]> git.koha-community.org Git - koha.git/log
koha.git
2 years agoBug 29786: Select only specific items for item level holds
Nick Clemens [Tue, 4 Jan 2022 13:37:53 +0000 (13:37 +0000)]
Bug 29786: Select only specific items for item level holds

This patch adjusts get_items_that_can_fill to make two requests:
first the list of items for item-level holds
second the list of biblionumbers for title-level holds

This stops the report from pulling more items for item-level hold

This patch also removes the aliases used in the code - while readability
is a bit harder, it allows for using 'me' in get_items_that_can_fill
Otherwise, this routine would need a parameter to know what we called the table.

To test:
1 - Find a record with many items available
2 - Place an item level hold for an item on the record, not the one with lowest itemnumber
3 - Run 'Hold to pull' report
4 - Note the barcode does not match
5 - Apply patch
6 - Reload report
7 - It matches!

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29786: Unit tests
Nick Clemens [Tue, 4 Jan 2022 13:33:07 +0000 (13:33 +0000)]
Bug 29786: Unit tests

I add a new test for the case of an item level hold, and additionally
adjust later tests to use a title level hold.

I also fix a typo where the comment says item 1 when it means item 2

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 28932: Fix duplicate next_action & prev_action
Andrew Isherwood [Wed, 5 Jan 2022 13:00:10 +0000 (10:00 -0300)]
Bug 28932: Fix duplicate next_action & prev_action

This patch fixes the duplicate buttons issue.
To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Illrequests.t
=> FAIL: Tests fail
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 28932: Regression tests
Andrew Isherwood [Wed, 5 Jan 2022 13:02:22 +0000 (10:02 -0300)]
Bug 28932: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29495: DBRev 21.12.00.008
Kyle Hall [Fri, 4 Feb 2022 18:28:58 +0000 (13:28 -0500)]
Bug 29495: DBRev 21.12.00.008

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29495: Add relation tests
Martin Renvoize [Mon, 22 Nov 2021 17:58:13 +0000 (17:58 +0000)]
Bug 29495: Add relation tests

This patch adds missing tests for relationship accessors in the
ReturnClaim class.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29495: (follow-up) Use 'item' relationship
Martin Renvoize [Thu, 18 Nov 2021 15:47:02 +0000 (15:47 +0000)]
Bug 29495: (follow-up) Use 'item' relationship

This patch adds the missing 'item' relationship in
Checkouts::ReturnClaim and then uses it from the resolve method.

This improve the reliability of the resolution code so it works when the
item has already been checked in (without having to check
Old::Checkouts).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29495: Update relationship methods
Martin Renvoize [Thu, 18 Nov 2021 07:43:44 +0000 (07:43 +0000)]
Bug 29495: Update relationship methods

This patch updates the relationship methods found in
Koha::Checkouts::ReturnClaim so that they are prefetchable and embeddable on
the API.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29495: Add code level constraint replacement
Martin Renvoize [Wed, 17 Nov 2021 10:27:38 +0000 (10:27 +0000)]
Bug 29495: Add code level constraint replacement

This patch adds a check in Koha::Checkouts::ReturnClaim::store to
replace the database level foreign key check.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29495: Add DBIC relationships back into Schema
Martin Renvoize [Wed, 17 Nov 2021 10:10:18 +0000 (10:10 +0000)]
Bug 29495: Add DBIC relationships back into Schema

This patch adds the relationship accessors back into the affected Schema
classes, now below the fold so they are retained during dbic rebuilds.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29495: DBIC Schema Rebuild
Martin Renvoize [Wed, 17 Nov 2021 10:01:47 +0000 (10:01 +0000)]
Bug 29495: DBIC Schema Rebuild

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29495: Drop issue_id constraint from return_claims
Martin Renvoize [Wed, 17 Nov 2021 09:56:48 +0000 (09:56 +0000)]
Bug 29495: Drop issue_id constraint from return_claims

This patch removes the issue_id constraint from return_claims.

Due to the nature of our dual table approach to checkouts/old_checkouts
we can't safely hae this constraint and not lose data.  Prior to this
commit, when an item is checked in we move the checkout from checkouts
to old_checkouts.. this therefore triggers the delete of the issue_id
from the return_claims table as described by the foreign key constraint.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29495: Unit Tests
Martin Renvoize [Mon, 22 Nov 2021 16:30:13 +0000 (16:30 +0000)]
Bug 29495: Unit Tests

Test plan
1. Run updated tests prior to applying new patches.. pass
2. Run updated tests after applying new patches.. pass

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29585: Fix unstranslatable strings in addbiblio.tt
Tomas Cohen Arazi [Mon, 29 Nov 2021 10:59:47 +0000 (07:59 -0300)]
Bug 29585: Fix unstranslatable strings in addbiblio.tt

This patch makes 'Go to field' and 'Errors' strings translatable

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoUpdate release notes for 21.11.02 release v21.11.02
Kyle M Hall [Mon, 31 Jan 2022 18:16:32 +0000 (18:16 +0000)]
Update release notes for 21.11.02 release

Signed-off-by: Kyle Hall <kyle@bywatersolutions.com>
2 years agoIncrement version for 21.11.02 release
Kyle Hall [Mon, 31 Jan 2022 15:46:26 +0000 (10:46 -0500)]
Increment version for 21.11.02 release

Signed-off-by: Kyle Hall <kyle@bywatersolutions.com>
2 years agoFix translations for Koha 21.11.02
Kyle Hall [Mon, 31 Jan 2022 15:43:37 +0000 (10:43 -0500)]
Fix translations for Koha 21.11.02

Signed-off-by: Kyle Hall <kyle@bywatersolutions.com>
2 years agoMerge remote-tracking branch 'koha-translate/21.11.02-translate-20220131' into HEAD
Kyle Hall [Mon, 31 Jan 2022 14:55:50 +0000 (09:55 -0500)]
Merge remote-tracking branch 'koha-translate/21.11.02-translate-20220131' into HEAD

2 years agoTranslation updates for Koha 21.11.02
Koha translators [Mon, 31 Jan 2022 14:37:23 +0000 (11:37 -0300)]
Translation updates for Koha 21.11.02

2 years agoBug 29903: Prevent messages to be deleted from unauthorised users
Jonathan Druart [Wed, 19 Jan 2022 10:21:54 +0000 (11:21 +0100)]
Bug 29903: Prevent messages to be deleted from unauthorised users

The "Delete" link is hidden but the controller does not do the necessary checks.

/cgi-bin/koha/circ/del_message.pl?message_id=1&borrowernumber=5&from=moremember

Test plan:
Create a message, see the "Delete" link, don't click it but copy it
Change logged in library and use the link
If AllowAllMessageDeletion is off you should be redirected to 403

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29544: (QA follow-up) Simplify code
Tomas Cohen Arazi [Wed, 12 Jan 2022 12:43:48 +0000 (09:43 -0300)]
Bug 29544: (QA follow-up) Simplify code

I think this is a better approach for the same thing. Posting it just in
case it helps.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29544: Fix opac-issue-note.pl
Jonathan Druart [Thu, 2 Dec 2021 08:04:14 +0000 (09:04 +0100)]
Bug 29544: Fix opac-issue-note.pl

We must check if logged in user is trying to modify one of their
checkouts

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29544: Ensure logged in user is allowed to modify checkout note
Jonathan Druart [Mon, 22 Nov 2021 13:56:58 +0000 (14:56 +0100)]
Bug 29544: Ensure logged in user is allowed to modify checkout note

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29542: Prevent access to private list to non authorized users
Jonathan Druart [Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)]
Bug 29542: Prevent access to private list to non authorized users

The catalogue permission is not enough.

Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
  /cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX

You should get an error message "You do not have sufficient permission
to continue."

Login with user A
=> You should be able to send the list

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29541: Prevent users from another group to access patron's images
Jonathan Druart [Mon, 6 Dec 2021 12:58:25 +0000 (13:58 +0100)]
Bug 29541: Prevent users from another group to access patron's images

We should respect group restrictions here.

Test plan:
Create a patron from another group of libraries and don't let them
access info from patrons outside of this group.
Access the following link and confirm that you can see the image only
for patrons from their group
  /cgi-bin/koha/members/patronimage.pl?borrowernumber=XX

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29541: Restrict access to patron's image to borrowers => * and circulate => *
Jonathan Druart [Mon, 22 Nov 2021 14:29:58 +0000 (15:29 +0100)]
Bug 29541: Restrict access to patron's image to borrowers => * and circulate => *

The patron images is displayed on the 'circulation' and 'members'
modules.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29914: Remove 'Use of uninitialized value ' warnings
Jonathan Druart [Tue, 25 Jan 2022 10:57:01 +0000 (11:57 +0100)]
Bug 29914: Remove 'Use of uninitialized value ' warnings

2 years agoBug 29914: (QA follow-up) Add comment to explain last case
Nick Clemens [Mon, 24 Jan 2022 14:23:29 +0000 (14:23 +0000)]
Bug 29914: (QA follow-up) Add comment to explain last case

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
JD amended patch: remove ref to line number

2 years agoBug 29914: (QA follow-up) Expand tests to cover failure case before patches
Nick Clemens [Mon, 24 Jan 2022 14:19:24 +0000 (14:19 +0000)]
Bug 29914: (QA follow-up) Expand tests to cover failure case before patches

When asking for permissions we get 'failed', without we get 'ok'
Adding explicit checks for not 'ok'

Add a FIXME:
We should cover the case where we return 'failed' after changes, but that is a larger undertaking

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2 years agoBug 29670: Fix EDI for AcqCreateItem = 'placing on order'
Martin Renvoize [Thu, 9 Dec 2021 13:55:41 +0000 (13:55 +0000)]
Bug 29670: Fix EDI for AcqCreateItem = 'placing on order'

The AcqCreatItem at order time functionality was broken by bug 27708.
This patch resolves that.

Test plan.
1) Run the newly created unit tests that prove both settings work

Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
2 years agoBug 29670: Unit tests
Martin Renvoize [Thu, 9 Dec 2021 16:04:55 +0000 (16:04 +0000)]
Bug 29670: Unit tests

This patch adds unit tests for Koha::Edifact::Order->order_line. We now
check that the message segments are created as expected for both the
'ordering' and not 'ordering' case for acquisitions item creation time.

Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
JD amended patch: spelling segement ==> segment

2 years agoBug 29914: Remove warn on timeout
Marcel de Rooy [Fri, 21 Jan 2022 10:50:59 +0000 (10:50 +0000)]
Bug 29914: Remove warn on timeout

The value of the system preference 'timeout' is not correct, defaulting to 600.

Caused by previous test. Actually an omission in another sub that
does not seem to support 10x.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29914: Add tests
Jonathan Druart [Fri, 21 Jan 2022 08:23:38 +0000 (09:23 +0100)]
Bug 29914: Add tests

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29914: Make check_cookie_auth compare the userid
Jonathan Druart [Thu, 20 Jan 2022 09:10:05 +0000 (10:10 +0100)]
Bug 29914: Make check_cookie_auth compare the userid

check_cookie_auth is assuming that the user is authenticated if a cookie exists
and that the login/username exists in the DB.

So basically if you hit the login page, fill the login input with a
valid username, click "login"
=> A cookie will be generated, and the sessions table will contain a
line with this session id.
On the second hit, if the username is in the DB, it will be enough to be
considered authenticated.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt
Owen Leonard [Tue, 11 Aug 2020 17:26:18 +0000 (17:26 +0000)]
Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt

To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: subscription-add.tt
Owen Leonard [Tue, 11 Aug 2020 15:22:33 +0000 (15:22 +0000)]
Bug 26102: Prevent XSS when To.json is used: subscription-add.tt

Test the process of adding a subscription, entering both a valid vendor
ID and a non-existent vendor ID. The non-existent vendor ID should
trigger a validation alert.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: guarantor_search.tt
Owen Leonard [Tue, 11 Aug 2020 15:05:59 +0000 (15:05 +0000)]
Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt

To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: catalogue/results.tt
Owen Leonard [Tue, 11 Aug 2020 12:57:48 +0000 (12:57 +0000)]
Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt

To test, perform a search in the catalogue and verify that search term
highlighting works correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt
Owen Leonard [Tue, 11 Aug 2020 12:41:13 +0000 (12:41 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt

Test the process of searching for and selecting an authority record for
use in the basic MARC editor.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: authorities/authorities.tt
Owen Leonard [Tue, 11 Aug 2020 12:34:18 +0000 (12:34 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt

Check that mandatory tags and subfields are correctly required when
editing an authority record.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 26102: Prevent XSS when To.json is used: admin/preferences.tt
Owen Leonard [Tue, 11 Aug 2020 12:31:26 +0000 (12:31 +0000)]
Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt

Test that preference search term highlighting works correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29540: Raise flagsrequired in modrequest
Marcel de Rooy [Mon, 22 Nov 2021 07:55:47 +0000 (07:55 +0000)]
Bug 29540: Raise flagsrequired in modrequest

Test plan:
Try modrequest with a user having only 'catalogue' perms and the following URLs:
[1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX
    Fill the XXs with correct identifiers for some item level hold.
[2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX
    Fill the XX with borrowernumber for borrower that has pending holds.
You should see: Error: You do not have permission to access this page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[AMENDED] More consensus for using reserveforothers than circulate_remaining.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 28735: Self-checkout users can access opac-user.pl for sco user when not using...
David Cook [Thu, 22 Jul 2021 06:34:20 +0000 (06:34 +0000)]
Bug 28735: Self-checkout users can access opac-user.pl for sco user when not using AutoSelfCheckID

This patch makes the sandboxing of the selfcheckout more robust by
adding a "sco_user" session variable which is turned on when
logging into the self-checkout (either by AutoSelfCheckAllowed or manually).

If a user with this session variable turned on tries to access
other parts of the system (like the rest of the OPAC), it will
"kick out", so that the browser user will lose the authenticated session.

Test plan:
1) Apply the patch
2) koha-plack --restart kohadev
3) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4) Note that you are logged into the self-checkout
     So you see the login screen specific to the self-checkout.
     To log with the actual patron. It's a nested auth.
5) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
6) Note that you are not logged into the OPAC
7) Log into the staff interface and disable the
system preference AutoSelfCheckAllowed
8) Log out of the staff interface (this step is very important)
9) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
10) Note that you are prompted to log into Koha
11) Login using the "koha" user (when using koha-testing-docker)
12) Note that you are logged into the self-checkout
13) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
14) Note that you are not logged into the OPAC
      Without the patch you would still be logged as "koha"
15) Go back to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
16) Note that you will need to log in again as you've lost your
session cookie
      Without the patch you will still be logged in the self-checkout
Voila!

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29543: Set autocomplete off for SCO login fields
Nick Clemens [Wed, 5 Jan 2022 16:06:15 +0000 (16:06 +0000)]
Bug 29543: Set autocomplete off for SCO login fields

Cardnumber already had it set, adding for username and password

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29543: Add Mojo::JWT dependency
Jonathan Druart [Wed, 5 Jan 2022 15:37:49 +0000 (16:37 +0100)]
Bug 29543: Add Mojo::JWT dependency

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29543: (follow-up) Add a warning to SelfCheckoutByLogin
Nick Clemens [Wed, 5 Jan 2022 15:29:41 +0000 (15:29 +0000)]
Bug 29543: (follow-up) Add a warning to SelfCheckoutByLogin

This updates the language to warn users of risk if using cardnumber for login and auto-self-check is enabled

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29543: Prevent user to checkin or renew items they don't own
Jonathan Druart [Wed, 5 Jan 2022 14:25:48 +0000 (15:25 +0100)]
Bug 29543: Prevent user to checkin or renew items they don't own

Checkin or renew must be restricted to the items they own.

Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1

You should see an error message

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29543: Enforce authentication for self-checkout
Jonathan Druart [Wed, 5 Jan 2022 11:47:10 +0000 (12:47 +0100)]
Bug 29543: Enforce authentication for self-checkout

The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!

This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.

Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
 SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29543: Add JWT token handling
Jonathan Druart [Wed, 5 Jan 2022 11:20:28 +0000 (12:20 +0100)]
Bug 29543: Add JWT token handling

Mojo::JWT is installed already, it's not a new dependency.
We need a way to send the patron a token when it's correctly logged in,
and not assumed it's logged in only if patronid is passed

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29543: Remove inputfocus variable
Jonathan Druart [Wed, 5 Jan 2022 10:25:12 +0000 (11:25 +0100)]
Bug 29543: Remove inputfocus variable

It's not used in template

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29543: Remove borrower variable
Jonathan Druart [Wed, 5 Jan 2022 10:24:12 +0000 (11:24 +0100)]
Bug 29543: Remove borrower variable

It's not needed, we have $patron

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29717: Remove unecessary DT manipulations from tools/additional-contents.pl
Jonathan Druart [Thu, 16 Dec 2021 15:44:30 +0000 (16:44 +0100)]
Bug 29717: Remove unecessary DT manipulations from tools/additional-contents.pl

DBIC handles DateTime correctly, no need for this output_pref call.

Test plan:
Create a new content, set the dates, confirm they are set correctly
Modify the content, modify the dates, confirm they are stored correctly

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29702: Fetch group libraries in a single call
Nick Clemens [Wed, 15 Dec 2021 15:44:06 +0000 (15:44 +0000)]
Bug 29702: Fetch group libraries in a single call

The current code gets all group members, then loops through and fetches the library if there is a
branchcode, or recursively calls itself if a group. This slows down performance.

We can utilize the 'libraries' method to get all child libraries at once, then make a check
for child groups separately

To recreate:
 1 - Add 100 items to a biblio
 2 - Define a library group as a hold group
 3 - Add all libraries to the group
 4 - Set 'Default checkout, hold and return policy'->'Hold pickup library match' = 'Any library'
 5 - place a hold on the record and note load time after patron is selected
 6 - Set 'Default checkout, hold and return policy'->'Hold pickup library match' = 'Patrons hold group'
 7 - place a hold, note longer load time after patron selection
 8 - Apply patch
 9 - note improvement
10 - prove -v t/db_dependent/Koha/Libraries.t

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29813: Add missing semicolon in skeleton.pl
Tomas Cohen Arazi [Thu, 6 Jan 2022 18:28:20 +0000 (15:28 -0300)]
Bug 29813: Add missing semicolon in skeleton.pl

This has no effect as it is not causing problems. But.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29736: (QA follow-up) No need to delete all clubs
Tomas Cohen Arazi [Tue, 21 Dec 2021 13:16:55 +0000 (10:16 -0300)]
Bug 29736: (QA follow-up) No need to delete all clubs

There's no real need to delete all the existing clubs in the tests.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29736: Restore searching
Tomas Cohen Arazi [Tue, 21 Dec 2021 13:49:56 +0000 (10:49 -0300)]
Bug 29736: Restore searching

Without this patch, the list will always display all clubs.

To test:
1. Have two clubs, with enrollemnts:
   - Cthulhu fans
   - The Shadow Out of Time fans
2. Search for the letter c
=> FAIL: You get both results
3. Apply this patch
4. Repeat 2
=> SUCCESS: Only Cthulhu is returned
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29736: Don't return empty clubs
Jonathan Druart [Mon, 20 Dec 2021 14:14:56 +0000 (15:14 +0100)]
Bug 29736: Don't return empty clubs

There is an error when placing a hold for a club without members:
Uncaught TypeError: err.responseJSON.error is undefined

It seems that we should remove clubs without members from the search.

Test plan:
Create 1 club xx with 2 patrons
Create 1 club xxx with 1 patron and cancel their enrolment
Create 1 club xxxx without patron

Place a hold for club "x", only the first one should be returned with
this patch.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29476: (follow-up) Fix return, add precision test
Nick Clemens [Mon, 13 Dec 2021 17:27:42 +0000 (17:27 +0000)]
Bug 29476: (follow-up) Fix return, add precision test

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29476: Correct soonest renewal date calculation for checkouts with auto-renewal
Joonas Kylmälä [Sun, 14 Nov 2021 14:19:08 +0000 (14:19 +0000)]
Bug 29476: Correct soonest renewal date calculation for checkouts with auto-renewal

If a checkout with auto-renewal enabled doesn't have a
"norenewalbefore" circulation rule set the code in CanBookBeRenewed()
falls back to using due date (to verify this please look for the
string "auto_too_soon" in C4/Circulation.pm), the calculation result
of GetSoonestRenewDate() however didn't do this, though luckily it was
not used in CanBookBeRenewed so we didn't get any issues
there. However, GetSoonestRenewDate() is used for displaying the
soonest renewal date in the staff interface on the circ/renew.pl page
so you would have gotten wrong results there.

This patch moves additionally the tests made for Bug 14395 under a new
subtest for GetSoonestRenewDate() as they should have been like that
already before.

To test:
  1) prove t/db_dependent/Circulation.t

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29735: Remove flatpickr init from categories.js and holds.js
Jonathan Druart [Mon, 20 Dec 2021 11:02:45 +0000 (12:02 +0100)]
Bug 29735: Remove flatpickr init from categories.js and holds.js

Same as bug 29394, we want the flatpickr instanciations be done at the
same place, from calendar.inc. That way they will all behave
identically.

Test plan:
Edit a patron category and confirm that the "until date" calendar has
the "yesterday" and "today" dates disabled

Place a hold on an item, go to the patron detail page, click the "holds"
tab, suspend.
That should trigger a modal that will display a calendar with
"yesterday" and "today" dates disabled

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29552: Compiled CSS
Kyle Hall [Fri, 14 Jan 2022 14:31:33 +0000 (09:31 -0500)]
Bug 29552: Compiled CSS

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29552: Disable today for dates in the future
Jonathan Druart [Mon, 20 Dec 2021 10:44:24 +0000 (11:44 +0100)]
Bug 29552: Disable today for dates in the future

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29552: (follow-up) Use CSS to set disabled class
Owen Leonard [Fri, 3 Dec 2021 14:40:41 +0000 (14:40 +0000)]
Bug 29552: (follow-up) Use CSS to set disabled class

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29552: Flatpickr - Disable shortcut buttons if inactive
Jonathan Druart [Tue, 23 Nov 2021 13:17:09 +0000 (14:17 +0100)]
Bug 29552: Flatpickr - Disable shortcut buttons if inactive

If one of the buttons is not relevant we should disable it and mark is
as such on the interface.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 20076: DBRev 21.11.01.004
Kyle Hall [Fri, 14 Jan 2022 14:28:29 +0000 (09:28 -0500)]
Bug 20076: DBRev 21.11.01.004

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 20076: (RM follow-up) Fix system preference boolean logic
Fridolin Somers [Fri, 14 Jan 2022 01:33:09 +0000 (15:33 -1000)]
Bug 20076: (RM follow-up) Fix system preference boolean logic

A Yes/No system preference must use 1 for Yes and 0 for No.
So "Send" for 1/Yes and "Don't send" for 0/No.
We add too much problems with double-negation boolean system preferences (such as dontmerge).

Previous patch changed default value to 1 in atomicupdate, do the same
in installer/data/mysql/mandatory/sysprefs.sql

Also to be consistant, sets options = NULL instead of '' in atomicupdate

Also removed useless added empty line in /misc/cronjobs/overdue_notices.pl

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 20076: (QA follow-up) We need to default to 'Send' on update to keep existing...
Katrin Fischer [Sun, 19 Dec 2021 13:17:33 +0000 (14:17 +0100)]
Bug 20076: (QA follow-up) We need to default to 'Send' on update to keep existing behavior

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 20076: (QA follow-up) Rephrase system preference description sightly
Katrin Fischer [Sun, 19 Dec 2021 13:16:23 +0000 (14:16 +0100)]
Bug 20076: (QA follow-up) Rephrase system preference description sightly

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 20076: (QA follow-up) Reformat database update to use newer format
Katrin Fischer [Sun, 19 Dec 2021 02:55:49 +0000 (02:55 +0000)]
Bug 20076: (QA follow-up) Reformat database update to use newer format

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 20076: Add syspref to remove overdues notification by email to staff if user...
ThibaudGLT [Fri, 10 Dec 2021 15:02:03 +0000 (15:02 +0000)]
Bug 20076: Add syspref to remove overdues notification by email to staff if user has no email address

I took the same test plan as victor but I added the system preference to manage the case more easily, especially for users who do not have access to the koha server.

Test plan
1. Check the size of the message queue
     With the following SQL query (using an SQL report if you want)
     SELECT COUNT(*) FROM message_queue;
2. Run misc/cronjobs/overdue_notices.pl
3. Check the size of the message queue
     To ensure that no other overdues will create noise in this test plan.
     Or you can take them into account.
4. Choose a patron with no email address
5. Create an overdue (checkout an item and unfold "Checkout settings"
   and set a date in the past which is compatible with what you find in
   staff:/cgi-bin/koha/tools/overduerules.pl
6. Run misc/cronjobs/overdue_notices.pl
7. Check that you have two new messages in the queue
8. Inspect these two messages
   SELECT * FROM message_queue ORDER BY time_queued DESC LIMIT 2 \G
   1. One has the type "print" and the borrowernumber matching the patron.
   2. The other has
        subject: Overdue Notices
        borrowernumber: NULL
        message_transport_type: email
        and contains "These messages were not sent directly to the patrons."
        This is the one we don't want anymore.
        Because it's now obsolete due to the first message.
9. Apply this patch
10. Run updatedabatase.pl
11. Change syspref 'EmailOverduesNoEmail' to "Don't send"
12. Delete data from message_queue (if you have access) for a cleaner view
13. Run again misc/cronjobs/overdue_notices.pl
14. Check that only the print message is now generated and not the
      "Overdue Notices" one.

https://bugs.koha-community.org/show_bug.cgi?id=20076

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29530: Fix handling of NumSavedReports preference in reports table
Owen Leonard [Tue, 23 Nov 2021 18:27:21 +0000 (18:27 +0000)]
Bug 29530: Fix handling of NumSavedReports preference in reports table

This patch updates the way the NumSavedReports preference value is used
on the saved reports page so that the setting is correctly incorporated
into the DataTable.

The patch also expands the description of the NumSavedReports preference
in order to clarify the expected behavior when no value is saved.

To test, apply the patch and go to Administration -> System
preferences and note the value of NumSavedReports.

 - Go to Reports -> Use saved.
 - Confirm that the first page of saved reports shows the number
   specified in NumSavedReports.
 - In the "Show" dropdown menu, confirm that the number from
   NumSavedReports is preselected by default.
   - Expand the dropdown menu to confirm that the NumSavedReports number
     is positioned sequentially with the default values. For example, if
     NumSavedReports = "78," the menu options should be
     "10, 20, 50, 78, 100, All".
 - Test with various values of NumSavedReports. A blank value should
   result in the "All" option being selected. A non-numeric or
   non-positive value should result in the default set of options being
   used ("10, 20, 50, 100, All").

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 24866: Changed $raw for html for extra safety
Florian Bontemps [Thu, 25 Nov 2021 08:59:03 +0000 (08:59 +0000)]
Bug 24866: Changed $raw for html for extra safety

Same test plan as before

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 24866: (follow-up) Replaced tabulations by dashes
Florian Bontemps [Tue, 9 Nov 2021 13:36:36 +0000 (13:36 +0000)]
Bug 24866: (follow-up) Replaced tabulations by dashes

The rendering of SELECT elements is up to the browser.
But Bug 16123 CSS code 'style="padding-left: xx' doesn't work on modern browsers.

Based on the previous contribution, this fix replaces CSS style attribute with dashes, creating a leveled structure that should work with most browsers.

Tested on Linux Ubuntu with Firefox 94.0, Chromium 95.0.4 and Opera 81.0.1
TEST PLAN :

1. Go to the Administration module
2. Add a new budget (ie : Budget 2022)
3. Add a fund to this budget (ie : Book)
4. Add a sub-fund to fund Book (ie : Fiction)
5. Add another sub-fund, this time to sub-fund Book (ie : Adult fiction)
You will have this hierarchy :

Budget 2022
 |____ Book
         |_____ Fiction
                |_____ Adult fiction

6. Go to the Acquisition module
7. Select a vendor and create a new basket
8. Place an order
9. Check the budget dropdown menu

BEFORE PATCH
Book
Fiction
Adult fiction

OR

Book
   Fiction
         Adult fiction

AFTER PATCH
Book
 -- Fiction
 -- -- Adult fiction

Co-authored-by: Didier Gautheron <didier.gautheron@biblibre.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 24866: Display budget hierarchy in the budget dropdown menu used when placing...
Didier Gautheron [Mon, 6 Apr 2020 14:30:40 +0000 (14:30 +0000)]
Bug 24866: Display budget hierarchy in the budget dropdown menu used when placing a new order

The rendering of SELECT elements is up to the browser.
But Bug 16123 CSS code 'style="padding-left: xx' doesn't work on modern browsers.

This patch replace CSS style attribute with &emsp; html entity.

On supported platforms
TEST PLAN :

1. Go to the Administration module
2. Add a new budget (ie : Budget 2020)
3. Add a fund to this budget (ie : Book)
4. Add a sub-fund to fund Book (ie : Adult fiction)

You will have this hierarchy :

Budget 2020
 |____ Book
         |_____ Adult fiction

5. Go to the Acquisition module
6. Select a vendor and create a new basket
7. Place an order
8. Check the budget dropdown menu

BEFORE PATCH
Book
Adult fiction

OR

Book
   Adult fiction

AFTER PATCH
Book
   Adult fiction

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29685: Reduce item processing by calculating 'items any available' outside of...
Nick Clemens [Mon, 13 Dec 2021 12:01:24 +0000 (12:01 +0000)]
Bug 29685: Reduce item processing by calculating 'items any available' outside of loop

See bug 24185, this avoids looping every each item of the record for every item of the record

How to reproduce:

1) on freshly installed kohadevbox create/import one book,
remember that biblionumber for later use it in down below,

2) add 100 items for that book for some library,

3) find some patron, that patron's card number we will
use as a borrower down below to open holds page,

4) check for the rule or set up a single circulation rule
in admin "/cgi-bin/koha/admin/smart-rules.pl",
that rule should match above book items/library/patron,
check that rule to have a non-zero number of holds (total, daily, count) allowed,
and, IMPORTANT: set up "On shelf holds allowed" to "If all unavailable",
("item level holds" doesn't matter).

5) open "Home > Catalog > THAT_BOOK > Place a hold on THAT_BOOK" page
("holds" tab), and enter patron code in the search field,
or you can create a direct link by yourself, for example, in my case it was:
/cgi-bin/koha/reserve/request.pl?biblionumber=4&findborrower=23529000686353

6) it should be pretty long page generation time on old code, densely increasing for every hundred items added. In the case of this solution, it's fast, and time increases a little only, linear.

In testing with 100 books I went from ~6.5 seconds to ~3.2 seconds

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29557: DBRev 21.11.01.003
Kyle Hall [Fri, 14 Jan 2022 14:13:30 +0000 (09:13 -0500)]
Bug 29557: DBRev 21.11.01.003

2 years agoBug 29557: (QA follow-up) Add note for translated notices to update statement
Katrin Fischer [Sun, 19 Dec 2021 11:05:18 +0000 (12:05 +0100)]
Bug 29557: (QA follow-up) Add note for translated notices to update statement

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 29557: Add auto_account_expired to AUTO_RENEWALS
Jonathan Druart [Tue, 23 Nov 2021 13:48:22 +0000 (14:48 +0100)]
Bug 29557: Add auto_account_expired to AUTO_RENEWALS

It was missing and the notice sent was not providing the reason of the
failure.

Test plan:
Check an item out with a date in the past, mark it as auto renew
Modify the expired date of the patron and set it in the past
Run the automatic_renewals.pl cronjob script, confirm that the notice
now contains the reason of the failure.

QA note: The template will be updated only for English installations.
Should we add an alert for others?

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years agoBug 17127: Remove notes from detail.tt to only use MARCNOTES
Florian Bontemps [Wed, 27 Oct 2021 12:50:42 +0000 (12:50 +0000)]
Bug 17127: Remove notes from detail.tt to only use MARCNOTES

Notes come from the biblio table, but that table is already used to fill in MARCNOTES through Biblio.pm and get_marc_notes.
Get_marc_notes does check for NotesToHide and already read every note on the records, but .notes doesn't go through that same filter.
I don't see the point of keeping notes as a condition when MARCNOTES does the same job but better.

To test:
    1) Take any record, or create one
    2) Input something in the 500 field (or 300 in UNIMARC)
    3) In Systempreferences -> NotesToHide, fill in the number 500 (or 300).
    4) Save, then go look at the record detail in the OPAC and admin website.
    5) You should still see the 500 or 300 field under the Description tab.
    6) Apply patch.
    7) Reload the record detail page.
    8) Observe the error is gone.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29419: Retain user's inputs when suggesting for purchase and match found
Jonathan Druart [Tue, 16 Nov 2021 10:55:08 +0000 (11:55 +0100)]
Bug 29419: Retain user's inputs when suggesting for purchase and match found

If a user suggests for purchase and a match is found, their inputs was
not retained: quantity, item type, library, reason.

Test plan:
1. Suggest for purchase
2. Fill the title in with a string that will match an existing record
3. Fill value in quantity, item type, library and reason input/dropdown
4. Submit
=> Notice that with this patch the values you entered are retained on
the confirmation screen

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29688: Incorrect use of _() in holds.js
Tomas Cohen Arazi [Mon, 13 Dec 2021 13:40:18 +0000 (10:40 -0300)]
Bug 29688: Incorrect use of _() in holds.js

Bug 29404 moved code from request.tt into holds.js, and I didn't know
about the _() vs. __().

This patch fixes that.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29790: Restore warning if deletion of serial item fails
Jonathan Druart [Tue, 4 Jan 2022 14:59:15 +0000 (15:59 +0100)]
Bug 29790: Restore warning if deletion of serial item fails

If the deletion of a serial item failed, the UI did not provide a warning/error message.

Test plan:
0. Create a new subscription with "Create an item record when receiving
this serial"
1. Receive a new item, set a barcode
2. Check it out
3. Select the item you have received in the serial item list (page
"Serial collection information") and click "Delete selected issues"
4. Tick "Delete the associated items" and confirm the deletion
=> Without this patch the deletion fail but the UI does not warn it
=> With this patch applied you see a warning "one or more associated
items could not be deleted at this time."

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29789: Remove unused $error from cataloguing/additem.pl
Jonathan Druart [Tue, 4 Jan 2022 14:40:19 +0000 (15:40 +0100)]
Bug 29789: Remove unused $error from cataloguing/additem.pl

my $error        = $input->param('error');

It should be removed as $error is used later but not related to this variable.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29553: (QA follow-up) Check defined instead of evaluating as boolean
Tomas Cohen Arazi [Fri, 17 Dec 2021 15:53:28 +0000 (12:53 -0300)]
Bug 29553: (QA follow-up) Check defined instead of evaluating as boolean

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29553: Regression tests
Tomas Cohen Arazi [Fri, 17 Dec 2021 15:52:17 +0000 (12:52 -0300)]
Bug 29553: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29553: Fix crash on undefined notforloan value
Marcel de Rooy [Mon, 22 Nov 2021 10:53:07 +0000 (10:53 +0000)]
Bug 29553: Fix crash on undefined notforloan value

Test plan:
Set item level itypes to biblioitems.
Find a record with itemtype NULL, having an item.
Place a hold. Without this patch, it crashes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: ThibaudGLT <thibaud.guillot@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29778: DBRev 21.11.01.002
Kyle Hall [Fri, 14 Jan 2022 13:40:27 +0000 (08:40 -0500)]
Bug 29778: DBRev 21.11.01.002

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29778: Remove DBMS error
Jonathan Druart [Wed, 5 Jan 2022 15:45:34 +0000 (16:45 +0100)]
Bug 29778: Remove DBMS error

ERROR - {UNKNOWN}: DBI Exception: DBD::mysql::db do failed: Table 'additional_contents' is specified twice, both as a target for 'DELETE' and as a separate source for data at /kohadevbox/koha/C4/Installer.pm line 738

Happened on MariaDB 10.1 and 10.3, not 10.6

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29778: Prevent orphan additional contents
Jonathan Druart [Mon, 3 Jan 2022 10:31:54 +0000 (11:31 +0100)]
Bug 29778: Prevent orphan additional contents

When deleting a content, only the main one (lang="default") is removed,
which leads to orphan contents in the DB that are still displayed on the
UI.

Test plan:
0. Don't apply this patch
1. Create some contents, translate them in different languages
2. Delete some of them
=> Note that they are still displayed on the UI and that the entries
with lang!="default" are still in the DB
3. Apply this patch
4. Repeat 1
5. Run updatedatabase
6. Delete from of the contents
=> Note that the orphan entries created before you applied the patch
have been removed and that the "delete" behaviour is now working
correnctly.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29737: Remove some unecessary parameters
Jonathan Druart [Mon, 20 Dec 2021 12:49:44 +0000 (13:49 +0100)]
Bug 29737: Remove some unecessary parameters

We don't need them. We could also remove the biblionumber but it
requires change to the controller I'd prefer to not do now.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29737: Fix suspend from hold list
Jonathan Druart [Mon, 20 Dec 2021 12:45:04 +0000 (13:45 +0100)]
Bug 29737: Fix suspend from hold list

From holds list of a bibliographic record, the "unsuspend" button does not work as expected.
The form is submitted but the suspension is still there.

There are 3 requests, 2 GET and 1 POST.
One of the GET is rejected by Firefox (NS_BINDING_ABORTED)

Test plan:
Place some items on hold, play with suspend/unsuspend from the hold list
/cgi-bin/koha/reserve/request.pl?biblionumber=XX

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29794: (follow-up) Add license
Tomas Cohen Arazi [Tue, 4 Jan 2022 19:55:05 +0000 (16:55 -0300)]
Bug 29794: (follow-up) Add license

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29794: Add missing include in delete_items.pl
Tomas Cohen Arazi [Tue, 4 Jan 2022 19:51:18 +0000 (16:51 -0300)]
Bug 29794: Add missing include in delete_items.pl

This patch adds a missing include so the script is no longer broken.

To test:
1. Choose an item that is checked out and copy its barcode
2. Run:
   $ kshell
  k$ perl misc/cronjobs/delete_items.pl --verbose \
          --where "barcode='39999000010831'"
=> FAIL: It explodes with:
Can't locate object method "find" via package "Koha::Items"...
3. Apply this patch
4. Repeat 2
=> SUCCESS: You get:
Where statement:  where barcode='39999000010831'
Item '549' not deleted: book_on_loan
5. Sign off :-D

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29747: Delete columns that don't exist from settings
Nick Clemens [Tue, 21 Dec 2021 13:20:46 +0000 (13:20 +0000)]
Bug 29747: Delete columns that don't exist from settings

This patch simply checks if we are callinmg from the plugin, and removes
two columns from the settings if so

To test:
 1 - In Admin->Marc bibliographic framework got to Marc Structure for default framework
 2 - Search for 856$u
 3 - Set Plugin to upload.pl
 4 - Edit a record in the default framework
 5 - Under 856u, click 'Upload'
 6 - Uplaod a file and then click 'Choose'
 7 - nothing happens
 8 - View consiole (f12) and see error
 9 - Apply patch
10 - Reload the page
11 - No more error
12 - Click choose
13 - Record link is populated

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29508: Make GET /patrons/:patron_id use Koha::Patrons->search_limited
Tomas Cohen Arazi [Wed, 17 Nov 2021 19:36:11 +0000 (16:36 -0300)]
Bug 29508: Make GET /patrons/:patron_id use Koha::Patrons->search_limited

This patch makes the route return 404 if the user is not allowed to see
the requested patron information.

To test:
1. Apply the regression tests
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: The code doesn't respect limits
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29508: Regression tests
Tomas Cohen Arazi [Wed, 17 Nov 2021 19:35:33 +0000 (16:35 -0300)]
Bug 29508: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29506: (follow-up) Adapt GET /patrons
Tomas Cohen Arazi [Wed, 17 Nov 2021 17:57:26 +0000 (14:57 -0300)]
Bug 29506: (follow-up) Adapt GET /patrons

This patch makes GET /patrons rely on this new behavior from the
objects.search helper.

To test:
1. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests still pass!
4. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29506: Make objects.search call search_limited if present
Tomas Cohen Arazi [Wed, 17 Nov 2021 17:30:21 +0000 (14:30 -0300)]
Bug 29506: Make objects.search call search_limited if present

This patch makes objects.search implicitly update the passed
*$result_set* to use search_limited. This way no object leaks could
happen without noticing.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/REST/Plugin/Objects.t
=> FAIL: Tests fail because search_limited is not used
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Results are correctly filtered based on userenv!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29506: Regression tests
Tomas Cohen Arazi [Wed, 17 Nov 2021 17:30:11 +0000 (14:30 -0300)]
Bug 29506: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2 years agoBug 29503: Make GET /patrons use Koha::Patrons->search_limited
Tomas Cohen Arazi [Wed, 17 Nov 2021 16:07:12 +0000 (13:07 -0300)]
Bug 29503: Make GET /patrons use Koha::Patrons->search_limited

This patch makes the controller method use Koha::Patrons->search_limited
so filters based on configuration and permissions apply when fetching
patrons.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: Boo, you get more patrons than you should
3. Apply the patch
4. Repeat 2
=> SUCCESS: Yay! Things are filtered as expected (i.e. using
Koha::Patron->libraries_where_can_see_patrons)
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>