Jonathan Druart [Fri, 21 Jan 2022 08:23:38 +0000 (09:23 +0100)]
Bug 29914: Add tests
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 20 Jan 2022 09:10:05 +0000 (10:10 +0100)]
Bug 29914: Make check_cookie_auth compare the userid
check_cookie_auth is assuming that the user is authenticated if a cookie exists
and that the login/username exists in the DB.
So basically if you hit the login page, fill the login input with a
valid username, click "login"
=> A cookie will be generated, and the sessions table will contain a
line with this session id.
On the second hit, if the username is in the DB, it will be enough to be
considered authenticated.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test plan:
Create a message, see the "Delete" link, don't click it but copy it
Change logged in library and use the link
If AllowAllMessageDeletion is off you should be redirected to 403
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 2 Dec 2021 08:04:14 +0000 (09:04 +0100)]
Bug 29544: Fix opac-issue-note.pl
We must check if logged in user is trying to modify one of their
checkouts
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 22 Nov 2021 13:56:58 +0000 (14:56 +0100)]
Bug 29544: Ensure logged in user is allowed to modify checkout note
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)]
Bug 29542: Prevent access to private list to non authorized users
The catalogue permission is not enough.
Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
/cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX
You should get an error message "You do not have sufficient permission
to continue."
Login with user A
=> You should be able to send the list
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 6 Dec 2021 12:58:25 +0000 (13:58 +0100)]
Bug 29541: Prevent users from another group to access patron's images
We should respect group restrictions here.
Test plan:
Create a patron from another group of libraries and don't let them
access info from patrons outside of this group.
Access the following link and confirm that you can see the image only
for patrons from their group
/cgi-bin/koha/members/patronimage.pl?borrowernumber=XX
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 22 Nov 2021 14:29:58 +0000 (15:29 +0100)]
Bug 29541: Restrict access to patron's image to borrowers => * and circulate => *
The patron images is displayed on the 'circulation' and 'members'
modules.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Mon, 22 Nov 2021 07:55:47 +0000 (07:55 +0000)]
Bug 29540: Raise flagsrequired in modrequest
Test plan:
Try modrequest with a user having only 'catalogue' perms and the following URLs:
[1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX
Fill the XXs with correct identifiers for some item level hold.
[2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX
Fill the XX with borrowernumber for borrower that has pending holds.
You should see: Error: You do not have permission to access this page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[AMENDED] More consensus for using reserveforothers than circulate_remaining.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
David Cook [Thu, 22 Jul 2021 06:34:20 +0000 (06:34 +0000)]
Bug 28735: Self-checkout users can access opac-user.pl for sco user when not using AutoSelfCheckID
This patch makes the sandboxing of the selfcheckout more robust by
adding a "sco_user" session variable which is turned on when
logging into the self-checkout (either by AutoSelfCheckAllowed or manually).
If a user with this session variable turned on tries to access
other parts of the system (like the rest of the OPAC), it will
"kick out", so that the browser user will lose the authenticated session.
Test plan:
1) Apply the patch
2) koha-plack --restart kohadev
3) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4) Note that you are logged into the self-checkout
So you see the login screen specific to the self-checkout.
To log with the actual patron. It's a nested auth.
5) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
6) Note that you are not logged into the OPAC
7) Log into the staff interface and disable the
system preference AutoSelfCheckAllowed
8) Log out of the staff interface (this step is very important)
9) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
10) Note that you are prompted to log into Koha
11) Login using the "koha" user (when using koha-testing-docker)
12) Note that you are logged into the self-checkout
13) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
14) Note that you are not logged into the OPAC
Without the patch you would still be logged as "koha"
15) Go back to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
16) Note that you will need to log in again as you've lost your
session cookie
Without the patch you will still be logged in the self-checkout
Voila!
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Wed, 5 Jan 2022 15:29:41 +0000 (15:29 +0000)]
Bug 29543: (follow-up) Add a warning to SelfCheckoutByLogin
This updates the language to warn users of risk if using cardnumber for login and auto-self-check is enabled
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 14:25:48 +0000 (15:25 +0100)]
Bug 29543: Prevent user to checkin or renew items they don't own
Checkin or renew must be restricted to the items they own.
Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1
You should see an error message
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 11:47:10 +0000 (12:47 +0100)]
Bug 29543: Enforce authentication for self-checkout
The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!
This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.
Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 11:20:28 +0000 (12:20 +0100)]
Bug 29543: Add JWT token handling
Mojo::JWT is installed already, it's not a new dependency.
We need a way to send the patron a token when it's correctly logged in,
and not assumed it's logged in only if patronid is passed
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 10:25:12 +0000 (11:25 +0100)]
Bug 29543: Remove inputfocus variable
It's not used in template
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 5 Jan 2022 10:24:12 +0000 (11:24 +0100)]
Bug 29543: Remove borrower variable
It's not needed, we have $patron
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 17:26:18 +0000 (17:26 +0000)]
Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt
To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 15:22:33 +0000 (15:22 +0000)]
Bug 26102: Prevent XSS when To.json is used: subscription-add.tt
Test the process of adding a subscription, entering both a valid vendor
ID and a non-existent vendor ID. The non-existent vendor ID should
trigger a validation alert.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 15:05:59 +0000 (15:05 +0000)]
Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt
To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 12:57:48 +0000 (12:57 +0000)]
Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt
To test, perform a search in the catalogue and verify that search term
highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 12:41:13 +0000 (12:41 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt
Test the process of searching for and selecting an authority record for
use in the basic MARC editor.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 12:34:18 +0000 (12:34 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt
Check that mandatory tags and subfields are correctly required when
editing an authority record.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 11 Aug 2020 12:31:26 +0000 (12:31 +0000)]
Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt
Test that preference search term highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the tests set debit_id to undef instead of random data.
This way tests don't break when $article_request->cancel is invoked and
a refund is tried.
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/Letters/TemplateToolkit.t
=> FAIL: Boo, tests fail, random garbage is not a debit
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests pass!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the tests set debit_id to undef instead of random data.
This way tests don't break when $article_request->cancel is invoked and
a refund is tried.
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/Letters/TemplateToolkit.t
=> FAIL: Boo, tests fail, random garbage is not a debit
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests pass!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Fridolin Somers [Sat, 29 Jan 2022 00:50:26 +0000 (14:50 -1000)]
Bug 29976: (Bug 21729 follow-up) fix holds unit tests
Bug 21729 added to holds table the column patron_expiration_date.
Currently test suite is failing :
https://jenkins.koha-community.org/view/master/job/Koha_Master_D10/516/testReport/
We must fix where TestBuilder is creating with source Reserve and data expirationdate :
t/db_dependent/Holds/WaitingReserves.t
t/db_dependent/Reserves/CancelExpiredReserves.t
Note that t/db_dependent/Reserves/CancelExpiredReserves.t does not fail
without this patch but surely we prefere change it also.
Test plan :
prove t/db_dependent/Holds/WaitingReserves.t
prove t/db_dependent/Reserves/CancelExpiredReserves.t
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds the Yiddish language to Koha. The language codes were
taken from https://www.loc.gov/standards/iso639-2/php/code_list.php
Sponsored-by: Universidad Nacional de San MartÃn Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 2 Dec 2021 11:55:36 +0000 (12:55 +0100)]
Bug 29605: branchtransfers.cancellation_reason
reason and cancellation_reason was inversed, and the enum values were
lower cases
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 2 Dec 2021 11:48:28 +0000 (12:48 +0100)]
Bug 29605: language_script_mapping.language_subtag cannot be null
It's a PK now
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 2 Dec 2021 11:37:33 +0000 (12:37 +0100)]
Bug 29605: search_marc_map.marc_type
NOT NULL was missing when MODIFY
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 2 Dec 2021 11:29:37 +0000 (12:29 +0100)]
Bug 29605: additional_contents.lang
Up to 50 on bug 23797 but bug 24387 switched it back to 25 (bad
resolution conflict)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 2 Dec 2021 11:17:12 +0000 (12:17 +0100)]
Bug 29605: account_offsets.type is not null
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 2 Dec 2021 11:12:10 +0000 (12:12 +0100)]
Bug 29605: Missing FK on tmp_holdsqueue.borrowernumber (tmp_holdsqueue_ibfk_3)
Bad copy paste on the foreign_key_exists condition
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch fixes a missed update to kohastructure.sql.
To test:
1. Checkout prior to bug 15067
(ab270c026be06f08745a14d1aea992877d20f812) would work.
2. Run:
$ reset_all
3. Checkout v21.11.00
4. Run:
$ updatedatabase
$ koha-mysql kohadev
> SHOW CREATE TABLE language_subtag_registry;
=> SUCCESS: There's UNIQUE KEY uniq_lang (subtag, type)
5. Run:
> SHOW CREATE TABLE language_descriptions;
=> SUCCESS: There's UNIQUE KEY uniq_desc (subtag, type, lang)
6. Run:
> SHOW CREATE TABLE language_rfc4646_to_iso639;
=> SUCCESS: There's UNIQUE KEY uniq_code (rfc4646_subtag, iso639_2_code)
7. Replicate a fresh install. Run:
$ reset_all
8. Repeat 4, 5 and 6
=> FAIL: The UNIQUE constraints are not there!
9. Apply this patch
10. Run:
$ reset_all
11. Repeat 8
=> SUCCESS: The UNIQUE constraints are there!
12. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Wed, 26 Jan 2022 12:18:55 +0000 (12:18 +0000)]
Bug 29949: Remove use of title-numeric sorting routine from OPAC datatables JS
This patch removes the use of a specific "title-numeric" sorting routine
from the DataTables configuration of the "Most popular" table. We can
use a "data-order" attribute instead.
The patch also removes the now unused code from our custom DataTables JS
file in both the OPAC and the staff interface (where it was unused).
To test, apply the patch and make sure the OpacTopissue system
preference is enabled.
- In the OPAC, view the "Most popular" page.
- Change the filter settings, if necessary, to get multiple results.
- In the results table, confirm that sorting by number of checkouts
still works correctly.
A search of the code for instances of "title-numeric" should return only
one in a comment in the official DataTables library.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Fri, 28 Jan 2022 20:19:08 +0000 (20:19 +0000)]
Bug 29967: extended width of description and opac description inputs on authorised_values.tt
To test:
-Go to Administration > Authorized values
-In any category, new or existing, look at an authoized value.
-The description and OPAC description inputs both have a maxlenght of 200 but you cannot see very many characters.
-Apply patch
-Look again, the inputs are much bigger and you can see many more characters.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Fri, 14 Jan 2022 00:59:46 +0000 (00:59 +0000)]
Bug 24220: Move OpacMoreSearches to HTML customizations in additional-contents
To test:
1- Before applying the patch add some content to the system preference
OpacMoreSearches
2- Apply patch
3- restart_all and updatedatabase
4. Go to additional-content.pl ( HTML customizations )
5. You should now see your content from the system preference under
OpacMoreSearches in HTML customizations
6. Try searching for the system preference, OpacMoreSeaches. It has been
removed and you should not be able to find it.
7. Try changing/removing/adding content from OpacMoreSearches in HTML
customizations
8. Make sure your edits are reflected when you look at the
OpacMoreSearch area in the OPAC.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Wed, 19 Jan 2022 16:13:26 +0000 (16:13 +0000)]
Bug 29212: (follow-up) Add futuredate attribute to date picker
This patch adds the "futuredate" attribute to the "Hold not needed
after" date field in the OPAC hold process.
To test, apply the patch and log into the OPAC.
- Locate a bibliographic record and being the process of placing a hold.
- Click "Show more options" to display the date fields.
- If the OPACAllowHoldDateInFuture system preferences is enabled:
- Set "Hold starts on date" to a date in the future.
- Trigger the date-picker in the "Hold not needed after" field: You
should be limited to dates *after* the date you selected above.
- If OPACAllowHoldDateInFuture is disabled:
- The "Hold starts on date" will no longer be present.
- Trigger the date-picker in the "Hold not needed after" field: You
should be limited to dates after today.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen [Mon, 1 Nov 2021 14:39:14 +0000 (14:39 +0000)]
Bug 29212: (follow-up) Fixes to suspend hold process
This patch reworks the process of suspending an individual hold from the
patron's hold list. Instead of repeating the modal markup in each line
of the holds table, a single modal is re-used.
