Martin Renvoize [Fri, 19 Mar 2021 14:51:57 +0000 (14:51 +0000)]
Bug 26704: Update Koha::Item to use Koha::Object::Messages
Use the newly introduced Koha::Object::Messages system to pass
additional information provided by object methods internally in the
objects themselves.
This patch updates the existing bespoke passing scheme to something
we've formally agreed to adopt going forward.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Wed, 19 Aug 2020 19:50:01 +0000 (19:50 +0000)]
Bug 26257: Move translatable strings out of subscription-add.tt and into subscription-add.js
This patch removes the definition of translatable strings out of
templates and into the corresponding JavaScript file, using the new JS
i81n function.
To test:
- Apply the patch and go to Serials -> New subscription
- Click "Next" without filling out any fields. You should get two
confirmations, "If you wish to claim late or missing issues you must
link this subscription to a vendor. Click OK to ignore or Cancel to
return and enter a vendor" and "You must choose or create a
bibliographic record."
- Manually enter a vendor number which doesn't exist and click "Next."
Error: "The vendor does not exist."
- Manually enter a record number which doesn't exist and click "Next."
Error: "Bibliographic record does not exist!"
- Select a valid vendor and bibliographic record and proceed to the next
page.
- Click "Test prediction pattern" without filling in any fields. Error:
"Cannot test prediction pattern for the following reason(s): Frequency
is not defined. - First publication date is not defined"
- Click "Save subscription" without filling in any information. Error:
"You must choose a first publication date."
- Fill in a date and click "Save subscription." Error: "You must choose
a subscription length or an end date."
- Enter a frequency and subscription start date and click "Save
subscription." Error: "Please click on 'Test prediction pattern'
before saving subscription."
- Click "Show advanced pattern" and then "Save subscription." Error:
"You have modified the advanced prediction pattern. Please save your
work or cancel modifications."
Testing numbering patterns:
- There are several strings related to setting and editing numbering
patterns but I don't think they can be tested live while Bug 28012 is
unfixed.
Testing Mana integration:
- To test Mana integration you must have Mana enabled, and a
bibliographic record in your catalog which has an ISSN
matching a record in Mana. You can go to "Search on Mana"
from the Serials sidebar menu to locate a working record.
- Add a subscription using the bibliographic record which will match a
record in Mana. When you click "Next" you should see a message at the
top of the page saying, "Searching for subscription in Mana Knowledge
Base"
- After a moment this message should be replaced with "Subscription
found on Mana Knowledge Base: Show Mana results"
- Clicking the "Show Mana results" should trigger a modal window with
the heading "Results from Mana Knowledge Base."
- Test the subscription add process using a bibliographic record which
doesn't match anything in Mana. The message at the top of the page
should read, "No subscription found on Mana Knowledge Base"
TESTING TRANSLATABILITY
- Update a translation, e.g. fr-FR:
> cd misc/translator
> perl translate update fr-FR
- Open the corresponding .po file for JavaScript strings, e.g.
misc/translator/po/fr-FR-messages-js.po
- Locate strings pulled from
koha-tmpl/intranet-tmpl/prog/js/subscription-add.js for translation,
e.g.:
msgid "Next issue publication date is not defined"
msgstr ""
- Edit the "msgstr" string however you want (it's just for testing).
- Install the updated translation:
> perl translate install fr-FR
- Switch to your newly translated language in the staff client
and repeat the test plan above. The translated strings should
appear.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 31 Jan 2022 15:39:59 +0000 (16:39 +0100)]
Bug 29458: Fix selenium test
The authentication.t selenium tests (and a couple of others) were
failing with:
Error while executing command: element not interactable: Element <input class="btn btn-primary" type="submit"> could not be scrolled into view at /usr/local/share/perl/5.32.1/Selenium/Remote/Driver.pm line 411. at /usr/local/share/perl/5.32.1/Selenium/Remote/Driver.pm line 356.
We changed the other of the form, and t::lib::Selenium::submit_form was
not getting the correct (first) form. The one from the auth modal was
retrieved and submit button was clicked. Selenium raised an error as it
is not displayed.
The ->is_displayed selenium method does not work, as per the doc
"""
Note: This does *not* tell you an element's 'visibility' property; as it still takes up space in the DOM and is therefore considered 'displayed'.
"""
https://metacpan.org/pod/Selenium::Remote::WebElement#is_displayed
"The internet" is saying we should be able to use the following in our
xpath expression: not(ancestor::div[contains(@style,'display:none')]
but it actually only works if the display:none rule is defined on the
node (not from .css). Which does not work for us.
The only solution I found is to check for the size of the element, which
is (0,0) if not effectively displayed.
Likely a leftover from ancient ages. AddIssue already fills the hold and
is called in the Checkout.pm library.
To test:
1. Run:
$ git grep fill_reserve
=> FAIL: Notice it is only mentioned in the line that defines it
2. Apply this patch
3. Repeat 1
=> SUCCESS: Removed.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Fri, 21 Jan 2022 12:45:45 +0000 (12:45 +0000)]
Bug 29277: Replace the use of jQueryUI tabs on item circulation alerts page
This patch replaces jQueryUI tabs on the item circulation alerts page as
a simple example to start the process of switching how we implement
tabbed interfaces.
The patch bumps the Bootstrap version from 3.3.7 to 3.4.1 and adds the
tabs component.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to Administration -> Item circulation alerts.
- Confirm that the "Checkout" and "Check-in" tabs look correct and work
correctly.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Mon, 10 Jan 2022 12:28:40 +0000 (12:28 +0000)]
Bug 29832: Make library column in desk list sortable
This patch makes minor updates to the DataTable configuration on the
Circulation Desks Administration page. Redundant options are removed and
existing options are updated to use current DataTables syntax.
To test, apply the patch and make sure that the UseCirculationDesks
system preference is enabled.
- Go to Administration -> Circulation desks.
- Add multiple circulation desks if necessary, at multiple libraries.
- The "Desk" column should be sorted by default, and the "Actions"
column should not be sortable.
- The "Library" column should be sortable.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the pickup location dropdowns that rely on Select2 and
the API use the new wrapper. The original transport function is removed
as it is now embedded in the wrapper.
To test:
1. Follow bug 29404 test plan
=> SUCCESS: All works
2. Apply this patches
3. Repeat 1
=> SUCCESS: All works!
4. sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Thu, 13 Jan 2022 12:33:34 +0000 (12:33 +0000)]
Bug 7374: Add remote image option for authorized values
This patch adds the option of using a remote image for an authorized
value, just as you can with item types.
To test, apply the patch and go to Administration -> Authorized values.
- Click "CCODE" to view the collection authorized values.
- Edit a collection code.
- In the form, under "Choose an icon," there should now be a "Remote
image" tab.
- Enter a remote image url, e.g. https://via.placeholder.com/50/FF0000/FFFFFF.png
- Click "Save."
- After the page redirects to the list of collection codes you should
see your image in the table next to the code you edited.
- Test that you can still edit a collection to set "No image" or to
use one of the local image sets.
- Test that remote images can also be added when adding a new
collection.
- Make sure "ccode" is in the "AdvancedSearchTypes" sytem preference.
- Go to the catalog's advanced search page and click the "Collection"
tab.
- You should see your collection image in the list of collections.
- Perform the same check in the OPAC.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
JD amended patch: fix indentation
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch performs general template cleanup to authorized values
administration: Make indentation consistent, replace tabs with spaces,
and trim trailing whitespace.
To test, apply the patch and go to Administration -> Authorized values.
Test that all functionality works correctly:
- Adding or deleting categories
- Adding, editing, and deleting authorized values.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the opac/opac-privacy.pl OPAC page use the new
anonymize method.
To test:
1. Have some checked-in materiales
2. Have OPACPrivacy enabled
3. Notice your checkouts history contains what you expect
4. Go to 'your privacy'
5. Click on 'Delete checkout history'
=> SUCCESS: It works, no crash.
6. Sign off :-D
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Mon, 3 Jan 2022 23:02:23 +0000 (23:02 +0000)]
Bug 29526: (follow-up) change wording on opac-holdshistory.tt when table is empty
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Mon, 3 Jan 2022 18:07:14 +0000 (18:07 +0000)]
Bug 29526: (follow-up) Put delete buttons in HTML table
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 29526: Add a way for patrons to delete their hold history
The same way we have a button to immediately delete the checkouts history in the OPAC, we should have a similar option for the holds history.
This patch implements that.
To test:
1. Have a patron with some old checkouts and old holds.
2. Have OPACPrivacy, OPACHoldsHistory and opacreadinghistory enabled.
3. Notice in the OPAC the patron has some old checkouts and holds.
4. Use the Privacy tab to clean checkouts
=> SUCCESS: They are still cleaned as before this patch
5. Try to clean the old holds
=> SUCCESS: They are cleaned!
6. Add some old checkouts and holds
7. Use the new 'All' button
=> SUCCESS: All cleaned
8. Sign off :-D
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 29525: Make Koha::Hold->fill anonymize if required
This patch makes filling a hold anonymize it on the same call, if
settings require it (i.e. if borrowers.privacy is set to 2).
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Hold.t
=> SUCCESS: The code actually does what it is meant to
3. Try on the UI, notice it gets anonymized if the patron has privacy == always/2.
4. Sign off :-D
Note: AnonymousPatron should be set. Otherwise it would set NULL. But
that's fine, that's what Koha does already.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 29525: Make Koha::Hold->cancel anonymize if required
This patch makes cancelling a hold anonymize it on the same call, if
settings require it (i.e. if borrowers.privacy is set to 2).
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Hold.t
=> SUCCESS: The code actually does what it is meant to
3. Try on the UI, cancelling a hold, noticing it gets anonymized if the
patron has privacy == always/2.
4. Sign off :-D
Note: AnonymousPatron should be set. Otherwise it would set NULL. But
that's fine, that's what Koha does already.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 29525: Make batch_anonymise.pl deal with holds
This patch makes the batch_anonymise.pl script handle holds too. It does
so by leveraging on the newly introduced method 'filter_by_anonymizable'
and also 'anonymize'.
To test:
1. Have a patron with two past holds.
2. Make sure they are a few days back:
$ koha-mysql kohadev
> UPDATE old_reserves SET timestamp=ADDDATE(NOW(), INTERVAL -4 DAY);
3. Run:
$ kshell
k$ perl misc/cronjobs/batch_anonymise.pl --days 2 -v
=> SUCCESS: You see something like:
Checkouts and holds before 2022-01-01 will be anonymised.
0 checkouts anonymised.
2 holds anonymised.
4. Repeat 3
=> SUCCESS: They are already anonymized. You see
Checkouts and holds before 2022-01-01 will be anonymised.
0 checkouts anonymised.
0 holds anonymised.
5. Sign off :-D
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch introduces a new method in Koha::Old::Hold. The method is
fully covered by tests.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Old/Hold.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch introduces a new method for marking a hold as filled. The
code is the result of tracking the following methods in C4::Reserves:
- ModReserveFill
- GetReserveFee
- ChargeReserveFee
To test:
1. Apply this patches
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Hold.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds a handy method for anonymizing a Koha::Old::Holds
resultset. It is planned to be used on bug 29526.
To test:
1. Apply this patches
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Old/Holds.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Fri, 7 Jan 2022 16:00:52 +0000 (16:00 +0000)]
Bug 20894: Add barcode size parameters to /svc/barcode
This patch adds a couple of new parameters to the barcode generator
service: "modulesize," which controls the size of QRcodes*, and
"height," which can be applied to all other barcode types.
* The "modulesize" number refers to the pixel dimensions of each black
and white square in the generated QRcode. The dimensions in "squares" of
the QR code depends on how much data is being encoded.
For QRcodes, one default parameters is used: An error-correction level
of "M" (Medium, https://en.wikipedia.org/wiki/QR_code#Error_correction).
To test, apply the patch and restart services. Test various settings to
confirm that barcodes are displayed correctly:
Bug 29767: SQL Koha reports and variable of database table << name|table_name>>
'Insert runtime parameter' has now more options for the SQL reports : 'cash register', 'debit types' and 'credit types'
Test plan:
1)Home > Reports > Create from SQL
2)Click on 'Insert runtime parameter' and notice the current options
3)Apply patch and repeat 2)
4)New parameters are now available
5)A simple SQL request to try 'credit_types' option : SELECT * FROM account_credit_types WHERE code = <<Credit types|credit_types>>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=29796 Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Wed, 12 Jan 2022 16:29:27 +0000 (16:29 +0000)]
Bug 28993: Switch magnifying glass in staff detail pages to FA icon
This patch modifies the staff interface's bibliographic detail XSL so
that a Font Awesome is used instead of a magnifying glass image when
listing authority subject headings.
The patch also corrects two other places where the image is used so that
the image can be removed. Some markup from authorities.detail.tt is
removed because it appears to be unused (a copy and paste from
catalogue/detail.tt).
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- To view the changes to the staff interface bibliographic detail page,
locate a record which has at least one subject heading which is linked
to a subject authority record.
- The subject heading link should be followed by a magifying glass
(Font Awesome) icon which links to the authority record's detail page.
- View a similar change to the MARC detail page for the record. Confirm
that the subject headings are followed by a link to the authority
detail page.
- Follow the authority search link to locate and view an authority
record. The information on the authority detail page should be
correct.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Thu, 18 Nov 2021 18:47:32 +0000 (18:47 +0000)]
Bug 27904: Improve display in creating profile for staging MARC records for import
This patch updates the Stage MARC records for import page, in particular
the format of the part of the form for saving or removing a profile.
The page moves these controls into their own fieldset so that it is
clear they are separate from the "Stage for import" button. The "Remove"
control now includes the name of the profile which will be removed.
To test, apply the patch and go to Tools -> Stage MARC for import.
- Upload a file of records.
- Make some changes to the settings and options.
- At the bottom of the form you should see a "Save profile" fieldset.
- Confirm that the "Save profile" button becomes enabled if you type
something in the field (or paste something, or select something from
form history).
- Confirm that the profile is saved correctly by re-uploading a MARC
file and selecting your newly added/edited profile and confirming
that the values are set as expected.
- In the "Save profile" section there should be a "Remove" link styled
with a Bootstrap "trash" icon: "Remove profile: <profile_name>"
- Confirm that profile deletion still works correctly.
- Confirm that the "Remove" link is updated correctly when you make a
selection from the "Profile" dropdown at the top of the form:
- Choosing "Do not use profile" should change the "Remove" link to
drop the name of the profile and disable the link.
- Choosing different profiles should update the name in the "Remove"
link.
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
- Wraps the new SIP tests in a single transaction. We do that to avoid
sub-test interference, specially when test files get big. The provided
tests are correct and don't require previous tests data.
- Migrated from the introduced 'diag' calls to 'note', as I just learned
they are the same, but 'note' is only displayed when in verbose mode.
Which is great to avoid unnecessary noise in Jenkins.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Wed, 22 Dec 2021 15:25:44 +0000 (15:25 +0000)]
Bug 29754: Don't include patron when fetching guarantees fines
This patch removes the flag to fetch the patrons own debts as we have already
calculated them
This test plan highlights another issue - the value of NoIssuesChargeGuarantorsWithGuarantees
is not checked in SIP code - we merely get the total owed including guarantees and compares to
noissuescharge
See bug 29755
To test:
1 - Apply first patch only
2 - prove t/db_dependent/SIP/Patron.t
3 - It fails
4 - Enable NoIssuesChargeGuarantorsWithGuarantees, you can set to 1
5 - Create/find a patron
6 - Add a $10 charge to parons account
7 - Add a guarantee to patron
8 - Add a $5 charge to guarantee
9 - Set noissuescharge to 15.01
10 - perl misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL -m patron_information --patron BARCODE
11 - Note the 64 message starts with Y's that mean patron is blocked
12 - Patron shouldn't be blocked as under 15.01
13 - Apply patch
14 - Restart all
15 - repeat 10
16 - Patron is no longer blocked
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Wed, 22 Dec 2021 15:20:16 +0000 (15:20 +0000)]
Bug 29754: Unit test
This adds a unit test to the SIP code
It also adds some spacing and dividers to make the tests for 'relationships_debt' easier to read
To test:
prove -v t/db_dependent/Koha/Patron.t - passes and is readable
prove -v t/db_dependent/SIP/Patron.t - fails
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 21 Oct 2021 07:57:38 +0000 (09:57 +0200)]
Bug 29230: Add Koha::Patron->messages
Add methods to return the messages attached to a patron.
It will add the capability to access them from notice templates.
Test plan:
Define some messages for a given patron
Go to the circulation page of the patron and confirm that they are still
displayed
Test the notice templates:
Add to HOLD_SLIP the following content
"""
[% SET messages = borrower.messages %]
[% IF messages.count %]
Messages:
<ul>
[% FOR m IN messages.search( message_type => 'L' ) %]
<li>[% m.message %]</li>
[% END %]
</ul>
[% END %]
"""
Jonathan Druart [Tue, 4 Jan 2022 13:28:26 +0000 (14:28 +0100)]
Bug 29785: Rename Koha::Object->message with ->object_messages
It will conflict with other ->messages methods, it's too generic.
Bug 29230 needs Koha::Patron->messages to return Koha::Patron::Messages for instance.
Test plan:
Confirm that the tests modified by this patch still pass
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Michael Hafen [Fri, 14 Jan 2022 18:35:05 +0000 (11:35 -0700)]
Bug 28977: Fix cat_issues_top.pl report with strict SQL modes
To get the 'Most circulated items' report to run in ONLY_FULL_GROUP_BY
Sql mode.
Test plan:
Turn on strict_sql_modes ( make sure <strict_sql_modes> is 1 in KOHA_CONF )
Go to Reports -> Most circulated items
submit the form.
Without the patch you get an error like:
CGI::Compile::ROOT::usr_local_koha_master_reports_cat_issues_top_2epl::calculate(): DBI Exception: DBD::mysql::st execute failed: Expression #4 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'koha_main_v4.items.itemcallnumber' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by [for Statement "SELECT DISTINCT biblio.title, COUNT(biblio.biblionumber) AS `RANK`, biblio.biblionumber AS ID, itemcallnumber as CALLNUM, ccode as CCODE, location as LOC FROM `old_issues`
LEFT JOIN items USING(itemnumber)
LEFT JOIN biblio USING(biblionumber)
LEFT JOIN biblioitems USING(biblionumber)
LEFT JOIN borrowers USING(borrowernumber)
WHERE 1 AND old_issues.issuedate > '2020-08-03' AND old_issues.issuedate < '2021-05-17' AND old_issues.returndate > '2020-08-27' AND old_issues.returndate < '2021-06-01' AND old_issues.branchcode like '403' AND items.itype like 'F' AND ccode like 'FIC' AND borrowers.categorycode like 'ST' group by biblio.biblionumber order by `RANK` DESC"] at /usr/local/koha_master/reports/cat_issues_top.pl line 67
at /usr/share/perl5/DBIx/Class/Exception.pm line 77
With the patch you will see the report results view.
Signed-off-by: David Nind <david@davidnind.com>
JD Amended patch - adjust commit's title
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Wed, 10 Nov 2021 15:42:08 +0000 (15:42 +0000)]
Bug 11873: Upgrade jstree jQuery plugin to the latest version
This patch upgrades the jstree plugin in the OPAC and the staff
interface. The old version had compatibility issues with the latest
jQuery.
Also changed: When viewing an authority record in the OPAC's MARC view,
clicking one of the hierarchy links should now open the MARC view again
rather than reverting to the normal view.
To test, apply the patch and rebuild the staff interface and OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
To test you must have the AuthDisplayHierarchy system preference
enabled, and you must have some authorities data which can be displayed
as a hierarchy. From the test plan for Bug 8523:
"Create authority records with a hierarchy of see also fields (in
MARC21/NORMARC, you'll be using 5xx fields for this, with a subfield
$w = 'g' for broader terms and subfield $w = 'h' for narrower terms)"
- Perform an authority search in the OPAC which will return one of your
modified authority records.
- View the record.
- There should be an expanded tree menu at the top of the authority
information.
- Clicking the arrows in the tree should correctly expand
and collapse the nodes.
- Clicking the authority record link in the node should load that
record.
- Test also from the OPAC's MARC view of the authority record.
- Confirm that clicking an authority record link in the MARC view
opens the corresponding record in MARC view again.
Owen Leonard [Fri, 21 Jan 2022 13:05:40 +0000 (13:05 +0000)]
Bug 29932: Use localStorage instead of cookie for bibs_selected
This patch replaces the use of the jquery.cookie.js plugin in the
"Browse selected records" feature. The feature is modified to use
localStorage instead of cookies.
To test, apply the patch and go to Administration -> System preferences.
- Enable the "BrowseResultSelection" system preference.
- Perform a catalog search which will return multiple results.
- On the search results page, check the checkbox for a number of
titles.
- Click the "Browse selected biblios" button in the toolbar.
- You should be directed to the detail page for the first title you
checked.
- Clicking the right-arrow in the sidebar should take you
through each one of your selected titles.
- When you click the "Results" link in the sidebar you should be
returned to the same search results set and the same titles should be
checked.
_ If you uncheck those titles and reload the page the checkboxes should
remain unchecked.
- If you log out of the staff interface the "bibs_selected" item in
localStorage should be deleted. See, for example,
https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector for
information about viewing local storage.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Mon, 24 Jan 2022 18:33:30 +0000 (18:33 +0000)]
Bug 29933: Fix stray usage of jquery.cookie.js plugin
This patch removes a few instances where the old cookie plugin was still
being used for deleting cookies even though the new plugin is being used
to set the cookies.
To test, apply the patch and test the following processes in the staff
interface:
Search to hold:
- View a patron record and click the "Search to hold" button.
- Perform a catalog search which will return results.
- On the search results page there should be a "Place hold for
<patron>" link under each holdable title.
- Click the "Place hold" button's dropdown arrow and choose "Forget
<patron>." The "Place hold for..." links should disappear.
Search to hold for a patron club:
- If necessary, create a patron club.
- Add one or more patrons to the club.
- In Tools -> Patron clubs, find the club you added patrons to.
- Click the "Actions" button and then "Search to hold."
- Perform a catalog search which will return results.
- On the search results page there should be a "Place hold for
<club>" link under each holdable title.
- Click the "Place hold" button's dropdown arrow and choose
"Forget <club>." The "Place hold for..." links should disappear.
Batch item modification show/hide columns:
- Go to Tools -> Batch item modification.
- Submit a list of items for modification.
- Uncheck some checkboxes to hide columns on the page showing the items
you submitted.
- In the browser's storage inspector (e.g.
https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector),
should see a "showColumns" cookie with a string of numbers and
slashes.
- Click the "Show all columns" checkbox.
- The "showColumns" cookie should disappear.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Mason James [Fri, 14 Jan 2022 06:44:24 +0000 (19:44 +1300)]
Bug 29881: libdbd-sqlite2-perl is unavailable on deb12 (koha-common wont install)
to test...
- attempt to install koha-common pkg on deb12
confirm error...
The following packages have unmet dependencies:
koha-common : Depends: libdbd-sqlite2-perl but it is not installable
- apply patch, rebuild new package
- install new koha-common pkg on deb12 successfully
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
We should do the same authentication check than sco-main.pl, and also
make sure to generate the checkout history only for the logged in patron
(the OPAC one, not staff member)
Test plan:
Use the different combinations of the SCO config (AutoSelfCheckAllowed,
SelfCheckoutByLogin and WebBasedSelfCheck) and confirm that this patch
fixes the SCO print slip feature.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 12 Jan 2022 14:40:36 +0000 (15:40 +0100)]
Bug 29859: Use iterator instead of as_list
On bug 29844 we decided to remove wantarray from Koha::Objects->search.
Reviewing the difference occurrences I found some unnecessary uses of ->as_list,
where iterators should be used instead.
This patch only removes the obvious places, not the tricky ones.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 29847: Make Koha::Patron::HouseboundProfile->housebound_visits return a resultset
This patch makes the method consistent with the rest of the codebase, by
making it return a proper resultset.
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/Patron/HouseboundProfiles.t
=> SUCCESS: Tests pass!
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests pass!
4. Check the UI hasn't got broken either.
=> SUCCESS: It hasn't!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch removes the wantarray use in Koha::Clubs->get_enrollable and
adjusts the callers.
Also, reference to some unused params in Koha::Patron clubs-related
methods are removed as well.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
I think a rebase perhaps lost a change here.. this fix gets the unit
tests passing again.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Tue, 11 Jan 2022 09:09:09 +0000 (10:09 +0100)]
Bug 29844: Fix ->search occurrences
and some more...
There are lot of inconsistencies in our ->search calls. We could
simplify some of them, but not in this patch. Here we want to prevent
regressions as much as possible and so don't add unecessary changes.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 29844: Remove use of wantarray from Koha::Objects
This patch removes the use of `wantarray` from the following methods in
the Koha::Objects class:
- search
- search_related
In both cases, the change is trivial. And the tests get the 'list
context' portion removed as well.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Objects.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Caveat: we broke many things by removing the feature. Check follow-up
patches as well.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Fri, 21 Jan 2022 10:50:59 +0000 (10:50 +0000)]
Bug 29914: (QA follow-up) Remove warn on timeout
The warn is:
The value of the system preference 'timeout' is not correct, defaulting to 600.
Caused by previous test.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Fri, 21 Jan 2022 08:23:38 +0000 (09:23 +0100)]
Bug 29914: Add tests
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 20 Jan 2022 09:10:05 +0000 (10:10 +0100)]
Bug 29914: Make check_cookie_auth compare the userid
check_cookie_auth is assuming that the user is authenticated if a cookie exists
and that the login/username exists in the DB.
So basically if you hit the login page, fill the login input with a
valid username, click "login"
=> A cookie will be generated, and the sessions table will contain a
line with this session id.
On the second hit, if the username is in the DB, it will be enough to be
considered authenticated.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test plan:
Create a message, see the "Delete" link, don't click it but copy it
Change logged in library and use the link
If AllowAllMessageDeletion is off you should be redirected to 403
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 2 Dec 2021 08:04:14 +0000 (09:04 +0100)]
Bug 29544: Fix opac-issue-note.pl
We must check if logged in user is trying to modify one of their
checkouts
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 22 Nov 2021 13:56:58 +0000 (14:56 +0100)]
Bug 29544: Ensure logged in user is allowed to modify checkout note
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)]
Bug 29542: Prevent access to private list to non authorized users
The catalogue permission is not enough.
Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
/cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX
You should get an error message "You do not have sufficient permission
to continue."
Login with user A
=> You should be able to send the list
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 6 Dec 2021 12:58:25 +0000 (13:58 +0100)]
Bug 29541: Prevent users from another group to access patron's images
We should respect group restrictions here.
Test plan:
Create a patron from another group of libraries and don't let them
access info from patrons outside of this group.
Access the following link and confirm that you can see the image only
for patrons from their group
/cgi-bin/koha/members/patronimage.pl?borrowernumber=XX
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 22 Nov 2021 14:29:58 +0000 (15:29 +0100)]
Bug 29541: Restrict access to patron's image to borrowers => * and circulate => *
The patron images is displayed on the 'circulation' and 'members'
modules.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Mon, 22 Nov 2021 07:55:47 +0000 (07:55 +0000)]
Bug 29540: Raise flagsrequired in modrequest
Test plan:
Try modrequest with a user having only 'catalogue' perms and the following URLs:
[1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX
Fill the XXs with correct identifiers for some item level hold.
[2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX
Fill the XX with borrowernumber for borrower that has pending holds.
You should see: Error: You do not have permission to access this page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[AMENDED] More consensus for using reserveforothers than circulate_remaining.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
David Cook [Thu, 22 Jul 2021 06:34:20 +0000 (06:34 +0000)]
Bug 28735: Self-checkout users can access opac-user.pl for sco user when not using AutoSelfCheckID
This patch makes the sandboxing of the selfcheckout more robust by
adding a "sco_user" session variable which is turned on when
logging into the self-checkout (either by AutoSelfCheckAllowed or manually).
If a user with this session variable turned on tries to access
other parts of the system (like the rest of the OPAC), it will
"kick out", so that the browser user will lose the authenticated session.
Test plan:
1) Apply the patch
2) koha-plack --restart kohadev
3) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4) Note that you are logged into the self-checkout
So you see the login screen specific to the self-checkout.
To log with the actual patron. It's a nested auth.
5) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
6) Note that you are not logged into the OPAC
7) Log into the staff interface and disable the
system preference AutoSelfCheckAllowed
8) Log out of the staff interface (this step is very important)
9) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
10) Note that you are prompted to log into Koha
11) Login using the "koha" user (when using koha-testing-docker)
12) Note that you are logged into the self-checkout
13) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
14) Note that you are not logged into the OPAC
Without the patch you would still be logged as "koha"
15) Go back to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
16) Note that you will need to log in again as you've lost your
session cookie
Without the patch you will still be logged in the self-checkout
Voila!
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Wed, 5 Jan 2022 15:29:41 +0000 (15:29 +0000)]
Bug 29543: (follow-up) Add a warning to SelfCheckoutByLogin
This updates the language to warn users of risk if using cardnumber for login and auto-self-check is enabled
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 14:25:48 +0000 (15:25 +0100)]
Bug 29543: Prevent user to checkin or renew items they don't own
Checkin or renew must be restricted to the items they own.
Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1
You should see an error message
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 11:47:10 +0000 (12:47 +0100)]
Bug 29543: Enforce authentication for self-checkout
The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!
This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.
Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 11:20:28 +0000 (12:20 +0100)]
Bug 29543: Add JWT token handling
Mojo::JWT is installed already, it's not a new dependency.
We need a way to send the patron a token when it's correctly logged in,
and not assumed it's logged in only if patronid is passed
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 10:25:12 +0000 (11:25 +0100)]
Bug 29543: Remove inputfocus variable
It's not used in template
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 10:24:12 +0000 (11:24 +0100)]
Bug 29543: Remove borrower variable
It's not needed, we have $patron
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 17:26:18 +0000 (17:26 +0000)]
Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt
To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 15:22:33 +0000 (15:22 +0000)]
Bug 26102: Prevent XSS when To.json is used: subscription-add.tt
Test the process of adding a subscription, entering both a valid vendor
ID and a non-existent vendor ID. The non-existent vendor ID should
trigger a validation alert.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 15:05:59 +0000 (15:05 +0000)]
Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt
To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>