Browse Source

Bug 10921: Prevent an order from a closed basket to be edited

We don't allow editing of orders that are part of a closed basket, but
we don't enforce the rule in the controller file.

This patch use output_and_exit to stop the script and display an error
to the end user.

Test plan:
Create a basket, add an order
On the basket view you see the "Modify" link, open it in a separate tab
=> You can edit the basket
Keep this tab open, get back to the other one and close the basket
Reload the tab with the order edition form
=> You cannot longer edit the basket

QA: Do we need a check in addorder.pl as well?

Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
20.11.x
Jonathan Druart 2 years ago
parent
commit
0310e973a4
  1. 14
      acqui/neworderempty.pl
  2. 2
      koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc

14
acqui/neworderempty.pl

@ -135,6 +135,16 @@ my $bookseller = Koha::Acquisition::Booksellers->find( $booksellerid );
output_and_exit( $input, $cookie, $template, 'unknown_basket') unless $basketobj;
output_and_exit( $input, $cookie, $template, 'unknown_vendor') unless $bookseller;
$template->param(
ordernumber => $ordernumber,
basketno => $basketno,
basket => $basket,
booksellerid => $basket->{'booksellerid'},
name => $bookseller->name,
);
output_and_exit( $input, $cookie, $template, 'order_cannot_be_edited' )
if $ordernumber and $basketobj->closedate;
my $contract = GetContract({
contractnumber => $basket->{contractnumber}
});
@ -408,10 +418,7 @@ $quantity //= 0;
# fill template
$template->param(
existing => $biblionumber,
ordernumber => $ordernumber,
# basket informations
basketno => $basketno,
basket => $basket,
basketname => $basket->{'basketname'},
basketnote => $basket->{'note'},
booksellerid => $basket->{'booksellerid'},
@ -436,7 +443,6 @@ $template->param(
order_vendornote => $data->{'order_vendornote'},
listincgst => $bookseller->listincgst,
invoiceincgst => $bookseller->invoiceincgst,
name => $bookseller->name,
cur_active_sym => $active_currency->symbol,
cur_active => $active_currency->currency,
currencies => \@currencies,

2
koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc

@ -13,6 +13,8 @@
<div class="dialog message">Basket not found.</div>
[% CASE 'unknown_vendor' %]
<div class="dialog message">Vendor not found.</div>
[% CASE 'order_cannot_be_edited' %]
<div class="dialog message">This order cannot be edited, the basket is closed.</div>
[% CASE 'wrong_csrf_token' %]
<div class="dialog message">The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.</div>
[% CASE 'budget_is_locked' %]

Loading…
Cancel
Save