Merge remote-tracking branch 'eg-working/collab/berick/lp_888239_prevent_post-capture...
authorMike Rylander <mrylander@gmail.com>
Tue, 15 Nov 2011 16:48:15 +0000 (11:48 -0500)
committerMike Rylander <mrylander@gmail.com>
Tue, 15 Nov 2011 16:48:15 +0000 (11:48 -0500)
14 files changed:
Open-ILS/examples/apache/eg_vhost.conf
Open-ILS/src/extras/Makefile.install
Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Circulate.pm
Open-ILS/src/perlmods/lib/OpenILS/Application/Trigger/Reactor.pm
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
Open-ILS/src/support-scripts/edi_pusher.pl
Open-ILS/src/templates/opac/password_reset.tt2
Open-ILS/src/templates/opac/results.tt2
Open-ILS/web/js/dojo/openils/widget/HoldingCode.js
Open-ILS/web/js/ui/default/serial/subscription/issuance.js
Open-ILS/web/opac/common/js/RemoteRequest.js
Open-ILS/xul/staff_client/chrome/content/util/network.js
README

index fdcc0ff..cf593ed 100644 (file)
@@ -625,3 +625,8 @@ RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]
         </IfModule>
     </IfModule>
 </Location>
+
+# Uncomment the following to force SSL for everything. Note that this defeats caching
+# and you will suffer a performance hit.
+#RewriteCond %{HTTPS} off
+#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
index ae74df9..45e7cc9 100644 (file)
@@ -4,7 +4,7 @@
 #
 # Makefile to install prerequisites for OpenSRF and Evergreen
 #
-# Currently supports Debian (squeeze), Ubuntu (lucid), and Fedora (15).
+# Currently supports Debian (squeeze), Ubuntu (lucid), and Fedora (16).
 # Working towards support of CentOS 5 / RHEL 5.
 # Installs Perl prereqs, libjs with Perl wrapper, libdbi, libdbi-drivers, and libyaz
 #
@@ -13,7 +13,7 @@
 #      - or -
 #      make -f Makefile.install ubuntu-lucid
 #      - or -
-#      make -f Makefile.install fedora15
+#      make -f Makefile.install fedora16
 #      - or -
 #      make -f Makefile.install centos
 #      - or -
@@ -175,6 +175,7 @@ FEDORA_RPMS = \
        perl-Email-Send \
        perl-Email-Simple \
        perl-GDGraph3d \
+       perl-JSON-XS \
        perl-Net-IP \
        perl-Net-SSH2 \
        perl-OLE-Storage_Lite \
@@ -206,6 +207,13 @@ PGSQL_90_RPMS = \
        postgresql90-plperl \
        postgresql90-server
 
+PGSQL_FEDORA_RPMS = \
+       postgresql \
+       postgresql-contrib \
+       postgresql-libs \
+       postgresql-plperl \
+       postgresql-server
+
 PGSQL_CLIENT_DEBS_90 = \
        libpq5 \
        libpq-dev \
@@ -284,7 +292,7 @@ centos: install_centos_pgsql centos_like
 rhel: install_redhat_pgsql centos_like
 centos_like: install_centos_rpms install_yaz install_cpan_marc install install_centos_perl create_ld_local install_cpan_safe install_cpan_force
 
-fedora15: install_fedora_rpms install_cpan install_cpan_fedora install_cpan_marc install_js_sm install_cpan_force
+fedora16: install_fedora_rpms install_cpan install_cpan_fedora install_cpan_marc install_js_sm install_cpan_force
 
 debian-squeeze: squeeze generic_debian
 squeeze: install_pgsql_client_debs_90  install_extra_debs_squeeze
@@ -452,7 +460,7 @@ install_fedora_rpms:
        yum -y install $(FEDORA_RPMS)
 
 install_fedora_pgsql_server:
-       yum -y install $(PGSQL_90_RPMS)
+       yum -y install $(PGSQL_FEDORA_RPMS)
 
 # CENTOS
 install_centos_rpms:
index 92cc110..720bc68 100644 (file)
@@ -2343,6 +2343,11 @@ sub checkin_retarget {
 
     return if scalar(@$holds) == 0; # No holds, no retargeting
 
+    # Check for parts on this copy
+    my $parts = $self->editor->search_asset_copy_part_map({ target_copy => $self->copy->id });
+    my %parts_hash = ();
+    %parts_hash = map {$_->id, 1} @$parts if @$parts;
+
     # Loop over holds in request-ish order
     # Stage 1: Get them into request-ish order
     # Also grab type and target for skipping low hanging ones
@@ -2366,6 +2371,15 @@ sub checkin_retarget {
                 and $_->{target} != $self->copy->id);
             # Volume level, but not this volume?
             next if ($_->{hold_type} eq 'V' and $_->{target} != $self->volume->id);
+            if(@$parts) { # We have parts?
+                # Skip title holds
+                next if ($_->{hold_type} eq 'T');
+                # Skip part holds for parts not on this copy
+                next if ($_->{hold_type} eq 'P' and not $parts_hash{$_->{target}});
+            } else {
+                # No parts, no part holds
+                next if ($_->{hold_type} eq 'P');
+            }
             # So much for easy stuff, attempt a retarget!
             my $tresult = $U->storagereq('open-ils.storage.action.hold_request.copy_targeter', undef, $_->{id}, $self->copy->id);
             if(ref $tresult eq "ARRAY" and scalar @$tresult) {
index 5f07972..14a69e7 100644 (file)
@@ -8,6 +8,7 @@ use Unicode::Normalize;
 use XML::LibXML;
 use OpenSRF::Utils qw/:datetime/;
 use OpenSRF::Utils::Logger qw(:logger);
+use OpenSRF::Utils::JSON;
 use OpenILS::Application::AppUtils;
 use OpenILS::Utils::CStoreEditor qw/:funcs/;
 my $U = 'OpenILS::Application::AppUtils';
@@ -154,6 +155,16 @@ my $_TT_helpers = {
     get_li_attr => \&get_li_attr,
 
     get_li_attr_jedi => sub {
+        # This helper has to mangle data in at least three interesting ways.
+        #
+        # 1) We'll be receiving data that may already have some \-escaped
+        # characters.
+        #
+        # 2) We need our output to be valid JSON.
+        #
+        # 3) We need our output to yield valid and unproblematic EDI when
+        # passed through edi4r by the edi_pusher.pl script.
+
         my $value = get_li_attr(@_);
         if ($value) {
             # Here we can add any number of special case transformations to
@@ -165,14 +176,24 @@ my $_TT_helpers = {
                 chop $value;
             }
 
-            # Make sure any double quotation marks are escaped.
-            $value =~ s/"/\\"/g;
+            # Typical vendors dealing with EDIFACT would seem not to want
+            # any unicode characters, so trash them. Yes, they're already
+            # in the data escaped like this at this point even though we
+            # haven't JSON-escaped things yet.
+            $value =~ s/\\u[0-9a-f]{4}//g;
 
             # What the heck, get rid of [ ] too (although I couldn't get them
-            # to cause any problems for me.
+            # to cause any problems for me, problems have been reported. See
+            # LP #812593).
             $value =~ s/[\[\]]//g;
         }
 
+        $value = OpenSRF::Utils::JSON->perl2JSON($value);
+
+        # Existing action/trigger templates expect an unquoted string.
+        $value =~ s/^"//g;
+        chop $value;
+
         return $value;
     },
 
index e934a39..3c10db7 100644 (file)
@@ -108,10 +108,13 @@ sub load {
     return $self->load_cache_clear if $path =~ m|opac/cache/clear|;
 
     # ----------------------------------------------------------------
-    # Logout and login require SSL
+    #  Everything below here requires SSL
     # ----------------------------------------------------------------
+    return $self->redirect_ssl unless $self->cgi->https;
+    return $self->load_password_reset if $path =~ m|opac/password_reset|;
+    return $self->load_logout if $path =~ m|opac/logout|;
+
     if($path =~ m|opac/login|) {
-        return $self->redirect_ssl unless $self->cgi->https;
         return $self->load_login unless $self->editor->requestor; # already logged in?
 
         # This will be less confusing to users than to be shown a login form
@@ -124,20 +127,10 @@ sub load {
         );
     }
 
-    if($path =~ m|opac/logout|) {
-        #return Apache2::Const::FORBIDDEN unless $self->cgi->https; 
-        $self->apache->log->warn("catloader: logout called in non-secure context from " . 
-            ($self->ctx->{referer} || '<no referer>')) unless $self->cgi->https;
-        return $self->load_logout;
-    }
-
-    return $self->load_password_reset if $path =~ m|opac/password_reset|;
-
     # ----------------------------------------------------------------
-    #  Everything below here requires SSL + authentication
+    #  Everything below here requires authentication
     # ----------------------------------------------------------------
-    return $self->redirect_auth
-        unless $self->cgi->https and $self->editor->requestor;
+    return $self->redirect_auth unless $self->editor->requestor;
 
     return $self->load_place_hold if $path =~ m|opac/place_hold|;
     return $self->load_myopac_holds if $path =~ m|opac/myopac/holds|;
index 92ab41e..21c08ab 100644 (file)
@@ -1741,6 +1741,7 @@ sub load_password_reset {
     } elsif ($barcode or $username) {
 
         my @params = $barcode ? ('barcode', $barcode) : ('username', $username);
+        push(@params, $email) if $email;
 
         $U->simplereq(
             'open-ils.actor', 
index ea9d63e..80e4e19 100755 (executable)
@@ -155,13 +155,7 @@ foreach my $def (@$defs) {
             printf STDERR "ERROR: No edi_default account found for $logstr.  File will not be sent!\n";
         }
 
-        my $jedi = $event->template_output()->data;
-
-        # Crucial identifiers won't contain unicode characters, and EDIFACT
-        # (or at least our translator) generally can't handle them anyway.
-        $jedi =~ s/\\u[0-9a-f]{4}//g;
-
-        $message->jedi($jedi);
+        $message->jedi($event->template_output()->data);
 
         print "\ntarget->provider->edi_default->id: ", $target->provider->edi_default->id, "\n";
         my $logstr2 = sprintf "event %s, PO %s, template_output %s", $_->{id}, $message->purchase_order, $event->template_output->id;
index b0533ac..144678e 100644 (file)
@@ -61,7 +61,9 @@
                     <td><input type="text" id="username" name="username"/></td>
                 </tr>
             </table>
-            <!--<label for="email">[% l('Email address associated with the account:') %] </label><input type="text" name="email"/></br>-->
+            [% IF ctx.get_org_setting(ctx.physical_loc || ctx.aou_tree.id, 'circ.password_reset_request_requires_matching_email') %]
+            <label for="email">[% l('Email address associated with the account:') %] </label><input type="text" name="email"/></br>
+            [% END %]
             <button name="submit" id="submitButton" type="submit">[% l('Submit') %]</button>
         </form>
         [% END %]
index a34f300..17fddab 100644 (file)
@@ -27,7 +27,7 @@
                     <a href="[% ctx.opac_root %]/home">[% l('Another Search') %]</a>
                 </div>
                 <div class="results_header_btns">
-                    <a href="[% ctx.opac_root %]/advanced">[% l('Advanced Search') %]</a>
+                    <a href="[% mkurl(ctx.opac_root _ '/advanced') %]">[% l('Advanced Search') %]</a>
                 </div>
                 [% IF ctx.mylist.size %]
                 <div class="results_header_btns cached_list_div">
index 4722cba..7d8aa09 100644 (file)
@@ -3,9 +3,28 @@ if (!dojo._hasResource["openils.widget.HoldingCode"]) {
     dojo.require("dijit.layout.ContentPane");
     dojo.require("dijit.form.DropDownButton");
     dojo.require("dijit.form.TextBox");
-    dojo.require("dijit.form.NumberTextBox");
+
+    /* XXX These variables and functions preceding the call to dojo.declar()
+     * all pollute the window namespace.  They're not written as methods for
+     * the openils.widget.HoldingCode "class," but they should probably move
+     * into there anyway.
+     */
 
     var _needed_fields = "abcdefghijklm";
+    var _season_store = new dojo.data.ItemFileReadStore({
+        "data": {
+            "identifier": "code",
+            "label": "label",
+            "items": [
+                {"code": 21, "label": "Spring"},
+                {"code": 22, "label": "Summer"},
+                {"code": 23, "label": "Fall"},
+                {"code": 24, "label": "Winter"}
+            ]
+        }
+    }); /* XXX i18n the above seasons. Also maybe don't
+         hardcode MFHD seasons here? */
+
 
     function _prepare_ttip_dialog(div, wizard) {
         dojo.empty(div);
@@ -48,6 +67,32 @@ if (!dojo._hasResource["openils.widget.HoldingCode"]) {
         _prepare_ttip_dialog_fields(div, fields, wizard);
     }
 
+    function _generate_dijit_for_field(field, tr) {
+        dojo.create("td", {"innerHTML": field.caption}, tr);
+
+        /* Any more special cases than this and we should switch to a dispatch
+         * table or somethingl. */
+        var input;
+        if (field.subfield == "j") {
+            input = new dijit.form.FilteringSelect(
+                {
+                    "name": field.subfield,
+                    "store": _season_store,
+                    "searchAttr": "label",
+                    "scrollOnFocus": false
+                }, dojo.create("td", null, tr)
+            );
+        } else {
+            input = new dijit.form.TextBox(
+                {"name": field.subfield, "scrollOnFocus": false},
+                dojo.create("td", null, tr)
+            );
+        }
+        input.startup();
+
+        return input;
+    }
+
     function _prepare_ttip_dialog_fields(div, fields, wizard) {
         /* XXX TODO Don't assume these defaults for the indicators and $8, and
          * provide reasonable control over them. */
@@ -66,17 +111,7 @@ if (!dojo._hasResource["openils.widget.HoldingCode"]) {
                         field.caption.slice(1);
                 }
 
-                dojo.create("td", {"innerHTML": field.caption}, tr);
-                var dij = field.subfield > "h" ?
-                    dijit.form.NumberTextBox : dijit.form.TextBox;
-                var input = new dij(
-                    {
-                        "name": field.subfield,
-                        "constraints": {"pattern": "####"}
-                    },
-                    dojo.create("td", null, tr)
-                );
-                input.startup();
+                var input = _generate_dijit_for_field(field, tr);
                 wizard.preset_input_by_date(input, field.caption.toLowerCase());
                 inputs.push({"subfield": field.subfield, "input": input});
             }
@@ -89,7 +124,7 @@ if (!dojo._hasResource["openils.widget.HoldingCode"]) {
                     inputs.forEach(
                         function(input) {
                             var value = input.input.attr("value");
-                            if (value === null || isNaN(value)) {
+                            if (value === null || value === "") {
                                 /* XXX i18n */
                                 alert("A valid holding code cannot be " +
                                     "produced with any blank fields.");
@@ -101,7 +136,8 @@ if (!dojo._hasResource["openils.widget.HoldingCode"]) {
                     wizard.code_text_box.attr("value", js2JSON(holding_code));
                     wizard.wizard_button.attr("disabled", false);
                     dojo.empty(div);
-                }
+                },
+                "scrollOnFocus": false
             }, dojo.create(
                 "span", null, dojo.create(
                     "td", {"colspan": 2},
index 75484c5..eb4fae4 100644 (file)
@@ -1,3 +1,5 @@
+dojo.require("dijit.form.DateTextBox");
+
 function fresh_scap_selector(grid) {
     /* this really needs to be sync, not async */
     pcrud.search(
index 125f57a..ae43f11 100644 (file)
@@ -213,7 +213,7 @@ RemoteRequest.prototype.send = function(blocking) {
                        url = 'http://'+XML_HTTP_SERVER+'/'+XML_HTTP_GATEWAY;
 
                if( url.match(/^http:/) && 
-                               (this.secure || location.href.match(/^https:/)) ) {
+                               (this.secure || location.href.match(/^https:/) || location.href.match(/^chrome:/) ) ) {
                        netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
                        url = url.replace(/^http:/, 'https:');
                }
index 931d174..fc2b5a6 100644 (file)
@@ -81,7 +81,12 @@ util.network.prototype = {
         //obj.error.sdump('D_SES','request '+ app + ' ' + name +' '+obj.error.pretty_print(sparams.slice(1,sparams.length-1))+
         //    '\noverride_params = ' + override_params + '\n_params = ' + _params + '\n');
 
-        try { 
+        try {
+
+            if (typeof _params == 'undefined') {
+                // If we're not using simple_request to get here, let's assume secure by default
+                _params = { 'secure' : true };
+            }
 
             var request =  this._request(app,name,params,f,override_params,_params);
             if (request) {
diff --git a/README b/README
index d8311e4..bc32c27 100644 (file)
--- a/README
+++ b/README
@@ -99,13 +99,13 @@ apt-get install python-software-properties
 add-apt-repository ppa:pitti/postgresql
 ------------------------------------------------------------------------------
 +
-  * Fedora 15 comes with PostgreSQL 9, so no additional steps are required.
+  * Fedora 16 comes with PostgreSQL 9, so no additional steps are required.
 +
 3. On Debian and Ubuntu, run `aptitude update` as the *root* Linux account to
    retrieve the new packages from the backports repository.
 4. Issue the following commands as the *root* Linux account to install
    prerequisites using the `Makefile.install` prerequisite installer,
-   substituting `debian-squeeze`, `fedora15`, `ubuntu-lucid`, `centos`, or
+   substituting `debian-squeeze`, `fedora16`, `ubuntu-lucid`, `centos`, or
    `rhel` for <osname> below:
 +
 [source, bash]
@@ -315,7 +315,7 @@ make -f Open-ILS/src/extras/Makefile.install install_pgsql_server_debs_91
 You can install the packages required by Fedora on the machine of your choice
 using the following commands as the *root* Linux account:
 
-.(Fedora 15) Installing PostgreSQL 9.0 server packages
+.(Fedora 16) Installing PostgreSQL server packages
 [source, bash]
 ------------------------------------------------------------------------------
 make -f Open-ILS/src/extras/Makefile.install install_fedora_pgsql_server
@@ -336,11 +336,10 @@ cpan MARC::File::XML
 cpan UUID::Tiny
 ------------------------------------------------------------------------------
 
-.(Fedora 15) Installing additional Perl modules on a standalone PostgreSQL 9 server
+.(Fedora 16) Installing additional Perl modules on a standalone PostgreSQL 9 server
 [source, bash]
 ------------------------------------------------------------------------------
 yum install gcc perl-XML-LibXML perl-XML-LibXSLT perl-Business-ISBN
-cpan JSON::XS
 cpan Library::CallNumber::LC
 cpan MARC::Record
 cpan MARC::File::XML