Bug 25411: Add special handling for public plugin routes

This patch implements the required logic in the API code so plugins are
not affected by the new RESTPublicAnonymousRequests system preference.
It is up to the plugin develpers to handle this

To test:
1. Apply the tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/REST/Plugin/PluginRoutes.t
=> FAIL: Notice the tests fail
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Yay! Not bad for a friday evening!
5. Sign off :-D

Sponsored-by: ByWater Solutions
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Koha/REST/V1/Auth.pm

@@ -63,7 +63,17 @@ sub under {
 
         # /api/v1/{namespace}
         my $namespace = $c->req->url->to_abs->path->[2] // '';
-        my $is_public = ($namespace eq 'public') ? 1 : 0;
+
+        my $is_public = 0; # By default routes are not public
+        my $is_plugin = 0;
+
+        if ( $namespace eq 'public' ) {
+            $is_public = 1;
+        }
+
+        if ( $namespace eq 'contrib' ) {
+            $is_plugin = 1;
+        }
 
         if ( $is_public
             and !C4::Context->preference('RESTPublicAPI') )
@@ -80,7 +90,7 @@ sub under {
             $status = 1;
         }
         else {
-            $status = authenticate_api_request($c, { is_public => $is_public });
+            $status = authenticate_api_request($c, { is_public => $is_public, is_plugin => $is_plugin });
         }
 
     } catch {
@@ -242,7 +252,7 @@ sub authenticate_api_request {
     if ( !$authorization and
          ( $params->{is_public} and
           ( C4::Context->preference('RESTPublicAnonymousRequests') or
-            $user) ) ) {
+            $user) ) or $params->{is_plugin} ) {
         # We do not need any authorization
         # Check the parameters
         validate_query_parameters( $c, $spec );