search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 25898: Prohibit indirect object notation
[koha.git] / catalogue / itemsearch.pl
blob431786cb817b9a38e6630286e6bbc59599211f4e
1 #!/usr/bin/perl
2 # Copyright 2013 BibLibre
3 #
4 # This file is part of Koha
5 #
6 # Koha is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
9 # (at your option) any later version.
10 #
11 # Koha is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with Koha; if not, see <http://www.gnu.org/licenses>.
18
19 use Modern::Perl;
20 use CGI;
21
22 use JSON;
23
24 use C4::Auth;
25 use C4::Output;
26 use C4::Items;
27 use C4::Biblio;
28 use C4::Koha;
29
30 use Koha::AuthorisedValues;
31 use Koha::Biblios;
32 use Koha::Item::Search::Field qw(GetItemSearchFields);
33 use Koha::ItemTypes;
34 use Koha::Libraries;
35
36 my $cgi = CGI->new;
37 my %params = $cgi->Vars;
38
39 my $format = $cgi->param('format');
40 my $template_name = 'catalogue/itemsearch.tt';
41
42 if (defined $format and $format eq 'json') {
43 $template_name = 'catalogue/itemsearch_json.tt';
44
45 # Map DataTables parameters with 'regular' parameters
46 $cgi->param('rows', scalar $cgi->param('iDisplayLength'));
47 $cgi->param('page', (scalar $cgi->param('iDisplayStart') / scalar $cgi->param('iDisplayLength')) + 1);
48 my @columns = split /,/, scalar $cgi->param('sColumns');
49 $cgi->param('sortby', $columns[ scalar $cgi->param('iSortCol_0') ]);
50 $cgi->param('sortorder', scalar $cgi->param('sSortDir_0'));
51
52 my @f = $cgi->multi_param('f');
53 my @q = $cgi->multi_param('q');
54 push @q, '' if @q == 0;
55 my @op = $cgi->multi_param('op');
56 my @c = $cgi->multi_param('c');
57 my $iColumns = $cgi->param('iColumns');
58 foreach my $i (0 .. ($iColumns - 1)) {
59 my $sSearch = $cgi->param("sSearch_$i");
60 if (defined $sSearch and $sSearch ne '') {
61 my @words = split /\s+/, $sSearch;
62 foreach my $word (@words) {
63 push @f, $columns[$i];
64 push @c, 'and';
65
66 if ( grep { $_ eq $columns[$i] } qw( ccode homebranch holdingbranch location itype notforloan itemlost ) ) {
67 push @q, "$word";
68 push @op, '=';
69 } else {
70 push @q, "%$word%";
71 push @op, 'like';
72 }
73 }
74 }
75 }
76 $cgi->param('f', @f);
77 $cgi->param('q', @q);
78 $cgi->param('op', @op);
79 $cgi->param('c', @c);
80 } elsif (defined $format and $format eq 'csv') {
81 $template_name = 'catalogue/itemsearch_csv.tt';
82
83 # Retrieve all results
84 $cgi->param('rows', 0);
85 } elsif (defined $format and $format eq 'barcodes') {
86 # Retrieve all results
87 $cgi->param('rows', 0);
88 } elsif (defined $format) {
89 die "Unsupported format $format";
90 }
91
92 my ($template, $borrowernumber, $cookie) = get_template_and_user({
93 template_name => $template_name,
94 query => $cgi,
95 type => 'intranet',
96 flagsrequired => { catalogue => 1 },
97 });
98
99 my $mss = Koha::MarcSubfieldStructures->search({ frameworkcode => '', kohafield => 'items.itemlost', authorised_value => [ -and => {'!=' => undef }, {'!=' => ''}] });
100 my $itemlost_values = $mss->count ? GetAuthorisedValues($mss->next->authorised_value) : [];
101
102 $mss = Koha::MarcSubfieldStructures->search({ frameworkcode => '', kohafield => 'items.withdrawn', authorised_value => [ -and => {'!=' => undef }, {'!=' => ''}] });
103 my $withdrawn_values = $mss->count ? GetAuthorisedValues($mss->next->authorised_value) : [];
104
105 if (scalar keys %params > 0) {
106 # Parameters given, it's a search
107
108 my $filter = {
109 conjunction => 'AND',
110 filters => [],
111 };
112
113 foreach my $p (qw(homebranch holdingbranch location itype ccode issues datelastborrowed notforloan itemlost withdrawn)) {
114 if (my @q = $cgi->multi_param($p)) {
115 if ($q[0] ne '') {
116 my $f = {
117 field => $p,
118 query => \@q,
119 };
120 if (my $op = scalar $cgi->param($p . '_op')) {
121 $f->{operator} = $op;
122 }
123 push @{ $filter->{filters} }, $f;
124 }
125 }
126 }
127
128 my @c = $cgi->multi_param('c');
129 my @fields = $cgi->multi_param('f');
130 my @q = $cgi->multi_param('q');
131 my @op = $cgi->multi_param('op');
132
133 my $f;
134 for (my $i = 0; $i < @fields; $i++) {
135 my $field = $fields[$i];
136 my $q = shift @q;
137 my $op = shift @op;
138 if (defined $q and $q ne '') {
139 if (C4::Context->preference("marcflavour") ne "UNIMARC" && $field eq 'publicationyear') {
140 $field = 'copyrightdate';
141 }
142
143 if ($i == 0) {
144 $f = {
145 field => $field,
146 query => $q,
147 operator => $op,
148 };
149 } else {
150 my $c = shift @c;
151 $f = {
152 conjunction => $c,
153 filters => [
154 $f, {
155 field => $field,
156 query => $q,
157 operator => $op,
158 }
159 ],
160 };
161 }
162 }
163 }
164 push @{ $filter->{filters} }, $f;
165
166 # Yes/No parameters
167 foreach my $p (qw( damaged )) {
168 my $v = $cgi->param($p) // '';
169 my $f = {
170 field => $p,
171 query => 0,
172 };
173 if ($v eq 'yes') {
174 $f->{operator} = '!=';
175 push @{ $filter->{filters} }, $f;
176 } elsif ($v eq 'no') {
177 $f->{operator} = '=';
178 push @{ $filter->{filters} }, $f;
179 }
180 }
181
182 if (my $itemcallnumber_from = scalar $cgi->param('itemcallnumber_from')) {
183 push @{ $filter->{filters} }, {
184 field => 'itemcallnumber',
185 query => $itemcallnumber_from,
186 operator => '>=',
187 };
188 }
189 if (my $itemcallnumber_to = scalar $cgi->param('itemcallnumber_to')) {
190 push @{ $filter->{filters} }, {
191 field => 'itemcallnumber',
192 query => $itemcallnumber_to,
193 operator => '<=',
194 };
195 }
196
197 my $sortby = $cgi->param('sortby') || 'itemnumber';
198 if (C4::Context->preference("marcflavour") ne "UNIMARC" && $sortby eq 'publicationyear') {
199 $sortby = 'copyrightdate';
200 }
201 my $search_params = {
202 rows => scalar $cgi->param('rows') // 20,
203 page => scalar $cgi->param('page') || 1,
204 sortby => $sortby,
205 sortorder => scalar $cgi->param('sortorder') || 'asc',
206 };
207
208 my ($results, $total_rows) = SearchItems($filter, $search_params);
209
210 if ($format eq 'barcodes') {
211 print $cgi->header({
212 type => 'text/plain',
213 attachment => 'barcodes.txt',
214 });
215
216 foreach my $item (@$results) {
217 print $item->{barcode} . "\n";
218 }
219 exit;
220 }
221
222 if ($results) {
223 foreach my $item (@$results) {
224 my $biblio = Koha::Biblios->find( $item->{biblionumber} );
225 $item->{biblio} = $biblio;
226 $item->{biblioitem} = $biblio->biblioitem->unblessed;
227 }
228 }
229
230 $template->param(
231 filter => $filter,
232 search_params => $search_params,
233 results => $results,
234 total_rows => $total_rows,
235 );
236
237 if ($format eq 'csv') {
238 print $cgi->header({
239 type => 'text/csv',
240 attachment => 'items.csv',
241 });
242
243 for my $line ( split '\n', $template->output ) {
244 print "$line\n" unless $line =~ m|^\s*$|;
245 }
246 } elsif ($format eq 'json') {
247 $template->param(sEcho => scalar $cgi->param('sEcho'));
248 output_with_http_headers $cgi, $cookie, $template->output, 'json';
249 }
250
251 exit;
252 }
253
254 # Display the search form
255
256 my @branches = map { value => $_->branchcode, label => $_->branchname }, Koha::Libraries->search( {}, { order_by => 'branchname' } );
257 my @itemtypes;
258 foreach my $itemtype ( Koha::ItemTypes->search ) {
259 push @itemtypes, {
260 value => $itemtype->itemtype,
261 label => $itemtype->translated_description,
262 };
263 }
264
265 my @ccodes = Koha::AuthorisedValues->get_descriptions_by_koha_field({ kohafield => 'items.ccode' });
266 foreach my $ccode (@ccodes) {
267 $ccode->{value} = $ccode->{authorised_value},
268 $ccode->{label} = $ccode->{lib},
269 }
270
271 my @itemlosts;
272 foreach my $value (@$itemlost_values) {
273 push @itemlosts, {
274 value => $value->{authorised_value},
275 label => $value->{lib},
276 };
277 }
278
279 my @withdrawns;
280 foreach my $value (@$withdrawn_values) {
281 push @withdrawns, {
282 value => $value->{authorised_value},
283 label => $value->{lib},
284 };
285 }
286
287 my @items_search_fields = GetItemSearchFields();
288
289 my $authorised_values = {};
290 foreach my $field (@items_search_fields) {
291 if (my $category = ($field->{authorised_values_category})) {
292 $authorised_values->{$category} = GetAuthorisedValues($category);
293 }
294 }
295
296 $template->param(
297 branches => \@branches,
298 itemtypes => \@itemtypes,
299 ccodes => \@ccodes,
300 itemlosts => \@itemlosts,
301 withdrawns => \@withdrawns,
302 items_search_fields => \@items_search_fields,
303 authorised_values_json => to_json($authorised_values),
304 );
305
306 output_html_with_http_headers $cgi, $cookie, $template->output;
Koha ILS