A "focus: false" is added to the modal via a data-attribute in order to
overcome problems with selecting months and using keyboard navigation in
the calendar popup.
To test, apply the patch and log into the OPAC as a user with holds.
- View the holds tab under "Your summary."
- Click the "Suspend" button next to one of the holds.
- You should see a modal which shows the title of the item in question.
- Test that the date picker works correctly:
- Test selecting a month and year
- Test selecting a date both with the mouse and by using arrow keys.
- Test that you can clear the selected date both by clicking the X and
by clicking the text link.
- Select a date and close the modal without submitting the suspension.
- Click the "Suspend" link on another title to confirm that the date
picker still works correctly.
- Submit a suspension and confirm that the it completes successfully.
-
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Wed, 13 Oct 2021 17:51:08 +0000 (17:51 +0000)]
Bug 29212: Use Flatpickr on OPAC pages
This patch adds Flatpickr assets to the OPAC (JS and SCSS). A few pages
are updated to use Flatpickr instead of jQueryUI datepickers.
jQueryUI CSS files are updated because they contain some font family
definitions which are simple to remove but overly complicated to
override. Without this change some Font Awesome icons are broken when
they appear inside jQueryUI widgets like tabs.
We don't run the risk of having this change overwritten by a future
jQueryUI upgrade because there won't be any more.
To test, apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Log into the OPAC and check that date pickers on the following pages
work correctly, including month selection, year selection, forward
and back arrows, and "Clear date" controls:
- Go to the "Your personal details" page.
- Check the "Date of birth" field.
- With SuspendHoldsOpac enabled, view the "Your summary" page for a
patron with pending holds.
- Click "Suspend" to confirm that the "Suspend until" datepicker
works correctly for more than one hold.
- From the catalog search results page, select multiple results and
click the "Place hold" link.
- On the hold confirmation page, click "Show more options" to test
the "Hold starts on date" (with OPACAllowHoldDateInFuture enabled)
and the "Hold not needed after" fields.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Thu, 20 Jan 2022 21:45:49 +0000 (21:45 +0000)]
Bug 19865: Add back horizontal scroll bar
To test:
1. Do a Z39.50/SRU search
2. In the search results click on MARC to get the MARC preview. Choose
something with lots of MARC data so it is both wide and long.
3. See the Y axis scrollbar
4. You must scroll bottom of the modal to see the X axis scrollbar,
annoying.
5. Apply patch
6. Try steps 1-4 again. This time you should see the X axis scrollbar
without having to scroll to the bottom.
7. It's not a bad idea to test in multiple browsers.
Note: I also put the CSS onto multiple lines to increase readability
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Tue, 18 Jan 2022 11:55:59 +0000 (11:55 +0000)]
Bug 29809: (follow-up) Update tests and rename variable
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Thu, 6 Jan 2022 13:58:26 +0000 (13:58 +0000)]
Bug 29809: Update stockration tool to reflect method name change
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Thu, 6 Jan 2022 13:49:37 +0000 (13:49 +0000)]
Bug 29809: Rename item relation accessor from itemnumber
This patch renames the item relation accessor method in
StockRotationItem to 'item' from 'itemnumber' to more clearly reflect
that the method returns a Koha::Item object and not an itemnumber.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Petro Vashchuk [Wed, 19 Jan 2022 16:01:15 +0000 (18:01 +0200)]
Bug 29906: fix when hold record forcibly gets unwanted "suspended" state
This code allows for "Perl false" to pass through to $suspended_until
if it is in $hold->suspend_until and in $body->{suspended_until}
But in case of "Perl truth" it calls dt_from_string for that value.
Reproduction:
1. run provided test in kshell: prove t/db_dependent/api/v1/holds.t
2. see the test fails with something like:
# Failed test 'Location change shouldn't touch suspended status'
# at t/db_dependent/api/v1/holds.t line 1067.
# got: '1'
# expected: '0'
# Failed test 'suspended_until should be undef'
# at t/db_dependent/api/v1/holds.t line 1068.
# got: '2022-01-20 00:00:00'
# expected: undef
# Looks like you failed 2 tests of 39.
3. apply the changes in this patch to Koha/REST/V1/Holds.pm
4. run provided test in kshell: prove t/db_dependent/api/v1/holds.t
5. test will pass.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 17 Jan 2022 10:40:00 +0000 (11:40 +0100)]
Bug 29862: Add missing txn begin/rollback in TestBuilder.t
It fixes the tests when SearchEngine=ES
t/db_dependent/TestBuilder.t .. 7/15 Invalid MARC field expression: l5ffglZ_upqqcwOvaiyALgXfyJw2Ot2AGRPUsiAPzSFHfd8J_hsnuQ8z75B8RKc_kyo2rFBp8BrPNwcM1FPhc01ngP01HU_Z7Rx1VHfcIcmrifYnjBDWNmYB9N5_4xEnxMH7ZhqC9b2Bz9wf9
wSEmx64x6t5xFFKX at /kohadevbox/koha/C4/Biblio.pm line 306.
# Looks like you planned 12 tests but ran 6.
# Failed test 'Tests for delete method'
# at t/db_dependent/TestBuilder.t line 302.
Can't call method "biblionumber" on an undefined value at t/db_dependent/TestBuilder.t line 281.
# Looks like your test exited with 11 just after 8.
Previous subtest created invalid date in the ES mappings.
Test plan:
Set SearchEngine=ES and run the tests, they must pass.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Tue, 18 Jan 2022 12:46:51 +0000 (12:46 +0000)]
Bug 29482: Replace the term branch with library
This patch replaces the word "branch" with the word "library" in the
self-checkout template, as per terminology guidelines.
To test, apply the patch and go to Administration -> System preferences.
- Set the "IndependentBranches" preference to "Yes."
- Log into the self checkout system using a staff user with permission
to do self-checkout but not superlibrarian status.
- Try to check out an item which belongs to a library that's different
to the one you're logged in with.
- You should see a message, "Item cannot be checked out," including the
text "This item belongs to another library."
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 10 Jan 2022 12:39:35 +0000 (13:39 +0100)]
Bug 29562: Fix DecreaseLoanHighHolds.t
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch fixes tests failures due to bad checks in the controller.
The tests deserve to be rewritten.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Tue, 23 Nov 2021 19:56:52 +0000 (19:56 +0000)]
Bug 29562: Adjust CanItemBeReserved and checkHighHolds to take objects
Most of the changes here are simple, this can be read to view the changes
Testing that holds can be placed via staff client, and opac, and are disallowed
when expected is the best test plan, beyond running the unit tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Mon, 20 Sep 2021 11:17:50 +0000 (11:17 +0000)]
Bug 29058: Add 'Always show holds' checkbox to request.pl
This patch adds a new cookie 'awalys_show_holds' and utlises it on request.pl
to determine if the existing holds table should be loaded.
If the cookie does not exist, the table is loaded to preserve exiting behaviour.
If the cookie exists and is set to 'DONT' a new button 'Show holds' is added to
the page to allow force loading the table
To test:
1 - Place some holds on a record
2 - Click 'Holds' tab or 'Place a hold' from details page
3 - Note search box to place hold and table of existing holds
4 - Apply patch
5 - Reload the holds page and note new checkbox 'Always show holds'
6 - Confirm the box is checked
7 - Uncheck it
8 - Reload the page and confirm holds do not automatically load
9 - Click the new 'Show holds' button
10 - Confirm the existing holds load, and that 'Always show holds' is unchecked
11 - Check 'Always show holds'
12 - Reload page and confirm holds don't show
13 - Uncheck the box, load holds for another record, confirm it remains unchecked
14 - Bring up browser console (F12)
15 - In 'Storage' tab, under 'Cookies', delete the cookie for 'always_show_holds'
16 - Reload holds page, confirm holds load and check box is checked
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Bug 29058: (follow-up) Add hold count and don't display show options if no holds
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 17 Jan 2022 14:18:13 +0000 (15:18 +0100)]
Bug 29043: Don't fetch items if when are not on the 'Place a hold on' form
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Fri, 14 Jan 2022 16:15:31 +0000 (17:15 +0100)]
Bug 29043: Don't fetch biblios info unless a patron is picked
If we haven't picked a patron or a club yet we don't need to fetch
biblios, items and holdability infos
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the Koha::ArticleRequest->cancel method perform a
refund if it applies.
The sequence is:
- Find refundable (potentially partial) payments against the fee
- Generate a refund for the refundable amount
- Reduce the fee to zero
=> RESULT: the patron owes nothing, any credits applied to the debit are
refunded.
1. Apply the unit tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/ArticleRequest.t
=> FAIL: Nothing is refunded
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Refunds take place!
5. Try on the UI
=> SUCCESS: All good
6. Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Tue, 23 Nov 2021 13:39:57 +0000 (13:39 +0000)]
Bug 29511: Sort hash keys
This code exists in authorities/authorities.pl and the hash keys are sorted
I just do the same here
To test:
1 - Find/create a record with 245a 245h populated
2 - Load/reload the record several times and note that fields c and b are ordered randomly
3 - Apply patch
4 - Reload and note c and b are ordered alphabetically
5 - Move subfield h before subfield c
6 - Save and reload
7 - Confirm that existing/filled fields retain order in the MARC record
Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Thu, 6 Jan 2022 15:16:05 +0000 (15:16 +0000)]
Bug 21652: Only set waitingdate to today if there is no waitingdate already
1- Find or create a hold with a waitingdate other than today
2- Check the item in to generate a new hold alert
3- Select "Confirm and Print"
4- Verify that the waiting date has changed to the current date
5- Apply patch
6- Try 1-3 again, if a waitingdate already exists it should not change
7. Try an item with no waitingdate, it should properly update to today
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Tue, 26 Oct 2021 11:22:04 +0000 (11:22 +0000)]
Bug 29320: Update OverDrive availability to V2
This patch updates the call to overdrive_proxy to allow passing a version
and updates the code to use V2 for availability
To test:
1 - Enable OverDrive integration by setting the sysprefs
2 - Log in to your overdrive account in the Koha opac
3 - Perform a search and note availability display
4 - Confirm you can checkout/hold/return books
5 - Apply patch
6 - Repeat search and test functionality
7 - Note that title with '0 out of 0 copies available' now say 'Currently unavailable'
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 13 Jan 2022 05:21:15 +0000 (06:21 +0100)]
Bug 29690: Prevent detail.pl to crash if MARCXML is invalid
Bug 23846 added support for invalid MARCXML.
But now page details.pl fails again with software error.
This comes from several Koha::Biblio calling $self->metadata->record without eval.
Test plan :
1) Create a biblio record with invalid MARCXML (see Bug 29690)
In koha-testing-docker there is biblionumber=369
2) Go to page cgi-bin/koha/catalogue/detail.pl?biblionumber=xxx
3) You see the page with a message :
There is an error with this bibliographic record, the view may be degraded.
Error: Invalid data, cannot decode metadata object ...
This patch adds POD, fixes the existing one in the file, and also
renames reversable => reversible as required by the QA scripts.
If this name change is problematic, I can revert it and resubmit my
follow-up.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Wed, 22 Dec 2021 19:36:07 +0000 (16:36 -0300)]
Bug 29757: Add filters for reversable offsets
This patch adds filtering methods for (non)reversable offsets.
To test:
1. Apply this patches
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Account/Offsets.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Katrin Fischer [Sun, 9 Jan 2022 10:49:44 +0000 (10:49 +0000)]
Bug 6734: (QA follow-up) Fix punctuation, TT filters, and CSS class
* Changes Location : to Location:
* Removes html_line_break filter, as location is not multi-line
* Add subscription_location CSS class
* Use AuthorisedValues.GetDescriptionByKohaField()
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=6743 Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Opac: On a record(Serials) details the location wasn't displayed on the "Normal view" and "Full history" tabs
Test plan:
1)Intranet: Make sure to have at least two different Serials/Subscriptions on the same record with the field 'location' filled in
2)Opac: Find your Serials/Subscriptions
3)Click 'More details' and notice the 3 tabs : Normal view, Brief history, Full history
4)Go to 'Normal view' and 'Full history' to notice that 'location' is missing
5)Apply patch, refresh your browser & repeat 4)
6)The location is now visible
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Thu, 11 Nov 2021 13:45:25 +0000 (13:45 +0000)]
Bug 29458: Reorder login elements
Make masthead.inc modal and opac-auth follow the order of the login
elements on the homepage.
Test plan:
Enable prefs for reset password and self registration.
Fill additional contents for login instructions.
Logout on OPAC.
Click Login from your account on top bar.
Click Login button on the home page (right side, in the middle).
Verify that these two forms correspond with the home page login.
Owen Leonard [Tue, 18 Jan 2022 17:57:22 +0000 (17:57 +0000)]
Bug 29899: Show public note to patrons when placing a hold
This patch adds public note to the table of information shown about
items when placing a hold on a specific item in the OPAC.
To test, apply the patch and check Administration -> Circulation and
fine rules. You should have at least one patron category/item type
configured to allow OPAC item level holds.
- Modify an item to add information to the "Public note" field.
- Locate that record in the OPAC and place a hold on it.
- On the "Placing hold" page, click "Show more options" and "A specific
item."
- In the table of items you should see a "Notes" column showing the
information you added to the item.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Fri, 3 Dec 2021 08:14:48 +0000 (08:14 +0000)]
Bug 29629: Remove two unused MODS XSLT stylesheets
Follow-up of bug 29556. With thanks to Owen for checking.
> koha-tmpl/intranet-tmpl/prog/en/xslt/MARC21slim2MODS3.xsl
> koha-tmpl/intranet-tmpl/prog/en/xslt/MARC21slim2MODS32.xsl
> These two files appear to be unused. I could only find references to them in .po files.
Test plan:
git grep MARC21slim2MODS32
git grep MARC21slim2MODS3
Skip the misc/translator/po references. Note in the second grep that
you only see that MODS3-1 is used in unapi and C4::Record.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Tue, 7 Dec 2021 22:14:07 +0000 (22:14 +0000)]
Bug 27868: Add expiration date to holds awaiting pickup
To test:
1. Have some holds awaiting pickup, also have some holds that have been waiting longer than the ReservesMaxPickUpDelay is set to.
2. Go to /cgi-bin/koha/circ/waitingreserves.pl
3. There is no expiration date
4. Apply patch and restart_all
5. Now there should be a Expiration date column, make sure you can see it in both Holds waiting and Holds waiting over X days
6. Make sure all the columns Waiting Since, Date hold placed, and expiration date still sort correctly
6. Go to Table settings, and make sure all the columns hide correctly for both of the holds_awaiting_pickup tables ( holdst & holdso )
Note: This patch also corrects 2 other small problems
1. Corrects a problem where the table settings did not account for the checkbox column at the beginnning of each table
2. Removes the title-string class and uses data-order to sort Waiting Since, Date hold placed, and expiration date ( see Bug 27934 )
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marion Durand [Fri, 24 Sep 2021 07:15:37 +0000 (09:15 +0200)]
Bug 28238: (follow-up) Add itemcallnumber to ILS-DI GetAvailability output for unavailable items
Providing the call number for ILS-DI GetAvailability output is useful
for libraries that use discovery tools. Patrons often don't check
further for the call number, and then they don't have it when they look
for the item. It could also be use full to have this call number when
the item isn't available (to make a request for it for instance).
Test plan:
1. Enable the ILS-DI system preference
2. Locate a record with multiple items and make sure they have call
numbers for each item and that some are unavailable
3. Test these URLs:
[OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[BIBLIONUMBER]&id_type=biblio
and
[OPACBASEURL]/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=[ITEMNUMBER]&id_type=item
(Where the [OPACBASEURL] is the OPAC URL of your test instance,
[BIBLIONUMBER] and [ITEMNUMBER] are a record number and item number of
your choice.)
4. Apply the patch
5. Run the queries from step 3 again - all the results should now have
the tag itemcallnumber (not only the available's ones)
Example: <dlf:itemcallnumber>840.08 COR R</dlf:itemcallnumber>
Sponsored-by: University Lyon 3
https://bugs.koha-community.org/show_bug.cgi?id=28238
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>