use Encode qw( decode );
use URI::Escape;
use File::Temp;
-use C4::Reports::Guided;
+use C4::Reports::Guided qw( delete_report get_report_areas convert_sql update_sql get_saved_reports get_results ValidateSQLParameters format_results get_report_types get_columns get_from_dictionary get_criteria build_query save_report execute_query nb_rows get_report_groups );
use Koha::Reports;
-use C4::Auth qw/:DEFAULT get_session/;
-use C4::Output;
-use C4::Debug;
+use C4::Auth qw( get_template_and_user get_session );
+use C4::Output qw( pagination_bar output_html_with_http_headers );
use C4::Context;
use Koha::Caches;
-use C4::Log;
-use Koha::DateUtils qw/dt_from_string output_pref/;
+use C4::Log qw( logaction );
+use Koha::DateUtils qw( dt_from_string output_pref );
use Koha::AuthorisedValue;
use Koha::AuthorisedValues;
use Koha::BiblioFrameworks;
use Koha::Libraries;
use Koha::Patron::Categories;
use Koha::SharedContent;
-use Koha::Util::OpenDocument;
+use Koha::Util::OpenDocument qw( generate_ods );
+use C4::ClassSource qw( GetClassSources );
=head1 NAME
=cut
-my $input = new CGI;
+my $input = CGI->new;
my $usecache = Koha::Caches->get_instance->memcached_cache;
my $phase = $input->param('phase') // '';
template_name => "reports/guided_reports_start.tt",
query => $input,
type => "intranet",
- authnotrequired => 0,
flagsrequired => { reports => $flagsrequired },
- debug => 1,
}
);
-my $session = $cookie ? get_session($cookie->value) : undef;
+my $session_id = $input->cookie('CGISESSID');
+my $session = $session_id ? get_session($session_id) : undef;
my $filter;
if ( $input->param("filter_set") or $input->param('clear_filters') ) {
'notes' => $report->notes,
'sql' => $report->savedsql,
'showsql' => 1,
- 'mana_success' => $input->param('mana_success'),
'mana_success' => scalar $input->param('mana_success'),
'mana_id' => $report->{mana_id},
'mana_comments' => $report->{comments}
my $cache_expiry_units = $input->param('cache_expiry_units');
my $public = $input->param('public');
my $save_anyway = $input->param('save_anyway');
-
my @errors;
# if we have the units, then we came from creating a report from SQL and thus need to handle converting units
create_non_existing_group_and_subgroup($input, $group, $subgroup);
- if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) {
- push @errors, {sqlerr => $1};
- }
- elsif ($sql !~ /^(SELECT)/i) {
- push @errors, {queryerr => "No SELECT"};
- }
+ my ( $is_sql_valid, $validation_errors ) = Koha::Report->new({ savedsql => $sql })->is_sql_valid;
+ push(@errors, @$validation_errors) unless $is_sql_valid;
if (@errors) {
$template->param(
create_non_existing_group_and_subgroup($input, $group, $subgroup);
## FIXME this is AFTER entering a name to save the report under
- if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) {
- push @errors, {sqlerr => $1};
- }
- elsif ($sql !~ /^(SELECT)/i) {
- push @errors, {queryerr => "No SELECT"};
- }
+ my ( $is_sql_valid, $validation_errors ) = Koha::Report->new({ savedsql => $sql })->is_sql_valid;
+ push(@errors, @$validation_errors) unless $is_sql_valid;
if (@errors) {
$template->param(
} elsif ( $authorised_value eq "date" ) {
# require a date, provide a date picker
$input = 'date';
+ } elsif ( $authorised_value eq "list" ) {
+ # require a list, provide a textarea
+ $input = 'textarea';
} else {
# defined $authorised_value, and not 'date'
my $dbh=C4::Context->dbh;
}
}
elsif ( $authorised_value eq "biblio_framework" ) {
- my @frameworks = Koha::BiblioFrameworks->search({}, { order_by => ['frameworktext'] });
