We add a section for the GDPR consent in opac-memberentry (only for the
self-registration). Not when editing personal details.
Test plan:
[1] Enable selfregistration (with confirm) and GDPR policy.
[2] Register a new account in OPAC. Verify that the GDPR checkbox is
required.
[3] After you submit, you should see a date in borrower_modifications
field gdpr_proc_consent.
[4] When you confirm, verify that the consent is visible on your consents.
[5] Enable selfregistration without confirmation mail. Register again.
[6] Check your consents tab again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a consents tab to the OPAC user account menu. We now
add a GDPR section here, but it is open for future extensions. Think of
a newsletter checkbox for instance.
Script opac-patron-consent handles the tab. And now only includes some
GDPR code but is also written for more general use too.
Test plan:
[1] Set GDPR_Policy pref to Disabled. Verify that OPAC operates as usual.
[2] Set pref to Permissive. Try to save a consent or a refusal. Note that
you are not logged out when saving a refusal.
[3] Set pref to Enforced. Save a refusal. You should be logged out.
Log in again and verify that the consents tab shows a No.
Note: a follow-up patch will add further enforcements.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
0) Do not apply the patch
1) Set PatronSelfRegistration to Allow
2) Set PatronSelfRegistrationVerifyByEmail to Require
3) Try to create a account using self registration and verify it (use link
in e-mail or take the url from table mesage_queue ;)
The verificatin url return ISE - DBIx::Class::Row::store_column(): No
such column 'timestamp' on Koha::Schema::Result::Borrower
4) Apply the patch
5) Try to acces the verification url again - now it should work
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
As requested by QA, we should move may_article_request out of Biblio.
For reasons of performance removed the wrapper layer of may_article_request
in opac-search. No need to look up all item types. For readability kept
the routine in the detail scripts.
Note for running ArticleRequests.t: A possible failure on the subtest
'search_limited' is addressed on bug 20866. So you can ignore that one.
As long as the subtest for may_article_request passes.
Test plan:
See previous patches.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Before this patch, the 'Request article' link is displayed whenever the
pref is enabled. In many cases this might be useless. Instead of a guess
as in opac-search, we now call can_article_request to know for sure.
Note: at least this is the case when a user has logged in.
Update sidebar template with template variable artreqpossible.
Add code in opac-detail, MARCdetail and ISBDdetail to fill it.
Test plan:
[1] Look for two biblios with items: one that should allow article requests
and one that should not (respecting branch, patron, item type).
[2] Verify on detail, ISBD and MARC that the link is displayed for
the first biblio and hidden for the second biblio.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
If you enable pref ArticleRequests, until now all search results got the
'Request article' link. This patch tries to improve the situation by
using the new sub with the itemtype of the search result.
In most cases the number of links will drastically decrease. It may still
be possible sometimes that a link is shown while it effectively is not
possible, but we do not get the performance burden of determining that and
going through all items.
Test plan:
[1] Look for two borrowers P1 and P2 within categories C1 resp. C2.
[2] Look for two biblios B1 and B2 with default item types I1 resp. I2.
(See 942c in case of MARC21.)
[3] Make sure that no circ rules allow article requests. Enable the pref.
[4] Add/modify circ rule category=C1, itemtype=I1, art_req=yes.
Log out. Search for B1 and B2, verify that only B1 has AR link.
Log in as P1. Verify that only B1 has AR link.
Log in as P2. Verify that no biblio has AR link.
[5] Add/modify circ rule category=C2, itemtype=I2, art_req=item_only.
Log out. Search for B1 and B2, verify that both have AR links.
Log in as P1. Verify that only B1 has AR link.
Log in as P2. Verify that only B2 has AR link.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
-1. Have access to your browser's developer tools in order to modify <select>
dropdown values
1. Go to cgi-bin/koha/admin/branches.pl
2. Configure one of your libraries to "Pickup location" => "No". Remember the
branchcode of this library!
3. Go place a hold in OPAC
4. See the provided "Pick up location" list
5. Observe the library that you configured is not present in the list
6. You should see another library selected by default. Right click that and
in Firefox/Chrome click "Inspect element"
7. You should see a list of <option value="xxxx">blabla</option> elements
8. Double click between value (xxxx in above example) and replace the value
with the branchcode you remember from step 2.
9. Place the hold
10. Observe that you are taken to cgi-bin/koha/opac-user.pl but your hold
was not successful.
11. Go back to place a hold and this time do not modify any values.
12. Observe that a hold is now placed.
Signed-off-by: Koha Team AMU <axelle.clarisse@univ-amu.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch moves generation of the OPAC detail page's results browser
from JavaScript to the template. This makes the template easier to
understand and easier to debug. It also makes it possible for the widget
to be completely non-dependent on JavaScript.
To test, apply the patch and regenerate the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client)
- Enable the OpacBrowseResults system preference and perform a search
in the OPAC which will return multiple results.
- Click on any title in the first page of search results.
- On the bibliographic detail page there should be a "Browse results"
link in the right-hand sidebar just as before.
- Test that the "Previous," "Back to results," and "Next" links work
correctly.
- Click the "Browse results" link. A list of the first 20 search
results should appear. An arrow should indicate the title you're
viewing.
- Click any title in the results browser. The page should correctly
load that record.
- Clicking the numbered links at the top of the results browser
should do the same.
Signed-off-by: Cab Vinton <bibliwho@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Use of uninitialized value in split at
/home/vagrant/kohaclone/opac/opac-user.pl line 78.
Use of uninitialized value $search_query in string ne at
/home/vagrant/kohaclone/opac/opac-user.pl line 367.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In the staff client, when viewing the content of a list, it can be sorted by 'title', 'author' or 'call number' but not by 'date added'.
This patch adds 'date added' as an option for default sorting of lists. It also makes it available as a sorting option while viewing lists.
Test plan:
In the staff client and the opac:
1) View a list containing several items
=> Notice that you can't sort by 'date added'
2) Try to edit the list or create a new one
=> Notice you can't choose date added as the default sort order
3) Apply the patch
4) When viewing the list you should now be able to sort by date added
=> Make sure it orders correctly
5) Edit or create a list and choose date added as default sorting order
=> Make sure it uses date added as default
=> On the staff client: test that the filter for 'sort by' works for date added
=> On the opac: test that, while viewing the contents, choosing 'default sorting' in the dropdown menu sorts correctly
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
it also removes 'category_type' and 'description' from a couple of
opac scripts, they are not needed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We need to search for uri defined for the itemnumber we passed in
parameter.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Caused by
commit 51b6cf2aaf
Bug 19847: Track links within the records and 404 for others
We should also accept uri stored in items.uri (952$u)
Test plan:
- Turn on TrackClicks
- Defined uri for some items
- At the OPAC click on the link (from opac-detail.pl)
=> Without this patch you will get 404 (redirected from tracklinks.pl)
=> With this patch applied you will be redirected correctly and the
linktracker will be filled correctly
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: John Doe <you@example.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a user permission for managing issue notes, and a 'noteseen'
column to the issues table.
To test:
1) Apply Bug 14224 first
2) Apply this patch, update database, rebuild schema.
3) Restart koha-common and memcached
4) Turn on AllowCheckoutNotes syspref if haven't already
5) Issue two items to two different users (one item each)
6) Log into the OPAC as one of the users and add an issue note to their
issue
7) Log out and log back into the OPAC as the other user
8) Disable Javascript
9) Refresh opac-user.pl
10) Leave a checkout note on their issue
11) Enable javascript and log into the Staff Client as a superlibrarian
user
12) Go to your user's account and edit their permissions to have
everything ticked EXCEPT circulate->manage checkout notes.
13) Go to main intranet page. There should be no message saying
'checkout notes pending'.
14) Go to circulation home page. There should be no link to Checkout notes.
15) Go back to user's permissions and tick circulate->manage checkout notes.
