Fridolin Somers [Fri, 1 Oct 2021 23:06:57 +0000 (13:06 -1000)]
Bug 29156: File missing warning in Koha::UploadedFile for permanent files only
When an uploaded file is deleted, when file does not exist there is a warning :
"Removing record for file.txt within category koha_upload, but file was missing."
For temporary files, this warning is noisy.
For example when they are in /tmp, system reboot deleted them.
I propose to remove this warning for temporary files.
Test plan :
1) Upload a temporary and a permanent file via Tools > Upload
2) Delete the file on server
3) Delete the two files from Tools > Upload
4) Look at warning in log files
=> You see only warning for permanent file
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Mon, 10 Jan 2022 09:35:40 +0000 (10:35 +0100)]
Bug 29837: Remove JS error during installer
Uncaught ReferenceError: _ is not defined
the _() function is called from calendar.inc, but calendar.inc is
included before the definition of this function in
installer-intranet-bottom.inc
Test plan:
Confirm that the JS error is gone
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fridolin Somers [Sat, 22 Jan 2022 01:57:28 +0000 (15:57 -1000)]
Bug 28943: (QA follow-up) Fix opac.pref
Fix YAML syntax of opac.pref, we must use dash for new lines.
Also removes duplicate text before syspref.
No need to say "code" since it is now a list of categories.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Tue, 7 Sep 2021 12:22:05 +0000 (12:22 +0000)]
Bug 28943: Lower the risk of accidental patron deletion
If you do not use a temporary self registration patron category,
you should actually make the preference
PatronSelfRegistrationExpireTemporaryAccountsDelay empty.
As the comment in sysprefs.sql already said, we should not let
a zero value in the pref delete patrons too.
The module is changed now, the test adjusted and
the description of both related sysprefs modified.
Test plan:
Run t/db_dependent/Members.t
Check in Administration the two adjusted OPAC pref descriptions.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Mon, 10 Jan 2022 13:02:49 +0000 (14:02 +0100)]
Bug 29840: Deal with non-existing biblionumber in opac-reserve
We should not explode if the biblionumber passed in not in DB.
Test plan:
Hit /cgi-bin/koha/opac-reserve.pl?biblionumber=42424
and notice the error message.
Without this patch you got
Can't call method "holds" on an undefined value at
/kohadevbox/koha/opac/opac-reserve.pl line 172
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Mon, 10 Jan 2022 10:34:27 +0000 (11:34 +0100)]
Bug 29838: Fix string interpolation in ImportBatch.t
Test plan:
Tests should return green
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Wed, 12 Jan 2022 18:21:46 +0000 (15:21 -0300)]
Bug 29865: Fix duplicate includes in circ/returns.pl
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fridolin Somers [Sat, 22 Jan 2022 00:58:42 +0000 (14:58 -1000)]
Bug 29646: (RM follow-up) Add space before colon
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Mon, 6 Dec 2021 08:31:48 +0000 (08:31 +0000)]
Bug 29646: Fix undefined category crash in opac-password-recovery
The crash is a result of a not found borrower. This is typically
a bad or repeated recovery attempt.
Test plan:
Do a password recovery.
Use the mailed URL twice.
Without this patch, the second attempt crashes.
With this patch, the second attempt shows an error dialog.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Katrin Fischer [Sat, 8 Jan 2022 23:05:00 +0000 (23:05 +0000)]
Bug 11750: (QA follow-up) Remove unconditional warn
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 19 Aug 2021 12:01:17 +0000 (14:01 +0200)]
Bug 11750: Hide patron's attributes on overdue list if needed
If a patron's attributes is limited to some libraries, we must apply
this limit on the overdue list view.
Test plan:
1. Create the following patron attributes:
A that is not searchable
B is searchable and does not have library limitation
C is searchable and is limited to another library than yours
2. On the right part of the overdue list view you must see B only
Without this patch C is displayed as well.
Signed-off-by: The Minh Luong <the-minh.luong@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 23 Dec 2021 11:41:33 +0000 (08:41 -0300)]
Bug 29764: Fix incorrect EmbedItems RecordProcessor filter POD
This patch makes the usage POD for the EmbedItems filter actually be
usable. The filter is used in opac-ISBDdetail.pl and the POD is updated
to how it is used there.
