Bug 20568: API keys management in interface

[koha.git] / members / deletemem.pl
diff --git a/members/deletemem.pl b/members/deletemem.pl

index 173d70e..1da27fc 100755 (executable)
--- a/members/deletemem.pl
+++ b/members/deletemem.pl
@@ -21,29 +21,29 @@
  # You should have received a copy of the GNU General Public License
  # along with Koha; if not, see <http://www.gnu.org/licenses>.
  
-use strict;
-#use warnings; FIXME - Bug 2505
+use Modern::Perl;
  
  use CGI qw ( -utf8 );
  use C4::Context;
  use C4::Output;
  use C4::Auth;
  use C4::Members;
-use C4::Branch; # GetBranches
  use Module::Load;
-use Koha::Patron::Images;
+use Koha::Patrons;
+use Koha::Token;
+
  if ( C4::Context->preference('NorwegianPatronDBEnable') && C4::Context->preference('NorwegianPatronDBEnable') == 1 ) {
      load Koha::NorwegianPatronDB, qw( NLMarkForDeletion NLSync );
  }
  
  my $input = new CGI;
  
-my ($template, $borrowernumber, $cookie)
+my ($template, $loggedinuser, $cookie)
                  = get_template_and_user({template_name => "members/deletemem.tt",
                                          query => $input,
                                          type => "intranet",
                                          authnotrequired => 0,
-                                        flagsrequired => {borrowers => 1},
+                                        flagsrequired => {borrowers => 'edit_borrowers'},
                                          debug => 1,
                                          });
  
@@ -51,11 +51,15 @@ my ($template, $borrowernumber, $cookie)
  my $member       = $input->param('member');
  
  #Do not delete yourself...
-if ($borrowernumber == $member ) {
+if ( $loggedinuser == $member ) {
      print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_YOURSELF");
-    exit 1;
+    exit 0; # Exit without error
  }
  
+my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+my $patron         = Koha::Patrons->find( $member );
+output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
+
  # Handle deletion from the Norwegian national patron database, if it is enabled
  # If the "deletelocal" parameter is set to "false", the regular deletion will be
  # short circuited, and only a deletion from the national database can be carried
@@ -70,33 +74,28 @@ if ( C4::Context->preference('NorwegianPatronDBEnable') && C4::Context->preferen
      }
  }
  
-my $issues = GetPendingIssues($member);     # FIXME: wasteful call when really, we only want the count
-my $countissues = scalar(@$issues);
-
-my ($bor)=GetMemberDetails($member,'');
-my $flags=$bor->{flags};
+my $charges = $patron->account->non_issues_charges;
+my $countissues = $patron->checkouts->count;
  my $userenv = C4::Context->userenv;
  
- 
-
-if ($bor->{category_type} eq "S") {
+if ($patron->category->category_type eq "S") {
      unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) {
          print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF");
-        exit 1;
+        exit 0; # Exit without error
      }
  } else {
-    unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) {
+    unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>'edit_borrowers'})) {
         print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
-       exit 1;
+        exit 0; # Exit without error
      }
  }
  
  if (C4::Context->preference("IndependentBranches")) {
      my $userenv = C4::Context->userenv;
-    if ( !C4::Context->IsSuperLibrarian() && $bor->{'branchcode'}){
-        unless ($userenv->{branch} eq $bor->{'branchcode'}){
+    if ( !C4::Context->IsSuperLibrarian() && $patron->branchcode){
+        unless ($userenv->{branch} eq $patron->branchcode){
              print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_OTHERLIBRARY");
-            exit;
+            exit 0; # Exit without error
          }
      }
  }
@@ -104,35 +103,16 @@ if (C4::Context->preference("IndependentBranches")) {
  my $op = $input->param('op') || 'delete_confirm';
  my $dbh = C4::Context->dbh;
  my $is_guarantor = $dbh->selectrow_array("SELECT COUNT(*) FROM borrowers WHERE guarantorid=?", undef, $member);
-if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'}  or $is_guarantor or $deletelocal == 0){
-    my $patron_image = Koha::Patron::Images->find($bor->{borrowernumber});
-    $template->param( picture => 1 ) if $patron_image;
-
-    $template->param(borrowernumber => $member,
-        surname => $bor->{'surname'},
-        title => $bor->{'title'},
-        cardnumber => $bor->{'cardnumber'},
-        firstname => $bor->{'firstname'},
-        categorycode => $bor->{'categorycode'},
-        category_type => $bor->{'category_type'},
-        categoryname  => $bor->{'description'},
-        address => $bor->{'address'},
-        address2 => $bor->{'address2'},
-        city => $bor->{'city'},
-        zipcode => $bor->{'zipcode'},
-        country => $bor->{'country'},
-        phone => $bor->{'phone'},
-        email => $bor->{'email'},
-        branchcode => $bor->{'branchcode'},
-        branchname => GetBranchName($bor->{'branchcode'}),
-               activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
-        RoutingSerials => C4::Context->preference('RoutingSerials'),
+if ( $op eq 'delete_confirm' or $countissues > 0 or $charges or $is_guarantor or $deletelocal == 0) {
+
+    $template->param(
+        patron => $patron,
      );
      if ($countissues >0) {
          $template->param(ItemsOnIssues => $countissues);
      }
-    if ($flags->{'CHARGES'} ne '') {
-        $template->param(charges => $flags->{'CHARGES'}->{'amount'});
+    if ( $charges > 0 ) {
+        $template->param(charges => $charges);
      }
      if ($is_guarantor) {
          $template->param(guarantees => 1);
@@ -141,16 +121,25 @@ if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'}  or $is_
          $template->param(keeplocal => 1);
      }
      # This is silly written but reflect the same conditions as above
-    if ( not $countissues > 0 and not $flags->{CHARGES} ne '' and not $is_guarantor and not $deletelocal == 0 ) {
-        $template->param( op => 'delete_confirm' );
+    if ( not $countissues > 0 and not $charges and not $is_guarantor and not $deletelocal == 0 ) {
+        $template->param(
+            op         => 'delete_confirm',
+            csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
+        );
      }
-}elsif ( $op eq 'delete_confirmed' ) {
-    MoveMemberToDeleted($member);
-    C4::Members::HandleDelBorrower($member);
-    DelMember($member);
+} elsif ( $op eq 'delete_confirmed' ) {
+
+    die "Wrong CSRF token"
+        unless Koha::Token->new->check_csrf( {
+            session_id => $input->cookie('CGISESSID'),
+            token  => scalar $input->param('csrf_token'),
+        });
+    my $patron = Koha::Patrons->find( $member );
+    $patron->move_to_deleted;
+    $patron->delete;
      # TODO Tell the user everything went ok
      print $input->redirect("/cgi-bin/koha/members/members-home.pl");
+    exit 0; # Exit without error
  }
  
  output_html_with_http_headers $input, $cookie, $template->output;
-