3 # This file is part of Koha.
5 # Copyright 2015 BibLibre
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
24 use C4::Auth qw( get_template_and_user );
25 use C4::Output qw( output_and_exit output_html_with_http_headers );
32 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
33 { template_name => 'members/apikeys.tt',
36 flagsrequired => { borrowers => 'edit_borrowers' },
41 my $patron_id = $cgi->param('patron_id') // '';
42 my $api_key = $cgi->param('key') // '';
44 $patron = Koha::Patrons->find($patron_id) if $patron_id;
46 if ( not defined $patron or
47 not C4::Context->preference('RESTOAuth2ClientCredentials') ) {
49 # patron_id invalid -> exit
50 print $cgi->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
54 if( $patron_id != $loggedinuser && !C4::Context->IsSuperLibrarian() ) {
55 # not the owner of the account viewing/editing own API keys, nor superlibrarian -> exit
56 print $cgi->redirect("/cgi-bin/koha/errors/403.pl"); # escape early
60 my $op = $cgi->param('op') // '';
63 if ( $op eq 'cud-generate' ) {
64 my $description = $cgi->param('description') // '';
65 my $api_key = Koha::ApiKey->new(
66 { patron_id => $patron_id,
67 description => $description
73 fresh_api_key => $api_key,
74 api_keys => Koha::ApiKeys->search({ patron_id => $patron_id }),
78 if ( $op eq 'cud-delete' ) {
79 my $api_key_id = $cgi->param('key');
80 my $key = Koha::ApiKeys->find({ patron_id => $patron_id, client_id => $api_key_id });
84 print $cgi->redirect( '/cgi-bin/koha/members/apikeys.pl?patron_id=' . $patron_id );
88 if ( $op eq 'cud-revoke' ) {
89 my $api_key_id = $cgi->param('key');
90 my $key = Koha::ApiKeys->find({ patron_id => $patron_id, client_id => $api_key_id });
95 print $cgi->redirect( '/cgi-bin/koha/members/apikeys.pl?patron_id=' . $patron_id );
99 if ( $op eq 'cud-activate' ) {
100 my $api_key_id = $cgi->param('key');
101 my $key = Koha::ApiKeys->find({ patron_id => $patron_id, client_id => $api_key_id });
106 print $cgi->redirect( '/cgi-bin/koha/members/apikeys.pl?patron_id=' . $patron_id );
112 api_keys => Koha::ApiKeys->search({ patron_id => $patron_id }),
116 output_html_with_http_headers $cgi, $cookie, $template->output;