Not much to test.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 7 Jan 2022 14:54:16 +0000 (15:54 +0100)]
Bug 29806: (follow-up) Call ->as_list for ->pickup_locations on request.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 6 Jan 2022 12:27:45 +0000 (09:27 -0300)]
Bug 29806: Fix POST /holds use of pickup_locations
This patch makes Koha::Item->pickup_locations and
Koha::Biblio->pickup_locations explicitly call ->as_list in list
context. This way we workaround bug 28871.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/holds.t
=> FAIL: Tests fail, the route gives a 500 (unhandled exception)
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass, the route correctly returns a 400 with a
message about the pickup location being invalid
5. Sign off :-D
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 6 Jan 2022 12:22:05 +0000 (09:22 -0300)]
Bug 29806: Call ->as_list for ->pickup_locations on request.pl
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 6 Jan 2022 12:27:28 +0000 (09:27 -0300)]
Bug 29806: Regression tests
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 6 Jan 2022 11:53:30 +0000 (08:53 -0300)]
Bug 29807: Make Branches plugin handle empty pickup locations list
This patch makes the plugin handle empty Koha::Biblio->pickup_locations
and Koha::Item->pickup_locations correctly.
It does so by explicitly calling ->as_list. It also restores the logic
that was changed by
6cd1ffab4e491349c99769018a7df33dc8a8aabf so, now
that ->empty is handled correctly, it doesn't return ALL the pickup
locations when the item/biblio doesn't have valid pickup locations.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/Template/Plugin/Branches.t
=> FAIL: Awful error
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 6 Jan 2022 11:53:01 +0000 (08:53 -0300)]
Bug 29807: Regression tests
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 23 Mar 2017 12:51:09 +0000 (09:51 -0300)]
Bug 18320: Remove patroncards/edit-layout.pl warnings
This patch removes warnings generated by the script itself.
To test:
- Go to Tools › Patron card creator › Manage layouts and
Tools › Patron card creator › New layout
- Add a new layout, adit existing.
=> FAIL: Warnings logged by edit-layout.pl
- Apply this patch
- Go to Tools › Patron card creator › Manage layouts and
Tools › Patron card creator › New layout
- Add a new layout, adit existing.
=> SUCCESS: No warnings generated by edit-layout.pl
- Sign off :-D
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Fri, 14 Jan 2022 19:39:02 +0000 (19:39 +0000)]
Bug 29889: Incorrect library check in patron message deletion logic
This patch corrects the logic controlling whether a patron message on
the circulation or patron details page has a "Delete" link. An error in
the logic prevented messages from being removed by staff who should have
been authorized to do so.
To reproduce the bug, check that your AllowAllMessageDeletion preference
is disabled.
- In the staff client, check out to a patron whose home library doesn't
match the library you're logged in at.
- Add a message to the patron's account.
- You should see no "Delete" link next to the newly-added message.
- If you edit the patron so that their home library matches the
library you're logged in at the delete link will appear.
To test, apply the patch and follow the steps above. The delete link
should aways appear if the message was left by someone logged in at the
same library.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 18 Jan 2022 15:01:00 +0000 (16:01 +0100)]
Bug 29495: Fix TestBuilder.t
Value not allowed for auto_incr issue_id in Issue at /kohadevbox/koha/t/lib/TestBuilder.pm line 387.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Fri, 7 Jan 2022 19:34:21 +0000 (19:34 +0000)]
Bug 29820: Set paging option using boolean instead of string
Bug 28450, "Make Account summary print tables configurable," added
DataTables to the print summary view. The updated page includes the
wrong option:
"paging": "false",
It should be:
"paging": false,
Because DataTables expects that option to be boolean (true or false).
To test, apply the patch and check out to a patron who has more than 20
checkouts and more than 20 holds.
- From the toolbar, click Print -> Print summary.
- On the acount summary page, confirm that the "Items checked out" and
"Pending holds" tables show ALL entries, not just the first 20.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle Hall [Mon, 7 Feb 2022 11:31:43 +0000 (06:31 -0500)]
Bug 29336: Update DBIC schema
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle Hall [Mon, 7 Feb 2022 11:24:27 +0000 (06:24 -0500)]
Bug 29336: DBRev 21.11.02.002
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Thu, 28 Oct 2021 12:11:07 +0000 (12:11 +0000)]
Bug 29336: Database revision
Resizes the six fields identified earlier:
additional_fields.authorised_value_category 16=>32
auth_subfield_structure.authorised_value 10=>32
auth_tag_structure.authorised_value 10=>32
club_template_enrollment_fields.authorised_value_category 16=>32
club_template_fields.authorised_value_category 16=>32
marc_tag_structure.authorised_value 10=>32
Test plan:
Run dbrev, check database.
