Jonathan Druart [Wed, 20 Dec 2017 16:17:50 +0000 (13:17 -0300)]
Bug 19671: Map itemtypes to hash for correct display in issues_stats.pl
To test:
1 - Run the circulation wizard with itemtypes as columns, shelving
locations as rows - display on screen
2 - Note all itemtype values are blank
3 - Switch rows/columns - same issue
4 - Apply patch
5 - Re-run reports
6 - Itemtypes should display correctly
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Thu, 8 Feb 2018 18:27:42 +0000 (18:27 +0000)]
Bug 20163: Position of NoLoginInstructions text is inconsistent
This patch modifies the markup for two login forms, making the markup
more consistent between them. The order of NoLoginInstructions, "Forgot
your password?" and "Don't have an account?" should now be the same.
This patch also updates some classes in each login form to allow for
more consistent custom styling. A couple of capitalization corrections
are included.
To test, enable the PatronSelfRegistration and OpacResetPassword
preferences. Put some text in the NoLoginInstructions preference.
View the login form as associated links on the OPAC main page. Compare
to the login form which appears in a modal window when you click the
login link at the top of the page. The two areas should look consistent.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Mon, 11 Dec 2017 09:09:00 +0000 (10:09 +0100)]
Bug 19790: Add a db revision for existing installs
Since many installs may still have the additionalauthors kohafield,
this patch adds a dbrev in atomicupdate to clear it.
Test plan:
[1] Run updatedatabase. Check that you see no additionalauthors anymore
in marc_subfield_structure.kohafield.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Charles Farmer <charles.farmer@inLibro.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Mon, 11 Dec 2017 08:39:37 +0000 (09:39 +0100)]
Bug 19790: Remove additionalauthors.author from installer files
In the upgrade from 2.2 to 3.0 (some time ago already) the table
additionalauthors has been dropped. Unfortunately, a reference to this
table has not been removed from the MARC framework installer files.
This patch clears kohafield for 700$a or 200$g in 32 installer files.
Note: The reference to additionalauthors in field kohafield is silently
ignored in AddBiblio/ModBiblio since the routines _koha_add_biblio,
_koha_add_biblioitem, _koha_modify_biblio and
_koha_modify_biblioitem_nonmarc simply do not use it. You can define a
Koha to MARC mapping for a biblio/biblioitem field but if the field is not
referenced in one of those routines, nothing happens..
Also note that C4::Items::_koha_modify_item does not hardcode all fields
and will respond to a new item mapping.
Test plan:
[1] Run a new install or verify somehow that the change to these sql files
is correct.
The change is a result of: sed -i -e "s/'additionalauthors.author'/''/g"
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Run a new install with MARC21 and English. This includes the mandatory
file marc21_framework_DEFAULT.sql. Verified that 700$a was inserted
correctly (without additionalauthors).
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 12 Feb 2018 20:35:53 +0000 (17:35 -0300)]
Bug 18403: Fix perlcritic on Koha::Patron
Perl::Critic found these violations in "Koha/Patron.pm":
"return" statement followed by "sort" at line 798, column 5. Behavior
is undefined if called in scalar context. (Severity: 5)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 12 Feb 2018 20:33:18 +0000 (17:33 -0300)]
Bug 18403: rename Koha::Patron->can to has_permission
I do not exactly why but there is a conflict in the name of the method
prove t/db_dependent/api/v1/patrons.t failed with
[Mon Feb 12 17:13:16 2018] [error] Can't use string ("TO_JSON") as a
HASH ref while "strict refs" in use at
/home/vagrant/kohaclone/C4/Auth.pm line 2053.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 7 Feb 2018 14:58:02 +0000 (11:58 -0300)]
Bug 20175: [sql_modes] (follow-up) Set a correct default value for club_enrollments.date_created
From comment 6:
"""
Can't recreate database, when creating table structure, I got:
there can be only one TIMESTAMP column with CURRENT_TIMESTAMP in DEFAULT
or ON UPDATE clause
I am on mysql 5.5.59, which is still default in jessie, more timestamp
columns are possible from mysql 5.6.5:
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-5.html
"""
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 5 Feb 2018 17:22:59 +0000 (14:22 -0300)]
Bug 20175: [sql_modes] Set a correct default value for club_enrollments.date_created
0000-00-00 00:00:00 is not a valid timestamp.
It will fix the installer and upgrade process
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Wed, 7 Feb 2018 17:23:56 +0000 (17:23 +0000)]
Bug 20155: (follow-up) Compiled CSS
This patch contains the compiled opac.css file.
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Wed, 7 Feb 2018 17:17:34 +0000 (17:17 +0000)]
Bug 20155: Improve readability of OPAC header language menu
This patch makes some minor HTML and CSS changes in order to make the
header's language-chooser menu more readable and consistent with the
Lists menu.
To test, apply this patch and the patch with the compiled CSS.
- Install and enable more than one translation.
- Set the OpacLangSelectorMode to either "top" or "both top and footer."
- View the OPAC's header menu and confirm that the links and menus look
correct whether or not a user is logged in.
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Thu, 12 Oct 2017 10:19:11 +0000 (12:19 +0200)]
Bug 19451: Add no_overwrite option to borrowers-force-messaging-defaults.pl
This option allows you to add preferences only when they are not yet
present. In other words: skip patrons that already set their prefs.
Test plan:
[1] Delete all borrower messaging prefs for a patron.
[2] Run borrowers-force-messaging-defaults.pl -no-overwrite -doit
Verify that the patron now has default msg preferences.
[3] Change his settings and make them non-default.
For instance, increase days in advance.
[4] Run borrowers-force-messaging-defaults.pl -no-overwrite -doit
Verify that the patron still has the non-default settings.
[5] Run borrowers-force-messaging-defaults.pl -doit
Verify that the patron msg prefs have been overwritten.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If the borrowernumber is defined in query, it starts to get information
about previous borrower and the new one is taken into account fully on
second page reload
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Fri, 18 Aug 2017 10:58:51 +0000 (10:58 +0000)]
Bug 15752: (QA follow-up) Inform user that patron was automatically switched
Test plan:
1) Start checking out to some patron - there should be no message about
auto switching
2) read the another patrons card - note the patron is switched and there
is a message about it at top of the main page content
Followed test plan, patch worked as described. Passed QA test tool Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Fri, 18 Aug 2017 10:20:40 +0000 (12:20 +0200)]
Bug 15752: (follow-up) Search for patrons only if param barcode is defined
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Chad Billman [Thu, 21 Jan 2016 15:59:01 +0000 (10:59 -0500)]
Bug 15752: Automatically switch to patron when cardnumber is read during circulation
With this syspref enabled scanning a patron barcode into the item
barcode field during circulation will redirect you to the patron's
circulation page.
This allows circulation with only a barcode scanner.
Testing:
- Enable the AutoSwitchPatron syspref
- Navigate to a patron's check out screen
- Enter a patron barcode into the "Enter item barcode" field
Result
- Browser should be redirected to the entered patron
Signed-off-by: Joel <aloi54@live.fr>
Followed test plan, patch works as described Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Having a Template Toolkit statements inside the javascript
translation function _() prevents it from being picked for
translation.
The only example of such is the course reserve delete prompt.
Move the TT statement outside the string.
Test plan:
1) Update and install language xx-YY. Check that the msgids
"Are you sure you want to delete this course? There is %s attached item."
and
"Are you sure you want to delete this course? There are %s attached items."
do not exist in the xx-YY-staff-prog.po
2) Check the translated file
intranet-tmpl/prog/fi-FI/modules/course_reserves/course-details.tt
It should have two prompt texts above in English
3) Install patch
4) Update the language. Check that the msgids show up in
xx-YY-staff-prog.po, translate them, and install the language.
