Jonathan Druart [Wed, 28 Aug 2024 10:18:06 +0000 (12:18 +0200)]
Bug 37720: Prevent XSS in label creator
Because labels/label-edit-batch.pl fills a DataTable with things that include
a link created by C4/Creators/Lib.pm, it outputs them with the $raw filter,
so HTML in author/title/callnumber is executed in the label batch editor.
While we wait for a fix that moves the link creation into the template and
out of C4, encoding HTML in Lib.pm for the bits going into the link, and
switching from $raw to the html filter for the rest of the things, will at
least get rid of the XSS.
Test plan:
1. Without this patch, but with the patch from bug 37654 so you don't get
alert()s in batch import, download attachment 170675 [details]
2. Cataloging - Stage records for import - browse to the downloaded file -
Upload file - when the upload finishes Stage for import - when staging
finishes View batch (get alert()s if you didn't apply bug 37654) - Import
this batch into the catalog
3. Once the import finishes, Cataloging - Manage staged records
4. In the row for your import, in the # Items column, click "(Create label
batch)"
5. In the "Label batch #n created" message, click the link to the batch #
6. Because the batch includes a call number with an open <script>, you'll
get XSS alert()s and then one about something going wrong while loading
the table, with only one of the two records showing in the batch editor
7. Apply patch, restart_all
8. Cataloging - Label creator - Manage Label batches
9. In the row for your batch, click Edit
10. You will see both labels, with their attempts at XSS visible as text
rather than being interpreted as HTML
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
David Cook [Tue, 20 Aug 2024 00:54:38 +0000 (00:54 +0000)]
Bug 37681: Fix XSS in staff interface item URLs on detail page
This patch uses Javascript objects and safe sinks to prevent XSS
in the item URLs on the staff interface detail page.
It also makes sure those URLs don't get double-escaped. Yippee!
Test plan:
0. Apply the patch
1. Add/edit an item with the following URL:
http://prosentient.com.au?q=http%3A%2F%2Fprosentient.com.au
2. Add/edit a different item with the following URLs:
http://prosentient.com.au?q=http%3A%2F%2Fprosentient.com.au |
http://prosentient.com.au?q=http%3A%2F%2Fprosentient.com.au
3. Go to the staff interface detail page
4. Notice that the URLs are not double-encoded!
5. Try out a malicious payload (talk to QA/security about this)
6. Confirm that the malicious payload fails to execute the XSS
7. Celebrate!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Julian Maurice [Tue, 14 May 2024 07:34:31 +0000 (09:34 +0200)]
Bug 36598: Add comments asking to keep both CSRF checks in sync
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Julian Maurice [Tue, 14 May 2024 07:15:50 +0000 (09:15 +0200)]
Bug 36598: Prevent use of unsafe HTTP method with non-cud op parameter
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Julian Maurice [Mon, 13 May 2024 13:06:04 +0000 (15:06 +0200)]
Bug 36598: Improve documentation and error message in CSRF plugin
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Julian Maurice [Fri, 3 May 2024 07:17:37 +0000 (09:17 +0200)]
Bug 36598: Fix CSRF header name (underscore -> hyphen)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Julian Maurice [Mon, 15 Apr 2024 07:08:48 +0000 (09:08 +0200)]
Bug 36598: Prohibit CUD operations with safe HTTP methods (GET/HEAD/...)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Julian Maurice [Fri, 12 Apr 2024 13:08:17 +0000 (15:08 +0200)]
Bug 36598: Enable CSRF protection for Mojolicious apps
Test plan:
1. Run bin/opac daemon -l http://*:3001/
2. Go to http://localhost:3001/cgi-bin/koha/opac-user.pl
3. With browser devtools, locate csrf_token hidden input within the
login form and remove it or modify it
4. Try to submit the form with correct credentials, it should fail
("Wrong CSRF token")
5. Reload the page, try to log in normally without modifying the DOM, it
should succeed
6. Run bin/intranet daemon -l http://*:3002/
7. Go to http://localhost:3002/cgi-bin/koha/mainpage.pl
8. With browser devtools, locate csrf_token hidden input within the
login form and remove it or modify it
9. Try to submit the form with correct credentials, it should fail
("Wrong CSRF token")
10. Reload the page, try to log in normally without modifying the DOM,
it should succeed
11. Run prove t/db_dependent/mojo/csrf.t
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Fri, 16 Aug 2024 02:57:42 +0000 (19:57 -0700)]
Bug 37654: XSS in Batch record import for Citation column
Viewing a staged MARC record batch loads a DataTable from
/tools/batch_records_ajax.pl, and both batch_records_ajax.pl and the
DataTable just trust the author/title/isbn/issn to be free of HTML. They
shouldn't.
Test plan:
1. Without this patch applied, download attachment 170418, then Cataloging
- Stage records for import - Select the downloaded file - Upload file -
Stage for import
2. When the background job completes, View batch - you'll get three alert()s
from the title, author, and ISSN, and the author and ISSN displayed huge
3. Apply patch, restart_all
4. Manage staged records - click HTMLescapingimporttestrecord.mrc - get zero
alerts and no <h2> display
Sponsored-by: Chetco Community Public Library Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Fri, 16 Aug 2024 04:22:12 +0000 (21:22 -0700)]
Bug 37656: XSS in Advanced editor from Z39.50 search results
The Advanced editor inserts data from Z39.50 results into the search results
page without escaping HTML. Whether it's German records with "<<A>> Title"
or someone with a compromised catalog or a book with the title "<em> for
emphasis" it shouldn't.
Test plan:
1. Not a dependency, but you'll avoid getting even more alerts while batch
importing by starting with the patch from bug 37654
2. Without this patch applied, download attachment 170421
3. Administration - set the preference EnableAdvancedCatalogingEditor to
Enable
4. Cataloging - Stage records for import - browse to the downloaded file -
Upload file - Stage for import
5. Once the background job finishes, View batch (getting alerts if you
didn't apply the patch from bug 37654) - Import this batch into the
catalog
6. When the import finishes, Search the catalog for script, on the imported
record Edit record (if you wind up in the basic editor, Settings - Switch
to Advanced editor)
7. In the left sidebar below the search inputs, click Advanced », check
the checkbox for Local catalog and uncheck any others, then search for
the Title script
8. You'll get five alerts, and the word "edition" displayed in huge text
9. Close the search popup, apply patch, shift+reload the advanced editor
page to clear your cache
10. Repeat step 7, but this time you won't get any alerts, and you'll see
the title and the other <script> inclusions.
