LP#1449283: fix auth when running under Apache 2.4
When running under Apache 2.4 using the stock configuration
derived from apache_24/eg_vhost.conf.in, protected
URLs such as https://eghost/reporter/ that are meant to
require valid EG staff credentials were not in fact
requiring authentication.
This patch does the following to fix this:
[1] Removes several uses of "Require all granted" that
was causing authentication to be ignored.
[2] Changes OpenILS::WWW::Proxy::Authen so that it always
sets the username in the Apache request object if
authentication was successful; it appears that starting
with Apache 2.4, authentication handlers must ensure
that a user name is set for a "Require valid-user"
directive to work.
Signed-off-by: Galen Charlton <email address hidden>
Signed-off-by: Jason Stephenson <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>
LP#1427309 Fix Crash in Collections User Balance Summary
Previously a patron in collections that paid off all
transactions would cause a crash and stop processing
any balance summary file that they are supposed to
appear in. Now user balance summaries can be created
in full even if some users have a 0 balance.
Signed-off-by: Jason Boyer <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>
LP 1444130: Add max_chunk_size guards to Holds.pm.
Web staff client fixes introduced a bug in using the Clear
Holds Shelf checkin modifier. Commit 4ccbf980 added calls
to max_chunk_size on the client to use chunked responses for
better feedback during long operations. Thise works just
fine when a regular OpenSRF AppRequest is used, but leads to
a network error when AppSubrequest is used, as apparently the
xul client does with the Clear Holds Shelf checkin modifier.
This commit adds code to check if the client object can do
the max_chunk_size call when the max_chunk_size call is
made. This will prevent the network errors in cases where
the client is an AppSubrequest object and will still use
chunked responses when the client is capable of doing it.
Signed-off-by: Jason Stephenson <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>
This commit moves the lost fine logic out of the lost processing
portion of Circulate.pm and into the new handle_fines() method.
This is accomplished through setting a new flag and lost
options hash on the main Circulator object.
This change improves the overall process flow, and in doing so
addresses a bug where overdue fines could be doubled if both
restore-overdue-on-lost-return and generate-new-overdues-on-lost-return
are enabled. Before this change, the new fines would generate before
the old fines were unvoided, which effectively circumvented the max
fines setting.
A secondary change made here is that stop_fines is also now being set
during the handle_fines() stage. This improves any case where overdues
are being set on checkin, particularly lost returns, as the stop_fines
will end up as the proper value of MAX_FINES or CHECKIN.
Signed-off-by: Dan Wells <email address hidden>
Signed-off-by: Ben Shum <email address hidden>
LP#1443952 Move overdue restore above lost void/adjustment
If a person loses something and has their overdues voided/zeroed,
then pays for part of it, then returns the item, the part they
actually paid should apply to the overdues. In order for this to
happen, the overdues must exist *before* the lost fines are adjusted.
Signed-off-by: Dan Wells <email address hidden>
Signed-off-by: Ben Shum <email address hidden>
LP#1442695: install purge_pending_users.srfsh to /openils/bin by default
Since purge_pending_users.srfsh is in the example crontab, it should
be installed to the Evergreen binaries directory (typically /openils/bin)
by default.