951b857a97
This patch filters the passed parameters in the .pl, rather than doing it in the template. As per comment 16 (https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21460#c16) Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
365 lines
12 KiB
Perl
Executable file
365 lines
12 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# Copyright 2013 PTFS-Europe Ltd and Mark Gavillet
|
|
# Copyright 2014 PTFS-Europe Ltd
|
|
#
|
|
# This file is part of Koha.
|
|
# Koha is free software; you can redistribute it and/or modify it under the
|
|
# terms of the GNU General Public License as published by the Free Software
|
|
# Foundation; either version 3 of the License, or (at your option) any later
|
|
# version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along
|
|
# with Koha; if not, write to the Free Software Foundation, Inc.,
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
use Modern::Perl;
|
|
|
|
use CGI;
|
|
|
|
use C4::Auth;
|
|
use C4::Output;
|
|
use Koha::AuthorisedValues;
|
|
use Koha::Illcomment;
|
|
use Koha::Illrequests;
|
|
use Koha::Libraries;
|
|
use Koha::Token;
|
|
|
|
use Try::Tiny;
|
|
use URI::Escape;
|
|
|
|
our $cgi = CGI->new;
|
|
my $illRequests = Koha::Illrequests->new;
|
|
|
|
# Grab all passed data
|
|
# 'our' since Plack changes the scoping
|
|
# of 'my'
|
|
our $params = $cgi->Vars();
|
|
|
|
# Leave immediately if ILLModule is disabled
|
|
unless ( C4::Context->preference('ILLModule') ) {
|
|
print $cgi->redirect("/cgi-bin/koha/errors/404.pl");
|
|
exit;
|
|
}
|
|
|
|
my $op = $params->{method} || 'illlist';
|
|
|
|
my ( $template, $patronnumber, $cookie ) = get_template_and_user( {
|
|
template_name => 'ill/ill-requests.tt',
|
|
query => $cgi,
|
|
type => 'intranet',
|
|
flagsrequired => { ill => '*' },
|
|
} );
|
|
|
|
# Are we able to actually work?
|
|
my $cfg = Koha::Illrequest::Config->new;
|
|
my $backends = $cfg->available_backends;
|
|
my $has_branch = $cfg->has_branch;
|
|
my $backends_available = ( scalar @{$backends} > 0 );
|
|
$template->param(
|
|
backends_available => $backends_available,
|
|
has_branch => $has_branch
|
|
);
|
|
|
|
if ( $backends_available ) {
|
|
if ( $op eq 'illview' ) {
|
|
# View the details of an ILL
|
|
my $request = Koha::Illrequests->find($params->{illrequest_id});
|
|
|
|
$template->param(
|
|
request => $request,
|
|
csrf_token => Koha::Token->new->generate_csrf({
|
|
session_id => scalar $cgi->cookie('CGISESSID'),
|
|
}),
|
|
( $params->{error} ? ( error => $params->{error} ) : () ),
|
|
);
|
|
|
|
} elsif ( $op eq 'create' ) {
|
|
# We're in the process of creating a request
|
|
my $request = Koha::Illrequest->new->load_backend( $params->{backend} );
|
|
my $backend_result = $request->backend_create($params);
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $request
|
|
);
|
|
handle_commit_maybe($backend_result, $request);
|
|
|
|
} elsif ( $op eq 'migrate' ) {
|
|
# We're in the process of migrating a request
|
|
my $request = Koha::Illrequests->find($params->{illrequest_id});
|
|
my $backend_result;
|
|
if ( $params->{backend} ) {
|
|
my $new_request = Koha::Illrequest->new->load_backend( $params->{backend} );
|
|
$backend_result = $new_request->backend_migrate($params);
|
|
if ($backend_result) {
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $new_request
|
|
);
|
|
$request = $new_request;
|
|
} else {
|
|
# Backend failure, redirect back to illview
|
|
print $cgi->redirect( '/cgi-bin/koha/ill/ill-requests.pl'
|
|
. '?method=illview'
|
|
. '&illrequest_id='
|
|
. $request->id
|
|
. '&error=migrate_target' );
|
|
exit;
|
|
}
|
|
}
|
|
else {
|
|
$backend_result = $request->backend_migrate($params);
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $request
|
|
);
|
|
}
|
|
handle_commit_maybe( $backend_result, $request );
