Bug 37535: Adding a debit via API will show the belated patron as the librarian that caused the debit

This patch fixes the addPatronDebit route so that the librarian that caused the debit is taken from either the requests payload user_id or if not set from the api user. Test plan: a) enable system preference RESTBasicAuth b) use a REST client to send a POST request with the following JSON body to http://localhost:8081/api/v1/patrons/5/account/debits { "amount": 1.23, "description": "some description", "internal_note": "internal_note", "type": "MANUAL" } Authentication username and password is "koha" c) verify that "user_id" is the same as patron_id in response. d) send a different request including user_id to the same endpoint { "amount": 1.23, "description": "some description", "internal_note": "internal_note", "type": "MANUAL", "user_id": 19 } e) verify that "user_id" is the same as patron_id in response. f) apply patch and repeat step b) and d) e) verify that user_id in b) is now 51 (which is the borrowernumber of koha user) f) verify that user_id in d) is now 19 as defined in request g) recheck on http://localhost:8081/cgi-bin/koha/members/accountline-details.pl?accountlines_id=<account_line_id> (from response) that column Librarian now says the user from user_id h) sign off :) Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-07-31 14:40:16 +02:00 · 2024-07-31 14:40:16 +02:00 · 1293980793
commit 1293980793
parent c1fa65d72d
1 changed files with 7 additions and 8 deletions
--- a/Koha/REST/V1/Patrons/Account.pm
+++ b/Koha/REST/V1/Patrons/Account.pm
@ -207,14 +207,14 @@ sub add_debit {
    my $c = shift->openapi->valid_input or return;

    my $patron = Koha::Patrons->find( $c->param('patron_id') );
+    my $user   = $c->stash('koha.user');

    return $c->render_resource_not_found("Patron")
-        unless $patron;
+      unless $patron;

    return try {
        my $data =
-          Koha::Account::Debit->new_from_api( $c->req->json )
-          ->unblessed;
+          Koha::Account::Debit->new_from_api( $c->req->json )->unblessed;

        $data->{library_id}       = delete $data->{branchcode};
        $data->{type}             = delete $data->{debit_type_code};
@ -223,11 +223,10 @@ sub add_debit {
        $data->{transaction_type} = delete $data->{payment_type};
        $data->{interface}        = 'api'
          ; # Should this always be API, or should we allow the API consumer to choose?
-        $data->{user_id} = $patron->borrowernumber
-          ; # Should this be API user OR staff the API may be acting on behalf of?
+        $data->{user_id} = delete $data->{manager_id} || $user->id;

        my $debit = $patron->account->add_debit($data);
-        $debit = Koha::Account::Debit->_new_from_dbic($debit->{_result});
+        $debit = Koha::Account::Debit->_new_from_dbic( $debit->{_result} );

        $c->res->headers->location(
            $c->req->url->to_string . '/' . $debit->id );
@ -248,13 +247,13 @@ sub add_debit {
            }
            elsif ( $_->isa('Koha::Exceptions::Account::AmountNotPositive') ) {
                return $c->render(
-                    status => 400,
+                    status  => 400,
                    openapi => { error => $_->description }
                );
            }
            elsif ( $_->isa('Koha::Exceptions::Account::UnrecognisedType') ) {
                return $c->render(
-                    status => 400,
+                    status  => 400,
                    openapi => { error => $_->description }
                );
            }