fines to the patron's guarantor
2. AllowStaffToSetFinesVisibilityForGuarantor: Allow/Don't allow staff to set the ability for a patron's fines to be viewed by linked patrons in the OPAC
Also adds a tinyint, non nullable, default to 0 column in borrower and deletedborrower named privacy_guarantor_fines.
1. privacy_guarantor_fines = 0 => don't allow guarantor to see guarantee's fines
2. privacy_guarantor_fines = 1 => allow guarantor to see guarantee's fines
To test:
1) git reset --hard master
2) apply patches (including dependencies)
3) perl installer/data/mysql/updatedatabase.pl
4) dbic
5) restart_all
6) in intranet search for AllowPatronToSetFinesVisibilityForGuarantor and AllowStaffToSetFinesVisibilityForGuarantor preferences
SUCCESS => both preferences should be present
7) search for a patron with guarantor
SUCCESS => in details tab, in "Library use" section you should see a row labeled "Show fines to guarantor"
8) edit
CHECK => in Guarantor information there is no "Show fines to guarantor" select
9) set AllowStaffToSetFinesVisibilityForGuarantor preference to "Allow"
10) return to patron with guarantor and edit
SUCCESS => in Guarantor information section there is a "Show fines to guarantor" select
11) change "Show fines to guarantor" select to "Yes" and save
SUCCESS => Value is saved
12) go to details tab
SUCCESS => in "Library use" section you see a row labeled "Show fines to guarantor" with value "Yes"
13) set OPACPrivacy preference to "Allow"
14) open 2 opacs, one with a patron that has a guarantor and another that hasn't and go to "your privacy" tab.
CHECK => in both opacs you should not see a "Allow your guarantor to view your current fines?" select
15) in intranet set AllowPatronToSetFinesVisibilityForGuarantor to "Allow"
16) refresh both opacs
SUCCESS => in Patron that has guarantor you see a "Allow your guarantor to view your current fines?" select
=> in Patron without guarantor you don't see a "Allow your guarantor to view your current fines?" select
17) in Patron with guarantor change value of select and save
SUCCESS => Value is saved
18) in intranet set OPACPrivacy preference to "Don't allow" and AllowPatronToSetFinesVisibilityForGuarantor to "Don't allow"
19) got to "your personal details" in both opacs
CHECK => in both opacs you should not see no Privacy section with a "Allow your guarantor to view your current fines?" select
20) in intranet set AllowPatronToSetFinesVisibilityForGuarantor to "Allow"
21) refresh both opacs
SUCCESS => in Patron that has guarantor you see a "Allow your guarantor to view your current fines?" select in a Privacy section
=> in Patron without guarantor there is no Privacy section
22) in Patron with guarantor change value of select and update
SUCCESS => Value is saved
23) Sign off
Signed-off-by: Agustin Moyano <agustinmoyano@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
User views the "Your privacy" -page, it shows "No reading history to
delete", even when the user has history.
Test plan:
- Turn OPACPrivacy on
- Go to opac-privacy.pl
- Click the "Immediate deletion button" to delete the reading history
=> If the patron has reading history you must get "Your reading history has been deleted."
Otherwise "No reading history to delete"
Note that this patch reintroduce the "something went wrong" message if
the deletion failed for whatever reason.
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
From opac-privacy.pl:
# delete all reading records for items returned
# uses a hardcoded date ridiculously far in the future
my $rows = eval {
Koha::Patrons->search({ 'me.borrowernumber' => $borrowernumber })->anonymise_issue_history( { before => '2999-12-12' } );
};
It sounds better to make this before parameter not mandatory, and remove the condition from the sql query if it is not passed.
Test plan:
1. Anonymise your reading history at the OPAC.
2. Confirm that all your reading history has been anonymised
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The C4::Members::GetBorrowersWithIssuesHistoryOlderThan subroutine is supposed
to return the patrons with an issue history older than a given date.
It would make more sense to return a list of Koha::Patrons.
On the way, the code from AnonymiseIssueHistory will be moved as well to
anonymise_issue_history.
Note that these 2 subroutines are strongly linked: one is used to know the
number of patrons we will anonymise the history, the other one is used to
anonymise the issues history. The problem is that the first one is not used to
do the action, but only for displayed purpose.
In some cases, these 2 values can differ, which could be confusing.
Case 1:
The logged in librarian is not superlibrarian and IndependentBranches is set:
if 2+ patrons from different libraries match the date parameter, the interface
will display "Checkout history for 2 patrons will be anonymized", when actually
only 1 will be.
Case 2:
If 2+ patrons match the date parameter but one of them has his privacy set to
forever (privacy=0), the same issue will appear.
This patch moves the code from C4::Members::GetBorrowersWithIssuesHistoryOlderThan
to Koha::Patrons->search_patrons_to_anonymise and from
C4::Circulation::AnonymiseIssueHistory to
Koha::Patrons->anonymise_issue_history
Test plan:
1/ Confirm the 2 issues and make sure they are fixed using the Batch
patron anonymization tool (tools/cleanborrowers.pl)
2/ At the OPAC, use the 'Immediate deletion' button to delete all your
reading history (regardless the setting of the privacy rule)
3/ Use the cronjob script (misc/cronjobs/batch_anonymise.pl) to
anonymise patrons.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The 'borrower' should not be used anymore, especially for new code.
This patch move files and rename variables newly pushed (i.e. in the Koha
namespace).
