Permalink
Switch branches/tags
Commits on Feb 7, 2018
  1. Bug 18403: Deal with the DB user

    joubu committed Apr 12, 2017
    On first login, Koha explodes before the logged in user does not exist
    in DB.
    This patch deals with that by adding several checks when it's needed.
    
    Test plan:
    Use the DB user to create a superlibrarian user.
    The DB user should no be allowed to do anything else.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
    
    Bug 18403: Fix patron creation
    
    memberentry.pl can be called to create a new patron, in that case the
    patron does not exist yet.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  2. Bug 18403: REST API - patrons endpoint

    joubu committed Apr 10, 2017
    There is something wrond here, the userenv is no set and so we cannot
    user search_limited.
    Should we set the userenv or filter on the libraries using
    libraries_where_can_see_patrons?
    WAITING FOR FEEDBACK HERE.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  3. Bug 18403: Guarantors

    joubu committed Apr 10, 2017
    Technically a kid from your library group could have a guarantor
    attached to another
    group of library, let's deal with this case.
    
    Test plan:
    - Create a kid from your library group
    - With a superlibrarian staff user create a guarantor that is outside of
    the group of
    libraries of the kid
    - Login with a limited staff user and confirm that on the patron detail
    page you do not
    see the link to the guarantor detail page.
    
    Note that you see the firstname and surname of the guarantor
    Q. should it be hidden?
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  4. Bug 18403: Article requests

    joubu committed Apr 7, 2017
    Same as previously but for article requests.
    
    Test plan:
    Test article requests and make sure you do not need the requests for
    patrons that
    are attached to a group that is not part of your library's group
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  5. Bug 18403: Patron discharges

    joubu committed Apr 7, 2017
    This patch deals with patron's discharges.
    
    Test plan:
    Same as previously you will need to request dischages at the OPAC.
    On the staff interface the logged in user should not be allowed to see
    discharge
    from patrons outside his library group.
    The number of discharges waiting displayed on the mainpage should be
    correct as well.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  6. Bug 18403: Patron reviews

    joubu committed Apr 7, 2017
    This patch adds a new method Koha::Reviews->search_limited to return the
    reviews
    a logged in user is allowed to see depending his permissions.
    
    Test plan:
    Create some reviews at the OPAC and make sure a staff user is limited
    (or not) to approve
    or decline it.
    The number of reviews displayed on the mainpage should be correct as
    well.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  7. Bug 18403: Patron modification requests

    joubu committed Apr 7, 2017
    Limit patron's modifications based on logged in patron permissions.
    
    Test plan:
    Create some patron's modification requests at the OPAC
    Make sure the logged in staff user see (or not) the modification depending his
    permissions.
    The number of modification displayed on the mainpage should be correct as well.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  8. Bug 18403: Add new method Koha::Patron->can_see_patrons_from

    joubu committed Apr 7, 2017
    Technical note:
    Sometimes we do not have the patron object, for instance for the patron modifications
    we will need to know if the logged in user can modify patron's from a given library.
    This new subroutine 'can_see_patrons_from' will then be useful
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  9. Bug 18403: Add tests for Koha::Patrons

    joubu committed Apr 5, 2017
    A bit late but here are the tests for
     Koha::Patron->libraries_where_can_see_patrons
     Koha::Patron->can_see_patron_infos
     Koha::Patron->search_limited
    
    Test plan:
      prove t/db_dependent/Koha/Patrons.t
    should return green
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  10. Bug 18403: Refactor and add Koha::Patron->libraries_where_can_see_pat…

    joubu committed Apr 6, 2017
    …rons
    
    Technical note:
    Here we are just refactoring a code that have been copied into 3 different places.
    libraries_where_can_see_patrons is a terrible method's name, feel free to suggest
    something better. The method return a list of branchcodes to be more efficient,
    instead of Koha::Libraries
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  11. Bug 18403: Add new methods Koha::Patrons->search_limited and use it w…

    joubu committed Apr 6, 2017
    …here needed
    
    Most of the time when we search for patrons we do not want to search for all patrons,
    but just the ones the logged in user is allowed to see the information.
    This patch takes care of that by adding a new search_limited method to Koha::Patrons.
    When called this method only search for patrons that the logged in user is allowed
    to see.
    
    Test plan:
    Patron autocomplete search should be limited
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  12. Bug 18403: output_and_exit_if_error for circulation.pl

    joubu committed Apr 5, 2017
    This is a follow-up for a previous patch, changes have been tested
    already
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  13. Bug 18403: Batch patron modification tool

    joubu committed Apr 5, 2017
    Do not allow a logged in staff user to modify patrons that are not part of his
    group if he is not allowed.
    
    Test plan:
    Make sure you are not allowed to modify patrons that are not part of your group
    from the batch patron modification tool
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  14. Bug 18403: Use patron-title.inc when hidepatronname is used [SPECIFIC…

    joubu committed Apr 5, 2017
    … for view_holdsqueue]
    
    Same that the previous patch but for the holds queue
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  15. Bug 18403: Use patron-title.inc when hidepatronname is used [SPECIFIC…

    joubu committed Apr 5, 2017
    … for issuehistory]
    
    On this page we do not have the patron object sent to the template,
    let's pass it!
    
    Test plan:
    Go on the checkout history of a bibliographic record
    (catalogue/issuehistory.pl)
    You should not see patron's information that are not part of your group
    if you
    are not allowed to see them.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  16. Bug 18403: Use patron-title.inc when hidepatronname is used

    joubu committed Apr 5, 2017
    There is already a HidePatronName syspref to hide patron's information
    on bibliographic
    record detail pages and the hold list.
    
    Test plan:
    With the HidePatronName enabled, make sure the patron's information are
    hidden from
    the catalogue and hold list pages. If the logged in user is not allowed
    to see the
    patron's info, no link and no cardnumber will be displayed
    With he HidePatronName disabled, make sure the patron's information are
    displayed
    if the logged in user is allowed to see the patron's info.
    
    Technical note:
    This patch improves the existing patron-title.inc include file to
    display patron's
    information. Using it everywhere patron's details are displayed will
    permit to
    homogenise the way they are displayed. The file takes now a patron
    object (what
    should be, in the future, the only way to use it), that way we can call
    the new
    method on it to know if patron's information can be shown by the logged
    in used.
    
    NOTE: I am not sure this syspref makes sense anymore. Should not we
    remove it?
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Commits on Feb 2, 2018
  1. Bug 18403: Only display libraries from group in dropdown lists

    joubu committed Apr 5, 2017
    From where patrons it's about patrons, we do not want to display the libraries
    from all the system, but only the ones from the group.
    
    Test plan:
    - See the overdues (circ/overdue.pl) and make sure you can only see overdues from
    patrons part of your group (do not forget to test the CSV export).
    - Search for patrons, the 'library' filters (headers and left side) should only
    display libraries from your group
    - Search for article request by patron's library: only the libraries from your
    group should be displayed
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  2. Bug 18403: Adapt patron search

    joubu committed Apr 5, 2017
    This patch modifies the patron search code to limit the libraries to the
    ones
    the logged in user is allowed to access
    
    Test plan:
    Search for patrons
    You should not see patrons you are not allowed to see.
    
    Technical note:
    I am really glad to have refactored all the patron searches before
    having to
    write this patch. It tooks me ~40 l to acchieve this job and affect all
    patron searches.
    Thanks refactoring!
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  3. Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot…

    joubu committed Apr 4, 2017
    …_see_patron_infos
    
    Test plan:
    Login with a patron that is not allowed to see patron's information for patrons
    outside of his group. Try to access patron's information from scripts of the patron
    module (members/*) and circ/circulation.pl.
    You should be able to access patron's information of patrons outside of your group
    and get "You are not allowed to see the information of this patron."
    If you try and access a patron page with a borrowernumber that does not exist, you
    should get "This patron does not exist"
    
    Technical note:
    A new C4::Output subroutine is created in this patch: "output_and_exit_if_error"
    Executed at the beginning of the script it will permit not to copy/paste all the
    different checks to know if the logged in user is authorised to see patron's information.
    The design here can be discussed, but I did not find an alternative with as less changes.
    On the way I refactor what we did with 'unknowuser' previously: it will now work with all
    patron pages, not only the few that used it.
    Note that the 'or die "Not logged in";' part should not be needed, but... who trusts
    C4::Auth?
    I think it could be used as a safeguard later. I am willing to sed and remove them
    if required.
    
    Changes in discharge.pl are mainly indentation changes.
    
    With this patch we should now have a $patron variable that refer to the patron we
    want to access. That will be very useful to remove plenty of code in members/* and
    only pass this variable to the template (instead of 1 variable per patron's attribute).
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  4. Bug 18403: Update permissions - borrowers => 1|* becomes borrowers =>…

    joubu committed Apr 4, 2017
    … 'edit_borrowers'
    
    Test plan:
    Login with a patron that only have the 'edit_borrowers' permission.
    You should be able to access patron's information of patrons inside of your group.
    
    Technical note:
    Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
    That meant
      borrowers => 1
    and
      borrowers => '*'
    had the same behavior.
    Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
    permissions of 'borrowers' are set.
    We need to update the different occurrences of these tests.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  5. Bug 18403: Add new method Koha::Patron->can_see_patron_info

    joubu committed Apr 6, 2017
    Technical note:
    This is the method that will be called on the logged_in_user variable sent to
    the template. Moreover we will check that the logged in user can access patron'
    information when access to members/* and some circulation scripts will be done.
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  6. Bug 18403: Send logged_in_user to template from C4::Auth

    joubu committed Apr 4, 2017
    Technical note:
    To ease future changes we are passing a logged_in_user variable to templates.
    It contains the Koha::Patron object representing the logged in patron.
    This will be very useful for this patch and even after (for instance we will be
    able to replace easily loggedinusername and loggedinusernumber).
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  7. Bug 18403: Add new method Koha::Library::Group->has_child

    joubu committed Apr 6, 2017
    This is more a follow-up for bug 15707. It could be moved on its own bug report
    if necessary.
    
    IMPORTANT NOTE: At the moment the feature only works for 1 level depth, see
    bug 15707 comment 166+ for the discussion
    
    It means that if we have:
     root_group
         + groupA
             + groupA1
                 + groupA1_library2
             + groupA_library1
             + groupA2
         + groupB
             + groupB_library1
    groupA1_library2 is not considered a child of groupA1.
    Note that this can change.
    
    Test plan:
      prove t/db_dependent/LibraryGroups.t
    should return green
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  8. Bug 18403: Add new method Koha::Library->library_group

    joubu committed Apr 6, 2017
    This is more a follow-up for bug 15707. It could be moved on its own bug report
    if necessary.
    
    Test plan:
      prove t/db_dependent/LibraryGroups.t
    should return green
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  9. Bug 18403: Hide patron information if not part of the logged in user …

    joubu committed Apr 4, 2017
    …library group
    
    This patchset adds a new feature that will allow libraries inside a
    single Koha installation to restrict access to information of patrons
    that
    
    The group of libraries feature is introduced by bug 15707, see this bug for more
    information.
    
    Let's imagine that 2 groups G1 and G2 are defined and that they include 2 libraries
    each G1a, G1b and G2c, G2d: logged in users attached to G1a will only see patron's
    information from G1a and G1b.
    To add more flexibility, a new user permission named 'view_borrower_infos_from_any_libraries'
    will drive this behavior. If set, the patron will be able to see patron's information
    of any libraries.
    
    If the restriction is set, the logged in user will not be able to search, show, edit,
    delete patron's information of patrons attached to groups of libraries outside his
    own group.
    In situations we need to refer to a patron, for holds and checkouts for instance,
    and his information cannot be viewed, a text "A patron from library G1A" will be
    displayed.
    
    Considered unecessary or outside the scope of this bug report:
    * The report module is not affected by this feature for obvious reasons
    * The firstname and surname of guarantors, basket (acq) managers, patrons linked
    to orders are still displayed.
    * Log viewer: Can only be staff
    * patron list: you cannot add patrons from another group of librairies, but can
    see/delete from list (too much rewrite, or we can test for patron one by one?).
    * "Patron card creator" tool is not impacted by this feature.
    * Upload patron images is not impacted by this patch, should it be?
    * Tools:
      - Upload patrons
      - Clean borrowers tool (This can can done easily updating Koha::Patrons->search
    with Koha::Patrons->search_limited in search_upcoming_membership_expires and
    search_patrons_to_anonymise but we will need to move GetBorrowersToExpunge to
    Koha::Patrons first)
    We can discuss these different points but will be other bug reports not to add
    more complexity to this first patchset.
    
    Test plan:
    You will find a test plan in the following commit messages.
    Start by creating different group of libraries and patrons with and without the
    new permission. Open different browser sessions to ease the tests.
    Note that all patches have to be applied to test the different test plans.
    
    Technical notes:
    For QAers (and others) a techical note will be added to the commit messages of this
    patchset. I would recommend you to read them one by one to understand the different
    steps of this development.
    
    + Special attention should be payed to the REST api changes
    + Should we restrict the logged in user to libraries from his group when
    he wants to set his library (Home › Circulation › Set library)?
    
    Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
  10. Bug 16735: (QA followup) Fix rebase error

    tomascohen authored and joubu committed Dec 11, 2017
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  11. Bug 16735: (QA followup) POD fixes

    tomascohen authored and joubu committed Dec 11, 2017
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  12. Bug 16735: Use libraries in all subgroups, not just immediate children

    kylemhall authored and joubu committed Aug 8, 2017
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  13. Bug 16735: DBIC Schema files

    joubu committed Dec 5, 2017
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  14. Bug 16735: Filter individual libraries from search group pulldown

    kylemhall authored and joubu committed Feb 21, 2017
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  15. Bug 16735: Remove use of get_categories

    kylemhall authored and joubu committed Feb 21, 2017
    Feature using it is completely undocumented as far as my research has
    shown.
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  16. Bug 16735: Don't use objects for database update

    kylemhall authored and joubu committed Feb 21, 2017
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  17. Bug 16735: Migrate library search groups into the new hierarchical gr…

    kylemhall authored and joubu committed Jun 22, 2016
    …oups
    
    Test Plan:
    1) Apply this patch set
    2) Note your existing search groups have been ported over to the new
       __SEARCH_GROUPS__ group if you had any
    3) Create the group __SEARCH_GROUPS__ if one does not already exist
    4) Add some first level subgroups to this group, add libraries to those groups
    5) Search the library group searching in the intranet and opac
    6) Note you get the same results as pre-patch
    
    Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  18. Bug 16735: Clean up sample data

    kylemhall authored and joubu committed Jun 23, 2016
    Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
  19. Bug 16735: Remove tables no longer needed

    kylemhall authored and joubu committed Jun 23, 2016
    Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>