Commit graph

1642 commits

Author SHA1 Message Date
732ff4b1c6 Bug 11897: (QA follow-up) Template filter fixes
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:46:06 +00:00
85be5a8188 Bug 11897: Stockrotation
The stock rotation feature adds a batch process to automate rotation of
catalgue items with a staff client page under tools to manage rotas/schedules.

Once a rota is configured, and your staff user has the right permissions
to allocate items, then an additional tab will appear on biblio records
allowing the management of of which rota, if any, individual items belong to.

It also includes a cron script to process the items on a daily basis.

Signed-off-by: Kathleen Milne <kathleen.milne@cne-siar.gov.uk>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Edit: I removed a temporary file

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:46:05 +00:00
Alex Sassmannshausen
5088e3084d Bug 11897: Add Stock Rotation atomic update schema.
* installer/data/mysql/atomicupdate/stockrot_tables.sql: New file.
* installer/data/mysql/kohastructure.sql (stockrotationrotas)
  (stockrotationstages, stockrotationitems): New tables.
* installer/data/mysql/sysprefs.sql: Add Stockrotation sysprefs.
* installer/data/mysql/userflags.sql: Add Stockrotaiton userflag.
* installer/data/mysql/userpermissions.sql: Add Stockrotation
  userpermissions.
* koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/circulation.pref:
  Add Stockrotation menu.

Signed-off-by: Kathleen Milne <kathleen.milne@cne-siar.gov.uk>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:46:04 +00:00
58314233f7 Bug 15734: Use To.json to filter audio alerts
Test Plan:
1) Enable audio alerts
2) Note audio alerts don't work
3) Apply this patch
4) Note audio alerts now work

Use complex selectors to test:
  #circ_returns p.problem:contains('Not checked out.')
  #doc3 > #bd

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:45:03 +00:00
7e6a24b98a Bug 15520: Rename permission to manage_circ_rules_from_any_libraries
Signed-off-by: Lisette Scheer <lisetteslatah@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:02:51 +00:00
Jesse Weaver
82db1e1589 Bug 15520: Add permission to restrict circ rules editing to own library
Test plan:

1) Ensure that you have four users:
 a) A superlibrarian
 b) A user with all `parameters` permissions (the toplevel `parameters`
    box is checked).
 c) A user with the `manage_circ_rules` permission (and, of course,
    `catalogue`).
 d) A user with the `manage_circ_rules`, `manage_circ_rules_restricted`
    and `catalogue` permissions.
2) As all four users, load the "Circulation and fine rules"
   administration page (admin/smart-rules.pl).
3) The page should be unchanged for the first three users. It should be
   possible to view and edit the circ rules for all libraries.
4) The last (restricted) user should only be able to view and edit the
   circ rules for their own library.

Amended by JD: In a second version of this patch
manage_circ_rules_restricted has been replaced by
manage_circ_rules_from_any_libraries and 'no_inherit' related code has
been removed

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:02:50 +00:00
Katrin Fischer
09a7d37d53 Bug 9968: Fix wrong index for Standard number in advanced and label search
'Standard number' indicates that you can search ISBN, ISSN and other
standard numbers, but we are using the wrong index and only get a
very limited search for biblionumber instead.

This patch changes the index from sn to ident.

To test:
- Check both staff and OPAC advanced search:
  - Search for Standard number = ISBN
  - Search for Standard number = ISSN
  Both should work.
  Toggle [Intranet|OPAC]NumbersPreferPhrase system preferences
- Check the label creator
  - Add a new batch
  - Use 'add items' option and search for Standard number

Signed-off-by: Michal Denar <black23@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 11:04:24 +00:00
ff1b0ba7ca Bug 21352: Add missing USE statements
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-03 17:45:58 +00:00
Kyle M Hall
47c7f7c64c Bug 21352: Use the raw filter for plugin hooks, both opac and staff side
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-03 17:45:57 +00:00
Kyle M Hall
a37637e303 Bug 21352: Allow plugins to add CSS and Javascript to Staff interface
We should have plugin hooks for the staff interface just like we have for the OPAC as detailed on bug 20181.

Test Plan:
1) Apply this patch
2) Download and install the Kitchen Sink plugin ( v2.1.19 or later )
   https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases/download/v2.1.19/koha-plugin-kitchen-sink-v2.1.19.kpz
3) Install the plugin
4) Restart all the things if you can ( restart_all if you are using kohadevbox )
   This will ensure the plugin takes effect right away, it should be
   necessary but it won't hurt anything!
5) Load the staff intranet, notice you get an console error log message and the background
   for your staff intranet is now orange ( assuming you've not customized the
   staff intranet in any way )

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-03 17:45:57 +00:00
Alex Arnaud
1814ae1769 Bug 17282: add template's variable filters
Signed-off-by: Michal Denar <black23@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:36 +00:00
Alex Arnaud
edb627bcf2 Bug 17282: Ability to create charts for SQL reports
Add a form under report's result that allow to configure and draw a
chart (pie, bar, line and combination).

