Bug 18426: Make sure the logged in user can edit the subscriptions
[koha.git] / tools / upload.pl
blobdafb8dd39f7cf367f04b78785974fbaf4aa846dd
1 #!/usr/bin/perl
3 # This file is part of Koha.
5 # Copyright (C) 2015 Rijksmuseum
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Modern::Perl;
21 use CGI qw/-utf8/;
22 use JSON;
24 use C4::Auth;
25 use C4::Output;
26 use Koha::UploadedFiles;
28 my $input = CGI::->new;
29 my $op = $input->param('op') // 'new';
30 my $plugin = $input->param('plugin');
31 my $index = $input->param('index'); # MARC editor input field id
32 my $term = $input->param('term');
33 my $id = $input->param('id');
34 my $msg = $input->param('msg');
36 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
37 { template_name => "tools/upload.tt",
38 query => $input,
39 type => "intranet",
40 authnotrequired => 0,
41 flagsrequired => { tools => 'upload_general_files' },
45 $template->param(
46 index => $index,
47 owner => $loggedinuser,
48 plugin => $plugin,
49 uploadcategories => Koha::UploadedFiles->getCategories,
52 if ( $op eq 'new' ) {
53 $template->param(
54 mode => 'new',
56 output_html_with_http_headers $input, $cookie, $template->output;
58 } elsif ( $op eq 'search' ) {
59 my $uploads;
60 if( $id ) {
61 my $rec = Koha::UploadedFiles->find( $id );
62 undef $rec if $rec && $plugin && !$rec->public;
63 push @$uploads, $rec->unblessed if $rec;
64 } else {
65 $uploads = Koha::UploadedFiles->search_term({
66 term => $term,
67 $plugin? (): ( include_private => 1 ),
68 })->unblessed;
71 $template->param(
72 mode => 'report',
73 msg => $msg,
74 uploads => $uploads,
76 output_html_with_http_headers $input, $cookie, $template->output;
78 } elsif ( $op eq 'delete' ) {
79 # delete only takes the id parameter
80 my $rec = Koha::UploadedFiles->find($id);
81 undef $rec if $rec && $plugin && !$rec->public;
82 my $fn = $rec ? $rec->filename : '';
83 my $delete = $rec ? $rec->delete : undef;
84 #TODO Improve error handling
85 my $msg = $delete
86 ? JSON::to_json({ $fn => { code => 6 }})
87 : $id
88 ? JSON::to_json({ $fn || $id, { code => 7 }})
89 : '';
90 $template->param(
91 mode => 'deleted',
92 msg => $msg,
94 output_html_with_http_headers $input, $cookie, $template->output;
96 } elsif ( $op eq 'download' ) {
97 my $rec = Koha::UploadedFiles->find( $id );
98 undef $rec if $rec && $plugin && !$rec->public;
99 my $fh = $rec? $rec->file_handle: undef;
100 if ( !$rec || !$fh ) {
101 $template->param(
102 mode => 'new',
103 msg => JSON::to_json({ $id => { code => 5 }}),
105 output_html_with_http_headers $input, $cookie, $template->output;
106 } else {
107 print Encode::encode_utf8( $input->header( $rec->httpheaders ) );
108 while (<$fh>) {
109 print $_;
111 $fh->close;