Browse Source

Bug 17268: Update patchs per RFC

https://wiki.koha-community.org/wiki/Advanced_editor_macros_endpoint_RFC

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
20.05.x
Nick Clemens 2 years ago
committed by Martin Renvoize
parent
commit
240b52170b
Signed by: martin.renvoize GPG Key ID: 422B469130441A0F
  1. 6
      Koha/REST/V1/AdvancedEditorMacro.pm
  2. 16
      api/v1/swagger/paths.json
  3. 8
      api/v1/swagger/paths/advancededitormacros.json
  4. 12
      koha-tmpl/intranet-tmpl/prog/en/includes/cateditor-ui.inc
  5. 86
      t/db_dependent/api/v1/advanced_editor_macros.t

6
Koha/REST/V1/AdvancedEditorMacro.pm

@ -72,7 +72,7 @@ sub get {
}
if( $macro->shared ){
return $c->render( status => 403, openapi => {
error => "This macro is shared, you must access it via advancededitormacros/shared"
error => "This macro is shared, you must access it via advanced_editor/macros/shared"
});
}
warn $macro->borrowernumber;
@ -104,7 +104,7 @@ sub get_shared {
}
unless( $macro->shared ){
return $c->render( status => 403, openapi => {
error => "This macro is not shared, you must access it via advancededitormacros"
error => "This macro is not shared, you must access it via advanced_editor/macros"
});
}
return $c->render( status => 200, openapi => $macro->to_api );
@ -180,7 +180,7 @@ sub update {
if( $macro->shared == 1 || defined $c->validation->param('body')->{shared} && $c->validation->param('body')->{shared} == 1 ){
return $c->render( status => 403,
openapi => { error => "To update a macro as shared you must use the advancededitormacros/shared endpoint" } );
openapi => { error => "To update a macro as shared you must use the advanced_editor/macros/shared endpoint" } );
} else {
unless ( $macro->borrowernumber == $patron->borrowernumber ){
return $c->render( status => 403,

16
api/v1/swagger/paths.json

@ -68,17 +68,17 @@
"/checkouts/{checkout_id}/allows_renewal": {
"$ref": "paths/checkouts.json#/~1checkouts~1{checkout_id}~1allows_renewal"
},
"/advancededitormacros": {
"$ref": "paths/advancededitormacros.json#/~1advancededitormacros"
"/advanced_editor/macros": {
"$ref": "paths/advancededitormacros.json#/~1advanced_editor~1macros"
},
"/advancededitormacros/{advancededitormacro_id}": {
"$ref": "paths/advancededitormacros.json#/~1advancededitormacros~1{advancededitormacro_id}"
"/advanced_editor/macros/{advancededitormacro_id}": {
"$ref": "paths/advancededitormacros.json#/~1advanced_editor~1macros~1{advancededitormacro_id}"
},
"/advancededitormacros/shared": {
"$ref": "paths/advancededitormacros.json#/~1advancededitormacros~1shared"
"/advanced_editor/macros/shared": {
"$ref": "paths/advancededitormacros.json#/~1advanced_editor~1macros~1shared"
},
"/advancededitormacros/shared/{advancededitormacro_id}": {
"$ref": "paths/advancededitormacros.json#/~1advancededitormacros~1shared~1{advancededitormacro_id}"
"/advanced_editor/macros/shared/{advancededitormacro_id}": {
"$ref": "paths/advancededitormacros.json#/~1advanced_editor~1macros~1shared~1{advancededitormacro_id}"
},
"/patrons": {
"$ref": "paths/patrons.json#/~1patrons"

8
api/v1/swagger/paths/advancededitormacros.json

@ -1,5 +1,5 @@
{
"/advancededitormacros": {
"/advanced_editor/macros": {
"get": {
"x-mojo-to": "AdvancedEditorMacro#list",
"operationId": "listMacro",
@ -127,7 +127,7 @@
}
}
},
"/advancededitormacros/shared": {
"/advanced_editor/macros/shared": {
"post": {
"x-mojo-to": "AdvancedEditorMacro#add_shared",
"operationId": "addsharedAdvancedEditorMacro",
@ -184,7 +184,7 @@
}
}
},
"/advancededitormacros/{advancededitormacro_id}": {
"/advanced_editor/macros/{advancededitormacro_id}": {
"get": {
"x-mojo-to": "AdvancedEditorMacro#get",
"operationId": "getAdvancedEditorMacro",
@ -350,7 +350,7 @@
}
}
},
"/advancededitormacros/shared/{advancededitormacro_id}": {
"/advanced_editor/macros/shared/{advancededitormacro_id}": {
"get": {
"x-mojo-to": "AdvancedEditorMacro#get_shared",
"operationId": "getsharedAdvancedEditorMacro",

