I think instead of a plain on/off switch we should use it in combination
with the plugin_repo's and set it to restrict to only those repos' (i.e.
disable uploads entirely if no repo's are listed, or just allow those
repo's when there are).
This patch achieves that, but only if plugins are installed via the
plugin browser method. We disable all direct upload avenues, so install
is blocked for other cases.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When plugin browser upload is disabled, also prevent plugin browser
uninstall.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If plugin upload is disabled, but there are git repositories listed in
the config for plugin searching, then you can search for a plugin and
attempt to install it. The install leads to an error page.
This patch removes the actions column and install button should the
enable_browser_upload option be disabled
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch enables enable_plugin_browser_upload by default,
since the current behaviour for Koha is to enable browser upload
when enable_plugins is 1.
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a enable_plugin_browser_upload flag to koha-conf.xml, which
controls whether or not Koha intranet users can upload Koha plugins via
their browser. Like "enable_plugins", it defaults to 0 for new installs.
This is useful when you want to provide Koha intranet users with plugins
that are pre-installed by administrators (by CLI) or restricting them
to plugins from a Github repo. See the following for more information:
Bug 23975 - Add ability to search and install plugins from GitHub
Bug 23191 - Administrators should be able to install plugins from the command line
To test:
1) Apply the full patchset
2) Confirm <enable_plugins>1</enable_plugins> is present in koha-conf.xml
3) Add <plugins_restricted>1</plugins_restricted> to koha-conf.xml
4) Ensure that the <plugin_repos> block is not commented and contains at
least one trusted organisation in koha-conf.xml
If needed get it from: debian/templates/koha-conf-site.xml.in
5) Run restart_all (in koha-testing-docker)
6) Go to /cgi-bin/koha/plugins/plugins-home.pl and note that you don't see
an option to upload plugins
7) You should however see a search option and upon search you should have
results returned from the chosen trusted organisations listed in the
<plugin_repos> block mentioned above.
8) Clicking install on one of the results should work as expected and install
the plugin.
9) Go directly to /cgi-bin/koha/plugins/plugins-upload.pl and note that it says
"Plugin upload is restricted to only those plugins listed by your server
administrator" and gives instructions on how to enable unrestricted browser
upload.
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Rebased-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
According to the timestamp option for bibs record type I added the
timestamp option for authority records.
Timestamp is already present in database on field "modification_time"
Test Plan :
1 - Be sure to have authority record type for easiest test create one
2 - Execute script export_records.pl in your koha/misc directory and
choose a date (example yesterday if you just created an authority
right now).(see export_records.pl -h for help)
3 - Timestamp option has no effect on authority record type
4 - Execute script again but choose the date of tomorrow for example
5 - Same result
6 - Apply this patch
7 - Play again steps 2 and 4
8 - On step 2 you will see only your authorities created today (because
script show you authority has changes since the date you choose in
option) and for step 4 you must see an empty file.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This is somewhat nitpicky but I think "Show fewer..." is more correct
than "Show less..." for strings like "Show fewer authors."
'Generally, fewer is used when the number of things is counted ("fewer
problems") whereas less is used when the number is measured ("less
trouble" or "less time").'
-- https://www.merriam-webster.com/words-at-play/fewer-vs-less
It's not a strict rule but to my ear it sounds more correct. The brief
"Show less" displayed on screen seems fine because the object feels
indeterminate: "Show less information."
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The place hold and add to cart buttons should identify to screen readers which title the button is linked to. This patch adds aria-labels that include the item title to make this more clear
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch addresses the Show more/less links in the side menu in opac-facets.inc. The links don't identify which facet they are linked to and this is confusing for screen readers.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The original display put the equivalent heading right after
the main heading with a = as separator. As the 7xx are repeatable
that could get croweded easily, also if the terms are longer
we might see not so nice breakage.
This puts every 7xx on its own line below the main heading
with some indentation.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I have some trouble to get the tidyness test on
AuthoritiesMarc.pm passing. There are several outstanding
patches touching this file, so I didn't dare to perltidy
the whole file just yet.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Instead of hardcoding the separator we take the value from systempreference.
Also adjust the unit test to expect the "equalterm" array.
Test plan same as before.
Signed-off-by: Christian Nelson <christian.nelson@uwasa.fi>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Currently when a MARC21 authority has 7XX field they do not display on
authority search result page. 7XX is equal term of 1XX based on LC rules.
Applying this patch will enable that feature, which is important for non latin
catalogues.
Test plan:
1) Add a new authority with 1XX and 7XX fields.
2) Try to search that authority and check if 7XX values are displayed
3) Apply this patch
4) Try to search that authority and you will see that 7XX values are displayed
like "1XX = 7XX"
Sponsored-by: Keratsini-Drapetsona Municipal Library, Greece
Mentored-by: Andreas Roussos
Signed-off-by: Frank Hansen <frank.hansen@ub.lu.se>
Works for me!
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This requires enabling MarcItemFieldsToOrder, see bug 34645
Add an inactive Budget and some funds to your system
Import a file with multiple biblios
Confirm the button hids/displays the funds for all item orders
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
<key content="value"></key>
was wrongly parsed as
{ key => 'value' }
whereas it should be
{ key => { content => 'value' } }
The 'content' attribute is used in shibboleth config
Test plan:
1 Run `prove t/Koha/Config.t`
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This adds missing descriptions to the existing statistics database
columns.
It also improves some existing descriptions.
1. Go to Reports > Guided reports > Create guided report.
2. Choose 'Circulation' for the module to report on and select
'Next'.
3. Choose 'Tabular' for the type of report and select 'Next'.
4. Scroll down to the statistics table section and note that there
are no descriptions for:
- statistics.other
- statistics.location
- statistics.ccode
- statistics.categorycode
5. Note that:
- the description for statistics.type is 'Type'
- the description for statistics.itemtype is 'Item type'
6. Apply the patch.
7. Restart all the things (restart_all).
8. Reload the page.
9. Note that:
. there are now descriptions for the columns in step 4
. the description for statistics.type is now 'Transaction type'
(to more clearly indicate what it contains)
. the description for statistics.itemtype is now 'Koha item type'
(consistent with other tables where this is used, such as items)
10. Sign off :D
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This enhancement makes it easier for libraries to change the Shibboleth-related messages on the OPAC login page.
Libraries can employ OPACUserJS to change the text. For e.g., I can replace the message "If you do not have a Shibboleth account, but you do have a local login, then you may login below." by putting the following in OPACUserJS:
$(".shib_local_text").text("If you do not have a staff member account, but are a member of the library, then you may log in below.");
To test:
1. Go to <your-opac-url>/cgi-bin/koha/opac-user.pl , or disable the OpacPublic system preference. Ensure you are logged out of the OPAC.
2. In the staff interface, search for the OPACUserJS system preference under Koha Administration. Add the following JS and Save:
$(".shib_invalid").text("Test changing the invalid Shibboleth login message.");
$(".shib_title").text("Test changing the Shibboleth login heading.");
$(".shib_url").text("Test changing the Shibboleth account link text.");
$(".shib_local_title").text("Test changing the local login heading.");
$(".shib_local_text").text("Test changing the message that shows if you do not have a Shibboleth account.");
3. Refresh the OPAC and confirm the text changes to reflect your JS. Note: The invalid Shibboleth login will be a bit harder to test, so if you can't test, confirm the HTML in the patch looks correct.
Sponsored-by: New Zealand Council for Educational Research
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Use event parameter
This is part of the refactoring happening in bug 30975
Test plan:
1. Verify that the plugin continues to work as before
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Use event parameter
This is part of the refactoring happening in bug 30975
Test plan:
1. Verify that the plugin continues to work as before
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This change explicitly ignores SIGPIPE signals in the background jobs
worker.
Daemons like Starman ignore SIGPIPE so it makes sense to explicitly set this.
Differences in the inner workings of MySQL vs MariaDB client libraries have yielded
different behaviours in automatic reconnections and potentially SIGPIPE handling,
so this helps to make the overall behaviour more consistent.
Test plan:
0. Apply patch and run "restart_all"
1. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
2. Click "Save" > "MARCXML"
3. Go to http://localhost:8081/cgi-bin/koha/tools/stage-marc-import.pl
4. Click "Choose file", choose the MARCXML file, click "Upload file"
5. Click "Stage for import"
6. Note the job is marked as "100% Finished"
7. In a separate window run "docker restart koha-db-1"
8. Repeat steps 3-5 for uploading file and running stage for import
9. Note that the job is marked as "100% Finished" as you'd expect
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Added comment on the SIG PIPE line.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Some tests compare things to the output of `->to_api` and are exploding
because the (now mandatory) `user` parameter is not passed in the call.
In the case of IdP.t I just got rid of the use of `to_api` as we are
just trying to acknowledge a new user has been created and the API
representation of it is irrelevant.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds the new default values to the data structure the result
is compared with.
It also fixes the tests count (probably an untested rebase issue)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch moves the call to $sftp->error outside of the double quote
string and into a . concat to properly expose the error message as
apposed to outputting 'Net::SFTP::Foreign=HASH(0x559c9118f0c8)->error'
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To recreate:
1. Make sure you have the "Default waiting hold cancellation policy" set to allow via circulation rules.
2. Make several holds at different branches holds and set them to waiting
3. Request to cancel those holds, making sure you cancel some for different branches.
4. Go to waitingreserves.tt and notice that you see all of the holds from all branches.
5. APPLY PATCH and restart services
6. Vist the waitingreserves.tt page and notice that the "Holds with cancellation requests" table can now filters by branch.
7. Use the "View all libraries" and make sure you can see all the holds with a cancellation request.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Looking at the other entries for the module in notices we most often
use the actual module name: patrons, suggestions, holds, etc.
So I updated "Report" to "Reports" to match that pattern.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Sometimes it is useful to display the results of a report in a non-table format. We should be able to create notice templates to render reports.
Test Plan:
1) Apply this patch
2) Restart all the things!
3) Create a new notice template using the new "Report" option from the
"New notice" pulldown.
4) In the "Print" area, paste the following template:
[% FOREACH b IN data %]
<div class="panel panel-default">
<div class="panel-heading">[% b.surname %], [% b.firstname %]</div>
<div class="panel-body">Expiration: [% b.dateexpiry %]</div>
<div class="panel-footer">ID: [% b.borrowernumber %]</div>
</div>
[% END %]
5) Create a report with the query: SELECT * FROM borrowers
6) Once the report is saved, use the new "Run with template" option to
select the template you just created.
7) Note that instead of the results being a paged table, you instead
see the results rendered as cards!
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
This is a trick, so that we won't have to deal with \t in PO files.
\n is not a problem, but it seems consistent to use the same method for
both.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
We have our own "quote_po" sub that is stating that Locale::PO::quote
is buggy because it does not deal with quoting new lines correctly.
However it seems that it is fixed now.
Ideally we could use Locale::PO::quote everywhere, but it does not
escape tab characters:
$string =~ s/\\(?!t)/\\\\/g; # \t is a tab
This means the following:
msgid "Tabulation (\\t)"
msgstr "Tabulation (\\t)"
become:
-msgid "Tabulation (\t)"
-msgstr "Tabulation (\t)"
And we are seeing the following on Weblate:
https://snipboard.io/BjQmDC.jpg
Note that Locale::PO has not been updated since 2014...
The real problem behind this is that we have 2 methods to quote strings.
At first glance it seems that Locale::PO::quote was not used before, but
with the introduction of the koha-i18n project we will have scripts that
will use Locale::PO->save_file_fromarray, which uses Locale::PO->quote
=> Those scripts will be used on the translation server for post
processing (security reason, marking potential XSS strings as fuzzy).
Test plan:
0. Do not apply the patch
1. gulp po:update --lang LANG # Replace LANG with your favorite language
code
2. git commit -a -m"init PO files"
3. Apply this patch
4. Repeate 1.
5. git diff
=> The change is about the "Tabulation" and "New line" strings from
tools/csv-profiles.tt
6. Translate them (replace the \t and \n with %s) and remove the fuzzy
flag
7. install the template: cd misc/translator && perl translate install
LANG
8. Enable the language, use it and go to the "Nouveau profil CSV" view
=> Notice that the \t and \n are correctly displayed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
When fetching the record we need to eval in case of exception
To test:
1 - Apply first patch
2 - perl misc/link_bibs_to_authorities.pl
3 - Note it dies on parser error at record 369
4 - Apply this patch
5 - perl misc/link_bibs_to_authorities.pl
6 - The process completes - with warning thrown on record 369
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
This patch simplay adds an eval and a warning to link_bibs_to_authorities to catch any errors while searching and continue linking.
To test:
1 - edit /etc/kohia/sites/kohadev/koha-conf.xml and add to elasticsearch stanza
<request_timeout>0</request_timeout>
2 - perl misc/link_bibs_to_authorities.pl
3 - It dies immediately
4 - Apply patch
5 - perl misc/link_bibs_to_authorities.pl
6 - Now it tries every record, throwing warnings along the way, but completes
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
When using background jobs, there is a possibility of a race condition where two jobs will be updating the holds queue for the same biblio. We should try to minimize those cases (see bug 34596)
In the meantime though, we should prevent jobs possibly dying, and allow the most recent update to succeed.
There is a possibility two updates wil assign different items to the same reserve, and that a reserve could end up in the queue twice, however, whichever one is filled first will delete both entries. as filling the hold deletes by reserve id (see bug 24359)
This patch adds a transaction to delete and then inset the new row
To test:
1 - prove -v t/db_dependent/Reserves.t
2 - It fails
3 - Apply patch
4 - t/db_dependent/Reserves.t
5 - It succeeds!
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
This patch makes the effective not for loan status be set the item value
if not defined at itype level.
To test:
1. Apply the regressions tests patch
2. Run:
$ ktd --shell
k$ prove t/db_dependent/api/v1/items.t
=> FAIL: Tests fail!
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
This patch re-instates the classes used for the selenium tests.. I
checked we weren't using them for javascript or css, but didn't think
about tests before.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch switches from removing inaccessible items from the responses
to instead redacting fields in innaccessible responses.
This allows for embed traversal and keeps counts etc correct but also
hides the data we want to hide.
We add support for an 'unredact_list' method at the Koha::* class level
allowing for individual classes to specify which fields they wish to
expose to restricted users regardless of their restriction.
It is to be used in combination with the is_accessible method introduced
earlier in this patchset which is used to denote whether the current
user should be allowed to see the full record or only a subset of it as
defined in the unredacted_list.
We undefine any fields not listed in the unredact_list for the API
response. This has the effect of still returning the full object of
keys, but setting most fields to a JSON null.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch works through the unit tests and existing code to allow
removal of the FIXME I introduced earlier in the patchset.
We now require the `user` parameter be passed to `is_accessible` which
in turn makes `user` a required parameter for `to_api` in the
`Koha::Patron` case.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch introduces a very localised cache of the restricted branches
list in the logged in patron object.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In this patch I add 'user', containing the Koha::Patron object for the
logged in user in the params hash we pass around in to_api. I then use
that in a new 'is_accessible' method added to Koha::Patron.
The new method is really the equivilent of 'search_limited' in the plural
class and could perhaps be renamed 'is_limited' or something clearer for
the singular form 'is_filtered' or 'fitler_for_api' or something?
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>