X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=members%2Fmancredit.pl;h=014d82248689bc39e5e61df8baf7c064dad7a1d3;hb=refs%2Fheads%2Fkoha_ffzg;hp=d00d6e199539411853f1eae2048e873f6c6c27cb;hpb=a6c9bd0eb55c32d5632625144775271f20aa15f7;p=koha.git diff --git a/members/mancredit.pl b/members/mancredit.pl index d00d6e1995..014d822486 100755 --- a/members/mancredit.pl +++ b/members/mancredit.pl @@ -22,105 +22,99 @@ # You should have received a copy of the GNU General Public License # along with Koha; if not, see . -use strict; -use warnings; +use Modern::Perl; use C4::Auth; use C4::Output; use CGI qw ( -utf8 ); use C4::Members; -use C4::Branch; use C4::Accounts; use C4::Items; use C4::Members::Attributes qw(GetBorrowerAttributes); +use Koha::Items; +use Koha::Patrons; +use Koha::Patron::Categories; +use Koha::Token; + my $input=new CGI; -my $flagsrequired = { borrowers => 1, updatecharges => 1 }; -my $borrowernumber=$input->param('borrowernumber'); +my ($template, $loggedinuser, $cookie) = get_template_and_user( + { + template_name => "members/mancredit.tt", + query => $input, + type => "intranet", + authnotrequired => 0, + flagsrequired => { borrowers => 'edit_borrowers', + updatecharges => 'remaining_permissions' } + } +); + +my $logged_in_user = Koha::Patrons->find($loggedinuser) or die "Not logged in"; +my $borrowernumber = $input->param('borrowernumber'); +my $patron = Koha::Patrons->find($borrowernumber); -#get borrower details -my $data=GetMember('borrowernumber' => $borrowernumber); -my $add=$input->param('add'); +output_and_exit_if_error( $input, $cookie, $template, + { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } ); + +my $add = $input->param('add'); if ($add){ - if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) { - my $barcode = $input->param('barcode'); - my $itemnum; - if ($barcode) { - $itemnum = GetItemnumberFromBarcode($barcode); - } - my $desc = $input->param('desc'); - my $note = $input->param('note'); - my $amount = $input->param('amount') || 0; - $amount = -$amount; - my $type = $input->param('type'); - manualinvoice( $borrowernumber, $itemnum, $desc, $type, $amount, $note ); - print $input->redirect("/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber"); + + output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' ) + unless Koha::Token->new->check_csrf( { + session_id => scalar $input->cookie('CGISESSID'), + token => scalar $input->param('csrf_token'), + }); + + # Note: If the logged in user is not allowed to see this patron an invoice can be forced + # Here we are trusting librarians not to hack the system + my $barcode = $input->param('barcode'); + my $item_id; + if ($barcode) { + my $item = Koha::Items->find({barcode => $barcode}); + $item_id = $item->itemnumber if $item; } -} else { - my ($template, $loggedinuser, $cookie) = get_template_and_user( - { - template_name => "members/mancredit.tt", - query => $input, - type => "intranet", - authnotrequired => 0, - flagsrequired => { borrowers => 1, - updatecharges => 'remaining_permissions' }, - debug => 1, - } - ); - - if ( $data->{'category_type'} eq 'C') { - my ( $catcodes, $labels ) = GetborCatFromCatType( 'A', 'WHERE category_type = ?' ); - my $cnt = scalar(@$catcodes); - $template->param( 'CATCODE_MULTI' => 1) if $cnt > 1; - $template->param( 'catcode' => $catcodes->[0]) if $cnt == 1; + my $description = $input->param('desc'); + my $note = $input->param('note'); + my $amount = $input->param('amount') || 0; + my $type = $input->param('type'); + + my $library_id = C4::Context->userenv ? C4::Context->userenv->{'branch'} : undef; + + $patron->account->add_credit({ + amount => $amount, + description => $description, + item_id => $item_id, + library_id => $library_id, + note => $note, + type => $type, + user_id => $logged_in_user->id + }); + + if ( C4::Context->preference('AccountAutoReconcile') ) { + $patron->account->reconcile_balance; } - $template->param( adultborrower => 1 ) if ( $data->{category_type} eq 'A' ); - my ($picture, $dberror) = GetPatronImage($data->{'borrowernumber'}); - $template->param( picture => 1 ) if $picture; + print $input->redirect("/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber"); -if (C4::Context->preference('ExtendedPatronAttributes')) { - my $attributes = GetBorrowerAttributes($borrowernumber); - $template->param( - ExtendedPatronAttributes => 1, - extendedattributes => $attributes - ); -} +} else { -# Computes full borrower address -my $roadtype = C4::Koha::GetAuthorisedValueByCode( 'ROADTYPE', $data->{streettype} ); -my $address = $data->{'streetnumber'} . " $roadtype " . $data->{'address'}; + if (C4::Context->preference('ExtendedPatronAttributes')) { + my $attributes = GetBorrowerAttributes($borrowernumber); + $template->param( + ExtendedPatronAttributes => 1, + extendedattributes => $attributes + ); + } $template->param( - finesview => 1, - borrowernumber => $borrowernumber, - firstname => $data->{'firstname'}, - surname => $data->{'surname'}, - othernames => $data->{'othernames'}, - cardnumber => $data->{'cardnumber'}, - categorycode => $data->{'categorycode'}, - category_type => $data->{'category_type'}, - categoryname => $data->{'description'}, - address => $address, - address2 => $data->{'address2'}, - city => $data->{'city'}, - state => $data->{'state'}, - zipcode => $data->{'zipcode'}, - country => $data->{'country'}, - phone => $data->{'phone'}, - phonepro => $data->{'phonepro'}, - mobile => $data->{'mobile'}, - email => $data->{'email'}, - emailpro => $data->{'emailpro'}, - branchcode => $data->{'branchcode'}, - branchname => GetBranchName($data->{'branchcode'}), - is_child => ($data->{'category_type'} eq 'C'), - activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''), - RoutingSerials => C4::Context->preference('RoutingSerials'), - ); + patron => $patron, + finesview => 1, + csrf_token => Koha::Token->new->generate_csrf( + { session_id => scalar $input->cookie('CGISESSID') } + ), + ); output_html_with_http_headers $input, $cookie, $template->output; }