12
koha-tmpl/intranet-tmpl/prog/en/includes/cateditor-ui.inc

@ -702,7 +702,7 @@ require( [ 'koha-backend', 'search', 'macros', 'marc-editor', 'marc-record', 'pr
var shared = macroEditor.activeMacroShared;
var id = macroEditor.activeMacroId;
macroEditor.activeMacroId = null;
api_url = "/api/v1/advancededitormacros/";
api_url = "/api/v1/advanced_editor/macros/";
if( shared ) { api_url += "shared/" }
let options = {
url: api_url + id,
@ -741,7 +741,7 @@ require( [ 'koha-backend', 'search', 'macros', 'marc-editor', 'marc-record', 'pr
return;
}
$( '#macro-list li[data-name="' + name + '"][data-id="' + id + '"]' ).addClass( 'active' );
api_url = "/api/v1/advancededitormacros/";
api_url = "/api/v1/advanced_editor/macros/";
if( shared ) { api_url += "shared/" }
let options = {
url: api_url + id,
@ -792,7 +792,7 @@ require( [ 'koha-backend', 'search', 'macros', 'marc-editor', 'marc-record', 'pr
} );
$.each( macro_list, function( index, macro ) {
let options = {
url: "/api/v1/advancededitormacros/",
url: "/api/v1/advanced_editor/macros/",
method: "POST",
contentType: "application/json",
data: JSON.stringify({
@ -838,7 +838,7 @@ require( [ 'koha-backend', 'search', 'macros', 'marc-editor', 'marc-record', 'pr
$("#macro-toolbar").prepend($convert);
}
let options = {
url: "/api/v1/advancededitormacros/",
url: "/api/v1/advanced_editor/macros/",
method: "GET",
contentType: "application/json",
};
@ -866,7 +866,7 @@ require( [ 'koha-backend', 'search', 'macros', 'marc-editor', 'marc-record', 'pr
// if ( !Preferences.user.macros[name] ) storeMacro( name, { format: "rancor", contents: "" } );
let options = {
url: "/api/v1/advancededitormacros/",
url: "/api/v1/advanced_editor/macros/",
method: "POST",
contentType: "application/json",
data: JSON.stringify({
@ -903,7 +903,7 @@ require( [ 'koha-backend', 'search', 'macros', 'marc-editor', 'marc-record', 'pr
if ( !name || macroEditor.savedGeneration == macroEditor.changeGeneration() && was_shared == shared ) return;
macroEditor.savedGeneration = macroEditor.changeGeneration();
api_url = "/api/v1/advancededitormacros/";
api_url = "/api/v1/advanced_editor/macros/";
if( shared || was_shared ) { api_url += "shared/" }
let options = {

