From 3dae58e0b615db00cdbda550ffd395e81c43b505 Mon Sep 17 00:00:00 2001 From: Brendan Lawlor Date: Wed, 18 Sep 2024 21:25:11 -0400 Subject: [PATCH] content updates --- about.md | 12 +++++++++++- blog/critical-bugs.md | 18 ++++++++++++------ blog/first-patch-story.md | 6 +++--- blog/first-sign-off-story.md | 4 ++-- blog/global-bug-squashing-day.md | 4 +++- blog/koha-reports-enhancements.md | 27 +++++++++++++++++++-------- blog/making-item-search-shareable.md | 20 ++++++++++++++++++++ guides/index.md | 2 -- 8 files changed, 70 insertions(+), 23 deletions(-) create mode 100644 blog/making-item-search-shareable.md diff --git a/about.md b/about.md index 2b24eeb..85e6437 100644 --- a/about.md +++ b/about.md @@ -18,7 +18,7 @@ I like playing with synthesizers, drum machines and skateboards. :tornado: **Infundibulum** from Latin, meaning funnel -This phenomenon from the 1959 novel [The Sirens of Titan](https://en.wikipedia.org/wiki/The_Sirens_of_Titan) by [Kurt Vonnegut](https://en.wikipedia.org/wiki/Kurt_Vonnegut) is something like a black hole :hole: or time warp. +This phenomenon from the 1959 novel [The Sirens of Titan](https://en.wikipedia.org/wiki/The_Sirens_of_Titan) by [Kurt Vonnegut](https://en.wikipedia.org/wiki/Kurt_Vonnegut) is something like a black hole or time warp. :hole: When you enter a chrono-synclastic infundibulum, you are multiplied across time and space. Your normal human conciousness is altered, enabling you to understand the interconnected structure of disparate moments and even percieve the future. @@ -26,6 +26,16 @@ It is a vortex into a singularity where "all different kinds of truths fit toget Vonnegut lived in [Barnstable Village](https://www.sturgislibrary.org/pdf/beenbarnstable.pdf) and served as a trustee of Sturgis Library, the [oldest library building](https://www.sturgislibrary.org/history-of-the-library/) in the United states. +## Clips +- [Koha Community GiftED Webniar 2024: Koha Tersting Docker](https://www.youtube.com/watch?v=ubFUKxKtxRA) +- [NEIUG 2020 Dahsboard Confessional](https://vimeo.com/466377608/55460418a4#t=2h5m35s) + +## Press +- [July 2024 Librarian of the Month](https://bywatersolutions.com/news/july-2024-librarian-of-the-month-) +- [Koha Community Challenge 2024 - Furthest distance 294 miles](https://bywatersolutions.com/news/bywater-solutions-partners-with-koha-us-to-raise-money-for-the-koha-community-2024):skateboard: +- [Students taste national success 2015](https://www.schoolofstjude.org/academics/students-taste-national-success/) +- [ScratchED interview 2012](https://scratched.gse.harvard.edu/stories/simple-strategies-interview-brendan-lawlor-boys-and-girls-club.html) + ## Todo :hiking_boot: :bug: :partying_face: diff --git a/blog/critical-bugs.md b/blog/critical-bugs.md index be47413..c7cd6b2 100644 --- a/blog/critical-bugs.md +++ b/blog/critical-bugs.md @@ -10,21 +10,27 @@ next: link: /blog/koha-reports-enhancements --- -Almost four months have passed. I've signed off on some patches but am losing hope about ever finding another bug. Imposter syndrome sets in. +Four months since submitting my first patch. I had signed off on a few patches but am losing hope about ever finding another bug or figuring out an enhancement I could work on. Imposter syndrome sets in. -I'm testing some bug that has to do with item search. All of a sudden the item search button stops working. I jump on IRC and someone points me to this bug for issues related to a bug that implemented CSRF protection. +I was testing some bug that had to do with item search. All of a sudden the item search button stopped working. I jumped on IRC and someone pointed me to this bug for issues related to the patch that implemented Cross-Site Resource Forgery protection. + +[CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) (aka "session riding" :surfer:) is when baddies design click based attacks that take advantage of an authenticated user's cookies to make HTTP requests that perform [create update or delete operations](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete). To prevent this type of attack a patch was made to include a secret token that is generated and verified on the server side in all forms that make up the Koha user interfaces. -I see Jonathan has attached a patch to fix an ajax call by changing the method from POST to GET. I find the same issue in the ajax call for item search and submit my second ever patch to delete one line of code. Critical bugs can sometimes have trivial solutions. +I saw Jonathan had attached a patch to fix an Ajax call by changing the method from POST to GET. In cases where no CUD action is performed the form method can be GET and no CSRF token is needed. I found the same issue in the Ajax call for item search and submitted my second ever patch to delete one line of code. I learned that critical bugs sometimes have trivial solutions. -A month later I'm working on an enhancement in item search and I find another CSRF related bug in the batch operations buttons in item search. So I report it and patch it. +A month later I was working on an enhancement in item search and discovered the batch operations buttons were broken. When I looked into the form I found the same issue. I reported it and attached a patch. It's cool to see how quickly major bugs with trivial solutions can get signed off, passed QA and pushed to main. -Three months later I see a blocker on the Koha dashboard that smells like it's another CSRF related bug. +Three months later I was checking the Koha Dashboard and saw a new blocker that smelled like another CSRF related bug, but this time it was a bit different. In this case the perl file had been updated to check for a `cud-` prefixed parameter, but since the form method was GET it didn't need to be updated. The first patch I wrote got the solution backwards, but I quickly realized my mistake and submitted a correct one. -Just last week another CSRF bug was reported and it's an interesting one. +The next day I was browsing bugzilla and a newly reported bug caught my eye. When I looked into the code I find it's CSRF related, but it's one that I haven't seen before because it invloves a server side redirect. +When an item where the barcode is not in the system is scanned, Koha prompts the user, to add the record using fast cataloging. This takes the user from the circulation module to the cataloging module. When the user is done cataloging the item, the server redirects them back to the circulation module. The previous functionality was the item would be automatically checked out by the redirect. + +After CSRF protection this no longer works because the redirect is like a GET request, but the checkout form is now a POST method, requiring a CSRF token and a `cud` prefixed op parameter. I come up with the idea to use javascript to check the referrer of the request to prevent CSRF. If the referrer is the same origin coming from the cataloguing add item page, then we can populate the barcode from the url parameters and use javascript to trigger the form submission to automagically check the item out. + Patching critical bugs is the best! \ No newline at end of file diff --git a/blog/first-patch-story.md b/blog/first-patch-story.md index 82fe0bb..32e6bbf 100644 --- a/blog/first-patch-story.md +++ b/blog/first-patch-story.md @@ -10,15 +10,15 @@ next: link: /blog/critical-bugs --- -It's been acouple months since the Koha-US conference in Portsmouth. I've signed off on a few patches and through repetition am starting to get the process. +It's been a couple months since the Koha-US conference in Portsmouth. I've signed off on a few patches and through repetition am starting to get the process. I'm testing this bug by running the page's html though the [W3C Markup Validation Service](https://validator.w3.org/#validate_by_input+with_options). -Which leads me to finding a different stray html tag and submitting my first patch. +Running through the test plan leads me to finding a another stray html tag and writing my first patch. Even though this patch only changes a single character to fix a single html tag and its effect is invisible to users, it changes my whole perception of my relationship with Koha. -Running koha-testing-docker and testing other bugs ferequently not only teaches you about Koha, but it can help you finds bugs too. +I learn that running koha-testing-docker frequently and testing patches not only teaches you about how Koha works, but it can help you finds bugs too. :bug: :ocean: diff --git a/blog/first-sign-off-story.md b/blog/first-sign-off-story.md index b07e941..dee5ea7 100644 --- a/blog/first-sign-off-story.md +++ b/blog/first-sign-off-story.md @@ -10,8 +10,8 @@ next: link: /blog/first-patch-story --- -Seven months after migrating to Koha I find myself at the [Koha US](https://koha-us.org/events/conferences/2023-koha-us-annual-conference-portsmouth-nh/) conference in Portsmouth, NH. I have [Koha testing docker](https://gitlab.com/koha-community/koha-testing-docker) running on my laptop and mess around applying patches but I don't really know what I'm doing. I sit down next to Nick and Lucas and in between presentations I coerce them into helping me figure out what I'm missing. +Seven months after migrating to Koha I attended the [Koha US](https://koha-us.org/events/conferences/2023-koha-us-annual-conference-portsmouth-nh/) conference in Portsmouth, NH. I had [Koha testing docker](https://gitlab.com/koha-community/koha-testing-docker) running on my laptop and messed around applying patches but I didn't really know what I was doing. I sat down next to Nick and Lucas and in between presentations I coerced them into helping me figure out what I'm missing with my ktd and bugzilla set up. -By the end of the conference I sign off on a bug for the first time. +By the end of the conference they helped me sign off on a patch for the first time. diff --git a/blog/global-bug-squashing-day.md b/blog/global-bug-squashing-day.md index 136418b..ac4a9b9 100644 --- a/blog/global-bug-squashing-day.md +++ b/blog/global-bug-squashing-day.md @@ -10,10 +10,12 @@ next: link: /blog/koha-reports-enhancements --- -I had heard about the `party_mode` bug for the first time in Portsmouth. There had been a recent thread in Slack about possible applications of `party_mode`, which led to the bug being officially filed two days before [global bug squashing day](https://wiki.koha-community.org/wiki/2024-03-22_Global_bug_squashing_day). On Global Bug Squashing day I signed off on a couple bugs and took some time in the afternoon to see if I could write a small patch. +I had heard about the `party_mode` bug for the first time at the Koha US conference in Portsmouth. There had been a recent thread in Slack about possible applications of `party_mode`, which led to the bug being officially filed two days before [global bug squashing day](https://wiki.koha-community.org/wiki/2024-03-22_Global_bug_squashing_day). +On Global Bug Squashing day I signed off on a couple bugs and took some time in the afternoon to see if I could write a small patch. Looking into the code I found that someone had conveniently left a comment in the template begging the question `[%# FIXME Why that? why not if == 0? %]` which turned out to be the answer to the party mode bug. Instead of checking if the value of the attribute, which if `party_mode` is set to `No` would be `0` we should check whether the attribute is defined or not. + ```bash git log --grep='party_mode' ``` diff --git a/blog/koha-reports-enhancements.md b/blog/koha-reports-enhancements.md index 4a542c3..c07e5c1 100644 --- a/blog/koha-reports-enhancements.md +++ b/blog/koha-reports-enhancements.md @@ -6,20 +6,31 @@ prev: text: Global bug squashing day link: /blog/global-bug-squashing-day next: - text: - link: + text: Making Item Search shareable + link: /blog/making-item-search-shareable --- -I've been working on this enhancement to add muliple select runtime parameters to Koha Reports for three and half months. At some points I didn't know if it was going to happen but it passed QA, failed QA, passed QA again and made it into 24.05. +I had been working on this enhancement to add muliple select runtime parameters to Koha Reports for three and half months. This idea had been around for eight years, but proved to be difficult to implement due to differences in the way the Koha Reports module retrieves its parameters and the way mutiselect form elements parameterize their selections. + + +An existing patch added the ability to optionally add an All option to report parameter drop downs. This patch provided a blueprint for me to follow. :world_map: + + +A subsequent patch added the option for providing a newline separated list as a report parameter. I started thinking that a newline separated list is essentially a manually created multiselect. If Koha already knows how to handle a list as a report parameter, all we should have to do is make multiselects submit as a single newline delimeted parameter. :dark_sunglasses: + + +Standing on the shoulders of Koha giants, I created my first `Frankenhancement`:copyright:, smashing the concepts of these two patches together, sewing its internals up with magical regular expressions and zaping it to life with javascript that overrides the default form submission. It's Alive! :zap: "zombie" +This code has been described as `works well, easy to read, excellent work!`, `feels like hacking` and `hard to maintain` but most importantly `easier than rewriting the whole module`. + +At some points I didn't know if it was going to happen at all, but it got signed off, patch doesn't apply, passed QA, failed QA, then needed to be rebased again and finally pushed to main for 24.05. + I used the momentum from working in this area of the code to add a patch to improve the ui/ux when adding runtime parameters to reports. -Later I submitted another enhancement to reports based on improvements to the multi select form in item search. - - -Pedro spotted a bug in my first enhancement so I had to patch that too. +Pedro spotted a bug in the muti select patch, where if a query contained multiple multi selects and only one selection was made in each, the parameters were not processed correctly and the wrong SQL was being generated. I started to regret ever putting this monsterous code into existence and boarding a ship bound for the Arctic. Then I calmed down and wrote another patch. This patch didn't really fix the case of making zero selections, so more work would be needed. - +I forgot that earlier I had submitted another enhancement to mutiselect reports based on an improvements made to the item search form. This patch adds the select2 library to make making multi selections in Reports more user friendly. To make this more useful multi selects should really be optional. When no selections are made, report results should not be limnited. To accomplish this I updated the default value of the hidden select to be a newline delimited string of all values. + \ No newline at end of file diff --git a/blog/making-item-search-shareable.md b/blog/making-item-search-shareable.md new file mode 100644 index 0000000..50b4648 --- /dev/null +++ b/blog/making-item-search-shareable.md @@ -0,0 +1,20 @@ +--- +title: Making Item Search shareable +date: 2024-08-26 00:00:00 -5 +category: bugs +prev: + text: Koha reports enhancements + link: /blog/koha-reports-enhancements +next: + text: + link: +--- + +This idea had been around for a while, but besides a couple of comments affirming that it would be useful to library staff and support, and a growing list of CC's and `See Also` bugs, it wasn't gaining any traction. + +Intuitively I knew that the item search form must somehow be passing all the parameters that it needs to perform a search to the backend where they would be transformed into a database query so that results could be returned and rendered in the template. As Michalangelo said [the sculpture is already complete within the block](https://www.goodreads.com/quotes/1191114-the-sculpture-is-already-complete-within-the-marble-block-before). Item search already knows how to process search parameters and return results. All we have to do is some chiseling to get the search parameters encoded as a url and persuade Koha handle them that way too. + +Creating the `Copy shareable link` button was pretty straightforward javascript. I soon realized that in oder to support the `Edit search` button, we would need to populate the item search form from the url parameters. That meant the item search template would need to be fully massaged to work out all its kinks through serveral sessions over the course of four months. + + +Like the patch that added multi select parameters to Koha reports this patch called for unconventional thinking to solve a practical problem. Fortunately this time the code seems to have been accepted as a more natural pattern. At least it hasn't been called a hack yet! \ No newline at end of file diff --git a/guides/index.md b/guides/index.md index 10aa280..b6892b7 100644 --- a/guides/index.md +++ b/guides/index.md @@ -2,8 +2,6 @@ title: Guides 🗺️🧭 --- -:compass: - ::: danger :warning: Danger