(Patch extracted from bug 28445 to make it reusable for bug 23678)
We already had the need for that, when bibliographic records are
modified in batch we wanted to add a "Add to list" feature, and so pass
a list of lists/virtual shelves to the template.
Here (in 28445) we will want to pass the infos of the items that have been modified
to display a table.
Test plan:
0. Create at least one list (virtual shelf)
1. batch update biblios
2. Go to the job detail
3. Notice that dropdown list to add the record to a list
=> No regression found!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Same as the first patch, for authorities
Test plan:
Delete authority records using the batch record deletion tool
Confirm that the job is now delegated to the task queue and that
everything else is working as before
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
A new include file is created per background job to avoid
background_jobs.tt to grow too much
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch takes advantage of the task queue to delegate the batch
delete biblios tool.
Test plan:
Delete bibliographic records using the batch record deletion tool
Confirm that the job is now delegated to the task queue and that
everything else is working as before
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Koha::ApiKeys is no longer the simple object we need to test
Koha::Object->store, let use Koha::Library::Groups
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the Koha::OAuth library use the new validation method
To test:
1. In master, enable RESTOAuth2ClientCredentials and have your
superlibrarian patron a client_id/secret pair generated
2. Use Postman to gain an access token with the client_id/secret pair
=> SUCCESS: This works in Koha
3. Use the access token to GET /api/v1/patrons
=> SUCCESS: It works
4. Apply this patchset up to the regression tests
5. Run:
$ updatedatabase
$ koha-plack --restart kohadev
=> SUCCESS: All good
6. Repeat 2
=> FAIL: You get an error trying to acquire an access token. Boo
7. Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail!
8. Apply this patch
9. Run:
$ koha-plack --restart kohadev
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
10. Repeat 2
=> SUCCESS: Your original client_id/secret pair works!
11. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the apikeys.pl display the generated API secret once,
when generated. After that, it won't be displayed by the UI.
To test:
1. Generate a new API key
=> FAIL: The secret is displayed in the API keys table
2. Visit some other page, and go back to the API keys page
=> FAIL: The API key secret is there
3. Apply this patch
4. Go to More > Manage API keys
=> SUCCESS: It no longer displays the secret
5. Generate a new API key
=> SUCCESS: The API key details (including the secret) are displayed.
=> SUCCESS: A message telling to copy the secret because it won't be
displayed again is shown.
6. Repeat 4
=> SUCCESS: The secret is no longer displayed
7. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch refactors the Koha::ApiKey class so:
- It encrypts the generated secret
- Allows accessing the plain text secret only immediately after the key
creation (this implies that it won't be accessible if the key is
fetched from the DB).
- It implements an allow list for attributes, that are not read only.
Changing any other of them will make ->store throw an exception.
- A method for validating plain text secrets against the encrypted one
is added.
- A method for accessing the plain text secret is added. Returns undef
if the object is not 'fresh'.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/ApiKey.t
=> SUCCESS: Tests pass! Expected behavior is confirmed
3. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch limits the accessibility for "Manage API keys" section only
to superlibrarians and the owner of that said API key account.
The way it does it is by checking if user is superlibrarian or if
logged-in user is the same as a patron id/borrower number is the same
as logged-in user number both in template and apikeys.pl and making sure
the link is inaccessible or redirects to the 403 page if user tries to
go there directly.
To reproduce:
1) create/pick existing patron, set Staff access, allows viewing
of catalogue in staff interface (catalogue)" and "Add, modify and
iew patron information (borrowers)" permissions on;
2) enable "RESTOAuth2ClientCredentials" in sysprefs;
3) login with that user into staff interface;
4) check any other patron, go to the "More"->"Manage API keys" and
check that you can see, add delete their API keys;
5) apply patch;
6) with that same user try to access "Manage API keys" page again.
Ensure that you can't access that page of other patrons but can
access your own page and manage your own API keys.
7) log in with superlibrarian now and ensure that you can access every
"Manage API keys" page of every patron and apply changes there.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Remove fields from OPACSuggestionUnwantedFields before creating the
suggestion
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
JD amended patch: remove useless sort
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The following sequence is bad:
46 my $suggestion = $input->Vars;
181 &NewSuggestion($suggestion);
All columns can be set when we insert the suggestion into the DB
We definitely want to avoid the following fields to be set by the final
user: acceptedby, accepteddate, STATUS, etc...
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch prevents an existing user from exploiting the patron edit form in order to
force create new patrons
To test:
Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
with and without this patch.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Security patch. Follow-up for 28929.
Including correction for gonenoaddress and two others.