+ my @frameworks = Koha::BiblioFrameworks->search({}, { order_by => ['frameworktext'] })->as_list;
my $default_source = '';
push @authorised_values,$default_source;
$authorised_lib{$default_source} = 'Default';
}
}
elsif ( $authorised_value eq "categorycode" ) {
- my @patron_categories = Koha::Patron::Categories->search({}, { order_by => ['description']});
+ my @patron_categories = Koha::Patron::Categories->search({}, { order_by => ['description']})->as_list;
%authorised_lib = map { $_->categorycode => $_->description } @patron_categories;
push @authorised_values, $_->categorycode for @patron_categories;
}
+ elsif ( $authorised_value eq "cash_registers" ) {
+ my $sth = $dbh->prepare("SELECT id, name FROM cash_registers ORDER BY description");
+ $sth->execute;
+ while ( my ( $id, $name ) = $sth->fetchrow_array ) {
+ push @authorised_values, $id;
+ $authorised_lib{$id} = $name;
+ }
+ }
+ elsif ( $authorised_value eq "debit_types" ) {
+ my $sth = $dbh->prepare("SELECT code, description FROM account_debit_types ORDER BY code");
+ $sth->execute;
+ while ( my ( $code, $description ) = $sth->fetchrow_array ) {
+ push @authorised_values, $code;
+ $authorised_lib{$code} = $description;
+ }
+ }
+ elsif ( $authorised_value eq "credit_types" ) {
+ my $sth = $dbh->prepare("SELECT code, description FROM account_credit_types ORDER BY code");
+ $sth->execute;
+ while ( my ( $code, $description ) = $sth->fetchrow_array ) {
+ push @authorised_values, $code;
+ $authorised_lib{$code} = $description;
+ }
+ }
else {
if ( Koha::AuthorisedValues->search({ category => $authorised_value })->count ) {
my $query = '
'reports' => $report_id,
);
} else {
- my ($sql,$header_types) = get_prepped_report( $sql, \@param_names, \@sql_params);
+ my ($sql,$header_types) = $report->prep_report( \@param_names, \@sql_params );
$template->param(header_types => $header_types);
- my ( $sth, $errors ) = execute_query( $sql, $offset, $limit, undef, $report_id );
- my $total = nb_rows($sql) || 0;
- unless ($sth) {
+ my ( $sth, $errors ) = execute_query(
+ {
+ sql => $sql,
+ offset => $offset,
+ limit => $limit,
+ report_id => $report_id,
+ }
+ );
+ my $total;
+ if (!$sth) {
die "execute_query failed to return sth for report $report_id: $sql";
- } else {
+ } elsif ( !$errors ) {
+ $total = nb_rows($sql) || 0;
my $headers = header_cell_loop($sth);
$template->param(header_row => $headers);
while (my $row = $sth->fetchrow_arrayref()) {
push @rows, { cells => \@cells };
}
if( $want_full_chart ){
- my ($sth2, $errors2) = execute_query($sql);
+ my ( $sth2, $errors2 ) = execute_query( { sql => $sql, report_id => $report_id } );
while (my $row = $sth2->fetchrow_arrayref()) {
my @cells = map { +{ cell => $_ } } @$row;
push @allrows, { cells => \@cells };
}
}
- }
- my $totpages = int($total/$limit) + (($total % $limit) > 0 ? 1 : 0);
- my $url = "/cgi-bin/koha/reports/guided_reports.pl?reports=$report_id&phase=Run%20this%20report&limit=$limit&want_full_chart=$want_full_chart";
- if (@param_names) {
- $url = join('&param_name=', $url, map { URI::Escape::uri_escape_utf8($_) } @param_names);
- }
- if (@sql_params) {
- $url = join('&sql_params=', $url, map { URI::Escape::uri_escape_utf8($_) } @sql_params);
- }
+ my $totpages = int($total/$limit) + (($total % $limit) > 0 ? 1 : 0);
+ my $url = "/cgi-bin/koha/reports/guided_reports.pl?reports=$report_id&phase=Run%20this%20report&limit=$limit&want_full_chart=$want_full_chart";
+ if (@param_names) {
