Galen Charlton [Sat, 7 May 2016 01:40:12 +0000 (21:40 -0400)]
LP#1579225: fix handling of passwords in patron registration
This patch improves how the new password hashing is invoked
by open-ils.actor.patron.update; in particular, it fixes
a problem whereby newly registered patrons could not
log in. It also fixes other issues:
- actor.usr.passwd would be set to an MD5 of the password
for new users, vitiating the strong hashes in actor.passwd
- certain types of updates via patron registration, such as
adding or deleting addresses, could result in the patron's
password getting doubly-hashed, thereby locking them out
of their account.
To test
-------
[1] Register a new patron; verify that they can log in.
[2] Edit an existing patron and change their password; verify
that they can log in.
[3] Edit an existing patron but do NOT change their password;
verify that they can still log in.
[4] Inspect the actor.usr rows for these patrons and verify
that actor.usr.passwd is set to the value MD5(''), not
the MD5 of their password.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Remington Steed [Fri, 6 May 2016 19:48:12 +0000 (15:48 -0400)]
Docs: Undo heading name change to fix broken link
This commit reverts a chapter heading change, which had broken an
internal cross reference link, thus causing the HTML docs to fail to
build. In this case, it seems best to keep the older heading rather than
fix the link to it.
In general, we should be careful about changing any AsciiDoc
headings, since we currently rely on autogenerated section IDs when
making internal links, and changing a heading changes its ID. If a
heading is changed, then all links to it need to be changed accordingly.
As suggested by Mike Rylander, keep the escape_email_header helper
around to avoid breaking templates that already adopted it, but make it
a no-op as the SendEmail reactor now encodes the email headers of
interest by default.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Galen Charlton [Fri, 25 Mar 2016 20:46:24 +0000 (16:46 -0400)]
LP#1562153: fix case where changing sort order to relevance can fail
This patch fixes a cause where sending a 'sort' CGI parameter
with the empty string as value (which specifies relevance sorting)
fails to override a previously-set sort order.
To test:
[1] Do a public catalog search starting from the advanced search form,
e.g., keyword = "cats"
[2] Change the sort order to (say) Title A-Z from the results page.
[3] Note that the query string changes to "sort(titlesort) cats" and
that the results are re-sorted
[4] Attempt to change the sort order to relevance.
[5] This time, the sort order does not change ... and it should have.
[6] Apply the patch and repeat steps 1-5. This time, the sort order
should be successfully changed.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Galen Charlton [Wed, 30 Mar 2016 17:29:10 +0000 (13:29 -0400)]
LP#1563531: add libpcre3/libpcre3-dev deps for Jessie
This patch adds libpcre3 and libpcre3-dev to the list
of packages installed when installing Evergreen on Debian
Jessie. Evergreen's direct dependency on libpcre3 is new in 2.10
(see bug 1468422); it happens that libpcre3 and libpcre3-dev
are installed on Wheezy by virtue of a different dependency
chain.
To test
-------
[1] On a fresh Debian Jessie netinstall, follow the OpenSRF
and Evergreen installation instructions. Verify that with
this patch in place, Evergreen's "configure" step succeeds.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
This patch fixes a regression introduced in LP#1501471
where the Library Settings Editor could fail to retrieve
the values of org unit settings if more than 99 were
requested at a time.
To test
-------
[1] Open the XUL library settings editor and ensure that
no search filters are in effect. Note that values
are not displayed for any of the OU settings, and that
the Pg log contains error messages like this:
"ERROR: cannot pass more than 100 arguments to a function"
[2] Apply the patch.
[3] Repeat step one, and verify that values are now retrieved
for all of the OU settings that have values set.
[4] Verify that the pgTAP tests in live_t/aous_batch.pg pass.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Steven Callender [Wed, 13 Apr 2016 15:15:27 +0000 (11:15 -0400)]
LP#1569884 Allow deleted monograph parts to be recreated.
Changed the constraint on the biblio.monograph_part table to allow for a
monograph part to be created if a duplicate deleted version is found.
To test:
[1] Add a monograph part to a bib.
[2] Delete that monograph part.
[3] Attempt to add a monograph part to the same bib using
the same part label. Without the patches installed, this
will fail; upon applying the database update, this operation
should succeed.
Signed-off-by: Steven Callender <stevecallender@esilibrary.com> Signed-off-by: Jason Stephenson <jstephenson@mvlcstaff.org> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This pgTAP test verifies that if you logically delete a monograph part,
you can subsequently add a new one with the same label as that of the
deleted one.
We had some overlap in numbers at the beginning of test file names.
The OCD in me think this should be straightened out. This branch
renumbers the duplicates starting with 10-.
Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Ben Shum <ben@evergreener.net>
Bill Erickson [Wed, 30 Mar 2016 21:57:59 +0000 (17:57 -0400)]
LP#1564079 Checkout history skips nonexistent items
Modify the user checkout history migration process
(2.9.3-2.10.0-upgrade-db.sql and 0960.schema.decouple_co_history.sql) to
avoid inserting history rows for circulations whose copies do not
exist in the database.
For reference, this is a rare condition that cannot be recreated in a
modern EG system short of modifying constraints.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Remove the target_copy foreign key constraint on action.usr_circ_history
so that it does not prevent creation of rows from circulation's that
link to serial.unit objects. Similar to action.circulation, the foreign
key constraint is enforced via a evergreen.fake_fkey_tgr trigger
instead.
This modifies the 2.9.3-2.10.0-upgrade-db.sql and 0960 upgrade scripts,
since without this change, the scripts may fail.
A separate upgrade script is added to drop the constraint for those who
have already successfully run the the 2.9.3-2.10.0-upgrade-db.sql script
(i.e. those who don't use serials). For simplicity, the
evergreen.fake_fkey_tgr trigger is only applied in this separate upgrade
script (in addition to the base schema, of course).
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Now that Debian Squeeze's LTS (long-term support) period
has ended, Evergreen no longer offers community support
for that distribution. This patch removes references
to Squeeze from the installation scripts and documentation.
To test:
[1] Verify that Debian Squeeze is no longer referenced in
the installation documentation.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Ben Shum <ben@evergreener.net>
Conflicts:
docs/installation/server_upgrade.txt
Bill Erickson [Fri, 1 Apr 2016 00:35:00 +0000 (20:35 -0400)]
LP#1564685 Avoid referencing out-of-scope stat cats
Fixes a bug in the patron editor where out-of-scope stat cats would be
incorrectly bundled in the patron save operation, resulting in a
server-side error on save. In short, ignore out-of-scope stat cat
entries for patrons in the editor.
An org setting requiring a value for a field in the patron editor means
the field is required, even if it's not required by default. IOW, fix
the code that was supposed to do that already.
Of note, county and state can now both be marked as required by org
settings in the patron editor.
Bill Erickson [Thu, 24 Mar 2016 02:13:44 +0000 (22:13 -0400)]
LP#1564685 Allow barcode as username despite regex
Allow a patron's barcode to be considered a valid username in the patron
editor even in the presence of an 'opac.username_regex' org setting
value that does not match the barcode.
Jason Boyer [Thu, 31 Mar 2016 12:08:03 +0000 (08:08 -0400)]
LP1564378: Silence Hash Init Warning
A trivial change to silence a lot of noise (if your libraries
use extending grace periods.)
Signed-off-by: Jason Boyer <jboyer@library.in.gov> Signed-off-by: Jason Stephenson <jstephenson@mvlcstaff.org> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Mike Rylander [Tue, 22 Mar 2016 15:50:58 +0000 (11:50 -0400)]
LP#1373601: Consider relevant characters before using word-boundary checks
To perform unanchored phrase limits, we make sure that the phrase supplied
by the user does not end in the middle of a word by bounding the condition
with word-boundary bracket expresssions. However, if the phrase starts
or ends with a non-word character (that is, something other than numbers,
letters, or the underscore) then the word-boundary expression won't match.
The effect of this is to cause phrase searches starting or ending in
punctuation to fail when the user would not expect them to.
To address this, we now test the phrase for word-iness at the front and
back before applying word-boundary bracket expressions.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Galen Charlton [Mon, 21 Mar 2016 19:23:42 +0000 (15:23 -0400)]
LP#1560174: fix MARC import for database upgraded to 2.10.0
This patch applies the correct version of the vandelay.ingest_items()
stored procedure introduced in the patch for bug 1548143.
To test
-------
[1] Upgrade an Evergreen database to 2.10.0 (a fresh database
will not run into the bug).
[2] Try importing a MARC bib record via Vandelay using a profile
that imports items. This should fail.
[3] Apply the schema update in this patch.
[4] Repeat step 2; this time, the import should succeed.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
* Fixes bug that caused password verify calls to fail with an exception
when tested with a barcode.
* Verify API always returns false when tested on deleted users.
To test:
1. In the staff client, navigate to Circulation -> Verify Credentials
2. Confirm username and barcode lookups return success for a non-deleted
user using the correct password.
3. Delete a test user in the database:
UPDATE actor.usr SET deleted = TRUE WHERE id = <id-of-test-user>;
4. Re-do step 2 confirming non-success results are returned.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Kathy Lussier [Tue, 15 Mar 2016 15:29:28 +0000 (11:29 -0400)]
Updates to 2.10 release notes
Updates includes fixing some grammatical errors/typos, some rewording and
reorganization to improve clarity, and explicitly calling out new settings.
We also added Christine Morgan to acknwoledgements for her contribution of
new images for hold and transit alerts/slips.
Avoid transaction collision errors when updating patrons, in cases where
the patron object has to be updated more than once, by refreshing the
last_xact_id value on the in-progress patron object.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
1. Adds support for enforcing ui.patron.edit.*.require and
ui.patron.edit.*.regex org unit settings via Angular's ng-pattern and
ng-required attributes.
2. Supports selecting only valid profile groups and home org units.
3. Warns the user when a duplicate barcode or username is encountered.
When any fields in the form are invalid, the save options are disabled.
==
Adds support for enforcing the following permissions:
Mike Rylander [Mon, 7 Dec 2015 16:57:11 +0000 (11:57 -0500)]
LP#963341: Unrelated YAOUS breaks MFHD management
Part of LP bug 963341 is about how the setting opac.fully_compressed_serial_holdings
breaks staff's ability to manage MFHD attached to serials records. This
commit unbreaks that by fetching the relevant MFHD regardless of that setting
but should not otherwise change user-visible behavior.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Dan Wells [Thu, 7 Jan 2016 16:47:43 +0000 (11:47 -0500)]
LP#1208613: Reset lineitem cache when resetting table
Stale cache entries in this table were causing the "expand all"
functionality to break. This might be a nuclear option, but as far as
I could see, this "cache" gets repopulated on every pagination anyway,
so I don't think we're losing anything.
To test:
[1] Select a large list from the Acquisitions --> My Selection List
screen.
[2] Click on the Expand All button and the items on the page expand
with more information.
[3] Click on the Next link to bring up page 2 of the list.
[4] Click on the Expand All button and verify that additional
information is displayed.
Terran McCanna [Tue, 1 Mar 2016 21:47:20 +0000 (16:47 -0500)]
LP#1370694 Selfcheck: "Print List" for Holds view does not work
Prior to this change, the holds data was not getting passed to the
print function. Now, it is being captured and passed to the print
function. Because of some sorting discrepancies between the order of
the information being passed from here to the action trigger and the
order that the information is presented when pulled directly out of the
database by the action trigger (which led to data mismatches between the
title/author and the hold status/pickup locations for each printed item),
I modified this script to pass all of the hold information together in the
desired order to the action trigger rather than relying on the template
to match the data coming from the script with the data from the database.
This change requires the action trigger printing template to be updated in
order to work. I've included an upgrade script as well as an update to the
seed data script.