#written 11/1/2000 by chris@katipo.oc.nz
#script to display borrowers account details
-
# Copyright 2000-2002 Katipo Communications
# Copyright 2010 BibLibre
+# Copyright 2019 PTFS Europe
#
# This file is part of Koha.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
-use strict;
-use warnings;
+use Modern::Perl;
+use Try::Tiny qw( catch try );
+use URI::Escape qw( uri_escape_utf8 );
-use C4::Auth;
-use C4::Output;
+use C4::Auth qw( get_template_and_user );
+use C4::Output qw( output_and_exit_if_error output_and_exit output_html_with_http_headers );
use CGI qw ( -utf8 );
use C4::Members;
use C4::Accounts;
-use C4::Items;
-use C4::Branch;
-use C4::Members::Attributes qw(GetBorrowerAttributes);
-use Koha::Patron::Images;
+use Koha::Token;
+
+use Koha::Patrons;
+use Koha::Items;
+use Koha::Old::Items;
+use Koha::Checkouts;
+use Koha::Old::Checkouts;
use Koha::Patron::Categories;
+use Koha::Account::DebitTypes;
+
+my $input = CGI->new;
+my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
+ {
+ template_name => "members/maninvoice.tt",
+ query => $input,
+ type => "intranet",
+ flagsrequired => {
+ borrowers => 'edit_borrowers',
+ updatecharges => 'remaining_permissions'
+ }
+ }
+);
-my $input=new CGI;
-my $flagsrequired = { borrowers => 1 };
+my $borrowernumber = $input->param('borrowernumber');
+my $patron = Koha::Patrons->find($borrowernumber);
+unless ($patron) {
+ print $input->redirect(
+ "/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
+ exit;
+}
-my $borrowernumber=$input->param('borrowernumber');
+my $logged_in_user = Koha::Patrons->find($loggedinuser);
+output_and_exit_if_error(
+ $input, $cookie,
+ $template,
+ {
+ module => 'members',
+ logged_in_user => $logged_in_user,
+ current_patron => $patron
+ }
+);
+my $library_id = C4::Context->userenv->{'branch'};
+my $desc = $input->param('desc');
+my $amount = $input->param('amount');
+my $note = $input->param('note');
+my $debit_type = $input->param('type');
+my $barcode = $input->param('barcode');
+$template->param(
+ desc => $desc,
+ amount => $amount,
+ note => $note,
+ type => $debit_type,
+ barcode => $barcode
+);
-# get borrower details
-my $data=GetMember('borrowernumber'=>$borrowernumber);
-my $add=$input->param('add');
-if ($add){
- if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) {
- # print $input->header;
- my $barcode=$input->param('barcode');
- my $itemnum;
- if ($barcode) {
- $itemnum = GetItemnumberFromBarcode($barcode);
+my $add = $input->param('add');
+if ($add) {
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf(
+ {
+ session_id => scalar $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
}
- my $desc=$input->param('desc');
- my $amount=$input->param('amount');
- my $type=$input->param('type');
- my $note = $input->param('note');
- my $error = manualinvoice( $borrowernumber, $itemnum, $desc, $type, $amount, $note );
- if ($error) {
- my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
- { template_name => "members/maninvoice.tt",
- query => $input,
- type => "intranet",
- authnotrequired => 0,
- flagsrequired => $flagsrequired,
- debug => 1,
+ );
+
+ # Note: If the logged in user is not allowed to see this patron an invoice can be forced
+ # Here we are trusting librarians not to hack the system
+ my $desc = $input->param('desc');
+ my $amount = $input->param('amount');
+ my $note = $input->param('note');
+ my $debit_type = $input->param('type');
+
+ # If barcode is passed, attempt to find the associated item
+ my $failed;
+ my $item_id;
+ my $olditem; # FIXME: When items and deleted_items are merged, we can remove this
+ my $issue_id;
+ if ($barcode) {
+ my $item = Koha::Items->find( { barcode => $barcode } );
+ if ($item) {
+ $item_id = $item->itemnumber;
+ }
+ else {
+ $item = Koha::Old::Items->search( { barcode => $barcode },
+ { order_by => { -desc => 'timestamp' }, rows => 1 } );
+ if ($item->count) {
+ $item_id = $item->next->itemnumber;
+ $olditem = 1;
+ }
+ else {
+ $template->param( error => 'itemnumber' );
+ $failed = 1;
+ }
+ }
+
+ if ( ( $debit_type eq 'LOST' ) && $item_id ) {
+ my $checkouts = Koha::Checkouts->search(
+ {
+ itemnumber => $item_id,
+ borrowernumber => $borrowernumber
}
);
- if ( $error =~ /FOREIGN KEY/ && $error =~ /itemnumber/ ) {
- $template->param( 'ITEMNUMBER' => 1 );
- }
- $template->param( 'ERROR' => $error );
- output_html_with_http_headers $input, $cookie, $template->output;
- } else {
- print $input->redirect("/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber");
- exit;
+ my $checkout =
+ $checkouts->count
+ ? $checkouts->next
+ : Koha::Old::Checkouts->search(
+ {
+ itemnumber => $item_id,
+ borrowernumber => $borrowernumber
+ },
+ { order_by => { -desc => 'returndate' }, rows => 1 }
+ )->next;
+ $issue_id = $checkout ? $checkout->issue_id : undef;
}
}
-} else {
- my ($template, $loggedinuser, $cookie) = get_template_and_user({
- template_name => "members/maninvoice.tt",
- query => $input,
- type => "intranet",
- authnotrequired => 0,
- flagsrequired => { borrowers => 1,
- updatecharges => 'remaining_permissions' },
- debug => 1,
- });
-
- # get authorised values with type of MANUAL_INV
- my @invoice_types;
- my $dbh = C4::Context->dbh;
- my $sth = $dbh->prepare('SELECT * FROM authorised_values WHERE category = "MANUAL_INV"');
- $sth->execute();
- while ( my $row = $sth->fetchrow_hashref() ) {
- push @invoice_types, $row;
- }
- $template->param( invoice_types_loop => \@invoice_types );
-
- if ( $data->{'category_type'} eq 'C') {
- my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']});
- $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1;
- $template->param( 'catcode' => $patron_categories->next ) if $patron_categories->count == 1;
- }
+ unless ($failed) {
+ try {
+ my $line = $patron->account->add_debit(
+ {
+ amount => $amount,
+ description => $desc,
+ note => $note,
+ user_id => $logged_in_user->borrowernumber,
+ interface => 'intranet',
+ library_id => $library_id,
+ type => $debit_type,
+ ( $olditem ? () : ( item_id => $item_id ) ),
+ issue_id => $issue_id
+ }
+ );
- $template->param( adultborrower => 1 ) if ( $data->{'category_type'} eq 'A' );
- my $patron_image = Koha::Patron::Images->find($data->{borrowernumber});
- $template->param( picture => 1 ) if $patron_image;
+ if ( C4::Context->preference('AccountAutoReconcile') ) {
+ $patron->account->reconcile_balance;
+ }
- if (C4::Context->preference('ExtendedPatronAttributes')) {
- my $attributes = GetBorrowerAttributes($borrowernumber);
- $template->param(
- ExtendedPatronAttributes => 1,
- extendedattributes => $attributes
- );
- }
+ if ( $add eq 'save and pay' ) {
+ my $url = sprintf(
+ '/cgi-bin/koha/members/paycollect.pl?borrowernumber=%s&pay_individual=1&debit_type_code=%s&amount=%s&amountoutstanding=%s&description=%s&itemnumber=%s&accountlines_id=%s',
+ map { uri_escape_utf8($_) } (
+ $borrowernumber,
+ $line->debit_type_code,
+ $line->amount,
+ $line->amountoutstanding,
+ $line->description,
+ $line->itemnumber,
+ $line->id
+ )
+ );
- $template->param(%$data);
- $template->param(
- finesview => 1,
- borrowernumber => $borrowernumber,
- categoryname => $data->{'description'},
- branchname => GetBranchName($data->{'branchcode'}),
- is_child => ($data->{'category_type'} eq 'C'),
- activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
- RoutingSerials => C4::Context->preference('RoutingSerials'),
- );
- output_html_with_http_headers $input, $cookie, $template->output;
+ print $input->redirect($url);
+ }
+ else {
+ print $input->redirect(
+ "/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber"
+ );
+ }
+
+ exit;
+ }
+ catch {
+ my $error = $_;
+ if ( ref($error) eq 'Koha::Exceptions::Object::FKConstraint' ) {
+ $template->param( error => $error->broken_fk );
+ }
+ else {
+ $template->param( error => $error );
+ }
+ }
+ }
}
+
+my @debit_types = Koha::Account::DebitTypes->search_with_library_limits(
+ { can_be_invoiced => 1, archived => 0 },
+ {}, $library_id );
+
+$template->param(
+ debit_types => \@debit_types,
+ csrf_token => Koha::Token->new->generate_csrf(
+ { session_id => scalar $input->cookie('CGISESSID') }
+ ),
+ patron => $patron,
+ finesview => 1,
+ );
+output_html_with_http_headers $input, $cookie, $template->output;
projects / srvgit / blobdiff