Pie: Usefull only for a two-column report's result

bar: Horizontal: Can be horizontal or vertical (check/uncheck
horizontal checkbox),
     Group: allows to group columns (stacked bar chart),
     Line: show some columns as line in a bar chart (combination)

line: line chart :)

This patch adds 2 new js libraries: d3js and c3js:
  - c3.min.css
  - c3.min.js
  - d3.min.js

Test plan:
- Apply this patch,
- execute a report,
- click on show chart settings button (in the tool bar),
- draw chart (click on draw button),
- check the chart

Features:
- Include all rows (ignore pagination),
- Download the chart (svg),
- Choose x column and y columns,
- Exclude last line (Rollup)

Signed-off-by: Michal Denar <black23@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:35 +00:00
448dd50cf5 Bug 21454: Remove html filter for Price filtered variables
Generated with:
perl -p -i -e 's/\|\s?\$Price\s?\|\s?html\s%]/| \$Price %]/g' **/*.tt **/*.inc

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:34 +00:00
Mark Tompsett
623f1db90a Bug 13272: (follow-up) add missing type="text"
This addresses comment #13.
This also applies cleanly.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 11:18:32 +00:00
Mark Tompsett
77871b408c Bug 13272: (follow-up) fix concerns from comment #5
Correct the two issues I pointed out.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 11:18:31 +00:00
Christopher Brannon
92a2d74c1c Bug 13272: Adds type="text" to inputs missing it
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 11:18:30 +00:00
Pasi Kallinen
ca839922fd Bug 20785: Advanced Editor does not honor MarcFieldDocURL
The advanced MARC editor, Rancor, doesn't obey MarcFieldDocURL.
Make it do so.

Test plan:

1) Enable EnableAdvancedCatalogingEditor
2) Set MarcFieldDocURL to eg. http://{MARC}.example.com/{LANG}/{FIELD}
3) Go to Cataloging -> Advanced editor
4) Go to any field and press Ctrl-H
5) Marc field documentation on www.loc.gov or ifla.org should open
6) Apply patch
7) Repeat 3 and 4. The Marc field docs should open on the URL you set

Signed-off-by: Pasi Kallinen <pasi.kallinen@joensuu.fi>
Signed-off-by: Michal Denar <black23@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-28 19:38:06 +00:00
bf89e4e124 Bug 21398: Make search field mandatory when adding to a basket from an existing record
Test plan:
- Create a basket
- Click the "Add to basket" button
- Click "Search" on the first line
=> Without this patch you get an ugly screen: https://snag.gy/U8X3ZK.jpg
=> With this patch applied you will not be able to submit without
filling the input in

QA note: Yes, we could handle that controller side as well, but much
more work.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-28 19:21:24 +00:00
Ere Maijala
2074421ba3 Bug 16424: Update default values in advanced editor when changing frameworks.
Signed-off-by: Michal Denar <black23@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-28 19:01:51 +00:00
Ere Maijala
75b5ce2a31 Bug 16424: Add framework support to advanced MARC editor
Keeps the selected framework, allows selecting another and validates the record using the correct framework. Contains additional minor tweaks to display proper error messages.

To test:
1. Add a record with a non-default framework in the basic editor.
2. Switch to advanced editor and make sure the settings menu displays the correct framework.
3. Save the record and confirm that the framework code did not change.
4. Change the framework and save the record again.
5. Verify that the framework code changed.
6. Change one framework to make an extra field mandatory.
7. Make sure that the field is required in the editor when the framework above is selected but not when another framework is selected.

Signed-off-by: Michal Denar <black23@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-28 19:01:50 +00:00
393b258234 Bug 21333: Add ability to add to basket from a new file
This patch adds a workflow for adding to a basket from a file. It
removes the need to stage the file before going to the basket and allows
you to stage the file and return to the basket

To test:
1 - Have basket in acquissitions
2 - Click add to basket
3 - Note new option to 'Add from new file'
4 - Click it
5 - You will be sent to the record import tool
6 - Stage your file
7 - There is a link after staging 'Add records to basket'
8 - Click it
9 - Your items should be added

Signed-off-by: Sonia <sonia.bouis@univ-lyon3.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-26 19:05:53 +00:00
fb5b377ffd Bug 20223: Merge members-menu and circ-menu inc files
This patch removes members-menu.inc and replaces the last functional use
of it with a call to circ-menu.inc.

