search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 25898: Prohibit indirect object notation
[koha.git] / patroncards / manage.pl
blob4ea36eb9d01f25bee35002623d6a40d5f572dc57
1 #!/usr/bin/perl
2 #
3 # Copyright 2006 Katipo Communications.
4 # Parts Copyright 2009 Foundations Bible College.
5 #
6 # This file is part of Koha.
7 #
8 # Koha is free software; you can redistribute it and/or modify it
9 # under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
12 #
13 # Koha is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
17 #
18 # You should have received a copy of the GNU General Public License
19 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20
21 use Modern::Perl;
22 use vars qw($debug);
23
24 use CGI qw ( -utf8 );
25 use autouse 'Data::Dumper' => qw(Dumper);
26
27 use C4::Auth qw(get_template_and_user);
28 use C4::Output qw(output_html_with_http_headers);
29 use C4::Creators;
30 use C4::Patroncards;
31 use C4::Labels;
32 use Koha::List::Patron;
33
34 my $cgi = CGI->new;
35 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
36 {
37 template_name => "patroncards/manage.tt",
38 query => $cgi,
39 type => "intranet",
40 flagsrequired => { catalogue => 1 },
41 debug => 1,
42 }
43 );
44
45 my $op = $cgi->param('op') || 'none';
46 my $card_element = $cgi->param('card_element') || 'template'; # default to template management
47 my $element_id = $cgi->param('element_id') || 0; # there should never be an element with a id of 0 so this is a safe default
48
49 my $db_rows = {};
50 my $display_columns = { layout => [ # db column => {col label is link?
51 {layout_id => {label => 'Layout ID', link_field => 0}},
52 {layout_name => {label => 'Layout', link_field => 0}},
53 {_action => {label => 'Action', link_field => 0}},
54 #{layout_xml => {label => 'Layout XML', link_field => 0}},
55 {select => {label => 'Select', value => 'layout_id'}},
56 ],
57 template => [ {template_id => {label => 'Template ID', link_field => 0}},
58 {template_code => {label => 'Template Name', link_field => 0}},
59 {template_desc => {label => 'Description', link_field => 0}},
60 {_action => {label => 'Action', link_field => 0}},
61 {select => {label => 'Select', value => 'template_id'}},
62 ],
63 profile => [ {profile_id => {label => 'Profile ID', link_field => 0}},
64 {printer_name => {label => 'Printer Name', link_field => 0}},
65 {paper_bin => {label => 'Paper Bin', link_field => 0}},
66 {_template_code => {label => 'Template Name', link_field => 0}}, # this display column does not have a corresponding db column in the profile table, hence the underscore
67 {_action => {label => 'Action', link_field => 0}},
68 {select => {label => 'Select', value => 'profile_id'}},
69 ],
70 batch => [ {batch_id => {label => 'Batch ID', link_field => 0}},
71 {description => {label => 'Description', link_field => 0}},
72 {_item_count => {label => 'Patron Count', link_field => 0}},
73 {_action => {label => 'Actions', link_field => 0}},
74 {select => {label => 'Select', value => 'batch_id'}},
75 ],
76 };
77
78 my $errstr = ($cgi->param('error') ? $cgi->param('error') : '');
79 my $branch_code = ($card_element eq 'batch' ? C4::Context->userenv->{'branch'} : '');
80
81 if ($op eq 'delete') {
82 my $err = 0;
83 my @element_ids = split(/,/, $element_id);
84 foreach my $element_id (@element_ids) {
85 if ($card_element eq 'layout') {$err = C4::Patroncards::Layout::delete(layout_id => $element_id);}
86 elsif ($card_element eq 'template') {$err = C4::Patroncards::Template::delete(template_id => $element_id);}
87 elsif ($card_element eq 'profile') {$err = C4::Patroncards::Profile::delete(profile_id => $element_id);}
88 elsif ($card_element eq 'batch') {$err = C4::Labels::Batch::delete(batch_id => $element_id, branch_code => $branch_code);}
89 else {warn sprintf("Unknown card element passed in for delete operation: %s.",$card_element); $errstr = 202;}
90 }
91 print $cgi->redirect("manage.pl?card_element=$card_element" . ($err ? "&error=102" : ''));
92 exit;
93 }
94 elsif ($op eq 'none') {
95 if ($card_element eq 'layout') {$db_rows = get_all_layouts( { filters => { creator => 'Patroncards' } });}
96 elsif ($card_element eq 'template') {$db_rows = get_all_templates( { filters => { creator => 'Patroncards' } });}
97 elsif ($card_element eq 'profile') {$db_rows = get_all_profiles( { filters => { creator => 'Patroncards' } });}
98 elsif ($card_element eq 'batch') {$db_rows = get_batch_summary( { filters => { branch_code => [ $branch_code, 'NB' ], creator => 'Patroncards' } });}
99 else {warn sprintf("Unknown card element passed in: %s.",$card_element); $errstr = 202;}
100 }
101 else { # trap unsupported operations here
102 warn sprintf('Manage interface called an unsupported operation: %s',$op);
103 print $cgi->redirect("manage.pl?card_element=$card_element&error=201");
104 exit;
105 }
106
107 my $table = html_table($display_columns->{$card_element}, $db_rows);
108
109 $template->param(print => 1) if ($card_element eq 'batch');
110 $template->param( patron_lists => [ GetPatronLists() ] ) if ($card_element eq 'batch');
111
112 $template->param(
113 error => $errstr,
114 );
115 $template->param(
116 op => $op,
117 element_id => $element_id,
118 table_loop => $table,
119 card_element => $card_element,
120 card_element_title => ($card_element eq 'layout' ? 'Layouts' :
121 $card_element eq 'template' ? 'Templates' :
122 $card_element eq 'profile' ? 'Profiles' :
123 $card_element eq 'batch' ? 'Batches' :
124 ''
125 ),
126 );
127
128 output_html_with_http_headers $cgi, $cookie, $template->output;
Koha ILS