Bug 7295: More granular permissions for baskets

[koha.git] / acqui / booksellers.pl
diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl

index 0918f5d..80a42f1 100755 (executable)
--- a/acqui/booksellers.pl
+++ b/acqui/booksellers.pl
@@ -4,6 +4,7 @@
  
  # Copyright 2000-2002 Katipo Communications
  # Copyright 2008-2009 BibLibre SARL
+# Copyright 2010 PTFS Europe
  #
  # This file is part of Koha.
  #
@@ -20,14 +21,13 @@
  # with Koha; if not, write to the Free Software Foundation, Inc.,
  # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  
-
  =head1 NAME
  
  booksellers.pl
  
  =head1 DESCRIPTION
  
-this script displays the list of suppliers & orders like C<$supplier> given on input arg.
+this script displays the list of suppliers & baskets like C<$supplier> given on input arg.
  thus, this page brings differents features like to display supplier's details,
  to add an order for a specific supplier or to just add a new supplier.
  
@@ -37,98 +37,123 @@ to add an order for a specific supplier or to just add a new supplier.
  
  =item supplier
  
-C<$supplier> is the suplier we have to search order.
-=back
+C<$supplier> is the string with which we search for a supplier
  
-=item op
+=back
  
-C<OP> can be equals to 'close' if we have to close a basket before building the page.
+=over 4
  
-=item basket
+=item id or booksellerid
  
-the C<basket> we have to close if op is equal to 'close'.
+The id of the supplier whose baskets we will display
  
  =back
  
  =cut
  
  use strict;
-#use warnings; FIXME - Bug 2505
+use warnings;
  use C4::Auth;
  use C4::Biblio;
+use C4::Budgets;
  use C4::Output;
  use CGI;
  
-
-use C4::Acquisition;
-use C4::Dates qw/format_date/;
+use C4::Acquisition qw/ GetBasketsInfosByBookseller CanUserManageBasket /;
  use C4::Bookseller qw/ GetBookSellerFromId GetBookSeller /;
  use C4::Members qw/GetMember/;
+use C4::Context;
  
-my $query = new CGI;
-my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
-    {
-        template_name   => "acqui/booksellers.tmpl",
+my $query = CGI->new;
+my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user(
+    {   template_name   => 'acqui/booksellers.tmpl',
          query           => $query,
-        type            => "intranet",
+        type            => 'intranet',
          authnotrequired => 0,
-        flagsrequired   => { acquisition => 'vendors_manage' },
+        flagsrequired   => { acquisition => '*' },
          debug           => 1,
      }
  );
  
  #parameters
  my $supplier = $query->param('supplier');
-my $id       = $query->param('id') || $query->param('supplierid');
+my $booksellerid = $query->param('booksellerid');
+my $allbaskets= $query->param('allbaskets')||0;
  my @suppliers;
  
-if ($id) {
-       push @suppliers, GetBookSellerFromId($id);
+if ($booksellerid) {
+    push @suppliers, GetBookSellerFromId($booksellerid);
  } else {
-       @suppliers = GetBookSeller($supplier);
+    @suppliers = GetBookSeller($supplier);
+}
+
+my $supplier_count = @suppliers;
+if ( $supplier_count == 1 ) {
+    $template->param(
+        supplier_name => $suppliers[0]->{'name'},
+        booksellerid  => $suppliers[0]->{'id'},
+        basketcount   => $suppliers[0]->{'basketcount'}
+    );
+}
+
+my $uid;
+if ($loggedinuser) {
+    $uid = GetMember( borrowernumber => $loggedinuser )->{userid};
  }
-my $count = scalar @suppliers;
-if ($count == 1){
-       $template->param( supplier_name => $suppliers[0]->{'name'},
-               id => $suppliers[0]->{'id'}
-       );
+
+my $userenv = C4::Context::userenv;
+my $viewbaskets = C4::Context->preference('AcqViewBaskets');
+
+my $userbranch = $userenv->{branch};
+
+my $budgets = GetBudgetHierarchy;
+my $has_budgets = 0;
+foreach my $r (@{$budgets}) {
+    if (!defined $r->{budget_amount} || $r->{budget_amount} == 0) {
+        next;
+    }
+    next unless (CanUserUseBudget($loggedinuser, $r, $userflags));
+
+    $has_budgets = 1;
+    last;
  }
  
  #build result page
-my @loop_suppliers;
-for ( my $i = 0 ; $i < $count ; $i++ ) {
-    my $orders  = GetBasketsByBookseller( $suppliers[$i]->{'id'}, {groupby => "aqbasket.basketno", orderby => "aqbasket.basketname"} );
-    my $ordcount = scalar @$orders;
-    my %line;
-
-    $line{supplierid} = $suppliers[$i]->{'id'};
-    $line{name}       = $suppliers[$i]->{'name'};
-    $line{active}     = $suppliers[$i]->{'active'};
-    my @loop_basket;
-    my $uid = GetMember(borrowernumber => $loggedinuser)->{userid} if $loggedinuser;
-    for ( my $i2 = 0 ; $i2 < $ordcount ; $i2++ ) {
-        if ( $orders->[$i2]{'authorisedby'} eq $loggedinuser || haspermission($uid, { flagsrequired   => { 'acquisition' => '*' } } ) ) {
-            my %inner_line;
-            $inner_line{basketno}     = $orders->[$i2]{'basketno'};
-            $inner_line{basketname}     = $orders->[$i2]{'basketname'};
-            $inner_line{total}        = scalar GetOrders($orders->[$i2]{'basketno'});
-            $inner_line{authorisedby} = $orders->[$i2]{'authorisedby'};
-            my $authby = GetMember(borrowernumber => $orders->[$i2]{'authorisedby'});
-            $inner_line{surname}      = $authby->{'firstname'};
-            $inner_line{firstname}    = $authby->{'surname'};
-            $inner_line{creationdate} = format_date( $orders->[$i2]{'creationdate'} );
-            $inner_line{closedate}    = format_date( $orders->[$i2]{'closedate'}    );
-            $inner_line{uncertainprice} = $orders->[$i2]{'uncertainprice'};
-            push @loop_basket, \%inner_line;
+my $loop_suppliers = [];
+
+for my $vendor (@suppliers) {
+    my $baskets = GetBasketsInfosByBookseller( $vendor->{id}, $allbaskets );
+
+    my $loop_basket = [];
+
+    for my $basket ( @{$baskets} ) {
+        if (CanUserManageBasket($loggedinuser, $basket, $userflags)) {
+            my $member = GetMember( borrowernumber => $basket->{authorisedby} );
+            foreach (qw(total_items total_biblios expected_items)) {
+                $basket->{$_} ||= 0;
+            }
+            if($member) {
+                $basket->{authorisedby_firstname} = $member->{firstname};
+                $basket->{authorisedby_surname} = $member->{surname};
+            }
+            push @{$loop_basket}, $basket; 
          }
      }
-    $line{loop_basket} = \@loop_basket;
-    push @loop_suppliers, \%line;
+
+    push @{$loop_suppliers},
+      { loop_basket => $loop_basket,
+        booksellerid  => $vendor->{id},
+        name        => $vendor->{name},
+        active      => $vendor->{active},
+      };
+
  }
  $template->param(
-    loop_suppliers          => \@loop_suppliers,
-    supplier                => ($id || $supplier),
-    count                   => $count,
+    loop_suppliers => $loop_suppliers,
+    supplier       => ( $booksellerid || $supplier ),
+    count          => $supplier_count,
+    has_budgets          => $has_budgets,
  );
+$template->{VARS}->{'allbaskets'} = $allbaskets;
  
  output_html_with_http_headers $query, $cookie, $template->output;