Bug 26181 introduced a way to override behavior through a new header,
x-koha-override. And bug 27760 introduced a generic approach to handle
x-koha-override.
This patchset makes the POST /api/v1/holds route rely on this new way of
handling x-koha-override instead of doing it manually.
The header is added to the spec as a parameter.
Note: the header should be defined as:
"type": "array",
"collectionFormat": "csv",
"items": {
"type": "string",
"enum": [
"any"
]
}
but the versions of JSON::Validator we use have lots of bugs related to
header type coercion, so it just doesn't work. The changelog for
JSON::Validator is fairly elocuent about it.
The override now takes a list of valid keywords (right now only 'any'
but it would be fairly straight-forward to add a fairly granular set of
options based on each possible AddReserve failure.
To test:
1. Apply this patches
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/holds.t
=> SUCCESS: Tests pass!
4. Sign off!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the mentioned route. It does so by:
- Adding the new path in paths.json
- Adding the full route spec in biblios.json
- Adds a controller method that takes care of the task
To test:
1. Apply this patches
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/biblios.t
=> SUCCESS: Tests pass!
3. Play with your favourite REST tool. Pay special care to
the AllowHoldPolicyOverride syspref and the expected behaviors.
=> SUCCESS: All works as expected
4. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the described route. It is designed to use the
underlying libraries' methods to update an existing attribute.
The tests cover the use cases.
Note: I added handling for two exceptions that can only occur on bad
data (i.e. not by using our codebase). This are:
- Koha::Exceptions::Patron::Attribute::InvalidType
- Koha::Exceptions::Patron::Attribute::NonRepeatable
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_extended_attributes.t
=> SUCCESS: Tests pass!
3. PLay with the route
=> SUCCESS: Expected behavior!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The previous patch introduces some behavioural changes to the API, as
well as the data types that need to be passed; all happens in the tests.
This patch adapts the route so it complies with those changes:
- JSON object containing pickup_library_id attribute is now passed back
and forth.
- The controller should take care of checking the pickup location is
valid, using the available tools.
To test:
1. Apply the patches, up to the tests
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/holds.t
=> ERROR: Tests fail because the controller doesn't implement the
desired behavior
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a route to overwrite the current pickup location.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add /api/v1/patrons/{patron_id}/holds route and holds object description
to the OpenAPI specification.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the 'Cashier' field as discussed on the bug report.
Test plan
1/ Apply patch and reload the register page to refresh the table
2/ Note that a 'Cashier' field now appears in the table
3/ Sorting and searching on 'Cashier' should work as expected
4/ Default sorting should remain as 'Date' order.
5/ Signoff
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Bug 26273: (QA follow-up) Check for null firstname
This patch adds a test for firstname being defined before constructing
fullname from it.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch just adds:
- The optional 'extended_attribute' attribute to the patron object
OpenAPI definition. It consists of an array of extended_attribute
objects.
- Add the x-koha-embed: [ 'extended_attributes' ] definition on the GET
routes for patrons, allowing immedite availability of the
'extended_attributes' embedding feature.
To test:
1. Apply this patchset
2. Restart Plack
3. Have some known patron_id/borrowernumber that has some extended
attributes ('Patron attributes' on the UI).
4. Enable Basic authentication
5. Assuming the known patron_id is 1, point your favourite REST tool to http://kohadev-intra.myDNSname.org:8081/api/v1/patrons/1
e.g.: if your user/pass is koha/koha
curl --location --request GET 'http://kohadev-intra.myDNSname.org:8081/api/v1/patrons/1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic a29oYTprb2hh'
=> SUCCESS: You get the patron object correctly, no extended_attributes
6. Repeat 5, adding the x-koha-embed header like this:
curl --location --request GET 'http://kohadev-intra.myDNSname.org:8081/api/v1/patrons/1' \
--header 'Content-Type: application/json' \
--header 'x-koha-embed: extended_attributes' \
--header 'Authorization: Basic a29oYTprb2hh'
=> SUCCESS: You get the patron, with the extended attributes inside!
7. Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch creates a Koha::Cash::Register::Cashup(s) class pair which
subclass Koha::Cash::Register::Action(s) and moves the cashup specific
code into these new classes to improve code separation.
We then introduce API routes based on these classes to allow fetching
a list of cashups associated to a cash register and a full cashup with
emeddable summary for individual cashups.
Test plan
1/ Run the updated unit tests.
t/db_dependent/Koha/Cash/Register/Action.t
t/db_dependent/Koha/Cash/Register/Cashup.t
2/ Run the incuded api tests.
t/db_dependent/api/v1/cashups.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch disables AllowHoldPolicyOverride by default in /holds. It
also adds a header that can be used to request the override explicitly.
Tests are added for this behaviour
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/holds.t
=> FAIL: Tests fail because the behaviour is not implemented
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch replace the QOTD editor with our new way to CRUD the
adminitration page (like libraries and STMP servers)
Test plan:
Play with the QOTD by adding, removing, updating quotes
Try to find bugs :)
Bug 27251: Fix capitalization
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a route to fetch the items for a biblio. It relies
entirely on already existing methods.
To test:
1. Use your favourite REST tool
2. Play with the new route.
=> SUCCESS: It works as expected!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds options to embed more related objects based on the needs
by parcel.tt.
For filtering by biblioitems fields (ISBN and EAN) I had to make the
'list' method a modified version of the objects->search helper. I
thought of doing it in a more generic way but I didn't find any other
use cases and it would certainly make an already complex piece of code
even more complex.
So this is quite similar, but at some steps the biblio.<biblioitem
field> gets translated into the proper relation names, and the same
happens for prefetching.
A new parameter is also added: only_active. It makes the controller use
Koha::Acquisition::Orders->filter_by_active, avoiding the need to build
complex queries in the UI.
The same handling is done when the order_id parameter is passed (outside
the q= parameters). In this case using Koha::Acquisition::Orders->filter_by_id_including_transfers
This is all respecting the C4::Acquisitions::SearchOrders behaviour.
TL;DR:
This patch adapts the code from the list() sub so it manipulates the
query parameters and the embed header so:
- the biblioitem relationship is prefetch
- any queries on biblio.isbn and biblio.ean are correctly translated into search on the
biblioitems table.
- Adds an only_active parameter to the /acquisitions/orders route to
easily request only the active orders.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The GET /pickup_locations route is requesting the whole reserveforothers
permission whereas only the subpermission place_holds is needed.
Test plan:
0. Don't apply this patch
1. Set the subpermission place_holds but modify_holds_priority
2. Edit a hold and click the pickup library dropdown list
3. You get a JS alert and log displays
GET /api/v1/app.pl/api/v1/holds/5/pickup_locations
403 Forbidden
4. Apply this patch
5. Reload the page, click the dropdown list, modify the pickup location
and save
=> Success!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1 - Place a number of holds on a record
2 - Have different pickup locations for the holds
3 - Have some libraries that are not pickup locations
4 - Load the holds tab for the record and note libraries not pickup locations are not in dropdowns
5 - Apply patch and restart all things
6 - Reload the holds table
7 - Click on a dropdown, note the spinner, should load successfully
8 - Confirm the dropdown matches the options before the patch
9 - Confirm updating the hold location works
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds support for unseen renewals.
Here we retrofit knowledge of unseen renewals and add the display of unseen
renewal counts and warnings, in addition to adding the ability to
specify a renewal as being "unseen".
The functionality added here is goverened by the UnseenRenewals syspref.
Signed-off-by: Sally Healey <sally.Healey@cheshirewestandchester.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch place profile buttons in the bottom of the page, next to "Stage for import"
It removes the "Update profile" button, and changes "Add profile" to "Save profile". Save profile can be used to add and to update a profile.
It also adds feedback when a profile was saved or deleted.
Last, it also replaces input-batch-profile endpoint name for input_batch_profile, which is more aligned with other endpoint names.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the logic and the needed UI elements to be able to pre-load an import profile. It also displays which profile was used to stage an import in staged import manager.
To test:
1. Apply all patches
2. Updatedatabase
3. Go to Stage MARC records for Import tool in admin, and upload a file with MARC records.
CHECK => after uploading, there is a fieldset with the legend “Profile settings”
=> inside the fieldset there is a select labeled “Pre fill values with profile”. The only value it has is “Do not use profile”.
4. Change some settings, and set “profile 1” as profile name and click on “Add profile”
SUCCESS => The select now has the new profile selected
5. Change profile select to “Do not use profile”
SUCCESS => Default values are now displayed in the form
6. Reload the page and upload the file again
SUCCESS => the select still has the profile recently added
7. Select the profile, change some parameter in the form and set the profile name to “profile 2”, and click add profile
SUCCESS => there are two profiles now, and if you toggle between them, the parameter changes
8. Select profile 1, change one parameter and click on update profile
SUCCESS => if you toggle that profile with the other, the new parameter of the value is shown when you select profile 1
9. Select profile 2, change some parameter and click Add profile (leaving the name as profile 2)
SUCCESS => the page complains there is another profile with the same name, and asks if you want to replace it.
10. Click on accept
SUCCESS => profile 2 now has the new value in the parameter
11. Select profile 2 and change the name to profile 1
SUCCESS => the page complains there is another profile with that name, and asks if you want to replace it
12. Click on accept
SUCCESS => in profile select there is only one profile called profile 1 that has the values of profile 2
13. Select profile 1 and click remove profile
SUCCESS => there is no profile in profile select.
14. Create a profile and click on “Stage for import”
15. Go to Staged MARC management page
SUCCESS => Improt should have the name of the profile in profile column, and when you click on the file name, there should be the name of the profile in the details.
16. prove t/db_dependent/ImportBatch.t t/db_dependent/api/v1/import_batch_profiles.t
17. Sign off
Signed-off-by: Abbey Holt <aholt@dubuque.lib.ia.us>
Signed-off-by: Abbey Holt <aholt@dubuque.lib.ia.us>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch simply adds the option to embed the return value from
Koha::Library->smtp_server_info on the libraries GET actions.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch introduces API routes for handling SMTP servers.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch implements necesary code to implement non priority feature
To test:
1) Apply all patches.
2) Run updatedatabase.
3) Checkout a specific item for patron1.
4) Place a hold on the same item for patron2 (do not check non priority
hold checkbox).
5) Try to renew the item for patron1.
CHECK => in checkouts table, there is a message that the item could not
be renewed because there was a hold.
6) Cleanup all checkouts and holds.
7) repeat steps 3 to 5, but this time check the non priority checkbox.
SUCCESS => item was renewed
8) prove t/db_dependent/Holds.t
Signed-off-by: Lisette Scheer <lisettes@latahlibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a checkbox to make holds created by club hold to default to patron's home branch if possible.
To test:
1. Apply this patch
2. Create a club, and add two patrons (from now on called patron A and patron B) to it, each one form a different library..
3. Create a hold for the club, and in the details set pickup location different from any of the patrons.
4. Check "Pickup at patron's home library when possible" checkbox
SUCCESS => when submitted, pickup location of holds defaults to patron's home branch
5. Modify patron A's library and set pickup location to no.
6. Repeat steps 3 and 4.
SUCCESS => when submitted, patron A's hold now points to pickup location setted on step 3, and patron B's hold still points to his home branch.
7. Sign off
Sponsored-by: Southeast Kansas Library - SEKLS
Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The illrequests path was missing the `comments` and `status_alias`
embedable relations in the path specification.
Test plan:
1/ Ensure you have the latest Mojolicious + OpenAPI modules installed.
2/ Navigate to the ill requests page and note that the table is empty.
3/ Note that under the networking tab in your browsers developer tools
that the api call fails with a 400 error.
4/ Apply the patch
5/ Refresh the page
6/ The table should now load and the api route should return a proper
200 response.
7/ Signoff
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Applied the patch to a production server that was having the 400
error on the main ILL page, and the error was gone.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The original development started before the changes we introduced in the guidelines in late 2019, and the major code changes that took place in January 2020.
- Attribute mapping logic is now on the Koha::Object-level (the patches implement that, but are not using it)
- Related to the above, some helper methods like to_api and to_model are kept, the same for the mappings in the controller, they should all go away
- Related to the above, set_from_api and new_from_api should be used instead of using helper to_api and to_model methods in the controller
- $c->objects->search doesn't use the to_model and to_api params
- Response status codes need to be changed, at least for DELETE operations
Those are fixed by this patch.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/advanced_editor_macros.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The current permissions are defined as a hash, with a duplicate key.
This is generally invalid, but Debian 9's Mojolicious::Plugin::OpenAPI
lets it go through, even though the results are, random?
This patch sets the required permissions right, and following the
haspermissions() syntax correctly.
Tests for searching macros are not passing. Still trying to figure.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes the route support requesting (through the Accept
header) the MARC record to be output as formatted text as in
$record->as_formatted.
To test:
1. Apply the unit tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/biblios.t
=> FAIL: Tests fail
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Try the route with your favourite API testing tool (Postman?)
=> SUCCESS: Accept: text/plain returns the expected results
=> SUCCESS: Wrong Accept header returns a list of valid formats, and
includes 'text/plain'.
6. Sign off :-D
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adapts the spec and the controllers so existing routes return
204 and an empty response body when a successful deletion happens.
Right now we have a coding guideline but haven't adapted the existing
routes.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/*.t
=> FAIL: Some tests fail
3. Apply this patch
4. Repeat 2.
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch fixes the wrong query parameter that slipped on rewriting the
patches for the voted RFC.
To test:
1. Apply the tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/acquisitions_orders.t
=> FAIL: Tests fail because fund_id is not a valid query parameter
3. Apply this patch
4. Repeat (2)
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This necessitates moving the circ rules from using '*' to using
undef/NULL.
Signed-off-by: Minna Kivinen <minna.kivinen@hamk.fi>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch introduces the OpenAPI definitions required for the orders
endpoint. It matches the voted RFC.
Sponsored-by: Camden County
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch fixes the required permissions defined on the spec for the
mentioned endpoint.
To test:
1. Apply the tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/biblios.t
=> FAIL: Tests fail due to badly defined permissions
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Notice parameters: edit_catelogue didn't exist
5. Sign off :-D
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
According to the coding guidelines, this endpoint should be adding the
Location header on POST actions.
To test:
1. Apply the tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/cities.t
=> FAIL: Tests fail!
3. Apply this patch
4. Repeat (1)
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch organizes the tests better, and adds some more.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Lisette Scheer <lisetteslatah@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adjusts the return values and HTTP status codes, as well as
removing the use of C4::Context->userenv. It also makes the date
calculation happen on the DB engine in the case of resolving the claim.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Lisette Scheer <lisetteslatah@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch avoids querying the DB for an already existing
Koha::Checkouts::ReturnClaim with the same issue_id, now that there's a
UNIQUE constraint on it.
Also, 409 should be returned instead. Tests added for this changes.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/return_claims.t
=> SUCCESS: tests pass!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Lisette Scheer <lisetteslatah@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the /return_claims route to add new return claims, and
then routes to updates notes and the resolution code.
To test:
1. Apply this patches
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/return_claims.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Lisette Scheer <lisetteslatah@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch implements parameter 'checked_in' on checkouts endpoint to
enable getting circulation history.
Test plan:
1) Apply the patch and restart plack
2) Use your favorite REST API tester and play with /checkouts endpoint:
- use it without checked_in parameter
- use checked_in=1 for getting returned checkouts
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds an endpoint in thi api in /api/v1/clubs/{club_id}/holds whith the verb POST that maps to Koha::REST::V1::Clubs::Holds#add controller.
Classes for club_holds and club_holds_to_patron_holds new tables where also added.
To test:
1) Reach SUCCESS.3 test point of previous patch with club that has no enrollments
2) Click on "Place Hold"
SUCCESS => an alert should appear that you cannot place hold on a club without patrons
3) Reach SUCCESS.3 test point of previous patch with club that has enrollments
4) Click on "Place Hold"
SUCCESS => holds priority list should appear with holds for every patron in club
5) Repeat steps 3 and 4.
SUCCESS => new holds should appear in different order
6) Sign off
Sponsored-by: Southeast Kansas Library - SEKLS
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the OpenAPI spec for the endpoint, and tests for the
desired behaviour.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
GET /api/v1/items/{item_id} Gets one Item
This patch adds route to get one item from koha.items table.
To test:
1. Apply patch
2. Open a browser tab on Koha staff and log in (to create CGISESSID
cookie).
3. Send GET request to http://yourlibrary/api/v1/items/YYY
where YYY is an existing itemnumber.
4. Make sure the returned data is correct.
5. Run unit tests in t/db_dependent/api/v1/items.t
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
1) Have some patrons with checkouts, some renewable and some not
renewable
2) Use your favorite API tester and access GET
http://koha.url/api/v1/checkouts/{checkout_id}/allows_renewal
3) Check the response is OK according to voted RFC:
https://wiki.koha-community.org/wiki/Checkouts_endpoint_RFC#Checkout_renewability_2
4) prove t/db_dependent/api/v1/checkouts.t
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
prove t/db_dependent/api/v1/checkouts.t
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Allow to use _page and _per_page query parameters for
/api/v1/checkouts
Also fix a timezone problem in t/db_dependent/api/v1/checkouts.t
Test plan:
1. With your favorite REST tester tool, or directly in the browser,
fetch http://koha/api/v1/checkouts and check that you have results
2. Fetch /api/v1/checkouts?_per_page=1&_page=1 and check that only the
first result is returned. Check that response contains headers
X-Total-Count and Link
3. Fetch /api/v1/checkouts?_per_page=1&_page=2 and check that only the
second result is returned. Check that response contains headers
X-Total-Count and Link
4. prove t/db_dependent/api/v1/checkouts.t
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
DELETE response code must be 204, not 200 according to our API coding
guidelines
Test plan:
prove t/db_dependent/api/v1/biblios.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
prove t/db_dependent/api/v1/chcekouts.t
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Instead of PUT on /checkout/{checkout_id} endpoint, you should now call
POST on /checkouts/{checkout_id}/renewal
Test plan:
prove t/db_dependent/api/v1/checkouts.t
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
GET /checkouts?borrowernumber={borrowernumber}
GET /checkouts/{checkout_id}
PUT /checkouts/{checkout_id}
+ unit tests in t/db_dependent/api/v1/checkouts.t
Test plan:
1. Open a browser tab on Koha staff and log in (to create CGISESSID
cookie). You should have permission circulate_remaining_permissions.
2. Go to http://yourlibrary/api/v1/checkouts?borrowernumber=XXX (replace
XXX with a borrowernumber that has checkouts) and check you receive
correct data
3. Go to http://yourlibrary/api/v1/checkouts/YYY (replace YYY with an
existing checkout id) and check you receive correct data
4. Send PUT requests to http://yourlibrary/api/v1/checkouts/YYY until
the maximum number of renewals is reached (you should have a 403
error)
5. Run unit tests in t/db_dependent/api/v1/checkouts.t
Depends on bugs 16699 and 14868
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Lari Taskula <larit@student.uef.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Also, perform an exact search when searching on the fund owner id.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a new route to the REST api:
/api/v1/acquisitions/funds/
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch changes expiration_date for end_date as voted when the RFC
was approved.
It also adds a test for the Location header being added correctly when
suspending a hold (SWAGGER3.4.1)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes the spec match the voted RFC.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the display of requested partner email addresses when an
ILL backend provides the ability to send requests to partners. Partner
email addresses are displayed in the illlist and illview displays, they
are also included in the 'illrequests' API response.
* api/v1/swagger/paths/illrequests.json:
- Add 'requested_partners' as an 'embed' enum
* Koha/Illrequest.pm:
- Add 'requested_partners' accessor calling optional backend 'get_requested_partners' method.
- Store requested partners upon email send, calling optional backend 'set_requested_partners' method.
- Add 'requested_parners' embed to overloaded TO_JSON method.
* koha-tmpl/intranet-tmpl/prog/en/modules/ill/ill-requests.tt:
- Add 'requested_partners' embed to illrequests API call
- Add render function for "Additional status" datatables column
- Add display of requested partner email addresses to illlist table
- Add display of requested partner email addresses to illview display
To test:
1) Enable Interlibrary loans
2) Add a backend that supports sending requests to partners, e.g.
FreeForm
3) Set up at least one partner
4) Create an ILL request
5) Send request to partner(s)
6) Observe partner(s) email address(es) are displayed in "View ILL
requests" view
7) Observe partner(s) email address(es) are displayed in "Manage ILL
request" view
Signed-off-by: mmg@interleaf.iehttps://bugs.koha-community.org/show_bug.cgi?id=20653
Bug 20563: (follow-up) Fix requested partners
As per:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20563#c10
Thanks for the suggestion on merging the "Status" and "Additional status" columns, looks much better!
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the "Columns settings" values for the illrequests table
Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: Add ability to show / hide columns
This patch adds the "Column visibility" functionality to the main ILL
request list table.
To test:
- Ensure ILL is enabled and you have some requests
- Apply patch
- From the "Koha administration screen, select "Configure columns"
- In the "Columns settings" page:
=> TEST: Ensure an "Interlibrary loans" category exists
- Upon expanding the category:
=> TEST: Ensure a table is displayed showing columns
=> TEST: Ensure the "action" column has "Cannot be toggled"
pre-selected
=> TEST: Change values for columns and ensure they're saved
- From the main staff menu, select "ILL requests"
- In the table:
=> TEST: Click the "Column visibility" button and ensure a modal
containing all columns (except "Action") is displayed
=> TEST: Select various columns and ensure they are shown and hidden
Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: (follow-up) Add user ID to column list
As originally specified in bug 20883, there is a requirement for some
users to be able to display the user ID (borrowernumber) in the UI.
This patch adds that ability to this bug, 20883 will be marked as a
duplicate of this one.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: (follow-up) Amendments for rebase
Modify to add the additional changes required now we're rebasing on top
of the dependency tree. Includes adding additional columns (and changing
indexes for search/filter where appropriate)
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: (follow-up) Add comments to column list
Since this bug is now dependent on Bug 18591 (Allow an arbitrary number
of comments on ILLs) we need to add the comments column to this table
and the list of selectable columns. This patch does this.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: (follow-up) Sanitize datatable data
This mitigates bug 22268 by sanitizing data prior to display using the
built in $.fn.dataTable.render.text() helper provided by Datatables.
The patch was added here, rather that in 22268 since this is the bug
that introduced the problem by increasing the number of fields that are
displayed in the table, some of which could contain user provided
malicious data
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes the possibility to access the patron object
identified by patron_id by the patron itself, or a guarantor.
It does so by removing the permissions from the spec. The tests are
adjusted to remove that use case.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We now return placed_formatted and updated_formatted, the API spec
should reflect this
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
With the introduction of the /public namespace all other endpoints, the
rest of the endpoints are restricted to privileged users.
This patch makes the GET /libraries and GET /libraries/:library_id
endpoints require 'catalogue' permissions.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes the original implementation match what is specified on
the RFC [1].
The controller is updated, and so the tests.
To test:
- Apply this patches:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/libraries.t
=> SUCCESS: Tests pass!
[1] https://wiki.koha-community.org/wiki/Libraries_endpoint_RFC
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
CRUD for libraries via REST API.
GET /api/v1/libraries - List all libraries
GET /api/v1/libraries/{branchcode} - Get one Library
POST /api/v1/libraries - Add new Library
DELETE /api/v1/libraries/{branchcode} - Delete Library
Test plan:
- apply patch
- run tests: t/db_dependent/api/v1/libraries.t
- test API with some API tool or simple curl
e.g.:
curl http://host:port/api/v1/libraries
curl http://host:port/api/v1/libraries/cpl
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes the possibility to access the city objects without
privileged access (minimum permissions == catalogue).
It does so by adding the required permissions to the spec. The tests are
adjusted.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/cities.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
As voted when the RFC was discussed, the attribute gets renamed. The
tests are adjusted accordingly.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_password.t
=> SUCCESS: Tests pass!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
So far the administration module only allowed for 2 permissions:
- circulation conditions (manage_circ_rules)
- everything else (parameters_remaining_permissions)
With this patch almost every section of the administration page
will have its own granular permission.
To test:
- Create different staff users:
1) One with parameters_remaining_permissions
2) One with parameters
3) One with catalogue and no parameters
4) One superlibrarian
- Apply the patch
- Run the database update
- Check the staff users:
1) All subpermissions, but manage_circ_rules
should be checked
2) Nothing should have changed
3) manage_item_serach_fields shoudl be checked
(page had catalogue permission before)
4) Nothing should have changed
- Try different settings of the permissions and
verify that
- Administration page behaves correctly
- Administration menu behaves correctly
! You shoudl only see what you have permission for
https://bugs.koha-community.org/show_bug.cgi?id=14391
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the tests for 'authorized' session use the
'stockrotation' permission instead of 'superlibrarian'.
The path x-koha-permission is fixed accordingly.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The stock rotation feature adds a batch process to automate rotation of
catalgue items with a staff client page under tools to manage rotas/schedules.
Once a rota is configured, and your staff user has the right permissions
to allocate items, then an additional tab will appear on biblio records
allowing the management of of which rota, if any, individual items belong to.
It also includes a cron script to process the items on a daily basis.
Signed-off-by: Kathleen Milne <kathleen.milne@cne-siar.gov.uk>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: I removed a temporary file
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the OpenAPI spec for the following paths:
- /patrons/{patron_id}/account
It also adds object definitions for:
- balance
- account line
Account line is to be used on both /account/lines (when implemented)
and for embeding the outstanding lines in the balance endpoint
(/patrons/{patron_id}/account).
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
It implements only the "client credentials" flow with no scopes
support. API clients are tied to an existing patron and have the same
permissions as the patron they are tied to.
API Clients are defined in $KOHA_CONF.
Test plan:
0. Install Net::OAuth2::AuthorizationServer 0.16
1. In $KOHA_CONF, add an <api_client> element under <config>:
<api_client>
<client_id>$CLIENT_ID</client_id>
<client_secret>$CLIENT_SECRET</client_secret>
<patron_id>X</patron_id> <!-- X is an existing borrowernumber -->
</api_client>
2. Apply patch, run updatedatabase.pl and reload starman
3. Install Firefox extension RESTer [1]
4. In RESTer, go to "Authorization" tab and create a new OAuth2
configuration:
- OAuth flow: Client credentials
- Access Token Request Method: POST
- Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token
- Access Token Request Client Authentication: Credentials in request
body
- Client ID: $CLIENT_ID
- Client Secret: $CLIENT_SECRET
5. Click on the newly created configuration to generate a new token
(which will be valid only for an hour)
6. In RESTer, set HTTP method to GET and url to
http://$KOHA_URL/api/v1/patrons then click on SEND
If patron X has permission 'borrowers', it should return 200 OK
with the list of patrons
Otherwise it should return 403 with the list of required permissions
(Please test both cases)
7. Wait an hour (or run the following SQL query:
UPDATE oauth_access_tokens SET expires = 0) and repeat step 6.
You should have a 403 Forbidden status, and the token must have been
removed from the database.
8. Create a bunch of tokens using RESTer, make some of them expires
using the previous SQL query, and run the following command:
misc/cronjobs/cleanup_database.pl --oauth-tokens
Verify that expired tokens were removed, and that the others are
still there
9. prove t/db_dependent/api/v1/oauth.t
[1] https://addons.mozilla.org/en-US/firefox/addon/rester/
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch introduces two functions to the patrons endpoint:
- _to_api
- _to_model
This are in charge of field mappings in order to comply with the
guidelines.
Koha::REST::V1:Auth is adjusted to handle 'patron_id' as well. 'borrowernumber'
handling is kept until the existing endpoints get updated.
To test:
- Apply the patches
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/*.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the $ref occurences for borrowernumber in not
patron-specific endpoints. 'borrowernumber' is still used on them, but as a
hardcoded parameter. The param rename will happen on a separate bug for
each endpoint.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch refactors the original work so it implements the controllers
and the spec using Mojolicious::Plugin::OpenAPI, and OpenAPI for the specification.
It removes the ability for patrons without permissions to edit their own data or their
guarantee's. This will be moved to a patron modification requests endpoint for simplicity.
It makes use of bugs 19410 and 19686 and their dependencies to deal with parameters handling,
query building and pagination.
Tests are adapted.
To test:
- Apply this patches and the dependencies
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off :-D
Sponsored-by: ByWater Solutions
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds support for add, edit and delete patrons via REST API.
GET /api/v1/patrons Get patron list from params
GET /api/v1/patrons/<borrowernumber> Get single patron
POST /api/v1/patrons Create a new patron
PUT /api/v1/patrons/<borrowernumber> Update data about patron
DEL /api/v1/patrons/<borrowernumber> Delete a patron
Revised Test plan:
1) Apply this patch
2) Run tests perl t/db_dependent/api/v1/patrons.t
3) Add a user with proper rights to use the REST API
4) play with your favourite REST client (curl/httpie, etc.):
Authenticate with the user created above and get a CGISESSION id.
Use the CGISESSION to add, edit and delete patrons via the API.
5) Use PUT /patrons/<borrowernumber> for a patron without borrowers
flag. This should go into pending patron modification status and
needs to be accepted by a librarian.
Please note there is no validation of body input in PUT/POST other
than branchcode,category,userid,cardnumber.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch implements the changes required by the cities endpoint RFC
[1].
