lp://qastaging/evergreen
- Get this branch:
- bzr branch lp://qastaging/evergreen
Branch merges
Related source package recipes
Branch information
Import details
This branch is an import of the HEAD branch of the Git repository at git://git.evergreen-ils.org/Evergreen.git,branch=main.
Last successful import was .
Recent revisions
- 28347. By Galen Charlton <email address hidden>
-
LP#2098043,
2098407, 2098117: (follow-up) de-lint Signed-off-by: Galen Charlton <email address hidden>
- 28346. By Galen Charlton <email address hidden>
-
LP#1847805,
2098043, 2098407, 2098117: stamp database updates Signed-off-by: Galen Charlton <email address hidden>
- 28345. By Galen Charlton <email address hidden>
-
LP#1847805: (follow-up) correct number of test cases
Signed-off-by: Galen Charlton <email address hidden>
- 28344. By Mike Rylander
-
LP#2098043,
2098407, 2098117: Angular Bucket updates This commit builds on several improvements to the open-ils.pcrud
service, allowing for improved performance and removal of some layers of
indirection that additionally provide the opportunity for permission and
correctness bugs.General changes:
* Add "count_only" support directly to the pcrud services, a la idlist.
* Improve open-ils.fielder map generation by only causing joins on
fields that are used for sorting or filtering; displayed fields come
from fleshing.
* Use pcrud to add and remove bucket items via the bucket serviceBucket UI improvements:
* Use pcrud for all grids on all tabs, rather than open-ils.actor
methods, leveraging the new permission testing functionality.
* Deserialize count fetching, and use pcrud
* Remove unnecessary grid and count refreshing
* Add user-applied grid filters to the datasource's query for fetching
buckets to display. These filters are /not/ included in the count
call that populates the tab label, that is always the unfiltered
count.The definitions for "Shared with {me|others}" and "Visible to me" have changed
such that:* Shared with me - all NON-public buckets that I can see. That is, if I
don't own the bucket, I have one of CREATE_BIB_BUCKET, ADMIN_BIB_BUCKET,
VIEW_CONTAINER, or UPDATE_CONTAINER permissions at the bucket owning
lib or one of the share_maps orgs, or have VIEW_CONTAINER or
UPDATE_CONTAINER object permissions on a bucket assigned by the
owner.
* Shared with others - all buckets that I own that have entries in the
share map table (org sharing) or that have entries in the object
permission mapping table (user permission grant).
* Visible to me - All PUBLIC buckets that I don't own.We actively exclude "temp" btype buckets and add an index to support
that exclusion. These buckets are only used for transient purposes and
will not accumulate on a normal, production instance. However, if
(for instance) A/T event definitions used for printing and emailing
records are disabled, the buckets are not cleaned up. This can happen
on a test instance where most A/T events are disabled to avoid sending
test-data emails to "real" email addresses. In such cases, there may be
many orders of magnitude more "temp" buckets than actual user-created
ones.Signed-off-by: Mike Rylander <email address hidden>
Signed-off-by: Galen Charlton <email address hidden> - 28343. By Mike Rylander
-
LP#1847805: in-query pcrud perm checks
TL;DR: open-ils.pcrud pushes more work to Postgres, for wholesale
in-query permission testing, rather than in-app retail testing after
the select is complete.The full(er) story:
If enabled (the default) row visibility checking is performed directly
in the constructed query by generating a set of OR'd WHERE clause
entries that are AND'd with whatever WHERE clause conditions are passed
by the user. The tests supported are:0) The action requested is not defined in the IDL: immediately force
FALSE for all rows; no further tests are added.
1) The action is defined, and has no permissions defined: immediately
force TRUE for all rows; no further tests are added.
2) There are permissions, but the user has supplied an ANONYMOUS auth
token: immediately force FALSE for all rows; no further tests are
added.
3) There are permit_field and permit_field_value attributes defined for
the action: add a test of the permit field for the appropriate value
and return TRUE for rows that match.
4) There is an owning_user field defined for the class, and the
ignore_object_ perms flag is NOT set for the class: add a test of the
owning_user field, return TRUE for rows where the authenticated
user's id matches the value in the field identified by the
owning_user attribute.
5) For global_required actions, directly gather the id of the top of
the org tree, and add tests using that org id for each permission
registered with the action.
6) For non-global_required actions, add tests for each specified local
context org field for each permission.
7) For foreign context org unit fields, add tests that each build a
correlated subselect, walking from the local linked field to the
ultimate foreign field, for each permission.Passing any one check allows the user to see the row.
