This patch switches from removing inaccessible items from the responses
to instead redacting fields in innaccessible responses.
This allows for embed traversal and keeps counts etc correct but also
hides the data we want to hide.
We add support for an 'unredact_list' method at the Koha::* class level
allowing for individual classes to specify which fields they wish to
expose to restricted users regardless of their restriction.
It is to be used in combination with the is_accessible method introduced
earlier in this patchset which is used to denote whether the current
user should be allowed to see the full record or only a subset of it as
defined in the unredacted_list.
We undefine any fields not listed in the unredact_list for the API
response. This has the effect of still returning the full object of
keys, but setting most fields to a JSON null.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch works through the unit tests and existing code to allow
removal of the FIXME I introduced earlier in the patchset.
We now require the `user` parameter be passed to `is_accessible` which
in turn makes `user` a required parameter for `to_api` in the
`Koha::Patron` case.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch introduces a very localised cache of the restricted branches
list in the logged in patron object.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In this patch I add 'user', containing the Koha::Patron object for the
logged in user in the params hash we pass around in to_api. I then use
that in a new 'is_accessible' method added to Koha::Patron.
The new method is really the equivilent of 'search_limited' in the plural
class and could perhaps be renamed 'is_limited' or something clearer for
the singular form 'is_filtered' or 'fitler_for_api' or something?
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch introduces a method for checking if an object can be
retrieved by the current user. It depends on the plural class
implementation of the ->search_limited method.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Object.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
prove -v t/db_dependent/Koha/Checkouts.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Might come back on the subject when resuming with bug 33636.
Test plan:
Run t/db_dependent/Koha/Statistics.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Tidy Koha/Item.pm bit further. Ordered hash keys too.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
See the Bugzilla report. I have been asked to restore the former
tests although I definitely think that they are wrong. Will address
that on bug 34308 separately.
This currently has the side-effect of negative lost values being
interpreted as 'found'. (Do not use negative lost values!)
The added subtest still reflects that now. Added a few TODOs.
Test plan:
[1] Prove t/db_dependent/Koha/Items.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Run t/db_dependent/Koha/Statistics.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
[EDIT} Tidied inline.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Adding exceptions, removing croaks.
No exception in new for unknown hash keys, store will catch that.
Prepare switching amount parameter to value (db column name).
Test plan:
Run t/db_dependent/Stats.t
Run t/db_dependent/Koha/Items.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
[EDIT] Fixed the mandatory check in Stats.t. Removed key_or_default.
Additional tidy.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Moving code to Koha::Statistic->new and ->insert.
Polishing code a bit further in next patch.
Test plan:
Run t/db_dependent/Stats.t
Run t/db_dependent/Koha/Statistics.t
Run t/db_dependent/Koha/Pseudonymization.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
[EDIT] POD headers, use plural module and tidy Koha::Statistic
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Run t/db_dependent/Stats.t
Run git diff -w HEAD~1.. t/db_dependent/Stats.t, proving that we
only did whitespace changes.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Subtest, modules, license.
The t/Stats.t is as good as empty, can be removed.
Test plan:
Run t/db_dependent/Stats.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Restart all the things!
4) Enable the new digest option for "Hold filled" messages
5) Trap multiple holds for a patron
6) Note a single notices is generated for all the trapped holds!
Signed-off-by: George Williams <george@nekls.org>
Signed-off-by: Laura ONeil <laura@bywatersolutions.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Johanna Miettunen <johanna.miettunen@haaga-helia.fi>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1) Make sure SerialsSearchResultsLimit syspref is unset or set to 0.
2) Perform an advanced search on serials without any conditions
and confirm all serials are listed as expected.
3) Set SerialsSearchResultsLimit to a value less the the number
of total subscriptions, perform the search again, and confirm
that the number of serials has been limited to the set value.
4) Ensure all tests pass in t/db_dependent/Serials.t
Sponsored-by: Gothenburg University Library
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tidied one other line.
Test plan:
Run t/db_dependent/Koha/Patron/Consents.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes all trace of the original OPACCustomConsentTypes
preference. We now use Koha::Plugins->feature_enabled in preference.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a 'feature_enabled' accessor to the Koha::Plugins class.
Passing the plugin method name for the plugin feature you're looking for
will return a boolean denoting whether any enabled plugins carry said
method.
Included in the patch is an addition to the TT KohaPlugins plugin to
enable quick access to this function.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
[EDIT] Tidied t/db_dependent/Koha/Plugins/Plugins.t
[EDIT] Tidied Koha/Template/Plugin/KohaPlugins.pm
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Adds $patron->consent and $consents->available_types.
Incorporates them into script/template.
Provides two unit tests.
Note: A follow-up patch helps you test this with an
example plugin.
Test plan:
Run t/db_dependent/Koha/Patron.t
Run t/db_dependent/Koha/Patron/Consents.t
Toggle the value of pref PrivacyPolicyConsent and look at
OPAC account, tab Consents.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch uses the filter option from the mappings to add a value_callback
to reord processing for indexing.
Fields defined with 'punctuation' filter will have all punctuation stripped when
conveted to documents.
Tests are updated.
Signed-off-by: Danielle M Elder <danielle.elder@law.utexas.edu>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The fact that we update lastseen for various triggers now, makes
it a bit easier to let go of those 'hardcoded queries' ;)
Test plan:
Run t/db_dependent/Koha/Patron.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds 'article' to the list of triggers available for
tracking patron activity.
Test plan
1) Select 'Placing an article request
TrackPatronLastActivityTriggers system preference
2) As a staff member, place a hold on any item for a test user
3) Confirm that the borrowers.lastseen field is updated for that
test borrower
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds 'hold' to the list of triggers available for tracking
patron activity.
Test plan
1) Select 'Placing a hold on an item' in the
TrackPatronLastActivityTriggers system preference
2) As a staff member, place a hold on any item for a test user
3) Confirm that the borrowers.lastseen field is updated for that test
borrower
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes the older PatronLastActivity preference opting to
replace it by the new PatronLastActivityTriggers preference. The feature
can now be disabled by simply not selecting any triggers
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I agree, it's better to use borrowernumber for the cache key and I also
take the oportunity to rename it to more clearly reflect the function
(it's no longer 'login' only, it's now 'activity')
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 33245 introduced a new is_active patron method and the corresponding
tests included calls to the method we depreacte in this patchset
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes, moves and updates the existing unit tests for
track_login_daily and track_login to all sit under Koha::Patron and
update_lastseen.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
prove -v t/db_dependent/Auth.t
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes update_lastseen which has been replaced by a call to track_login_daily
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. In KTD use grep -rn --exclude=*.po "datexpiry" *
2. Notice that the four locations below are showing the typo:
1. git add koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt
2. git add misc/release_notes/release_notes_18_05_00.html
3. git add misc/release_notes/release_notes_18_05_00.md
4. git add t/db_dependent/Koha/Patrons/Import.t
3. Apply patch. Repeat step 1.
4. Notice that no results show. All instances of the typo have been fixed to dateexpiry.
5. Sign off and have a great day :)
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
prove t/db_dependent/Circulation.t
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
issue_4 is an auto_renew issue, rename to auto_renew_issue
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
