Bug 23075: (follow-up) Dissallow transparent redirects
[koha.git] / serials / subscription-detail.pl
blobb7137bdbc78911cd509bdaf0b6b9ed28ba006a3a
1 #!/usr/bin/perl
3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
18 use Modern::Perl;
19 use CGI qw ( -utf8 );
20 use C4::Acquisition;
21 use C4::Auth;
22 use C4::Budgets;
23 use C4::Koha;
24 use C4::Serials;
25 use C4::Output;
26 use C4::Context;
27 use C4::Search qw/enabled_staff_search_views/;
29 use Koha::AdditionalFields;
30 use Koha::AuthorisedValues;
31 use Koha::DateUtils;
32 use Koha::Acquisition::Bookseller;
33 use Koha::Subscriptions;
35 use Date::Calc qw/Today Day_of_Year Week_of_Year Add_Delta_Days/;
36 use Carp;
38 use Koha::SharedContent;
40 my $query = new CGI;
41 my $op = $query->param('op') || q{};
42 my $issueconfirmed = $query->param('issueconfirmed');
43 my $dbh = C4::Context->dbh;
44 my $subscriptionid = $query->param('subscriptionid');
46 if ( $op and $op eq "close" ) {
47 C4::Serials::CloseSubscription( $subscriptionid );
48 } elsif ( $op and $op eq "reopen" ) {
49 C4::Serials::ReopenSubscription( $subscriptionid );
52 # the subscription must be deletable if there is NO issues for a reason or another (should not happened, but...)
54 # Permission needed if it is a deletion (del) : delete_subscription
55 # Permission needed otherwise : *
56 my $permission = ($op eq "del") ? "delete_subscription" : "*";
58 my ($template, $loggedinuser, $cookie)
59 = get_template_and_user({template_name => "serials/subscription-detail.tt",
60 query => $query,
61 type => "intranet",
62 authnotrequired => 0,
63 flagsrequired => {serials => $permission},
64 debug => 1,
65 });
67 my $subs = GetSubscription($subscriptionid);
69 output_and_exit( $query, $cookie, $template, 'unknown_subscription')
70 unless $subs;
72 $subs->{enddate} ||= GetExpirationDate($subscriptionid);
74 my ($totalissues,@serialslist) = GetSerials($subscriptionid);
75 $totalissues-- if $totalissues; # the -1 is to have 0 if this is a new subscription (only 1 issue)
77 if ($op eq 'del') {
78 if ($$subs{'cannotedit'}){
79 carp "Attempt to delete subscription $subscriptionid by ".C4::Context->userenv->{'id'}." not allowed";
80 print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid");
81 exit;
84 # Asking for confirmation if the subscription has not strictly expired yet or if it has linked issues
85 my $strictlyexpired = HasSubscriptionStrictlyExpired($subscriptionid);
86 my $linkedissues = CountIssues($subscriptionid);
87 my $countitems = HasItems($subscriptionid);
88 if ($strictlyexpired == 0 || $linkedissues > 0 || $countitems>0) {
89 $template->param(NEEDSCONFIRMATION => 1);
90 if ($strictlyexpired == 0) { $template->param("NOTEXPIRED" => 1); }
91 if ($linkedissues > 0) { $template->param("LINKEDISSUES" => 1); }
92 if ($countitems > 0) { $template->param("LINKEDITEMS" => 1); }
93 } else {
94 $issueconfirmed = "1";
96 # If it's ok to delete the subscription, we do so
97 if ($issueconfirmed eq "1") {
98 &DelSubscription($subscriptionid);
99 print $query->redirect("/cgi-bin/koha/serials/serials-home.pl");
100 exit;
103 elsif ( $op and $op eq "share" ) {
104 my $mana_language = $query->param('mana_language');
105 my $result = Koha::SharedContent::send_entity($mana_language, $loggedinuser, $subscriptionid, 'subscription');
106 $template->param( mana_code => $result->{msg} );
107 $subs->{mana_id} = $result->{id};
110 my $hasRouting = check_routing($subscriptionid);
112 (undef, $cookie, undef, undef)
113 = checkauth($query, 0, {catalogue => 1}, "intranet");
115 # COMMENT hdl : IMHO, we should think about passing more and more data hash to template->param rather than duplicating code a new coding Guideline ?
117 for my $date ( qw(startdate enddate firstacquidate histstartdate histenddate) ) {
118 $subs->{$date} = output_pref( { str => $subs->{$date}, dateonly => 1 } )
119 if $subs->{$date};
121 my $av = Koha::AuthorisedValues->search({ category => 'LOC', authorised_value => $subs->{location} });
122 $subs->{location} = $av->count ? $av->next->lib : '';
123 $subs->{abouttoexpire} = abouttoexpire($subs->{subscriptionid});
124 $template->param(%{ $subs });
125 $template->param(biblionumber_for_new_subscription => $subs->{bibnum});
126 my @irregular_issues = split /;/, $subs->{irregularity};
128 my $frequency = C4::Serials::Frequency::GetSubscriptionFrequency($subs->{periodicity});
129 my $numberpattern = C4::Serials::Numberpattern::GetSubscriptionNumberpattern($subs->{numberpattern});
131 my $default_bib_view = get_default_view();
133 my $subscription_object = Koha::Subscriptions->find( $subscriptionid );
134 $template->param(
135 available_additional_fields => [ Koha::AdditionalFields->search( { tablename => 'subscription' } ) ],
136 additional_field_values => {
137 map { $_->field->name => $_->value }
138 $subscription_object->additional_field_values->as_list
142 # FIXME Do we want to hide canceled orders?
143 my $orders = Koha::Acquisition::Orders->search( { subscriptionid => $subscriptionid }, { order_by => [ { -desc => 'timestamp' }, \[ "field(orderstatus, 'ordered', 'partial', 'complete')" ] ] } );
144 my $orders_grouped;
145 while ( my $o = $orders->next ) {
146 if ( $o->ordernumber == $o->parent_ordernumber ) {
147 $orders_grouped->{$o->parent_ordernumber}->{datereceived} = $o->datereceived;
148 $orders_grouped->{$o->parent_ordernumber}->{orderstatus} = $o->orderstatus;
149 $orders_grouped->{$o->parent_ordernumber}->{basket} = $o->basket;
151 $orders_grouped->{$o->parent_ordernumber}->{quantity} += $o->quantity;
152 $orders_grouped->{$o->parent_ordernumber}->{ecost_tax_excluded} += sprintf('%.2f', $o->ecost_tax_excluded * $o->quantity);
153 $orders_grouped->{$o->parent_ordernumber}->{ecost_tax_included} += sprintf('%.2f', $o->ecost_tax_included * $o->quantity);
154 $orders_grouped->{$o->parent_ordernumber}->{unitprice_tax_excluded} += sprintf('%.2f', $o->unitprice_tax_excluded * $o->quantity);
155 $orders_grouped->{$o->parent_ordernumber}->{unitprice_tax_included} += sprintf('%.2f', $o->unitprice_tax_included * $o->quantity);
156 push @{$orders_grouped->{$o->parent_ordernumber}->{orders}}, $o;
159 $template->param(
160 subscriptionid => $subscriptionid,
161 serialslist => \@serialslist,
162 hasRouting => $hasRouting,
163 routing => C4::Context->preference("RoutingSerials"),
164 totalissues => $totalissues,
165 cannotedit => (not C4::Serials::can_edit_subscription( $subs )),
166 frequency => $frequency,
167 numberpattern => $numberpattern,
168 has_X => ($numberpattern->{'numberingmethod'} =~ /{X}/) ? 1 : 0,
169 has_Y => ($numberpattern->{'numberingmethod'} =~ /{Y}/) ? 1 : 0,
170 has_Z => ($numberpattern->{'numberingmethod'} =~ /{Z}/) ? 1 : 0,
171 intranetstylesheet => C4::Context->preference('intranetstylesheet'),
172 intranetcolorstylesheet => C4::Context->preference('intranetcolorstylesheet'),
173 irregular_issues => scalar @irregular_issues,
174 default_bib_view => $default_bib_view,
175 orders_grouped => $orders_grouped,
176 (uc(C4::Context->preference("marcflavour"))) => 1,
177 mana_comments => $subs->{comments},
180 output_html_with_http_headers $query, $cookie, $template->output;
182 sub get_default_view {
183 my $defaultview = C4::Context->preference('IntranetBiblioDefaultView');
184 my %views = C4::Search::enabled_staff_search_views();
185 if ( $defaultview eq 'isbd' && $views{can_view_ISBD} ) {
186 return 'ISBDdetail';
188 elsif ( $defaultview eq 'marc' && $views{can_view_MARC} ) {
189 return 'MARCdetail';
191 elsif ( $defaultview eq 'labeled_marc' && $views{can_view_labeledMARC} ) {
192 return 'labeledMARCdetail';
194 return 'detail';