Mike Risher [Thu, 16 Jul 2020 23:12:31 +0000 (23:12 +0000)]
LP#
1887866: add aria-labels to AngularJS grid controls
This is a modified version of a patch originally by Mike Risher
to add some aria-label attributes to the AngularJS grid.
Signed-off-by: Mike Risher <mrisher@catalyte.io>
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jason Stephenson [Thu, 18 May 2023 19:21:40 +0000 (15:21 -0400)]
Forward port 3.9.2 to 3.9.3 database upgrade script
Signed-off-by: Jason Stephenson <jason@sigio.com>
Jason Stephenson [Thu, 18 May 2023 17:37:59 +0000 (13:37 -0400)]
Add Test::MockModule prerequisite needed for some tests
This was apparently missed when an email test was added to 3.9.
Signed-off-by: Jason Stephenson <jason@sigio.com>
Jason Stephenson [Wed, 17 May 2023 20:49:59 +0000 (16:49 -0400)]
Improve 3.9.3 release notes formatting
Signed-off-by: Jason Stephenson <jason@sigio.com>
Jason Boyer [Wed, 17 May 2023 20:11:50 +0000 (16:11 -0400)]
Update release notes with security fixes
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Andrea Buntz Neiman [Mon, 15 May 2023 20:06:42 +0000 (16:06 -0400)]
Docs: Update release notes for 3.9.3
Signed-off-by: Andrea Buntz Neiman <abneiman@equinoxinitiative.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Galen Charlton [Fri, 7 Apr 2023 16:18:45 +0000 (12:18 -0400)]
LP#
2004055: add release notes
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Jason Boyer [Wed, 17 May 2023 16:06:31 +0000 (12:06 -0400)]
LP#
2004055: Stamp Upgrade Script
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Rylander [Thu, 6 Apr 2023 20:18:56 +0000 (16:18 -0400)]
LP#
2004055: Simpler Display Field highlighting
This commit uses database functions to precompute the normalized and
tokenized tsquery required for highlighting before it is returned to the
user, and disallows highlight-time compilation of the highlight map.
The primary purpose of this is to avoid the chance for user input to
find its way directly into SQL statements, but an additional benefit is
that it becomes much simpler for high level application code to make use
of Display Field highlighting in non-search contexts.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Rylander [Tue, 21 Feb 2023 21:46:19 +0000 (16:46 -0500)]
Malicious search protect release notes
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Rylander [Fri, 11 Nov 2022 19:38:55 +0000 (14:38 -0500)]
Allow QP tester to run without a full stack in simple situations
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Rylander [Fri, 12 Oct 2018 18:43:26 +0000 (14:43 -0400)]
LP#
1775958: Rework pullup mechanism to flatten more nested queries
The bulk of this commit reworks the query tree pullup logic, which is
responsible for simplifying the query tree that is used to generate the
SQL query for search. In particular, we now do a better job of finding
opportunities to merge adjacent parts of the query that have the same
requested_class (pre-dealiasing) in the face of boolean OR operators,
explicit grouping, and alternating requested_class values. The result
is fewer joins in the SQL, which should speed up all but the most
trivial searches, and generally help protect the database from mis- or
mal-constructed queries. We also now use CTEs to separate branches of
the logical search tree into descrete subqueries, which helps reduce
the total core query JOINs, and provides the planner with more options
for join order.
This also does away with the conversion of a negated atom into an
"un-phrase". Instead, we just detect and handle those directly as atoms
with a prefix, as appropriate. This allows single negated words to be
used directly in the core tsquery construct, rather than having them
require a separate join and special where clause.
Additionally, this commit handles phrases differently at both the QP and
SQL level, making use of Postgres's phrase support in modern versions
and simplifying how they're handled within the base parse tree
structure.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Jason Boyer [Wed, 17 May 2023 14:59:17 +0000 (10:59 -0400)]
LP#
1908576: Stamp Upgrade Script
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Rylander [Tue, 21 Feb 2023 22:04:49 +0000 (17:04 -0500)]
Login redirect restriction release notes
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Rylander [Thu, 1 Dec 2022 19:13:35 +0000 (14:13 -0500)]
LP#
1908576: Restrict login redirection
This commit implements a new global flag: opac.login_redirect_domains
When this flag is enabled, redirection from login via redirect_to will
be restricted to local URLs. For local URLs, they must either start
with a / (provide an absolute path) or the hostname in the URL must
match the current hostname and have a scheme of http, https, ftp, or
ftps.
The value for the global flag can be set to a list of comma-separated
domain names. Redirection to these domains, and subdomains/hosts
thereof, will also be allowed. For all non-local URLs allowed by the
global flag value, the scheme must be one of http, https, ftp, or ftps.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Galen Charlton [Wed, 17 May 2023 13:47:47 +0000 (09:47 -0400)]
Translation updates - xtb files - 3.9
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Wed, 17 May 2023 13:30:46 +0000 (09:30 -0400)]
Translation updates - po files - 3.9
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Wed, 10 May 2023 19:45:05 +0000 (15:45 -0400)]
LP#
2019150: link to AngularJS Patron Requests interface
Due to a presumed timing issue in 2018, the AngularJS patron purchase
request interface created in bug
1774277 was never linked to from the
Angular navbar (only the AngularJS one).
This patch fixes this.
To test
-------
[1] Apply the patch.
[2] From the Angular menu, go to Acquisitions -> Patron Requests
and verify that it loads the AngularJS interface rather
than the legacy Dojo one.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Jason Boyer [Fri, 12 May 2023 17:44:14 +0000 (13:44 -0400)]
LP1915326: Followup to Silence Offline / Shared Worker Errors
The user agent string hasn't been 'PhantomJS' for quite some time, so look for
'Headless' and add that to the Firefox launcher. Also redirect requests for
offline-db-worker.js to the current directory.
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Galen Charlton [Fri, 12 May 2023 14:48:45 +0000 (10:48 -0400)]
LP#
1915326: fix AngularJS test suite
Several tests of egOrg started failing when Lovefield
was added as a dependency. This patch fixes them by
ensuring that Lovefield is loaded.
To test
-------
[1] Go to Open-ILS/web/js/ui/default/staff and run
`npm run test`. Note that six tests fail because
'lf' is undefined.
[2] Apply the patch and repeat step 1. This time, all
of the tests should pass.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Galen Charlton [Fri, 12 May 2023 20:25:01 +0000 (16:25 -0400)]
Translation updates - newpot - rel_3_9
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jeff Davis [Tue, 7 Feb 2023 19:33:07 +0000 (11:33 -0800)]
LP#
1778567: don't return cached list/tree before updating
The absorbList function can be used to append items to an existing
cached list (and ditto for absorbTree), so we shouldn't start off by
returning the cached version.
Thanks to James Fournie for catching this.
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Signed-off-by: Ruth Frasur <rfrasur@library.in.gov>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Stephanie Leary [Wed, 3 May 2023 17:39:41 +0000 (17:39 +0000)]
LP2002363 Aria labels for catalog search +/- buttons
Adds aria-label to the staff catalog search row plus/minus buttons. The
labels match the title attributes on the buttons, to allow dictation
users to identify the phrases that should be spoken to select the
buttons.
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org>
Signed-off-by: Chrystal Messam <messamc@liveoakpl.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jane Sandberg [Mon, 6 Mar 2023 00:57:50 +0000 (16:57 -0800)]
LP1808016: improve error handling by open-ils.pcrud
This patch ensures that requests to open-ils.pcrud return
an error code (before the request completion code) when
a permissions or constraint check fails.
To test
-------
[1] Make an invalid request, e.g., by attempting to create a claim
type whose owner is not set in the Acquisitions Claiming admin
interface.
[2] Note that the user interface reports that the action succeeds
(although the new claim type is not actually created).
[3] Apply the patch and repeat step 1. This time, the admin interface
shoudl report that the creation failed.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Thu, 11 May 2023 13:28:04 +0000 (09:28 -0400)]
LP2008918: (follow-up) explicitly set modal title BG color
Needed because the fixes for LP#
1991562 are not in rel_3_9
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Wed, 10 May 2023 15:53:35 +0000 (11:53 -0400)]
LP2008918: (follow-up) standardize on the info cyan for the modal headers
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jane Sandberg [Fri, 3 Mar 2023 02:30:27 +0000 (18:30 -0800)]
LP2008918: use new default colors for modal headers
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jane Sandberg [Wed, 1 Mar 2023 17:37:32 +0000 (09:37 -0800)]
LP2008918: default modal background color
To test:
1) Open the holdings editor in the angular staff catalog
2) right click on an item
3) select Add/Manage Item notes
4) Note that you can't see the text at the top of the modal, nor can you see the close button
5) Apply this patch and repeat steps 1-3
6) Note that the modal header is a darker color, so the text and close button are again visible.
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxOLI.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Stephanie Leary [Mon, 8 May 2023 22:37:27 +0000 (22:37 +0000)]
LP2015137 Tab order for admin splash link tables
Replaces row/column logic with CSS columns in the link table component
used in settings screens. This allows the user to tab through the
settings in alphabetical order, rather than the three-across groupings
that previously broke up similarly named settings.
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Galen Charlton [Wed, 29 Mar 2023 16:09:32 +0000 (12:09 -0400)]
LP#
2013223: quiet browser console noise from some AngularJS grids
This patch quells console error noise from certain AngularJS grids.
To test
-------
[1] Go to the AngularJS Renew Items, Holds Shelf, or patron holds list
pages.
[2] Note that the brower console has a lot of "TypeError: action.handler is undefined"
error messages.
[3] Apply the patch and repeat step 1. This time, the "action.handler"
errors should be gone.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org>
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Chris Sharp [Tue, 9 May 2023 15:08:25 +0000 (11:08 -0400)]
LP#
1920826: Add release notes and stamp upgrade script
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Galen Charlton [Fri, 31 Mar 2023 22:11:36 +0000 (18:11 -0400)]
LP#
1920826: ensure that some DB updates missed in 3.6.0 are included
This patch fixes a situation where an Evergreen database that had
been been upgraded to 3.6.0 at some point in its past using the
3.5.1-3.6.0 DB update script may be missing some DB revisions.
To test
-------
[1] Locate a test database that had been upgraded to 3.6.0 at some point
and is missing some or all of DB revisions 1236-1240.
[2] Run the DB update in this patch.
[3] Verify that the DB revisions are in place and that the following
bugs are resolved:
- https://bugs.launchpad.net/evergreen/+bug/
1788260 (1236)
- https://bugs.launchpad.net/evergreen/+bug/
1908727 (1237)
- https://bugs.launchpad.net/evergreen/+bug/
1835127 (1238)
- https://bugs.launchpad.net/evergreen/+bug/
1910891 (also 1238)
- https://bugs.launchpad.net/evergreen/+bug/
1882825 (1239)
- https://bugs.launchpad.net/evergreen/+bug/
1096209 (1240)
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Jane Sandberg [Fri, 3 Mar 2023 23:55:43 +0000 (15:55 -0800)]
LP1972917: fix circ modifier column in course materials grid
To test:
1. Add a circulation modifier to your system if it doesn't
already have some.
2. In Local Admin > Course Materials > Edit Course > Course
Materials, turn on the circ modifier column in the grid.
3. Associate an item with the course using its barcode.
Make sure you have selected a circulation modifier and
checked the circulation modifier box.
4. Press the "Add Material" button.
5. Note that the circulation modifier column says
"[Object object]"
6. Apply this patch and repeat steps 2-4.
7. Note that the column now has the name of the circulation
modifier.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Signed-off-by: Jennifer Pringle <jennifer.pringle@bc.libraries.coop>
Signed-off-by: Beth Willis <willis@noblenet.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Michele Morgan [Wed, 1 Mar 2023 17:18:09 +0000 (12:18 -0500)]
LP2001728 - Don't display circ_staff for opac and autorenewals
Item Status Circ History List: Displays the placeholder <OPAC Renewal>
or <Auto-renewal> instead of the patron information in the Check Out
Staff field.
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Signed-off-by: Gina Monti <gmonti@biblio.org>
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Dan Briem [Thu, 16 Mar 2023 18:21:03 +0000 (14:21 -0400)]
LP#
2004052 Hold Shelf Actions Menu Includes Irrelevant Actions
Removes Activate, Suspend, Set Top of Queue, Un-Set Top of Queue,
Set Desired Item Quality, Transfer to Marked Title from the
actions menu on the Holds Shelf grid.
Signed-off-by: Dan Briem <dbriem@wlsmail.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Jason Boyer [Thu, 6 Apr 2023 14:46:54 +0000 (10:46 -0400)]
LP2015481: Re-align Labels for Circ History
Move Call number to the end of the Circ History table to match Items Out
and also correct the label order for narrow screen CSS.
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Stephanie Leary [Wed, 3 May 2023 12:46:15 +0000 (12:46 +0000)]
LP2015141 Labels for email record math captcha
Adds a <label> tag surrounding the math problem shown to users who are
not logged in when they email a record from the OPAC.
