Bug 35469: Add 'manage_bookings' subpermission to /checkouts

This patch adds the 'manage_bookings' permission to allow fetching of
checkouts on the API should the user have 'manage_bookings' but not have
'circulate_remaining_permissions'

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

api/v1/swagger/paths/checkouts.yaml

@@ -59,7 +59,8 @@
           $ref: "../swagger.yaml#/definitions/error"
     x-koha-authorization:
       permissions:
-        circulate: circulate_remaining_permissions
+        - circulate: circulate_remaining_permissions
+        - circulate: manage_bookings
   post:
     x-mojo-to: Checkouts#add
     operationId: addCheckout

t/db_dependent/api/v1/checkouts.t

@@ -17,7 +17,7 @@
 
 use Modern::Perl;
 
-use Test::More tests => 105;
+use Test::More tests => 108;
 use Test::MockModule;
 use Test::Mojo;
 use t::lib::Mocks;
@@ -70,6 +70,28 @@ $t->get_ok( "//$userid:$password@/api/v1/checkouts?patron_id=$notexisting_patron
   ->status_is(200)
   ->json_is([]);
 
+my $bookings_librarian = $builder->build_object(
+    {
+        class => 'Koha::Patrons',
+        value => { flags => 0 }     # no additional permissions
+    }
+);
+$builder->build(
+    {
+        source => 'UserPermission',
+        value  => {
+            borrowernumber => $bookings_librarian->borrowernumber,
+            module_bit     => 1,
+            code           => 'manage_bookings',
+        },
+    }
+);
+$bookings_librarian->set_password( { password => $password, skip_validation => 1 } );
+my $bookings_userid = $bookings_librarian->userid;
+
+$t->get_ok("//$bookings_userid:$password@/api/v1/checkouts?patron_id=$patron_id")
+    ->status_is( 200, 'manage_bookings allows checkouts access' )->json_is( [] );
+
 Koha::CirculationRules->set_rules(
     {
         categorycode => undef,