Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
Jonathan Druart dcd1f5d48c Bug 13618: Add html filters to all the variables 
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00

891 lines
51 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[% USE raw %]
[% USE Asset %]
[% BLOCK csv_export %]
<div class="btn-group">
<a id="exportbutton" class="btn btn-default btn-sm" href="[% script_name | html %]?op=export&amp;basketno=[% basketno | html %]&amp;booksellerid=[% booksellerid | html %]"><i class="fa fa-download"></i> Export as CSV</a>
<a class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown"><span class="caret"></span></a>
<ul class="dropdown-menu" id="export-csv-menu">
<li><a href="#">Default</a></li>
[% IF csv_profiles %]
[% FOR csv IN csv_profiles %]
<li><a href="#" data-value="[% csv.export_format_id | html %]">[% csv.profile | html %]</a></li>
[% END %]
[% END %]
</ul>
</div>
[% END %]
[% USE KohaDates %]
[% USE Branches %]
[% USE Price %]
[% USE AuthorisedValues %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Acquisitions &rsaquo; [% UNLESS ( basketno ) %]New [% END %]Basket [% basketname | html %] ([% basketno | html %]) for [% booksellername | html %]</title>
[% Asset.css("css/datatables.css") | $raw %]
[% INCLUDE 'doc-head-close.inc' %]
<style type="text/css">
.sortmsg {font-size: 80%;}
</style>
</head>
<body id="acq_basket" class="acq">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'acquisitions-search.inc' %]
<div id="breadcrumbs">
<a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo;
<a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo;
<a href="/cgi-bin/koha/acqui/supplier.pl?booksellerid=[% booksellerid | html %]">[% booksellername | html %]</a> &rsaquo;
[% UNLESS ( basketno ) %][% IF ( delete_confirmed ) %]Deleted [% ELSE %]New [% END %][% END %]Basket [% basketname | html %] [% IF ( basketno ) %]([% basketno | html %])[% END %] for [% booksellername | html %]
</div>
<div id="doc3" class="yui-t2">
<div id="bd">
<div id="yui-main">
[% IF (cannot_manage_basket) %]
<div class="yui-b">
<p class="error">You are not authorised to manage this basket.</p>
</div>
[% ELSE %]
<div class="yui-b">
[% IF !confirm_close && !edi_confirm %]
[% UNLESS ( selectbasketg ) %]
[% UNLESS ( closedate ) %]
[% UNLESS ( delete_confirmed ) %]
<div id="toolbar" class="btn-toolbar">
[% IF active %]
<div class="btn-group"><a href="#addtoBasket" role="button" class="btn btn-default btn-sm" data-toggle="modal"><i class="fa fa-plus"></i> Add to basket</a></div>
[% END %]
<div class="btn-group"><a href="basketheader.pl?booksellerid=[% booksellerid | html %]&amp;basketno=[% basketno | html %]&amp;op=add_form" class="btn btn-default btn-sm" id="basketheadbutton"><i class="fa fa-pencil"></i> Edit basket</a></div>
[%# FIXME This action should not be available for everyone %]
<div class="btn-group"><a href="#deleteBasketModal" role="button" class="btn btn-default btn-sm" data-toggle="modal" id="delbasketbutton"><i class="fa fa-trash"></i> Delete this basket</a></div>
[% IF ( unclosable ) %]
[% ELSIF ( uncertainprices ) %]
<div class="btn-group"><a href="/cgi-bin/koha/acqui/uncertainprice.pl?booksellerid=[% booksellerid | html %]&amp;owner=1" class="btn btn-default btn-sm" id="uncertpricesbutton"><i class="fa fa-usd"></i> Uncertain prices</a></div>
<div title="Can not close baskets that have items with uncertain prices in them." class="btn-group">
<a href="" class="btn btn-default btn-sm disabled" id="closebutton"><i class="fa fa-times-circle"></i> Close this basket</a>
</div>
[% ELSE %]
<div class="btn-group">
<a href="/cgi-bin/koha/acqui/basket.pl?op=close&amp;basketno=[% basketno | html %]&amp;booksellerid=[% booksellerid | html %]" class="btn btn-default btn-sm" id="closebutton"><i class="fa fa-times-circle"></i> Close this basket</a>
</div>
[% END %]
[% PROCESS csv_export %]
[% IF ediaccount %]
<div class="btn-group"><a href="/cgi-bin/koha/acqui/edi_ean.pl?op=ediorder&amp;basketno=[% basketno | html %]&amp;booksellerid=[% booksellerid | html %]" class="btn btn-default btn-sm" id="ediorderbutton"><i class="fa fa-download"></i> Create EDIFACT order</a></div>
[% END %]
[% IF ( active && books_loop ) %]
<div class="btn-group">
<form action="/cgi-bin/koha/acqui/basket.pl" method="post">
<input type="hidden" name="op" value="email" />
<input type="hidden" name="basketno" value="[% basketno | html %]" />
<button type="submit" class="btn btn-default btn-sm" id="emailvendorbutton"><i class="fa fa-envelope"></i> E-mail order</button>
</form>
</div>
[% END %]
</div>
[% END %]
<!-- Modal for confirm deletion box-->
<div class="modal" id="deleteBasketModal" tabindex="-1" role="dialog" aria-labelledby="delbasketModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="closebtn" data-dismiss="modal" aria-hidden="true">×</button>
<h3>Confirm deletion</h3>
</div>
[% UNLESS book_foot_loop %]
<div class="modal-body">
<p>Are you sure you want to delete this basket?</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary" data-dismiss="modal">Cancel</button>
<form action="/cgi-bin/koha/acqui/basket.pl" method="get">
<input type="hidden" name="op" value="delete_confirm" />
<input type="hidden" name="basketno" value="[% basketno | html %]" />
<input type="hidden" name="booksellerid" value="[% booksellerid | html %]" />
<input type="hidden" name="delbiblio" value="0" />
<button type="submit" class="btn btn-default btn-default">Delete basket</button>
</form>
</div>
[% ELSE %]
<div class="modal-body">
<p>Are you sure you want to delete this basket?</p>
<p>Warning:</p>
<p>All orders of this basket will be cancelled and used funds will be refunded.</p>
<p>If items have been created when ordering or receiving, they will be deleted.</p>
<p>You can choose to delete bibliographic records if possible (bibliographic records that have other items or that are used in a subscription or another order will not be deleted).</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary" data-dismiss="modal">Cancel</button>
<form action="/cgi-bin/koha/acqui/basket.pl" method="get">
<input type="hidden" name="op" value="delete_confirm" />
<input type="hidden" name="basketno" value="[% basketno | html %]" />
<input type="hidden" name="booksellerid" value="[% booksellerid | html %]" />
<input type="hidden" name="delbiblio" value="0" />
<button type="submit" class="btn btn-default btn-default">Delete basket and orders</button>
</form>
<form action="/cgi-bin/koha/acqui/basket.pl" method="get">
<input type="hidden" name="op" value="delete_confirm" />
<input type="hidden" name="basketno" value="[% basketno | html %]" />
<input type="hidden" name="booksellerid" value="[% booksellerid | html %]" />
<input type="hidden" name="delbiblio" value="1" />
<button type="submit" class="btn btn-default btn-default">Delete basket, orders, and records</button>
</form>
</div>
[% END %]
</div>
</div>
</div>
<!-- End of Modal-->
[% ELSE %]
[% UNLESS ( grouped ) %]
<div id="toolbar" class="btn-toolbar">
<div class="btn-group"><a href="#" class="btn btn-default btn-sm" id="reopenbutton"><i class="fa fa-refresh"></i> Reopen this basket</a></div>
[% PROCESS csv_export %]
</div>
[% END %]
[% END %]
[% END %]
[% IF ( NO_BOOKSELLER ) %]
<h2>Vendor not found</h2>
[% ELSE %]
[% IF ( delete_confirmed ) %]
<div class="dialog message">
<h3>Basket deleted</h3>
</div>
[% IF (cannotdelbiblios) %]
<div class="dialog alert">
<p><strong>Warning:</strong></p>
<p><strong>The following records could not be deleted:</strong></p>
<ul>
[% FOREACH cannotdelbiblio IN cannotdelbiblios %]
<li><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% cannotdelbiblio.biblionumber | html %]">[% cannotdelbiblio.title | html %]</a> by [% cannotdelbiblio.author | html %]:
<ul>
[% IF (cannotdelbiblio.itemcount) %]<li>[% cannotdelbiblio.itemcount | html %] item(s) attached.</li>[% END %]
[% IF (cannotdelbiblio.subscriptions) %]<li>[% cannotdelbiblio.subscriptions | html %] subscription(s) attached.</li>[% END %]
[% IF (cannotdelbiblio.countbiblio) %]<li>[% cannotdelbiblio.countbiblio | html %] order(s) attached.</li>[% END %]
[% IF (cannotdelbiblio.othererror) %]<li>Unknown error.</li>[% END %]
</ul>
</li>
[% END %]
</ul>
</div>
<a href="booksellers.pl">Click here to go back to booksellers page</a>
[% ELSE %]
<a href="/cgi-bin/koha/acqui/booksellers.pl?booksellerid=[% booksellerid | html %]" class="btn btn-default btn-sm">Show baskets for vendor [% booksellername | html %]</a> <a href="/cgi-bin/koha/acqui/booksellers.pl" class="btn btn-default btn-sm">Show all active baskets</a>
[% END %]
[% ELSE %]
[% FOR m IN messages %]
<div class="dialog [% m.type | html %]">
[% SWITCH m.code %]
[% CASE 'no_email' %]
This vendor has no contact selected for sending orders to or is missing an e-mail address.
[% CASE 'no_basketno' %]
No basket given.
[% CASE 'no_letter' %]
There is no notice template with code ACQORDER defined.
[% CASE 'email_sent' %]
Order e-mail was sent to the vendor.
[% CASE %]
ERROR! - [% m.code | html %]
[% END %]
</div>
[% END %]
<h1>[% UNLESS ( basketno ) %]New [% END %]Basket [% basketname | html %] ([% basketno | html %]) for <a href="supplier.pl?booksellerid=[% booksellerid | html %]">[% booksellername | html %]</a></h1>
[% IF ( basketno ) %]
<div id="acqui_basket_summary" class="yui-g">
<div class="rows">
<div class="yui-u first">
<ol>
[% IF ( basketnote ) %]<li><span class="label">Internal note:</span> [% basketnote | html %]</li>[% END %]
[% IF ( basketbooksellernote ) %]<li><span class="label">Vendor note:</span> [% basketbooksellernote | html %]</li>[% END %]
[% IF ( basketcontractno ) %]
<li><span class="label">Contract name:</span> <a href="../admin/aqcontract.pl?op=add_form&amp;contractnumber=[% basketcontractno | html %]&amp;booksellerid=[% booksellerid | html %]">[% basketcontractname | html %]</a></li>
[% END %]
[% IF deliveryplace %]<li><span class="label">Delivery place:</span> [% Branches.GetName( deliveryplace ) | html %]</li>[% END %]
[% IF billingplace %]<li><span class="label">Billing place:</span> [% Branches.GetName( billingplace ) | html %]</li>[% END %]
[% IF ( authorisedbyname ) %]<li><span class="label">Created by:</span> [% authorisedbyname | html %]</li>[% END %]
<li id="managedby">
<form action="" method="post">
<span class="label">Managed by:</span>
<div style="float:left">
<ul id="users_names" style="padding-left:0">
[% FOREACH user IN users %]
<li id="user_[% user.borrowernumber | html %]">
[% user.firstname | html %] [% user.surname | html %]
<a href="#" data-borrowernumber="[% user.borrowernumber | html %]" class="del_user"><i class="fa fa-trash"></i> Delete user</a>
</li>
[% END %]
</ul>
<input type="hidden" id="basketno" name="basketno" value="[% basketno | html %]" />
<input type="hidden" id="users_ids" name="users_ids" value="[% users_ids | html %]" />
<input type="hidden" id="op" name="op" value="mod_users" />
<input type="button" id="add_user" value="Add user" />
<input type="submit" value="Save changes" />
</div>
</form>
</li>
<li id="branch">
<span class="label">Library:</span>
[% IF basketbranchcode %]
[% Branches.GetName( basketbranchcode ) | html %]
[% ELSE %]
No library
[% END %]
[% IF branches_loop.size %]
<form action="" method="post">
<select id="branch" name="branch">
<option value="">(no library)</option>
[% FOREACH branch IN branches_loop %]
[% IF (branch.selected) %]
<option selected="selected" value="[% branch.branchcode | html %]"> [% branch.branchname | html %]</option>
[% ELSE %]
<option value="[% branch.branchcode | html %]"> [% branch.branchname | html %]</option>
[% END %]
[% END %]
</select>
<input type="hidden" id="basketno" name="basketno" value="[% basketno | html %]" />
<input type="hidden" id="op" name="op" value="mod_branch" />
<input type="submit" value="Change" />
</form>
[% END %]
</li>
[% IF ( creationdate ) %]<li><span class="label">Opened on:</span> [% creationdate | $KohaDates %]</li>[% END %]
[% IF ( closedate ) %]<li><span class="label">Closed on:</span> [% closedate | $KohaDates %]</li>[% END %]
[% IF ( estimateddeliverydate ) %]<li><span class="label">Estimated delivery date:</span> [% estimateddeliverydate | $KohaDates | html %]</li>[% END %]
<li><span class="label">Orders are standing:</span> [% IF is_standing %]Yes[% ELSE %]No[% END %]</li>
[% IF basket.create_items %]
<li>
<span class="label">Create items when:</span>
[% SWITCH basket.create_items %]
[% CASE 'receiving' %]Receiving items
[% CASE 'cataloguing' %]Cataloguing items
[% CASE %]Placing orders
[% END %]
</li>
[% END %]
</ol>
</div>
[% IF ( closedate ) %]
<div class="yui-u">
[% IF ( CAN_user_acquisition_group_manage ) %]
<form action="/cgi-bin/koha/acqui/basketgroup.pl" method="post">
[% END %]
<ol>
<li>
<span class="label">Basket group:</span>
[% IF basketgroup.id and not basketgroup.name %]
[% SET basketgroup.name = "Basket group no. " _ basketgroup.id %]
[% END %]
[% IF basketgroup.closed %]
[% IF ( CAN_user_acquisition_group_manage ) %]
<a href="basketgroup.pl?op=add&booksellerid=[% booksellerid | html %]&basketgroupid=[% basketgroup.id | html %]" title="basketgroup">[% basketgroup.name | html %] (closed)</a>
[% ELSE %]
[% basketgroup.name | html %] (closed)
[% END %]
[% ELSIF ( ! CAN_user_acquisition_group_manage ) %]
[%- IF basketgroup.id -%]
[% basketgroup.name | html %]
[%- ELSE -%]
No group
[%- END -%]
[% ELSE %]
<select id="basketgroupid" name="basketgroupid">
<option value="">No group</option>
[% FOREACH bg IN basketgroups %]
[% IF ( bg.default ) %]
<option value="[% bg.id | html %]" selected="selected">[% bg.name | html %]</option>
[% ELSE %]
[% UNLESS bg.closed %]
<option value="[% bg.id | html %]">[% bg.name | html %]</option>
[% ELSE %]
<option value="[% bg.id | html %]" disabled="disabled">[% bg.name | html %] (closed)</option>
[% END %]
[% END %]
[% END %]
<option value="new">Add new group</option>
</select>
<input type="hidden" id="basketno" value="[% basketno | html %]" name="basketno" />
<input type="hidden" value="mod_basket" name="op" />
<input type="hidden" name="booksellerid" value="[% booksellerid | html %]" />
<input type="submit" value="Change basket group" />
[% END %]
</li>
[% IF basketgroup.deliveryplace %]<li><span class="label">Basket group delivery placename:</span> [% Branches.GetName( basketgroup.deliveryplace ) | html %]</li>[% END %]
[% IF basketgroup.billingplace %]<li><span class="label">Basket group billing place:</span> [% Branches.GetName( basketgroup.billingplace ) | html %]</li>[% END %]
</ol>
[% IF ( CAN_user_acquisition_group_manage ) %]
</form>
[% END %]
</div>
[% END %]
</div>
</div>
[% END %]
[% IF ( duplinbatch ) %]<div class="dialog alert">
<h4>Duplicate warning</h4>
<p>Some records have not been automatically added because they match an existing record in your catalog:<a href="/cgi-bin/koha/acqui/addorderiso2709.pl?import_batch_id=[% duplinbatch | html %]&amp;basketno=[% basketno | html %]&amp;booksellerid=[% booksellerid | html %]" title="Open in new window" target="_blank" class="popup" style="margin-left:10px">Display them</a></p>
</div>[% END %]
<div id="acqui_basket_content" class="yui-g">
[% IF ( books_loop ) %]
<h2>Orders</h2>
<label for="show_all_details">
<input type="checkbox" style="vertical-align: middle;" id="show_all_details" />
Show all details
</label>
<table id="orders">
<thead>
<tr>
<th>No.</th>
<th class="anti-the">Order</th>
<th class="tax_excluded">RRP tax exc.</th>
<th class="tax_excluded">ecost tax exc.</th>
<th class="tax_included">RRP tax inc.</th>
<th class="tax_included">ecost tax inc.</th>
<th>Qty.</th>
<th class="tax_excluded">Total tax exc. ([% currency | html %])</th>
<th class="tax_included">Total tax inc. ([% currency | html %])</th>
<th>GST %</th>
<th>GST</th>
<th>Fund</th>
<th>Supplier report</th>
[% IF ( active ) %]
[% UNLESS ( closedate ) %]
<th>Modify</th>
<th>Cancel order</th>
[% END %]
[% END %]
</tr>
</thead>
<tfoot>
[% FOREACH foot_loo IN book_foot_loop %]
<tr>
<th></th>
<th>Total (GST [% foot_loo.tax_rate * 100 | html %])</th>
<th class="tax_excluded">&nbsp;</th>
<th class="tax_excluded">&nbsp;</th>
<th class="tax_included">&nbsp;</th>
<th class="tax_included">&nbsp;</th>
<th>[% foot_loo.quantity | html %]</th>
<th class="tax_excluded">[% foot_loo.total_tax_excluded | $Price | html %]</th>
<th class="tax_included">[% foot_loo.total_tax_included | $Price | html %]</th>
<th>&nbsp;</th>
<th>[% foot_loo.tax_value | $Price | html %]</th>
<th>&nbsp;</th>
<th>&nbsp;</th>
[% IF ( active ) %]
[% UNLESS ( closedate ) %]
<th>&nbsp;</th>
<th>&nbsp;</th>
[% END %]
[% END %]
</tr>
[% END %]
<tr>
<th></th>
<th>Total ([% currency | html %])</th>
<th class="tax_excluded">&nbsp;</th>
<th class="tax_excluded">&nbsp;</th>
<th class="tax_included">&nbsp;</th>
<th class="tax_included">&nbsp;</th>
<th>[% total_quantity | html %]</th>
<th class="tax_excluded">[% total_tax_excluded | $Price | html %]</th>
<th class="tax_included">[% total_tax_included | $Price | html %]</th>
<th>&nbsp;</th>
<th>[% total_tax_value | $Price | html %]</th>
<th>&nbsp;</th>
<th>&nbsp;</th>
[% IF ( active ) %]
[% UNLESS ( closedate ) %]
<th>&nbsp;</th>
<th>&nbsp;</th>
[% END %]
[% END %]
</tr>
</tfoot>
<tbody>
[% FOREACH books_loo IN books_loop %]
[% IF ( books_loo.order_received ) %]
<tr class="disabled">
[% ELSE %]
<tr>
[% END %]
<td>
[% books_loo.ordernumber | html %]
</td>
<td>
<p>
[% IF ( books_loo.order_received ) %] (rcvd)[% END %]
[% IF books_loo.title %]
<a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% books_loo.biblionumber | html %]">[% books_loo.title | html %]</a>[% IF books_loo.author %] by [% books_loo.author | html %][% END %]
[% ELSE %]
<em>Deleted bibliographic record, can't find title</em><br />
[% END %]
<br />
[% IF ( books_loo.isbn ) %] - [% books_loo.isbn | html %][% END %]
[% IF ( books_loo.issn ) %] - [% books_loo.issn | html %][% END %]
[% IF ( books_loo.publishercode ) %], [% books_loo.publishercode | html %][% END %]
[% IF ( books_loo.publicationyear ) %], [% books_loo.publicationyear | html %]
[% ELSIF ( books_loo.copyrightdate ) %] [% books_loo.copyrightdate | html %][% END %]
[% IF ( books_loo.editionstatement ) %], [% books_loo.editionstatement | html %][% END %]
[% IF ( books_loo.suggestionid ) %]
<br/>
Suggested by: [% books_loo.surnamesuggestedby | html %][% IF ( books_loo.firstnamesuggestedby ) %], [% books_loo.firstnamesuggestedby | html %] [% END %]
(<a href="/cgi-bin/koha/suggestion/suggestion.pl?suggestionid=[% books_loo.suggestionid | html %]&amp;op=show">suggestion #[% books_loo.suggestionid | html %]</a>)
[% END %]
</p>
[% IF ( books_loo.order_internalnote ) %]
<p class="ordernote"><strong>Internal note: </strong><span id="internal-note-[% books_loo.ordernumber | html %]">[% books_loo.order_internalnote | html %]</span> <a class="edit_note" data-ordernumber="[% books_loo.ordernumber | html %]" data-note_type="internal" href="/cgi-bin/koha/acqui/modordernotes.pl?ordernumber=[% books_loo.ordernumber | html %]&type=internal" title="Edit internal note"><i class="fa fa-pencil"></i> Edit internal note</a></p>
[% ELSE %]
<a class="edit_note" data-ordernumber="[% books_loo.ordernumber | html %]" data-note_type="internal" href="/cgi-bin/koha/acqui/modordernotes.pl?ordernumber=[% books_loo.ordernumber | html %]&type=internal" title="Add internal note"><i class="fa fa-plus"></i> Add internal note</a>
[% END %]
[% IF ( books_loo.order_vendornote ) %]
<p class="ordernote"><strong>Vendor note: </strong> <span id="vendor-note-[% books_loo.ordernumber | html %]">[% books_loo.order_vendornote | html %]</span> <a class="edit_note" data-ordernumber="[% books_loo.ordernumber | html %]" data-note_type="vendor" href="/cgi-bin/koha/acqui/modordernotes.pl?ordernumber=[% books_loo.ordernumber | html %]&type=vendor" title="Edit vendor note"><i class="fa fa-pencil"></i> Edit vendor note</a></p>
[% ELSE %]
<a class="edit_note" data-ordernumber="[% books_loo.ordernumber | html %]" data-note_type="vendor" href="/cgi-bin/koha/acqui/modordernotes.pl?ordernumber=[% books_loo.ordernumber | html %]&type=vendor" title="Add vendor note"><i class="fa fa-plus"></i> Add vendor note</a>
[% END %]
[% IF (books_loo.transferred_from) %]
[% basket = books_loo.transferred_from.basket | html %]
[% bookseller = books_loo.transferred_from.bookseller | html %]
[% timestamp = books_loo.transferred_from.timestamp | html %]
<p>Transferred from basket:
<a href="/cgi-bin/koha/acqui/basket.pl?basketno=[% basket.basketno | html %]"> [% basket.basketname | html %]</a>
(<a href="/cgi-bin/koha/acqui/supplier.pl?booksellerid=[% bookseller.id | html %]">[% bookseller.name | html %]</a>)
on <span title="[% timestamp | $KohaDates with_hours = 1 | html %]">
[% timestamp | $KohaDates %]
</span>
</p>
[% END %]
</td>
[% SET zero_regex = "^0{1,}\.?0{1,}[^1-9]" %] [%# 0 or 0.0 or 0.00 or 00 or 00.0 or 00.00 or 0.000 ... %]
[%# FIXME: use of a regexp is not ideal; bugs 9410 and 10929 suggest better way of handling this %]
<td class="number tax_excluded [% IF books_loo.rrp_tax_excluded.search(zero_regex) %]error[% END %]">[% books_loo.rrp_tax_excluded | $Price | html %]</td>
<td class="number tax_excluded [% IF books_loo.ecost_tax_excluded.search(zero_regex) %]error[% END %]">[% books_loo.ecost_tax_excluded | $Price | html %]</td>
<td class="number tax_included [% IF books_loo.rrp_tax_included.search(zero_regex) %]error[% END %]">[% books_loo.rrp_tax_included | $Price | html %]</td>
<td class="number tax_included [% IF books_loo.ecost_tax_included.search(zero_regex) %]error[% END %]">[% books_loo.ecost_tax_included | $Price | html %]</td>
<td class="number [% IF books_loo.quantity.search(zero_regex) %]error[% END %]">[% books_loo.quantity | html %]</td>
<td class="number tax_excluded [% IF books_loo.total_tax_excluded.search(zero_regex) %]error[% END %]">[% books_loo.total_tax_excluded | $Price | html %]</td>
<td class="number tax_included [% IF books_loo.total_tax_included.search(zero_regex) %]error[% END %]">[% books_loo.total_tax_included | $Price | html %]</td>
<td class="number">[% books_loo.tax_rate * 100 | html %]</td>
<td class="number [% IF books_loo.tax_value.search(zero_regex) %]error[% END %]">[% books_loo.tax_value | $Price | html %]</td>
<td>[% books_loo.budget_name | html %]</td>
<td>[% books_loo.suppliers_report | html %]</td>
[% IF ( active ) %]
[% UNLESS ( closedate ) %]
<td>
<a href="neworderempty.pl?ordernumber=[% books_loo.ordernumber | html %]&amp;booksellerid=[% booksellerid | html %]&amp;basketno=[% basketno | html %]">Modify</a>
[% UNLESS (books_loo.order_received) %]
<br />
<a href="#" class="transfer_order" data-ordernumber="[% books_loo.ordernumber | html %]">Transfer</a>
[% END %]
</td>
<td>
[% IF ( books_loo.left_holds_on_order ) %]
<span class="button" title="Can't cancel order, ([% books_loo.holds_on_order | html %]) holds are linked with this order cancel holds first">Can't cancel order</span><br>
[% ELSE %]
<a href="/cgi-bin/koha/acqui/cancelorder.pl?ordernumber=[% books_loo.ordernumber | html %]&biblionumber=[% books_loo.biblionumber | html %]&basketno=[% basketno | html %]&referrer=/cgi-bin/koha/acqui/basket.pl%3Fbasketno=[% basketno | html %]" class="button">Cancel order</a><br>
[% END %]
[% IF ( books_loo.can_del_bib ) %]
<a href="/cgi-bin/koha/acqui/cancelorder.pl?ordernumber=[% books_loo.ordernumber | html %]&biblionumber=[% books_loo.biblionumber | html %]&basketno=[% basketno | html %]&del_biblio=1&referrer=/cgi-bin/koha/acqui/basket.pl%3Fbasketno=[% basketno | html %]" class="button">Cancel order and delete catalog record</a><br>
[% ELSE %]
<span class="button" title="Can't delete catalog record, see constraints below">Can't cancel order and delete catalog record</span><br>
[% END %]
[% IF ( books_loo.left_item ) %]
<b title="Can't delete catalog record, because of [% books_loo.items | html %] existing hold(s)" >[% books_loo.items | html %] item(s) left</b><br>
[% END %]
[% IF ( books_loo.left_biblio ) %]
<b title="Can't delete catalog record, delete other orders linked to it first">[% books_loo.biblios | html %] order(s) left</b><br>
[% END %]
[% IF ( books_loo.left_subscription ) %]
<b title="Can't delete catalog record, delete subscriptions first">[% books_loo.subscriptions | html %] subscription(s) left</b><br>
[% END %]
[% IF ( books_loo.left_holds ) %]
<b title="Can't delete catalog record or order, cancel holds first">[% books_loo.holds | html %] hold(s) left</b>
[% END %]
</td>
[% END %]
[% END %]
</tr>
[% END %]
</tbody>
</table>
[% END %]
[% IF ( listincgst ) %]<small class="highlight">** Vendor's listings already include tax.</small>
[% END %]
</div>
[% IF (cancelledorders_loop) %]
<div id="cancelledorders">
<h2>Cancelled orders</h2>
<table id="cancelledorderst">
<thead>
<tr>
<th>No.</th>
<th>Order</th>
<th class="tax_excluded">RRP tax exc.</th>
<th class="tax_excluded">ecost tax exc.</th>
<th class="tax_included">RRP tax inc.</th>
<th class="tax_included">ecost tax inc.</th>
<th>Qty.</th>
<th class="tax_excluded">Total tax exc. ([% currency | html %])</th>
<th class="tax_included">Total tax inc. ([% currency | html %])</th>
<th>GST %</th>
<th>GST</th>
<th>Fund</th>
</tr>
</thead>
<tbody>
[% FOREACH order IN cancelledorders_loop %]
<tr style="color:grey">
<td>
[% order.ordernumber | html %]
</td>
<td>
<p>
[% IF ( order.order_received ) %] (rcvd)[% END %]
[% IF (order.title) %]
[% order.title | html %][% IF order.author %] by [% order.author | html %][% END %]
[% ELSE %]
<em>Deleted bibliographic record, can't find title</em>
[% END %]
<br />
[% IF ( order.order_internalnote ) %] [% order.order_internalnote | html %][% END %]
[% IF ( order.isbn ) %] - [% order.isbn | html %][% END %]
[% IF ( order.issn ) %] - [% order.issn | html %][% END %]
[% IF ( order.publishercode ) %], [% order.publishercode | html %][% END %]
[% IF ( order.publicationyear ) %], [% order.publicationyear | html %]
[% ELSIF ( order.copyrightdate ) %] [% order.copyrightdate | html %][% END %]
[% IF ( books_loo.editionstatement ) %], [% books_loo.editionstatement | html %][% END %]
[% IF ( order.cancellationreason ) %]
<br />
Cancellation reason: [% AuthorisedValues.GetByCode( 'ORDER_CANCELLATION_REASON', order.cancellationreason ) | html %]
[% END %]
</p>
[% IF order.transferred_to %]
[% basket = order.transferred_to.basket | html %]
[% bookseller = order.transferred_to.bookseller | html %]
[% timestamp = order.transferred_to.timestamp | html %]
<p>Transferred to basket:
<a href="/cgi-bin/koha/acqui/basket.pl?basketno=[% basket.basketno | html %]"> [% basket.basketname | html %]</a>
(<a href="/cgi-bin/koha/acqui/supplier.pl?booksellerid=[% bookseller.id | html %]">[% bookseller.name | html %]</a>)
on <span title="[% timestamp | $KohaDates with_hours = 1 | html %]">
[% timestamp | $KohaDates %]
</span>
</p>
[% END %]
</td>
<td class="number tax_excluded">[% order.rrp_tax_excluded | $Price | html %]</td>
<td class="number tax_excluded">[% order.ecost_tax_excluded | $Price | html %]</td>
<td class="number tax_included">[% order.rrp_tax_included | $Price | html %]</td>
<td class="number tax_included">[% order.ecost_tax_included | $Price | html %]</td>
<td class="number">[% order.quantity | html %]</td>
<td class="number tax_excluded">[% order.total_tax_excluded | $Price | html %]</td>
<td class="number tax_included">[% order.total_tax_included | $Price | html %]</td>
<td class="number">[% order.tax_rate * 100 | html %]</td>
<td class="number">[% order.tax_value | $Price | html %]</td>
<td>[% order.budget_name | html %]
</tr>
[% END %]
</tbody>
</table>
</div>
[% END %]
<br />
[% UNLESS ( closedate ) %]
<!-- Modal -->
<div id="addtoBasket" class="modal" tabindex="-1" role="dialog" aria-labelledby="addtoBasketLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
[% IF active %]
[% INCLUDE 'acquisitions-add-to-basket.inc' %]
[% END %]
</div>
<div class="modal-footer">
<a href="#" class="cancel" data-dismiss="modal" aria-hidden="true">Cancel</a>
</div>
</div>
</div>
</div>
[% END %]
[% END %]
[% END %] [% ELSE %] <!-- if we want just to select a basketgroup for a closed basket -->
[% END %]
[% IF ( confirm_close ) %]
<div id="closebasket_needsconfirmation" class="dialog alert">
<form action="/cgi-bin/koha/acqui/basket.pl">
<h1>Are you sure you want to close basket [% basketname | html %]?</h1>
[% IF ( CAN_user_acquisition_group_manage ) %]
<p>
<label for="createbasketgroup">Attach this basket to a new basket group with the same name</label>
<input type="checkbox" id="createbasketgroup" name="createbasketgroup"/>
</p>
[% END %]
<input type="hidden" id="basketno" value="[% basketno | html %]" name="basketno" />
<input type="hidden" value="close" name="op" />
<input type="hidden" name="booksellerid" value="[% booksellerid | html %]" />
<input type="hidden" name="confirm" value="1" />
<input type="hidden" name="basketgroupname" value="[% basketgroupname | html %]" />
<button type="submit" class="approve" accesskey="y"><i class="fa fa-fw fa-check"></i> Yes, close (Y)</button>
</form>
<form action="/cgi-bin/koha/acqui/basket.pl" method="get">
<input type="hidden" name="basketno" value="[% basketno | html %]" />
<button type="submit" class="deny" accesskey="n"><i class="fa fa-fw fa-remove"></i> No, don't close (N)</button>
</form>
</div>
[% END %]
[% IF edi_confirm %]
<div id="closebasket_needsconfirmation" class="dialog alert">
<form action="/cgi-bin/koha/acqui/basket.pl">
<h1>Are you sure you want to generate an EDIFACT order and close basket [% basketname | html %]?</h1>
[% IF CAN_user_acquisition_group_manage %]
<p>
<label for="createbasketgroup">Attach this basket to a new basket group with the same name</label>
<input type="checkbox" id="createbasketgroup" name="createbasketgroup"/>
</p>
[% END %]
<input type="hidden" id="basketno" value="[% basketno | html %]" name="basketno" />
<input type="hidden" value="ediorder" name="op" />
<input type="hidden" name="ean" value="[% ean | html %]" />
<input type="hidden" name="booksellerid" value="[% booksellerid | html %]" />
<input type="hidden" name="confirm" value="1" />
<input type="hidden" name="basketgroupname" value="[% basketgroupname | html %]" />
<button type="submit" class="approve" accesskey="Y"><i class="fa fa-fw fa-check"></i> Yes, close (Y)</button>
</form>
<form action="/cgi-bin/koha/acqui/basket.pl" method="get">
<input type="hidden" name="basketno" value="[% basketno | html %]" />
<button type="submit" class="deny" accesskey="N"><i class="fa fa-fw fa-remove"></i> No, don't close (N)</button>
</form>
</div>
[% END %]
</div>
[% END %][%# IF (cannot_manage_basket) %]
</div>
<div class="yui-b">
[% INCLUDE 'acquisitions-menu.inc' %]
</div>
</div>
<!-- Modal for editing vendor and internal notes -->
<div class="modal" id="noteEditor" tabindex="-1" role="dialog" aria-labelledby="noteEditorLabel">
<div class="modal-dialog" role="document">
<form id="modify_order_notes" action="/cgi-bin/koha/acqui/modordernotes.pl" method="post">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="closebtn" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="noteEditorLabel">Order note</h4>
</div>
<div class="modal-body">
<textarea id="ordernotes" name="ordernotes" rows="3" cols="30" class="focus">[% ordernotes | html %]</textarea>
<input type="hidden" id="ordernumber" name="ordernumber" value="" />
<input type="hidden" name="op" value="save" />
<input type="hidden" id="type" name="type" value="" />
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-default">Save</button>
<button type="button" class="btn btn-link cancel" data-dismiss="modal">Cancel</button>
</div>
</form>
</div>
</div>
</div>
[% MACRO jsinclude BLOCK %]
[% Asset.js("js/acquisitions-menu.js") | $raw %]
[% INCLUDE 'datatables.inc' %]
[% Asset.js("lib/jquery/plugins/jquery.fixFloat.js") | $raw %]
<script type="text/javascript">
function updateColumnsVisibility(visible) {
if ( visible ) {
$("table .tax_excluded, .tax_included").show();
} else {
[% IF ( listincgst ) %]
$("table .tax_excluded").hide();
[% ELSE %]
$("table .tax_included").hide();
[% END %]
}
}
$(document).ready(function() {
if ( $('#toolbar').length ) {$('#toolbar').fixFloat();}
$("#show_all_details").click(function(){
updateColumnsVisibility($(this).is(":checked"));
});
$("#show_all_details").prop('checked', false);
updateColumnsVisibility(false);
[% UNLESS ( closedate ) %]
$('#addtoBasket').on('show', function () {
$(this).find(".modal-body").html($(".acqui_basket_add")[0].outerHTML);
});
[% END %]
$("body").on("click", ".del_user", function(e){
e.preventDefault();
del_user( $(this).data("borrowernumber") );
});
$("#add_user").on("click",function(e){
e.preventDefault();
UserSearchPopup();
});
$(".transfer_order").on("click",function(e){
e.preventDefault();
transfer_order_popup( $(this).data("ordernumber"));
});
$(".edit_note").on("click", function(e) {
e.preventDefault();
var ordernumber = $(this).data("ordernumber");
var note_type = $(this).data("note_type");
var modalTitle = $(this).attr("title") + " (order number " + ordernumber + ")";
var note_text = $( "#" + note_type + "-note-" + ordernumber ).html();
$("#noteEditor .modal-title").text(modalTitle);
$("#ordernumber").val( ordernumber );
$("#ordernotes").html( note_text );
$("#type").val( note_type );
$("#noteEditor").modal("show");
$("#ordernotes").focus();
});
$("#noteEditor").on('hidden.bs.modal', function (e) {
$("#noteEditorLabel").html("");
$("#noteEditor .modal-title").text("");
$("#ordernotes").html( "" );
$("#ordernumber").val("");
$("#type").val("");
});
});
</script>
[% UNLESS ( closedate ) %]
<script type="text/javascript">
function transfer_order_popup(ordernumber) {
var url = "/cgi-bin/koha/acqui/transferorder.pl?"
+ "ordernumber=" + ordernumber
window.open(url, 'TransferOrder','width=600,height=400,toolbar=false,scrollbars=yes');
}
function confirm_ediorder() {
var is_confirmed = confirm(_("Are you sure you want to close this basket and generate an EDIFACT order?"));
if (is_confirmed) {
window.location = "/cgi-bin/koha/acqui/basket.pl?op=edi_confirm&basketno=[% basketno | html %]";
}
}
</script>
[% ELSE %]
<script type="text/javascript">
$(document).ready(function(){
$("#basketgroupid").change(function(){
if($(this).val() == "new"){
location.href="/cgi-bin/koha/acqui/basketgroup.pl?op=add&booksellerid=[% booksellerid | html %]";
}
});
});
</script>
[% UNLESS ( grouped ) %]
<script type="text/javascript">
function confirm_reopen() {
var skip = [% IF ( skip_confirm_reopen ) %] 1 [% ELSE %] 0 [% END %];
var is_confirmed = skip || confirm(_("Are you sure you want to reopen this basket?"));
if (is_confirmed) {
window.location = "/cgi-bin/koha/acqui/basket.pl?op=reopen&basketno=[% basketno | html %]";
}
}
</script>
[% END %]
[% END %]
<script type="text/javascript">
$(document).ready(function() {
var orderst = $("#orders").dataTable($.extend(true, {}, dataTablesDefaults, {
"sPaginationType": "four_button",
[% IF ( active ) %]
"aoColumnDefs": [
[% UNLESS ( closedate ) %]
{ "aTargets": [ -1, -2 ], "bSortable": false, "bSearchable": false },
[% END %]
{ "sType": "anti-the", "aTargets": [ "anti-the" ] }
],
[% END %]
} ) );
var cancelledorderst = $("#cancelledorderst").dataTable($.extend(true, {}, dataTablesDefaults, {
"sPaginationType": "four_button"
} ) );
$("#reopenbutton").on("click",function(e){
e.preventDefault();
confirm_reopen();
});
// Generates a dynamic link for exporting the selections data as CSV
$("#exportbutton, #export-csv-menu a").click(function() {
// Building the url from currently checked boxes
var url = '/cgi-bin/koha/acqui/basket.pl';
url += $('#exportbutton').attr('href');
if($(this).attr("data-value")) {
url += '&amp;csv_profile=' + $(this).attr("data-value");
}
// And redirecting to the CSV page
location.href = url;
return false;
});
});
function UserSearchPopup(f) {
window.open(
"/cgi-bin/koha/acqui/add_user_search.pl",
'UserSearchPopup',
'width=840, height=500, scrollbars=yes, toolbar=no,'
);
}
function add_user(borrowernumber, borrowername) {
var ids = $("#users_ids").val();
if(ids.length > 0) {
ids = ids.split(':');
} else {
ids = new Array;
}
if (ids.indexOf(borrowernumber.toString()) < 0) {
ids.push(borrowernumber);
$("#users_ids").val(ids.join(':'));
var li = '<li id="user_'+borrowernumber+'">'+borrowername
+ ' <a href="#" data-borrowernumber="'+borrowernumber+'" class="del_user"><i class="fa fa-trash"></i> '
+ _("Delete user") + '</a></li>';
$("#users_names").append(li);
return 0;
}
return -1;
}
function del_user(borrowernumber) {
$("#user_"+borrowernumber).remove();
var ids = $("#users_ids").val().split(':');
ids.splice(ids.indexOf(borrowernumber.toString()), 1);
$("#users_ids").val(ids.join(':'));
}
</script>
[% END %]
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink