Bugfix release 24.0.6 (#1370)

* CIRC-1893 Hold Shelf Expiration Date does not respect Closed Library Dates (#1357) * CIRC-1893-2 Added logs * CIRC-1893-2 Added logs * CIRC-1893-2 Added ZoneSameInstant with tenantTimeZone * CIRC-1893 Removed Logs (cherry picked from commit a521a1e) * CIRC-1946 Add field, "loan.additionalInfo" to notice context (cherry picked from commit 29c86d5) * CIRC-1954: Drools 7.74.1, xstream 1.4.20 Upgrade Drools from 7.73.0.Final to 7.74.1.Final. This indirectly upgrades xstream from 1.4.19 to 1.4.20 fixing Denial of Service (DoS): https://nvd.nist.gov/vuln/detail/CVE-2022-41966 Note that our last attempt to upgrade to Drools 8 failed: #1214 https://issues.folio.org/browse/CIRC-1676 (cherry picked from commit 4f30fb3) * CIRC-1962: RMB 35.1.1, Vert.x 4.4.6, mod-pubsub-client 2.11.2 Upgrade RMB/Vert.x from Orchid version to Poppy version. Upgrade RMB from 35.0.4 to 35.1.1. Upgrade Vert.x from 4.3.5 to 4.4.6. Upgrade Log4j from 2.19.0 to 2.20.0. Upgrade mod-pubsub-client from 2.7.0 to 2.11.2. The RMB upgrade requires to upgrade Vert.x, Log4j and mod-pubsub-client to ensure compatible version, for details see https://github.com/folio-org/raml-module-builder/blob/master/doc/upgrading.md#version-351 The mod-pubsub-client upgrade indirectly removes the spring-expression dependency that has out of memory vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2023-20863 , https://nvd.nist.gov/vuln/detail/CVE-2023-20861 (cherry picked from commit 5285667) * Update NEWS * [maven-release-plugin] prepare release v24.0.6 * [maven-release-plugin] prepare for next development iteration --------- Co-authored-by: Pavankumar <[email protected]> Co-authored-by: Niels Erik Nielsen <[email protected]> Co-authored-by: Julian Ladisch <[email protected]>
folio-org · Nov 15, 2023 · 175800e · 175800e
1 parent 5693eda
commit 175800e
Show file tree

Hide file tree

Showing 32 changed files with 467 additions and 99 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -1,8 +1,14 @@
+## 24.0.6 2023-11-10
+
+* Fix Hold Shelf Expiration to respect Closed Library Dates (CIRC-1893)
+* Add `loan.additionalInfo` field to the Notice context (CIRC-1946)
+* Drools 7.74.1, xstream 1.4.20 (CIRC-1954)
+* RMB 35.1.1, Vert.x 4.4.6, mod-pubsub-client 2.11.2 (CIRC-1962)
+
 ## 24.0.5 2023-11-09
 
 * Request delivery staff slip: Requester country token information displayed wrong 'stripes-components.countries.' (CIRC-1955)
 
-
 ## 24.0.4 2023-11-02
 
 * Add missing permission set for allowed service points endpoint (CIRC-1953)

