Art Rhyno [Fri, 24 May 2013 15:24:53 +0000 (11:24 -0400)]
Add support for CAS intro in tpac for rel_2_4_mergery
These changes allow a CAS intro to be put in place before
a patron is sent off to the CAS service from the tpac. CAS
logins can be a jarring experience since the interface is
controlled by the validating organization.
Art Rhyno [Mon, 13 Aug 2012 21:22:17 +0000 (17:22 -0400)]
TPAC: Make "Show more details" in results optional
Academic sites typically handle a lot of electronic content and want to
bring most details about entries, such as availability, status, and
URLs, on a results screen to the front.
This adds a 'show_more_details.default' option in 'config.tt2' that can
have the values 'true', 'false' and 'hide'. The 'true' and 'false'
values set the default for the button to more and less respectively, and
'hide' suppresses the button from showing at all.
Signed-off-by: Art Rhyno <art632000@yahoo.ca> Signed-off-by: Dan Scott <dscott@laurentian.ca>
Dan Scott [Thu, 30 Aug 2012 14:48:32 +0000 (10:48 -0400)]
Add an ou_host_name parameter for TPAC login forms
If set, and the incoming username does not already include an '@' symbol
(a very simple attempt to detect if we're already dealing with an email
address), then append '@' + the ou_host_name value to the username for
authentication purposes.
The rationale is that in a large consortium, you might want to enable
users to log in with short usernames (like 'fred'), but you also want to
avoid conflicts between short usernames at different organizational
units. Thus, create the users with the email equivalent of their
usernames, like 'fred@br1.example.com' and 'fred@br4.example.com', and
let the templates for the TPAC in br1 and br4 contain a hidden input
field to append the appropriate email hostname.
Truth be told, this is probably most appropriate for a large consortium
containing two or more academic institutions that hope to use LDAP
authentication rather than native authentication, and therefore have
LDAP CNs that map to email addresses of CN@hostname that can then be
mapped to actor.usr.usrname (and actor.usr.email, of course).
Dan Scott [Mon, 27 Aug 2012 22:38:51 +0000 (18:38 -0400)]
Very rough LDAP authentication enablement for OSUL
Currently requires that the user enters their email address at the
username prompt; we then just use the local-part of the email address to
authenticate against the LDAP server.
In the VirtualHost sections of Apache, we can use SetEnv to force the
physical_loc to match the org unit ID(s) specified in opensrf.xml; for
example:
Dan Scott [Mon, 30 May 2011 19:23:09 +0000 (15:23 -0400)]
Add "Move to storage" quick UI for bulk location moves
This simplistic interface accepts a barcode and immediately returns
some bibliographic information if the barcode was found - and the
item is moved immediately to the specified location. Goal was to
minimize clicking, this pretty much requires just scan scan scan.
Dan Scott [Tue, 14 Feb 2012 15:46:24 +0000 (10:46 -0500)]
Prevent renew if item already is targeted for a hold
From http://biblio.laurentian.ca/tickets/conifer/wiki/devHolds
apparently I missed this in moving our customizations from SVN (or it
was only ever local?)
Dan Scott [Thu, 10 Jan 2013 19:17:33 +0000 (14:17 -0500)]
Generic patron barcode generation (OpenSRF and DB)
Laurentian University needed the ability to generate barcodes as part of
its LDAP integration work, and the first generation (so to speak) of the
was specific to LU - including hard-coded prefixes and database
functions that include the "lu" name.
This commit makes the functionality much more generic and thus more
likely to be able to be adopted by other institutions. The principle
components are:
Database functions:
evergreen.actor_generate_barcode([prefix TEXT]) - returns a 14-digit
barcode from the evergreen.actor_barcode_seq sequence with a prefix of
'AUTOBC' or the specific prefix of up to 6 characters. If the
resulting barcode is all digits, then the 14th character will be a
mod10 check digit; otherwise the 14th digit will be '0'.
evergreen.actor_update_barcode(usr_id INTEGER[, prefix TEXT]) -
generates a new barcode for the specified user, with the optional
barcode prefix.
evergreen.mod10(barcode TEXT) - given a barcode, generates a mod10
check digit and returns the barcode with the appended check digit
OpenSRF method:
open-ils.actor.generate_patron_barcode([usr_id INT[, prefix TEXT]]) -
generates a new barcode for the patron
Dan Scott [Wed, 14 Sep 2011 20:02:14 +0000 (16:02 -0400)]
Add and use a patron search that overrides opt-in invisibility
Something like this is required for API calls that need to operate
against a number of libraries in a given instance that are using opt-in;
otherwise, attempts to search for users will fail and you may end up
creating near-duplicates etc.
The implementation adds an
open-ils.actor.search.patron.advanced.opt_in_override method to
open-ils.actor, which, if invoked, checks to see if the caller has the
OPT_IN_OVERRIDE permission. If so, then the crazy_search ignores the
normal opt-in limits and searches all pertinent users in the database.
As a global permission, OPT_IN_OVERRIDE is a blunt instrument. Others
might want to put together a more refined version that uses OU depths to
define boundaries.
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Conflicts:
Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Publisher/actor.pm
Dan Scott [Tue, 9 Oct 2012 16:21:10 +0000 (12:21 -0400)]
Remove extraneous spaces from bib email template
Various email servers refuse to send email that begins with blank lines,
so use TT's [%- and -%] to eat up whitespace. Also, remove the extra
linefeeds (_ "\n") as the linefeed is already generated by virtue of
being on its own line.
Art Rhyno [Mon, 1 Oct 2012 02:50:09 +0000 (22:50 -0400)]
Add option for host value in URLs
The ability to link back to a bib record for print and e-mail displays
from tpac is very useful, esp. for e-mail where there is a good chance
that the mail system will make it an active link. It looks possible to
wire in environmental variables with the template toolkit but that's
probably as complicated as it is to modify the template directly.
Art Rhyno [Thu, 27 Sep 2012 02:34:48 +0000 (22:34 -0400)]
Add call number and location info to TPAC e-mail and print option
I haven't figured out how to get the hostname properly, I am guessing
it needs to be passed as a parameter somehow. I also need to test
URIs but this is a start.
Art Rhyno [Tue, 12 Feb 2013 16:25:08 +0000 (11:25 -0500)]
Make Date Addition for Hold Receipt Configurable on Client
As per Dan Scott's suggestion, this changes the print_win.js
function for formatting the holds date receipt to allow
the number of days to be specified with the "add_days" attribute.
Art Rhyno [Wed, 30 Jan 2013 13:34:24 +0000 (08:34 -0500)]
Hold Slip Formatting for Windsor
The Leddy Library used some custom javascript for adding a due date
to the Hold Slip in a previous version of Evergreen. This uses the
far cleaner print_win.js setup to bring this back.
Art Rhyno [Fri, 8 Mar 2013 12:55:06 +0000 (07:55 -0500)]
Fix CAS to handle dynamic auth links
CAS uses a "service" URL to redirect a user back to where an application wants
them to go if authentication is passed. This works well for simple URLs but
becomes problematic for complex URLs, which can get mangled or, worse,
truncated. This doesn't seem to be unique to Windsor's implmentation of CAS.
I tried a few tricks to encode the URLs in strange ways to get the same
URL back from CAS, but I think a better approach is to stuff the URL into
a cookie, and invoke when the request comes back from CAS. Any other approach
seems to result in horrid URLs and there is always the chance that some
character will break the scheme.
One flaw in my approach is that if a TPAC user selects "email" or "place hold"
and invokes the logon screen, the cookie gets set for the "redirect" URL. If,
for some reason, a user decides to do another search and chooses to log in to
their account from a different screen, the CAS URL can be invoked. This
would only happen for CAS, and the cookie itself is only set for 10
minutes, so I don't think this is a major concession. I also try to
invalidate the cookie wherever it is possible to know that the authentication
has not been invoked.
The assumption is that there is a CAS link added to the login form (login/form.tt2),
for example:
<a href="[% ctx.cas.url %]"
class="opac-button opac-button-header" id="home_myopac_link_uwin">
[% l('Log in to Your Account (UWind ID)') %]
</a>
I had become so used to testing CAS by logging in first, that I totally missed
the links that support authentication at the time of need, e.g. the "email"
or "place hold" links that are displayed prior to authentication. Hopefully,
this branch will address what is probably a common scenario.
Signed-off-by: Art Rhyno <art632000@yahoo.ca>
Conflicts:
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
Art Rhyno [Sat, 22 Sep 2012 04:46:20 +0000 (00:46 -0400)]
Check to see if existing loan date is less than recall date
It seems possible that a recall can be issued that actually extends
the loan period for an item with semester or other generous loan
periods. This adds a check for the current loan period and uses it
if the calculated threshold date is later.
Signed-off-by: Art Rhyno <art632000@yahoo.ca> Signed-off-by: Dan Scott <dscott@laurentian.ca>
Dan Scott [Mon, 30 May 2011 17:14:29 +0000 (13:14 -0400)]
Remove display of patron birthdate, internet access level, etc
These fields in the staff client are either not applicable or
potentially privacy-invasive or both. If the data somehow does
get into the system, we don't want it to show up on the staff
client anyway - and we don't want annoying warnings about unset
dates of birth, etc.
This is the hardcore way of doing things, we really should make
it yet another configuration setting. Oh well.
Dan Scott [Wed, 5 Sep 2012 15:46:28 +0000 (11:46 -0400)]
Flag the UTF8 encoding for MARC templates
The UTF8 encoding is flagged by LDR09 being 'a'. If this is not set, it
greatly confuses Evergreen, which tries to convert what it thinks are
MARC8 characters to UTF8 before saving the record.
Galen Charlton [Wed, 1 May 2013 21:34:02 +0000 (17:34 -0400)]
update upgrade instructions for 2.4.0 release
- specify minimum supported PostgreSQL version as 9.1
- specify minimum supported OpenSRF version as 2.2.0
- update schema upgrade instructions and miscellaneous
references to 2.3
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Galen Charlton [Wed, 1 May 2013 21:02:57 +0000 (17:02 -0400)]
revisions to installation instructions
- Remove references to PostgreSQL 9.0; 9.1 is recommended
for Evergreen 2.4.
- Clarify that the latest version of OpenSRF now means 2.2
or later.
- Increase chances that somebody following the instructions
precisely doesn't run into a problem during the configure step.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Michael Peters [Mon, 29 Apr 2013 15:14:39 +0000 (11:14 -0400)]
LP#1174359 Need to drop reporter.classic_item_list
ERROR: cannot drop view metabib.full_rec because other objects depend on it
DETAIL: view reporter.classic_item_list depends on view metabib.full_rec
HINT: Use DROP ... CASCADE to drop the dependent objects too.
Beginning at line 55 of the upgrade script, several views and functions are dropped
so metabib.full_rec can be dropped. One of them is missing.
We need to drop reporter.classic_item_list as well, for the script to work.
Signed-off-by: Michael Peters <mpeters@emeralddata.net> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Jason Stephenson [Tue, 30 Apr 2013 17:23:24 +0000 (13:23 -0400)]
Shutdown added content sockets to prevent hung connections.
We were getting several thousand sockets hanging around in a
CLOSE_WAIT state on our server. The connections were from our
server and to our server. Further investigation showed it to be
caused by the stage2 added content lookup not closing the request
sockets when it was done reading data. This branch fixes that.
Signed-off-by: Jason Stephenson <jstephenson@mvlc.org> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Bill Erickson [Fri, 29 Mar 2013 13:41:44 +0000 (09:41 -0400)]
LP1076411 Return updated circ object from checkin
Retrieve an updated copy of the circulation object to return to the
caller during checkin. This ensures the data in the circ object, in
particular date fields, are consistent with the database.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Remington Steed [Thu, 14 Mar 2013 18:37:17 +0000 (14:37 -0400)]
Add accepting_usr to IDL to fix reporter field
In the reporter interface, the view 'Payments: Brick-and-mortar' is
missing the 'Accepting User' field, which is present in the similar view
'Payments: Desk'. This field is already present in the database view and
is simply missing from the IDL. Since it is needed for certain kinds of
reports, this commit adds the missing IDL fields. It also adds the
missing 'reporter:datatype' to an existing instance of the IDL field.
Signed-off-by: Remington Steed <rjs7@calvin.edu> Signed-off-by: Ben Shum <bshum@biblio.org>
Dan Scott [Mon, 22 Apr 2013 17:00:05 +0000 (13:00 -0400)]
Unbreak make install for apache config files
The new install process installs the Apache sample configs into the
DOCDIR for Evergreen, with the expectation that packagers will pick up
the examples from the doc directory and that users will eventually be
expected to copy them from there, rather than from the source tree.
However, currently the Apache 2.2 and 2.4 sample configs have the same
names, and that causes a conflict at "make install" time. Kudos to Jason
Stephenson for catching this. The temporary solution is to rename the
Apache 2.4 files to avoid the conflict; longer term, we need to teach
make install to only make & install the files that are pertinent to the
environment on which it was built (either Apache 2.2, or Apache 2.4).
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Repair too-timid hold targeter (it misses copies at other org units)
The patch to address bug 1162989 overreached. Whereas before that
patch, the hold targeter was wont to target copies with unholdable
statuses, after the patch the hold targeter got the statuses right but
undesirably filtered out copies whose circ_lib doesn't match the hold
pickup lib. This again probably stems from the differences between
FulfILLment's hold targeter and Evergreen's in the context of merging
the calculated proximity code.
Fix various Traditional and holds-go-home best-hold sort orders
Use copy's call number's owning_lib instead of copy's circ_lib
Should compare checkin lib to copy's (call number's) owning_lib, not
hold request lib.
You might think the comparison should be to acp.circ_lib, but that
doesn't work with floating copies (for non-floaters, acp.circ_lib
should be equal to acp.call_number.owning_lib).
approx is a more correct first determinant to give the behavior sites
are used to.
hprox can cause copies to be too eager to go home when
there are holds with that copy's circ lib as its request lib (if that's
what you want, then you do pick or create a sort-order with hprox near
the top).
Address a problem in the copy_has_not_been_home CTE.
This expression was always meant to provide a TRUE or FALSE value as its
lone result, but would return NULL in cases where copies had no transit
history.
Use pickup_lib, not request_lib, as the determinant of
nearness-to-home. request_lib was used with the thinking that an item's
"owning" patrons should have their wishes favored at holds-go-home time,
even if where they wanted to send the copy was not actually home, but
that's neither necessarily desired nor very intuitive.
Clear up holds-go-home logic with better code AND add TechRef
documentation with diagram in attempt to be as clear as possible.
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Dan Scott [Fri, 19 Apr 2013 15:06:27 +0000 (11:06 -0400)]
Merge changes to Apache 2.4 example config files
Not only do we need the JSPAC->TPAC changes that went into the base
Apache example configs, we should also move to generating these files
instead of having hardcoded values. Longer term, we should probably just
generate the right example configs from one common base until Apache 2.2
is dead and gone, but this improves the Apache 2.4 experience greatly.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Mike Rylander <mrylander@gmail.com>
QP: Limit to deleted records for #deleted modifier at this level
Down in the DB's query_parser_fts procedure, we also know whether we're
in a deleted_search, and in those cases we skip all visibility and
similar testing accordingly.
