Bug 24786: Add validation to point of sale
[koha.git] / pos / register.pl
blob97d6d63cf6480c6e1c23908e1758ba560a72942f
1 #!/usr/bin/perl
3 # Copyright 2020 PTFS-Europe Ltd
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Modern::Perl;
21 use CGI;
22 use C4::Auth;
23 use C4::Output;
24 use C4::Context;
26 use Koha::Account::Lines;
27 use Koha::Cash::Registers;
28 use Koha::Database;
29 use Koha::DateUtils;
31 my $input = CGI->new();
33 my ( $template, $loggedinuser, $cookie, $user_flags ) = get_template_and_user(
35 template_name => 'pos/register.tt',
36 query => $input,
37 type => 'intranet',
38 authnotrequired => 0,
39 flagsrequired => { cash_management => [ 'cashup', 'anonymous_refund' ] },
42 my $logged_in_user = Koha::Patrons->find($loggedinuser) or die "Not logged in";
43 my $schema = Koha::Database->new->schema;
45 my $library_id = C4::Context->userenv->{'branch'};
46 my $registerid = $input->param('registerid');
47 my $registers = Koha::Cash::Registers->search(
48 { branch => $library_id, archived => 0 },
49 { order_by => { '-asc' => 'name' } }
52 if ( !$registers->count ) {
53 $template->param( error_registers => 1 );
55 else {
56 if ( !$registerid ) {
57 my $default_register = Koha::Cash::Registers->find(
58 { branch => $library_id, branch_default => 1 } );
59 $registerid = $default_register->id if $default_register;
61 $registerid = $registers->next->id if !$registerid;
63 $template->param(
64 registerid => $registerid,
65 registers => $registers,
68 my $cash_register = Koha::Cash::Registers->find( { id => $registerid } );
69 my $accountlines = $cash_register->outstanding_accountlines();
70 $template->param(
71 register => $cash_register,
72 accountlines => $accountlines
75 my $transactions_range_from = $input->param('trange_f');
76 my $last_cashup = $cash_register->last_cashup;
77 my $transactions_range_to =
78 $input->param('trange_t') ? $input->param('trange_t')
79 : $last_cashup ? $last_cashup->timestamp
80 : '';
81 my $end = dt_from_string($transactions_range_to);
83 if ($transactions_range_from) {
85 my $dtf = $schema->storage->datetime_parser;
86 my $start = dt_from_string($transactions_range_from);
87 my $past_accountlines = Koha::Account::Lines->search(
89 register_id => $registerid,
90 timestamp => {
91 -between => [
92 $dtf->format_datetime($start),
93 $dtf->format_datetime($end)
98 $template->param( past_accountlines => $past_accountlines );
99 $template->param( trange_f => output_pref({dt => $start, dateonly => 1}));
101 $template->param( trange_t => output_pref({dt => $end, dateonly => 1}));
103 my $op = $input->param('op') // '';
104 if ( $op eq 'cashup' ) {
105 if ( $logged_in_user->has_permission( { cash_management => 'cashup' } ) ) {
106 $cash_register->add_cashup(
108 manager_id => $logged_in_user->id,
109 amount => $cash_register->outstanding_accountlines->total
113 else {
114 $template->param( error_cashup_permission => 1 );
117 elsif ( $op eq 'refund' ) {
118 if ( $logged_in_user->has_permission( { cash_management => 'anonymous_refund' } ) ) {
119 my $amount = $input->param('amount');
120 my $quantity = $input->param('quantity');
121 my $accountline_id = $input->param('accountline');
122 my $transaction_type = $input->param('transaction_type');
124 my $accountline = Koha::Account::Lines->find($accountline_id);
125 $schema->txn_do(
126 sub {
128 my $refund = $accountline->reduce(
130 reduction_type => 'REFUND',
131 branch => $library_id,
132 staff_id => $logged_in_user->id,
133 interface => 'intranet',
134 amount => $amount
137 my $payout = $refund->payout(
139 payout_type => $transaction_type,
140 branch => $library_id,
141 staff_id => $logged_in_user->id,
142 cash_register => $cash_register->id,
143 interface => 'intranet',
144 amount => $amount
151 else {
152 $template->param( error_refund_permission => 1 );
157 output_html_with_http_headers( $input, $cookie, $template->output );