search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 26023: Properly secure the cashup and refund actions
[koha.git] / tools / modborrowers.pl
blob589059f429b8a08cfb6ae6b856ec2e7ed29ee7f5
1 #!/usr/bin/perl
2
3 # Copyright 2012 BibLibre
4 #
5 # This file is part of Koha.
6 #
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19
20 # modborrowers.pl
21 #
22 # Batch Edit Patrons
23 # Modification for patron's fields:
24 # surname firstname branchcode categorycode city state zipcode country sort1
25 # sort2 dateenrolled dateexpiry borrowernotes
26 # And for patron attributes.
27
28 use Modern::Perl;
29 use CGI qw ( -utf8 );
30 use C4::Auth;
31 use C4::Koha;
32 use C4::Members;
33 use C4::Output;
34 use List::MoreUtils qw /any uniq/;
35 use Koha::DateUtils qw( dt_from_string );
36 use Koha::List::Patron;
37 use Koha::Libraries;
38 use Koha::Patron::Categories;
39 use Koha::Patron::Debarments;
40 use Koha::Patrons;
41
42 my $input = new CGI;
43 my $op = $input->param('op') || 'show_form';
44 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
45 { template_name => "tools/modborrowers.tt",
46 query => $input,
47 type => "intranet",
48 authnotrequired => 0,
49 flagsrequired => { tools => "edit_patrons" },
50 }
51 );
52
53 my $logged_in_user = Koha::Patrons->find( $loggedinuser );
54
55 my %cookies = parse CGI::Cookie($cookie);
56 my $sessionID = $cookies{'CGISESSID'}->value;
57 my $dbh = C4::Context->dbh;
58
59 # Show borrower informations
60 if ( $op eq 'show' ) {
61 my $filefh = $input->upload('uploadfile');
62 my $filecontent = $input->param('filecontent');
63 my $patron_list_id = $input->param('patron_list_id');
64 my @borrowers;
65 my @cardnumbers;
66 my @notfoundcardnumbers;
67
68 # Get cardnumbers from a file or the input area
69 if ($filefh) {
70 while ( my $content = <$filefh> ) {
71 $content =~ s/[\r\n]*$//g;
72 push @cardnumbers, $content if $content;
73 }
74 } elsif ( $patron_list_id ) {
75 my ($list) = GetPatronLists( { patron_list_id => $patron_list_id } );
76
77 @cardnumbers =
78 $list->patron_list_patrons()->search_related('borrowernumber')
79 ->get_column('cardnumber')->all();
80
81 } else {
82 if ( my $list = $input->param('cardnumberlist') ) {
83 push @cardnumbers, split( /\s\n/, $list );
84 }
85 }
86
87 my $max_nb_attr = 0;
88 for my $cardnumber ( @cardnumbers ) {
89 my $patron = Koha::Patrons->find( { cardnumber => $cardnumber } );
90 if ( $patron ) {
91 if ( $logged_in_user->can_see_patron_infos( $patron ) ) {
92 my $borrower = $patron->unblessed;
93 my $attributes = $patron->extended_attributes;
94 $borrower->{patron_attributes} = $attributes->as_list;
95 $borrower->{patron_attributes_count} = $attributes->count;
96 $max_nb_attr = $borrower->{patron_attributes_count} if $borrower->{patron_attributes_count} > $max_nb_attr;
97 push @borrowers, $borrower;
98 } else {
99 push @notfoundcardnumbers, $cardnumber;
100 }
101 } else {
102 push @notfoundcardnumbers, $cardnumber;
103 }
104 }
105
106 # Just for a correct display
107 for my $borrower ( @borrowers ) {
108 my $length = $borrower->{patron_attributes_count};
109 push @{ $borrower->{patron_attributes} }, {} for ( $length .. $max_nb_attr - 1);
110 }
111
112 # Construct the patron attributes list
113 my @patron_attributes_values;
114 my @patron_attributes_codes;
115 my $library_id = C4::Context->userenv ? C4::Context->userenv->{'branch'} : undef;
116 my $patron_attribute_types = Koha::Patron::Attribute::Types->search_with_library_limits({}, {}, $library_id);
117 my @patron_categories = Koha::Patron::Categories->search_limited({}, {order_by => ['description']});
118 while ( my $attr_type = $patron_attribute_types->next ) {
119 # TODO Repeatable attributes are not correctly managed and can cause data lost.
120 # This should be implemented.
121 next if $attr_type->repeatable;
122 next if $attr_type->unique_id; # Don't display patron attributes that must be unqiue
123 my $options = $attr_type->authorised_value_category
124 ? GetAuthorisedValues( $attr_type->authorised_value_category )
125 : undef;
126 push @patron_attributes_values,
127 {
128 attribute_code => $attr_type->code,
129 options => $options,
130 };
131
132 my $category_code = $attr_type->category_code;
133 my ( $category_lib ) = map {
134 ( defined $category_code and $attr_type->category_code eq $category_code ) ? $attr_type->description : ()
135 } @patron_categories;
136 push @patron_attributes_codes,
137 {
138 attribute_code => $attr_type->code,
139 attribute_lib => $attr_type->description,
140 category_lib => $category_lib,
141 type => $attr_type->authorised_value_category ? 'select' : 'text',
142 };
143 }
144
145 my @attributes_header = ();
146 for ( 1 .. scalar( $max_nb_attr ) ) {
147 push @attributes_header, { attribute => "Attributes $_" };
148 }
149 $template->param( borrowers => \@borrowers );
150 $template->param( attributes_header => \@attributes_header );
151 @notfoundcardnumbers = map { { cardnumber => $_ } } @notfoundcardnumbers;
152 $template->param( notfoundcardnumbers => \@notfoundcardnumbers )
153 if @notfoundcardnumbers;
154
155 # Construct drop-down list values
156 my $branches = Koha::Libraries->search({}, { order_by => ['branchname'] })->unblessed;
157 my @branches_option;
158 push @branches_option, { value => $_->{branchcode}, lib => $_->{branchname} } for @$branches;
159 unshift @branches_option, { value => "", lib => "" };
160 my @categories_option;
161 push @categories_option, { value => $_->categorycode, lib => $_->description } for @patron_categories;
162 unshift @categories_option, { value => "", lib => "" };
163 my $bsort1 = GetAuthorisedValues("Bsort1");
164 my @sort1_option;
165 push @sort1_option, { value => $_->{authorised_value}, lib => $_->{lib} } for @$bsort1;
166 unshift @sort1_option, { value => "", lib => "" }
167 if @sort1_option;
168 my $bsort2 = GetAuthorisedValues("Bsort2");
169 my @sort2_option;
170 push @sort2_option, { value => $_->{authorised_value}, lib => $_->{lib} } for @$bsort2;
171 unshift @sort2_option, { value => "", lib => "" }
172 if @sort2_option;
173
174 my @mandatoryFields = split( /\|/, C4::Context->preference("BorrowerMandatoryField") );
175
176 my @fields = (
177 {
178 name => "surname",
179 type => "text",
180 mandatory => ( grep /surname/, @mandatoryFields ) ? 1 : 0
181 }
182 ,
183 {
184 name => "firstname",
185 type => "text",
186 mandatory => ( grep /firstname/, @mandatoryFields ) ? 1 : 0,
187 }
188 ,
189 {
190 name => "branchcode",
191 type => "select",
192 option => \@branches_option,
193 mandatory => ( grep /branchcode/, @mandatoryFields ) ? 1 : 0,
194 }
195 ,
196 {
197 name => "categorycode",
198 type => "select",
199 option => \@categories_option,
200 mandatory => ( grep /categorycode/, @mandatoryFields ) ? 1 : 0,
201 }
202 ,
203 {
204 name => "streetnumber",
205 type => "text",
206 mandatory => ( grep /streetnumber/, @mandatoryFields ) ? 1 : 0,
207 }
208 ,
209 {
210 name => "address",
211 type => "text",
212 mandatory => ( grep /address/, @mandatoryFields ) ? 1 : 0,
213 }
214 ,
215 {
216 name => "address2",
217 type => "text",
218 mandatory => ( grep /address2/, @mandatoryFields ) ? 1 : 0,
219 }
220 ,
221 {
222 name => "city",
223 type => "text",
224 mandatory => ( grep /city/, @mandatoryFields ) ? 1 : 0,
225 }
