Koha/svc/report
Nick Clemens edc5caf976
Bug 37056: Mount a new intranet_svc api to avoid redirects
When an unauthorized call to svc is made, we use the ErrorDocument middleware to respond with an HTML
page. The API doens't do this, it simply returns its status. We should mount the svc as its own app to avoid
the redirect to HTML for unauthorized responses

To test:
1 - Create a report
2 - Add to IntranetUserJs:
    $(document).ready(function() {
      // Your report ID
      var reportId = '492';

      // Fetch the report
      $.get('/cgi-bin/koha/svc/report?id=' + reportId, function(data) {
        console.log('Kaboom');
      });
    });
3 - Log out
4 - Attempt to login
5 - KO
6 - Apply patch
7 - Reset all (or copy the necessary changes to your plack/apache files)
8 - Generate report and update user js again
8 - Logout, login
9 - Success!

Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-07-02 17:20:37 +02:00

100 lines
3 KiB
Perl
Executable file

#!/usr/bin/perl
# This file is part of Koha.
#
# Copyright (C) 2011 Chris Cormack <chris@bigballofwax.co.nz>
# Copyright (C) 2013 Mark Tompsett
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use C4::Auth qw( check_api_auth );
use C4::Reports::Guided qw( execute_query );
use Koha::Reports;
use JSON qw( encode_json decode_json to_json );
use CGI qw ( -utf8 );
use Koha::Caches;
my $query = CGI->new();
my $report_id = $query->param('id');
my $report_name = $query->param('name');
my $report_annotation = $query->param('annotated');
my $report_recs = Koha::Reports->search( $report_name ? { 'report_name' => $report_name } : { 'id' => $report_id } );
if (!$report_recs || $report_recs->count == 0 ) { die "There is no such report.\n"; }
my $report_rec = $report_recs->next();
$report_id = $report_rec->id;
my @sql_params = $query->multi_param('sql_params');
my @param_names = $query->multi_param('param_names');
my ($status, $cookie, $sessionID) = check_api_auth($query, { catalogue => '1'} );
unless ($status eq "ok") {
print $query->header(-type => 'application/json', -status => '401 Unauthorized');
print to_json({ auth_status => $status });
exit 0;
}
my $cache = Koha::Caches->get_instance();
my $cache_active = $cache->is_cache_active;
my ($cache_key, $json_text);
if ($cache_active) {
$cache_key = "intranet:report:".($report_name ? "report_name:$report_name:" : "id:$report_id:")
. join( '-', @sql_params )
. join( '_'. @param_names );
$json_text = $cache->get_from_cache($cache_key);
}
unless ($json_text) {
my $limit = C4::Context->preference("SvcMaxReportRows") || 10;
my ( $sql, undef ) = $report_rec->prep_report( \@param_names, \@sql_params );
my ( $sth, $errors ) = execute_query(
{
sql => $sql,
offset => 0,
limit => $limit,
report_id => $report_id,
}
);
if ($sth) {
my $lines;
if ($report_annotation) {
$lines = $sth->fetchall_arrayref({});
}
else {
$lines = $sth->fetchall_arrayref;
}
$json_text = encode_json($lines);
if ($cache_active) {
$cache->set_in_cache( $cache_key, $json_text, { expiry => $report_rec->cache_expiry } );
}
}
else {
$json_text = encode_json($errors);
}
}
print $query->header(
-charset => 'UTF-8',
-type => 'application/json'
);
print $json_text;