search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 25898: Prohibit indirect object notation
[koha.git] / opac / sco / sco-main.pl
blob75b64e5a133377f1f4cd67698902e643cda761ea
1 #!/usr/bin/perl
2 #
3 # This code has been modified by Trendsetters (originally from opac-user.pl)
4 # This code has been modified by rch
5 # Parts Copyright 2010-2011, ByWater Solutions (those related to username/password auth)
6 #
7 # This file is part of Koha.
8 #
9 # Koha is free software; you can redistribute it and/or modify it
10 # under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
13 #
14 # Koha is distributed in the hope that it will be useful, but
15 # WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
18 #
19 # You should have received a copy of the GNU General Public License
20 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21
22 # We're going to authenticate a self-check user. we'll add a flag to borrowers 'selfcheck'
23 #
24 # We're in a controlled environment; we trust the user.
25 # So the selfcheck station will accept a patronid and issue items to that borrower.
26 # FIXME: NOT really a controlled environment... We're on the internet!
27 #
28 # The checkout permission comes form the CGI cookie/session of a staff user.
29 # The patron is not really logging in here in the same way as they do on the
30 # rest of the OPAC. So don't confuse loggedinuser with the patron user.
31 #
32 # FIXME: inputfocus not really used in TMPL
33
34 use Modern::Perl;
35
36 use CGI qw ( -utf8 );
37
38 use C4::Auth qw(get_template_and_user checkpw in_iprange);
39 use C4::Koha;
40 use C4::Circulation;
41 use C4::Reserves;
42 use C4::Output;
43 use C4::Members;
44 use C4::Biblio;
45 use C4::Items;
46 use Koha::DateUtils qw( dt_from_string );
47 use Koha::Acquisition::Currencies;
48 use Koha::Items;
49 use Koha::Patrons;
50 use Koha::Patron::Images;
51 use Koha::Patron::Messages;
52 use Koha::Token;
53
54 my $query = CGI->new;
55
56 unless (C4::Context->preference('WebBasedSelfCheck')) {
57 # redirect to OPAC home if self-check is not enabled
58 print $query->redirect("/cgi-bin/koha/opac-main.pl");
59 exit;
60 }
61
62 unless ( in_iprange(C4::Context->preference('SelfCheckAllowByIPRanges')) ) {
63 # redirect to OPAC home if self-checkout not permitted from current IP
64 print $query->redirect("/cgi-bin/koha/opac-main.pl");
65 exit;
66 }
67
68 if (C4::Context->preference('AutoSelfCheckAllowed'))
69 {
70 my $AutoSelfCheckID = C4::Context->preference('AutoSelfCheckID');
71 my $AutoSelfCheckPass = C4::Context->preference('AutoSelfCheckPass');
72 $query->param(-name=>'userid',-values=>[$AutoSelfCheckID]);
73 $query->param(-name=>'password',-values=>[$AutoSelfCheckPass]);
74 $query->param(-name=>'koha_login_context',-values=>['sco']);
75 }
76 $query->param(-name=>'sco_user_login',-values=>[1]);
77
78 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
79 {
80 template_name => "sco/sco-main.tt",
81 flagsrequired => { self_check => "self_checkout_module" },
82 query => $query,
83 type => "opac",
84 debug => 1,
85 }
86 );
87
88 # Get the self checkout timeout preference, or use 120 seconds as a default
89 my $selfchecktimeout = 120000;
90 if (C4::Context->preference('SelfCheckTimeout')) {
91 $selfchecktimeout = C4::Context->preference('SelfCheckTimeout') * 1000;
92 }
93 $template->param( SelfCheckTimeout => $selfchecktimeout );
94
95 # Checks policy laid out by SCOAllowCheckin, defaults to 'on' if preference is undefined
96 my $allowselfcheckreturns = 1;
97 if (defined C4::Context->preference('SCOAllowCheckin')) {
98 $allowselfcheckreturns = C4::Context->preference('SCOAllowCheckin');
99 }
100
101 my $issuerid = $loggedinuser;
102 my ($op, $patronid, $patronlogin, $patronpw, $barcode, $confirmed, $newissues) = (
103 $query->param("op") || '',
104 $query->param("patronid") || '',
105 $query->param("patronlogin")|| '',
106 $query->param("patronpw") || '',
107 $query->param("barcode") || '',
108 $query->param("confirmed") || '',
109 $query->param("newissues") || '',
110 );
111
112 my @newissueslist = split /,/, $newissues;
113 my $issuenoconfirm = 1; #don't need to confirm on issue.
114 my $issuer = Koha::Patrons->find( $issuerid )->unblessed;
115 my $item = Koha::Items->find({ barcode => $barcode });
116 if (C4::Context->preference('SelfCheckoutByLogin') && !$patronid) {
117 my $dbh = C4::Context->dbh;
118 my $resval;
119 ($resval, $patronid) = checkpw($dbh, $patronlogin, $patronpw);
120 }
121
122 my ( $borrower, $patron );
123 if ( $patronid ) {
124 $patron = Koha::Patrons->find( { cardnumber => $patronid } );
125 $borrower = $patron->unblessed if $patron;
126 }
127
128 my $branch = $issuer->{branchcode};
129 my $confirm_required = 0;
130 my $return_only = 0;
131 #warn "issuer cardnumber: " . $issuer->{cardnumber};
132 #warn "patron cardnumber: " . $borrower->{cardnumber};
133 if ($op eq "logout") {
134 $template->param( loggedout => 1 );
135 $query->param( patronid => undef, patronlogin => undef, patronpw => undef );
136 }
137 elsif ( $op eq "returnbook" && $allowselfcheckreturns ) {
138 my $success = 0;
139 my $human_required = 0;
140 if ( C4::Context->preference("CircConfirmItemParts") ) {
141 my $item = Koha::Items->find( { barcode => $barcode } );
142 if ( defined($item)
143 && $item->materials )
144 {
145 $human_required = 1;
146 }
147 }
148
149 ($success) = AddReturn( $barcode, $branch )
150 unless $human_required;
151 $template->param( returned => $success );
152 }
153 elsif ( $patron && ( $op eq 'checkout' ) ) {
154 my $impossible = {};
155 my $needconfirm = {};
156 ( $impossible, $needconfirm ) = CanBookBeIssued(
157 $patron,
158 $barcode,
159 undef,
160 0,
161 C4::Context->preference("AllowItemsOnHoldCheckoutSCO")
162 );
163 my $issue_error;
164 if ( $confirm_required = scalar keys %$needconfirm ) {
165 for my $error ( qw( UNKNOWN_BARCODE max_loans_allowed ISSUED_TO_ANOTHER NO_MORE_RENEWALS NOT_FOR_LOAN DEBT WTHDRAWN RESTRICTED RESERVED ITEMNOTSAMEBRANCH EXPIRED DEBARRED CARD_LOST GNA INVALID_DATE UNKNOWN_BARCODE TOO_MANY DEBT_GUARANTEES DEBT_GUARANTORS USERBLOCKEDOVERDUE PATRON_CANT PREVISSUE NOT_FOR_LOAN_FORCING ITEM_LOST ADDITIONAL_MATERIALS ) ) {
166 if ( $needconfirm->{$error} ) {
167 $issue_error = $error;
168 $confirmed = 0;
169 last;
170 }
171 }
172 }
173
174 #warn "confirm_required: " . $confirm_required ;
175 if (scalar keys %$impossible) {
176
177 my $issue_error = (keys %$impossible)[0]; # FIXME This is wrong, we assume only one error and keys are not ordered
178 my $title = ( $item ) ? $item->biblio->title : '';
179
180 $template->param(
181 impossible => $issue_error,
182 "circ_error_$issue_error" => 1,
183 title => $title,
184 hide_main => 1,
185 );
186 if ($issue_error eq 'DEBT') {
187 $template->param(DEBT => $impossible->{DEBT});
188 }
189 #warn "issue_error: " . $issue_error ;
190 if ( $issue_error eq "NO_MORE_RENEWALS" ) {
191 $return_only = 1;
192 $template->param(
193 returnitem => 1,
194 barcode => $barcode,
195 );
196 }
197 } elsif ( $needconfirm->{RENEW_ISSUE} ){
198 $template->param(
199 renew => 1,
200 barcode => $barcode,
201 confirm => 1,
202 confirm_renew_issue => 1,
203 hide_main => 1,
204 );
205 } elsif ( $confirm_required && !$confirmed ) {
206 #warn "failed confirmation";
207 $template->param(
208 impossible => 1,
209 "circ_error_$issue_error" => 1,
210 hide_main => 1,
211 );
212 if ($issue_error eq 'DEBT') {
213 $template->param(DEBT => $needconfirm->{DEBT});
214 }
215 } else {
216 if ( $confirmed || $issuenoconfirm ) { # we'll want to call getpatroninfo again to get updated issues.
217 my ( $hold_existed, $item );
218 if ( C4::Context->preference('HoldFeeMode') eq 'any_time_is_collected' ) {
219 # There is no easy way to know if the patron has been charged for this item.
220 # So we check if a hold existed for this item before the check in
221 $item = Koha::Items->find({ barcode => $barcode });
222 $hold_existed = Koha::Holds->search(
223 {
224 -and => {
225 borrowernumber => $borrower->{borrowernumber},
226 -or => {
227 biblionumber => $item->biblionumber,
228 itemnumber => $item->itemnumber
229 }
230 }
231 }
232 )->count;
233 }
234
235 AddIssue( $borrower, $barcode );
236 $template->param( issued => 1 );
237 push @newissueslist, $barcode;
238
239 if ( $hold_existed ) {
240 my $dtf = Koha::Database->new->schema->storage->datetime_parser;
241 $template->param(
242 # If the hold existed before the check in, let's confirm that the charge line exists
243 # Note that this should not be needed but since we do not have proper exception handling here we do it this way
244 patron_has_hold_fee => Koha::Account::Lines->search(
245 {
246 borrowernumber => $borrower->{borrowernumber},
247 debit_type_code => 'RESERVE',
248 description => $item->biblio->title,
249 date => $dtf->format_date(dt_from_string)
250 }
251 )->count,
252 );
253 }
254 } else {
255 $confirm_required = 1;
256 #warn "issue confirmation";
257 $template->param(
258 confirm => "Issuing title: " . $item->biblio->title,
259 barcode => $barcode,
260 hide_main => 1,
261 inputfocus => 'confirm',
262 );
263 }
264 }
265 } # $op
266
267 if ( $patron && ( $op eq 'renew' ) ) {
268 my ($status,$renewerror) = CanBookBeRenewed( $borrower->{borrowernumber}, $item->itemnumber );
269 if ($status) {
270 #warn "renewing";
271 AddRenewal( $borrower->{borrowernumber}, $item->itemnumber );
272 push @newissueslist, $barcode;
273 $template->param( renewed => 1 );
274 }
275 }
276
277 if ($borrower) {
278 # warn "issuer's branchcode: " . $issuer->{branchcode};
279 # warn "user's branchcode: " . $borrower->{branchcode};
280 my $borrowername = sprintf "%s %s", ($borrower->{firstname} || ''), ($borrower->{surname} || '');
281 my $pending_checkouts = $patron->pending_checkouts;
282 my @checkouts;
283 while ( my $c = $pending_checkouts->next ) {
284 my $checkout = $c->unblessed_all_relateds;
285 my ($can_be_renewed, $renew_error) = CanBookBeRenewed(
286 $borrower->{borrowernumber},
287 $checkout->{itemnumber},
288 );
289 $checkout->{can_be_renewed} = $can_be_renewed; # In the future this will be $checkout->can_be_renewed
290 $checkout->{renew_error} = $renew_error;
291 $checkout->{overdue} = $c->is_overdue;
292 push @checkouts, $checkout;
293 }
294
295 my $show_priority;
296 for ( C4::Context->preference("OPACShowHoldQueueDetails") ) {
297 m/priority/ and $show_priority = 1;
298 }
299
300 my $account = $patron->account;
301 my $total = $account->balance;
302 my $accountlines = $account->lines;
303
304 my $holds = $patron->holds;
305 my $waiting_holds_count = 0;
306
307 while(my $hold = $holds->next) {
308 $waiting_holds_count++ if $hold->is_waiting;
309 }
310
311 $template->param(
312 validuser => 1,
313 borrowername => $borrowername,
314 issues_count => scalar(@checkouts),
315 ISSUES => \@checkouts,
316 HOLDS => $holds,
317 newissues => join(',',@newissueslist),
318 patronid => $patronid,
319 patronlogin => $patronlogin,
320 patronpw => $patronpw,
321 waiting_holds_count => $waiting_holds_count,
322 noitemlinks => 1 ,
323 borrowernumber => $borrower->{'borrowernumber'},
324 SuspendHoldsOpac => C4::Context->preference('SuspendHoldsOpac'),
325 AutoResumeSuspendedHolds => C4::Context->preference('AutoResumeSuspendedHolds'),
326 howpriority => $show_priority,
327 ACCOUNT_LINES => $accountlines,
328 total => $total,
329 );
330
331 my $patron_messages = Koha::Patron::Messages->search(
332 {
333 borrowernumber => $borrower->{'borrowernumber'},
334 message_type => 'B',
335 }
336 );
337 $template->param(
338 patron_messages => $patron_messages,
339 opacnote => $borrower->{opacnote},
340 );
341
342 my $inputfocus = ($return_only == 1) ? 'returnbook' :
343 ($confirm_required == 1) ? 'confirm' : 'barcode' ;
344 $template->param(
345 inputfocus => $inputfocus,
346 nofines => 1,
347
348 );
349 if (C4::Context->preference('ShowPatronImageInWebBasedSelfCheck')) {
350 my $patron_image = Koha::Patron::Images->find($borrower->{borrowernumber});
351 $template->param(
352 display_patron_image => 1,
353 csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $query->cookie('CGISESSID') . $borrower->{cardnumber}, id => $borrower->{userid}} ),
354 ) if $patron_image;
355 }
356 } else {
357 $template->param(
358 patronid => $patronid,
359 nouser => $patronid,
360 );
361 }
362
363 output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };
Koha ILS