Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/clubs/clubs.tt
Owen Leonard 59ff962caa Bug 26019: Koha should set SameSite attribute on cookies 
This patch modifies the way Koha sets cookies so that the "sameSite"
attribute is explicitly set to "Lax." This option is chosen because it
is the value which is currently assumed by browsers when the sameSite
attribute is not set.

To test, apply the patch and restart services.

- Log in to the staff interface and open your browser's developer tools.
  - In Firefox, look for a "Storage" tab.
  - In Chrome, look for an "Application" tab.
- Under "Cookies," click the URL of the staff interface.
- You should see all the cookies which are set for that domain.
- The CGISESSID cookie should have sameSite set to "Lax."

- Go to Cataloging -> New record.
  - Check the "marcdocs" and "marctags" cookies.
- Switch to the Advanced MARC editor (you may need to enable
  theEnableAdvancedCatalogingEditor preference).
  - Check the "catalogue_editor" cookie.
- Add a new item to an existing bibliographic record.
  - Check the "LastCreatedItem" cookie which is set after you save the
    new item.
- Go to Authorities -> Authority search.
  - In authority search results, click "Merge" from the "Actions" menu
    next to one of the results..
    - Check the "auth_to_merge" cookie.
- Go to Administration -> MARC bibliographic framework
  - Choose "MARC structure" from the menu corresponding to one of the
    frameworks.
  - Check the "Display only used tags/subfields" checkbox.
    - Check the "marctagstructure_selectdisplay" cookie.
- Go to Circulation -> Check out to a patron with checkouts.
  - Check the "Always show checkouts immediately" checkbox.
    - Check the "issues-table-load-immediately-circulation" cookie.
- Go to Tools -> Patron clubs. You will need at least one active club
  with one or more patrons enrolled.
  - From the list of clubs, click Actions -> Search to hold.
    - Check the "holdforclub" cookie.
- Go to Tools -> Batch item modification and submit a batch of items.
  - Uncheck one or more checkboxes in the "Show/hide columns" area.
    - Check the "showColumns" cookie.
- View a patron -> Search to hold.
  - Check the 'holdfor' cookie.
- With WebBasedSelfCheck enabled, log in to the self-checkout page.
  - Check the "JWT" cookie.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-13 15:55:38 +02:00

