Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/pos/registers.tt
Martin Renvoize 4356e678f2 Bug 26023: Properly secure the cashup action for libraries 
The libraries summary page for cash management is available for users
wit the 'anonymous_refund' permission to allow them to navigate to
alternate cash registers and search for the prior transaction to refund.

However, currently the cashup option appears, and is not blocked at the
server, for all user who may access the page. It should be blocked for
those users without the 'cashup' permission.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-24 10:12:42 +02:00

209 lines
11 KiB
Text
Raw Blame History

[% USE raw %]
[% USE Asset %]
[% USE Koha %]
[% USE KohaDates %]
[% USE Price %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Cashup</title>
[% INCLUDE 'doc-head-close.inc' %]
</head>
<body id="cashup" class="pos">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'circ-search.inc' %]
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; Point of sale</div>
<div class="main container-fluid">
<div class="row">
<div class="col-sm-10 col-sm-push-2">
<main>
[% IF ( error_registers ) %]
<div id="error_message" class="dialog message">
<p>
You must have at least one cash register associated with the library before you can record payments.
</p>
[% IF ( CAN_user_parameters_manage_cash_registers ) %]
<form action="/cgi-bin/koha/admin/cash_registers.pl" method="get">
<input type="hidden" name="op" value="add_form" />
<button class="new" type="submit"><i class="fa fa-plus"></i> Create a new cash register</button>
</form>
[% END %]
</div>
[% ELSE %]
[% IF ( error_cashup_permission ) %]
<div id="error_message" class="dialog alert">
You do not have permission to perform cashup actions.
</div>
[% END %]
[% IF CAN_user_cash_management_cashup %]
<div id="toolbar" class="btn-toolbar">
<button type="button" class="cashup_all btn btn-default" data-toggle="modal" data-target="#confirmCashupAllModal"><i class="fa fa-money"></i> Cashup all</button>
</div>
[% END %]
<h1>Library transaction details for [% library.branchname | html %]</h1>
<h2>Summary</h2>
<ul>
<li>Total income (cash): <span id="income"></span></li>
<li>Total outgoing (cash): <span id="outgoing"></span></li>
<li>Total bankable: <span id="bankable"></span></li>
</ul>
<table id="registers" class="table_registers">
<thead>
<th>Register name</th>
<th>Register description</th>
<th>Last cashup</th>
<th>Float</th>
<th>Bankable</th>
<th>Income (cash)</th>
<th>Outgoing (cash)</th>
[% IF CAN_user_cash_management_cashup %]
<th>Actions</th>
[% END %]
</thead>
<tbody>
[% SET bankable = 0, ctotal = 0, dtotal = 0, cctotal = 0, cdtotal = 0 %]
[% FOREACH register IN registers %]
<tr>
<td><a href="/cgi-bin/koha/pos/register.pl?registerid=[% register.id | uri %]">[% register.name | html %]</a></td>
<td>[% register.description | html %]</td>
<td>
[%- IF register.last_cashup -%]
[% register.last_cashup.timestamp | $KohaDates with_hours => 1 %] ([% register.last_cashup.amount | $Price %])
[%- ELSE -%]
No last cashup
[%- END -%]
</td>
<td>[% register.starting_float | $Price %]</td>
<td>
[% SET rbankable = ( register.outstanding_accountlines.total( payment_type => 'CASH') * -1 ) %]
[% SET bankable = bankable + rbankable %]
[% rbankable | $Price %]
</td>
<td>
[% SET rctotal = ( register.outstanding_accountlines.credits_total * -1 ) %]
[% SET rcctotal = ( register.outstanding_accountlines.credits_total( payment_type => 'CASH') * -1 ) %]
[% rctotal | $Price %] ([% rcctotal | $Price %])
[% SET ctotal = ctotal + rctotal %]
[% SET cctotal = cctotal + rcctotal %]
</td>
<td>
[% SET rdtotal = ( register.outstanding_accountlines.debits_total * -1 ) %]
[% SET rcdtotal = ( register.outstanding_accountlines.debits_total( payment_type => 'CASH') * -1 ) %]
[% rdtotal | $Price %] ([% rcdtotal | $Price %])
[% SET dtotal = dtotal + rdtotal %]
