If a series-class index definition has been removed, the data remains in the field entry table. This is because there was no fkey previously. We need to clean that data out so that the fkey can be validated during upgrade.
senator [Thu, 17 Feb 2011 20:57:31 +0000 (20:57 +0000)]
Backport r19470 from trunk
Booking: fix the targeter in the I'm-reserving-this-exact-resource-with-this-
exact-barcode case.
It should have always worked like this. This should better mirror the behavior
in the holds targeter when placing a copy-level hold. Basically don't fail
to target a resource for a reservation later just because it's not in an
available status right at this moment.
dbs [Thu, 17 Feb 2011 18:57:02 +0000 (18:57 +0000)]
Avoid mixed-content warnings due to HTTP link for Google Chrome Frame
We're hardcoding this to HTTPS for now to avoid the mixed-content warnings that
occur when content location is https:// and the linked script is at http:// but
a config-aware patch probably wouldn't be a bad idea.
dbs [Thu, 17 Feb 2011 03:31:01 +0000 (03:31 +0000)]
Teach maintain_901 trigger to respect the "Use record ID for TCN" global flag
Rather than relying on the Perl layer to set the correct TCN on the way in,
do it as part of the in-database indexing to ensure that we have consistent
results no matter how the record gets into the database.
dbs [Sun, 13 Feb 2011 03:19:36 +0000 (03:19 +0000)]
Teach authority_control_fields.pl about record ranges
Passing --record 10,000 times at the command line sucks, and
--all is not particularly realistic for large databases. Adding
--start_id and --end_id makes this script more usable.
Also provide reasonably full POD documentation, and rely on
Pod::Usage to provide help based on it when help is requested
or passed in options don't make sense.
dbs [Fri, 11 Feb 2011 21:45:20 +0000 (21:45 +0000)]
Normalize ISBNs by stripping hyphens in search methods and in reporter.materialized_simple_record
We weren't normalizing ISBNs in search or in reporter.materialized_simple_record
which required users to exactly match the form of the ISBN as entered in the
MARC record to get a successful search result - pretty hit or miss.
The longer term fix in 2.0 and above is to make the ISBN search search against
the identifier|isbn index, which also gets ISBN10/ISBN13 equivalence goodness.
But this patch will be relatively easy to backport through to 1.6.1 and plugs
some of the holes in our exposed APIs and search points in the short term.
erickson [Wed, 9 Feb 2011 18:26:06 +0000 (18:26 +0000)]
allow item status update if either status-specific perm is allowed or UPDATE_COPY is allowed. fire off related A/T events after the initial transaction has been committed
dbs [Tue, 8 Feb 2011 06:21:18 +0000 (06:21 +0000)]
Remove syntax error from O:A:Storage:Publisher:authority and add strict pragma
Came across a line of dead code while debugging a related problem, and
noticed that strict/warnings wasn't in place, so I culled the dead code
and added use strict/use warnings accordingly (now that we no longer
have the syntax error caused by the dead code).
dbs [Tue, 8 Feb 2011 06:13:05 +0000 (06:13 +0000)]
Create authorities that only contain controlled subfields (LP 712496)
Selecting "Create authority" on a field containing uncontrolled subfields
would generate an authority record that contained those uncontrolled
subfields. This would, in turn, prevent the "Validate" button from operating
correctly - if you added a 700 with $a and $c subfields, clicked "Create
authority", and then immediately clicked "Validate", the field would show
up as red.
Now we filter out the uncontrolled subfields before they get sent to
the "Create authority" function, avoiding this validation problem.
dbs [Tue, 8 Feb 2011 05:12:28 +0000 (05:12 +0000)]
Ensure new authority ID subfield is inserted in the correct XUL DOM location
Addresses LP 712499. After creating an authority via the context menu
in the MARC editor, the new ID subfield ($0) would be created right after
the subfield on which the context menu was invoked. It turns out that it
was being placed in the wrong location, and one symptom was that the
Validate button would not validate the controlled field against the newly
created authority.
Now we hunt through the parent DOM nodes until we find the 'sf_box' element
and then we append the ID subfield to that node. We also eliminate some
duplicate code by defining a common function so that the problem can be
fixed in one stroke...
dbs [Tue, 8 Feb 2011 03:50:58 +0000 (03:50 +0000)]
Prevent authority context menu on whitespace content
Continuing the refinement of LP 712538, if the subfield contains
only whitespace, treat it as though it were empty for the purposes
of the context menu.
dbs [Tue, 8 Feb 2011 03:50:27 +0000 (03:50 +0000)]
Prevent authority context menu from being displayed on empty content (LP 712538)
It's confusing to have the authority context menu - particularly the
"Create authority" options - appear for empty content. Check to ensure
that the subfield being clicked on actually has some content before
displaying the authority context menu.
erickson [Fri, 4 Feb 2011 00:15:24 +0000 (00:15 +0000)]
ported open-ils.actor.user.transaction.[fleshed.]retrieve to CStoreEditor both for cleanup and to take advantage of .authoritative. Use authoritative version in staff client
dbwells [Thu, 3 Feb 2011 16:49:24 +0000 (16:49 +0000)]
Two binding fixes for manage items
The first fix is more or less cosmetic. When selecting a target unit, both areas need to refresh in order to not show the selected unit's items in the main list.
The second fix involves handling cases where moving items from one unit to another does not empty the 'donor' unit. In those cases, we need to update the contents of both the new and the old unit.
dbs [Thu, 3 Feb 2011 14:16:25 +0000 (14:16 +0000)]
Authorities: control 610/611, do not control 4xx by default
The 4xx fields in bibliographic records have not been controlled
fields for some time (1988 for CAN/MARC, 1999 for USMARC per)
http://www.loc.gov/marc/bibliographic/bd4xx.html; and
http://www.oclc.org/bibformats/en/4xx/default.shtm also lists
these as obsolete. So, remove them from the default controlled
fields in Evergreen.
Also, add 610/611 to the controlled fields list (per LP #712467).
dbs [Wed, 2 Feb 2011 03:29:27 +0000 (03:29 +0000)]
Apply autogenerate barcode trigger to serial.unit to enable serial checkin
Serial checkin tried to use the '@@AUTO' macro to autogenerate barcodes,
but unfortunately the required trigger had only been defined on the parent
table asset.copy and not on the child table serial.unit. Here we define the
trigger on serial.unit to resolve that problem.
erickson [Tue, 1 Feb 2011 23:40:24 +0000 (23:40 +0000)]
make sure that inline overdue fines generation completes before we attempt to void overdues fines in checkin, otherwise it's possible to create multiple services (storage and cstore) competing for the same DB row mid-transaction, resulting in cstore timeouts and rollback of checkin. This could happen with backdated or amnesty checkins
senator [Tue, 1 Feb 2011 21:39:37 +0000 (21:39 +0000)]
Backport r19355 from trunk
Acq: Improving on r19351, don't let showCreatePane() be issued repeatedly to
fill the window with redundant dialogs, since a) it looks silly, and b) the
dialogs don't work when there are more than one of them. Thanks again Dan.
senator [Tue, 1 Feb 2011 21:16:37 +0000 (21:16 +0000)]
Backport r19351 from trunk
Acq: make the "new provider" button under Admin -> Server Admin ->
Acquisitions -> Providers not produce a dialog with a ton of mysterious
whitespace. Spotted by Dan Scott.
dbs [Sun, 30 Jan 2011 05:20:33 +0000 (05:20 +0000)]
Use the browse method instead of startwith for Manage Authorities, too
Now that the browse method is working properly, adopt it for the
Manage Authorities interface as well so that context around the
search term can be provided.
dbs [Sun, 30 Jan 2011 05:19:15 +0000 (05:19 +0000)]
Correct authority browsing for reals
First, restore the >= enable before and after ranges in
authority_tag_sf_browse(), after I mistakenly removed it in
r19131; the second storage request for $after does not
stomp on the prior $before results, it simply gets pushed
onto the carefully constructed list of $before results,
ensuring that our target is in the middle of page 0.
