X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=members%2Fmancredit.pl;h=e77c82defc9140eb8afa0cb889718f78e00fa65f;hb=fc655ca979b733208236981a8cd90430a13b30c5;hp=5a93e956bea7482c98f46d092b797d9fecf56762;hpb=9af6c4e34bc41616c03bb786201a9c10ebf13dab;p=koha-ffzg.git

diff --git a/members/mancredit.pl b/members/mancredit.pl
index 5a93e956be..e77c82defc 100755
--- a/members/mancredit.pl
+++ b/members/mancredit.pl
@@ -3,7 +3,6 @@
 #written 11/1/2000 by chris@katipo.oc.nz
 #script to display borrowers account details
 
-
 # Copyright 2000-2002 Katipo Communications
 # Copyright 2010 BibLibre
 #
@@ -22,86 +21,130 @@
 # You should have received a copy of the GNU General Public License
 # along with Koha; if not, see <http://www.gnu.org/licenses>.
 
-use strict;
-use warnings;
+use Modern::Perl;
 
-use C4::Auth;
-use C4::Output;
+use C4::Auth qw( get_template_and_user );
+use C4::Output qw( output_and_exit_if_error output_and_exit output_html_with_http_headers );
 use CGI qw ( -utf8 );
 
 use C4::Members;
 use C4::Accounts;
-use C4::Items;
-use C4::Members::Attributes qw(GetBorrowerAttributes);
-use Koha::Patrons;
 
+use Koha::Items;
+use Koha::Patrons;
 use Koha::Patron::Categories;
+use Koha::Account::CreditTypes;
+use Koha::AdditionalFields;
 
-my $input=new CGI;
-my $flagsrequired = { borrowers => 1, updatecharges => 1 };
+use Koha::Token;
 
-my $borrowernumber=$input->param('borrowernumber');
+my $input = CGI->new;
+my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
+    {
+        template_name   => "members/mancredit.tt",
+        query           => $input,
+        type            => "intranet",
+        flagsrequired   => {
+            borrowers     => 'edit_borrowers',
+            updatecharges => 'manual_credit'
+        }
+    }
+);
 
-my $patron = Koha::Patrons->find( $borrowernumber );
-unless ( $patron ) {
-    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
-    exit;
-}
-my $add=$input->param('add');
-
-if ($add){
-    if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) {
-        my $barcode = $input->param('barcode');
-        my $itemnum;
-        if ($barcode) {
-            $itemnum = GetItemnumberFromBarcode($barcode);
+my $logged_in_user = Koha::Patrons->find($loggedinuser);
+my $borrowernumber = $input->param('borrowernumber');
+my $patron         = Koha::Patrons->find($borrowernumber);
+
+output_and_exit_if_error(
+    $input, $cookie,
+    $template,
+    {
+        module         => 'members',
+        logged_in_user => $logged_in_user,
+        current_patron => $patron
+    }
+);
+
+my $library_id =
+  C4::Context->userenv ? C4::Context->userenv->{'branch'} : undef;
+
+my $add = $input->param('add');
+if ($add) {
+    output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
+      unless Koha::Token->new->check_csrf(
+        {
+            session_id => scalar $input->cookie('CGISESSID'),
+            token      => scalar $input->param('csrf_token'),
         }
-        my $desc    = $input->param('desc');
-        my $note    = $input->param('note');
-        my $amount  = $input->param('amount') || 0;
-        $amount = -$amount;
-        my $type = $input->param('type');
-        manualinvoice( $borrowernumber, $itemnum, $desc, $type, $amount, $note );
-        print $input->redirect("/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber");
+      );
+
+# Note: If the logged in user is not allowed to see this patron an invoice can be forced
+# Here we are trusting librarians not to hack the system
+    my $barcode = $input->param('barcode');
+    my $item_id;
+    if ($barcode) {
+        my $item = Koha::Items->find( { barcode => $barcode } );
+        $item_id = $item->itemnumber if $item;
     }
-} else {
-    my ($template, $loggedinuser, $cookie) = get_template_and_user(
+    my $description      = $input->param('desc');
+    my $note             = $input->param('note');
+    my $amount           = $input->param('amount') || 0;
+    my $type             = $input->param('type');
+    my $credit_type      = $input->param('credit_type');
+    my $cash_register_id = $input->param('cash_register');
+
+    my $line = $patron->account->add_credit(
         {
-            template_name   => "members/mancredit.tt",
-            query           => $input,
-            type            => "intranet",
-            authnotrequired => 0,
-            flagsrequired   => { borrowers     => 1,
-                                 updatecharges => 'remaining_permissions' },
-            debug           => 1,
+            amount        => $amount,
+            description   => $description,
+            item_id       => $item_id,
+            library_id    => $library_id,
+            note          => $note,
+            type          => $type,
+            user_id       => $logged_in_user->id,
+            interface     => C4::Context->interface,
+            payment_type  => $credit_type,
+            cash_register => $cash_register_id
         }
     );
-					  
-    if ( $patron->category->category_type eq 'C') {
-        my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']});
-        $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1;
-        $template->param( 'catcode' => $patron_categories->next )  if $patron_categories->count == 1;
-    }
 
-    $template->param( adultborrower => 1 ) if ( $patron->category->category_type =~ /^(A|I)$/ );
-    $template->param( picture => 1 ) if $patron->image;
+    my @additional_fields;
+    my $accountline_fields = Koha::AdditionalFields->search({ tablename => 'accountlines:credit' });
+    while ( my $field = $accountline_fields->next ) {
+        my $value = $input->param('additional_field_' . $field->id);
+        if (defined $value) {
+            push @additional_fields, {
+                id => $field->id,
+                value => $value,
+            };
+        }
+    }
+    if (@additional_fields) {
+        $line->set_additional_fields(\@additional_fields);
+    }
 
-    if (C4::Context->preference('ExtendedPatronAttributes')) {
-        my $attributes = GetBorrowerAttributes($borrowernumber);
-        $template->param(
-            ExtendedPatronAttributes => 1,
-            extendedattributes => $attributes
-        );
+    if ( C4::Context->preference('AccountAutoReconcile') ) {
+        $patron->account->reconcile_balance;
     }
 
-    $template->param(%{ $patron->unblessed});
+    print $input->redirect(
+        "/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber");
+    exit;
+}
+else {
+
+    my @credit_types = Koha::Account::CreditTypes->search_with_library_limits(
+        { can_be_added_manually => 1, archived => 0 },
+        {}, $library_id )->as_list;
 
     $template->param(
-        finesview      => 1,
-        borrowernumber => $borrowernumber,
-        categoryname   => $patron->category->description,
-        is_child       => ($patron->category->category_type eq 'C'), # FIXME is_child should be a Koha::Patron method
-        RoutingSerials => C4::Context->preference('RoutingSerials'),
-        );
+        patron       => $patron,
+        credit_types => \@credit_types,
+        finesview    => 1,
+        csrf_token   => Koha::Token->new->generate_csrf(
+            { session_id => scalar $input->cookie('CGISESSID') }
+        ),
+        available_additional_fields => [ Koha::AdditionalFields->search({ tablename => 'accountlines:credit' })->as_list ],
+    );
     output_html_with_http_headers $input, $cookie, $template->output;
 }