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jeff Davis [Thu, 4 May 2023 18:13:42 +0000 (11:13 -0700)]
LP#
2018534: treat year as numeric when retrieving item circs by year
The open-ils.pcrud.search.circbyyr API uses EXTRACT to extract the year
from circulation timestamps. In recent versions of Postgres, the return
type for EXTRACT was changed from double precision to numeric (thanks to
Jason Boyer for noticing this!); for obscure reasons, this causes pcrud
to return the year as a string instead of a number. So, let's get the
staff client to force those values to be numbers before doing math with
them.
Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Stephanie Leary [Wed, 3 May 2023 17:18:59 +0000 (17:18 +0000)]
LP2018208 Empty alt for result record images, icons
Adds empty alt attributes for jacket images and format icons that are
immediately followed by equivalent text representations, and are
therefore redundant for screen reader users.
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Wed, 3 May 2023 15:35:25 +0000 (11:35 -0400)]
Translation updates - newpot - rel_3_9
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Gina Monti [Tue, 14 Feb 2023 16:07:04 +0000 (11:07 -0500)]
Updating fonts and sounds settings
No LP, DIG revamp project.
Changing to Disable Sounds
Fixing typo.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Britta Dorsey [Wed, 26 Apr 2023 15:58:14 +0000 (11:58 -0400)]
Docs: updates to record buckets
Signed-off-by: Britta Dorsey <bdorsey@library.in.gov>
Signed-off-by: Andrea Buntz Neiman <abneiman@equinoxinitiative.org>
Galen Charlton [Thu, 30 Mar 2023 18:11:26 +0000 (14:11 -0400)]
LP#
1791791: remove a regression regression on bug
1923225
This was introduced on the Bootstrap side by the patch for
bug
1955403.
To test:
[0] This applies to the Bootstrap OPAC skin.
[1] Perform a search on ISBN.
[2] Note that on the record page, the ISBN (under more details)
is not properly highlighted.
[3] Apply the patch and repeat step 1. This time, the ISBN
should be highlighted.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Thu, 30 Mar 2023 18:06:35 +0000 (14:06 -0400)]
LP#
1791791: prevent regression on bug
1923225
Ensures that when doing an ISBN search, the ISBN on the record
page is properly highlighted.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Garry Collum [Sun, 19 Dec 2021 01:31:22 +0000 (20:31 -0500)]
LP1791791: Google book previews not displaying from a bib linked from a search.
The javascript that queries Google Books Preview looks for ISBN(s) wrapped in
a rdetail_value class. There was a line of code in which the isbn variable
was not enclosed in this class. This patch just wraps that stray variable
into a <span> with the class.
To test:
0. Use the TPAC skin - this bug does not affect the Bootstrap skin
1. Perform a keyword search for an bib that should have a google book's link.
As of March 2023, ISBN
9780786496570 has previews enabled.
2. Go to the bib display and notice that there is no link.
3. Remove the ';query=something' text from the url and notice that the
google book information displays.
4. Apply the patch.
5. Perform the same search. The google book information should now display.
Signed-off-by: Garry Collum <gcollum@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jeff Davis [Tue, 15 Nov 2022 23:11:49 +0000 (15:11 -0800)]
LP#
1996651: treat empty string as null for preferred name/alias in wide_hold_data
This prevents the patron name from appearing blank in the hold shelf
"User Display Name" or "User Alias or Display Name" columns when the
alias or preferred name fields are empty strings.
Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop>
Signed-off-by: Susan Morrison <smorrison@georgialibraries.org>
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Stephanie Leary [Fri, 14 Apr 2023 21:43:02 +0000 (21:43 +0000)]
LP2016341 Fix duplicate ID in staff catalog record
Gives the actions button area a different ID than the navigation.
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxoli.org>
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Garry Collum [Fri, 13 Aug 2021 17:41:02 +0000 (13:41 -0400)]
LP1889916 SMS Carrier does not include region in borrower edit screen
Displays the region next to the carrier name and in the borrower edit and
create screens. Also sorts the carrier names alphabetically.
Signed-off-by: Garry Collum <gcollum@gmail.com>
Signed-off-by: Josh Stompro <stomproj@larl.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Tue, 4 Apr 2023 15:10:21 +0000 (11:10 -0400)]
LP#
1716479: (follow-up) fix handling of onSave callbacks for AngularJS MARC edit
This patch fixes an issue that has been present for a while but
clarified by Beth Wills in the course of testing the base patch
for this bug.
Specifically, the routine to process onSave callbacks was
not bound to the scope properly, meaning that the wrong onSave
callbacks could be run when dealing with mutiple active
egMarcEditRecords.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jane Sandberg [Thu, 29 Aug 2019 01:09:35 +0000 (18:09 -0700)]
LP1716479: Make sure authority linker works in embedded MARC editors
1) Perform a z39.50 search
2) Select a record
3) Click Edit then Import
4) Click on the link next to any authorizable field.
5) You will see a mysteriously data-free heading: {{bibField.tag}} {{bibField.ind1}}{{bibField.ind2}}
6) Clicking on the "Immediately" and "Create and edit" buttons doesn't work.
7) Apply this patch and repeat steps 1-6.
8) Note that the heading is now correct, and the buttons work.
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
Signed-off-by: Jennifer Weston <jennifer.weston@equinoxOLI.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jason Stephenson [Mon, 3 Apr 2023 17:01:54 +0000 (13:01 -0400)]
Docs: Fix README link yet again
Commit
fcd1cf61de0f13495116fd59460d4f741aa91fa9 replaced the README
link with the contents of the file.
This commit restores the link.
Signed-off-by: Jason Stephenson <jason@sigio.com>
Jason Stephenson [Mon, 3 Apr 2023 16:40:46 +0000 (12:40 -0400)]
Docs: More README Cleanup
Fix "Installing PostgreSQL server packages" heading. It was showing
up as a list entry.
Drop the text about installing additional packages for the database,
since there are none to install at this time. (We could replace that
with a subsection on the packages required for a standalong databse
server without all of Evergreen installed on it.)
Add a "Create the Evergreen PostgreSQL user" heading above the
instructions to creat the evergreen user in the database.
Co-authored-by: Ben Shum <ben@evergreener.net>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Jason Stephenson [Fri, 10 Feb 2023 15:06:03 +0000 (10:06 -0500)]
LP1970476: Restore Localization Function Wrapper
The previous commit removed the l() function wrapper from two bits of
text when it probably should not have. This commiet restores it.
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: John Amundson <jamundson@cwmars.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Terran McCanna [Wed, 19 Oct 2022 14:54:19 +0000 (10:54 -0400)]
LP1970476 Where filter in Bootstrap Catalog Produces Unwanted Results
Prior to this change, the Advanced Search page split the library selector
and the "Where" scope selector into two separate dropdown lists that
produced unexpected results when both were used.
This change uses the same approach as the combined dropdown on the Basic
search page instead.
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Signed-off-by: John Amundson <jamundson@cwmars.org>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Fri, 31 Mar 2023 14:10:55 +0000 (10:10 -0400)]
LP#
1981774: (follow-up) fix a straggling "opac-button"
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jeff Davis [Fri, 15 Jul 2022 22:28:24 +0000 (15:28 -0700)]
LP#
1981774: use Bootstrap CSS classes for buttons instead of opac-button
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Signed-off-by: Garry Collum <gcollum@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jeff Davis [Fri, 15 Jul 2022 22:32:28 +0000 (15:32 -0700)]
LP#
1981774: fix button CSS on curbside in Bootstrap OPAC
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Signed-off-by: Garry Collum <gcollum@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Fri, 31 Mar 2023 13:43:53 +0000 (09:43 -0400)]
LP#
1752334: (follow-up) adjust to allow "0" as a note
Also ignore the additional note parameter if all it has
are zero or more whitespace characters.
It's unlikely that a client would want to set the additional
note to "0", but it's nonetheless a good idea to distinguish
between difference versions of Perl's false value.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Josh Stompro [Thu, 28 Feb 2019 16:41:01 +0000 (10:41 -0600)]
LP#
1752334 - BadContact, use additional note if provided.
If an additional note is provided when marking a contact invalid,
then that note should be appended to the penalty note field.
This change adds that functionality. This doesn't change the results
for staff that are using the invalidate buttons in the client, since
there isn't a chance to add an additional note from that interface.
But if someone is calling open-ils.actor.invalidate.email via some other
method, then you can specify the additional note.
I would like to be able to add extra notes when automatically processing
bounced emails, to give staff a clue as to why the email failed. Such as
"<email> Account over quota for past 3 weeks, ask patron to check their account."
Includes a new perl live test to check the new behavior, along with all
the open-ils.actor.invalidate.* call options.
Testing plan:
Before fix.
1. Choose a patron with an email address and note their patron id number.
2. Run an srfsh shell.
3. Login to get an auth token 'login username password'
4. Run the invalidate email command to mark the users email invalid, including
an addition note value.
srfsh# request open-ils.actor open-ils.actor.invalidate.email "<authtoken>" "<patronid>" "Testing Additional Note"
5. Take a look at the patron account and see that the penalty message only
includes a copy of the email address that was marked invalid.
After fix.
1. Restart the opensrf actor service if needed to re-read the changed perl module.
osrf_control -l --service open-ils.actor --restart
2. Remove the penalty and re-add email address to test patron's account.
3. Run an srfsh shell.
4. Login to get an auth token 'login username password'
5. Run the invalidate email command to mark the users email invalid,
including an addition note value.
srfsh# request open-ils.actor open-ils.actor.invalidate.email "<authtoken>" "<patronid>" "Testing Additional Note"
6. Take a look at the patron account and see that the penalty message note
now includes the additional note.
Run the live test at Evergreen/Open-ILS/src/perlmods/live_t
perl ./36-lp1752334-badcontact.t
Signed-off-by: Josh Stompro <stomproj@larl.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jane Sandberg [Thu, 21 Jul 2022 00:00:24 +0000 (20:00 -0400)]
LP1879517: Surveys shouldn't end before they begin
To test:
1. Go to Admin > Local > Surveys.
2. Create a new survey.
3. Attempt to create a survey where the end date
comes before the start date. Without this patch, you will get
no notice that this is invalid, and you can save the invalid
record.
4. Edit an existing survey.
5. Repeat step 3 while editing the existing survey.
6. Apply the patch.
7. Repeat steps 1-5. Note that you now get a notice and
cannot save if the end date is before the start date.
This commit generalizes a validator already present in the booking
module, and corrects several small bugs related to the datetime-select
component.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Signed-off-by: Susan Morrison <smorrison@georgialibraries.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
blake [Tue, 15 Mar 2022 16:48:12 +0000 (11:48 -0500)]
LP#
1964986: encourage distinct results when querying the ahopl IDL source
This patch addresses a now-theoretical issue where a direct PCRUD
query of ahopl could return duplicate rows in cases where the patron
linked to the hold request has multiple penalties attached.
The significance of this change is likely minor nowadays, as ahopl
was directly used by Evergreen only by the Dojo and AngularJS hold
pull lists, and as of 3.8 the Evergreen Angular pull list uses a
different approach for querying the pull list. However, until such
time as ahopl is deprecated and removed, this change may help
local integrations.
Signed-off-by: blake <blake@mobiusconsortium.org>
Signed-off-by: Jennifer Weston <jennifer.weston@equinoxOLI.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jason Boyer [Tue, 28 Mar 2023 17:35:42 +0000 (13:35 -0400)]
Remove test for feature not in branch.
LP
2002435 accidentally brought in the defaultNewRecord test added in LP
1989348
which fails as expected because that patch is not in this branch.
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Galen Charlton [Mon, 27 Mar 2023 19:55:32 +0000 (15:55 -0400)]
LP#
1972738: add release note entry
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Mon, 27 Mar 2023 19:53:31 +0000 (15:53 -0400)]
LP#
1972738: stamp schema update
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Mon, 27 Mar 2023 19:52:18 +0000 (15:52 -0400)]
LP#
1972738: add an ANALYZE after the index gets created
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jason Stephenson [Tue, 10 May 2022 15:07:25 +0000 (11:07 -0400)]
LP1972738: Add index on hopeless date
Add an index on action.hold_request hopeless_date column to speed up
hopeless holds processing.
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Chris Sharp [Wed, 8 Mar 2023 16:25:01 +0000 (11:25 -0500)]
LP#
1369345: de-duplicate ILS events and clean up whitespace
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Mon, 27 Mar 2023 15:50:39 +0000 (11:50 -0400)]
clear RELEASE_NOTES_NEXT after releease of 3.9.2
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Mon, 27 Mar 2023 15:46:18 +0000 (11:46 -0400)]
forward-port version upgrade scripts
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Fri, 24 Mar 2023 18:40:16 +0000 (14:40 -0400)]
Translation updates - newpot
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Michele Morgan [Fri, 24 Mar 2023 17:00:00 +0000 (13:00 -0400)]
Docs: 3.9.2 release notes - edited
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Fri, 24 Mar 2023 17:42:39 +0000 (13:42 -0400)]
update 3.8.3 release notes to include security fix information
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Fri, 24 Mar 2023 17:41:24 +0000 (13:41 -0400)]
update 3.9.2 release notes to include security fix information
Also fixes a typo
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Andrea Buntz Neiman [Thu, 23 Mar 2023 21:18:12 +0000 (17:18 -0400)]
Docs: 3.9.2 release notes
Signed-off-by: Andrea Buntz Neiman <abneiman@equinoxinitiative.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Andrea Buntz Neiman [Thu, 23 Mar 2023 19:11:35 +0000 (15:11 -0400)]
Docs: 3.8.3 release notes
Signed-off-by: Andrea Buntz Neiman <abneiman@equinoxinitiative.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Thu, 23 Mar 2023 21:22:54 +0000 (17:22 -0400)]
LP#
1361782: (follow-up) fix the default search limit in seed data
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Thu, 23 Mar 2023 19:11:49 +0000 (15:11 -0400)]
LP#
1361782: stamp DB update
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Mike Rylander [Tue, 21 Feb 2023 20:36:46 +0000 (15:36 -0500)]
DoS protection release notes
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Mike Rylander [Tue, 22 Nov 2022 21:38:03 +0000 (16:38 -0500)]
LP#
1361782: Add DoS protection
This commit adds two types of simple DoS protection:
* Limit concurrent search requests per client IP address, regardless of
the searches being performed. This helps address issues of accidental
spamming from a malfunctioning OPAC workstation, or crawlers of various
types. The limit is controlled by a global flag called
"opac.max_concurrent_search.ip".
* Limit the global concurrent search requests for the same query. This
helps address both simple and distributed DoS that send the same search
request over and over. The limit is controlled by a global flag called
"opac.max_concurrent_search.query", and defaults to 20.
When the limit is exceeded in either case the client receives an HTTP
429 "Too many requests" response from the web server, and the connection
is ended.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Mike Rylander [Tue, 21 Feb 2023 21:53:53 +0000 (16:53 -0500)]
qtype CGI param protection release notes
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Mike Rylander [Thu, 17 Nov 2022 22:11:38 +0000 (17:11 -0500)]
LP#
1811685: qtype CGI parameter checking
With this commit we throw away searches with invalid qtype value based
on configured classes and aliases. Invalid qtype values have been seen
in the wild as part of attempted (but failed) SQL injection attacks, so
we will tighten up what we accept.
As an additional (unrelated) bonus, this commit also avoids prepending
the search class on basic search when the class (from qytpe) is not
exactly "keyword".
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Jessica Woolford [Fri, 9 Dec 2022 15:54:43 +0000 (10:54 -0500)]
LP #
1965447: adjust scoping of item tags Angular Holdings Editor
Scopes to the org unit and ancestors of the signed-in
user's workstation when adding a new item tag.
Signed-off-by: Jessica Woolford <jwoolford@biblio.org>
Signed-off-by: Beth Willis <willis@noblenet.org>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Josh Stompro [Fri, 17 Mar 2023 19:14:43 +0000 (14:14 -0500)]
LP#
2012105 - Comment typo in AddedContent.pm
Small tiny comment typo HTPP istead of HTTP
Signed-off-by: Josh Stompro <stompro@stompro.org>
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Michele Morgan [Fri, 17 Mar 2023 14:46:31 +0000 (10:46 -0400)]
LP#
2002435 release note
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Jane Sandberg [Fri, 3 Feb 2023 00:15:32 +0000 (16:15 -0800)]
LP2002435: Add optional undelete action to basic admin page
By default, this undelete action is only enabled on the shelving
location editor.
Also, only show admin page delete button if everything
selected is deleteable
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Jane Sandberg [Wed, 11 Jan 2023 03:17:18 +0000 (19:17 -0800)]
LP2002435: Don't allow shelving location fm-editor to change delete flag
To test:
1. Go to the Local Admin > Shelving Locations Editor screen
2. Select a location and edit it.
3. Note that with this patch in place, the Delete checkbox
is no longer editable.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
spmorrison [Wed, 8 Mar 2023 19:59:21 +0000 (14:59 -0500)]
Docs: Update describing_your_organization.adoc
Updated the Create and edit Organization Unit Types section as well as the Organization Units sections to update text and add screenshots. Also added instructions for hours of operation notes (released in 3.10).
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Gina Monti [Tue, 14 Feb 2023 15:49:32 +0000 (10:49 -0500)]
Updating best practices for web browser to include turning off Google Translate
For the DIG revamp project. No LP.
Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Andrea Buntz Neiman [Wed, 8 Mar 2023 21:33:42 +0000 (16:33 -0500)]
Docs: removing XUL reference from web staff client intro page
Signed-off-by: Andrea Buntz Neiman <abneiman@equinoxinitiative.org>
Jane Sandberg [Tue, 20 Sep 2022 13:40:03 +0000 (06:40 -0700)]
Docs: LP1863921 max-old-space-size param when building angular
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Signed-off-by: Andrea Buntz Neiman <abneiman@equinoxinitiative.org>
Jason Boyer [Sun, 5 Mar 2023 21:40:25 +0000 (16:40 -0500)]
Sync upgrade_log
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Jason Boyer [Sun, 5 Mar 2023 21:17:49 +0000 (16:17 -0500)]
LP1441750: Stamp Upgrade Script
Also update unapi.mmr and actor.usr_merge to account for drift.
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Jason Stephenson [Fri, 8 Mar 2019 14:30:41 +0000 (09:30 -0500)]
LP#
1441750: use string_agg (again and again)
Update the upgrade/fix for name keyword moving in the actor.usr_merge
function.
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Ben Shum [Wed, 2 May 2018 22:31:08 +0000 (17:31 -0500)]
LP#
1441750: use string_agg (again)
Some older style ARRAY_TO_STRING(ARRAY_AGG()) should be replaced to
use the native STRING_AGG() that comes with PG 9+. This should improve
performance for these functions.
Signed-off-by: Ben Shum <ben@evergreener.net>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Rylander [Thu, 1 Dec 2022 19:41:34 +0000 (14:41 -0500)]
LP#
1996908: Expand support for eg.auth.token to other legacy mod_perl handlers (but not the OPAC)
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Galen Charlton [Thu, 17 Nov 2022 15:09:39 +0000 (10:09 -0500)]
LP#
1996908: allow OpenILS::WWW::Proxy::Authen to check eg.auth.token
This patch allows the authentication handler to accept the
'eg.auth.token' cookie coming from the staff client if a 'ses' parameter
or 'ses' cookie has not been set. This allows resources gated by
this handler to be accessed by a staff member who has logged
into the staff client without requiring an additional login.
To test
-------
[1] Create a report and note the URL of one of its
outputs.
[2] In a completely fresh browser session, log into the
staff client, then directly load the reporter output.
You will be prompted to log in again because the 'ses'
cookie was not set.
[3] Apply the patch and repeat step 2. This time, the reporter
output should be directly retrieved.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Risher [Tue, 12 Jan 2021 20:46:55 +0000 (20:46 +0000)]
LP1625192 Filtering Grid refreshes to 1st Page
Modify the old DOJO grid so that when you filter the grid it resets
to the first page.
Signed-off-by: Mike Risher <mrisher@catalyte.io>
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Jason Boyer [Sun, 5 Mar 2023 18:04:58 +0000 (13:04 -0500)]
LP1998355: Stamp Upgrade Script
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Galen Charlton [Wed, 30 Nov 2022 16:10:36 +0000 (11:10 -0500)]
LP#
1998355: reduce growth of DYM dictionary
This patch reduces the number of updates to search.sympell_dictionary
rows that would not change the contents of those rows, thereby
reducing the potential for certain record maintenance operations to
significantlly bloat that table.
In particular, it adjust the upsert to update the row for an existing
prefix only if there would be a net change in at least one of the *_count
columns or the list of suggestions. (Note that if a row is the target of
an UPDATE statement, PostgreSQL will _always_ create a row version, even
if there is no change to the contents of the row.)
It should be noted that while this patch is useful in and of itself, there
is a longer-term fix that would have additional benefits: adjust the
overall reingest logic so that it minimizes changes to all large tables
derived from the bib record when a bib gets reingested. A row that never
gets touched because it doesn't have to be can never become bloat.
To test
-------
[1] In a Concerto database, ensure that idempotent updates of the MARC
in biblio.record_entry will nonetheless force a reingest by running:
update config.internal_flag set enabled = true where name = 'ingest.reingest.force_on_same_marc';
[2] Note the size of search.symspell_dictionary by running:
select pg_size_pretty(pg_total_relation_size('search.symspell_dictionary'));
[3] Run a few rounds of the following update that forces a reingest of the bibs:
update biblio.record_entry set id = id;
[4] For the sake of fairness, run a vacuum on the table:
VACUUM ANALYZE search.sympsell_dictionary
[5] Run the size measuremeant again and not that it's significantly larger.
[6] Run the following the reset the table size:
VACUUM FULL search.symspell_dictionary;
[7] Note the size, apply the patch, and repeat step 3.
[8] This time, the table size should be the same (or close to the same) as it
was at the beginning of step 7.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Michele Morgan [Fri, 3 Mar 2023 18:17:16 +0000 (13:17 -0500)]
LP#
1999401 release note
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>