Bug 13880 - Allow svc/report to be passed sql parameters

The same feature added to the opac svc/report in bug 9915 should be
added to the staff side.

Test Plan:
1) Apply this patch
2) Create this report:
   SELECT * FROM biblio WHERE biblionumber = <<biblionumber>>
3) Note the id of the report
4) Go to the Staff URL
/cgi-bin/koha/svc/report?id=YOUR_REPORT_ID&sql_params=SOME_VALID_BIBLIONUMBER
5) Note you recieve a json response

NOTE: without applying the patch you get an empty JSON response.

ALSO: running koha qa tools does not verify the changes.
      $ perlcritic -4 svc/report
      (my perlcritic rc points to the koha qa tool one)
      No issues.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

diff --git a/svc/report b/svc/report
index 8736aca..da1b9b3 100755 (executable)
--- a/svc/report
+++ b/svc/report
@@ -36,6 +36,8 @@ my $report_annotation = $query->param('annotated');
 my $report_rec = get_saved_report( $report_name ? { 'name' => $report_name } : { 'id' => $report_id } );
 if (!$report_rec) { die "There is no such report.\n"; }
 
+my @sql_params  = $query->param('sql_params');
+
 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
     {
         template_name   => "intranet-main.tt",
@@ -50,14 +52,20 @@ my $cache = Koha::Cache->get_instance();
 my $cache_active = $cache->is_cache_active;
 my ($cache_key, $json_text);
 if ($cache_active) {
-    $cache_key = "intranet:report:".($report_name ? "name:$report_name" : "id:$report_id");
+    $cache_key = "intranet:report:".($report_name ? "name:$report_name" : "id:$report_id")
+    . join( '-', @sql_params );
     $json_text = $cache->get_from_cache($cache_key);
 }
 
 unless ($json_text) {
     my $offset = 0;
     my $limit  = C4::Context->preference("SvcMaxReportRows") || 10;
-    my ( $sth, $errors ) = execute_query( $report_rec->{savedsql}, $offset, $limit );
+    my $sql = $report_rec->{savedsql};
+
+    # convert SQL parameters to placeholders
+    $sql =~ s/(<<.*?>>)/\?/g;
+
+    my ( $sth, $errors ) = execute_query( $sql, $offset, $limit, \@sql_params );
     if ($sth) {
         my $lines;
         if ($report_annotation) {