]> git.koha-community.org Git - koha.git/log
koha.git
3 years agoBug 27947: (QA follow-up) Remove incorrect permission check
Martin Renvoize [Fri, 17 Sep 2021 15:46:14 +0000 (16:46 +0100)]
Bug 27947: (QA follow-up) Remove incorrect permission check

The API was checking for 'reserverforothers' permission, but that
doesn't make sense to apply here.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27947: Add regression tests for routes
Tomas Cohen Arazi [Fri, 17 Sep 2021 15:13:09 +0000 (12:13 -0300)]
Bug 27947: Add regression tests for routes

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27947: (QA follow-up) Refactor routes
Tomas Cohen Arazi [Fri, 17 Sep 2021 14:42:34 +0000 (11:42 -0300)]
Bug 27947: (QA follow-up) Refactor routes

This patch refactors the route specs a bit, and also reorganizes code
for easier tracking.

Unused exceptions that were added earlier are removed for now.

A follow-up patch will add tests to this routes.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27947: (follow-up) Add OPAC cancellation as new reason too
Marcel de Rooy [Fri, 17 Sep 2021 09:06:08 +0000 (09:06 +0000)]
Bug 27947: (follow-up) Add OPAC cancellation as new reason too

Something that currently comes up now already too:
If the user cancels from the OPAC page, there is no reason in the notice.
We could simply add one now.

Test plan:
Run dbrev to add the OPAC authval.
Create new AR and cancel it from OPAC.
Verify notice created for the user.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27947: (follow-up) Improve atomic update
Marcel de Rooy [Fri, 17 Sep 2021 08:38:44 +0000 (08:38 +0000)]
Bug 27947: (follow-up) Improve atomic update

We do not need to replace the whole notice text, we only need to
replace the reference to article_requests.notes.

Test plan:
Run the dbrev. Verify result for notice AR_CANCELED.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27947: Add cancellation reason to article request
Agustin Moyano [Fri, 20 Aug 2021 02:51:38 +0000 (23:51 -0300)]
Bug 27947: Add cancellation reason to article request

This bug adds a cancellation reason authorised values to article requests

To test:
1. apply this patch
2. updatedatabase
3. in staff interface go to /cgi-bin/koha/admin/authorised_values.pl
CHECK => AR_CANCELLATION category should appears
4. place several article requests
5. in staff interface go to /cgi-bin/koha/circ/article-requests.pl
6. select multiple requests, or just one and cancel them
SUCCESS => a modal pops up offering to select a cancellation reason
CHECK => message_queue table has messages with cancellation reason included
7. repeat steps 4 to 6 but for /cgi-bin/koha/circ/request-article.pl
8. cancelling article requests from opac interface should work just as before

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27947: Add authorised values list in article requests cancellation
Agustin Moyano [Fri, 20 Aug 2021 02:00:26 +0000 (23:00 -0300)]
Bug 27947: Add authorised values list in article requests cancellation

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27945: Terminology: max daily => open requests limit
Tomas Cohen Arazi [Tue, 5 Oct 2021 15:02:12 +0000 (12:02 -0300)]
Bug 27945: Terminology: max daily => open requests limit

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27945: Don't save rule if not defined
Jonathan Druart [Tue, 5 Oct 2021 09:30:37 +0000 (11:30 +0200)]
Bug 27945: Don't save rule if not defined

The DB rev added a row with NULL (unlimited), and the UI a row with ''
(unlimited as well) when saved without value.

Better is to not have a row (still unlimited)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27945: Fix error handling and translatability
Tomas Cohen Arazi [Mon, 4 Oct 2021 15:08:12 +0000 (12:08 -0300)]
Bug 27945: Fix error handling and translatability

This patch adds better error handling and reporting when placing an
article request fails. It also makes the error messages translatable.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27945: Implement limits using circulation rules
Tomas Cohen Arazi [Mon, 4 Oct 2021 12:43:11 +0000 (09:43 -0300)]
Bug 27945: Implement limits using circulation rules

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27945: Add max_daily_article_requests circulation rule
Tomas Cohen Arazi [Mon, 4 Oct 2021 12:14:16 +0000 (09:14 -0300)]
Bug 27945: Add max_daily_article_requests circulation rule

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27945: Clarify 'same day' behavior
Tomas Cohen Arazi [Thu, 30 Sep 2021 18:57:00 +0000 (15:57 -0300)]
Bug 27945: Clarify 'same day' behavior

This patch introduces tests for the 'same day' check of the ability to
place article requests for a patron.

The limit goes against current requests, and those that have been
completed on the same day. The tests cover this specific situation.

The current behavior is that it takes into account a 24 hr timespan, but
consensus on the QA step was that we should do it as 'same day' and use
a separate feature request to change this, if required.

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/Patron.t
=> SUCCESS: Tests pass!
3. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27945: Add limit article request feature
Agustin Moyano [Tue, 27 Jul 2021 15:20:46 +0000 (12:20 -0300)]
Bug 27945: Add limit article request feature

This patch makes it possible to limit article requests per patron per day.

To test:
1. Apply patches
2. updatedatabase
3. Enable ArticleRequests preference
4. Edit a patron category and set an article request limit to 1
CHECK => if you set the limit to anything else but a positive number or empty string, a warning appears
5. In staff search biblios and request an article for a patron of the modified category
6. Repeat step 5
SUCCESS => if limit is reached, when you select the user to request an article a warning appears saying that the limit was reached
7. Repeat steps 5 and 6 but this time in opac
SUCCESS => Patron is not allowed to request another article if limit is reached
8. prove t/db_dependent/ArticleRequests.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Edit: This patchset originally changed the 'categories' table structure
and relied on that for limit calculation. I removed all that code and
squashed into this one, as we moved everything to the circulation_rules
table.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27945: Add tests
Agustin Moyano [Thu, 22 Jul 2021 00:54:41 +0000 (00:54 +0000)]
Bug 27945: Add tests

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: DBIC schema changes
Jonathan Druart [Tue, 5 Oct 2021 09:42:07 +0000 (11:42 +0200)]
Bug 27944: DBIC schema changes

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: DBRev 21.06.00.028
Jonathan Druart [Tue, 5 Oct 2021 09:34:24 +0000 (11:34 +0200)]
Bug 27944: DBRev 21.06.00.028

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: Add missing tests
Tomas Cohen Arazi [Thu, 30 Sep 2021 18:05:54 +0000 (15:05 -0300)]
Bug 27944: Add missing tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: (follow-up) Add POD
Tomas Cohen Arazi [Thu, 30 Sep 2021 14:55:11 +0000 (11:55 -0300)]
Bug 27944: (follow-up) Add POD

The library didn't contain real POD. This patch adds it.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: (QA follow-up) Make atomic update idempotent
Tomas Cohen Arazi [Wed, 22 Sep 2021 17:42:28 +0000 (14:42 -0300)]
Bug 27944: (QA follow-up) Make atomic update idempotent

This patch checks the DB structure to see if the status column
definition contains 'REQUESTED' as a valid ENUM value.

The script is also moved into the new style.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: (QA follow-up) Add span to fix pipe separator
Nick Clemens [Fri, 17 Sep 2021 11:03:17 +0000 (11:03 +0000)]
Bug 27944: (QA follow-up) Add span to fix pipe separator

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: (QA follow-up) Make staff home page show new article requests
Tomas Cohen Arazi [Tue, 10 Aug 2021 16:39:46 +0000 (13:39 -0300)]
Bug 27944: (QA follow-up) Make staff home page show new article requests

As exposed on comment 29, the current code is showing the 'pending'
requests when it should display 'requested' ones (i.e. the new ones).

This patch changes that accordingly.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: (QA follow-up) Rename ->open for ->set_pending
Tomas Cohen Arazi [Tue, 10 Aug 2021 16:16:53 +0000 (13:16 -0300)]
Bug 27944: (QA follow-up) Rename ->open for ->set_pending

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: REQUESTED is the new default status
Tomas Cohen Arazi [Tue, 10 Aug 2021 16:11:42 +0000 (13:11 -0300)]
Bug 27944: REQUESTED is the new default status

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: (follow-up) Move statuses to constants
Marcel de Rooy [Thu, 15 Jul 2021 06:13:36 +0000 (06:13 +0000)]
Bug 27944: (follow-up) Move statuses to constants

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: (follow-up) Move existing statuses, rename idempotent
Marcel de Rooy [Wed, 14 Jul 2021 15:01:23 +0000 (15:01 +0000)]
Bug 27944: (follow-up) Move existing statuses, rename idempotent

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: (follow-up) Improving consistency between notice names
Marcel de Rooy [Wed, 14 Jul 2021 14:42:30 +0000 (14:42 +0000)]
Bug 27944: (follow-up) Improving consistency between notice names

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: Add missing Status module
Marcel de Rooy [Thu, 8 Jul 2021 09:30:34 +0000 (09:30 +0000)]
Bug 27944: Add missing Status module

Test plan:
perl -c the module or run qa tools

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: Add "requested" stage in article request process
Agustin Moyano [Tue, 30 Mar 2021 13:52:31 +0000 (10:52 -0300)]
Bug 27944: Add "requested" stage in article request process

This patch adds the stage "requested" in article request process, which
is previous to pending stage.

To test:
1. apply this patch
2. updatedatabase
3. enable ArticleRequests syspref
4. from staff inteface and from opac search for a record and place an
   article request
5. koha-mysql kohadev
6. query: select subject, content, letter_code from message_queue;
CHECK => There is a message for each article request with code
AR_REQUESTED
      => In opac-user.pl, in "Article requests" tab you should see a row
in the table with "Requested" status
5. in staff go to Circulation -> Article Requests
SUCCESS => You should see 3 tabs, one for Requested stage (with two
requests), one for Pending stage and one for Processing stage.
6. play with actions buttons
CHECK => you should see a new action called "Set request as pending"
SUCCESS => All action buttons behave as expected, and tab counts updates
correctly.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: Add AR_REQUESTED message in sample_notices.yml and modify AR_PENDING
Agustin Moyano [Tue, 30 Mar 2021 13:51:57 +0000 (10:51 -0300)]
Bug 27944: Add AR_REQUESTED message in sample_notices.yml and modify AR_PENDING

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 27944: Add new letter in atomicupdate, and modify status column in article_reques...
Agustin Moyano [Tue, 30 Mar 2021 13:49:06 +0000 (10:49 -0300)]
Bug 27944: Add new letter in atomicupdate, and modify status column in article_requests table

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29128: Remove the other whitespace in browse shelf link
Jérémy Breuillard [Tue, 28 Sep 2021 13:14:45 +0000 (13:14 +0000)]
Bug 29128: Remove the other whitespace in browse shelf link

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29128: Remove whitespace in browse shelf link
Lucas Gass [Mon, 27 Sep 2021 20:16:22 +0000 (20:16 +0000)]
Bug 29128: Remove whitespace in browse shelf link

To test:
-Turn on OPACShelfBrowser and make sure you have some itemcallnumbers
-Go to detail page and see the link: (Browse shelf )
-Apply patch and look at the link again, it should be: (Browse shelf)

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29042: Improve formatting of entry form in Additional Contents
Owen Leonard [Thu, 16 Sep 2021 15:28:14 +0000 (15:28 +0000)]
Bug 29042: Improve formatting of entry form in Additional Contents

This patch makes some corrections to the Additional Contents template so
that the content entry form can be styled like other similar forms in
the staff interface.

The patch also updates the form's "title" field so that it is longer and
has a maxlength attribute matching the size of the table column.

To test, apply the patch and go to Tools -> News.

 - Create a new news item.
 - In the entry form, confirm that the "Title" and "Content" fields are
   styled consistently with other similar forms.
 - Confirm that the "title" field is longer.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29041: (follow-up) Expand the scope of changes
Owen Leonard [Mon, 27 Sep 2021 16:44:12 +0000 (16:44 +0000)]
Bug 29041: (follow-up) Expand the scope of changes

This patch expands the scope of the original changes to add consistency
to the non-edit views.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29041: Improve specificity of breadcrumbs in Additional Contents
Owen Leonard [Thu, 16 Sep 2021 15:14:52 +0000 (15:14 +0000)]
Bug 29041: Improve specificity of breadcrumbs in Additional Contents

This patch adds a link to news or HTML customizations in the breadcrumbs
navigation depending on which category of content you're adding or
editing.

To test, apply the patch and go to Tools -> News.

 - Begin the process of adding a news item.
 - In the breadcrumbs menu you should see:
   Additional contents > News > Add additional content
 - Clicking "News" should return you to the view of news items.
 - Test the same process in "HTML customizations."

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29006: Compiled CSS
Jonathan Druart [Mon, 4 Oct 2021 13:43:04 +0000 (15:43 +0200)]
Bug 29006: Compiled CSS

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29006: Make GoogleOpenIDConnect options consistent in the OPAC
Owen Leonard [Mon, 13 Sep 2021 14:49:53 +0000 (14:49 +0000)]
Bug 29006: Make GoogleOpenIDConnect options consistent in the OPAC

This patch makes modifications to OPAC templates to make the Google
login options more consistent.

To test, apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).

- In the staff interface, enable the GoogleOpenIDConnect preference, and
  populate the GoogleOAuth2ClientID the GoogleOAuth2ClientSecret with
  values (they don't need to be valid).
- On the OPAC main page you should see a "Log in with Google" button
  above the Koha login form.
- If you click the "Log in to your account" link at the top of the page
  you should see a "Log in with Google" button in the modal window
- If you navigate directly to /cgi-bin/koha/opac-user.pl when not logged
  in you should see the same "Log in with Google" button on that page.
- In each case the Google button should point to /cgi-bin/koha/svc/auth/googleopenidconnect
- If you disable GoogleOpenIDConnect the buttons should disappear.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29004: Update GoogleOpenIDConnect preference to make it clear that it is OPAC...
Owen Leonard [Mon, 13 Sep 2021 13:37:55 +0000 (13:37 +0000)]
Bug 29004: Update GoogleOpenIDConnect preference to make it clear that it is OPAC-only

This patch modifies the description of the GoogleOpenIDConnect and
related preferences to make it clear that GoogleOpenIDConnect affects
OPAC logins and that the preferences are related.

To test, apply the patch and go to Administration -> System preferences.

Search for "google," and confirm that the descriptions of
GoogleOpenIDConnect and related preferences look clear and correct.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28983: Use Flatpickr on various pages
Owen Leonard [Wed, 8 Sep 2021 11:15:00 +0000 (11:15 +0000)]
Bug 28983: Use Flatpickr on various pages

This patch replaces the use of jQueryUI's datepicker on various
unrelated pages.

To test, apply the patch and test the following pages to confirm
that datepickers work correctly. "Linked" date fields should prevent a
"to" selection which preceeds the selected "from" date.

- Tools -> Patron clubs -> New club: Linked "start date" and "end date"
  fields.
- ILL requests: Two linked pairs of date fields in the sidebar, "Date
  placed between" and "Updated between." Each pair should work correctly
  and table filtering by date should work correctly.
- Tools -> Label creator -> Manage -> Layout batches -> Edit a batch ->
  Add items. This should trigger a popup window with a linked pair of
  date fields, "Added on or after date," and "Added on or before date."
- Point of sale -> Transaction history: "From" and "To" linked date
  field in the "Older transactions" section.
- Acquisitions -> Suggestions -> Add a suggestion: "Created by,"
  "Accepted on," and "Managed by" fields.
- Tools -> Tags -> Filter tags by date.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28961: Use Flatpickr on tools pages
Owen Leonard [Tue, 7 Sep 2021 14:14:54 +0000 (14:14 +0000)]
Bug 28961: Use Flatpickr on tools pages

This patch replaces the use of jQueryUI's datepicker on tools pages.

To test, apply the patch and test the following tools pages to confirm
that datepickers work correctly. "Linked" date fields should prevent a
"to" selection which preceeds the selected "from" date.

 - News -> New entry: Linked fields "Published date" and "Expiration
   date".
 - Batch extend due dates: Linked fields "Due date from" and  "Due date
   to"; "Hard due date" field.
 - Batch patron deletion: "who have not borrowed since," "whose
   expiration date is before," and "Permanently delete checkout history
   older than."
 - Export: Linked "Start date" and "End date" fields.
 - Import patrons -> Enter default values: "Date of birth,"
   "Registration date," and "Expiry date."
 - Inventory: "Set inventory date to."
 - Batch patron modification -> Submit a batch of cardnumbers or a
   patron list: "Registration date," "Expiry date," and "Restriction
   expiration."
 - Task scheduler: "Date" field.
 - Log viewer: "Display from" and "Display to" linked fields.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28958: Use Flatpickr on serials pages
Owen Leonard [Tue, 7 Sep 2021 12:44:06 +0000 (12:44 +0000)]
Bug 28958: Use Flatpickr on serials pages

This patch replaces the use of jQueryUI's datepicker on serials pages.

To test, apply the patch and test the following serials pages to confirm
that datepickers work correctly. "Linked" date fields should prevent a
"to" selection which preceeds the selected "from" date.

- Claims -> Choose vendor -> Filter missing issues (linked "from" and
  "to" fields).
- Check expiration -> "Expiring before" field.
- Manage numbering patterns -> New numbering pattern -> "First issue
  publication date" field.
- Serials advanced search -> "Expires before" field.
- Subscription search results -> Check multiple checkboxes -> Edit
  selected serials: "Expiration date" field.
- Subscription details -> Serial collection -> Edit serials ->
  "Published on" and "Expected on" fields.
- Subscription details -> Renew -> "Start date" field in the popup
  window.
- Subscription details -> Edit subscription -> Page 2 -> "First issue
  publication date," "Subscription start date," and "Subscription end
  date" fields.
- Locate a subscription with manual history enabled. From the
  subscription detail page, click the "Planning" tab, then "Edit
  history" -> Linked fields "Subscription start date" and "Subscription
  end date."

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28949: Use Flatpickr on reports pages
Owen Leonard [Fri, 3 Sep 2021 17:27:00 +0000 (17:27 +0000)]
Bug 28949: Use Flatpickr on reports pages

This patch replaces the use of jQueryUI's datepicker on reports pages.

To test, apply the patch and test the following reports pages to confirm
that datepickers work correctly. "Linked" date fields should prevent a
"to" selection which preceeds the selected "from" date.

- Acquisitions statistic wizard: Linked pairs of fields for
  "placed on" and "received on."
- Patrons with the most checkouts: Linked pairs of fields for
  "Checkout date from" and "Check-in date from"
- Patrons who haven't checked out: "Not checked out since"
  field.
- Cash register statistics wizard: Linked "From" and "To"
  fields.
- Most-circulated items: Linked pairs of fields for
  "Checkout date from" and "Check-in date from"
- Catalog statistics wizard: Linked pairs of fields for "Date acquired
  (item)" and "Date deleted (item)" The latter is shown by checking the
  "Count deleted items" radio button.
- View dictionary -> New definition:
  - Enter a definition name
  - Select table Circulation
  - Choose a date column, e.g. "Date of birth" or "Registration date"
  - Select "Date range"
    - Test that the "Start of date range" and "End of date range" fields
      are linked correctly.
- Create guided report:
  - Module: catalog
  - Type: Tabular
  - Select columns (any)
  - Select criteria to limit on: There should be three pairs of linked
    fields, "Creation date," "Modification date," and "Due date."
  - Confirm that the report is saved correctly with the dates you chose.
- Create from SQL -> Test a report with one or more date
  fields, e.g. https://wiki.koha-community.org/wiki/SQL_Reports_Library#Items_added_by_Collection
- Average loan time: Linke pairs of fields for "Checkout
  date" and "Returns."
- Reports -> Circulation statistics wizard: Linked "Period" fields.
- Reports -> Holds statistics wizard: Linked pairs of fields "Hold
  date," "Notification date," "Reminder date," "Waiting date," and
  "Cancellation date."