86
t/db_dependent/api/v1/advanced_editor_macros.t

@ -85,7 +85,7 @@ subtest 'list() tests' => sub {
my $macros_index = Koha::AdvancedEditorMacros->search({ -or => { shared => 1, borrowernumber => $patron_1->borrowernumber } })->count-1;
## Authorized user tests
# Make sure we are returned with the correct amount of macros
$t->get_ok( "//$userid:$password@/api/v1/advancededitormacros" )
$t->get_ok( "//$userid:$password@/api/v1/advanced_editor/macros" )
->status_is( 200, 'SWAGGER3.2.2' )
->json_has('/' . $macros_index . '/macro_id')
->json_hasnt('/' . ($macros_index + 1) . '/macro_id');
@ -93,25 +93,25 @@ subtest 'list() tests' => sub {
subtest 'query parameters' => sub {
plan tests => 15;
$t->get_ok("//$userid:$password@/api/v1/advancededitormacros?name=" . $macro_2->name)
$t->get_ok("//$userid:$password@/api/v1/advanced_editor/macros?name=" . $macro_2->name)
->status_is(200)
->json_has( [ $macro_2 ] );
$t->get_ok("//$userid:$password@/api/v1/advancededitormacros?name=" . $macro_3->name)
$t->get_ok("//$userid:$password@/api/v1/advanced_editor/macros?name=" . $macro_3->name)
->status_is(200)
->json_has( [ ] );
$t->get_ok("//$userid:$password@/api/v1/advancededitormacros?macro_text=delete 100")
$t->get_ok("//$userid:$password@/api/v1/advanced_editor/macros?macro_text=delete 100")
->status_is(200)
->json_has( [ $macro_1, $macro_2, $macro_4 ] );
$t->get_ok("//$userid:$password@/api/v1/advancededitormacros?patron_id=" . $patron_1->borrowernumber)
$t->get_ok("//$userid:$password@/api/v1/advanced_editor/macros?patron_id=" . $patron_1->borrowernumber)
->status_is(200)
->json_has( [ $macro_1, $macro_2 ] );
$t->get_ok("//$userid:$password@/api/v1/advancededitormacros?shared=1")
$t->get_ok("//$userid:$password@/api/v1/advanced_editor/macros?shared=1")
->status_is(200)
->json_has( [ $macro_2, $macro_4 ] );
};
# Warn on unsupported query parameter
$t->get_ok( "//$userid:$password@/api/v1/advancededitormacros?macro_blah=blah" )
$t->get_ok( "//$userid:$password@/api/v1/advanced_editor/macros?macro_blah=blah" )
->status_is(400)
->json_is( [{ path => '/query/macro_blah', message => 'Malformed query string'}] );
@ -143,26 +143,26 @@ subtest 'get() tests' => sub {
}
});
$t->get_ok( "//$userid:$password@/api/v1/advancededitormacros/" . $macro_1->id )
$t->get_ok( "//$userid:$password@/api/v1/advanced_editor/macros/" . $macro_1->id )
->status_is( 403, 'Cannot get a shared macro via regular endpoint' )
->json_is( '/error' => 'This macro is shared, you must access it via advancededitormacros/shared' );
->json_is( '/error' => 'This macro is shared, you must access it via advanced_editor/macros/shared' );
$t->get_ok( "//$userid:$password@/api/v1/advancededitormacros/shared/" . $macro_1->id )
$t->get_ok( "//$userid:$password@/api/v1/advanced_editor/macros/shared/" . $macro_1->id )
->status_is( 200, 'Can get a shared macro via shared endpoint' )
->json_is( '' => Koha::REST::V1::AdvancedEditorMacro::_to_api( $macro_1->TO_JSON ), 'Macro correctly retrieved' );
$t->get_ok( "//$userid:$password@/api/v1/advancededitormacros/" . $macro_2->id )
$t->get_ok( "//$userid:$password@/api/v1/advanced_editor/macros/" . $macro_2->id )
->status_is( 403, 'Cannot access another users macro' )
->json_is( '/error' => 'You do not have permission to access this macro' );
$t->get_ok( "//$userid:$password@/api/v1/advancededitormacros/" . $macro_3->id )
$t->get_ok( "//$userid:$password@/api/v1/advanced_editor/macros/" . $macro_3->id )
->status_is( 200, 'Can get your own private macro' )
->json_is( '' => Koha::REST::V1::AdvancedEditorMacro::_to_api( $macro_3->TO_JSON ), 'Macro correctly retrieved' );
my $non_existent_code = $macro_1->id;
$macro_1->delete;
$t->get_ok( "//$userid:$password@/api/v1/advancededitormacros/" . $non_existent_code )
$t->get_ok( "//$userid:$password@/api/v1/advanced_editor/macros/" . $non_existent_code )
->status_is(404)
->json_is( '/error' => 'Macro not found' );
@ -205,14 +205,14 @@ subtest 'add() tests' => sub {
$macro->delete;
# Unauthorized attempt to write
$t->post_ok( "//$unauth_userid:$password@/api/v1/advancededitormacros" => json => $macro_values )
$t->post_ok( "//$unauth_userid:$password@/api/v1/advanced_editor/macros" => json => $macro_values )
->status_is(403);
# Authorized attempt to write invalid data
my $macro_with_invalid_field = { %$macro_values };
$macro_with_invalid_field->{'big_mac_ro'} = 'Mac attack';
$t->post_ok( "//$auth_userid:$password@/api/v1/advancededitormacros" => json => $macro_with_invalid_field )
