Bug 34287: Add check on public availability endpoint

A quick check for patron equals current user in the public availability
endpoint.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

api/v1/swagger/paths/checkouts.yaml

@@ -411,3 +411,5 @@
         description: Under maintenance
         schema:
           $ref: "../swagger.yaml#/definitions/error"
+    x-koha-authorization:
+      allow-owner: true

t/db_dependent/api/v1/checkouts.t

@@ -342,9 +342,8 @@ subtest 'get_availability' => sub {
         $t->get_ok("/api/v1/public/checkouts/availability?item_id=$item1_id&patron_id=$patron_id")->status_is(401);
 
         # Only allow availability lookup for self
-        $t->get_ok(
-            "//$userid:$password@/api/v1/public/checkouts/availability?item_id=$item1_id&patron_id=$patron_id"
-        )->status_is(403);
+        $t->get_ok("//$userid:$password@/api/v1/public/checkouts/availability?item_id=$item1_id&patron_id=$patron_id")
+            ->status_is(403);
 
         # All ok
         $t->get_ok(