]> git.koha-community.org Git - koha.git/log
koha.git
2 years agoBug 29464: Regression tests
Tomas Cohen Arazi [Fri, 10 Dec 2021 13:15:42 +0000 (10:15 -0300)]
Bug 29464: Regression tests

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2 years agoBug 29541: Restrict access to patron's image to borrowers => * and circulate => *
Jonathan Druart [Mon, 22 Nov 2021 14:29:58 +0000 (15:29 +0100)]
Bug 29541: Restrict access to patron's image to borrowers => * and circulate => *

The patron images is displayed on the 'circulation' and 'members'
modules.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 years agoBug 29903: Prevent messages to be deleted from unauthorised users
Jonathan Druart [Wed, 19 Jan 2022 10:21:54 +0000 (11:21 +0100)]
Bug 29903: Prevent messages to be deleted from unauthorised users

The "Delete" link is hidden but the controller does not do the necessary checks.

/cgi-bin/koha/circ/del_message.pl?message_id=1&borrowernumber=5&from=moremember

Test plan:
Create a message, see the "Delete" link, don't click it but copy it
Change logged in library and use the link
If AllowAllMessageDeletion is off you should be redirected to 403

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29542: Prevent access to private list to non authorized users
Jonathan Druart [Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)]
Bug 29542: Prevent access to private list to non authorized users

The catalogue permission is not enough.

Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
  /cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX

You should get an error message "You do not have sufficient permission
to continue."

Login with user A
=> You should be able to send the list

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29914: Remove 'Use of uninitialized value ' warnings
Jonathan Druart [Tue, 25 Jan 2022 10:57:01 +0000 (11:57 +0100)]
Bug 29914: Remove 'Use of uninitialized value ' warnings

(cherry picked from commit 68c11c517907912dd27bc9bd1fd3bcf699bb6f82)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 7d4fb54aead7133cdfd7400d3d5c8c06ad3d7034)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29914: (QA follow-up) Add comment to explain last case
Nick Clemens [Mon, 24 Jan 2022 14:23:29 +0000 (14:23 +0000)]
Bug 29914: (QA follow-up) Add comment to explain last case

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
JD amended patch: remove ref to line number

(cherry picked from commit a866722ae620f435c3c5e1933a83f7b82927c108)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 0886a2f1e607272feb2fa101f7616343a02223be)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29914: (QA follow-up) Expand tests to cover failure case before patches
Nick Clemens [Mon, 24 Jan 2022 14:19:24 +0000 (14:19 +0000)]
Bug 29914: (QA follow-up) Expand tests to cover failure case before patches

When asking for permissions we get 'failed', without we get 'ok'
Adding explicit checks for not 'ok'

Add a FIXME:
We should cover the case where we return 'failed' after changes, but that is a larger undertaking

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit e956130f8f57d6204637015e57f362563041f984)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 723928fbc84b1552814e8111372e5fb1f850364e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29914: Remove warn on timeout
Marcel de Rooy [Fri, 21 Jan 2022 10:50:59 +0000 (10:50 +0000)]
Bug 29914: Remove warn on timeout

The value of the system preference 'timeout' is not correct, defaulting to 600.

Caused by previous test. Actually an omission in another sub that
does not seem to support 10x.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit eea32e6c5d39f5ec506b5c6cc81b390fcb6f8c52)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 5653dabab18ac8ef0029fc3e486b26ada2ca8bbd)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29914: Add tests
Jonathan Druart [Fri, 21 Jan 2022 08:23:38 +0000 (09:23 +0100)]
Bug 29914: Add tests

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3af901ae645a380d167fbc7b4e96bea892318d49)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 86abecb3c2690745035c6703681505e825a8eb9a)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29914: Make check_cookie_auth compare the userid
Jonathan Druart [Thu, 20 Jan 2022 09:10:05 +0000 (10:10 +0100)]
Bug 29914: Make check_cookie_auth compare the userid

check_cookie_auth is assuming that the user is authenticated if a cookie exists
and that the login/username exists in the DB.

So basically if you hit the login page, fill the login input with a
valid username, click "login"
=> A cookie will be generated, and the sessions table will contain a
line with this session id.
On the second hit, if the username is in the DB, it will be enough to be
considered authenticated.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7114dc2fb1a1440dd031ee771efee6e50bb86540)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit be18dc19b8e84919416eab5cd43f4ed345fc280a)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29544: (QA follow-up) Simplify code
Tomas Cohen Arazi [Wed, 12 Jan 2022 12:43:48 +0000 (09:43 -0300)]
Bug 29544: (QA follow-up) Simplify code

I think this is a better approach for the same thing. Posting it just in
case it helps.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 191cf52da7e2829cba1206612f2dcfc21366a986)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29544: Fix opac-issue-note.pl
Jonathan Druart [Thu, 2 Dec 2021 08:04:14 +0000 (09:04 +0100)]
Bug 29544: Fix opac-issue-note.pl

We must check if logged in user is trying to modify one of their
checkouts

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit b8b4328ffddfbb03a4a9f0647bd0df6a79c4badd)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29544: Ensure logged in user is allowed to modify checkout note
Jonathan Druart [Mon, 22 Nov 2021 13:56:58 +0000 (14:56 +0100)]
Bug 29544: Ensure logged in user is allowed to modify checkout note

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 22d733e277a82ee6e707a5dd023d0317b15322a3)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29541: Prevent users from another group to access patron's images
Jonathan Druart [Mon, 6 Dec 2021 12:58:25 +0000 (13:58 +0100)]
Bug 29541: Prevent users from another group to access patron's images

We should respect group restrictions here.

Test plan:
Create a patron from another group of libraries and don't let them
access info from patrons outside of this group.
Access the following link and confirm that you can see the image only
for patrons from their group
  /cgi-bin/koha/members/patronimage.pl?borrowernumber=XX

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 09cb5e02e6fad7b0dd3137d925646d714444a704)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29540: Raise flagsrequired in modrequest
Marcel de Rooy [Mon, 22 Nov 2021 07:55:47 +0000 (07:55 +0000)]
Bug 29540: Raise flagsrequired in modrequest

Test plan:
Try modrequest with a user having only 'catalogue' perms and the following URLs:
[1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX
    Fill the XXs with correct identifiers for some item level hold.
[2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX
    Fill the XX with borrowernumber for borrower that has pending holds.
You should see: Error: You do not have permission to access this page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[AMENDED] More consensus for using reserveforothers than circulate_remaining.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28735: Self-checkout users can access opac-user.pl for sco user when not using...
David Cook [Thu, 22 Jul 2021 06:34:20 +0000 (06:34 +0000)]
Bug 28735: Self-checkout users can access opac-user.pl for sco user when not using AutoSelfCheckID

This patch makes the sandboxing of the selfcheckout more robust by
adding a "sco_user" session variable which is turned on when
logging into the self-checkout (either by AutoSelfCheckAllowed or manually).

If a user with this session variable turned on tries to access
other parts of the system (like the rest of the OPAC), it will
"kick out", so that the browser user will lose the authenticated session.

Test plan:
1) Apply the patch
2) koha-plack --restart kohadev
3) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4) Note that you are logged into the self-checkout
     So you see the login screen specific to the self-checkout.
     To log with the actual patron. It's a nested auth.
5) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
6) Note that you are not logged into the OPAC
7) Log into the staff interface and disable the
system preference AutoSelfCheckAllowed
8) Log out of the staff interface (this step is very important)
9) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
10) Note that you are prompted to log into Koha
11) Login using the "koha" user (when using koha-testing-docker)
12) Note that you are logged into the self-checkout
13) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
14) Note that you are not logged into the OPAC
      Without the patch you would still be logged as "koha"
15) Go back to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
16) Note that you will need to log in again as you've lost your
session cookie
      Without the patch you will still be logged in the self-checkout
Voila!

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6d022889a2fac79c9148dd5f20c36f926d66065c)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 197dd5672abd3e7d72a4f212b75775be5f2b1c31)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29543: Set autocomplete off for SCO login fields
Nick Clemens [Wed, 5 Jan 2022 16:06:15 +0000 (16:06 +0000)]
Bug 29543: Set autocomplete off for SCO login fields

Cardnumber already had it set, adding for username and password

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 25856b460e3041c2a825c83d1abf0f48c77a9448)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit ed957156ddfde8cf831273469954a749ad95883d)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29543: Add Mojo::JWT dependency
Jonathan Druart [Wed, 5 Jan 2022 15:37:49 +0000 (16:37 +0100)]
Bug 29543: Add Mojo::JWT dependency

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f07a666c2eb6338f1b450db9dcdc75cfb0d76601)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit eaa4c1112386340bab246c779d0fba0bf428c0bc)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29543: (follow-up) Add a warning to SelfCheckoutByLogin
Nick Clemens [Wed, 5 Jan 2022 15:29:41 +0000 (15:29 +0000)]
Bug 29543: (follow-up) Add a warning to SelfCheckoutByLogin

This updates the language to warn users of risk if using cardnumber for login and auto-self-check is enabled

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b32dbaa9cfc43ddd9404a094a2d82c85936c0ba2)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 1c0581ba9db486e7479216193654b881de9ac3b2)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29543: Prevent user to checkin or renew items they don't own
Jonathan Druart [Wed, 5 Jan 2022 14:25:48 +0000 (15:25 +0100)]
Bug 29543: Prevent user to checkin or renew items they don't own

Checkin or renew must be restricted to the items they own.

Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1

You should see an error message

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 839b7c4a5c8bdba62776fdb74c5f2125622a9ff0)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 1c8988377bbd7749a83c9d695419e1ac6f53441e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29543: Enforce authentication for self-checkout
Jonathan Druart [Wed, 5 Jan 2022 11:47:10 +0000 (12:47 +0100)]
Bug 29543: Enforce authentication for self-checkout

The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!

This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.

Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
 SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 77e21f30062dc23edb2c79f609d854d553e67f7c)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit f57465ad024e461bb00b2c0aeebff4adb1a651b5)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29543: Add JWT token handling
Jonathan Druart [Wed, 5 Jan 2022 11:20:28 +0000 (12:20 +0100)]
Bug 29543: Add JWT token handling

Mojo::JWT is installed already, it's not a new dependency.
We need a way to send the patron a token when it's correctly logged in,
and not assumed it's logged in only if patronid is passed

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d978bf1506d761a6962d949f35b71f1740d0052a)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit e7c1ed3ede83eef70135f96261169af57399962b)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29543: Remove inputfocus variable
Jonathan Druart [Wed, 5 Jan 2022 10:25:12 +0000 (11:25 +0100)]
Bug 29543: Remove inputfocus variable

It's not used in template

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7ea2d7cd68bef8d59807f221a23a680361d24b1a)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 9108a00a4d1047c230e224b81a73b14ae7281f36)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29543: Remove borrower variable
Jonathan Druart [Wed, 5 Jan 2022 10:24:12 +0000 (11:24 +0100)]
Bug 29543: Remove borrower variable

It's not needed, we have $patron

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4c398daaf5df0522e8c302eb342c1ec30d6a17a9)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 10569aaff621970db4bf5eb226e568a778272add)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt
Owen Leonard [Tue, 11 Aug 2020 17:26:18 +0000 (17:26 +0000)]
Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt

To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: subscription-add.tt
Owen Leonard [Tue, 11 Aug 2020 15:22:33 +0000 (15:22 +0000)]
Bug 26102: Prevent XSS when To.json is used: subscription-add.tt

Test the process of adding a subscription, entering both a valid vendor
ID and a non-existent vendor ID. The non-existent vendor ID should
trigger a validation alert.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: guarantor_search.tt
Owen Leonard [Tue, 11 Aug 2020 15:05:59 +0000 (15:05 +0000)]
Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt

To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: catalogue/results.tt
Owen Leonard [Tue, 11 Aug 2020 12:57:48 +0000 (12:57 +0000)]
Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt

To test, perform a search in the catalogue and verify that search term
highlighting works correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt
Owen Leonard [Tue, 11 Aug 2020 12:41:13 +0000 (12:41 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt

Test the process of searching for and selecting an authority record for
use in the basic MARC editor.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: authorities/authorities.tt
Owen Leonard [Tue, 11 Aug 2020 12:34:18 +0000 (12:34 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt

Check that mandatory tags and subfields are correctly required when
editing an authority record.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: admin/preferences.tt
Owen Leonard [Tue, 11 Aug 2020 12:31:26 +0000 (12:31 +0000)]
Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt

Test that preference search term highlighting works correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29702: Fetch group libraries in a single call
Nick Clemens [Wed, 15 Dec 2021 15:44:06 +0000 (15:44 +0000)]
Bug 29702: Fetch group libraries in a single call

The current code gets all group members, then loops through and fetches the library if there is a
branchcode, or recursively calls itself if a group. This slows down performance.

We can utilize the 'libraries' method to get all child libraries at once, then make a check
for child groups separately

To recreate:
 1 - Add 100 items to a biblio
 2 - Define a library group as a hold group
 3 - Add all libraries to the group
 4 - Set 'Default checkout, hold and return policy'->'Hold pickup library match' = 'Any library'
 5 - place a hold on the record and note load time after patron is selected
 6 - Set 'Default checkout, hold and return policy'->'Hold pickup library match' = 'Patrons hold group'
 7 - place a hold, note longer load time after patron selection
 8 - Apply patch
 9 - note improvement
10 - prove -v t/db_dependent/Koha/Libraries.t

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5b8f125c824312b3540a0c7505d63314589a6d9f)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29736: (QA follow-up) No need to delete all clubs
Tomas Cohen Arazi [Tue, 21 Dec 2021 13:16:55 +0000 (10:16 -0300)]
Bug 29736: (QA follow-up) No need to delete all clubs

There's no real need to delete all the existing clubs in the tests.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d4c628f1711f532b6441e9e8244e7e13369af40e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29736: Restore searching
Tomas Cohen Arazi [Tue, 21 Dec 2021 13:49:56 +0000 (10:49 -0300)]
Bug 29736: Restore searching

Without this patch, the list will always display all clubs.

