Bug 25279: (QA follow-up) Use .escapeHtml
[koha.git] / catalogue / itemsearch.pl
blob2c68bfe35f30d669a08ff2ca778d4bb9db061d75
1 #!/usr/bin/perl
2 # Copyright 2013 BibLibre
4 # This file is part of Koha
6 # Koha is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
9 # (at your option) any later version.
11 # Koha is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19 use Modern::Perl;
20 use CGI;
22 use JSON;
24 use C4::Auth;
25 use C4::Output;
26 use C4::Items;
27 use C4::Biblio;
28 use C4::Koha;
30 use Koha::AuthorisedValues;
31 use Koha::Biblios;
32 use Koha::Item::Search::Field qw(GetItemSearchFields);
33 use Koha::ItemTypes;
34 use Koha::Libraries;
36 my $cgi = new CGI;
37 my %params = $cgi->Vars;
39 my $format = $cgi->param('format');
40 my $template_name = 'catalogue/itemsearch.tt';
42 if (defined $format and $format eq 'json') {
43 $template_name = 'catalogue/itemsearch_json.tt';
45 # Map DataTables parameters with 'regular' parameters
46 $cgi->param('rows', scalar $cgi->param('iDisplayLength'));
47 $cgi->param('page', (scalar $cgi->param('iDisplayStart') / scalar $cgi->param('iDisplayLength')) + 1);
48 my @columns = split /,/, scalar $cgi->param('sColumns');
49 $cgi->param('sortby', $columns[ scalar $cgi->param('iSortCol_0') ]);
50 $cgi->param('sortorder', scalar $cgi->param('sSortDir_0'));
52 my @f = $cgi->multi_param('f');
53 my @q = $cgi->multi_param('q');
54 push @q, '' if @q == 0;
55 my @op = $cgi->multi_param('op');
56 my @c = $cgi->multi_param('c');
57 my $iColumns = $cgi->param('iColumns');
58 foreach my $i (0 .. ($iColumns - 1)) {
59 my $sSearch = $cgi->param("sSearch_$i");
60 if (defined $sSearch and $sSearch ne '') {
61 my @words = split /\s+/, $sSearch;
62 foreach my $word (@words) {
63 push @f, $columns[$i];
64 push @c, 'and';
66 if ( grep { $_ eq $columns[$i] } qw( ccode homebranch holdingbranch location itype notforloan itemlost ) ) {
67 push @q, "$word";
68 push @op, '=';
69 } else {
70 push @q, "%$word%";
71 push @op, 'like';
76 $cgi->param('f', @f);
77 $cgi->param('q', @q);
78 $cgi->param('op', @op);
79 $cgi->param('c', @c);
80 } elsif (defined $format and $format eq 'csv') {
81 $template_name = 'catalogue/itemsearch_csv.tt';
83 # Retrieve all results
84 $cgi->param('rows', 0);
85 } elsif (defined $format and $format eq 'barcodes') {
86 # Retrieve all results
87 $cgi->param('rows', 0);
88 } elsif (defined $format) {
89 die "Unsupported format $format";
92 my ($template, $borrowernumber, $cookie) = get_template_and_user({
93 template_name => $template_name,
94 query => $cgi,
95 type => 'intranet',
96 authnotrequired => 0,
97 flagsrequired => { catalogue => 1 },
98 });
100 my $mss = Koha::MarcSubfieldStructures->search({ frameworkcode => '', kohafield => 'items.itemlost', authorised_value => [ -and => {'!=' => undef }, {'!=' => ''}] });
101 my $itemlost_values = $mss->count ? GetAuthorisedValues($mss->next->authorised_value) : [];
103 $mss = Koha::MarcSubfieldStructures->search({ frameworkcode => '', kohafield => 'items.withdrawn', authorised_value => [ -and => {'!=' => undef }, {'!=' => ''}] });
104 my $withdrawn_values = $mss->count ? GetAuthorisedValues($mss->next->authorised_value) : [];
106 if (scalar keys %params > 0) {
107 # Parameters given, it's a search
109 my $filter = {
110 conjunction => 'AND',
111 filters => [],
114 foreach my $p (qw(homebranch holdingbranch location itype ccode issues datelastborrowed notforloan itemlost withdrawn)) {
115 if (my @q = $cgi->multi_param($p)) {
116 if ($q[0] ne '') {
117 my $f = {
118 field => $p,
119 query => \@q,
121 if (my $op = scalar $cgi->param($p . '_op')) {
122 $f->{operator} = $op;
124 push @{ $filter->{filters} }, $f;
129 my @c = $cgi->multi_param('c');
130 my @fields = $cgi->multi_param('f');
131 my @q = $cgi->multi_param('q');
132 my @op = $cgi->multi_param('op');
134 my $f;
135 for (my $i = 0; $i < @fields; $i++) {
136 my $field = $fields[$i];
137 my $q = shift @q;
138 my $op = shift @op;
139 if (defined $q and $q ne '') {
140 if (C4::Context->preference("marcflavour") ne "UNIMARC" && $field eq 'publicationyear') {
141 $field = 'copyrightdate';
144 if ($i == 0) {
145 $f = {
146 field => $field,
147 query => $q,
148 operator => $op,
150 } else {
151 my $c = shift @c;
152 $f = {
153 conjunction => $c,
154 filters => [
155 $f, {
156 field => $field,
157 query => $q,
158 operator => $op,
165 push @{ $filter->{filters} }, $f;
167 # Yes/No parameters
168 foreach my $p (qw( damaged )) {
169 my $v = $cgi->param($p) // '';
170 my $f = {
171 field => $p,
172 query => 0,
174 if ($v eq 'yes') {
175 $f->{operator} = '!=';
176 push @{ $filter->{filters} }, $f;
177 } elsif ($v eq 'no') {
178 $f->{operator} = '=';
179 push @{ $filter->{filters} }, $f;
183 if (my $itemcallnumber_from = scalar $cgi->param('itemcallnumber_from')) {
184 push @{ $filter->{filters} }, {
185 field => 'itemcallnumber',
186 query => $itemcallnumber_from,
187 operator => '>=',
190 if (my $itemcallnumber_to = scalar $cgi->param('itemcallnumber_to')) {
191 push @{ $filter->{filters} }, {
192 field => 'itemcallnumber',
193 query => $itemcallnumber_to,
194 operator => '<=',
198 my $sortby = $cgi->param('sortby') || 'itemnumber';
199 if (C4::Context->preference("marcflavour") ne "UNIMARC" && $sortby eq 'publicationyear') {
200 $sortby = 'copyrightdate';
202 my $search_params = {
203 rows => scalar $cgi->param('rows') // 20,
204 page => scalar $cgi->param('page') || 1,
205 sortby => $sortby,
206 sortorder => scalar $cgi->param('sortorder') || 'asc',
209 my ($results, $total_rows) = SearchItems($filter, $search_params);
211 if ($format eq 'barcodes') {
212 print $cgi->header({
213 type => 'text/plain',
214 attachment => 'barcodes.txt',
217 foreach my $item (@$results) {
218 print $item->{barcode} . "\n";
220 exit;
223 if ($results) {
224 foreach my $item (@$results) {
225 my $biblio = Koha::Biblios->find( $item->{biblionumber} );
226 $item->{biblio} = $biblio;
227 $item->{biblioitem} = $biblio->biblioitem->unblessed;
231 $template->param(
232 filter => $filter,
233 search_params => $search_params,
234 results => $results,
235 total_rows => $total_rows,
238 if ($format eq 'csv') {
239 print $cgi->header({
240 type => 'text/csv',
241 attachment => 'items.csv',
244 for my $line ( split '\n', $template->output ) {
245 print "$line\n" unless $line =~ m|^\s*$|;
247 } elsif ($format eq 'json') {
248 $template->param(sEcho => scalar $cgi->param('sEcho'));
249 output_with_http_headers $cgi, $cookie, $template->output, 'json';
252 exit;
255 # Display the search form
257 my @branches = map { value => $_->branchcode, label => $_->branchname }, Koha::Libraries->search( {}, { order_by => 'branchname' } );
258 my @itemtypes;
259 foreach my $itemtype ( Koha::ItemTypes->search ) {
260 push @itemtypes, {
261 value => $itemtype->itemtype,
262 label => $itemtype->translated_description,
266 my @ccodes = Koha::AuthorisedValues->get_descriptions_by_koha_field({ kohafield => 'items.ccode' });
267 foreach my $ccode (@ccodes) {
268 $ccode->{value} = $ccode->{authorised_value},
269 $ccode->{label} = $ccode->{lib},
272 my @itemlosts;
273 foreach my $value (@$itemlost_values) {
274 push @itemlosts, {
275 value => $value->{authorised_value},
276 label => $value->{lib},
280 my @withdrawns;
281 foreach my $value (@$withdrawn_values) {
282 push @withdrawns, {
283 value => $value->{authorised_value},
284 label => $value->{lib},
288 my @items_search_fields = GetItemSearchFields();
290 my $authorised_values = {};
291 foreach my $field (@items_search_fields) {
292 if (my $category = ($field->{authorised_values_category})) {
293 $authorised_values->{$category} = GetAuthorisedValues($category);
297 $template->param(
298 branches => \@branches,
299 itemtypes => \@itemtypes,
300 ccodes => \@ccodes,
301 itemlosts => \@itemlosts,
302 withdrawns => \@withdrawns,
303 items_search_fields => \@items_search_fields,
304 authorised_values_json => to_json($authorised_values),
307 output_html_with_http_headers $cgi, $cookie, $template->output;