16) Go back to main intranet page. There should now be a message at the
bottom saying 'Checkout notes pending: 2'
17) Go to circulation home page. There should be a link to Checkout notes
with a 2 next to it. Click this link
18) Attempt to mark an checkout note as seen. This should update the status
of the checkout note to 'seen' and disable to 'mark as seen' button while
enabling the 'mark as not seen' button.
19) Test both buttons with both issues.
20) Test select all and clear all buttons
21) Confirm that buttons at the bottom are only enabled if a checkbox is
checked
22) Try selecting both issues and using the buttons at the bottom to
mark multiple issue notes at once.
23) Confirm the barcode link to the item works as expected.
24) Confirm the cardnumber link to the user works as expected.
25) Confirm all table details show correctly.
Sponsored-by: Catalyst IT
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Remove self-checkout permissions
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
But actually we could remove it if it does not make sense for other use.
Callers could deal with it since the password is not generated here
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
I am not sure I understood the point of this subroutine.
Did I miss something here?
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
On OPAC, a user can requested a discharge even if one is already pending.
This generates several pending discharges in staff interface that can not be deleted.
This is because request operation leads to page 'opac-discharge.pl?op=request' and user can refresh this page performing a new request.
Perl code must check that operation is allowed.
Patch reoganised the code so that the following FIXME is obsolete :
'FIXME looks like $available is not needed'
Patch also replaces 'op' arg test to also check undef : input->param("op") // ''
Test plan :
1) Set system preference 'useDischarge' to 'Allow'
2) Choose a patron without checkouts nor fines nor restrictions
3) Log at OPAC and go to patron page /cgi-bin/koha/opac-user.pl
4) Click on 'ask for a discharge' tab
=> You see /cgi-bin/koha/opac-discharge.pl
with text 'What is a discharge? ...'
5) Click on 'Ask for a discharge' link
=> You see /cgi-bin/koha/opac-discharge.pl?op=request
with text 'Your discharge request has been sent ...'
6) In a new browser tab/page, go to intranet on /cgi-bin/koha/members/discharges.pl
=> You see one discharge requets for the patron
7) Come back to OPAC and refresh page
=> You see /cgi-bin/koha/opac-discharge.pl
with text 'Your discharge will be available on this page within a few days.'
8) Come back to intranet and refresh /cgi-bin/koha/opac-discharge.pl
=> There is still one requets for the patron
9) Come back to OPAC and enter URL /cgi-bin/koha/opac-discharge.pl?op=get
=> You see /cgi-bin/koha/opac-discharge.pl
with text 'Your discharge will be available on this page within a few days.'
10) Come back to intranet and refresh /cgi-bin/koha/opac-discharge.pl
=> There is still one requets for the patron
11) Click on 'allow' on patron discharge request
12) Come back to OPAC and refresh /cgi-bin/koha/opac-discharge.pl
=> You see link 'Get your discharge'
13) enter URL /cgi-bin/koha/opac-discharge.pl?op=request
=> You see same page and no new discharge requets is created
14) Come back to intranet on patron details page
15) Remove the discharge restriction
16) Come back to OPAC and refresh /cgi-bin/koha/opac-discharge.pl
=> You see text 'What is a discharge?...'
17) enter URL /cgi-bin/koha/opac-discharge.pl?op=get
=> You see same page and no new discharge requets is created
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This avoid hardcoding '10000' in two different places and allow users to
adjust this setting.
Also, this patch fixes a bug when the search return less than 10000
results
Test plan:
1. Do a search that returns 10000+ records.
2. Note the warning above the pagination buttons
3. Go to the last page, no error
4. Change the ES setting:
curl -XPUT http://elasticsearch/koha_master_biblios/_settings -d \
'{"index": {"max_result_window": 20000}}'
5. Do another search that returns more than 10000 but less than 20000
6. Note that the warning does not show up
7. Go to the last page, still no error
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
https://bugs.koha-community.org/show_bug.cgi?id=19502
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch is to avoid hitting an error page. We should eventually make the
max number returned configurable for ES.
To test:
1 - Have Koha running ES with 10,000+ records
2 - Search for '*'
3 - Click 'Last' to view last page of results
4 - 'Cannot perform search' error
5 - Apply patch
6 - Search again
7 - View 'Last' page
8 - No error, you go to the last of 10000
9 - Note the warning above the pagination buttons
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Ultimately we should probably remove name access as it is not a unique
id, but this should preserve existing behaviour
To test:
Create a report
Use the service link to confirm the report runs
Replace id=# parameter with name=XXXXXX
Confirm URL works
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Note: We should not remove the param "name", it's a feature, see bug 8256.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - prove t/db_dependent/Reports/Guided.t
2 - grep "get_saved_report" - ensure there are no occurences of the
singular form
3 - create, save, edit, and convert a report
4 - access a public report and report json from opac and staff client
5 - Ensure all function as expected
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch is a fresh attempt at redirecting back to search
results after logging in on opac-search.pl
To test:
- Perform an OPAC search
- Login on opac-search.pl with the search results displayed
- The page is redirected to opac-user.pl
- Log out
- Apply the patch
- Perform a new OPAC search
- Note the URL query string
- Login on opac-search.pl with the search results displayed
- The opac-search.pl page should be displayed with the correct
query string and the page should indicate a logged in status
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Followed the test plan and the patch works.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
0) Do not apply the patch
1) Have an overdue fine linked with specific item currently checked out
to your patron
2) Do not have any unpaid rental fees
3) Go to this patron profile in opac - page opac-user.pl
4) The page crashes with "Can't call method "get_column" on an undefined
value at
/usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 217" in log
5) Apply the patch
6) Restart plack
7) The page should working and show the right amounts for fines
Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In the last patches of bug 16735, we completely broke the feature!
The limit is using library_groups.id instead of branches.branchcode.
Test plan:
Create a group of library with the search feature
Search (OPAC and staff interfaces) using this limit
=> Without this patch you will see that the generated search query does
not contain branchcodes
=> With this patch applied you will see the branchcodes
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
If $borrowernumber is not set, there is no userenv.
So let's pick the library code set in the userenv instead of fetching
the Koha::Patron->branchcode from DB
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Some code executed in the script opac-suggestions.pl if the system preference AllowPurchaseSuggestionBranchChoice is enabled assumes there is a logged in user. If there is not, patrons will see the error "Internal Server Error".
Test Plan:
1) Enable AllowPurchaseSuggestionBranchChoice
2) Enable AnonSuggestions
3) In the OPAC, perform a search that will have no results,
click the "Make a purchase suggestion" link.
4) Note the error
5) Apply this patch
6) Reload the page
7) The page should load now!
Signed-off-by: Pierre-Luc Lapointe <pierreluc.lapointe@inLibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Easy change, should be able to verify with code review or testing with
dummy values
To test:
1 - Put some values in baker and taylor prefs (don't need to be valid)
2 - Do a search on the opac (and have some items with isbns)
3 - Inspect the cover images links to ensure they are formed correctly
4 - prove -v t/External/BakerTaylor.t
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If PatronSelfRegistrationVerifyByEmail and
PatronSelfRegistrationEmailMustBeUnique are set, it should not be
possible to register twice with the same email.
However the test is made on already created patron cards when the
registration is done.
Which means it is possible to register several times with the same
email address and click on the registration link to finalise the
registration.
This patch adds a test when the registration link is clicked and display
the "Registration invalid" generic message if the same email is used
Test plan:
1. Patron submits self registration form using the same email address 3
times
2. Patron receives 3 verification emails
3. Patron clicks on 3 verify token URLs
=> Only the first registration should succeed, the 2 others must fail
Maybe we should display a more specific message?
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Create an entry for the ITEMTYPECAT authorised value category.
Make sure to fill in the OPAC description.
