Jason Stephenson [Wed, 18 Feb 2015 21:28:31 +0000 (16:28 -0500)]
LP#1424755: Org Unit Setting view permissions can be bypassed
Fix private org. unit setting leakage by forcing the $auth argument
to true if not passed in when open-ils.actor.ou_setting.ancestor_default
or open-ils.actor.ou_setting.ancestor_default.batch are called.
Other than a change to the desc of the public methods to reflect that
they now check permissions if permissions are required, there are no
required api changes to the back or the front ends.
Signed-off-by: Jason Stephenson <jstephenson@mvlc.org> Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Ben Shum [Fri, 26 Dec 2014 20:27:47 +0000 (15:27 -0500)]
Docs: fix asciidoc errors
When https://bugs.launchpad.net/evergreen/+bug/1386854 was merged to add a new
docs section for "Locally hosted content", it looks like there was a bad git
conflict resolution and an extra block of ======= was left behind.
Remove this to fix headings and table of contents for the documentation site.
Adds documentation that describes how to use the local content bypass
feature of the AddedContent modules. This allows for local added content like
cover art, reviews, TOC, exerpts or annotations to be shown in bib records.
I also changed the headers in the External Added Content section to use title case.
Mike Rylander [Thu, 6 Nov 2014 21:03:36 +0000 (16:03 -0500)]
LP#1390225: Fail to care about errors from auth.session.delete
We're just tossing this call over the wall and moving on. We don't
care if the session wasn't there to delete or even if we didn't pass
a session to the server.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Conflicts:
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
Mike Rylander [Thu, 6 Nov 2014 20:36:16 +0000 (15:36 -0500)]
LP#1390225: redirect to ctx.home_page instead of through ctx.logout_page
This way, we skip the auth.session.delete call that will error out because
we no longer have the authtoken cookie.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Conflicts:
Open-ILS/src/templates/opac/parts/base.tt2
Dan Scott [Tue, 21 Oct 2014 15:02:12 +0000 (11:02 -0400)]
lp1383763 - Display OpenURL embargo statement
The ResolverResolver service fetches the embargo statement (such as
"Last year not available") from OpenURL resolvers and stores it in a
target_embargo field. In JSPAC we used to display this along with the
coverage statement, because it is very important that people know that a
resource may be available from 1999 but the last year isn't available
online.
Restore the display of this information to the TPAC.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Dan Wells [Thu, 9 Oct 2014 21:32:42 +0000 (17:32 -0400)]
LP#1379824 Make PermaCrud.js disconnect() actually disconnect
The disconnect() method in PermaCrud.js was meant to wrap the
underlying session disconnect, but it never actually disconnected
the session. This could lead to problems in long-living PermaCrud
objects, as they may think they are still connected when they are not
(the session remote_id is never cleared).
Also, remove a couple (now redundant) manual session.disconnect() calls.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Yamil Suarez <yamil@yamil.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Ben Shum [Fri, 26 Sep 2014 21:05:39 +0000 (17:05 -0400)]
LP#1306814: Make use of patron timeout setting for selfcheck
As described in the bug, the library setting "Self Check: Patron Login Timeout
(in seconds)" does not appear to work with the newer selfcheck interface.
It looks like some of it was already being pulled in, like the variable, but
the interface was not utilizing it.
This commit borrows from the old JS selfcheck and implements a default of
three minutes for selfcheck timeout otherwise handled by the library setting.
Signed-off-by: Ben Shum <bshum@biblio.org> Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Galen Charlton [Tue, 7 Oct 2014 23:42:18 +0000 (16:42 -0700)]
LP#1378575: teach action::hold_request about behind_desk
This patch teaches the CDBI class for the action.hold_request
table about the newish behind_desk column, preventing errors
like this from being thrown if a recent OpenSRF version is in
use:
Processing of hold failed: Can't locate object method "behind_desk"
via package "action::hold_request" at /usr/local/share/perl/5.14.2/OpenILS/Application/Storage/CDBI.pm line 181.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Jeff Davis [Fri, 16 May 2014 22:14:43 +0000 (15:14 -0700)]
LP#1314827: On login, don't allow referer-based redirect to external site
On /eg/opac/login, if no redirect_to param is provided, the TPAC will
attempt to use the referer (if any) as the redirect destination. This
leads to undesirable behavior if the referring URL is from an external
site.
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca> Signed-off-by: Ben Shum <bshum@biblio.org>
Steven Chan [Mon, 29 Jul 2013 23:27:13 +0000 (16:27 -0700)]
Fix LP904860, Cannot print a patron address label
The sequence of events for printing an address label is as follows.
Staff client Code in the util/print.js file builds an HTML page of the
address label. The page includes two vital components, 1) a source tag
to pull 'print_win.js' file from the server, and 2) an onload event
handler bound to the body tag to execute a 'print_init()' function that
is defined in the source tag.
However, print_init() is undefined because the source tag contains a
badly formed URL. It needs to be prefixed by 'oils://remote' so that the
new 'oils:' protocol can be used to pull the file remotely from the
server.
Signed-off-by: Steven Chan <schan@sitka.bclibraries.ca> Signed-off-by: Ben Shum <bshum@biblio.org>
Bill Erickson [Tue, 17 Jun 2014 19:14:12 +0000 (15:14 -0400)]
LP#1331127 Repair sort logic of previous issuances
Ensure that the list of previous issuances is sorted correctly (on
date_published) when looking for the previous serial.unit to update its
copy location (when serial.prev_issuance_copy_location is enabled).
The data comes sorted from the DB, but the sorting was lost during the
process of unique-ifying the list. Ultimately, it was relying on the
order of hash keys, which is undefined.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
LP#1370630: don't log mod_deflate actions by default
This patch comments out logging of mod_deflate actions,
as this is needed only for debugging. Otherwise,
deflate_log will grow without bound, as it isn't dealt
with by typical default logrotate configs.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Remington Steed [Fri, 29 Aug 2014 18:45:50 +0000 (14:45 -0400)]
LP#1361801: Add required fields to serial issuance form
This commit prevents issuances from being created without a date_published
or holding_code. This has two benefits:
1. Prevents uncaught exceptions related to submitting null values for
either of those fields.
2. Requiring date_published prevents an ugly error when trying to
predict new issuances from an issuance without a date_published.
This commit does NOT provide any feedback to the user about which fields
are required. That would require further investigation into the Dojo/Dijit
objects being used for the edit form fields.
Signed-off-by: Remington Steed <rjs7@calvin.edu> Signed-off-by: Jennifer Pringle <jpringle@sitka.bclibraries.ca> Signed-off-by: Ben Shum <bshum@biblio.org>
Jeff Godin [Wed, 30 Oct 2013 20:41:06 +0000 (16:41 -0400)]
LP#1246859: Improve username flow for staged users
Staged users in most cases have a username that consists of a UUID.
Rather than leave the UUID as their username or require staff to
clear the field and replace it with a barcode or other value, it
would be better to remove this username when loading the staged user
in the user editor.
This commit clears the username when loading a stage user if the
username looks like a UUID.
If a barcode has been staged for the loaded staged user, the
username will be populated with that value.
If there is no staged barcode, the username will remain blank and
will be populated using the standard method after staff enters a
value in the barcode field.
Signed-off-by: Jeff Godin <jgodin@tadl.org> Signed-off-by: Ben Shum <bshum@biblio.org>
Kathy Lussier [Tue, 12 Aug 2014 21:33:16 +0000 (17:33 -0400)]
LP1309131 - Fix series link
Clicking on a series link with a hyphen failed because the hyphen was
stripped and the two words are joined together. This branch changes
series.tts to replace special characters with a space, which is similar to
the links we build for authors.
Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Ben Shum <bshum@biblio.org>
Bill Erickson [Mon, 2 Jun 2014 20:14:38 +0000 (16:14 -0400)]
LP#1325720 Repair fund rollover year selector query
Dojo dojo stores track values as strings, so values used in data store
queries must be coerced into strings before performing the query.
This fixes the year query in the fund rollover UI so that the page is
able to render the results of a rollover without dying from an JS error
before completing.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Steven Callender [Thu, 13 Mar 2014 17:34:23 +0000 (13:34 -0400)]
LP#1292129: Removed deleted call numbers from the search results to properly show copy count.
The SQL in fm_IDL.xml for setting up the reporter source "Hold/Copy
Ratio per Bib" includes deleted call numbers which in turn can give
an incorrect copy count. The ratio appears to still be correct because
deleted copies are considered in the ratio calculation, but not the
copy count that is displayed.
Signed-off-by: Steven Callender <stevecallender@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Galen Charlton [Tue, 19 Aug 2014 20:19:20 +0000 (13:19 -0700)]
LP#1358916: refuse to retrieve over-large MARC records via Z39.50
At least one malformed record discovered in the wild can
cause open-ils.search backends to balloon to over 3G of memory
consumption. This patch works around that by refusing
to process any (MARC) Z39.50 results that are larger than the
MARC record maximum of 99,999 octets.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Kathy Lussier [Mon, 30 Jun 2014 18:57:29 +0000 (14:57 -0400)]
lp1335958 Remove parameters from current checkouts link
The limit and offset parameters can cause patrons to be stuck in a small
section of their current checkout lists. Let's remove those two parameters
when linking to that list from the patron dashboard.
Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Jim Keenan <jkeenan@cwmars.org> Signed-off-by: Ben Shum <bshum@biblio.org>
Galen Charlton [Thu, 21 Aug 2014 19:33:53 +0000 (12:33 -0700)]
LP#1359934: prevent error opening patron search form
As a result of the patch for OpenSRF bug 1316245, JSON2js
in the OpenSRF library is now stricter -- in particular, passing
an undefined value to it results in an exception being thrown.
This patch runs with the increased strictness and fixes an
issue where the patron search form was passing an undefined value
to JSON2js.
Fall back to an unitialized maketext handler, which defaults to the
template language, when OpenILS::WWW::EGWeb::I18N->get_handle fails to
return a response.
Note that why get_handle() returns undef is not yet known.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Jason Etheridge [Mon, 1 Oct 2012 20:49:04 +0000 (16:49 -0400)]
LP#1010027: tweak patron columns in patron search interface
specifically, remove the Mailing Address and Billing Address columns that come
off the actor table, since they are redundant with the Mailing Addr: Address ID
and Billing Addr: Address ID columns that come off the address table.
Also, alphabetize the columns coming directly off of the user table. The columns
coming off the library card and address tables remain unsorted; I believe their
order is as listed in the fm_IDL.xml file for their corresponding fieldmapper
definitions.
Signed-off-by: Jason Etheridge <jason@esilibrary.com> Signed-off-by: Jennifer Pringle <jpringle@sitka.bclibraries.ca> Signed-off-by: Ben Shum <bshum@biblio.org>
specifically, give fm_columns a sort_headers flag for alphabetizing the columns
returned by label; and delete_me flag for omitting a column definition entirely
Not all xul lists are using fm_columns yet
Signed-off-by: Jason Etheridge <jason@esilibrary.com> Signed-off-by: Jennifer Pringle <jpringle@sitka.bclibraries.ca> Signed-off-by: Ben Shum <bshum@biblio.org>
Chris Sharp [Tue, 11 Jun 2013 14:09:20 +0000 (10:09 -0400)]
LP#1189556: Fix typo in URL_VERIFY permission description
The description for the URL_VERIFY permission contained a typo,
fixed here.
Added an upgrade sql to update the text.
Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Pasi Kallinen <pasi.kallinen@pttk.fi> Signed-off-by: Ben Shum <bshum@biblio.org>
LP1277556 Fast Item Add no longer opens record after copy is created
Altered save_attempt to handle undefined and true cases for replace_on_complete
When fastItemAdd is not used, replace_on_complete is undefined
When it is used, and successful, replace_on_complete will be set to true
then we need it to execute result.on_complete()
Victoria Lewis [Wed, 30 Apr 2014 22:09:07 +0000 (15:09 -0700)]
lp1182605 Abstracting out common functionality from code that sorts call numbers by label_sortkey
Code had been added to insure that LC call numbers are sorting as they should by asset.call_number.label_sortkey.
Code was duplicated in the 'call_number column' in the 'columns' group and in the 'hold_columns'group.
I abstracted the logic out of 'sort_value' and 'render' in the 'call_number' column in the 'columns' group and from
'render' in the 'call_number' column in the 'hold_columns' group to a utility function called
'sort_call_numbers_by_label_sortkey'.
Signed-off-by: Victoria Lewis <vcamklewis@gmail.com>
modified: xul/staff_client/server/circ/util.js Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Remington Steed <rjs7@calvin.edu> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Kyle Tomita [Mon, 2 Dec 2013 23:50:17 +0000 (15:50 -0800)]
LP1182605 : LC call numbers sort improperly in tabular displays
The issue was that the column was sorting on the label (call number)
and not label_sortkey. An attribute 'sort_value' was added that used
label_sortkey.
Dan Wells [Mon, 7 Jul 2014 17:16:58 +0000 (13:16 -0400)]
Fix currently harmless but still confusing sigil error
get_org_descendants() returns an array ref, not a list, so it doesn't
make sense to assign it to an '@orgs' variable. Lucky for us, our
where-parser treats this single element list containing the ref in the
same manner as the proper ref itself, but at best, it is still very
confusing to see.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
If you have generated holdings, but are not using the "compressed"
display, your holdings show up regardless of scope. This change
limits the display to only sdists with a holding_lib in your current
search scope.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Bill Erickson [Tue, 25 Feb 2014 17:23:13 +0000 (12:23 -0500)]
LP#800478 repair logic error in acq fund transfer
The source data for the amount applied to each allocation and transfer
(in certain circumstances) was incorrect.
The transfer amount should not be the total amount allocated from the
source to the fund, but instead the amount of the funding source credit
in cases where we have to pull money from multiple funding source
credits.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Liam Whalen <liam.whalen@bc.libraries.coop> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Remington Steed [Tue, 5 Aug 2014 15:23:20 +0000 (11:23 -0400)]
Docs: Update commands for authority importing script
The tools used for importing authority records from the command line have
been modified since the original docs were written. Testing revealed these
changes, which are reflected in this commit.
Bill Erickson [Tue, 8 Oct 2013 19:52:12 +0000 (15:52 -0400)]
LP#1348731: Optional Auth login nonce to differentiate same-username logins
If multiple login attempts are made using the same username within a
very short period of time, a race condition exists where, upon
completion of the first login, the auth init cache data for any pending
logins are removed, since there can only be one instance of cached init
data per username.
This adds support for allowing the caller to pass in a random string
which is added to the cache key as a way to differentiate between logins
using the same username.
The seed is passed into auth init as an optional secondary parameter
and passed again (via the "nonce" argument) to auth complete to ensure
consistent cache keys across both interactions.
Example:
my $nonce = rand($$);
my $seed = request(
'open-ils.auth',
'open-ils.auth.authenticate.init', $username, $nonce );
Mike Rylander [Mon, 14 Jul 2014 18:57:38 +0000 (14:57 -0400)]
LP#1341703 Thinko in Batch Edit (hidden by older OpenSRFs)
There's a bug on line 272 of O::A::Cat.pm where we called a non-existent
method named respond_complete on the invocant object. Instead, we need to
call that on the client object (spelled $conn in this method). Batch bib
edit won't work on new OpenSRF's until this is fixed.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Bill Erickson <berick@esilibrary.com>
Remington Steed [Fri, 6 Jun 2014 15:59:58 +0000 (11:59 -0400)]
LP#968514: Revive bib/auth importing docs from 2.1, add intro
This commit revives the following sections from the 2.1 version of the docs
and updates them for 2.6:
- marc_export: Exporting Bibliographic Records into MARC files
- includes new options for 2.6
- Importing Authority Records from Command Line
- Importing Authority Records from the Staff Client
The first two are included in a new section called "Support Scripts"
within the "Developer Resources" section, with a new intro and summary
of other commonly used scripts provided with Evergreen. The third section
is moved inside the Cataloging chapter "Batch Importing MARC Records",
with slight modifications to the intro to that chapter.
Mike Rylander [Fri, 2 May 2014 13:10:09 +0000 (09:10 -0400)]
LP#925776: Recheck located uri visibility
Previous to this commit, once we have determined that there are no
local Located URIs or foreign copies, we include the record in the
result set in the staff client. However, the desire of library staff
is that foreign Located URIs be valid as a visibility limiter. So
we now recheck at the end for that situation. This honors the new
"Located URIs act like copies" global flag.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Bill Erickson [Thu, 6 Jun 2013 15:13:35 +0000 (11:13 -0400)]
LP#1179660: remove call to undefined initialize func
Remove call to nonexistant function Search::Z3950->initialize. Prior to
now, this would have quietly failed, but with AUTOLOAD to be removed
from OpenSRF, it would fail with full shock and awe.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Conflicts:
Open-ILS/src/perlmods/lib/OpenILS/Application/Search.pm
Galen Charlton [Thu, 5 Jun 2014 22:16:23 +0000 (15:16 -0700)]
LP#1326983: excluded fulfilled holds when adding hold_request.shelf_expires_soon events
This patch adjusts the example A/T filter for the
hold_request.shelf_expires_soon hook to exclude hold requests that are
already marked as fulfilled. This saves time creating events that
would immediately be marked as invalid per the HoldIsAvailable
validator.
It also addresses an issue for large databases that have lots of
fulfilled holds wherein hold_request.shelf_expires_soon events can
fail to be added at all due to a cstore timeout.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Galen Charlton [Tue, 20 May 2014 17:09:08 +0000 (10:09 -0700)]
LP#1296937: move the $force_bc parameter of ->charged_items() to an implementation method
Argubably, the $force_bc parameter of OpenILS::SIP::Patron->charged_items()
method exists solely as an implementation convenience for the renew-all
code. Consequently, this patch removes the $force_bc parameter from the
public interface for charged_items() and spins it off into a new
implementation method.
This patch should be applied at the same time that a reversion of
SIPServer commit c97d64412bc is applied. Note that a user who upgrades
SIPServer without upgrading Evergreen to a version that contains this
patch will end up in a situation where the code that counts active
loans for the patron information response will fetch the loans using
$force_bc set to true; this works only by coincidence.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Jeff Godin <jgodin@tadl.org>
Bill Erickson [Thu, 22 May 2014 18:41:17 +0000 (14:41 -0400)]
LP#1322303 cleanse backdate for checkin overdue voiding
Passing raw backdates, particularly from offline transactions, which
have a space between the date and time, to
DateTime::Format::ISO8601->parse_datetime results in "Invalid date
format:" errors. Pass the date through the cleanse routine first.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Jeff Godin [Wed, 30 Oct 2013 18:37:10 +0000 (14:37 -0400)]
LP#1246843: Don't show contact invalidators for new users
Don't show contact invalidator buttons for new users. This affects
staged users and cloned users, where the contact fields have a value
when the editor initially loads.
Signed-off-by: Jeff Godin <jgodin@tadl.org> Signed-off-by: Ben Shum <bshum@biblio.org>
When first calculating the shelf expire time, we assume "now" as
the starting point by calling DateTime->now(). However, that gives
us the time in UTC. That's not good because closed dates are stored
timezone-aware. Instead, ask for server-local time.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Srey Seng [Wed, 30 Apr 2014 22:20:17 +0000 (15:20 -0700)]
LP#1312945: authority.calculate_authority_linking and multiple linked tags
The function "authority.calculate_authority_linking" was not able to deal with
situations where there are multiple marc tags that are linkable. The function
only process the first tag that contains a linking_subfield and returns that
to be inserted into the authority_linking table, even when there are more than
one of the same tag with linking_subfield.
Added an additional loop to loop through each tag, for situations where there are
multiples of each tag.
Signed-off-by: Srey Seng <sreyseng@gmail.com> Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Mike Rylander [Wed, 30 Apr 2014 16:58:11 +0000 (12:58 -0400)]
LP#1312945: auth-auth linking: cache less agressively and look for all links
There was a logic inversion that was causing miss-use of a per-
record cache mechanism. I remove that entirely, as it's not helpful
in practice.
Also, after finding one use of a linked field we moved on to the
next, though it is possible for more than one link to exist for
different uses of a name, say. Now we'll loop through all fields
to find all possible linkages.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Srey Seng <sreyseng@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
LP#1296937: (SIP2) Add ids_only parameter to _items functions
This allows the caller to skip loading of barcodes and/or titles when
they are not needed, such as when the plan is to return counts, not
details. Per bug 1321017, this is particular useful for patrons
that have metarecord holds.
Signed-off-by: Thomas Berezansky <tsbere@mvlc.org> Signed-off-by: Galen Charlton <gmc@esilibrary.com>