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Dan Scott [Sun, 7 Apr 2013 22:14:58 +0000 (18:14 -0400)]
TPAC schema.org: Add Organization types for contributors
Given a 110 / 710 field, when generating the record details for authors
and contributors we can declare an http://schema.org/Organization
itemtype rather than just jamming the name under the "contributor"
property. This is more in accordance with schema.org directions.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Dan Scott [Fri, 5 Apr 2013 20:10:01 +0000 (16:10 -0400)]
TPAC: Fix schema.org name / dates for authors
Per http://schema.org/Person, the birth date and death date are not
supposed to be part of the name of a Person. We can separate these out
correctly based on subfield d for 100 fields.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Dan Scott [Fri, 5 Apr 2013 17:21:47 +0000 (13:21 -0400)]
Fix schema.org mapping for MusicAlbum, add Map
We had set LDR[06] = j to MusicRecording, but that is really meant for
individual songs. Use MusicAlbum instead, and per
http://schema.org/MusicAlbum, use a new MusicGroup itemtype with a
'byArtist' property for the primary artist rather than the generic
'accountablePerson'.
Also map LDR[06] = e to Map, because that seems like a safe bet.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Mike Rylander [Tue, 16 Apr 2013 19:08:10 +0000 (15:08 -0400)]
Allow combined search to be optional per class
Relevance is thrown off for, in paticular, the keyword class when combined
search is used. This is because the effect of an opaque blob of data, such
as the keyword|keyword index definition, is to applify the inclusion of spurious
(to the user) data in matching attempts.
This commit adds the ability to specify, per class, whether combined FTS should
be used, and turns this on for only the subject class by default.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Ben Shum <bshum@biblio.org>
Acq: re-use more code for two ways of creating invoices (EDI and manual)
This solves two problems.
1) With EDI invoices, we had been failing to disencumber fund debits
related to the invoiced lineitems, although that worked for manual
invoices.
2) With manual invoices, we would not automatically uncancel copies
when the user decided to invoice them despite their canceled status.
This was already working in EDI invoices though. This is especially
important since our schema lumps "backordered" in with "canceled,"
and in theory backordered things do show up eventually.
There were earlier version of this commit out there with bugs that
prevented the EDI workflow from working correctly (the manual invoice
flow worked and still should).
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
The number of results listed on the search results page is often an
estimate when working with a large set. Let's add the word "about" to
reflect the fact that it is indeed an estimate.
At the same time, I moved the <strong> tags out of the code, adding a CSS
class in its place, moved the HTML tags out of the translatable
string (as recommended by Pasi Kallinen), and fixed a typo in the
stylesheet.
Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Jason Stephenson [Thu, 18 Apr 2013 14:49:06 +0000 (10:49 -0400)]
Minor change to chrome/content/util/list.js.
Change the initializer of this.count_for_display from 0 to 1 in
order to match the counting of other lists in the client and to
provide something that staff are likely to prefer.
Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
In list.js at start you create obj.columns for lineno, but later
you don`t process this value so it`s return default render
function. This code repairs this.
Signed-off-by: Dmitry Nechai <nechai.dmitry@gmail.com> Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Mike Rylander [Fri, 5 Apr 2013 05:52:16 +0000 (01:52 -0400)]
Address SQL injection vulnerability in SQL ORM layer
If the user-supplied value and the db column are both numbers
(jsonObject->type == JSON_NUMBER, get_primitive(field) == "number") then
don't quote. Otherwise, quote.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Mike Rylander [Wed, 17 Apr 2013 16:08:41 +0000 (12:08 -0400)]
Address hash/list thinko; Ensure initialization
Two cascading defects were identified after being reported by users. The
first, which was only a potential issue, was an apparent lack of mod_perl
initialization for the item-age record feed. While not the direct cause
of the error message, a lack of initialization here would manifest in the
same way. So, we check that initialization.
Feed-generating callbacks were not being constructed properly due to a
simple thinko in the construction of the default record format list provided
by the SuperCat backend. We need a list of two hashes, not a hash of two
keys.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Bill Erickson [Tue, 9 Apr 2013 17:45:24 +0000 (13:45 -0400)]
TPAC bucket item retrieval operates in streaming mode
TPAC bucket item retreive fleshes bib records with large blobs of MARC
data. When a bucket contains a few thousand items, the size of the
data passed around in atomic retreival mode will exceed the typical jabber
max stanza size and result in a failure. Retrieve the records in
streaming mode instead.
Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Ben Shum <bshum@biblio.org>
projects / contrib / Conifer.git / log