'/cgi-bin/koha/opac-shelves.pl?display=privateshelves&viewshelf=';
use CGI qw ( -utf8 );
-use Email::Valid;
-use C4::Auth;
+use C4::Auth qw( get_template_and_user );
use C4::Context;
use C4::Letters;
-use C4::Members ();
-use C4::Output;
+use C4::Output qw( output_html_with_http_headers );
+use Koha::Email;
use Koha::Patrons;
use Koha::Virtualshelves;
use Koha::Virtualshelfshares;
# if virtualshelves is disabled, leave immediately
if ( ! C4::Context->preference('virtualshelves') ) {
- my $query = new CGI;
+ my $query = CGI->new;
print $query->redirect("/cgi-bin/koha/errors/404.pl");
exit;
}
show_accept($pvar) if $pvar->{op} eq 'accept';
}
load_template_vars($pvar);
-output_html_with_http_headers $pvar->{query}, $pvar->{cookie},
- $pvar->{template}->output;
+output_html_with_http_headers $pvar->{query}, $pvar->{cookie}, $pvar->{template}->output, undef, { force_no_caching => 1 };
#-------------------------------------------------------------------------------
sub _init {
my ($param) = @_;
- my $query = new CGI;
+ my $query = CGI->new;
$param->{query} = $query;
$param->{shelfnumber} = $query->param('shelfnumber') || 0;
$param->{op} = $query->param('op') || '';
$shelf = Koha::Virtualshelves->find( $shelfnumber ) unless $param->{errcode};
$param->{shelfname} = $shelf ? $shelf->shelfname : q||;
$param->{owner} = $shelf ? $shelf->owner : -1;
- $param->{category} = $shelf ? $shelf->category : -1;
+ $param->{public} = $shelf ? $shelf->public : 0;
load_template($param);
return $param;
my $shelfnumber = $param->{shelfnumber};
my $shelf = Koha::Virtualshelves->find( $shelfnumber );
- # The key for accepting is checked later in Koha::Virtualshelf->share
+ # The key for accepting is checked later in Koha::Virtualshelfshare
# You must not be the owner and the list must be private
- if ( $shelf->category == 2 or $shelf->owner == $param->{loggedinuser} ) {
- return;
+ if( !$shelf ) {
+ $param->{errcode} = 2;
+ } elsif( $shelf->public ) {
+ $param->{errcode} = 5;
+ } elsif( $shelf->owner == $param->{loggedinuser} ) {
+ $param->{errcode} = 8;
}
-
- # We could have used ->find with the share id, but we don't want to change
- # the url sent to the patron
- my $shared_shelves = Koha::Virtualshelfshares->search(
- {
- shelfnumber => $param->{shelfnumber},
- },
- {
- order_by => { -desc => 'sharedate' },
- }
- );
-
- if ( $shared_shelves ) {
- my $key = keytostring( stringtokey( $param->{key}, 0 ), 1 );
- while ( my $shared_shelf = $shared_shelves->next ) {
- my $is_accepted = eval { $shared_shelf->accept( $key, $param->{loggedinuser} ) };
- if ( $is_accepted ) {
- notify_owner($param);
-
- #redirect to view of this shared list
- print $param->{query}->redirect(
- -uri => SHELVES_URL . $param->{shelfnumber},
- -cookie => $param->{cookie}
- );
- exit;
- }
+ return if $param->{errcode};
+
+ # Look for shelfnumber and invitekey in shares, expiration check later
+ my $key = keytostring( stringtokey( $param->{key}, 0 ), 1 );
+ my $shared_shelves = Koha::Virtualshelfshares->search({
+ shelfnumber => $param->{shelfnumber},
+ invitekey => $key,
+ });
+ my $shared_shelf = $shared_shelves ? $shared_shelves->next : undef; # we pick the first, but there should only be one
+
+ if ( $shared_shelf ) {
+ my $is_accepted = eval { $shared_shelf->accept( $key, $param->{loggedinuser} ) };
+ if( $is_accepted ) {
+ notify_owner($param);
+ #redirect to view of this shared list
+ print $param->{query}->redirect(
+ -uri => SHELVES_URL . $param->{shelfnumber},
+ -cookie => $param->{cookie}
+ );
+ exit;
}
- $param->{errcode} = 7; #not accepted (key not found or expired)
- } else {
- # This shelf is not shared
}
+ $param->{errcode} = 7; # not accepted: key invalid or expired
}
sub notify_owner {
foreach my $a (@temp) {
$a =~ s/^\s+//;
$a =~ s/\s+$//;
- if ( IsEmailAddress($a) ) {
+ if ( Koha::Email->is_valid($a) ) {
push @appr_addr, $a;
}
else {
#sharing user should be the owner
#list should be private
$param->{errcode} = 4 if $param->{owner} != $param->{loggedinuser};
- $param->{errcode} = 5 if !$param->{errcode} && $param->{category} != 1;
+ $param->{errcode} = 5 if !$param->{errcode} && $param->{public};
return !defined $param->{errcode};
}
);
}
-sub IsEmailAddress {
-
- #TODO candidate for a module?
- return Email::Valid->address( $_[0] ) ? 1 : 0;
-}
-
sub randomlist {
#uses rand, safe enough for this application but not for more sensitive data