Andrew Nugged [Fri, 4 Jun 2021 19:32:22 +0000 (22:32 +0300)]
Bug 28489: POD - CGI::Session::Serialize::yamlxs for CGI::Session
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Sat, 5 Jun 2021 12:50:48 +0000 (14:50 +0200)]
Bug 28489: Add selenium tests
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
JD amended patch: Remove libraries the tests created
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Julian Maurice [Thu, 3 Jun 2021 09:28:57 +0000 (11:28 +0200)]
Bug 28489: Modify sessions.a_session from longtext to longblob (kohastructure.sql)
Signed-off-by: Petro Vashchuk <stalkernoid@gmail.com> Signed-off-by: Andrew Nugged <nugged@gmail.com> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Julian Maurice [Wed, 2 Jun 2021 14:05:17 +0000 (16:05 +0200)]
Bug 28489: Modify sessions.a_session from longtext to longblob
This column contains serialized data, it should be a blob.
And it fixes encoding issues.
Test plan:
1. Apply patch and run updatedatabase
2. In $KOHA_CONF make sure that you have
<strict_sql_modes>0</strict_sql_modes>
3. Create 2 libraries:
a. TESTÄ/Testä
b. TEST✓/Test✓
4. Go to the staff interface, change your library to Testä, then
navigate to a few other pages, make sure there is no encoding problem
with the library name in the top right corner
5. Do the same with Test✓
Signed-off-by: Petro Vashchuk <stalkernoid@gmail.com> Signed-off-by: Andrew Nugged <nugged@gmail.com> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Wed, 19 May 2021 08:37:35 +0000 (09:37 +0100)]
Bug 28382: Set trigger to 'Reserve' when actioning a reserve transfer
This patch sets the transfer trigger to 'Reserve' when the staff user
confirms they are transfering to fulfil a reserve.
Test plan
1 - Place a hold for delivery at Library B
2 - Sign in at Library A
3 - Browse to Circulation->Transfers
4 - Attempt to transfer an item on the title with the hold to Library B
5 - You get a notice that hold was found
6 - You have the option transfer the for the hold - click it
7 - Confirm hold is set to transit and transfer generated
8 - Check the branchtransfers table and confirm the 'reason' is
'Reserve' not 'Manual'.
Signed-off-by: David Nind <david@davidnind.com>
JK: fix typo resver -> reserve Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Joonas Kylmälä [Mon, 7 Jun 2021 14:07:04 +0000 (17:07 +0300)]
Bug 27064: (QA follow-up) Add error message only if we have one defined
This moves the DestinationEqualsHolding error message addition to if
clause so the value is added to %err hash only when there is actually
an error. Then we only append to the @errmsgloop array the error
message if one was defined.
To test:
1) Create a hold request to a pickup library where the item currently
is not
2) Add transfer to the pickup library using branchtransfers.pl and
notice without this patch we get and empty message box but with this
patch we don't get it.
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Thu, 6 May 2021 15:31:39 +0000 (16:31 +0100)]
Bug 27064: (QA follow-up) Pass 'replace' through to Koha::Item::Transfer->cancel
The `replace` option found in Koha::Item->request_transfer should be
passed through to Koha::Item::Transfer->cancel and prevent any reverse
transfers from being queued in such cases.
This prevents modItemTransfer from adding superflous reverse transfers
whenever it is used.
Test plan
1/ Run t/db_dependent/Koha/Item.t to prove the new tests pass
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Mon, 17 May 2021 14:51:46 +0000 (15:51 +0100)]
Bug 27064: (QA follow-up) Do not create transfer prior to accepting it
This patch prevents the cancellations we were seeing. Transfers were
being created pre-emtively for reserves in branchtransfers before the
librarian had selected their prefered action. As such, we were getting
double lines in the branchtransfers table.
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Fri, 20 Nov 2020 11:34:11 +0000 (11:34 +0000)]
Bug 27064: Only allow transferring a hold from the transfers page
These patches replace the 'Waiting' button on the transfers page with a 'Transfer' button
and correct some other related problem by passing the hold object to the template and
using that to fetch patron info as well as passing the reserve_id through to ensure the correct hold is
affected at all times
To test:
1 - Place a hold for delivery at Library B
2 - Sign in at Library A
3 - Browse to Circulation->Transfers
4 - Attempt to transfer an item on the title with the hold to Library B
5 - You get a notice that hold was found (missing patron/branch info)
6 - You have the option to set the hold waiting - click it
7 - The transfer is generated and marked completed
8 - The hold is marked as waiting, but the item is still at Library A and no transfer is active
9 - The patron is notified that the hold is waiting
10 - Revert the hold or cancel and place a new one
11 - Apply patches
12 - Attempt transfer again
13 - You now have the option to transfer the hold
14 - Click that
15 - Hold is in transit and transfer is generated correctly
16 - Transfer again and choose 'cancel'
17 - Confirm hold is cancelled and transfer generated
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Petro Vashchuk [Thu, 20 May 2021 13:12:18 +0000 (16:12 +0300)]
Bug 28204: Fix table highlighting on the items table
Fix table highlighting at
/cgi-bin/koha/cataloguing/additem.pl?biblionumber=XXXX
Every odd row of the table didn't get highlighted with the yellow color
when you tried to edit it previously, this patch fixes that.
That happened because every odd row had different coloring style that
was overwriting yellow highlight.
How to reproduce:
1) Head over to the
/cgi-bin/koha/cataloguing/additem.pl?biblionumber=XXXX,
where XXXX is id of some bilbio record that has more than one
biblio item.
2) Press the "Action" button of the first (or any other odd numbered)
biblion item, and from the dropdown menu select "edit" option.
3) Notice that it doesn't highlight it with yellow color.
4) Now do the same but with second biblio item (or any even numbered
item).
5) Notice that it highlights it with the yellow color.
6) Apply the patch. Do yarn build to compile css.
7) Make sure that every row of the table that you edit gets properly
highlighted with the yellow color.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
JD Amended commit title
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28171: Restore previous sorting behaviour for Serial enumchron column
Before Bug 27980 the sorting was done either by item's publisheddate
if it existed in at least one item. If it didn't exist then the
sorting was done using "h - Serial Enumeration / chronology"
field. This restores this sorting functionality in catalogue/detail.pl
page.
To test:
1. Create a serial subscription for a biblio, make sure to enable the
option "Create an item record when receiving this serial"
2. Receive two serials, so that they have different received dates
and check that the items are now created to the biblio
3. Add now two additional items with one having "A" and other having
"B" in the "h - Serial Enumeration / chronology" field.
4. Try sorting and notice the items with publisheddate are being
sorted and ones without stay in the order they happened to be
5. Remove the items with publisheddate and notice that now items with
"A" and "B" get sorted correctly
Signed-off-by: Christian Nelson <christian.nelson@tritonia.fi> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Christian Nelson <christian.nelson@tritonia.fi> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 18 May 2021 07:41:40 +0000 (09:41 +0200)]
Bug 28353: Display a list of items that cannot be deleted
We used to display a list of items that cannot be deleted (checked out
or on hold) on the Batch item deletion tool.
With bug 8132 we improve the error handling, but the info is spread in
the table.
This patch adds, at the top of the page, the list of items (barcode)
that cannot be removed.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28496: Club holds pickup locations don't come from the API
This patch fixes a issue that is generated by the fact different inputs
were reusing the same id.
To test:
1. Have a club with some enrollments
2. Make sure you have your circ rules to allow any library be a pickup
location.
3. Search for a biblio
4. Try placing a club hold
=> FAIL: The dropdown only has the (currently) logged in library.
5. Apply this patch
6. Repeat 3-4
=> SUCCESS: The dropdown has all the options
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Fri, 28 May 2021 12:02:19 +0000 (12:02 +0000)]
Bug 28482: Refresh line from DB to get stored value
Before checking if the amount is 0 we get the stored value from the DB. This
ensures any amounts beyond the 6 digit precision we store will be removed.
To test:
1 - Add a processing fee of 15 to an itemtype
2 - Add an item of that type, set the replacement fee to 12.63
3 - Set MarkLostItemsAsReturned to 'On payment' only
4 - Set WhenLostChargeReplacementFee to 'Charge'
5 - Checkout the item to a patron
6 - Mark the item lost
7 - Reload patron and confirm they are charged 27.63
8 - Go to accounting, pay amount, pay 27.63
9 - Item is still lost and not returned
10 - Apply patch
11 - Checkin the item
12 - Checkout to another patron
13 - Mark lost
14 - Patron charged 27.63
15 - Pay amount, 27.63
16 - Item returned!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Fri, 28 May 2021 12:02:09 +0000 (12:02 +0000)]
Bug 28482: Unit test
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Andrew Nugged [Fri, 28 May 2021 10:36:45 +0000 (13:36 +0300)]
Add and fix few messages in second plural form for pl, be, ru languages
Fixed missed "singular" message which had word "one" instead of "{count}" for uk and ru because it should be used not only for "1" but also for "21, 31, ...".
Add formula for 2/3 form for Russian (Plural-Forms:...)
and Belarusian and Ukrainian formulas normalized to be the same for all three languages
This patch fixes the value of a hidden input that was mistakenly
changed and prevents search all headings from working.
To test:
1. Open the authorities section in the OPAC
2. Choose the 'Search all headings' tab
3. Search for 'a'
=> FAIL: No results
4. Empty the search box, and make sure 'Search all headings' is selected
=> SUCCESS: There are authority records
5. Apply this patch
6. Reload the page
7. Retry 3 and 4
=> SUCCESS: Searching is back!
8. Sign off :-D
Sponsored-by: Asociación Latinoamericana de Integración Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28364: Make log4perl.conf belong to the instance user
This patch makes koha-create generate the log4perl.conf file for the
instance, belonging to the instance user. This is done in order to have
the z3950 responder work.
My original idea was to make the responder accept a '-g' parameter but
that is not supported by Net::Z3950::Responder. Also, as the library
insists on handling the PID file on its own, it wont' work to handle the
responsability to start-stop-daemon. The only solution I found was
making the fiel be owned by the instance user.
1. Create a Koha instance:
$ koha-create --create-db test
2. Initiate all the things
3. Enable and start the z3950 responder
$ koha-z3950-responder --enable test
$ koha-z3950-responder --start test
4. Try doing some search:
$ yaz-client localhost:2100
=> FAIL: you get:
Connecting...OK.
Sent initrequest.
Target closed connection
Z> quit
See you later, alligator.
=> FAIL: No warning or anything on the logs
5. Stop the daemon
$ koha-z3950-responder --stop test
6. Run it manually:
$ PERL5LIB=/usr/share/koha/lib KOHA_CONF=/etc/koha/sites/test/koha-conf.xml \
/usr/bin/perl /usr/share/koha/bin/z3950_responder.pl \
-c /etc/koha/sites/test/z3950 -u test-koha \
-p /var/run/koha/test/z3950-responder.pid -d test-koha-z3950
7. Repeat the 4, on a separate terminal (no daemon mode this time)
=> FAIL: You get:
Cannot open /etc/koha/sites/test/log4perl.conf (Permission denied) at /usr/share/perl5/Log/Log4perl/Config/BaseConfigurator.pm line 51.
8. Change the file owner:
$ chown test-koha /etc/koha/sites/test/log4perl.conf
9. Repeat 6, and 4
=> SUCCESS: It doesn't break anymore!
10. Apply this patch
11. Create a new instance, with the patched koha-create:
$ debian/scripts/koha-create --create-db test1
12: Check the generated files permissions:
$ ls -l /etc/koha/sites/test2
=> SUCCESS: You get:
-rw-r----- 1 root test2-koha 19720 May 17 13:26 koha-conf.xml
-rw-r----- 1 test2-koha test2-koha 2825 May 17 13:26 log4perl.conf
-rw-r----- 1 root test2-koha 2014 May 17 13:26 zebra-authorities-dom.cfg
-rw-r----- 1 root test2-koha 2279 May 17 13:26 zebra-biblios-dom.cfg
-rw-r----- 1 root test2-koha 26 May 17 13:26 zebra.passwd
13. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Ere Maijala <ere.maijala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a 'summary' entry to all routes and verbs. This way,
ReDoc will display a human-friendly description of the route, instead of
the operationId.
To test, repeat the testing steps in the previous patch, and notice that
we now have good descriptions.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch starts the work of curating the spec documentation-related
aspects. It doesn't involve any functional change on the API, just
labels (used to render docs) and some descriptions basis is added.
- A top level 'tags' entry is added to swagger.yaml.
- The 'name' attribute is left with double quotes. This is on purpose,
to differentiate from 'x-displayName' which is the actual text to be
displayer and should be handled by documentation folks, not us, devs
:-D
- I add a very limited 'description' attribute there. It is the top
level description of the section. For example the description for the
'Biblios' section is 'Manage bibliographic records'. As it expects
Markdown, anything we want can be added there.
