We should no longer need to check CSRF token from pl files
TODO - there is a change for some files where we returned 403
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We do not longer need to generate_csrf from pl files
TODO - members/boraccount.tt and sco/sco-main.tt needs to be adjusted
Bug 34478: [TO SQUASH] Remove generate_csrf from pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This change requires the OPAC user to confirm self-registration with
a button push when verifying registration using an emailed token.
Test plan:
0. Apply the patch and koha-plack --reload kohadev
1. Set syspref PatronSelfRegistrationVerifyByEmail to "Don't require"
2. Create a patron using the self-registration on the OPAC
3. Note that no confirmation step is needed when self-registering
4. Set syspref PatronSelfRegistrationVerifyByEmail to "Require"
5. Create a patron using the self-registration on the OPAC
6. Look in message_queue to find the URL with the token to
visit in the browser
7. Visit that URL
8. Note that the page says "Registration pending" and asks you to
click a button labeled "Confirm"
9. Click the button labeled "Confirm"
10. Note that the self-registration is confirmed and details are
shown on the page
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds validation to the "Where" field in OPAC Authority search.
Test plan:
0. Apply the patch and koha-plack --reload kohadev
1. Go to http://localhost:8080/cgi-bin/koha/opac-authorities-home.pl
2. Type "test" into "Term(s)" field
3. Click "Submit"
4. Confirm a result is found
5. Repeat the above using "Where" values of "in the complete record",
"in any heading", and "in main entry"
6. Using the HTML inspector in the browser, change the value of
the selected option of the "marclist" select element to
"this is broken"
7. Click "Submit"
8. Confirm a result is found (ie it's not throwing a fatal error
anymore)
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Resolve:
[2024/01/18 11:31:24] [WARN] Use of uninitialized value $hits in numeric eq (==) at /usr/share/koha/opac/opac-search.pl line 612.
[2024/01/18 11:31:24] [WARN] Use of uninitialized value $times in subtraction (-) at /usr/share/koha/C4/Search.pm line 1715.
Test plan:
Look for a few search expressions without results.
Check log without and with patch.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1 - Turn on ArticleRequests
2 - Place an Article Requests on the opac
3 - Note after placing the request the URL is:
http://localhost:8080/cgi-bin/koha/opac-user.pl#opac-user-article-requests
4 - Note the article request tab is not active
5 - APPLY PATCH and restart_all
6. Try steps 2 - 4 again, this time the article request tab should be open by default.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1 - Go to the opac-user.pl page for a user with some holds and cancel a hold.
2 - Note after placing the hold the URL is:
http://localhost:8080/cgi-bin/koha/opac-user.pl?#opac-user-holds
3 - Note the holds tab is not active
4. APPLY PATCH and restart all
5. Now after cancelling a hold, the refreshed page should have an active hold tab.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To recreate:
1. Go to the opac-user.pl page for a user with some holds and suspend
a hold.
2. Note after placing the hold the URL is:
http://localhost:8080/cgi-bin/koha/opac-user.pl?#opac-user-holds
3 Note the holds tab is not active
4. APPLY PATCH and restart all
5. Now after suspending a hold, the refreshed page should have an active
hold tab.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
1 - Place a hold on the opac
2 - Note after placing the hold the URL is:
http://localhost:8080/cgi-bin/koha/opac-user.pl?#opac-user-holds
3 - Note the holds tab is not active
4 - APPLY PATCH and restart_all
5 - Try steps 1 - 3 again, this time the holds tab should be opened.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We should check before retrieving metadata.
Test plan;
Try /cgi-bin/koha/opac-MARCdetail?biblionumber=X
Replace X by a not-existing biblionumber.
Verify that you get a 404 error page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
JD amended patch: Use ternary op
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Added to the call in opac-password-recovery.pl. This allows
differentiating between password change and password reset when
viewing the logs.
Test plan:
Enable BorrowersLog.
Do a password recovery on OPAC.
Check with log viewer for 'RESET PASS' action.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch moves the OpacMaintenanceNotice system preference into HTML
customizations, making it possible to have language-specific content.
The patch modifies the OPAC maintenance page template so that the
language selection menu can be shown correctly according to the
OpacLangSelectorMode preference.
To test you should have some content in the OpacMaintenanceNotice
system preference before applying the patch. Apply the patch and run the
database update process.
- In the staff client, go to Tools -> HTML customizations and verify
that the content from OpacMaintenanceNotice is now stored there.
- The HTML customization entry form should offer OpacMaintenanceNotice
as a choice under "Display location."
- Update and reinstall active translations (for instance fr-FR):
- perl misc/translator/translate update fr-FR
- perl misc/translator/translate install fr-FR
- Enable the translation if necessary under Administration -> System
preferences -> language.
- Enable the "opaclanguagesdisplay" preference if necessary.
- Enable the "OpacMaintenance" system preference.
- Edit the OpacMaintenanceNotice HTML customization and add unique
content to the "fr-FR" tab.
- Try to view any page in the OPAC. You should see the content you
added to the OpacMaintenanceNotice HTML customization.
- Switch to your updated translation. The page should redisplay with
your translated content.
- Go to Administration -> System preferences and search for
"OpacMaintenanceNotice." The search should return no
results.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a enw system preference SCOLoadCheckoutsByDefault
When enabled, a patron's list o fcurrent checkouts will be loaded when the sign in to the SCO
module. If disabled, they will see link to load their checkouts. In either case, a new section
is added to the SCO to show a brief display of the last checked out it
To test:
1 - Enable WebBasedSelfCheck system preference
2 - Browse to:
http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
3 - Sign in the SCO user (or enable AutoSelfCheck)
4 - Sign in as a user with several items checked out
5 - Confirm you see a list of items checked out
6 - Apply patches, updatedatabase, restart_all
7 - 'Finish' and login patron to SCO again
8 - Confirm you still see the list
9 - 'Finish'
10 - Chenge the system preference
11 - Sign in to SCO, confirm checkouts do not load
12 - Confirm you see 'Load your checkouts' link
13 - Check an item out
14 - Confirm you see the last checkout, but not a list
15 - Attempt to checkout an item that cannot be checked out
16 - Confirm "Return to account summary" does not load checkouts
17 - Click "Load your checkouts"
18 - Confirm they load
19 - Check out another item, confrim they remain and are updated
20 - Checkout an item that cannot be issued
21 - Confirm 'Return to account summary' loads the checkouts again
Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: AndrewA <andrew.auld@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test Plan:
- Enable ILLModule sys pref and install any backend, or run
bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
- Verify you can place new ILL requests in OPAC and Intranet
- Apply patch
- In borrower categories, verify there's a new column for 'can place ILL in opac' and is set to 'yes' by default
- Edit your borrower's patron category and set 'can place ILL in opac' to 'No'
- Verify you can no longer place new ILL requests in OPAC
- Verify you also cannot place new ILL requests through URL:
:8080/cgi-bin/koha/opac-illrequests.pl?method=create&backend=FreeForm
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It adds unnecessary complexity and information.
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
So that pickup delay can have a different value per patron category,
item type or branch.
To test:
1) Update database, restart services
2) Set ReservesMaxPickUpDelay syspref (if not already set)
3) Edit your circulation rules and set a value under 'Holds pickup
period (day) that is DIFFERENT from ReservesMaxPickUpDelay. Set a few
different numbers for different branches as well.
4) Place a hold on a biblio from the staff client.
5) Check in an item from that biblio and confirm the hold as waiting
6) Confirm the expiration date is calculated using the 'Holds pickup
period' value instead of the ReservesMaxPickUpDelay syspref
7) Revert the waiting status and delete the hold
8) Re-place the hold on the biblio on the OPAC. Notice that when you
change the pick up location, the number of days in the pickup message
below the dropdown changes based on the circ rules.
9) Create a holiday with a date that will overlap with the 'Holds pickup
period'
10) Check in an item from that biblio and confirm the hold as waiting
11) Confirm the expiration date is calculated using the 'Holds pickup
period' value AND considers the special holiday
12) Confirm tests pass t/db_dependent/Holds/WaitingReserves.t
13) Test Talking Tech:
13a) Enable TalkingTechItivaPhoneNotification
13b) Go to Tools -> Notices & slips. Add content to the HOLD phone
(itiva) notice.
13c) In your terminal, run perl
/path/to/koha/misc/cronjobs/thirdparty/TalkingTech_itiva_outbound.pl -o
~/itiva.tmp -w 0 --type=RESERVE
Sponsored-by: Catalyst IT
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Adds $patron->consent and $consents->available_types.
Incorporates them into script/template.
Provides two unit tests.
Note: A follow-up patch helps you test this with an
example plugin.
Test plan:
Run t/db_dependent/Koha/Patron.t
Run t/db_dependent/Koha/Patron/Consents.t
Toggle the value of pref PrivacyPolicyConsent and look at
OPAC account, tab Consents.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In the design of additional contents the idea of a parent-child relation is implicitly present. You have a default page and translations.
But we do this in one table coming from the old news items.
Several reports show that we would be better off creating a parent table listing the main news items, CMS pages or HTML content. And a child table containing the title, content and lang.
Note that this first step is a prelimenary step to clean this area and make it more robust and extensible. More enhancements to come.
What is this patchset doing?
* DB changes
- Rename additional_contents.idnew with id
- Create a new table additional_contents_localizations(id, additional_content_id, title, content, lang) that will contain the translated contents
- Move the content to this new table
- Remove title, content and lang columns from additional_contents
- Replace the notice templates that are using ''<news>" (should only be ISSUESLIP) and remove support for this syntax. Also add a warning in case other occurrences of uses of the old syntax exist.
* CRUD
- We add a new Koha::AdditionalContentsLocalization[s] couple, and move some logic from Koha::AdditionalContent[s] to there. Note that, to prevent too much drastic changes in notice templates, and to make them easy to use, the different attributes of the content object is accessible from the translated content object (ie. Koha::AdditionalContentsLocatlization->library is available and return $self->additional_content->library). I think it's an elegant way to keep things simple.
- No changes expected for "NewsLog" logging
- Little behaviour changes for pages, see tools/page.pl changes. We are now passing the id of the content, and the desired language, instead of the mix of "page_id" or code and lang. Note that here we certainly need to rename "language" query param to not change the full interface language.
Test plan:
0. Preparation steps, use master
a. Create notice templates that are using "<< additional_contents.code >>". This won't be replaced, but we want the update process to alert us.
b. Create several news, additional contents, pages. Some with translated contents, some without.
c. Make sure ISSUESLIP has the "<news>" section. If you are using the sample data there is nothing to do here
d. Turn on NewsLogs
1. Apply the patches, restart_all, updatedatabase
=> Confirm that the new table is created and filled with the contents you had prior to the update
=> Confirm that additional_contents_localizations.updated_on has been kept to the previous values
=> Confirm that ISSUESLIP has been replaced properly
=> Confirm that you get a warning about the additional_contents
2. Create, update, delete news, html customs, pages
=> Confirm that the additional_contents_localizations.updated_on is only adjusted when required
=> Confirm that the logs are correctly created when NewsLogs is on
3. Check some items out, generate a slip
=> Confirm that the news are displayed at the bottom of the slip, and that the publication date is correctly formatted
4. Have several HTML customizations (like OpacNav, opacheader), in translated in different languages
=> Confirm that the default values is displayed when you are using the interface in a language without translation
=> Confirm that the translated version is picked when it exists
Notes for QA:
* I am not sure we really need the alert during the update DB process about the additional_contents leftover. We should not have them outside of ISSUESLIP.
Shouldn't it hurt?
* There is something ugly in sample_news.yml, the id is hardcoded. But how do we prevent that and keep translatability?
Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Same as bug 33948 for the OPAC side.
Additionally you will test
* OPACMySummaryHTML
* The different cover images services
* Display of ISBN
* Display of UPC
* Ratings
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
