The svc/members/search script is called in different places.
In some places (Set owner for a fund, add users to a fund, or set a
manager to a suggestion), we need patrons to be filtered depending on
the permissions they have.
For instance you can only set a fund's owner with a patron that has
acquisition.order_manage.
Currently we have fetching X (default 20) patrons, then filter them
depending on their permission.
Says you have 3 patrons that have the correct permissions but are not in
the 20 first patrons, if you do not define a search term, the search
result will be empty.
This is not ideal and we should filter when requesting the DB.
Test plan:
- Have more than 20 patrons, remove them their permissions
- Create 3 more:
1 superlibrarian
1 with the full acq permission
1 with acquisition.order_manage
- Create a fund and set a owner
- Search for patrons, without specifying a search term (to get them all)
=> Without this patch the new patrons you created are not displayed
=> With this patch they are!
Same test plan apply to set a manager to a suggestion (freshly pushed,
see bug 23590), with suggestions and suggestions.suggestions_manage
Note: The code has been written that way to rely on
C4::Auth::haspermission, but the SQL query is quite trivial and the gain
is important.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The svc/members/search script can be used to retrieve patrons with a
specific permission. This feature is only used once, to link patrons to
funds.
The code in the script is duplicated from what we have in
C4::Auth::haspermission, and it makes sense to clean it.
Test plan:
Create a fund and add users to this fund.
When you search for users you must only have a list of patrons with the
acquisition.order_manage permission.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works as described. No errors
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 9978 should have fixed them all, but some were missing.
We want all the license statements part of Koha to be identical, and
using the GPLv3 statement.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This script used to pass 'undef' to haspermission, this patch restores
that behaviour.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Before bug 22031 the haspermission subroutine signature allowed for
passing 'undef' to mean 'any permission' in $flagsrequired. This feels
like a mistake and was only in practical use in two places in the
codebase.
This patch explicitly forbids this practice (`*` may be used to the same
result and is more explicit in it's nature) and replaces the two
instances of it's use.
Test Plan
1. Before this patch, the API tests are all failing with authentication
errors
2. After this patch the API tests should now all pass.
3. t/db_dependent/Auth/haspermission.t should continue to pass (with one
addition subtest added herin)
3. /svc/members/search is not unit tested. Please check that patron
searching still yields results in the UI after this patch.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your group.
Technical note:
Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
That meant
borrowers => 1
and
borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
GetMember returned a patron given a borrowernumber, cardnumber or
userid.
All of these 3 attributes are defined as a unique key at the DB level
and so we can use Koha::Patrons->find to replace this subroutine.
Additionaly GetMember set category_type and description.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Prevent internal software error when searching patron with invalid birth date
To reproduce:
- Go to Home > Patron
- Expand patron search (click on + at the left of the search button)
- In drop down 'Search fields', select 'Date of birth'
- Enter a valid date (e.g. 11.02.1995 if syspref 'dateformat' is set to dmydot)
Result: Search works OK
- Enter an invalid date, e.g. 11.02 or abcd...
Result: Internal server error
- Do a patron search with many results
- Use filter on results screen, select 'Date of birth' as search field and
enter an invalid date to search (e.g. 'a')
Result: Endless message 'Processing'
To test:
- Apply patch
- Repeat steps above
- In both cases, you should get "No results"
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Lucio Moraes <lmoraes@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes it possible to search for users using the username (userid / login name).
To test:
- Apply patch
- Do searches from Home > Patrons
- Search after a full username or parts of a username with Search fields = Standard and Search fields = Userid
- Perform the searches from the top bar (expand with [+]) and from the "Filters" part at the left
- Make sure that other searches behave as before
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This first patch remove the previous way to search for users to link to
budgets.
Test plan:
1/ Edit or create a fund
2/ Edit the owner of this fund a select a patron
3/ Add 1+ users to the user lists of this fund
Tested together with other patches.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Before this enh, the users to add to a basket should have the
acquisition.order_manage permission.
This patch reintroduces this behavior.
The code in acqui/add_user_search.pl was never used. The filter should
be done in the members/search service.
But it is not possible easily to filter using a sql query, so the filter
is done after. This means that we cannot use the DT pagination
(otherwise the results will become inconsistent).
Test plan:
1/ On adding patrons to a basket, verify that the search patron results contain
patron with the acquisition.order_manage permission.
2/ Verify that all patrons are return on the 'normal' patron search and
when adding patrons to an order.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
A previous enhancement allows to link basket with patrons.
Next patches will use the same way to link order with patrons.
In order to avoir c/p of code, this patch refactores this part of code.
Test plan:
1/ Verify there is no regression on adding/modifying users to a basket.
(acqui/basket.pl?basketno=XXX, "Managed by", "Add user").
2/ Note that you get a friendly message if the user is already present in the
list and when the user has correctly been added to the list.
3/ Note that the list uses the member search service (ie. DataTable +
serverside processing).
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 12833 allows to find a patron with his cardnumber.
But this won't never append if the firstletter parameter is given.
Actually the firstletter param is the only one to take into account if
it exists.
Test plan:
Search patrons by a first letter and verify that the feature is back.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
To reproduce the problem you need at least one borrower with a blank
cardnumber
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
works as descrobed, no problems found.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Before Bug 9811, the patron search searched on extended attributes.
This patch restore this behavior.
Test plan:
0/ Create a patron attribute PA
1/ Create a patron A (cardnumber CNA) with PA="foo"
2/ Create a patron B (cardnumber CNB) with PA="foo bar"
3/ Search for CNA should redirect on the patron detail page.
4/ Search for "foo" should display the search result with 2 results.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
'Searchable' patron attributes can now be searched for again.
Works as described, passes stests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To test:
Try searching by the date of birth using the left filter column. Good luck.
After applying this patch:
You can search using your preferred DateFormat.
Merci bocu
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch add DataTables using server-side processing for the patrons
search.
It adds:
- 1 module C4/Utils/DataTables/Members.pm
- 2 services svc/members/search and svc/members/add_to_list
- 1 template members/tables/members_results.tt
- 1 new practice which is to add template for DataTables in a
subdirectory named 'tables'.
Impacted scripts: members/members-home.pl and members/members.pl
To go further: We can imagine that all patrons searches use the same
service with no big changes: 1 little template creates a JSON file and
to implement DataTables on the template page, that's all.
Amended patch: Since bug 10565 has been pushed, these patches don't
apply cleanly. I had to rewrite a part of the patron list feature.
I removed the choice to add all resultant patrons from a search. I think
this choice is useless with this patch: we are able to display the
number of patrons we want and to select all of them.
Test plan:
- Check that there is no regression on searching patrons.
- Try filters on the left of the screen.
- Try to sort each column.
- Try the "Browse by last name" links.
- Check that the "Clear" button clears yours filters.
- Try with IndependantBranches ON and OFF.
- Verify this feature does not break the patron list feature (cf bug
10565).
Signed-off-by: Cedric Vita <cedric.vita@dracenie.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script, couldn't find any regressions
or problems. Some notes left on the bug.
Bug 9811: Add unit tests for C4::Utils::DT::Members
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Bug 9811: QA followup
- removes 2 tabs
- removes mysqlisms
- add sort on borrowernotes
- fix wrong capitalization
- cat => Category
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Thx for fixing these!
Bug 9811 - multilines notes brakes JSON
In new patron search feature, the search results are fetched using Ajax and returned in JSON format.
The JSON is created by TT using koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt.
One of the fields is the borrower notes. When this notes contains several lines, the JSON is broken.
This patch uses TT fileters to consert in notes linefeeds into HTML line break (html_line_break) and then remove linefeeds (collapse).
Test plan :
- perform a member search that does not return a borrower with a circ note
- edit one of the borrowers returned by this search
- enter serveral lines of text in "Circulation note" and save
- reperform the member search
=> circ note is well displayed on several lines
Bug 9811: use count(primary_key) instead of count(*)
Bug 9811: A limit clause should be always added.
By default, we want to retrieve 20 first results.
Bug 9811: Load the page without any data.
Displaying the first 20 patrons is not useful. With this patch, the
table is hidden and no record is retrieved by default.
On the same way, the existing side effect on redirect disappears.
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
-------------
-TEST REPORT-
-------------
For the filter: Tested all the search fields, branches, search type.
Found a bug with "date of birth", followup provided.
Tested display limits and verified that AJAX-queries are
efficient (using LIMIT clause) to not stress DB needlessly.
Tested adding Patrons to a list.
A good feature, which seems to work quite well.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Adding my test plan to the last patch of this bug.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>