[% SET cdtotal = cdtotal + rcdtotal %]
</td>
[% IF CAN_user_cash_management_cashup %]
<td>
<button type="button" class="cashup_individual btn btn-default" data-toggle="modal" data-target="#confirmCashupModal" data-register="[% register.description | html %]" data-bankable="[% rbankable | $Price %]" data-float="[% register.starting_float | $Price %]" data-registerid="[% register.id | html %]"><i class="fa fa-money"></i> Record cashup</button>
</td>
[% END %]
</tr>
[% END %]
</tbody>
<tfoot>
<tr>
<td colspan="4" align="right">Totals:</td>
<td>[% bankable | $Price %]</td>
<td>[% ctotal | $Price %] ([% cctotal | $Price %])</td>
<td>[% dtotal | $Price %] ([% cdtotal | $Price %])</td>
[% IF CAN_user_cash_management_cashup %]
<td>
<button type="button" class="cashup_all btn btn-default" data-toggle="modal" data-target="#confirmCashupAllModal"><i class="fa fa-money"></i> Cashup all</button>
</td>
[% END %]
</tr>
</tfoot>
</table>
[% END %]
</main>
</div>
<div class="col-sm-2 col-sm-pull-10">
<aside>
[% INCLUDE 'pos-menu.inc' %]
</aside>
</div>
</div>
<!-- /.row -->
<!-- Confirm cashup modal -->
<div class="modal" id="confirmCashupModal" tabindex="-1" role="dialog" aria-labelledby="confirmCashupLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="closebtn" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="confirmCashupLabel">Confirm cashup of <em><span id="registerc"></span></em></h4>
</div>
<div class="modal-body">
Please confirm that you have removed <span id="cashc"></span> from the cash register and left a float of <span id="floatc"></span>.
</div> <!-- /.modal-body -->
<div class="modal-footer">
<a id="cashup_confirm" href="" class="btn btn-default">Confirm</a>
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
</div> <!-- /.modal-footer -->
</div> <!-- /.modal-content -->
</div> <!-- /.modal-dialog -->
</div> <!-- /#confirmCashupModal -->
<!-- Confirm cashupall modal -->
<div class="modal" id="confirmCashupAllModal" tabindex="-1" role="dialog" aria-labelledby="confirmCashupAllLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="closebtn" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="confirmCashupAllLabel">Confirm cashup of <em>all</em> cash registers</h4>
</div>
<div class="modal-body">
<p>Please confirm that you have recieved [% bankable | $Price %] to cashup.</p>
<ul>
<li>Total income (cash): [% ctotal | $Price %] ([% cctotal | $Price %])</li>
<li>Total outgoing (cash): [% dtotal | $Price %] ([% cdtotal | $Price %])</li>
</ul>
</div> <!-- /.modal-body -->
<div class="modal-footer">
<a id="cashup_all_confirm" href="/cgi-bin/koha/pos/registers.pl?op=cashup" class="btn btn-default">Confirm</a>
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
</div> <!-- /.modal-footer -->
</div> <!-- /.modal-content -->
</div> <!-- /.modal-dialog -->
</div> <!-- /#confirmCashupAllModal -->
[% MACRO jsinclude BLOCK %]
[% INCLUDE 'datatables.inc' %]
<script>
$(document).ready(function () {
[%# js used here as we don't have access to these template variables where we need them #%]
$("#bankable").text('[% bankable | $Price %]');
$("#income").text('[% ctotal | $Price %] ([% cctotal | $Price %])');
$("#outgoing").text('[% dtotal | $Price %] ([% cdtotal | $Price %])');
var registers_table = $("#registers").dataTable($.extend(true, {}, dataTablesDefaults, {
"bFilter": false,
"paginationType": "full"
}));
$("#confirmCashupModal").on("shown.bs.modal", function(e){
var button = $(e.relatedTarget);
var register = button.data('register');
$("#registerc").text(register);
var bankable = button.data('bankable');
$("#cashc").text(bankable);
var rfloat = button.data('float');
$('#floatc').text(rfloat);
var rid = button.data('registerid');
$('#cashup_confirm').attr("href", '/cgi-bin/koha/pos/registers.pl?op=cashup&registerid='+rid);
});
});
</script>
[% END %]
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink