]> git.koha-community.org Git - koha.git/log
koha.git
6 years agoBug 20624: Net::OAuth2::AuthorizationServer is not a hard dependency
Tomas Cohen Arazi [Tue, 8 May 2018 17:58:55 +0000 (14:58 -0300)]
Bug 20624: Net::OAuth2::AuthorizationServer is not a hard dependency

While we get packaging sorted, Net::OAuth2::AuthorizationServer is not a
hard dependency for Koha and the feature requiring it is disabled by
default.

This patch:
- Makes the dependency optional
- Makes the unit tests for the OAuth2 client credentials flow skip if
  the dependency is not met.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20624: (QA follow-up) Add missing POD in Koha::REST::V1::OAuth
Tomas Cohen Arazi [Mon, 7 May 2018 14:57:59 +0000 (11:57 -0300)]
Bug 20624: (QA follow-up) Add missing POD in Koha::REST::V1::OAuth

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20624: (QA follow-up) Handle missing deps gracefuly
Tomas Cohen Arazi [Thu, 3 May 2018 18:29:22 +0000 (15:29 -0300)]
Bug 20624: (QA follow-up) Handle missing deps gracefuly

This patch makes the /token endpoint and the authenticate_api_request
method behave correctly in the event of missing deps for OAuth2.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: The behaviour is not implemented
- Apply this patch
- Run:
 k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20624: (QA follow-up) Unit tests for missing deps situation
Tomas Cohen Arazi [Thu, 3 May 2018 18:24:56 +0000 (15:24 -0300)]
Bug 20624: (QA follow-up) Unit tests for missing deps situation

This patch tests the situation in which Net::OAuth2::AuthorizationServer
is missing. It mocks Module::Load::Conditional::can_load and expects the
/token endpoint answers 'Unimplemented grant type' to all requests, and
the 'authenticate_api_request' in 'under' exit with unauthorized (403)
to requests in which the Authorization header is passed containing a
Bearer token, but OAuth2 is not really available.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because our REST endpoints don't support this
behaviour.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20624: Make staff client respect RESTOAuth2ClientCredentials
Tomas Cohen Arazi [Wed, 2 May 2018 18:55:31 +0000 (15:55 -0300)]
Bug 20624: Make staff client respect RESTOAuth2ClientCredentials

This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.

To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20624: Make /api/v1/oauth/token respect RESTOAuth2ClientCredentials
Tomas Cohen Arazi [Wed, 2 May 2018 18:51:38 +0000 (15:51 -0300)]
Bug 20624: Make /api/v1/oauth/token respect RESTOAuth2ClientCredentials

This patch makes the /api/v1/oauth/token enpoint respect the
RESTOAuth2ClientCredentials syspref. It will return 400 (with
'Unimplemented grant type' error message) on the event of the syspref
being disabled and the grant_type => 'client_credentials' value passed.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: It fails because the off-switch is not implemented
- Apply this patch
- Run:
  k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20624: Unit tests
Tomas Cohen Arazi [Wed, 2 May 2018 18:21:53 +0000 (15:21 -0300)]
Bug 20624: Unit tests

This patch adds tests to verify that disabling the RESTOAuth2ClientCredentials syspref
makes any request on the /api/v1/oauth/token using the
'client_credentials' grant fail with 'grant not implemented'.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because the change is not implemented!

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20624: Add RESTOAuth2ClientCredentials syspref
Tomas Cohen Arazi [Wed, 2 May 2018 14:20:37 +0000 (11:20 -0300)]
Bug 20624: Add RESTOAuth2ClientCredentials syspref

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20612: (QA follow-up) Fix typo in method POD
Tomas Cohen Arazi [Thu, 3 May 2018 18:53:16 +0000 (15:53 -0300)]
Bug 20612: (QA follow-up) Fix typo in method POD

As Martin correctly highlighted, the method name is not correctly
spelled in POD. This patch fixes it.

To test:
- Look carefully
=> FAIL: Method name is _verify_client_cb but POD says _verify_client_db
- Apply this patch
- Look carefully
=> SUCCESS: Notice the POD is fixed!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20612: koha-conf.xml cleanup
Tomas Cohen Arazi [Wed, 18 Apr 2018 16:40:13 +0000 (13:40 -0300)]
Bug 20612: koha-conf.xml cleanup

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20612: Make OAuth2 use patron's client_id/secret pairs
Tomas Cohen Arazi [Wed, 18 Apr 2018 16:34:18 +0000 (13:34 -0300)]
Bug 20612: Make OAuth2 use patron's client_id/secret pairs

This patch wires the OAuth related code so it leverages on the new
Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the
hardcoded entries in koha-conf.xml originally proposed by bug 20402.

To test revisit the test plan for bug 20402, and verify that it works.
But create API key pairs instead of writing them down in koha-conf.xml.
Also:
- Run:
  $ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D

Sponsored-by: ByWater Solutions
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20612: Unit tests
Tomas Cohen Arazi [Wed, 18 Apr 2018 16:32:34 +0000 (13:32 -0300)]
Bug 20612: Unit tests

This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s)
classes. It adds tests for expired tokens too.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests should fail without the rest of the patches.

