Bug 7618 Escape HTML special characters for SQL displayed above results in Report...
[koha.git] / acqui / booksellers.pl
blobac3c557c5e1665a536c778c4367cf46b694ea595
1 #!/usr/bin/perl
3 #script to show suppliers and orders
5 # Copyright 2000-2002 Katipo Communications
6 # Copyright 2008-2009 BibLibre SARL
7 # Copyright 2010 PTFS Europe
9 # This file is part of Koha.
11 # Koha is free software; you can redistribute it and/or modify it under the
12 # terms of the GNU General Public License as published by the Free Software
13 # Foundation; either version 2 of the License, or (at your option) any later
14 # version.
16 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
17 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
18 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License along
21 # with Koha; if not, write to the Free Software Foundation, Inc.,
22 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 =head1 NAME
26 booksellers.pl
28 =head1 DESCRIPTION
30 this script displays the list of suppliers & baskets like C<$supplier> given on input arg.
31 thus, this page brings differents features like to display supplier's details,
32 to add an order for a specific supplier or to just add a new supplier.
34 =head1 CGI PARAMETERS
36 =over 4
38 =item supplier
40 C<$supplier> is the string with which we search for a supplier
42 =back
44 =item id or booksellerid
46 The id of the supplier whose baskets we will display
48 =back
50 =cut
52 use strict;
53 use warnings;
54 use C4::Auth;
55 use C4::Biblio;
56 use C4::Output;
57 use CGI;
59 use C4::Dates qw/format_date/;
60 use C4::Bookseller qw/ GetBookSellerFromId GetBookSeller /;
61 use C4::Members qw/GetMember/;
62 use C4::Context;
64 my $query = CGI->new;
65 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
66 { template_name => 'acqui/booksellers.tmpl',
67 query => $query,
68 type => 'intranet',
69 authnotrequired => 0,
70 flagsrequired => { acquisition => '*' },
71 debug => 1,
75 #parameters
76 my $supplier = $query->param('supplier');
77 my $booksellerid = $query->param('booksellerid');
78 my @suppliers;
80 if ($booksellerid) {
81 push @suppliers, GetBookSellerFromId($booksellerid);
82 } else {
83 @suppliers = GetBookSeller($supplier);
86 my $supplier_count = @suppliers;
87 if ( $supplier_count == 1 ) {
88 $template->param(
89 supplier_name => $suppliers[0]->{'name'},
90 booksellerid => $suppliers[0]->{'booksellerid'}
94 my $uid;
95 if ($loggedinuser) {
96 $uid = GetMember( borrowernumber => $loggedinuser )->{userid};
99 my $userenv = C4::Context::userenv;
100 my $viewbaskets = C4::Context->preference('AcqViewBaskets');
102 my $userbranch = $userenv->{branch};
104 #build result page
105 my $loop_suppliers = [];
107 for my $vendor (@suppliers) {
108 my $baskets = get_vendors_baskets( $vendor->{id} );
110 my $loop_basket = [];
112 for my $basket ( @{$baskets} ) {
113 my $authorisedby = $basket->{authorisedby};
115 if ($userenv->{'flags'} & 1 || #user is superlibrarian
116 (haspermission( $uid, { acquisition => q{*} } ) && #user has acq permissions and
117 ($viewbaskets eq 'all' || #user is allowed to see all baskets
118 ($viewbaskets eq 'branch' && $authorisedby && $userbranch eq GetMember( borrowernumber => $authorisedby )->{branchcode}) || #basket belongs to user's branch
119 ($basket->{authorisedby} && $viewbaskets == 'user' && $authorisedby == $loggedinuser) #user created this basket
122 ) {
123 for my $date_field (qw( creationdate closedate)) {
124 if ( $basket->{$date_field} ) {
125 $basket->{$date_field} = format_date( $basket->{$date_field} );
128 push @{$loop_basket}, $basket;
132 push @{$loop_suppliers},
133 { loop_basket => $loop_basket,
134 booksellerid => $vendor->{id},
135 name => $vendor->{name},
136 active => $vendor->{active},
140 $template->param(
141 loop_suppliers => $loop_suppliers,
142 supplier => ( $booksellerid || $supplier ),
143 count => $supplier_count,
146 output_html_with_http_headers $query, $cookie, $template->output;
148 sub get_vendors_baskets {
149 my $supplier_id = shift;
150 my $dbh = C4::Context->dbh;
151 my $sql = <<'ENDSQL';
152 select aqbasket.*, count(*) as total, borrowers.firstname, borrowers.surname
153 from aqbasket left join aqorders on aqorders.basketno = aqbasket.basketno
154 left join borrowers on aqbasket.authorisedby = borrowers.borrowernumber
155 where booksellerid = ?
156 AND ( aqorders.quantity > aqorders.quantityreceived OR quantityreceived IS NULL)
157 AND datecancellationprinted IS NULL
158 group by basketno
159 ENDSQL
160 return $dbh->selectall_arrayref( $sql, { Slice => {} }, $supplier_id );