search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 25898: Prohibit indirect object notation
[koha.git] / admin / additional-fields.pl
blobe124878dd5502fdc57e974d41f37f11852753cdd
1 #!/usr/bin/perl
2
3 # This file is part of Koha.
4 #
5 # Copyright 2013 BibLibre
6 #
7 # Koha is free software; you can redistribute it and/or modify it under the
8 # terms of the GNU General Public License as published by the Free Software
9 # Foundation; either version 3 of the License, or (at your option) any later
10 # version.
11 #
12 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
13 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
14 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License along
17 # with Koha; if not, see <http://www.gnu.org/licenses>.
18
19 use Modern::Perl;
20 use CGI;
21 use C4::Auth;
22 use C4::Koha;
23 use C4::Output;
24 use Koha::AdditionalFields;
25
26 my $input = CGI->new;
27
28 my %flagsrequired;
29 $flagsrequired{parameters} = 'manage_additional_fields';
30
31 my $tablename = $input->param('tablename');
32 my $op = $input->param('op') // ( $tablename ? 'list' : 'list_tables' );
33
34 if( $op ne 'list_tables' ){
35 $flagsrequired{acquisition} = 'order_manage' if $tablename eq 'aqbasket';
36 $flagsrequired{serials} = 'edit_subscription' if $tablename eq 'subscription';
37 }
38
39 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
40 {
41 template_name => "admin/additional-fields.tt",
42 query => $input,
43 type => "intranet",
44 flagsrequired => \%flagsrequired,
45 debug => 1,
46 }
47 );
48
49 my $field_id = $input->param('field_id');
50 my @messages;
51
52 if ( $op eq 'add' ) {
53 my $name = $input->param('name') // q{};
54 my $authorised_value_category = $input->param('authorised_value_category') // q{};
55 my $marcfield = $input->param('marcfield') // q{};
56 my $searchable = $input->param('searchable') ? 1 : 0;
57 if ( $field_id and $name ) {
58 my $updated = 0;
59 eval {
60 my $af = Koha::AdditionalFields->find($field_id);
61 $af->set({
62 name => $name,
63 authorised_value_category => $authorised_value_category,
64 marcfield => $marcfield,
65 searchable => $searchable,
66 });
67 $updated = $af->store ? 1 : 0;
68 };
69 push @messages, {
70 code => 'update',
71 number => $updated,
72 };
73 } elsif ( $name ) {
74 my $inserted = 0;
75 eval {
76 my $af = Koha::AdditionalField->new({
77 tablename => $tablename,
78 name => $name,
79 authorised_value_category => $authorised_value_category,
80 marcfield => $marcfield,
81 searchable => $searchable,
82 });
83 $inserted = $af->store ? 1 : 0;
84 };
85 push @messages, {
86 code => 'insert',
87 number => $inserted,
88 };
89 } else {
90 push @messages, {
91 code => 'insert',
92 number => 0,
93 };
94 }
95 $op = 'list';
96 }
97
98 if ( $op eq 'delete' ) {
99 my $deleted = 0;
100 eval {
101 my $af = Koha::AdditionalFields->find($field_id);
102 $deleted = $af->delete;
103 };
104 push @messages, {
105 code => 'delete',
106 number => $deleted,
107 };
108 $op = 'list';
109 }
110
111 if ( $op eq 'add_form' ) {
112 my $field;
113 if ( $field_id ) {
114 $field = Koha::AdditionalFields->find($field_id);
115 }
116
117 $tablename = $field->tablename if $field;
118
119 $template->param(
120 field => $field,
121 );
122 }
123
124 if ( $op eq 'list' ) {
125 my $fields = Koha::AdditionalFields->search( { tablename => $tablename } );
126 $template->param( fields => $fields );
127 }
128
129 $template->param(
130 op => $op,
131 tablename => $tablename,
132 messages => \@messages,
133 );
134
135 output_html_with_http_headers $input, $cookie, $template->output;
Koha ILS