Bug 18275: Do not rely on CGI param userid to log a user in if auth is not required
[koha.git] / tools / letter.pl
blob9f8ac95429a8878c2f2192d0798ad68eee860287
1 #!/usr/bin/perl
3 # Copyright 2000-2002 Katipo Communications
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 =head1 tools/letter.pl
22 ALGO :
23 this script use an $op to know what to do.
24 if $op is empty or none of the values listed below,
25 - the default screen is built (with all or filtered (if search string is set) records).
26 - the user can click on add, modify or delete record.
27 - filtering is done on the code field
28 if $op=add_form
29 - if primary key (module + code) exists, this is a modification,so we read the required record
30 - builds the add/modify form
31 if $op=add_validate
32 - the user has just send data, so we create/modify the record
33 if $op=delete_form
34 - we show the record selected and ask for confirmation
35 if $op=delete_confirm
36 - we delete the designated record
38 =cut
40 # TODO This script drives the CRUD operations on the letter table
41 # The DB interaction should be handled by calls to C4/Letters.pm
43 use strict;
44 use warnings;
45 use CGI qw ( -utf8 );
46 use C4::Auth;
47 use C4::Context;
48 use C4::Output;
49 use C4::Branch; # GetBranches
50 use C4::Letters;
51 use C4::Members::Attributes;
53 # $protected_letters = protected_letters()
54 # - return a hashref of letter_codes representing letters that should never be deleted
55 sub protected_letters {
56 my $dbh = C4::Context->dbh;
57 my $codes = $dbh->selectall_arrayref(q{SELECT DISTINCT letter_code FROM message_transports});
58 return { map { $_->[0] => 1 } @{$codes} };
61 our $input = new CGI;
62 my $searchfield = $input->param('searchfield');
63 my $script_name = '/cgi-bin/koha/tools/letter.pl';
64 our $branchcode = $input->param('branchcode');
65 $branchcode = '' if defined $branchcode and $branchcode eq '*';
66 my $code = $input->param('code');
67 my $module = $input->param('module') || '';
68 my $content = $input->param('content');
69 my $op = $input->param('op') || '';
70 my $dbh = C4::Context->dbh;
72 our ( $template, $borrowernumber, $cookie, $staffflags ) = get_template_and_user(
74 template_name => 'tools/letter.tt',
75 query => $input,
76 type => 'intranet',
77 authnotrequired => 0,
78 flagsrequired => { tools => 'edit_notices' },
79 debug => 1,
83 our $my_branch = C4::Context->preference("IndependentBranches") && !$staffflags->{'superlibrarian'}
84 ? C4::Context->userenv()->{'branch'}
85 : undef;
86 # we show only the TMPL_VAR names $op
88 $template->param(
89 independant_branch => $my_branch,
90 script_name => $script_name,
91 searchfield => $searchfield,
92 branchcode => $branchcode,
93 action => $script_name
96 if ( $op eq 'add_validate' or $op eq 'copy_validate' ) {
97 add_validate();
98 $op = q{}; # we return to the default screen for the next operation
100 if ($op eq 'copy_form') {
101 my $oldbranchcode = $input->param('oldbranchcode') || q||;
102 my $branchcode = $input->param('branchcode');
103 add_form($oldbranchcode, $module, $code);
104 $template->param(
105 oldbranchcode => $oldbranchcode,
106 branchcode => $branchcode,
107 branchloop => _branchloop($branchcode),
108 copying => 1,
109 modify => 0,
112 elsif ( $op eq 'add_form' ) {
113 add_form($branchcode, $module, $code);
115 elsif ( $op eq 'delete_confirm' ) {
116 delete_confirm($branchcode, $module, $code);
118 elsif ( $op eq 'delete_confirmed' ) {
119 delete_confirmed($branchcode, $module, $code);
120 $op = q{}; # next operation is to return to default screen
122 else {
123 default_display($branchcode,$searchfield);
126 # Do this last as delete_confirmed resets
127 if ($op) {
128 $template->param($op => 1);
129 } else {
130 $template->param(no_op_set => 1);
133 output_html_with_http_headers $input, $cookie, $template->output;
135 sub add_form {
136 my ( $branchcode,$module, $code ) = @_;
138 my $letters;
139 # if code has been passed we can identify letter and its an update action
140 if ($code) {
141 $letters = C4::Letters::GetLetterTemplates(
143 branchcode => $branchcode,
144 module => $module,
145 code => $code,
150 my $message_transport_types = GetMessageTransportTypes();
151 my @letter_loop;
152 if ($letters) {
153 $template->param(
154 modify => 1,
155 code => $code,
156 branchcode => $branchcode,
158 my $first_flag = 1;
159 # The letter name is contained into each mtt row.
160 # So we can only sent the first one to the template.
161 for my $mtt ( @$message_transport_types ) {
162 # The letter_name
163 if ( $first_flag and $letters->{$mtt}{name} ) {
164 $template->param(
165 letter_name=> $letters->{$mtt}{name},
167 $first_flag = 0;
170 push @letter_loop, {
171 message_transport_type => $mtt,
172 is_html => $letters->{$mtt}{is_html},
173 title => $letters->{$mtt}{title},
174 content => $letters->{$mtt}{content}//'',
178 else { # initialize the new fields
179 for my $mtt ( @$message_transport_types ) {
180 push @letter_loop, {
181 message_transport_type => $mtt,
184 $template->param(
185 branchcode => $branchcode,
186 module => $module,
188 $template->param( adding => 1 );
191 $template->param(
192 letters => \@letter_loop,
195 my $field_selection;
196 push @{$field_selection}, add_fields('branches');
197 if ($module eq 'reserves') {
198 push @{$field_selection}, add_fields('borrowers', 'reserves', 'biblio', 'biblioitems', 'items');
200 elsif ( $module eq 'acquisition' ) {
201 push @{$field_selection}, add_fields('aqbooksellers', 'aqorders', 'biblio', 'items');
203 elsif ($module eq 'claimacquisition') {
204 push @{$field_selection}, add_fields('aqbooksellers', 'aqorders', 'biblio', 'biblioitems');
206 elsif ($module eq 'claimissues') {
207 push @{$field_selection}, add_fields('aqbooksellers', 'serial', 'subscription');
208 push @{$field_selection},
210 value => q{},
211 text => '---BIBLIO---'
213 foreach(qw(title author serial)) {
214 push @{$field_selection}, {value => "biblio.$_", text => ucfirst $_ };
217 elsif ($module eq 'serial') {
218 push @{$field_selection}, add_fields('branches', 'biblio', 'biblioitems', 'borrowers', 'subscription', 'serial');
220 elsif ($module eq 'suggestions') {
221 push @{$field_selection}, add_fields('suggestions', 'borrowers', 'biblio');
223 else {
224 push @{$field_selection}, add_fields('biblio','biblioitems'),
225 add_fields('items'),
226 {value => 'items.content', text => 'items.content'},
227 {value => 'items.fine', text => 'items.fine'},
228 add_fields('borrowers');
229 if ($module eq 'circulation') {
230 push @{$field_selection}, add_fields('opac_news');
234 if ( $module eq 'circulation' and $code and $code eq "CHECKIN" ) {
235 push @{$field_selection}, add_fields('old_issues');
236 } else {
237 push @{$field_selection}, add_fields('issues');
241 $template->param(
242 module => $module,
243 branchloop => _branchloop($branchcode),
244 SQLfieldnames => $field_selection,
245 branchcode => $branchcode,
247 return;
250 sub add_validate {
251 my $dbh = C4::Context->dbh;
252 my $branchcode = $input->param('branchcode');
253 my $module = $input->param('module');
254 my $oldmodule = $input->param('oldmodule');
255 my $code = $input->param('code');
256 my $name = $input->param('name');
257 my @mtt = $input->multi_param('message_transport_type');
258 my @title = $input->multi_param('title');
259 my @content = $input->multi_param('content');
260 for my $mtt ( @mtt ) {
261 my $is_html = $input->param("is_html_$mtt");
262 my $title = shift @title;
263 my $content = shift @content;
264 my $letter = C4::Letters::getletter( $oldmodule, $code, $branchcode, $mtt);
266 # getletter can return the default letter even if we pass a branchcode
267 # If we got the default one and we needed the specific one, we didn't get the one we needed!
268 if ( $letter and $branchcode and $branchcode ne $letter->{branchcode} ) {
269 $letter = undef;
271 unless ( $title and $content ) {
272 # Delete this mtt if no title or content given
273 delete_confirmed( $branchcode, $oldmodule, $code, $mtt );
274 next;
