Steven Mayo [Fri, 1 Dec 2023 15:00:43 +0000 (10:00 -0500)]
LP#2043127-Marking org unit as non-visible in the OPAC defaults patrons' preferred pickup locations to the first org unit
Added a check to the OPAC place_hold.tt2 that detects if the patron's
preferred pickup location is missing from the dropdown. If it is, it
adds a default message to the dropdown asking them to choose a pickup
location and chooses it, as well as disabling the submit button and
changing the dropdown color to alert the user.
Steps to test:
[1] Go to Administration -> Server Administration -> Organizational
Units
[2] Select an org unit and uncheck OPAC Visible
[3] Rerun autogen.sh
[4] Find a patron account with that org unit as their home library (it
will also be their preferred pickup library)
[5] Log into that account on the OPAC and attempt to place a hold on a
book
[6] Observe the state of the holds screen
Signed-off-by: Steven Mayo <smayo@georgialibraries.org>
Steven Mayo [Fri, 20 Oct 2023 20:21:29 +0000 (16:21 -0400)]
LP#1477154-Placing holds fails unintuitively when preferred pickup location is disabled via org unit setting opac.holds.org_unit_not_pickup_lib
Added a check in javascript that should fire when loading the page. Adds a
warning in red text, turns the org_selector yellow (like when the date
is invalid) and disables the submit button. These are all undone when
they select a different option, and never happen if their settings don't
prefer an invalid org.
Changed to a different shade of yellow and red that seemed better for
accessibility.
Steps to test:
[1] Go to Administration -> Local Administration -> Library Settings
Editor
[2] Make sure opac.hold.org_unit_not_pickup_lib is set to true for some
library
[3] Find a patron whose home library is set to that library and one
whose home library isn't
[4] Log in to the first patron and attempt to place a hold
[5] Observe the holds page
[6] Change the pickup library of the hold
[7] Observe the holds page
[8] Log in to the second patron and attempt to place a hold
[9] Observe
Never did find out when these bad hold requests bounced and why they
redirected to the same page.
Signed-off-by: Steven Mayo <smayo@georgialibraries.org> Signed-off-by: Andrea Buntz Neiman <abneiman@equinoxOLI.org> Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Michele Morgan [Fri, 13 Oct 2023 16:52:40 +0000 (12:52 -0400)]
LP2002693 Remove forced reload to avoid endless logout loop
Removes a forced reload when navigating from acq/picklist/upload to itself
Signed-off-by: Michele Morgan <mmorgan@noblenet.org> Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop> Signed-off-by: Garry Collum <gcollum@gmail.com>
Steven Mayo [Wed, 27 Sep 2023 20:27:03 +0000 (16:27 -0400)]
LP#1944601: Checkout Fails Silently if Operating Hours Set to Closed 7 Days a Week
This fixed an issue where a checkout or renewal would timeout and fail
without an error message if attempted from an org unit where
all hours of operation were closed, every day of the week. This
would cause open-ils.storage.actor.org_unit.closed_date.overlap to infinitely recurse without throwing an
error.
-- How to test
[1] Go to Administration -> Server Administration-> Organizational Units
[2] Select an Org Unit and the Hours of Operation tab
[3] Click on closed button or manually set start and end times to 12:00
AM for all days and apply changes
[4] Observe pretty new warning
[5] Ensure link in pretty new warning leads to the right page
[6] Using a workstation at the affected org unit, attempt to check out a
book and renew a checked out book.
[7] Go to the page the new warning links to: Administration -> Local Administration ->
Closed Dates Editor
[8] Add a closing of whatever length you desire, including now
and/or the date an item would be due if checked out today.
[9] Using a workstation at the affected org unit, attempt to check out a
book and renew a checked out book.
Signed-off-by: Steven Mayo <smayo@georgialibraries.org> Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org> Signed-off-by: Jane Sandberg <js7389@princeton.edu> Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org> Signed-off-by: Garry Collum <gcollum@gmail.com>
Steven Mayo [Wed, 13 Sep 2023 20:22:14 +0000 (16:22 -0400)]
LP#1944601: Checkout Fails Silently if Operating Hours Set to Closed 7 Days a Week
Started off by adding a warning while setting hours of operation to not
close all days a week, with a link to the closed dates editor. It only
appears when the user has permissions for the closed dates editor.
Signed-off-by: Steven Mayo <smayo@georgialibraries.org> Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org> Signed-off-by: Jane Sandberg <js7389@princeton.edu> Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org> Signed-off-by: Garry Collum <gcollum@gmail.com>
Galen Charlton [Wed, 7 Jun 2023 18:26:16 +0000 (14:26 -0400)]
LP#2023222: prevent open-ils.fielder.$IDLCLASS from invoking function transforms
This patch adds some argument checking to the family of
open-ils.fielder.$IDLCLASS[.atomic] methods to prevent
JSON query funcion transforms from being invoked. This
is needed to prevent unauthenticated callers from invoking
arbitrary stored procedures.
This is a security patch that closes down a pathway
towards remote, unauthenticated SQL injection attacks.
Terran McCanna [Thu, 22 Dec 2022 16:15:22 +0000 (11:15 -0500)]
Debugging on Ecard.pm
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Adding debugging to Actor.pm
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
More logging in Actor.pm
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
And even more debugging to Actor.pm
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Try skipping the perm update step
For a renewal, this shouldn't be necessary, right? The code just
looks like it's trying to re-write lines in the db that already
exist, but it's accessing the wrong table and failing.
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
More logging for ecard.pm
Displays the upcoming closures (max of 10) that have been entered through the
Closed Dates Editor in the OPAC on the library info pages for each branch.
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
LP2017913 Display Upcoming Closures in OPAC
Adds ability to display detailed hours when closure is partial day.
Jason Etheridge [Tue, 24 Jan 2023 13:29:33 +0000 (08:29 -0500)]
LP1929593 UPDATE_COPY_BARCODE permission
This adds the permission UPDATE_COPY_BARCODE and a new API call,
open-ils.cat.update_copy_barcode
which explicitly tests for both UPDATE_COPY_BARCODE and UPDATE_COPY,
with either being sufficient for allowing a barcode change. Existing
Replace Barcode UI's in both Angular and AngularJS have been modified
to use this API call instead of the pcrud service. One side-effect of
this has been better surfacing of errors, as errors in pcrud were
uncaught and bypassing the normal error handling. This addresses
LP1951469.
The upgrade script gives any permission groups that already have the
UPDATE_COPY permission the new UPDATE_COPY_BARCODE permission at the
same depth, though it's technically not needed.
Signed-off-by: Jason Etheridge <jason@EquinoxOLI.org>
This patch fixes a regression introduced by bug 2006749 that
prevented open-ils.actor.ou_setting.ancestor_default from retrieving
the value of a library setting that does not have a view permission
associated with it. It also fixes a similar issue with
open-ils.actor.org_unit.settings.history.retrieve.
To test
-------
[1] Use srfsh to retrieve the value of a library setting
that does not have a view permission. E.g.,
[2] Apply the patch and repeat step 1. This time, the value of
the setting should be returned.
[3] Verify that viewing the edit history of a setting in the
Library Settings admin page works as expected.
LP#1999944: fix bug that can break drawing the folder tree for reports
Specifically, skip drawfolders iteration if parent node cannot be
found and eport invalid parent folder in the browser console.
For example, if a user creates a template folder that is not shared
that has a child folder that _is_ shared, another user at the library
that the folder is shared with would see their report folders be
incompletely rendered.
Dan Briem [Thu, 19 Jan 2023 15:33:00 +0000 (10:33 -0500)]
LP#1996818 Issues Placing Holds from the Patron Record
This clears the patron hold target cookie when navigating from
the staff/catalog route, when the window is closed, and when
holds are successfully placed.
This also changes the AngularJS patron interface to set the
same session cookie as the Angular interface.
Tiffany Little [Mon, 9 Jan 2023 17:41:21 +0000 (12:41 -0500)]
LP1953181 Fix combobox div and funds spacing
Removes input-prepend that was causing other comboboxes to be shrunk, and moves the year selector closer to the Library dropdown so it's not floating out by itself.
Signed-off-by: Tiffany Little <tlittle@georgialibraries.org>