Bug 20701: Add csrf protection to mancredit.pl

[koha.git] / members / purchase-suggestions.pl

diff --git a/members/purchase-suggestions.pl b/members/purchase-suggestions.pl
index d071425..026ab89 100755 (executable)
--- a/members/purchase-suggestions.pl
+++ b/members/purchase-suggestions.pl
@@ -19,13 +19,14 @@
 
 use Modern::Perl;
 
-use CGI;
+use CGI qw ( -utf8 );
 use C4::Auth;
 use C4::Context;
 use C4::Output;
-use C4::Branch;
 use C4::Members;
+use C4::Members::Attributes qw(GetBorrowerAttributes);
 use C4::Suggestions;
+use Koha::Patrons;
 
 my $input = new CGI;
 
@@ -34,23 +35,31 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $input,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { borrowers => 1 },
+        flagsrequired   => { borrowers => 'edit_borrowers' },
         debug           => 1,
     }
 );
 
 my $borrowernumber = $input->param('borrowernumber');
 
-# Set informations for the patron
-my $borrower = GetMemberDetails( $borrowernumber, 0 );
-foreach my $key ( keys %$borrower ) {
-    $template->param( $key => $borrower->{$key} );
-}
+my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+my $patron         = Koha::Patrons->find( $borrowernumber );
+output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
+
+my $category = $patron->category;
 $template->param(
-    categoryname => $borrower->{'description'},
-    branchname   => GetBranchName( $borrower->{'branchcode'} ),
+    patron => $patron,
+    suggestionsview  => 1,
 );
 
+if (C4::Context->preference('ExtendedPatronAttributes')) {
+    my $attributes = GetBorrowerAttributes($borrowernumber);
+    $template->param(
+        ExtendedPatronAttributes => 1,
+        extendedattributes => $attributes
+    );
+}
+
 my $suggestions = SearchSuggestion( { suggestedby => $borrowernumber } );
 
 $template->param( suggestions => $suggestions );