Includes unwanted fields too now.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 28929: (follow-up) Add exec flag to tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
* selfreg and selfmod for OPAC
* patron's edition on staff
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested OPAC and staff side. Prevents mangling flags column.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a keydown event listener onto the flatpickr instance and
looks for the down arrow key. When such an event is detected we take
that to mean the user wants to keyboard navigate the calendar widget and
so disable the buggy allowInput option allowing keyboard navigation to
work as expected.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch replaces the use of jQueryUI's datepicker on circulation and
patron-related pages.
The patch modifies Flatpickr's default configuration (in calendar.inc)
so that it has the following features:
- A Flatpickr input with a "futuredate" class will require that the
selected date be after today.
- The Flatpickr input field will be wrapped in a container to
facilitate better CSS styling.
- Generic handling of paired date fields is enabled using
".flatpickrfrom" and ".flatpickrto" field classes. This mimics the
same feature we have for jQueryUI datepickers using ".datepickerfrom"
and ".datepickerto".
This patch also removes an unused function which was repeated in three
templates: validate1.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to Circulation and check out to a patron.
- Open the Restrictions tab and click "Add manual restriction."
- In the "Expiration" field, test that the Flatpickr widget works
correctly and limits to dates after today.
- Enable the SpecifyDueDate preference if necessary.
- Test the behavior of the SpecifyDueDate controls: Setting a date,
clearing a date, session persistence.
- Enable the SuspendHoldsIntranet system preference if necessary.
- Check out to a patron with existing holds.
- Open the Holds tab and click the "Suspend" button for one of the
holds.
- In the modal window which appears, check that the Flatpickr
widget works correctly and limits to dates after today.
- At the bottom of the table of holds, test that the "Suspend all
holds" Flatpickr works correctly and limits to dates after
today.
- Perform this same test from the patron details page.
- Enable the BatchCheckouts system preference if necessary.
- Open a patron record and click "Batch check out" in the left-hand
sidebar menu.
- Test that the "Hard due date" Flatpickr works correctly as a date
and time picker.
- Go to Circulation -> Overdues.
- Test that the date due filters in the sidebar work correctly and
are linked, e.g. the "to" field cannot be before the "from" field.
- Perform the same test here: Circulation -> Holds to pull; and
here: Circulation -> Hold ratios.
- Enable the HouseboundModule system preference if necessary.
- Check out to or view details of a patron.
- Click "Housebound" in the sidebar menu.
- Save delivery day and frequency settings for that patron.
- Click "Add a new delivery."
- Test that the "Date" Flatpickr widget works correctly.
- Go to Patrons -> A patron record -> Edit.
- Test that Flatpickr widgets work on the following fields:
- Date of birth
- Registration date & Expiration date (linked).
- Patron restrictions -> Add manual restriction -> Expiration.
- View a bibliographic record and start the process of placing a hold.
- After selecting a patron, test the "Hold starts on" and "Hold
expires on" date fields. The fields should be linked and each
should limit to future dates.
- Confirm that the dates are saved correctly when you submit the
hold.
- Locate a bibliographic record with multiple holds and view the holds.
- In the table of holds, test each date field: Date, expiration, and
suspend-until.
- Test that Flatpickr's static "formatDate" method is working
correctly:
- Locate a bibliographic record's item so that there is text in both
the "Public note" and "Non-public note" field.
- Check that item out to a patron.
- After the page reloads the public and non-public notes should be
shown under the checkout title highlighted in red.
- Check for references to a "validate1" function. There should be none.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test:
1. Go to a record with some subscriptions, have some closed and some
open.
2. Go to the opac-detail page, click on the subscription tab and use
your developer tools to inscept the element.
3. Notice the hierarchy of HTML structure, everything is a sibling of
the next.
4. Apply patch
5. Reload the same opac-detail page and again inscept the element.
6. Now every individual subscription should be wrapped in an element
with the class name of 'subscription'.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the markup of the "Create a new authorized value"
modal so that a minimum set of fields is required: Authorized value and
description.
The patch also modifies the JavaScript which handles the submission so
that the jQuery Validation plugin can handle the field checks.
The spelling "authorised" is changed to "authorized" following coding
guidelines.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Locate a record in the catalog which has items and open an item for
editing.
- In the add item form, test the process of adding an authorized
value on the fly with the following fields: Withdrawn, Lost,
Damaged, Use restrictions, Not for loan, Collection code, Shelving
location, and Shelving control number.
- In each case you should be able to type a new value in the
dropdown's search box and be shown the option "Select to create."
- Selecting should trigger a modal window, "Create a new authorized
value."
- Test that both "Authorized value" and "Description" fields are
required, and the form can't be submitted without them.