Sponsored-by: Chetco Community Public Library Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Thu, 15 Aug 2024 22:41:18 +0000 (15:41 -0700)]
Bug 37655: Basic editor needs to HTML-escape the bib record title used as a heading
We stick the title of a bib record you are editing in the basic editor into
an <h1> without escaping any HTML it might contain. We should instead escape
it.
Test plan:
1. Without the patch, search for any record in the catalog and click Edit
record (if you are in the advanced editor, switch to the basic one)
2. Tab 2, Field 245, Subfield a, paste <script>alert('boo ❤')</script><h2>
at the end of the subfield
3. Save, then from the record detail page select Edit - Edit record
4. You will have gotten an alert(), and the entire form will be the size
of an <h2>. That's ugly, so go back to the detail page.
5. Apply patch, restart_all
6. Edit - Edit record
7. Now you should not get an alert, the whole title inluding the <script>
should display in italics, and the "(Record number nnn)" after it should
not be italicized.
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 37838: Fix broken remove button in course reserves
To test:
1) Go to staff client -> Course reserves
2) Create a course or go to an existing course
3) Add reserves to the course (will need at least 21 items to be able to go to a second page of results)
4) Go to the second page of results on the course details page
5) Click the Remove button next to a result
6) Notice how the button just makes the page move to the top
7) Apply patch
8) Repeat steps 1-5
9) Notice how the remove button is working as expected
Sponsored-by: Toi Ohomai Institute of Technology Signed-off-by: Sam Sowanick <sam.sowanick@corvallisoregon.gov> Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Tue, 8 Oct 2024 08:43:41 +0000 (10:43 +0200)]
Bug 38112: Restore description of patrons search
Certainly caused by bug 35329.
We used to display a description of the patrons search, but it is no longer displayed.
Test plan:
On the main patrons search select some values in the form on the left
and search. You should see a "Patrons found for: " h3 that will be
displayed and is supposed to describe the current search.
I don't think it's working very well to be honest, maybe a candidate for
candidate, especially if nobody else noticed its disappearance.
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Lucas Gass [Sat, 12 Oct 2024 14:28:57 +0000 (14:28 +0000)]
Bug 38162: Pass the rota_id correctly when deleting
To test:
1. Enable StockRotation
2. Got to Cataloging -> Stock rotation
3. Create a new Rota
4. Try to delete it
5. See the error "Can't call method "delete" on an undefined value at /kohadevbox/koha/tools/stockrotation.pl line 231"
6. APPLY PATCH
7. Try again, the rota should be deleted properly.
Signed-off-by: Laura ONeil <laura@bywatersolutions.com> Signed-off-by: Alyssa <alyssa.drake@bywatersolutions.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Emily Lamancusa [Thu, 10 Oct 2024 18:31:45 +0000 (14:31 -0400)]
Bug 38146: Display full datetime of datelastseen in item holdings
To test:
1. Check in an item
2. Look at the item holdings table for the bib record that item is on
--> Note the date last seen column displays dates, but not the time
3. Apply patch and restart_all
4. Refresh the page
--> Date last seen column now shows the time you checked the item in
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Tue, 8 Oct 2024 18:10:46 +0000 (18:10 +0000)]
Bug 38126: Skip allocated holds when filling from transport cost matrix
This patch simply weeds out allocated holds before filling from the matrix
To test:
1 - Enable RealTimeHoldsQueue
2 - Enable UseTransportCostMatrix
3 - Enable LocalHoldsPriority Give/Home/Home
4 - Administration - Transport cost matrix - enable transfers to/from Centreville and other libraries, add a cost, and save
5 - Find a bib with a Centerville item
6 - Place a hold for a centerville patron
7 - Circulation - Holds queue - All libraries
8 - Note hold is entered twice
9 - On command line:
perl misc/cronjobs/holds/build_holds_queue.pl --force
10 - Run holds queue again, still there twice
11 - Apply patch
12 - On command line:
perl misc/cronjobs/holds/build_holds_queue.pl --force
Confirm allocated only once
13 - Delete hold, place again from bib record (to test real time allocation)
14 - Confirm allocated only once
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This enhancement renames the bookings circulation rules to better describe what they do.
To test:
1. Go to Koha Administration -> Circulation and fines rules
2. Scroll to the 'Default holds and bookings policies by item type' section
3. Notice the bookings rules in this table:
- Booking preparation period
- Booking precaution period
4. Apply the patch and refresh the page
5. Confirm the bookings have been renamed to:
- Booking pre-processing (days)
- Booking post-processing (days)
6. Confirm these names make sense and it is clear what the rules are used for and how they are applied
7. Put values in the input fields for these rules and confirm saving a rule works as expected
Sponsored-by: Catalyst IT Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
1. In the staff interface, go to More > Suggestions > New purchase
suggestion
2. Click 'Select manager'
=> With this patch you see a note regarding permissions
3. Search for 'alford' (for example)
=> User is not returned, they do not have the suggestion permission
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Owen Leonard [Thu, 27 Jun 2024 19:15:11 +0000 (19:15 +0000)]
Bug 36742: Do not show library selection options if there is one or fewer public libraries
If a system has only one library or only one library which is public we
don't need to show library-selection menus. It doesn't make sense to
show a dropdown with only one choice.
This patch updates instances of Branches.all to add a "public => 1"
parameter.
To test, apply the patch and start with a set of multiple public
libraries in your system (where public means the entry in Administration
-> Libraries for that library has the "Public" option set to "Yes").
Log in to the OPAC test these pages, in each case confirming that the
the library dropdown appears correctly.
- OPAC home page (with OpacAddMastheadLibraryPulldown enabled)
- OPAC news section (with existing news items and OpacNewsLibrarySelect
enabled)
- Advanced search (Location and availability section)
- The "Most popular" page (with OpacTopissue enabled)
- The suggestion entry form (with suggestion enabled)
- The article request entry form (with ArticleRequests enabled and
circulation rules configured to allow requests)
Test again with only one library or only one public library.
Test again with no public libraries.