Sponsored-by: ByWater Solutions
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: DBRev 17.12.00.043
Jonathan Druart [Tue, 8 May 2018 19:06:22 +0000 (16:06 -0300)]
Bug 20568: DBRev 17.12.00.043

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: fix shebang
Jonathan Druart [Tue, 8 May 2018 19:27:54 +0000 (16:27 -0300)]
Bug 20568: fix shebang

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: Fix bad resolution conflict with bug 18403
Jonathan Druart [Tue, 8 May 2018 19:15:54 +0000 (16:15 -0300)]
Bug 20568: Fix bad resolution conflict with bug 18403

borrowers module permission has now several subpermissions

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: (QA follow-up) Remove unused vars
Tomas Cohen Arazi [Thu, 3 May 2018 18:51:15 +0000 (15:51 -0300)]
Bug 20568: (QA follow-up) Remove unused vars

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: (QA follow-up) Remove api-key management from OPAC
Tomas Cohen Arazi [Wed, 2 May 2018 14:05:05 +0000 (11:05 -0300)]
Bug 20568: (QA follow-up) Remove api-key management from OPAC

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: CSRF protection
Tomas Cohen Arazi [Wed, 18 Apr 2018 17:38:02 +0000 (14:38 -0300)]
Bug 20568: CSRF protection

Edit: fix warning introduced by this patch

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: (QA follow-up) Get rid of the id column
Tomas Cohen Arazi [Sat, 14 Apr 2018 17:50:23 +0000 (14:50 -0300)]
Bug 20568: (QA follow-up) Get rid of the id column

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: (QA follow-up) Make sure client_id and secret are not overwritten on store
Tomas Cohen Arazi [Wed, 18 Apr 2018 16:56:28 +0000 (13:56 -0300)]
Bug 20568: (QA follow-up) Make sure client_id and secret are not overwritten on store

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: (QA follow-up) Test client_id and secret are not overwritten
Tomas Cohen Arazi [Wed, 18 Apr 2018 16:56:00 +0000 (13:56 -0300)]
Bug 20568: (QA follow-up) Test client_id and secret are not overwritten

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: (follow-up) Atomic update fix
Tomas Cohen Arazi [Wed, 18 Apr 2018 13:55:43 +0000 (10:55 -0300)]
Bug 20568: (follow-up) Atomic update fix

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: Move value => client_id + secret
Tomas Cohen Arazi [Mon, 16 Apr 2018 19:04:26 +0000 (16:04 -0300)]
Bug 20568: Move value => client_id + secret

This patch addresses the request from Julian that api keys are expected
to be client id/secret pairs.

It does so by
- Adding 'client_id' and 'secret' columns
- Removing 'value'

Tests got adjusted and so controller scripts and templates.
Both libs and tests changes have been squashed. This ones remain in
order to keep Owen's attribution on the template changes and avoid
rebase conflicts.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: (follow-up) Interface and markup changes
Owen Leonard [Mon, 16 Apr 2018 15:23:50 +0000 (15:23 +0000)]
Bug 20568: (follow-up) Interface and markup changes

This patch makes some interface changes to bring things better in line
with existing interface patterns. This patch also re-indents the
modified templates with 4 spaces instead of 2 and makes <input>s
self-closing.

Also changed: Corrected system preference check in opac-apikeys.pl.

To test, apply the patch and:

In the staff client:

 - Open a patron record and choose More -> Manage API keys.
   - There should be a standard message dialog containing a link to
     "Generate a new key."
     - Clicking the link should show the form for adding a new key.
     - Test that clicking the "Cancel" link hides the form.
     - Test that creating the new key works correctly.
   - You should now see a table showing existing keys and a "Generate a
     new key" button above it.
     - Test that the "Delete" button asks for confirmation, and that
       confirming and denying both work correctly.
     - Test that "Revoke" and "Activate" actions still work correctly.

In the OPAC:

 - Set the AllowPatronsManageAPIKeysInOPAC system preference to "Allow."
 - Log in to the OPAC and click the "your API keys" link in the sidebar.
   - Clicking the "Generate new key" button should display the form for
     adding a new key.
     - Clicking the "cancel" link should hide the form.
     - Submitting the form should add a new key.
   - You should now see a table showing existing keys.
     - Test that the "Delete" link asks for confirmation, and that
       confirming and denying both work correctly.
     - Test that "Revoke" and "Activate" actions still work correctly.
 - Set the AllowPatronsManageAPIKeysInOPAC system preference to "Don't
   allow."
   - Log in to the OPAC and confirm that the "your API keys" link in the
     sidebar is no longer visible.
     - Confirm that navigating directly to /cgi-bin/koha/opac-apikeys.pl
       results in a 404 error.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: API key management for OPAC users
Tomas Cohen Arazi [Sat, 14 Apr 2018 20:38:03 +0000 (17:38 -0300)]
Bug 20568: API key management for OPAC users

This patch makes the OPAC interface for API keys management work
with the new lib. Verify all actions work for a logged user.

Users without login should be redirected to an error page.

The AllowPatronsManageAPIKeysInOPAC syspref is added to control if the
OPAC feature is enabled or not.

To test:
- Verify the syspref works
- Verify users can manage their API keys

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: Unit tests
Tomas Cohen Arazi [Sat, 14 Apr 2018 20:37:56 +0000 (17:37 -0300)]
Bug 20568: Unit tests

This patch adds unit tests for the introduced classes: Koha::ApiKey(s).

To test:
- Apply this patch
- Run
  $ kshell
 k$ prove t/db_dependent/Koha/ApiKeys.t
=> FAIL: Tests fail because the feature is not implemented.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: Add mandatory description field for api keys
Tomas Cohen Arazi [Thu, 12 Apr 2018 17:38:47 +0000 (14:38 -0300)]
Bug 20568: Add mandatory description field for api keys

This patch changes the table structure adding fields usually found on
this kind of api management pages.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20568: API keys management in interface
Julian Maurice [Mon, 23 Mar 2015 19:14:23 +0000 (20:14 +0100)]
Bug 20568: API keys management in interface

This introduces the concept of API keys for use in the new REST API.
A key is a string of 32 alphanumerical characters (32 is purely
arbitrary, it can be changed easily).
A user can have multiple keys (unlimited at the moment)
Keys can be generated automatically, and then we have the possibility to
delete or revoke each one individually.

Test plan:
1/ Go to staff interface
2/ Go to a borrower page
3/ In toolbar, click on More -> Manage API keys
4/ Click on "Generate new key" multiple times, check that they are
   correctly displayed under the button, and they are active by default
5/ Revoke some keys, check that they are not active anymore
6/ Delete some keys, check that they disappear from table
7/ Go to opac interface, log in
8/ In your user account pages, you now have a new tab to the left "your
   API keys". Click on it.
9/ Repeat steps 4-6

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Update DBIX schema
Jonathan Druart [Wed, 9 May 2018 15:54:57 +0000 (12:54 -0300)]
Bug 20402: Update DBIX schema

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: DBRev 17.12.00.042
Jonathan Druart [Tue, 8 May 2018 19:05:04 +0000 (16:05 -0300)]
Bug 20402: DBRev 17.12.00.042

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: only output if verbose flag is set
Jonathan Druart [Tue, 8 May 2018 19:44:42 +0000 (16:44 -0300)]
Bug 20402: only output if verbose flag is set

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Remove useless call to Koha::OAuthAccessTokens->search
Julian Maurice [Fri, 20 Apr 2018 08:37:37 +0000 (10:37 +0200)]
Bug 20402: Remove useless call to Koha::OAuthAccessTokens->search

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Add missing POD
Tomas Cohen Arazi [Tue, 17 Apr 2018 19:23:56 +0000 (16:23 -0300)]
Bug 20402: Add missing POD

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Atomic update and kohastructure.sql fixes
Tomas Cohen Arazi [Tue, 17 Apr 2018 19:23:36 +0000 (16:23 -0300)]
Bug 20402: Atomic update and kohastructure.sql fixes

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Use TestBuilder->build_object in oauth.t
Julian Maurice [Tue, 17 Apr 2018 17:07:47 +0000 (19:07 +0200)]
Bug 20402: Use TestBuilder->build_object in oauth.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Remove dependency on Mojo::Plugin::OAuth2::Server
Julian Maurice [Tue, 17 Apr 2018 17:07:01 +0000 (19:07 +0200)]
Bug 20402: Remove dependency on Mojo::Plugin::OAuth2::Server

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Don't look at cookies if OAuth2 is attempted and has failed
Julian Maurice [Thu, 12 Apr 2018 12:48:58 +0000 (14:48 +0200)]
Bug 20402: Don't look at cookies if OAuth2 is attempted and has failed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Fix oauth.t
Julian Maurice [Thu, 12 Apr 2018 07:17:43 +0000 (09:17 +0200)]
Bug 20402: Fix oauth.t

GET /patrons now requires { "borrowers": 1 } instead of
{ "borrowers": "edit_borrowers" }

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20402: Implement OAuth2 authentication for REST API
Julian Maurice [Tue, 13 Mar 2018 12:17:12 +0000 (13:17 +0100)]
Bug 20402: Implement OAuth2 authentication for REST API

It implements only the "client credentials" flow with no scopes
support. API clients are tied to an existing patron and have the same
permissions as the patron they are tied to.
API Clients are defined in $KOHA_CONF.

Test plan:
0. Install Net::OAuth2::AuthorizationServer 0.16
1. In $KOHA_CONF, add an <api_client> element under <config>:
     <api_client>
       <client_id>$CLIENT_ID</client_id>
       <client_secret>$CLIENT_SECRET</client_secret>
       <patron_id>X</patron_id> <!-- X is an existing borrowernumber -->
     </api_client>
2. Apply patch, run updatedatabase.pl and reload starman
3. Install Firefox extension RESTer [1]
4. In RESTer, go to "Authorization" tab and create a new OAuth2
   configuration:
   - OAuth flow: Client credentials
   - Access Token Request Method: POST
   - Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token
   - Access Token Request Client Authentication: Credentials in request
     body
   - Client ID: $CLIENT_ID
   - Client Secret: $CLIENT_SECRET
5. Click on the newly created configuration to generate a new token
   (which will be valid only for an hour)
6. In RESTer, set HTTP method to GET and url to
   http://$KOHA_URL/api/v1/patrons then click on SEND
   If patron X has permission 'borrowers', it should return 200 OK
   with the list of patrons
   Otherwise it should return 403 with the list of required permissions
   (Please test both cases)
7. Wait an hour (or run the following SQL query:
   UPDATE oauth_access_tokens SET expires = 0) and repeat step 6.
   You should have a 403 Forbidden status, and the token must have been
   removed from the database.
8. Create a bunch of tokens using RESTer, make some of them expires
   using the previous SQL query, and run the following command:
     misc/cronjobs/cleanup_database.pl --oauth-tokens
   Verify that expired tokens were removed, and that the others are
   still there
9. prove t/db_dependent/api/v1/oauth.t

[1] https://addons.mozilla.org/en-US/firefox/addon/rester/

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20525: Add --timezone switch to koha-create
Tomas Cohen Arazi [Thu, 5 Apr 2018 14:07:30 +0000 (11:07 -0300)]
Bug 20525: Add --timezone switch to koha-create

This patch adds a --timezone switch to koha-create so the timezone can
be set on creation time. It defaults to empty (i.e. using the server's
local time).

To test:
- Create an instance:
  $ sudo koha-create --create-db timezone1
=> SUCCESS: /etc/koha/sites/timezone1/koha-conf.xml contains an empty
<timezone> entry.
- Apply this patch
- Run:
  $ perl misc4dev/cp_debian_files.pl
- Create a new instance:
  $ sudo koha-create --create-db timezone2
=> SUCCESS: /etc/koha/sites/timezone2/koha-conf.xml contains an empty
<timezone> entry (i.e. the current behaviour is preserved).
- Create a new instance:
  $ sudo koha-create --create-db --timezone Your/Timezone timezone3
=> SUCCESS: /etc/koha/sites/timezone3/koha-conf.xml contains
    <timezone>Your/Timezone</timezone> (i.e. introduced behaviour works)
- Sign off :-D

Sponsored-by: ByWater Solutions
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20721: (bug 19403 follow-up) Prevent Circulation.t to fail randomly
Jonathan Druart [Mon, 7 May 2018 16:15:34 +0000 (13:15 -0300)]
Bug 20721: (bug 19403 follow-up) Prevent Circulation.t to fail randomly

If items.restricted == 1, CanBookBeIssued will not returned what we are
testing.

The easiest and global fix is to define a default value at TestBuilder
package level

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20531: (follow-up) Set the timestamps to the same value to get a correct order
Jonathan Druart [Mon, 7 May 2018 15:22:40 +0000 (12:22 -0300)]
Bug 20531: (follow-up) Set the timestamps to the same value to get a correct order

There were 2 places where it was failing!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20686: OPAC shows 'Login to OverDrive account' with 'OverDriveCirculation' syspre...
Mason James [Tue, 1 May 2018 01:24:37 +0000 (13:24 +1200)]
Bug 20686: OPAC shows 'Login to OverDrive account' with 'OverDriveCirculation' syspref disabled

ps: you will need an active and working overdrive account to test this patch

1/ prepare a koha with overdrive sysprefs set and working
    (OverDriveLibraryID,OverDriveClientKey,OverDriveClientSecret)

2/ set OverDriveCirculation syspref to 'disable'

3/ do an opac search, note the 'Login to OverDrive account' message is incorrectly displayed
    see pic 1

4/ apply patch

5/ do an opac search, note the 'Login to OverDrive account' message is no longer displayed (good)
    see pic 2

Can confirm that bug is replicable and patch applies and functions as described.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20305: Remove warnings from tools scripts
Jonathan Druart [Tue, 27 Feb 2018 16:37:53 +0000 (13:37 -0300)]
Bug 20305: Remove warnings from tools scripts

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20687: (follow-up) Look for invitekey in show_accept and fix error codes
Marcel de Rooy [Fri, 4 May 2018 06:10:46 +0000 (08:10 +0200)]
Bug 20687: (follow-up) Look for invitekey in show_accept and fix error codes

We should check the invitekey in show_accept by passing it along in the
search call.
On the way I fixed some error checking: if the list number is invalid, or
the list is public or you are the owner, or if the key is not found, we
should set the right error code; the template contains those messages.

Test plan:
[1] Share a list and accept a correct invitation with another user.
[2] Try to accept some invalid proposals: wrong key, wrong list.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested invalid key, wrong list, owner, public list, expiry.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20687: Check all share keys for a given list
Nick Clemens [Tue, 1 May 2018 13:47:18 +0000 (13:47 +0000)]
Bug 20687: Check all share keys for a given list

This patch gets all the shares for a list and iterates through to find
the correct one when accepting from a link

To test:
1 - Create a private list in the opac
2 - Invite 2 patrons to the list
3 - Try to accept from the patron you first shared to
4 - You will get a failure message about expiration of the link
5 - Apply patch
6 - Now try to accept the first share
7 - It works! Success!

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20284: Fix minor compilation errors
Tomas Cohen Arazi [Fri, 4 May 2018 15:30:55 +0000 (12:30 -0300)]
Bug 20284: Fix minor compilation errors

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20284: (QA follow-up) superlibrarian has ill permissions
Tomas Cohen Arazi [Fri, 4 May 2018 15:26:39 +0000 (12:26 -0300)]
Bug 20284: (QA follow-up) superlibrarian has ill permissions

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20284: (follow-up) Added missing 'exit's
Andrew Isherwood [Fri, 20 Apr 2018 14:15:15 +0000 (15:15 +0100)]
Bug 20284: (follow-up) Added missing 'exit's

This patch adds the exits that were missing after the redirects

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20284: ILLModuleCopyrightClearance text breaks
Andrew Isherwood [Mon, 9 Apr 2018 13:32:21 +0000 (14:32 +0100)]
Bug 20284: ILLModuleCopyrightClearance text breaks

This patch fixes the display of the copyright notice text that is defined
in ILLModuleCopyrightClearance preference when placing ILL requests from
the OPAC. Handling of the copyrightclearance stage was missing,
this has been added.

To test:
1) Ensure you have at least one ILL backend available:
   https://wiki.koha-community.org/wiki/ILL_backends
2) Ensure you have the "ILLModule" preference enabled
3) Add some text to the "ILLModuleCopyrightClearance" preference
4) Navigate to a search results page in the catalog
5) Click the "Make an Interlibrary Loan request" link at the bottom
6) Choose "Create a new request", then select a backend
7) Observe the text you added earlier is displayed with buttons for
   agreeing or disagreeing (prior to this patch, this screen displayed
   an error)
8) Observe that clicking "Yes" takes you to the form for adding request
   details
9) Observe that clicking "No" takes you back to the "Interlibrary loan
   requests" page

Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20477: Silence floody noise on fast cataloging
Mark Tompsett [Mon, 26 Mar 2018 19:14:44 +0000 (19:14 +0000)]
Bug 20477: Silence floody noise on fast cataloging

TEST PLAN
---------
See comment #0 to reproduce.
apply this patch
restart_all

echo | sudo tee /var/log/koha/kohadev/place-error.log
restart_all
cat /var/log/koha/kohadev/plack-error.log
-- just restart information

log into staff client again, home -> circulation -> fast cataloging

cat /var/log/koha/kohadev/plack-error.log
-- just restart information

run qa test tools

Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20620: Remove warnings in moredetail.pl
Jonathan Druart [Thu, 19 Apr 2018 12:54:45 +0000 (09:54 -0300)]
Bug 20620: Remove warnings in moredetail.pl

Since 19995 warnings are displayed in moredetail.pl, we should get rid
of them.

Test plan:
Hit moredetail.pl with different biblionumbers and confirm you do no
longer see warnings in logs.

Make sure values for rentalcharge, item type, ccode and replacementprice
are displayed correctly.

Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20663: Add some POD, so koha test tools don't complain
Mark Tompsett [Thu, 26 Apr 2018 04:31:32 +0000 (04:31 +0000)]
Bug 20663: Add some POD, so koha test tools don't complain

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20663: Remove dead code related to compound reports
Mark Tompsett [Thu, 26 Apr 2018 04:17:51 +0000 (04:17 +0000)]
Bug 20663: Remove dead code related to compound reports

TEST PLAN
---------
git grep "Create Compound Report"
-- only one file
git grep compound | grep 1
-- this is the only setting of the compound tt variable
less koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt
-- There is an TT IF statement for compound.
-- In that statement it would trigger 'Save Compound'
git grep save_compound
-- only the template and the guided report perl
git grep create_compound
-- only triggered by the save code in the guided report perl
-- in the export for the C4/Reports/Guided.pm
git grep run_compound
-- left over in export

apply the patch
look around and see the pieces are cleaned up.

run koha qa test tools

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19171: Attempt to make "no holds possible" messages less confusing
Katrin Fischer [Sun, 22 Apr 2018 22:00:17 +0000 (22:00 +0000)]
Bug 19171: Attempt to make "no holds possible" messages less confusing

At the moment, when no holds are possible, the OPAC reads something
like:

Sorry, none of these items can be placed on hold.
No items available.

This is confusing to the patrons, because the records have items,
but they are not showing. The record also may have available items,
they are just not permitted to place holds on them.

Changes:
- Only display the first message, when somoene tried unsuccessfully
  to place holds on multiple records.
- Change first message to: Sorry, none of these titles can be placed on hold.
- Change the second message to read:
  No items available to be placed on hold.
- Remove <strong> around Sorry for better translatability.

To test:
- Try to place a hold on single record, where no hold is possible.
- Try to place a hold on a single record, where a hold is possible.
- Try to place holds on multiple records where no hold is possible.
- Try to place holds on multiple records where at least one hold
  is possible.

  Verify the screen messages make sense in all cases.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Fixed stray </strong> during signoff.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
For consistency with staff, I renamed multi_holds to multi_hold.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20685: Escape letter template content in textarea
Jonathan Druart [Thu, 3 May 2018 18:40:11 +0000 (15:40 -0300)]
Bug 20685: Escape letter template content in textarea

Test plan:
enter the following text into the Email template for 'HOLD_SLIP'
in Home › Tools › Notices & Slips › Modify notice

<div style='max-width: 4in;'>
<h3><<borrowers.surname>>, <<borrowers.firstname>></h3><br />
<<borrowers.streetnumber>> <<borrowers.address>><br />
<<borrowers.address2>><br />
<<borrowers.city>>, <<borrowers.state>> <<borrowers.zipcode>><br />
<br />
<br />
<img src="/cgi-bin/koha/svc/barcode?barcode=<<borrowers.cardnumber>>&type=Industrial2of5&notext=1">

Edit it again
Without this patch you will get:
<img src="/cgi-bin/koha/svc/barcode?barcode=<<borrowers.cardnumber>>&type=Industrial2of5¬ext=1">

Signed-off-by: Barton Chittenden <barton@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 11317: Add id and class attributes to body
Jonathan Druart [Thu, 3 May 2018 17:30:00 +0000 (14:30 -0300)]
Bug 11317: Add id and class attributes to body

This fixes xt/tt_valid.t
 #   Failed test '<body> tag with id and class attributes'
 #   at xt/tt_valid.t line 91
 # Files list:
 # intranet-tmpl/prog/en/modules/tools/access_files.tt: 8
 # Looks like you failed 1 test of 3.
 [16:44:56] xt/tt_valid.t
 Dubious, test returned 1 (wstat 256, 0x100)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 11317: DBRev 17.12.00.041
Jonathan Druart [Thu, 3 May 2018 16:39:53 +0000 (13:39 -0300)]
Bug 11317: DBRev 17.12.00.041

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 11317: (QA follow-up) Change tool name to be more general
Katrin Fischer [Sat, 28 Apr 2018 00:30:55 +0000 (02:30 +0200)]
Bug 11317: (QA follow-up) Change tool name to be more general

I think this tool could be used in multiple ways, for all kinds
of files that you want to protect by login in Koha. So a more
general name might work better.

This is a suggestion, not mandatory.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 11317: (QA follow-up) Fix merge error and punctuation
Katrin Fischer [Fri, 27 Apr 2018 22:29:06 +0000 (00:29 +0200)]
Bug 11317: (QA follow-up) Fix merge error and punctuation

2 tiny fixes:
- Remove space before : as this is not correct in English
- Remove an errorenous commented line that probably snuck back
  in from a merge

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 11317: (follow-up) Add two-level entry to koha-conf and remove unwanted characters
Roch D'Amour [Mon, 23 Apr 2018 13:20:35 +0000 (09:20 -0400)]
Bug 11317: (follow-up) Add two-level entry to koha-conf and remove unwanted characters

- Removed merge marker
- Changed include path in favor of using the Asset tt plugin (bug 20538)
- Changed access_dir to a two-level entry for clarity

Test plans stay the same, just make sure that the two-level configuration entry
work properly and everything pass QA.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 11317: Add a way to access files from the intranet
Roch D'Amour [Tue, 17 Apr 2018 18:24:07 +0000 (14:24 -0400)]
Bug 11317: Add a way to access files from the intranet

This squash contains all of these commits:
- Adds a page to access log files on the server from the intranet
- Update ID to allow for permalinking
- Rename config to "'accessdir' and fix qa
- Allows for multiple directories to be accessible
- Update the link under reports
- (Follow-up) Fixing merge error and cosmetic changes
- (Follow-up) Fix tab chars and move javascript to the footer
- (QA Follow-up) Fix datatable
- Make filename unicode-proof, renamed accessdir to access_dir and fix update

Test plans:
- Apply patch, update database
- Add to koha-conf:
<access_dir>/tmp/koha-public/one</access_dir>
<access_dir>/tmp/koha-public/two</access_dir>
<access_dir>/tmp/koha-public</access_dir>
- Create these directories ( mkdir /tmp/koha-public , etc...)
- Create these files:
echo "hello world!" > /tmp/koha-public/❤
echo "test" > /tmp/koha-public/one/samename.txt
echo "this is not the same" > /tmp/koha-public/two/samename.txt
- Login as Superadmin, go to tools > reports files
    - Click on ❤, make sure it's downloadable and readable
    - Click on both samename.txt, look inside and make sure the file is different
- Login as NON-superadmin. Go under tools, see no Report/Log under the third column
    - Go to add tools/access_file permission to user
    - See new entry under tools third column.
    - validate link is ok.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20103: Readonly::XS is completely bogus post perl 5.8
Mark Tompsett [Wed, 28 Mar 2018 22:40:09 +0000 (22:40 +0000)]
Bug 20103: Readonly::XS is completely bogus post perl 5.8

A ha! Lie about who we are, and the module will return a version.

./koha_perl_deps.pl -a
-- before patch Readonly::XS is 0
-- after patch it has a version number.
run koha qa test tools

Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20444: Remove sub GetAttributes
Josef Moravec [Mon, 19 Mar 2018 09:33:50 +0000 (09:33 +0000)]
Bug 20444: Remove sub GetAttributes

0) Apply this patch
1) git grep GetAttributes should return no occurencies

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20444: Update test
Josef Moravec [Mon, 19 Mar 2018 09:33:07 +0000 (09:33 +0000)]
Bug 20444: Update test

0) Apply this patch
1) prove t/db_dependent/Members/Attributes.t
should return green

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20444: Use Koha::Patron::Attribute::Types object for getting patron attributes...
Josef Moravec [Mon, 19 Mar 2018 09:27:07 +0000 (09:27 +0000)]
Bug 20444: Use Koha::Patron::Attribute::Types object for getting patron attributes in letter.pl

Test plan:
0) Apply the patch
1) Do not have any patron attribute types defined
2) Go to Tools -> Notices and slips
3) Edit any slip/letter which uses table borrower
4) Confirm the editing works, and the slip/letter itself works
5) Add some patron attributes types and define them a value for any
patron
6) Go to Tools -> Notices and slips and edit any slip/letter which uses
table borrower
7) Confirm, the attributes are listed in available fields
8) Confirm the slip/letter is working when you add a attribute to it

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19752: offline_circ/service.pl - Return HTTP status 401 when authentication faile...
Alex Arnaud [Tue, 5 Dec 2017 10:43:05 +0000 (10:43 +0000)]
Bug 19752: offline_circ/service.pl - Return HTTP status 401 when authentication failed and add option nocookie

Test plan:

- Apply this patch,
- log in to Koha,
- go to cgi-bin/koha/offline_circ/service.pl with no valid user
  and password as parameters and nocookie set to 1. i.e:
  cgi-bin/koha/offline_circ/service.pl?userid=alex&password=wrongpass&nocookie=1,
- auth should fail
- check that the response code is 401

Signed-off-by: Maksim Sen <maksim.sen@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19972: (QA follow-up) Fix id name
Katrin Fischer [Sun, 22 Apr 2018 18:37:11 +0000 (18:37 +0000)]
Bug 19972: (QA follow-up) Fix id name

Renames #type-filter to #itemtype-filter

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19972: Make holds to pull list honors item-level_itypes syspref
Victor Grousset [Tue, 16 Jan 2018 09:06:20 +0000 (10:06 +0100)]
Bug 19972: Make holds to pull list honors item-level_itypes syspref

And reflect that in the UI strings + variable names

Test plan:
1. Set syspref "item-level_itypes" to "specific item"
2. Create a hold on a record with one item
3. Change the document type of the item
4. Check that the item edition page and the record page show 2 different
     types.
5. Go to /cgi-bin/koha/circ/pendingreserves.pl
6. Check that the displayed type is the item one
7. Set syspref "item-level_itypes" to "biblio record"
8. Go to /cgi-bin/koha/circ/pendingreserves.pl
9. See that the displayed type is the item one. When the sysopref says
     "record"
     This is the bug.
10. Apply this patch
11. Go to /cgi-bin/koha/circ/pendingreserves.pl
12. See that the displayed type now follows the syspref
13. Set syspref "item-level_itypes" to "specific item"
14. Go to /cgi-bin/koha/circ/pendingreserves.pl
15. See that the displayed type still follows the syspref

Signed-off-by: Lucie Gay <lucie.gay@ens-paris-saclay.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20666: Correct permissions on opac-routing-lists.pl
Mark Tompsett [Thu, 26 Apr 2018 16:57:47 +0000 (16:57 +0000)]
Bug 20666: Correct permissions on opac-routing-lists.pl

You will need to have the 'Your routing lists' appear
in the opac-user page in order to trigger the error.

Make sure plack is off, and you will an error 500 page.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20666: Correct executable permissions
Mark Tompsett [Thu, 26 Apr 2018 16:22:16 +0000 (16:22 +0000)]
Bug 20666: Correct executable permissions

TEST PLAN
---------
On a kohadevbox:
 1) sudo koha-plack --enable kohadev
 2) restart_all
 3) Enter fines for a patron in the staff client
 4) Go to the 'Fines' tab (left pane)
 5) Go to the 'Account' tab (below the row of buttons)
 6) Click 'Details'
    -- no issues
 7) sudo koha-plack --disable kohadev
 8) restart_all
 9) refresh page
    -- Error 500
10) apply patch
11) restart_all
12) refresh page
    -- no issues
13) sudo koha-plack --enable kohadev
14) restart_all
15) refresh page
    -- no issues

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20637: Fix filters content on the holds to pull screen
Jonathan Druart [Tue, 24 Apr 2018 18:21:36 +0000 (15:21 -0300)]
Bug 20637: Fix filters content on the holds to pull screen

libraries and locations are separated by <br> whereas itypes are using
\n
This patch standardized the separator to generate correctly the filters
pulldown

Test plan:
- Place a hold on a biblio record which has several items
- Define different locations and itypes for these items
- Display the holds on the "Holds to pull" screen and make sure the
filters are working correctly (focus on the dropdown list)

Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20329: Text input fields are wider than the fieldset class they are inside of
Owen Leonard [Wed, 25 Apr 2018 12:38:25 +0000 (12:38 +0000)]
Bug 20329: Text input fields are wider than the fieldset class they are inside of

This alternate patch defines a width of 100% for text inputs and selects
inside sidebar fieldsets. The scope of this style is limited to the
sidebar by unsetting the width for fieldsets within "#yui-main," the
main body of the page.

This patch also removes inline styles from two templates which are now
unnecessary.

To test, apply the patch and clear your cache if necessary.

View various pages which have a sidebar search form: acqui/invoices.pl,
members/members-home.pl, circ/overdue.pl, acqui/parcel.pl. Confirm that
form fields in the sidebar look correct.

Confirm that other forms styled with the "brief" class aren't
unintentionally affected by this patch. For example:
circ/request-article.pl, members/member-password.pl,
reports/reports-home.pl, reserve/request.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20329: Shorten the width of text input fields
Alex Buckley [Sun, 4 Mar 2018 05:31:15 +0000 (05:31 +0000)]
Bug 20329: Shorten the width of text input fields

This makes the text input fields fit tidily within the border of the
fieldset class elements they are within.

Test plan:
1. Go to the acqui/invoices.pl, members/members-home.pl,
circ/overdue.pl, acqui/parcel.pl and notice that the text input fields
on the fieldset element on the left hand side of the screen for
filtering search results are too wide and go over the border of the
fieldset element

2. Apply patch

3. Refresh the aforementioned pages and notice the text inputs have a
shortened width and now fit within the fielset class element

Sponsored-By: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20546: Display shelving location on checkin
Magnus Enger [Mon, 9 Apr 2018 10:39:23 +0000 (12:39 +0200)]
Bug 20546: Display shelving location on checkin

Currently, the sehlving location is not being displayed in the table
of checked in items on <intranet>/cgi-bin/koha/circ/returns.pl

To test:
- Make sure you have a couple of books with a value for shelving location (952$c)
- Check the books out
- Check the books in
- Verify nothing is displayed in the "Shelving location" column
- Apply this patch
- Check the books out and in again
- Verify the shelving location is now being displayed

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20304: (QA follow-up) Remove unwanted 'my'
Julian Maurice [Thu, 26 Apr 2018 11:48:58 +0000 (13:48 +0200)]
Bug 20304: (QA follow-up) Remove unwanted 'my'

'my' creates a new '$value' variable, and prevented the '$value' in
outer scope to be modified

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20304: Remove warnings from cataloguing scripts
Jonathan Druart [Tue, 27 Feb 2018 16:36:21 +0000 (13:36 -0300)]
Bug 20304: Remove warnings from cataloguing scripts

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 18342: Mark Cache::Memcached as mandatory
Jonathan Druart [Fri, 23 Mar 2018 18:03:52 +0000 (15:03 -0300)]
Bug 18342: Mark Cache::Memcached as mandatory

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 18342: Enable memcached by default for new installs
Jonathan Druart [Wed, 27 Sep 2017 19:19:07 +0000 (16:19 -0300)]
Bug 18342: Enable memcached by default for new installs

Note that there is no way to create an install without memcached.
As it is now considered as stable, there is no point to not use it.

Test plan:
Create a new Koha install and make sure memcached is enabled by default

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20665: Reset MySQL connection time zone in the OAI-PMH Provider
Ere Maijala [Thu, 26 Apr 2018 13:08:25 +0000 (13:08 +0000)]
Bug 20665: Reset MySQL connection time zone in the OAI-PMH Provider

TEST PLAN
---------
apply unit test patch
prove t/db_dependent/OAI/Server.t
-- should fail
apply this patch
prove t/db_dependent/OAI/Server.t
-- should pass
run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20665: Units tests for testing MySQL connection time zone
Ere Maijala [Thu, 26 Apr 2018 13:05:51 +0000 (13:05 +0000)]
Bug 20665: Units tests for testing MySQL connection time zone

TEST PLAN
---------
apply this test patch
prove t/db_dependent/OAI/Server.t
-- should fail
apply the other patch
prove t/db_dependent/OAI/Server.t
-- should pass
run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19466: Turn AutoCalc off for new installs
David Bourgault [Tue, 1 May 2018 19:09:53 +0000 (15:09 -0400)]
Bug 19466: Turn AutoCalc off for new installs

Default value of AutoMemberNum is now 0.

TEST PLAN:
0. Do a fresh install of Koha
1. In system preferences AutoMemberNum should be off
2. No warning should be shown next to the cardnumber field in the patron creation form.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20531: Set the timestamps to the same value to get a correct order
Jonathan Druart [Wed, 25 Apr 2018 20:38:38 +0000 (17:38 -0300)]
Bug 20531: Set the timestamps to the same value to get a correct order

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20659: Fix blocking errors display
Jonathan Druart [Wed, 25 Apr 2018 19:52:07 +0000 (16:52 -0300)]
Bug 20659: Fix blocking errors display

The include file blocking-errors.inc has been created to by-pass regular
processing and display an error that should block the elements of the
view.

For instance you call a patron's page with invalid borrowernumber => we
do not want the app to crash (500) or the page to display with broken
elements.

It worked well on bug 18403 but it's now broken, a blank page is
displayed instead.
It may be caused by the move of the JS to the bottom of the page.

Test plan:
hit /cgi-bin/koha/members/moremember.pl?borrowernumber=45432
Without this patch a blank page is displayed.
With this patch you see the blocking error

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20531: Add diag to help debug next failure
Jonathan Druart [Wed, 25 Apr 2018 15:17:19 +0000 (12:17 -0300)]
Bug 20531: Add diag to help debug next failure

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19204: Add tests for new days_mode parameter
Jonathan Druart [Mon, 23 Apr 2018 13:37:48 +0000 (10:37 -0300)]
Bug 19204: Add tests for new days_mode parameter

Sponsored-by: Goethe-Institut
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19204: Add a test: holiday is expiration date
Jonathan Druart [Mon, 23 Apr 2018 21:52:00 +0000 (18:52 -0300)]
Bug 19204: Add a test: holiday is expiration date

Sponsored-by: Goethe-Institut
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19204: Clean the tests a bit to reuse the same pattern
Jonathan Druart [Mon, 23 Apr 2018 21:12:00 +0000 (18:12 -0300)]
Bug 19204: Clean the tests a bit to reuse the same pattern

The same pattern is used several times in test:
checkout, checkin, get the debarment, compare the dates and remove the
debarment.
Let's move that to a separate subroutine

Sponsored-by: Goethe-Institut
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 19204: Make the debarment date calculation depends on finesCalendar
Jonathan Druart [Mon, 23 Apr 2018 18:23:00 +0000 (15:23 -0300)]
Bug 19204: Make the debarment date calculation depends on finesCalendar

This patchs adds the ability to calculate the end of the suspension date
(debarment date) using the finesCalendar syspref.
Prior to this patch it was never calculating without taking into account
the calendar.

calculated without taking holidays into account.
This was a problem because the restriction could end in the middle of a
period the library is closed.

Test plan:
- Set finescalendar to 'not including days the library is closed'
- Set a circulation condition with no fine/maxfine, but fine days and
max fine days instead
- Check out an item with a due date in the past
- Check the item in and verify the restriction date
- Clean the restriction

- Add holidays to your calendar on the calculated restriction date
- Check the item out again with the same due date in the past
- Check in the item again
- Verify the calculated restriction end date has changed, it's set to the day
after the holiday.

Fines in days restriction calculation is correctly taking calendar
into account.

Sponsored-by: Goethe-Institut
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: DBRev 17.12.00.040
Jonathan Druart [Wed, 25 Apr 2018 13:37:08 +0000 (10:37 -0300)]
Bug 20100: DBRev 17.12.00.040

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: Set ProtectSuperlibrarianPrivileges by default
Jonathan Druart [Wed, 25 Apr 2018 13:46:11 +0000 (10:46 -0300)]
Bug 20100: Set ProtectSuperlibrarianPrivileges by default

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: Explain why the checkbox is disabled
Jonathan Druart [Wed, 25 Apr 2018 13:34:59 +0000 (10:34 -0300)]
Bug 20100: Explain why the checkbox is disabled

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: (QA follow-up) Pref description and improve code in member-flags
Marcel de Rooy [Wed, 25 Apr 2018 11:33:05 +0000 (13:33 +0200)]
Bug 20100: (QA follow-up) Pref description and improve code in member-flags

Two points as mentioned on Bugzilla comment29.
[1] Improve pref description. Feedback from comment30 incorporated.
[2] Improve code in member-flags. Check if we change librarian flag first.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested the die with "disable_superlibrarian_privs => 0" in member-flags.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: (QA follow-up) Change syspref name to full version
Marcel de Rooy [Wed, 25 Apr 2018 11:09:05 +0000 (13:09 +0200)]
Bug 20100: (QA follow-up) Change syspref name to full version

As per RM request, changing the shorter name to its full form.
Result of a git grep | sed.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
No occurrences to be found anymore with git grep -i.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: (QA follow-up) Use template logic instead of js to disable superlib box
Nick Clemens [Fri, 20 Apr 2018 11:52:17 +0000 (11:52 +0000)]
Bug 20100: (QA follow-up) Use template logic instead of js to disable superlib box

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: Disallow access to superlibrarian privileges at client side
Marcel de Rooy [Wed, 31 Jan 2018 15:47:23 +0000 (16:47 +0100)]
Bug 20100: Disallow access to superlibrarian privileges at client side

This last patch activates the check at client side.
If the pref ProtectSuperlibPrivs is enabled, non-superlibs should not be
able to change superlibrarian privileges via the interface.

Test plan:
[1] Enable the pref.
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
    and staff_access). Verify that you cannot add or remove superlib
    privs.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: Disallow access to superlib privileges at server side
Marcel de Rooy [Wed, 31 Jan 2018 14:02:36 +0000 (15:02 +0100)]
Bug 20100: Disallow access to superlib privileges at server side

Depends on pref ProtectSuperlibPrivs.
If enabled, script member-flags.pl will not allow you to add or remove
superlib privs when you are no superlibrarian.
The follow-up patch will enable the check at client side.

Test plan:
[1] Enable the pref. Do not apply the third patch (client side).
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
    and staff_access). Verify that you have an internal server error when
    you add or remove superlib privs. The log contains a warning.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20100: Introduce preference ProtectSuperlibPrivs
Marcel de Rooy [Wed, 31 Jan 2018 15:23:18 +0000 (16:23 +0100)]
Bug 20100: Introduce preference ProtectSuperlibPrivs

This pref allows you to block changes to superlibrarian privileges at
client and server side for non-superlibrarians.
This patch only contains the db rev and the preference description.

Test plan:
Run dbrev or new install. Check pref value.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 20538: Prevent warnings in xt/author/valid-templates.t
Julian Maurice [Wed, 25 Apr 2018 07:21:30 +0000 (09:21 +0200)]
Bug 20538: Prevent warnings in xt/author/valid-templates.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
6 years agoBug 2696: (QA follow-up) Add more test, move to subtest
Kyle M Hall [Tue, 24 Apr 2018 16:43:25 +0000 (16:43 +0000)]
Bug 2696: (QA follow-up) Add more test, move to subtest

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>