226 ,
227 {
228 name => "state",
229 type => "text",
230 mandatory => ( grep /state/, @mandatoryFields ) ? 1 : 0,
231 }
232 ,
233 {
234 name => "zipcode",
235 type => "text",
236 mandatory => ( grep /zipcode/, @mandatoryFields ) ? 1 : 0,
237 }
238 ,
239 {
240 name => "country",
241 type => "text",
242 mandatory => ( grep /country/, @mandatoryFields ) ? 1 : 0,
243 }
244 ,
245 {
246 name => "email",
247 type => "text",
248 mandatory => ( grep /email/, @mandatoryFields ) ? 1 : 0,
249 }
250 ,
251 {
252 name => "phone",
253 type => "text",
254 mandatory => ( grep /phone/, @mandatoryFields ) ? 1 : 0,
255 }
256 ,
257 {
258 name => "mobile",
259 type => "text",
260 mandatory => ( grep /mobile/, @mandatoryFields ) ? 1 : 0,
261 }
262 ,
263 {
264 name => "sort1",
265 type => @sort1_option ? "select" : "text",
266 option => \@sort1_option,
267 mandatory => ( grep /sort1/, @mandatoryFields ) ? 1 : 0,
268 }
269 ,
270 {
271 name => "sort2",
272 type => @sort2_option ? "select" : "text",
273 option => \@sort2_option,
274 mandatory => ( grep /sort2/, @mandatoryFields ) ? 1 : 0,
275 }
276 ,
277 {
278 name => "dateenrolled",
279 type => "date",
280 mandatory => ( grep /dateenrolled/, @mandatoryFields ) ? 1 : 0,
281 }
282 ,
283 {
284 name => "dateexpiry",
285 type => "date",
286 mandatory => ( grep /dateexpiry/, @mandatoryFields ) ? 1 : 0,
287 }
288 ,
289 {
290 name => "borrowernotes",
291 type => "text",
292 mandatory => ( grep /borrowernotes/, @mandatoryFields ) ? 1 : 0,
293 }
294 ,
295 {
296 name => "opacnote",
297 type => "text",
298 mandatory => ( grep /opacnote/, @mandatoryFields ) ? 1 : 0,
299 }
300 ,
301 {
302 name => "debarred",
303 type => "date",
304 mandatory => ( grep /debarred/, @mandatoryFields ) ? 1 : 0,
305 }
306 ,
307 {
308 name => "debarredcomment",
309 type => "text",
310 mandatory => ( grep /debarredcomment/, @mandatoryFields ) ? 1 : 0,
311 },
312 );
313
314 $template->param('patron_attributes_codes', \@patron_attributes_codes);
315 $template->param('patron_attributes_values', \@patron_attributes_values);
316
317 $template->param( fields => \@fields );
318 }
319
320 # Process modifications
321 if ( $op eq 'do' ) {
322
323 my @disabled = $input->multi_param('disable_input');
324 my $infos;
325 for my $field ( qw/surname firstname branchcode categorycode streetnumber address address2 city state zipcode country email phone mobile sort1 sort2 dateenrolled dateexpiry borrowernotes opacnote/ ) {
326 my $value = $input->param($field);
327 $infos->{$field} = $value if $value;
328 $infos->{$field} = "" if grep { $_ eq $field } @disabled;
329 }
330
331 for my $field ( qw( dateenrolled dateexpiry debarred ) ) {
332 $infos->{$field} = dt_from_string($infos->{$field}) if $infos->{$field};
333 }
334
335 my @attributes = $input->multi_param('patron_attributes');
336 my @attr_values = $input->multi_param('patron_attributes_value');
337
338 my @errors;
339 my @borrowernumbers = $input->multi_param('borrowernumber');
340 # For each borrower selected
341 for my $borrowernumber ( @borrowernumbers ) {
342 # If at least one field are filled, we want to modify the borrower
343 if ( defined $infos ) {
344 # If a debarred date or debarred comment has been submitted make a new debarment
345 if ( $infos->{debarred} || $infos->{debarredcomment} ) {
346 AddDebarment(
347 {
348 borrowernumber => $borrowernumber,
349 type => 'MANUAL',
350 comment => $infos->{debarredcomment},
351 expiration => $infos->{debarred},
352 });
353 }
354
355 # If debarment date or debarment comment are disabled then remove all debarrments
356 if ( grep { /debarred/ } @disabled ) {
357 eval {
358 my $debarrments = GetDebarments( { borrowernumber => $borrowernumber } );
359 foreach my $debarment (@$debarrments) {
360 DelDebarment( $debarment->{'borrower_debarment_id'} );
361 }
362 };
363 }
364
365 $infos->{borrowernumber} = $borrowernumber;
366 eval { Koha::Patrons->find( $borrowernumber )->set($infos)->store; };
367 if ( $@ ) { # FIXME We could provide better error handling here
368 my $patron = Koha::Patrons->find( $borrowernumber );
369 $infos->{cardnumber} = $patron ? $patron->cardnumber || '' : '';
370 push @errors, { error => "can_not_update", borrowernumber => $infos->{borrowernumber}, cardnumber => $infos->{cardnumber} };
371 }
372 }
373
374 my $patron = Koha::Patrons->find( $borrowernumber );
375 my $i=0;
376 for ( @attributes ) {
377 next unless $_;
378 my $attribute;
379 $attribute->{code} = $_;
380 $attribute->{attribute} = $attr_values[$i];
381 my $attr_type = Koha::Patron::Attribute::Types->find($_);
382 # If this borrower is not in the category of this attribute, we don't want to modify this attribute
383 ++$i and next if $attr_type->category_code and $attr_type->category_code ne $patron->categorycode;
384 my $valuename = "attr" . $i . "_value";
385 if ( grep { $_ eq $valuename } @disabled ) {
386 # The attribute is disabled, we remove it for this borrower !
387 eval {
388 $patron->get_extended_attribute($attribute->{code})->delete;
389 };
390 push @errors, { error => $@ } if $@;
391 } else {
392 eval {
393 # Note:
394 # We should not need to filter by branch, but stay on the safe side
395 # Repeatable are not supported so we can do that - TODO
396 $patron->extended_attributes->search({'me.code' => $attribute->{code}})->filter_by_branch_limitations->delete;
397 $patron->add_extended_attribute($attribute);
398 };
399 push @errors, { error => $@ } if $@;
400 }
401 $i++;
402 }
403 }
404 $op = "show_results"; # We have process modifications, the user want to view its
405
406 # Construct the results list
407 my @borrowers;
408 my $max_nb_attr = 0;
409 for my $borrowernumber ( @borrowernumbers ) {
410 my $patron = Koha::Patrons->find( $borrowernumber );
411 if ( $patron ) {
412 my $category_description = $patron->category->description;
413 my $borrower = $patron->unblessed;
414 $borrower->{category_description} = $category_description;
415 my $attributes = $patron->extended_attributes;
416 $borrower->{patron_attributes} = $attributes->as_list;
417 $max_nb_attr = $attributes->count if $attributes->count > $max_nb_attr;
418 push @borrowers, $borrower;
419 }
420 }
421 my @patron_attributes_option;
422 for my $borrower ( @borrowers ) {
423 push @patron_attributes_option, { value => "$_->{code}", lib => $_->{code} } for @{ $borrower->{patron_attributes} };
424 my $length = scalar( @{ $borrower->{patron_attributes} } );
425 push @{ $borrower->{patron_attributes} }, {} for ( $length .. $max_nb_attr - 1);
426 }
427
428 my @attributes_header = ();
429 for ( 1 .. scalar( $max_nb_attr ) ) {
430 push @attributes_header, { attribute => "Attributes $_" };
431 }
432
433 $template->param( borrowers => \@borrowers );
434 $template->param( attributes_header => \@attributes_header );
435
436 $template->param( errors => \@errors );
437 } else {
438
439 $template->param( patron_lists => [ GetPatronLists() ] );
440 }
441
442 $template->param(
443 op => $op,
444 );
445 output_html_with_http_headers $input, $cookie, $template->output;
446 exit;
Koha ILS