This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs
against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses
in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24,
10.0.0, and so on.
To Test:
1. Apply the patch
2. Empty the 'ILS-DI:AuthorizedIPs' system preference
3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
3b. Note that the request is successful
4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including
your IP address (e.g. 192.168.1.0/24)
5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
5b. Note that the request is successful
6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include
your IP address (e.g. 1.1.1)
7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
7b. Note that your request is refused
8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values
(e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Currently ILSDI scripts do not have a userenv set. This affects both
action_logs and statistics.
For action_logs we either get no user or, if there is an active session, we use that one. This can have unintended consequences and we should explicitly set the env so that system user (0) is recorded
For statistics we need to specify a branch to record for actions like renewals. With bug 24759 we add an items method for this. We should take advantage of this method and use the 'opac' interface as the ilsdi scripts live there.
To test:
1 - Enable ILSDI in systempreferences
2 - Checkout an item to a patron
3 - Enable Renewal logs
4 - Ensure you will be able to renew the item several times
5 - Open an incognito/private browser
6 - Renew item via ilsdi:
http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=RenewLoan&patron_id=5&item_id=1128
7 - Check action logs, interface may be random, user should be 0, if not make sure the user in step 9 is a different one
8 - In private browser open a new tab
9 - Sign in to staff client
10 - Return to other tab
11 - Refresh page to repeat renewal
12 - Check action_logs
13 - The second renewal indicates it was renewed via intranet by logged in staff member
14 - Apply patch
15 - restart_all
16 - Ensure staff client still signed in
17 - Repeate renewal again
18 - Check logs, renewal now indicates opac again (as it should), user is 0 even if logged in on other tab
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
test plan :
1/ Submit a hold through ILSDI with start_date and expiry_date parameters
2/ Verify in Koha those parameters are not applied to the newly created
reserve. Delete reserve.
3/ Apply patch and repeat 1.
4/ Verify the reserve created by same request as 1 now has both dates
applied and visible in Koha.
Signed-off-by: Christophe Croullebois <christophe.croullebois@biblibre.com>
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When patrons have a lot of checkouts, GetPatronInfo can take a lot of
time. This patch introduces two new parameters to allow pagination of
this list of checkouts
Also, fix a warning in C4::ILSDI::Services::GetPatronInfo
Test plan:
1. Go to /cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=X&show_loans=1
where X is a borrowernumber of a patron who has several checkouts
Verify that all checkouts are listed
2. Add '&loans_per_page=1&loans_page=1' to the URL. Verify that you have
now only one checkout listed, and that there is a new element
<total_loans> which contain the total number of checkouts
3. Increase the page number in the URL until you have seen all checkouts
4. prove t/db_dependent/ILSDI_Services.t
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch was generated using codespell
Test plan:
Read through changes and confirm they make sense
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=21706
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Patch provides a constrained set of borrower attributes to try in turn if the
ID type is not specified. Also added "email" to the POD documented list of
id types seeing as its quite a useful one for integration developers.
Test plan:
1) without the patch applied, turn on ils-di interface in your admin sysprefs
and then try accessing the URL:
https://your-server/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=Mabel
replacing "your-server" your Koha dev test domain name (localhost:8080 if
you're using a kohadevbox VM) and "Mabel" with the first name of a patron
(Mabel is in the test database already if you're using that).
You should get back an error message in the XML.
2) Apply the patch and repeat. This time you should get an <id> element in
the XML with Mabel's patron ID in it.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch does the same as the previous one, but affects lines which
have not been caught by the regex.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch replaces the occurrences of
my @foo = $cgi->param('foo');
with
my @foo = $cgi->multi_param('foo');
perl -p -i -e
's/^(\s*my\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch adds the ability to query the extended patron
attributes via the ILSDI web service's GetPatronInfo service.
Example: ilsdi.pl?service=GetPatronInfo&patron_id=3&show_attributes=1
A new element <attributes> will be added if there
are any attributes available from the database.
We need to discuss the security implications of showing the
attributes. At present it will allow querying of non-public
(OPAC-visible) information. We might want to change this.
Sponsored-By: Halland County Library
Test plan:
* Configure Koha to make use of extended attributes:
Under 'Administration' -> 'Global system preferences' ->
'Patrons' tab -> Set 'ExtendedPatronAttributes' to 'Enable',
press save and switch to 'Web services' tab.
* Enable the ILS-DI service:
Under 'Administration' -> 'Global system preferences' ->
'Web services' tab -> 'ILS-DI' section:
Set 'ILS-DI' to 'Enable' and save.
* Create an attribute to query:
Under 'Administration' -> 'Patrons and circulation' ->
'Patron attribute types' press 'New patron attribute type':
Enter a type code, like 'DOORCODE', description and assign
a category that your test patron is a member of, then save.
* Set value for test user:
Locate the test patron, the new attribute should be listed
under 'Additional attributes and identifiers'.
Click 'Edit' and assign a value, like '1337' and save.
* Query the ILS-DI service:
http://127.0.1.1/cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=1&show_attributes=1
The output XML should have an element named 'attributes'
containing the data you entered.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
opac/ilsdi.pl: Stricture disabled at line 217, column 17. See page 429 of PBP. (Severity: 5)
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
opac/ilsdi.pl: Stricture disabled at line 217, column 17. See page 429 of PBP. (Severity: 5)
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.
This patch changes the occurences of '.tmpl' in favour of '.tt'.
To test:
- Apply the patch
- Install koha, and verify that every page can be accesed
Regards
To+
P.S. a followup will remove the glue code.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
use encoding(UTF-8) rather than utf-8 for stricter
encoding
Marking output as ':utf8' only flags the data as utf8
using :encoding(UTF-8) also checks it as valid utf-8
see binmode in perlfunc for more details
In accordance with the robustness principle input
filehandles have not been changed as code may make
the undocumented assumption that invalid utf-8 is present
in the imput
Fixes errors reported by t/00-testcritic.t
Where feasable some filehandles have been made lexical rather than
reusing global filehandle vars
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Moved the binmode pragma to the end of the file, so it won't affect documentation templates. So no more double encoding.
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Moved the binmode pragma to the end of the file, so it won't affect documentation templates. So no more double encoding.
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
[MT2306_2271] ILS-DI Message codes consistence
The services now returns ILSDI error codes in a <code> tag, plus details in a <message> tag.
Exemple:
<LookupPatron>
<code>MissingParameter</code>
<message>The required parameter patron_id is missing.</message>
</LookupPatron>
[MT2306_2271] Minor changes in HTML
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