- Some labels have been tweaked in paths, to rollback the decision of
making the labels in paths more end-user friendly. We don't want them
to be typed much, and I picked what we use the most: snake_case.
- The order in which things are displayed, is the one we specified on
the swagger.yaml file. The 'batch import profiles' one is left at the
bottom on purpose. But this is subject to discussion. As a general
rule, I put them all in alphabetical order (on the x-displayName label
I mean).
I submit early before family duties so others can pick where I left in
the morning. So:
TODO:
- I'm not sure what's best for Advanced editor macros. My bet is we
should define a 'Macros' label, and use a summary on the routes
themselves to specify this are not just 'macros', but advanced editor
macros. Look at the return claims paths to understand how I propose to
use the 'summary' attribtue.
- I understand how we use 'rotas', but someone more familiar with the
terminology,... please... step in.
- Related to the first item here, we need to add summary to all routes,
so ReDoc doesn't display the operationId anymore. Again, I put an
example in Return claims that we can follow.
To test:
1. Have KTD running
2. Open your browser at:
http://localhost:/8080/api/v1/
3. Save the page as spec.json in some known dir
4. Go to that dir and run:
$ docker run -it --rm -p 8083:80 \
-v $(pwd)/spec.json:/usr/share/nginx/html/swagger.json \
-e SPEC_URL=swagger.json redocly/redoc
5. Open your browser at
http://localhost:8083
=> SUCCESS: You see the docs
6. Look at the list of 'categories' on the left
=> FAIL: They look a bit weird
7. Apply this patch
8. Ctrl+c on the terminal running docker
9. Reload plack
10. Repeat 2 through 6
=> SUCCESS: Wow, things look better!
11. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 27 May 2021 12:25:11 +0000 (14:25 +0200)]
Bug 26734: Rename activethemes with availablethemes
There was an existing call to $self->activethemes that behave as setter:
85 $self->activethemes($activethemes);
I am not sure what are the side-effects but it does not look good.
It caused warning in the logs:
Use of uninitialized value $interface in string eq at /kohadevbox/koha/C4/Templates.pm line 279.
Use of uninitialized value $interface in string eq at /kohadevbox/koha/C4/Templates.pm line 280.
Use of uninitialized value $interface in string eq at /kohadevbox/koha/C4/Templates.pm line 282.
Use of uninitialized value $lang in concatenation (.) or string at /kohadevbox/koha/C4/Templates.pm line 296.
Use of uninitialized value $lang in concatenation (.) or string at /kohadevbox/koha/C4/Templates.pm line 296.
Use of uninitialized value $lang in concatenation (.) or string at /kohadevbox/koha/C4/Templates.pm line 296
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Mon, 15 Mar 2021 14:07:26 +0000 (14:07 +0000)]
Bug 27899: Missing description for libraryNotPickupLocation on request.pl
This patch adds text to the holds template in the staff client so that
if a particular item is at a library which isn't a hold location the
error message is descriptive.
To test, apply the patch and go to Administration -> Libraries.
- Change one of your libraries so that "Pickup location" is set to
"No."
- Locate a title in the catalog which has an item at that location.
- The "pick up at" list will exclude the library so and additional steps
must be taken to get the message
- Select a patron and set their library to the one we can't pick up at.
- Start the process of placing a hold on the title.
- After selecting the patron to place the hold for, look at the table of
items under "Place a hold on a specific item."
- The item located at the library you modified should show an error
message in the "Hold" column, "Library is not a pickup location."
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Tue, 25 May 2021 12:59:31 +0000 (13:59 +0100)]
Bug 28442: Fix 'accessibility_advocate' for current release
The accessibility_advocate block was positioned incorrectly so wasn't
appearing properly for the current stable releases, only the
development/maintainter block.
This patch fixes that issue
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Tue, 25 May 2021 08:29:48 +0000 (09:29 +0100)]
Bug 28442: Update template for new roles
We have multiple accessibility advocates this cycle, so we needed to
adapt the template. I've also added the meeting facilitator as a case
but not added to the team block as a whole.. seeking opinions, perhaps
wait and see if it lasts more than a cycle before adding it fully?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Tue, 18 May 2021 14:57:29 +0000 (15:57 +0100)]
Bug 28368: Add fallback language for anonymous payment receipts
This adds a fallback for when a payment is made anonymously to allow
printing a receipt in the staff members current session language.