Sponsored-by: Athens County Public Libraries Signed-off-by: Jake Deery <jake.deery@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1: Enable ShowAllCheckins
2: Check in an item that was not checked out
3: Find "Item was not checked in" message in checkin table, confirm its only class is "problem"
4: apply patch, restart_all
5: repeat 2
6: confirm "Item was not checked in" now has the class "not_returned"
Signed-off-by: Eric Phetteplace <phette23@gmail.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
CJ Lynce [Thu, 3 Oct 2024 18:02:47 +0000 (18:02 +0000)]
Bug 38081: maskitoTimeOptionsGenerator does not properly support 12-hour times in calendar.inc
This patch corrects an issue where flatpickr time-only input boxes
boxes were not having their inputs masked (limited) properly
due to maskitoTimeOptionsGenerator not properly supporting
12-hour time inputs for time-only input boxes.
To test:
1. Login to the staff intranet.
2. Open Administration->Libraries-> Edit any library.
3. Open your browser's development console (typically via F12)
Verify a 'TypeError' message has been thrown for this page.
4. Type in any text into any of the opening hours
This should be limiting only to properly formatted HH:MM.
5. Apply patch
6. Repeat steps 2-4
Verify no errors show on your browser's development console.
Verify opening hours entry are limited to proper HH:MM format.
7. Open Administration->System Preferences and change TimeFormat
to 12-hours, Save.
8. Repeat steps 2-4
Verify opening hours text entry are limited to properly
formatted HH:MM AM/PM (or am/pm)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Laura Escamilla [Wed, 15 May 2024 15:34:22 +0000 (15:34 +0000)]
Bug 13945: Prevent multiple dialog modals from popping up when capturing a hold at checkin
1. Select/Create Library Branches:
- Select or create two library branches: Library A and Library B.
2. Locate/Create Item:
- Locate or create an item with the "Current library" and "Home library" set to Library A.
3. Place Hold:
- Place a hold on the item for a patron whose pickup location is Library B.
4. Check-in at Library A - First Attempt:
- Check in the item at Library A.
- Verify that the 'Hold found' modal pops up.
- Click on 'Confirm hold and transfer'.
5. Check-in at Library A - Second Attempt:
- Check in the item at Library A again.
- Verify that the 'Hold found' modal pops up.
- Click on 'Ignore'.
- Verify that the 'Please return this item to (Library B)' modal has popped up behind it.
6. Apply Patch and Restart:
- Apply the patch to the system.
- Restart all relevant services.
7. Repeat Check-in Process:
- Repeat steps 4 and 5.
- Verify that no matter how many times you check in the item and hit 'Ignore' or 'Confirm the hold', the second modal does not pop up.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jan Kissig [Thu, 25 Apr 2024 09:13:55 +0000 (11:13 +0200)]
Bug 23426: Add fine items to patron information response in SIP2
This patch adds fine items (AV) to patron information response in SIP2
In addition the active currency we be part of the response (BH)
This also fixes the number of items in the response which are specified in BP and BQ in the request
to test:
a) create a manual invoice for patron 23529000035676 : http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=19
b) in ktd call: perl /usr/share/koha/bin/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 -m patron_information -s " Y "
c) verify that no |AV field is in response
d) apply patch
e) in ktd call: perl /usr/share/koha/bin/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 -m patron_information -s " Y "
f) verify that response includes fields like '|AVManual fee '
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Tidied inline Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 37791: Fix 'Biblio not found' messages on the API
This patch fixes some API-related cases of 'Biblio' terminology
incorrectly used.
To test:
1. Run:
$ ktd --shell
k$ git grep 'Biblio not found'
=> FAIL: Several occurences
2. Run:
k$ git grep 'render_resource_not_found("Biblio")'
=> FAIL: Several occurences
3. Apply this patches
4. Repeat 1 and 2
=> SUCCESS: No more occurences!
5. Run:
k$ prove t/db_dependent/api/v1/
=> SUCCESS: Tests pass!
6. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 9 Oct 2024 14:01:48 +0000 (16:01 +0200)]
Bug 37945: Remove fixedHeader for sysprefs
It breaks the scroll when a subsection is clicked.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Wed, 2 Oct 2024 04:34:10 +0000 (21:34 -0700)]
Bug 38057: Fix checkmarks in Change framework menu in Advanced editor after Bootstrap5 update
The advanced editor was using a class hidden from bootstrap.min.css to
hide checkmarks in the part of the Settings menu that lets you change
frameworks. Now that's gone, so it needs to have its own class.
Test plan:
1. Set the preference EnableAdvancedCatalogingEditor to Enable
2. Cataloging - Advanced editor - click the Settings menu
3. In Change framework, ... checkmarks, checkmarks everywhere, and they
don't change when you choose a different one, so after the first
change you can't even tell what's current
4. Apply patch, Shift+Reload the advanced editor page to bypass the cache
5. Click the Setting menu, see that only the current framework has a
checkmark, change to a different one and reopen the Settings menu,
see that the one you changed to now has the only checkmark
Sponsored-by: Chetco Community Public Library Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Thu, 19 Sep 2024 11:40:24 +0000 (11:40 +0000)]
Bug 37954: Atomic update
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Wed, 18 Sep 2024 10:22:51 +0000 (10:22 +0000)]
Bug 37954: Fix barcode column name
Patch https://github.com/Koha-Community/Koha/commit/6cbbfa2 changed
holdings_barcode to holdings_barcodes
I believe this caused the configuration from the table to no longer
work (barcodes!=barcode)
Test plan:
1) Access any bibllio:
<staff_url>/cgi-bin/koha/catalogue/detail.pl?biblionumber=76
2) On the top right of the table, click 'Configure'
3) Expand 'Catalog', search for 'holdings_barcode'. Tick 'is hidden by
default'. Save.
4) Visit the biblio again, notice the column is still showing.
5) Apply patch. Restart all + flush_memcached. Repeat.
6) Bonus: On the table, click 'Show filters'. Make sure barcode
filtering still works.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sam Lau [Fri, 26 Jul 2024 16:42:12 +0000 (16:42 +0000)]
Bug 29194: Create logical ordering of patron messaging preferences
This patch introduces a default ordering for patron messaging preferences. The prefs are then sorted by this ordering before being displayed.
To test:
1) Visit a patrons detail page.