Second, we're treating all of the "tag" members in the
method registration as list references now (for the purpose
of searching against 4xx/5xx in the .refs. variants), but
that was blowing up when we registered just a single tag as
a string and tried to treat the scalar as a list reference.
I could have checked to see if what we had incoming was a
reference and dance accordingly, but opted to just define
all single-tag entries as single-element arrays instead.
Applied the same to startwith.
Finally, in r19331 I had used chop() to ensure that an
exact match for startwith would be returned as element 1 on
page 0, instead of appearing as the last element of page -1.
I had said that the right way to do this would be to naco_normalize()
the value to match the normalized afr.value, and so this is what
I have done. Rather than torturously using O:A:Storage:FTS to get
at the naco_normalize() definition, I moved the function into its
own Utils package and adjusted its usage accordingly through the
affected code. One step closer to single-sourcing the function
in the database, as well?
senator [Fri, 28 Jan 2011 20:53:01 +0000 (20:53 +0000)]
Backport r19325 from trunk
Serials: Add some missing permacrud permissions to IDL
7 classes (sdistn, siss, sunit, sin, sbsum, sssum, sisum) were missing IDL
perms. Appropriate permissions were added to all but sin (serial_item_note).
For the sin class, since it's several leaps away from anything that points at
an org unit, and since no existing code deals with it via PermaCrud, its
PermaCrud section was simply removed.
Some classes retain open <retrieve /> permissions, and others do not.
No new permissions were created for this. All permissions are reused from
"higher" serials objects.
Credit to Mike Rylander for spotting the omissions.
dbs [Tue, 25 Jan 2011 06:16:45 +0000 (06:16 +0000)]
Teach the i18n Makefile how to handle serial.properties
Also check in the POT for serial.properties and some other
foobar.label matches for foobar.accesskey (does not have
an effect on properties files but hopefully if we're
consistent then the pattern will be evident for entities).
Noting in passing that there are a number of "foobar(s)"
comined singular/plural labels that should be split to
support translation.
dbs [Tue, 25 Jan 2011 03:13:38 +0000 (03:13 +0000)]
Fix existing serial entities that didn't provide .label partners for .accesskey
The translate-toolkit project generates a POT file from an input DTD
that requires entities ending in .accesskey to have a corresponding
.label entity; this is a Mozilla convention for localization. Fix up
the serial interface strings that are localized to match this expectation.
Also remove two duplicate entities in lang.dtd that were flagged by
the build/i18n/tests/check_entities.py script (and which cause Launchpad
translation imports to break).
dbs [Mon, 24 Jan 2011 21:22:06 +0000 (21:22 +0000)]
i18n support for a few OPAC strings
Enable translation of the "More copies listed in full record details"
message for the search results library / call number / item /status
lines
Also provide translation support for the hold queue status message,
including singular / plural variants (most languages do not provide
the equivalent of the "item(s)" idiom in English).
Instead of burying the display of hold queue status with a hard
coded "if (false)" test, turn it into a top-level variable for
a bit more exposure.
dbs [Fri, 21 Jan 2011 15:51:45 +0000 (15:51 +0000)]
Part 3 of a more secure default set up
With this commit, the hardcoded default barcode is replaced by an
MD5 hash of a random string of numbers, preventing the barcode from
being used as a known login name in the OPAC interface (which would
remove one of the factors required in a brute forcing of the account
credentials).
You probably don't want to change the barcode for the admin user,
but if you feel the need you can use the usual patron editor in
the staff client.
Thanks to Thomas Berezansky for suggesting this additional change.
dbs [Fri, 21 Jan 2011 15:50:55 +0000 (15:50 +0000)]
Part 2 of creating a more secure default setup
With this commit, the user name and password for the administrative
user will be MD5 hashes of a random string of numbers. You can set
the user name and password to your liking using the --admin-user and
--admin-pass switches for eg_db_config.pl (this will be the
documented method in the install docs) or via straight SQL as:
UPDATE actor.usr SET usrname = 'FOO', passwd = 'BAR' WHERE id = 1;
dbs [Fri, 21 Jan 2011 15:49:45 +0000 (15:49 +0000)]
Towards a more secure default setup
Shipping with a default account user name and password is considered
an authentication anti-pattern; see
http://code.google.com/p/owasp-development-guide/wiki/WebAppSecDesignGuide_D2
By making the user select an admin user name and password at the time
they create the database, we avoid the chance that they will forget to
change the default password and leave their system open to access.
Next step is to change the seed data to insert random values for the
admin username and password, then update the documentation accordingly.
senator [Thu, 20 Jan 2011 22:37:46 +0000 (22:37 +0000)]
Backport r19239 from trunk
Acq: use the acqlimad table instead of its ancestor acqliad table to
populate a dropdown for the Export Single Attribute List function of lists
of lineitems
The acqliad table may appear to have duplicate entries since it's a parent, and
the point of the function that's trying to use it is just to export lists of
ISBNs or UPCs, so acqlimad is a better fit.
senator [Wed, 19 Jan 2011 21:53:32 +0000 (21:53 +0000)]
Backport r19214 from trunk
Booking: Robert Soulliere spotted and fixed a bug in processing reservation-
related overdue fines. See https://bugs.launchpad.net/evergreen/+bug/705061
miker [Wed, 19 Jan 2011 19:52:12 +0000 (19:52 +0000)]
Build and flatten a tree, correcting a sorting issue in some OU dropdowns.
The previous code assumed that work org units would be delivered in hierarchical order, but alas, they are not. Thus, we build the hierarchy and then flatten it, sorting at each level. This will be non-fast with many work OUs, but the common case is a small set, which is not painful.
Further improvement is warranted when the above proves false.
This version of the algorithm is more general -- for example,
all combining characters are removed -- so there should be
fewer fiddly edge cases to worry about for most European
languages.
Rebuilding the metabib.*_field_entry tables (e.g., by using
reingest-1.6-2.0.pl) is recommended if there are any bibs that contain
any non-ASCII characters.
Normalized text is now left in the NFKD form, so while this should
be transparent to the search system after reindexing, it does mean
that (for example) Korean text in metabib.*_field_entry may not
be in the same Unicode normalization form as that found in
biblio.record_entry.
Also includes fix for bug #684467: more bulletproofing of naco_normalize
dbs [Wed, 19 Jan 2011 15:13:24 +0000 (15:13 +0000)]
Avoid escaping issues in authority.normalize_heading() by parameterizing the query
Long story short: MARC subfield values containing backslashes caused noise
and in some cases painful errors. Using spi_prepare/spi_exec_query is the
safest way of handling escaping, rather than adding more regexes and munging
the data before it even gets to naco_normalize().
Most painful case was <subfield code="a">Foo, Bar\</subfield> - the trailing
slash ended up escaping the enclosing single quote (because PostgreSQL isn't
configured by default with strict conformance to SQL escaping rules yet) and
threw an error.
dbwells [Sat, 15 Jan 2011 04:05:40 +0000 (04:05 +0000)]
Postpone advanced serial call-number handling until after 2.0
Sharing of a single call-number for multiple volumes, while well intentioned, was not ready for primetime for various reasons. This commit:
1) harmonizes and unifies call-number handling in Serial.pm, sticking with current practices
2) adds a very basic and now necessary prompt to the Serial Control view
dbs [Fri, 14 Jan 2011 03:00:51 +0000 (03:00 +0000)]
Enable truncation attribute in Z39.50 queries to be left out entirely
Per https://bugs.launchpad.net/evergreen/+bug/702695, some Z39.50
servers hate the truncation attribute (@attr 5=anything) and always
return 0 hits.
This gives you the ability to specify a negative value for the
truncation attribute and thereby prevent the truncation attribute
from being included in the Z39.50 query for a given server.
gmc [Wed, 12 Jan 2011 20:52:42 +0000 (20:52 +0000)]
AutoFieldWidget no longer uses CurrencyTextBox dijit
NumberTextBox used instead to work around problem with
CurrencyTextBox's support for negative monetary amounts
in Dojo 1.3. See https://bugs.launchpad.net/evergreen/+bug/702117