# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
-use strict;
-use warnings;
+use Modern::Perl;
use C4::Auth;
use C4::Output;
use CGI qw ( -utf8 );
use C4::Members;
-use C4::Branch;
use C4::Accounts;
use C4::Items;
use C4::Members::Attributes qw(GetBorrowerAttributes);
+use Koha::Account;
+use Koha::Patrons;
+use Koha::Patron::Categories;
+use Koha::Token;
+
my $input=new CGI;
-my $flagsrequired = { borrowers => 1, updatecharges => 1 };
+my $flagsrequired = { borrowers => 'edit_borrowers', updatecharges => 1 };
my $borrowernumber=$input->param('borrowernumber');
-#get borrower details
-my $data=GetMember('borrowernumber' => $borrowernumber);
+my $patron = Koha::Patrons->find( $borrowernumber );
+unless ( $patron ) {
+ print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
+ exit;
+}
my $add=$input->param('add');
if ($add){
- if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) {
+
+ my ( $user_id ) = checkauth( $input, 0, $flagsrequired, 'intranet' );
+
+ if ( $user_id ) {
+
+ die "Wrong CSRF token"
+ unless Koha::Token->new->check_csrf( {
+ session_id => scalar $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
+
+ # Note: If the logged in user is not allowed to see this patron an invoice can be forced
+ # Here we are trusting librarians not to hack the system
my $barcode = $input->param('barcode');
- my $itemnum;
+ my $item_id;
if ($barcode) {
- $itemnum = GetItemnumberFromBarcode($barcode);
+ $item_id = GetItemnumberFromBarcode($barcode);
}
- my $desc = $input->param('desc');
- my $note = $input->param('note');
- my $amount = $input->param('amount') || 0;
- $amount = -$amount;
- my $type = $input->param('type');
- manualinvoice( $borrowernumber, $itemnum, $desc, $type, $amount, $note );
+ my $description = $input->param('desc');
+ my $note = $input->param('note');
+ my $amount = $input->param('amount') || 0;
+ my $type = $input->param('type');
+
+ Koha::Account->new({ patron_id => $borrowernumber })->add_credit({
+ amount => $amount,
+ description => $description,
+ item_id => $item_id,
+ note => $note,
+ type => $type,
+ user_id => $user_id
+ });
+
print $input->redirect("/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber");
}
} else {
query => $input,
type => "intranet",
authnotrequired => 0,
- flagsrequired => { borrowers => 1,
+ flagsrequired => { borrowers => 'edit_borrowers',
updatecharges => 'remaining_permissions' },
debug => 1,
}
);
-
- if ( $data->{'category_type'} eq 'C') {
- my ( $catcodes, $labels ) = GetborCatFromCatType( 'A', 'WHERE category_type = ?' );
- my $cnt = scalar(@$catcodes);
- $template->param( 'CATCODE_MULTI' => 1) if $cnt > 1;
- $template->param( 'catcode' => $catcodes->[0]) if $cnt == 1;
- }
-
- $template->param( adultborrower => 1 ) if ( $data->{category_type} eq 'A' );
- my ($picture, $dberror) = GetPatronImage($data->{'borrowernumber'});
- $template->param( picture => 1 ) if $picture;
+ my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+ output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
if (C4::Context->preference('ExtendedPatronAttributes')) {
my $attributes = GetBorrowerAttributes($borrowernumber);
);
}
- $template->param(%$data);
-
$template->param(
- finesview => 1,
- borrowernumber => $borrowernumber,
- categoryname => $data->{'description'},
- branchname => GetBranchName($data->{'branchcode'}),
- is_child => ($data->{'category_type'} eq 'C'),
- activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
- RoutingSerials => C4::Context->preference('RoutingSerials'),
- );
+ patron => $patron,
+ finesview => 1,
+ csrf_token => Koha::Token->new->generate_csrf(
+ { session_id => scalar $input->cookie('CGISESSID') }
+ ),
+ );
output_html_with_http_headers $input, $cookie, $template->output;
}
projects / koha.git / blobdiff