dbs [Tue, 25 Jan 2011 19:18:02 +0000 (19:18 +0000)]
Update README to include --admin-user / --admin-pass options for eg_db_config.pl
As the default Evergreen administrator account is now created with
a randomized user name and password, we have added the options to
eg_db_config.pl to reset those to something known and specific to
a given instance.
Also, Fedora 13 is getting close to retirement, update to Fedora 14 for
supported distros.
dbs [Tue, 25 Jan 2011 06:17:46 +0000 (06:17 +0000)]
Teach the i18n Makefile how to handle serial.properties
Also check in the POT for serial.properties and some other
foobar.label matches for foobar.accesskey (does not have
an effect on properties files but hopefully if we're
consistent then the pattern will be evident for entities).
Noting in passing that there are a number of "foobar(s)"
comined singular/plural labels that should be split to
support translation.
dbs [Tue, 25 Jan 2011 03:09:18 +0000 (03:09 +0000)]
Fix existing serial entities that didn't provide .label partners for .accesskey
The translate-toolkit project generates a POT file from an input DTD
that requires entities ending in .accesskey to have a corresponding
.label entity; this is a Mozilla convention for localization. Fix up
the serial interface strings that are localized to match this expectation.
Also remove two duplicate entities in lang.dtd that were flagged by
the build/i18n/tests/check_entities.py script (and which cause Launchpad
translation imports to break).
senator [Mon, 24 Jan 2011 22:14:57 +0000 (22:14 +0000)]
Serials: A batch of improvements to the caption/pattern wizard
- Using a numeric frequency ($w) now pre-selects the regularity page
- Switch the regularity page from a box layout to a grid layout for legibility
- Simplify and unify month/date control pairs, enforcing correct limits
on days in each month
- Scrollbars!
- If the user creates $y data in the regularity page, but then unchecks the
"use specific regularity information" box, the $y stuff will be correctly
excluded from the compiled pattern code.
- "Display in Holding Field" replaced with text that better explains what it
means
- The wizard's dialog window has a title now
- In alternate serials control -> subscription details -> captions/patterns tab,
if the user has already typed something in the Pattern Code field, they
now get a warning that using the wizard will erase their existing work
if they click the Wizard button
- The captions/pattern tab now treats pattern codes as immutable once created,
which is what was apparently intended from the beginning. See
http://list.georgialibraries.org/pipermail/open-ils-dev/2010-May/006079.html
dbs [Sun, 23 Jan 2011 18:43:22 +0000 (18:43 +0000)]
i18n support for a few OPAC strings
Enable translation of the "More copies listed in full record details"
message for the search results library / call number / item /status
lines
Also provide translation support for the hold queue status message,
including singular / plural variants (most languages do not provide
the equivalent of the "item(s)" idiom in English).
Instead of burying the display of hold queue status with a hard
coded "if (false)" test, turn it into a top-level variable for
a bit more exposure.
phasefx [Fri, 21 Jan 2011 22:22:53 +0000 (22:22 +0000)]
more overzealous unsaved data prompts
onKeypress catches all sorts of stuff, like the control+w for closing tabs. Not good. Ideally we'd test event.isChar, but that's broken in Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=312552
Instead we look to see if control, alt, or meta are being held down. Not perfect, but good enough for now. For example, won't ignore tabs for jumping from field to field, and won't realize the hotkey for clipboard pasting should trigger the unsaved data state.
phasefx [Fri, 21 Jan 2011 16:58:44 +0000 (16:58 +0000)]
fix spurious unsaved data prompt with repeated use of same patron editor (only set tab lock once with patron editor, since we only unlock once upon save)
dbs [Fri, 21 Jan 2011 03:13:14 +0000 (03:13 +0000)]
Part 3 of a more secure default set up
With this commit, the hardcoded default barcode is replaced by an
MD5 hash of a random string of numbers, preventing the barcode from
being used as a known login name in the OPAC interface (which would
remove one of the factors required in a brute forcing of the account
credentials).
You probably don't want to change the barcode for the admin user,
but if you feel the need you can use the usual patron editor in
the staff client.
Thanks to Thomas Berezansky for suggesting this additional change.
senator [Thu, 20 Jan 2011 22:37:13 +0000 (22:37 +0000)]
Acq: use the acqlimad table instead of its ancestor acqliad table to
populate a dropdown for the Export Single Attribute List function of lists
of lineitems
The acqliad table may appear to have duplicate entries since it's a parent, and
the point of the function that's trying to use it is just to export lists of
ISBNs or UPCs, so acqlimad is a better fit.
senator [Wed, 19 Jan 2011 21:52:28 +0000 (21:52 +0000)]
Booking: Robert Soulliere spotted and fixed a bug in processing reservation-
related overdue fines. See https://bugs.launchpad.net/evergreen/+bug/705061
This patch tests successfully for me. Thanks Robert!
miker [Wed, 19 Jan 2011 19:50:47 +0000 (19:50 +0000)]
Build and flatten a tree, correcting a sorting issue in some OU dropdowns.
The previous code assumed that work org units would be delivered in hierarchical order, but alas, they are not. Thus, we build the hierarchy and then flatten it, sorting at each level. This will be non-fast with many work OUs, but the common case is a small set, which is not painful.
Further improvement is warranted when the above proves false.
dbs [Wed, 19 Jan 2011 14:53:48 +0000 (14:53 +0000)]
Avoid escaping issues in authority.normalize_heading() by parameterizing the query
Long story short: MARC subfield values containing backslashes caused noise
and in some cases painful errors. Using spi_prepare/spi_exec_query is the
safest way of handling escaping, rather than adding more regexes and munging
the data before it even gets to naco_normalize().
Most painful case was <subfield code="a">Foo, Bar\</subfield> - the trailing
slash ended up escaping the enclosing single quote (because PostgreSQL isn't
configured by default with strict conformance to SQL escaping rules yet) and
threw an error.
dbs [Wed, 19 Jan 2011 04:41:15 +0000 (04:41 +0000)]
Part 2 of creating a more secure default setup
With this commit, the user name and password for the administrative
user will be MD5 hashes of a random string of numbers. You can set
the user name and password to your liking using the --admin-user and
--admin-pass switches for eg_db_config.pl (this will be the
documented method in the install docs) or via straight SQL as:
UPDATE actor.usr SET usrname = 'FOO', passwd = 'BAR' WHERE id = 1;
dbs [Wed, 19 Jan 2011 04:24:49 +0000 (04:24 +0000)]
Towards a more secure default setup
Shipping with a default account user name and password is considered
an authentication anti-pattern; see
http://code.google.com/p/owasp-development-guide/wiki/WebAppSecDesignGuide_D2
By making the user select an admin user name and password at the time
they create the database, we avoid the chance that they will forget to
change the default password and leave their system open to access.
Next step is to change the seed data to insert random values for the
admin username and password, then update the documentation accordingly.
senator [Tue, 18 Jan 2011 18:35:04 +0000 (18:35 +0000)]
Make EditPane objects built of AutoFieldWidget objects (such as those used
for create/edit dialogs with AutoGrid) enforce required fields more forcefully.
Before, if a field was marked required either in the IDL or by the
requirdFields attribute of an AutoGrid, you'd get a yellow widget with a caution
sign for that field, but you could still click save and the system would
attempt to save your object.
Sometimes this is stopped when pcrud can't save the object due to
required="true" in the IDL and/or a "not null" constraint in the schema, but
there may be cases where a given interface wants to require a value in a given
field even though that's not necessarily enforced at lower levels.
Serials: Specifically use this new feature in the distribution pane of the
Alternate Serial Control view, to prevent the creation of issues without a
"receive unit template" field, as you can't receive items in the Batch
Receive interface without one.
dbwells [Mon, 17 Jan 2011 23:34:49 +0000 (23:34 +0000)]
Auto-generation of placeholder barcodes
This commit implements a very basic trigger for auto-generating placeholder barcodes, as discussed at the Dec. 14 2010 IRC developer meeting. The 1.6.1-2.0 upgrade script has not been changed, as backporting this to 2.0 is pending review.
dbwells [Sat, 15 Jan 2011 04:04:23 +0000 (04:04 +0000)]
Postpone advanced serial call-number handling until after 2.0
Sharing of a single call-number for multiple volumes, while well intentioned, was not ready for primetime for various reasons. This commit:
1) harmonizes and unifies call-number handling in Serial.pm, sticking with current practices
2) adds a very basic and now necessary prompt to the Serial Control view
senator [Sat, 15 Jan 2011 03:03:45 +0000 (03:03 +0000)]
Serials: a regularity (i.e. 85X subfield $y) page for the caption/pattern wizard
This adds a new page to the caption/pattern wizard that allows the user to
enter regularity information (specific published, omitted, and combined issues)
by chronology. Doing the same by enumeration is possible in MFHD but not yet
supported in the wizard.
You still have to be a serials librarian who understands MFHD and the 85X tags
in order to really benefit from this, but it beats hand-entering the MARC tags.
Still to-do to perfect this:
- suggest (pre-enable) the regularity page when numeric $w is used
- use grid layout instead of hbox and vbox elements for neatness
- support enumeration codes
- days of month widget should be smarter than to always allow 31 days
- the whole caption/pattern wizard still needs scrollbars
- more limitations to prevent the user from entering patterns that
don't make sense
- make sure that if a user fills out a page of the wizard, including
this new one, but then unchecks the whole page, that whatever
work they did is not included in the compiled result
- more testing, general cleanup
dbs [Fri, 14 Jan 2011 02:49:33 +0000 (02:49 +0000)]
Enable truncation attribute in Z39.50 queries to be left out entirely
Per https://bugs.launchpad.net/evergreen/+bug/702695, some Z39.50
servers hate the truncation attribute (@attr 5=anything) and always
return 0 hits.
This gives you the ability to specify a negative value for the
truncation attribute and thereby prevent the truncation attribute
from being included in the Z39.50 query for a given server.
senator [Wed, 12 Jan 2011 22:50:16 +0000 (22:50 +0000)]
Serials: In the holding code mini wizard of the alt serials controls, pre-
populate any Year, Season, Month or Day fields based on issuance.date_published
to reduce the need for redundant user input.
gmc [Wed, 12 Jan 2011 20:51:27 +0000 (20:51 +0000)]
AutoFieldWidget no longer uses CurrencyTextBox dijit
NumberTextBox used instead to work around problem with
CurrencyTextBox's support for negative monetary amounts
in Dojo 1.3. See https://bugs.launchpad.net/evergreen/+bug/702117
Before this commit, you get a run of predictions that look like this:
v.1:no.40(2011:Oct.03)
v.1:no.41(2011:Oct.10)
v.1:no.42(2011:Oct.17)
v.1:no.43(2011:Oct.24)
v.1:no.44(2011:Oct.31)
v.1:no.45(2011:Nov.07)
v.1:no.46(2011:Nov.21)
v.1:no.47(2011:Nov.28)
v.1:no.48(2011:Dec.05)
v.1:no.49(2011:Dec.12)
v.1:no.50(2011:Dec.26)
v.2:no.1(2012:Jan.02)
Which I'm pretty sure is wrong. The next-to-last week in November should have
been skipped, and the fourth week in December should have been skipped. I think
the week number should be defined in terms of the day of the week on which this
weekly serial is published, so fourth week means fourth Monday in this case (?).
With this commit, you get a run of predictions that look like:
v.1:no.40(2011:Oct.03)
v.1:no.41(2011:Oct.10)
v.1:no.42(2011:Oct.17)
v.1:no.43(2011:Oct.24)
v.1:no.44(2011:Oct.31)
v.1:no.45(2011:Nov.07)
v.1:no.46(2011:Nov.14)
v.1:no.47(2011:Nov.28)
v.1:no.48(2011:Dec.05)
v.1:no.49(2011:Dec.12)
v.1:no.50(2011:Dec.19)
v.2:no.1(2012:Jan.02)
Which seems correct to me. I'm going to consult with others before backporting
this to rel_2_0, however.