Commit graph

2321 commits

Author SHA1 Message Date
8de0a02bd2 Bug 30167: (follow-up) Return a hash with soonest_renew_date
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 14:29:23 -10:00
175182f064 Bug 30167: Use returned renewal date rather than fetching
This patch updates the three scripts that fetched the soonest renewal date
to use the return from CanBookBeRenewed

To test:
1 - Set a circulation rule with a 'no renewal before' set to 3, loan length set to 5
2 - Check out an item to a patron that uses this rule
3 - Verify the checkouts for the patron show the correct 'No renewal before' date
4 - Sign in to the patron's opac account
5 - Verify the item shows it cannot be renewed, and shows the correct date
6 - Go to Circulation->Renew
7 - Attempt to renew using barcode
8 - Confirm error shows the soonest renewal date

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 14:29:23 -10:00
2ee5b5b124 Bug 30532: (bug 29957 follow-up) Fix '$cookie->value'
We got
 Can't call method "value" on unblessed reference at /kohadevbox/koha/opac/opac-messaging.pl line 86

$cookie can be an arrayref, we should retrieve the session id using
CGI->cookie('CGISESSID')

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-21 13:41:36 -10:00
3d5e974f8f Bug 30237: Replace AutoEmailOpacUser with AutoEmailNewUser
This patch replaces the AutoEmailOpacUser system preference with a new
AutoEmailNewUser preference. This makes the functionof the preference
clearer.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
a4da023bae Bug 30237: Reference new WELCOME notice
This patch updates all references to the former ACCTDETAILS notice to
use the new WELCOME email notice instead.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
437e584407 Bug 29420: HTTP status code incorrect when calling error pages directly under Plack/PSGI
The error pages wrote a HTTP status code of 200 for all PSGI requests, even
though it should have only done it for PSGI requests from the ErrorDocument
middleware. This patch fixes that.

0) Do not apply patch
1) Open F12 dev tools and go to Network tab
2) Go to http://localhost:8081/files/blah
3) Note that the webpage is a 404 error but HTTP status code is 200
4) Go to http://localhost:8081/cgi-bin/koha/circ/blah
5) Note that the webpage is a 404 error and HTTP status code is 404

6) Apply patch
7) Go to http://localhost:8081/files/blah
8) Note that the webpage is a 404 error and HTTP status code is 404
9) Go to http://localhost:8081/cgi-bin/koha/circ/blah
10) Note that the webpage is a 404 error and HTTP status code is 404

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
0200a65d4f Bug 30426: Add missing C4::Auth and C4::Output imports
This patch adds missing function imports for C4::Auth and C4::Output
in the opac/svc/suggestion script.

Test plan:

1. Go to http://localhost:8081/cgi-bin/koha/admin/didyoumean.pl
2. Turn on some plugins
3. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1
4. Note in your browser's Network tab that the call to
   http://localhost:8080/cgi-bin/koha/svc/suggestion?render=stub&q=test
   generates a 200 response instead of a 500 error

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-13 15:55:38 +02:00
59ff962caa Bug 26019: Koha should set SameSite attribute on cookies
This patch modifies the way Koha sets cookies so that the "sameSite"
attribute is explicitly set to "Lax." This option is chosen because it
is the value which is currently assumed by browsers when the sameSite
attribute is not set.

To test, apply the patch and restart services.

- Log in to the staff interface and open your browser's developer tools.
  - In Firefox, look for a "Storage" tab.
  - In Chrome, look for an "Application" tab.
- Under "Cookies," click the URL of the staff interface.
- You should see all the cookies which are set for that domain.
- The CGISESSID cookie should have sameSite set to "Lax."

- Go to Cataloging -> New record.
  - Check the "marcdocs" and "marctags" cookies.
- Switch to the Advanced MARC editor (you may need to enable
  theEnableAdvancedCatalogingEditor preference).
  - Check the "catalogue_editor" cookie.
- Add a new item to an existing bibliographic record.
  - Check the "LastCreatedItem" cookie which is set after you save the
    new item.
- Go to Authorities -> Authority search.
  - In authority search results, click "Merge" from the "Actions" menu
    next to one of the results..
    - Check the "auth_to_merge" cookie.
- Go to Administration -> MARC bibliographic framework
  - Choose "MARC structure" from the menu corresponding to one of the
    frameworks.
  - Check the "Display only used tags/subfields" checkbox.
    - Check the "marctagstructure_selectdisplay" cookie.
- Go to Circulation -> Check out to a patron with checkouts.
  - Check the "Always show checkouts immediately" checkbox.
    - Check the "issues-table-load-immediately-circulation" cookie.
- Go to Tools -> Patron clubs. You will need at least one active club
  with one or more patrons enrolled.
  - From the list of clubs, click Actions -> Search to hold.
    - Check the "holdforclub" cookie.
- Go to Tools -> Batch item modification and submit a batch of items.
  - Uncheck one or more checkboxes in the "Show/hide columns" area.
    - Check the "showColumns" cookie.
- View a patron -> Search to hold.
  - Check the 'holdfor' cookie.
- With WebBasedSelfCheck enabled, log in to the self-checkout page.
  - Check the "JWT" cookie.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-13 15:55:38 +02:00
b933a44441 Bug 26346: Add option to make public lists editable by all staff
If a staff member has access to the staff client (either because
'catalogue' permission is enabled or they're a superlibrarian
then that user can add items (from OPAC or staff client) to a list
marked 'Staff only'

Test plan:
1. In the staff client go to: Lists > 'New list'. Notice under 'Allow changes to contents
from' there are three options: Nobody, Owner only, Anyone seeing this
list

2. Apply first 3 patches and run updatedatabase.pl
cd installer/data/mysql
sudo koha-shell <instance>
./updatedatabase.pl

3. Restart memcached and plack

4. Create 4 patron accounts:
- User A : Superlibrarian permissions
- User B : 'Staff access, allows viewing of catalogue in staff interface
(catalogue)'
- User C : No permissions
- User D : 'Staff access, allows viewing of catalogue in staff
interface' and 'Lists' > Edit public lists (edit_public_lists)' sub-permission

5. Login to staff client as User A.
Create a public list and select the new 'Staff only' option under 'Allow changes to contents from'

6. Log into the staff client as User B.
Confirm you can add items to the list from the following staff client pages:
- Individual list page using the 'Add items' button
- Staff client search result page
- Staff client biblio detail page

7. Confirm you can remove items from the list

8. Confirm you can perform an OPAC search when not logged in

9. Log into the OPAC as User B. Confirm you can add items to the list
from the following OPAC pages:
- OPAC search result page
- OPAC biblio detail page

10. Log into the OPAC as User C. Do an OPAC search and confirm you
can view the list, but not add items to it

11. Login to the staff client as User B. Create a new list with the
following settings:
- 'Category'='Private',
- 'Allow changes to contents from'='Staff only'

Notice a red hint message is displayed.
Change 'Category'='Public' and notice the hint is removed

12. Log into the OPAC as User C. Notice the 'Staff only' option is not
available when creating a list

13. Log into the OPAC as User B. Repeat step 11. Confirm the same
outcome

14. Log into the staff client as User A. Create a list with the
following settings:

- Public = 'Public'
- Allow changes to contents from = 'owner only'

15. Log into the staff client as User D. Edit the list from step 14
confirm you can edit the list to have 'Allow changes to contents from' =
'Staff only'

16. Run Patron.t and Virtualshelves.t unit tests:
sudo koha-shell <instance>
prove t/db_dependent/Koha/Patron.t
prove t/db_dependent/Virtualshelves.t

Sponsored-by: Horowhenua District Council, New Zealand

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 17:13:02 +02:00
c73967d87c Bug 17018: Split AdvancedSearchTypes for staff and OPAC
This patch adds a new system preference, OpacAdvancedSearchTypes, as an
OPAC-specific version of the AdvancedSearchTypes preference. Values from
AdvancedSearchTypes are copied to OpacAdvancedSearchTypes so that
behavior is consistent.

The patch also alters the output of the "Most popular" page so that:
1. The page heading is correct ("Most popular titles" instead of "Top
issues").
2. The table show both item type and collection whether or not the user
has submitted query with one of those fields as a filter.

To test, apply the patch and run the database update process.

- Go to Administration -> System preferences.
- Search for AdvancedSearchTypes. You should get two results, one for
  the OPAC preference and one for the staff interface.
- Check that the OpacAdvancedSearchTypes settings match the
  AdvancedSearchTypes settings.
- View the advanced search pages in the staff interface and OPAC to
  confirm that the tabs look correct.
- Change the OpacAdvancedSearchTypes and AdvancedSearchTypes settings to
  be different and confirm that each is applied separately to each
  interface.
- Enable the OpacTopissue system preference.
- View the "Most popular" page in the OPAC.
  - The page heading should be correct.
  - The OpacAdvancedSearchTypes settings should be reflected in the
    "Refine your search" sidebar: If "Collection" is checked, a filter
    for collection should appear. If "Item types" is checked, a filter
    for item types should appear.
  - The output of your search should include collection and item type
    regardless of what filters you've submitted.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 17:13:02 +02:00
Marion Durand
69b9e1ddf4 Bug 22347: Translatability of ILSDI GetAvailability
Some discovery tools can't translate ISL-DI results, it would be useful
if we can get ISL-DI output already translate.

This patch add an optional parameter language to GetAvailability, and
make GetAvailability results translatable.
If no parameter is given the output language is the language of the
cookies is present or the first language in the opac language list.

Test plan:
1. Enable the ILS-DI system preference
2. Locate a record
3. Test these URLs:
   [OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[BIBLIONUMBER]&id_type=biblio
   and
   [OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[ITEMNUMBER]&id_type=item
   (Where the [OPACBASEURL] is the OPAC URL of your test instance,
   [BIBLIONUMBER] and [ITEMNUMBER] are a record number and item number of
   your choice.)
4. Apply the patch
5. Test these URLs:
   [OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[BIBLIONUMBER]&id_type=biblio&language=[LANGUAGE]
   and
   [OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[ITEMNUMBER]&id_type=item&language=[LANGUAGE]
   (Where the [OPACBASEURL] is the OPAC URL of your test instance,
   [BIBLIONUMBER] and [ITEMNUMBER] are a record number and item number of
   your choice, [LANGUAGE] is a language code ex: 'en' or 'fr-FR')
6. The results should now be in the requested langugage

Sponsored-by: University Lyon 3

Signed-off-by: Sonia <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 17:13:02 +02:00
051dd6bf0b Bug 29609: Centralized code to build the link to a biblio detail page
There are 2 prefs that control the default view of biblio detail pages:
IntranetBiblioDefaultView for staff and BiblioDefaultView for OPAC.
There are as well viewISBD, viewLabeledMARC and viewMARC to allow/don't
allow access to those page for staff members.

This code need to be in a single place to avoid discrepancy.

Test plan:
Play with BiblioDefaultView and IntranetBiblioDefaultView and confirm
that the links of biblio point to the correct view.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-08 15:49:16 +02:00
bcfc1bea3e Bug 30120: Save and apply extended attributes during self registration verification by email
The self registration form stores a new borrower as a borrower modification when verifying by email.

Borrower modifications can  handle extended attributes.

This patch simply sotres the extended attributes in the modifications table, and approves a modification
to the extended attributes only after patron is created

To test:
1 - Apply patch
2 - Create a patron attribute and set it as viewable/editable in the OPAC
3 - Set system preference PatronSelfRegistrationVerifyByEmail
4 - Reigster a new patron on the OPAC, provide an email and populate the extended attribute
5 - Retrieve the verification token, the last on in the messages table
    SELECT * FROM message_queue;
6 - Go tot he url from above
7 - Confirm successful patron creation
8 - View patron record and confirm attribute was set

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-08 15:49:16 +02:00
3b2322ea1f Bug 29859: Fix club/enroll
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-05 17:36:59 +02:00
be67a035be Bug 26669: (QA follow-up) Update last run when report run by name
This alters the svc scripts to set the report id after fetchign the report object
to ensure it is passed to exectue query

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
affd0caea5 Bug 26669: Last Run if report not always updated
The last run of a report is updated only if method execute_query() is
called with report_id.
This whas missing for :
- when report is run publicly
- when report is sent by email
- when report is exported

Patch changes the method signature to use a hash of params, in order to
easily avoid some params.

Test plan :

1) Create a report.
2) Run report.
3) Check the report listing.  Confirm that the last run info on the report is updated.
4) Make report public.
5) Run report via public url.
6) Check the report listing.  Confirm that the last run info on the report IS NOT updated.
7) Schedule the report to run at a given time and e-mailed to an address.
8) After the report runs at the scheduled time, check the report listing.  Confirm that the last run info on the report IS NOT updated.
9) Run report.
10) Export results.
11) Check the report listing.  Confirm that the last run info on the report IS NOT updated AT THE TIME OF THE EXPORT.

Questionable (I don't know if this is addressed):
12) Run report on backend through a cron job and send results via e-mail.
13) Check the report listing.  Confirm that the last run info on the report IS NOT updated.

14) Apply patch.
15) Rerun steps 2-13.  Confirm that steps 3, 6, 8, 11, and 13 DO UPDATE the last run info.

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
56107babc7 Bug 30377: Fix two CGI::param called in list context-warnings
Trivial fix.

Test plan:
Delete two lines from opac search history.
Verify results. Check plack-opac-error.log.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
d753755590 Bug 30199: Do not generate jwt if patron does not exist
This is a follow-up patch for bug 29543. If an invalid cardnumber has
been used we should not generate a token.

Test Plan:
1. Set SelfCheckoutByLogin to 'cardnumber'.
2. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
3. Enter an invalid carnumber like 'thisisabadcardnumber'
4. See the appropriate message "Sorry The userid thisisabadcardnumber was not found in the database. Please try again."
5. Try again with a different cardnumber and notice the same exact error message including the 'thisisabadcardnumber' cardnumber.
6. Apply this patch
7. Restart all the things!
8. Repeat steps 2-4
9. Try again with a different cardnumber, you should now see the correct
   cardnumber!

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-24 14:22:10 -10:00
4ff027f99e Bug 29940: Don't surround value by quote
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-22 10:17:34 -10:00
Katrin Fischer
b9458f6c79 Bug 30214: (QA follow-up) Clarify code comment
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
12d5107369 Bug 30214: Add ACCTDETAILS notice to verified self registration
This patch adds the ACCTDETAILS notice trigger to the opac self
registration process. Allowing new users, with varification enabled,
to receive the ACCTDETAILS notice immediately after their account is
varified.

Test plan
1) Enable AutoEmailOpacUser system preference
2) Ensure the ACCTDETAILS notice is configured
3) Ensure `PatronSelfRegistrationVerifyByEmail` is enabled
4) Register a new user via the opac self registration process using an
   email address you have access to
5) Verify the user by following the link in the verification email you
   should have received.
6) The new user should have been created and you should be able to see
   the account details notice in their associated notices
7) Confirm that the email address used above has received the notice.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
59df6a114e Bug 30214: Add ACCTDETAILS notice to self registeration
This patch adds the ACCTDETAILS notice trigger to the opac self
registration process. Allowing new users, without varification enabled,
to receive the ACCTDETAILS notice immediately after their account is
created.

Test plan
1) Enable AutoEmailOpacUser system preference
2) Ensure the ACCTDETAILS notice is configured
3) Ensure `PatronSelfRegistrationVerifyByEmail` is disabled
4) Register a new user via the opac self registration process using an
   email address you have access to
5) The new user should have been created and you should be able to see
   the account details notice in their associated notices
6) Confirm that the email address used above has received the notice.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
197425b450 Bug 29931: (follow-up) Similar thing in opac-patron-image.pl
Although less harmful indeed. No borrowernumber, no image.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested: logged in, logged out, prefs toggled. All fine.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-15 22:30:50 -10:00
975f52a4cf Bug 19532: (RM follow-up) Fix recalls.old is default 0
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-15 00:31:32 -10:00
a0a72c9653 Bug 19532: (RM follow-up) More use of system preference
When system preference is off, call no code related to Koha::Recalls.

Also add some missing module import.

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 23:11:12 -10:00
514cbb809a Bug 19532: (QA follow-up) Simplify resultset accessors
This patch makes the different ->recalls accessors implemented on this
bug be more standard. This means:
- They don't do special things like default sorting or stripping out
  special parameters. That's all left to the caller and the methods are
  clean: they just return the related objects
- Useful filtering methods for Koha::Recalls resultsets are added. The
  only used one (in the end) was ->filter_by_current. It seems like a
  better approach, because it gives devs more control on how they want
  to chain things, and there's a single place in which to maintain the
  criteria of what is 'current' or 'finished'. This clearly makes the
  'old' column obsolete IMHO, at least in the use cases I found. This is
  covered by tests as well.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:52 -10:00
b9ba0e131a Bug 19532: (QA follow-up) Fix few Koha::Recalls->search occurrences
Due to the wantarray change, we should fix this call in list context.
We should either use an iterator now or append as_list.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:51 -10:00
Aleisha Amohia
1ddde85181 Bug 19532: (follow-up) Fixes along recall workflow
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:51 -10:00
Aleisha Amohia
a8929cbcdb Bug 19532: (follow-up) Fix calls, tests, syspref settings, checks
Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:51 -10:00
Aleisha Amohia
4d6c7cdb1a Bug 19532: (follow-up) Fixing tests and QA tools
And making reverted ajax message clearer

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:51 -10:00
Aleisha Amohia
fa7d9815b3 Bug 19532: (follow-up) aria-hidden attr on OPAC, and more
- removing authnotrequired flag from scripts
- fixing opac buttons
- chmod +x for recalls test files

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:51 -10:00
Aleisha Amohia
52b5cdf79b Bug 19532: Recalls on OPAC
- place a biblio-level or item-level recall via the biblio detail page, OPAC search results, or course reserves
- view or cancel your active recalls from 'your summary' recalls tab
- view all active and inactive (and cancel active) recalls from 'your recall history'
- stopped from placing a reserve on an item that the patron has already recalled

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-14 22:45:51 -10:00
ee957fc812 Bug 30147: Fix modules usage in opac-detail.pl
On the ktd sample database when trying to go to the detail page from the result list:
Undefined subroutine &CGI::Compile::ROOT::kohadevbox_koha_opac_opac_2ddetail_2epl::searchResults called at /kohadevbox/koha/opac/opac-detail.pl line 260
Turning off OpacBrowseResults makes the error disappear.

In opac-detail.pl, use C4::Search is missing searchResults and getRecords

To test:
- Search for something that gives several result pages in OPAC, example: e
- Switch to one of the last pages using link on top of results, example: 10
- Open any of the records listed in detail view
- Verify that the error is shown
- Apply patch and repeat, error is gone and browsing behaves as expected

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-03 16:11:50 -10:00
01fa021943 Bug 28955: Impact News as well
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-24 14:35:36 -10:00
1cf268a157 Bug 29660: Remove hostitemsflag
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-22 22:27:29 -10:00
e1274d4689 Bug 30089: (bug 29844 follow-up) Fix placing holds - OPAC
The method Koha::AuthorisedValues->authorised_value is not covered by tests!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-21 15:15:47 -10:00
f2c206f622 Bug 29706: Hide items that cannot be held by default when placing hold on OPAC
This patch adds a 'holdable' and 'unholdable' class to the rows of the table

Additionally I rename the 'backgroundcolor' field to 'onloan' as that is what it contains.
Note: Out of the box, there is no css associated with this class

I add a div around the table to allow hiding the new buttons as well when optiuons are hidden

It would be nice in the future to utilise a Koha table here, however, it is complicated by multi-holds

To test:
 1 - Add a number of items to a record, ensuring they belong to different libraries
 2 - Set 'Default checkout, hold and return policy'->'Hold policy' to 'From home library'
 3 - Sign in to opac and attempt to placehold on the record
 4 - Click 'show more options' and 'a specificitem'
 5 - Note holds table includes items that cannot be held
 6 - Apply patch
 7 - Reload holds page
 8 - Note items that cannot be heldare hidden
 9 - Click 'Show unholdable items' and note they appear
10 - Click 'Hide unholdable items' and veriofy they hide
11 - Test with multi holds

Signed-off-by: The Minh Luong <the-minh.luong@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-16 11:51:11 -10:00
dc077ccef5 Bug 30101: Fix OPAC advanced search after Bug 29844
Bug 29844 forgot to add as_list to opac-search.pl.
You can see it changed search.pl

Patch fixes and also adds explicit interface = opac in get_search_groups() call.
Since intranet is explicit, opac should also be.
We keep opac as default value.

Test plan :
1) Create a libary group for OPAC and one for staff
2) Go to OPAC advanced search page
3) Check you see the OPAC libary group

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-16 11:51:10 -10:00
0ee23d67c9 Bug 29859: (follow-up) Use iterator instead of as_list
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-11 09:11:39 -10:00
9e2432bc63 Bug 29843: Use in opac/opac-privacy.pl
This patch makes the opac/opac-privacy.pl OPAC page use the new
anonymize method.

To test:
1. Have some checked-in materiales
2. Have OPACPrivacy enabled
3. Notice your checkouts history contains what you expect
4. Go to 'your privacy'
5. Click on 'Delete checkout history'
=> SUCCESS: It works, no crash.
6. Sign off :-D

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-10 14:44:23 -10:00
7f13f49ff9 Bug 29526: Add a way for patrons to delete their hold history
The same way we have a button to immediately delete the checkouts history in the OPAC, we should have a similar option for the holds history.

This patch implements that.

To test:
1. Have a patron with some old checkouts and old holds.
2. Have OPACPrivacy, OPACHoldsHistory and opacreadinghistory enabled.
3. Notice in the OPAC the patron has some old checkouts and holds.
4. Use the Privacy tab to clean checkouts
=> SUCCESS: They are still cleaned as before this patch
5. Try to clean the old holds
=> SUCCESS: They are cleaned!
6. Add some old checkouts and holds
7. Use the new 'All' button
=> SUCCESS: All cleaned
8. Sign off :-D

Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-10 14:44:23 -10:00
7ea17a2422 Bug 29966: Dont pass authnotrequired true and flags together
Test plan:
Logout in OPAC.
Goto sco help page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 22:01:36 -10:00
0757b0976f Bug 30045: (bug 29543 follow-up) Fix SCO print slip
Certainly since bug 29543 and bug 29914.

We should do the same authentication check than sco-main.pl, and also
make sure to generate the checkout history only for the logged in patron
(the OPAC one, not staff member)

Test plan:
Use the different combinations of the SCO config (AutoSelfCheckAllowed,
SelfCheckoutByLogin and WebBasedSelfCheck) and confirm that this patch
fixes the SCO print slip feature.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:24 -10:00
d02e91f269 Bug 29859: Use iterator instead of as_list
On bug 29844 we decided to remove wantarray from Koha::Objects->search.
Reviewing the difference occurrences I found some unnecessary uses of ->as_list,
where iterators should be used instead.

This patch only removes the obvious places, not the tricky ones.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:23 -10:00
e53667105d Bug 29844: Fix ->search occurrences
and some more...

There are lot of inconsistencies in our ->search calls. We could
simplify some of them, but not in this patch. Here we want to prevent
regressions as much as possible and so don't add unecessary changes.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:23 -10:00
09e0247677 Bug 29544: (QA follow-up) Simplify code
I think this is a better approach for the same thing. Posting it just in
case it helps.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-02 21:05:29 -10:00
c967a4e9c2 Bug 29544: Fix opac-issue-note.pl
We must check if logged in user is trying to modify one of their
checkouts

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-02 21:05:29 -10:00
e4a402cd50 Bug 29544: Ensure logged in user is allowed to modify checkout note
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-02 21:05:29 -10:00
b80fda78d9 Bug 29543: Prevent user to checkin or renew items they don't own
Checkin or renew must be restricted to the items they own.

Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1

You should see an error message

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-02 21:05:29 -10:00
78815e9777 Bug 29543: Enforce authentication for self-checkout
The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!

This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.

Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
 SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-02 21:05:29 -10:00