+ $url = join('&param_name=', $url, map { URI::Escape::uri_escape_utf8($_) } @param_names);
+ }
+ if (@sql_params) {
+ $url = join('&sql_params=', $url, map { URI::Escape::uri_escape_utf8($_) } @sql_params);
+ }
+ $template->param(
+ 'results' => \@rows,
+ 'allresults' => \@allrows,
+ 'pagination_bar' => pagination_bar($url, $totpages, scalar $input->param('page')),
+ 'unlimited_total' => $total,
+ );
+ }
$template->param(
- 'results' => \@rows,
- 'allresults' => \@allrows,
- 'sql' => $sql,
- original_sql => $original_sql,
- 'id' => $report_id,
- 'execute' => 1,
- 'name' => $name,
- 'notes' => $notes,
- 'errors' => defined($errors) ? [ $errors ] : undef,
- 'pagination_bar' => pagination_bar($url, $totpages, scalar $input->param('page')),
- 'unlimited_total' => $total,
- 'sql_params' => \@sql_params,
- 'param_names' => \@param_names,
+ 'sql' => $sql,
+ original_sql => $original_sql,
+ 'id' => $report_id,
+ 'execute' => 1,
+ 'name' => $name,
+ 'notes' => $notes,
+ 'errors' => defined($errors) ? [$errors] : undef,
+ 'sql_params' => \@sql_params,
+ 'param_names' => \@param_names,
);
}
}
my $reportname = $input->param('reportname');
my $reportfilename = $reportname ? "$reportname-reportresults.$format" : "reportresults.$format" ;
- ($sql, undef) = get_prepped_report( $sql, \@param_names, \@sql_params );
- my ($sth, $q_errors) = execute_query($sql);
+ ($sql, undef) = $report->prep_report( \@param_names, \@sql_params );
+ my ( $sth, $q_errors ) = execute_query( { sql => $sql, report_id => $report_id } );
unless ($q_errors and @$q_errors) {
my ( $type, $content );
if ($format eq 'tab') {
$content .= join("\t", map { $_ // '' } @$row) . "\n";
}
} else {
- my $delimiter = C4::Context->preference('delimiter') || ',';
+ my $delimiter = C4::Context->preference('CSVDelimiter') || ',';
if ( $format eq 'csv' ) {
$delimiter = "\t" if $delimiter eq 'tabulation';
$type = 'application/csv';
}
}
-# pass $sth and sql_params, get back an executable query
-sub get_prepped_report {
- my ($sql, $param_names, $sql_params ) = @_;
-
- # First we split out the placeholders
- # This part of the code supports using [[ table.field | alias ]] in the
- # query and replaces it by table.field AS alias. Not sure why we would
- # need it if we can type the latter (which is simpler)?
- my @split = split /\[\[|\]\]/,$sql;
- my $headers;
- for(my $i=0;$i<$#split/2;$i++){ #The placeholders are always the odd elements of the array
- my ($type,$name) = split /\|/,$split[$i*2+1]; # We split them on '|'
- $headers->{$name} = $type; # Store as a lookup for the template
- $headers->{$name} =~ s/^\w*\.//; # strip the table name just as in $sth->{NAME} array
- $split[$i*2+1] =~ s/(\||\?|\.|\*|\(|\)|\%)/\\$1/g; #Quote any special characters so we can replace the placeholders
- $name = C4::Context->dbh->quote($name);
- $sql =~ s/\[\[$split[$i*2+1]\]\]/$type AS $name/; # Remove placeholders from SQL
- }
-
- my %lookup;
- @lookup{@$param_names} = @$sql_params;
- @split = split /<<|>>/,$sql;
- my @tmpl_parameters;
- for(my $i=0;$i<$#split/2;$i++) {
- my $quoted = @$param_names ? $lookup{ $split[$i*2+1] } : @$sql_params[$i];
- # if there are special regexp chars, we must \ them
- $split[$i*2+1] =~ s/(\||\?|\.|\*|\(|\)|\%)/\\$1/g;
- if ($split[$i*2+1] =~ /\|\s*date\s*$/) {
- $quoted = output_pref({ dt => dt_from_string($quoted), dateformat => 'iso', dateonly => 1 }) if $quoted;
- }
- $quoted = C4::Context->dbh->quote($quoted);
- $sql =~ s/<<$split[$i*2+1]>>/$quoted/;
- }
- return $sql,$headers;
-}
projects / srvgit / blobdiff