GetMemberDetails() returns only one hashref now,
not two. In all cases where the caller was
expecting two output values, the $flags return
was ignored anyway.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch allows patrons to update their messaging preferences. This
includes methods in C4::Members to manage patron messaging preferences.
added cgi script to allow patron to edit their messaging preferences
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
I'd like to add another template parameter to geta_template_and user, but found it diffiult due to unreadability.
I stanadardized the whitespace in a portion of get_template_and_user,
alphabetized the parameters, finding a duplicate in one spot,
and then extracted the common template parameters that are set the same
regardless of template type.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
NOTE: This patch introduces code which generates an anonymous session when a patron first browses to OPAC.
This anonymous session contains a minimal amount of information including the results of a query to discover
all public lists/shevles. When the user logs in, the anonymous session is cleared and a new session created
for that user.
kohabug 1875 - fix error when editing a patron record
C4::Auth::checkauth was not distinguishing between a
'userid' input from an OPAC or staff login form and
a 'userid' input from (e.g.,) the patron editor.
Consequently, adding or editing a patron record would
result in Koha trying to log in as the new patron.
To resolve this, added a hidden input to all login
forms, 'koha_login_context', to explicitly signal
when a login is occurring. The value of this input
can be 'opac', 'intranet', or 'sco' - the value is
not used at present, but may be of use later.
C4::Auth - added debug flag to two warns
kohabug 1875 - create anonymous sessions only for OPAC
No need to create an anonymous session for the intranet.
set yuipath correct for login pages
When preparing the template parameters for a login form,
C4::Auth was overriding the value of yuipath set
by C4::Output::gettemplate(), thus causing 404 errors
if the 'yuipath' syspref was set to 'local'.
kohabug 1875 - avoid warns viewing lists anonymously
During an anonymous OPAC session, the $loggedinuser variable
is not set. As the undefined value causes warns in
C4::VirtualShelves::Page::shelfpage, for the purpose of the
shelfpage call the loggedinuser is set to -1, which should
not correspond to any real borrower number.
This is admittedly a hack to avoid digging through all
of C4::VirtualShelves to deal with lists viewed anonymously.
kohabug 1875 Refactoring of &ModShelf to avoid overwriting list owner needlessly
kohabug 1875 Avoid warning if can't find owner of shelf
Since virtualshelves.owner is not a true FK of borrowersnumber.number,
set ownername to '' if can't find the patron
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Calculate OPACBaseURL from the
CGI environment variables instead of using the
system preference. As a result of this patch,
it should be possible to change the hostname,
protocol, or port of the OPAC without having to
reset a system preference.
Also added a FIXME to opac/unapi - the URL of
the SRU/W server has no necessary relationship
to the URL of the OPAC.
Once this patch is confirmed, the syspref can
be removed.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Three scripts were incorrect setting the HTTP type
header to 'utf-8' instead of something appropriate
like 'text/html' - Firefox evidentally can ignore that
mistake, but IE7 does not.
Fixed by replacing an invalid print of the HTTP header
and template output with a call to
C4::Output::output_html_with_http_headers.
Also corrected POD in C4::Auth and InstallAuth to
reflect correct use of output_html_with_http_headers.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
now yuipath is added in C4::Output and uses themelang
In my opinion, all the general variables that are used in output should get in C4::Output (since there is theme lang computed.)
rather than in C4::Auth
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Enhanced the permission-checking functions in C4::Auth
(e.g., get_template_and_user, checkauth, check_api_auth, etc.).
If the CheckSpecificUserPermissions syspref is OFF, the behavior
of those APIs is unchanged.
If CheckSpecificUserPermissions is ON, then the value of each
key in the flagsrequired hash is considered during
the permissions check:
1. if the value is 1, the staff user must have
all privileges for the userflags flag (or module)
referred to by the hash key, e.g.,
{ flaqsrequired => { tools => 1 } }
In terms of the database, this means that the
corresponding bit must be set in borrowers.flags.
2. If the value is '*', the staff user must
have at least one of the permissions for the
userflag/module, but it doesn't matter which one.
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there at least is one row in user_permissions
for the staff user and bit/module combination.
3. If the value is any other string, it must be
a permissions code defined in the permissions table.
The staff user must have that specific permission
or have access to all functions of the module
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there is a matching row in user_permissions
for the staff user, bit/module, subpermission
code combination.
In addition, get_template_and_user is modified so that the
CAN_user_XXX variables that it sets also includes the
subpermissions available (CAN_user_XXX_YYY, e.g.,
CAN_user_tools_import_patrons). The template variables
for the specific permissions are set regardless of whether
CheckSpecificUserPermissions is ON or OFF so that the templates
don't have to test for that syspref explicitly.
In addition, the meaning of CAN_user_XXX has changed slightly -
CAN_user_tools, for example, is set to 1 in the template if the
user has access to *any* of the tools functions. This was done
to simply the logic for deciding whether to display a menu
item in the staff interface are not. This does mean that
when specific subpermissions are added to (say) the circulate
module, each use of CAN_user_circulate will need to be examined
to see if the intent is to allow the user to get at a circ
menu or page or if the user really should be required to have
all circulate functions.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
adding some parameters to the call to opac-auth.tmpl in C4::Auth::checkauth
This displays the additional navigational links in the masthead on the login page to unauthenticated users.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
As announced this past February, Amazon.com will no longer be
accepting web services requests to Amazon E-Commerce Service
(Amazon ECS) version 3.0 beginning on March 31, 2008.