$t->post_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros" => json => $macro_with_invalid_field )
->status_is(400)
->json_is(
"/errors" => [
@ -224,14 +224,14 @@ subtest 'add() tests' => sub {
);
# Authorized attempt to write
$t->post_ok( "//$auth_userid:$password@/api/v1/advancededitormacros" => json => $macro_values )
$t->post_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros" => json => $macro_values )
->status_is( 201, 'SWAGGER3.2.1' )
->json_has( '/macro_id', 'We generated a new id' )
->json_is( '/name' => $macro_values->{name}, 'The name matches what we supplied' )
->json_is( '/macro_text' => $macro_values->{macro_text}, 'The text matches what we supplied' )
->json_is( '/patron_id' => $macro_values->{patron_id}, 'The borrower matches the borrower who submitted' )
->json_is( '/shared' => 0, 'The macro is not shared' )
->header_like( Location => qr|^\/api\/v1\/advancededitormacros\/d*|, 'Correct location' );
->json_is( '/shared' => Mojo::JSON->false, 'The macro is not shared' )
->header_like( Location => qr|^\/api\/v1\/advanced_editor/macros\/d*|, 'Correct location' );
# save the library_id
my $macro_id = 999;
@ -239,7 +239,7 @@ subtest 'add() tests' => sub {
# Authorized attempt to create with existing id
$macro_values->{macro_id} = $macro_id;
$t->post_ok( "//$auth_userid:$password@/api/v1/advancededitormacros" => json => $macro_values )
$t->post_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros" => json => $macro_values )
->status_is(400)
->json_is( '/errors' => [
{
@ -249,14 +249,14 @@ subtest 'add() tests' => sub {
]
);
$macro_values->{shared} = 1;
$macro_values->{shared} = Mojo::JSON->true;
delete $macro_values->{macro_id};
# Unauthorized attempt to write a shared macro on private endpoint
$t->post_ok( "//$auth_userid:$password@/api/v1/advancededitormacros" => json => $macro_values )
$t->post_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros" => json => $macro_values )
->status_is(403);
# Unauthorized attempt to write a private macro on shared endpoint
$t->post_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/shared" => json => $macro_values )
$t->post_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/shared" => json => $macro_values )
->status_is(403);
$builder->build({
@ -269,11 +269,11 @@ subtest 'add() tests' => sub {
});
# Authorized attempt to write a shared macro on private endpoint
$t->post_ok( "//$auth_userid:$password@/api/v1/advancededitormacros" => json => $macro_values )
$t->post_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros" => json => $macro_values )
->status_is(403);
# Authorized attempt to write a shared macro on shared endpoint
$t->post_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/shared" => json => $macro_values )
$t->post_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/shared" => json => $macro_values )
->status_is(201);
};
@ -319,7 +319,7 @@ subtest 'update() tests' => sub {
delete $macro_values->{macro_id};
# Unauthorized attempt to update
$t->put_ok( "//$unauth_userid:$password@/api/v1/advancededitormacros/$macro_id"
$t->put_ok( "//$unauth_userid:$password@/api/v1/advanced_editor/macros/$macro_id"
=> json => { name => 'New unauthorized name change' } )
->status_is(403);
@ -328,7 +328,7 @@ subtest 'update() tests' => sub {
name => "Call it macro-roni",
};
$t->put_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/$macro_id" => json => $macro_with_missing_field )
$t->put_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/$macro_id" => json => $macro_with_missing_field )
->status_is(400)
->json_has( "/errors" =>
[ { message => "Missing property.", path => "/body/macro_text" } ]
@ -338,10 +338,10 @@ subtest 'update() tests' => sub {
name => "Macro-update",
macro_text => "delete 100",
patron_id => $authorized_patron->borrowernumber,
shared => 0,
shared => Mojo::JSON->false,
};
my $test = $t->put_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/$macro_id" => json => $macro_update )
my $test = $t->put_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/$macro_id" => json => $macro_update )
->status_is(200, 'Authorized user can update a macro')
->json_is( '/macro_id' => $macro_id, 'We get the id back' )
->json_is( '/name' => $macro_update->{name}, 'We get the name back' )
@ -350,11 +350,11 @@ subtest 'update() tests' => sub {
->json_is( '/shared' => $macro_update->{shared}, 'It should still not be shared' );
# Now try to make the macro shared
$macro_update->{shared} = 1;
$macro_update->{shared} = Mojo::JSON->true;
$t->put_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/shared/$macro_id" => json => $macro_update )
$t->put_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/shared/$macro_id" => json => $macro_update )
->status_is(403, 'Cannot make your macro shared on private endpoint');
$t->put_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/shared/$macro_id" => json => $macro_update )
$t->put_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/shared/$macro_id" => json => $macro_update )
->status_is(403, 'Cannot make your macro shared without permission');
$builder->build({
@ -366,22 +366,22 @@ subtest 'update() tests' => sub {
},
});
$t->put_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/$macro_id" => json => $macro_update )
$t->put_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/$macro_id" => json => $macro_update )
->status_is(403, 'Cannot make your macro shared on the private endpoint');
$t->put_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/shared/$macro_id" => json => $macro_update )
$t->put_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/shared/$macro_id" => json => $macro_update )
->status_is(200, 'Can update macro to shared with permission')
->json_is( '/macro_id' => $macro_id, 'We get back the id' )
->json_is( '/name' => $macro_update->{name}, 'We get back the name' )
->json_is( '/macro_text' => $macro_update->{macro_text}, 'We get back the text' )
->json_is( '/patron_id' => $macro_update->{patron_id}, 'We get back our patron id' )
->json_is( '/shared' => 1, 'It is shared' );
->json_is( '/shared' => Mojo::JSON->true, 'It is shared' );
# Authorized attempt to write invalid data
my $macro_with_invalid_field = { %$macro_update };
$macro_with_invalid_field->{'big_mac_ro'} = 'Mac attack';
$t->put_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/$macro_id" => json => $macro_with_invalid_field )
$t->put_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/$macro_id" => json => $macro_with_invalid_field )
->status_is(400)
->json_is(
"/errors" => [
@ -396,10 +396,10 @@ subtest 'update() tests' => sub {
my $non_existent_code = $non_existent_macro->id;
$non_existent_macro->delete;
$t->put_ok("//$auth_userid:$password@/api/v1/advancededitormacros/$non_existent_code" => json => $macro_update)
$t->put_ok("//$auth_userid:$password@/api/v1/advanced_editor/macros/$non_existent_code" => json => $macro_update)
->status_is(404);
$t->put_ok("//$auth_userid:$password@/api/v1/advancededitormacros/$macro_2_id" => json => $macro_update)
$t->put_ok("//$auth_userid:$password@/api/v1/advanced_editor/macros/$macro_2_id" => json => $macro_update)
->status_is(403, "Cannot update other borrowers private macro");
};
@ -442,18 +442,18 @@ subtest 'delete() tests' => sub {
my $macro_2_id = $macro_2->id;
# Unauthorized attempt to delete
$t->delete_ok( "//$unauth_userid:$password@/api/v1/advancededitormacros/$macro_2_id")
$t->delete_ok( "//$unauth_userid:$password@/api/v1/advanced_editor/macros/$macro_2_id")
->status_is(403, "Cannot delete macro without permission");
$t->delete_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/$macro_id")
$t->delete_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/$macro_id")
->status_is(200, 'Can delete macro with permission');
$t->delete_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/$macro_2_id")
$t->delete_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/$macro_2_id")
->status_is(403, 'Cannot delete other users macro with permission');
$macro_2->shared(1)->store();
$t->delete_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/shared/$macro_2_id")
$t->delete_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/shared/$macro_2_id")
->status_is(403, 'Cannot delete other users shared macro without permission');
$builder->build({
@ -464,9 +464,9 @@ subtest 'delete() tests' => sub {
code => 'delete_shared_macros',
},
});
$t->delete_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/$macro_2_id")
$t->delete_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/$macro_2_id")
->status_is(403, 'Cannot delete other users shared macro with permission on private endpoint');
$t->delete_ok( "//$auth_userid:$password@/api/v1/advancededitormacros/shared/$macro_2_id")
$t->delete_ok( "//$auth_userid:$password@/api/v1/advanced_editor/macros/shared/$macro_2_id")
->status_is(200, 'Can delete other users shared macro with permission');
};

Loading…
Cancel
Save