Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Not received and most recent at the top.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Since bug 20365 is going to add the ability to create several pending orders on
the same subscription we should display the history of the acquisitions on the
subscription detail page.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch is a little fix for a much bigger hidden issues.
The original issue:
1. Set the firstname and surname values of a paontr to utf-8 characters
("wide characters"), for instance 月月
2. Use this patron to login at the staff interface
=> In the header the logged in patron's info (concat of firstname and
surname) are displayed correctly
3. Hit whatever link
=> In the header the info are now displayed incorrectly
("ææ")
What happens?
After that the user loggin, loggedinusername is set with the value from
the DB (borrowers.userid)
On next hits it is picked from the session (which contains the decoded
utf8 value, see first lines of C4::Context->set_userenv)
From C4::Auth::checkauth:
834 $s_userid = $session->param('id') // ''
The quick fix is to use the logged_in_user variable in the template, but
it seems that issues may occurred if external authentication is used
(ldap, shib, cas). Could someone test this?
Test plan:
Make sure the original issue is fixed
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a message to the user to let them know the subscription
have been renewed successfully.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a "Renew all selected subscriptions" action link on top
of the table of the "Check expiration" page.
It will allow to auto-renew several subscriptions.
Test plan:
Make sure this new link renew the selected subscriptions as expected.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It will prevent Firefox (and certainly other browsers) to block the form
resubmit:
"To display this page, Firefox must send information that will repeat
any action (such as a search or order confirmation) that was performed
earlier."
Test plan:
Renew a subscription and save
=> You should not longer see the browser warning
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In order to prevent the form to submit and gives an ugly error if no
issues are selected we will make sure at least one is checked otherwise
an alert will be displayed.
Test plan:
- create a subscrpition
- go to the serials collection page
- don't check any checkboxes for serials
- click 'Edit serials'
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes 3 subroutines from C4::Letters:
- getalert
- addalert
- delalert
And add 3 methods to Koha::Subscription:
- subscribers
- add_subscriber
- remove_subscriber
It makes the code cleaner for future cleanup.
TODO - we should remove alert.alertid and alert.type, and rename
alert.externalid with alert.subscriptionid
That way alert will be renamed borrowers_subscriptions (or similar) and
will become a simple join table between borrowers and subscriptions.
We will need to deal with FK that could not be satisfied.
Let's do that after this patch is pushed.
Test plan:
Subscribe and unsubscribe to email notifications sent when a new issues
is available.
Make sure everything works as before and you receive the emails.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Replaced with the "action" links we already have on the biblio detail
page and the items lost report.
- Display all the editable values in the table
- Add a 'Cancel' link
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This adds a checkbox column in serials-search.pl tables that allow to edit
selected subscriptions.
The following fields can be modified:
- Bookseller
- Location
- Library
- Item type
- Public note
- Nonpublic note
- "Create item when receiving" flag
- Expiration date
+ the additional fields defined in serials/add_fields.pl
Test plan:
1. Go to Serials module
2. If there is no additional fields defined, define some (at least one with an
authorized value and one without)
3. Start a subscription search
4. Select some results using the checkboxes and click the "Edit" button above
the table
5. Select values for some fields (not all) and click "Start batch edit"
6. Verify you are being redirected to the previous search results
7. Verify that the fields for which you selected a value were modified and that
the others fields weren't
8. Repeat steps 4 to 7 but this time, modify the other fields.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
And use an include file to avoid copy/paste
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When receiving several issues for a subscription (Serials > Serial
collection > Multi receiving), the reception date is always identical to the
publication date.
In some use cases we would like to set this "date received" value to
today.
Note: "date received" refers to the DB column serial.planneddate
To make this possible this patch replaces the JS prompt with a modal
dialog asking for
1. the number of issues to receive
2. if the received date must be set to today
Ergonomic note: bootstrap styled buttons are used, but they do not display correctly
We may need to improve that (later)
Test plan:
- Receive 1 or more serials using the "Multi receiving" buttons
Note that this button appears twice, on the "serial collection
information" and the "serial edition" pages
- Try with and without the new checkbox ticked and confirm the behaviour
is correct (i.e. date received is set to today or set to the publish
date)
- Make sure "Edit serials" and "Generate next" buttons still work as
before
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates various unrelated templates to use the Bootstrap
grid.
- about.tt - The about page
- auth.tt - The login page
These pages should look correct.
- reports/reports-home.tt - The reports home page
- admin/admin-home.tt - The administration home page
These pages should look correct, with a single centered column
with wide margins on either side. At lower browser widths the margins
should disappear.
- serials/subscription-add.tt - Serials -> Add subscription. The entry
form should look correct during each step of the add/edit process.
- suggestion/suggestion.tt - Acquisitions -> Suggestions -> New
suggestion. The page with the new suggestion form should look correct.
Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This fixes some strings to be properly capitalized.
To test:
- Create a new routing list, check title and breadcrumbs
- View the routing list tab in the patron account in staff,
check title and breadcrumbs
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the space before the colon in the "vendor" label in
the vendor search pop-up window.
To test, apply the patch and go to Serials -> New subscription.
- Click the "Search for a vendor" link next to the vendor form field.
- In the pop-up window, confirm that there is no space before the colon
in the "vendor" label.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates several single-column Serials module templates to
use the Bootstrap grid. In addition to grid changes, some templates have
been modified to include the footer with the correct popup parameter.
- serials\acqui-search.tt - Go to Serials -> New subscription. Click
"Search for a vendor."
- serials\acqui-search-result.tt - Vendor search results
- serials\result.tt - Click "Search for record."
- serials\subscription-bib-search.tt - Catalog search results.
Each of these pages should look correct.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1) do not apply this patch
2) Have at least one vendor which name does contain javascript, for
example: <i>Vendor 1</i><script>alert('Hi');</script>
3) go to serial module and create new subscription
4) use "Search for vendor"
5) Search for your vendor, when search results table is presented, the
javascript is executed
6) go through subscription creation and save the new subscription
7) On subscription detail page, the javascript is executed as well
8) apply this patch
9) Repeat 3-7, the script is not executed, the input is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the two serials templates to use the Bootstrap grid
instead of the YUI grid.
Apply the patch and go to Serials and locate an existing
subscription.
- Click the "Edit routing list" in the sidebar.
- Save the routing list, and click "Save and preview routing slip."
- The routing slip preview should look correct and buttons should work
correctly.
- When viewing the details of a subscription, click the "Renew" button
in the toolbar. The popup window should look correct.
Signed-off-by: Zoe Bennett <zoebennett1308@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes three unused files:
serials/serial-issues.pl
...and its associated templates:
koha-tmpl/intranet-tmpl/prog/en/modules/serials/serial-issues-full.tt
koha-tmpl/intranet-tmpl/prog/en/modules/serials/serial-issues.tt
To test, apply the patch and search the Koha codebase for references to
any of those files. None should exist.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies more and more staff client serials templates so
that JavaScript is included in the footer instead of the header.
This patch adds a new JavaScript include, showpredictionpattern.js,
which is used by subscription-add.tt and subscription-numberpatterns.tt.
it also adds subscription-add.js, moving most of the JS embedded in
subscription-add.tt into an external file.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Serials -> New subscription
- Date pickers
- Popup search windows for vendors and bibliographic
records
- Next / Previous buttons
- Form validation
- Prediction pattern operations
Test with new subscriptions, editing existing subscriptions, and
duplicating subscriptions.
- Serials -> Manage Numbering Patterns
- Datatable
- Delete confirmation
-> Edit
- Datepicker, test pattern
- Serials -> Manage frequencies
- Delete confirmation
-> Edit
- Form validation
- Serials -> Subscription details -> Planning tab
-> Edit history
-> Datepicker
- Serials -> Subscription details -> Renew
- Datepicker
Signed-off-by: Dominic Pichette <dominic@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies even more staff client serials templates so
that JavaScript is included in the footer instead of the header.
This patch adds a new JavaScript include, serials-toolbar.js, which is
required on pages which include serials-toolbar.inc.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Serials
- Search for a subscription
- Tabs, datatables, date pickers
- Open a subscription for viewing
- Tabs, toolbar buttons for delete, renew, and close.
- Serial collection (in the sidebar menu)
- Select all / clear all
- Datatable
- Print slip
- Generate next
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies more staff client serials templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Serials -> Subscription detail -> Edit routing list
- Add recipients
- Save
- "Save and preview routing slip" should trigger preview
- In preview popup: Print and Close buttons should work correctly
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies some staff client serials templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Serials -> New subscription
- Search for a vendor
- "Choose" link and "Cancel" button should work correctly
- Search for record
- "Choose" link and "Cancel" button should word correctly
- Serials -> Add subscription fields
- Datatable, delete confirmation
- Edit
- Form validation (submit both authorised value and MARC field)
- Serials -> Check expiration
- Date picker in search form
- Search
- Renew button triggers popup
- Serials -> Claims -> Search results
- Date picker, datatable, form validation
- Select all/none; Download claims
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add script to the callnumber field on adding a subscription.
