Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/acqui/booksellers.pl
Paul Poulain c0ecd7df4f Bug 6072: fixing permission inconsistencies MT5306 
In large libraries, some librarian may have permission only
to recieve shipments This patch fixes some permission :
* booksellers page = accessible to anyone that has at least 1 acq permission
* parcels = accessible to anyone with order_recieve
* supplier detail = accessible to anyone that has at least 1 acq permission,
  but modifying accessible only if vendor_manage

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-08 13:10:12 +12:00

150 lines
4.1 KiB
Perl
Executable file
Raw Blame History

#!/usr/bin/perl
#script to show suppliers and orders
# Copyright 2000-2002 Katipo Communications
# Copyright 2008-2009 BibLibre SARL
# Copyright 2010 PTFS Europe
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
=head1 NAME
booksellers.pl
=head1 DESCRIPTION
this script displays the list of suppliers & baskets like C<$supplier> given on input arg.
thus, this page brings differents features like to display supplier's details,
to add an order for a specific supplier or to just add a new supplier.
=head1 CGI PARAMETERS
=over 4
=item supplier
C<$supplier> is the string with which we search for a supplier
=back
=item id or supplierid
The id of the supplier whose baskets we will display
=back
=cut
use strict;
use warnings;
use C4::Auth;
use C4::Biblio;
use C4::Output;
use CGI;
use C4::Dates qw/format_date/;
use C4::Bookseller qw/ GetBookSellerFromId GetBookSeller /;
use C4::Members qw/GetMember/;
my $query = CGI->new;
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
{ template_name => 'acqui/booksellers.tmpl',
query => $query,
type => 'intranet',
authnotrequired => 0,
flagsrequired => { acquisition => '*' },
debug => 1,
}
);
#parameters
my $supplier = $query->param('supplier');
my $id = $query->param('id') || $query->param('supplierid');
my @suppliers;
if ($id) {
push @suppliers, GetBookSellerFromId($id);
} else {
@suppliers = GetBookSeller($supplier);
}
my $supplier_count = @suppliers;
if ( $supplier_count == 1 ) {
$template->param(
supplier_name => $suppliers[0]->{'name'},
id => $suppliers[0]->{'id'}
);
}
my $uid;
if ($loggedinuser) {
$uid = GetMember( borrowernumber => $loggedinuser )->{userid};
}
#build result page
my $loop_suppliers = [];
for my $vendor (@suppliers) {
my $baskets = get_vendors_baskets( $vendor->{id} );
my $loop_basket = [];
for my $basket ( @{$baskets} ) {
if (( $basket->{authorisedby}
&& $basket->{authorisedby} eq $loggedinuser
)
|| haspermission( $uid, { flagsrequired => { acquisition => q{*} } } )
) {
for my $date_field (qw( creationdate closedate)) {
if ( $basket->{$date_field} ) {
$basket->{$date_field} =
format_date( $basket->{$date_field} );
}
}
push @{$loop_basket}, $basket;
}
}
push @{$loop_suppliers},
{ loop_basket => $loop_basket,
supplierid => $vendor->{id},
name => $vendor->{name},
active => $vendor->{active},
};
}
$template->param(
loop_suppliers => $loop_suppliers,
supplier => ( $id || $supplier ),
count => $supplier_count,
);
output_html_with_http_headers $query, $cookie, $template->output;
sub get_vendors_baskets {
my $supplier_id = shift;
my $dbh = C4::Context->dbh;
my $sql = <<'ENDSQL';
select aqbasket.*, count(*) as total, borrowers.firstname, borrowers.surname
from aqbasket left join aqorders on aqorders.basketno = aqbasket.basketno
left join borrowers on aqbasket.authorisedby = borrowers.borrowernumber
where booksellerid = ?
AND ( aqorders.quantity > aqorders.quantityreceived OR quantityreceived IS NULL)
AND datecancellationprinted IS NULL
group by basketno
ENDSQL
return $dbh->selectall_arrayref( $sql, { Slice => {} }, $supplier_id );
}
View git blame Copy permalink