Koha/opac/opac-review.pl
Marcel de Rooy 177542bf52 Bug 15839: [QA Follow-up] Error checking in opac-review.pl
[1] Adds a check on biblionumber. (Prevents a DBIx error.)
[2] If you have a reviewid, search on that and check results.
    Add an unauthorized error in template.
[3] If you add a new review, check that there is no review yet.
    If so, edit the existing one.
    This supports the added FIXME on a unique constraint.

Note: This script could receive further attention.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested all crud ops with opac-review.pl (incl URL manipulation).

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:31:06 +00:00

107 lines
3.6 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2006 Katipo Communications
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Auth;
use C4::Koha;
use C4::Output;
use C4::Biblio;
use C4::Scrubber;
use C4::Debug;
use Koha::DateUtils;
use Koha::Review;
use Koha::Reviews;
my $query = new CGI;
my $biblionumber = $query->param('biblionumber');
my $review = $query->param('review');
my $reviewid = $query->param('reviewid');
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
{
template_name => "opac-review.tt",
query => $query,
type => "opac",
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
}
);
# FIXME: need to allow user to delete their own comment(s)
my ( $clean, @errors, $savedreview );
my $biblio = GetBiblioData($biblionumber);
if( !$biblio ) {
push @errors, { nobiblio => 1 };
} elsif( $reviewid ) { # edit existing one, check on creator
$savedreview = Koha::Reviews->search({ reviewid => $reviewid, borrowernumber => $borrowernumber })->next;
push @errors, { unauthorized => 1 } if !$savedreview;
} else { # this check prevents adding multiple comments
# FIXME biblionumber, borrowernumber should be a unique key of reviews
$savedreview = Koha::Reviews->search({ biblionumber => $biblionumber, borrowernumber => $borrowernumber })->next;
$review = $savedreview? $savedreview->review: $review;
}
if( !@errors && defined $review ) {
if ($review !~ /\S/) {
push @errors, {empty=>1};
} else {
$clean = C4::Scrubber->new('comment')->scrub($review);
if ($clean !~ /\S/) {
push @errors, {scrubbed_all=>1};
} else {
if ($clean ne $review) {
push @errors, {scrubbed=>$clean};
}
my $js_ok_review = $clean;
$js_ok_review =~ s/"/&quot;/g; # probably redundant w/ TMPL ESCAPE=JS
$template->param(clean_review=>$js_ok_review);
if ($savedreview) {
$savedreview->set(
{
review => $clean,
approved => 0,
datereviewed => dt_from_string
}
)->store;
} else {
$reviewid = Koha::Review->new(
{ biblionumber => $biblionumber,
borrowernumber => $borrowernumber,
review => $clean,
}
)->store->reviewid;
}
unless (@errors){ $template->param(WINDOW_CLOSE=>1); }
}
}
}
(@errors ) and $template->param( ERRORS=>\@errors);
($cgi_debug) and $template->param(cgi_debug=>1 );
$review = $clean;
$review ||= $savedreview->review if $savedreview;
$template->param(
'biblionumber' => $biblionumber,
'borrowernumber' => $borrowernumber,
'review' => $review,
'reviewid' => $reviewid || 0,
'title' => $biblio->{'title'},
);
output_html_with_http_headers $query, $cookie, $template->output;