Commit graph

1183 commits

Author SHA1 Message Date
5386324699 Bug 27812: Email should send for all new patron as per the syspref description
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
9d1abe0632 Bug 27812: Remove the ability to transmit a patron's plain text password over email
We should not give libraries the ability to compromise patron accounts,
it is considered a huge security issue and nobody in network security
would never recommend allowing passwords to be transmitted in clear text
over email.

It should simply not be possible to send a patron's password in plain text
via email. As such, we should remove this ability from Koha.

Test Plan:
1) Apply this patch
2) Create a patron to generate the ACCTDETAILS email
3) Note you can no longer transmit the patron's password in the email

Signed-off-by: Amit Gupta <amitddng135@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
Andrew Nugged
8b47236acd Bug 29684: (QA follow-up) paycollect.pl don't needs borrower_data at all
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-15 22:30:50 -10:00
Petro Vashchuk
df664fb713 Bug 29684: Fix warn about js/locale_data.js (paycollect.pl)
To reproduce (paycollect.pl):
1) Prepare or use some existing patron with outstanding fines, go to
the accounting section and open page where you make payment towards all
fines.
2) The error message should have appeared in your log file about
"File not found : default/js/locale_data.js".
3) Apply the patch.
4) Open the edit page again, ensure that the new error massage like
that didn't appear.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-15 22:30:50 -10:00
Petro Vashchuk
fc972915f9 Bug 29684: Fix warn about js/locale_data.js (memberentry.pl)
To reproduce (memberentry.pl):
1) Head over to the patron details page, press edit button to open the
memberentry.pl page.
2) The error message should have appeared in your log file about
"File not found : default/js/locale_data.js".
3) Apply the patch.
4) Open the edit page again, ensure that the new error massage like
that didn't appear.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-15 22:30:50 -10:00
a0a72c9653 Bug 19532: (RM follow-up) More use of system preference
When system preference is off, call no code related to Koha::Recalls.

Also add some missing module import.

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 23:11:12 -10:00
514cbb809a Bug 19532: (QA follow-up) Simplify resultset accessors
This patch makes the different ->recalls accessors implemented on this
bug be more standard. This means:
- They don't do special things like default sorting or stripping out
  special parameters. That's all left to the caller and the methods are
  clean: they just return the related objects
- Useful filtering methods for Koha::Recalls resultsets are added. The
  only used one (in the end) was ->filter_by_current. It seems like a
  better approach, because it gives devs more control on how they want
  to chain things, and there's a single place in which to maintain the
  criteria of what is 'current' or 'finished'. This clearly makes the
  'old' column obsolete IMHO, at least in the use cases I found. This is
  covered by tests as well.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:52 -10:00
Aleisha Amohia
fa7d9815b3 Bug 19532: (follow-up) aria-hidden attr on OPAC, and more
- removing authnotrequired flag from scripts
- fixing opac buttons
- chmod +x for recalls test files

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:51 -10:00
Aleisha Amohia
db095c3a7b Bug 19532: Recalls on intranet
See recalls on Intranet
- old recalls (all inactive recalls)
- recalls queue (all active recalls) - cancel, expire, revert waiting status, multiple cancel, mark overdue
- recalls to pull (available but not yet waiting) - cancel
- recalls awaiting pickup (awaiting pickup, awaiting pickup more than RecallMaxPickUpDelay days) - expire, revert waiting status
- overdue recalls (overdue to be returned) - cancel, multiple cancel
- biblio recalls tab (all active recalls relevant to this bib) - cancel, expire, revert waiting status, mark overdue
- patron recalls tab (all active recalls relevant to this patron) - cancel, expire, revert waiting status, mark overdue
- patron recalls history tab (all recalls relevant to this patron) - cancel, expire, revert waiting status, mark overdue
- log viewer

and the general circulation of recalls

== TEST PLAN FOR RECALLS ==

ADMINISTRATION

1. Apply all patches
2. Run database updates, update schema files and confirm everything applies cleanly
3. Run tests and confirm everything passes:
t/db_dependent/Koha/Recall.t
t/db_dependent/Koha/Recalls.t
t/db_dependent/Stats.t
t/db_dependent/Circulation/CalcFine.t
t/db_dependent/Koha/Item.t
t/db_dependent/Koha/Biblio.t
t/db_dependent/Koha/Patron.t
t/db_dependent/XSLT.t
t/db_dependent/Search.t
t/db_dependent/Holds.t
t/db_dependent/Circulation/transferbook.t
t/db_dependent/Circulation.t

4. Go to Administration -> system preferences. Find the UseRecalls system preference. It should be DISABLED. Confirm RecallsMaxPickUpDelay is set to 7 by default.
5. Go to Administration -> circulation rules. Confirm there are no recalls circulation rules showing.
6. Test a few circulation flows: checking out, placing a reserve, checking in, fulfilling a reserve, etc. Confirm everything works as normal.

7. Go to Administration -> system preferences. Enable the UseRecalls system preference.
8. Go to Administration -> circulation rules. Set the following rules:
Recalls allowed (count) = 0
Recalls per record (count) = 0
On shelf recalls allowed ( If any unavailable / If all unavailable ) = If any unavailable
Recall due date interval (days) = 3
Recall overdue fine amount = (something different to your normal fine amount)
Recall pickup period (days) = 1

Throughout your testing, try with different combinations of these rules and itemtype / branchcode / categorycode. Also try with null values. Keep the circulation rules open in another tab so you can refer to and update these easily. You should also have at least one other tab open for the staff client, and a third tab open for the OPAC, for ease of testing.

9. Go to your account -> More -> Set permissions. Confirm the recalls permission is checked.
10. Set up a test user with OPAC login details (Borrower A). This could also be your own user, as long as you have OPAC login access.
11. Set up a test record (Biblio A) with at least two items (Item A and Item B) of the same item type (or an item type with the same recall circ rules).

PLACING A RECALL

12. Log in to the OPAC as Borrower A. Do a catalogue search with a term that will return multiple results, including Biblio A.
13. Click on Biblio A.
14. Notice there is a 'Place recall' button on the sidebar menu. Click this button. There will be a message saying that there are no items to recall - this is because all items are available.

15. Check out Item A to another borrower (Borrower B).
16. Refresh the 'Place recall' page. You will still NOT be able to place a recall - this is because Recalls allowed = 0 and Recalls per record = 0.

17. Edit the circulation rules to have the following values:
Recalls allowed (count) = 1
Recalls per record (count) = 1
18. Refresh the 'Place recall' page. You will now see the form to place a recall.

BIBLIO-LEVEL RECALL, NO TRANSFER

19. Place a biblio-level recall.
Pickup location: Branch A, the set branch when you are logged into the staff client
Recall not needed after (expiration date): whatever you want
Select 'recall next available item'
Click confirm
20. Confirm the recall is placed successfully. Confirm that the new due date displayed is correctly calculated to be today's date, plus 3 days (taken from the 'recall due date interval' circ rule)
21. In the staff client, look at Borrower B's account, and go to their Notices tab. Confirm they have received a 'Notification to return recalled item' notice.
22. Look at Borrower B's checkouts table. Notice the due date for their checkout has been adjusted, and there is now a note to say that the item was recalled and the due date adjusted.
23. Log in to the OPAC as Borrower B and go to your summary tab. Notice there is a note under their checkout to say the item had been recalled.

24. Log out of the OPAC and log back in as Borrower A.
25. Go to your summary tab. Confirm there is a Recalls tab with a count of 1.
26. Cancel the recall using the button. Confirm it cancels and the Recalls tab disappears.

27. Do a catalogue search with a term that will return multiple results, including Biblio A.
28. When the results load, notice there is a 'Place recall' button next to the 'Place hold' button. Click this 'Place recall' button.
29. Notice you are redirected straight to the form to place a recall.
30. Place a biblio-level recall again, following the steps in Step 19.

31. Go to your recalls history tab. Notice your first cancelled recall shows here.
32. Cancel the recall you just created, using the button. Confirm it cancels and you are redirected to your summary tab.

33. In the staff client, enable the UseCourseReserves system preference.
34. Go to the main menu, click Course Reserves.
35. Add a new course. (You may also have to define an authorised value for DEPARTMENT.)
36. Add Item A as a reserve to this course.

37. View Course Reserves in the OPAC. Click the course you just created.
38. Notice the reserve has a Recall button underneath it's 'Checked out' status. Click this button.
39. Place a biblio-level recall again, following the steps in Step 19.

40. Click the 'Place recall' link in the breadcrumbs.
41. Notice there is a message saying that you have reached the max number of recalls on this record. This is because Recalls allowed = 1 and Recalls per record = 1.
42. Edit the circulation rules to have the following values:
Recalls allowed (count) = 10
Recalls per record (count) = 5
43. Refresh the 'Place recall' page. You will now see the form to place a recall.

44. Create another test record (Biblio B) with at least one item (Item C).
45. Find this record on the OPAC and place a biblio-level recall again, following the steps in Step 19.

46. In the staff client, go to Circulation -> Old recalls. You should be able to see your two cancelled recalls.
47. Go to Circulation -> Recalls queue. Your current recalls should show here.
48. Use the 'Select all' checkbox to select all recalls.
49. Cancel the recalls using the 'Cancel selected recalls' button.

50. Go to the OPAC and place a biblio-level recall on Biblio A again, following the steps in Step 19.

51. In the staff client, check in Item A, which should still be checked out to Borrower B.
52. A box should pop-up asking you to confirm Borrower A's recall. Click ignore.
53. Click the link to go view Biblio A's details in the catalogue.
54. Click the recalls tab. Notice Borrower A's recall is displayed, and shows it is still Requested (has not been confirmed waiting).

55. Check in Item A again. This time, confirm the recall as waiting using the "Confirm recall" button.
56. Go to Borrower A's Notices tab. Confirm there is a notice "Recalled item awaiting pickup".
57. Go to Borrower A's checkouts. Notice there is a recalls tab. Confirm the recall is showing as "Ready for pickup".
58. Click the 'Actions' dropdown. Click the "Revert waiting" button. The page should show a message that the waiting status has been reverted, without reloading.

59. This time, check in Item B. The recall confirmation box should show again, because this a biblio-level recall that any recallable item under Biblio A can fill. Click the "Print slip and confirm" button.
60. Check the slip that is generated. Confirm it contains Borrower A's correct details, and the details of the recall are correct.
61. Go to Circulation -> Recalls awaiting pickup. Confirm the recall is now waiting and shows in this list.
(You could also try this with Item B having a different item type to Item A, and circ rules not allowing Item B's item type to have recalls. When checking in Item A, it should not trigger the recall box).

62. Go to Borrower A's checkouts. Check out Item B.
63. Confirm the checkout is successful and the recall is removed from the Recalls tab.
64. Go to Circulation -> Old recalls. The fulfilled recall should show.

65. Check in Item B.

BIBLIO-LEVEL RECALL, TRANSFER REQUIRED

66. Check out Item A to Borrower B.
67. Log in to the OPAC as Borrower A.
68. Find Biblio A and place a biblio-level recall.
Pickup location: Branch B, a different branch from your logged in branch. This recall will require a transfer.
Recall not needed after (expiration date): whatever you want
Select 'recall next available item'
Click confirm

69. In the staff client, check in Item A at Branch A. Notice the box that pops up shows that a transfer is required.
70. Click "confirm recall and transfer" and confirm the transfer.
71. Go to your account and click the Recalls tab.
72. Confirm the recall status now shows the item is in transit to Branch B.
73. In the drop-down top-right of your window, select 'Set library'.
74. Set your library to Branch B.

75. Go to Circulation -> Transfers to receive. Notice that the recall is showing here.
76. Click 'Cancel transfer'.
77. Go to Circulation -> Recalls queue
78. Confirm the recall status has been reverted to Requested.

79. Set your library back to Branch A.
80. Check in Item A and trigger the transfer.
81. Set your library back to Branch B.

82. Check in Item A at Branch B.
83. When the 'Recall found' box pops up, click Ignore.
84. Go to Circulation -> Recalls to pull. The recall should show here, with a button to "Cancel recall and return to: Branch A"
85. Click the button to cancel the recall.

86. Repeat Steps 66-70.
87. Check in Item A at Branch B. Confirm the recall as waiting.
88. Check out Item A to Borrower A to fulfill the recall.

89. Set your library back to Branch A and check in Item A.

ITEM-LEVEL RECALL, NO TRANSFER

90. Go to Administration -> circulation rules. Set the following rules:
On shelf recalls allowed ( If any unavailable / If all unavailable ) = If all unavailable

91. Check out Item A to Borrower B.
92. Log in to the OPAC as Borrower A and go to Biblio A.
93. Click the 'Place recall' button. Confirm there is a message that there are no items to recall. This is because On shelf recalls allowed = If all unavailable, and there is still one item (Item B) available.
94. In the staff client, edit Item B to have a withdrawn, item lost or not for loan status.
95. Refresh the 'Place recall' page. Confirm you can now see the form to place a recall.

96. Place an item-level recall.
Pickup location: Branch A.
Recall not needed after (expiration date): whatever you want
Select 'recall a specific item'
Item B will not be selectable, and Item A should be selected by default.
Click confirm

97. In the staff client, edit Item B and remove the lost or missing status.
98. Check in Item B. Confirm the recall box does not pop up, because it cannot fill the item-level recall.
99. Check in Item A. Confirm the recall as waiting.
100. Go to Circulation -> Recalls awaiting pickup
101. Expire the recall. Confirm it expires as expected.

ITEM-LEVEL RECALL, TRANSFER REQUIRED

102. Repeat steps 91 to 95.
103. Place an item-level recall.
Pickup location: Branch B, we will require a transfer.
Recall not needed after (expiration date): whatever you want
Select 'recall a specific item'
Item B will not be selectable, and Item A should be selected by default.
Click confirm
104. In the staff client, check in Item A. Confirm the recall and trigger the transfer.
105. Set your library to Branch B and check in Item A.
106. Confirm the recall as waiting.
107. Check out Item A to Borrower A and fulfill the recall.

108. Set your library back to Branch A and check in Item A.

CRONJOBS: EXPIRING RECALL

109. Check out Item A to Borrower B.
110. Log in to the OPAC as Borrower A. Place a recall (any level) on Biblio A.
111. In your terminal, enter mysql and edit the expiration date of your recall to be before today
UPDATE recalls SET expirationdate = NOW()-2 WHERE recall_id = X;
112. Run the expiry cronjob from within your shell
perl misc/cronjobs/recalls/expire_recalls.pl
113. Go to Borrower A's account and go to the Recalls history tab
114. Confirm the recall has been expired because the current date surpassed the specified expiration date

115. Check out Item A to Borrower B.
116. Log in to the OPAC as Borrower A. Place a recall (any level) on Biblio A.
117. In the staff client, check in Item A and confirm the recall as waiting.
118. In your terminal, enter mysql and edit the waiting date of your recall to be before today
UPDATE recalls SET waitingdate = NOW() - interval 5 day WHERE recall_id = X;
119. Run the expiry cronjob from within your shell
perl misc/cronjobs/recalls/expire_recalls.pl
120. Go to Borrower A's account and go to the Recalls history tab
121. Confirm the recall has been expired because the recall had been waiting for more days than the Recall pickup period

122. Go to Administration -> circulation rules. Set the following rules:
Recall pickup period (days) = 0
123. Set the RecallsMaxPickUpDelay system preference = 1.
124. Check out Item A to Borrower B.
125. Log in to the OPAC as Borrower A. Place a recall (any level) on Biblio A.
126. In the staff client, check in Item A and confirm the recall as waiting.
127. In your terminal, enter mysql and edit the waiting date of your recall to be before today
UPDATE recalls SET waitingdate = NOW()-2 WHERE recall_id = X;
128. Run the expiry cronjob from within your shell
perl misc/cronjobs/recalls/expire_recalls.pl
129. Go to Borrower A's account and go to the Recalls history tab
130. Confirm the recall has been expired because the recall had been waiting for more days than the RecallsMaxPickUpDelay syspref

CRONJOBS: OVERDUE RECALL

131. Check out Item A to Borrower B
132. Log in to the OPAC as Borrower A. Place a recall (any level) on Biblio A.
133. In your terminal, enter mysql and edit the due date of the checkout to Borrower B to be before today
UPDATE issues SET date_due = NOW()-2 WHERE issue_id = X;
134. Run the overdue cronjob from within your shell
perl misc/cronjobs/recall/overdue_recalls.pl
135. Go to Circulation -> Overdue recalls
136. Confirm your recall is showing here now as the recall has been marked Overdue

CIRCULATION

137. Check in Item A.
138. When the recall box pops up, click Ignore.
139. Check out Item A to Borrower B. You should see a yellow confirmation box, saying that another borrower has recalled the item you are trying to check out.
140. Click "No don't check out" and confirm the item isn't checked out and the recall remains.
141. Repeat Step 139.
142. Click "Yes check out" and confirm the item is checked out and the recall remains.
143. When Borrower B's checkout table loads, confirm that you cannot renew or check in the item from the Checkouts table because there is a 'Recalled' link which takes you to the recalls tab for that biblio.
144. Repeat Steps 137-139.
145. Select "Cancel recall" and click "Yes check out" and confirm the item is checked out and the recall has been cancelled.
146. Log in to the OPAC as Borrower A. Place a recall (any level) on Biblio A.
147. Check in Item A. Confirm the recall as waiting.
148. Check out Item A to Borrower B. You should see a yellow confirmation box, saying that that another borrower has recalled the item that you are trying to check out.
149. Select "Revert waiting status" and click "Yes check out" and confirm the item is checked out and the recall status has reverted to requested.

OTHER
150. In your terminal, enter mysql and edit the due date of the checkout to Borrower B to be before today
UPDATE issues SET date_due = NOW()-2 WHERE issue_id = X;
151. Go to Borrower A's recalls and click the Actions dropdown.
152. Click "Mark as overdue" and confirm the recall is marked as overdue manually.

153. Go to Tools -> Log Viewer. Check only the Recalls module, and leave all other parameters, and click Submit.
154. Confirm all of the recalls actions that have been made are correctly logged.

Note: recalls messaging preferences are introduced in Bug 23781.
The recall feature is fully documented at: https://wiki.koha-community.org/wiki/Catalyst_IT_Recalls

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:51 -10:00
d02e91f269 Bug 29859: Use iterator instead of as_list
On bug 29844 we decided to remove wantarray from Koha::Objects->search.
Reviewing the difference occurrences I found some unnecessary uses of ->as_list,
where iterators should be used instead.

This patch only removes the obvious places, not the tricky ones.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:23 -10:00
e53667105d Bug 29844: Fix ->search occurrences
and some more...

There are lot of inconsistencies in our ->search calls. We could
simplify some of them, but not in this patch. Here we want to prevent
regressions as much as possible and so don't add unecessary changes.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:23 -10:00
2c3a11f138 Bug 29541: Prevent users from another group to access patron's images
We should respect group restrictions here.

Test plan:
Create a patron from another group of libraries and don't let them
access info from patrons outside of this group.
Access the following link and confirm that you can see the image only
for patrons from their group
  /cgi-bin/koha/members/patronimage.pl?borrowernumber=XX

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-02 21:05:29 -10:00
7f50439cb2 Bug 29541: Restrict access to patron's image to borrowers => * and circulate => *
The patron images is displayed on the 'circulation' and 'members'
modules.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-02 21:05:29 -10:00
34248e5805 Bug 29758: Get rid of warning in members/boraccount.pl
This patch removes a noisy warning found in production logs.

To test:
1. Run:
   $ tail -f /var/log/koha/kohadev/plack-intranet-error.log
2. Open the 'Accounting' tab for a patron, then click on 'Transactions'
=> FAIL: You see this kind of warning in the logs:

[WARN] CGI::param called in list context from...
3. Apply this patch
4. Repeat 2 (change tab and go back)
=> SUCCESS: No more warning!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-01-18 21:15:04 -10:00
f6d6aa3f65 Bug 29457: Pass context borrowernumber
This patch updates the call to cancel such that we pass the currently
logged in users borrowernumber instead of their userid.

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2021-12-21 20:44:15 -10:00
ee76f80a7b Bug 29524: (bug 28935 follow-up) Restore modification of some patron's attributes
On
  commit 5f37d8d2f4
  Bug 28935: No filtering on patron's data on member entry pages
we restricted the list of the columns from the borrowers table that can
be modified from the patron edit view.
We were too restrictive, the following 3 attributes can be edited from
this form: privacy_guarantor_fines, privacy_guarantor_checkouts,
checkprevcheckout and lang

Test plan:
Turn on the following prefs:
- AllowStaffToSetFinesVisibilityForGuarantor
- AllowStaffToSetCheckoutsVisibilityForGuarantor
- CheckPrevCheckout (set to 'unless overridden *')
- TranslateNotices
Edit a patron and see the 4 different options are now displayed.
Change their value, save, edit again
Confirm that the values have been saved

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-11-24 09:38:27 +01:00
6fdf64e06b Bug 27145: Wrap delete and move_to_deleted in a transaction
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-11-15 12:38:39 +01:00
83dcdf2a5a Bug 27145: Rethrow all other exceptions
Bug 14708 introduced a try catch around $patron->delete in commit:
  "Bug 14708: (QA follow-up) Use try/catch blocks when calling"

However, in the catch block it only assumes the exception was from trying to
delete anonymous patron when it can be anything else as well, the code should
be modified so that it will handle the anonymous patron case and if it is
anything else we log the other exception.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-11-15 12:38:39 +01:00
18c1500772 Bug 28211: Replace use of call_recursive() with call()
This is based on Julian's idea on bug 28026 where we could get rid of call_recursive by passing refs as arguments to call.

Test Plan:
1) Apply this patch
2) prove t/db_dependent/Koha/Plugins/Plugins.t
3) prove t/db_dependent/Koha/Plugins/Barcode_transform_hooks.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-18 11:28:41 +02:00
c7a7e45812 Bug 15812: Use patron search in place of circ search
The 'Checkout' search hijacks some of the DataTables searching code used for 'Search patrons'
Rather than try to implement the search again on another page, we can simply send the user
to the patron search if the cardnumber is not found

Additionally, this patch adds a 'Check out' button to the patron search results to allow
going to checkotus directly

To test:
1 - Apply patch
2 - Perform a 'Checkout' search from the header
3 - Note that:
    For a cardnumber, you are redirected directly to checkouts page for the borrower
    For a search with one result, you are redirected directly to the checkout page for the borrower
    For a search with many results, you are redirected to the patron search results
    and there is a 'Checkout' button under the cardnumber
4 - Confirm circulation page works as expected (i.e. checkout to a patron)

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: George Williams <george@nekls.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-14 09:19:30 +02:00
814789f8cb Bug 29062: Use primary key issued_id to fetch old_issues for letters
The code currently uses itemnumber to fetch old_issues for notices.
This doesn't seem to be used in any current notices except the CHECKINSLIP:
SELECTY letter.code,content FROM letter WHERE content LIKE 'old\\_%'\G

For issues we use itemnumber, however, issues has a constraint to limit issues for an itemnumber to 1
Old issues has no such constraint, we try to rectify this in the old code by adding 'ORDER BY returndate DESC LIMIT 1"

As the code is not used by default and buggy I think we can make a change to using 'issue_id' as the key and
announcing the change - it prevents leaky data

To test:
1. Check something out to patron A. Check it in.
2. Check something out to patron B. Check it in.
3. Check something out to patron C. Check it in and print the check-in slip. (Leave the checkin paghe open)
4. You will see the checkin repeat itself 3 times, one for each line in old_issues.
5. Apply patch and restart_all
6. Click the 'Print checkin slip' button again
7. You see a single checkin
8. Checkout a different item to patron A. Check it in and print the check-in slip
9. See the correct checkins

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-07 15:49:01 +02:00
4f533776c6 Bug 26352: Switch from using call() to call_recursive()
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-06 14:56:09 +02:00
aea8ce7fcc Bug 26352: Add plugin hooks to transform patron barcodes
Some of our partners have unusual barcode requirements that have
required us to transform scanned barcodes using javascript. This is not
the most reliable method. It would make more sense to have Koha
transform the barcodes on the backend using a plugin. We should add
hooks to transform and generate new item and patron barcodes.

Test Plan:
1) Apply this patch
2) Download and install the Barcode Transformer plugin
   https://github.com/bywatersolutions/koha-plugin-barcode-transformer/releases/download/v1.0.1/koha-plugin-barcode-transformer-v1.0.1.kpz
3) Go to the plugin configuration page, set the configuration to the example configuration from the same page
4) In the patron search and anywhere else you can scan a patron
   cardnumber, type in some cardnumbers but prefix them with A and postfix
   them with A or B, e.g. A12345A, A12345B
5) Note the letters are removed by Koha!
6) Try a cardnumber like X123456Y
7) Note Koha converts it to Z13456Z

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-06 14:56:09 +02:00
da758626fe Bug 28772: Display API secret once
This patch makes the apikeys.pl display the generated API secret once,
when generated. After that, it won't be displayed by the UI.

To test:
1. Generate a new API key
=> FAIL: The secret is displayed in the API keys table
2. Visit some other page, and go back to the API keys page
=> FAIL: The API key secret is there
3. Apply this patch
4. Go to More > Manage API keys
=> SUCCESS: It no longer displays the secret
5. Generate a new API key
=> SUCCESS: The API key details (including the secret) are displayed.
=> SUCCESS: A message telling to copy the secret because it won't be
            displayed again is shown.
6. Repeat 4
=> SUCCESS: The secret is no longer displayed
7. Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-30 09:19:05 +02:00
Petro Vashchuk
fcb87024ad Bug 28759: limit accessibility for "Manage API keys"
This patch limits the accessibility for "Manage API keys" section only
to superlibrarians and the owner of that said API key account.

The way it does it is by checking if user is superlibrarian or if
logged-in user is the same as a patron id/borrower number is the same
as logged-in user number both in template and apikeys.pl and making sure
the link is inaccessible or redirects to the 403 page if user tries to
go there directly.

To reproduce:
1) create/pick existing patron, set Staff access, allows viewing
of catalogue in staff interface (catalogue)" and "Add, modify and
iew patron information (borrowers)" permissions on;
2) enable "RESTOAuth2ClientCredentials" in sysprefs;
3) login with that user into staff interface;
4) check any other patron, go to the "More"->"Manage API keys" and
check that you can see, add delete their API keys;
5) apply patch;
6) with that same user try to access "Manage API keys" page again.
Ensure that you can't access that page of other patrons but can
access your own page and manage your own API keys.
7) log in with superlibrarian now and ensure that you can access every
"Manage API keys" page of every patron and apply changes there.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-30 09:19:02 +02:00
6b5cf0ca84 Bug 28935: (QA follow-up) Use BorrowerUnwantedField on staff client
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-30 09:18:57 +02:00
5f37d8d2f4 Bug 28935: No filtering on patron's data on member entry pages
Security patch. Follow-up for 28929.
Including correction for gonenoaddress and two others.
Includes unwanted fields too now.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-30 09:18:57 +02:00
6def280427 Bug 28929: Prevent flags to be sent during patron's edition
* selfreg and selfmod for OPAC
* patron's edition on staff

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested OPAC and staff side. Prevents mangling flags column.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-30 09:18:56 +02:00
ddb24eb403 Bug 28870: Move email address validation to a specific class method
To ease testing and future changes if needed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-28 10:22:36 +02:00
481f52308a Bug 28870: Remove traces of Email::Valid
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-28 10:22:35 +02:00
c475d4d97b Bug 22435: Update accountline-details page to show all history
The accountline-details page took a simplistic approach to displaying
the history of an accountline. This patch drops the now defunct
offset_type_description template block from it's respective include
files, and then updates the accountline-details template and controller
to show the full history of what's happend to the accountline passed.
This includes the creation, any increments/decrements (for fines), and
finally any offsets against the total (payments, cancellations, voids).

Test plan
1/ Create some credits and debits and apply them to each other in
various combinations.
2/ View the 'Details' page for some of the debit/credits
3/ Compare before patch and after for the Details page.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-08-04 14:06:43 +02:00
7e1227890b Bug 28073: Patron modifications should auto-open panel for referring patron record
This patch makes it possible to link directly to the correct panel on
the "Update patron records" page. The link on the checkout and patron
details screen has been updated to read "Patron has pending
modifications."

Also changed: Moved the "Patron's address in doubt" message so that it
is above the table of changed fields.

To test, apply the patch and if necessary submit patron modification
requests from multiple patrons via the OPAC.

 - Open the checkout page for one of these patrons.
   - If you are logged in as a user with permission to edit patron
     records you should see a message, "Pending modifications: Review
     pending modifications," which links to the pending modifications
     page.
     - Clicking the link should open the page for reviewing pending
       patron modifications, and the correct panel should be
       automatically expanded.
   - If you are logged in as a user without permission to edit patrons
     you should see the message "Pending modifications: Patron has
     pending modifications," which isn't linked.
 - The process should work exactly the same from the patron detail page.
 - Following the "Pending modifications" link from the staff interface
   home page or the patrons home page should work as before: The page
   opens with the first panel expanded.

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-26 12:46:32 +02:00
cb2eae80d9 Bug 28624: Remove Smart::Comments
It's not used in those files (there is no occurrence of ###), and it's
not installed anyway (it is by koha-testing-docker however).

We should remove those lines.

Test plan:
Confirm the above

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-26 12:46:32 +02:00
9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00
dffb3fede8 Bug 27873: Improve message consistency: checkout and patron detail pages
This patch creates a new include for showing circulation and
patron-related messages on both the checkout page and the patron detail
page. This allows the two pages to be consistent with each other.

The patch also makes some minor CSS adjustments, including the addition
of an SVG to replace an old GIF, arrow-bullet.gif.

To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).

- View both the checkout and patron details page for patrons in the
  staff interface, confirming that the information is displayed in the
  same way, including:

  - Pending modifications
  - Pending expiration
  - Expired
  - Address in doubt
  - Card lost
  - Restricted (indefinite and with expiration)
  - Outstanding overdues
  - Outstanding return claims
  - Patron age incorrect for their category
  - Outstanding charges
  - Account credit
  - Waiting holds (at logged-in library or other library)
  - Circulation note (from borrowers.borrowernotes)
  - Messages (added at logged-in library or other library)

EDIT: Fixed merge error.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-12 15:47:34 +02:00
Julian Maurice
a1bee1b210 Bug 26760: Escape URI parameters in redirect URI to paycollect.pl
Also remove useless '%.2f' formatting of amount and amountoutstanding

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-12 15:47:33 +02:00
Julian Maurice
3b99ebe032 Bug 26760: Redirect to paycollect.pl when clicking on "Save and pay"
Bug 14898 added the "Save and pay" button that redirects to "Make a
payment" tab after creating a manual invoice
This requires the user to click on another "Pay" button before being
taken to the real payment form.
By redirecting directly to paycollect.pl, this useless step will no
longer be needed.

Signed-off-by: Lisette Scheer <lisetteslatah@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-12 15:47:33 +02:00
41a8005d10 Bug 28606: Remove $DEBUG and $ENV{DEBUG}
We should remove the debug statements or use Koha::Logger when we want
to keep it.

Test plan:
Confirm that occurrences of remaining occurrences of DEBUG need to be
kept (historical scripts for instance)
Confirm that the occurrences removed by this patch can be removed
Confirm that the occurrences replaced by Koha::Logger are correct

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Looks good to me, noting a few minor points on BZ.

JD amended patch: replace "warn #Finished" with "#warn Finished", and
put the statement on a single line

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-06-24 11:53:44 +02:00
3fe837bc74 Bug 28572: Remove C4::Debug
We are using Koha::Logger when it makes sense to keep the info,
otherwise we simply remove it

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 28572: Replace missing occurrence in misc/admin/koha-preferences

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-06-22 12:04:32 +02:00
6f204fdf96 Bug 28591: Don't pass debug to get_template_and_user
There is a "debug" parameter we are passing from the controller scripts
to C4::Auth::get_template_and_user, but it's not actually used!

Test plan:
Confirm the assumption
Review the changes from this patch

Generated with:
perl -p -i -e 's#\s*debug\s*=\>\s*(0|1),?\s*##gms' **/*.pl

git checkout misc/devel/update_dbix_class_files.pl # Wrong catch
+ Manual fix in acqui/neworderempty.pl

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-06-22 12:04:32 +02:00
138fb47e1f Bug 15788: Use delete_borrowers permission
Link the new delete_borrowers sub-permission to the delete actions.

Test plan
1/ Remove the delete_borrowers permission from a staff user
2/ Check that the user cannot use the 'Delete' option from the members
menu.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-06-21 13:50:26 +02:00
a98759e3b7 Bug 18112: Use GetAuthValueDropbox from the template
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-11 15:37:42 +02:00
cff7ed4fd3 Bug 26734: Convert printfeercpt/printinvoice to use GetPreparedLetter
This patch updates C4::Letters to allow use of existing koha template
includes from notices, then updates the printfeercpt and printinvoice
slip print option to use GetPreparedLetter rather than calling getletter
directly.

As part of this work, we also add credits and debits handling to the
_parseletter_sth and _get_tt_params routines in C4::Letters to allow for
recognisable variable names in the notice template.

Test plan
1/ Update the ACCOUNT_CREDIT and ACCOUNT_DEBIT notices to use
'accounts.inc' include for account descriptions
1a/ Add `[% PROCESS 'accounts.inc' %]` to the top of the notice
1b/ Replace manual account descriptions with `[% PROCESS
account_type_description account=credit %]`
2/ Print one of each slip and check that descriptions are properly
substituted
3/ Clone the notice to another language
4/ Print the in the other language and note the translated descriptions
are properly substituted.
5/ Signoff

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-27 16:23:49 +02:00
90d8667cf9 Bug 26734: Ratify account slip printing
This patch simplifies the members/print*.pl controller scripts to only
pass around the minimum required data for the templates.

Test plan
Slips should continue to print as they did prior to the patch
1/ Add a manual invoice and manual debit to a patrons account
2/ Print a slip for the manual invoice, compare to a printed slip prior
to the patch.
3/ Print a slip for the manual debit, compare to a printed slip prior to
the patch.
4/ Signoff.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-27 16:23:49 +02:00
35d1c7c41c Bug 27971: Update void method to use double entry accounting
This patch adds double-entry accounting to the Koha::Account::Line->void method.

This results in the addition of a VOID debit type line that is offset
against the original credit type line that is being voided. This allows
us to accurately record when the void took place, at what branch and by
whome the void was triggered.

Test plan
1/ Apply the database update
2/ Add some debts to a borrower account
3/ Pay those debts
4/ Void the payment
5/ A new 'VOID' line should appear on the account for the full amount of
the original payment.
6/ Payments should have all been reversed
7/ t/db_dependent/Koha/Account/Line.t should still pass
8/ Signoff

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-23 11:58:49 +02:00
57212f76b3 Bug 24300: Add payout amount to boraccount page
Test plan
1/ Add some debts and credits to a patrons account, resulting in an
overall credit
2/ Note the appearance of a 'Payout amount' button next to the total due
line.
3/ Try paying out an amount with the button
4/ Signoff

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-23 11:58:49 +02:00
f6e0b04f48 Bug 23271: Replace search_limited with search_with_library_limits
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-21 15:25:07 +02:00
Didier Gautheron
3b9f1e1560 Bug 26940: don't reset debarredcomment on patron update
Test plan:
1) Create a patron
2) In koha/members/moremember.pl add a manual restriction, with comment foobar
3) try to checkout, you have a message like
    Restricted: Patron's account is restricted with the explanation:
      foobar
4) Got to Edit patron, save
5) try to checkout, foobar is no more
    Restricted: Patron's account is restricted with the explanation:
6) Apply patch
7) Redo 1-4
8) try to checkout, foobar is there.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katariina Hanhisalo <katariina.hanhisalo@xamk.fi>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-21 10:47:45 +02:00
ddad57a468 Bug 28147: Pass itemnumber through to Account->pay
Currently the itemnumber is not passed through when paying a single fine,
we should do that

To test:
1 - Create a manual debit and provide a barcode so the debit is linked to an item
2 - Go to the 'Make a payment' tab. Click the 'Writeoff' button on the individual line
3 - View the 'Transactions tab' The writeoff has no item details
4 - Apply patch
5 - Repeat 1 & 2
6 - View the transactions tab. The writeoff shows item details
7 - Confirm 'Writeoff amount' and 'Writeoff selected' still work and do not link to item

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-16 12:28:17 +02:00
89cea3d7a7 Bug 27796: Centralise payment/transaction type handling
This patch centralises the payment/transaction type select options
handling so the SIP types are properly in all cases.

Test plan
1) Check that SIP payment types are properly hidden on the following
   modals.
1a) Refund modal on the borrower account page (The 'Account credit'
option should appear here)
1b) Payout modal on borrower account page
1c) Payment via paycollect
1d) Payment via point of sale
1e) Refund via point of sale, register details page (The 'Account
credit' option should only appear for debts associated to a patron and
not for payments accepted via point of sale)
2) Signoff

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-16 12:28:17 +02:00
66aa12e874 Revert "Bug 26734: Ratify account slip printing"
This reverts commit 58ec862da2.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-14 15:22:29 +02:00
58ec862da2 Bug 26734: Ratify account slip printing
This patch simplifies the members/print*.pl controller scripts to only
pass around the minimum required data for the templates.

Test plan
Slips should continue to print as they did prior to the patch
1/ Add a manual invoice and manual debit to a patrons account
2/ Print a slip for the manual invoice, compare to a printed slip prior
to the patch.
3/ Print a slip for the manual debit, compare to a printed slip prior to
the patch.
4/ Signoff.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-12 15:27:50 +02:00
7b9b1b0e2a Bug 28031: (follow-up) Clarify check methods
The check methods were positioned under the 'Internal methods' section
of the meodule but are used externally.

It also felt strange to have a noop or die method. Instead, I propose
renaming them to `repeatable_ok` and `unique_ok` and returning a
boolean denoting their state.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-09 15:43:34 +02:00
Petro Vashchuk
d0cc5fa97a Bug 25946: borrowerRelationship can be empty
When borrowerRelationship is empty in system preferences, Relationship
dropdown is not required and we accept empty value.

Also fixes bug that didn't let you to pick empty value even when you
specified that it should be possible in system preferences but in the
end of the string (i.e. "|father|mother" worked,
but "father|mother|" don't).

To reproduce (borrowerRelationship can be empty):
    1) Go to system preferences and make borrowerRelationship empty.
    2) Create a new patron who is assumed to have a guarantor or modify
    the existing one.
    3) Under "Guarantor Information" click on "Search to add" button.
    After performing the search, select a user to act as guarantor. Try to save your changes.
    4) Observe that relationship field is required in order to save but
    you can't actually choose anything as it doesn't contain anything.
    5) Apply the patch.
    6) Repeat steps above.
    7) Observe that it allows you to save the form now.

To reproduce (can't choose empty value bug):
    1) Go to system preferences and set borrowerRelationship exactly
    to "father|mother|".
    2) Create a new patron who is assumed to have a guarantor or modify
    the existing one.
    3) Under "Guarantor Information" click on "Search to add" button.
    After performing the search, select a user to act as guarantor.
    4) Observe that there's no option to leave relationship field empty.
    5) Apply the patch.
    6) Repeat steps above.
    7) Observe that it has empty option that you can choose and save
    the form.

Mentored-by: Andrew Nugged <nugged@gmail.com>

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-01 17:06:38 +02:00
Petro Vashchuk
4490dfdf08 Bug 25946: borrowerRelationship can be empty
Do not split the config using comma.

From syspref description of borrowerRelationship preference:

> Guarantors can be the following of those they guarantee:
> (input multiple choices separated by |). Leave empty to deactivate.

As it doesn't mention comma at all, I removed ',' from split.
Of course if comma is actually a viable way to split separate choices,
I can obsolete this patch and append to the syspref description that it
also can be separated by comma.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-01 17:06:38 +02:00
4f96b6767a Bug 27851: Use filter_by_todays_checkins in members/readingrec.pl
Test plan:
Do some checkouts
Checkin with different return dates (several today however)
Check the circulation history and confirm that the checkout list is correct

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-05 13:54:13 +01:00
e54fa9a076 Bug 27851: Use filter_by_todays_checkins in printslip.pl
Test plan:
No regression from bug 12224 test plan

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-05 13:54:13 +01:00
fe2bbc7cd8 Bug 12224: Some code improvements
* Use Koha::Patrons->old_checkouts
* perltidy
* Make sure $today_start and $today_end will always be on the same day
(we never know!)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-05 13:49:04 +01:00
7a68ab5178 Bug 12224: (QA follow-up) Ensure patron language is respected
Things have moved on a bit since this code was first written, we now
expect a 'lang' parameter passed into GetPrepparedLetter to allow for
translated notices.

Simple fix, so a quick QA follow-up will suffice :)

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-05 13:49:04 +01:00
Aleisha Amohia
7784174e3b Bug 12224: (follow-up) Loop old_issues with itemnumber
Signed-off-by: Christian Stelzenmüller <christian.stelzenmueller@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-05 13:49:03 +01:00
Aleisha Amohia
28b90b684e Bug 12224: (follow-up) Switching to TT notice
Signed-off-by: Christian Stelzenmüller <christian.stelzenmueller@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-05 13:49:03 +01:00
Aleisha Amohia
29d173a6fd Bug 12224: Print a slip of borrower's checkins for today
To test:

1) Apply patch and run installer
2) Check out two items (or more) to a borrower
3) Check in two items (or more) for this borrower (you should end up on
    circ/returns.pl)
4) Notice the checked-in items table has started building. There should
be a new column with the button 'Print checkin slip' in each row.
5) Click the button and confirm the checkin slip opens for printing in a
new window.
6) Go to the patron's account
7) Click the Print dropdown. Confirm there is a 'Print checkin slip'
option. Click this and confirm the checkin slip opens for printing in a
new window.

Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Alexandra Speer <alexandra.speer@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Christian Stelzenmüller <christian.stelzenmueller@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-05 13:49:03 +01:00
099e2fe2b7 Bug 7806: Fix remaining occurrences of 0000-00-00
We should remove all SQL queries that contain 0000-00-00 and finally
assume we do not longer have such value in our DB (for date type)

We already dealt with such values in previous update DB entries.
The 2 added by this one haven't been replaced already.

The code will now assume that either a valid date exist, or NULL/undef.

Test plan:
QA review is needed and test of the different places where code is
modified.

Not sure about the change from reports/issues_avg_stats.pl

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-01 11:16:42 +01:00
e9195d166e Bug 27454: Pass the arrayref
Otherwise you mess with the following hash elements :)

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-08 14:56:00 +01:00
0821a5890d Bug 27454: Add sorting of patron attributes
This patch adds sorting on class code for the patrons attributes forms
on the memberentry page.

Test plan
1) Create a couple of different patron attributes
2) Go to the patron add page
3) Note the order in which the patron attributes load at the bottom of
   the page.
4) Reload the page and note the order of those attribues may change (if
   it doesn't, try reloading again.. it's random)
5) Apply the patch
6) Reload the page a few times and confirm the attributes are now
   ordered.
7) Signoff

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-08 14:56:00 +01:00
08396d4b2f Bug 27420: Use object accessor for $attr_type->class()
We introduced a bug in the patron attribute forms with bug 5161.

Test plan
1/ Create two PA_CLASS authorized values
2/ Create two corresponding patron attribute types referencing the above
classes.
3/ Edit a patron, both attributes should appear within their own
fieldsets at the bottom of the member entry form.
4/ Set a value for the first of the two patron attributes and save
5/ Edit the patron again, note that the first attribute no longer
resides within it's own fieldset
6/ Apply the patch
7/ Edit the patron again, note that the first attribute now resides
inside it's own fieldset again
8/ Signoff

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-01-19 15:31:55 +01:00
Joonas Kylmälä
08c34b33e4 Bug 27144: Fix syntax error that prevents deleting patrons
To test:
 1) In staff interface open up a patron record
 2) Click More -> Delete, and then "Yes, delete"
 3) Notice 500 error
 4) Apply patch
 5) Notice error is now gone when deleting

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-12-04 15:26:49 +01:00
381d46341c Bug 24603: Adjust permissions for cancel-charge.pl
members/cancel-charge.pl should have the same permissions check than boraccount
(borrowers => edit_borrowers was missing)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-10 15:00:14 +01:00
9c709b871f Bug 24603: (follow-up) Update to double entry accounting
This patch updates the logic to create a cancellation accountline and
apply it to the charge line so we correction record the transaction in
terms of double entry accounting standards.

Test plan:
1. Go to a patron's accounting section
2. Create a manual invoice
3. In Transactions tab, you should see a 'Cancel charge' button. Click
   on it. It should now be marked as cancelled
4. A cancellation line should be associated with the original charge.
5. Create another manual invoice
6. Pay it (partially or fully)
7. Notice that the 'Cancel charge' button is not available
8. Void the payment
9. 'Cancel charge' button is available again. Click on it and verify
   that it still works
10. prove t/db_dependent/Koha/Account/Lines.t

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

https://bugs.koha-community.org/show_bug.cgi?id=24063

Bug 24603: Fix number of unit tests

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

https://bugs.koha-community.org/show_bug.cgi?id=24063

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-10 15:00:14 +01:00
Julian Maurice
8d2259b674 Bug 24603: Allow to cancel charges in patron accounting
There is already a button to void a payment. It should be possible to
cancel a charge too.

This patch adds a button in patron's accounting section (Transactions
tab) that allow to cancel charges.
Charges that have been fully or partially paid cannot be cancelled.

It also fixes Koha::Account::Line::is_credit by looking at
credit_type_code instead of amount (amount can be 0 for voided payments)

It also fixes the tests for Koha::Account::Line::void when database does
not contain the borrowernumber 51 (the default in
t::lib::Mocks::mock_userenv)

Test plan:
1. Go to a patron's accounting section
2. Create a manual invoice
3. In Transactions tab, you should see a 'Cancel charge' button. Click
   on it. It should now be marked as cancelled
4. Create another manual invoice
5. Pay it (partially or fully)
6. Notice that the 'Cancel charge' button is not available
7. Void the payment
8. 'Cancel charge' button is available again. Click on it and verify
   that it still works
9. prove t/db_dependent/Koha/Account/Lines.t

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-10 15:00:09 +01:00
114e851f8f Bug 24786: Update borroaccount to use session register
This patch adds handling to allow for the use of the session cash
register by default if it has been set, otherwise it defaults to '--
None --' and requires the end user to select the register to proceed
with the refund or payout action.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-06 15:40:00 +01:00
24804aa4c6 Bug 24786: Update paycollect to use session register
This patch adds handling to allow for the use of the session cash
register by default if it has been set, otherwise it defaults to '--
None --' and requires the end user to select the register to proceed
with the payment.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-06 15:39:59 +01:00
1e37d9c5f7 Bug 14708: (QA follow-up) Use try/catch blocks when calling delete() on a patron
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-06 09:40:25 +01:00
c1af56eb54 Bug 14708: The patron set as the anonymous patron should not be deletable.
Right now it's possible to delete the anonymous patron at any time. When this happens the system will break just as if anonymouspatron was unset but patrons still have an "always anonymize" privacy setting.

This issue occurs more frequently than one would expect.

We should make it so that the patron set in AnonymousPatron is not deletable.

Test Plan:
1) Apply this patch
2) Set a patron to by AnonymousPatron
3) Attempt to delete that patron from the members toolbar
4) Note the error message!

Signed-off-by: Devinim <kohadevinim@devinim.com.tr>

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-06 09:40:25 +01:00
42c0475a94 Bug 26915: Fix FinePaymentAutoPopup behaviour
The behaviour of the syspref FinePaymentAutoPopup is broken, the popup
explodes with
    Can't call method "unblessed" on an undefined value at /home/vagrant/kohaclone/members/printfeercpt.pl line 64

It has been broken by
  commit a2449a81be
  Bug 23051: (follow-up) Add renewal feedback and move code to subroutines and test
which modified the return value of Koha::Account->pay (from $payment_id
to a hashref)

Test plan:
- To test activate FinePaymentAutoPopup
- Create a manual fee
- Write it off using the write off button on the account line (not below table)
=> Without the patch you get the error
=> With the patch applied the popup is correctly displayed

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-11-05 15:24:20 +01:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
308f52d764 Bug 26536: Assignment fix
Whilst working on this bug I found a weird inconsistent variable assignment line

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

JD: Amended commit message: fix bug number
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:14 +02:00
d4a54196f5 Bug 26536: Fix incorrectly scoped variable
During work on bug 26076 a variable scope mistake was made when
reverting the logic to use distinct queries for selected accountlines.

This patch restores the script scope of the varaible by removing the
superflous 'my' declaration.

Test plan
1/ Add a set of manual invoices
2/ Select a subset of those manual invoices to 'Writeoff selected'
3/ Confirm that only those selected invoices have been written off.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 11:20:40 +02:00
89716a78e9 Bug 26269: Fix variable name mismatch for cash_register in paycollect
It appears that through various rebases the variable names in the form
and the controller script have become mismatched.  This patch corrects
the situation and clarifies their intended use.

Test plan:
1/ Turn on cash registers in sysprefs
2/ Define at least 2 cash registers in Admin
3/ Create a manual invoice on a patron
4/ Pay off half of your fee, selecting the first register
5/ Pay off the remaining fee, selecting the second register
6/ Query accountlines.register_id for your two payments
8/ Confirm the two accountlines.register_id's do not match (thus the
passed variable was used)

https://bugs.koha-community.org/show_bug.cgi?id=26469

Signed-off-by: Jessie Zairo <jzairo@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-18 10:38:04 +02:00
Agustin Moyano
5848da810e Bug 23816: Add minimum password length and require strong password overrides by category
This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category

To test:
1. koha-shell kohadev
2. koha-mysql kohadev

3. drop database koha_kohadev;
4. create database koha_kohadev;

5. go to admin page and start webinstaller. There continue the steps until onboarding.
6. reach step 3 of onboarding and create a new administrator patron
CHECH => Password control woks as normal (Minimum length 3 and strong required)

7. finish Koha installation and enter admin with your new administrator
8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require”
9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password
10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2)
CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password.
CHECK => Try changing patron category before saving. Password requirements will change with category change.

11. Edit CAT1 and set minimum password length to 5
12. Go to patron1 details page, and change password.
CHECH => Now password minimum length is 5, but still it doesn’t require strong password

13. Edit CAT1, leave blank minimum password length and set require strong password to yes.
14. Go to patron1 details page, and change password.
CHECH => Password minimum length is back to 3, but now strong password is required

15. Set minimum password length in CAT2 to 12.
16. Go to patron2 details page, and click to fill a random generated password
CHECK => generated password should be 12 characters length

17. Set PatronSelfRegistration to Allow in admin settings
18. Go to OPAC and fill self registration from.
CHECK => Play with patron category. For each change in category, password requirements are modified.
CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input.

19. Create a patron for CAT1 and another for CAT2, leaving password blank
CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12

20. In admin set PatronSelfRegistrationVerifyByEmail to require
21. Fill self registration form again with CAT2 as category
CHECK => Password requirements works as previous case.
22. Leave password blank and click submit

23. select * from message_queue;
24. Copy the link in the message and paste it in OPAC
CHECH => Generated password is 12 characters long. (Copy user id for next steps)

25. In admin set OpacResetPassword to Allow
26. Go back to OPAC, reload and click on “Forgot password?” link
27. Paste user id and click submit
28. Repeat steps 23 and 24
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in warning.

29. Login OPAC with the last user and your newly created password
30. Go to “Change your password” option
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in below “New password” input.

31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t

32. Sign off

Sponsored-by: Northeast Kansas Library - NEKLS

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-09 15:39:52 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
9524c1d761 Bug 23634: (follow-up) Prevent updates on POST
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-02 15:40:55 +02:00
087af360cc Bug 23634: Prevent non-superlibrarians from editing superlibarian emails
This patchset prevents a non-superlibrarian user from editing a
superlibrarians email address via memberentry.  This is to prevent a
privilege escalation vulnerability whereby a user could update a
superlibrarians contact details to match their own and then request a
password reset via the OPAC.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-02 15:40:55 +02:00
c9887a8753 Bug 26076: (QA Follow up) Prevent error by using a fresh resultset
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-24 10:12:49 +02:00
6441296903 Bug 26076: Sum the amount due in the database query instead of a loop in Perl
This appears to be a bug due to inaccuracies in floating point math. I've been unable to reproduce it on demand. Sometimes when using the "Write off selected" button, Koha will give the error that the payment is more than the amount owed, even though they are the same. The solution I've implemented is to move the summation from Perl code to the database query. This video demonstrates the issue and afterward, shows the error goes away after the patch is applied: https://monosnap.com/file/pG69HC7iI9mU9kkuoCtbkVzVTffKlE

Test Plan:
1) Apply this patch
2) Restart all the things!
3) Verify that "Write off selected" functions as usual

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-24 10:12:49 +02:00
883e86a571 Bug 6725: Make patron duplicate matching flexible
This patch adds a new system preference PatronDuplicateMatchingAddFields
to list the patron's attributes to use for deduplication.
The default value is surname, firstname and dateofbirth to keep existing
behaviour.

Test plan:
0. Apply the patch and execute the update DB entry
1. Create a new patron with surname, firstname
2. Create another patron with the same surname, firstname values
=> Confirm you get the duplicate warning
3. Modify the syspref to edit the list of attributes used to dedup
4. Repeat 1 and 2 with different values and confirm that you get the
behaviours you expect

Note: This is only impacting the add patron form from the UI, not the
import patrons tool.

Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-18 17:39:48 +02:00
484061a44e Bug 22393: (follow-up) Corrections for QA feedback
We correct the behviour of 'amount' being passed back to the template
and add a work around for the existance of deleted_items alongside a FK
to items in the accountlines table.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-18 17:39:48 +02:00
0d19d9fa44 Bug 22393: Remove last remaining use of C4::Accounts::manualinvoice
This patch re-arranges the manualinvoice controller script to clarify
code flow, replaces the last call to C4::Accounts::manualinvoice with a
call to Koha::Accounts->add_debit wrapped in a try catch block and also
adds a check on passed barcodes when the invoice type is 'LOST' so it
can link the subsequently created accountline to the item and issue.

Test plan
1/ Add a manual invoice (without entering a barcode)
2/ Add a manual invoice with a valid barcode (Not a LOST type)
3/ Add a manual invoice with a valid, but old, barcode (Not a LOST type)
4/ Add a manual invoice with an invalid barcode, note that an error is
displayed
5/ Add a manual invoice with type 'LOST' and a valid barcode for a
checkout your user has had checked out
6/ Add a manual invoice with type 'LOST' and a valid barcode, but not
one that will match a checkout for your user. Note an error is displayed
7/ When errors are displayed, note the form contains data from the
previous submission so you can just correct the error rather than
re-enter all data.
8/ Signoff

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-18 17:39:48 +02:00
David Roberts
66e70c9201 Bug 25364: Add "Other" to the gender options in a patron record
This patch adds "Other" as an option, and also changes the wording of
"None specified" slightly.

To test:

1) Apply the patch
2) Check that there is an "Other" radio button in the patron record, and
that the wording of "None specified" has changed to "None specified /
Prefer not to say".
3) Check that you can save changes to the gender of this patron record,
both on create and modify.
4) Check that these changes also work in the Opac Self-Registration
functionality.

Correct typos in previous commit

Signed-off-by: Devinim <kohadevinim@devinim.com.tr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-18 17:39:48 +02:00
75e25c9d38 Bug 21345: Patron records with attached files not obvious from patron details view
This patch adds a section to the patron details page for listing files
which have been attached to the patron record.

To test, apply the patch and enable the EnableBorrowerFiles system
preference.

- If necessary, attach some files to a patron record by viewing a patron
  record and choosing "Files" from the sidebar menu.
- View the detail page (moremember.pl) for a patron who has files
  attached.
- You should see a new section under "Alternative contact" with the
  heading "Files."
  - Test the "Manage" button to make sure it takes you to that patron's
    files.
  - Confirm that all the attached files are listed.
  - Confirm that the links to each file work correctly.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

JD amended patch: replace a html filter with uri

Bug 21345: (follow-up) Hide files information if EnableBorrowerFiles is disabled

This patch wraps the new patron file information in a check for the
EnableBorrowerFiles system preference.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-13 07:55:44 +02:00
810972db7a Bug 22844: Make the attribute mandatory when editing a patron
Note: I am not confident with this patch, I think it's not polished. I
will not have time to improve it to make it ready for 19.05.00
1. Conflict with bug 20443 (which would have make this change way much
easier!)
2. It does not work :) You will be able to submit the memberentry form
even if the patron attribute is marked as mandatory (??)
3. What about the OPAC?
4. What about repeatable fields? We certainly will need JS code here
5. What about the "Quick add" feature? (I had trouble in the past to not
introduce regression when we played with this template...)

Do not forget to run updatedatabase.pl and regenerate DBIC schema if you
want to play with this patchset.

Signed-off-by: David Nind <david@davidnind.com>

Bug 22844: (follow-up) Make the attribute mandatory when editing a patron

Previous patch forgot the most important, adding the required attribute
to the select/textarea

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-07-20 16:08:22 +02:00
2cc3d05d26 Bug 15400: Display date of birth and age more consistantly
Test plan:
0) Apply the patch
1) Go to all of these pages
    Patron detail
    Other patron pages - look on the left side (circ-menu)
    Patron search
    Guarantor search ( go to child patron -> edit -> in guarantor
        section click "Set to patron"
    Search through "Check out" (in the header)

2) Confirm that does show date of birth and date consistantly,
    try it on patrons with and without date of birth set to find
    possible reggressions

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Michal Denar <black23@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-06-29 12:37:02 +02:00
Petro Vashchuk
029f41a667 Bug 25322: fix for not selected "relationship" defaults to father
When a user creates a patron's guarantor on /cgi-bin/koha/members/memberentry.pl but doesn't select the relationship from a dropdown, the relationship defaults to first value, which in default sysprefs is "father". This may or may not be correct as this is not a conscious choice from the user.

The solution is to make the "Relationship" field mandatory when there is no empty entry in the system preferences, always starting with an empty option but not allowing the user to save an empty entry.
And if there is an empty option in sysprefs, it allows to save empty, as well as makes it default choice.

To reproduce with default system preferences:
    1) Create a new patron who is assumed to have a guarantor or modify the existing one.
    2) Under "Guarantor Information" click on "Search to add" button. After performing the search, select a user to act as guarantor. Don't use the dropdown menu to select a relationship. Save your changes.
    3) Observe that relationship is set as "father".
    4) Apply the patch.
    5) Repeat steps 1 and 2.
    6) Observe that it doesn't allow you to save the form until you pick a relationship type.

To reproduce with empty entry added to system preferences:
    1) Add an empty entry to borrowerRelationship at /cgi-bin/koha/admin/preferences.pl?tab=patrons in Patron relationships section (example: "|father|mother").
    2) Create a new patron who is assumed to have a guarantor or modify the existing one.
    3) Under "Guarantor Information" click on "Search to add" button. After performing the search, select a user to act as guarantor. Don't use the dropdown menu to select a relationship. Save your changes.
    4) Observe that relationship is set as "father".
    5) Apply the patch.
    6) Repeat steps 1, 2 and 3.
    7) Observe when you save the empty entry it does set the relationship as empty.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-06-29 12:37:02 +02:00
Katrin Fischer
21cde7bd2f Bug 10910: (follow-up) Move the suggestions note with the other non-blocking notes
To test:
- Add a credit to the patron's account
- Make sure they got a pending suggestion
- Try to delete
- Verify you notes for both as list items

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-06-15 11:53:36 +02:00
85c1537bd7 Bug 10910: Add a warning when deleting a patron with pending suggestions
Test plan:
From the OPAC, add a suggestion
From the staff interface, try to delete the patron who created the
suggestion
=> You get a warning message

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-06-15 11:53:36 +02:00
bbac95d9fb Bug 25526: Equality matching is case sensative
TEST PLAN:
1. Have a fine on a Patron's account.
2. Choose the "Write off Selected" button
3. Enter an amount less than the amount owed by the patron.
4. Koha will give a yellow box with a note "You must collect a value
   greater than or equal to 2.00." The $2.00 is the amount that is
   attempted to write off (the amount less than the amount owed).
5. Apply patch
6. Again try to writeoff an amount less than the amount owed.
7. You should be able to write it off.
8. Try paying an amount more than owed, you should still get an
   error. You shouldn't be able to write off more than the amount.
9. Follow the above steps via 'Pay selected' as aposed to 'Writeoff
   selected'.
10. You should not be able to 'Tender' less than the amount you have
    'Paid'.
11. Disable Javascript and run through all the above steps. You should
    still be blocked where relevant.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-06-15 10:29:34 +02:00
185d88bac6 Bug 20443: (follow-up) Remove C4::Members::AttributeTypes 2020-05-07 17:05:32 +02:00
b3e3067731
Bug 25311: Better error handling when updating a patron
Same as the precedent patch for patron's modification

Test plan is identical but with an existing patron

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-05-04 08:38:46 +01:00
580e6fabff
Bug 25311: Better error handling when creating a patron
This is still not ideal but brings a bit of enhancement.

One possible problem is that the patron creation will fail if the
streetnumber field is too long (borrowers.streetnumber is varchar(10).

Test plan:
0. Don't apply this patch
1. Create a new patron with a streetnumber longer than 10 characters
2. Save
=> The patron has not been created and the app explodes
The error is about extended_attributes and not meaningful
Can't call method "extended_attributes" on an undefined value at /kohadevbox/koha/members/memberentry.pl line 560
3. Apply the patch
4. Repeat 1. and 2
=> You get a warning on the interface and you still see the creation
form
5. Check the logs
=> The error is meaningful
"Data too long for column 'streetnumber'"

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-05-04 08:38:35 +01:00
866c6850e0
Bug 5161: Keep patron's attributes on warning/duplicate
When a patron is added or modified and a warning appears (duplicate,
inconsistent data, etc.) the form lost the patron's attributes.

Test plan:
Create some attribute types for patrons
Create a new patron, use an userid that already exists and fill the attributes
=> You get a warning and the attributes are kept
Modify the userid and save again
Edit the same patron
Modify the attributes, as well as the userid (to get the duplicate warning)
=> You get a warning and the attributes are kept with the modified
values
Modify the userid and save again
=> The new values are saved
Edit the attributes from the detail page (so not with the full edit form)
Modify them and save
=> The new values are saved

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-27 11:28:46 +01:00