diff --git a/descriptors/ModuleDescriptor-template.json b/descriptors/ModuleDescriptor-template.json
@@ -623,7 +623,8 @@
             "circulation-storage.patron-notice-policies.item.get",
             "patron-notice.post",
             "patron-action-session-storage.patron-action-sessions.item.delete",
-            "pubsub.publish.post"
+            "pubsub.publish.post",
+            "circulation-storage.loans-history.collection.get"
           ]
         }
       ]
@@ -881,7 +882,8 @@
             "users.collection.get",
             "addresstypes.collection.get",
             "pubsub.publish.post",
-            "templates.item.get"
+            "templates.item.get",
+            "circulation-storage.loans-history.collection.get"
           ],
           "unit": "minute",
           "delay": "2"
@@ -954,7 +956,8 @@
             "anonymize-storage-loans.post",
             "accounts.collection.get",
             "feefineactions.collection.get",
-            "pubsub.publish.post"
+            "pubsub.publish.post",
+            "circulation-storage.loans-history.collection.get"
           ],
           "unit": "minute",
           "delay": "60"
@@ -1640,7 +1643,8 @@
         "patron-notice.post",
         "configuration.entries.collection.get",
         "calendar.endpoint.dates.get",
-        "pubsub.publish.post"
+        "pubsub.publish.post",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },
@@ -1749,7 +1753,8 @@
         "actual-cost-record-storage.actual-cost-records.item.get",
         "actual-cost-fee-fine-cancel.post",
         "departments.item.get",
-        "departments.collection.get"
+        "departments.collection.get",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },
@@ -1801,7 +1806,8 @@
         "manualblocks.item.get",
         "actual-cost-record-storage.actual-cost-records.collection.get",
         "actual-cost-record-storage.actual-cost-records.item.get",
-        "actual-cost-fee-fine-cancel.post"
+        "actual-cost-fee-fine-cancel.post",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },
@@ -1837,7 +1843,8 @@
         "patron-notice.post",
         "anonymize-storage-loans.post",
         "feefineactions.collection.get",
-        "pubsub.publish.post"
+        "pubsub.publish.post",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },
@@ -1965,7 +1972,8 @@
         "configuration.entries.collection.get",
         "manualblocks.collection.get",
         "pubsub.publish.post",
-        "automated-patron-blocks.collection.get"
+        "automated-patron-blocks.collection.get",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },
@@ -2044,7 +2052,8 @@
         "scheduled-notice-storage.scheduled-notices.item.post",
         "pubsub.publish.post",
         "manualblocks.collection.get",
-        "automated-patron-blocks.collection.get"
+        "automated-patron-blocks.collection.get",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },
@@ -2122,7 +2131,8 @@
         "manualblocks.collection.get",
         "automated-patron-blocks.collection.get",
         "pubsub.publish.post",
-        "circulation-storage.fixed-due-date-schedules.collection.get"
+        "circulation-storage.fixed-due-date-schedules.collection.get",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },
@@ -2173,7 +2183,8 @@
         "users.item.get",
         "addresstypes.collection.get",
         "pubsub.publish.post",
-        "patron-notice.post"
+        "patron-notice.post",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },
@@ -2256,7 +2267,8 @@
         "scheduled-notice-storage.scheduled-notices.item.post",
         "pubsub.publish.post",
         "configuration.entries.collection.get",
-        "patron-notice.post"
+        "patron-notice.post",
+        "circulation-storage.loans-history.collection.get"
       ],
       "visible": false
     },

diff --git a/pom.xml b/pom.xml
@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <artifactId>mod-circulation</artifactId>
   <groupId>org.folio</groupId>
-  <version>24.0.6-SNAPSHOT</version>
+  <version>24.0.7-SNAPSHOT</version>
   <licenses>
     <license>
       <name>Apache License 2.0</name>
@@ -24,10 +24,10 @@
 
   <properties>
     <antlr4.version>4.11.1</antlr4.version>
-    <drools.version>7.73.0.Final</drools.version>
-    <rmb.version>35.0.4</rmb.version>
-    <vertx.version>4.3.5</vertx.version>
-    <log4j2.version>2.19.0</log4j2.version>
+    <drools.version>7.74.1.Final</drools.version>
+    <rmb.version>35.1.1</rmb.version>
+    <vertx.version>4.4.6</vertx.version>
+    <log4j2.version>2.20.0</log4j2.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <lombok.version>1.18.28</lombok.version>
@@ -37,6 +37,13 @@
 
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-bom</artifactId>
+        <version>${log4j2.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>io.vertx</groupId>
         <artifactId>vertx-stack-depchain</artifactId>
@@ -65,12 +72,10 @@
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-api</artifactId>
-      <version>${log4j2.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-core</artifactId>
-      <version>${log4j2.version}</version>
     </dependency>
     <dependency>
       <groupId>io.vertx</groupId>
@@ -126,7 +131,7 @@
     <dependency>
       <groupId>org.folio</groupId>
       <artifactId>mod-pubsub-client</artifactId>
-      <version>2.7.0</version>
+      <version>2.11.2</version>
     </dependency>
     <dependency>
       <groupId>org.folio</groupId>
@@ -249,8 +254,7 @@
     </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
-      <artifactId>log4j-slf4j-impl</artifactId>
-      <version>${log4j2.version}</version>
+      <artifactId>log4j-slf4j2-impl</artifactId>
       <scope>test</scope>
     </dependency>
   </dependencies>

diff --git a/src/main/java/org/folio/circulation/domain/Loan.java b/src/main/java/org/folio/circulation/domain/Loan.java
@@ -112,6 +112,8 @@ public class Loan implements ItemRelatedRecord, UserRelatedRecord {
 
   @Getter
   private boolean dueDateChangedByNearExpireUser;
+  @Getter
+  private final String latestPatronInfoAddedComment;
 
   public static Loan from(JsonObject representation) {
     defaultStatusAndAction(representation);
@@ -124,7 +126,7 @@ public static Loan from(JsonObject representation) {
 
     return new Loan(representation, null, null, null, null, null,
       getDateTimeProperty(representation, DUE_DATE), getDateTimeProperty(representation, DUE_DATE),
-      new Policies(loanPolicy, overdueFinePolicy, lostItemPolicy), emptyList(), null, false, false);
+      new Policies(loanPolicy, overdueFinePolicy, lostItemPolicy), emptyList(), null, false, false, null);
   }
 
   public JsonObject asJson() {
@@ -311,7 +313,7 @@ public Item getItem() {
 
   public Loan replaceRepresentation(JsonObject newRepresentation) {
     return new Loan(newRepresentation, item, user, proxy, checkinServicePoint,
-      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withItem(Item newItem) {
@@ -322,7 +324,7 @@ public Loan withItem(Item newItem) {
     }
 
     return new Loan(newRepresentation, newItem, user, proxy, checkinServicePoint,
-      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   @Override
@@ -338,12 +340,12 @@ public Loan withUser(User newUser) {
     }
 
     return new Loan(newRepresentation, item, newUser, proxy, checkinServicePoint,
-      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withActualCostRecord(ActualCostRecord actualCostRecord) {
     return new Loan(representation, item, user, proxy, checkinServicePoint, checkoutServicePoint,
-      originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withPatronGroupAtCheckout(PatronGroup patronGroup) {
@@ -366,46 +368,51 @@ Loan withProxy(User newProxy) {
     }
 
     return new Loan(newRepresentation, item, user, newProxy, checkinServicePoint,
-      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withCheckinServicePoint(ServicePoint newCheckinServicePoint) {
     return new Loan(representation, item, user, proxy, newCheckinServicePoint,
-      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withCheckoutServicePoint(ServicePoint newCheckoutServicePoint) {
     return new Loan(representation, item, user, proxy, checkinServicePoint,
-      newCheckoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      newCheckoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withAccounts(Collection<Account> newAccounts) {
     return new Loan(representation, item, user, proxy, checkinServicePoint,
-      checkoutServicePoint, originalDueDate, previousDueDate, policies, newAccounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      checkoutServicePoint, originalDueDate, previousDueDate, policies, newAccounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withLoanPolicy(LoanPolicy newLoanPolicy) {
     requireNonNull(newLoanPolicy, "newLoanPolicy cannot be null");
 
     return new Loan(representation, item, user, proxy, checkinServicePoint,
       checkoutServicePoint, originalDueDate, previousDueDate,
-      policies.withLoanPolicy(newLoanPolicy), accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      policies.withLoanPolicy(newLoanPolicy), accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withOverdueFinePolicy(OverdueFinePolicy newOverdueFinePolicy) {
     requireNonNull(newOverdueFinePolicy, "newOverdueFinePolicy cannot be null");
 
     return new Loan(representation, item, user, proxy, checkinServicePoint,
       checkoutServicePoint, originalDueDate, previousDueDate,
-      policies.withOverdueFinePolicy(newOverdueFinePolicy), accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      policies.withOverdueFinePolicy(newOverdueFinePolicy), accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan withLostItemPolicy(LostItemPolicy newLostItemPolicy) {
     requireNonNull(newLostItemPolicy, "newLostItemPolicy cannot be null");
 
     return new Loan(representation, item, user, proxy, checkinServicePoint,
       checkoutServicePoint, originalDueDate, previousDueDate,
-      policies.withLostItemPolicy(newLostItemPolicy), accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      policies.withLostItemPolicy(newLostItemPolicy), accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
+  }
+
+  public Loan withLatestPatronInfoAddedComment(String newLatestPatronInfoAddedComment) {
+    return new Loan(representation, item, user, proxy, checkinServicePoint,
+      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, newLatestPatronInfoAddedComment);
   }
 
   public String getLoanPolicyId() {
@@ -698,7 +705,7 @@ public void closeLoanAsLostAndPaid() {
   public Loan copy() {
     final JsonObject representationCopy = representation.copy();
     return new Loan(representationCopy, item, user, proxy, checkinServicePoint,
-      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser);
+      checkoutServicePoint, originalDueDate, previousDueDate, policies, accounts, actualCostRecord,dueDateChangedByHold, dueDateChangedByNearExpireUser, latestPatronInfoAddedComment);
   }
 
   public Loan ageOverdueItemToLost(ZonedDateTime ageToLostDate) {

diff --git a/src/main/java/org/folio/circulation/domain/LoanHistory.java b/src/main/java/org/folio/circulation/domain/LoanHistory.java
@@ -0,0 +1,27 @@
+package org.folio.circulation.domain;
+
+import io.vertx.core.json.JsonObject;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.ToString;
+
+import static lombok.AccessLevel.PRIVATE;
+import static org.folio.circulation.support.json.JsonPropertyFetcher.getObjectProperty;
+import static org.folio.circulation.support.json.JsonPropertyFetcher.getProperty;
+
+@AllArgsConstructor(access = PRIVATE)
+@ToString(onlyExplicitlyIncluded = true)
+@Getter
+public class LoanHistory {
+  private final String id;
+  @ToString.Include
+  private final JsonObject representation;
+  private final String operation;
+  private final Loan loan;
+
+  public static LoanHistory from(JsonObject representation) {
+    return new LoanHistory(getProperty(representation, "id"),
+      representation, getProperty(representation, "operation"),
+      Loan.from(getObjectProperty(representation, "loan")));
+  }
+}
diff --git a/src/main/java/org/folio/circulation/domain/UpdateRequestQueue.java b/src/main/java/org/folio/circulation/domain/UpdateRequestQueue.java
@@ -182,8 +182,7 @@ private RequestQueue setHoldShelfExpirationDateWithExpirationDateManagement(Zone
 
     ClosedLibraryStrategy closedLibraryStrategy = determineClosedLibraryStrategyForHoldShelfExpirationDate
       (finalExpirationDateManagement, calculatedRequest.getHoldShelfExpirationDate(), tenantTimeZone, calculatedRequest.getPickupServicePoint().getHoldShelfExpiryPeriod());
-
-    calendarRepository.lookupOpeningDays(calculatedRequest.getHoldShelfExpirationDate().toLocalDate(), calculatedRequest.getPickupServicePoint().getId())
+    calendarRepository.lookupOpeningDays(calculatedRequest.getHoldShelfExpirationDate().withZoneSameInstant(tenantTimeZone).toLocalDate(), calculatedRequest.getPickupServicePoint().getId())
       .thenApply(adjacentOpeningDaysResult -> closedLibraryStrategy.calculateDueDate(calculatedRequest.getHoldShelfExpirationDate(), adjacentOpeningDaysResult.value()))
       .thenApply(calculatedDate -> {
         log.info("calculatedDate after :{}",calculatedDate.value());
@@ -365,7 +364,6 @@ private ZonedDateTime calculateHoldShelfExpirationDate(
 
     ZonedDateTime holdShelfExpirationDate = holdShelfExpiryPeriod.getInterval()
       .addTo(now, holdShelfExpiryPeriod.getDuration());
-
     if (holdShelfExpiryPeriod.isLongTermPeriod()) {
       holdShelfExpirationDate = atEndOfDay(holdShelfExpirationDate);
     }