search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 26023: Properly secure the cashup and refund actions
[koha.git] / suggestion / suggestion.pl
blob4f5c915e5339e3335f896c6f382ba1407e5341b3
1 #!/usr/bin/perl
2
3 # This file is part of Koha.
4 # Copyright 2006-2010 BibLibre
5
6 #
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19
20 use Modern::Perl;
21 require Exporter;
22 use CGI qw ( -utf8 );
23 use C4::Auth; # get_template_and_user
24 use C4::Output;
25 use C4::Suggestions;
26 use C4::Koha;
27 use C4::Budgets;
28 use C4::Search;
29 use C4::Members;
30 use C4::Debug;
31 use Koha::DateUtils qw( dt_from_string );
32 use Koha::AuthorisedValues;
33 use Koha::Acquisition::Currencies;
34 use Koha::Libraries;
35 use Koha::Patrons;
36
37 use URI::Escape;
38
39 sub Init{
40 my $suggestion= shift @_;
41 # "Managed by" is used only when a suggestion is being edited (not when created)
42 if ($suggestion->{'suggesteddate'} eq "0000-00-00" ||$suggestion->{'suggesteddate'} eq "") {
43 # new suggestion
44 $suggestion->{suggesteddate} = dt_from_string;
45 $suggestion->{'suggestedby'} = C4::Context->userenv->{"number"} unless ($suggestion->{'suggestedby'});
46 }
47 else {
48 # editing of an existing suggestion
49 $suggestion->{manageddate} = dt_from_string;
50 $suggestion->{'managedby'} = C4::Context->userenv->{"number"} unless ($suggestion->{'managedby'});
51 }
52 $suggestion->{'branchcode'}=C4::Context->userenv->{"branch"} unless ($suggestion->{'branchcode'});
53 }
54
55 sub GetCriteriumDesc{
56 my ($criteriumvalue,$displayby)=@_;
57 if ($displayby =~ /status/i) {
58 unless ( grep { /$criteriumvalue/ } qw(ASKED ACCEPTED REJECTED CHECKED ORDERED AVAILABLE) ) {
59 my $av = Koha::AuthorisedValues->search({ category => 'SUGGEST_STATUS', authorised_value => $criteriumvalue });
60 return $av->count ? $av->next->lib : 'Unknown';
61 }
62 return ($criteriumvalue eq 'ASKED'?"Pending":ucfirst(lc( $criteriumvalue))) if ($displayby =~/status/i);
63 }
64 return Koha::Libraries->find($criteriumvalue)->branchname
65 if $displayby =~ /branchcode/;
66 if ( $displayby =~ /itemtype/ ) {
67 my $av = Koha::AuthorisedValues->search({ category => 'SUGGEST_FORMAT', authorised_value => $criteriumvalue });
68 return $av->count ? $av->next->lib : 'Unknown';
69 }
70 if ($displayby =~/suggestedby/||$displayby =~/managedby/||$displayby =~/acceptedby/){
71 my $patron = Koha::Patrons->find( $criteriumvalue );
72 return "" unless $patron;
73 return $patron->surname . ", " . $patron->firstname;
74 }
75 if ( $displayby =~ /budgetid/) {
76 my $budget = GetBudget($criteriumvalue);
77 return "" unless $budget;
78 return $$budget{budget_name};
79 }
80 }
81
82 my $input = CGI->new;
83 my $redirect = $input->param('redirect');
84 my $suggestedbyme = (defined $input->param('suggestedbyme')? $input->param('suggestedbyme'):1);
85 my $op = $input->param('op')||'else';
86 my @editsuggestions = $input->multi_param('suggestionid');
87 my $suggestedby = $input->param('suggestedby');
88 my $returnsuggestedby = $input->param('returnsuggestedby');
89 my $returnsuggested = $input->param('returnsuggested');
90 my $managedby = $input->param('managedby');
91 my $displayby = $input->param('displayby') || '';
92 my $tabcode = $input->param('tabcode');
93 my $save_confirmed = $input->param('save_confirmed') || 0;
94 my $notify = $input->param('notify');
95 my $filter_archived = $input->param('filter_archived');
96
97 my $reasonsloop = GetAuthorisedValues("SUGGEST");
98
99 # filter informations which are not suggestion related.
100 my $suggestion_ref = { %{$input->Vars} }; # Copying, otherwise $input will be modified
101
102 # get only the columns of Suggestion
103 my $schema = Koha::Database->new()->schema;
104 my $columns = ' '.join(' ', $schema->source('Suggestion')->columns).' ';
105 my $suggestion_only = { map { $columns =~ / $_ / ? ($_ => $suggestion_ref->{$_}) : () } keys %$suggestion_ref };
106 $suggestion_only->{STATUS} = $suggestion_ref->{STATUS};
107
108 delete $$suggestion_ref{$_} foreach qw( suggestedbyme op displayby tabcode notify filter_archived );
109 foreach (keys %$suggestion_ref){
110 delete $$suggestion_ref{$_} if (!$$suggestion_ref{$_} && ($op eq 'else' ));
111 }
112 my ( $template, $borrowernumber, $cookie, $userflags ) = get_template_and_user(
113 {
114 template_name => "suggestion/suggestion.tt",
115 query => $input,
116 type => "intranet",
117 flagsrequired => { suggestions => 'suggestions_manage' },
118 }
119 );
120
121 $borrowernumber = $input->param('borrowernumber') if ( $input->param('borrowernumber') );
122 $template->param('borrowernumber' => $borrowernumber);
123 my $branchfilter = $input->param('branchcode') || C4::Context->userenv->{'branch'};
124
125 #########################################
126 ## Operations
127 ##
128
129 if ( $op =~ /save/i ) {
130 my @messages;
131 my $biblio = MarcRecordFromNewSuggestion({
132 title => $suggestion_only->{title},
133 author => $suggestion_only->{author},
134 itemtype => $suggestion_only->{itemtype},
135 });
136
137 if ( !$suggestion_only->{suggestionid} && ( my ($duplicatebiblionumber, $duplicatetitle) = FindDuplicate($biblio) ) && !$save_confirmed ) {
138 push @messages, { type => 'error', code => 'biblio_exists', id => $duplicatebiblionumber, title => $duplicatetitle };
139 $template->param(
140 messages => \@messages,
141 need_confirm => 1
142 );
143 delete $suggestion_ref->{suggesteddate};
144 Init($suggestion_ref);
145 }
146 else {
147
148 for my $date_key ( qw( suggesteddate manageddate accepteddate rejecteddate ) ) {
149 $suggestion_only->{$date_key} = dt_from_string( $suggestion_only->{$date_key} )
150 if $suggestion_only->{$date_key};
151 }
152
153 if ( $suggestion_only->{"STATUS"} ) {
154 if ( my $tmpstatus = lc( $suggestion_only->{"STATUS"} ) =~ /ACCEPTED|REJECTED/i ) {
155 $suggestion_only->{ lc( $suggestion_only->{"STATUS"}) . "date" } = dt_from_string;
156 $suggestion_only->{ lc( $suggestion_only->{"STATUS"}) . "by" } = C4::Context->userenv->{number};
157 }
158 $suggestion_only->{manageddate} = dt_from_string;
159 $suggestion_only->{"managedby"} ||= C4::Context->userenv->{number};
160 }
161
162 my $otherreason = $input->param('other_reason');
163 if ($suggestion_only->{reason} eq 'other' && $otherreason) {
164 $suggestion_only->{reason} = $otherreason;
165 }
166
167 if ( $suggestion_only->{'suggestionid'} > 0 ) {
168
169 $suggestion_only->{lastmodificationdate} = dt_from_string;
170 $suggestion_only->{lastmodificationby} = C4::Context->userenv->{number};
171
172 &ModSuggestion($suggestion_only);
173
174 if ( $notify ) {
175 my $patron = Koha::Patrons->find( $suggestion_only->{managedby} );
176 my $email_address = $patron->notice_email_address;
177 if ($patron->notice_email_address) {
178 my $library = $patron->library;
179 my $admin_email_address = $library->branchemail
180 || C4::Context->preference('KohaAdminEmailAddress');
181
182 my $letter = C4::Letters::GetPreparedLetter(
183 module => 'suggestions',
184 letter_code => 'NOTIFY_MANAGER',
185 branchcode => $patron->branchcode,
186 lang => $patron->lang,
187 tables => {
188 suggestions => $suggestion_only->{suggestionid},
189 branches => $patron->branchcode,
190 borrowers => $patron->borrowernumber,
191 },
192 );
193 C4::Letters::EnqueueLetter(
194 {
195 letter => $letter,
196 borrowernumber => $patron->borrowernumber,
197 message_transport_type => 'email',
198 from_address => $admin_email_address,
199 }
200 );
201 }
202 }
203 } else {
204 ###FIXME:Search here if suggestion already exists.