276 elsif ( $letter and $letter->{message_transport_type} eq $mtt ) {
277 $dbh->do(
279 UPDATE letter
280 SET branchcode = ?, module = ?, name = ?, is_html = ?, title = ?, content = ?
281 WHERE branchcode = ? AND module = ? AND code = ? AND message_transport_type = ?
283 undef,
284 $branchcode || '', $module, $name, $is_html || 0, $title, $content,
285 $branchcode, $oldmodule, $code, $mtt
287 } else {
288 $dbh->do(
289 q{INSERT INTO letter (branchcode,module,code,name,is_html,title,content,message_transport_type) VALUES (?,?,?,?,?,?,?,?)},
290 undef,
291 $branchcode || '', $module, $code, $name, $is_html || 0, $title, $content, $mtt
295 # set up default display
296 default_display($branchcode);
297 return 1;
300 sub delete_confirm {
301 my ($branchcode, $module, $code) = @_;
302 my $dbh = C4::Context->dbh;
303 my $letter = C4::Letters::getletter($module, $code, $branchcode);
304 my @values = values %$letter;
305 $template->param(
306 letter => $letter,
308 return;
311 sub delete_confirmed {
312 my ($branchcode, $module, $code, $mtt) = @_;
313 C4::Letters::DelLetter(
315 branchcode => $branchcode || '',
316 module => $module,
317 code => $code,
318 mtt => $mtt
321 # setup default display for screen
322 default_display($branchcode);
323 return;
326 sub retrieve_letters {
327 my ($branchcode, $searchstring) = @_;
329 $branchcode = $my_branch if $branchcode && $my_branch;
331 my $dbh = C4::Context->dbh;
332 my ($sql, @where, @args);
333 $sql = "SELECT branchcode, module, code, name, branchname
334 FROM letter
335 LEFT OUTER JOIN branches USING (branchcode)
337 if ($searchstring && $searchstring=~m/(\S+)/) {
338 $searchstring = $1 . q{%};
339 push @where, 'code LIKE ?';
340 push @args, $searchstring;
342 elsif ($branchcode) {
343 push @where, 'branchcode = ?';
344 push @args, $branchcode || '';
346 elsif ($my_branch) {
347 push @where, "(branchcode = ? OR branchcode = '')";
348 push @args, $my_branch;
351 $sql .= " WHERE ".join(" AND ", @where) if @where;
352 $sql .= " GROUP BY branchcode,module,code";
353 $sql .= " ORDER BY module, code, branchcode";
355 return $dbh->selectall_arrayref($sql, { Slice => {} }, @args);
358 sub default_display {
359 my ($branchcode, $searchfield) = @_;
361 unless ( defined $branchcode ) {
362 if ( C4::Context->preference('DefaultToLoggedInLibraryNoticesSlips') ) {
363 $branchcode = C4::Branch::mybranch();
367 if ( $searchfield ) {
368 $template->param( search => 1 );
370 my $results = retrieve_letters($branchcode,$searchfield);
372 my $loop_data = [];
373 my $protected_letters = protected_letters();
374 foreach my $row (@{$results}) {
375 $row->{protected} = !$row->{branchcode} && $protected_letters->{ $row->{code} };
376 push @{$loop_data}, $row;
380 $template->param(
381 letter => $loop_data,
382 branchloop => _branchloop($branchcode),
386 sub _branchloop {
387 my ($branchcode) = @_;
389 my $branches = GetBranches();
390 my @branchloop;
391 for my $thisbranch (sort { $branches->{$a}->{branchname} cmp $branches->{$b}->{branchname} } keys %$branches) {
392 push @branchloop, {
393 value => $thisbranch,
394 selected => $branchcode && $thisbranch eq $branchcode,
395 branchname => $branches->{$thisbranch}->{'branchname'},
399 return \@branchloop;
402 sub add_fields {
403 my @tables = @_;
404 my @fields = ();
406 for my $table (@tables) {
407 push @fields, get_columns_for($table);
410 return @fields;
413 sub get_columns_for {
414 my $table = shift;
415 # FIXME untranslatable
416 my %column_map = (
417 aqbooksellers => '---BOOKSELLERS---',
418 aqorders => '---ORDERS---',
419 serial => '---SERIALS---',
420 reserves => '---HOLDS---',
421 suggestions => '---SUGGESTIONS---',
423 my @fields = ();
424 if (exists $column_map{$table} ) {
425 push @fields, {
426 value => q{},
427 text => $column_map{$table} ,
430 else {
431 my $tlabel = '---' . uc $table;
432 $tlabel.= '---';
433 push @fields, {
434 value => q{},
435 text => $tlabel,
439 my $sql = "SHOW COLUMNS FROM $table";# TODO not db agnostic
440 my $table_prefix = $table . q|.|;
441 my $rows = C4::Context->dbh->selectall_arrayref($sql, { Slice => {} });
442 for my $row (@{$rows}) {
443 next if $row->{'Field'} eq 'timestamp'; # this is really an irrelevant field and there may be other common fields that should be excluded from the list
444 push @fields, {
445 value => $table_prefix . $row->{Field},
446 text => $table_prefix . $row->{Field},
449 if ($table eq 'borrowers') {
450 if ( my $attributes = C4::Members::Attributes::GetAttributes() ) {
451 foreach (@$attributes) {
452 push @fields, {
453 value => "borrower-attribute:$_",
454 text => "attribute:$_",
459 return @fields;