To test:
1. Have two clubs, with enrollemnts:
   - Cthulhu fans
   - The Shadow Out of Time fans
2. Search for the letter c
=> FAIL: You get both results
3. Apply this patch
4. Repeat 2
=> SUCCESS: Only Cthulhu is returned
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 96012930ee78776af2a2c3e00aaf87a5ff231fac)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29736: Don't return empty clubs
Jonathan Druart [Mon, 20 Dec 2021 14:14:56 +0000 (15:14 +0100)]
Bug 29736: Don't return empty clubs

There is an error when placing a hold for a club without members:
Uncaught TypeError: err.responseJSON.error is undefined

It seems that we should remove clubs without members from the search.

Test plan:
Create 1 club xx with 2 patrons
Create 1 club xxx with 1 patron and cancel their enrolment
Create 1 club xxxx without patron

Place a hold for club "x", only the first one should be returned with
this patch.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b45e67e03eeffdaa006c693e2e6426d452cbb09e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29476: (follow-up) Fix return, add precision test
Nick Clemens [Mon, 13 Dec 2021 17:27:42 +0000 (17:27 +0000)]
Bug 29476: (follow-up) Fix return, add precision test

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e5949e32a5f1bfc8b2fc45abf74ba1beeb734885)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29476: Correct soonest renewal date calculation for checkouts with auto-renewal
Joonas Kylmälä [Sun, 14 Nov 2021 14:19:08 +0000 (14:19 +0000)]
Bug 29476: Correct soonest renewal date calculation for checkouts with auto-renewal

If a checkout with auto-renewal enabled doesn't have a
"norenewalbefore" circulation rule set the code in CanBookBeRenewed()
falls back to using due date (to verify this please look for the
string "auto_too_soon" in C4/Circulation.pm), the calculation result
of GetSoonestRenewDate() however didn't do this, though luckily it was
not used in CanBookBeRenewed so we didn't get any issues
there. However, GetSoonestRenewDate() is used for displaying the
soonest renewal date in the staff interface on the circ/renew.pl page
so you would have gotten wrong results there.

This patch moves additionally the tests made for Bug 14395 under a new
subtest for GetSoonestRenewDate() as they should have been like that
already before.

To test:
  1) prove t/db_dependent/Circulation.t

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cea2b217c5288c77aae7cbaf5ac791ee249b9812)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29530: Fix handling of NumSavedReports preference in reports table
Owen Leonard [Tue, 23 Nov 2021 18:27:21 +0000 (18:27 +0000)]
Bug 29530: Fix handling of NumSavedReports preference in reports table

This patch updates the way the NumSavedReports preference value is used
on the saved reports page so that the setting is correctly incorporated
into the DataTable.

The patch also expands the description of the NumSavedReports preference
in order to clarify the expected behavior when no value is saved.

To test, apply the patch and go to Administration -> System
preferences and note the value of NumSavedReports.

 - Go to Reports -> Use saved.
 - Confirm that the first page of saved reports shows the number
   specified in NumSavedReports.
 - In the "Show" dropdown menu, confirm that the number from
   NumSavedReports is preselected by default.
   - Expand the dropdown menu to confirm that the NumSavedReports number
     is positioned sequentially with the default values. For example, if
     NumSavedReports = "78," the menu options should be
     "10, 20, 50, 78, 100, All".
 - Test with various values of NumSavedReports. A blank value should
   result in the "All" option being selected. A non-numeric or
   non-positive value should result in the default set of options being
   used ("10, 20, 50, 100, All").

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3c8a1974847ea1ff7afc49fb30b494e5c2467ea8)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 24866: Changed $raw for html for extra safety
Florian Bontemps [Thu, 25 Nov 2021 08:59:03 +0000 (08:59 +0000)]
Bug 24866: Changed $raw for html for extra safety

Same test plan as before

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit edff2287c2d79bbd3d637e65669dd439d595a736)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 24866: (follow-up) Replaced tabulations by dashes
Florian Bontemps [Tue, 9 Nov 2021 13:36:36 +0000 (13:36 +0000)]
Bug 24866: (follow-up) Replaced tabulations by dashes

The rendering of SELECT elements is up to the browser.
But Bug 16123 CSS code 'style="padding-left: xx' doesn't work on modern browsers.

Based on the previous contribution, this fix replaces CSS style attribute with dashes, creating a leveled structure that should work with most browsers.

Tested on Linux Ubuntu with Firefox 94.0, Chromium 95.0.4 and Opera 81.0.1
TEST PLAN :

1. Go to the Administration module
2. Add a new budget (ie : Budget 2022)
3. Add a fund to this budget (ie : Book)
4. Add a sub-fund to fund Book (ie : Fiction)
5. Add another sub-fund, this time to sub-fund Book (ie : Adult fiction)
You will have this hierarchy :

Budget 2022
 |____ Book
         |_____ Fiction
                |_____ Adult fiction

6. Go to the Acquisition module
7. Select a vendor and create a new basket
8. Place an order
9. Check the budget dropdown menu

BEFORE PATCH
Book
Fiction
Adult fiction

OR

Book
   Fiction
         Adult fiction

AFTER PATCH
Book
 -- Fiction
 -- -- Adult fiction

Co-authored-by: Didier Gautheron <didier.gautheron@biblibre.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8cc0f00556933218a3e98a1dc5cb3a4af89490d2)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 24866: Display budget hierarchy in the budget dropdown menu used when placing...
Didier Gautheron [Mon, 6 Apr 2020 14:30:40 +0000 (14:30 +0000)]
Bug 24866: Display budget hierarchy in the budget dropdown menu used when placing a new order

The rendering of SELECT elements is up to the browser.
But Bug 16123 CSS code 'style="padding-left: xx' doesn't work on modern browsers.

This patch replace CSS style attribute with &emsp; html entity.

On supported platforms
TEST PLAN :

1. Go to the Administration module
2. Add a new budget (ie : Budget 2020)
3. Add a fund to this budget (ie : Book)
4. Add a sub-fund to fund Book (ie : Adult fiction)

You will have this hierarchy :

Budget 2020
 |____ Book
         |_____ Adult fiction

5. Go to the Acquisition module
6. Select a vendor and create a new basket
7. Place an order
8. Check the budget dropdown menu

BEFORE PATCH
Book
Adult fiction

OR

Book
   Adult fiction

AFTER PATCH
Book
   Adult fiction

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 008b51d4d53ad27d31a7af2fbb041fc6f1ddb7bd)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29685: Reduce item processing by calculating 'items any available' outside of...
Nick Clemens [Mon, 13 Dec 2021 12:01:24 +0000 (12:01 +0000)]
Bug 29685: Reduce item processing by calculating 'items any available' outside of loop

See bug 24185, this avoids looping every each item of the record for every item of the record

How to reproduce:

1) on freshly installed kohadevbox create/import one book,
remember that biblionumber for later use it in down below,

2) add 100 items for that book for some library,

3) find some patron, that patron's card number we will
use as a borrower down below to open holds page,

4) check for the rule or set up a single circulation rule
in admin "/cgi-bin/koha/admin/smart-rules.pl",
that rule should match above book items/library/patron,
check that rule to have a non-zero number of holds (total, daily, count) allowed,
and, IMPORTANT: set up "On shelf holds allowed" to "If all unavailable",
("item level holds" doesn't matter).

5) open "Home > Catalog > THAT_BOOK > Place a hold on THAT_BOOK" page
("holds" tab), and enter patron code in the search field,
or you can create a direct link by yourself, for example, in my case it was:
/cgi-bin/koha/reserve/request.pl?biblionumber=4&findborrower=23529000686353

6) it should be pretty long page generation time on old code, densely increasing for every hundred items added. In the case of this solution, it's fast, and time increases a little only, linear.

In testing with 100 books I went from ~6.5 seconds to ~3.2 seconds

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2213cb9152d17595ef102d0de5516c4eee023ae9)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoDBRev 21.05.08.002
Andrew Fuerste-Henry [Tue, 25 Jan 2022 17:06:48 +0000 (17:06 +0000)]
DBRev 21.05.08.002

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29557: (QA follow-up) Add note for translated notices to update statement
Katrin Fischer [Sun, 19 Dec 2021 11:05:18 +0000 (12:05 +0100)]
Bug 29557: (QA follow-up) Add note for translated notices to update statement

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a150d652ce462efc7094f538625d445328f32377)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29557: Add auto_account_expired to AUTO_RENEWALS
Jonathan Druart [Tue, 23 Nov 2021 13:48:22 +0000 (14:48 +0100)]
Bug 29557: Add auto_account_expired to AUTO_RENEWALS

It was missing and the notice sent was not providing the reason of the
failure.

Test plan:
Check an item out with a date in the past, mark it as auto renew
Modify the expired date of the patron and set it in the past
Run the automatic_renewals.pl cronjob script, confirm that the notice
now contains the reason of the failure.

QA note: The template will be updated only for English installations.
Should we add an alert for others?

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0f1f307ff84558ae9305140472d7ba5174975741)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 17127: Remove notes from detail.tt to only use MARCNOTES
Florian Bontemps [Wed, 27 Oct 2021 12:50:42 +0000 (12:50 +0000)]
Bug 17127: Remove notes from detail.tt to only use MARCNOTES

Notes come from the biblio table, but that table is already used to fill in MARCNOTES through Biblio.pm and get_marc_notes.
Get_marc_notes does check for NotesToHide and already read every note on the records, but .notes doesn't go through that same filter.
I don't see the point of keeping notes as a condition when MARCNOTES does the same job but better.

To test:
    1) Take any record, or create one
    2) Input something in the 500 field (or 300 in UNIMARC)
    3) In Systempreferences -> NotesToHide, fill in the number 500 (or 300).
    4) Save, then go look at the record detail in the OPAC and admin website.
    5) You should still see the 500 or 300 field under the Description tab.
    6) Apply patch.
    7) Reload the record detail page.
    8) Observe the error is gone.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 093e4223f2fe14ffeaed664aa04596f9c1744033)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29419: Retain user's inputs when suggesting for purchase and match found
Jonathan Druart [Tue, 16 Nov 2021 10:55:08 +0000 (11:55 +0100)]
Bug 29419: Retain user's inputs when suggesting for purchase and match found

If a user suggests for purchase and a match is found, their inputs was
not retained: quantity, item type, library, reason.

Test plan:
1. Suggest for purchase
2. Fill the title in with a string that will match an existing record
3. Fill value in quantity, item type, library and reason input/dropdown
4. Submit
=> Notice that with this patch the values you entered are retained on
the confirmation screen

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d9fb75f210227d33545e580eca72f54399b5ab3e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29789: Remove unused $error from cataloguing/additem.pl
Jonathan Druart [Tue, 4 Jan 2022 14:40:19 +0000 (15:40 +0100)]
Bug 29789: Remove unused $error from cataloguing/additem.pl

my $error        = $input->param('error');

It should be removed as $error is used later but not related to this variable.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b85e3cb81181529698e39219fe5ccc9b62c7e243)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29553: (QA follow-up) Check defined instead of evaluating as boolean
Tomas Cohen Arazi [Fri, 17 Dec 2021 15:53:28 +0000 (12:53 -0300)]
Bug 29553: (QA follow-up) Check defined instead of evaluating as boolean

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a6a6d4af75db5c5be008c13b49727f1b9ee1a53f)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29553: Regression tests
Tomas Cohen Arazi [Fri, 17 Dec 2021 15:52:17 +0000 (12:52 -0300)]
Bug 29553: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6f2f2af68072b58b4ec0b5f214ffd96a1d8d18a6)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29553: Fix crash on undefined notforloan value
Marcel de Rooy [Mon, 22 Nov 2021 10:53:07 +0000 (10:53 +0000)]
Bug 29553: Fix crash on undefined notforloan value

Test plan:
Set item level itypes to biblioitems.
Find a record with itemtype NULL, having an item.
Place a hold. Without this patch, it crashes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: ThibaudGLT <thibaud.guillot@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2eec30eb644bbc6a1851b5264a68c84ee177602e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29508: Make GET /patrons/:patron_id use Koha::Patrons->search_limited
Tomas Cohen Arazi [Wed, 17 Nov 2021 19:36:11 +0000 (16:36 -0300)]
Bug 29508: Make GET /patrons/:patron_id use Koha::Patrons->search_limited

This patch makes the route return 404 if the user is not allowed to see
the requested patron information.

To test:
1. Apply the regression tests
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: The code doesn't respect limits
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5ee42b6b6031472dc6637d1f22b53815ecb96121)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29508: Regression tests
Tomas Cohen Arazi [Wed, 17 Nov 2021 19:35:33 +0000 (16:35 -0300)]
Bug 29508: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit dd3ffbdd7c81927f82e9c19e4ab0c4430346463c)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29506: (follow-up) Adapt GET /patrons
Tomas Cohen Arazi [Wed, 17 Nov 2021 17:57:26 +0000 (14:57 -0300)]
Bug 29506: (follow-up) Adapt GET /patrons

This patch makes GET /patrons rely on this new behavior from the
objects.search helper.