|
|
|
|
} elsif ( $op eq 'confirm' ) {
|
|
# Backend 'confirm' method
|
|
# confirm requires a specific request, so first, find it.
|
|
my $request = Koha::Illrequests->find($params->{illrequest_id});
|
|
my $backend_result = $request->backend_confirm($params);
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $request,
|
|
);
|
|
|
|
# handle special commit rules & update type
|
|
handle_commit_maybe($backend_result, $request);
|
|
|
|
} elsif ( $op eq 'cancel' ) {
|
|
# Backend 'cancel' method
|
|
# cancel requires a specific request, so first, find it.
|
|
my $request = Koha::Illrequests->find($params->{illrequest_id});
|
|
my $backend_result = $request->backend_cancel($params);
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $request,
|
|
);
|
|
|
|
# handle special commit rules & update type
|
|
handle_commit_maybe($backend_result, $request);
|
|
|
|
} elsif ( $op eq 'edit_action' ) {
|
|
# Handle edits to the Illrequest object.
|
|
# (not the Illrequestattributes)
|
|
# We simulate the API for backend requests for uniformity.
|
|
# So, init:
|
|
my $request = Koha::Illrequests->find($params->{illrequest_id});
|
|
if ( !$params->{stage} ) {
|
|
my $backend_result = {
|
|
error => 0,
|
|
status => '',
|
|
message => '',
|
|
method => 'edit_action',
|
|
stage => 'init',
|
|
next => '',
|
|
value => {}
|
|
};
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $request
|
|
);
|
|
} else {
|
|
# Commit:
|
|
# Save the changes
|
|
$request->borrowernumber($params->{borrowernumber});
|
|
$request->biblio_id($params->{biblio_id});
|
|
$request->branchcode($params->{branchcode});
|
|
$request->price_paid($params->{price_paid});
|
|
$request->notesopac($params->{notesopac});
|
|
$request->notesstaff($params->{notesstaff});
|
|
my $alias = (length $params->{status_alias} > 0) ?
|
|
$params->{status_alias} :
|
|
"-1";
|
|
$request->status_alias($alias);
|
|
$request->store;
|
|
my $backend_result = {
|
|
error => 0,
|
|
status => '',
|
|
message => '',
|
|
method => 'edit_action',
|
|
stage => 'commit',
|
|
next => 'illlist',
|
|
value => {}
|
|
};
|
|
handle_commit_maybe($backend_result, $request);
|
|
}
|
|
|
|
} elsif ( $op eq 'moderate_action' ) {
|
|
# Moderate action is required for an ILL submodule / syspref.
|
|
# Currently still needs to be implemented.
|
|
redirect_to_list();
|
|
|
|
} elsif ( $op eq 'delete_confirm') {
|
|
my $request = Koha::Illrequests->find($params->{illrequest_id});
|
|
|
|
$template->param(
|
|
request => $request
|
|
);
|
|
|
|
} elsif ( $op eq 'delete' ) {
|
|
|
|
# Check if the request is confirmed, if not, redirect
|
|
# to the confirmation view
|
|
if ($params->{confirmed}) {
|
|
# We simply delete the request...
|
|
Koha::Illrequests->find( $params->{illrequest_id} )->delete;
|
|
# ... then return to list view.
|
|
redirect_to_list();
|
|
} else {
|
|
print $cgi->redirect(
|
|
"/cgi-bin/koha/ill/ill-requests.pl?" .
|
|
"method=delete_confirm&illrequest_id=" .
|
|
$params->{illrequest_id});
|
|
exit;
|
|
}
|
|
|
|
} elsif ( $op eq 'mark_completed' ) {
|
|
my $request = Koha::Illrequests->find($params->{illrequest_id});
|
|
my $backend_result = $request->mark_completed($params);
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $request,
|
|
);
|
|
|
|
# handle special commit rules & update type
|
|
handle_commit_maybe($backend_result, $request);
|
|
|
|
} elsif ( $op eq 'generic_confirm' ) {
|
|
my $backend_result;
|
|
my $request;
|
|
try {
|
|
$request = Koha::Illrequests->find($params->{illrequest_id});
|
|
$params->{current_branchcode} = C4::Context->mybranch;
|
|
$backend_result = $request->generic_confirm($params);
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $request,
|
|
);
|
|
$template->param( error => $params->{error} )
|
|
if $params->{error};
|
|
}
|
|
catch {
|
|
my $error;
|
|
if ( ref($_) eq 'Koha::Exceptions::Ill::NoTargetEmail' ) {
|
|
$error = 'no_target_email';
|
|
}
|
|
elsif ( ref($_) eq 'Koha::Exceptions::Ill::NoLibraryEmail' ) {
|
|
$error = 'no_library_email';
|
|
}
|
|
else {
|
|
$error = 'unknown_error';
|
|
}
|
|
print $cgi->redirect(
|
|
"/cgi-bin/koha/ill/ill-requests.pl?" .
|
|
"method=generic_confirm&illrequest_id=" .
|
|
$params->{illrequest_id} .
|
|
"&error=$error" );
|
|
exit;
|
|
};
|
|
|
|
# handle special commit rules & update type
|
|
handle_commit_maybe($backend_result, $request);
|
|
} elsif ( $op eq 'illlist') {
|
|
|
|
# If we receive a pre-filter, make it available to the template
|
|
my $possible_filters = ['borrowernumber'];
|
|
my $active_filters = {};
|
|
foreach my $filter(@{$possible_filters}) {
|
|
if ($params->{$filter}) {
|
|
# We shouldn't need to escape $filter here since we're using
|
|
# a whitelist, but just to be sure...
|
|
$active_filters->{uri_escape_utf8($filter)} =
|
|
uri_escape_utf8(scalar $params->{$filter});
|
|
}
|
|
}
|
|
if (keys %{$active_filters}) {
|
|
my @tpl_arr;
|
|
foreach my $key (keys %{$active_filters}) {
|
|
push @tpl_arr, $key . "=" . $active_filters->{$key};
|
|
}
|
|
}
|
|
$template->param(
|
|
prefilters => join("&", @tpl_arr)
|
|
);
|
|
} elsif ( $op eq "save_comment" ) {
|
|
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
|
|
session_id => scalar $cgi->cookie('CGISESSID'),
|
|
token => scalar $cgi->param('csrf_token'),
|
|
});
|
|
my $comment = Koha::Illcomment->new({
|
|
illrequest_id => scalar $params->{illrequest_id},
|
|
borrowernumber => $patronnumber,
|
|
comment => scalar $params->{comment},
|
|
});
|
|
$comment->store();
|
|
# Redirect to view the whole request
|
|
print $cgi->redirect("/cgi-bin/koha/ill/ill-requests.pl?method=illview&illrequest_id=".
|
|
scalar $params->{illrequest_id}
|
|
);
|
|
exit;
|
|
|
|
} else {
|
|
my $request = Koha::Illrequests->find($params->{illrequest_id});
|
|
my $backend_result = $request->custom_capability($op, $params);
|
|
$template->param(
|
|
whole => $backend_result,
|
|
request => $request,
|
|
);
|
|
|
|
# handle special commit rules & update type
|
|
handle_commit_maybe($backend_result, $request);
|
|
}
|
|
}
|
|
|
|
$template->param(
|
|
backends => $backends,
|
|
types => [ "Book", "Article", "Journal" ],
|
|
query_type => $op,
|
|
branches => scalar Koha::Libraries->search,
|
|
);
|
|
|
|
output_html_with_http_headers( $cgi, $cookie, $template->output );
|
|
|
|
sub handle_commit_maybe {
|
|
my ( $backend_result, $request ) = @_;
|
|
|
|
# We need to special case 'commit'
|
|
if ( $backend_result->{stage} eq 'commit' ) {
|
|
if ( $backend_result->{next} eq 'illview' ) {
|
|
|
|
# Redirect to a view of the newly created request
|
|
print $cgi->redirect( '/cgi-bin/koha/ill/ill-requests.pl'
|
|
. '?method=illview'
|
|
. '&illrequest_id='
|
|
. $request->id );
|
|
exit;
|
|
}
|
|
elsif ( $backend_result->{next} eq 'emigrate' ) {
|
|
|
|
# Redirect to a view of the newly created request
|
|
print $cgi->redirect( '/cgi-bin/koha/ill/ill-requests.pl'
|
|
. '?method=migrate'
|
|
. '&stage=emigrate'
|
|
. '&illrequest_id='
|
|
. $request->id );
|
|
exit;
|
|
}
|
|
else {
|
|
# Redirect to a requests list view
|
|
redirect_to_list();
|
|
}
|
|
}
|
|
}
|
|
|
|
sub redirect_to_list {
|
|
print $cgi->redirect('/cgi-bin/koha/ill/ill-requests.pl');
|
|
exit;
|
|
}
|