X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=members%2Fmaninvoice.pl;h=668136a978a8e82f5609c65250c3d3c3ef11e95e;hb=refs%2Fheads%2Fkoha_ffzg;hp=00157da8d8f719c46ddaa05dcd2e7b708340737c;hpb=2e4a11773c0a4aa172b5debdee4db831a13adf26;p=koha.git

diff --git a/members/maninvoice.pl b/members/maninvoice.pl
index 00157da8d8..668136a978 100755
--- a/members/maninvoice.pl
+++ b/members/maninvoice.pl
@@ -1,85 +1,138 @@
 #!/usr/bin/perl
 
-#wrriten 11/1/2000 by chris@katipo.oc.nz
+#written 11/1/2000 by chris@katipo.oc.nz
 #script to display borrowers account details
 
 
 # Copyright 2000-2002 Katipo Communications
+# Copyright 2010 BibLibre
 #
 # This file is part of Koha.
 #
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
 #
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
 #
-# You should have received a copy of the GNU General Public License along with
-# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA  02111-1307 USA
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
+
+use Modern::Perl;
 
-use strict;
 use C4::Auth;
 use C4::Output;
-use CGI;
+use CGI qw ( -utf8 );
 use C4::Members;
 use C4::Accounts;
+use C4::Items;
+use C4::Members::Attributes qw(GetBorrowerAttributes);
+use Koha::Token;
+
+use Koha::Items;
+use Koha::Patrons;
+
+use Koha::Patron::Categories;
 
 my $input=new CGI;
+my $flagsrequired = { borrowers => 'edit_borrowers' };
+my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
+    {   template_name   => "members/maninvoice.tt",
+        query           => $input,
+        type            => "intranet",
+        authnotrequired => 0,
+        flagsrequired   => $flagsrequired,
+        debug           => 1,
+    }
+);
 
 my $borrowernumber=$input->param('borrowernumber');
 
-# get borrower details
-my $data=GetMember($borrowernumber,'borrowernumber');
-my $add=$input->param('add');
+my $patron = Koha::Patrons->find( $borrowernumber );
+unless ( $patron ) {
+    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
+    exit;
+}
 
+my $add=$input->param('add');
 if ($add){
-#  print $input->header;
-    my $itemnum=$input->param('itemnum');
-    my $desc=$input->param('desc');
-    my $amount=$input->param('amount');
-    my $type=$input->param('type');
-    my $error=manualinvoice($borrowernumber,$itemnum,$desc,$type,$amount);
-	if ($error){
-		my ($template, $loggedinuser, $cookie)
-		  = get_template_and_user({template_name => "members/maninvoice.tmpl",
-					query => $input,
-					type => "intranet",
-					authnotrequired => 0,
-					flagsrequired => {borrowers => 1},
-					debug => 1,
-					});
-		if ($error =~ /FOREIGN KEY/ && $error =~ /itemnumber/){
-			$template->param('ITEMNUMBER' => 1);
-		}
-		$template->param('ERROR' => $error);
-		print $input->header(
-			-type => 'utf-8',
-			-cookie => $cookie
-		),$template->output;
-	}
-	else {
-		print $input->redirect("/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber");
-	}
+    if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) {
+        output_and_exit( $input, $cookie, $template,  'wrong_csrf_token' )
+            unless Koha::Token->new->check_csrf( {
+                session_id => scalar $input->cookie('CGISESSID'),
+                token => scalar $input->param('csrf_token'),
+            });
+        # Note: If the logged in user is not allowed to see this patron an invoice can be forced
+        # Here we are trusting librarians not to hack the system
+        my $barcode=$input->param('barcode');
+        my $itemnum;
+        if ($barcode) {
+            my $item = Koha::Items->find({barcode => $barcode});
+            $itemnum = $item->itemnumber if $item;
+        }
+        my $desc=$input->param('desc');
+        my $amount=$input->param('amount');
+        my $type=$input->param('type');
+        my $note    = $input->param('note');
+        my $error   = C4::Accounts::manualinvoice( $borrowernumber, $itemnum, $desc, $type, $amount, $note );
+        if ($error) {
+            if ( $error =~ /FOREIGN KEY/ && $error =~ /itemnumber/ ) {
+                $template->param( 'ITEMNUMBER' => 1 );
+            }
+            $template->param( csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }) );
+            $template->param( 'ERROR' => $error );
+            output_html_with_http_headers $input, $cookie, $template->output;
+        } else {
+
+            if ( C4::Context->preference('AccountAutoReconcile') ) {
+                $patron->account->reconcile_balance;
+            }
+
+            print $input->redirect("/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber");
+            exit;
+        }
+    }
 } else {
-	my ($template, $loggedinuser, $cookie)
-	= get_template_and_user({template_name => "members/maninvoice.tmpl",
-					query => $input,
-					type => "intranet",
-					authnotrequired => 0,
-					flagsrequired => {borrowers => 1},
-					debug => 1,
-					});
-	$template->param(
-                    borrowernumber => $borrowernumber,
-                    firstname => $data->{'firstname'},
-                    surname  => $data->{'surname'},
+
+    my ($template, $loggedinuser, $cookie) = get_template_and_user({
+        template_name   => "members/maninvoice.tt",
+        query           => $input,
+        type            => "intranet",
+        authnotrequired => 0,
+        flagsrequired   => { borrowers => 'edit_borrowers',
+                             updatecharges => 'remaining_permissions' },
+        debug           => 1,
+    });
+
+    my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+    output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
+
+  # get authorised values with type of MANUAL_INV
+  my @invoice_types;
+  my $dbh = C4::Context->dbh;
+  my $sth = $dbh->prepare('SELECT * FROM authorised_values WHERE category = "MANUAL_INV"');
+  $sth->execute();
+  while ( my $row = $sth->fetchrow_hashref() ) {
+    push @invoice_types, $row;
+  }
+  $template->param( invoice_types_loop => \@invoice_types );
+
+    if (C4::Context->preference('ExtendedPatronAttributes')) {
+        my $attributes = GetBorrowerAttributes($borrowernumber);
+        $template->param(
+            ExtendedPatronAttributes => 1,
+            extendedattributes => $attributes
+        );
+    }
+
+    $template->param(
+        csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
+        patron         => $patron,
+        finesview      => 1,
     );
-    print $input->header(
-	    -type => 'utf-8',
-	    -cookie => $cookie
-    ),$template->output;
+    output_html_with_http_headers $input, $cookie, $template->output;
 }