To test:
1. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests still pass!
4. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29506: Make objects.search call search_limited if present
Tomas Cohen Arazi [Wed, 17 Nov 2021 17:30:21 +0000 (14:30 -0300)]
Bug 29506: Make objects.search call search_limited if present

This patch makes objects.search implicitly update the passed
*$result_set* to use search_limited. This way no object leaks could
happen without noticing.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/REST/Plugin/Objects.t
=> FAIL: Tests fail because search_limited is not used
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Results are correctly filtered based on userenv!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29506: Regression tests
Tomas Cohen Arazi [Wed, 17 Nov 2021 17:30:11 +0000 (14:30 -0300)]
Bug 29506: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29503: Make GET /patrons use Koha::Patrons->search_limited
Tomas Cohen Arazi [Wed, 17 Nov 2021 16:07:12 +0000 (13:07 -0300)]
Bug 29503: Make GET /patrons use Koha::Patrons->search_limited

This patch makes the controller method use Koha::Patrons->search_limited
so filters based on configuration and permissions apply when fetching
patrons.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: Boo, you get more patrons than you should
3. Apply the patch
4. Repeat 2
=> SUCCESS: Yay! Things are filtered as expected (i.e. using
Koha::Patron->libraries_where_can_see_patrons)
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7d38b15d65aad783e68957dad43b30d42896f627)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29503: Regression tests
Tomas Cohen Arazi [Wed, 17 Nov 2021 16:07:07 +0000 (13:07 -0300)]
Bug 29503: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit bc439a804775ffae0d717a03cf7056bcb39ed2bd)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29018: Make DELETE /patrons/:patron_id check things
Tomas Cohen Arazi [Mon, 20 Dec 2021 15:05:59 +0000 (12:05 -0300)]
Bug 29018: Make DELETE /patrons/:patron_id check things

When the route was implemented, the checks were overlooked. This patch
adds checks for:
- Guarantees
- Debts
- Current checkouts

Any of those will block deletion, as it should.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: Tests fail, the route misses checks
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! The three conditions prevent deletion!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29018: Regression tests
Tomas Cohen Arazi [Mon, 20 Dec 2021 15:05:28 +0000 (12:05 -0300)]
Bug 29018: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29680: Change markup to correct button radius
Owen Leonard [Mon, 13 Dec 2021 14:13:54 +0000 (14:13 +0000)]
Bug 29680: Change markup to correct button radius

This patch alters the markup around the "Show SQL/Hide SQL" buttons so
that they are not styled as if they are a button group.

To test, apply the patch and run an SQL report.

The "Show SQL code" button should be styled consistently with other
single buttons in the toolbar. Click it to test that the "Hide SQL code"
button is also correct.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Andreas Roussos <a.roussos@dataly.gr>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2a2feb7f4a14ccfb8d555a185f6343646a5ed11b)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29571: (follow-up) Fix display of pending suggestions in acqui-home.tt
Andreas Roussos [Mon, 13 Dec 2021 06:49:07 +0000 (07:49 +0100)]
Bug 29571: (follow-up) Fix display of pending suggestions in acqui-home.tt

In addition to the Staff Client's home page, the number of pending
suggestions is also displayed in Home > Acquisitions. Currently,
these are only displayed if there are pending suggestions at the
logged in library. However, suggestions should always be displayed.

This follow-up patch fixes that, and also removes a template variable
(`suggestion`) that is no longer in use (removed as part of Bug 4331,
commit 70af4593722ce2f3debd4f6d2c251ad29008b923).

Test plan:
1) Create a suggestion for Library A.
2) Go to Home > Acquisitions while logged in at Library B.
   Without this patch, nothing is displayed regarding suggestions.
3) Apply this patch. Notice how suggestion information is shown, like:
   "Manage suggestions: Library B: 0 / All libraries: 1"
   If you change the library to Library A, you should get:
   "Manage suggestions: Library A: 1"

Signed-off-by: Florian Bontemps <florian.bontemps@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a43a17194020c0f242e346346242c17702ab8bd2)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29571: Display all pending suggestions even if none from logged in library
Jonathan Druart [Thu, 25 Nov 2021 13:06:07 +0000 (14:06 +0100)]
Bug 29571: Display all pending suggestions even if none from logged in library

The number of pending suggestions was only displayed if there are pending
suggestions at the logged in library.

Test plan:
Login at CPL
Create a suggestion (ASKED) for another library
=> Without this patch there is nothing on the mainpage
=> With this patch applied you will see info about pending suggestions:

"Suggestions pending approval: Centerville: 0 / All libraries: 1"

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: ThibaudGLT <thibaud.guillot@biblibre.com>
Signed-off-by: Andreas Roussos <a.roussos@dataly.gr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 44bbe36af0b385558c6148c4d5ce95b961211622)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29591: Add autorenew_checkouts column to preferences json
Nick Clemens [Tue, 13 Oct 2020 15:42:39 +0000 (15:42 +0000)]
Bug 29591: Add autorenew_checkouts column to preferences json

Bug 24476 added autorenew_checkouts as a borrower column, intending it to be able to be
hidden if a library was not using the feature.

When the column chooser was added, this column was not included.

To test:
1 - Search system preferences for "BorrowerUnwantedFields"
2 - Click the box to change the value
3 - "autorenew_checkouts" is not an option
4 - Confirm that you see the option to opt patron out of autorenewal when editing patron on staff side
5 - Apply patch and restart everythign
6 - Search for the syspref again
7 - Note that now you can select "autorenew_checkouts"
8 - Check the box and save
9 - Confirm the opt out option is no longer visible during patron editing

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 198bdd374df8838b621316d88d13f8f1c8b6d5f2)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29729: Build a tr for each subscription
Lucas Gass [Fri, 17 Dec 2021 21:09:19 +0000 (21:09 +0000)]
Bug 29729: Build a tr for each subscription

To test:
1 To to Reports > Serials > Serials subscriptions and run the report while selecting a branch without subscriptions.
2 Notice console error
3 If you run the report for a branch WITH subscriptions it works just fine.
4 Apply patch
5 Do 1 again, no console error and show no see 'No entries to show'
6 Make sure it also works when you have a few subscriptions for a branch as well

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 344e091f407d885f0fcb5af752409a09ebf56999)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoCompiled CSS
Andrew Fuerste-Henry [Mon, 10 Jan 2022 15:45:11 +0000 (15:45 +0000)]
Compiled CSS

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29604: Dont add psuedo content to highlighted terms
Lucas Gass [Thu, 2 Dec 2021 01:59:06 +0000 (01:59 +0000)]
Bug 29604: Dont add psuedo content to highlighted terms

To test:
1. Do a search for something where the search terms will be in the 505
   note.
2. Visit the OPAC detail page of the record.
3. The first occurance of the term highlighting will include the CSS
   pseduo element "→ ";
4. Apply patch
5. Do the stuff to regenerate the CSS
   (https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_interface)
6. Do 1 & 2 again.
7. No weird psuedo element in the term highlighting

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e66f8149e8383787ad590c60bca279ebfbcef2da)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29696: Preserve link to biblio when creating a suggestion
Jonathan Druart [Wed, 15 Dec 2021 06:02:46 +0000 (07:02 +0100)]
Bug 29696: Preserve link to biblio when creating a suggestion

Caused by
  commit 586bed1319592e05f5dc3acf64a1dba8cae69d6b
  Bug 28941: Filter suggestion inputs at the OPAC

We are loosing the link with the biblio (suggestion.biblionumber)

Test plan:
At the OPAC, go to the detail page of a bibliographic record, click
"Suggest for purchase" and submit the form.
Without this patch the suggestion is created but the link to the
bibliographic record is lost
With this patch applied you should see that suggestions.biblionumber has
correctly been preserved

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 9ae252946da274ef50435a23e3e08cb8cb024f74)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29696: Add tests
Jonathan Druart [Wed, 15 Dec 2021 06:02:08 +0000 (07:02 +0100)]
Bug 29696: Add tests

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 146c1e1d9f8d94e10d189fb601f71f6683963b7d)

Bug 29696: correct number of tests for 21.05.x

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29436: ES mappings not saved if zebra is configured
Jonathan Druart [Tue, 16 Nov 2021 15:04:45 +0000 (16:04 +0100)]
Bug 29436: ES mappings not saved if zebra is configured

The mappings must be editable even if ES is not turned on yet.

Using a separate array to store the errors as we are testing for $@ ||
@messages.

There is still something wrong that should be improve, but this patch
should be safe for backport.

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d17db253ea6ec2c96662aade8cb8d8b6665d768d)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoDBRev 21.05.08.001
Andrew Fuerste-Henry [Mon, 10 Jan 2022 14:57:51 +0000 (14:57 +0000)]
DBRev 21.05.08.001

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29457: Generic warning at upgrade
Martin Renvoize [Wed, 17 Nov 2021 16:49:27 +0000 (16:49 +0000)]
Bug 29457: Generic warning at upgrade

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: Adding exec flag and two dots.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1dec6d946875b7151278fab9d6da65995f37cdab)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29457: Pass context borrowernumber
Martin Renvoize [Thu, 11 Nov 2021 10:56:45 +0000 (10:56 +0000)]
Bug 29457: Pass context borrowernumber

This patch updates the call to cancel such that we pass the currently
logged in users borrowernumber instead of their userid.

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0a79d2542178439e6dee39adc669cdeeecf5207e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28926: Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16
Mason James [Tue, 31 Aug 2021 04:05:05 +0000 (16:05 +1200)]
Bug 28926: Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16

to test...
 - apply patch
 - build package
 - confirm in about.pl that minimum versions are updated

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit bfd033c68aa63650f7f78d85054d2d41b697c094)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29381: Prevent sending of automatic renewal messages on every cron run
Joonas Kylmälä [Sun, 31 Oct 2021 14:52:50 +0000 (14:52 +0000)]
Bug 29381: Prevent sending of automatic renewal messages on every cron run

Currently the auto-renewal digest messages are sent on every cron run
even if there was nothing to renew or no renewal errors.

This regression was introduced in the commit "Bug 18532: Add
individual issues to digest notice and hide auto_renewals messaging
preference when not needed".

To test:
 1) set syspref AutoRenewalNotices to be according to patron
    preferences
 2) Enable renewal digest messages on a patron's messaging preferences
 3) Checkout a book for patron, during the checkout use the Checkout
 settings menu to check the box "Automatic renewal"
 4) Run
    $ perl misc/cronjobs/automatic_renewals.pl --send-notices --confirm --digest-per-branch
    $ perl misc/cronjobs/automatic_renewals.pl --send-notices --confirm --digest-per-branch
 5) Notice you have now two renewal messages for the patron
 6) Apply patch
 7) repeat step 4) and notice you don't get anymore these unnecessary
    renewal messages

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 92dce6465e496dbf79d17ef2409ae2e498283773)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoUpdate release notes for 21.05.08 release v21.05.08
Andrew Fuerste-Henry [Thu, 23 Dec 2021 15:52:09 +0000 (15:52 +0000)]
Update release notes for 21.05.08 release

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoIncrement version for 21.05.08 release
Andrew Fuerste-Henry [Thu, 23 Dec 2021 15:39:31 +0000 (15:39 +0000)]
Increment version for 21.05.08 release

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoTranslation fixes for 21.05.08
Andrew Fuerste-Henry [Thu, 23 Dec 2021 15:28:01 +0000 (15:28 +0000)]
Translation fixes for 21.05.08

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoTranslation updates for Koha 21.05.08
Koha translators [Thu, 23 Dec 2021 14:53:12 +0000 (11:53 -0300)]
Translation updates for Koha 21.05.08

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28698: Fix news for all displays in all locations
Fridolin Somers [Fri, 9 Jul 2021 08:33:03 +0000 (22:33 -1000)]
Bug 28698: Fix news for all displays in all locations

Some news are used for custom text with a specific language, for example "opacheader".
The bug is that in these locations, news for all (staff and opac) are displayed.
This is because GetNewsToDisplay uses SQL :
  opac_news.lang = '' OR opac_news.lang = ?

This patch is a quick fix.
This feature maybe needs a big revamping.

Test plan :
1) Remove any news
2) Create a news with empty 'Display location' and some content
3) Display OPAC interface
4) without patch you see in location of 'opacheader', 'opacnavright' ... the content
   of the news
5) With patch you see content of the news only in news table
6) Create a news for opacheader
7) Check it appears in correct language

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 9565: Use Koha::Biblio
Jonathan Druart [Mon, 6 Dec 2021 13:44:07 +0000 (14:44 +0100)]
Bug 9565: Use Koha::Biblio

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 9565: (follow-up) Adapt batch record deletion tool
Marion Durand [Thu, 2 Dec 2021 12:41:11 +0000 (13:41 +0100)]
Bug 9565: (follow-up) Adapt batch record deletion tool

Add a column "Subscriptions" to the batch deletion tools
Add a link on the number of subscription to the search page with all the subscriptions of the record
Add a button in the toolbar to select only biblio record without subscriptions

The changes are only on display
It is still possible to delete records that are attached to subscriptions from this tool (as it is possible for records with attached items)

To test:
1) Go to the batch record deletion (in tools)
2) Select a list of record numbers (select some with one or more subscription)
3) Click on Continue
4) Check that there is no column named "Subscription" and that there is no button "Select without subscription" in the toolbar
5) Apply patch
6) Repeat steps 1 to 3
7a) Check that there is a column named "Subscription" fill with the number of subscriptions attached to the record
7b) Check that the link in the subscriptions column send you to the search page with the subscriptions linked to this record
7c) Check that there is a button "Select without subscription" in the toolbar that selects record with no subscription attached
8) Sign off

Signed-off-by: Frank Hansen <frank.hansen@ub.lu.se>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 9565: (follow-up) Deleting a biblio should alert/fail if there are existent subsc...
Marion Durand [Thu, 21 Oct 2021 13:06:02 +0000 (15:06 +0200)]
Bug 9565: (follow-up) Deleting a biblio should alert/fail if there are existent subscriptions

Clicking on "Delete record" while there are existent subscriptions no
longer delete the record and the subscription. Instead an alert box
inform the user that he must delete all subscription before deleting the
record.

To test:
1) Add a subscription to a biblio, or check a biblio which has one
   attached already.
2) Remove all items if there are any.
3) Apply patch.
4) Confirm that the 'Delete record' item is disabled in the list.
5) Attempt to 'Delete record', you should recieve
   an error message stating to delete all subscriptions before
   deleting record.
6) Sign off.

Sponsored by: Lunds Universitetsbibliotek

Signed-off-by: Samu Heiskanen <samu.heiskanen@hypernova.fi>
Signed-off-by: Frank Hansen <frank.hansen@ub.lu.se>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 9565: Deleting a biblio should alert/fail if there are existent subscriptions
Timothy Alexis Vass [Fri, 13 Nov 2020 09:47:32 +0000 (09:47 +0000)]
Bug 9565: Deleting a biblio should alert/fail if there are existent subscriptions

Currently Koha will delete a biblio record if there are existent serial subscriptions.
This patch will prevent deleting the biblio until attached subscriptions are removed.

To test:
1) Add a subscription to a biblio, or check a biblio which has one attached already.
2) Remove all items if there are any.
3) Apply patch.
4) Confirm that the 'Delete record' item is disabled in the list.
5) Sign off.

Sponsored by: Lunds Universitetsbibliotek

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Frank Hansen <frank.hansen@ub.lu.se>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28481: (RM follow-up) formatting
Fridolin Somers [Thu, 16 Dec 2021 21:34:07 +0000 (11:34 -1000)]
Bug 28481: (RM follow-up) formatting

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4afa61fd9d413dfe5f49ca9adbb94ccf7bed00f0)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28481: (QA follow-up) Set date to 23:59:59
Martin Renvoize [Mon, 13 Dec 2021 09:36:33 +0000 (09:36 +0000)]
Bug 28481: (QA follow-up) Set date to 23:59:59

This patch changes the fix from adding a day to setting the time to
23:59:59.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 18f8a43b71475d4d74c4c964eb65b6f23855197e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28481: Make 'to' date inclusive.
Martin Renvoize [Mon, 29 Nov 2021 10:46:06 +0000 (10:46 +0000)]
Bug 28481: Make 'to' date inclusive.

Test Plan:
1) Sell an item
2) Cash up to make the sale historical
3) Search "Older transactions" with both dates being the current date,
   click "Display" to search
4) Note you get no results
5) Apply the patch
6) You should now see your transaction

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5646e0a145404014f660110acdd5c961181b442e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 27801: Fix javascript price calculations
Martin Renvoize [Fri, 3 Dec 2021 15:29:00 +0000 (15:29 +0000)]
Bug 27801: Fix javascript price calculations

This patch ensures we're formatting the price values consistently for
the table total and the amount to pay input field.

Test plan
1) Add an item to charge at 0.10.
2) Add this same item 8 or 9 times (Do not use the 'quantity')
3) Note that the table total and the 'Amount paid' values do not match
4) Apply the patch and repeat the above steps.. the values should now
   match.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7e72a7dde5a73ed6177b321d29fca0df13f08f2c)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29349: (follow-up) Fix width of item level dropdowns
Lucas Gass [Tue, 7 Dec 2021 19:21:03 +0000 (19:21 +0000)]
Bug 29349: (follow-up) Fix width of item level dropdowns

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2c2ff3ae310c5d7de0805b74c2fd026936c5f579)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29349: Do not assume holding branch is a valid pickup location
Tomas Cohen Arazi [Fri, 3 Dec 2021 19:45:21 +0000 (16:45 -0300)]
Bug 29349: Do not assume holding branch is a valid pickup location

The original code for pickup locations when placing item-level holds
picked the currently logged-in library.

We made things more robust, as the logged-in library might not be a
valid pickup location for the patron and item. But it was wrongly chosen
to use the holding branch as the default.

A more robust approach is needed, and this precedence is picked this
time (it could be configuration-driven in the future):

    - Logged-in library
    - Empty

To test:
1. Pick a biblio with various valid pickup locations, some not including
   the logged-in library.
2. Pick a patron for placing the hold
=> FAIL: Notice that (when valid pickup location) the holding branch is
always chosen
3. Apply this patch
4. Repeat 2
=> SUCCESS: If valid pickup location, the logged-in branch is picked as
default for item-type level. When it is not, an empty dropdown is used
as a fallback.
5. Sign off :-D

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ed5f739cd6e4fb1ebf0c707856725df33ccc5320)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28855: (follow-up) adapt specific test
Marion Durand [Tue, 9 Nov 2021 13:08:58 +0000 (13:08 +0000)]
Bug 28855: (follow-up) adapt specific test

Adapt the test of function DelSuggestionsOlderThan to match the new behaviour of the function.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8d1eaa6a544591a58764dcd636c22d07f3ba57bf)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28855: Purging suggestions test should not be on timestamp
Marion Durand [Fri, 22 Oct 2021 13:07:43 +0000 (15:07 +0200)]
Bug 28855: Purging suggestions test should not be on timestamp

DelSuggestionsOlderThan is on "date", a timestamp. It can be a problem
because "date" is updated when we update the database, in consequences
all the suggestions take the same date.

This patch use 'manageddate' instead.

In order to test this patch, you will need to have some suggestions
where "Managed on" (suggestions.manageddate in the database) is older
from "Last updated" (suggestions.date in the database). This can append
during some specific update. If you don't have such data, you will have
to add them via SQL request.

Example of sql for insertion (ID is the patron id of a librarian which
can manage suggestions):
INSERT INTO suggestions (suggestedby, suggesteddate, managedby,
manageddate, acceptedby, accepteddate, STATUS, title) VALUES (1,
'2020-10-13', 1, '2020-10-26', 1, '2020-10-26', 'ACCEPTED', 'title');

Test plan:
1- Choose a date and find (or add) a suggestion where:
    - "Last updated" is not older than this date
    - "Managed on" is older than this date
    - "Status" is different from "Pending" ("ASKED" in database)
Calculate number_days = today's date - chosen date
Example: (Today's date 28/10/2021, chosen date : 28/10/2020,
number_days=365)
Suggestion | .. | Managed on | .. | Last updated | .. | Status
title      | .. | 10/26/2020 | .. | 05/15/2021   | .. | Accepted

2- Run cron job
/home/koha/src/misc/cronjobs/purge_suggestions.pl --confirm --days number_days

3- Check that this suggestion has not been deleted

4- Apply the patch

5- Repeat steps 1 and 2

6- Check that this suggestion has been deleted

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 90bfdbc92f082c654273b9563cd899abe9f6b895)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29040: Remove warning from the itemtype edit view
Jonathan Druart [Fri, 19 Nov 2021 13:54:58 +0000 (14:54 +0100)]
Bug 29040: Remove warning from the itemtype edit view

Use of uninitialized value $interface in concatenation (.) or string at /kohadevbox/koha/C4/Languages.pm line 121.

We are expecting "intranet" or "opac, here we sent undef which raises a
warning.
For no change in behaviour we can send "both" (or whatever different
than "intranet" and "opac").

Test plan:
Hit /cgi-bin/koha/admin/itemtypes.pl?op=add_form&itemtype=BK
Notice that the warning does no longer appear in the logs with the patch
applied.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2923a5cbb0e8cd2f9ab8ec9f93b5cc40bb5ba641)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28216: Fix vendor list group by in serials statistics wizard
Fridolin Somers [Mon, 26 Apr 2021 07:40:08 +0000 (09:40 +0200)]
Bug 28216: Fix vendor list group by in serials statistics wizard

Bug 24940 added sort vendor list by aqbookseller.name but removed accidentally the group by.
Now vendors are repeated in the list.

Test plan :
1) Create several subscriptions for same vendor
2) Go to Reports > Serials
3) Check list of vendors
=> Without patch you see the same vendor several times
=> With patch you seen it once
4) Check sort is still on vendor name

Signed-off-by: Samu Heiskanen <samu.heiskanen@hypernova.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f69cedea8ad8fbcc99e7b7068bc7d1b2628fadce)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29115: Fix syntax errors in club hold functionality
Joonas Kylmälä [Sun, 26 Sep 2021 15:36:45 +0000 (15:36 +0000)]
Bug 29115: Fix syntax errors in club hold functionality

The code didn't previously correctly do the checks for patron
debarment status and whether the patron has fees, this caused the
intended warnings messages to not appear when they should have.

To test:
 1) Create a new club and add a patron to it who has manual debarment
    and a manual charge of over $5 (more than the maxoutstanding syspref).
 2) Try to create a new club hold for the previously created club and
    notice no warnings are listed for the patron.
 3) Apply patch
 4) Try to create now the club hold again and notice the warnings
    being shown in the hold page.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d8c5c195c9d6a489c7e63a618b078275ede8c62c)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29611: Clubs enrollment layout problem in the OPAC
Owen Leonard [Wed, 1 Dec 2021 15:44:26 +0000 (15:44 +0000)]
Bug 29611: Clubs enrollment layout problem in the OPAC

This patch makes a minor change to the HTML of the clubs enrollment form
in the OPAC so that the layout works better.

To test you should have at least one club available which allows public
enrollment. The club should have at least one enrollment field
configured.

- Apply the patch and log in to the OPAC.
- On the "Your summary" page, click the "Clubs" tab.
- Click "Enroll" next to the club you configured.
- You should see an enrollment form with the field(s) you configured.
- The "Finish enrollment" button should be styled green and should be
  positioned inside the box which delineates the Clubs tab.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit bbcf0ce7b94d3a94e5e8ab826182940031c9e1a2)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29484: Make ListSets return noSetHierarchy when no sets defined
Tomas Cohen Arazi [Mon, 15 Nov 2021 12:52:15 +0000 (09:52 -0300)]
Bug 29484: Make ListSets return noSetHierarchy when no sets defined

This simple patch makes our OAI-PMH server return the appropriate error
code when no sets are defined.

To test:
1. Apply the regression tests
2. Run:
   $ kshell
  k$ t/db_dependent/OAI/Server.t
=> FAIL: Tests fail. Boo!
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! YAY!
5. Sign off :-D

Bonus: you can check with the tool mentioned on the bug report, that
the error is gone. No sets need to be defined.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
JD amended patch
-    ) unless scalar @{$sets} > 0;
+    ) unless @$sets;

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit abe9abf47083d26300a4e09100ba362e6facf6dc)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29484: Regression tests
Tomas Cohen Arazi [Mon, 15 Nov 2021 12:51:53 +0000 (09:51 -0300)]
Bug 29484: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e32e9d49c5dfe2ffe51057878370b9e1899e26e1)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 28853: Fix authority plugin when textarea in biblio record editor
Fridolin Somers [Thu, 12 Aug 2021 20:30:17 +0000 (10:30 -1000)]
Bug 28853: Fix authority plugin when textarea in biblio record editor

In biblio record editor, when subfield value contains more than 100 characters the editor uses a textarea instead of an input.
On a field using authority plugin, this breaks the JavaScript because it only searches for input tags :
In /koha-tmpl/intranet-tmpl/prog/en/modules/authorities/blinddetail-biblio-search.tt :
> this.getElementsByTagName('input')[1].value = values[i];

Test plan :
1) Prepare :
1.1) Create a new biblio record with a field using authority plugin, for example 606
1.2) Do not use authority plugin but enter in 606$x more than 100 chars
1.3) Save record
1.4) Create a new autority for 606 biblio field with $a and a $x containing more than 100 chars
2) Test 1 :
2.1) Edit again the biblio record, you see a text area for 606$x
2.2) Use authority plugin on field 606
2.3) Search and choose the new autority
2.4) Check $a,$x and $9 are well filled
3) Test 2 :
3.1) Empty field 606
3.2) Create a second $x subfield and fill it with a random value
3.3) Use authority plugin again on field 606
3.4) Search and choose the new autority
3.5) Check $a and $9 are well filled
3.6) Check first $x contains the value from autority and second $x is empty

Signed-off-by: Florian Bontemps <florian.bontemps@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a59db77d62d5c2cfce7010d73802a8adfbef440c)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
2 years agoBug 29580: Fix missing end tag in circ/overdue.tt
Fridolin Somers [Sat, 27 Nov 2021 01:40:03 +0000 (15:40 -1000)]
Bug 29580: Fix missing end tag in circ/overdue.tt

In circ/overdue.tt there is a end tag </td> inside a IF condition.
I should be outside.

Test plan :
Check HTML in overdue page with and without seeing patrons infos from other
branches

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c812e45494c4d279ae0caadde02003458644d8c1)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>