Verify script is executed without this patch, but not with it.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If a serial frequency description contains quotes or is surrounded by
quotes, the description is empty ("TEST" > empty) or shown without the
quotes part (TEST "sth" > TEST) on editing the frequency.
To verify:
- Create a new frequency with description: "Test"
- Modify frequency
- Verify the description field is empty
To test:
- Apply patch
- Try to recreate, verify that the description field is
correctly filled when editing
- Test also with a name like: 'A "souble quoted" name'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch:
1) Uses datatables functionality on numbering patterns table
2) Shows breadcrumbs when using the form to add or modify numbering
patterns
3) Updates the Save, Reset, and Test Pattern buttons in the form to be
bootstrap 3 buttons
To test:
1) Confirm that datatable sorting works on all columns EXCEPT Actions
column
2) Click 'New numbering pattern'
3) Confirm breadcrumbs reads 'New numbering pattern'
4) Go back to numbering patterns and Edit an existing one
5) Confirm breadcrumbs reads 'Modifying number pattern '<name of
numbering pattern>'
6) Confirm Save, Reset and Test pattern buttons now show as bootstrap3
buttons
7) Confirm all buttons work as expected
Sponsored-by: Catalyst IT
Followed test plan works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
See BZ, comment 14 from Jonathan.
In the exceptional case that branch email address and fallback, i.e.
preference KohaAdminEmailAddress, are both empty or not valid, the error
message should reflect that (of course :)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Removed branch email and KohaAdminEmailAddress.
Followed the test plan of the first patch and saw the alert.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
1) Apply the patch
2) Go to serials home page
3) Search for a subscription
4) Ensure you have permission to receive serials
5) In the most right column of table you should see "Receive serial" button with
caret button, that should work as trigger form dropdown menu with other options
6) Ensure that all actions work as expected
7) Login with user without permission to receive serials
8) repeat 2-3
9) In the most right column of table you should see normal dropdown mane with label "Actions" and all applicable options
10) Ensure that all actions work as expected
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The subroutine C4::Koha::GetAuthorisedValueCategories just retrieves all
the authorised value categories.
We already have a method in the Koha::AuthorisedValues module to do this
job, let's use it!
Technical explanations:
The new subroutine of the AuthorisedValues TT plugin will allow to get
the authorised value categories from the templates.
The new html_helpers include file will get rid of the if selected else
end statements. Bug 15758 already uses this file, see the commit
description for more informations.
Test plan:
1/ Create or edit a new fund (aqbudgets.pl), the fields "statistic 1"
and "statistic 2" should be correctly filled with the list of authorised
value categories
2/ Edit subfields for a biblio and authority framework.
The "Authorized value" dropdown list should be correctly filled on both
pages
3/ Create new items search fields (from the administration area), same
as previously, the authorised value category dropdown list should be
correctly filled
4/ Add and edit patron attribute types, check the authorised value
category list.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch renames the variable according to the new DB column names
* gste => tax_excluded
* gsti => tax_included
* gstrate => tax_rate
* gstvalue => tax_value
This patch also modify the ModReceiveOrder subroutine:
* Edit vendor note on receiving is not possible, so the code should not
permit that.
* Update ModReceiveOrder to pass a hashref
And that's all!
git grep on gste, gsti, gstrate and gstvalue should not return any code
that can be executed.
Signed-off-by: Laurence Rault <laurence.rault@biblibre.com>
Signed-off-by: Francois Charbonnier <francois.charbonnier@inlibro.com>
Signed-off-by: Sonia Bouis <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Sonia Bouis <koha@univ-lyon3.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Because seasons strings are not available through DateTime module,
names of them where added in code, and templates. Bug 16289 adds new
abbreviated form to the code, but not to the templates. This patch
should fix the problem.
To test:
1. Apply patch.
2. Run "misc/translator/translate update" for you language.
3. Check if names are in po/ file for language.
4. Check if generating next issue for serial and prediction patterns
works correct.
NOTE: or "create {language code}" instead of update.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
