Koha-community/Koha - Koha - Koha: The world's first free and open source library system

Author	SHA1	Message	Date
Tomás Cohen Arazi	8083bc2ff0	Bug 22216: Make GET /patrons/{patron_id} staff only This patch removes the possibility to access the patron object identified by patron_id by the patron itself, or a guarantor. It does so by removing the permissions from the spec. The tests are adjusted to remove that use case. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/patrons.t => SUCCESS: Tests pass! - Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>	4 years ago
Tomás Cohen Arazi	a7e46047cf	Bug 19784: Adapt /v1/patrons to new naming guidelines This patch introduces two functions to the patrons endpoint: - _to_api - _to_model This are in charge of field mappings in order to comply with the guidelines. Koha::REST::V1:Auth is adjusted to handle 'patron_id' as well. 'borrowernumber' handling is kept until the existing endpoints get updated. To test: - Apply the patches - Run: $ kshell k$ prove t/db_dependent/api/v1/*.t => SUCCESS: Tests pass! - Sign off :-D Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	5 years ago
Tomás Cohen Arazi	6c3a273af9	Bug 16330: (QA follow-up) Repect guidelines on plurals Patron > Patrons Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	5 years ago
Tomás Cohen Arazi	dd9b6c1651	Bug 16330: Move patches to OpenAPI This patch refactors the original work so it implements the controllers and the spec using Mojolicious::Plugin::OpenAPI, and OpenAPI for the specification. It removes the ability for patrons without permissions to edit their own data or their guarantee's. This will be moved to a patron modification requests endpoint for simplicity. It makes use of bugs 19410 and 19686 and their dependencies to deal with parameters handling, query building and pagination. Tests are adapted. To test: - Apply this patches and the dependencies - Run: $ kshell k$ prove t/db_dependent/api/v1/patrons.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	5 years ago
Benjamin Rokseth	7b8909cb90	Bug 16330: Add routes to add, update and delete patrons This patch adds support for add, edit and delete patrons via REST API. GET /api/v1/patrons Get patron list from params GET /api/v1/patrons/<borrowernumber> Get single patron POST /api/v1/patrons Create a new patron PUT /api/v1/patrons/<borrowernumber> Update data about patron DEL /api/v1/patrons/<borrowernumber> Delete a patron Revised Test plan: 1) Apply this patch 2) Run tests perl t/db_dependent/api/v1/patrons.t 3) Add a user with proper rights to use the REST API 4) play with your favourite REST client (curl/httpie, etc.): Authenticate with the user created above and get a CGISESSION id. Use the CGISESSION to add, edit and delete patrons via the API. 5) Use PUT /patrons/<borrowernumber> for a patron without borrowers flag. This should go into pending patron modification status and needs to be accepted by a librarian. Please note there is no validation of body input in PUT/POST other than branchcode,category,userid,cardnumber. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	7 years ago
Jonathan Druart	5c8365e4a7	Bug 18403: REST API - patrons endpoint There is something wrond here, the userenv is no set and so we cannot user search_limited. Should we set the userenv or filter on the libraries using libraries_where_can_see_patrons? WAITING FOR FEEDBACK HERE. Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	6 years ago
Lari Taskula	915963ba7f	Bug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible Also: - adding some missing and new response definitions into Swagger spec. - fixing failing test due to Bug 17932's change of boolean values To test: 1. prove t/db_dependent/api/v1/patrons.t Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	6 years ago
Lari Taskula	00a50a9400	Bug 14868: Use x-koha-authorization in current routes To test: 1. Run t/db_dependent/api/v1/holds.t 2. Run t/db_dependent/api/v1/patrons.t Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>	7 years ago
Lari Taskula	7b8c7b038f	Bug 16699: Move Swagger-related files to api/v1/swagger This patch separates Swagger-specifications and the minifySwagger.pl from other api-files by moving specifications & minifier into api/v1/swagger. Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> My name is Olli-Antti Kivilahti and I approve this commit. We have been using the Swagger2.0-driven REST API on Mojolicious for 1 year now in production and I am certain we have a pretty good idea on how to work with the limitations of Swagger2.0 We participated in the development of the Mojolicious::Plugin::Swagger and know it well. We have made an extension to the plugin to provide full CORS support and have been building all our in-house features on the new REST API. Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com> My name is Johanna Räisä and I approve this commit. We have been using Swagger2.0-driven REST API in production successfully. Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>	7 years ago
Lari Taskula	0eaf72ab26	Bug 16699: Split parameters and paths in Swagger Parameters and paths should be split in our Swagger specification, because otherwise swagger.json would become messy with all the paths and their further specification in the same file. Also parameters should be split for the same reason. Instead of using index.json for definitions, parameters and paths, we define new files "definitions.json", "parameters.json" and "paths.json" in order to simplify the references. If we kept using index.json and try to reference "/definitions/error.json" from "/paths/holds.json", reference would be "../definitions/index.json#/error" instead of now simplified version, "../definitions.json#/error". Here is the proposed structure: . ├── swagger.json ├── definitions.json ├── paths.json ├── parameters.json ├── definitions │ └── error.json │ └── patron.json ├── parameters │ └── patron.json ├── paths │ └── patrons.json ├── minifySwagger.pl └── swagger.min.js The swagger.json paths, definitions and parameters will look as follows: ... "paths": { "$ref": "paths.json" }, "definitions": { "$ref": "definitions.json" }, "parameters": { "$ref": "parameters.json" } ... A problem with splitting specification into multiple files directly from swagger.json (e.g. "paths": { "$ref": "paths.json" }) is that it is not following the Swagger specification and an error will be thrown by the Swagger-UI default validator (online.swagger.io/validator). To overcome this problem, we use the minifySwagger.pl script from Buug 16212. This allows the developers to work with the structure introduced in this patch thus allowing developers to split the specification nicely, and still have a valid Swagger specification in the minified swagger.min.json. To test: -2: Apply the minifier-patch in Buug 16212. -1: Make sure you can validate your specification with Swagger2 validator at online.swagger.io/validator/debug?url=url_to_swaggerjson, or install it locally from https://github.com/swagger-api/validator-badge. 1. Don't apply this patch yet, but first validate swagger.json with swagger.io-validator (or your local version, if you installed it) 2. Observe that validation errors are given 3. Run minifySwagger.pl 4. Validate swagger.min.json with the validator you used in step 1 5. Observe that validation passes and we overcame the invalid specification problem in swagger.min.json 6. Apply this patch 7. Run minifySwagger.pl 8. Repeat step 4 9. Observe that validation passes with new structure 10. Run REST tests at t/db_dependents/api/v1 (11. Study the new structure of our Swagger specifications :)) Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> My name is Olli-Antti Kivilahti and I approve this commit. We have been using the Swagger2.0-driven REST API on Mojolicious for 1 year now in production and I am certain we have a pretty good idea on how to work with the limitations of Swagger2.0 We participated in the development of the Mojolicious::Plugin::Swagger and know it well. We have made an extension to the plugin to provide full CORS support and have been building all our in-house features on the new REST API. Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com> My name is Johanna Räisä and I approve this commit. We have been using Swagger2.0-driven REST API in production successfully. Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>	7 years ago