205 my $suggestions_loop =
206 SearchSuggestion( $suggestion_only );
207 if (@$suggestions_loop>=1){
208 #some suggestion are answering the request Donot Add
209 my @messages;
210 for my $suggestion ( @$suggestions_loop ) {
211 push @messages, { type => 'error', code => 'already_exists', id => $suggestion->{suggestionid} };
212 }
213 $template->param( messages => \@messages );
214 }
215 else {
216 ## Adding some informations related to suggestion
217 &NewSuggestion($suggestion_only);
218 }
219 # empty fields, to avoid filter in "SearchSuggestion"
220 }
221 map{delete $$suggestion_ref{$_}} keys %$suggestion_ref;
222 $op = 'else';
223
224 if( $redirect eq 'purchase_suggestions' ) {
225 print $input->redirect("/cgi-bin/koha/members/purchase-suggestions.pl?borrowernumber=$borrowernumber");
226 }
227 }
228 }
229 elsif ($op=~/add/) {
230 #Adds suggestion
231 Init($suggestion_ref);
232 $op ='save';
233 }
234 elsif ($op=~/edit/) {
235 #Edit suggestion
236 $suggestion_ref=&GetSuggestion($$suggestion_ref{'suggestionid'});
237 $suggestion_ref->{reasonsloop} = $reasonsloop;
238 my $other_reason = 1;
239 foreach my $reason ( @{ $reasonsloop } ) {
240 if ($suggestion_ref->{reason} eq $reason->{lib}) {
241 $other_reason = 0;
242 }
243 }
244 $other_reason = 0 unless $suggestion_ref->{reason};
245 $template->param(other_reason => $other_reason);
246 Init($suggestion_ref);
247 $op ='save';
248 }
249 elsif ($op eq "update_status" ) {
250
251 my $suggestion;
252 # set accepted/rejected/managed informations if applicable
253 # ie= if the librarian has chosen some action on the suggestions
254 my $STATUS = $input->param('STATUS');
255 my $accepted_by = $input->param('acceptedby');
256 if ( $STATUS eq "ACCEPTED" ) {
257 $suggestion = {
258 accepteddate => dt_from_string,
259 acceptedby => C4::Context->userenv->{number},
260 };
261 }
262 elsif ( $STATUS eq "REJECTED" ) {
263 $suggestion = {
264 rejecteddate => dt_from_string,
265 rejectedby => C4::Context->userenv->{number},
266 };
267 }
268 if ($STATUS) {
269 $suggestion->{manageddate} = dt_from_string;
270 $suggestion->{managedby} = C4::Context->userenv->{number};
271 $suggestion->{STATUS} = $STATUS;
272 }
273 if ( my $reason = $input->param("reason") ) {
274 if ( $reason eq "other" ) {
275 $reason = $input->param("other_reason");
276 }
277 $suggestion->{reason} = $reason;
278 }
279
280 foreach my $suggestionid (@editsuggestions) {
281 next unless $suggestionid;
282 $suggestion->{suggestionid} = $suggestionid;
283 &ModSuggestion($suggestion);
284 }
285 redirect_with_params($input);
286 }elsif ($op eq "delete" ) {
287 foreach my $delete_field (@editsuggestions) {
288 &DelSuggestion( $borrowernumber, $delete_field,'intranet' );
289 }
290 redirect_with_params($input);
291 }
292 elsif ($op eq "archive" ) {
293 Koha::Suggestions->find($_)->update({ archived => 1 }) for @editsuggestions;
294
295 redirect_with_params($input);
296 }
297 elsif ($op eq "unarchive" ) {
298 Koha::Suggestions->find($_)->update({ archived => 0 }) for @editsuggestions;
299
300 redirect_with_params($input);
301 }