An invalid use of members-menu.inc has been removed from member.tt.

To test, apply the patch and open a patron record for editing. The
sidebar menu should look correct and all sidebar links should work
correctly.

View the patrons home page and confirm that nothing has broken.

Search the Koha codebase for references to members-menu.inc. There
should be none.

Signed-off-by: Michal Denar <black23@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-26 15:38:58 +00:00
8671ea1195 Bug 20217: Make header's catalog search menu into a split button
This patch modifies the markup for the staff client header's catalog
search menu so that it mimics the behavior of a Bootstrap split button
(As seen on the cataloging home page's 'New from Z39.50' button).

To test, apply the patch, run 'yarn build' to regenerate the staff
client's CSS, and clear your browser cache.

- View any page in the staff client.
- Hover your mouse over the "Search" link in the header. It should
  trigger a hover affect on the adjacent menu link.
- Clicking the "Search" link should take you directly to the advanced
  search page.
- Clicking the adjacent menu link should display a menu containing links
  to advanced search and item search.

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-16 00:27:50 +00:00
f0863d814d Bug 19817: (follow-up) Remove local help files + edit help feature
I have no idea what happened but RM did not rebase that one correctly
before pushing it ;)

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-16 00:25:28 +00:00
Kyle M Hall
59b78fd095 Bug 19469: (QA follow-up) Disable priority pulldowns when using split holds queue
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-14 17:50:26 +00:00
b8104d8882 Bug 19469: (RM follow-up) Add filters and fix variable name
https://bugs.koha-community.org/show_bug.cgi?id=19469

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-14 17:50:20 +00:00
51a769bb59 Bug 19469: (follow-up) Use patron-title.inc as proposed by bug 18403
This patch makes the new template include file use the patron-title.inc
include to render the patron name.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-14 17:50:12 +00:00
42c94d185a Bug 19469: Add ability to split view of holds view on record by pickup library and/or itemtype
It is possible to set up circulation rules to limit trapping of holds by pickup library and itemtype.
To make it easier to understand which holds will be trapped in a given circumstance,
it would be nice if we could optionally group holds by pickup library and/or itemtype.

Test Plan:
1) Apply this patch set
2) Run updatedatabase.pl
3) Enable AllowHoldItemTypeSelection
4) Pick a record and create holds with various pickup libraries and itemtype combinations
5) Enable HoldsSplitQueueNumbering
6) Try the different combinations of HoldsSplitQueue
7) Ensure the hold "arrows" move the items correctly
   * Up and down arrows should move hold above or below the adjacent hold within a hold fieldset
   * Top and borrom arrows should move hold to the top or bottom within a hold fieldset

Sponsored-by: Stockholm University Library

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Followed test plan, patch worked as described. Also passed QA test tool

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-14 17:36:32 +00:00
Julian Maurice
a9e859942c Bug 19550: (QA follow-up) Add missing [% USE %]
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-07 15:55:01 +00:00
ec463e80aa Bug 19550: (RM follow-up) Add filters
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-07 15:54:28 +00:00
Julian Maurice
d96e2e71b8 Bug 19550: Add links to related authorities for UNIMARC
Links exist in search results for MARC21 but not for UNIMARC.
This patch fixes that.

Test plan:
1. Create an authority with a field 550 that links to another authority
   e.g. 550 $a Foo $9 42
2. Reindex this authority
3. Search for this authority
4. See that you now have a link "Foo" to authorities/detail.pl?authid=42
   in the summary

Signed-off-by: delaye <stephane.delaye@biblibre.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-09-07 15:54:27 +00:00
be691d86e3 Bug 21096: Do not display loggedinusername in template
This patch is a little fix for a much bigger hidden issues.

The original issue:
1. Set the firstname and surname values of a paontr to utf-8 characters
("wide characters"), for instance 月月
2. Use this patron to login at the staff interface
=> In the header the logged in patron's info (concat of firstname and
surname) are displayed correctly
3. Hit whatever link
=> In the header the info are now displayed incorrectly
("ææ")

What happens?
After that the user loggin, loggedinusername is set with the value from
the DB (borrowers.userid)
On next hits it is picked from the session (which contains the decoded
utf8 value, see first lines of C4::Context->set_userenv)
From C4::Auth::checkauth:
834             $s_userid = $session->param('id') // ''

The quick fix is to use the logged_in_user variable in the template, but
it seems that issues may occurred if external authentication is used
(ldap, shib, cas). Could someone test this?

Test plan:
Make sure the original issue is fixed

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:31 +00:00
7c05f4fbe4 Bug 21068: Remove NorwegianPatronDB related code
Bug 11401 introduced code to support Norwegian national library card.
This code is too specific to be part of Koha as it, it should be a
plugin instead.
Moreover nobody uses it, but a modified version (see comment 3).

Test plan:
Add/edit/delete patron and make sure there are no regressions introduced
by these patches

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:29 +00:00
Katrin Fischer
3c143b52ac Bug 19719: (follow-up) Show description instead of code
This follow-up changes the display from collection code
to description, following the existing pattern for
location.

To test:
- Repeat test plan from first patch
- Verfiy now the collection descrption shows
- Change column setting in administration
- Verify they work as expected

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-22 13:22:18 +00:00
Jesse Maseto
fd4d17ace1 Bug 19719: Add new column for collection in the patron checkouts data tables
This makes the collection visible in the checkouts table
on the details and issues tab in the patron account in staff.

TEST:

1. Check out a few items to patron.
2. View check outs on patron account in staff client.
3. Collection code is not present.

4. Apply patch

5. Notice that not Collection code is visible while viewing check outs.

Signed-off-by: Severine QUEUNE <severine.queune@bulac.fr>
Signed-off by: Maksim Sen <maksim.sen@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-22 13:21:14 +00:00
a750ebdbd9 Bug 7996: Correct wrong permissions for modification log
To test:
 1 - Create a staff patron with catalogue,borrowers,and view_system_logs
     permissions
 2 - Log in using that patron
 3 - Go to tools
 4 - Click 'Log viewer'
 5 - You get a blank page
 6 - View borrower circ screen, note you do not see 'Modification log'
 7 - Edit a borrower, note you do not see 'Modification log'
 8 - Apply patch
 9 - 'Log Viewer' should now load correctly
10 - You should see 'Modification log' tab during circ
11 - You should see 'Modification log' tab when editing patron

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-22 11:47:10 +00:00
22ab4ba524 Bug 13618: Remove filter when assigning array
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 16:53:56 +00:00
cc5c66d27b Bug 13618: Remove html filter for STOP and deal with existing USE raw
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:14 +00:00
8d61035e85 Bug 13618: (follow-up) Add html filters to all the variables
IntranetUserJS was missing (?!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:13 +00:00
f580af25e1 Bug 13618: Fix item search
We want to encode HTML characters for the "key => value"'s
like branchcode => branchname
But not the whole JSON string
We could have done it controller-side but it sounds better to do it as
we do for other places

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:12 +00:00
5a7ee2db08 Bug 13618: Deal with span in patron-title
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:11 +00:00
917ec3700e Bug 13618: Manually replace missing .raw
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:10 +00:00
dd9e978c2c Bug 13618: Fix BLOCKs
perl -p -i -e  's/BLOCK \| html/BLOCK/g' **/*.inc **/*.tt

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:09 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
889f148e4e Bug 21137: Replace USER_INFO with logged_in_user
This patch set does several things:
- it removes USER_INFO and BORROWER_INFO
These 2 variables contained logged-in patron's info. They must be
accessed from logged_in_user
- Use patron-title.inc for the breadcrumb at the OPAC, for consistencies

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:43:10 +00:00
3aef9a158b Bug 21121: Added new system preference to control hiding of personal patron information in the circulation page
Libraries may want to hide personal patron data from the circulation
page for privacy reasons this syspref introduces that ability for
library staff to control the display of this data themselves without
having to ask support vendors to hide it for them.

Test plan:
1. View circulation page and input a patrons barcode or name
2. Notice if the patron has a phone number, email, street address and
   city set then these are displayed in the left hand side of the screen
   under the patrons name. Otherwise if all/any of these fields are not
   set for the patron then the text: "No <datafield> stored." is
   displayed.
3. Apply this patch
4. Run ./updatedatabase.pl from the Koha shell to run the atomicupdate
5. Restart memcached and plack
6. Notice a new systempreference named
   'HidePersonalPatronDetailOnCirculation' has been added, which has the
   default value 'Dont'
7. Without changing the default value notice the personal patron
   information is still displayed on the circulation page
8. Change the value of the syspref to 'Do' and now notice the phone
   number, email address, street address and city are now hidden in the
   circulation page

Sponsored-By: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:23:22 +00:00
81431ee28a Bug 20226: Centralize update child code (CATCODE_MULTI)
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).

Moreover the strings used by the templates are also in several template
files (or .inc)

To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js

Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 11:58:26 +00:00
392e0ca8f1 Bug 20997: Replace missing credit_applied with 'Credit Applied'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-10 12:30:36 +00:00
91c1acd6bb Bug 20997: Add new offset type
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-10 12:30:35 +00:00
ff21352a4a Bug 20661: Shortcut circ scripts if a blocking error appeared
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
No test plan found ;)
But tested bookcount and request-article.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-10 12:23:03 +00:00