It uses the objects.search helper, and relies on bug 19686.
To test:
- Apply the patches
- Compare the spec with the RFC (api/v1/swagger/definitions/city.json)
=> SUCCESS: It makes sense
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/cities.t
=> Tests pass!
- Sign off :-D
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There is something wrond here, the userenv is no set and so we cannot
user search_limited.
Should we set the userenv or filter on the libraries using
libraries_where_can_see_patrons?
WAITING FOR FEEDBACK HERE.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1/ Use your usual "REST testing" tool to place a title-level hold with
an itemtype. The request should look like this:
POST /api/v1/holds
{
"borrowernumber": 1234,
"biblionumber": 456,
"branchcode": "CPL",
"itemtype": "A"
}
2/ Check that the hold was placed and the itemtype is correctly selected
3/ prove t/db_dependent/api/v1/holds.t
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch moves the current endpoint implementation from Swagger2 to
the OpenAPI plugin.
It also takes advantage of the overloaded Koha::Illrequest::TO_JSON method
which has now the option to embed what's needed for the REST api.
The path spec is adjusted to fit OpenAPI, and some minor fixes are
applied:
- Missing 'metadata' query param
- 'ill' permissions should be required instead of 'borrowers'
- Full test coverage
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/illrequests.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This Commit is at the heart of adding an interlibrary loans framework
for Koha. The framework does not prescribe a particular workflow.
Instead it provides a general framework that can be extended &
implemented by individual backends whose responsibility it is to
implement a specific workflow.
The module is largely self-sufficient: it adds new tables to the Koha
database and touches only a few files in the Koha source tree.
Primarily, we add our files to the Makefile and the koha-conf.xml,
define ill paths for the REST API, and introduce links from the main
intranet, opac pages & user permissions.
Outside of this we simply add new files & functionality.
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch introduces an /acquisitions/vendors endpoint.
To test:
- Apply the patch
- Run:
$ sudo koha-shell kohadev
k$ prove t/db_dependent/api/v1/acquisitions_vendors.t
=> SUCCESS: Tests pass
- Sign off :-D
Sponsored-by: ByWater Solutions
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
operationId has the following documentation:
"Unique string used to identify the operation. The id MUST be unique among all
operations described in the API."
This patch modifies operationIds to be unique accross our API operations.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Also
- adding some missing and new response definitions into Swagger spec.
- fixing failing tests due to Bug 17932's change of boolean values
To test:
1. prove t/db_dependent/api/v1/holds.t
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Also:
- adding some missing and new response definitions into Swagger spec.
To test:
1. prove t/db_dependent/api/v1/cities.t
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Also:
- adding some missing and new response definitions into Swagger spec.
- fixing failing test due to Bug 17932's change of boolean values
To test:
1. prove t/db_dependent/api/v1/patrons.t
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Routes for holds have tags called "borrowers". We should use "patrons" instead
in order not to have both (endpoints for patrons already add "patrons").
This patch changes the tags from borrowers to patrons in:
GET /holds
POST /holds
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This followup alters a few area's to be aligned more closely with
RESTfull best practices:
* PUT should always be full objects, and not partial updates (use PATCH
for partials)
* Validate query parameters instead of blindly passing them to the model
* Functional Change: Convert filter params from 'equality' to 'starts with'
matching
* Update tests to check for swagger validation errors instead of koha exceptions
* Mark 'id' as readOnly so swagger may prevent, via validation, id
changes.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds the swagger definitions for the /cities endpoint
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1. Run t/db_dependent/api/v1/holds.t
2. Run t/db_dependent/api/v1/patrons.t
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch separates Swagger-specifications and the minifySwagger.pl from other
api-files by moving specifications & minifier into api/v1/swagger.
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
My name is Olli-Antti Kivilahti and I approve this commit.
We have been using the Swagger2.0-driven REST API on Mojolicious for 1 year now
in production and I am certain we have a pretty good idea on how to work with
the limitations of Swagger2.0
We participated in the development of the Mojolicious::Plugin::Swagger and know
it well. We have made an extension to the plugin to provide full CORS support
and have been building all our in-house features on the new REST API.
Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com>
My name is Johanna Räisä and I approve this commit.
We have been using Swagger2.0-driven REST API in production successfully.
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>