2) Note the message prefs aren't ordered (or rather sorted by 'message_attribute_id')
3) Apply patch, restart_all
4) Ensure they are now sorted in teh following fashion:
'Hold_Filled' => 1,
'Hold_Reminder' => 2,
'Recall_Requested' => 3,
'Recall_Waiting' => 4,
'Ill_ready' => 5,
'Ill_unavailable' => 6,
'Ill_update' => 7,
'Item_Checkout' => 8,
'Auto_Renewals' => 9,
'Advance_Notice' => 10,
'Item_Due' => 11,
'Item_Check_in' => 12
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Please note discussion on BZ about the preferred order ;) Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Martin Renvoize [Tue, 1 Oct 2024 12:33:57 +0000 (13:33 +0100)]
Bug 36375: Fix inconsistencies in content warning display
As suggested by Fridolin, we move the display into a template to improve
consistency and maintanence and whilst doing this we also pick the
suggested subfield selection.
Signed-off-by: Hannah Prince <hannah.prince@uhb.nhs.uk> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Mon, 7 Oct 2024 19:58:17 +0000 (19:58 +0000)]
Bug 38109: Sort patron category types before display
To test
1 - Patrons -> New patron -> {any category}
2 - Find the category dropdown
3 - Note the order of categories types
4 - Reload the page
5 - Note a new order
6 - Apply patch
7 - Refresh page, category types now ordered (by code)
8 - Refresh again, no change!
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Lucas Gass [Wed, 25 Sep 2024 21:17:22 +0000 (21:17 +0000)]
Bug 38005: Pass opac_editable to search params when interface is OPAC
1. Create a patron attribute.
2. Check it as Mandatory.
3. Do NOT make it display or editable in the OPAC.
4. Go to OPAC self reg form
5. You will not see the attribute.
6. Submit the form and see the 500 error.
7. Apply patch, restart_all.
8. Try again, now you should be able to submit the OPAC form.
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
CJ Lynce [Thu, 3 Oct 2024 14:24:31 +0000 (14:24 +0000)]
Bug 38043: Add unit tests for KohaTimes TT filter
This adds units tests for the new KohaTimes TT filter.
This also corrects a minor issue with a wrong comparitor operation in
KohaTimes.pm causing a WARN to be thrown.
To test
1. Apply patch
2. prove t/db_dependent/Template/Plugin/KohaTimes.t
3. Verify 5 Tests PASS
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Mon, 7 Oct 2024 08:49:36 +0000 (10:49 +0200)]
Bug 38071: Ensure search.dt is triggered
I don't really understand why the previous code is not working, but
the search.dt event handler is not correctly set when initComplete is
passed to the constructor (for instance from the patrons search)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Lucas Gass [Fri, 27 Sep 2024 21:17:49 +0000 (21:17 +0000)]
Bug 38027: Set date to empty value instead of using flatpickr clear()
1. Find a datetime field in Koha. For example, specifying due dates on the checkout page.
2. Specify a datetime.
3. Use the red 'X' icon to clear the date.
4. Notice a console error 'parsedDate' is undef
5. Now the flatpickr is date, not datetime
6. APPLY patch
7. Try again, this time no console error and the flatpickr remains a datetime one
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
0 MARC records done in 0.00804400444030762 seconds
3 - Apply patch
4 - perl misc/migration_tools/bulkmarcimport.pl -b --file=notafile.mrc -v
5 - Output:
Characteristic MARC flavour: MARC21
Could not open notafile.mrc: No such file or directory at misc/migration_tools/bulkmarcimport.pl line 262.
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 18 Sep 2024 08:40:32 +0000 (10:40 +0200)]
Bug 37953: (bug 35138 follow-up) Fix DisplayLibraryFacets - facet order
Before bug 35138:
DisplayLibraryFacets had priority over the settings in the mappings page.
If you had DisplayLibraryFacets set to "holding library" (only) then only the holding library facet was displayed.
On 231200036 we were not adjusting the facet order/appearance, but the
label, which was wrong. The label must be adjusted for both facets and
the order depending on DisplayLibraryFacets.
Note that bug 37446 is adding a new db rev to adjust the label for
installations that have been updated already.
Test plan:
0. checkout c120975b783 (the commit right before 35138 has been pushed)
1. reset_all
2. holding library is set in DisplayLibraryFacets by default
3. checkout main (so without this patch)
4. updatedatabase
=> ES search result display both facets
5. Repeat 0,1,2 and checkout main + this patch, updatedatabase
=> ES search result display only the holding library facet
Feel free to try with another value in DisplayLibraryFacets
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Tue, 8 Oct 2024 13:38:18 +0000 (15:38 +0200)]
Bug 38118: Display columns if not empty in drawCallback
Instead of updating only when DT init is complete we are going to update
the visibility when the table will be redrawn.
Test plan:
1 - Find/Add a bib record with no items
2 - Add 20 items from Centerville
Edit ->Edit items -> enter CENTER1 into barcode ->'Add multiple copies' -> 20
3 - Add 20 items from Fairview as above but enter 'FAIR1' for barcode and 'FAIR ITEM' as callnumber
4 - Add 1 item from Midway with barcode MIDWAY1
5 - Edit a midway patron to grant 'catalogue' and 'edit_items' permission - NOT edit_any_item
6 - Sign in as the patron above
7 - Find the record
8 - Note there is callnumber and actions/edit columns
9 - Go to page 2 of items - callnumber visible
10 - Go to page 3 - edit column
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Aleisha Amohia [Wed, 1 May 2024 02:18:19 +0000 (02:18 +0000)]
Bug 36435: Catch harmless errors in koha-dump
tar has exit status 1 if any file has changed while being read, which is likely to happen as the logfiles are included. this patch will catch these harmless errors so that koha-dump will still return a success code.
Test plan:
1. Create a number of backups and edit their modify time to being older than 2 days
2. run the koha-run-backups script and try and write to one of the files it includes while it's being backed up (you'll trigger a warning from tar saying the file changed as it was being read)
3. verify that the older backups are not being cleaned up and deleted despite new backups being made.
4. Apply this patch
5. Complete steps 1-2 again and then go and look to see if the older backups are being deleted.
Sponsored-by: Catalyst IT Signed-off-by: David Nind <david@davidnind.com> Co-authored-by: Michał Kula <148193449+mkibp@users.noreply.github.com> Signed-off-by: Michał Kula <148193449+mkibp@users.noreply.github.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Tue, 1 Oct 2024 12:15:07 +0000 (14:15 +0200)]
Bug 38049: Call .tooltip() only if needed
This is cheating, yes.
We had a cypress test failing because of this line
$(...).tooltip is not a function
It's failing randomly on Admin/RecordSources_spec.ts, which does not
need the tooltip.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Tue, 1 Oct 2024 09:42:07 +0000 (11:42 +0200)]
Bug 38049: Remove tooltip call from DT
Not really sure why we had this line, but Owen decided to remove it when
upgrading to Bootstrap5.
So let's remove them from the other files as well.
Waiting for Owen to confirm this one.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
JD: No, really, don't wait.
And it does not fix the issue initially raised on bug 37917
https://bugs.koha-community.org/show_bug.cgi?id=38049 Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Martin Renvoize [Fri, 4 Oct 2024 08:26:49 +0000 (09:26 +0100)]
Bug 38089: Move style to head and correct regular expression
This patch moves the local style sections from the body to the head
where they belong and it also updates the regular expression used to
prepend the slip_id id to css selectors rather than replace them
To test:
1 - Create a new notice in the 'Patron (custom slips)' module called 'Testing'
2 - Set print content as:
Try the <span class="styled">styling</span> stuff.
3 - Set the 'Format' as:
.styled {color:red;font-weight: bold;}
4 - Set system preference IntrnaetSlipPrinterJS to "//test"
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=IntranetSlipPrinterJS
This will prevent auto printing popup
5 - Go to a patron and click Print -> Print Testing
6 - Note incorrect styling
7 - Apply patch, restart all
8 - Print Testing again
9 - Confirm styling is correct
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Kyle M Hall [Fri, 4 Oct 2024 14:10:13 +0000 (10:10 -0400)]
Bug 38094: Allow librarians with fast add permissions to edit existing fast add records
The ability to create fast add records was fixed on bug 38076, but they still cannot be edited after they are saved.
Test Plan:
1) Create a librarian with only fast add cataloging permissions
2) Create a fast add record, save it
3) Attempt to edit that record, you cannot!
4) Apply this patch
5) Restart all the things!
6) Attempt to edit that record, you can!
7) Attempt to edit a non-FA record, you cannot!
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Kyle M Hall [Fri, 4 Oct 2024 14:56:44 +0000 (10:56 -0400)]
Bug 38076: (QA follow-up): Make permission edit_catalogue imply fast_cataloging
Any librarian with the edit_catalogue sub-permission should also be able
to edit fast catalog records. If that was not true, a cataloger could
not convert fast adds into full records.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Kyle M Hall [Thu, 3 Oct 2024 14:09:18 +0000 (14:09 +0000)]
Bug 38076: Fix inability of fast catalogers to add/edit FA framework records
If a librarian does not have the editcatalogue permission, but does have the fast_cataloging permission, they should be able to add and edit fast cataloging records. Instead they are presented with a login screen and the message that they do not have sufficient permissions.
Test Plan:
1) Create a librarian with only fast add cataloging permissions
2) Attempt to create a fast cat item from the circ menu
3) Note the login screen and error
4) Apply this patch
5) Restart all the things!
6) Try again, you can now create FA records!
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Michał Dudzik [Mon, 8 Jul 2024 15:23:45 +0000 (17:23 +0200)]
Bug 37265: Consideration of UniqueItemFields setting when receiving items in an order
When using the Koha acquisition module to receive items (basket receiving
an order), Koha does not consideration of UniqueItemFields setting.
The problem is that you can accidentally attach 3 items to an order with the same values.
Test plan:
1. Set preference UniqueItemFields: Public note (itemnotes)
2. Go to the acquisition module.
3. Create a basket with the option for 'Create items when:' set to receiving an order.
4. Add an order to the basket, for example: From a new (empty) record with the Quantity set to 3 or more.
5. Close the basket.
6. Receive the order.
7. Add a public note: TEST, and receive the first item (Add item).
8. You will see that the next item has the same public note.
9. Apply this patch and repeat step 7 - the public note is not used for the next note.
Sponsored-by: kohawbibliotece.pl Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1. Have additional language installed and set up for OPAC
2. Search something
3. Notice "Item types" facet label untranslated
4. Apply patch and make sure translations are updated
5. Observe facet label "Item types" translated
6. See patch [1] "Bug 36750: Fix some labels" in Bug 36750
7. Observe item type change missing for OPAC but present in staff client
Nick Clemens [Wed, 12 Jun 2024 11:41:53 +0000 (11:41 +0000)]
Bug 37430: (Bug 33407 follow-up) Unit tests
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Janusz Kaczmarek [Mon, 22 Jul 2024 12:01:40 +0000 (12:01 +0000)]
Bug 37430: (Bug 33407 follow-up) ISBD punctuation removal in ES searches
Tiny adjustment for very special and malicious cases needed in
Koha::SearchEngine::Elasticsearch::QueryBuilder::clean_search_term.
Extended unit tests added following Nick's suggestions in
Bug 33407 discussion.
Test plan
=========
1. Use ktd with Elasticsearch and ktd's test data.
2. Edit the 4th record (The C programming language) and add a semicolon
followed by a space before the slash in 245 $a to have:
The C programming language ; /
3. Make a search for the first ISBD zone taken verbatim from the forth
record:
The C programming language ; / Brian W. Kernighan, Dennis M. Ritchie
There should be no result.
4. Apply the patch, restart plack.
5. Repeat the search. You should get the record.
Sponsored-by: Ignatianum University in Cracow Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Aleisha Amohia [Thu, 29 Aug 2024 04:52:28 +0000 (04:52 +0000)]
Bug 37446: Fix search facets for holding and home libraries
This bug ensures that the facet labels for holdingbranch and homebranch are updated, regardless of how the DisplayLibraryFacets system preference is set.
To test:
1. Check out an earlier version of Koha, for example `git checkout v23.11.08-1`
2. Spin up your development environment with elasticsearch, for example `ktd --es7 up`
3. Once it's ready, go to the staff interface and search for the DisplayLibraryFacets system preference in Koha administration. Set to 'holding library' if not already.
4. Do a catalogue search, notice the facets on the side. "Holding libraries" should show as normal. There should be no facet for home libraries.
5. In your terminal, check out 24.05.x, for example `git checkout v24.05.03`
6. Run database updates to upgrade Koha, for example `sudo koha-upgrade-schema kohadev`, and restart services `restart_all`
7. Repeat step 4. Notice the error in the facets "homelibrary"
8. Apply patch from Bug 37446
9. Repeat step 6
10. Repeat step 4. This time the facet should read "Home libraries"
Sponsored-by: Toi Ohomai Institute of Technology Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Wed, 31 Jan 2024 16:47:34 +0000 (16:47 +0000)]
Bug 35087: (follow-up) Accept only values which will be saved correctly
This patch adds a regex (thanks to Katrin for the help) specific to the
range of values which will be accepted by the discount column in the
database which has the type "float(6,4)".
The patch also removes the format() filter from the template so that
values returned from the database won't be truncated:
Using "format ('%.1f')", a value in the db of '9.009' would appear in
the edit form as '9.0', a change which could be missed if the user was
editing some other field in the vendor edit form.
To test, apply the patch and clear your browser cache if necessary.
- Go to Acquisitions -> Vendors -> Edit vendor.
- Under "Ordering information," test entering various values in the
"Discount" field. It should accept numbers with up to two digits
before the decimal and up to three digits after the decimal:
9, 99, -99, 99.9, 0.99, 99.99, 99.999
- In each of these cases, confirm that a value accepted by the
client-side validation is also accepted when you submit the form and
is correctly displayed when you edit that vendor again.
- It should not accept:
100, 100.001, 100.00001
- The error message has been updated to read, "Please enter a decimal
number in the format: 0.0"
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Sonia <sonia.bouis@univ-lyon3.fr> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Thibaud Guillot [Thu, 18 Jan 2024 08:28:29 +0000 (09:28 +0100)]
Bug 35087: Discount rate only accepts a point as decimal separator
When a comma is used to define the discount rate of a vendor,
the data is not recorded (as NULL), it is however recorded if the
separator is a point.
Test plan:
1) Go to acqui module and edit a vendor
2) Set a discount rate with a comma as decimal separator
3) Edit again or request your database to see that there is no data
saved
4) Do it again with a point as decimal and see it works
5) Apply this patch and reloard the build for the templates
6) Repeat step 2 and see the warning to inform you that you must use a
point
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Sonia <sonia.bouis@univ-lyon3.fr> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Fri, 6 Sep 2024 11:42:09 +0000 (11:42 +0000)]
Bug 37848: Fix "Run with template" dropdown menu style
This patch adds the missing "dropdown-item" class to the "Run with
template" dropdown menu markup in order to correct the menu's style.
The patch also adds a template ID to the menu items' id attributes so
that we don't have duplicate IDs.
To test, apply the patch and go to Tools -> Notices.
(testing steps copied from Bug 36157)
1. Create a notice with the module of "Reports" -- add something to the
"Print" section. Example from the other bug:
[% FOREACH b IN data %]
<div class="panel panel-default">
<div class="panel-heading">[% b.surname %], [% b.firstname %]</div>
<div class="panel-body">Expiration: [% b.dateexpiry %]</div>
<div class="panel-footer">ID: [% b.borrowernumber %]</div>
</div>
[% END %]
2. Create and run a saved report. Example from bug 36157:
SELECT * FROM borrowers
3. Click on the "Run with template" dropdown and confirm that it is
styled correctly.
4. Click to run the report with the template and confirm that it works
correctly.
Sponsored-by: Athens County Public Libraries Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Kyle M Hall [Thu, 19 Sep 2024 18:31:56 +0000 (14:31 -0400)]
Bug 37967: Allow auto renewals notices to be sent via phone
Auto renewals via phone are only disallowed because itiva did not support them.
There is no reason to disallow auto-reneals for the generic phone transport.
Twilio, for example, would have no problem sending those phone notices.
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Note you can now select phone for auto-renewals!
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Mon, 16 Sep 2024 10:26:49 +0000 (12:26 +0200)]
Bug 37928: Add missing dropdown-item class to "Upload image"
"Upload image" item not correctly styled
Test plan:
Go to the bib detail page with at least one item.
Open the action dropdown list and notice the "Upload image" is correctly
styled with this patch
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Wed, 4 Sep 2024 13:32:27 +0000 (13:32 +0000)]
Bug 37362: Do not show the lists button if there are no public lists and opacuserlogin is off
This patch updates the OPAC header so that if opacuserlogin is off and
there are no public shelves, the Lists button does not appear. If
opacuserlogin is turned off the only kind of lists the user can interact
with are public ones, and without public lists there's nothing to do.
To test, apply the patch and test the arrangement of the OPAC header in
these cases:
- opacuserlogin is on, user is logged in, and there are no public lists:
- The Lists button appears and contains only "Your lists" menu items.
- opacuserlogin is on, user is logged in, and there are public lists:
- The Lists button appears and the menu contains controls for both
public and private lists.
- opacuserlogin is off and there are public lists:
- The Lists button appears and shows only controls for public lists.
- opacuserlogin is off and there are no public lists:
- The Lists button does not appear.
Sponsored-by: Athens County Public Libraries Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Mon, 2 Sep 2024 12:38:59 +0000 (14:38 +0200)]
Bug 37807: Disable "Export today's checked in barcodes" when needed
If patron has privacy==2 ("Never: Delete my history immediately"), the "Export today's checked in barcodes" button is supposed to be disabled, with a tooltip with an explanation, but it is not.
Test plan:
Turn on OpacPrivacy and select "Never" in your privacy settings (OPAC)
Go to the circulation page for this patron (staff) and notice that the
export button (under "More") is disabled and has a tooltip when the
mouse hover it.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When scroling down <staff_url>/cgi-bin/koha/tools/modborrowers.pl,
there is a point where the table header leaves the normal flow of
the page to stick to the top of the screen instead. When this
occurs, the header becomes fixed: if scrolling through the table
horizontally, only the body will move. This is an issue as it means
that in this situation, some column headers cannot be viewed and the
data does not necessarily match the header under which it is found.
This patch resolves this issue by allowing the header to scroll
horizontally and ensuring that the width of the column headers
still match that of the columns themselves.
Test plan:
A) Reproduce the bug as per Pedro's intructions:
***
1) Visit "batch patron modification":
<staff_url>/cgi-bin/koha/tools/modborrowers.pl
2) Enter multiple cardnumbers, in k-t-d you may use these: 23529000104159 23529000120056 23529000714163 23529000651225 23529000445172 23529000105040 23529000224510 23529000591678
3) Press "Continue"
4) Scroll down the page enough that the table headers row becomes
"detached"
and sticks to the top of the page as you scroll down.
5) Scroll the table horizontally. Notice the headers are stuck even
though
the data columns have moved horizontally, causing the headers and
data to
not match.
***
B) Apply the patch
C) Go through steps 1-5 again. This time, notice that the header scrolls
along with the table body and that the column headers and data always
match.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Mon, 2 Sep 2024 14:51:31 +0000 (14:51 +0000)]
Bug 37810: Consider ServiceActive on status response
Some SUSHI providers return ServiceActive instead of the documented Service_Active:
https://countermetrics.stoplight.io/docs/counter-sushi-api/f0dd30f814944-server-status
This ensures the test connection does not fail regardless of what is used
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Thu, 19 Sep 2024 12:36:54 +0000 (12:36 +0000)]
Bug 37810: Add test
Test plan:
1) Apply only tests patch, run:
prove t/db_dependent/Koha/ERM/EUsage/UsageDataProvider.t
2) Verify tests fail
3) Apply fix patch
4) Run tests again, verify they pass
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Wed, 11 Sep 2024 10:40:17 +0000 (10:40 +0000)]
Bug 37891: Submit SMS related data even if SMSSendDriver is empty.
The bug is caused by the SMS data not being submitted as its fieldset is disabled if SMSSendDriver is empty.
This causes the SMS instance of the notice to not be updated when the edit happens, becoming out of sync.
Once it becomes out of sync with the other notices of same code but different transport_type, the 'GROUP BY branchcode,module,code,name,branchname' in letter.pl will fail, as the name no longer matches, listing the same notice twice on the notices table.
This patch updates the logic on the template to have the SMS input elements be disabled/readonly instead of having disabled='disabled' on the SMS fieldset.
This keeps the same functionality i.e. staff member is unable to edit SMS notice if SMSSendDriver is disabled, but ensures that SMS related data is submitted to the controller when the notice edit save happens.
Test plan:
1) Visit notices and slips:
<staff_url>/cgi-bin/koha/tools/letter.pl
2) Search for a notice code e.g. 'ILL_REQUEST_UPDATE'.
3) Notice only one result is returned. Click 'Edit'.
4) Edit the 'Name'. Click 'Save'.
5) Repeat 2. Notice two results are now returned.
6) Apply patch. Repeat test plan. Notice only one result is returned at the end.
Signed-off-by: Jason Robb <jrobb@sekls.org> Amended-by: Jonathan Druart
Align
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 37871: Remove extraneous 246 subfields from the title mappings (Elasticsearch, MARC21)
This patch limits indexing of field 246 to $a, $b, $n, and $p in
various title indexes.
Previously, all 246 subfields were indexed, including non-title
subfields such as $i (Display text), $g (Miscellaneous information),
and linking subfields, making the title index very large and giving
false results.
To test:
1. Add all the 246 subfields to the default bibliographic framework
1.1. Go to Administration > MARC bibliographic framework
1.2. Click Actions > MARC structure next to the Default framework
1.3. Search for 246
1.4. Click Actions > Edit subfields
1.5. For each subfield, make sure Editor is checked
1.6. Click Save changes
2. Create a new record and fill out all the 246 subfields
2.1. Go to Cataloging
2.2. Click New record
2.3. Fill out the mandatory fields (000, 003, 005, 008, 040$c,
245$a, 942$c)
2.4. Fill out all the subfields in 246 (I simply write the name of
the subfield in the text field e.g. Display text in 246$i)
2.5. Click Save
2.6. Click Normal to access the detailed record
3. View the Elastic search record
--> All the subfields (including "Display text", "Miscellaneous
information" and other non-title subfields) should be indexed in
- title
- title__suggestion
- title-abbreviated
- title-abbreviated__sort
- title expanded
- title-expanded__sort
- title-former
- title-former__sort
4. Make a title or keyword search for "Display" (or whatever you wrote
in 246$i)
--> Your record should be in the results
5. Apply patch
6. Rebuild the index using -r
koha-elasticsearch --rebuild -d -r -v kohadev
7. Redo step 3
--> Only 246 $a, $b, $n, and $p should be indexed
8. Redo step 4
--> Your record should NOT be in the results
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 35655: Only use STOMP if JobsNotificationMethod set to do so
This patch makes the background jobs (jobs from now on) connect step not
try to connect to the STOMP broker, unless explicitly told to do so.
This is achieved by using a newly introduced system preference
`JobsNotificationMethod` which falls back to STOMP if undefined.
The "about" page now has 3 states for
+ Message broker: Using SQL polling
+ Message broker: Using SQL polling (Fallback, Error connecting to RabbitMQ)
+ Message broker: Using RabbitMQ
The goal for this patch is to stop flooding the logs on very busy sites
when Rabbit is not being used. This shouldn't predate any efforts on
making the STOMP based jobs brokering mechanism solid and usable.
To test:
1. On clean `main`, run:
$ ktd --shell
2. Open the logs on a separate terminal:
$ ktd --shell
k$ tail -f /var/log/koha/kohadev/*.log
3. Stage some MARC for import
=> SUCCESS: No warnings about STOMP
4. Import the staged records
=> SUCCESS: No warnings about STOMP
5. Stop rabbitmq:
k$ sudo service rabbitmq-server stop
6. Repeat 2-4
=> FAIL: The logs say it couldn't connect to STOMP
7. Apply this patches and run:
k$ restart_all
8a. See the "about" page, should read:
Message broker: Using SQL polling (Fallback, Error connecting to RabbitMQ)
8b. Repeat 2-4
should work with one warning in the
9. Start rabbit:
k$ sudo service rabbitmq-server start
k$ restart_all (not really necessary)
10a. See the "about" page, should read:
Message broker: Using RabbitMQ
10b. Repeat 2-4
=> SUCCESS: No warnings about STOMP
11. Change the `JobsNotificationMethod` system preference to *polling*
and stop rabbit:
k$ sudo service rabbitmq-server stop
k$ restart_all
12a. See the "about" page, should read:
Message broker: Using SQL polling
12b. Repeat 2-4
=> SUCCESS: No warnings about STOMP, not even on startup
13. Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The refactoring of "renew" -> "c.renew" missed this line (at least), so the condition is never met.
This fixes the issue and restores the original functionality.
Test plan:
1. log in with a patron at http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
2. check out an item
3. scan it again
4. see that the "return this item" choice isn't proposed. This is the
bug
5. apply patches
6. rescan the item in the self-check out
7. returning is proposed
8. check it in and confirms that it's not checked out anymore
Signed-off-by: Oliver Behnke <oliver.behnke@aei.mpg.de> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 37369: Fix filtering of search result table in item search
At the moment, the filtering on item results page
requires using the code in the following fields:
- Collection
- Home library
- Current library
- Shelving location
- Itemtype
- item status -fields (not for loan etc)
So e.g. "Centerville" in Home library -field doesn't
bring back results but code "CPL" does. This happens
because "columns" option in search results table
isn't working when its used in function columnFilter.
