Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/reserve/request.tt
Jonathan Druart dcd1f5d48c Bug 13618: Add html filters to all the variables 
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00

927 lines
43 KiB
Text
Raw Blame History

[% USE raw %]
[% USE Asset %]
[% USE Koha %]
[% USE KohaDates %]
[% USE Branches %]
[% USE Categories %]
[% USE ItemTypes %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
[% UNLESS ( multi_hold ) %]
<title>Koha &rsaquo; Circulation &rsaquo; Holds &rsaquo; Place a hold on [% title | html %]</title>
[% ELSE %]
<title>Koha &rsaquo; Circulation &rsaquo; Holds &rsaquo; Confirm holds</title>
[% END %]
[% INCLUDE 'doc-head-close.inc' %]
[% Asset.css("css/datatables.css") | $raw %]
</head>
<body id="circ_request" class="catalog">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'circ-search.inc' %]
[% UNLESS ( multi_hold ) %]
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/catalogue/search.pl">Catalog</a> &rsaquo; <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblionumber | html %]">[% title | html %]</a> &rsaquo; Place a hold on [% title | html %]</div>
[% ELSE %]
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/catalogue/search.pl">Catalog</a> &rsaquo; Confirm holds</div>
[% END %]
<div id="doc3" class="yui-t2">
<div id="bd">
<div id="yui-main">
<div class="yui-b">
[% IF ( noitems ) %]
<div class="dialog alert">
[%IF (multi_hold) %]
<strong>Cannot place hold:</strong> one or more records without items attached.
[% ELSE %]
<strong>Cannot place hold:</strong> this record has no items attached.
[% END %]
</div>
[% END %]
[% IF ( messagetransfert ) %]
<div class="dialog message">
<h2>Hold found for ([% nextreservtitle | html %]), please transfer</h2>
<p>Hold placed by : <strong> [% nextreservsurname | html %] [% nextreservfirstname | html %]</strong> at : <strong> [% branchname | html %] </strong>, Please transfer this item.
</p>
<form name="cancelReservewithtransfert" action="branchreserves.pl" method="post">
<input type="submit" class="button" />
</form>
</div>
[% END %]
[% UNLESS ( multi_hold ) %]
<h1>Place a hold on [% INCLUDE 'biblio-default-view.inc' %][% title | html %]</a></h1>
[% ELSE %]
<h1>Confirm holds</h1>
[% END %]
[% UNLESS patron OR patron.borrowernumber OR noitems %]
[% IF ( messageborrower ) %]
<div class="dialog alert"><h3>Patron not found</h3><p>No patron with this name, please, try another</p> </div>
[% END %]
<form id="holds_patronsearch" action="request.pl?biblionumber=[% biblionumber | html %]" method="post">
<fieldset id="circ_holds_selectborrower" class="brief">
[% UNLESS borrowers %]
<label for="patron">Patron: </label>
<div class="hint">Enter patron card number or partial name:</div>
<input type="text" size="40" id="patron" class="focus" name="findborrower" />
<input type="submit" value="Search" />
[% IF multi_hold %]
<input type="hidden" name="multi_hold" value="[% multi_hold | html %]"/>
<input type="hidden" name="biblionumbers" value="[% biblionumbers | html %]"/>
[% ELSE %]
<input type="hidden" name="biblionumber" value="[% biblionumber | html %]" />
[% END %]
</fieldset>
[% ELSE %]
[% INCLUDE 'circ-patron-search-results.inc' destination = "holds" %]
</fieldset>
[% END %]
[% IF ( multi_hold ) %]
<input type="hidden" name="multi_hold" value="[% multi_hold | html %]"/>
<input type="hidden" name="biblionumbers" value="[% biblionumbers | html %]"/>
[% END %]
</form>
[% ELSIF NOT noitems %]
[% IF ( exceeded_maxreserves || exceeded_holds_per_record || alreadyreserved || none_available || alreadypossession || ageRestricted ) %]
<div class="dialog alert">
[% UNLESS ( multi_hold ) %]
<h3>Cannot place hold</h3>
<ul>
[% IF ( exceeded_maxreserves ) %]
<li><strong>Too many holds: </strong> <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %] </a> can only place a maximum of [% maxreserves | html %] total holds.</li>
[% ELSIF ( exceeded_holds_per_record ) %]
<li><strong>Too many holds for this record: </strong> <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %] </a> can only place a maximum of [% max_holds_for_record | html %] hold(s) on this record.</li>