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28945: Use Flatpickr on administration pages
Owen Leonard [Fri, 3 Sep 2021 11:35:47 +0000 (11:35 +0000)]
Bug 28945: Use Flatpickr on administration pages

This patch updates administration templates to use Flatpickr instead of
jQueryUI datepickers.

To test, apply the patch and test date fields on the following pages:

- Administration -> Budgets ->
  - New budget: Linked "Start date" and "End  date" fields.
  - Duplicate budget: Linked "Start date" and "End  date" fields.
- Acquisitions -> Vendor -> New contract: Linked "Start date" and "End
  date" fields.
- Administration -> Circulation and fine rules: "Hard due date" and "No
  automatic renewal after" fields.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28942: Use Flatpickr on acquisitions pages
Owen Leonard [Thu, 2 Sep 2021 14:36:07 +0000 (14:36 +0000)]
Bug 28942: Use Flatpickr on acquisitions pages

This patch modifies several acquisitions pages replacing jQuery
datepickers with Flatpickr widgets.

To test, apply the patch and test datepickers on the following
Acquisitions pages:

 - Acquisitions -> Late orders (linked date fields in the sidebar)
 - Acquisitions -> Invoices (linked date fields in the sidebar)
 - Acquisitions -> Invoices -> Invoice details (shipment date and
   billing date)
 - Acquisitions -> Vendor -> Receive shipment (shipment date)
 - Acquisitions -> Vendor -> Receive shipment -> Receive (on order line)
   -> Date received field under "Accounting details
 - Acquisitions -> Orders search tab in the header -> Advanced search:
   Linked date fields in the search form."

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28720: (follow-up) Improve string translation
Owen Leonard [Wed, 18 Aug 2021 12:48:08 +0000 (12:48 +0000)]
Bug 28720: (follow-up) Improve string translation

This patch fixes the following issues raised by QA:

- It modifies the markup so that "Add note" and "Edit note" can be
  translated more easily.
- It adds display of existing notes back to the table of checkouts.
- It adds to the table configuration so that a "plain" view of the notes
  (without buttons) is shown in print view and in CSV export.
- It improves handling of notes containing quotation marks which would
  previously have broken some edit interactions.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28720: Update the process of adding a checkout note in the OPAC
Owen Leonard [Mon, 26 Jul 2021 15:27:02 +0000 (15:27 +0000)]
Bug 28720: Update the process of adding a checkout note in the OPAC

This patch moves the entry of checkout notes into a modal window with
the goal of making note entry easier.

To test, apply the patch and make sure the AllowCheckoutNotes system
preference is enabled.

- Log in to the OPAC as a user with checkouts.
- On the "Your summary" page, confirm that the table listing your
  checkouts has a "Report a problem" column with "Add note" buttons.
- Click an "Add note" button. A modal window should be shown which
  includes the title of the item, a textarea for writing a note, and a
  hint, "Your note will be shown to the librarian when the item is
  checked in."
- Add a note and submit it.
- The modal should close and a note at the top of the page should tell
  you your note has been saved. The contents of your note should be
  shown below that along with an "Edit note" link.
  - Confirm that the "Edit note" link works as expected.
  - Confirm that the "Add note" button you clicked in the table of
    checkouts now reads "Edit note."
    - You should be able to click this button and edit your note.
- Confirm that each note button works to add a note to the correct
  title.
- Confirm that the "Renew selected" and "Renew all" controls work.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28321: Compiled CSS
Jonathan Druart [Mon, 4 Oct 2021 13:10:44 +0000 (15:10 +0200)]
Bug 28321: Compiled CSS

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28321: Use template block for display of items in search results
Owen Leonard [Fri, 30 Apr 2021 10:36:42 +0000 (10:36 +0000)]
Bug 28321: Use template block for display of items in search results

This patch updates the staff interface catalog search results to use
a new reusable BLOCK for displaying item information: Available items,
checked-out items, and unavailable items.

Some style has been updated, and an old GIF image has been replaced with
an SVG. The hold ratios template has been updated to accommodate this
change.

To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).

- Perform a catalog search in the staff interface which will return
  multiple results with multiple items each. For thorough testing, some
  records should have items which are checked out, available, or
  lost/notforloan.
- On the search results page, confirm that item information is accurate
  and readable.
- Test with  item-level_itypes on and off.
- Test with noItemTypeImages on and off.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 26949: Upgrade TinyMCE in the staff interface from 5.0.16 to 5.9.2
Owen Leonard [Mon, 27 Sep 2021 18:50:48 +0000 (18:50 +0000)]
Bug 26949: Upgrade TinyMCE in the staff interface from 5.0.16 to 5.9.2

This patch upgrades TinyMCE in the staff interface from 5.0.16 to 5.9.2.
Other than the required TinyMCE package files, the only other change is
to the internationalization include file, which is updated to include
the latest set of strings for translation.

To test, apply the patch and clear your browser cache if necessary.

Test that the TinyMCE editor works in the staff interface:

 - In system preferences, with the  UseWYSIWYGinSystemPreferences
   preference enabled: IntranetCirculationHomeHTML,
   IntranetmainUserblock, IntranetReportsHomeHTML, etc.
 - Additional contents, with the AdditionalContentsEditor preference
   set to "WYSIWYG."
 - Administration -> Libraries, in the "OPAC info" field.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28303: Fix plugins system with multiple pluginsdir settings
Michael Hafen [Fri, 7 May 2021 20:13:49 +0000 (14:13 -0600)]
Bug 28303: Fix plugins system with multiple pluginsdir settings

C4/Templates::badtemplatecheck mucks with the config('pluginsdir') array ref.
This makes sure it operates on a copy of the array.

To test:
   1) $ prove t/db_dependent/Templates.t

Signed-off-by: David Nind <david@davidnind.com>
JK: Fix commit message styling and add test plan

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28303: Add unit test for badtemplatecheck
Joonas Kylmälä [Sun, 3 Oct 2021 10:53:40 +0000 (10:53 +0000)]
Bug 28303: Add unit test for badtemplatecheck

This tests that pluginsdir value is not modified by the call to
badtemplatecheck to make sure badtemplatecheck operates with its own
copy of pluginsdir configuration value.

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28734: Parse display in $biblio->get_marc_notes
Aleisha Amohia [Wed, 21 Jul 2021 05:01:23 +0000 (17:01 +1200)]
Bug 28734: Parse display in $biblio->get_marc_notes

1. Go to Koha Administration, MARC bibliographic frameworks
2. Edit a framework, find tag 590, edit the $z subfield to use an
authorised value.
3. Do a catalogue search and edit a record using this framework. Edit
590$z and select an authorised value. Save the record.
4. Add the record to your cart.
5. View your cart. Click More Details.
6. Scroll down to the Notes section. Notice the authorised value code is
displayed instead of the description.
7. Apply the patch, restart services.
8. Refresh your cart. Click More Details again if you need to.
9. Scroll down to the Notes section. The description of the authorised
value should now be displayed.

Sponsored-by: Catalyst IT
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Bug 28734: (follow-up) Use transformMARCXML4XSLT and tests

Confirm the following tests pass:
- t/db_dependent/Koha/Biblio.t
- t/db_dependent/XSLT.t

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Bug 28734: (QA follow-up) Fix test imports and readability

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Bug 28734: (QA follow-up) Update documentation about function usage

We are now using the function from Koha::Biblio.

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Bug 28734: Remove unadvertised changes

1. Using $frameworkcode instead of the default '' is an unadvertised change.
It would make sense to use $frameworkcode, but actually we must remove this parameter and always use the default, as we decided to make the default authoritative.
I would prefer to not introduce this change, just in case..

2. Restore good import (use plurals)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29133: Correct select2 strings
Jonathan Druart [Wed, 29 Sep 2021 09:05:04 +0000 (11:05 +0200)]
Bug 29133: Correct select2 strings

We are using 'max'/'min' when the arguments are 'maximum'/'minimum'.
Also using %n, %d when only %s is working in .format()

Have a look at https://github.com/select2/select2/blob/45f2b83ceed5231afa7b3d5b12b58ad335edd82e/src/js/select2/i18n/en.js
It's Select2 v.4.0.13, the one we are using. We should match what's
there.

Test plan:
Bug 29002 is using minimumInputLength, you can see the difference when
selecting a patron:
 "Please enter %s or more characters"
vs
 "Please enter 3 or more characters"

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Bug 29133: (follow-up) Fix for argument mismatch

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
JK: fix typo in commit message
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29134: Use a subquery to increase performance of patron attributes search
Nick Clemens [Wed, 29 Sep 2021 12:26:59 +0000 (12:26 +0000)]
Bug 29134: Use a subquery to increase performance of patron attributes search

This patch generates a subquery and checks if a borrowrnumber is in the results to add patrons
to search results

To test:
 1 - Generate a bunch of patrons:
    SELECT surname, firstname, branchcode, categorycode FROM ( SELECT surname FROM borrowers ORDER BY rand() ) a,( SELECT firstname FROM borrowers ORDER BY rand() ) b,( SELECT branchcode FROM borrowers ORDER BY rand() ) c,( SELECT categorycode FROM borrowers ORDER BY rand() ) d LIMIT 50000
 2 - Add a patron attribute to the system and make it searchable - I used code 'TEST'
 3 - Add a value for this attribute to many patrons:
   INSERT INTO borrower_attributes (borrowernumber,code,attribute) SELECT borrowernumber, 'TEST','alphabet' FROM borrowers LIMIT 10000;
 4 - In staff client got 'Patrons'
 5 - Open the browser console (F12) and view the netwrok tab
 6 - Perform a patron search for 'a'
 7 - Note the time it takes for 'search' to complete in console
 8 - Apply patch, restart_all
 9 - Repeat search
10 - Note it is much faster
11 - prove -v t/db_dependent/Utils/Datatables_Members.t

NOTE: I tested with 500k patrons and 100k attributes - search returned in ~2 seconds with patch
and did not return before I got impatient without patch

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29148: Check if hold is item or bib level
Lucas Gass [Thu, 30 Sep 2021 22:11:32 +0000 (22:11 +0000)]
Bug 29148: Check if hold is item or bib level

To test:
1 - place an item level hold, it says: [one of the barcodes] or any available
2 - place a bib level hold, it says: [one of the barcodes] or any available
3 - Apply patch
4 - item level hold should say: Only [barcode]
5 - bib level hold should say: [one of the barcodes] or any available

Signed-off-by: Azucena <Azucena.Aguayo@uvu.edu>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28717: Fix additional content logs
Jonathan Druart [Wed, 18 Aug 2021 15:58:38 +0000 (17:58 +0200)]
Bug 28717: Fix additional content logs

The logging for additional contents added by bug 26205 has been broken
by but 22544.

This patch is a revisited version as bug 24387 has been pushed.
It does not log MODIFY if no modification has been made on a template
(useful when only 1 version/lang of a content has been modified)

Test plan:
Turn on NewsLog
Add/modify and delete additional contents/News and confirm that
modification are logged.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 24387: Entries with parent are missing a code
Jonathan Druart [Tue, 14 Sep 2021 17:26:32 +0000 (19:26 +0200)]
Bug 24387: Entries with parent are missing a code

We executed the same 2 queries, we want to adjust the code for the
parent and the language specific row.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoRevert "Bug 28510: Remove unnecessary conditional"
Jonathan Druart [Fri, 1 Oct 2021 13:55:33 +0000 (15:55 +0200)]
Revert "Bug 28510: Remove unnecessary conditional"

This reverts commit d284735d05f67226feba1b4b9e7bf17259eaabaf.

The following test was failing randomly:
 #   Failed test 'take from lowest cost branch (don't use cost matrix) holding branch'
 #   at t/db_dependent/HoldsQueue.t line 1494.
 #          got: 'LHKtxLk'
 #     expected: 'JL9C_OR'
 # Wrong pick-up/hold for first target (pick_branch, hold_branch, reserves, hold_fill_targets, tmp_holdsqueue)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28352: Only check authorised values mapped to DB fields
Nick Clemens [Wed, 26 May 2021 11:42:02 +0000 (11:42 +0000)]
Bug 28352: Only check authorised values mapped to DB fields

The errors reported seem to be caused by authorised values mapped to MARC fields
but not mapped to a koha field.

We should additionally make sure to check the Default framework

Also, adding comment to indicate we only check records with items, because we do

TO test:
1 - In a framework that is not the default map a MARC field to an authorised value, but not a koha field
2 - In SQL, force the kohafield to NULL for the mapping you just make
    UPDATE marc_subfield_structure SET kohafield = NULL WHERE frameworkcode='BKS' and authorised_value='HINGS_AS'
3 - perl misc/maintenance/search_for_data_inconsistencies.pl
4 - get the following errors:
Use of uninitialized value $tmp_kohafield in pattern match (m//) at /kohadevbox/koha/misc/maintenance/search_for_data_inconsistencies.pl line 151.
Use of uninitialized value $tmp_kohafield in substitution (s///) at /kohadevbox/koha/misc/maintenance/search_for_data_inconsistencies.pl line 154.
Can't call method "get_column" on an undefined value at /kohadevbox/koha/misc/maintenance/search_for_data_inconsistencies.pl line 157.
5 - Apply patch
6 - Repeat
7 - No more errors

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29139: Only pass the offsets for lines the credit was applied to
Tomas Cohen Arazi [Thu, 30 Sep 2021 13:02:20 +0000 (10:02 -0300)]
Bug 29139: Only pass the offsets for lines the credit was applied to

On writing the regression tests, I noticed the CREATE offset was added
to the template. The idea behind passing the offsets is that we can
print information about the lines that got the credit applied. Having
the CREATE offset is meaningless, and (worse) would require users to add
logic to skip it. And all the payment information is already passed in
the 'credit' variable anyway.

This patch filters the credit_offsets by type, leaving the APPLY ones
only.

To test:
1. Apply up to the regression tests
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/Account.t
=> FAIL: 3 offsets, including the CREATE one, boo!
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Only the two APPLY offsets are returned!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29139: Add regression tests
Tomas Cohen Arazi [Thu, 30 Sep 2021 13:01:19 +0000 (10:01 -0300)]
Bug 29139: Add regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29139: Add exceptions to relation accessors
Martin Renvoize [Thu, 30 Sep 2021 08:28:29 +0000 (09:28 +0100)]
Bug 29139: Add exceptions to relation accessors

We already had exceptions on the many-to-many links, but we didn't have
them for the middle table. The underlying dbic relations make it clear
which id's are being used for linking.  A 'credit' has 'credit_offsets',
a 'debit' has 'debit_offsets'.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29139: Fix incorrect relation call
Martin Renvoize [Thu, 30 Sep 2021 08:14:15 +0000 (09:14 +0100)]
Bug 29139: Fix incorrect relation call

The bug here was worse than originally thought. We were calling the
wrong relation too.. we should probably add some exceptions to catch
this, it confuses me every single time!

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29139: $line->debit_offsets doesn't honor list context
Tomas Cohen Arazi [Wed, 29 Sep 2021 19:27:04 +0000 (16:27 -0300)]
Bug 29139: $line->debit_offsets doesn't honor list context

Being based on _new_from_dbic (discussion on bug 28883), makes the
assignment incorrect:

my @account_offsets = $payment->debit_offsets;

This patch explicitly makes the resultset be assigned as a list by
calling *as_list*.

To test:
1. Have UseEmailReceipts disabled
2. Have a patron with a debt of 6
3. Make a payment of 2
=> SUCCESS: All good
4. Enable UseEmailReceipts
5. Repeat 3
=> FAIL: You get something like:

ERROR PROCESSING TEMPLATE: undef error - The method Koha::Account::Offsets->debit is not covered by tests!

Trace begun at /kohadevbox/koha/Koha/Objects.pm line 595
Koha::Objects::AUTOLOAD('Koha::Account::Offsets=HASH(0x561cbe2ac930)') called at input text line 6
eval {...} at input text line 6
eval {...} at input text line 23

6. Apply this patch
7. Repeat 3
=> SUCCESS: It doesn't explode anymore!
8. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29121: Add POD to plugins
Kyle M Hall [Mon, 27 Sep 2021 11:55:06 +0000 (11:55 +0000)]
Bug 29121: Add POD to plugins

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29121: Catch errors in ->install and ->upgrade calls on plugins
Tomas Cohen Arazi [Mon, 27 Sep 2021 11:24:53 +0000 (08:24 -0300)]
Bug 29121: Catch errors in ->install and ->upgrade calls on plugins

This patch adds a try/catch block when instantiating plugins. Calling
->new on a plugin eventually triggers a call to ->install (this has
always been like this since bug 7804). If the ->install method is
somehow borked, then the process dies. We need to prevent that, and
report back some error took place. That's what this patch does.

The same happens to the ->upgrade.

To test:
1. Install any plugin you like
2. Restart plack (just in case)
=> SUCCESS: All good
3. Manually change its install method to:

sub install {
    die "plugin, die!";
}

4. Run:
   $ koha-mysql kohadev
   > DELETE FROM plugin_data;
(to make sure there's no __INSTALLED__ entry, do on a safe to delete DB).
5. Point your browser to the plugins-home.pl page
=> FAIL: Boom
6. Apply up to the regression tests
7. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/Plugins/Plugins.t \
           t/Koha/Exceptions.t
=> FAIL: Tests fail!
8. Apply this patch
9. Repeat 2
=> SUCCESS: Tests pass!
10. Run:
    $ restart_all
11. Repeat 5
=> SUCCESS: The page is not broken
12. Sign off :-D

Note: I used
    $ kshell
   k$ perl misc/devel/install_plugins.pl
to test as well.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29121: Regression tests
Tomas Cohen Arazi [Mon, 27 Sep 2021 11:21:34 +0000 (08:21 -0300)]
Bug 29121: Regression tests

This patch adds regression tests for broken ->install and ->upgrade
methods on plugins.

It adds two dummie plugins named BrokenInstall and BrokenUpgrade, for
convenience.

Tests are added to catch the warnings that will be logged when trying to
load this plugins on different scenarios.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29121: Add new plugin exceptions
Tomas Cohen Arazi [Mon, 27 Sep 2021 11:18:33 +0000 (08:18 -0300)]
Bug 29121: Add new plugin exceptions

This patch introduces two new exceptions:

- Koha::Exceptions::Plugin::InstallDied
- Koha::Exceptions::Plugin::UpgradeDied

Tests are added for their stringification output.

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/Koha/Exceptions.t
=> SUCCESS: Tests pass!
3. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29137: DBRev 21.06.00.027
Jonathan Druart [Fri, 1 Oct 2021 14:27:59 +0000 (16:27 +0200)]
Bug 29137: DBRev 21.06.00.027

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29137: Add new syspref to disable AV creation within the cataloguing module
Jonathan Druart [Thu, 30 Sep 2021 06:56:36 +0000 (08:56 +0200)]
Bug 29137: Add new syspref to disable AV creation within the cataloguing module

"I don't like this patch at all!"
"We will see a cataloger revolt if we do not find a way to make this
optional for catalogers."

I imagined a hord of catalogers running behind me and I got scared.

This patch will allow to turn the new feature added by bug 25728 off.

Test plan:
Confirm that the new CreateAVFromCataloguing will permit to turn the
feature off.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 23678: Include file for batch_hold_cancel
Jonathan Druart [Fri, 1 Oct 2021 09:42:10 +0000 (11:42 +0200)]
Bug 23678: Include file for batch_hold_cancel

Use additional_report to retrieve patron and biblio's info.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 23678: Don't display code of the job type
Jonathan Druart [Fri, 1 Oct 2021 08:40:49 +0000 (10:40 +0200)]
Bug 23678: Don't display code of the job type

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 23678: Allow cancel holds in bulk
Agustin Moyano [Thu, 25 Feb 2021 16:07:12 +0000 (13:07 -0300)]
Bug 23678: Allow cancel holds in bulk

This patch allows staff patrons to cancel multiple holds in bulk.

To test:
1. Apply this patch
2. restart_all
3. In cataloge go to a book and place many holds
CHECK => Holds table shows a column of checkboxes
4. Play with checkboxes (have some fun ;-P)
CHECK => When you manually check all checkboxes, the checkbox in the
header also gets checked.
      => When you uncheck one of the checkboxes, the one in the header also gets unchecked.
      => If no checkbox is checked and you check the one in the header,
all checkboxes get checked.
      => If there are some checkboxes that are checked and others are
not, when you click on the checkbox in the header all checkboxes get
unchecked.
      => If all checkboxes are checked, when you uncheck the one in the
header, all checkboxes get unchecked.
      => Every time you play with checkboxes, the number in the button
"Cancel selected" changes.
5. Check some of the checkboxes and click on cancel selected.
SUCCESS => A background job gets fired to cancel all selected holds.
        => A message should appear with a link to the job.
6. Wait a few seconds and click on the link
SUCCESS => A message appears with the report of the execution of the
background job.
7. Grab a patron and search to hold
8. Select multiple biblios and click on "place hold for <patron>"
CHECK => After holds are confirmed, multiple holds table are shown.. one for
   each record. Checkboxes work exactly the same as before, but scoped
for each individual table. Checkboxes from one table will not affect
checkboxes from other tables.
9. Repeat steps 4 to 6.
10. Check In some of the items so the get in Waiting state.
11. Update expirationdate os some of those holds and set it to
    ReservesMaxPickUpDelay + 1 days earlier
NOTE => ReservesMaxPickUpDelay = 7 days by default, so sql syntax to update would be
     => update reserves set expirationdate = date_sub(expirationdate, interval 8 day) where reserve_id in (...)
12. Repeat steps 4 to 6 but in waitingreserves.pl, in both tabs.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 23678: (QA follow-up) Add missing template filter

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 23678: (QA follow-up) Add missing filters

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 23678: (QA follow-up) Use correct indentation

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
JD amended patch: also Koha/BackgroundJob/BatchCancelHold.pm

JD Amended patch: Full rebase and adjustements made on top of bug 26080.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29149: (QA follow-up) Reorganize mapping
Tomas Cohen Arazi [Fri, 1 Oct 2021 12:22:58 +0000 (09:22 -0300)]
Bug 29149: (QA follow-up) Reorganize mapping

This patch changes the mapping so it is more readable, and also allows
adding things there more easily, like allowing to add code => class
mappings from plugins, when time comes.

To test:
1. Just verify things still work

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 29149: Add the capability to provide more info to the background job detail view
Jonathan Druart [Mon, 26 Jul 2021 17:22:29 +0000 (19:22 +0200)]
Bug 29149: Add the capability to provide more info to the background job detail view

(Patch extracted from bug 28445 to make it reusable for bug 23678)
We already had the need for that, when bibliographic records are
modified in batch we wanted to add a "Add to list" feature, and so pass
a list of lists/virtual shelves to the template.

Here (in 28445) we will want to pass the infos of the items that have been modified
to display a table.

Test plan:
0. Create at least one list (virtual shelf)
1. batch update biblios
2. Go to the job detail
3. Notice that dropdown list to add the record to a list
=> No regression found!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 26080: (QA follow-up) Add POD
Tomas Cohen Arazi [Wed, 1 Sep 2021 16:23:00 +0000 (13:23 -0300)]
Bug 26080: (QA follow-up) Add POD

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 26080: (QA follow-up) Minor template issues
Tomas Cohen Arazi [Wed, 1 Sep 2021 16:16:32 +0000 (13:16 -0300)]
Bug 26080: (QA follow-up) Minor template issues

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 26080: Use the task queue for batch delete authorities
Jonathan Druart [Wed, 29 Jul 2020 10:13:39 +0000 (12:13 +0200)]
Bug 26080: Use the task queue for batch delete authorities

Same as the first patch, for authorities

Test plan:
Delete authority records using the batch record deletion tool
Confirm that the job is now delegated to the task queue and that
everything else is working as before

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 26080: Some refactoring
Jonathan Druart [Wed, 29 Jul 2020 10:12:59 +0000 (12:12 +0200)]
Bug 26080: Some refactoring

A new include file is created per background job to avoid
background_jobs.tt to grow too much

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 26080: Use the task queue for batch delete biblios
Jonathan Druart [Wed, 29 Jul 2020 09:17:34 +0000 (11:17 +0200)]
Bug 26080: Use the task queue for batch delete biblios

This patch takes advantage of the task queue to delegate the batch
delete biblios tool.

Test plan:
Delete bibliographic records using the batch record deletion tool
Confirm that the job is now delegated to the task queue and that
everything else is working as before

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: DBRev 21.06.00.026
Jonathan Druart [Thu, 30 Sep 2021 07:49:50 +0000 (09:49 +0200)]
Bug 28772: DBRev 21.06.00.026

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Fix Koha/Object.t
Jonathan Druart [Tue, 21 Sep 2021 08:59:22 +0000 (10:59 +0200)]
Bug 28772: Fix Koha/Object.t

Koha::ApiKeys is no longer the simple object we need to test
Koha::Object->store, let use Koha::Library::Groups

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Fix auth_authenticate_api_request.t
Tomas Cohen Arazi [Tue, 21 Sep 2021 16:18:52 +0000 (13:18 -0300)]
Bug 28772: Fix auth_authenticate_api_request.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Make validate_secret return 1|0
Jonathan Druart [Fri, 10 Sep 2021 08:34:41 +0000 (10:34 +0200)]
Bug 28772: Make validate_secret return 1|0

Not an empty string

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: (QA follow-up) Fix wrong message
Tomas Cohen Arazi [Thu, 9 Sep 2021 11:53:07 +0000 (08:53 -0300)]
Bug 28772: (QA follow-up) Fix wrong message

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Do not hash secrets twice
Tomas Cohen Arazi [Thu, 9 Sep 2021 11:51:02 +0000 (08:51 -0300)]
Bug 28772: Do not hash secrets twice

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Make secret validation use the new method
Tomas Cohen Arazi [Thu, 9 Sep 2021 11:38:25 +0000 (08:38 -0300)]
Bug 28772: Make secret validation use the new method

This patch makes the Koha::OAuth library use the new validation method

To test:
1. In master, enable RESTOAuth2ClientCredentials and have your
   superlibrarian patron a client_id/secret pair generated
2. Use Postman to gain an access token with the client_id/secret pair
=> SUCCESS: This works in Koha
3. Use the access token to GET /api/v1/patrons
=> SUCCESS: It works
4. Apply this patchset up to the regression tests
5. Run:
   $ updatedatabase
   $ koha-plack --restart kohadev
=> SUCCESS: All good
6. Repeat 2
=> FAIL: You get an error trying to acquire an access token. Boo
7. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail!
8. Apply this patch
9. Run:
   $ koha-plack --restart kohadev
   $ kshell
  k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
10. Repeat 2
=> SUCCESS: Your original client_id/secret pair works!
11. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28722: Regression tests
Tomas Cohen Arazi [Thu, 9 Sep 2021 11:23:48 +0000 (08:23 -0300)]
Bug 28722: Regression tests

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove tt/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
https://bugs.koha-community.org/show_bug.cgi?id=28772

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Display API secret once
Tomas Cohen Arazi [Mon, 30 Aug 2021 15:07:56 +0000 (12:07 -0300)]
Bug 28772: Display API secret once

This patch makes the apikeys.pl display the generated API secret once,
when generated. After that, it won't be displayed by the UI.

To test:
1. Generate a new API key
=> FAIL: The secret is displayed in the API keys table
2. Visit some other page, and go back to the API keys page
=> FAIL: The API key secret is there
3. Apply this patch
4. Go to More > Manage API keys
=> SUCCESS: It no longer displays the secret
5. Generate a new API key
=> SUCCESS: The API key details (including the secret) are displayed.
=> SUCCESS: A message telling to copy the secret because it won't be
            displayed again is shown.
6. Repeat 4
=> SUCCESS: The secret is no longer displayed
7. Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Add a warning about hash_password usage in updatedatabase.pl
Tomas Cohen Arazi [Mon, 30 Aug 2021 14:08:57 +0000 (11:08 -0300)]
Bug 28772: Add a warning about hash_password usage in updatedatabase.pl

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Update existing keys
Tomas Cohen Arazi [Mon, 30 Aug 2021 14:08:30 +0000 (11:08 -0300)]
Bug 28772: Update existing keys

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28772: Make Koha::ApiKey->store encrypt the secret
Tomas Cohen Arazi [Thu, 26 Aug 2021 23:24:43 +0000 (20:24 -0300)]
Bug 28772: Make Koha::ApiKey->store encrypt the secret

This patch refactors the Koha::ApiKey class so:
- It encrypts the generated secret
- Allows accessing the plain text secret only immediately after the key
  creation (this implies that it won't be accessible if the key is
  fetched from the DB).
- It implements an allow list for attributes, that are not read only.
  Changing any other of them will make ->store throw an exception.
- A method for validating plain text secrets against the encrypted one
  is added.
- A method for accessing the plain text secret is added. Returns undef
  if the object is not 'fresh'.

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/ApiKey.t
=> SUCCESS: Tests pass! Expected behavior is confirmed
3. Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28759: limit accessibility for "Manage API keys"
Petro Vashchuk [Tue, 10 Aug 2021 15:08:53 +0000 (18:08 +0300)]
Bug 28759: limit accessibility for "Manage API keys"

This patch limits the accessibility for "Manage API keys" section only
to superlibrarians and the owner of that said API key account.

The way it does it is by checking if user is superlibrarian or if
logged-in user is the same as a patron id/borrower number is the same
as logged-in user number both in template and apikeys.pl and making sure
the link is inaccessible or redirects to the 403 page if user tries to
go there directly.

To reproduce:
1) create/pick existing patron, set Staff access, allows viewing
of catalogue in staff interface (catalogue)" and "Add, modify and
iew patron information (borrowers)" permissions on;
2) enable "RESTOAuth2ClientCredentials" in sysprefs;
3) login with that user into staff interface;
4) check any other patron, go to the "More"->"Manage API keys" and
check that you can see, add delete their API keys;
5) apply patch;
6) with that same user try to access "Manage API keys" page again.
Ensure that you can't access that page of other patrons but can
access your own page and manage your own API keys.
7) log in with superlibrarian now and ensure that you can access every
"Manage API keys" page of every patron and apply changes there.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28941: Deal with OPACSuggestionUnwantedFields
Jonathan Druart [Fri, 10 Sep 2021 09:33:18 +0000 (11:33 +0200)]
Bug 28941: Deal with OPACSuggestionUnwantedFields

Remove fields from OPACSuggestionUnwantedFields before creating the
suggestion

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
JD amended patch: remove useless sort

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28941: Filter suggestion inputs at the OPAC
Jonathan Druart [Thu, 2 Sep 2021 09:51:48 +0000 (11:51 +0200)]
Bug 28941: Filter suggestion inputs at the OPAC

The following sequence is bad:
46 my $suggestion      = $input->Vars;

181         &NewSuggestion($suggestion);

All columns can be set when we insert the suggestion into the DB
We definitely want to avoid the following fields to be set by the final
user: acceptedby, accepteddate, STATUS, etc...

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28947: Prevent OPAC user to create new users
Jonathan Druart [Fri, 3 Sep 2021 10:01:12 +0000 (12:01 +0200)]
Bug 28947: Prevent OPAC user to create new users

This patch prevents an existing user from exploiting the patron edit form in order to
force create new patrons

To test:
Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
with and without this patch.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28935: (QA follow-up) Use BorrowerUnwantedField on staff client
Nick Clemens [Mon, 13 Sep 2021 12:56:30 +0000 (12:56 +0000)]
Bug 28935: (QA follow-up) Use BorrowerUnwantedField on staff client

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28935: No filtering on patron's data on member entry pages
Marcel de Rooy [Wed, 1 Sep 2021 14:04:31 +0000 (16:04 +0200)]
Bug 28935: No filtering on patron's data on member entry pages

Security patch. Follow-up for 28929.
Including correction for gonenoaddress and two others.
Includes unwanted fields too now.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 years agoBug 28929: Add selenium tests
Jonathan Druart [Tue, 31 Aug 2021 15:12:22 +0000 (17:12 +0200)]
Bug 28929: Add selenium tests

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 28929: (follow-up) Add exec flag to tests

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>