get_column_type get_distinct_values save_dictionary get_from_dictionary
delete_definition delete_report format_results get_sql
nb_rows update_sql build_authorised_value_list
+ GetReservedAuthorisedValues
+ GetParametersFromSQL
+ IsAuthorisedValueValid
+ ValidateSQLParameters
);
}
-=item get_report_areas()
-
-This will return a list of all the available report areas
-
-=cut
-
-my @REPORT_AREA = (
- [CIRC => "Circulation"],
- [CAT => "Catalogue"],
- [PAT => "Patrons"],
- [ACQ => "Acquisition"],
- [ACC => "Accounts"],
-);
-my $AREA_NAME_SQL_SNIPPET
- = "CASE report_area " .
- join (" ", map "WHEN '$_->[0]' THEN '$_->[1]'", @REPORT_AREA) .
- " END AS areaname";
-sub get_report_areas {
- return \@REPORT_AREA
-}
-
-my %table_areas = (
- CIRC => [ 'borrowers', 'statistics', 'items', 'biblioitems' ],
- CAT => [ 'items', 'biblioitems', 'biblio' ],
- PAT => ['borrowers'],
- ACQ => [ 'aqorders', 'biblio', 'items' ],
- ACC => [ 'borrowers', 'accountlines' ],
-);
-my %keys = (
- CIRC => [ 'statistics.borrowernumber=borrowers.borrowernumber',
- 'items.itemnumber = statistics.itemnumber',
- 'biblioitems.biblioitemnumber = items.biblioitemnumber' ],
- CAT => [ 'items.biblioitemnumber=biblioitems.biblioitemnumber',
- 'biblioitems.biblionumber=biblio.biblionumber' ],
- PAT => [],
- ACQ => [ 'aqorders.biblionumber=biblio.biblionumber',
- 'biblio.biblionumber=items.biblionumber' ],
- ACC => ['borrowers.borrowernumber=accountlines.borrowernumber'],
-);
-
-# have to do someting here to know if its dropdown, free text, date etc
-my %criteria = (
- CIRC => [ 'statistics.type', 'borrowers.categorycode', 'statistics.branch',
- 'biblioitems.publicationyear|date', 'items.dateaccessioned|date' ],
- CAT => [ 'items.itemnumber|textrange', 'items.biblionumber|textrange',
- 'items.barcode|textrange', 'biblio.frameworkcode',
- 'items.holdingbranch', 'items.homebranch',
- 'biblio.datecreated|daterange', 'biblio.timestamp|daterange',
- 'items.onloan|daterange', 'items.ccode',
- 'items.itemcallnumber|textrange', 'items.itype', 'items.itemlost',
- 'items.location' ],
- PAT => [ 'borrowers.branchcode', 'borrowers.categorycode' ],
- ACQ => ['aqorders.datereceived|date'],
- ACC => [ 'borrowers.branchcode', 'borrowers.categorycode' ],
-);
-
-# Adds itemtypes to criteria, according to the syspref
-if ( C4::Context->preference('item-level_itypes') ) {
- unshift @{ $criteria{'CIRC'} }, 'items.itype';
- unshift @{ $criteria{'CAT'} }, 'items.itype';
-} else {
- unshift @{ $criteria{'CIRC'} }, 'biblioitems.itemtype';
- unshift @{ $criteria{'CAT'} }, 'biblioitems.itemtype';
-}
-
=head1 NAME
C4::Reports::Guided - Module for generating guided reports
=head1 METHODS
-=over 2
+=head2 get_report_areas
+
+This will return a list of all the available report areas
=cut
-=item get_report_types()
+sub get_area_name_sql_snippet {
+ my @REPORT_AREA = (
+ [CIRC => "Circulation"],
+ [CAT => "Catalogue"],
+ [PAT => "Patrons"],
+ [ACQ => "Acquisition"],
+ [ACC => "Accounts"],
+ );
+
+ return "CASE report_area " .
+ join (" ", map "WHEN '$_->[0]' THEN '$_->[1]'", @REPORT_AREA) .
+ " END AS areaname";
+}
+
+sub get_report_areas {
+
+ my $report_areas = [ 'CIRC', 'CAT', 'PAT', 'ACQ', 'ACC' ];
+
+ return $report_areas;
+}
+
+sub get_table_areas {
+ return (
+ CIRC => [ 'borrowers', 'statistics', 'items', 'biblioitems' ],
+ CAT => [ 'items', 'biblioitems', 'biblio' ],
+ PAT => ['borrowers'],
+ ACQ => [ 'aqorders', 'biblio', 'items' ],
+ ACC => [ 'borrowers', 'accountlines' ],
+ );
+}
+
+=head2 get_report_types
This will return a list of all the available report types
}
-=item get_report_groups()
+=head2 get_report_groups
This will return a list of all the available report areas with groups
return \%groups_with_subgroups
}
-=item get_all_tables()
+=head2 get_all_tables
This will return a list of all tables in the database
}
-=item get_columns($area)
+=head2 get_columns($area)
This will return a list of all columns for a report area
# this calls the internal fucntion _get_columns
my ( $area, $cgi ) = @_;
+ my %table_areas = get_table_areas;
my $tables = $table_areas{$area}
or die qq{Unsuported report area "$area"};
return (@columns);
}
-=item build_query($columns,$criteria,$orderby,$area)
+=head2 build_query($columns,$criteria,$orderby,$area)
This will build the sql needed to return the results asked for,
$columns is expected to be of the format tablename.columnname.
sub build_query {
my ( $columns, $criteria, $orderby, $area, $totals, $definition ) = @_;
+
+ my %keys = (
+ CIRC => [ 'statistics.borrowernumber=borrowers.borrowernumber',
+ 'items.itemnumber = statistics.itemnumber',
+ 'biblioitems.biblioitemnumber = items.biblioitemnumber' ],
+ CAT => [ 'items.biblioitemnumber=biblioitems.biblioitemnumber',
+ 'biblioitems.biblionumber=biblio.biblionumber' ],
+ PAT => [],
+ ACQ => [ 'aqorders.biblionumber=biblio.biblionumber',
+ 'biblio.biblionumber=items.biblionumber' ],
+ ACC => ['borrowers.borrowernumber=accountlines.borrowernumber'],
+ );
+
+
### $orderby
my $keys = $keys{$area};
+ my %table_areas = get_table_areas;
my $tables = $table_areas{$area};
my $sql =
return ($query);
}
-=item get_criteria($area,$cgi);
+=head2 get_criteria($area,$cgi);
Returns an arraref to hashrefs suitable for using in a tmpl_loop. With the criteria and available values.
sub get_criteria {
my ($area,$cgi) = @_;
my $dbh = C4::Context->dbh();
+
+ # have to do someting here to know if its dropdown, free text, date etc
+ my %criteria = (
+ CIRC => [ 'statistics.type', 'borrowers.categorycode', 'statistics.branch',
+ 'biblioitems.publicationyear|date', 'items.dateaccessioned|date' ],
+ CAT => [ 'items.itemnumber|textrange', 'items.biblionumber|textrange',
+ 'items.barcode|textrange', 'biblio.frameworkcode',
+ 'items.holdingbranch', 'items.homebranch',
+ 'biblio.datecreated|daterange', 'biblio.timestamp|daterange',
+ 'items.onloan|daterange', 'items.ccode',
+ 'items.itemcallnumber|textrange', 'items.itype', 'items.itemlost',
+ 'items.location' ],
+ PAT => [ 'borrowers.branchcode', 'borrowers.categorycode' ],
+ ACQ => ['aqorders.datereceived|date'],
+ ACC => [ 'borrowers.branchcode', 'borrowers.categorycode' ],
+ );
+
+ # Adds itemtypes to criteria, according to the syspref
+ if ( C4::Context->preference('item-level_itypes') ) {
+ unshift @{ $criteria{'CIRC'} }, 'items.itype';
+ unshift @{ $criteria{'CAT'} }, 'items.itype';
+ } else {
+ unshift @{ $criteria{'CIRC'} }, 'biblioitems.itemtype';
+ unshift @{ $criteria{'CAT'} }, 'biblioitems.itemtype';
+ }
+
+
my $crit = $criteria{$area};
my $column_defs = _get_column_defs($cgi);
my @criteria_array;
return ( \@criteria_array );
}
-sub nb_rows($) {
+sub nb_rows {
my $sql = shift or return;
my $sth = C4::Context->dbh->prepare($sql);
$sth->execute();
return scalar (@$rows);
}
-=item execute_query
+=head2 execute_query
+
+ ($sth, $error) = execute_query($sql, $offset, $limit[, \@sql_params])
- ($results, $error) = execute_query($sql, $offset, $limit)
+This function returns a DBI statement handler from which the caller can
+fetch the results of the SQL passed via C<$sql>.
-When passed C<$sql>, this function returns an array ref containing a result set
-suitably formatted for display in html or for output as a flat file when passed in
-C<$format> and C<$id>. It also returns the C<$total> records available for the
-supplied query. If passed any query other than a SELECT, or if there is a db error,
-C<$errors> an array ref is returned containing the error after this manner:
+If passed any query other than a SELECT, or if there is a DB error,
+C<$errors> is returned, and is a hashref containing the error after this
+manner:
C<$error->{'sqlerr'}> contains the offending SQL keyword.
-C<$error->{'queryerr'}> contains the native db engine error returned for the query.
+C<$error->{'queryerr'}> contains the native db engine error returned
+for the query.
-Valid values for C<$format> are 'text,' 'tab,' 'csv,' or 'url. C<$sql>, C<$type>,
-C<$offset>, and C<$limit> are required parameters. If a valid C<$format> is passed
-in, C<$offset> and C<$limit> are ignored for obvious reasons. A LIMIT specified by
-the user in a user-supplied SQL query WILL apply in any case.
+C<$offset>, and C<$limit> are required parameters.
+
+C<\@sql_params> is an optional list of parameter values to paste in.
+The caller is reponsible for making sure that C<$sql> has placeholders
+and that the number placeholders matches the number of parameters.
=cut
# ~ remove any LIMIT clause
# ~ repace SELECT clause w/ SELECT count(*)
-sub select_2_select_count ($) {
+sub select_2_select_count {
# Modify the query passed in to create a count query... (I think this covers all cases -crn)
my ($sql) = strip_limit(shift) or return;
$sql =~ s/\bSELECT\W+(?:\w+\W+){1,}?FROM\b|\bSELECT\W\*\WFROM\b/SELECT count(*) FROM /ig;
}
}
-sub execute_query ($;$$$) {
+sub execute_query {
+
+ my ( $sql, $offset, $limit, $sql_params ) = @_;
- my ( $sql, $offset, $limit, $no_count ) = @_;
+ $sql_params = [] unless defined $sql_params;
# check parameters
unless ($sql) {
$sql .= " LIMIT ?, ?";
my $sth = C4::Context->dbh->prepare($sql);
- $sth->execute($offset, $limit);
+ $sth->execute(@$sql_params, $offset, $limit);
+ return ( $sth, { queryerr => $sth->errstr } ) if ($sth->err);
return ( $sth );
# my @xmlarray = ... ;
# my $url = "/cgi-bin/koha/reports/guided_reports.pl?phase=retrieve%20results&id=$id";
# store_results($id,$xml);
}
-=item save_report($sql,$name,$type,$notes)
+=head2 save_report($sql,$name,$type,$notes)
Given some sql and a name this will saved it so that it can reused
Returns id of the newly created report
}
sub delete_report {
- my ($id) = @_;
- my $dbh = C4::Context->dbh();
- my $query = "DELETE FROM saved_sql WHERE id = ?";
- my $sth = $dbh->prepare($query);
- $sth->execute($id);
-}
+ my (@ids) = @_;
+ return unless @ids;
+ my $dbh = C4::Context->dbh;
+ my $query = 'DELETE FROM saved_sql WHERE id IN (' . join( ',', ('?') x @ids ) . ')';
+ my $sth = $dbh->prepare($query);
+ return $sth->execute(@ids);
+}
+sub get_saved_reports_base_query {
-my $SAVED_REPORTS_BASE_QRY = <<EOQ;
-SELECT s.*, r.report, r.date_run, $AREA_NAME_SQL_SNIPPET, av_g.lib AS groupname, av_sg.lib AS subgroupname,
+ my $area_name_sql_snippet = get_area_name_sql_snippet;
+ return <<EOQ;
+SELECT s.*, r.report, r.date_run, $area_name_sql_snippet, av_g.lib AS groupname, av_sg.lib AS subgroupname,
b.firstname AS borrowerfirstname, b.surname AS borrowersurname
FROM saved_sql s
LEFT JOIN saved_reports r ON r.report_id = s.id
LEFT OUTER JOIN authorised_values av_sg ON (av_sg.category = 'REPORT_SUBGROUP' AND av_sg.lib_opac = s.report_group AND av_sg.authorised_value = s.report_subgroup)
LEFT OUTER JOIN borrowers b USING (borrowernumber)
EOQ
-my $DATE_FORMAT = "%d/%m/%Y";
+}
+
sub get_saved_reports {
# $filter is either { date => $d, author => $a, keyword => $kw, }
# or $keyword. Optional.
my ($group, $subgroup) = @_;
my $dbh = C4::Context->dbh();
- my $query = $SAVED_REPORTS_BASE_QRY;
+ my $query = get_saved_reports_base_query;
my (@cond,@args);
if ($filter) {
if (my $date = $filter->{date}) {
$query .= " ORDER by date_created";
my $result = $dbh->selectall_arrayref($query, {Slice => {}}, @args);
- $_->{date_created} = format_date($_->{date_created}) foreach @$result;
return $result;
}
return $dbh->selectrow_hashref($query, undef, $report_arg);
}
-=item create_compound($masterID,$subreportID)
+=head2 create_compound($masterID,$subreportID)
This will take 2 reports and create a compound report using both of them
return ( $mastertables, $subtables );
}
-=item get_column_type($column)
+=head2 get_column_type($column)
This takes a column name of the format table.column and will return what type it is
(free text, set values, date)
}
}
-=item get_distinct_values($column)
+=head2 get_distinct_values($column)
Given a column name, return an arrary ref of hashrefs suitable for use as a tmpl_loop
with the distinct values of the column
return 1;
}
-my $DICTIONARY_BASE_QRY = <<EOQ;
-SELECT d.*, $AREA_NAME_SQL_SNIPPET
-FROM reports_dictionary d
-EOQ
sub get_from_dictionary {
my ( $area, $id ) = @_;
my $dbh = C4::Context->dbh();
- my $query = $DICTIONARY_BASE_QRY;
+ my $area_name_sql_snippet = get_area_name_sql_snippet;
+ my $query = <<EOQ;
+SELECT d.*, $area_name_sql_snippet
+FROM reports_dictionary d
+EOQ
+
if ($area) {
$query .= " WHERE report_area = ?";
} elsif ($id) {
}
sub _get_column_defs {
- my ($cgi) = @_;
- my %columns;
- my $columns_def_file = "columns.def";
- my $htdocs = C4::Context->config('intrahtdocs');
- my $section='intranet';
- my ($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, $columns_def_file, $section,$cgi);
-
- my $full_path_to_columns_def_file="$htdocs/$theme/$lang/$columns_def_file";
- open (COLUMNS,$full_path_to_columns_def_file);
- while (my $input = <COLUMNS>){
- chomp $input;
- my @row =split(/\t/,$input);
- $columns{$row[0]}= $row[1];
- }
-
- close COLUMNS;
- return \%columns;
+ my ($cgi) = @_;
+ my %columns;
+ my $columns_def_file = "columns.def";
+ my $htdocs = C4::Context->config('intrahtdocs');
+ my $section = 'intranet';
+
+ # We need the theme and the lang
+ # Since columns.def is not in the modules directory, we cannot sent it for the $tmpl var
+ my ($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, 'about.tt', $section, $cgi);
+
+ my $full_path_to_columns_def_file="$htdocs/$theme/$lang/$columns_def_file";
+ open (my $fh, $full_path_to_columns_def_file);
+ while ( my $input = <$fh> ){
+ chomp $input;
+ if ( $input =~ m|<field name="(.*)">(.*)</field>| ) {
+ my ( $field, $translation ) = ( $1, $2 );
+ $columns{$field} = $translation;
+ }
+ }
+ close $fh;
+ return \%columns;
}
-=item build_authorised_value_list($authorised_value)
+=head2 build_authorised_value_list($authorised_value)
Returns an arrayref - hashref pair. The hashref consists of
various code => name lists depending on the $authorised_value.
return (\@authorised_values, \%authorised_lib);
}
+=head2 GetReservedAuthorisedValues
+
+ my %reserved_authorised_values = GetReservedAuthorisedValues();
+
+Returns a hash containig all reserved words
+
+=cut
+
+sub GetReservedAuthorisedValues {
+ my %reserved_authorised_values =
+ map { $_ => 1 } ( 'date',
+ 'branches',
+ 'itemtypes',
+ 'cn_source',
+ 'categorycode' );
+
+ return \%reserved_authorised_values;
+}
+
+
+=head2 IsAuthorisedValueValid
+
+ my $is_valid_ath_value = IsAuthorisedValueValid($authorised_value)
+
+Returns 1 if $authorised_value is on the reserved authorised values list or
+in the authorised value categories defined in
+
+=cut
+
+sub IsAuthorisedValueValid {
+
+ my $authorised_value = shift;
+ my $reserved_authorised_values = GetReservedAuthorisedValues();
+
+ if ( exists $reserved_authorised_values->{$authorised_value} ||
+ IsAuthorisedValueCategory($authorised_value) ) {
+ return 1;
+ }
+
+ return 0;
+}
+
+=head2 GetParametersFromSQL
+
+ my @sql_parameters = GetParametersFromSQL($sql)
+
+Returns an arrayref of hashes containing the keys name and authval
+
+=cut
+
+sub GetParametersFromSQL {
+
+ my $sql = shift ;
+ my @split = split(/<<|>>/,$sql);
+ my @sql_parameters = ();
+
+ for ( my $i = 0; $i < ($#split/2) ; $i++ ) {
+ my ($name,$authval) = split(/\|/,$split[$i*2+1]);
+ push @sql_parameters, { 'name' => $name, 'authval' => $authval };
+ }
+
+ return \@sql_parameters;
+}
+
+=head2 ValidateSQLParameters
+
+ my @problematic_parameters = ValidateSQLParameters($sql)
+
+Returns an arrayref of hashes containing the keys name and authval of
+those SQL parameters that do not correspond to valid authorised names
+
+=cut
+
+sub ValidateSQLParameters {
+
+ my $sql = shift;
+ my @problematic_parameters = ();
+ my $sql_parameters = GetParametersFromSQL($sql);
+
+ foreach my $sql_parameter (@$sql_parameters) {
+ if ( defined $sql_parameter->{'authval'} ) {
+ push @problematic_parameters, $sql_parameter unless
+ IsAuthorisedValueValid($sql_parameter->{'authval'});
+ }
+ }
+
+ return \@problematic_parameters;
+}
+
1;
__END__
-=back
-
=head1 AUTHOR
Chris Cormack <crc@liblime.com>