Koha/svc/members/search
Jonathan Druart 4bc92169dc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers'
Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your group.

Technical note:
Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
That meant
  borrowers => 1
and
  borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:37 -03:00

163 lines
5.3 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2013 BibLibre
#
# This file is part of Koha
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI;
use C4::Auth qw( get_template_and_user haspermission get_user_subpermissions );
use C4::Output qw( output_with_http_headers );
use C4::Utils::DataTables qw( dt_get_params );
use C4::Utils::DataTables::Members qw( search );
use Koha::DateUtils qw( output_pref dt_from_string );
use Koha::Patrons;
my $input = new CGI;
exit unless $input->param('template_path');
my ($template, $user, $cookie) = get_template_and_user({
template_name => scalar $input->param('template_path'),
query => $input,
type => "intranet",
authnotrequired => 0,
flagsrequired => { borrowers => 'edit_borrowers' }
});
my $searchmember = $input->param('searchmember');
my $firstletter = $input->param('firstletter');
my $categorycode = $input->param('categorycode');
my $branchcode = $input->param('branchcode');
my $searchtype = $input->param('searchtype');
my $searchfieldstype = $input->param('searchfieldstype') || 'standard';
my $has_permission = $input->param('has_permission');
my $selection_type = $input->param('selection_type');
# variable information for DataTables (id)
my $sEcho = $input->param('sEcho');
my %dt_params = dt_get_params($input);
foreach (grep {$_ =~ /^mDataProp/} keys %dt_params) {
$dt_params{$_} =~ s/^dt_//;
}
my $results;
# If the user filled a term, maybe it's a cardnumber.
# This cannot be the case if a first letter is given.
if ( $searchmember
and not $firstletter
and $searchfieldstype
and $searchfieldstype eq 'standard' )
{
my $member = Koha::Patrons->find( { cardnumber => $searchmember } );
$results = {
iTotalRecords => 1,
iTotalDisplayRecords => 1,
patrons => [ $member->unblessed ],
} if $member;
}
# Perform the patrons search
$results = C4::Utils::DataTables::Members::search(
{
searchmember => $searchmember,
firstletter => $firstletter,
categorycode => $categorycode,
branchcode => $branchcode,
searchtype => $searchtype,
searchfieldstype => $searchfieldstype,
dt_params => \%dt_params,
}
) unless $results;
# It is not recommanded to use the has_permission param if you use the pagination
# The filter is done AFTER requested the data
if ($has_permission) {
my ( $permission, $subpermission ) = split /\./, $has_permission;
my @patrons_with_permission;
for my $patron ( @{ $results->{patrons} } ) {
my $perms = haspermission( $patron->{userid} );
if ( $perms->{superlibrarian} == 1
or $perms->{$permission} == 1 )
{
push @patrons_with_permission, $patron;
next;
}
if ($subpermission) {
my $subperms = get_user_subpermissions( $patron->{userid} );
push @patrons_with_permission, $patron
if $subperms->{$permission}->{$subpermission};
}
}
$results->{patrons} = \@patrons_with_permission;
$results->{iTotalDisplayRecords} = scalar( @patrons_with_permission );
}
$template->param(
sEcho => $sEcho,
iTotalRecords => $results->{iTotalRecords},
iTotalDisplayRecords => $results->{iTotalDisplayRecords},
aaData => $results->{patrons},
selection_type => $selection_type,
);
output_with_http_headers $input, $cookie, $template->output, 'json';
__END__
=head1 NAME
search - a search script for finding patrons
=head1 SYNOPSIS
This script provides a service for template for patron search using DataTables
=head2 Performing a search
Call this script from a DataTables table my $searchmember = $input->param('searchmember');
All following params are optional:
searchmember => the search terms
firstletter => search patrons with surname begins with this pattern (currently only used for 1 letter)
categorycode and branchcode => search patrons belong to a given categorycode or a branchcode
searchtype: can be 'contain' or 'start_with'
searchfieldstype: Can be 'standard', 'email', 'borrowernumber', 'userid', 'phone' or 'address'
=cut
=back
=head1 LICENSE
Copyright 2013 BibLibre
This file is part of Koha.
Koha is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
Koha is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with Koha; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.