Koha/svc/checkouts
Alex Arnaud eb5fca30aa Bug 15289 - borrowers permission allows to see patron's loans
Test plan:

 - log with a user that have "borrowers" permission but not "Remaining circulation permissions"
 - go to a borrower's detail page (who has at least a loan) and click on "show checkouts"
 - check that you see loan(s) and that you can't renew and checkin

 - Do the same with a borrower that have "Remaining circulation permissions"
 - check that you see loan(s) and that you can renew and checkin

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2015-12-30 02:51:50 +00:00

232 lines
7.7 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2014 ByWater Solutions
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
use strict;
use warnings;
use CGI;
use JSON qw(to_json);
use C4::Auth qw(check_cookie_auth haspermission get_session);
use C4::Biblio qw(GetMarcBiblio GetFrameworkCode GetRecordValue );
use C4::Circulation qw(GetIssuingCharges CanBookBeRenewed GetRenewCount GetSoonestRenewDate);
use C4::Koha qw(GetAuthorisedValueByCode);
use C4::Overdues qw(GetFine);
use C4::Context;
use Koha::DateUtils;
my $input = new CGI;
my ( $auth_status, $sessionID ) =
check_cookie_auth( $input->cookie('CGISESSID'));
my $session = get_session($sessionID);
my $userid = $session->param('id');
unless (haspermission($userid, { circulate => 'circulate_remaining_permissions' })
|| haspermission($userid, { borrowers => '*' })) {
exit 0;
}
my @sort_columns = qw/date_due title itype issuedate branchcode itemcallnumber/;
my @borrowernumber = $input->param('borrowernumber');
my $offset = $input->param('iDisplayStart');
my $results_per_page = $input->param('iDisplayLength') || -1;
my $sorting_column = $input->param('iSortCol_0') || q{};
$sorting_column = ( $sorting_column && $sort_columns[$sorting_column] ) ? $sort_columns[$sorting_column] : 'issuedate';
my $sorting_direction = $input->param('sSortDir_0') || q{};
$sorting_direction = $sorting_direction eq 'asc' ? 'asc' : 'desc';
$results_per_page = undef if ( $results_per_page == -1 );
binmode STDOUT, ":encoding(UTF-8)";
print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
my @parameters;
my $sql = '
SELECT
issuedate,
date_due,
date_due < now() as date_due_overdue,
issues.timestamp,
onsite_checkout,
biblionumber,
biblio.title,
author,
itemnumber,
barcode,
itemnotes,
itemnotes_nonpublic,
itemcallnumber,
replacementprice,
issues.branchcode,
branchname,
items.itype,
biblioitems.itemtype,
borrowernumber,
surname,
firstname,
cardnumber,
itemlost,
damaged,
location,
DATEDIFF( issuedate, CURRENT_DATE() ) AS not_issued_today
FROM issues
LEFT JOIN items USING ( itemnumber )
LEFT JOIN biblio USING ( biblionumber )
LEFT JOIN biblioitems USING ( biblionumber )
LEFT JOIN borrowers USING ( borrowernumber )
LEFT JOIN branches ON ( issues.branchcode = branches.branchcode )
WHERE borrowernumber
';
if ( @borrowernumber == 1 ) {
$sql .= '= ?';
}
else {
$sql .= ' IN (' . join( ',', ('?') x @borrowernumber ) . ') ';
}
push( @parameters, @borrowernumber );
$sql .= " ORDER BY $sorting_column $sorting_direction ";
my $dbh = C4::Context->dbh();
my $sth = $dbh->prepare($sql);
$sth->execute(@parameters);
my $item_level_itypes = C4::Context->preference('item-level_itypes');
my @checkouts_today;
my @checkouts_previous;
while ( my $c = $sth->fetchrow_hashref() ) {
my ($charge) = GetIssuingCharges( $c->{itemnumber}, $c->{borrowernumber} );
my $fine = GetFine( $c->{itemnumber}, $c->{borrowernumber} );
my ( $can_renew, $can_renew_error ) =
CanBookBeRenewed( $c->{borrowernumber}, $c->{itemnumber} );
my $can_renew_date =
$can_renew_error && $can_renew_error eq 'too_soon'
? output_pref(
{
dt => GetSoonestRenewDate( $c->{borrowernumber}, $c->{itemnumber} ),
as_due_date => 1
}
)
: undef;
my ( $renewals_count, $renewals_allowed, $renewals_remaining ) =
GetRenewCount( $c->{borrowernumber}, $c->{itemnumber} );
my $itemtype = C4::Koha::getitemtypeinfo( $item_level_itypes ? $c->{itype} : $c->{itemtype} );
my $checkout = {
DT_RowId => $c->{itemnumber} . '-' . $c->{borrowernumber},
title => $c->{title},
author => $c->{author},
barcode => $c->{barcode},
itemtype => $item_level_itypes ? $c->{itype} : $c->{itemtype},
itemtype_description => $itemtype->{translated_description},
location => $c->{location} ? GetAuthorisedValueByCode( 'LOC', $c->{location} ) : q{},
itemnotes => $c->{itemnotes},
itemnotes_nonpublic => $c->{itemnotes_nonpublic},
branchcode => $c->{branchcode},
branchname => $c->{branchname},
itemcallnumber => $c->{itemcallnumber} || q{},
charge => $charge,
fine => $fine,
price => $c->{replacementprice} || q{},
can_renew => $can_renew,
can_renew_error => $can_renew_error,
can_renew_date => $can_renew_date,
itemnumber => $c->{itemnumber},
borrowernumber => $c->{borrowernumber},
biblionumber => $c->{biblionumber},
issuedate => $c->{issuedate},
date_due => $c->{date_due},
date_due_overdue => $c->{date_due_overdue} ? JSON::true : JSON::false,
timestamp => $c->{timestamp},
onsite_checkout => $c->{onsite_checkout},
renewals_count => $renewals_count,
renewals_allowed => $renewals_allowed,
renewals_remaining => $renewals_remaining,
issuedate_formatted => output_pref(
{
dt => dt_from_string( $c->{issuedate} ),
as_due_date => 1
}
),
date_due_formatted => output_pref(
{
dt => dt_from_string( $c->{date_due} ),
as_due_date => 1
}
),
subtitle =>
GetRecordValue( 'subtitle', GetMarcBiblio( $c->{biblionumber} ), GetFrameworkCode( $c->{biblionumber} ) ),
lost => $c->{itemlost} ? GetAuthorisedValueByCode( 'LOST', $c->{itemlost} ) : undef,
damaged => $c->{damaged} ? GetAuthorisedValueByCode( 'DAMAGED', $c->{damaged} ) : undef,
borrower => {
surname => $c->{surname},
firstname => $c->{firstname},
cardnumber => $c->{cardnumber},
},
issued_today => !$c->{not_issued_today},
};
if ( $c->{not_issued_today} ) {
push( @checkouts_previous, $checkout );
}
else {
push( @checkouts_today, $checkout );
}
}
@checkouts_today = sort { $a->{timestamp} cmp $b->{timestamp} } @checkouts_today;
@checkouts_today = reverse(@checkouts_today)
unless ( C4::Context->preference('todaysIssuesDefaultSortOrder') eq 'desc' );
@checkouts_previous = sort { $a->{date_due} cmp $b->{date_due} } @checkouts_previous;
@checkouts_previous = reverse(@checkouts_previous)
if ( C4::Context->preference('previousIssuesDefaultSortOrder') eq 'desc' );
my @checkouts = ( @checkouts_today, @checkouts_previous );
my $i = 1;
map { $_->{sort_order} = $i++ } @checkouts;
my $data;
$data->{'iTotalRecords'} = scalar @checkouts;
$data->{'iTotalDisplayRecords'} = scalar @checkouts;
$data->{'sEcho'} = $input->param('sEcho') || undef;
$data->{'aaData'} = \@checkouts;
print to_json($data);