From 5d22c28ea2cea7f505c32e4447ed5fc98aeed40a Mon Sep 17 00:00:00 2001 From: hdl Date: Thu, 28 Jul 2005 07:52:02 +0000 Subject: [PATCH] Implementing Independancy Branches management : - Trying to get a basket not owned by so of his own branch leads to mainpage. - Lists onlys ths baskets owned by someon of user's brach. Auth.pm now sends a cookie with userenv informations. --- C4/Acquisition.pm | 65 +++++++++++++++++++++++++++++++++-------------- C4/Auth.pm | 2 -- acqui/acquire.pl | 2 +- acqui/basket.pl | 16 +++++++++++- 4 files changed, 62 insertions(+), 23 deletions(-) diff --git a/C4/Acquisition.pm b/C4/Acquisition.pm index 2330d4acd0..69aec8fbbe 100644 --- a/C4/Acquisition.pm +++ b/C4/Acquisition.pm @@ -81,7 +81,7 @@ get all basket informations in aqbasket for a given basket sub getbasket { my ($basketno)=@_; my $dbh=C4::Context->dbh; - my $sth=$dbh->prepare("select aqbasket.*,borrowers.firstname+' '+borrowers.surname as authorisedbyname from aqbasket left join borrowers on aqbasket.authorisedby=borrowers.borrowernumber where basketno=?"); + my $sth=$dbh->prepare("select aqbasket.*,borrowers.firstname+' '+borrowers.surname as authorisedbyname, borrowers.branchcode as branch from aqbasket left join borrowers on aqbasket.authorisedby=borrowers.borrowernumber where basketno=?"); $sth->execute($basketno); return($sth->fetchrow_hashref); } @@ -391,14 +391,24 @@ Results are ordered from most to least recent. sub getorders { my ($supplierid)=@_; my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("Select count(*),authorisedby,creationdate,aqbasket.basketno, - closedate,surname,firstname - from aqorders - left join aqbasket on aqbasket.basketno=aqorders.basketno - left join borrowers on aqbasket.authorisedby=borrowers.borrowernumber - where booksellerid=? and (quantity > quantityreceived or - quantityreceived is NULL) and datecancellationprinted is NULL - group by basketno order by aqbasket.basketno"); + + my $strsth ="Select count(*),authorisedby,creationdate,aqbasket.basketno, +closedate,surname,firstname +from aqorders +left join aqbasket on aqbasket.basketno=aqorders.basketno +left join borrowers on aqbasket.authorisedby=borrowers.borrowernumber +where booksellerid=? and (quantity > quantityreceived or +quantityreceived is NULL) and datecancellationprinted is NULL "; + + if (C4::Context->preference("IndependantBranches")) { + my $userenv = C4::Context->userenv; + unless ($userenv->{flags} == 1){ + $strsth .= " and (borrowers.branchcode = '".$userenv->{branch}."' or borrowers.branchcode ='')"; + } + } + $strsth.=" group by basketno order by aqbasket.basketno"; + warn "getorders :".$strsth; + my $sth=$dbh->prepare($strsth); $sth->execute($supplierid); my @results = (); while (my $data=$sth->fetchrow_hashref){ @@ -480,15 +490,24 @@ sub getallorders { my ($supid)=@_; my $dbh = C4::Context->dbh; my @results = (); - my $sth=$dbh->prepare("Select * from aqorders,biblio,biblioitems,aqbasket where aqbasket.basketno=aqorders.basketno - and booksellerid=? - and (cancelledby is NULL or cancelledby = '') + my $strsth="Select * from aqorders,biblio,biblioitems,aqbasket "; + $strsth .= ",borrowers " if (C4::Context->preference("IndependantBranches")); + $strsth .=" where aqorders.basketno=aqbasket.basketno and aqbasket.booksellerid=aqbooksellers.id and biblio.biblionumber=aqorders.biblionumber "; + $strsth .= " and aqbasket.authorisedby=borrowers.borrowernumber" if (C4::Context->preference("IndependantBranches")); + $strsth.=" and booksellerid=? and (cancelledby is NULL or cancelledby = '') and (quantityreceived < quantity or quantityreceived is NULL) and biblio.biblionumber=aqorders.biblionumber and biblioitems.biblioitemnumber= - aqorders.biblioitemnumber - group by aqorders.biblioitemnumber + aqorders.biblioitemnumber"; + if (C4::Context->preference("IndependantBranches")) { + my $userenv = C4::Context->userenv; + unless ($userenv->{flags} == 1){ + $strsth .= " and (borrowers.branchcode = '".$userenv->{branch}."' or borrowers.branchcode ='')"; + } + } + $strsth .= "group by aqorders.biblioitemnumber order by - biblio.title"); + biblio.title"; + my $sth=$dbh->prepare($strsth); $sth->execute($supid); while (my $data=$sth->fetchrow_hashref){ push(@results,$data); @@ -599,15 +618,23 @@ sub ordersearch { sub histsearch { my ($title,$author,$name,$from_placed_on,$to_placed_on)=@_; my $dbh= C4::Context->dbh; - my $query = "select biblio.title,aqorders.basketno,name,aqbasket.creationdate,aqorders.datereceived, aqorders.quantity, aqorders.ecost from aqorders,aqbasket,aqbooksellers,biblio -where aqorders.basketno=aqbasket.basketno and aqbasket.booksellerid=aqbooksellers.id and -biblio.biblionumber=aqorders.biblionumber"; + my $query = "select biblio.title,aqorders.basketno,name,aqbasket.creationdate,aqorders.datereceived, aqorders.quantity, aqorders.ecost from aqorders,aqbasket,aqbooksellers,biblio"; + + $query .= ",borrowers " if (C4::Context->preference("IndependantBranches")); + $query .=" where aqorders.basketno=aqbasket.basketno and aqbasket.booksellerid=aqbooksellers.id and biblio.biblionumber=aqorders.biblionumber "; + $query .= " and aqbasket.authorisedby=borrowers.borrowernumber" if (C4::Context->preference("IndependantBranches")); $query .= " and biblio.title like ".$dbh->quote("%".$title."%") if $title; $query .= " and biblio.author like ".$dbh->quote("%".$author."%") if $author; $query .= " and name like ".$dbh->quote("%".$name."%") if $name; $query .= " and creationdate >" .$dbh->quote($from_placed_on) if $from_placed_on; $query .= " and creationdate<".$dbh->quote($to_placed_on) if $to_placed_on; - warn "C4:Acquisition : ".$query; + if (C4::Context->preference("IndependantBranches")) { + my $userenv = C4::Context->userenv; + unless ($userenv->{flags} == 1){ + $query .= " and (borrowers.branchcode = '".$userenv->{branch}."' or borrowers.branchcode ='')"; + } + } +# warn "C4:Acquisition : ".$query; my $sth = $dbh->prepare($query); $sth->execute; my @order_loop; diff --git a/C4/Auth.pm b/C4/Auth.pm index 8daa6e1196..367b0a6ce6 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -494,8 +494,6 @@ sub checkpw { } } if ($userid eq C4::Context->config('user') && $password eq C4::Context->config('pass')) { - # Koha superuser account - warn "setuserenv3"; return 2; } if ($userid eq 'demo' && $password eq 'demo' && C4::Context->config('demo')) { diff --git a/acqui/acquire.pl b/acqui/acquire.pl index 7bad0aa6c9..44facdf70f 100755 --- a/acqui/acquire.pl +++ b/acqui/acquire.pl @@ -60,7 +60,7 @@ my ($template, $loggedinuser, $cookie) }); $template->param($count); my $sthtemp = $dbh->prepare("Select flags, branchcode from borrowers where borrowernumber = ?"); -$sthtemp->execute($borrowernumber); +$sthtemp->execute($loggedinuser); my ($flags, $homebranch)=$sthtemp->fetchrow; if ($count == 1){ diff --git a/acqui/basket.pl b/acqui/basket.pl index b7ac6b15f8..3ac1257e85 100755 --- a/acqui/basket.pl +++ b/acqui/basket.pl @@ -35,7 +35,7 @@ use C4::Acquisition; use C4::Date; my $query =new CGI; -my $basketno = $query ->param('basket'); +my $basketno = $query->param('basket'); my $booksellerid = $query->param('supplierid'); my $order = $query->param('order'); my ($template, $loggedinuser, $cookie) @@ -48,6 +48,7 @@ my ($template, $loggedinuser, $cookie) }); my ($count,@results); + my $basket = getbasket($basketno); # FIXME : the query->param('supplierid') below is probably useless. The bookseller is always known from the basket # if no booksellerid in parameter, get it from basket @@ -56,6 +57,19 @@ $booksellerid = $basket->{booksellerid} unless $booksellerid; my ($count2,@booksellers)=bookseller($booksellerid); # get librarian branch... +if (C4::Context->preference("IndependantBranches")) { + my $userenv = C4::Context->userenv; + unless ($userenv->{flags} == 1){ + my $validtest = ($basket->{creationdate} = "") + || ($userenv->{branch} eq $basket->{branch}) + || ($userenv->{branch} = '') + || ($basket->{branch} = ''); + unless ($validtest) { + print $query->redirect("../mainpage.pl"); + exit 1; + } + } +} # if new basket, pre-fill infos $basket->{creationdate} = "" unless ($basket->{creationdate}); -- 2.39.5