Test plan
1. Set `EnablePointOfSale` and `UseCashRegisters`
2. Add new cash register`
3. New debit type that 'can be sold'
4. Make a sale (via Point of Sale) using the above debit type.
5. Attempt to 'print receipt' from the subsequent prompt
6. Not the ISE: Can't call method "lang"
7. Apply patch
8. Attempt to 'print receipt' again, this time it should work.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 25 May 2021 07:20:45 +0000 (09:20 +0200)]
Bug 28158: Remove additional backgroundjob related code
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 24 May 2021 14:53:48 +0000 (16:53 +0200)]
Bug 28158: Remove backgroundjob from batchMod
== Test plan ==
1 - In the default framework make sure the 952$1 is visible in opac & catalog & editor
2 - Set WhenLostChargeReplacementFee to charge
3 - Set MarkLostitemsAsReturned to return from batch modification
4 - Find/edit an item with a replacement cost
5 - Check out the item to a patron
6 - Batch modify the item
7 - Set the lost status
8 - Item is not returned or charged
9 - with the patch, it is
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Thu, 17 Sep 2020 18:34:21 +0000 (18:34 +0000)]
Bug 15720: Add connexion user and password options to connexion daemon
Currently the connexion daemon does not utilize the user and password passed in the requests, it expects a
user and password to be defined in the config file and for that user to be a valid Koha user with
cataloging permissions.
With that user in place all requests to the daemon are authorized.
As the connections are over TCP we allow defining a new connexion user and password to protect Koha account information.
If not defined current behaviour is preserved. Connexion user and password must both be set it either is set.
To test:
1 - Create connexion file and save on the Koha serve
2 - perl misc/bin/connexion_import_daemon.pl -c /kohadevbox/koha/connexion.cnf
3 - Ensure the user specified above (connexuser) exists and has edit catalogue permissions
4 - In another terminal make a request to the server:
echo -en 'U6turtleA9connexionP5shell00024 a62clear00024 4500' | nc -v localhost 8888
5 - The request should succeed and record added to batch (probably the import fails, but not important)
6 - Add to config file
connexion_user:conuser
7 - Stop and restart the daemon - it should fail on missing connexion_password
8 - Comment out connexion_user and add
connexion_password:conpass
9 - Stop and restart daemon, it fails on missing connexion_user
10 - Uncomment the user and restart
11 - Make another request
echo -en 'U6turtleA9connexionP5shell00024 a62clear00024 4500' | nc -v localhost 8888
12 - It fails 'Unauthorized request'
13 - Make another request
echo -en 'U7conuserA9connexionP7conpass00024 a62clear00024 4500' | nc -v localhost 8888
14 - It succeeds!
Signed-off-by: Allison Blanning <ablanning@hotchkiss.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 17 Mar 2021 10:38:47 +0000 (11:38 +0100)]
Bug 27942: Prevent XSS vulnerabilities in quote-upload
When uploading new quotes the JS variables are not escaped correctly.
Test plan:
Create a new file with the following content (remove the first and last lines containing """):
"""
":this is a source","this is a text"
"this is another ❤one","and another text❤"
"this <script>alert('foo');</script>","and <script>alert('❤');</script>"
"""
Go to Home › Tools › Quote editor
Click Import quote
Select the file
Edit the third line, hit enter
Import quotes
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 20 May 2021 06:34:48 +0000 (08:34 +0200)]
Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl
== Test plan ==
1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
2. Note that you are redirected to another website
3. Apply the patch & restart services
4. Repeat the above and you are not redirected
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 25 May 2021 08:34:49 +0000 (10:34 +0200)]
Bug 28385: Use ldapserver only if exists
Fix test
t/db_dependent/Auth_with_ldap.t .. 1/4
# Failed test 'use C4::Auth_with_ldap;'
# at t/db_dependent/Auth_with_ldap.t line 123.
# Tried to use 'C4::Auth_with_ldap'.
# Error: No ldapserver "id="ldapserver"" defined in KOHA_CONF: /etc/koha/sites/kohadev/koha-conf.xml at /kohadevbox/koha/C4/Auth_with_ldap.pm line 55.
# Compilation failed in require at t/db_dependent/Auth_with_ldap.t line 123.
# BEGIN failed--compilation aborted at t/db_dependent/Auth_with_ldap.t line 123.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28385: ldap server configuration broken since migration from XML::Simple
Bug 28278 removed usage of XML::Simple which had side-affect that
C4::Context->config("ldapserver") returns one more level of hash
based on id of element, so ldap configuration was no longer
available generating error in log:
No ldapserver "hostname" defined in KOHA_CONF: /etc/koha/sites/srvgit/koha-conf.xml
which is very confusing since hostname is there, but we are looking
at wrong place for it.
== Test plan ==
1. Setup an LDAP server with users or use a public one
See https://wiki.koha-community.org/wiki/Ldap_testing
2. Configure Koha to use it, see example config above
3. Go to OPAC
4. Koha doesn't compile due to LDAP config not parsed correctly
5. Apply the patch
6. Koha compiles and page loads
7. Log in successfully with one of the LDAP users
8. Bonus: Try to log-in with a wrong username & a good password and
vice-versa
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The way labels are used with RedDoc, we need to tidy them better. We
should do it with all the routes, but this one is specially noisy on the
UI.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 19 May 2021 09:10:25 +0000 (11:10 +0200)]
Bug 28386: Add history_notes
The "developer" lines of history.txt will be regenerated using the git
history so we need to add this as a separate info.
See the release_tools changes for more info
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 19 May 2021 06:09:45 +0000 (08:09 +0200)]
Bug 28386: Remove unknown authors
Those 3 authors are not in the git history, we should remove them from
the author list.
However we could re-add them to the contributor list with a note saying
for instance they were part of the Catalyst Academy (need to double
check that first)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28369: (QA follow-up) Restore PUT with deprecation message
This patch restores the PUT route, but adding a deprecation message. The
controller method is the same, and relevant patch tests are duplicated
but calling PUT, so it still gets tested.
To test:
1. Apply this patch
2. Reload plack
3. Open https://<>/api/v1/.html and find the PUT /holds/{hold_id} route
=> SUCCESS: There's a deprecation wargning!
4. Run:
$ kshell
k$ prove t/db_dependent/api/v1/holds.t
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28369: Set additionalProperties: false and fix things
This patch performs a cleanup on the holds routes:
- It adds additionalProperties: false to all missing routes
- It syncs the spec with the guidelines
- additionalProperties: false highlighted some attributes read in the
controlled weren't declared on the spec, adding them
- PUT /holds/:hold_id is moved to PATCH, as it makes more sense and
gathered opinions lean towards that
To test:
1. Apply the tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/holds.t
=> FAIL: Lots of things are wrong with the API
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch rewrites the tests, and also doesn't enforce
additionalProperties to be false. We could need it, and there are routes
that need to be reviewed that would break otherwise now: error.json, for
example, is used everywhere, and some routes add some payload to it.
The main change this patch introduces is using the resolved spec instead
of finding each .json file, which wasn't even correct as we have .yaml
files already. Parameters and responses are tested.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove xt/api.t
=> SUCCESS: Tests fail! A nice report on the failures is printed
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28370: Add missing additionalProperties in spec
This patch adds missing attribute to the object definitions in the spec.
We wrongly supposed it was the default, but it proved not.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1
=> SUCCESS: Tests pass, nothing breaks!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28424: (follow-up) Do not create account lines manually
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the route follow the coding guidelines and thus:
- Return the generated object
- Use the status code 201 for the response
To test:
1. Apply the tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_accounts.t
=> FAIL: Tests fail. The reponse body and status is incorrect
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28273: Add form validation for pickup locations
This patch introduces validation on the new pickup locations column.
This way, if a selected title doesn't have a pickup location set, it
will prevent form submission and a suitable error message will pop-up.
To test:
1. Apply this patch
2. Attempt to place multi-title level holds
3. Make sure some selected titles don't have the pickup location set
4. Submit
=> SUCCESS: Form submission halts, an idiomatic error message shows.
5. Unselect all biblios and repeat 4
=> SUCCESS: You are not allowed to proceed, a message is displayed.
6. Have all selected titles set a pickup location, submit
=> SUCCESS: Holds are placed as they should.
7. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 28273: Multi-hold should not offer invalid pickup locations
This patch makes the multi-hold page offer only valid pickup locations
for the selected biblios. Prior to this, all system-wide pickup
locations were offered.
To test:
1. Set 'Hold pickup library match' to 'Item's home branch' so we put a
constraint on the valid pickup locations for easier testing.
2. Choose two or more biblios from a search, which contain in total 2
or 3 item home branches.
3. Click 'Place hold'
4. Choose a patron
=> FAIL: The dropdown offers all system's pickup locations
5. Apply this patches
6. Reload the page
=> SUCCESS: Only valid pickup locations are offered
7. Sign off :-D
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Thu, 13 May 2021 15:17:29 +0000 (15:17 +0000)]
Bug 16785: Remove Autocomplete from overdues report filter
This patch removes code and markup related to an autocomplete input
field in the overdues report filter. The autocomplete was intended
to enable easy entry of patron attributes, but it's simpler to use a
Select2-styled <select>
The patch removes circ/ypattrodue-attr-search-authvalue.pl, which was
only used on this page and is now obsolete.
To test, apply the patch and create at least one patron attribute type
which is linked to an authorized value:
- Administration -> Authorized values -> New category
- Create a new category to test with
- Add multiple authorized values under this category
- Administration -> Patron attribute types -> New patron attribute
type.
- Create an attribute which is linked to the authorized value
category you created AND which is marked "Searchable."
- Go to Circulation -> Overdues.
- In the sidebar filter you should see your patron attribute as an
option, styled as a Select2 dropdown.
- Clicking the dropdown should trigger a list of the authorized
values you created above.
- Test that the search field at the top of the list works correctly
to filter the results.
- Test that any repeatable attribute field can be cloned by clicking
the "Add" link, and that cloned fields can be removed using the
"Delete" links.
- Test that cloned fields remain in place after submitting the fitler
form, and that any selected entry in a Select2 widget is
preselected.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Wed, 19 May 2021 15:43:47 +0000 (16:43 +0100)]
Bug 28272: (QA follow-up) Add 'manager' to cashups definition
The embeddable 'manager' relation field was missing from the
specification file and as such calls using this embed would result in a
500 error since we introduced 'additionalProperties: false'.
Test plan
1/ Enable 'UseCashRegisters'
2/ Navigate to the register details page
3/ Inspect the network traffic and note a 500 error on the cashups api
call
4/ Apply the patch
5/ The 500 should have gone away and been replaced with an empty
resultset 200 page.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Fri, 14 May 2021 10:15:58 +0000 (11:15 +0100)]
Bug 28187: Exclude dtrg-group from row striping.
The odd row lowlighting stripe effect added to datatales wasn't
accounting for classes introduced by the rowGroup plugin to denote
grouping header rows. This patch adds the required exclusion rule to
properly highlight rowGroup grouping rows.
Test plan
1/ Enable POS
2/ Create a register and make some transactions.
3/ Have both debits and credits
4/ Have some older tranactions so you can look at the past_sales table.
5/ Apply patch and regenerate the staff CSS:
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_interface)
6/ Look at the sales and past_sales table.
7/ Make sure each row header is the darker shade of gray (#e0e0e0)
7a/ You will need to have made some transactions with even and odd
numbers of items in the sale highlight the problem before applying the
patch
7b/ The rowGroup plugin is also used for the checkouts table and
this patch should also fix that case.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Wed, 28 Apr 2021 17:56:11 +0000 (17:56 +0000)]
Bug 28255: Follow up to bug 23463 - use item_object in misc/cronjobs/delete_items.pl
This looks like just an assumption that the $item variable was an object
Correct the code to use $item_object
To test:
1 - perl misc/cronjobs/delete_items.pl -where="barcode LIKE '%8'" --commit --verbose
2 - Can't call method "safe_delete" on unblessed reference at /usr/share/koha/bin/cronjobs/delete_items.pl line 67.
3 - Apply patch
4 - Repeat
5 - Success! You deleted a bunch of items
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Tue, 11 May 2021 11:08:17 +0000 (11:08 +0000)]
Bug 27837: (follow-up) Do not check subfield unless tag defined
This was causing extra warnings when the permanent_location field was
unmapped.
We only need to check if there is a field defined as you can define a mapping
without both a field and subfield, so the existence of one implies the other
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Thu, 6 May 2021 13:09:03 +0000 (09:09 -0400)]
Bug 27837: Always pass permanent location from items editor if it was defined
By always passing permenent location from the items editor, we can know
if permanent location was defined in the framework. This means we can
know if we should update permanent location independently of location
even if permenent location has an empty value.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>