5) Repeat 2, the prompts should now show up in the correct language.
6) Enable UsecourseReserves
7) Go to Home -> Course reserves
8) Create a new course, and add reserves to it
9) See the course details. Click on Delete course, the prompt
should be correctly translated
10) Remove all but one of the reserves from the course
11) Repeat 9
To see if there are other such TT statements:
rgrep -E '\b_\("[^"]*\[%' koha-tmpl/
Signed-off-by: Pasi Kallinen <pasi.kallinen@joensuu.fi> Signed-off-by: Roch D'Amour <roch.damour@inlibro.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20054: Remove attribute "text/css" for <style> element in OPAC
Conformance rules for HTML5 is generating warnings for <style> element
with type="text/css" attribute when the OPAC page is checked
with W3C Validator.
Test plan
=========
1/ Click the "Tag cloud" link on the OPAC. Paste the URL to your OPAC
page (if it is hosted) to W3C Validator and watch the warning about
type attribute "text/css".
2/ Apply patch and re-submit the page to the Validator. The warning
will be gone.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: maksim <maksim@inlibro.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 9 Feb 2018 14:17:37 +0000 (11:17 -0300)]
Bug 20157: Group search groups together
We do not actually need 2 groups, the previous feature worked for both
OPAC and STAFF interface.
The only difference was the "show_in_pulldown" feature.
Here we are going to REMOVE this feature for ergonomic reasons. We will
already have 3 features and it will surcharge the interface to add
another one. Moreover the feature will have to be applied at the OPAC
(and so will add lot of JS checks to keep data consistent: only useful
if ft_search_groups_opac is set).
Moreover it is quite easy to remove entry from the dropdown list in
JavaScript.
If people was really using this feature, we will re-add it, just let us
know.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Wed, 7 Feb 2018 19:44:28 +0000 (19:44 +0000)]
Bug 20157: Use group 'features' to decide which groups to use for group searching functionality
Instead of basing the group searches on the group name, which is an
inherently touchy system, we should use the same checkbox style that
Jonathan introduced for the patron limits by group feature.
Test Plan:
1) Check to ensure existing group searches still show as they used to
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 2 Feb 2018 17:23:42 +0000 (14:23 -0300)]
Bug 20133: Enable/disable the "Hide patron information" feature per group of libraries
In order to control this feature correctly it needs to be enabled for
group of libraries and not for all groups defined in the system.
Groups will be used for different usages and so the feature must not be
enabled by default for all of them.
Test plan:
Retest bug 18403 with the feature turned on/off for a given tree
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 2 Feb 2018 17:21:49 +0000 (14:21 -0300)]
Bug 20133: UI Changes
Add a checkbox to enable/disable the feature for given group of
libraries.
Important note: Only the top level node can turn the feature, the idea
is to avoid confusion, ease testing (by limiting the number of cases)
and force libraries to define one tree per feature (Maybe this is wrong,
but maybe good to start)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Fri, 9 Feb 2018 13:51:02 +0000 (08:51 -0500)]
Bug 18403: Fix error triggered by subgroups being added to group
With one root group and two child groups and it works fine.
But if I create any groups under *those* groups, not only does it not work,
I get the following error:
Template process failed: undef error - SQL::Abstract::puke(): [SQL::Abstract::__ANON__]
Fatal: SQL::Abstract before v1.75 used to generate incorrect SQL when the -IN operator was
given an undef-containing list: !!!AUDIT YOUR CODE AND DATA!!! (the
upcoming Data::Query-based version of SQL::Abstract will
emit the logically correct SQL instead of raising this
exception) at /home/vagrant/kohaclone/Koha/Objects.pm line 269
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 10 Apr 2017 20:34:34 +0000 (17:34 -0300)]
Bug 18403: REST API - patrons endpoint
There is something wrond here, the userenv is no set and so we cannot
user search_limited.
Should we set the userenv or filter on the libraries using
libraries_where_can_see_patrons?
WAITING FOR FEEDBACK HERE.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 10 Apr 2017 13:23:37 +0000 (10:23 -0300)]
Bug 18403: Guarantors
Technically a kid from your library group could have a guarantor
attached to another
group of library, let's deal with this case.
Test plan:
- Create a kid from your library group
- With a superlibrarian staff user create a guarantor that is outside of
the group of
libraries of the kid
- Login with a limited staff user and confirm that on the patron detail
page you do not
see the link to the guarantor detail page.
Note that you see the firstname and surname of the guarantor
Q. should it be hidden?
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 7 Apr 2017 20:53:35 +0000 (17:53 -0300)]
Bug 18403: Article requests
Same as previously but for article requests.
Test plan:
Test article requests and make sure you do not need the requests for
patrons that
are attached to a group that is not part of your library's group
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 7 Apr 2017 18:42:51 +0000 (15:42 -0300)]
Bug 18403: Patron discharges
This patch deals with patron's discharges.
Test plan:
Same as previously you will need to request dischages at the OPAC.
On the staff interface the logged in user should not be allowed to see
discharge
from patrons outside his library group.
The number of discharges waiting displayed on the mainpage should be
correct as well.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Bug 18403: (follow-up) Patron discharges
Fix QA issue:
forbidden pattern: Do not assume male gender, use they/them instead (bug 18432) (line 150)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 7 Apr 2017 17:37:47 +0000 (14:37 -0300)]
Bug 18403: Patron reviews
This patch adds a new method Koha::Reviews->search_limited to return the
reviews
a logged in user is allowed to see depending his permissions.
Test plan:
Create some reviews at the OPAC and make sure a staff user is limited
(or not) to approve
or decline it.
The number of reviews displayed on the mainpage should be correct as
well.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 7 Apr 2017 17:02:09 +0000 (14:02 -0300)]
Bug 18403: Patron modification requests
Limit patron's modifications based on logged in patron permissions.
Test plan:
Create some patron's modification requests at the OPAC
Make sure the logged in staff user see (or not) the modification depending his
permissions.
The number of modification displayed on the mainpage should be correct as well.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 7 Apr 2017 17:00:34 +0000 (14:00 -0300)]
Bug 18403: Add new method Koha::Patron->can_see_patrons_from
Technical note:
Sometimes we do not have the patron object, for instance for the patron modifications
we will need to know if the logged in user can modify patron's from a given library.
This new subroutine 'can_see_patrons_from' will then be useful
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 6 Apr 2017 15:59:46 +0000 (12:59 -0300)]
Bug 18403: Refactor and add Koha::Patron->libraries_where_can_see_patrons
Technical note:
Here we are just refactoring a code that have been copied into 3 different places.
libraries_where_can_see_patrons is a terrible method's name, feel free to suggest
something better. The method return a list of branchcodes to be more efficient,
instead of Koha::Libraries
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 6 Apr 2017 15:42:03 +0000 (12:42 -0300)]
Bug 18403: Add new methods Koha::Patrons->search_limited and use it where needed
Most of the time when we search for patrons we do not want to search for all patrons,
but just the ones the logged in user is allowed to see the information.
This patch takes care of that by adding a new search_limited method to Koha::Patrons.
When called this method only search for patrons that the logged in user is allowed
to see.
Test plan:
Patron autocomplete search should be limited
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 5 Apr 2017 20:04:36 +0000 (17:04 -0300)]
Bug 18403: Use patron-title.inc when hidepatronname is used [SPECIFIC for issuehistory]
On this page we do not have the patron object sent to the template,
let's pass it!
Test plan:
Go on the checkout history of a bibliographic record
(catalogue/issuehistory.pl)
You should not see patron's information that are not part of your group
if you
are not allowed to see them.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 5 Apr 2017 19:43:41 +0000 (16:43 -0300)]
Bug 18403: Use patron-title.inc when hidepatronname is used
There is already a HidePatronName syspref to hide patron's information
on bibliographic
record detail pages and the hold list.
Test plan:
With the HidePatronName enabled, make sure the patron's information are
hidden from
the catalogue and hold list pages. If the logged in user is not allowed
to see the
patron's info, no link and no cardnumber will be displayed
With he HidePatronName disabled, make sure the patron's information are
displayed
if the logged in user is allowed to see the patron's info.
Technical note:
This patch improves the existing patron-title.inc include file to
display patron's
information. Using it everywhere patron's details are displayed will
permit to
homogenise the way they are displayed. The file takes now a patron
object (what
should be, in the future, the only way to use it), that way we can call
the new
method on it to know if patron's information can be shown by the logged
in used.
NOTE: I am not sure this syspref makes sense anymore. Should not we
remove it?
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 5 Apr 2017 17:11:02 +0000 (14:11 -0300)]
Bug 18403: Only display libraries from group in dropdown lists
From where patrons it's about patrons, we do not want to display the libraries
from all the system, but only the ones from the group.
Test plan:
- See the overdues (circ/overdue.pl) and make sure you can only see overdues from
patrons part of your group (do not forget to test the CSV export).
- Search for patrons, the 'library' filters (headers and left side) should only
display libraries from your group
- Search for article request by patron's library: only the libraries from your
group should be displayed
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 5 Apr 2017 16:19:42 +0000 (13:19 -0300)]
Bug 18403: Adapt patron search
This patch modifies the patron search code to limit the libraries to the
ones
the logged in user is allowed to access
Test plan:
Search for patrons
You should not see patrons you are not allowed to see.
Technical note:
I am really glad to have refactored all the patron searches before
having to
write this patch. It tooks me ~40 l to acchieve this job and affect all
patron searches.
Thanks refactoring!
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 4 Apr 2017 21:48:45 +0000 (18:48 -0300)]
Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos
Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist, you
should get "This patron does not exist"
Technical note:
A new C4::Output subroutine is created in this patch: "output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all the
different checks to know if the logged in user is authorised to see patron's information.
The design here can be discussed, but I did not find an alternative with as less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove them
if required.
Changes in discharge.pl are mainly indentation changes.
With this patch we should now have a $patron variable that refer to the patron we
want to access. That will be very useful to remove plenty of code in members/* and
only pass this variable to the template (instead of 1 variable per patron's attribute).
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your group.
Technical note:
Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
That meant
borrowers => 1
and
borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 6 Apr 2017 19:10:18 +0000 (16:10 -0300)]
Bug 18403: Add new method Koha::Patron->can_see_patron_info
Technical note:
This is the method that will be called on the logged_in_user variable sent to
the template. Moreover we will check that the logged in user can access patron'
information when access to members/* and some circulation scripts will be done.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 4 Apr 2017 19:43:58 +0000 (16:43 -0300)]
Bug 18403: Send logged_in_user to template from C4::Auth
Technical note:
To ease future changes we are passing a logged_in_user variable to templates.
It contains the Koha::Patron object representing the logged in patron.
This will be very useful for this patch and even after (for instance we will be
able to replace easily loggedinusername and loggedinusernumber).
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 6 Apr 2017 19:10:02 +0000 (16:10 -0300)]
Bug 18403: Add new method Koha::Library::Group->has_child
This is more a follow-up for bug 15707. It could be moved on its own bug report
if necessary.
IMPORTANT NOTE: At the moment the feature only works for 1 level depth, see
bug 15707 comment 166+ for the discussion
It means that if we have:
root_group
+ groupA
+ groupA1
+ groupA1_library2
+ groupA_library1
+ groupA2
+ groupB
+ groupB_library1
groupA1_library2 is not considered a child of groupA1.
Note that this can change.
Test plan:
prove t/db_dependent/LibraryGroups.t
should return green
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 4 Apr 2017 19:01:41 +0000 (16:01 -0300)]
Bug 18403: Hide patron information if not part of the logged in user library group
This patchset adds a new feature that will allow libraries inside a
single Koha installation to restrict access to information of patrons
that
The group of libraries feature is introduced by bug 15707, see this bug for more
information.
Let's imagine that 2 groups G1 and G2 are defined and that they include 2 libraries
each G1a, G1b and G2c, G2d: logged in users attached to G1a will only see patron's
information from G1a and G1b.
To add more flexibility, a new user permission named 'view_borrower_infos_from_any_libraries'
will drive this behavior. If set, the patron will be able to see patron's information
of any libraries.
If the restriction is set, the logged in user will not be able to search, show, edit,
delete patron's information of patrons attached to groups of libraries outside his
own group.
In situations we need to refer to a patron, for holds and checkouts for instance,
and his information cannot be viewed, a text "A patron from library G1A" will be
displayed.
Considered unecessary or outside the scope of this bug report:
* The report module is not affected by this feature for obvious reasons
* The firstname and surname of guarantors, basket (acq) managers, patrons linked
to orders are still displayed.
* Log viewer: Can only be staff
* patron list: you cannot add patrons from another group of librairies, but can
see/delete from list (too much rewrite, or we can test for patron one by one?).
* "Patron card creator" tool is not impacted by this feature.
* Upload patron images is not impacted by this patch, should it be?
* Tools:
- Upload patrons
- Clean borrowers tool (This can can done easily updating Koha::Patrons->search
with Koha::Patrons->search_limited in search_upcoming_membership_expires and
search_patrons_to_anonymise but we will need to move GetBorrowersToExpunge to
Koha::Patrons first)
We can discuss these different points but will be other bug reports not to add
more complexity to this first patchset.
Test plan:
You will find a test plan in the following commit messages.
Start by creating different group of libraries and patrons with and without the
new permission. Open different browser sessions to ease the tests.
Note that all patches have to be applied to test the different test plans.
Technical notes:
For QAers (and others) a techical note will be added to the commit messages of this
patchset. I would recommend you to read them one by one to understand the different
steps of this development.
+ Special attention should be payed to the REST api changes
+ Should we restrict the logged in user to libraries from his group when
he wants to set his library (Home › Circulation › Set library)?
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Wed, 22 Jun 2016 17:10:23 +0000 (17:10 +0000)]
Bug 16735: Migrate library search groups into the new hierarchical groups
Test Plan:
1) Apply this patch set
2) Note your existing search groups have been ported over to the new
__SEARCH_GROUPS__ group if you had any
3) Create the group __SEARCH_GROUPS__ if one does not already exist
4) Add some first level subgroups to this group, add libraries to those groups
5) Search the library group searching in the intranet and opac
6) Note you get the same results as pre-patch
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Thu, 23 Jun 2016 13:24:54 +0000 (13:24 +0000)]
Bug 16735: Clean up sample data
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Thu, 23 Jun 2016 11:44:15 +0000 (11:44 +0000)]
Bug 16735: Remove tables no longer needed
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Wed, 22 Jun 2016 18:28:03 +0000 (18:28 +0000)]
Bug 16735: Remove modules no longer needed
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Fri, 5 Feb 2016 06:53:20 +0000 (06:53 +0000)]
Bug 15707: Unit Tests
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Sun, 31 Jan 2016 11:22:51 +0000 (11:22 +0000)]
Bug 15707: Add library groups editor
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Sun, 31 Jan 2016 11:22:19 +0000 (11:22 +0000)]
Bug 15707: Add Koha::Library::Group(s) modules
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Sun, 31 Jan 2016 11:21:00 +0000 (11:21 +0000)]
Bug 15707: Update DB
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>