When necessary, the foreign context link key is extended to allow
constructs such as used by "acqlid", where the same local link leads to
two different distant fields that are more than one JOIN away. This is
currenly only used internally in open-ils.pcrud and fixes an assumption
there, though other permission-inspecting logic will likely not handle
that case as the IDL class author assumed it should.An OFF switch is provided in the opensrf.xml in case this needs to be
disabled due to some (unknown at this time) oversight in the logic.
When disabled, the existing CURSOR + in-app visiblity testing is used
instead. This also allows one to test the new logic against the old,
and compare both results and performance.Both the "update" and "delete" actions can make use of this in-query
permission testing, avoiding unnecessary round-trips to the database. In
order to support this, we use a RETURNING clause on UPDATE and DELETE
statements in order to detect whether a row was allowed to be modified
when using in-query permission testing.This requires replacing some Postgres RULEs with TRIGGERs, as
RETURNING clauses are only allowed on unconditional RULE definitions and
RULES using RETURNING cannot be mixed with conditional RULEs such as
those used to protect the magic `id = -1` rows of bre and acn. Moving
away from RULEs is recommended, so this change is a bonus.Additionally: PCRUD gains a new "count" method for each class, as a peer
to "search". This new generated method will provide a single number of
the count of results that would be provided by "search" call that used
the same filters.Finally, a new permission initiator, "delegate", allows a linked object
to stand in for the direct context row for all permission-related
testing. This allows, for instance, a cbreb (Bib Bucket) object to
define the required permissions and location-related context necessary
to perform any PCRUD action on cbrebi (Bib Bucket Item) objects.
"delegate" is a peer to, and acts through the same inter-class
relationship hierarchy as, the "link" attribute on the <context/>
element within any of the permacrud <action/> subelements.In testing, Galen identified two specific changes that make a
significant difference in the efficacy of this change in particularly
pathological visibility distributions:* Mark permission.
usr_has_ perm() STABLE; this allows the planner to
memoize the result of the function for each unique parameter set.
* Add ignore_object_ perms=" true" to the acqedim class. There are no
reasonable situations where EDI messages would have object-specific
user permission mappings.I've broadened the first point to all permission.
usr_has_ * functions,
which are similarly subect to the STABLE volatility rules.Release-note: Improve pcrud performance, and add permission delegation.
Co-authored-by: Galen Charlton <email address hidden>
Signed-off-by: Mike Rylander <email address hidden>
Signed-off-by: Galen Charlton <email address hidden> - 28342. By Chris Sharp
-
LP#2067905: Trim off any non-numeric characters before trying to use a container ID.
Release-note: Handle non-numeric carousel IDs (generally created by bots) in the OPAC.
To test:
1. Create a carousel with id 6 if it does not exist
2. In your browser, check http://localhost/ eg/opac/ results? page=0; fi:container= bre,carousel, 6
3. In your postgres logs, confirm that you saw the error that Chris mentioned in #1Signed-off-by: Chris Sharp <email address hidden>
Signed-off-by: Jane Sandberg <email address hidden>
Signed-off-by: Martha Driscoll <email address hidden>
Signed-off-by: Michele Morgan <email address hidden>
Signed-off-by: blake <email address hidden> - 28341. By Mike Rylander
-
LP#2125601: Complete copy_location hold matrix implementation
The Hold Weights IDL class was missing the copy_location field, which
caused all attempts to save a Hold Weight config to fail.This commit adds that field to the IDL, and corrects the incorrect
oils_persist:primitive value, which was likely there long before and
copied from the hold matrix matchpoint table definition.Release-note: Complete the copy_location hold matrix implementation.
Signed-off-by: Mike Rylander <email address hidden>
Signed-off-by: Galen Charlton <email address hidden> - 28340. By Galen Charlton <email address hidden>
-
Translation updates - newpot
Signed-off-by: Galen Charlton <email address hidden>
- 28339. By Galen Charlton <email address hidden>
-
clear RELEASE_NOTES_NEXT as part of 3.16-beta preparation
Signed-off-by: Galen Charlton <email address hidden>
- 28338. By Galen Charlton <email address hidden>
-
Update relator codes for 3.16-beta
Also includes a change to the build script to upper-case the
first letter of the relator description to match previous styling; the LC
websites now display the relator values strictly in lower-case.Noting that the output includes a fix of a typo (!) that appeared on the
LC webpage.Signed-off-by: Galen Charlton <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
