Resolve:
Can't call method "borrowernumber" on an undefined value at /usr/share/koha/opac/opac-illrequests.pl line 66
Test plan:
Put an unexisting illrequest_id in the URL parameter.
You should see a 404, not a crash.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Same as previous patch, but for 'update' and 'cancreq'.
We remove the redirect, but here we only want to focus on the security
fix.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Confirmed. Without this patch a patron can modify and cancel any ILL
request in the OPAC. With this patch the patron is redirected to the
404 page if modification or cancellation is attempted.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To reproduce:
- Enable the ILL module
- Install the FreeForm backend as described here:
https://wiki.koha-community.org/wiki/ILL_backends
- Go to the ILL module and add two different ILL requests by
clicking on "New ILL request" and entering the necessary details.
- Make sure you connect the two requests to two *different* patrons
in the field marked "Card number, username or surname"
- Make the two titles different, and make a not of which title is
connected to which patron
- Log in as one of the two patrons who now have an ILL request each,
in the OPAC
- Go to the "Interlibrary loan requests" tab
- Click on "View" for the request connected to this patron. The URL
will look like something like this:
http://<opac>/cgi-bin/koha/opac-illrequests.pl?method=view&illrequest_id=2
- Now change the number at the end to correspond to the the ILL request
connected to the *other* patron
- Verify you can see the details of an ILL request conncted to another
patron than the patron you are logged in as
To test:
- Apply the patch
- Restart all the things if you are testing with ktd
- Reload the detail view of the ILL request that belongs to the patron
you are not logged in as
- Verify you are redirect to the 404 page and can not see the details
of the request that belongs to the patron you are not logged in as
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.
That way we will need to explicitely define the subroutine we want to
use from a module.
This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests
And a lot of other manual changes.
export.pl is a dirty script that can be found on bug 17600.
"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;
The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules
Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).
EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.
@EXPORT and @EXPORT_OK are the two main variables used during export operation.
@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.
@EXPORT_OK does export of symbols on demand basis.
"""
If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
- use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the ability for ILL to send notices, both triggered by
staff and triggered by events.
Staff can trigger notices to patrons from the "Manage ILL request" screen:
- ILL request ready for pickup
- ILL request unavailable
- Place request with partners
The following notices to staff are triggered automatically:
- Request has been modified by patron
- Request has been cancelled by patron
Branches can now specify an "ILL email" address to which notices
intended to inform staff of changes to requests by patrons can be sent.
The sending of notices is controlled by a few new sysprefs:
- "ILLDefaultStaffEmail" - Fallback email address for staff ILL notices
to be sent to in the absence of a branch address
- "ILLSendStaffNotices" - To specify which staff notices should be sent
automatically when requests are manipulated by patrons
Patron notices are also controlled by the patron's messaging
preferences
Sponsored-by: PTFS Europe
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@it-tallaght.ie>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It defaults to 0 in get_template_and_user
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the required infrastructure to enable ILL availability
plugins to intercept the request creation process and, using the
supplied metadata, search for and display possible relevant items from
whichever availability plugins are installed.
Currently three availability plugins exist:
z39.50 - Searches any number of the Koha instance's configured Z targets
https://github.com/PTFS-Europe/koha-plugin-ill-avail-z3950
EDS - Searches the EBSCO Discovery Service
https://github.com/PTFS-Europe/koha-plugin-ill-avail-eds
Unpaywall - Searches the Unpaywall API for possible open access versions
of the requested item
https://github.com/PTFS-Europe/koha-plugin-ill-avail-unpaywall
The Unpaywall plugin is intended to serve as a "reference" plugin as the
API it deals with is extremely simple
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@tudublin.ie>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This is a follow-up of bug 5371
The following command must not return anything:
grep ^output_html_with_http_headers `git grep -l -P "authnotrequired\s*=>\s*0" opac`|grep -v force_no_caching
This must be a test somehwere to prevent further regressions.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The OPAC view wasn't correctly restricting the display of backends when
the ILLOpacbackends preference was set.
See the test plan on comment 7
Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This adds the ILLOpacbackends syspref, allowing users to refine the ill
backends available to opac users for initiating ill requests
Remove default assignment for backends
We don't need a default assignment for the ILLOpacbackends assignment,
if the pref isn't set, it returns undef anyway. Also, having this
default assignment actually breaks the fetching of the preference
Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Clearing up the inconsistency mentioned in comment #35. There is one
place where we use the term 'media' for a template variable, everywhere
we refer to material types as 'types'.
NOTE: This is a breaking change for existing backends that still use
'media'. Of the PTFS Europe backends, only the Koha backend uses it,
this will be modified as necessary. Generally backends will supply this
variable themselves, so the breaking-ness of this change should be
minimal.
No test plan as it's backend dependent.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes the erroneously added workflow that requires staff
users to agree to the copyright clearance declaration defined in the
ILLModuleCopyrightClearance preference. Only OPAC users should be
required to accept the declaration.
To test:
1) Ensure you have at least one ILL backend available:
https://wiki.koha-community.org/wiki/ILL_backends
2) Ensure you have the "ILLModule" preference enabled
3) Add some text to the "ILLModuleCopyrightClearance" preference
4) As an OPAC user make an ILL request:
a) Navigate to a search results page in the catalog
b) Click the "Make an Interlibrary Loan request" link at the bottom
c) Choose "Create a new request", then select a backend
d) Observe the text you added earlier is displayed with buttons for
agreeing or disagreeing
5) As a staff user, select the "ILL requests" button on the front page of
the intranet site
a) Choose "Create a new request", then select a backend
b) Observe that you are NOT prompted to agree to the text you added
earlier
Assigned-to: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the exits that were missing after the redirects
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch fixes the display of the copyright notice text that is defined
in ILLModuleCopyrightClearance preference when placing ILL requests from
the OPAC. Handling of the copyrightclearance stage was missing,
this has been added.
To test:
1) Ensure you have at least one ILL backend available:
https://wiki.koha-community.org/wiki/ILL_backends
2) Ensure you have the "ILLModule" preference enabled
3) Add some text to the "ILLModuleCopyrightClearance" preference
4) Navigate to a search results page in the catalog
5) Click the "Make an Interlibrary Loan request" link at the bottom
6) Choose "Create a new request", then select a backend
7) Observe the text you added earlier is displayed with buttons for
agreeing or disagreeing (prior to this patch, this screen displayed
an error)
8) Observe that clicking "Yes" takes you to the form for adding request
details
9) Observe that clicking "No" takes you back to the "Interlibrary loan
requests" page
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
* koha/opac-illrequest.pl - Added explicit setting of authnotrequired
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
5/ This patch makes Koha::Illrequest->load_backend raise an exception
if the passed backend is invalid. This way we will catch more errors introduced.
The patch also disables the 'New Ill request' when no backends are available. Gets
rid of a related warnings.
Both OPAC and Intranet now display a warning message when no backends
are available.
Tests are added for the load_backend changes.
4/ This patch fixes the path for the checkboxes jquery plugin, and removes the include
for tablesorter, as this implementation uses Datatables. This is obviously code for older
Koha, ported to master.
TODO: There's something wrong on the styling. My idea is to get rid
of the custom column visualization tool, and have it display as regular
DataTables. We can then introduce the use of colvis on a separate bug
report.
Note: POD coverage for the exceptions file is wrongly tested. It is a false positive.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This Commit is at the heart of adding an interlibrary loans framework
for Koha. The framework does not prescribe a particular workflow.
Instead it provides a general framework that can be extended &
implemented by individual backends whose responsibility it is to
implement a specific workflow.
The module is largely self-sufficient: it adds new tables to the Koha
database and touches only a few files in the Koha source tree.
Primarily, we add our files to the Makefile and the koha-conf.xml,
define ill paths for the REST API, and introduce links from the main
intranet, opac pages & user permissions.
Outside of this we simply add new files & functionality.
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
