X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=members%2Fdeletemem.pl;h=4789cf4fb1927734590d8cfab5ca5aa9f7dabcba;hb=0693052bfcd0b4259eb620233550f81eab49eabd;hp=ef6ba01877b536015bf5c6db92392f4f99a18ee6;hpb=b00ec06968e6377c61523e72e0a49e6c9f8bf8b8;p=koha.git diff --git a/members/deletemem.pl b/members/deletemem.pl index ef6ba01877..4789cf4fb1 100755 --- a/members/deletemem.pl +++ b/members/deletemem.pl @@ -8,120 +8,118 @@ # # This file is part of Koha. # -# Koha is free software; you can redistribute it and/or modify it under the -# terms of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. +# Koha is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. # -# Koha is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR -# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# Koha is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along -# with Koha; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with Koha; if not, see . -use strict; -#use warnings; FIXME - Bug 2505 +use Modern::Perl; -use CGI; +use CGI qw ( -utf8 ); use C4::Context; use C4::Output; use C4::Auth; use C4::Members; -use C4::Branch; # GetBranches -use C4::VirtualShelves (); #no import +use Koha::Patrons; +use Koha::Token; +use Koha::Patron::Categories; my $input = new CGI; -my ($template, $borrowernumber, $cookie) - = get_template_and_user({template_name => "members/deletemem.tmpl", +my ($template, $loggedinuser, $cookie) + = get_template_and_user({template_name => "members/deletemem.tt", query => $input, type => "intranet", authnotrequired => 0, - flagsrequired => {borrowers => 1}, + flagsrequired => {borrowers => 'edit_borrowers'}, debug => 1, }); #print $input->header; -my $member=$input->param('member'); -my $issues = GetPendingIssues($member); # FIXME: wasteful call when really, we only want the count -my $countissues = scalar(@$issues); +my $member = $input->param('member'); -my ($bor)=GetMemberDetails($member,''); -my $flags=$bor->{flags}; -my $userenv = C4::Context->userenv; +#Do not delete yourself... +if ( $loggedinuser == $member ) { + print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_YOURSELF"); + exit 0; # Exit without error +} - +my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in"; +my $patron = Koha::Patrons->find( $member ); +output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } ); -if ($bor->{category_type} eq "S") { +my $charges = $patron->account->non_issues_charges; +my $countissues = $patron->checkouts->count; +my $userenv = C4::Context->userenv; + +if ($patron->category->category_type eq "S") { unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) { print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF"); - exit 1; + exit 0; # Exit without error } } else { - unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) { + unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>'edit_borrowers'})) { print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE"); - exit 1; + exit 0; # Exit without error } } if (C4::Context->preference("IndependentBranches")) { my $userenv = C4::Context->userenv; - if (($userenv->{flags} % 2 != 1) && $bor->{'branchcode'}){ - unless ($userenv->{branch} eq $bor->{'branchcode'}){ + if ( !C4::Context->IsSuperLibrarian() && $patron->branchcode){ + unless ($userenv->{branch} eq $patron->branchcode){ print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_OTHERLIBRARY"); - exit; + exit 0; # Exit without error } } } +my $op = $input->param('op') || 'delete_confirm'; my $dbh = C4::Context->dbh; -my $sth=$dbh->prepare("Select * from borrowers where guarantorid=?"); -$sth->execute($member); -my $data=$sth->fetchrow_hashref; -if ($countissues > 0 or $flags->{'CHARGES'} or $data->{'borrowernumber'}){ - # print $input->header; - - my ($picture, $dberror) = GetPatronImage($bor->{'cardnumber'}); - $template->param( picture => 1 ) if $picture; - - $template->param(borrowernumber => $member, - surname => $bor->{'surname'}, - title => $bor->{'title'}, - cardnumber => $bor->{'cardnumber'}, - firstname => $bor->{'firstname'}, - categorycode => $bor->{'categorycode'}, - category_type => $bor->{'category_type'}, - categoryname => $bor->{'description'}, - address => $bor->{'address'}, - address2 => $bor->{'address2'}, - city => $bor->{'city'}, - zipcode => $bor->{'zipcode'}, - country => $bor->{'country'}, - phone => $bor->{'phone'}, - email => $bor->{'email'}, - branchcode => $bor->{'branchcode'}, - branchname => GetBranchName($bor->{'branchcode'}), - activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''), - RoutingSerials => C4::Context->preference('RoutingSerials'), +my $is_guarantor = $dbh->selectrow_array("SELECT COUNT(*) FROM borrowers WHERE guarantorid=?", undef, $member); +if ( $op eq 'delete_confirm' or $countissues > 0 or $charges or $is_guarantor ) { + + $template->param( + patron => $patron, ); if ($countissues >0) { $template->param(ItemsOnIssues => $countissues); } - if ($flags->{'CHARGES'} ne '') { - $template->param(charges => $flags->{'CHARGES'}->{'amount'}); + if ( $charges > 0 ) { + $template->param(charges => $charges); } - if ($data) { + if ($is_guarantor) { $template->param(guarantees => 1); } -output_html_with_http_headers $input, $cookie, $template->output; -} else { - MoveMemberToDeleted($member); - C4::VirtualShelves::HandleDelBorrower($member); - DelMember($member); + # This is silly written but reflect the same conditions as above + if ( not $countissues > 0 and not $charges and not $is_guarantor ) { + $template->param( + op => 'delete_confirm', + csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }), + ); + } +} elsif ( $op eq 'delete_confirmed' ) { + + die "Wrong CSRF token" + unless Koha::Token->new->check_csrf( { + session_id => $input->cookie('CGISESSID'), + token => scalar $input->param('csrf_token'), + }); + my $patron = Koha::Patrons->find( $member ); + $patron->move_to_deleted; + $patron->delete; + # TODO Tell the user everything went ok print $input->redirect("/cgi-bin/koha/members/members-home.pl"); + exit 0; # Exit without error } - +output_html_with_http_headers $input, $cookie, $template->output;