Bug 6014 : MT3138 Adding some permission management to viewlog

If user can not access reports, then form to search the logs is not displayed.
It also improves the presentation.

C4/Log.pm
- adds the fact that we can enter multiple actions
- fixes the fact that user information was truncated

circ-menu.inc:
Fixing information passed to the viewlog from circ-menu

Signed-off-by: fdurand <frederic.durand@univ-lyon2.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
(cherry picked from commit 99b49e2b1aa2e5d2629f1167e2b63c3b3158ffe8)

Signed-off-by: Chris Nighswonger <chris.nighswonger@gmail.com>

diff --git a/C4/Log.pm b/C4/Log.pm
index 141621a..af5fbc6 100644 (file)
--- a/C4/Log.pm
+++ b/C4/Log.pm
@@ -214,31 +214,27 @@ sub GetLogs {
     $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') >= \"".$iso_datefrom."\" " if $iso_datefrom;   #fix me - mysql specific
     $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') <= \"".$iso_dateto."\" " if $iso_dateto;
     if($user) {
-       $query .= " AND user LIKE ? ";
-       push(@parameters,"%".$user."%");
+       $query .= " AND user = ? ";
+       push(@parameters,$user);
     }
     if(scalar @$modules > 1 or @$modules[0] ne "") {
-           $query .= " AND (1 = 2";  #always false but used to build the query
-           foreach my $module (@$modules) {
-               next if $module eq "";
-               $query .= " or module = ?";
-               push(@parameters,$module);
-           }
-           $query .= ")";
+       $query .= " AND module IN (".join(",",map {"?"} @$modules).") ";
+       push(@parameters,@$modules);
     }
-    if($action) {
-       $query .= " AND action LIKE ? ";
-       push(@parameters,"%".$action."%");
+    if($action && scalar(@$action)) {
+       $query .= " AND action IN (".join(",",map {"?"} @$action).") ";
+       push(@parameters,@$action);
     }
     if($object) {
-       $query .= " AND object LIKE ? ";
-       push(@parameters,"%".$object."%");
+       $query .= " AND object = ? ";
+       push(@parameters,$object);
     }
     if($info) {
        $query .= " AND info LIKE ? ";
        push(@parameters,"%".$info."%");
     }
    
+    warn $query, join("/",@parameters);
     my $sth = $dbh->prepare($query);
     $sth->execute(@parameters);
     

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
index 56dd2f2..8cf2e48 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
@@ -62,7 +62,7 @@
        <!-- TMPL_IF NAME="finesview" --><li class="active"><!-- TMPL_ELSE --><li><!-- /TMPL_IF --><a href="/cgi-bin/koha/members/boraccount.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->">Fines</a></li>
        <!-- /TMPL_IF -->
        <!-- TMPL_IF NAME="intranetreadinghistory" --><!-- TMPL_IF NAME="readingrecordview" --><li class="active"><!-- TMPL_ELSE --><li><!-- /TMPL_IF --><a href="/cgi-bin/koha/members/readingrec.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->">Circulation History</a></li><!-- /TMPL_IF -->
-       <!-- TMPL_IF NAME="CAN_user_parameters"--><!-- TMPL_IF NAME="logview" --><li class="active"><!-- TMPL_ELSE --><li><!-- /TMPL_IF --><a href="/cgi-bin/koha/tools/viewlog.pl?do_it=1&amp;modules=MEMBERS&amp;action=MODIFY&amp;object=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;src=circ">Modification Log</a></li><!-- /TMPL_IF -->
+       <!-- TMPL_IF NAME="CAN_user_parameters"--><!-- TMPL_IF NAME="logview" --><li class="active"><!-- TMPL_ELSE --><li><!-- /TMPL_IF --><a href="/cgi-bin/koha/tools/viewlog.pl?do_it=1&amp;modules=MEMBERS&amp;modules=circulation&amp;object=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;src=circ">Modification Log</a></li><!-- /TMPL_IF -->
     <!-- TMPL_IF NAME="EnhancedMessagingPreferences" -->
     <!-- TMPL_IF NAME="messagingview" --><li class="active"><!-- TMPL_ELSE --><li><!-- /TMPL_IF --><a href="/cgi-bin/koha/members/messaging.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->">Messaging</a></li>
     <!-- /TMPL_IF -->  

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tmpl
index fa99af2..e68a42a 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tmpl
@@ -27,6 +27,7 @@
        <div id="bd">
                <div id="yui-main">
                        <div class="yui-b">
+                <!-- TMPL_IF Name="CAN_user_reports"-->
                                <h1>Browse system logs</h1>
                                <form method="post" action="/cgi-bin/koha/tools/viewlog.pl">
                                        <!-- TMPL_IF NAME="do_it" -->
@@ -201,7 +202,79 @@
                                                        </div>
                                                <!-- /TMPL_IF -->
                                        <!-- /TMPL_IF -->
+
                                </form>
+                <!-- /TMPL_IF -->
+                <!-- TMPL_IF NAME="do_it" -->
+                    <!-- TMPL_IF NAME="total" -->
+                        <h4><!-- TMPL_VAR NAME="total" --> lines found.</h4>
+                        <table>
+                            <tr>
+                                <th>Date</th>
+                                <th>Librarian</th>
+                                <th>Module</th>
+                                <th>Action</th>
+                                <th>Object</th>
+                                <th>Info</th>
+                            </tr>
+                            <!-- TMPL_LOOP NAME="looprow" -->
+                                <tr>
+                                    <td><!-- TMPL_VAR NAME="timestamp" --></td>
+                                    <td>
+                                       <!-- TMPL_IF EXPR="module eq 'CIRCULATION'" -->
+                                        <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="user" -->" title="display detail for this user."> <!-- TMPL_VAR NAME="user" --> </a>
+                                        <!--TMPL_ELSE-->
+                                        <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="user" -->" title="display detail for this librarian."> <!-- TMPL_VAR NAME="user" --> </a>
+                                        <!--/TMPL_IF-->
+                                    </td>
+                                    <td><!-- TMPL_VAR NAME="module" --></td>
+                                    <td><!-- TMPL_VAR NAME="action" --></td>
+                                    <td>
+                                        <!-- TMPL_IF EXPR="module eq 'MEMBERS'"-->
+                                            <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="object" -->" title="Display member details."> member <!-- TMPL_VAR NAME="object" --> </a>
+                                        <!-- TMPL_ELSE -->
+                                            <!-- TMPL_IF EXPR="module eq 'CIRCULATION'" -->
+                                            <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="object" -->" title="Display member details."> member <!-- TMPL_VAR NAME="object" --> </a>
+                                            <!-- TMPL_ELSE -->
+                                                <!-- TMPL_IF EXPR="module eq 'CATALOGUING'" -->
+                                                    <!-- TMPL_IF EXPR="info eq 'item'" -->
+                                                        <a href="/cgi-bin/koha/catalogue/moredetail.pl?item=<!-- TMPL_VAR NAME="object" -->&biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->&bi=<!-- TMPL_VAR NAME="biblioitemnumber" -->#item<!-- TMPL_VAR NAME="object" -->">Item <!-- TMPL_VAR NAME="object" --></a>
+                                                    <!-- TMPL_ELSE -->
+                                                        <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="object" -->" title="Display detail for this biblio">biblio <!-- TMPL_VAR NAME="object" --></a>
+                                                    <!-- /TMPL_IF -->
+                                                <!-- TMPL_ELSE-->
+                                                    <!-- TMPL_IF EXPR="module eq 'SERIAL'" -->
+                                                        <a href="/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=<!-- TMPL_VAR NAME="object" -->"> <!-- TMPL_VAR NAME="object" --> </a>
+                                                    <!-- TMPL_ELSE -->
+                                                        <!-- TMPL_VAR NAME="object" -->
+                                                    <!-- /TMPL_IF -->
+                                                <!-- /TMPL_IF -->
+                                            <!-- /TMPL_IF -->
+                                        <!-- /TMPL_IF -->
+                                    </td>
+                                    <td>
+                                        <!-- TMPL_IF NAME="CIRCULATION" -->
+                                            <a href="/cgi-bin/koha/catalogue/moredetail.pl?item=<!-- TMPL_VAR NAME="info" -->&biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->&bi=<!-- TMPL_VAR NAME="biblioitemnumber" -->#item<!-- TMPL_VAR NAME="object" -->" title="Display detail for this biblio">Item <!-- TMPL_VAR NAME="info" escape="html" --></a>
+                                        <!-- TMPL_ELSE -->
+                                            <!-- TMPL_VAR NAME="info" escape="html"-->
+                                        <!-- /TMPL_IF -->
+                                    </td>
+                                </tr>
+                            <!-- /TMPL_LOOP -->
+                        </table>
+                    <!-- TMPL_ELSE -->
+                        <div class="dialog alert">
+                            No log found
+                            <!-- TMPL_IF NAME="CATALOGUING" -->
+                                for <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="object" -->">Bibliographic Record <!-- TMPL_VAR NAME="object" --></a>
+                            <!-- /TMPL_IF -->
+                            <!-- TMPL_IF NAME="MEMBERS" -->
+                                for <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="object" -->"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" --> (<!-- TMPL_VAR NAME="cardnumber" -->)</a>
+                            <!-- /TMPL_IF -->
+                            .
+                        </div>
+                    <!-- /TMPL_IF -->
+                <!-- /TMPL_IF -->
                        </div>
                </div>
                <div class="yui-b noprint">

