Added a definition to the HOLD_ITEM_CHECKED_OUT event in ils_events.xml.
Trying to be generic between the opac and the staff client the message
reads, "The item you have attempted to place on hold is already checked
out to the requestor."
[LFW: I made a tiny spelling change to be consistent with other
appearances in Evergreen of the term "requestor".]
Acq: Improvements to account-matching incoming EDI messages
The way the EDI fetcher works gives us a problem. That process iterates
over EDI accounts for which it has FTP host and credential information,
downloads documents from each of those sites, and files the messages
within those documents under the EDI account from which the login
credentials came. The problem is that in practice the exact same host
and login information is used by multiple accounts under the same
vendor, and files relating to these sub-accounts are commingled, so that
you can't make the decision about which messages should be filed under
which accounts based on the name of the document or its location. You
have to make that decision later, based on its contents.
We are already incompletely doing this, distinguishing between
sub-accounts under which we could file our messages when the vendor
specifies the buyer's SAN next to the specific sub-account number *and*
those sub-accounts belong to different Evergreen org units. We still
need ways to distinguish in other cases.
This will do what is natural for at least one vendor, and match the
message content against the vendacct field of the acq.edi_account table.
*Also,*
We were re-retrieving the working acq.edi_message row from the database
before writing it, throwing away possible changes to the object in hand
made by O::A::Acq::EDI::process_parsed_msg(). We should only do that in
the case where that function has raised an exception.
We were doing the same kind of thing in another place actually inside
process_parsed_msg() where we set the edi_message's purchase_order field
based on the first lineitem encountered if the message itself didn't
specify a valid PO identifier.
This supports making account-correction work for ORDRSP messages in
addition to INVOIC messages.
We also propagate that same correction to the provider and shipper
fields of any invoices that get created from said edi_message.
Mike Rylander [Tue, 29 Oct 2013 15:37:36 +0000 (11:37 -0400)]
Use all subfield values to link authority records to bibs
Given an Evergreen instance with two authority records loaded, one
being a more specific than the other via a repeated subdivision subfield,
we must make sure that we use all the bib-supplied subfield values when
attempting to auto-link to the correct authority. Otherwise, the "shorter"
authority record may be selected as appropriate, and data in the bib record
would be lost.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Galen Charlton [Mon, 14 Oct 2013 16:21:58 +0000 (09:21 -0700)]
LP#1086458: remove unecessary anonymous hashes when calling xulG.set_tab()
This follows up on observations made by Steven Chan that
suggests that even the act of creating an anonymous hash and
passing it to a global function can cause (I assume) JavaScript
execution contexts to be leaked.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
This implements using the new custom event rather than
xulG.set_tab() to refresh a refresh of the checkout tab. It
also removes use of a callback function to request the tab
refresh in favor of a simple setTimeout().
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
LP#1086458: define custom event for refreshing the checkout page
Using a custom event handled by a chrome event handler rather
than calling xulG.set_tab() directly avoids any possibility of
leaking objects and executation contexts from the code that's
requesting refresh of the checkout page.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Galen Charlton [Mon, 14 Oct 2013 15:23:23 +0000 (08:23 -0700)]
LP#1086458: convert last-print information hash to JSON string before caching
By serializing the printing message and context information to a
JSON string before caching it, we avoid inadvertantly dragging in
things like Javascript execution contexts and possibly references
to objects created by the checkout interface. This was contributing
to the staff client memory leaks observed during receipt printing.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Mike Rylander [Fri, 25 Oct 2013 16:15:25 +0000 (12:15 -0400)]
Respect source XML subfield order during overlay
When adding specific subfields to a field as described by an add
or replace rule we were adding them in rule-order. Instead, they
should be added in source-XML physical order. This commit does
that.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Mike Rylander [Thu, 24 Oct 2013 20:10:00 +0000 (16:10 -0400)]
Make sure that # can be used in auth browse
Because we use URLs to call the SuperCat browse API, we need to
be more careful about encoding parameters. #, in particular, breaks
auth browse because it's seen as a URL fragment separator by the browser
and web server.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Yamil Suarez <yamil@yamil.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Dan Scott [Mon, 21 Oct 2013 15:12:06 +0000 (11:12 -0400)]
Fix "elfield" typo noted by Ben Ostrowsky
Per sylvar in IRC and in
https://bugs.launchpad.net/evergreen/+bug/1240636, "elfield" should be
"selfield" (even though the code in question is currently inside an "#if
0" block and will never execute).
Garry Collum [Sun, 4 Aug 2013 20:10:26 +0000 (16:10 -0400)]
lp1193487 Circulation Policy Column Picker not saving configuration.
The circulation policy column picker is not saving its configuration
because ui.grid_columns.conify.config.circ_matrix_matchpoint is not
defined in the config.usr_setting_type table. This updates the sql
to populate the table.
Signed-off-by: Garry Collum <gcollum@gmail.com> Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
OPAC: Make advanced search -> numeric search -> bib cn hone in on right target
The bib call number search under the advanced search page's numeric
search pane was doing the wrong thing. By thinking the search field
desired was called 'bib_cn' where it's actually called 'bibcn', it
generated searches that just fell back to the broader search class
'identifier'. This would often find your matches, but would also find
too many records that *shouldn't* have been matches.
Discovered with help from Erica Rohlfs and Mike Rylander.
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Michael Peters [Tue, 24 Sep 2013 20:57:37 +0000 (16:57 -0400)]
LP#1207281 Prevent download of offline patron list without authentication
This patch addresses the vulnerability which allowed a user with the proper
knowledge of the location of offline patron lists to download the file over
regular HTTP without any staff credentials.
This small addition to eg_vhost.conf.in will present users with a login prompt
when trying to access the /standalone/ subdirectory on an Evergreen server.
Users are able to download the patron list in the staff client as normal
because they already have obtained credentials during the normal staff client
authentication process.
Signed-off-by: Michael Peters <mpeters@emeralddata.net> Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Bill Erickson <berick@esilibrary.com>
Jason Stephenson [Wed, 30 Jan 2013 21:56:12 +0000 (16:56 -0500)]
Fix an omission in the log redaction configuration.
open-ils.actor.patron.password_reset.commit was omitted in the
<log_protect> block of opensrf_core.xml.example. This commit adds
it and updates the release notes for 2.3 to include it.
There is also a release notes file informing users that they need to
edit opensrf_core.xml to address this issue.
Signed-off-by: Jason Stephenson <jstephenson@mvlc.org> Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Bill Erickson <berick@esilibrary.com>
Mike Rylander [Wed, 28 Aug 2013 19:05:36 +0000 (15:05 -0400)]
Stream facet data
For certain shapes of facet datasets, the .atomic version of the
json_query call can produce an XMPP message large enough to cause
ejabberd to fall over unceremoniously. Switch to a streaming
CStoreEditor-based call instead to avoid this.
Ideally, this would use message bundling (aka, chunking) as well,
but the C parts of OpenSRF don't seem to support that yet.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Jason Etheridge [Thu, 8 Nov 2012 16:27:13 +0000 (11:27 -0500)]
reset title variable when looping with biblio A/T
Two templates that I'm concerned with, though there may be others that could use
this treatment: biblio.record_entry.email and biblio.record_entry.print
Basically, they can group events from the same user and consolidate bibs, but as
they loop through the bibs they're not clearing the temporary variable that
contains the bib title, so we get duplicated and run-on titles in the output.
Signed-off-by: Jason Etheridge <jason@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Conflicts:
Open-ILS/src/sql/Pg/002.schema.config.sql
Chris Sharp [Mon, 19 Aug 2013 18:29:23 +0000 (14:29 -0400)]
The ILS User reports source branches to an All Hold Requests linked source
that was marked class="circ" instead of class="ahr". This corrects that problem.
Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Ben Shum <bshum@biblio.org>
Dan Scott [Fri, 5 Apr 2013 17:21:47 +0000 (13:21 -0400)]
Fix schema.org mapping for MusicAlbum, add Map
We had set LDR[06] = j to MusicRecording, but that is really meant for
individual songs. Use MusicAlbum instead, and per
http://schema.org/MusicAlbum, use a new MusicGroup itemtype with a
'byArtist' property for the primary artist rather than the generic
'accountablePerson'.
Also map LDR[06] = e to Map, because that seems like a safe bet.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Conflicts:
Open-ILS/src/templates/opac/parts/record/authors.tt2
The alternate view in the Item Status screen shows a "Total Circs"
field that was under-counting circulations because UNION filtered
out duplicates. This commit replaces UNION with UNION ALL, which
allows duplicate rows.
Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Ben Shum <bshum@biblio.org>
Mike Rylander [Tue, 20 Aug 2013 20:00:48 +0000 (16:00 -0400)]
Browse normalization timing fix
When indexing browse entries, we need to normalize the value we want to use
before we go looking for it in the table, for uniqueness. We do in master,
we need to in 2.3 as well.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Mike Rylander [Wed, 14 Aug 2013 14:25:14 +0000 (10:25 -0400)]
Correctly mark nested INNER joins as such
We've been adopting containing the JOINs flavor, and then
attempting to use IS NOT NULL to restrict NULL-ness
in the WHERE clause. This is almost right, but not quite,
and was done in an attempt to match behavior with the
expectations of users that are not SQL experts. However,
right is better than "looks right most of the time", so
we use the proper join type now.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Boyer <jboyer1@library.in.gov>
Conflicts [just whitespace style]:
Open-ILS/src/perlmods/lib/OpenILS/Reporter/SQLBuilder.pm
Bill Erickson [Thu, 23 May 2013 17:30:43 +0000 (13:30 -0400)]
LP1183467 ACQ view funding source list permissions
Limit the set of funding sources visible in the funding source list
interface by those the user has view permissions for, not just those the
user has edit permissions for.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Remington Steed <rjs7@calvin.edu> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Mike Rylander [Fri, 12 Jul 2013 18:43:57 +0000 (14:43 -0400)]
Repair remaining Authority Fixed Field editor entries
The "Item" fixed field is only valid for MFHD records, so we remove
that entirely from AUTH records. The "GeoSubd" fixed field is
spelled "GeoDiv" everywhere, so we align that naming so that it can
be saved.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Acq general search: improve searching for negative comparisons
This aims to address Launchpad bug #1031535. I think the bug only
really shows up when searches involve invoices either as the core type
or with filter fields. If a search doesn't involve invoices, the
problematic joins aren't present.
Could use more testing though. Seems to make the problem go away, and
other basic searches seem to work, but I certainly haven't tested
everything.
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
There's a bit in the code where it tries to pad the first digit group,
if it's the only digit group, but it assumed the digit group was the
first token.
Signed-off-by: Jason Etheridge <jason@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Chris Sharp [Mon, 5 Aug 2013 18:10:56 +0000 (14:10 -0400)]
LP1208572 - Fixes for reporter.classic_item_list
This view was created before the extend_reporter schema and the reporter.
materialized_simple_record existed. Rewriting the view definition to include
those.
Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Ben Shum <bshum@biblio.org>
Kyle Tomita [Fri, 31 May 2013 18:33:59 +0000 (11:33 -0700)]
LP1185524 - Duplicate patron checking in the user editor is limited to workstation OU
Added a new library setting opac.duplicate_patron_check_use_consortium.
When true, the duplicate check will use the consortium (1) as the OU.
When false or not set, the duplicate check will use the workstation OU.
The setting is checked in subroutine that creates the search request and
sets the OU accordingly.
[LFW: Signing off but following with material changes next commit.]
Steven Chan [Mon, 5 Aug 2013 16:13:54 +0000 (12:13 -0400)]
Fix LP985075, cannot save Patron Acquisition Request form
The form is shown using a dojo EditPane attached to an EditDialog,
however, attaching the pane was done manually, resulting in the dialog
acting improperly and the pane positioned improperly.
Instead, we use dojo's attr method to define the content attribute of
the dialog to be the pane.
Signed-off-by: Steven Chan <schan@sitka.bclibraries.ca> Signed-off-by: Remington Steed <rjs7@calvin.edu> Signed-off-by: Ben Shum <bshum@biblio.org>
Chris Sharp [Wed, 31 Jul 2013 15:03:25 +0000 (11:03 -0400)]
Fixing LP 1072892 - repeated rows in reporter.classic_item_list view
The view joined the actor.card table in such a way that all library
cards (active or not) were being returned. This commit changes that
behavior so that only the current card (from actor.usr.card) is returned.
Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Ben Shum <bshum@biblio.org>
* This commit:
- Makes sure that holding data is valid for the given caption
for new holding objects
- Teaches field_values() to fall back to '*' (unknown marker)
when a holding is missing data
- Allows the caption() method to be a setter
* This commit:
- Makes the comparison operator consider chron data, not just
enumeration data
- Teaches the comparison operator a way to handle 'unsure' data
(that is, data presented in brackets [])
* The code was assuming the $end_holding param would be uncompressed,
but this was not stated anywhere, nor enforced. Let's allow the
method to take both compressed and uncompressed holdings as the "end"
(and handle it appropriately).
* Add some holdings with missing and unsure data to test the new
comparison operators handling of such data.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Dan Wells [Wed, 8 May 2013 19:09:41 +0000 (15:09 -0400)]
Fix logic in get_compressed_holdings()
[This commit has been squashed for merging. LFW]
* This commit rearranges some of the logic branches to protect
against an unusual case of having two holding statements with
the same start value, but one being open-ended and one not.
* The logic in get_combined_holdings() was a little sloppy and
repeated some steps unnecessarily. This cleans things up.
See the test case in the previous commit for more clarity.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Dan Wells [Tue, 7 May 2013 22:19:34 +0000 (18:19 -0400)]
Add new get_combined_holdings() method to MFHD.pm
This commit adds a new method to the MFHD module which creates an
array of compressed holdings from all holdings for a given caption,
combining as needed.
NOTE: This method is similar to, but much less aggressive/strict than
get_compressed_holdings(). Ultimately, get_compressed_holdings()
might be deprecated in favor of this.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
In their electronic invoices, vendors sometimes include a mix of line
items that your ILS knows about, because you ordered them through it,
and line items of which your ILS knows nothing. We should not fail
altogether at processing invoices, but instead process what line items
we can.
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Acq: When building invoices from EDI messages, avoid bad data
From some vendors, these EDI messages contain strings (useless ones,
like just the name of the vendor) where we had been expecting numeric
identifiers.
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Jeff Godin [Tue, 29 May 2012 14:28:50 +0000 (10:28 -0400)]
Fix IDL and OU setting check for staged users
The IDL had references to sequences that do not exist:
staging.usr_stage_row_id_seq -- a typo, fixed
In the case of staging.billing_address_stage_row_id_seq, the
staging.billing_address_stage table is created with LIKE,
and uses the sequence staging.mailing_address_stage_row_id_seq
The OU setting check for the open-ils.actor.user.stage.create API
call was not passing an org unit, and would always fail.
We now pass the home_ou of the user being staged.
At this point, the opac.allow_pending_user OU setting type must
be manually created before its value can be set.
Signed-off-by: Jeff Godin <jgodin@tadl.org> Signed-off-by: Bill Erickson <berick@esilibrary.com>
Bill Erickson [Mon, 22 Jul 2013 19:21:15 +0000 (15:21 -0400)]
LP1203753 AuthProxy barcode login support
When users attempt a barcode-based login with AuthProxy, the system will
determine the username of the user (based on the barcode) and use the
username instead of the barcode for all proxied login attempts. This
allows users to use their barcodes (or barcode-looking usernames) to
log in via remote authenticators.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Fredrick Parks [Wed, 10 Jul 2013 18:12:17 +0000 (11:12 -0700)]
LP 1103706 Hold ratios in circ policies cause errors when trying to renew items
Changed the function action.copy_related_hold_stats to accept a bigint as the perameter instead of an integer.
Copy_related_hold_stats is only called by the function action.item_user_circ_test which trys to pass a bigint.
Signed-off-by: Fredrick Parks <fparks@catalystitservices.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
In Evergreen we have authority fields defined in the database that
relate to control sets. These are used somewhere today (I'm fuzzy on
that at the moment; some places once had and may still have hardcoded
labels) but they also will be used by the bib and auth browser
that's not yet merged to master (see LP #1177810).
The 4XX tags among the set I'm talking about (in
authority.control_set_authority_fields) are mislabled, saying See Also
where they ought to say See From, e.g.
http://www.loc.gov/marc/authority/ad400.html
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Dan Wells [Wed, 10 Oct 2012 13:22:33 +0000 (09:22 -0400)]
Capture and log AuthProxy logins with no account
The current AuthProxy.pm code assumes that if the external auth
passes, the Evergreen account will be there. This protects
against cases where a user is in the external auth system but
has no matching account in Evergreen.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Bill Erickson <berick@esilibrary.com>
Dan Wells [Thu, 27 Sep 2012 21:35:03 +0000 (17:35 -0400)]
Make AuthProxy LDAP bind code more robust
The existing version of LDAP_Auth.pm assumed that the user's
bind DN could be derived from the base DN, the ID attribute, and
the user's ID. This is frequently the case, but not always,
particularly in Active Directory setups using sAMAccountName. This
commit instead uses the initial LDAP lookup as the authority for
determining the user's DN.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Bill Erickson <berick@esilibrary.com>
Steven Chan [Sat, 15 Jun 2013 17:06:43 +0000 (13:06 -0400)]
Fix LP1177916, Cannot activate PO which contains only direct charges
We add a safety check in the function
Application/Acq/Order.pm/create_lineitem_list_assets(), which is called
by create_po_assets(), which is the service call initiated by the user
trying to activate a PO.
The safety check prevents the function from processing if there are no
line items specified in the arguments.
P.S. It would be better to stop the sequence of events earlier in the
client, but that will need more coding, which can been done in another
fix.
Signed-off-by: Steven Chan <schan@sitka.bclibraries.ca> Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Steven Chan [Thu, 23 May 2013 22:22:15 +0000 (15:22 -0700)]
Patron Editor can enter erroneous values for Claims-returned count
In the staff client, Patrons interface, Edit screen, when
mouse-scrolling up and down the Edit form, it is possible to
inadvertently change the value in Claims-returned Count or Claims Never
Checked Out Count field. It will happen if the mouse hovers over either
data field while using the mouse wheel.
Both data fields use the dijit.form.NumberSpinner widget to provide a
'spin' behaviour. The fix involves cancelling the mouse scroll event as
it propagates to input fields in table rows that are using the
dijit.form.NumberSpinner widget, because the mouse scroll would be
applied too early by the widget, before the user has intentionally
focussed on one of the input fields. Now, mouse scrolling has no effect
on the two input fields; it will only have an effect in scrolling the
page up or down.
Signed-off-by: Steven Chan <schan@sitka.bclibraries.ca> Signed-off-by: Ben Shum <bshum@biblio.org>
Mark Cooper [Mon, 18 Mar 2013 22:45:14 +0000 (15:45 -0700)]
LP1156905 lineitem worksheet sorts copies by org
Lineitem copies (details) were set to be sorted by branch ('owning_lib')
by default. However this was not happening because the lineitem_details
'owning_lib' referenced a fieldmapper object (not an id or name).
This submission sets the owning_lib to the shortname so that sorting can
occur in the intended way.
Signed-off-by: Mark Cooper <markchristophercooper@gmail.com> Signed-off-by: Bill Erickson <berick@esilibrary.com>