Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/opac/opac-shareshelf.pl
Mark Tompsett 1651cf70d1 Bug 5010: Fix OPACBaseURL to include protocol 
First, it is strongly recommended to set the OPACBaseURL. But
this patch allows the inclusion of the protocol and not just
a site.

Next, C4/Auth now puts OPACBaseURL into the template parameters
regardless of OPAC or Staff clients.  t/db_dependent/Auth.t was
tweaked to add a check for confirming that get_template_and_user
adds OPACBaseURL to both OPAC and Staff templates.

In the staff client, once the OPACBaseURL is set, you get a nice
OPAC View link when viewing a biblio's detail. It should reflect
the protocol used now.

Hard coded 'http://' strings were removed from the
sample_notices.sql files. This is what required also updating
the letters table in the updatedatabase.pl script.

The explanation text in the sysprefs.sql needed updating too to
reflect the inclusion of the protocol. And this was the other
update done in the updatedatabase.pl script. The opac.pref file
was similarly changed as well.

catalogue/detail.pl had no need to pass a custom OpacUrl value,
since C4/Auth passes the required OPACBaseURL, so it and the
corresponding template were modified.

Both the MARC21 and NORMARC intranet details files had 'http://'
hard coded in them. This was removed.

Both the bootstrap and prog theme opac-detail template had a
protocol parameter that was used. The logic for the parameter
was not removed, because it is used extensively in one template.
Perhaps it should be used to simplify the other. However, the
calculated current_url parameter had references to the protocol
removed, because of the changes to OPACBaseURL.

opac/opac-shareshelf.pl had a hard coded 'http://' which was
removed.

t/db_dependent/Auth_with_cas.t had 'http://' added to the value
set for OPACBaseURL.

In virtualshelves/sendshelf.pl explicit code which sent the
OPACBaseURL preference was removed, since C4/Auth sends it all
the time now.

C4::Context::set_preference was tweaked to ensure that
OPACBaseURL would always start with http.
t/db_dependent/Context.t was tweaked to specifically test this.

The Shibboleth authentication needs OPACBaseURL set, and that
it be https protocol. The _get_uri routine was tweaked to always
pass back https:// as the protocol on the OPACBaseURL.
t/Auth_with_shibboleth.t was tweaked to specifically test the
changes.

TEST PLAN
---------
This is not an easy patch to test. Difficulties include:
- configuring Koha to run under https
    (tweaking apache2 isn't so hard, just tricky)
- configuring Koha to run OPAC and Staff with Plak
    (since code with comments about plak were sliced out)
- configuring Koha to use CAS
    (may be requires for the CAS test)

 1) Apply patch
 2) Make sure OPACBaseURL is set without the protocol included.

UPDATEDATABASE
 3) back up your DB
 4) ./installer/data/mysql/updatedatabase.pl
    -- It should run without errors.
 5) Look up the OPACBaseURL system preference in the staff
    client
    -- It should have http:// prepended.
 6) Run the mysqlclient from your koha git directory
      USE koha_library;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- There should be no prepended http:// on the
       <<OPACBaseURL>>.
 7) restore your DB
 8) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

AUTH
 9) Call up staff client.
10) Call up OPAC.
    -- C4/Auth.pm doesn't barf.
11) Call up Plack staff client
12) Call up Plack OPAC.
    -- C4/Auth.pm doesn't barf.
13) prove -v t/db_dependent/Auth.t

CONTEXT
14) Home -> Koha administration -> Global System Preferences
         -> OPAC
15) Modify and save OPACBaseURL to not have http:// or https://
    on it.
    -- It should be modified to include http://
16) Modify and save another system preference.
    -- It should save normally
17) prove -v t/db_dependent/Context.t

CATALOGUE/DETAIL (tt & pl)
18) Confirm the OPACBaseURL is set
19) Navigate to any biblio details in the staff client
    -- There should be a "OPAC view" link which has the
       correct http:// or https:// in it.

SQL (sample notices and sysprefs)
20) Run the mysqlclient from your koha git directory
      USE koha_library;
      DELETE FROM letter;
      source installer/data/mysql/de-DE/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/en/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/es-ES/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/it-IT/necessari/notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/pl-PL/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/ru-RU/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/uk-UA/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- Each of the selects should should lines that have
       <<OPACBaseURL>> starting them, but no hard-coded http://
      DELETE FROM systempreferences;
      source installer/data/mysql/sysprefs.sql;
      SELECT * FROM systempreferences WHERE variable='OPACBaseURL';
    -- The explanation should reflect the new explanation.
      QUIT
21) restore your DB
22) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

SLIM2INTRANETDETAIL
23) Set 'XSLTDetailsDisplay' system preference to default.
24) Set 'marcflavour' system preference to MARC21.
25) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://
26) Set 'marcflavour' system preference to NORMARC.
27) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://

OPAC-DETAIL
28) Set 'opacthemes' to bootstrap.
29) Set 'SocialNetworks' to enabled.
30) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.
31) Set 'opacthemes' to prog.
32) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.

AUTH_WITH_CAS
33) prove -v t/db_dependent/Auth_with_cas.t

OPAC-SHARESHELF
34) Set 'OpacAllowSharingPrivateLists' to allow.
35) In OPAC, 'Save to Lists' a search result.
36) Save it to a new private list.
37) Click the Lists button, and select the new list.
38) Click the Share button.

AUTH_WITH_SHIBBOLETH
39) prove -v t/Auth_with_shibboleth.t
    -- needs to be tests on Debian, because I can't get
       the Test::DBIx::Class installed in Ubuntu. :(

Rebased again on kohadevbox...

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 10:00:04 -03:00

319 lines
9.1 KiB
Perl
Executable file
Raw Blame History

#!/usr/bin/perl
# Copyright 2013 Rijksmuseum
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use constant KEYLENGTH => 10;
use constant TEMPLATE_NAME => 'opac-shareshelf.tt';
use constant SHELVES_URL =>
'/cgi-bin/koha/opac-shelves.pl?display=privateshelves&viewshelf=';
use CGI qw ( -utf8 );
use Email::Valid;
use C4::Auth;
use C4::Context;
use C4::Letters;
use C4::Members ();
use C4::Output;
use C4::VirtualShelves;
#-------------------------------------------------------------------------------
my $pvar = _init( {} );
if ( !$pvar->{errcode} ) {
show_invite($pvar) if $pvar->{op} eq 'invite';
confirm_invite($pvar) if $pvar->{op} eq 'conf_invite';
show_accept($pvar) if $pvar->{op} eq 'accept';
}
load_template_vars($pvar);
output_html_with_http_headers $pvar->{query}, $pvar->{cookie},
$pvar->{template}->output;
#-------------------------------------------------------------------------------
sub _init {
my ($param) = @_;
my $query = new CGI;
$param->{query} = $query;
$param->{shelfnumber} = $query->param('shelfnumber') || 0;
$param->{op} = $query->param('op') || '';
$param->{addrlist} = $query->param('invite_address') || '';
$param->{key} = $query->param('key') || '';
$param->{appr_addr} = [];
$param->{fail_addr} = [];
$param->{errcode} = check_common_errors($param);
# trim email address
if ( $param->{addrlist} ) {
$param->{addrlist} =~ s|^\s+||;
$param->{addrlist} =~ s|\s+$||;
}
#get some list details
my @temp;
@temp = GetShelf( $param->{shelfnumber} ) if !$param->{errcode};
$param->{shelfname} = @temp ? $temp[1] : '';
$param->{owner} = @temp ? $temp[2] : -1;
$param->{category} = @temp ? $temp[3] : -1;
load_template($param);
return $param;
}
sub check_common_errors {
my ($param) = @_;
if ( $param->{op} !~ /^(invite|conf_invite|accept)$/ ) {
return 1; #no operation specified
}
if ( $param->{shelfnumber} !~ /^\d+$/ ) {
return 2; #invalid shelf number
}
if ( !C4::Context->preference('OpacAllowSharingPrivateLists') ) {
return 3; #not or no longer allowed?
}
return;
}
sub show_invite {
my ($param) = @_;
return unless check_owner_category($param);
}
sub confirm_invite {
my ($param) = @_;
return unless check_owner_category($param);
process_addrlist($param);
if ( @{ $param->{appr_addr} } ) {
send_invitekey($param);
}
else {
$param->{errcode} = 6; #not one valid address
}
}
sub show_accept {
my ($param) = @_;
my @rv = ShelfPossibleAction( $param->{loggedinuser},
$param->{shelfnumber}, 'acceptshare' );
$param->{errcode} = $rv[1] if !$rv[0];
return if $param->{errcode};
#errorcode 5: should be private list
#errorcode 8: should not be owner
my $dbkey = keytostring( stringtokey( $param->{key}, 0 ), 1 );
if ( AcceptShare( $param->{shelfnumber}, $dbkey, $param->{loggedinuser} ) )
{
notify_owner($param);
#redirect to view of this shared list
print $param->{query}->redirect(
-uri => SHELVES_URL . $param->{shelfnumber},
-cookie => $param->{cookie}
);
exit;
}
else {
$param->{errcode} = 7; #not accepted (key not found or expired)
}
}
sub notify_owner {
my ($param) = @_;
my $toaddr = C4::Members::GetNoticeEmailAddress( $param->{owner} );
return if !$toaddr;
#prepare letter
my $letter = C4::Letters::GetPreparedLetter(
module => 'members',
letter_code => 'SHARE_ACCEPT',
branchcode => C4::Context->userenv->{"branch"},
tables => { borrowers => $param->{loggedinuser}, },
substitute => { listname => $param->{shelfname}, },
);
#send letter to queue
C4::Letters::EnqueueLetter(
{
letter => $letter,
message_transport_type => 'email',
from_address => C4::Context->preference('KohaAdminEmailAddress'),
to_address => $toaddr,
}
);
}
sub process_addrlist {
my ($param) = @_;
my @temp = split /[,:;]/, $param->{addrlist};
my @appr_addr;
my @fail_addr;
foreach my $a (@temp) {
$a =~ s/^\s+//;
$a =~ s/\s+$//;
if ( IsEmailAddress($a) ) {
push @appr_addr, $a;
}
else {
push @fail_addr, $a;
}
}
$param->{appr_addr} = \@appr_addr;
$param->{fail_addr} = \@fail_addr;
}
sub send_invitekey {
my ($param) = @_;
my $fromaddr = C4::Context->preference('KohaAdminEmailAddress');
my $url =
C4::Context->preference('OPACBaseURL')
. "/cgi-bin/koha/opac-shareshelf.pl?shelfnumber="
. $param->{shelfnumber}
. "&op=accept&key=";
#TODO Waiting for the right http or https solution (BZ 8952 a.o.)
my @ok; #the addresses that were processed well
foreach my $a ( @{ $param->{appr_addr} } ) {
my @newkey = randomlist( KEYLENGTH, 64 ); #generate a new key
#add a preliminary share record
if ( !AddShare( $param->{shelfnumber}, keytostring( \@newkey, 1 ) ) ) {
push @{ $param->{fail_addr} }, $a;
next;
}
push @ok, $a;
#prepare letter
my $letter = C4::Letters::GetPreparedLetter(
module => 'members',
letter_code => 'SHARE_INVITE',
branchcode => C4::Context->userenv->{"branch"},
tables => { borrowers => $param->{loggedinuser}, },
substitute => {
listname => $param->{shelfname},
shareurl => $url . keytostring( \@newkey, 0 ),
},
);
#send letter to queue
C4::Letters::EnqueueLetter(
{
letter => $letter,
message_transport_type => 'email',
from_address => $fromaddr,
to_address => $a,
}
);
}
$param->{appr_addr} = \@ok;
}
sub check_owner_category {
my ($param) = @_;
#sharing user should be the owner
#list should be private
$param->{errcode} = 4 if $param->{owner} != $param->{loggedinuser};
$param->{errcode} = 5 if !$param->{errcode} && $param->{category} != 1;
return !defined $param->{errcode};
}
sub load_template {
my ($param) = @_;
( $param->{template}, $param->{loggedinuser}, $param->{cookie} ) =
get_template_and_user(
{
template_name => TEMPLATE_NAME,
query => $param->{query},
type => "opac",
authnotrequired => 0, #should be a user
}
);
}
sub load_template_vars {
my ($param) = @_;
my $template = $param->{template};
my $appr = join '; ', @{ $param->{appr_addr} };
my $fail = join '; ', @{ $param->{fail_addr} };
$template->param(
errcode => $param->{errcode},
op => $param->{op},
shelfnumber => $param->{shelfnumber},
shelfname => $param->{shelfname},
approvedaddress => $appr,
failaddress => $fail,
);
}
sub IsEmailAddress {
#TODO candidate for a module?
return Email::Valid->address( $_[0] ) ? 1 : 0;
}
sub randomlist {
#uses rand, safe enough for this application but not for more sensitive data
my ( $length, $base ) = @_;
return map { int( rand($base) ); } 1 .. $length;
}
sub keytostring {
my ( $keyref, $flgBase64 ) = @_;
if ($flgBase64) {
my $alphabet = [ 'A' .. 'Z', 'a' .. 'z', 0 .. 9, '+', '/' ];
return join '', map { alphabet_char( $_, $alphabet ); } @$keyref;
}
return join '', map { sprintf( "%02d", $_ ); } @$keyref;
}
sub stringtokey {
my ( $str, $flgBase64 ) = @_;
my @temp = split '', $str || '';
if ($flgBase64) {
my $alphabet = [ 'A' .. 'Z', 'a' .. 'z', 0 .. 9, '+', '/' ];
return [ map { alphabet_ordinal( $_, $alphabet ); } @temp ];
}
return [] if $str !~ /^\d+$/;
my @retval;
for ( my $i = 0 ; $i < @temp - 1 ; $i += 2 ) {
push @retval, $temp[$i] * 10 + $temp[ $i + 1 ];
}
return \@retval;
}
sub alphabet_ordinal {
my ( $char, $alphabet ) = @_;
for my $ord ( 0 .. $#$alphabet ) {
return $ord if $char eq $alphabet->[$ord];
}
return ''; #ignore missing chars
}
sub alphabet_char {
#reverse operation for ordinal; ignore invalid numbers
my ( $num, $alphabet ) = @_;
return $num =~ /^\d+$/ && $num <= $#$alphabet ? $alphabet->[$num] : '';
}
View git blame Copy permalink