# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
-use strict;
-use warnings;
+use Modern::Perl;
use C4::Auth;
use C4::Output;
use C4::Members;
use C4::Accounts;
use C4::Items;
-use C4::Branch;
use C4::Members::Attributes qw(GetBorrowerAttributes);
+use Koha::Token;
+
+use Koha::Patrons;
+
+use Koha::Patron::Categories;
my $input=new CGI;
-my $flagsrequired = { borrowers => 1 };
+my $flagsrequired = { borrowers => 'edit_borrowers' };
my $borrowernumber=$input->param('borrowernumber');
+my $patron = Koha::Patrons->find( $borrowernumber );
+unless ( $patron ) {
+ print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
+ exit;
+}
-# get borrower details
-my $data=GetMember('borrowernumber'=>$borrowernumber);
my $add=$input->param('add');
if ($add){
if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) {
- # print $input->header;
+ die "Wrong CSRF token"
+ unless Koha::Token->new->check_csrf( {
+ session_id => scalar $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
+ # Note: If the logged in user is not allowed to see this patron an invoice can be forced
+ # Here we are trusting librarians not to hack the system
my $barcode=$input->param('barcode');
my $itemnum;
if ($barcode) {
if ( $error =~ /FOREIGN KEY/ && $error =~ /itemnumber/ ) {
$template->param( 'ITEMNUMBER' => 1 );
}
+ $template->param( csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }) );
$template->param( 'ERROR' => $error );
output_html_with_http_headers $input, $cookie, $template->output;
} else {
query => $input,
type => "intranet",
authnotrequired => 0,
- flagsrequired => { borrowers => 1,
+ flagsrequired => { borrowers => 'edit_borrowers',
updatecharges => 'remaining_permissions' },
debug => 1,
});
-
+
+ my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+ output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
+
# get authorised values with type of MANUAL_INV
my @invoice_types;
my $dbh = C4::Context->dbh;
}
$template->param( invoice_types_loop => \@invoice_types );
- if ( $data->{'category_type'} eq 'C') {
- my ( $catcodes, $labels ) = GetborCatFromCatType( 'A', 'WHERE category_type = ?' );
- my $cnt = scalar(@$catcodes);
- $template->param( 'CATCODE_MULTI' => 1) if $cnt > 1;
- $template->param( 'catcode' => $catcodes->[0]) if $cnt == 1;
+ if ( $patron->is_child ) {
+ my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']});
+ $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1;
+ $template->param( 'catcode' => $patron_categories->next->categorycode ) if $patron_categories->count == 1;
}
- $template->param( adultborrower => 1 ) if ( $data->{'category_type'} eq 'A' );
- my ($picture, $dberror) = GetPatronImage($data->{'borrowernumber'});
- $template->param( picture => 1 ) if $picture;
+ if (C4::Context->preference('ExtendedPatronAttributes')) {
+ my $attributes = GetBorrowerAttributes($borrowernumber);
+ $template->param(
+ ExtendedPatronAttributes => 1,
+ extendedattributes => $attributes
+ );
+ }
-if (C4::Context->preference('ExtendedPatronAttributes')) {
- my $attributes = GetBorrowerAttributes($borrowernumber);
$template->param(
- ExtendedPatronAttributes => 1,
- extendedattributes => $attributes
- );
-}
-
-# Computes full borrower address
-my $roadtype = C4::Koha::GetAuthorisedValueByCode( 'ROADTYPE', $data->{streettype} );
-my $address = $data->{'streetnumber'} . " $roadtype " . $data->{'address'};
-
- $template->param(
- finesview => 1,
- borrowernumber => $borrowernumber,
- firstname => $data->{'firstname'},
- surname => $data->{'surname'},
- othernames => $data->{'othernames'},
- cardnumber => $data->{'cardnumber'},
- categorycode => $data->{'categorycode'},
- category_type => $data->{'category_type'},
- categoryname => $data->{'description'},
- address => $address,
- address2 => $data->{'address2'},
- city => $data->{'city'},
- state => $data->{'state'},
- zipcode => $data->{'zipcode'},
- country => $data->{'country'},
- phone => $data->{'phone'},
- phonepro => $data->{'phonepro'},
- mobile => $data->{'mobile'},
- email => $data->{'email'},
- emailpro => $data->{'emailpro'},
- branchcode => $data->{'branchcode'},
- branchname => GetBranchName($data->{'branchcode'}),
- is_child => ($data->{'category_type'} eq 'C'),
- activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
- RoutingSerials => C4::Context->preference('RoutingSerials'),
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
+ patron => $patron,
+ finesview => 1,
);
output_html_with_http_headers $input, $cookie, $template->output;
}
projects / koha.git / blobdiff