Test plan:
1/
git grep Koha::Borrower
should not return code in use.
2/
Prove the different modified test files
3/ Do some clicks in the member^Wpatron module to be sure there is not
an obvious error.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as described. Tested with Circulation, Members/Patrons, Discharge,
Restrictions modules and the must common functionalities
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Same as previously.
For these files it's a bit less obvious.
To make sure these changes won't introduce any regression, check that
the variable returned by GetMember is never used to get something
else than a borrower fields.
The 'flags' should not be get neither.
For opac-user.tt it's different, other keys are got but there are defined
in the pl script.
On the way:
- 'showname' is removed (never used)
- fix scope var issue in opac-user.tt (BORROWER_INF.OPACPatronDetails vs
OPACPatronDetails)
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In order no to slow too much the browsing, it is certainly not a good
idea to add this cache-control value for all pages at the OPAC.
This patch just adds where the author found it could be useful.
Test plan:
1/ Login at the OPAC
2/ Go on the account page (opac/opac-account.pl)
3/ Click log out
4/ Use the back button of your browser
Without this patch you will see the previous page.
With this patch, the previous page will be reloaded and you will be
redirected to the login form.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Test plan: See Bugzilla.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The borrow permission was used but uselessly.
For instance, at the opac, the flagsrequired parameter was set to
'borrow' but the 'authnotrequired' was set also (which means no auth
required).
At the end, this permission was used at only 1 place: for the basket,
intranet side.
This can be replaced with the catalogue permission (which is used to
search).
Test plan:
1/ Confirm that you are able to show/download/sent the cart (intranet side)
with the catalogue permission.
2/ At the OPAC, you should be able to access the same pages as before
with any other permissions.
Concretely it is quite difficult to test this patch, you should have a
look at the code.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If the OPACPrivacy system preference is turned off it is still possible
to navigate directly to the OPAC privacy page if you know the URL. This
patch adapts the fix for Bug 10595 (OpacTopissue page still
accessible when system preference is turned off) for opac-privacy.pl
Because the OPACPrivacy preference is irrelevant if opacreadinghistory
is not turned on, the patch adds a check for both to determine whether
the page should be accessible.
Log in to the OPAC and test under the following conditions:
- OPACPrivacy is turned off, opacreadinghistory is turned off. Navigate
directly to /cgi-bin/koha/opac-privacy.pl. You should get a 404
error.
- OPACPrivacy is turned off, opacreadinghistory is turned on. Navigate
directly to /cgi-bin/koha/opac-privacy.pl. You should get a 404
error.
- OPACPrivacy is turned on, opacreadinghistory is turned off. Navigate
directly to /cgi-bin/koha/opac-privacy.pl. You should get a 404
error.
- OPACPrivacy is turned on, opacreadinghistory is turned on. A link to
both "your reading history" and "your privacy" should appear in the
left-hand sidebar menu. Both pages should work.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes tests and qa script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.
This patch changes the occurences of '.tmpl' in favour of '.tt'.
To test:
- Apply the patch
- Install koha, and verify that every page can be accesed
Regards
To+
P.S. a followup will remove the glue code.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Remedied by:
- in Circulation.pm changing AnonymiseIssueHistory so that it returns ($rows, $err_history_not_deleted) instead of $rows
- consequential change to misc/cronjobs/batch_anonymise.pl to handle updated return value, and fail if there is an error
- consequential change to tools/cleanborrowers.pl although this still fails silently (raised as bug 9944)
- update of opac-privacy.pl to check return value and pass on error
- update of opac-privacy.tt to display error if appropriate
Note bug 9942 remains unfixed, which is a similar issue upon issue return.
To test:
1. OPAC
- enable privacy mode (preference OpacPrivacy)
- leave anonymous patron set to zero (preference AnonymousPatron)
- attempt to delete user history
- observe error
- check history - still there
- change anonymous patron to a valid user
- attempt to delete user history
- observe success message
- check history - gone
2. cleanborrowers.pl
- test it functions as before. bug 9944 has been raised for it continuing to silently fail.
3. batch_anonymise.pl
- enable privacy mode (preference OpacPrivacy)
- leave anonymous patron set to zero (preference AnonymousPatron)
- run script (I use --days -1 for testing)
- script should fail with a Carp message
- change anonymous patron to a valid user
- run script as before
- script returns quietly
- check history - gone
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Reimplements Paul Poulain's original OPAC Privacy patch, with some minor improvements and changes to wording
If the library enables the OPACPrivacy system preference along with the opacreadinghistory preference, and sets
an AnonymousPatron (must be a valid patron number in the database), the user will see a new tab upon login to
the OPAC, My Privacy. From there, the user can:
- Set their OPAC Privacy to one of three values
0 - Forever. This keeps their reading history unless they explicitly delete it; the bulk anonymiser won't touch it
1 - Default. Keep reading history until either they delete it or the library does
2 - Never. Instantly anonymises reading history upon item return
- Instantly delete their reading history
There is a warning and a popup to confirm. I've removed Paul's extra confirm checkbox, which seemed redundant
A note of which preference the patron has selected is added to the Patorn Details page in the staff client. This is read-only.
This patch also consolidates Privacy system preferences into the Privacy section of the OPAC tab.
Thank you to BibLibre for the original implmentation of this patch, and Los Gatos Public Library for funding and
testing the reimplementation.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>