[% ELSIF ( alreadypossession ) %]
<li> <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %]</a> <strong>is already in possession</strong> of one item.</li>
[% ELSIF ( alreadyreserved ) %]
<li><a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %]</a> <strong>already has a hold</strong> on this item.</li>
[% ELSIF ( ageRestricted ) %]
<li><strong>Age restricted</strong></li>
[% ELSIF ( none_available ) %]
<li> <strong>No items are available</strong> to be placed on hold.</li>
[% ELSIF ( maxreserves ) %]
<li><strong>Too many holds: </strong> <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %] </a> has too many holds.</li>
[% END %]
</ul>
[% ELSE %]
<h3>Cannot place hold on some items</h3>
[% IF ( exceeded_maxreserves ) %]
<li><strong>Too many holds: </strong> <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %] </a> can place [% new_reserves_allowed | html %] of the requested [% new_reserves_count | html %] holds for a maximum of [% maxreserves | html %] total holds.</li>
[% ELSIF ( exceeded_holds_per_record ) %]
[% FOREACH biblioloo IN biblioloop %]
[% IF (biblioloo.tooManyHoldsForThisRecord) %]
<li><strong>Too many holds for <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblioloo.biblionumber | html %]"> [% biblioloo.title | html %]</a>: </strong> <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %] </a> can only place a maximum of [% max_holds_for_record | html %] hold(s) on this record.</li>
[% END %]
[% END %]
[% END %]
[% END %]
</div>
[% END %]
[% IF ( expiry || diffbranch || patron.is_debarred || ( amount_outstanding && Koha.Preference('maxoutstanding') && amount_outstanding > Koha.Preference('maxoutstanding') ) ) %]
<div class="dialog message"><ul>
[% IF ( expiry ) %]
<li><a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %]</a>: <strong>Account has expired</strong></li>
[% END %]
[% IF patron.is_debarred %]
<li><a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]#reldebarments">[% patron.firstname | html %] [% patron.surname | html %]</a>: <strong>Patron has restrictions</strong></li>
[% END %]
[% IF amount_outstanding && Koha.Preference('maxoutstanding') && amount_outstanding > Koha.Preference('maxoutstanding') %]
<li><a href="/cgi-bin/koha/members/pay.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %]</a>: <strong>Patron has outstanding fines: [% amount_outstanding | format('%.2f') %]</strong></li>
[% END %]
[% IF ( diffbranch ) %]
<li> <strong>Pickup library is different. </strong>Patron: <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %]</a> Patron's home library: ([% Branches.GetName(patron.branchcode) | html %] / [% patron.branchcode | html %] )</li>
[% END %]
</ul></div>
[% END %]
[% IF ( messageborrower ) %]
<div class="dialog alert"><h3>Patron not found:</h3> <p>Name or barcode not found. Please try an other </p></div>
[% END %]
<fieldset class="rows left">
<legend>Hold details</legend>
[% UNLESS ( multi_hold ) %]
<form action="placerequest.pl" method="post" onsubmit="return check();" name="form" id="hold-request-form">
[% ELSE %]
<form action="placerequest.pl" method="post" onsubmit="return checkMultiHold();" name="form">
[% END %]
<input type="hidden" name="borrowernumber" value="[% patron.borrowernumber | html %]" />
<input type="hidden" name="type" value="str8" />
[% IF ( multi_hold ) %]
<input type="hidden" name="multi_hold" value="[% multi_hold | html %]"/>
<input type="hidden" name="biblionumbers" id="multi_hold_bibs" value="[% biblionumbers | html %]"/>
<input type="hidden" name="bad_bibs" id="bad_bibs" value=""/>
<input type="hidden" name="request" value="any"/>
[% FOREACH biblioloo IN biblioloop %]
<input type="hidden" name="title_[% biblioloo.biblionumber | html %]" value="[% biblioloo.title | html %]"/>
<input type="hidden" name="rank_[% biblioloo.biblionumber | html %]" value="[% biblioloo.rank | html %]"/>
[% END %]
[% ELSE %]
<input type="hidden" name="biblionumber" value="[% biblionumber | html %]" />
<input type="hidden" name="title" value="[% title | html %]" />