diff --git a/tools/viewlog.pl b/tools/viewlog.pl
index 84c2474..dc266e9 100755 (executable)
--- a/tools/viewlog.pl
+++ b/tools/viewlog.pl
@@ -47,7 +47,7 @@ $debug or $debug = $cgi_debug;
 my $do_it    = $input->param('do_it');
 my @modules   = $input->param("modules");
 my $user     = $input->param("user");
-my $action   = $input->param("action");
+my @action   = $input->param("action");
 my $object   = $input->param("object");
 my $info     = $input->param("info");
 my $datefrom = $input->param("from");
@@ -104,12 +104,16 @@ $template->param(
 
 if ($do_it) {
 
-    my $results = GetLogs($datefrom,$dateto,$user,\@modules,$action,$object,$info);
-    my $total = scalar @$results;
-    foreach my $result (@$results){
-       if ($result->{'info'} eq 'item'){
+    my @data;
+    my $results = GetLogs($datefrom,$dateto,$user,\@modules,\@action,$object,$info);
+    @data=@$results;
+    my $total = scalar @data;
+    foreach my $result (@data){
+       if ($result->{'info'} eq 'item'||$result->{module} eq "CIRCULATION"){
            # get item information so we can create a working link
-           my $item=GetItem($result->{'object'});
+        my $itemnumber=$result->{'object'};
+        $itemnumber=$result->{'info'} if ($result->{module} eq "CIRCULATION");
+           my $item=GetItem($itemnumber);
            $result->{'biblionumber'}=$item->{'biblionumber'};
            $result->{'biblioitemnumber'}=$item->{'biblionumber'};              
        }
@@ -120,13 +124,13 @@ if ($do_it) {
         $template->param (
                        logview => 1,
             total    => $total,
-            looprow  => $results,
+            looprow  => \@data,
             do_it    => 1,
             datefrom => $datefrom,
             dateto   => $dateto,
             user     => $user,
             object   => $object,
-            action   => $action,
+            action   => \@action,
             info     => $info,
             src      => $src,
         );
@@ -144,7 +148,7 @@ if ($do_it) {
             -filename   => "$basename.csv"
         );
         my $sep = C4::Context->preference("delimiter");
-        foreach my $line (@$results) {
+        foreach my $line (@data) {
             #next unless $modules[0] eq "catalogue";
                foreach (qw(timestamp firstname surname action info title author)) {
                        print $line->{$_} . $sep;