Bonus: Connect an AV category with a long name to a authority subfield.
Check if you see its values in the authority editor.
(This was the way I found the problem.)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 7 Jan 2022 15:04:28 +0000 (16:04 +0100)]
Bug 29336: Remove TODOs
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Thu, 28 Oct 2021 11:45:39 +0000 (11:45 +0000)]
Bug 29336: Identify the fields with wrong length (or name) first
This report will fix the bad lengths first.
And mark the 'bad' names with a TODO for follow-up.
Bad name means: refers to value, should be category.
Scanning kohastructure.sql.
Note: Bug 29347 has been opened to fix the names.
Test plan:
Search for another AV category field with length<>32.
Bonus: Reinstall and check database.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 23 Dec 2021 18:51:52 +0000 (15:51 -0300)]
Bug 29758: Get rid of warning in members/boraccount.pl
This patch removes a noisy warning found in production logs.
To test:
1. Run:
$ tail -f /var/log/koha/kohadev/plack-intranet-error.log
2. Open the 'Accounting' tab for a patron, then click on 'Transactions'
=> FAIL: You see this kind of warning in the logs:
[WARN] CGI::param called in list context from...
3. Apply this patch
4. Repeat 2 (change tab and go back)
=> SUCCESS: No more warning!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Fri, 7 Jan 2022 13:44:30 +0000 (10:44 -0300)]
Bug 18540: (QA follow-up) Only mention index_sort_title if defined
This patch makes the generated xslt not mention index_sort_title unless
the entry is defined on the xml file. Otherwise there's a call to
<xslo:apply-templates mode="index_sort_title"/>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Thu, 13 May 2021 16:34:38 +0000 (16:34 +0000)]
Bug 18540: Handle indexing sort title only when needed
This patch moves the code that generates the xsl for MARC21 biblio sorting
to it's own template that is only called when specified in the xml
To test:
1 - xsltproc etc/zebradb/xsl/koha-indexdefs-to-zebra.xsl etc/zebradb/marc_defs/marc21/authorities/authority-koha-indexdefs.xml > etc/zebradb/marc_defs/marc21/authorities/authority-zebra-indexdefs.xsl
2 - git diff
3 - Note that authority-zebra-indexdefs.xsl now has 245 Title:s info
4 - Apply patch
5 - xsltproc etc/zebradb/xsl/koha-indexdefs-to-zebra.xsl etc/zebradb/marc_defs/marc21/authorities/authority-koha-indexdefs.xml > etc/zebradb/marc_defs/marc21/authorities/authority-zebra-indexdefs.xsl
6 - git diff
7 - There are lines added about title sort, but no 245 block
8 - xsltproc etc/zebradb/xsl/koha-indexdefs-to-zebra.xsl etc/zebradb/marc_defs/marc21/biblios/biblio-koha-indexdefs.xml > etc/zebradb/marc_defs/marc21/biblios/biblio-zebra-indexdefs.xsl
9 - git diff
10 - Note lines changes to ...title_sort
11 - 245 block does not change
Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 7 Jan 2022 10:29:47 +0000 (11:29 +0100)]
Bug 29812: Add missing use C4::Context in Koha::Token
Caused by bug 18124.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Fri, 10 Dec 2021 13:17:45 +0000 (10:17 -0300)]
Bug 29464: Make GET /acquisitions/orders honour sorting
When bug 20212 was pushed, we lost (didn't dig enough to find out how)
the sorting feature for this route.
This is mainly because biblio+biblioitems filtering prevents the route
to use plain $c->objects->search, so it has baked a custom version of
it. In this case, it missed the call to the dbic_merge_sorting helper,
that takes care of reading the query parameters and inject the sorting
attributes to the resultset.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/acquisitions_orders.t
=> FAIL: Tests fail, sorting doesn't actually work
3. Apply this patch
4. Repeat 2
=> SUCCESS: Sorting works!
5. Test sorting the pending orders on parcel.tt
6. Sign off :-D
Sponsored-by: ByWater Solutions
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Fri, 10 Dec 2021 13:15:42 +0000 (10:15 -0300)]
Bug 29464: Regression tests
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fridolin Somers [Tue, 18 Jan 2022 19:49:09 +0000 (09:49 -1000)]
Bug 29704: (RM follow-up) Fix typo sned send
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Fri, 17 Dec 2021 15:49:17 +0000 (15:49 +0000)]
Bug 29704: Add a triggered option to holds_reminder.pl
This patch adds an option to only trigger notices matching the number of
days waiting specified
You will need to define HOLD_REMINDER notices for the specific branch of the
patron and ensure the patron has hold reminder notices in their messaging preferences
TO test:
1 - Place a hold for a patron and check in to confirm
2 - Set the waiting date back a few days:
update reserves set waitingdate = DATE_SUB(CURDATE(), INTERVAL 5 DAY);
3 - Run the cron and see that patron would be notified if running for 4 days weaiting
perl misc/cronjobs/holds/holds_reminder.pl -v --days 4
4 - Apply patch
5 - perl misc/cronjobs/holds/holds_reminder.pl -v --days 4 --triggered
6 - Note patron would not be notified
7 - perl misc/cronjobs/holds/holds_reminder.pl -v --days 5 --triggered
8 - Note patron is notified when days waiting matches exactly
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Julian Maurice [Tue, 16 Nov 2021 15:31:02 +0000 (15:31 +0000)]
Bug 29498: Remove usage of deprecated Mojolicious::Routes::Route::detour
Mojolicious::Routes::Route::detour was deprecated in Mojolicious 8.67
and removed in Mojolicious 9
It was used in Koha::App::Plugin::RESTV1 to connect the "REST API"
Mojolicious app to the other Mojolicious apps (Koha::App::Intranet and
Koha::App::Opac), so it's only a problem when running Koha as a
Mojolicious app.
This patch makes use of the "partial" attribute instead, which does the
same thing.
Test plan:
1. Run `morbo bin/intranet`
2. Point your browser to what morbo says (should be localhost:3000)
3. Log in, and go to Administration » Libraries. This table uses the
REST API, so if you see data in it, that means the API (and the
patch) works
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Joonas Kylmälä [Sun, 14 Nov 2021 12:10:15 +0000 (12:10 +0000)]
Bug 29474: Remove one layer of indendation by adding if check in the begginning
If we simply return "no" immediately from the function when the
checkout is not an autorenewed checkout we can drop one layer of
indendation and the code becomes much easier to read.
To test:
1) prove t/db_dependent/Circulation.t
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Joonas Kylmälä [Sun, 14 Nov 2021 12:05:16 +0000 (12:05 +0000)]
Bug 29474: Decouple renewal checks of auto-renewed issues from non-autorenewed
The too_soon check does not relate at all to auto-renewed issues and
should be moved outside the _CanBookBeAutoRenewed() function.
To test:
1) prove t/db_dependent/Circulation.t
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Sat, 13 Nov 2021 14:43:36 +0000 (14:43 +0000)]
Bug 29474: Return too_soon before checking renewals
This patch allows us to avoid checking reserves when the issue is
too_soon and we are running the cron
Code is covered by existing tests
To test:
1 - prove -v t/db_dependent/Circulation.t
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 14 Jan 2022 14:17:56 +0000 (15:17 +0100)]
Bug 29884: Run missing test in api/v1/patrons.t
compare is not calling is() or ok(), it's caller job to do it.
Test plan:
prove t/db_dependent/api/v1/patrons.t
should still return green
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Thu, 6 Jan 2022 12:38:05 +0000 (12:38 +0000)]
Bug 29808: Do not receive transfer for checked out items
This patch adds a check to StockRotationItem->advance to check if an
item is checked out from the destination branch. If so, we do not receive the transfer
To test:
1 - Enable StockRotation system preference
2 - Browse to Tools->Stock rotation->New Rota and create a new rota, set as cyclical
3 - Manage->stages and add two stages, each with 0 day duration
4 - Manage->items - add an item
5 - Checkout the item from the first branch of rotation
6 - Tools->Stock rotation->Manage->items->move to next stage
7 - Error:
[Transfer item is currently checked out] at /usr/share/perl5/Exception/Class/Base.pm line 88
8 - Check in the item at first branch
9 - Checkout the item from the second stage branch
10 - Apply patch
11 - Tools->Stock rotation->Manage->items->move to next stage
12 - No error!
13 - Check in item at second branch
14 - Checkout from first branch
15 - Tools->Stock rotation->Manage->items->move to next stage
16 - Still no error!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Thu, 6 Jan 2022 12:28:23 +0000 (12:28 +0000)]
Bug 29808: Unit tests
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 6 Jan 2022 10:13:57 +0000 (07:13 -0300)]
Bug 29804: Fix Koha::Hold->is_pickup_location_valid exploding
This trivial patch acknowledges the fact bug 28871 is probably not going
to be pushed, and changes the method so it, internally, uses
Koha::Item->pickup_locations and Koha::Biblio->pickup_locations in
scalar context.
This is probably the correct solution as the discussion on bug 28883
points towards the future removal of the use of wantarray altogether,
eventually.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Hold.t
=> FAIL: It explodes as we see in production, with:
The method Koha::Libraries->branchcode is not covered by tests!
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 6 Jan 2022 10:11:02 +0000 (07:11 -0300)]
Bug 29804: Regression tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Tue, 4 Jan 2022 13:37:53 +0000 (13:37 +0000)]
Bug 29786: Select only specific items for item level holds
This patch adjusts get_items_that_can_fill to make two requests:
first the list of items for item-level holds
second the list of biblionumbers for title-level holds
This stops the report from pulling more items for item-level hold
This patch also removes the aliases used in the code - while readability
is a bit harder, it allows for using 'me' in get_items_that_can_fill
Otherwise, this routine would need a parameter to know what we called the table.
To test:
1 - Find a record with many items available
2 - Place an item level hold for an item on the record, not the one with lowest itemnumber
3 - Run 'Hold to pull' report
4 - Note the barcode does not match
5 - Apply patch
6 - Reload report
7 - It matches!
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Tue, 4 Jan 2022 13:33:07 +0000 (13:33 +0000)]
Bug 29786: Unit tests
I add a new test for the case of an item level hold, and additionally
adjust later tests to use a title level hold.
I also fix a typo where the comment says item 1 when it means item 2
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Andrew Isherwood [Wed, 5 Jan 2022 13:00:10 +0000 (10:00 -0300)]
Bug 28932: Fix duplicate next_action & prev_action
This patch fixes the duplicate buttons issue.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/Illrequests.t
=> FAIL: Tests fail
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Andrew Isherwood [Wed, 5 Jan 2022 13:02:22 +0000 (10:02 -0300)]
Bug 28932: Regression tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle Hall [Fri, 4 Feb 2022 18:28:58 +0000 (13:28 -0500)]
Bug 29495: DBRev 21.12.00.008
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Martin Renvoize [Mon, 22 Nov 2021 17:58:13 +0000 (17:58 +0000)]
Bug 29495: Add relation tests
This patch adds missing tests for relationship accessors in the
ReturnClaim class.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Thu, 18 Nov 2021 15:47:02 +0000 (15:47 +0000)]
Bug 29495: (follow-up) Use 'item' relationship
This patch adds the missing 'item' relationship in
Checkouts::ReturnClaim and then uses it from the resolve method.
This improve the reliability of the resolution code so it works when the
item has already been checked in (without having to check
Old::Checkouts).
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Thu, 18 Nov 2021 07:43:44 +0000 (07:43 +0000)]
Bug 29495: Update relationship methods
This patch updates the relationship methods found in
Koha::Checkouts::ReturnClaim so that they are prefetchable and embeddable on
the API.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Wed, 17 Nov 2021 10:27:38 +0000 (10:27 +0000)]
Bug 29495: Add code level constraint replacement
This patch adds a check in Koha::Checkouts::ReturnClaim::store to
replace the database level foreign key check.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Wed, 17 Nov 2021 10:10:18 +0000 (10:10 +0000)]
Bug 29495: Add DBIC relationships back into Schema
This patch adds the relationship accessors back into the affected Schema
classes, now below the fold so they are retained during dbic rebuilds.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Wed, 17 Nov 2021 10:01:47 +0000 (10:01 +0000)]
Bug 29495: DBIC Schema Rebuild
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Wed, 17 Nov 2021 09:56:48 +0000 (09:56 +0000)]
Bug 29495: Drop issue_id constraint from return_claims
This patch removes the issue_id constraint from return_claims.
Due to the nature of our dual table approach to checkouts/old_checkouts
we can't safely hae this constraint and not lose data. Prior to this
commit, when an item is checked in we move the checkout from checkouts
to old_checkouts.. this therefore triggers the delete of the issue_id
from the return_claims table as described by the foreign key constraint.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Mon, 22 Nov 2021 16:30:13 +0000 (16:30 +0000)]
Bug 29495: Unit Tests
Test plan
1. Run updated tests prior to applying new patches.. pass
2. Run updated tests after applying new patches.. pass
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Tomas Cohen Arazi [Mon, 29 Nov 2021 10:59:47 +0000 (07:59 -0300)]
Bug 29585: Fix unstranslatable strings in addbiblio.tt
This patch makes 'Go to field' and 'Errors' strings translatable
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle M Hall [Mon, 31 Jan 2022 18:16:32 +0000 (18:16 +0000)]
Update release notes for 21.11.02 release
Signed-off-by: Kyle Hall <kyle@bywatersolutions.com>
Kyle Hall [Mon, 31 Jan 2022 15:46:26 +0000 (10:46 -0500)]
Increment version for 21.11.02 release
Signed-off-by: Kyle Hall <kyle@bywatersolutions.com>
Kyle Hall [Mon, 31 Jan 2022 15:43:37 +0000 (10:43 -0500)]
Fix translations for Koha 21.11.02
Signed-off-by: Kyle Hall <kyle@bywatersolutions.com>
Kyle Hall [Mon, 31 Jan 2022 14:55:50 +0000 (09:55 -0500)]
Merge remote-tracking branch 'koha-translate/21.11.02-translate-
20220131' into HEAD
Koha translators [Mon, 31 Jan 2022 14:37:23 +0000 (11:37 -0300)]
Translation updates for Koha 21.11.02
Jonathan Druart [Wed, 19 Jan 2022 10:21:54 +0000 (11:21 +0100)]
Bug 29903: Prevent messages to be deleted from unauthorised users
The "Delete" link is hidden but the controller does not do the necessary checks.
/cgi-bin/koha/circ/del_message.pl?message_id=1&borrowernumber=5&from=moremember
Test plan:
Create a message, see the "Delete" link, don't click it but copy it
Change logged in library and use the link
If AllowAllMessageDeletion is off you should be redirected to 403
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Wed, 12 Jan 2022 12:43:48 +0000 (09:43 -0300)]
Bug 29544: (QA follow-up) Simplify code
I think this is a better approach for the same thing. Posting it just in
case it helps.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 2 Dec 2021 08:04:14 +0000 (09:04 +0100)]
Bug 29544: Fix opac-issue-note.pl
We must check if logged in user is trying to modify one of their
checkouts
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Mon, 22 Nov 2021 13:56:58 +0000 (14:56 +0100)]
Bug 29544: Ensure logged in user is allowed to modify checkout note
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)]
Bug 29542: Prevent access to private list to non authorized users
The catalogue permission is not enough.
Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
/cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX
You should get an error message "You do not have sufficient permission
to continue."
Login with user A
=> You should be able to send the list
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Mon, 6 Dec 2021 12:58:25 +0000 (13:58 +0100)]
Bug 29541: Prevent users from another group to access patron's images
We should respect group restrictions here.
Test plan:
Create a patron from another group of libraries and don't let them
access info from patrons outside of this group.
Access the following link and confirm that you can see the image only
for patrons from their group
/cgi-bin/koha/members/patronimage.pl?borrowernumber=XX
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Mon, 22 Nov 2021 14:29:58 +0000 (15:29 +0100)]
Bug 29541: Restrict access to patron's image to borrowers => * and circulate => *
The patron images is displayed on the 'circulation' and 'members'
modules.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 25 Jan 2022 10:57:01 +0000 (11:57 +0100)]
Bug 29914: Remove 'Use of uninitialized value ' warnings
Nick Clemens [Mon, 24 Jan 2022 14:23:29 +0000 (14:23 +0000)]
Bug 29914: (QA follow-up) Add comment to explain last case
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
JD amended patch: remove ref to line number
Nick Clemens [Mon, 24 Jan 2022 14:19:24 +0000 (14:19 +0000)]
Bug 29914: (QA follow-up) Expand tests to cover failure case before patches
When asking for permissions we get 'failed', without we get 'ok'
Adding explicit checks for not 'ok'
Add a FIXME:
We should cover the case where we return 'failed' after changes, but that is a larger undertaking
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Martin Renvoize [Thu, 9 Dec 2021 13:55:41 +0000 (13:55 +0000)]
Bug 29670: Fix EDI for AcqCreateItem = 'placing on order'
The AcqCreatItem at order time functionality was broken by bug 27708.
This patch resolves that.
Test plan.
1) Run the newly created unit tests that prove both settings work
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Martin Renvoize [Thu, 9 Dec 2021 16:04:55 +0000 (16:04 +0000)]
Bug 29670: Unit tests
This patch adds unit tests for Koha::Edifact::Order->order_line. We now
check that the message segments are created as expected for both the
'ordering' and not 'ordering' case for acquisitions item creation time.
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
JD amended patch: spelling segement ==> segment
Marcel de Rooy [Fri, 21 Jan 2022 10:50:59 +0000 (10:50 +0000)]
Bug 29914: Remove warn on timeout
The value of the system preference 'timeout' is not correct, defaulting to 600.
Caused by previous test. Actually an omission in another sub that
does not seem to support 10x.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 21 Jan 2022 08:23:38 +0000 (09:23 +0100)]
Bug 29914: Add tests
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 20 Jan 2022 09:10:05 +0000 (10:10 +0100)]
Bug 29914: Make check_cookie_auth compare the userid
check_cookie_auth is assuming that the user is authenticated if a cookie exists
and that the login/username exists in the DB.
So basically if you hit the login page, fill the login input with a
valid username, click "login"
=> A cookie will be generated, and the sessions table will contain a
line with this session id.
On the second hit, if the username is in the DB, it will be enough to be
considered authenticated.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Tue, 11 Aug 2020 17:26:18 +0000 (17:26 +0000)]
Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt
To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Tue, 11 Aug 2020 15:22:33 +0000 (15:22 +0000)]
Bug 26102: Prevent XSS when To.json is used: subscription-add.tt
Test the process of adding a subscription, entering both a valid vendor
ID and a non-existent vendor ID. The non-existent vendor ID should
trigger a validation alert.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Tue, 11 Aug 2020 15:05:59 +0000 (15:05 +0000)]
Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt
To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Tue, 11 Aug 2020 12:57:48 +0000 (12:57 +0000)]
Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt
To test, perform a search in the catalogue and verify that search term
highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Tue, 11 Aug 2020 12:41:13 +0000 (12:41 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt
Test the process of searching for and selecting an authority record for
use in the basic MARC editor.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Tue, 11 Aug 2020 12:34:18 +0000 (12:34 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt
Check that mandatory tags and subfields are correctly required when
editing an authority record.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Tue, 11 Aug 2020 12:31:26 +0000 (12:31 +0000)]
Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt
Test that preference search term highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Mon, 22 Nov 2021 07:55:47 +0000 (07:55 +0000)]
Bug 29540: Raise flagsrequired in modrequest
Test plan:
Try modrequest with a user having only 'catalogue' perms and the following URLs:
[1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX
Fill the XXs with correct identifiers for some item level hold.
[2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX
Fill the XX with borrowernumber for borrower that has pending holds.
You should see: Error: You do not have permission to access this page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[AMENDED] More consensus for using reserveforothers than circulate_remaining.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
David Cook [Thu, 22 Jul 2021 06:34:20 +0000 (06:34 +0000)]
Bug 28735: Self-checkout users can access opac-user.pl for sco user when not using AutoSelfCheckID
This patch makes the sandboxing of the selfcheckout more robust by
adding a "sco_user" session variable which is turned on when
logging into the self-checkout (either by AutoSelfCheckAllowed or manually).
If a user with this session variable turned on tries to access
other parts of the system (like the rest of the OPAC), it will
"kick out", so that the browser user will lose the authenticated session.
Test plan:
1) Apply the patch
2) koha-plack --restart kohadev
3) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4) Note that you are logged into the self-checkout
So you see the login screen specific to the self-checkout.
To log with the actual patron. It's a nested auth.
5) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
6) Note that you are not logged into the OPAC
7) Log into the staff interface and disable the
system preference AutoSelfCheckAllowed
8) Log out of the staff interface (this step is very important)
9) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
10) Note that you are prompted to log into Koha
11) Login using the "koha" user (when using koha-testing-docker)
12) Note that you are logged into the self-checkout
13) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
14) Note that you are not logged into the OPAC
Without the patch you would still be logged as "koha"
15) Go back to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
16) Note that you will need to log in again as you've lost your
session cookie
Without the patch you will still be logged in the self-checkout
Voila!
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Wed, 5 Jan 2022 16:06:15 +0000 (16:06 +0000)]
Bug 29543: Set autocomplete off for SCO login fields
Cardnumber already had it set, adding for username and password
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 5 Jan 2022 15:37:49 +0000 (16:37 +0100)]
Bug 29543: Add Mojo::JWT dependency
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Wed, 5 Jan 2022 15:29:41 +0000 (15:29 +0000)]
Bug 29543: (follow-up) Add a warning to SelfCheckoutByLogin
This updates the language to warn users of risk if using cardnumber for login and auto-self-check is enabled
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 5 Jan 2022 14:25:48 +0000 (15:25 +0100)]
Bug 29543: Prevent user to checkin or renew items they don't own
Checkin or renew must be restricted to the items they own.
Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1
You should see an error message
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 5 Jan 2022 11:47:10 +0000 (12:47 +0100)]
Bug 29543: Enforce authentication for self-checkout
The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!
This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.
Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 5 Jan 2022 11:20:28 +0000 (12:20 +0100)]
Bug 29543: Add JWT token handling
Mojo::JWT is installed already, it's not a new dependency.
We need a way to send the patron a token when it's correctly logged in,
and not assumed it's logged in only if patronid is passed
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 5 Jan 2022 10:25:12 +0000 (11:25 +0100)]
Bug 29543: Remove inputfocus variable
It's not used in template
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 5 Jan 2022 10:24:12 +0000 (11:24 +0100)]
Bug 29543: Remove borrower variable
It's not needed, we have $patron
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 16 Dec 2021 15:44:30 +0000 (16:44 +0100)]
Bug 29717: Remove unecessary DT manipulations from tools/additional-contents.pl
DBIC handles DateTime correctly, no need for this output_pref call.
Test plan:
Create a new content, set the dates, confirm they are set correctly
Modify the content, modify the dates, confirm they are stored correctly
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Wed, 15 Dec 2021 15:44:06 +0000 (15:44 +0000)]
Bug 29702: Fetch group libraries in a single call
The current code gets all group members, then loops through and fetches the library if there is a
branchcode, or recursively calls itself if a group. This slows down performance.
We can utilize the 'libraries' method to get all child libraries at once, then make a check
for child groups separately
To recreate:
1 - Add 100 items to a biblio
2 - Define a library group as a hold group
3 - Add all libraries to the group
4 - Set 'Default checkout, hold and return policy'->'Hold pickup library match' = 'Any library'
5 - place a hold on the record and note load time after patron is selected
6 - Set 'Default checkout, hold and return policy'->'Hold pickup library match' = 'Patrons hold group'
7 - place a hold, note longer load time after patron selection
8 - Apply patch
9 - note improvement
10 - prove -v t/db_dependent/Koha/Libraries.t
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Thu, 6 Jan 2022 18:28:20 +0000 (15:28 -0300)]
Bug 29813: Add missing semicolon in skeleton.pl
This has no effect as it is not causing problems. But.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Tue, 21 Dec 2021 13:16:55 +0000 (10:16 -0300)]
Bug 29736: (QA follow-up) No need to delete all clubs
There's no real need to delete all the existing clubs in the tests.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tomas Cohen Arazi [Tue, 21 Dec 2021 13:49:56 +0000 (10:49 -0300)]
Bug 29736: Restore searching
Without this patch, the list will always display all clubs.
To test:
1. Have two clubs, with enrollemnts:
- Cthulhu fans
- The Shadow Out of Time fans
2. Search for the letter c
=> FAIL: You get both results
3. Apply this patch
4. Repeat 2
=> SUCCESS: Only Cthulhu is returned
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
projects / koha.git / log