However option "aoColumns" works.
To test:
1. Navigate to item search and search items.
=> Note that all filters in search result table
are free text fields.
2. Attempt to filter search results by home library
with description of some library.
=> No results are displayed.
3. Now filter results with code of the library.
=> Results are now displayed.
4. Apply this patch and refresh page.
5. Search items again.
=> Note that now some of the filters are now using
dropdown select fields.
6. Attempt to filter results by home library again.
=> Results are now displayed correctly.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Olivier Hubert <olivier.hubert@inlibro.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Phil Ringnalda [Fri, 13 Sep 2024 23:52:05 +0000 (16:52 -0700)]
Bug 26929: Fetching macros for Advanced Editor should ignore default pagesize
The REST API has a default page size of 20, controlled by the preference
RESTdefaultPageSize. That's fine for things that are fetched to display
in pages of 20, but for things like macros in the Advanced Editor that
don't implement paging, it's awkward, since when you create your 21st
macro, it disappears the next time you open the editor.
The Advanced Editor should instead disable paging by passing the param
_per_page=-1
Test plan:
1. Set the preference EnableAdvancedCatalogingEditor to Enable. While you
are there, set the preference RESTdefaultPageSize to 2, so you don't have
to create 21 macros to see one disappear
2. Cataloging - Advanced editor - Macros
3. Click New macro..., give it the name 1, then repeat for 2 and 3
4. You have a list of macros open with all three listed, so far so good.
Refresh the browser page and reopen Macros. You now have two macros
5. Apply patch, refresh the page, reopen Macros. You now have three macros
6. You should probably reset that RESTdefaultPageSize back to 20 if you
aren't about to reset ktd
Sponsored-by: Chetco Community Public Library Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
CJ Lynce [Fri, 6 Sep 2024 20:51:38 +0000 (20:51 +0000)]
Bug 36594: Library hours in koha/admin/branches.pl now adhere to selected time and calendar system preferences.
-Newly created or edited libraries no longer display 'null' for undefined
open and close times.
-Libraries without any defined hours will state such instead of displaying the
hours table.
-The CalendarFirstDayOfWeek system preferences is now respected when viewing
a library with defined hours.
-Time displays and inputs now follow the TimeFormat system preference.
-Times are no longer displayed with seconds.
As part of this patch, a new Template Filter, KohaTimes, has been added to
allow for proper formatting of time strings based on systems preferences.
To Test:
1. Login to staff interface
2. Go to Koha administration > Basic parameters > Libraries
3. Edit any library or create a new library. Do not set hours.
4. Save the library.
*Note that on the library list, in the hours column, all days are displayed
with 'null'.
5. Edit or create a 2nd library.
6. Try to manually enter a time (not using the flatpickr modal)
*Note that the mask wants a date format, not a time format.
7. Set some hours for the library, leaving at least one
day without hours. Save.
*Note that in the library list, in the hours column, defined times are in
the format HH:MM:SS.
7. Edit the system preference CalendarFirstDayOfWeek to set a day other
than Sunday as the first day of the week.
8. Return to Koha administration > Basic parameters > Libraries
9. Click on the name of a specific library with hours to view details.
*Note that the order of the calendar weeek still starts with Sunday.
10. The order of the calendar week still starts with Sunday.
11. Edit the system preference TimeFormat and set to 12-hours.
12. Return to Koha administration > Basic parameters > Libraries.
*Note that the time format on the branches list is not in 12-hour format.
13. Click on the name of a specific library with hours to view details.
*Note that the time format in the branch details screen is not in 12-hour
format.
14. Apply Patch.
15. Return to Koha administration > Basic parameters > Libraries
16. Verify that your library with all undefined times shows "Library hours
not set".
17. Verify that your library with defined hours is showing times in HH:MM
format, and days without defined hours are blank.
18. Verify that your library with defined hours is respecting the TimeFormat
preferences.
19. Click on the name of a library with hours to view details.
20. Verify that the hours respect the CalendarFirstDayOfWeek and TimeFormat
preferences.
21. Click on the name of another library without hours to view details.
Verify these libraries show as "No opening hours have been set"
in the branch detail view.
22. Edit a library's hours. When inputing, try to manually enter a time (not
using the flatpickr modal). Verify that you can enter time in the proper
(12 or 24 hours) format.
Sponsored-by: Westlake Porter Public Library Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Mon, 23 Sep 2024 10:07:20 +0000 (12:07 +0200)]
Bug 37983: Restore auto-focus on patron input when "Schedule a pickup" is selected
In the curbside pickup module, when the "Schedule a pickup" tab is selected we expect
the patron search box to get the focus. But it has been broken bug 30965 (which changed the id of the input).
Test plan:
Setup curbside pickup for your library
Go to Circulation > Curbside pickups
Click the last tab
Notice that you can directly search for a patron, the input has the
focus
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 37964: Only show host items when system preference EasyAnalyticalRecords is enabled
After Bug 33496, host items are displayed even when system preference EasyAnalyticalRecords is disabled.
Test plan :
1) Build an analytical record with 773$0 and $9
2) Enable 'EasyAnalyticalRecords'
3) Go to catalogue details page
=> You see the linked item
4) Disable EasyAnalyticalRecords
5) Go to catalogue details page
=> You dont see the linked item
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We don't really need the form to be POSTed, we should not reach the URL maxlength.
The UI will certainly explode if there are lot of items to edit anyway.
The code is not clear on this page as we are sending several forms using
the items selected from this table. But this one form is used to display
the edit form and so can be GET (and better as the URL can be shared).
The other actions have their own form (in modals mostly).
Test plan:
Create a subscription and go to the serial collection page.
Make sure at least one item is select and click the "Edit" button.
No behaviour change expected here, the edit form should still be
displayed.
Try the other actions on top of the table and confirm they are still
working as before.
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Mon, 23 Sep 2024 09:03:33 +0000 (11:03 +0200)]
Bug 37981: Switch installer/step3.tt form from POST to GET
This form does not need to be a POSTed form.
Test plan:
Drop and recreate the DB and run the web installer.
Everything should work, no behaviour change expected.
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>