Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
3. In the JS console: "ReferenceError: $ is not defined", I did not
investigate it.
Where do you see this in the console? I cannot recreate on opac-user.pl
or on circ/checkout-notes.pl.
5. The alert id=error is displayed then hide in JS, but it's then
displayed half a second. We should hide it by default (css)
Fixed in this patch
6. I would move the "mark seen" and "mark not seen" buttons at the
top of the table
Fixed in this patch
8. Cursor on "Select all" and "Clear all" links must be adjusted
Fixed in this patch
9. $(".btn-xs").click(function(event){
The selector should be $("button.seen, button.notseen"), you
do not want to apply this function to all other btn-xs on
the page (maybe there are only two for now, but who knows
later?)
Fixed in this patch
12. Important: When a note is updated, it's still marked as
seen. Is it the expected behavior?
I don't see this behaviour. When a note is updated it is
marked as not seen.
opav/svc/checkout_notes:79: $issue->set({ notedate =>
dt_from_string(), note => $clean_note, noteseen => 0
})->store;
13. What will happen when hundred of notes will be on this
table? Not blocker but we will need a "hide seen" buttons to
filters the already seen notes.
Added in this patch
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a user permission for managing issue notes, and a 'noteseen'
column to the issues table.
To test:
1) Apply Bug 14224 first
2) Apply this patch, update database, rebuild schema.
3) Restart koha-common and memcached
4) Turn on AllowCheckoutNotes syspref if haven't already
5) Issue two items to two different users (one item each)
6) Log into the OPAC as one of the users and add an issue note to their
issue
7) Log out and log back into the OPAC as the other user
8) Disable Javascript
9) Refresh opac-user.pl
10) Leave a checkout note on their issue
11) Enable javascript and log into the Staff Client as a superlibrarian
user
12) Go to your user's account and edit their permissions to have
everything ticked EXCEPT circulate->manage checkout notes.
13) Go to main intranet page. There should be no message saying
'checkout notes pending'.
14) Go to circulation home page. There should be no link to Checkout notes.
15) Go back to user's permissions and tick circulate->manage checkout notes.
16) Go back to main intranet page. There should now be a message at the
bottom saying 'Checkout notes pending: 2'
17) Go to circulation home page. There should be a link to Checkout notes
with a 2 next to it. Click this link
18) Attempt to mark an checkout note as seen. This should update the status
of the checkout note to 'seen' and disable to 'mark as seen' button while
enabling the 'mark as not seen' button.
19) Test both buttons with both issues.
20) Test select all and clear all buttons
21) Confirm that buttons at the bottom are only enabled if a checkbox is
checked
22) Try selecting both issues and using the buttons at the bottom to
mark multiple issue notes at once.
23) Confirm the barcode link to the item works as expected.
24) Confirm the cardnumber link to the user works as expected.
25) Confirm all table details show correctly.
Sponsored-by: Catalyst IT
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Remove self-checkout permissions
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The intranet-bottom.inc has the closing div, just deleted
the last one.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This puts similar old text into tool tips for the overdues.
Hover over the overdues, and the tool tips should appear and
be similar to what the text was before.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Further revisions, compromise.
- 4 columns to three
- offline circulation demoted to below the intranet homepage preference,
and no buttons, due to its relative lack of everyday use.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This follow-up makes some suggestions about how to push this further:
- Put content in four columns which reduces to two on smaller screens
- Adjust font size of large links
- Move Offline Circulation links into its own column
- Add image icons to the Firefox extension and Windows application
download links
- Improve indentation in template
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
do note, I don't actually mind if these aren't the changes eventually accepted. I just know it needs doing and starting it will hopefully get some gears turning.
To test:
Click all the links and check they work.
Do you like the styling? it's different. :)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates two single-column circulation templates to
use the Bootstrap grid.
- circulation-home.tt - Circulation home page. This patch corrects what
appears to have been a long-broken three-column layout.
- article-requests.tt - Article requests list. Turn on the
ArticleRequests system preference if necessary. Go to Circulation ->
Article requests.
Each of these pages should look correct, with a single centered column
with wide margins on either side. At lower browser widths the margins
should disappear.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We should do the same for the other check (FA exists), but cannot find a
good and quick way to implement.
Doing it this way will avoid regression later, we will no have to check
if the variable is correctly passed to the template.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Those 2 prefs can be independent and it does not make sense to consider
AutoLocation only if IndependentBranches is set.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jennifer Schmidt <jschmidt@switchinc.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes an extra closing quote left behind by the changes
made in Bug 15640.
This patch also corrects the case of the "Circulation reports"
heading. (See coding guideline HTML4).
To test, apply the patch and go to the circulation home page. Validate
the page's HTML and confirm that there are no errors.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
To test:
1 - Apply patch
2 - run updatedatabase.pl
3 - Add some html to the two new prefs IntranetReportsHomeHTML and
IntranetCirculationHomeHTML
4 - View the reports and circulation homepages and confirm your changes
show
Sponsored by Northeast Kansas Library System, NEKLS (http://nekls.org/)
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
To test:
Go to Circulation and ensure there are no titles on hover over the links
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch removes stats.pl and stats.tt from system.
To test:
- Verify that both files are not used and that the only reference in
koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation-home.tt
is commented out.
- Apply patch
- Verify that the files are deleted and the reference is removed.
- git grep 'stats.pl', verify that there are no more references to
this file.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
See the following commit for more info on this script:
commit 60105bd692
Date: Tue Jul 8 20:02:34 2008 -0500
fix for 2008: Daily reconciliation report broken
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch updates the link on the main circulation
page to point to the newest release of the offline
circulation tool.
To test:
* Go to Circulation
* Click 'Get desktop application'
* Confirm the link goes to github
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Link Ok
No errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Changes page name to "Pending on-site checkouts" as
agreed during the hackfest.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- move h4 to h1
- Make the link on the circ home page depending on the pref
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The circulation page has a new entry: a link to a list of the pending
in-house use.
Bug 10860 introduces a new way for managing in-house uses.
This patch adds a new page (from the circulation home page) to list all
pending in-house uses.
Test plan:
Go on the circulation home page and click on the in-house use link.
Verify all your in-house uses are listed and information are consistent.
Bug 11201: Display lib instead of AV code
This patch assumes that items.location is linked the the LOC
authorised values.
Signed-off-by: Nicole <nicole@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds a renewal tool that functions similar to the returns where a
librarian can continuously scan items for renewal. This script blocks
renewals that are impossible, and allow the same renewal overrides
as circulation.pl
Test plan:
1) Apply the patches for bug 8798
2) Apply this patch
3) Browse to /cgi-bin/koha/circ/renew.pl
4) Enter an invalid barcode, you should get an error message
5) Enter a valid, but not checked out barcode, you should get an error
message.
6) Enter a valid barcode that is checkout out and should be renewable,
you should get a success message.
7) Enable AllowRenewalLimitOverride
8) Enter a barcode for an item that has been renewed too many times
9) You should get a warning which you can override.
10) Disable AllowRenewalLimitOverride
11) Repeat steap 8
12) You should get a blocking error message
11) Enter a barcode for an item with unfilled holds on it,
you should get an overridable warning
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Passes all tests and QA script, some issues have been
addressed in follow-ups.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds an HTML5-based offline mode to Koha's existing
circulation module, allowing librarians to check out items using a
basically familiar interface. The feature will be implemented using
the Application Cache and IndexedDB features of the HTML5 specification,
both of which are fully supported on Firefox 10+ and Chrome 23+, with
limited support going back to Firefox 4 and Chrome 11. The basic
workflow enabled by this patch is as follows:
Part 1: While connected to the Internet
1. Enable offline functionality by turning on the
"AllowOfflineCirculation" system preference.
2. Sync the offline circulation database on the computer that will be
used for offline circulation by following the "Offline circulation
interface" link on the Circulation home page, choosing "Synchronize (must be online)",
and clicking the "Download records" button. This process may take a while.
3. Bookmark /cgi-bin/koha/circ/offline.pl (the page you are currently
on) for easy access when offline.
Part 2: While disconnected from the Internet
4. Navigate to /cgi-bin/koha/circ/offline.pl using the bookmark you
created while online.
5. Start checking books in by scanning the barcode of an item that has
been returned into the box in the "Check in" tab.
6. Scan the barcodes of any additional items that have been returned.
7. Start checking out books to a patron by scanning the patron's barcode
in the box in the "Check out" tab.
8. Set a due date (the "Remember for session" box will be checked by
default, since circulation rules are not computed during offline
transactions and therefore a due date must be specified by the
librarian).
9. Scan an item barcode (if you did not set a due date, it will prompt
you) to check the item out to the patron.
10. If a patron has a fine you can see the total amount (current to when
the offline module was synced), and record a payment. Unlike when in
online mode, there will be no breakdown of what item(s) fines are
for, and you will only be able to record the payment amount and not
associate it with a particular item.
Part 3: While connected to the Internet
11. Click the "Synchronize" link and choose "Upload transactions" to
upload the transactions recorded during the offline circulation
session.
12. Navigate to /cgi-bin/koha/offline_circ/list.pl (there will be a
link from the Offline circulation page) and review the
transactions, as described in the documentation for the Firefox
Offline circulation plugin:
http://wiki.koha-community.org/wiki/Offline_circulation_firefox_plugin
RM note: the IndexedDB jQuery plugin bundled with this patch is
copyright 2012 by Parashuram Narasimhan and other contributors and is
licensed under the MIT license. The home page for the plugin is
http://nparashuram.com/jquery-indexeddb/.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works very well, no koha-qa errors
Test with Firefox 24.0
1) did some checkouts pre sync
2) synchronize database (Download)
3) go offline
4) Proceed to checkin some items from patron
5) Proceed to checkout items to patrons, setting date
6) Proceed to checkout to expired patron, warning appears
7) go online
8) Upload records
9) go to review transacctions and proceed
10) verified on patrons that checkin/out are done
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Test Plan:
1) Enable IndependantBranches
2) Apply this patch
3) Run updatedatabase.pl
4) Verify that the system preference still functions correctly
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The primary advantage to the Firefox offline cirulation plugin when compared
to the offline circulation desktop application, is the ability to add offline
circulation actions to a queue so that multiple machines running offline
circ can have their circ actions combined and ordered chronologically before
being executed. This commit adds the ability to put actions from uploaded
KOC files into this queue. In this way, both the FF plugina and the desktop
application can be run side by side with no ill effects.
Signed-off-by: Bob Birchall <bob@calyx.net.au>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch adds a new user permission overdues_report for the circulation module, and requires this permission to run the overdue items
report, rather than requiring full reports permissions.
Test plan :
With a user with permissions circulate_remaining_permissions :
- Add overdues_report permission to user
- Go to circulation home
=> you see "Overdues" link
- Clik on it
=> you are allowed to access and use this page
- Remove overdues_report permission to user
- Go to circulation home
=> you do not see "Overdues" link
- Edit URL : <server>/cgi-bin/koha/circ/overdue.pl
=> you are not allowed to access this page
- Go to main page
=> you don't have access to reports module
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolyn SOMERS <fridolyn.somers@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
The transfer page is only useful when the system
preference "IndependantBranches" is Off of when the user
is a superlibrarian. Otherwise it can be hidden.
Signed-off-by: Melia Meggs <melia@test.bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests and perlcritic pass.
TEST PLAN :
It's about testing the display of the "Transfer" link on "circulation-home.pl".
The link needs to appear if IndependantBranches is off or if the user is a superlibrarian.
1) IndependantBranches = Off, user is superlibrarian : link appears
2) IndependantBranches = Off, user is not superlibrarian : link appears
3) IndependantBranches = On, user is superlibrarian : link appears
4) IndependantBranches = On, user is not superlibrarian : link does not appear
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Along with making the URL a hyperlink I removed the language
part of the URL ("/fr/"). The link correctly redirects to 'en'
for me. I'm curious whether it will for other languages.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Link works and redirects to my language (english).
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
(Redirects to fr if your browser is FR)
- Scripts are currently not linked from anywhere in the templates
- Functionality can also be achieved with a custom report
- There are unresolved problems with the sql in the existig scripts
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Offline circ : You now can upload all offline files from the Firefox extension.
Once all circ desks have uploaded the file, the librarian can apply all of them, sorted by date.
This avoid the problem of someone issuing an item on desk A, returning it on desk B.
Before this improvement, if desk B uploaded the file before A, the return was applied before the issue,
resulting in the items reamining issued.
Signed-off-by: Sophie Meynieux <sophie.meynieux@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Original fix included a change for offline circ that depended
on a fix for another bug. This patch adds only the permission
for the overdues report and is formatted for TT.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
