projects / srvgit / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 17204: Rancor Z39.50 search fails under plack
[srvgit] / members / deletemem.pl
diff --git a/members/deletemem.pl b/members/deletemem.pl
index 981e3e3..b51c721 100755 (executable)
--- a/members/deletemem.pl
+++ b/members/deletemem.pl
@@ -25,13 +25,16 @@ use strict;
 #use warnings; FIXME - Bug 2505
 
 use CGI qw ( -utf8 );
+use Digest::MD5 qw(md5_base64);
 use C4::Context;
 use C4::Output;
 use C4::Auth;
 use C4::Members;
-use C4::Branch; # GetBranches
-use C4::VirtualShelves (); #no import
 use Module::Load;
+use Koha::Patrons;
+use Koha::Patron::Images;
+use Koha::Token;
+
 if ( C4::Context->preference('NorwegianPatronDBEnable') && C4::Context->preference('NorwegianPatronDBEnable') == 1 ) {
     load Koha::NorwegianPatronDB, qw( NLMarkForDeletion NLSync );
 }
@@ -50,6 +53,12 @@ my ($template, $borrowernumber, $cookie)
 #print $input->header;
 my $member       = $input->param('member');
 
+#Do not delete yourself...
+if ($borrowernumber == $member ) {
+    print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_YOURSELF");
+    exit 0; # Exit without error
+}
+
 # Handle deletion from the Norwegian national patron database, if it is enabled
 # If the "deletelocal" parameter is set to "false", the regular deletion will be
 # short circuited, and only a deletion from the national database can be carried
@@ -76,12 +85,12 @@ my $userenv = C4::Context->userenv;
 if ($bor->{category_type} eq "S") {
     unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) {
         print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF");
-        exit 1;
+        exit 0; # Exit without error
     }
 } else {
     unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) {
        print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
-       exit 1;
+        exit 0; # Exit without error
     }
 }
 
@@ -90,20 +99,17 @@ if (C4::Context->preference("IndependentBranches")) {
     if ( !C4::Context->IsSuperLibrarian() && $bor->{'branchcode'}){
         unless ($userenv->{branch} eq $bor->{'branchcode'}){
             print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_OTHERLIBRARY");
-            exit;
+            exit 0; # Exit without error
         }
     }
 }
 
+my $op = $input->param('op') || 'delete_confirm';
 my $dbh = C4::Context->dbh;
-my $sth=$dbh->prepare("Select * from borrowers where guarantorid=?");
-$sth->execute($member);
-my $data=$sth->fetchrow_hashref;
-if ($countissues > 0 or $flags->{'CHARGES'}  or $data->{'borrowernumber'} or $deletelocal == 0){
-    #   print $input->header;
-
-    my ($picture, $dberror) = GetPatronImage($bor->{'borrowernumber'});
-    $template->param( picture => 1 ) if $picture;
+my $is_guarantor = $dbh->selectrow_array("SELECT COUNT(*) FROM borrowers WHERE guarantorid=?", undef, $member);
+if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'}  or $is_guarantor or $deletelocal == 0) {
+    my $patron_image = Koha::Patron::Images->find($bor->{borrowernumber});
+    $template->param( picture => 1 ) if $patron_image;
 
     $template->param(borrowernumber => $member,
         surname => $bor->{'surname'},
@@ -121,7 +127,6 @@ if ($countissues > 0 or $flags->{'CHARGES'}  or $data->{'borrowernumber'} or $de
         phone => $bor->{'phone'},
         email => $bor->{'email'},
         branchcode => $bor->{'branchcode'},
-        branchname => GetBranchName($bor->{'branchcode'}),
                activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
         RoutingSerials => C4::Context->preference('RoutingSerials'),
     );
@@ -131,19 +136,37 @@ if ($countissues > 0 or $flags->{'CHARGES'}  or $data->{'borrowernumber'} or $de
     if ($flags->{'CHARGES'} ne '') {
         $template->param(charges => $flags->{'CHARGES'}->{'amount'});
     }
-    if ($data->{'borrowernumber'}) {
+    if ($is_guarantor) {
         $template->param(guarantees => 1);
     }
     if ($deletelocal == 0) {
         $template->param(keeplocal => 1);
     }
-output_html_with_http_headers $input, $cookie, $template->output;
-
-} else {
-    MoveMemberToDeleted($member);
-    C4::VirtualShelves::HandleDelBorrower($member);
-    DelMember($member);
+    # This is silly written but reflect the same conditions as above
+    if ( not $countissues > 0 and not $flags->{CHARGES} ne '' and not $is_guarantor and not $deletelocal == 0 ) {
+        $template->param(
+            op         => 'delete_confirm',
+            csrf_token => Koha::Token->new->generate_csrf(
+                {   id     => C4::Context->userenv->{id},
+                    secret => md5_base64( C4::Context->config('pass') ),
+                }
+            ),
+        );
+    }
+} elsif ( $op eq 'delete_confirmed' ) {
+
+    die "Wrong CSRF token"
+        unless Koha::Token->new->check_csrf({
+            id     => C4::Context->userenv->{id},
+            secret => md5_base64( C4::Context->config('pass') ),
+            token  => scalar $input->param('csrf_token'),
+        });
+    my $patron = Koha::Patrons->find( $member );
+    $patron->move_to_deleted;
+    $patron->delete;
+    # TODO Tell the user everything went ok
     print $input->redirect("/cgi-bin/koha/members/members-home.pl");
+    exit 0; # Exit without error
 }
 
-
+output_html_with_http_headers $input, $cookie, $template->output;
KOHA@FFZG based on git://git.koha.org/pub/scm/koha.git