This patch upgrades to Amazon.com's Associates Web Service 4.0
for the following components:
1. Amazon.com Locale support for: Canada, Germany, France, Japan,
UK, and US (see the new syspref called AmazonLocale)
2. Jacket Covers
3. Editorial Reviews
4. Customer Reviews
5. Amazon.com Similar Items
The following changes MUST be made to continue using Amazon.com
content:
1. Delete the system preference: AmazonDevKey (AmazonDevKeys used
with AmazonECS 3.0 are no longer valid)
2. Add the system preferences: AmazonLocale, AWSAccessKeyID
NOTE: steps 1, 2 are done by the web installer
3. Verify your AWSAccessKeyID:
You may already have an Access Key ID. You can access your Access
Key ID by going to http://aws.amazon.com, pointing to Your Web
Services Account, then clicking View Access Key Identifiers.
Depending on when you signed up for ECS 3.0, you may need to
re-register for an AWS account, which includes an Access Key ID.
4. Enter your AWSAccessKeyID in the Koha syspref called
AWSAccessKeyID
For complete details on the changes in Amazon.com Associates Web
Service 4.0, and the migration process, please see: http://tinyurl.com/ysorqy
Other changes with this patch:
* added $tabsysprefs{PatronsPerPage}="Patrons";
* Moved OPAC Features to OPAC in sysprefs
* removed experimental OPACXISBNAmazonSimilarItems and XISBNAmazonSimilarItems features
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
When using mysql and a sufficiently recent version
of DBD::mysql that actually respects the mysql_enable_utf8
option, setting the current branch to a name that
includes a diacritic causes the session to fail
and forces the user to the login screen upon
clicking another link.
This turned out to be due to the default (Data::Dumper)
serialization used by CGI::Session, which truncated the
session object at the diacritic. By enabling
that module's YAML serialization option, the problem
was resolved.
This patch introduces a dependency on the YAML::Syck
module.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Major Fix:
Fixing bug where 'expected' label existed for items that
were 'waiting'
Minor Cleanup:
Show correct statuses
Show itemtypes at correct levels depending on
global system preference
Display branch names, not branch codes
Adding in visibility option for 'canreservefromotherbranches' syspref
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Refactoring to provide single place to get CGI::Session ojbject;
fixes bug for DB storage method other than 'mysql'.
This refactoring is also part of the patch series for
handling large input files for staging and processing
MARC records.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
if IndependantBranches is set, then the user can't choose it's branch, it's automatically affected to it's own branch.
This fix removes the branch list & choose the branch automatically from the login
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
If the SearchMyLibraryFirst is set, then a logged user will automatically limit the search
to it's own library.
I also did some code cleaning
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
temporary files
Need to add it to a couple more places in C4::Auth
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The kohaversion is in the code directory (in /kohaversion.pl)
C4::Context now has a new method C4::Context->KOHAVERSION
that returns the koha code version.
The systempreference Version contains the database version.
If the 2 are differents, when the user log in, he is redirected to web installer (new behaviour : before this commit, the check was done on everypage, it's too CPU costly I think)
In the web installer, we check now if we do a new setup or an upgrade and show only the appropriate link.
The updatedatabase contains a lot of new things :
* SetVersion($kohaversion), that set the kohaversion after each update
* TransformToNum($kohaversion) that returns a number (3.0000001 from 3.00.00.001 for example) for a given koha version
* DropAllForeignKeys($table) that does what is written : drop all foreign keys. A shame it's not possible directly in mySQL...
* for each database update, just :
add the following lines :
=item
Describe what it does for other developpers
=cut
$DBversion = "your.koha.version.dbnumber";
if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
#
# DO YOUR UPDATE STUFF
#
print "Upgrade to $DBversion done (specify what it does if you want)\n";
SetVersion ($DBversion);
}
IMPORTANT NOTES :
in koha 2.2, a new install was done through installing a 2.2.0 database, then updating it to the installed version.
in Koha 3.0, /installer/kohaversion.sql MUST contain an uptodate version, as the installer set the DB version to kohaversion after uploading kohaversion.sql. It does NOT run updatedatabase.
The update from Koha 2.2 to Koha 3.0 must NOT be done through the webinstaller : updatedatabase is very very long to run and you'll reach Apache timeout for sure. See http://wiki.koha.org/doku.php?id=22_to_30 that contains my notes for upgrading (with some/few UNIMARC specific stuff)
Note For RM, please eyeball this change
Signed-off-by: Chris Cormack <crc@liblime.com>
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
skips third party software check and mysql check to go to updatedatabase.
Adding similar check to intranet and opac.
BEWARE !!!!!
You may be linked to install if you donot have Version variable set in your systempreferences table.
If so, simply updatedatabase OR add Version 3.0 record to your systempreferences table.
adding two fields in branches table (branchip,branchprinter)
branchip : if the library enter an ip or ip range any librarian that connect from computer in this ip range will be temporarly affected to the corresponding branch .
branchprinter : the library can select a default printer for a branch
- modified userenv to add branchname
- modifier menus.inc to have the librarian name & userenv displayed on every page. they are in a librarian_information div.
* synch with rel_2_2. Probably the last non manual synch, as rel_2_2 should not be modified deeply.
* code cleaning (cleaning warnings from perl -w) continued
- Trying to get a basket not owned by so of his own branch leads to mainpage.
- Lists onlys ths baskets owned by someon of user's brach.
Auth.pm now sends a cookie with userenv informations.
Addign a Cookie containing user specific vars such as :
branch,
firstname,
surname,
cardnumber...
may be criticized from a lawyer point of view, since name and surname are given.
But the real need is for userid and branch.
And it is achieved.
Auth passes now TWO cookies :
a session cookie
And an environment cookie.