GET /checkouts?borrowernumber={borrowernumber}
GET /checkouts/{checkout_id}
PUT /checkouts/{checkout_id}
+ unit tests in t/db_dependent/api/v1/checkouts.t
Test plan:
1. Open a browser tab on Koha staff and log in (to create CGISESSID
cookie). You should have permission circulate_remaining_permissions.
2. Go to http://yourlibrary/api/v1/checkouts?borrowernumber=XXX (replace
XXX with a borrowernumber that has checkouts) and check you receive
correct data
3. Go to http://yourlibrary/api/v1/checkouts/YYY (replace YYY with an
existing checkout id) and check you receive correct data
4. Send PUT requests to http://yourlibrary/api/v1/checkouts/YYY until
the maximum number of renewals is reached (you should have a 403
error)
5. Run unit tests in t/db_dependent/api/v1/checkouts.t
Depends on bugs 16699 and 14868
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Lari Taskula <larit@student.uef.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
prove t/db_dependent/api/v1/acquisitions_funds.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a new route to the REST api:
/api/v1/acquisitions/funds/
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch changes expiration_date for end_date as voted when the RFC
was approved.
It also adds a test for the Location header being added correctly when
suspending a hold (SWAGGER3.4.1)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
prove t/db_dependent/api/v1/holds.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes the holds endpoint tests pass and expect data structures that match the voted RFC.
As we voted to introduce a /public namespace for unprivileged access to
endpoints, this endpoint gets the ability for owners and guarantors to
manipulate holds through the API.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test that requested partners are returned in API response when requested
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the "Columns settings" values for the illrequests table
Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: Add ability to show / hide columns
This patch adds the "Column visibility" functionality to the main ILL
request list table.
To test:
- Ensure ILL is enabled and you have some requests
- Apply patch
- From the "Koha administration screen, select "Configure columns"
- In the "Columns settings" page:
=> TEST: Ensure an "Interlibrary loans" category exists
- Upon expanding the category:
=> TEST: Ensure a table is displayed showing columns
=> TEST: Ensure the "action" column has "Cannot be toggled"
pre-selected
=> TEST: Change values for columns and ensure they're saved
- From the main staff menu, select "ILL requests"
- In the table:
=> TEST: Click the "Column visibility" button and ensure a modal
containing all columns (except "Action") is displayed
=> TEST: Select various columns and ensure they are shown and hidden
Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: (follow-up) Add user ID to column list
As originally specified in bug 20883, there is a requirement for some
users to be able to display the user ID (borrowernumber) in the UI.
This patch adds that ability to this bug, 20883 will be marked as a
duplicate of this one.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: (follow-up) Amendments for rebase
Modify to add the additional changes required now we're rebasing on top
of the dependency tree. Includes adding additional columns (and changing
indexes for search/filter where appropriate)
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: (follow-up) Add comments to column list
Since this bug is now dependent on Bug 18591 (Allow an arbitrary number
of comments on ILLs) we need to add the comments column to this table
and the list of selectable columns. This patch does this.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 21063: (follow-up) Sanitize datatable data
This mitigates bug 22268 by sanitizing data prior to display using the
built in $.fn.dataTable.render.text() helper provided by Datatables.
The patch was added here, rather that in 22268 since this is the bug
that introduced the problem by increasing the number of fields that are
displayed in the table, some of which could contain user provided
malicious data
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes the possibility to access the patron object
identified by patron_id by the patron itself, or a guarantor.
It does so by removing the permissions from the spec. The tests are
adjusted to remove that use case.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Some silly variable name typos in the tests
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The unit tests now need to be aware of the calculated placed_formatted
and updated_formatted properties in the API response object
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
With the introduction of the /public namespace all other endpoints, the
rest of the endpoints are restricted to privileged users.
This patch makes the GET /libraries and GET /libraries/:library_id
endpoints require 'catalogue' permissions.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes the original implementation match what is specified on
the RFC [1].
The controller is updated, and so the tests.
To test:
- Apply this patches:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/libraries.t
=> SUCCESS: Tests pass!
[1] https://wiki.koha-community.org/wiki/Libraries_endpoint_RFC
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
CRUD for libraries via REST API.
GET /api/v1/libraries - List all libraries
GET /api/v1/libraries/{branchcode} - Get one Library
POST /api/v1/libraries - Add new Library
DELETE /api/v1/libraries/{branchcode} - Delete Library
Test plan:
- apply patch
- run tests: t/db_dependent/api/v1/libraries.t
- test API with some API tool or simple curl
e.g.:
curl http://host:port/api/v1/libraries
curl http://host:port/api/v1/libraries/cpl
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes the possibility to access the city objects without
privileged access (minimum permissions == catalogue).
It does so by adding the required permissions to the spec. The tests are
adjusted.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/cities.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Mojolicious has built in handling for encoding/decoding of of basic auth
paramenters. We should use it to simplify our test here.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
As voted when the RFC was discussed, the attribute gets renamed. The
tests are adjusted accordingly.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_password.t
=> SUCCESS: Tests pass!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a check in Koha::REST::V1::Auth::under to catch all
routes that begin with 'public' (inside /api/v1). If they match, and the
RESTPublicAPI syspref is off, then an exception is thrown, rendering a
403 error to the consumer.
Otherwise the routes are processed as usual. This is THE on/off switch
for the public REST API. The target use case: people not wanting an OPAC
or public interaction with the API besides privileged users.
In order to test, the rest of the patches are needed because the only
way to test a route is having it in the spec.
To test:
- Apply the patches
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/auth.t
=> SUCCESS: tests pass!
- Sign off :-D
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch introduces an endpoint for changing a patron's password. It
targets privileged user with the right permissions, changing some
patron's password.
To test:
- Apply this patchset
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_password.t
=> SUCCESS: tests pass!
- Play with the different use cases highlighted by the tests, on your
favourite REST testing tool (Postman, RESTer on FF, etc).
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The authenticate_api_request() behaviour needs more tests. This patch
adds tests for the stashed Koha::Patron object. It highlights the bug in
the OAuth authentication case.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t
=> FAIL: Tests fail in the OAuth case, pass in the cookie-based auth
case.
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The illrequest api response should always be augmented with an id_prefix
field which is not part of the core illrequest object
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
t/db_dependent/api/v1/illrequests.t .. Un-mocked method 'status_graph()'
called at /home/vagrant/kohaclone/Koha/Illrequest.pm line 439.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
- Remove unit tests relating to TO_JSON
- Add tests for new explicit embedding
- Modify tests relating to now deprecated brw_cat
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes the tests for 'authorized' session use the
'stockrotation' permission instead of 'superlibrarian'.
The path x-koha-permission is fixed accordingly.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The stock rotation feature adds a batch process to automate rotation of
catalgue items with a staff client page under tools to manage rotas/schedules.
Once a rota is configured, and your staff user has the right permissions
to allocate items, then an additional tab will appear on biblio records
allowing the management of of which rota, if any, individual items belong to.
It also includes a cron script to process the items on a daily basis.
Signed-off-by: Kathleen Milne <kathleen.milne@cne-siar.gov.uk>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: I removed a temporary file
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the /patrons/{patron_id}/account/credits endpoint, that
can be used to add credits to a patron's account. It is implemented so
the new credits are used to pay existing debts.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_accounts.t
=> SUCCESS: Tests pass!
- Make your favourite REST testing tool (RESTer on Firefox?) do:
POST /api/v1/patrons/{patron_id}/account/credits
{
"amount": 100
}
- Play with other possible attributes on the credit object.
- Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Basically the idea is:
1. Undefined subroutine &C4::Items::ModZebra called at /home/vagrant/kohaclone/C4/Items.pm line 302.
=> Then use C4::Items before C4::Biblio
2. Undefined subroutine &C4::Circulation::GetItem called at /home/vagrant/kohaclone/C4/Circulation.pm line 1290
=> Then use C4::Circulation before C4::Items
And sometimes these 2 rules do not work...
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch splits the balance to match this object schema:
{
balance => #,
outstanding_credits => {
total => #,
lines => [ credit_line_1, ..., credit_line_n ]
},
outstanding_debits => {
total => #,
lines => [ debit_line_1, ..., debit_line_m ]
}
}
This change is made to ease usage from the UI. Also because the
outstanding credits need to be applied to outstanding debits in order to
the balance value to make sense. So we still need to have each total.
Tests are added for this change, and the schema files are adjusted as
well.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_accounts.t
=> SUCCESS: Tests pass!
- Sign off :-D
staff_id is changed into user_id as voted on the dev meeting the RFC got
approved.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds tests for the /patrons/{patron_id}/account endpoint.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons_accounts.t
=> FAIL: Tests should fail because the endpoint is not implemented.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The new Koha::Patron-based implementation encapsulates some error
conditions that raised warnings and the tests expected that warning.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
While we get packaging sorted, Net::OAuth2::AuthorizationServer is not a
hard dependency for Koha and the feature requiring it is disabled by
default.
This patch:
- Makes the dependency optional
- Makes the unit tests for the OAuth2 client credentials flow skip if
the dependency is not met.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch tests the situation in which Net::OAuth2::AuthorizationServer
is missing. It mocks Module::Load::Conditional::can_load and expects the
/token endpoint answers 'Unimplemented grant type' to all requests, and
the 'authenticate_api_request' in 'under' exit with unauthorized (403)
to requests in which the Authorization header is passed containing a
Bearer token, but OAuth2 is not really available.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because our REST endpoints don't support this
behaviour.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds tests to verify that disabling the RESTOAuth2ClientCredentials syspref
makes any request on the /api/v1/oauth/token using the
'client_credentials' grant fail with 'grant not implemented'.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because the change is not implemented!
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s)
classes. It adds tests for expired tokens too.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests should fail without the rest of the patches.
Sponsored-by: ByWater Solutions
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