- Test that an error message shows up when you submit an authorized
value which already exists, e.g. authval "1" for "DAMAGED."
- After triggering this error, click the "Cancel" button and try
creating another new authorized value. When the modal reopens the
form should be reset: No previously-entered data, no error messages.
- Submitting a valid form with a new authorized value should work
correctly. The modal window should close automatically.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This bug adds a system preference to control ordering of facets and
adds the control to both Zebra and Elasticsearch
To test:
1 - Have a koha that can use both Zebra and ES
2 - Set 'displayFacetCount' to true
3 - Search in ES and Zebra
4 - Note facets in Zebra sorted alphabetically, ES by usage
5 - Apply patch, updatedatabase
6 - Search in ES and Zebra, facets are alphabetically sorted in both
7 - Find new syspref FacetOrder and set to 'by usage'
8 - Search in both engines, facets sorted by usage
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The biblio and item action hooks pass a biblionumber or itemnumber now
to the plugin at time of deletion.
This patch adds a tiny refinement to Biblio_and_Items_plugin_hooks.t
and the associated test plugin to be sure of that.
Test plan:
Run t/db_dependent/Koha/Plugins/Biblio_and_Items_plugin_hooks.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
- Create a biblio with title like "osteuropa:" or "osteuropa!"
- Go the this biblio detail pages (cgi-bin/koha/catalogue/detail.pl)
=> Error
- Apply bug 28316 and this one
- test again
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes a minor change to CSS to fix the display of tags and
lists on the OPAC search results page so that the list doesn't have
extra padding.
To test, apply the patch and rebuild the OPAC SCSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- To test you should be able to perform a catalog search in the OPAC
which will return results which have one or more tags and which are on
one or more lists.
- In the OPAC search results, confirm that there isn't extra padding
between the "Tags:" and "Lists:" labels and their values.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
One mdditional correction.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes capitalization corrections to many templates in the
OPAC and staff interface. A exhaustive test plan would be huge, so I
recommend examining the patch to confirm that it contains correct case
changes.
If you want to make it easier to examine changes you can try:
https://github.com/so-fancy/diff-so-fancy
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Illegal division by zero at misc/maintenance/touch_all_biblios.pl line 102.
Trivial fix.
Funny that the percentage is not even shown without verbose flag ;)
Test plan:
Run misc/maintenance/touch_all_biblios.pl -where 'biblionumber<0'
You should now see:
Good: 0, Bad: 0 (of 0) in 0 seconds
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. In IntranetUser add some JS that will target spinelabel-print.tt, I used this:
if ( $('#labels_spinelabel-print').length ) {
$('#labels_spinelabel-print').append('<div>TEST</div>');
console.log('TEST');
}
2. Generate a quick spine label
3. Once you have entered a barcode the JS will go off 2x. With the jQuery added you will see 2 div's with the word 'TEST'. Look at the console and you will also see TEST console logged 2x.
4. Apply patch
5. Try seto 2 and 3 again, the JS should only be called once.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We can never reach the first [% ELSE %]Koha online[% END %] block in OPAC
messaging preferences title, so it's dead code.
This patch removes the useless duplicate if-statement.
To test:
1. Enable EnhancedMessagingPreferencesOPAC system preference
2. Go to /cgi-bin/koha/opac-messaging.pl
3. Observe title Your messaging settings > Koha online catalog
4. Apply patch
5. Refresh page /cgi-bin/koha/opac-messaging.pl
6. Observe same title Your messaging settings > Koha online catalog
7. See patch content
8. Confirm there are no functional changes in the new logic
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The gender/sex and GDPR inputs were slightly misaligned (by
1.5em). Now they are aligned with the other inputs which have a width
of 10em (9em width + margin 1em). The label assignments and required
attributes for input elements are made also consistent.
To test:
1) Enable GDPR_Policy syspref
2) Apply patch, run "yarn build --view opac", restart plack
3) Go to /cgi-bin/koha/opac-memberentry.pl
4) Check that the GDPR input box shows the required text now in red
color
5) Check that the alignment of sex/gender and GDPR input matches with
the other inputs perfectly.
Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1. Enable system preference OpacTopissue
2. Go to OPAC /cgi-bin/koha/opac-topissues.pl
3. Observe title Most popular titles › Koha online catalogMost popular titles
4. Apply patch
5. Observe title Most popular titles › Koha online catalog
6. See that this path complies with Bug 27742
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It makes sense to use items by branch to get the list of branches, as it
already tells use which branches have available items. We could use
branches to pull from instead, but all we would accomplish is added
extra ununsed loop iterations. We already know that any additional
branches in the branches to pull loop have no items to fill holds.
If they did, they would be in the items_by_branch hash.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