<input type="hidden" name="rank-request" value="[% fixedRank | html %]" />
[% END %]
<ol> <li><span class="label">Patron:</span>
[% IF ( patron.borrowernumber ) %]
<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %] ([% patron.cardnumber | html %])</a>
[% ELSE %]
Not defined yet
[% END %]
</li>
[% UNLESS ( multi_hold ) %]
<li>
<span class="label">Estimated priority:</span>
<strong>[% fixedRank | html %]</strong>
</li>
[% END %]
<li>
<label for="holdnotes">Notes:</label>
<textarea id="holdnotes" name="notes" cols="30" rows="1"></textarea>
</li>
<li>
<label for="pickup">Pickup at:</label>
<select name="pickup" size="1" id="pickup">
[% PROCESS options_for_libraries libraries => Branches.all() %]
</select>
</li>
[% UNLESS ( multi_hold ) %]
[% IF Koha.Preference('AllowHoldItemTypeSelection') %]
<li>
<label for="itemtype">Request specific item type:</label>
<select name="itemtype" size="1" id="itemtype">
<option value="">Any item type</option>
[%- FOREACH itemtype IN available_itemtypes %]
<option value="[% itemtype | html %]">[% ItemTypes.GetDescription( itemtype ) | html %]</option>
[%- END %]
</select>
</li>
[% END %]
[% END %]
[% IF ( reserve_in_future ) %]
<li>
<label for="from">Hold starts on date:</label>
<input name="reserve_date" id="from" size="10" class="datepickerfrom">
<a href="#" id="clear-date-from" class="clear-date">Clear date</a>
</li>
[% END %]
<li>
<label for="to">Hold expires on date:</label>
<input name="expiration_date" id="to" size="10" class="datepickerto" />
<a href="#" id="clear-date-to" class="clear-date">Clear date</a>
</li>
[% UNLESS ( multi_hold ) %]
<li> <label for="requestany">Hold next available item </label>
[% IF force_hold_level == 'item' %]
<input type="checkbox" id="requestany" name="request" disabled="true" />
[% ELSIF force_hold_level == 'record' %]
<input type="checkbox" id="requestany" checked="checked" value="Any" disabled="true"/>
<input type="hidden" name="request" value="Any"/>
[% ELSE %]
<input type="checkbox" id="requestany" name="request" checked="checked" value="Any" />
[% END %]
<input type="hidden" name="biblioitem" value="[% biblioitemnumber | html %]" />
<input type="hidden" name="alreadyreserved" value="[% alreadyreserved | html %]" />
</li>
[% IF remaining_holds_for_record > 1 %]
<li>
<label for="holds_to_place_count">Holds to place (count)</label>
<input type="number" name="holds_to_place_count" min="1" max="[% remaining_holds_for_record | html %]" step="1" value="1" />
</li>
[% ELSE %]
<input type="hidden" name="holds_to_place_count" value="1" />
[% END %]
[% END %]
</ol>
[% UNLESS ( multi_hold ) %]
<fieldset class="action">
[% IF ( patron.borrowernumber ) %]
[% IF ( override_required ) %]
<input type="submit" class="warning" value="Place hold" />
[% ELSIF ( none_available ) %]
<input type="submit" disabled="disabled" value="Place hold" />
[% ELSE %]
<input type="submit" value="Place hold" />
[% END %]
[% END %]
</fieldset>
[% FOREACH bibitemloo IN bibitemloop %]
<ol>
[% UNLESS ( item_level_itypes ) %]
<li><span class="label">Item type:</span> [% bibitemloo.description | html %]</li>
[% END %]
[% IF ( bibitemloo.publicationyear ) %]<li><span class="label">Publication year:</span> [% bibitemloo.publicationyear | html %]</li>[% END %]
</ol>
<h2 style="padding: 0 1em;">
Place a hold on a specific item
[% IF bibitemloo.force_hold_level == 'item' %]
<span class="error"><i>(Required)</i></span>
[% END %]
</h2>
<table id="requestspecific">
<thead>
<tr>
<th>Hold</th>
[% IF ( item_level_itypes ) %]
<th>Item type</th>
[% END %]
<th>Barcode</th>
<th>Home library</th>
<th>Last location</th>
<th>Call no.</th>
<th>Copy number</th>
[% IF itemdata_enumchron %]
<th>Vol no.</th>
[% END %]
<th class="title-string">Information</th>
</tr>
</thead>
<tbody>
[% SET selected = 0 %]
[% FOREACH itemloo IN bibitemloo.itemloop %]
[% UNLESS ( itemloo.hide ) %]
<tr class="[% itemloo.backgroundcolor | html %]">
<td>
[% IF itemloo.force_hold_level == 'record' # Patron has placed a record level hold previously for this record %]
<span class="error">
<i class="fa fa-times fa-lg" alt="Cannot be put on hold"></i>
Hold must be record level
</span>
[% ELSIF ( itemloo.available ) %]
<input type="radio" name="checkitem" value="[% itemloo.itemnumber | html %]" />
[% ELSIF ( itemloo.override ) %]
<input type="radio" name="checkitem" class="needsoverride" value="[% itemloo.itemnumber | html %]" />
<i class="fa fa-exclamation-triangle fa-lg" style="color:gold" alt="Requires override of hold policy"/></i>
[% ELSE %]
<span class="error">
<i class="fa fa-times fa-lg" alt="Cannot be put on hold"></i>
[% IF itemloo.not_holdable %]
[% IF itemloo.not_holdable == 'damaged' %]
Item damaged
[% ELSIF itemloo.not_holdable == 'ageRestricted' %]
Age restricted
[% ELSIF itemloo.not_holdable == 'tooManyHoldsForThisRecord' %]
Exceeded max holds per record
[% ELSIF itemloo.not_holdable == 'tooManyReserves' %]
Too many holds
[% ELSIF itemloo.not_holdable == 'notReservable' %]
Not holdable
[% ELSIF itemloo.not_holdable == 'cannotReserveFromOtherBranches' %]
Patron is from different library
[% ELSIF itemloo.not_holdable == 'itemAlreadyOnHold' %]
Patron already has hold for this item
[% ELSE %]
[% itemloo.not_holdable | html %]
[% END %]
[% END %]
</span>
[% END %]
</td>
[% IF ( item_level_itypes ) %]
<td>
[% UNLESS ( noItemTypeImages ) %]
[% IF ( itemloo.imageurl ) %]<img src="[% itemloo.imageurl | html %]" alt="" /> <br /> [% END %]
[% END %]
[% itemloo.itypename | html %]
</td>
[% END %]
<td>
[% itemloo.barcode | html %]
</td>
<td>
[% Branches.GetName( itemloo.homebranch ) | html %]
</td>
<td>
[% Branches.GetName( itemloo.holdingbranch ) | html %]
</td>
<td>
[% itemloo.itemcallnumber | html %]
</td>
<td>
[% IF ( itemloo.copynumber ) %][% itemloo.copynumber | html %][% ELSE %]&nbsp;[% END %]
</td>
[% IF itemdata_enumchron %]
<td>
[% itemloo.enumchron | html %]
</td>
[% END %]
<td>
[% IF ( itemloo.onloan ) %]
<span title="[% itemloo.date_due | html %]" class="checkedout">Due [% itemloo.date_due | $KohaDates as_due_date => 1 | html %]</span>
[% ELSE %]
<span title="0000-00-00">
[% IF ( itemloo.transfertwhen ) %]
In transit from [% Branches.GetName( itemloo.transfertfrom ) | html %],
to [% Branches.GetName( itemloo.transfertto ) | html %], since [% itemloo.transfertwhen | html %]
[% END %]
</span>
[% END %]
[% IF ( itemloo.message ) %]
Unavailable (lost or missing)
[% END %]
[% IF ( itemloo.notforloan ) %]
Not for loan ([% itemloo.notforloanvalue | html %])
[% END %]
[% IF ( itemloo.reservedate ) %]
[% IF ( itemloo.nocancel ) %]
Can't be cancelled when item is in transit
[% ELSE %]
[% IF ( itemloo.waitingdate ) %]Waiting[% ELSE %]On hold[% END %]
[% IF ( itemloo.canreservefromotherbranches ) %]for <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% itemloo.ReservedFor.borrowernumber | html %]">[% itemloo.ReservedFor.firstname | html %] [% itemloo.ReservedFor.surname | html %]</a>[% END %] [% IF ( itemloo.waitingdate ) %]at[% ELSE %]expected at[% END %] [% Branches.GetName( itemloo.ExpectedAtLibrary ) | html %]
since
[% IF ( itemloo.waitingdate ) %][% itemloo.waitingdate | $KohaDates %][% ELSE %][% IF ( itemloo.reservedate ) %][% itemloo.reservedate | html %][% END %][% END %]. <a class="info" href="modrequest.pl?CancelBiblioNumber=[% itemloo.biblionumber | html %]&amp;CancelBorrowerNumber=[% itemloo.ReservedFor.borrowernumber | html %]&amp;CancelItemnumber=[% itemloo.itemnumber | html %]" onclick="return confirmDelete(MSG_CONFIRM_DELETE_HOLD);">Cancel hold</a>
[% END %]
[% ELSE %]
Not on hold
[% END %]
[% IF itemloo.item_level_holds == "N" %]
<br/>Item level hold not allowed from OPAC
[% ELSIF itemloo.item_level_holds == "F" %]
<br/>Item level hold forced from OPAC
[% END %]
[% IF ( itemloo.damaged ) %]
<br />Damaged
[% END %]
</td>
</tr>
[% END %] <!--UNLESS item hide-->
[% END %] <!-- itemloop -->
</tbody>
</table>
[% IF ( bibitemloo.hiddencount ) %]
<form>
<p class="hiddencount"><a href="request.pl?biblionumber=[% bibitemloo.biblionumber | html %]&amp;borrowernumber=[% bibitemloo.borrowernumber | html %]&amp;showallitems=1">Show all items ([% bibitemloo.hiddencount | html %] hidden)</a></p>
</form>
[% END %] <!-- hiddencount -->
[% END %] <!-- bibitemloop -->
[% ELSE %]<!-- UNLESS multi_hold -->
<table id="requesttitles">
<tr>
<th>Title</th>
[% UNLESS ( item_level_itypes ) %]
<th>Item type</th>
[% END %]
<th>Priority</th>
<th>Information</th>
</tr>
[% FOREACH biblioloo IN biblioloop %]
[% IF ( biblioloo.warn ) %]
<tr class="onissue">
[% ELSE %]
<tr>
[% END %]
<td>
<ul>
<li><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblioloo.biblionumber | html %]">[% biblioloo.title | html %]</a></li>
[% IF ( biblioloo.publicationyear ) %]
<li><span class="label">Publication year:</span> [% biblioloo.publicationyear | html %]</li>
[% END %]
</ul>
[% UNLESS ( biblioloo.warn ) %]
<span class="multi_hold_item" title="[% biblioloo.biblionumber | html %]"></span>
[% ELSE %]
<span class="not_holdable" title="[% biblioloo.biblionumber | html %]"></span>
[% END %]
</td>
[% UNLESS ( item_level_itypes ) %]
<td>
<img src="[% biblioloo.imageurl | html %]" alt="[% biblioloo.itypename | html %]" title="[% biblioloo.itypename | html %]" />
</td>
[% END %]
<td>[% biblioloo.rank | html %]</td>
<td>
[% IF ( biblioloo.alreadyres ) %]
<ul>
[% ELSE %]
[% IF ( biblioloo.none_avail ) %]
<ul>
[% END %]
[% END %]
[% IF ( biblioloo.alreadyres ) %]
<li><a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber | html %]">[% patron.firstname | html %] [% patron.surname | html %]</a> <strong>already has a hold</strong> on this item </li>
[% END %]
[% IF ( biblioloo.none_avail ) %]
<li> <strong>No items are available</strong> to be placed on hold</li>
[% END %]
[% IF ( biblioloo.alreadyres ) %]
</ul>
[% ELSE %]
[% IF ( biblioloo.none_avail ) %]
</ul>
[% END %]
[% END %]
</td>
</tr>
[% END %]
</table>
[% END %]<!-- /multi_hold -->
<fieldset class="action">
[% IF ( patron AND patron.borrowernumber ) %]
[% IF ( override_required ) %]
<input type="submit" class="warning" value="Place hold" />
[% ELSIF ( none_available ) %]
<input type="submit" disabled="disabled" value="Place hold" />
[% ELSE %]
<input type="submit" value="Place hold" />
[% END %]
[% END %]
</fieldset>
</form>
</fieldset>
[% END %]
[% UNLESS ( patron ) %]
[% IF ( reserveloop ) %]
<form name="T[% time | html %]" action="modrequest.pl" method="post">
[% IF ( multi_hold ) %]
<input type = "hidden" name="multi_hold" value="1"/>
<input type = "hidden" name="biblionumbers" value="[% biblionumbers | html %]"/>
[% END %]
<fieldset class="rows left">
<legend>Existing holds</legend>
[% FOREACH biblioloo IN biblioloop %]
[% IF ( biblioloo.reserveloop ) %]
<table>
[% IF ( multi_hold ) %]
<caption><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblioloo.biblionumber | html %]">[% biblioloo.title | html %]</a></caption>
[% END %]
<tr>
[% IF ( CAN_user_reserveforothers_modify_holds_priority ) %]
<th>Priority</th>
<th>&nbsp;</th>
[% ELSE %]
<th>Delete?</th>
[% END %]
<th>Patron</th>
<th>Notes</th>
<th>Date</th>
<th>Expiration</th>
<th>Pickup library</th>
<th>Details</th>
[% IF ( CAN_user_reserveforothers_modify_holds_priority ) %]
<th><img src="[% interface | html %]/[% theme | html %]/img/go-bottom.png" alt="Toggle set to lowest priority" /></th>
[% END %]
<th>&nbsp;</th>
[% IF SuspendHoldsIntranet %]<th>&nbsp;</th><!-- Suspend Holds Column Header -->[% END %]
</tr>
[% FOREACH reserveloo IN biblioloo.reserveloop %]
<tr>
<td>
<input type="hidden" name="reserve_id" value="[% reserveloo.reserve_id | html %]" />
<input type="hidden" name="borrowernumber" value="[% reserveloo.borrowernumber | html %]" />
<input type="hidden" name="biblionumber" value="[% reserveloo.biblionumber | html %]" />
<select name="rank-request">
[% IF ( reserveloo.found ) %]
[% IF ( reserveloo.intransit ) %]
<option value="T" selected="selected">In transit</option>
[% ELSE %]
<option value="W" selected="selected">Waiting</option>
[% END %]
[% END %]
[% IF ( CAN_user_reserveforothers_modify_holds_priority ) %]
[% FOREACH optionloo IN reserveloo.optionloop %]
[% IF ( optionloo.selected ) %]
<option value="[% optionloo.num | html %]" selected="selected">[% optionloo.num | html %]</option>
[% ELSE %]
<option value="[% optionloo.num | html %]">[% optionloo.num | html %]</option>
[% END %]
[% END %]
[% ELSIF !reserveloo.found %]
<option value="[% reserveloo.priority | html %]" selected="selected">[% reserveloo.priority | html %]</option>
[% END %]
<option value="del">del</option>
</select>
</td>
[% IF ( CAN_user_reserveforothers_modify_holds_priority ) %]
<td style="white-space:nowrap;">
<a title="Move hold up" href="request.pl?action=move&amp;where=up&amp;borrowernumber=[% reserveloo.borrowernumber | html %]&amp;biblionumber=[% reserveloo.biblionumber | html %]&amp;reserve_id=[% reserveloo.reserve_id | html %]&amp;date=[% reserveloo.date | html %]">
<img src="[% interface | html %]/[% theme | html %]/img/go-up.png" alt="Go up" />
</a>
<a title="Move hold to top" href="request.pl?action=move&amp;where=top&amp;borrowernumber=[% reserveloo.borrowernumber | html %]&amp;biblionumber=[% reserveloo.biblionumber | html %]&amp;reserve_id=[% reserveloo.reserve_id | html %]&amp;date=[% reserveloo.date | html %]">
<img src="[% interface | html %]/[% theme | html %]/img/go-top.png" alt="Go top" />
</a>
<a title="Move hold to bottom" href="request.pl?action=move&amp;where=bottom&amp;borrowernumber=[% reserveloo.borrowernumber | html %]&amp;biblionumber=[% reserveloo.biblionumber | html %]&amp;reserve_id=[% reserveloo.reserve_id | html %]&amp;date=[% reserveloo.date | html %]">
<img src="[% interface | html %]/[% theme | html %]/img/go-bottom.png" alt="Go bottom" />
</a>
<a title="Move hold down" href="request.pl?action=move&amp;where=down&amp;borrowernumber=[% reserveloo.borrowernumber | html %]&amp;biblionumber=[% reserveloo.biblionumber | html %]&amp;reserve_id=[% reserveloo.reserve_id | html %]&amp;date=[% reserveloo.date | html %]">
<img src="[% interface | html %]/[% theme | html %]/img/go-down.png" alt="Go down" />
</a>
</td>
[% END %]
<td>
[% INCLUDE 'patron-title.inc' patron=reserveloo.patron hide_patron_infos_if_needed=1 %]
</td>
<td>[% reserveloo.notes | html %]</td>
<td>[% reserveloo.date | html %]</td>
<td>[% reserveloo.expirationdate | html %]</td>
<td>
[% IF ( reserveloo.found ) %]
[% IF ( reserveloo.atdestination ) %]
[% IF ( reserveloo.found ) %]
Item waiting at <b> [% reserveloo.wbrname | html %]</b> <input type="hidden" name="pickup" value="[% reserveloo.wbrcode | html %]" /> since [% reserveloo.waiting_date | $KohaDates %]
[% ELSE %]
Waiting to be pulled <input type="hidden" name="pickup" value="[% reserveloo.wbrcode | html %]" />
[% END %]
[% ELSE %]
Item being transferred to <b> [% reserveloo.wbrname | html %]</b> <input type="hidden" name="pickup" value="[% reserveloo.wbrcode | html %]" />
[% END %]
[% ELSE %]
[% IF Koha.Preference('IndependentBranches') && Branches.all().size == 1 %]
[% Branches.GetName(reserveloo.branchcode) | html %] <input type="hidden" name="pickup" value="[% reserveloo.branchcode | html %]" />
[% ELSE %]
<select name="pickup">
[% PROCESS options_for_libraries libraries => Branches.all( selected => reserveloo.branchcode ) %]
</select>
[% END %]
[% END %]
</td>
<td>
[% IF ( reserveloo.found ) %]
<a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% reserveloo.biblionumber | html %]">
[% IF ( reserveloo.barcodenumber ) %]
[% reserveloo.barcodenumber | html %]
<input type="hidden" name="itemnumber" value="[% reserveloo.itemnumber | html %]" />
[% ELSE %]
No barcode
[% END %]
</a>
[% ELSE %]
[% IF ( reserveloo.item_level_hold ) %]
<i>Only item
<a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% reserveloo.biblionumber | html %]">
[% IF ( reserveloo.barcodenumber ) %]
[% reserveloo.barcodenumber | html %]
<input type="hidden" name="itemnumber" value="[% reserveloo.itemnumber | html %]" />
[% ELSE %]
No barcode
[% END %]
</a>
</i>
[% ELSE %]
[% IF reserveloo.itemtype %]
<i>Next available [% ItemTypes.GetDescription( reserveloo.itemtype ) | html %] item</i>
[% ELSE %]
<i>Next available</i>
[% END %]
<input type="hidden" name="itemnumber" value="" />
[% END %]
[% END %]
</td>
[% IF ( CAN_user_reserveforothers_modify_holds_priority ) %]
<td>
<a title="Toggle lowest priority" href="request.pl?action=setLowestPriority&amp;borrowernumber=[% reserveloo.borrowernumber | html %]&amp;biblionumber=[% reserveloo.biblionumber | html %]&amp;reserve_id=[% reserveloo.reserve_id | html %]&amp;date=[% reserveloo.date | html %]">
[% IF ( reserveloo.lowestPriority ) %]
<img src="[% interface | html %]/[% theme | html %]/img/go-bottom.png" alt="Unset lowest priority" />
[% ELSE %]
<img src="[% interface | html %]/[% theme | html %]/img/go-down.png" alt="Set to lowest priority" />
[% END %]
</a>
</td>
[% END %]
<td>
<a class="cancel-hold" title="Cancel hold" href="request.pl?action=cancel&amp;borrowernumber=[% reserveloo.borrowernumber | html %]&amp;biblionumber=[% reserveloo.biblionumber | html %]&amp;reserve_id=[% reserveloo.reserve_id | html %]&amp;date=[% reserveloo.date | html %]">
<img src="[% interface | html %]/[% theme | html %]/img/x.png" alt="Cancel" />
</a>
</td>
[% IF SuspendHoldsIntranet %]
<td>
[% UNLESS ( reserveloo.found ) %]
<input type="button" value="[% IF ( reserveloo.suspend ) %]Unsuspend[% ELSE %]Suspend[% END %]" onclick="window.location.href='request.pl?action=toggleSuspend&amp;reserve_id=[% reserveloo.reserve_id | html %]&amp;borrowernumber=[% reserveloo.borrowernumber | html %]&amp;biblionumber=[% reserveloo.biblionumber | html %]&amp;date=[% reserveloo.date | html %]&amp;suspend_until=' + $('#suspend_until_[% reserveloo.reserve_id | html %]').val()" />
[% IF AutoResumeSuspendedHolds %]
<label for="suspend_until_[% reserveloo.reserve_id | html %]">[% IF ( reserveloo.suspend ) %] on [% ELSE %] until [% END %]</label>
<input name="suspend_until" id="suspend_until_[% reserveloo.reserve_id | html %]" size="10" value="[% reserveloo.suspend_until | $KohaDates %]" class="datepicker suspend_until_datepicker" />
<a href='#' onclick="document.getElementById('suspend_until_[% reserveloo.reserve_id | html %]').value='';">Clear date</a>
[% ELSE %]
<input type="hidden" name="suspend_until" id="suspend_until_[% reserveloo.reserve_id | html %]" value=""/>
[% END %]
[% ELSE %]
<input type="hidden" name="suspend_until" value="" />
[% END %]
</td>
[% END # IF SuspendHoldsIntranet %]
</tr>
[% END %] <!-- existing reserveloop -->
</table>
[% END %]<!-- /reserveloop -->
[% END %]<!-- /biblioloop -->
<fieldset class="action">
<input type="submit" name="submit" value="Update hold(s)" />
</fieldset>
</fieldset>
</form>
[% END %]
[% END %]
</div>
</div>
<div class="yui-b">
[% UNLESS ( multi_hold ) %]
[% INCLUDE 'biblio-view-menu.inc' %]
[% END %]
</div>
</div>
[% MACRO jsinclude BLOCK %]
[% INCLUDE 'datatables.inc' %]
[% INCLUDE 'calendar.inc' %]
[% Asset.js("js/circ-patron-search-results.js") | $raw %]
<script>
var MSG_CONFIRM_DELETE_HOLD = _("Are you sure you want to cancel this hold?");
var patron_homebranch = "[% Branches.GetName( patron.branchcode ) |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]";
var override_items = {[% FOREACH bibitemloo IN bibitemloop %][% FOREACH itemloo IN bibitemloo.itemloop %][% IF ( itemloo.override ) %]
[% itemloo.itemnumber | html %]: {
homebranch: "[% Branches.GetName( itemloo.homebranch ) |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]",
holdallowed: [% itemloo.holdallowed | html %]
},
[% END %][% END %][% END %]
};
var MSG_NO_ITEMS_AVAILABLE = _("A hold cannot be requested on any of these items.");
$(document).ready(function() {
function ToggleHoldsToPlace() {
if ( $("#requestany").prop('checked') ) {
$("#holds_to_place_count").prop('disabled', false);
} else {
$("#holds_to_place_count").prop('disabled', true);
}
}
ToggleHoldsToPlace();
$("#requestany").on('change', function(){
ToggleHoldsToPlace();
});
[% IF AutoResumeSuspendedHolds %]
$(".suspend_until_datepicker, .datepickerfrom, .datepickerto").datepicker("option", "minDate", 1);
[% END %]
var my_table = $("#requestspecific").dataTable($.extend(true, {}, dataTablesDefaults, {
'bPaginate': false,
"sDom": '<"top pager"ilf>t',
"aoColumnDefs": [
{ "sType": "title-string", "aTargets" : [ "title-string" ] }
]
}));
//Override fieldset styling for dataTables search box
$("div.top.pager").css("margin-left","1em");
$(".dataTables_filter label").css({
"width":"auto",
"margin-right":"0em"
});
});
function check() {
var msg = "";
var count_reserv = 0;
// check if we have checkitem form
if (document.form.checkitem){
for (i=0;i<document.form.checkitem.length;i++){
if (document.form.checkitem[i].checked == true) {
count_reserv++ ;
}
}
// for only one item, check the checkitem without consider the loop checkitem
if (i==0){
if (document.form.checkitem.checked == true) {
count_reserv++;
}
}
}
if (document.form.requestany.checked == true){
count_reserv++ ;
}
if (count_reserv == "0"){
msg += (_("- Please select an item to place a hold") + "\n");
}
if (msg == "") {
$('#hold-request-form').preventDoubleFormSubmit();
return(true);
} else {
alert(msg);
return(false);
}
}
function checkMultiHold() {
var spans = $(".multi_hold_item");
if ($(spans).size() == 0) {
alert(MSG_NO_ITEMS_AVAILABLE);
return false;
}
var biblionumbers = "";
$(spans).each(function() {
var bibnum = $(this).attr("title");
biblionumbers += bibnum + "/";
});
var badSpans = $(".not_holdable");
var badBibs = "";
$(badSpans).each(function() {
var bibnum = $(this).attr("title");
badBibs += bibnum + "/";
});
$("#multi_hold_bibs").val(biblionumbers);
$("#bad_bibs").val(badBibs);
$('#hold-request-form').preventDoubleFormSubmit();
return true;
}
$(document).ready(function() {
$("input.needsoverride").click(function() { // This must be before the radio button/checkbox switch logic
var itemnumber = this.value;
var msg = '';
switch (override_items[itemnumber].holdallowed) {
case 0: msg = _("This item normally cannot be put on hold."); break;
case 1: msg = _("This item normally cannot be put on hold except for patrons from %s.").format(override_items[itemnumber].homebranch); break;
}
msg += "\n\n" + _("Place hold on this item?");
return confirm(msg);
});
$("input.warning").click(function() {
return confirm( _("None of these items can normally be put on hold for this patron.") + "\n\n" + _("Place hold?") );
});
$("#requestany").click(function() {
if(this.checked){
$("input[name=checkitem]").each(function() {
$(this).prop("checked", false);
});
}
});
$("input[name=checkitem]").click(function() {
onechecked = 0;
$("input[name=checkitem]").each(function() {
if(this.checked){
onechecked = 1;
}
});
if(onechecked == 1){
$("#requestany").prop("checked", false);
} else {
$("#requestany").prop("checked",true);
}
});
var prev_rank_request;
$("select[name=rank-request]").on("focus", function() {
prev_rank_request = $(this).val();
}).change(function() {
var row = $(this).parents("tr:first");
var value = parseInt($(this).val());
var after = row.parent().find("tr:nth-child("+(value+1)+")");
if (prev_rank_request > value) {
row.insertBefore(after);
} else {
row.insertAfter(after);
}
var next_priority = 1;
$("select[name=rank-request]").each(function () {
$(this).val(next_priority);
next_priority++;
});
});
$(".clear-date").on("click",function(e){
e.preventDefault();
var fieldID = this.id.replace("clear-date-","");
$("#" + fieldID).val("");
});
// Confirm cancelation of hold
$(".cancel-hold").on("click",function(e) {
return confirmDelete(MSG_CONFIRM_DELETE_HOLD);
});
[% UNLESS ( patron || patron.borrowernumber || borrowers || noitems ) %]
[% IF ( CircAutocompl ) %]
$( "#patron" ).autocomplete({
source: "/cgi-bin/koha/circ/ysearch.pl",
minLength: 3,
select: function( event, ui ) {
$( "#patron" ).val( ui.item.cardnumber );
$( "#holds_patronsearch" ).submit();
return false;
}
})
.data( "ui-autocomplete" )._renderItem = function( ul, item ) {
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
.append( "<a>" + item.surname + ", " + item.firstname +
" (" + item.cardnumber + ") <small>" + item.address +
" " + item.city + " " + item.zipcode + " " +
item.country + "</small></a>" )
.appendTo( ul );
};
[% END %]
[% END %]
});
</script>
[% END %]
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink