Commit graph

13 commits

Author SHA1 Message Date
dc7e886379 Bug 21693: Clean up checkout notes template
This patch modifies the checkout notes template to help compliance with
coding guidelines and interface patterns:

 - Convert to Bootstrap grid
 - Improve DataTables configuration
 - Put buttons into a toolbar and move above selection links

Also corrected: Minor markup error in circ-nav.inc

To test, apply the patch and enable the AllowCheckoutNotes system
preference. Add a few checkout notes via the OPAC.

 - Go to Circulation -> Checkout notes.
   - Confirm that the page looks correct at various browser widths.
   - Confirm that the first and last columns of the table of notes are
     not sortable.
   - The table should be sorted by default by title.
   - Title sorting should ignore articles "a," "an," and "the."
   - Test with the CircSidebar preference both on and off.
     - With CircSidebar turn on, the checkout notes menu item in the
       left hand sidebar should show a count of checkout notes.

Signed-off-by: Pierre-Marc Thibault <pierre-marc.thibault@inLibro.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-12-26 20:47:05 +00:00
5825026448 Bug 21526: uri escape TT variables when used in 'a href'
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 17:09:57 +00:00
13d0c46bdc Bug 13618: Add missing raw filters
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:14 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
419470d3cd Bug 17698: (QA follow-up) few more things
1. body tag was missing
2. make "Date" column sortable correctly
3. remove CDATA and type="text/javascript"
4. Handle server-side errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:43 +00:00
Aleisha Amohia
ac00c7a30d Bug 17698: (follow-up) Fixing things in Comment 57
3. In the JS console: "ReferenceError: $ is not defined", I did not
investigate it.

Where do you see this in the console? I cannot recreate on opac-user.pl
or on circ/checkout-notes.pl.

5. The alert id=error is displayed then hide in JS, but it's then
displayed half a second. We should hide it by default (css)

Fixed in this patch

6. I would move the "mark seen" and "mark not seen" buttons at the
top of the table

Fixed in this patch

8. Cursor on "Select all" and "Clear all" links must be adjusted

Fixed in this patch

9. $(".btn-xs").click(function(event){
The selector should be $("button.seen, button.notseen"), you
do not want to apply this function to all other btn-xs on
the page (maybe there are only two for now, but who knows
later?)

Fixed in this patch

12. Important: When a note is updated, it's still marked as
seen. Is it the expected behavior?

I don't see this behaviour. When a note is updated it is
marked as not seen.
opav/svc/checkout_notes:79: $issue->set({ notedate =>
dt_from_string(), note => $clean_note, noteseen => 0
})->store;

13. What will happen when hundred of notes will be on this
table? Not blocker but we will need a "hide seen" buttons to
filters the already seen notes.

Added in this patch

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:43 +00:00
1434d0aad0 Bug 17698: (QA follow-up) Fix minors design issues
This patch includes some changes required on comment 57:

1. Bad resolution conflict, permission self_checkout is re-add

2. The IGNORE modifier is missing in the INSERT statement

4. When I hit /circ/checkout-notes.pl from the side bar, the page displays "Checkout notes", nothing else. We should add "There is no checkout notes".

7. I would display the table on the confirmation screen as well

10. html filters are missing

11. span element should surround translatable string, to help translators

14. patron-title.inc must be used to display patron's info

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:42 +00:00
de56e9d68a Bug 17698: (follow-up) Rebase
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:42 +00:00
Katrin Fischer
9789477e75 Bug 17698: (QA follow-up) Changes to use Asset TT plugin (bug 20538)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:42 +00:00
Aleisha Amohia
ac4014d21b Bug 17698: (follow-up) Fixing some small issues
Fixing the comments in Comment 42

Ready to test

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:42 +00:00
Aleisha Amohia
cd4d46882f Bug 17698: (follow-up) Koha Objects, access borrower through patron sub
See Comment 27
This is ready to be tested.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:41 +00:00
Aleisha Amohia
4e722eda45 Bug 17698: (follow-up) Changing to Koha Objects style, adding circ sidebar
Marcel, can you please have a look at this patch. I tried to implement
the change
my @notes = $schema->resultset('Issue')->search({ 'me.note' => { '!=', undef } }, { prefetch => [ 'borrower', { item => 'biblionumber' } ] });
to
my @notes = Koha::Checkouts->search({ 'me.note' => { '!=', undef } }, { prefetch => [ 'borrower', { item => 'biblionumber' } ] });
but am having problems on the template side. I can access the item and
biblio information about the issue, but not the borrower information,
even though the query is definitely pulling it correctly. Any
suggestions or ideas as to why this breaks?

This patch also adds the implementation of the circSidebar.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:41 +00:00
Aleisha Amohia
4a3eaf02e2 Bug 17698: Make patron notes show up on staff dashboard
This patch adds a user permission for managing issue notes, and a 'noteseen'
column to the issues table.

To test:
1) Apply Bug 14224 first
2) Apply this patch, update database, rebuild schema.
3) Restart koha-common and memcached
4) Turn on AllowCheckoutNotes syspref if haven't already
5) Issue two items to two different users (one item each)
6) Log into the OPAC as one of the users and add an issue note to their
issue
7) Log out and log back into the OPAC as the other user
8) Disable Javascript
9) Refresh opac-user.pl
10) Leave a checkout note on their issue
11) Enable javascript and log into the Staff Client as a superlibrarian
user
12) Go to your user's account and edit their permissions to have
everything ticked EXCEPT circulate->manage checkout notes.
13) Go to main intranet page. There should be no message saying
'checkout notes pending'.
14) Go to circulation home page. There should be no link to Checkout notes.
15) Go back to user's permissions and tick circulate->manage checkout notes.
16) Go back to main intranet page. There should now be a message at the
bottom saying 'Checkout notes pending: 2'
17) Go to circulation home page. There should be a link to Checkout notes
with a 2 next to it. Click this link
18) Attempt to mark an checkout note as seen. This should update the status
of the checkout note to 'seen' and disable to 'mark as seen' button while
enabling the 'mark as not seen' button.
19) Test both buttons with both issues.
20) Test select all and clear all buttons
21) Confirm that buttons at the bottom are only enabled if a checkbox is
checked
22) Try selecting both issues and using the buttons at the bottom to
mark multiple issue notes at once.
23) Confirm the barcode link to the item works as expected.
24) Confirm the cardnumber link to the user works as expected.
25) Confirm all table details show correctly.

Sponsored-by: Catalyst IT

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Remove self-checkout permissions

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:40 +00:00