302 elsif ( $op eq 'update_itemtype' ) {
303 my $new_itemtype = $input->param('suggestion_itemtype');
304 foreach my $suggestionid (@editsuggestions) {
305 next unless $suggestionid;
306 &ModSuggestion({ suggestionid => $suggestionid, itemtype => $new_itemtype });
307 }
308 redirect_with_params($input);
309 }
310 elsif ( $op eq 'update_manager' ) {
311 my $managedby = $input->param('suggestion_managedby');
312 foreach my $suggestionid (@editsuggestions) {
313 next unless $suggestionid;
314 &ModSuggestion({ suggestionid => $suggestionid, managedby => $managedby });
315 }
316 redirect_with_params($input);
317 }
318 elsif ( $op eq 'show' ) {
319 $suggestion_ref=&GetSuggestion($$suggestion_ref{'suggestionid'});
320 my $budget = GetBudget $$suggestion_ref{budgetid};
321 $$suggestion_ref{budgetname} = $$budget{budget_name};
322 Init($suggestion_ref);
323 }
324 if ($op=~/else/) {
325 $op='else';
326
327 $displayby||="STATUS";
328 # distinct values of display by
329 my $criteria_list=GetDistinctValues("suggestions.".$displayby);
330 my (@criteria_dv, $criteria_has_empty);
331 foreach (@$criteria_list) {
332 if ($_->{value}) {
333 push @criteria_dv, $_->{value};
334 } else {
335 $criteria_has_empty = 1;
336 }
337 }
338 # aggregate null and empty values under empty value
339 push @criteria_dv, '' if $criteria_has_empty;
340
341 # Hack to not modify GetDistinctValues for this specific case
342 if ( $displayby eq 'branchcode'
343 && C4::Context->preference('IndependentBranches')
344 && not C4::Context->IsSuperLibrarian )
345 {
346 @criteria_dv = ( C4::Context->userenv->{'branch'} );
347 }
348
349 my @allsuggestions;
350 foreach my $criteriumvalue ( @criteria_dv ) {
351 # By default, display suggestions from current working branch
352 unless ( exists $$suggestion_ref{'branchcode'} ) {
353 $$suggestion_ref{'branchcode'} = C4::Context->userenv->{'branch'};
354 }
355 my $definedvalue = defined $$suggestion_ref{$displayby} && $$suggestion_ref{$displayby} ne "";
356
357 next if ( $definedvalue && $$suggestion_ref{$displayby} ne $criteriumvalue ) and ($displayby ne 'branchcode' or $branchfilter ne '__ANY__' );
358 $$suggestion_ref{$displayby} = $criteriumvalue;
359
360 my $suggestions = &SearchSuggestion({ %$suggestion_ref, archived => $filter_archived });
361 foreach my $suggestion (@$suggestions) {
362 if ($suggestion->{budgetid}){
363 my $bud = GetBudget( $suggestion->{budgetid} );
364 $suggestion->{budget_name} = $bud->{budget_name} if $bud;
365 }
366 }
367 push @allsuggestions,{
368 "suggestiontype"=>$criteriumvalue||"suggest",
369 "suggestiontypelabel"=>GetCriteriumDesc($criteriumvalue,$displayby)||"",
370 "suggestionscount"=>scalar(@$suggestions),
371 'suggestions_loop'=>$suggestions,
372 'reasonsloop' => $reasonsloop,
373 } if @$suggestions;
374
375 delete $$suggestion_ref{$displayby} unless $definedvalue;
376 }
377
378 $template->param(
379 "displayby"=> $displayby,
380 "notabs"=> $displayby eq "",
381 suggestions => \@allsuggestions,
382 );
383 }
384
385 $template->param(
386 "${_}_patron" => scalar Koha::Patrons->find( $suggestion_ref->{$_} ) )
387 for qw(managedby suggestedby acceptedby lastmodificationby);
388
389 $template->param(
390 %$suggestion_ref,
391 filter_archived => $filter_archived,
392 "op" =>$op,
393 );
394
395 if(defined($returnsuggested) and $returnsuggested ne "noone")
396 {
397 print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=".$returnsuggested."#suggestions");
398 }
399
400 $template->param(
401 branchfilter => $branchfilter,
402 );
403
404 $template->param( returnsuggestedby => $returnsuggestedby );
405
406 my $patron_reason_loop = GetAuthorisedValues("OPAC_SUG");
407 $template->param(patron_reason_loop=>$patron_reason_loop);
408
409 #Budgets management
410 my $budgets = GetBudgets;
411 my @budgets_loop;
412 foreach my $budget ( @{$budgets} ) {
413 next unless (CanUserUseBudget($borrowernumber, $budget, $userflags));
414
415 ## Please see file perltidy.ERR
416 $budget->{'selected'} = 1
417 if ($$suggestion_ref{'budgetid'}
418 && $budget->{'budget_id'} eq $$suggestion_ref{'budgetid'});
419
420 push @budgets_loop, $budget;
421 }
422
423 $template->param( budgetsloop => \@budgets_loop);
424 if( $suggestion_ref->{STATUS} ) {
425 $template->param(
426 "statusselected_".$suggestion_ref->{STATUS} => 1,
427 selected_status => $suggestion_ref->{STATUS}, # We need template var selected_status in the second part of the template where template var suggestion.STATUS is out of scope
428 );
429 }
430
431 my @currencies = Koha::Acquisition::Currencies->search;
432 $template->param(
433 currencies => \@currencies,
434 suggestion => $suggestion_ref,
435 price => sprintf("%.2f", $$suggestion_ref{'price'}||0),
436 total => sprintf("%.2f", $$suggestion_ref{'total'}||0),
437 );
438
439 # lists of distinct values (without empty) for filters
440 my %hashlists;
441 foreach my $field ( qw(managedby acceptedby suggestedby budgetid) ) {
442 my $values_list;
443 $values_list = GetDistinctValues( "suggestions." . $field );
444 my @codes_list = map {
445 { 'code' => $$_{'value'},
446 'desc' => GetCriteriumDesc( $$_{'value'}, $field ) || $$_{'value'},
447 'selected' => ($$suggestion_ref{$field}) ? $$_{'value'} eq $$suggestion_ref{$field} : 0,
448 }
449 } grep {
450 $$_{'value'}
451 } @$values_list;
452 $hashlists{ lc($field) . "_loop" } = \@codes_list;
453 }
454
455 $template->param(
456 %hashlists,
457 borrowernumber => ($input->param('borrowernumber') // undef),
458 SuggestionStatuses => GetAuthorisedValues('SUGGEST_STATUS'),
459 );
460 output_html_with_http_headers $input, $cookie, $template->output;
461
462 sub redirect_with_params {
463 my ( $input ) = @_;
464 my $params = '';
465 foreach my $key (
466 qw(
467 displayby branchcode title author isbn publishercode copyrightdate
468 collectiontitle suggestedby suggesteddate_from suggesteddate_to
469 manageddate_from manageddate_to accepteddate_from
470 accepteddate_to budgetid filter_archived
471 )
472 )
473 {
474 $params .= $key . '=' . uri_escape(scalar $input->param($key)) . '&'
475 if defined($input->param($key));
476 }
477 print $input->redirect("/cgi-bin/koha/suggestion/suggestion.pl?$params");
478 }
Koha ILS