Jason Etheridge [Thu, 10 Nov 2022 21:01:23 +0000 (16:01 -0500)]
lp1959010 toward Staff View tab
* link searches for listed genres
* s/Abstract:/Summary:/
* link to View all Formats and Editions
* remove border from staff view
* tweaking what goes where
* add metabib record count next to View all Formats and Editions link
* remove links for what boils down to marc 508 and 511
* made the count off-by-one trying to not make it off-by-one :)
* remove the creator field
* keep just Subject:
* remove the Record is or is not holdable information as it doesn't present the whole truth
* refresh interface on tab change
Signed-off-by: Jason Etheridge <jason@EquinoxOLI.org> Signed-off-by: Mary Llewellyn <mllewell@biblio.org> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jason Etheridge [Mon, 3 Oct 2022 04:12:02 +0000 (00:12 -0400)]
lp1959010 toward Staff View tab
* make our Staff View tab with the new BibStaffView widget
* seed our BibStaffView with BibSummary
* first attempt at changing some identifiers with our seed code
* experimenting with layout and stripping courses functionality
* simplifying the layout for now and adding display fields
* moar data
* layout tweaks and propagate metabib attributes for Formats and Editions
* don't cross the streams with metabib related
* field names for the record and metabib variants of the catalog_summary call. This would otherwise break some links in search results involving bibs with metarecords.
* hyperlinks for the formats and editions in the catalog staff view
* fix catalog_summary vs catalog_summary.staff bug
* searchOrg depth was being passed where a boolean was expected
* This seems like a failure of TypeScript to detect.. type. What was going on here?
* layout and css tweaking
* fixing toc and relocating it and some other fields to column 1
* label fix
Signed-off-by: Jason Etheridge <jason@EquinoxOLI.org> Signed-off-by: Mary Llewellyn <mllewell@biblio.org> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
This commit adds two types of simple DoS protection:
* Limit concurrent search requests per client IP address, regardless of
the searches being performed. This helps address issues of accidental
spamming from a malfunctioning OPAC workstation, or crawlers of various
types. The limit is controlled by a global flag called
"opac.max_concurrent_search.ip".
* Limit the global concurrent search requests for the same query. This
helps address both simple and distributed DoS that send the same search
request over and over. The limit is controlled by a global flag called
"opac.max_concurrent_search.query", and defaults to 20.
When the limit is exceeded in either case the client receives an HTTP
429 "Too many requests" response from the web server, and the connection
is ended.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
With this commit we throw away searches with invalid qtype value based
on configured classes and aliases. Invalid qtype values have been seen
in the wild as part of attempted (but failed) SQL injection attacks, so
we will tighten up what we accept.
As an additional (unrelated) bonus, this commit also avoids prepending
the search class on basic search when the class (from qytpe) is not
exactly "keyword".
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jane Sandberg [Wed, 11 Jan 2023 03:17:18 +0000 (19:17 -0800)]
LP2002435: Don't allow shelving location fm-editor to change delete flag
To test:
1. Go to the Local Admin > Shelving Locations Editor screen
2. Select a location and edit it.
3. Note that with this patch in place, the Delete checkbox
is no longer editable.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com> Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
spmorrison [Wed, 8 Mar 2023 19:59:21 +0000 (14:59 -0500)]
Docs: Update describing_your_organization.adoc
Updated the Create and edit Organization Unit Types section as well as the Organization Units sections to update text and add screenshots. Also added instructions for hours of operation notes (released in 3.10).
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Some older style ARRAY_TO_STRING(ARRAY_AGG()) should be replaced to
use the native STRING_AGG() that comes with PG 9+. This should improve
performance for these functions.
Signed-off-by: Ben Shum <ben@evergreener.net> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Galen Charlton [Thu, 17 Nov 2022 15:09:39 +0000 (10:09 -0500)]
LP#1996908: allow OpenILS::WWW::Proxy::Authen to check eg.auth.token
This patch allows the authentication handler to accept the
'eg.auth.token' cookie coming from the staff client if a 'ses' parameter
or 'ses' cookie has not been set. This allows resources gated by
this handler to be accessed by a staff member who has logged
into the staff client without requiring an additional login.
To test
-------
[1] Create a report and note the URL of one of its
outputs.
[2] In a completely fresh browser session, log into the
staff client, then directly load the reporter output.
You will be prompted to log in again because the 'ses'
cookie was not set.
[3] Apply the patch and repeat step 2. This time, the reporter
output should be directly retrieved.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
This patch reduces the number of updates to search.sympell_dictionary
rows that would not change the contents of those rows, thereby
reducing the potential for certain record maintenance operations to
significantlly bloat that table.
In particular, it adjust the upsert to update the row for an existing
prefix only if there would be a net change in at least one of the *_count
columns or the list of suggestions. (Note that if a row is the target of
an UPDATE statement, PostgreSQL will _always_ create a row version, even
if there is no change to the contents of the row.)
It should be noted that while this patch is useful in and of itself, there
is a longer-term fix that would have additional benefits: adjust the
overall reingest logic so that it minimizes changes to all large tables
derived from the bib record when a bib gets reingested. A row that never
gets touched because it doesn't have to be can never become bloat.
To test
-------
[1] In a Concerto database, ensure that idempotent updates of the MARC
in biblio.record_entry will nonetheless force a reingest by running:
update config.internal_flag set enabled = true where name = 'ingest.reingest.force_on_same_marc';
[2] Note the size of search.symspell_dictionary by running:
Galen Charlton [Wed, 15 Feb 2023 17:01:47 +0000 (12:01 -0500)]
LP#2007351: fix the MARC editor heading linker for certain fields
The headings linker in the Angular bib record editor could fail
to retrieve the relevant authority control field metadata to determine
what subfields in the bib record are controlled by a top-level authority
record (as opposed to a subdivision record). This patch fixes this
by adjusting the query for bib-to-authority linking relationships.
This manifiested by the headings linker not consistently bringing
up the headings browse when attemping to link headings in the bib
600, 600, 651, and 655 field.A
To test:
[1] Open a bib record in the Angular MARC editor and create a 650
field.
[2] Click the button to open the headings linker. Note that no
browse is performed. (This is not 100%, as the bug is sensitive
to the exact order that the database happens to return rows
from the authority.control_set_bib_field table.)
[3] Apply the patch and repeat step 2.
[4] This time, the browse list in the headings linker should show
results.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Carol Witt <wittc@cwmars.org>
Jane Sandberg [Wed, 22 Feb 2023 04:48:31 +0000 (20:48 -0800)]
LP1999401: Don't override magic statuses from holdings editor templates
1. Create a new template including a status
2. Check out an item
3. Apply your template to the item
4. Note that the item's status is no longer Checked Out
5. Apply this patch
6. Retry steps 1-3. Note that the item's status is still Checked Out
Signed-off-by: Jane Sandberg <sandbergja@gmail.com> Signed-off-by: Elizabeth Davis <elizabeth.davis@sparkpa.org> Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Jane Sandberg [Wed, 11 Jan 2023 00:59:14 +0000 (16:59 -0800)]
LP1999401: Don't apply magic statuses from holdings editor templates
1. Create a new template in the holdings template editor with a few
different values in various fields.
2. Include a "magic" status in your template (like Lost or In
Transit). To select it, you can type the first few characters
then press <Tab>.
3. Save your template.
4. Apply your template to an item.
5. Note that the copy status has changed to a magic status.
6. Apply this patch.
7. Try applying your template to another item.
8. Note that the copy status field doesn't change this time,
but other fields from your template should still apply.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com> Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Tiffany Little [Mon, 30 Jan 2023 19:17:38 +0000 (14:17 -0500)]
LP2002977 Flip position of LI alert boxes
Signed-off-by: Tiffany Little <tlittle@georgialibraries.org> Signed-off-by: Christine Morgan <cmorgan@noblenet.org> Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Galen Charlton [Wed, 16 Nov 2022 17:11:22 +0000 (12:11 -0500)]
LP#1980142: adjust styling of patron message body in Bootstrap OPAC
This patch resolves an issue where the text of the message body
could be rendered very small due to default styles applied to the <pre>
element. In particular, it converts the <pre> to a <p> and restores
a TPAC-era style that ensures that
* long lines in the message wrap
* but line breaks are also preserved (see LP#1927990)
This patch also ensures that the message body is not displayed with
label but no contents if the body is empty.
To test
-------
[1] Create a public patron note that contains line breaks and
long lines.
[2] Note that in the Bootstrap OPAC message view, the message
displays with fixed-width text (that may use a smaller font
than the rest of the page) and has a horizontal scrollbar
(due to the long line).
[3] Apply the patch and look at the message again in the OPAC.
This time, the long line should wrap, but line breaks are
also preserved.
This patch includes a portion of a patch by Garry Collum.
Lp 2008925: Patch Templates Adversely Affected by Lp 1992490
The patch for Lp 1992490 wrapped several text blocks in the l()
translation function. At least two of these introduced syntax error
in Template Toolkit. Some of the others could have been done
differntly to fit in better with the general idiom of how we use the
fuction in Evergreen.
This commit modifies those that stood out as the most egregious
examples.
An easy way to test this is to login to the OPAC on an unpatched
system and click to open "Messages." You will get an Internal Server
Error. After you apply this commit and install the affected
templates, you will not get an Internal Server Error.
The other modified templates do not seem to crash, but use the
translation funciton in idiosyncratic ways. This commit attempts to
smooth those out.
Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Jane Sandberg <sandbergja@gmail.com> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Add a --pipe option to marc_export to force reading of record ids from
standard input when one or more of the --library, or --descendants
options are used. This permits more flexibility when exporting
records with holdings for given libraries or subsets of a collection.
It is an error to specify the --all or --since and --pipe options in
the same command line.
Stephanie Leary [Wed, 1 Mar 2023 15:52:19 +0000 (09:52 -0600)]
LP1814978 Keyboard support for bib record actions
Adds the ngbDropdownItem directive to dropdown menu items in the staff
catalog bib record actions: Serials, Mark For, and Other Actions. This
adds support for navigating the menus using the up/down arrows on the
keyboard.
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxOLI.org> Signed-off-by: Susan Morrison <smorrison@georgialibraries.org> Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Bill Erickson [Thu, 16 Feb 2023 16:02:49 +0000 (11:02 -0500)]
LP2007591 Allow Last-Copy Delete to Create Hold Notices
Fixes an issue where attempting to create A/T events for recently
canceled holds fails becuase the cancel_time on the hold is the
pre-insert value of "now" instead of a valid date string.
Resolve the issue by fetching the post-insert copy of the hold, so it has
all of the correct in-database values, before passing the hold to A/T
for processing.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Stephanie Leary [Tue, 1 Nov 2022 16:33:04 +0000 (11:33 -0500)]
LP1991562 Accessible link and button colors in Angular staff interface
Several of the default colors in Bootstrap 4 do not meet WCAG Level AA
accessibility requirements when used for links (#007bff blue) or button
backgrounds with white text (blue/primary, #28a745 green/success, and
Additionally, while the yellow/warning color (#ffc107) does pass the
contrast check with black text, the button itself does not pass the
graphical object contrast check against white or #f7f7f7 page/tab
backgrounds, meaning people with some forms of color blindness can't see
the shape of the button.
This patch updates link and button colors using Bootstrap 5 tints
(https://getbootstrap.com/docs/5.0/customize/color/#all-colors). While
slightly lighter custom colors could be used to pass the contrast
checks, sticking to the Bootstrap 5 color scheme should make it easier
for us to stay consistent as new components are added in the future.
Stephanie Leary [Thu, 19 Jan 2023 15:18:40 +0000 (09:18 -0600)]
LP1980874 Limit depth dropdown in patron notes
Adds standard form control styling to the depth select menu in the
Patron > Create Note modal. This limits the width of the closed dropdown
to the width of the form and prevents long labels from overflowing.
This does not prevent the individual options from overflowing the
<select> width due to the limited CSS support for the <option> tag; all
width and text wrap properties are currently unsupported.
Stephanie Leary [Tue, 6 Dec 2022 22:56:14 +0000 (16:56 -0600)]
LP1998969 Make disabled <option>s more obvious
Changes the color of disabled options in <select> dropdowns to 30% gray.
To test, visit the staff catalog. In the search filters, with the search
type set to keyword, notice that the "matches exactly" and "starts with"
options in the "Contains" dropdown are now better distinguished from
valid choices.
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxOLI.org> Signed-off-by: Susan Morrison <smorrison@georgialibraries.org> Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Tiffany Little [Fri, 9 Dec 2022 18:16:55 +0000 (13:16 -0500)]
LP1999270: Bold the Paid indicator on line items
Signed-off-by: Tiffany Little <tlittle@georgialibraries.org> Signed-off-by: Mary Llewellyn <mllewell@biblio.org> Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Provides label tags for staff catalog search form fields.
Most labels in the form are visible. I have used the sr-only class to
make labels available to screen reader users while hiding them from
sight on the publication date range fields, which I think are easy
enough to use without visible labels. However, this combination of year
and operator dropdowns is not well organized for screen reader users,
and we should rethink the order and wording of these fields.
To test, visit staff/catalog/search and inspect each form field. Verify
that each one has a <label> tag where the for attribute matches the ID
of the associated form element. (Checkboxes wrapped in the <label> tag
still need matching ID and for attributes for consistent ARIA support.)
Tiffany Little [Mon, 30 Jan 2023 18:52:58 +0000 (13:52 -0500)]
LP2003947 Add LID count to Acq Search
Signed-off-by: Tiffany Little <tlittle@georgialibraries.org> Signed-off-by: Christine Morgan <cmorgan@noblenet.org> Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Tiffany Little [Mon, 30 Jan 2023 19:01:11 +0000 (14:01 -0500)]
LP2004187 Opens acq provider link in new tab on PO
Signed-off-by: Tiffany Little <tlittle@georgialibraries.org> Signed-off-by: Christine Morgan <cmorgan@noblenet.org> Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Garry Collum [Tue, 24 Jan 2023 16:22:28 +0000 (16:22 +0000)]
LP2003742 Shelf browse in angular catalog uses deleted call numbers
Fixes the call number browse. To determine the call number for which
the browse list displays, deleted call numbers are not removed from
the query.
To test in Concerto:
1. Go to a bib and click on the shelf browse tab. Notice where the list
begins.
2. Add a new item with a call number less thatn the starting point of
the browse list. For example, if the list begins at 780, create
a call number at 100.
3. Refresh the browse screen and notice that the list now begins at
the lower call number.
4. Delete the item and call number that was created, the list still
begins at the lower call number.
5. Apply the patch.
6. The list should now begin at it's original call number.
Signed-off-by: Garry Collum <gcollum@gmail.com> Signed-off-by: Bill Erickson <berickxx@gmail.com>
Galen Charlton [Mon, 20 Feb 2023 22:13:45 +0000 (17:13 -0500)]
LP#2007877: various fixes to Server Admin Print Templates page
This patch fixes a regression introduced by the switch to NgbNav
as well as a number of other issues.
To test
-------
[1] Open the Server Administration -> Print Templates page and select
a print template. Observe that the template editor is not displayed
and that there are errors in the browser console.
[2] Apply the patch and repeat step 1. This time, the template is
displayed along with its previewed.
[3] Switch to the Sample Data tab, then select another template. Observe
that the template is reloaded and the active tab switched to the template
editor.
[4] Select a template such as "Checkin" that does not have stock
sample data. Observe that the Preview and Compiled Content panes on
the template editor tab are empty and that the Sample Data tab
has an empty control
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Bill Erickson <berickxx@gmail.com>
Use OFFSET as an optimization fence to keep newer PGs from trying to
fold the c_attr and b_attr CTEs into the main search query.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Stephanie Leary [Fri, 9 Dec 2022 22:25:15 +0000 (16:25 -0600)]
LP1999282 Less intense badges for staff interface
Flips the contrast on badges to make them less intense and comply with
color contrast requirements. In keeping with the less intense alert
styles, the badges have more subtle background colors. I have also
adjusted the spacing and font weight to make the characters larger
without greatly increasing the overall size of the badge.
All of these styles pass WCAG AAA contrast checks. In anticipation of
Bootstrap 5, I have included the new .text-bg-* classes alongside the
current ones.
The access key modal (Control-H) is a good place to observe the overall
effect.
This patch fixes a regression introduced by bug 2006749 that
prevented open-ils.actor.ou_setting.ancestor_default from retrieving
the value of a library setting that does not have a view permission
associated with it. It also fixes a similar issue with
open-ils.actor.org_unit.settings.history.retrieve.
To test
-------
[1] Use srfsh to retrieve the value of a library setting
that does not have a view permission. E.g.,
[2] Apply the patch and repeat step 1. This time, the value of
the setting should be returned.
[3] Verify that viewing the edit history of a setting in the
Library Settings admin page works as expected.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Jason Stephenson <jason@sigio.com>
LP#1999944: fix bug that can break drawing the folder tree for reports
Specifically, skip drawfolders iteration if parent node cannot be
found and eport invalid parent folder in the browser console.
For example, if a user creates a template folder that is not shared
that has a child folder that _is_ shared, another user at the library
that the folder is shared with would see their report folders be
incompletely rendered.
Jason Boyer [Fri, 18 Nov 2022 13:31:31 +0000 (08:31 -0500)]
LP1754455: Sanity checking and auto-strip 852s when using --items
If a user passes --strip / inform them that their request to output nothing
but empty records has been denied. Also auto-remove existing 852 fields when
using --items because only actual holdings data should be output in that case.
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>