Bug 30979: Limit public checkout endpoint using preference

The public api endpoint for self-checkout should only be enabled in the case where the OpacTrustedSelfCheckout option is enabled. Signed-off-by: Silvia Meakins <smeakins@eso.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-03-06 17:32:32 +00:00 · 2023-03-06 17:32:32 +00:00 · bc55051e49
commit bc55051e49
parent 9d97f4764d
2 changed files with 16 additions and 0 deletions
--- a/Koha/REST/V1/Checkouts.pm
+++ b/Koha/REST/V1/Checkouts.pm
@ -189,6 +189,18 @@ sub add {
    my $patron_id = $body->{patron_id};
    my $onsite    = $body->{onsite_checkout};

+    if ( $c->stash('is_public')
+        && !C4::Context->preference('OpacTrustedCheckout') )
+    {
+        return $c->render(
+            status  => 405,
+            openapi => {
+                error      => 'Feature disabled',
+                error_code => 'FEATURE_DISABLED'
+            }
+        );
+    }
+
    return try {
        my $item = Koha::Items->find($item_id);
        unless ($item) {
--- a/api/v1/swagger/paths/public_patrons.yaml
+++ b/api/v1/swagger/paths/public_patrons.yaml
@ -102,6 +102,10 @@
        description: Cannot create checkout
        schema:
          $ref: "../swagger.yaml#/definitions/error"
+      "405":
+        description: Method not allowed
+        schema:
+          $ref: "../swagger.yaml#/definitions/error"
      "409":
        description: Conflict in creating checkout
        schema: