From 4fd1bc729f84a43227eb15d4e5e59158c9519ba0 Mon Sep 17 00:00:00 2001
From: Tomas Cohen Arazi <tomascohen@theke.io>
Date: Tue, 30 Jan 2024 11:55:16 -0300
Subject: [PATCH] Bug 34478: Manual fix - Course reserves

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
---
 course_reserves/course-details.pl             | 27 ++++++------
 course_reserves/mod_course.pl                 | 15 ++++---
 .../modules/course_reserves/course-details.tt | 43 ++++++++++++++++---
 .../prog/en/modules/course_reserves/course.tt |  7 ++-
 4 files changed, 63 insertions(+), 29 deletions(-)

diff --git a/course_reserves/course-details.pl b/course_reserves/course-details.pl
index c5d74f950e..b2ca9e8c87 100755
--- a/course_reserves/course-details.pl
+++ b/course_reserves/course-details.pl
@@ -22,36 +22,36 @@ use Modern::Perl;
 
 use CGI qw ( -utf8 );
 
-use C4::Auth qw( get_template_and_user );
+use C4::Auth   qw( get_template_and_user );
 use C4::Output qw( output_html_with_http_headers );
 
 use C4::CourseReserves qw( DelCourse DelCourseReserve GetCourse GetCourseReserve GetCourseReserves );
 
 my $cgi = CGI->new;
 
-my $action = $cgi->param('action') || '';
+my $op        = $cgi->param('op') || '';
 my $course_id = $cgi->param('course_id');
 
 my $flagsrequired;
-$flagsrequired->{coursereserves} = 'delete_reserves' if ( $action eq 'del_reserve' or $action eq 'rm_all' );
+$flagsrequired->{coursereserves} = 'delete_reserves' if ( $op eq 'cud-del_reserve' or $op eq 'cud-rm_all' );
 
 my $tmpl = ($course_id) ? "course-details.tt" : "invalid-course.tt";
 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
-    {   template_name   => "course_reserves/$tmpl",
-        query           => $cgi,
-        type            => "intranet",
-        flagsrequired   => $flagsrequired,
+    {
+        template_name => "course_reserves/$tmpl",
+        query         => $cgi,
+        type          => "intranet",
+        flagsrequired => $flagsrequired,
     }
 );
 
-if ( $action eq 'del_reserve' ) {
+if ( $op eq 'cud-del_reserve' ) {
     DelCourseReserve( cr_id => scalar $cgi->param('cr_id') );
-}
-elsif ( $action eq 'rm_all' ) {
-    my $course_res = GetCourseReserves(course_id => $course_id);
+} elsif ( $op eq 'cud-rm_all' ) {
+    my $course_res = GetCourseReserves( course_id => $course_id );
     foreach my $cr (@$course_res) {
-        if(exists $cr->{'cr_id'}) {
-            DelCourseReserve(cr_id => $cr->{cr_id});
+        if ( exists $cr->{'cr_id'} ) {
+            DelCourseReserve( cr_id => $cr->{cr_id} );
         }
     }
 }
@@ -66,7 +66,6 @@ my $course_reserves = GetCourseReserves(
 $template->param(
     course          => $course,
     course_reserves => $course_reserves,
-    user            => Koha::Patrons->find( $loggedinuser ),
 );
 
 output_html_with_http_headers $cgi, $cookie, $template->output;
diff --git a/course_reserves/mod_course.pl b/course_reserves/mod_course.pl
index 48d7d1c3bc..a29e141ac2 100755
--- a/course_reserves/mod_course.pl
+++ b/course_reserves/mod_course.pl
@@ -29,15 +29,15 @@ use C4::CourseReserves qw( DelCourse ModCourse ModCourseInstructors );
 
 my $cgi = CGI->new;
 
-checkauth($cgi, 0, { coursereserves => 'manage_courses' }, 'intranet');
+checkauth( $cgi, 0, { coursereserves => 'manage_courses' }, 'intranet' );
 
-my $action = $cgi->param('action') || '';
+my $op        = $cgi->param('op') || '';
 my $course_id = $cgi->param('course_id');
 
-if ( $action eq 'cud-del' ) {
-    DelCourse( $course_id );
+if ( $op eq 'cud-del' ) {
+    DelCourse($course_id);
     print $cgi->redirect("/cgi-bin/koha/course_reserves/course-reserves.pl");
-} else {
+} elsif ( $op eq 'cud-update' or $op eq 'cud-add' ) {
     my %params;
 
     $params{'course_id'}      = $course_id;
@@ -55,9 +55,10 @@ if ( $action eq 'cud-del' ) {
 
     my @instructors = $cgi->multi_param('instructors');
     ModCourseInstructors(
-        mode        => 'replace',
+        mode            => 'replace',
         borrowernumbers => \@instructors,
-        course_id   => $new_course_id
+        course_id       => $new_course_id
     );
+
     print $cgi->redirect("/cgi-bin/koha/course_reserves/course-details.pl?course_id=$new_course_id");
 }
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course-details.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course-details.tt
index dee719c6a4..dfcb472ba6 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course-details.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course-details.tt
@@ -61,13 +61,23 @@
                     <a class="btn btn-default" id="add_items" href="/cgi-bin/koha/course_reserves/batch_add_items.pl?course_id=[% course.course_id | html %]"><i class="fa fa-plus"></i> Batch add reserves</a>
                 [% END %]
                 [% IF CAN_user_coursereserves_delete_reserves && course_reserves %]
-                    <a class="btn btn-default" id="rm_items" href="/cgi-bin/koha/course_reserves/course-details.pl?course_id=[% course.course_id | html %]&amp;action=rm_all"><i class="fa fa-minus"></i> Remove all reserves</a>
+                    <form id="rm_items" method="post" action="/cgi-bin/koha/course_reserves/course-details.pl">
+                        [% INCLUDE 'csrf-token.inc' %]
+                        <input type="hidden" name="op" value="cud-rm_all" />
+                        <input type="hidden" name="course_id" value="[% course.course_id | html %]" />
+                    </form>
+                    <a href="#" id="rm_items_button" class="btn btn-default"><i class="fa fa-minus"></i> Remove all reserves</a>
                 [% END %]
                 [% IF ( CAN_user_coursereserves_manage_courses ) %]
                     <a class="btn btn-default" id="edit_course" href="/cgi-bin/koha/course_reserves/course.pl?course_id=[% course.course_id | html %]"><i class="fa-solid fa-pencil" aria-hidden="true"></i> Edit course</a>
                 [% END %]
                 [% IF ( CAN_user_coursereserves_manage_courses ) %]
-                    <a class="btn btn-default" id="delete_course" href="/cgi-bin/koha/course_reserves/mod_course.pl?course_id=[% course.course_id | html %]&amp;action=del"><i class="fa fa-trash-can"></i> Delete course</a>
+                    <form id="delete_course" method="post" action="/cgi-bin/koha/course_reserves/mod_course.pl">
+                        [% INCLUDE 'csrf-token.inc' %]
+                        <input type="hidden" name="op" value="cud-del" />
+                        <input type="hidden" name="course_id" value="[% course.course_id | html %]" />
+                    </form>
+                    <a href="#" id="delete_course_button" class="btn btn-default"><i class="fa fa-trash-can"></i> Delete course</a>
                 [% END %]
             </div><!-- /toolbar -->
             [% END %]
@@ -293,13 +303,18 @@
 
                                     [% IF CAN_user_coursereserves_add_reserves || CAN_user_coursereserves_delete_reserves %]
                                         <td class="actions">
-                                            [% IF CAN_user_coursereserves_add_reserves && user.can_edit_items_from( cr.item.homebranch ) %]
+                                            [% IF CAN_user_coursereserves_add_reserves && logged_in_user.can_edit_items_from( cr.item.homebranch ) %]
                                                 <a class="btn btn-default btn-xs" href="add_items.pl?course_id=[% course.course_id | html %]&amp;itemnumber=[% cr.item.itemnumber | html %]&amp;biblionumber=[% cr.biblio.biblionumber | html %]&amp;action=lookup&amp;return=[% course.course_id | html %]&amp;is_edit=1"><i class="fa-solid fa-pencil" aria-hidden="true"></i> Edit</a>
                                             [% END %]
 
                                             [% IF CAN_user_coursereserves_delete_reserves %]
-                                                <a class="btn btn-default btn-xs delete_item" href="course-details.pl?course_id=[% course.course_id | html %]&amp;action=del_reserve&amp;cr_id=[% cr.cr_id | html %]">
-                                                <i class="fa fa-trash-can"></i> Remove</a>
+                                                <form id="del_reserve_[% cr.cr_id | html %]" method="post" action="/cgi-bin/koha/course_reserves/course-details.pl" class="validated">
+                                                    [% INCLUDE 'csrf-token.inc' %]
+                                                    <input type="hidden" name="op" value="cud-del_reserve" />
+                                                    <input type="hidden" name="course_id" value="[% course.course_id | html %]" />
+                                                    <input type="hidden" name="cr_id" value="[% cr.cr_id | html %]" />
+                                                </form>
+                                                <a href="#" class="btn btn-default btn-xs delete_item" data-cr-id="[% cr.cr_id | html %]"><i class="fa fa-trash-can"></i> Remove</a>
                                             [% END %]
                                         </td>
                                     [% END %]
@@ -318,13 +333,27 @@
     <script>
         var table_settings = [% TablesSettings.GetTableSettings( 'coursereserves', 'reserves', 'course_reserves_table', 'json' ) | $raw %];
         $(document).ready(function(){
+
+            $("#delete_course_button").on( 'click', function(e){
+                e.preventDefault();
+                $('#delete_course').submit();
+            });
+            $("#rm_items_button").on( 'click', function(e){
+                e.preventDefault();
+                $('#rm_items').submit();
+            });
+
             var rtable = KohaTable("course_reserves_table", {
                 "pagingType": "full",
                 "autoWidth": false,
             }, table_settings );
 
-            $(".delete_item").click(function(){
-                return confirmDelete(_("Are you sure you want to remove this item from the course?"));
+            $(".delete_item").on( 'click', function(e){
+                e.preventDefault();
+                if (confirmDelete(_("Are you sure you want to remove this item from the course?") )) {
+                    cr_id = $(this).data('cr-id');
+                    $("#del_reserve_" + cr_id ).submit();
+                }
             });
 
             $("#rm_items").click(function(){
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course.tt
index b7971c4957..132eae27e6 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course.tt
@@ -60,7 +60,12 @@
 
             <form method="post" action="/cgi-bin/koha/course_reserves/mod_course.pl" class="validated">
                 [% INCLUDE 'csrf-token.inc' %]
-                [% IF course_id %]<input type="hidden" name="course_id" value="[% course_id | html %]" />[% END %]
+                [% IF course_id %]
+                    <input type="hidden" name="course_id" value="[% course_id | html %]" />
+                    <input type="hidden" name="op" value="cud-update" />
+                [% ELSE %]
+                    <input type="hidden" name="op" value="cud-add" />
+                [% END %]
                 <fieldset class="rows">
                     <legend>[% IF course_id %]Edit course[% ELSE %]Create course[% END %]</legend>
                     <ol>
-- 
2.39.2