To Test:
1) Enable the system preference SessionRestrictionByIP
2) Change your system IP. It will not checkout your system IP or signout.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
A failed login should not leave the user in a half logged authenticated
state, but rather return them to an anonymouse session as per the
pre-login attempt state.
To replicate error:
1. Try to log in with some nonexisting user id or wrong password in the
OPAC
2. Go directly to /opac-user.pl (e.g., enter it in the browser address
bar, or just click on the "Log in" link)
3. Observe a DBI error displayed on the screen
4. You are now in the "deadloop" of sorts (opac/opac-user.pl refuses to
display the login screen, no matter how many times you try to reload
it); to break the deadloop, one needs to:
- remove session cookie from the browser (or cause the session to
expire in some other way - closing browser window would be probably
enough for that)
- remove offending session on the server (from mysql sessions table,
..)
- log in with proper credentials using some other page (like
opac/opac-main.pl right-side panel), which does not involve
opac/opac-user.pl being called without "userid" CGI parameter.
To test:
1. Test as above, the DBI error should no longer be present
2. Check that search history works across failed and sucessful login
attempts
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Add a missing semicolon to the end of a template variable assignment
line. This patch should not affect operation.
Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Removed an uneeded semicolon from the end of an 'if' block. This should
not affect operation of the script.
Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This tidy should only change whitespace and not line breaks, thus
retaining history.
There are no code changes, and thus there should be no regressions to
test for koha wise.
To test the non-destrcutive nature of the patch, run a 'git blame -w' on
the file before and after the patch. The resulting blame should include
a comparabile history of the file, with only some additional blank
lines being attributed to this commit.
A 'git blame -wM' may also be useful for comparison purposes.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The password should be encoded before hashing.
Test plan:
- Before applying the patch, create a user with utf-8 in password
- apply patches
- try to log in
- change the password
- log out
- try to log in
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds links to "My account" and "My checkouts" to drop down in staff client header.
To test:
Apply patch
Got to drop down of logged in user (top right)
See new links to "My account" and "My checkout" (above "Log out")
Test the links.
Signed-off-by: Magnus Enger <digitalutvikling@gmail.com>
Works as advertised. The options are not displayed when you are logged
in as the db/admin user.
Added classes "toplinks-myaccount" and "toplink-mycheckouts" to li tags to make it possible to hide them (per Kyle M $
Switching back to "Signd-off" (Hope this is OK becuause it is a tiny string addition)
Marc
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
While testing a bug, warnings in the opac error log were
building up due to a particular line in C4::Auth. After
reviewing the code, it was discovered that removal of the
OpacMainUserBlockMobile system preference created this.
Since the system preference no longer exists, and is not
used, the line was deleted from C4/Auth.pm to prevent this
warning from occuring.
TEST PLAN
----------
1) Go to any OPAC page.
2) Check your opac error log.
-- there should be something about uninitialized values
used in C4/Auth.pm around line 443.
3) Apply the patch
4) Refresh the page.
-- that same error should not be triggered.
5) prove -v t/db_dependent/Auth.t
-- this runs the get_template_and_user function
which had the parameter removed.
6) run the koha qa test tools
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
With CCSR now deprecated there is no longer a need for the
OPACMobileUserCSS system preference. This patch removes it.
To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
With CCSR having been deprecated there is no longer a use for the
OpacShowLibrariesPulldownMobile system preference. This patch removes
it.
To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
- The shibboleth patch introduced an undefined message into the error
logs, when shiboleth is disabled.
Testplan
1. Ensure shibboleth is disabled.
2. Refresh any opac page
3. See 'Use of uninitialized value $ENV{"REMOTE_USER"} in string ne at
/home/koha/kohaclone/C4/Auth.pm line 711.' popup in the opac-error.log
4. Apply patch
5. Refresh opac page
6. Error should no longer appear
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- Convert Auth_with_shibboleth to use dbic stanzas.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- A number of issues were highlighted whilst writing sensible unit tests
for this module.
- Removed unnessesary call to context->new();
- Global variables are BAD!
- Croaking is a wimps way out, we should handle errors early and
properly.
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- Local fallback was not very well implemented, this patch adds
better handling for such cases allowing clearer failure messages
- This patch also adds the ability to use single sign on via the
top bar menu in the bootstrap theme.
BUG8446, Follow up: Adds perldoc documentation
- Add some documentation to the Auth_with_Shibboleth module
including some guidance as to configuration.
BUG8446, Follow up: Correct filenames to match guidlines
- Moved Auth_with_Shibboleth.pm to Auth_with_shibboleth.pm to match
other files present on the system.
BUG8446, Follow up: Correct paths after file rename
BUG8446, Follow up: Implemented single sign out
- This follow up rebases the code against 3.16+ which managed to break
some of the original logic.
- As a side effect of the rebasing, we've also implemented the single
sign out element. Upon logout, koha will request that the shibboleth
session is destroyed, and then clear the local koha session upon
return to koha. Due to the nature of shibboleth however, you will
only truly be signed out of the IdP if they properly support Single
Sign Out (which many do not). As a consequence, although you may
appear to be logged out in koha, you might find that upon clicking
'login' the IdP does NOT request your login details again, but instead
logs you silently back into your koha session. This is NOT a koha bug,
but a shibboleth implementation issue that is well known.
BUG8446, Follow up: Fixed bootstrap login via modal
- The bootstrap theme enable login from any opac page via modal. To
enable this with shibboleth we had to make some template parameters
globally accessible when shibboleth is enabled.
BUG8446, Follow up: Add template rules for Shibboleth and CAS
- Add template rules so that CAS and Shibboleth can coexist.
BUG8446, Follow up: Added default config to config file
BUG8446, Follow up: Embellished perldoc documentation
- Updated perldoc to correct detail about configuring shibboleth
authentication.
- Updated perldoc to include subroutines and their respective functions.
BUG8446, Follow up: Enable configuration of match field
- Added clearer, more flexible, configuration of shibboleth attribute to
koha borrower field matching for authentication
- Correcting of documentation to make it more clear to the current
implementation
- Minor refactoring of code to reduce some code duplication
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- Use the shibbolethAuthentication syspref to enable Shibboleth authentication
- Configure the shibbolethLoginAttribute to specify which shibboleth user
attribute matches the koha login
- Make sure the OPACBaseURL is correctly set
BUG8446, Follow-up: Adds Shibboleth authentication
- Fix logout bug: shibboleth logout now occurs only when
the session is a shibboleth one.
- Do some refactoring: getting shibboleth username is now
done in C4::Auth_with_Shibboleth.pm (get_login_shib function)
BUG8446, Follow-up: Adds Shibboleth authentication
- Adds redirect to opac after logout
BUG8446, Follow-up: Adds Shibboleth authentication
- Shibboleth is not compatible with basic http authentication
in C4/Auth.pm. This patch fixes that.
BUG8446, Follow-up: Adds Shibboleth authentication
- Use ENV{'SERVER_NAME'} instead of syspref OpacBaseURL in order to work with
multiple vhosts.
BUG8446, Follow-up: Adds Shibboleth authentication
- Adds missing protocol for $ENV{'SERVER_NAME'}
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jesse Weaver <pianohacker@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with the feide idp.
- LDAP login and logout are working
- local login/logout are still working
- CAS login/logout are still working
Instructions for setup can be found on the wiki:
http://wiki.koha-community.org/wiki/Shibboleth_Configuration
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
It is kosher now to use the Koha template toolkit plugin for retrieving
system preferences values. This followup does that.
It also changes the class for ids, for people considering this patch
introduces too much noise on the home screen being able to control
its visibility.
Regards
To+
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Enable staff to setting a text for OPAC user/pass information
Modified:
C4/Auth.pm
koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc -add a text to the popup login page
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-main.tt -add a text to the main login page
Testing:
I Apply the patch
0) Search NoLoginInstructions preference
1) Add/modify a text
2) Open OPAC main page
3) Validate the text added under Login button
4) Click in "Log in to your account" link
5) Validate the text added under input password (popup)
Sponsored-by: CCSR ( http://www.ccsr.qc.ca )
Patch behaves as expected.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch covers LDAP auth_by_bind configuration so that wrong
LDAP password will return -1 to C4::Auth so we can abort local auth
and prevent users logging in with stale database passwords.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
http://bugs.koha-community.org/show_bug.cgi?id=8148
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
CCSR having been deprecated there is no longer a use for the
OpacShowFiltersPulldownMobile system preference. This patch removes
it.
To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
The opacsmallimage system preference is unused in the bootstrap theme.
It can be removed now that prog and ccsr are deprecated. This patch does
so.
To test, apply the patch and run updatedatabase. Confirm that the OPAC
works properly and the preference can no longer be found.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.
This patch changes the occurences of '.tmpl' in favour of '.tt'.
To test:
- Apply the patch
- Install koha, and verify that every page can be accesed
Regards
To+
P.S. a followup will remove the glue code.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch changes how the OPACBaseURL parameter gets set in the subroutine
get_template_and_user in Auth.pm.
Currently, it's being set by the $ENV{'SERVER_NAME'} variable. In many
cases, this will probably match the URL that the user uses to access a
page. However, this causes problems with reverse proxies.
There are ways to compensate for proxy servers (such as inspecting
other variables set by the web server), but such a solution seems
a bit convoluted...especially since we already use the system preference
OPACBaseURL in many other parts of Koha.
We probably shouldn't be passing OPACBaseURL from Auth.pm at all, and
instead use the Koha TT plugin and using_https param to determine
protocol. However, that's outside the scope of this bug/patch.
This patch is just meant to fix an existing bug.
I did leave the $ENV{'SERVER_NAME'} as a full back if OPACBaseURL isn't
set, but that's it.
_TEST PLAN_
Before applying:
1) Clear your OPACBaseURL preference
2) Perform a search in the OPAC
3) Click on or hover over the orange RSS icon
4) Note that the URL used for the RSS links is either:
a) The same URL you used to access Koha (no reverse proxy)
b) The ServerName from your Koha apache conf which isn't the
same URL you used to access Koha (reverse proxy)
5) Add an OPACBaseURL that isn't the same as the actual OPAC URL
6) Note that the OPACBaseURL system preference has no effect here
After applying the patch:
7) Refresh the page
8) Note that the URL you see now is actually the OPACBaseURL system
preference that you set
9) Clear your OPACBaseURL system preference
10) Refresh your search page
11) Note that the URL has reverted back to the URL that you saw before
(either the original Koha site URL or the Koha ServerName defined
in Apache and not the URL of the proxy)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If flagsrequired is set, authnotrequired should be 0.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To test:
Verify that pages in the OPAC and staff interface display correctly.
Note that there are cases where 'authnotrequired' was not passed
at all to get_template_and_user, so there may be pages that start
requiring authentication. Whether that is correct or not depends
on context.
Follow up patches are to remove all the unnessecary setting of this
value, so that the only places we set are when we do want
authnotrequired=1
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch implements 2 suggestions on comment #3
- Prevents creation of a new user with same userid
of database user
- When checking password, if userid matches database user,
only check against pass on config file
To test:
1. Create a new user with same login as database user
any password different from real db user
2. Check that you can login on staff using this user/pass
and you are superlibrarian
3. Apply the patch
4. Login again using new pass, it must fail
5. Login again using db pass, you are now superuser,
but system does not warn you :( No problem, that's
for having one borrower with that login
6. Delete user with same login as db user
7. Try to create one again as in 1, system must return
an error of duplicate login!
8. Check for no regressions on user/pass authentication
Resubmited, has an error
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
This works nicely and as described.
Also editing the former 'superuser' will force you to
change the userid in order to save any other change.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since the addition of search groups to Koha, the branch limiting
parameter in multiple PAC by URL support should also support
limiting by these search groups. This patch adds this ability.
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Bug 10029 tries to fix the use of URL parameters in CAS authentication.
But is does not work.
The full URL must be used in all methods of C4::Auth_with_cas.
Also, in checkpw_cas(), the 'ticket' parameter must be removed to find
the original URL.
This patch removes the 'ticket' parameter from query before calling
checkpw_cas() since the ticket is passed as method arguemnt.
In C4::Auth_with_cas, many methods use the same code to get the CAS
handler and the service URI. This patch adds a private method
_get_cas_and_service() to do the job.
Test plan:
- Enable CAS
- Go to opac without been logged-in
- Try to place hold on a record
=> You get to /cgi-bin/koha/opac-reserve.pl?biblionumber=XXX showing
authentication page
=> Check that CAS link contains query param "biblionumber"
- Click on CAS link and log in
=> Check you return well logged-in to reserve page with biblionumber
param
- Check CAS loggout
- Check Proxy CAS auth
Signed-off-by: Koha team AMU <koha.aixmarseille@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests in t, xt, and t/db_dependent/Auth.t.
Also passes QA script.
As I have no working CAS server, I focused on regression testing:
Activated Persona and casAuthentication.
- Verified normal login against database still works.
- Verified Persona login works.
Note: With Persona you are always forwarded to the patron
account - so you have to search for the record again before
you can place a hold.
- Verified that the CAS URL contains the biblionumber when
logging in while placing a hold.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Retested 2014-04-12
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Also store interface (intranet, opac) in context to not have to pass it
as parameter.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No koha-qa errors
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Comments on last patch.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
When using Plack, the https method returns 'OFF'.
We have to test this value before sending the value to templates.
Test plan:
1/ Fill your OPACBaseUrl
2/ Configure apache for using http
3/ Check the social networks links (should be http://OPACBaseUrl)
4/ Launch Plack
5/ Check the social networks link (should be http://OPACBaseUrl)
6/ Stop Plack
7/ Configure apache for using https
sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -out
/etc/apache2/server.crt -keyout /etc/apache2/server.key
and add in you virtualhost (with :443)
SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
a2enmod ssl
service apache2 restart
8/ Check the social networks links (should be https://OPACBaseUrl)
FIXME: Under Plack, with ssl actived, the CGI->https() method always
returns 'OFF'.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Like OPAC, the search history is now available for intranet. This
is controlled by the EnableSearchHistory system preference.
Test plan:
1/ Switch on the 'EnableSearchHistory' syspref.
3/ Launch some biblio and authority searches.
4/ Go on your search history page (top right, under "Set library").
5/ Check that all yours searches are displayed.
6/ Click on some links and check that results are consistent.
7/ Delete your biblio history searches.
8/ Delete your authority searches history searches.
9/ Launch some biblio and authority searches
10/ Play with the 4 delete links (current / previous and biblio /
authority).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This ensures that if an anonymous session is converted to a logged-in
session, that search history times from the anonymous session get
stored corectly.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Like biblio, this feature provides an authority search history.
This history is available for connected and disconnected user.
If the user is not logged in Koha, the history is stored in an
anonymous user sessin.
The search history feature is now factorized in a new module.
This patch adds:
- 1 new db field search_history.type. It permits to distinguish the
search type (biblio or authority).
- 1 new module C4::Search::History. It deals with 2 different storages:
DB or cookie
- 2 new UT files: t/Search/History.t and t/db_dependent/Search/History.t
- 1 new behavior: the 'Search history' link (on the top-right corner of
the screen) is always displayed.
Test plan:
1/ Switch on the 'EnableOpacSearchHistory' syspref.
2/ Go on the opac and log out.
3/ Launch some biblio and authority searches.
4/ Go on your search history page.
5/ Check that all yours searches are displayed.
6/ Click on some links and check that results are consistent.
7/ Delete your biblio history searches.
8/ Delete your authority searches history searches.
9/ Launch some biblio and authority searches
10/ Delete all your history (cross on the top-right corner)
11/ Check that all your history search is empty.
12/ Launch some biblio and authority searches.
13/ Login to your account.
14/ Check that all previous searches are displayed.
15/ Launch some biblio and authority searches.
16/ Check that these previous searches are displayed under "Current
session".
17/ Play with the 4 delete links (current / previous and biblio /
authority).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All patches together pass QA script and tests.
Also, new tests in t/db_dependent/ pass.
Tested in all 4 OPAC themes, being logged in and anonymous.
Anonymous search history will be appended to personal search
history after logging in.
Also verified that cleanup_database still purges search history,
now also including the authority searchs.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch uses the TT helper function Koha.Preference() to
retrieve the value of NoLoginInstructions rather than passing
it to all templates as a template variable.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
On a failed login, the default message is harcorded into opac-auth.tt.
It would be preferable to allow for a preference to override that message (for example: ...Please bring an ID to t
The changes modify
-opac-auth.tt to allow for custom value
-admin/preferences/opac.pref to add it to the preferences with a description
-C4/Auth.pm for the loading of the preference
-sysprefs.sql
-updatedatabase.pl
TESTING
1) in OPAC, logged out, try login in by entering no or wrong credentials. Acknowledge the "Don't have a p
2) Apply the patch
3) Regression Test: Redo step 1. Same (default) message should appear.
4) Log in to intranet,
- select NoLoginInstructions in system preferences.
- Enter new (xml) message. Possible:
<h5>Welcome to Koha, please bring your passport to the front office</h5>
- and save
5) refresh the OPAC, try login again with invalid credentials. The new message should appear.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch makes sure that the search history from an
anonymous session is cleared from the session after a user
logs in (and the session history is saved to that user's
record in the database). This fixes a problem where the
search history from the session got repeatedly added to the
database each time the user did something while logged
into the OPAC.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This is recommended in CGI::Session documentation.
Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
- Remove unit tests for ParseSearchHistoryCookie, which doesn't exist
anymore
- Add unit tests for ParseSearchHistorySession and
SetSearchHistorySession
- Remove/Modify comments about search history cookie
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Tests fixed and moved, and comments tidied up
Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Storing search history into cookie can cause problems, due to the size
limitation of 4KB.
The solution here is to store search history into the CGI::Session
object, so there is no size limitation (but anonymous search history
still remember up to 15 requests max.)
Test plan:
- Go to OPAC in anonymous mode.
- Check that the "Search history" link is *not* shown in the top right
corner of the page
- Make some searches on /cgi-bin/koha/opac-search.pl
- The "Search history" link should appear. Click.
- Your search history should be displayed.
- Try to log in with invalid username/password
- Go back to search history, it's still there
- Now log in with valid username/password
- Your anonymous search history should be saved into your own search
history.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Restoring original sign offs and comments below
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. No koha-qa errors
Well, search history saving is similar before and after patch.
i.e. anonmymous search is saved when user logs in, but cookie
KohaOpacRecentSearches is empty.
Shows current an previous session searches
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
All tests and QA script pass, works as described.
Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This gets rid of some more warnings.
It also corrects a noisy ne condition.
$userid = $retuserid if ( $retuserid ne '');
became
$userid = $retuserid if ( $retuserid );
It also integrates Srdjan Jankovic's patch with Petter Goksoyrsen's
patch, while correcting the problems found.
This includes:
my $q_userid = $query->param('userid') // '';
along with:
my $s_userid = '';
and:
my $s_userid = $session->param('id') // '';
Indentation does not reflect actual scoping.
A missing system preference would have triggered a ubiquitous
undef compare check failure message. This makes the flooding
message more useful, so as to help correct it.
The change to accomplish this was:
my $pki_field = C4::Context->preference('AllowPKIAuth');
if (!defined($pki_field)) {
print STDERR "Error: Missing AllowPKIAuth System Preference!\n";
$pki_field = 'None';
}
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
During login at the Staff interface you get warnings in the logs
regarding an uninitialized value for the $pki_field variable.
To test:
- tail -f /path/to/your-intranet-logs
- Point your browser to your staff login page
- Login
- Three warnings are showed
- Apply the patch
- Log out
- Log in
- No new warnings, and you can still log in.
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Petter Goksoyr Asen <boutrosboutrosboutros@gmail.com>
Followed test plan; it works as advertised.
Also works when I deleted AllowPKIAuth system pref.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
A "busc" param is cleared if the template name is not opac-.*detail.tt.
So if a user adds a biblio to a list, he cannot continue to browse
results.
Test plan:
- launch a search at the OPAC (opac-search.pl).
- click on a result and browse results (using previous/next links).
- a title attract your attention and you add it to a list
("Save to yours lists" link on the right).
- save the list.
- browse again results.
Signed-off-by: Joy Nelson <joy@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested according to test plan, also checked some other pages and actions
accessible from the detail page.
Passes all tests and QA script.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
In the serial module, we want to hide serials from others libraries.
However, to permit central serials manage, this patch introduces a
new permission, 'superserials'. If a staff member has this permission,
that person can override the restriction.
Test plan:
- Switch on the IndependantBranches syspref
- Add the permission 'superserials' for a patron and test you can
navigate and see all serials
- Remove this permission and test you cannot manage/view subscriptions
from others libraries
Signed-off-by: Frederic Durand <frederic.durand@unilim.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
These variables still need to be exported to the template by default for
the 'prog' OPAC template to work correctly.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The goal of this theme is to provide a fully-responsive OPAC which
offers a high level of functionality across multiple devices with varied
viewport sizes. Its style is based on the CCSR theme, with elements of
the Bootstrap framework providing default styling of buttons, menus,
modals, etc.
The Bootstrap grid is used everywhere, but Bootstrap's default
responsive breakpoints have been expanded to allow for better
flexibility for our needs.
All non-translation-depended files are in the root directory of this new
theme:
css, images, itemtypeimg, js, less, and lib. Languages.pm has been
modified to ignore the new directories when parsing the theme language
directories.
This theme introduces the use of LESS (http://lesscss.org/) to build
CSS. Three LESS files can be found in the "less" directory: mixins.less,
opac.less, and responsive.less. These three files are compiled into one
CSS file for production: opac.css. "Base" theme styles are found in
opac.less. A few "mixins" (http://lesscss.org/#-mixins) are found in
mixins.less. Any CSS which is conditional on specific media queries is
found in responsive.less.
At the template level some general sturctural changes have been made.
For the most part JavaScript is now at the end of each template as is
recommended for performance reasons. JavaScript formerly in
doc-head-close.inc is now in opac-bottom.inc.
In order to be able to maintain this structure and accommodate
page-specific scripts at the same time the use of BLOCK and PROCESS are
added. By default opac-bottom.inc will PROCESS a "jsinclude" block:
[% PROCESS jsinclude %]
Each page template in the theme must contain this block, even if it is
empty:
[% BLOCK jsinclude %][% END %]
Pages which require that page-specific JavaScript be inserted can add it
to the jsinclude block and it will appear correctly at the bottom of the
rendered page.
The same is true for page-specific CSS. Each page contains a cssinclude
block:
[% BLOCK cssinclude %][% END %]
...which is processed in doc-head-close.inc:
[% PROCESS cssinclude %]
Using these methods helps us maintain a strict separation of CSS links
and blocks (at the top of each page) and JavaScript (at the bottom). A
few exceptions are made for some JavaScript which must be processed
sooner: respond.js (https://github.com/scottjehl/Respond, conditionally
applied to Internet Explorer versions < 9 to allow for layout
responsiveness), the _() function required for JS translatability, and
Modernizr (http://modernizr.com/, a script which detects browser
features and allows us to conditionally load JavaScript based on
available features--or lack thereof).
Another new JavaScript dependency in this theme is enquire.js
(http://wicky.nillia.ms/enquire.js/), which lets us trigger JavaScript
events based on viewport size.
I have made an effort to re-indent the templates in a sane way,
eliminating trailing spaces and tabs. However, I have not wrapped lines
at a specific line length. In order to improve template legibility I
have also tried to insert comments indicating the origin of closing tags
like <div> or template directives like [% END %]:
</div> <!-- / .container-fluid -->
[% END # / IF ( OpacBrowseResults && busc ) %]
TESTING
Proper testing of this theme is no easy task: Every template has been
touched. Each page should work reasonable well at a variety of screen
dimensions. Pages should be tested under many conditions which are
controlled by toggling OPAC system preferences on and off. A variety of
devices, platforms, and browsers should be tested.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The move avoids a problem where many modules would gain
a dependency on C4::Auth just because C4::Members needs access
to hash_password().
This patch also adds a couple unit tests for the new password
hashing code.
To test:
[1] Verify that there are no regressions on the test plan for bug
9611.
[2] Verify that t/AuthUtils.t and t/db_dependent/Auth.t pass.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The current implementation didn't build the cookie array correctly,
yielding login problems in some scenarios.
Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Passing language=<valid_language_code> as a parameter in any Koha's URL
can be used to set the desired language.
This patch touches
- C4::Templates
- C4::Auth
Adds a new method getlanguagecookie that does exactly that, for use in
get_template_and_user.
Also modifies getlanguage so it checks (a) if there's a 'language'
parameter in the CGI object and (b) checks if its valid and enabled for
the desired interface.
To test:
* Without the patch
- access any koha page
- add ?language=code to the end of the URL (change code for a valid language code
it needs to be installed using perl translate install code, and enabled either for
the staff or opac interface, depending where are you testing)
- Nothing happens with the language parameter
* With the patch
- access any koha page
- add ?language=code (the same as before) and hit enter
- the language should be changed to the one you chose
- if you browse through some links, you will see
koha 'remembers' the language you passed as a parameter
(i.e. the language cookie has been updated).
Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Brendan <brendan@bywatersolutions.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works very well. No errors.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
More comments on last patch.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Small patch to make koha-qa happy.
Fixes small POD error
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
What this patch aims to accomplish?
* All new passwords are stored as Bcrypt-hashes
* For password verification:
- If the user was created before this patch was applied then use
MD5 to hash the entered password <-- backwards compatibility
- If the user was created after this patch was applied then use
Bcrypt to hash the entered password
* Any password change made via the staff interface or the OPAC will
be automatically Bcrypt-hashed; this applies to old users whose
passwords were stored as MD5 hashes previously
Test plan:
1) Add new users and check whether their passwords are stored as
Bcrypt hashes or not.
2) To test that authentication works for both old as well as new
users:
a) Login as an existing user whose password is stored as a
MD5 hash
b) Login as an existing user whose password is stored as a
Bcrypt hash
3) In the staff interface, change the password of an existing user
whose password is stored as an MD5 hash
a) Check the new password is stored as a Bcrypt-hash in the database
b) Try to login with the new password
4) In the OPAC, verify that
a) Old user with old pass can change password, new format
b) New user with new pass can change password
c) Old and new user with self-updated pass can login
Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Add validation of the value of the KohaOpacRecentSearches. In
particular, this patch avoids the generation of an internal server
error when the OPAC is presented with an old cookie that uses the
old Storable-based serialization.
This patch also moves parsing of the cookie value into a
new routine in C4::Auth, ParseSearchHistoryCookie, and adds
a test case.
To test (in conjunction with the previous patch):
Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:
- As an anonymous user, conduct a variety of searches,
including ones that include non-ASCII characters
- Check the search history and verify that all searches
are listed
- Apply this patch and the previous one.
- Do *not* clear the KohaOpacRecentSearches cookie
- Check the search history and verify that no searches
are listed any more
- As an anonymous user, conduct a variety of searches,
including ones that include non-ASCII characters
- Check the search history and verify that all searches
are listed
- Log into the OPAC
- Verify that current and past searches are listed in
search history.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
To test:
Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:
- Clear the KohaOpacRecentSearches cookie
- As an anonymous user, conduct a variety of searches,
including ones that include non-ASCII characters
- Check the search history and verified that all searches
are listed
- Log into the OPAC
- Verify that current and past searches are listed in
search history.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Several system preference variables are unavailable to the OPAC login
template because they are not explicitly enabled for that page. Instead
of adding them to Auth.pm using the old method this patch uses the new
system preference check syntax using the Koha TT plugin.
The following preferences are now checked using this syntax in
masthead.inc:
OpacAddMastheadLibraryPulldown
UseCourseReserves
reviewson
OpacShowRecentComments
In order for the call in masthead.inc to the new plugin to work on all
OPAC pages "[% USE Koha %]" must be added to any template which
includes it (most of them).
Also in this patch: A change to Auth.pm to enable correct display of the
LibraryName in the title of the OPAC login page.
To test, turn on the above system preferences and confirm that the
relevant links appear under the OPAC's main search bar on all pages
including the login page.
Confirm that the text specified in the LibraryName system preference is
shown as the title of the login page.
Confirm that course reserves and comments are displayed correctly on the
biblio detail page.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I checked both prog and ccsr - all seems well and the links are appearing and disappearing in accordance with the appropriate sysprefs.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
If you are not logged in to the OPAC, looking at the login page, and you
click the Lists button to see public lists it says there are none. This
patch corrects Auth.pm so that it loads the list of public lists in this
situation.
To test you must have at least one public list. Make sure you are logged
out of the OPAC and visit the login page (/cgi-bin/koha/opac-user.pl).
Clicking the "Lists" button should show you a list of public shelves.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
works as described, and list button is not shown when opacpublic is disabled.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Adjusting to reflect the removal of the branchcode parameter
to GetBranchCategories; also filter on the 'searchdomain'
library group type, as appears to have been intended.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
When clicking the login link for opac-user.pl in a multiple branch
scenario the environment variable for OPAC_CSS_OVERRIDE was ignored from
the koha-conf.xml file. It seems like is is working on every page in
the opac except for the login page.
Test Plan:
1) Set up a Koha server with 2 separate catalog configurations
( e.g. opac1.kohatest, opac2.kohatest )
2) Set the OPAC_CSS_OVERRIDE directive for separate css files
in each opac
3) Browse to the opac login page, note the css is not applied
4) Apply this patch
5) Reload the page, note the css is now applied
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Test Plan:
1) Enable IndependantBranches
2) Apply this patch
3) Run updatedatabase.pl
4) Verify that the system preference still functions correctly
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Adds a course reserves system for academic libraries.
The course reserves system allows libraries to create courses
and put items on reserves for those courses.
Each item with at least one reserve can have some of its attributes
modified while it is on reserve for at least one active course.
These attributes include item type, collection code, shelving location,
and holding library. If there are no active courses with this item
on reserve, it's attributes will revert to the original attributes
it had before going on reserve.
Test Plan:
1) Create new authorised value categories DEPARTMENT and TERM
2) Create a new course, add instructors to that course.
3) Reserve items for that course, verify item attributes have changed.
4) Disable course, verify item attributes have reverted.
5) Enable course again, verify item attributes again.
6) Delete course, verify item attributes again.
7) Create two new courses, add the same item(s) to both courses.
8) Disable one course, verify item attributes have not reverted.
9) Disable both courses, verify item attributes have reverted.
10) Enable one course, verify item attributes are again set to the
new values.
11) Edit reserve item attributes, verify.
12) Disable all courses, edit reserve item attributes, verify
the item itself still has its original attributes, verify
the reserve item attributes have been updated.
13) Verify the ability to remove instructors from a course.
14) Verify new permissions, top level coursereserves, with
subpermissions add_reserves and delete_reserves.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Corinne Bulac <corinne.hayet@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
http://bugs.koha-community.org/show_bug.cgi?id=8125
- the dateformat value is send to all templates (from
C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- Remove "all" occurrences (those I found!) of dateformat_*
From now the only way to get the date format is a string comparaison
(dateformat == "metric")
Checked with the command:
git grep "\(dateformat_us\|dateformat_metric\|dateformat_iso\)" | grep
-v translator
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tested all the datepickers I could find, looks good.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Decodes userid on two places in checkauth of C4/Auth.pm
Test plan:
Include some non-Latin characters in your userid (loginname). Arab, Chinese?
Login into opac and check user page.
Go to staff (no new login), check your login name at various places.
Logout, login via staff.
Do the same.
Go to opac again (no new login), check user page.
Optionally: Remove all your sessions from table. Do a login. Check sessions.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works as described. No errors.
This patch fixes this problem, but I wonder if
there is a general solution that handle all as utf8.
Tested in opac and staff.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Bug 6554 patched output_html_with_http_headers to encode utf8 data, and Templates.pm to expect utf8 data to be encoded.
(At least) the staff login screen outputs directly to STDOUT (Auth.pm does, WHICH IS WRONG!) and wasn't fixed to do the encoding first.
This patch makes it use output_html_with_http_headers and solves the problem.
Changed 'use' for 'require' as jcamins and marcelr suggested.
Regards
To+
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch adds the ability to add groups to the library select
pulldown on the opac, if it is enabled.
Test Plan:
1) Apply patch
2) Run updatedatabase.pl
3) Go to Administration › Libraries and groups
4) Create a new group, or edit an existing one
5) Ensure the 'Show in search pulldown' checkbox is checked
6) Save the group
7) Enable OpacAddMastheadLibraryPulldown if it is not already enabled
8) Load the OPAC, try the group search from the libraries pulldown menu
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Yes! Now this works, and well.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Adds support for custom plugins. At the moment the Plugins
feature supports two types of plugins, reports and tools.
Plugins are installed by uploading KPZ ( Koha Plugin Zip )
packages. A KPZ file is just a zip file containing the
perl files, template files, and any other files neccessary
to make the plugin work.
Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Create the directory /var/lib/koha/plugins
4) Add the lines
<pluginsdir>/var/lib/koha/plugins</pluginsdir>
<enable_plugins>1</enable_plugins>"
to your koha-conf.xml file
5) Add the line
Alias /plugin/ "/var/lib/koha/plugins/"
to your koha-httpd.conf file
6) Restart your webserver
7) Access the plugins system from the "More" pulldown
8) Upload the example plugin file provided here
9) Try it out!
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch removes 'insecure' system preference.
Also removes remaining code that make use of
the preference. It's broken anyway.
Only remains a reference in POD of C4/Boolean.pm
To test:
1) If you like, enable 'insecure' syspref. Broken system.
WARN: be prepared to revert value in database.
2) Apply the patch
3) Run updatedatabase.pl
4) Check that Staff login proceeds as usual.
5) Check that 'insecure' syspref is no more.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Amended patch: Remove 2 occurrences of insecure (in comment only)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Removed NoZebra vestiges. This comprises several code blocks that depend on the NoZebra syspref and NZ related functions/methods.
C4::Biblio->
GetNoZebraIndexes
_DelBiblioNoZebra
_AddBiblioNoZebra
C4::Search->
NZgetRecords
NZanalyse
NZoperatorAND
NZoperatorOR
NZoperatorNOT
NZorder
C4::Installer->
set_indexing_engine
Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Solve that problem, but now koha-qa complains about tabs
in C4/Context.pm.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tests done:
1) System preference 'Persona' added correctly.
2) Persona off, normal login still possible
3) Persona on, Persona login works
4) Persona logout works
5) normal login still possible
6) normal logout still possible
Persona is off by default and uses the primary email address
from the patron account.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Not introduced by this work but no reason not to clean it
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: no more complains from koha-qa
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
And translation problem in masthead.inc
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Working on Mozilla Persona support (browser id)
This will let a user log into Koha using browser id, if their email
address used matches the email address inside Koha.
Once an assertion is received, we simply need to find the user that
matches that email address, and create a session for them.
opac/svc/login handles this part.
The nice thing about it is, the user doesn't have to do anything, like
linking their account. As long as the email address they are using to
identify themselves in browserid is the same as the one in Koha it
will just work.
This is covered by a systempreference, to allow people to do it, and
is of course totally opt in, it works alongside normal Koha (or any
other method) of login. So only those choosing to use it, need use it
Test Plan
1/ Make sure OPACBaseURL is set correctly
2/ Switch on the Persona syspref
3/ Make a borrower (or edit one) to have the email you plan to use as
the primary email
4/ Click sign in with email, make or use a persona account
5/ Logout
6/ Check you can still login and logout the normal way
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works great.
It's not browser dependent, but tested with chrome, firefox, opera and safari.
Old an new login system works.
Minor errors, addresed in follow-up.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
- the dateformat value is send to all templates (from
C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
- opac/sco/sco-main.pl
- reports/acquisitions_stats.pl
- tools/cleanborrowers.pl
All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.
Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
adding dates
Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
The 2 files C4/Auth.pm and install.pl *must* have the $version variable
set to what is the last old-mechanism for updatedatabase
This patch set to 3.11.00001 that is the last number when I QA this patch
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
This patch use DataTable, see BUG|BZ 6836
- css/datatables.css
- lib/jquery/plugins/jquery.dataTables.min.js
- js/datatables.js
http://bugs.koha-community.org/show_bug.cgi?id=7167
Bug 7167 follow-up
Major changes:
* creating database tables for update on the fly, the 1st time the update script is called
* version is checked on mainpage.pl (and here only). If syspref Version differ from kohaversion.pl, the old updatedatabase is launched. If there are updates missing from new mechanism, the updatedatabase page is reached
* kohaversion check on each page is now useless in Auth.pm, removed dead code
* Updated installer: at the end of the process, retrieve all updates and automatically mark them "OK", as they're included in installer
Minor changes:
* adding copyright
* adding poddoc
* updating a warning, for better clarity
* switching from $$var to $var->
* small TT glitch fixed in updatedatabase.tt
* about.pl now returns the Version systempreference PLUS all the patches that have been applied
Bug 7167 follow-up perlcritic & numbers display & partial apply depending on DEBUG
* add use strict to updatedatabase, that is now perlcritic compliant
* partial apply of DB revs is now managed by DEBUG env variable = if DEBUG=0, the user can just apply every DBrev. If DEBUG=1, we're in a dev env, the user know has the option to apply DBrevs one by one
Display:
* in updatedatabase, small spelling changes
* in about.pl, remove 0 just after . (3.06.01 is displayed as 3.6.1)
* improve the display of applied numbers on about.pl
- before this patch, if you have N, N+1, N+2, N+3 and N+10 DB rev applied, about was displaying : , N+1 / N+2 / N+3 / N+10
- after this patch you have N......N+3 / N+10
* add ORDER BY into list_versions_already_knows to have number retrieved in the same order whatever the order they are applied
http://bugs.koha-community.org/show_bug.cgi?id=6679
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Improve the update.pl script
* Added CLI options to update.pl
* Call update.pl from the installer.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Now, we check versions on mainpage.pl and after login
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Reimplementing Marcel's suggestions & fixes
* Fixing the bugguy old version check (that was made against 3.0900000 instead of 3.0900027 -the last current kohaversion number
* in the CLI script, if there is nothing to report, just say it
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 7167: Remove check_coherency
As suggested by Katrin, we've removed the call to check_coherency. It intended to provide readable comments when some SQL was wrong. Removing this sub result in the SQL error being displayed. That's OK because the sysadmin or the developer can google the error, understand it, then fix it.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Changing in .sql parsing
We first split on delimiter and then extract comments. You can now put
\n for delimiter comments.
ex:
DELIMITER ;
-- this is a comment
SELECT * FROM my_table;
-- another comment
Before this patch, we had to write:
DELIMITER ;
-- this is a comment;
SELECT * FROM my_table;
-- another comment;
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Add .pl and .sql examples
Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)
Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Improve display + factorize get_queries
Despite it's size, this patch is dealing with display questions only:
* The text "comments" and "queries" was hardcoded in ajax-updatedb-getinfo.pl script. It has been replaced by a JSON call, returning 2 separate values, "comments:" and "queries:" is now in the template, making it translatable
* Some minor tweak in the display (like putting things in bold, displaying OK in green, warnings in yellow and KO in red)
* Reordering the column headers for more readability:
* Status column is merged with availability, column is after status
* Status/availability terms more clear: "Not applied" instead of "unknown", "Applied and OK", "Applied and failed", "Applied and forced" are the 3 other statuses
* Removed one click to display comments on DBREv not yet applied: before the patch, one had to click "Show details", then "Get comments", now, "Get comments" is enough
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: FIX typos & moving a script to a proper place
* renamed availables to available
* renamed already_knows to already_applied
* fixed FSF & copyright headers
* removing a "use strict" because we already had use Modern::Perl
* fixed a tiny typo in about.tt
* moving update.pl to misc/bin because it's a CLI script
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Add dependency File::Find::Rule
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: We want to execute non-numeric version with the -all option
Dealing with Marcel comment 100:
> Note that the current code around line 52/53 does not
> handle that correctly:
> Argument "\x{74}\x{65}..." isn't numeric in numeric ge (>=) at
> installer/data/mysql/update.pl line 52.
Now, a non-numeric DBRev will be applied if you provide the --all parameter, without throwing the error
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167 reindentation & removing dead code
* The if (! defined $ENV{PERL5LIB}... block was wrongly intented
* The 3 lines running update.pl are useless: the update (new mechanism) is run from admin/updatedatabase.pl script. This part of install.pl is run only when you have "old style" DB revisions.
Summary:
* old mechanism = it's run as previously, by reaching the installer/install.pl?step=3 page, that applies all revisions
* new mechanism = when you log-in or reach mainpage.pl, you reach admin/updatedatabase.pl, where you can see what will be run, and run it
Tiny side effect = the check for old mechanism is now done *after* authentification (thus it's not done on each page call). It means that the user will have to enter login/password twice :
* first to log-in to Koha
* second to run installer/updatedatabase.pl?step=3
As the old mechanism is deprecated, we can expect this will happend only a few time in the history of a setup, it's not a big deal.
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Don't raise an error in routine TableExists
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: FIX merge
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167: Add .pl and .sql examples
Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)
Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Bug 7167 follow-up fix POD syntax to please koha-qa.pl
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch fix the order of branches in the log-in page,
on Branch.pm we added the variable branchcode to the
hash returned by GetBranchesLoop, and this function is used
on Auth.pm to get a list of branches ordered by branchname
To test
1) Use an installation with some branches
2) On login screen the branches are ordered by branchcode
3) apply the patch
4) On login screen the branches are now ordered by branchname
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch works as expected. Before applying the patch the branches
with lower case was at the end of the list. Now they are well ordered.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.
Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.
For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).
NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay
NEW NOTICE
* Verify by email notice
NEW SLIP
* Temporary card slip
NEW CRON JOB
* delete_expired_opac_registrations.pl
- Deletes patrons that have not been upgraded from the temporary
status within the specified delay
* delete_unverified_opac_registrations.pl
- Deletes the unverified patrons based on the length of time specified
in the PatronSelfRegistrationExpireTemporaryAccountsDelay
The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.
Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.
Test Plan - Part 2 - Borrower Modifications
1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
submit.
8) Check the records, you should see the changes take affect on the
approved one, and no changes to the other two. You should also see
"Patrons requesting modifications: 1" at the bottom of mainpage.pl
now.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 7067 - OPAC Borrower Self Registration - Followup
* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
PatronSelfRegistrationVerifyByEmail is enabled.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Found three cases where variables were being
referenced which did not (in each case) exist. Adding
checks for those variables' existence.
Errors appeared when logged in and viewing a detail
page in the OPAC.
Revision simplifies logic as per RM suggestion.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
If the syspref OpacMaintenance is ON, it is useless to loaded the
requested page.
To test:
- switch on the syspref OpacMaintenace
- check in your apache access log, zebra log, etc. the requested page is
not loaded (i.e. on the opac-search.pl page)
Signed-off-by: Marc Veron <veron@veron.ch>
Checked by watching other_vhosts_access.log
Works as expected
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
A subroutine was not being imported by C4::ImportBatch (ironic, no?)
so this patch makes the call fully-qualified. This patch also cleans
up two warnings in C4::Auth that are raised when logged in as the
database user.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Tested standard login, patron auto-complete, and system preferences.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Added the following missing code to ensure the correct icon
is used when logged out:
IntranetFavicon => C4::Context->preference('IntranetFavicon')
This was added into an existing $template->param() call.
Not to be confused with the koha logo on the login page, the
icon is a 16x16 pixel graphic in the browser tab. The default
is found at .../intranet-tmpl/prog/en/includes/favicon.ico.
If the "IntranetFavicon" system preference is set, it should be
used by the staff client regardless of login state. It was not
being used in the "AUTH rejected" section of Auth.pm, but the
OpacFavicon variable was being set. This explains why the
"OpacFavicon" system preference works for the OPAC client, but
not the staff client upon logout.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Subroutine prototypes used at line 561, column 1. See page 194 of PBP. (Severity: 5)
Bareword file handle opened at line 606, column 5. See pages 202,204 of PBP. (Severity: 5)
Two-argument "open" used at line 606, column 5. See page 207 of PBP. (Severity: 5)
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
This patch reintroduces 'use warnings' in C4/Auth.pm.
Keep attentive to new warning messages in your log
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch adds the following system preferences:
* OpacMainUserBlockMobile - alternate content for the MainUserBlock for
mobile
* OPACMobileUserCSS - custom CSS for mobile views only
* OpacShowFiltersPulldownMobile - whether or not to show the index
dropdown on the mobile view
* OpacShowLibrariesPulldownMobile - whether or not to show the library
dropdown on the mobile view
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch removes the AmazonReviews and AmazonSimilarItems
features from the OPAC and staff client. With on Amazon
feature remaining, cover images, the *AmazonEnabled preference
is also removed in favor of checking the *AmazonCoverImages
preference. Two other system preferences, AWSAccessKeyID and
AWSPrivateKey are removed as they were required only by the
removed features.
Handling of book cover images from Amazon is unchanged.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Turned on amazon covers in opac and staff client and all
worked as expected. Then tested to make sure other cover image
services still worked and they do.
Signing off.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch makes the use of opaccolorstylesheet and opaclayoutstylesheet more consistent. They may be: 1) just a file name, 2) a complete local path or 3) a full URL starting with http: for a remote css file.
This makes the syspref opacstylesheet that was only used for a remote css file obsolete.
June 20, 2012 Rebased.
July 18, 2012: Regex allows https too (thanks to Owen Leonard).
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
There is a mis-scoped function call in C4::Auth, on line 154, where
GetMembers is called without explicit scoping and before
'require C4::Members;'. This does not actually have any functional
ramifications as far as I can tell, but it would be a good idea to fix
it.
This patch also corrects a bit of indenting in that area, because it was
an unnecessary challenge to understand the code with the mis-indenting.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Adds the ability to attach unlimited arbitrary files to
a borrower record.
Test Plan:
1) Enable system preference EnableBorrowerFiles
2) Look up borrower record, click 'Files' tab on left
3) Upload a file, download the file, delete the file.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
rebased for current master.
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
rebased again; some indentation issues in include menus.
This patch creates a new system preference, OpacNavRight, in
which the librarian can add HTML which will appear on the OPAC
main page under the login form. If the user is logged in the content
will appear in place of the login form.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The HTML for authority search results was previously generated in
C4::AuthoritiesMarc::BuildSummary, which meant that it couldn't be
translated. This patch moves the HTML generation into the templates
by introducing a new authorities-search-results.inc include file for
both the OPAC and the Intranet which contains a Template::Toolkit BLOCK
for rendering the authority results. Fixes the authority autocomplete
by removing the untranslatable strings, and returning only data from
the database.
To test:
1. Apply patch.
2. Test authority searching in the authority module in the staff client
3. Test authority searching in the authority control plugin in the
cataloguing module (and the plugin for UNIMARC field 210$c, if you
can figure out how)
4. Test authority searching in the OPAC
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with MARC21 data.
1) Applies cleanly on current HEAD.
2) Authority search in staff
Patch works wonderfully, only some small notes found while testing that have
not been changed by this patch:
ENH note: Search terms show up nowhere. So if I want to change the sorting, I have to
repeat typing in my search term. Even if the form does not keep the term, it
should be visible somewhere on the screen what I searched for.
ENH note: The pagination on top and at the bottom of the result list are formatted
differently. Maybe some missing CSS?
ENH note: Also the authority type is not shown at all in the result list.
3) Cataloguing and authority plugins
The autocomplete function works nicely.
ENH note: There is only one small enhancement
I could imagine. If I start my search from 100 it will limit the search to
'persons' but the autocomplete will also suggest other authorities. It would
be a bit cleaner, if the autocomplete could limit by the appropriate authority
type too. Very nice feature.
Plugins overall work nicely. Created links include the authority numbers and work
correctly.
4) Authority search in OPAC
Works nicely. Display is consistent, but translatability greatly improved.
ENH note: In staff we use 'Details' in OPAC we use 'View full heading' - I wonder
if maybe 'details' would be better understandable for users?
Note: Code reveals a system preference 'AuthDisplayHierarchy' that is
not available in the system preference editor. I talked to Jared and he
will work on this feature later on. For now it's no regression, as the
preference has never been visible.
So we shouldn't try to delete it. This produces application error
instead of redirection to login page.
I had similar problems with CGI, especially when session in browser
is still active, and one on filesystem or database is already expired.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Solved the problem when my Plack installation started acting up due to
stale cookies.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Patch introduces a new system preference "OpacBrowseResults" to control
the feature for browsing and paging through results shown on top of the
left menu on detail pages in OPAC.
Preference is activated by default and can be deactivated using the
system preference.
To test:
- Check database update works correctly
- Check that browsing and paging still works with after database update
- Deactivate the feature by setting 'OpacBrowseResults' to 'Disable'
- Check the feature does no longer show up in OPAC
- Check that a new installation also has the system preference with correct default
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
patch applied to commit eb3dc448d2
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Turned on star ratings in the opac on details and results
Searched for titles - saw the stars
Clicked on a title
Clicked on the stars
Clicked on the stars to change my rating
Logged out
Tried to click on stars
Logged in as different user
Rated items that were rated already and saw average change
Changed preference to show only on detail and repeated tests
Changed preference to now show stars
All above tests passed. Signing off.
Rebased 3-19-12 by Ian Walls
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
writing to STDOUT breaks plack when running with DEBUG=1
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This lays the foundation for further changes for report 7310.
Implements following points from the wiki page List permissions:
1) Preference that controls if users may create public lists in opac.
2) New add/delete own/delete other permissions per list.
Code has been changed (in some cases refactored). New permissions are not yet visible; with this patch current functionality is kept as much as possible while resolving several issues, improving permissions and extending the code for further developments (using the new permissions and sharing lists).
Feb 23, 2012 (revision): Changed defaults for new lists. Could also remove routine GetRecentShelves by using GetSomeShelfNames in catalogue/search.pl just as opac-search.pl already did. (More consistent.)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Feb 29, 2012: Automerge version.
March 5, 2012: Rebase for pushed 4912 patch.
March 21, 2012: Rebased. Resolving some conflicts in relation to pushed report 7719.
This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress
If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.
The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.
This is an example of what might go in the Apache configuration for the
virtual host:
#SSLVerifyClient require # only allow PKI authentication
SSLVerifyClient optional
SSLVerifyDepth 2
SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
SSLOptions +StdEnvVars
The last line ensures that the required details are
passed to Koha.
To test the PKI authentication, use the following curl command:
curl -k --cert client.crt --key client.key https://URL/
(look through the output to find the "Welcome," line to indicate that a user
has been authenticated or the "Log in to Your Account" to indicate that a
user has not been authenticated)
To create the certificates needed for the above command, the following series
of commands will work:
# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# This is the ca.crt file that the Apache config needs to know about,
# so put the file at /etc/apache2/ssl/test/ca.crt
# Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
# We're self signing our own server cert here. This is a no-no in
# production.
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
-set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
# Sign the client certificate with our CA cert. Unlike signing our own
# server cert, this is what we want to do.
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key \
-set_serial 02 -out client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
# In theory we can install this client.p12 file in Firefox or Chrome, but
# the exact steps for doing so are unclear, and outside the scope of this
# patch
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Tested with Common Name and E-mail authentication, as well as with PKI
authentication disabled. Regular logins continue to work in all cases when
SSL authentication is set to optional on the server.
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA comment: synchronized updatedatabase.pl version of syspref with sysprefs.sql
version, to avoid divergent databases between new and upgrading users.
Removing references to unused template variables and markup.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Confirmed that memcached is still being used after the memcached configuration
in koha-conf.xml was removed, and the following two lines were added to
both virtual hosts in koha-httpd.conf:
SetEnv MEMCACHED_SERVERS "127.0.0.1:11211"
SetEnv MEMCACHED_NAMESPACE "KOHA"
* removed use C4::Koha that is useless
* moved "use C4::Members" to "require C4::Members" just before GetMemberDetails call. This will avoid loading C4::Member everytime a page is called by someone not logged
* still to do = work on C4::VirtualShelves, that can be optimized, definetly !
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master, 28 Jan 2012
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Please WAIT with virtual shelves. Working on that..
Tested and marked as Passed QA.
Signed-off-by: Aleksa Vujicic <aleksa@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended to replace some copy-and-paste comments only with consent of MJR.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Commit 07d1eae7cc removed this statement from the module, but some months later commit 7b12e07d3b reintroduced it again while reindenting code ;)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
* Show the "Upload images" button when OPACLocalCoverImages is enabled but
LocalCoverImages (i.e. local cover images on the staff client) is not
* Correct copyright and license comments in new files
* perltidy and replace tabs by four spaces
Signed-off-by: Koustubha Kale <kmkale@anantcorp.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
A frequently-requested feature for Koha, especially by special libraries, is
the ability to upload local cover images into Koha.
This patch adds a bibliocoverimage table, and image handling code in the
C4::Images module. Key features of the implementation include:
1. The ability to have multiple cover images for a biblio
2. Handling for "full size" (800x600) and thumbnail-size (200x140) images
3. Uploading images directly from the record view
The image display functionality by Koustubha Kale of Anant Corporation will
follow in a second patch.
Special thanks to Koustubha Kale and Anant Corporation for the initial
implementation of local cover images, and to Chris Nighswonger of Foundation
Bible College for his prior work on patron images.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Will add comments on Bugzilla.
Patch failed to apply because installer/data/mysql/sysprefs.sql had changed in master.
Corrected the same with this new patch.
A missing test in checkauth caused anonymous session to be destroyed and
re-created at every call when this syspref was set.
Almost the same issue is also fixed in check_api_auth, which caused
C4::Service->init to fail.
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Verified sessionlog file is not written to /tmp when patch is applied. Also verified original bug - logging in did in fact log to /tmp.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Add paging in opac-detail when coming from a search to be
able to continue viewing the previous and next register
from the detail without returning to the results.
The partial list pagination can be showed to increase forwarding
or rewinding in the pagination.
It's implemented for Zebra search and not build_grouped_results.
The param busc with all the information from the search is stored
on the session when running opac-search and opac-detail, outside these
pages the busc param is removed from the session.
A list of the biblionumbers inside the OPACnumSearchResults range
is passed to avoid repeating the searching everytime we see the
previous or next biblio. The searching will be run again when
we are going to exceed the list and a new one will be calculated
from the new search.
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This follow-up adds a system preference which controls display
of a link to recent comments in the OPAC masthead alongside
"Advanced search," "Tag cloud," etc.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
In the case of LDAP, checkpw was returning the cardnumber of there user, but it was being treated as the
userid. This patch updates checkpw_ldap to return the cardnumber AND the userid, and updates checkpw to
uniformly return cardnumber and userid in all instances, so that whoever is authenticating can use the
desired value in the right way.
This patch add a new syspref OpacNavBottom which is placed on all pages
after OpacNav. On Patron pages, specif patron links are placed between
OpacNav and OpacNavBottom, like this:
OpacNav
Patron links
OpacNavBottom
To test:
1 Apply this patch
2 For RM, modify kohaversion.pl and updatedatabase.pl appropriately
3 Test that OPAC pages are displayed as before, OpacNav on the left
4 Test OPAC patron pages: OpacNav is as before displayed after patron
links
5 Split OpacNav between itself and OpacNavBottom
6 Patron pages display patron links between OpacNav and OpacNavBottom
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Fixes chris comment 28, that was a consequence of Marcel comment 27
Recent error
[Thu Sep 01 14:22:45 2011] [error] [client 192.87.126.61] [Thu Sep 1 14:22:45
2011] opac-MARCdetail.pl: DBD::mysql::st execute failed: Unknown column
'limit_desc' in 'field list' at /usr/share/koha/testclone/C4/Auth.pm line 276.
Seems to come from this commit 9a3950f673 (5630
CAS Improvements)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
If LDAP authentication is used, Koha barks that C4::Auth::checkpw_ldap is
undefined, which is true. checkpw_ldap needs to be imported from C4::Auth_with_ldap,
like it was before the bug fix for 5630
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Squashed commit of the following:
commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:39 2011 +0100
Bug 5630 : fixing C4/Auth.pm
commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:38 2011 +0100
Bug 5630 : Adds CAS documentation
commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:37 2011 +0100
Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:36 2011 +0100
Bug 5630 : Adds the ability to authenticate against multiple CAS servers
commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:34 2011 +0100
Auth_with_cas : removing a warning
$sth was defined twice in a function
Removing the second definition
commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:33 2011 +0100
Bug 6012 : MT 2270: CAS proxy
CAS Proxy
Examples included are now really usable
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Display links to parent biblios, show linked items in holdings, allow holds on
linked items. This uses MARC to maintain relationships.
Sponsored by the Mississippi Department of Archives and History and RapidRadio
Solution. Originally developed by Savitra Sirohi and Amit Gupta at OSSLabs, with
UNIMARC support added by Zeno Tajoli. Commits squashed and merge conflicts
resolved by Chris Cormack from Catalyst. Respect for NORMARC and some small
framework portability fixes made by Jared Camins-Esakov of C & P Bibliography
Services.
IMPORTANT NOTE: A bug in the 773 coding for MARC21 was corrected from the
original OSS Labs code. The 773s generated by the pre-release code did not have
the first indicator set to '0', which means that they were not supposed to
display. Going forward, the first indicator will be set correctly, but existing
records created with this code will no longer appear (they appeared before only
due to another bug). To correct this, you could globally (or, to make sure you
only modify records created with the Analytics tool, for records with 773$0)
change the first indicator of the 773 from blank to '0'.
== Background ==
An analytic record for an item is a more detailed, monographic biblio for an
item attached to a serial record . This is often used for special issues of a
journal that are released as books on their own (assigned an ISBN, as well as an
ISSN/volume/issue). It is important for researchers to be able to search for
these items both as issues of the serial, and as monographs. It is equally
important for the library to not have duplicate item records for the item in
question to have to keep synchronized.
== Establishing relationships ==
Analytical records are connected to items belonging to parent or host
bibliographic records. This can be accomplished by:
* From an analytical bibliographic record linking to an host item by providing
the item barcode as input
* From a host item by using option "analyze", this creates a new empty
bibliographic record with field 773 (MARC21) populated
* Running a new CLI script that establishes a relationship between the
analytical record and the host item identified by the barcode in the
analytical record's 773$o (MARC21)
== Connecting Records ==
The relationships are maintained in the MARC records, we have not used database
tables at all.
== MARC Representation ==
In MARC21/NORMARC we have used:
* 773$9 to store the Koha item number of the host item
* 773$0 to store the Koha biblio number of the host bibliographic record
The above fields are used to display the relationships in various screens in the
OPAC and the staff interface. Additionally, when populating field 773 with host
item's details, we have used following MARC 21 mapping:
* 'a' <= 100/110/111 $a (author main)
* 'b' <= 250$a (edition)
* 'd' <= 260$a, 260$b, 260$c (place, publisher, year)
* 'o' <= barcode
* 't' <= 245$a (title)
* 'w' <= (003)001 --> if no 001 is available, we can populate biblionumber
* 'x' <= 022$a (issn)
* 'z' <= 020$a (isbn)
In UNIMARC, this code uses:
* 461$9 to store the Koha item number of the host item
* 461$0 to store the Koha biblio number of the host bibliographic record
When populating field 461 in UNIMARC, the following mapping is used:
* 't' <= 200$a (title)
== Treatment of Holds ==
A key requirement was to allow holds to be placed on host items from the
analytical record. We have accomplished this by allowing holds on specific
copies only. Biblio level holds are not allowed. This ensures that holds are
placed on specific items that are relevant to the analytical record.
== Deleting host items with linked analytical records ==
As we have not used database tables to maintain relationships, we had to use
search to find out if any linked analytical records are present. If 1 or more
analytical are present, we do not allow deletion of items. This is similar to
what we see when we try to delete authority records.
== Importing analytical records ==
Analytical records can be imported using bulkmarcimport or the GUI tools. The
new CLI script can be executed after the import to establish relationships with
host items. The script will establish relationships using the host item's
barcode, the barcode must be present in 773$o of the analytical record.
== What if there are two or more copies of the host item? ==
The current design will require that there be two host (773) fields, one for
each copy.
== What if there is no barcode available for the host item? ==
It is still possible to establish a relationship, by populating 773$9 with the
host's item number. However the CLI script uses barcode in 773$o to establish
relationships so it won't work where barcodes are unavailable. Also from an
analytical record, it is possible to establish a relationship to a host item by
providing the barcode as input, this option will not be available as well.
Commits that added the following features were squashed by Chris Cormack (this
is not a list of every commit):
* Display links to host records from biblio detail screens
* Support for UNIMARC, respecting the system preference 'marcflavor'
* Support holds from the OPAC
* Ability to link to items belong to host records from a analytical record
* Display items belonging to host records in the moredetail page
* Ability to edit items belonging to host records, also ability to delink from
them
* Move get host items code into a C4 routine, also calling the new routine in
related perl scripts
* Move host field population to a C4 routine, all changes in pl files to call
new routine
* Allow only specific copy holds for analytical records plus changes to use new
C4 routines
* Support for holds on items linked via host records
* Storing bibnumber and itemnumber in subfields 0 and 9, plus other mapping
changes
* New command line script that establishes relationships between analytical
records and host items and bibs. The script looks for host field (MARC21 773)
in records, and based on barcode in subfield 'o' populates host bibnumber in
subfield '0' and host itemnumber in subfield '9'. The script can be run after
an import of analytical records, it can also be run in the crontab to maintain
the relationships
* Ability to create analytical records from items, to view linked analytics, and
prevent deletion of items that have linked analytics
* New template for catalogue/detail.pl (NOTE: not a new template file, just a
new way of displaying analytics), template displays linked analytics and
allows creation of analytical records
* New zebra index for item number in host fields. This index will be used to
display links to analytical records from host records
* Display title of host record instead of the phrase host record
* Using detail.tmpl for analytics tab instead of a new template file
* Improved qualification info prepration in Prephostmarcfield
* Check for linked analytics before deleting item
* Display link to host record and more meaningful anchor text for edit item link
* Analytical record: Unimarc index in record.abs and help in
create_analytical_rel.pl
* Adding a sys pref that controls display of options to create analytical
relationships
* Add host entry in XSLT stylesheet in staff item detail
* Added host record support to OPAC detail XSLT
* Adding 773$0 and 773$9 to all frameworks
* Adding 773 subfields 0 and 9 to default marc framework via updatedatabase.pl
* Display create analytics and used in links in catalog detail
* Fixed problem where analytical records not showing in OPAC search results
because GetMarcBiblio now needs a flag to add item records
* Fixed problem where analytics count was set to 1 for all records, not just
those with analytics
* Fixed catalogue detail page not to show analytics counts if count is 0
Conflicts:
installer/data/mysql/updatedatabase.pl
koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbiblio.tt
kohaversion.pl
Co-author: Savitra Sirohi <savitra.sirohi@osslabs.biz>
Co-author: Zeno Tajoli <tajoli@cilea.it>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch solves the situation that news is in another language than
the Koha interface AND makes that themelanguage routine is always called
the same way in order to prevent mixed display.
It fixes also a bug related to language preselection based on web
browser prefered language.
September 9: Adjusted with input of Frederic Demians.
Septembre 10: Avoid circular dependency, as pointed by Chris Cormack.
Templates related functions are moved from C4::Output to C4::Templates
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Squashed commit of the following:
commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:39 2011 +0100
Bug 5630 : fixing C4/Auth.pm
commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:38 2011 +0100
Bug 5630 : Adds CAS documentation
commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:37 2011 +0100
Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:36 2011 +0100
Bug 5630 : Adds the ability to authenticate against multiple CAS servers
commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:34 2011 +0100
Auth_with_cas : removing a warning
$sth was defined twice in a function
Removing the second definition
commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:33 2011 +0100
Bug 6012 : MT 2270: CAS proxy
CAS Proxy
Examples included are now really usable
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This new system preference (in OPAC Features) allows libraries to
turn off reviewer photos entirely if they want to. The default is
for these photos to be shown.
Note that this setting is linked to ShowReviewer in that both of
them need to be turned ON for the avatars to be displayed.
Signed-off-by: Francois Marier <francois@debian.org>
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Users could log in intranet using their cardnumber, with superlibrarian
rights.
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Remove a 'variable in void context' warning from
C4::Auth which shows up as a compile warning in all users of
the module and generates log noise
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
C4::VirtualShelves::GetRecentShelves contained some rather confused
code The contents of the requested list are returned in an arrayref
which was in its turn being wrapped needlessly in an array
As a result the returned array always consisted of a single element
irrespective of the number of lists.
Made the routine return the arrayref, which can now be tested directly
Unfortunately rather than fixing this we had previously coded around it
assuming it to be a "design" decision. Have amended other calls of
the subroutine resulting in some hopefully less obscure code
Fixed logic error in the results template which displayed new list
within a test for the presence of lists
Removed the offset parameter from the sql in the routine as it was hardcoded
to 0 i.e. the default value
Signed-off-by: fdurand <frederic.durand@univ-lyon2.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Note: this requires CGI::Session::Driver::memcached to be installed
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch adds a new syspref ShowReviewer.
If ON (default) the reviewer/author of an OPAC comment will show.
If OFF the reviewer's name will be hidden.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch adds two sysprefs:
OpacFavicon
IntranetFavicon
The two sysprefs take full URLs to an alternate favicon.ico file for the OPAC
and Staff Client, respectively. Leaving them blank will use the favicon.ico file
that is included with Koha.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch ensures that the OPAC library selection masthead will always default
to the branch that is currently being searched. This only applies to systems
with multiple branches and OpacAddMastheadLibraryPulldown turned on.
To test: do a search in the OPAC, limiting by branch. The search results will
still have that branch selected in the masthead dropdown.
This patch also fixes bug 5852 and bug 3778.
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Liz Rea <lrea@nekls.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Previous commit modified checks for the item-level_itypes preference
to look for a different variable name but didn't update where that
variable is set in Auth.pm.
Other scripts perform a direct check of item-level_itypes and must
continue to use the name of the variable in the database.
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Reimplements Paul Poulain's original OPAC Privacy patch, with some minor improvements and changes to wording
If the library enables the OPACPrivacy system preference along with the opacreadinghistory preference, and sets
an AnonymousPatron (must be a valid patron number in the database), the user will see a new tab upon login to
the OPAC, My Privacy. From there, the user can:
- Set their OPAC Privacy to one of three values
0 - Forever. This keeps their reading history unless they explicitly delete it; the bulk anonymiser won't touch it
1 - Default. Keep reading history until either they delete it or the library does
2 - Never. Instantly anonymises reading history upon item return
- Instantly delete their reading history
There is a warning and a popup to confirm. I've removed Paul's extra confirm checkbox, which seemed redundant
A note of which preference the patron has selected is added to the Patorn Details page in the staff client. This is read-only.
This patch also consolidates Privacy system preferences into the Privacy section of the OPAC tab.
Thank you to BibLibre for the original implmentation of this patch, and Los Gatos Public Library for funding and
testing the reimplementation.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
applied to git tag 'v3.02.00-rc'
Frédéric Demians:
- Rebased this patch to HEAD
- Solved a merge conflict
- The patch works as described here:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4289
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
- Auth.pm put the noItemTypeImages preference under "intranet only."
Moved it to "OPAC or intranet."
- Added check for the preference on the OPAC advanced search page.
- Improved logic for displaying images on the reading history page.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Per the following koha-devel thread, the use of
staff user subpermissions, AKA granular permissions, is
now the default behavior in Koha. This patch removes
the GranularPermissions system preference.
[1] http://lists.koha-community.org/pipermail/koha-devel/2010-February/033670.html
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Previous code would only allow for an auxiliary stylesheet on the same server. This checks for
http in the opaccolorstylesheet syspref. If it's found, sets a different variable pointing to the
remote server location. If not found, retains the previous css directory path.
Also modifies the description of opaccolorstylesheet in the installer files to reflect current
usage as an auxiliary stylesheet.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Reverts part of commit 7b12e07 that removed references
to the Syndetics sysprefs in C4::Auth for no apparent reason.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Since this fix enables the previously-missing variable
'AmazonEnabled' in Auth.pm, this will also enable other
Amazon content in the staff client like Product
Descriptions and Amazon Similar Items (See Bug 3863)
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Added new HTML template variable, using_https, for use
of OPAC or staff-side templates that may need to know
whether to use http:// or https:// links to off-site
content.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
This patch adds XSLTDetailsDisplay and XSLTResultsDisplay variables
for the staff client, OPACXSLTDetailsDisplay and OPACXSLTResultsDisplay
variables to the OPAC. Note that the XSLTResultsDisplay doesn't actually
do anything because no one has added an XSLT version of search results
to the staff client.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
- Add two syspref:
- OPACXSLTResultsDisplay
- OPACXSLDetailsDispay
- Add them to .pref files and dispatch them beetween OPAC and Search
tab.
- Upgrade DB version to 3.2 .113
- Fix something wrong in UNIMARCslim2intranetDetail.xsl
- Display OPAC result and detail pages using those syspref.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
This doesn't define borrowernumber = 0 if a borrower is NOT logged.
We know borrowernumber 0 is mysqluser... So in virtualshelves, a non logged user have all permissions.
In the current OPAC, there is no easy way to search a particular library.
By default, a user searches all libraries, or with SearcMyLibraryFirst turn on,
the user's home library. In dev_week, a library pulldown menu existed in the search masthead.
This commit adds the option to bring that pulldown menu back
by turning on the system preference OpacAddMastheadLibraryPulldown
- the XSLTParse4Display sub now has a new parameter : the interface (intranet or opac)
- the XSLTdisplay sysprefs is common to staff & opac (Auth.pm)
- added UNIMARC xslt in intranet templates (modified to deal with staff/opac differences)
Enables ppl to store their search history and delete the whole history
Adding Storable required by Opac-Search-History
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Auth, after verifying the session/logging in the user, calls to the database
to get the users borrowernumber. This call is probably unnecessary because
borrowernumber is part of userenv. Check userenv before going to the database.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
This preference allows library staff to decide whether to show
the fines tab in the OPAC for logged in patrons.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Without this, the mainenance page would not display because of:
Cannot use undefined value as a HASH reference in C4/Auth.pm
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
These don't belong every template, only on OPAC:
~ opacstylesheet
~ opaccolorstylesheet
~ opacsmallimage
The latter 2 were already being populated in C4::Auth anyway.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
$intflags was never used or returned if hashref instead of userid was passed.
Also cleaned up needless passing of $dbh.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Allows specification of how many issues of a subscription to display
at a global and subscription-specific level. Also adds a link to the
detail page to a specific subscription.
Signed-off-by: Daniel Sweeney <daniel.sweeney@liblime.com>
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
This patch resolves a number of problems related to Enhanced Content:
1. Previously, there was no syspref for controlling whether or not to display
Amazon.com cover images apart from other content. This had the side effect
of preventing use of amazon.com content alongside use of another provider's
images. This patch introduces AmazonCoverImages and OPACAmazonCoverImages,
and changes the name of AmazonContent to AmazonEnabled.
So, for instance, you can now enable OPACAmazonSimilarItems yet utilize
SyndeticsCoverImages for displaying those similar items.
NOTE TO DOCUMENTATION TEAM: please update references to AmazonContent
and OPACAmazonContent to comply with the above.
2. Fixes some semantically incorrect uses of AmazonContent (now OPACAmazonEnabled)
on the OPAC side.
3. Resolves once and for all, the normalization of ISBN,UPC,EAN and OCLC numbers
for all enhanced content elements; These elements can be normalized using the
new functions in C4::Koha; I've replaced use of the various previously used
variables $xisbn,$norm_isbn,$clean_isbn, etc with $isbn, and the template
variable normalized_isbn.
We finally have a single, consistant place to retrieve normalize values for
these fields given a particular record.
4. Adds Syndetics attribution statements to display of all Syndetics content
'enhanced content provide by Syndetics' or 'Enhanced Description from Syndetics'
5. Adds an option to view the large cover image on the detail page on the OPAC
when using SyndeticsCoverImages; this option is controlled by a new system
preference: SyndeticsCoverImageSize which has two values: MC (medium) LC (large)
6. Adds UPC and OCLC numbers for Syndetics enhanced content queries especially
helpful for finding enhanced content for DVD and Music materials
7. Adds capability to display Syndetics images to opac-user for checkouts and overdues
8. Updates to systempreferences.sql, and updatedatabase.pl database revision 015
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
This patch also includes a new function to retrieve the index
page from Syndetics and parse it for available content prior to
retrieving content; this is done to speed up syndetics content
by not retrieving content that doesn't exist for an item. However,
Syndetics continues to be a very slow service compared to Amazon.com
and other enhanced content services
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Following suggestion by Vincent Danjean for Debian
packaging, 0755 -> 0644 for non-executable
files.
Also removed shebang from a few modules in C4.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
This patch updates the queries for the shelf browser in opac-detail.pl for a
slight performance gain. It also adds a param for dateformat to C4::Auth to
fix a warning.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Ror a poorly understood (by me) reason, use of 'use
UNIVERSAL' and 'use C4::Auth' in the SIP2 code is resulting
in a compilation error, thus blocking SIP2 from working.
The error (prior to this patch) could be reproduced as follows:
cd C4/SIP
perl -I. -wc Sip/MsgType.pm
"get_session" is not exported by the C4::Auth module
Can't continue after import errors at /home/gmc/koha/dev/C4/VirtualShelves.pm
line 51
BEGIN failed--compilation aborted at /home/gmc/koha/dev/C4/VirtualShelves.pm
line 51.
Compilation failed in require at /home/gmc/koha/dev/C4/Auth.pm line 34.
BEGIN failed--compilation aborted at /home/gmc/koha/dev/C4/Auth.pm line 34.
Compilation failed in require at Sip/MsgType.pm line 21.
BEGIN failed--compilation aborted at Sip/MsgType.pm line 21.
or more minimally
perl -ce 'use UNIVERSAL; use C4::Auth;'
This patch works around the problem by making C4::Auth
and C4::VirtualShelves not import any symbols
from each other.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
It appears that Perl 5.10 does not like ${@$foo}[0] but rather wants $foo->[0]
The latter is also much more readable. This patch makes the change.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Adding code to refresh "Lists" button lists display in OPAC masthead.inc
Adding javascript to force refresh of parent window to update "Lists" button menu
Adding query limits and ability to specify row count and offset in queries related to Virtualshelves.
Also added the ability to return total record counts for specified virtualshelves.
Adding C4::VirtualShelves::GetRecentShelves which returns a list of the most recently modified shelves for
a given set of parameters. This allows the user to be offered active private and open lists to add books
to in drop down menus while also allowing drop down menus to be limited to a reasonable length.
This also limits the shelves stored in the user's session to a fixed number. A further enhancement might
be to add a syspref to enable a staff member to define the limit. Currently it is hardcoded at 10 per
list type (private/public-open).
Adding pagination to list/shelf related screens
Moving refresh shelves code into C4::VirtualShelves::RefreshShelvesSummary and tidying up a bit
Correcting several inconsistancies in the shelves templates as well as handling shelf management on
the intranet side correctly.
Correcting "Add To:" drop-down list to show only lists the patron has permission to add to
Correcting a few C4::VirtualShelves::GetShelvesSummary API calls
Modifications for template consistancy
Breaking up a 1367 char line of javascript in opac-results.tmpl
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
GetMemberDetails() returns only one hashref now,
not two. In all cases where the caller was
expecting two output values, the $flags return
was ignored anyway.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch allows patrons to update their messaging preferences. This
includes methods in C4::Members to manage patron messaging preferences.
added cgi script to allow patron to edit their messaging preferences
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
I'd like to add another template parameter to geta_template_and user, but found it diffiult due to unreadability.
I stanadardized the whitespace in a portion of get_template_and_user,
alphabetized the parameters, finding a duplicate in one spot,
and then extracted the common template parameters that are set the same
regardless of template type.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
NOTE: This patch introduces code which generates an anonymous session when a patron first browses to OPAC.
This anonymous session contains a minimal amount of information including the results of a query to discover
all public lists/shevles. When the user logs in, the anonymous session is cleared and a new session created
for that user.
kohabug 1875 - fix error when editing a patron record
C4::Auth::checkauth was not distinguishing between a
'userid' input from an OPAC or staff login form and
a 'userid' input from (e.g.,) the patron editor.
Consequently, adding or editing a patron record would
result in Koha trying to log in as the new patron.
To resolve this, added a hidden input to all login
forms, 'koha_login_context', to explicitly signal
when a login is occurring. The value of this input
can be 'opac', 'intranet', or 'sco' - the value is
not used at present, but may be of use later.
C4::Auth - added debug flag to two warns
kohabug 1875 - create anonymous sessions only for OPAC
No need to create an anonymous session for the intranet.
set yuipath correct for login pages
When preparing the template parameters for a login form,
C4::Auth was overriding the value of yuipath set
by C4::Output::gettemplate(), thus causing 404 errors
if the 'yuipath' syspref was set to 'local'.
kohabug 1875 - avoid warns viewing lists anonymously
During an anonymous OPAC session, the $loggedinuser variable
is not set. As the undefined value causes warns in
C4::VirtualShelves::Page::shelfpage, for the purpose of the
shelfpage call the loggedinuser is set to -1, which should
not correspond to any real borrower number.
This is admittedly a hack to avoid digging through all
of C4::VirtualShelves to deal with lists viewed anonymously.
kohabug 1875 Refactoring of &ModShelf to avoid overwriting list owner needlessly
kohabug 1875 Avoid warning if can't find owner of shelf
Since virtualshelves.owner is not a true FK of borrowersnumber.number,
set ownername to '' if can't find the patron
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Calculate OPACBaseURL from the
CGI environment variables instead of using the
system preference. As a result of this patch,
it should be possible to change the hostname,
protocol, or port of the OPAC without having to
reset a system preference.
Also added a FIXME to opac/unapi - the URL of
the SRU/W server has no necessary relationship
to the URL of the OPAC.
Once this patch is confirmed, the syspref can
be removed.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Three scripts were incorrect setting the HTTP type
header to 'utf-8' instead of something appropriate
like 'text/html' - Firefox evidentally can ignore that
mistake, but IE7 does not.
Fixed by replacing an invalid print of the HTTP header
and template output with a call to
C4::Output::output_html_with_http_headers.
Also corrected POD in C4::Auth and InstallAuth to
reflect correct use of output_html_with_http_headers.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
now yuipath is added in C4::Output and uses themelang
In my opinion, all the general variables that are used in output should get in C4::Output (since there is theme lang computed.)
rather than in C4::Auth
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Enhanced the permission-checking functions in C4::Auth
(e.g., get_template_and_user, checkauth, check_api_auth, etc.).
If the CheckSpecificUserPermissions syspref is OFF, the behavior
of those APIs is unchanged.
If CheckSpecificUserPermissions is ON, then the value of each
key in the flagsrequired hash is considered during
the permissions check:
1. if the value is 1, the staff user must have
all privileges for the userflags flag (or module)
referred to by the hash key, e.g.,
{ flaqsrequired => { tools => 1 } }
In terms of the database, this means that the
corresponding bit must be set in borrowers.flags.
2. If the value is '*', the staff user must
have at least one of the permissions for the
userflag/module, but it doesn't matter which one.
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there at least is one row in user_permissions
for the staff user and bit/module combination.
3. If the value is any other string, it must be
a permissions code defined in the permissions table.
The staff user must have that specific permission
or have access to all functions of the module
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there is a matching row in user_permissions
for the staff user, bit/module, subpermission
code combination.
In addition, get_template_and_user is modified so that the
CAN_user_XXX variables that it sets also includes the
subpermissions available (CAN_user_XXX_YYY, e.g.,
CAN_user_tools_import_patrons). The template variables
for the specific permissions are set regardless of whether
CheckSpecificUserPermissions is ON or OFF so that the templates
don't have to test for that syspref explicitly.
In addition, the meaning of CAN_user_XXX has changed slightly -
CAN_user_tools, for example, is set to 1 in the template if the
user has access to *any* of the tools functions. This was done
to simply the logic for deciding whether to display a menu
item in the staff interface are not. This does mean that
when specific subpermissions are added to (say) the circulate
module, each use of CAN_user_circulate will need to be examined
to see if the intent is to allow the user to get at a circ
menu or page or if the user really should be required to have
all circulate functions.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
