Kathy Lussier [Thu, 25 Feb 2016 17:26:02 +0000 (12:26 -0500)]
LP#1422802 Fix javascript validation for visible parts
The previous javascript validation was not working for records with just one
part. This one works better. Many thanks to Dan Wells for identifying the fix.
Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Ben Shum <ben@evergreener.net>
Martha Driscoll [Mon, 22 Feb 2016 20:34:15 +0000 (15:34 -0500)]
LP1229757 - Distinct images for holds, reserves, transits
This commit changes the references to turtle.gif to three new images
holdshelf.png, reserve.png, and transit.png. When checking in a copy
that needs to go on the hold shelf, on the reservation shelf, or
in transit, a distinct image will show in the pop-up window.
This commit adds support for 'parts' import in Vandelay. It is
modeled after the existing support for stat cat import. As such, it:
- Uses '|' characters to separate labels to allow for multiple
part assignment.
- Adds to (rather than replaces) any existing parts assigned to overlay
copies.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Dan Wells [Tue, 26 Jan 2016 19:22:21 +0000 (14:22 -0500)]
LP#1468422 Use auth_internal.validate to shore up AuthProxy
Even if a user has valid credentials in the external system, we should
block them from logging in if their Evergreen account is out of sorts.
Use the API designed for this.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Bill Erickson <berickxx@gmail.com>
Previously, AuthProxy.pm would simply lookup and use the hashed password
when the external authentication had passed. This simple method no
longer works, since even cstore doesn't have access to the hashed
password.
Instead, take advantage of the new 'auth_internal' service to create the
user session after the user has been externally authenticated.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Bill Erickson <berickxx@gmail.com>
Basically, if we aren't given a username, and we can't find a username
by barcode, give up immediately. This helps simplify the rest of the
code a bit.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Bill Erickson <berickxx@gmail.com>
Avoid what may be an unacceptible login delay caused by work factor 14
by dropping down to 10. This reduces the CRYPT() time from ~1 second to
~.1 seconds.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Prevent leaking information from authentication by only reporting that a
card is inactive if the caller provided the correct credentials. This
is consistent with how the code handles inactive patrons.
To avoid a lot of code duplication and to reduce the potential for
leaking memory (C code, amiright?), this commit includes a number of
changes to avoid exiting the API function early and saving the memory
cleanup routines until the end of the API call.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
User update in Actor.pm was the only remaining code that leveraged
the open-ils.storage remote_update API. With that code moving to
open-ils.cstore, save some RAM by no longer auto-loading/publishing
remote_update methods.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Migrate the user update code from open-ils.storage to open-ils.cstore.
This has several benefits:
1. We can re-use the patron password update code
2. Several actions (bad contacts, invalid address) which previously
resulted in data modifications outside the main transaction now
take place with the main patron update transaction.
3. Bigger, better, faster, stronger.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Service is responsible for adding user data to the authentication cache.
Cache times are determined from opensrf.xml/AOUS settings. No
authentication checks are performed.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Bill Erickson [Fri, 17 Jul 2015 20:00:17 +0000 (16:00 -0400)]
LP#1468422 Password storage/migration SQL getting started
* Backwards compatible salted password storage using pgcrypt
* Adds actor.passwd and actor.passwd_type tables
* Includes pgtap tests
* Includes installation of pgcrypto
Current flow:
1. Application requests a salt to use as the CHAP-style seed
2. If new-style password exists, salt is returned.
3. Else, old password is migrated and the new salt is returned.
4. App finalizes login by checking verify_passwd.
== continued...
Store the iter_count and start using the crypt_algo column.
Make it possible to change the salt, and potentially strengthen
the salt, when changing passwords.
Make is possible to start salt-less passwords, for pw's that are managed
outside of the DB.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Bill Erickson [Thu, 25 Feb 2016 18:33:20 +0000 (13:33 -0500)]
LP#1333254 Improve entry debit maintenance for inv. open/close.
Improve handling of debit->entry links for invoices that cross the
open/close boundary, modifying the number of items invoiced on an entry,
and rolling back invoice entry debits.
Prior to this, some debits would be unnecessarily linked to entries and
fail to clean up properly when rolled back.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Set encumbrance=false on invoiced fund debits when the invoice is closed
(complete=true) instead of when the invoice is created.
To test:
1. Activate a purchase order.
2. Create an invoice for the PO.
3. Confirm PO shows same amount encumbered as befor invoicing and $0
paid.
4. Close the invoice.
5. Confirm amount encumbered on the PO is reduced by the amount invoiced
and the amount paid on the PO is increased by the amount invoiced.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Checkout history is now derived from the new action.usr_circ_history
table. When a patron disables circ history, all history is deleted from
the new table. Also, when disabling circ or holds history, the patron
is now warned if data will be deleted or, in the case of holds, become
inaccessible.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Adds a new table action.usr_circ_history for tracking opt-in checkout
history. History is maintained via trigger on action.circulation.
Includes updates to html/email/csv checkout history templates to
gracefully handle NULL checkin_time values, since history starts as soon
as an item is checked out.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Bill Erickson [Sat, 16 Jan 2016 20:15:01 +0000 (15:15 -0500)]
LP#1452950 Remove unsaved data warning after click-thru
Once the user clicks through the unsaved data warning, clear the warning
for future navigation. If more fields are changed, the warning will be
reinstated.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Bill Erickson [Thu, 19 Nov 2015 13:47:09 +0000 (08:47 -0500)]
LP#1452950 Patron reg loading dialog; more caching
* Hide the patron edit form and show a loading dialog while data loads.
* Cache net access levels and ident types to speed up navigation between
patron edit and other pages within the patron app.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Set the current field doc via function instead of directly within the
ng-click handler. For unknown reasons, the direct approach was not
working with addresses.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
For new patrons, focus the barcode field. For existing patrons, disable
the barcode field (except when a new barcode is needed) and focus the
username field by default.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Replace patron barcode. Includes duplicate barcode detection, but no
styling/warning is produced when a dupe is found, since the structure
for handling invalid form fields in patron reg does not yet exist.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Recover the patron summary show/hide link, which was lost in the
fixed-position elements shuffle. This moves the patron's name back into
the fixed bar along the top so that it's always visible, as before.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Wire up links for Required, suggested, and All fields links.
Also move the patron control bar out to its own template since it must
be loaded from 2 different places in the markup, one for edit and one
for register.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Register patron now has a page-level banner consistent w/ other
full-page UI's. Patron edit gets a smaller header since it's nestled
under the patron tabs.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
* Reduce vertical space by a few pixels
* Make field labels non-bold
* Make input fields bold
* Remove duplicate padding to avoid label misalignment.
* Use blue alert-info banner along the top of the screen.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Sort each level of the shared org unit tree in the browser client by org
unit shortname. This primarily affects org unit selectors / dropdowns
(unless otherwise sorted).
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
* floating save, clone, etc pane arranged vertically with less padding.
* reduce vertical spacing between fields
* alert_message field rendered as textarea
* avoid showing 'Example:' label when no phone example exists.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Galen Charlton <gmc@esilibrary.com>