- Go to administration > itemtypes and add the new category to 2 item types.
- Go to the OPAC and check that the advanced search shows your new itemtype
group instead of the individual itemtypes.
- Check the checkbox and Search.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Edit: fix warning introduced by this patch
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch addresses the request from Julian that api keys are expected
to be client id/secret pairs.
It does so by
- Adding 'client_id' and 'secret' columns
- Removing 'value'
Tests got adjusted and so controller scripts and templates.
Both libs and tests changes have been squashed. This ones remain in
order to keep Owen's attribution on the template changes and avoid
rebase conflicts.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes some interface changes to bring things better in line
with existing interface patterns. This patch also re-indents the
modified templates with 4 spaces instead of 2 and makes <input>s
self-closing.
Also changed: Corrected system preference check in opac-apikeys.pl.
To test, apply the patch and:
In the staff client:
- Open a patron record and choose More -> Manage API keys.
- There should be a standard message dialog containing a link to
"Generate a new key."
- Clicking the link should show the form for adding a new key.
- Test that clicking the "Cancel" link hides the form.
- Test that creating the new key works correctly.
- You should now see a table showing existing keys and a "Generate a
new key" button above it.
- Test that the "Delete" button asks for confirmation, and that
confirming and denying both work correctly.
- Test that "Revoke" and "Activate" actions still work correctly.
In the OPAC:
- Set the AllowPatronsManageAPIKeysInOPAC system preference to "Allow."
- Log in to the OPAC and click the "your API keys" link in the sidebar.
- Clicking the "Generate new key" button should display the form for
adding a new key.
- Clicking the "cancel" link should hide the form.
- Submitting the form should add a new key.
- You should now see a table showing existing keys.
- Test that the "Delete" link asks for confirmation, and that
confirming and denying both work correctly.
- Test that "Revoke" and "Activate" actions still work correctly.
- Set the AllowPatronsManageAPIKeysInOPAC system preference to "Don't
allow."
- Log in to the OPAC and confirm that the "your API keys" link in the
sidebar is no longer visible.
- Confirm that navigating directly to /cgi-bin/koha/opac-apikeys.pl
results in a 404 error.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the OPAC interface for API keys management work
with the new lib. Verify all actions work for a logged user.
Users without login should be redirected to an error page.
The AllowPatronsManageAPIKeysInOPAC syspref is added to control if the
OPAC feature is enabled or not.
To test:
- Verify the syspref works
- Verify users can manage their API keys
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This introduces the concept of API keys for use in the new REST API.
A key is a string of 32 alphanumerical characters (32 is purely
arbitrary, it can be changed easily).
A user can have multiple keys (unlimited at the moment)
Keys can be generated automatically, and then we have the possibility to
delete or revoke each one individually.
Test plan:
1/ Go to staff interface
2/ Go to a borrower page
3/ In toolbar, click on More -> Manage API keys
4/ Click on "Generate new key" multiple times, check that they are
correctly displayed under the button, and they are active by default
5/ Revoke some keys, check that they are not active anymore
6/ Delete some keys, check that they disappear from table
7/ Go to opac interface, log in
8/ In your user account pages, you now have a new tab to the left "your
API keys". Click on it.
9/ Repeat steps 4-6
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We should check the invitekey in show_accept by passing it along in the
search call.
On the way I fixed some error checking: if the list number is invalid, or
the list is public or you are the owner, or if the key is not found, we
should set the right error code; the template contains those messages.
Test plan:
[1] Share a list and accept a correct invitation with another user.
[2] Try to accept some invalid proposals: wrong key, wrong list.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested invalid key, wrong list, owner, public list, expiry.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch gets all the shares for a list and iterates through to find
the correct one when accepting from a link
To test:
1 - Create a private list in the opac
2 - Invite 2 patrons to the list
3 - Try to accept from the patron you first shared to
4 - You will get a failure message about expiration of the link
5 - Apply patch
6 - Now try to accept the first share
7 - It works! Success!
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