244 lines
10 KiB
Text
Raw Blame History

[% USE raw %]
[% USE Asset %]
[% USE KohaDates %]
[% USE Branches %]
[% USE Koha %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Patron clubs &rsaquo; Tools &rsaquo; Koha</title>
[% INCLUDE 'doc-head-close.inc' %]
</head>
<body id="clubs_clubs" class="clubs">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'cat-search.inc' %]
<nav id="breadcrumbs" aria-label="Breadcrumb" class="breadcrumb">
<ol>
<li>
<a href="/cgi-bin/koha/mainpage.pl">Home</a>
</li>
<li>
<a href="/cgi-bin/koha/tools/tools-home.pl">Tools</a>
</li>
<li>
<a href="#" aria-current="page">
Patron clubs
</a>
</li>
</ol>
</nav>
<div class="main container-fluid">
<div class="row">
<div class="col-sm-10 col-sm-push-2">
<main>
<h1>Patron clubs</h1>
[% IF club_template %]
<div class="dialog message">
[% IF stored == 'updated' %]
<p>Club template <em>[% club_template.name | html %]</em> was updated.</p>
[% ELSE %]
<p>Club template <em>[% club_template.name | html %]</em> was saved.</p>
[% END %]
</div>
[% ELSIF club %]
<div class="dialog message">
[% IF stored == 'updated' %]
<p>Club <em>[% club.name | html %]</em> was updated.</p>
[% ELSE %]
<p>Club <em>[% club.name | html %]</em> was saved.</p>
[% END %]
</div>
[% END %]
<h3>Club templates</h3>
[% IF CAN_user_clubs_edit_templates %]
<div class="btn-toolbar">
<div class="btn-group">
<a class="btn btn-default" href="templates-add-modify.pl"><i class="fa fa-plus"></i> New club template</a>
</div>
</div>
[% END %]
[% IF club_templates.count %]
<table id="club-templates-table">
<thead>
<tr>
<th>Name</th>
<th>Description</th>
<th>Public enrollment</th>
<th>Email required</th>
<th>Library</th>
<th class="noExport">Actions</th>
</tr>
</thead>
<tbody>
[% FOREACH t IN club_templates %]
<tr>
<td>[% t.name | html %]</td>
<td>[% t.description | html %]</td>
<td>
[% IF t.is_enrollable_from_opac %]
Yes
[% ELSE %]
No
[% END %]
</td>
<td>
[% IF t.is_email_required %]
Yes
[% ELSE %]
No
[% END %]
</td>
<td>[% Branches.GetName( t.branchcode ) | html %]</td>
<td class="actions">
[% IF CAN_user_clubs_edit_templates %]
<a class="btn btn-xs btn-default" style="white-space:nowrap" href="/cgi-bin/koha/clubs/templates-add-modify.pl?id=[% t.id | html %]">
<i class="fa fa-pencil"></i> Edit
</a>
<a class="btn btn-xs btn-default delete_template" href="#" data-id="[% t.id | html %]" data-name="[% t.name | html %]">
<i class="fa fa-trash"></i> Delete
</a>
[% END %]
</td>
</tr>
[% END %]
</tbody>
</table>
[% ELSE %]
<div class="dialog message">No club templates defined.</div>
[% END %]
<h3>Clubs</h3>
[% IF CAN_user_clubs_edit_clubs %]
<div class="btn-toolbar">
<div class="btn-group">
[% IF club_templates.count %]
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown"><i class="fa fa-plus"></i> New club <span class="caret"></span></button>
[% ELSE %]
<button disabled="disabled" class="btn btn-default dropdown-toggle" data-toggle="dropdown"><i class="fa fa-plus"></i> New club <span class="caret"></span></button>
[% END %]
<ul class="dropdown-menu">
[% FOREACH t IN club_templates %]
<li><a href="/cgi-bin/koha/clubs/clubs-add-modify.pl?club_template_id=[% t.id | uri %]">[% t.name | html %]</a></li>
[% END %]
</ul>
</div>
</div>
[% END %]
[% IF clubs.count %]
[% INCLUDE 'clubs-table.inc' %]
[% ELSE %]
[% IF club_templates.count %]
<div class="dialog message">No clubs defined.</div>
[% ELSE %]
<div class="dialog message">No clubs defined. A club template must be defined before a club can be defined.</div>
[% END %]
[% END %]
</main>
</div> <!-- /.col-sm-10.col-sm-push-2 -->
<div class="col-sm-2 col-sm-pull-10">
<aside>
[% INCLUDE 'tools-menu.inc' %]
</aside>
</div> <!-- /.col-sm-2.col-sm-pull-10 -->
</div> <!-- /.row -->
[% MACRO jsinclude BLOCK %]
[% INCLUDE 'datatables.inc' %]
[% Asset.js("js/tools-menu.js") | $raw %]
<script>
$(document).ready(function() {
tTable = $('#club-templates-table').dataTable($.extend(true, {}, dataTablesDefaults, {
"sPaginationType": "full",
"sDom": 'C<"top pager"ilpf><"#filter_c">tr<"bottom pager"ip>',
"aoColumnDefs": [
{ "aTargets": [ -1 ], "bSortable": false, "bSearchable": false },
]
} ));
cTable = $('#clubs-table').dataTable($.extend(true, {}, dataTablesDefaults, {
"sPaginationType": "full",
"sDom": 'C<"top pager"ilpf><"#filter_c">tr<"bottom pager"ip>',
"aoColumnDefs": [
{ "aTargets": [ -1 ], "bSortable": false, "bSearchable": false },
]
} ));
$("body").on("click", ".delete_club", function(e){
e.preventDefault();
var club_id = $(this).data("id");
var club_name = $(this).data("name");
ConfirmDeleteClub( club_id, club_name );
});
$("body").on("click", ".delete_template", function(e){
e.preventDefault();
var template_id = $(this).data("id");
var template_name = $(this).data("name");
ConfirmDeleteTemplate( template_id, template_name );
});
$("body").on("click", ".club_hold_search", function(e){
e.preventDefault;
var club_id = $(this).data("id");
SearchToHold( club_id );
});
});
function ConfirmDeleteTemplate( id, name ) {
if ( confirm( _("Are you sure you want to delete the club template %s? This will delete all clubs using this template and cancel patron enrollments" ).format(name) ) ) {
$.ajax({
type: "POST",
url: '/cgi-bin/koha/svc/club/template/delete',
data: { id: id },
success: function( data ) {
if ( data.success ) {
location.reload();
} else {
alert(_("Unable to delete template!"));
}
},
dataType: 'json'
});
}
}
function ConfirmDeleteClub( id, name ) {
if ( confirm( _("Are you sure you want to delete the club %s? This will cancel all patron enrollments in this club." ).format(name) ) ) {
$.ajax({
type: "POST",
url: '/cgi-bin/koha/svc/club/delete',
data: { id: id },
success: function( data ) {
if ( data.success ) {
location.reload();
} else {
alert(_("Unable to delete club!"));
}
},
dataType: 'json'
});
}
}
function SearchToHold(club_id) {
var date = new Date();
date.setTime(date.getTime() + (10 * 60 * 1000));
Cookies.set("holdforclub", club_id, { path: "/", expires: date, sameSite: 'Lax' });
location.href="/cgi-bin/koha/catalogue/search.pl";
}
</script>
[% END %]
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink