Commit graph

497 commits

Author SHA1 Message Date
Andrew Isherwood
8378c74c90 Bug 18589: (follow-up) Add borrowernumber test
As per comment #21:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18589#c21

We now test borrowernumber filter works. This test has come from
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=83184&action=diff
and will be removed from that bug

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-22 20:21:49 +00:00
48484173e2 Bug 19661: (follow-up) Use Basic auth in tests
Test plan:

prove t/db_dependent/api/v1/acquisitions_funds.t

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-22 19:40:37 +00:00
Matthias Meusburger
717975abeb Bug 19661: REST API - Funds Endpoint
This patch adds a new route to the REST api:

/api/v1/acquisitions/funds/

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-22 19:40:36 +00:00
e0e431bab1 Bug 21756: Replace manualinvoice with add_debit in tests
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-13 03:58:28 +00:00
6ebcc255d3 Bug 22206: (follow-up) Voted RFC changes
This patch changes expiration_date for end_date as voted when the RFC
was approved.

It also adds a test for the Location header being added correctly when
suspending a hold (SWAGGER3.4.1)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-15 19:35:30 +00:00
1db9598e81 Bug 22206: (QA follow-up) Fix tests for hold suspension api
Test plan:

prove t/db_dependent/api/v1/holds.t

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-15 19:35:30 +00:00
bcc150a9c0 Bug 22206: Unit tests
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-15 19:35:30 +00:00
52bb9802dd Bug 20006: Unit tests fixes
This patch makes the holds endpoint tests pass and expect data structures that match the voted RFC.

As we voted to introduce a /public namespace for unprivileged access to
endpoints, this endpoint gets the ability for owners and guarantors to
manipulate holds through the API.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-15 19:35:26 +00:00
5053ceda3c Bug 20563: (QA follow-up) Fix number of tests in api/v1/illrequests.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-15 19:33:37 +00:00
Andrew Isherwood
0c41d86314 Bug 20563: (follow-up) Add unit test
Test that requested partners are returned in API response when requested

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-15 19:33:37 +00:00
Andrew Isherwood
7413de82f2 Bug 21063: Add "Columns settings" for ILL
This patch adds the "Columns settings" values for the illrequests table

Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 21063: Add ability to show / hide columns

This patch adds the "Column visibility" functionality to the main ILL
request list table.

To test:
- Ensure ILL is enabled and you have some requests
- Apply patch
- From the "Koha administration screen, select "Configure columns"
- In the "Columns settings" page:
  => TEST: Ensure an "Interlibrary loans" category exists
  - Upon expanding the category:
  => TEST: Ensure a table is displayed showing columns
  => TEST: Ensure the "action" column has "Cannot be toggled"
  pre-selected
  => TEST: Change values for columns and ensure they're saved
- From the main staff menu, select "ILL requests"
- In the table:
  => TEST: Click the "Column visibility" button and ensure a modal
  containing all columns (except "Action")  is displayed
  => TEST: Select various columns and ensure they are shown and hidden

Signed-off-by: Niamh.Walker-Headon@it-tallaght.ie

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 21063: (follow-up) Add user ID to column list

As originally specified in bug 20883, there is a requirement for some
users to be able to display the user ID (borrowernumber) in the UI.

This patch adds that ability to this bug, 20883 will be marked as a
duplicate of this one.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 21063: (follow-up) Amendments for rebase

Modify to add the additional changes required now we're rebasing on top
of the dependency tree. Includes adding additional columns (and changing
indexes for search/filter where appropriate)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 21063: (follow-up) Add comments to column list

Since this bug is now dependent on Bug 18591 (Allow an arbitrary number
of comments on ILLs) we need to add the comments column to this table
and the list of selectable columns. This patch does this.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 21063: (follow-up) Sanitize datatable data

This mitigates bug 22268 by sanitizing data prior to display using the
built in $.fn.dataTable.render.text() helper provided by Datatables.

The patch was added here, rather that in 22268 since this is the bug
that introduced the problem by increasing the number of fields that are
displayed in the table, some of which could contain user provided
malicious data

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-15 19:33:36 +00:00
4cb1a47d03 Bug 22483: (follow-up) Fix wrong tests higlighted by bug
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2019-03-08 15:26:05 -03:00
8083bc2ff0 Bug 22216: Make GET /patrons/{patron_id} staff only
This patch removes the possibility to access the patron object
identified by patron_id by the patron itself, or a guarantor.

It does so by removing the permissions from the spec. The tests are
adjusted to remove that use case.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-22 13:15:11 +00:00
Andrew Isherwood
91be82a63d Bug 20600: (follow-up) Fix tests
Some silly variable name typos in the tests

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-19 16:36:43 +00:00
Andrew Isherwood
69672b8185 Bug 20600: (follow-up) Fix unit tests
The unit tests now need to be aware of the calculated placed_formatted
and updated_formatted properties in the API response object

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-19 16:36:43 +00:00
02aa348f65 Bug 16497: Refactor tests using BASIC authentication
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-19 13:52:14 +00:00
562eaa154b Bug 16497: (follow-up) GET operations require staff access
With the introduction of the /public namespace all other endpoints, the
rest of the endpoints are restricted to privileged users.

This patch makes the GET /libraries and GET /libraries/:library_id
endpoints require 'catalogue' permissions.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-19 13:52:14 +00:00
0718416ff1 Bug 16497: (follow-up) Adapt to existing guidelines and RFC
This patch makes the original implementation match what is specified on
the RFC [1].

The controller is updated, and so the tests.

To test:
- Apply this patches:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/libraries.t
=> SUCCESS: Tests pass!

[1] https://wiki.koha-community.org/wiki/Libraries_endpoint_RFC

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-19 13:52:14 +00:00
Jiří Kozlovský
96456cadc2 Bug 16497: Add /api/v1/libraries
CRUD for libraries via REST API.

GET    /api/v1/libraries              - List all libraries
GET    /api/v1/libraries/{branchcode} - Get one Library
POST   /api/v1/libraries              - Add new Library
DELETE /api/v1/libraries/{branchcode} - Delete Library

Test plan:
  - apply patch
  - run tests: t/db_dependent/api/v1/libraries.t
  - test API with some API tool or simple curl

e.g.:
curl http://host:port/api/v1/libraries
curl http://host:port/api/v1/libraries/cpl

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-19 13:52:14 +00:00
6aadbcc4be Bug 22227: Make GET /cities staff only
This patch removes the possibility to access the city objects without
privileged access (minimum permissions == catalogue).

It does so by adding the required permissions to the spec. The tests are
adjusted.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/cities.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-15 18:42:46 +00:00
63f40e519c Bug 22132: (QA follow-up) set_password now expects a hashref
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-30 18:57:18 +00:00
8ee08c3922 Bug 22132: (QA follow-up) Tests - use Mojo builtin for auth
Mojolicious has built in handling for encoding/decoding of of basic auth
paramenters. We should use it to simplify our test here.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-30 18:57:18 +00:00
103670e726 Bug 22132: Unit tests
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-30 18:57:18 +00:00
bbec5c8510 Bug 22061: (follow-up) set_password expects a hashref
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-28 15:46:58 +00:00
15ca95ca1d Bug 22061: (QA follow-up) Rename password_2 => password_repeated
As voted when the RFC was discussed, the attribute gets renamed. The
tests are adjusted accordingly.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons_password.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-28 15:45:56 +00:00
351252dd9f Bug 22061: Unit tests
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-28 15:45:54 +00:00
ee2931a7b0 Bug 22061: Add a /public namespace that can be switched on/off
This patch adds a check in Koha::REST::V1::Auth::under to catch all
routes that begin with 'public' (inside /api/v1). If they match, and the
RESTPublicAPI syspref is off, then an exception is thrown, rendering a
403 error to the consumer.

Otherwise the routes are processed as usual. This is THE on/off switch
for the public REST API. The target use case: people not wanting an OPAC
or public interaction with the API besides privileged users.

In order to test, the rest of the patches are needed because the only
way to test a route is having it in the spec.

To test:
- Apply the patches
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/auth.t
=> SUCCESS: tests pass!
- Sign off :-D

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-28 15:45:54 +00:00
ae1e6b558c Bug 17006: Add /patrons/{patron_id}/password
This patch introduces an endpoint for changing a patron's password. It
targets privileged user with the right permissions, changing some
patron's password.

To test:

- Apply this patchset
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons_password.t
=> SUCCESS: tests pass!
- Play with the different use cases highlighted by the tests, on your
favourite REST testing tool (Postman, RESTer on FF, etc).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-28 15:25:39 +00:00
fd1e9bf595 Bug 17006: Unit tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-28 15:25:38 +00:00
21676d7b87 Bug 22107: patrons.t doesn't need to delete existing data
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-11 18:48:51 +00:00
2067b8e3f8 Bug 22071: Regression tests
The authenticate_api_request() behaviour needs more tests. This patch
adds tests for the stashed Koha::Patron object. It highlights the bug in
the OAuth authentication case.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t
=> FAIL: Tests fail in the OAuth case, pass in the cookie-based auth
case.

Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-04 03:13:39 +00:00
4c742b59f7 Bug 21786: Unit tests
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-08 15:50:50 +00:00
812ac89812 Bug 21835: (QA follow-up) Fix failing test
The illrequest api response should always be augmented with an id_prefix
field which is not part of the core illrequest object

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-16 17:29:30 +00:00
5e3f428ade Bug 20996: Remove warning 'Un-mocked method'
t/db_dependent/api/v1/illrequests.t .. Un-mocked method 'status_graph()'
called at /home/vagrant/kohaclone/Koha/Illrequest.pm line 439.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-06 17:42:32 +00:00
d05a7e4a73 Bug 20996: (RM follow-up) Fix the api tests
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-06 17:42:32 +00:00
Andrew Isherwood
f4f995a4e6 Bug 20996: Fix unit tests
- Remove unit tests relating to TO_JSON
- Add tests for new explicit embedding
- Modify tests relating to now deprecated brw_cat

Signed-off-by: Magnus Enger <magnus@libriotech.no>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-02 10:33:03 +00:00
a9248f237d Bug 11897: Use 'stockrotation' permission for the endpoint
This patch makes the tests for 'authorized' session use the
'stockrotation' permission instead of 'superlibrarian'.

The path x-koha-permission is fixed accordingly.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:46:06 +00:00
85be5a8188 Bug 11897: Stockrotation
The stock rotation feature adds a batch process to automate rotation of
catalgue items with a staff client page under tools to manage rotas/schedules.

Once a rota is configured, and your staff user has the right permissions
to allocate items, then an additional tab will appear on biblio records
allowing the management of of which rota, if any, individual items belong to.

It also includes a cron script to process the items on a daily basis.

Signed-off-by: Kathleen Milne <kathleen.milne@cne-siar.gov.uk>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Edit: I removed a temporary file

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:46:05 +00:00
d19d8ec049 Bug 20944: Add route to add credits to a patron's account
This patch adds the /patrons/{patron_id}/account/credits endpoint, that
can be used to add credits to a patron's account. It is implemented so
the new credits are used to pay existing debts.

To test:
- Run:
  $ kshell
k$ prove t/db_dependent/api/v1/patrons_accounts.t
=> SUCCESS: Tests pass!
- Make your favourite REST testing tool (RESTer on Firefox?) do:
  POST /api/v1/patrons/{patron_id}/account/credits
{
  "amount": 100
}
- Play with other possible attributes on the credit object.
- Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-31 12:47:00 +00:00
ce96080f30 Bug 21133: Fix use statements order
Basically the idea is:
1. Undefined subroutine &C4::Items::ModZebra called at /home/vagrant/kohaclone/C4/Items.pm line 302.

=> Then use C4::Items before C4::Biblio

2. Undefined subroutine &C4::Circulation::GetItem called at /home/vagrant/kohaclone/C4/Circulation.pm line 1290

=> Then use C4::Circulation before C4::Items

And sometimes these 2 rules do not work...

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2018-07-31 16:28:02 -03:00
bb7c908dc0 Bug 20942: Split debit and credit lines
This patch splits the balance to match this object schema:

{
    balance             => #,
    outstanding_credits => {
        total => #,
        lines => [ credit_line_1, ..., credit_line_n ]
    },
    outstanding_debits  => {
        total => #,
        lines => [ debit_line_1, ..., debit_line_m ]
    }
}

This change is made to ease usage from the UI. Also because the
outstanding credits need to be applied to outstanding debits in order to
the balance value to make sense. So we still need to have each total.

Tests are added for this change, and the schema files are adjusted as
well.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons_accounts.t
=> SUCCESS: Tests pass!
- Sign off :-D

staff_id is changed into user_id as voted on the dev meeting the RFC got
approved.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 16:49:27 +00:00
7cbff1bce1 Bug 20942: Unit tests for /patrons/{patron_id}/account
This patch adds tests for the /patrons/{patron_id}/account endpoint.
To test:

- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons_accounts.t
=> FAIL: Tests should fail because the endpoint is not implemented.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 16:49:26 +00:00
d2fdf1a695 Bug 20287: Fix tests expecting a warning
The new Koha::Patron-based implementation encapsulates some error
conditions that raised warnings and the tests expected that warning.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:56 +00:00
17e8acad70 Bug 20624: Net::OAuth2::AuthorizationServer is not a hard dependency
While we get packaging sorted, Net::OAuth2::AuthorizationServer is not a
hard dependency for Koha and the feature requiring it is disabled by
default.

This patch:
- Makes the dependency optional
- Makes the unit tests for the OAuth2 client credentials flow skip if
  the dependency is not met.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:03 -03:00
a8579ac6c4 Bug 20624: (QA follow-up) Unit tests for missing deps situation
This patch tests the situation in which Net::OAuth2::AuthorizationServer
is missing. It mocks Module::Load::Conditional::can_load and expects the
/token endpoint answers 'Unimplemented grant type' to all requests, and
the 'authenticate_api_request' in 'under' exit with unauthorized (403)
to requests in which the Authorization header is passed containing a
Bearer token, but OAuth2 is not really available.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because our REST endpoints don't support this
behaviour.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:02 -03:00
de0698076f Bug 20624: Unit tests
This patch adds tests to verify that disabling the RESTOAuth2ClientCredentials syspref
makes any request on the /api/v1/oauth/token using the
'client_credentials' grant fail with 'grant not implemented'.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because the change is not implemented!

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:02 -03:00
8eb9239a34 Bug 20612: Unit tests
This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s)
classes. It adds tests for expired tokens too.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests should fail without the rest of the patches.

Sponsored-by: ByWater Solutions

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:56:01 -03:00
Julian Maurice
5b2aec72a9 Bug 20402: Use TestBuilder->build_object in oauth.t
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-08 15:55:43 -03:00
Julian Maurice
ccc034195e Bug 20402: Fix oauth.t
GET /patrons now requires { "borrowers": 1 } instead of
{ "borrowers": "edit_borrowers" }

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-08 15:55:42 -03:00
Julian Maurice
43a4b3c22c Bug 20402: Implement OAuth2 authentication for REST API
It implements only the "client credentials" flow with no scopes
support. API clients are tied to an existing patron and have the same
permissions as the patron they are tied to.
API Clients are defined in $KOHA_CONF.

Test plan:
0. Install Net::OAuth2::AuthorizationServer 0.16
1. In $KOHA_CONF, add an <api_client> element under <config>:
     <api_client>
       <client_id>$CLIENT_ID</client_id>
       <client_secret>$CLIENT_SECRET</client_secret>
       <patron_id>X</patron_id> <!-- X is an existing borrowernumber -->
     </api_client>
2. Apply patch, run updatedatabase.pl and reload starman
3. Install Firefox extension RESTer [1]
4. In RESTer, go to "Authorization" tab and create a new OAuth2
   configuration:
   - OAuth flow: Client credentials
   - Access Token Request Method: POST
   - Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token
   - Access Token Request Client Authentication: Credentials in request
     body
   - Client ID: $CLIENT_ID
   - Client Secret: $CLIENT_SECRET
5. Click on the newly created configuration to generate a new token
   (which will be valid only for an hour)
6. In RESTer, set HTTP method to GET and url to
   http://$KOHA_URL/api/v1/patrons then click on SEND
   If patron X has permission 'borrowers', it should return 200 OK
   with the list of patrons
   Otherwise it should return 403 with the list of required permissions
   (Please test both cases)
7. Wait an hour (or run the following SQL query:
   UPDATE oauth_access_tokens SET expires = 0) and repeat step 6.
   You should have a 403 Forbidden status, and the token must have been
   removed from the database.
8. Create a bunch of tokens using RESTer, make some of them expires
   using the previous SQL query, and run the following command:
     misc/cronjobs/cleanup_database.pl --oauth-tokens
   Verify that expired tokens were removed, and that the others are
   still there
9. prove t/db_dependent/api/v1/oauth.t

[1] https://addons.mozilla.org/en-US/firefox/addon/rester/

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-08 15:55:42 -03:00
10de4f437f Bug 19784: Unit tests for /api/v1/patrons
This patch adapts the existing endpoint's tests so they expect:
- 'patron_id' for 'borrowernumber'
- 'library_id' for 'branchcode'
- 'category_id' for 'categorycode'

In the process, I tried to make the tests more robust, by creating random
data that gets deleted to make sure our tests cases can't have false
positives.

Independent subtests are wrapped inside transactions to avoid
eventual interference.

To test:
- Apply the patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: The api doesn't implement the expected behaviour and attributes
for endpoint responses

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-29 11:42:07 -03:00
2183c7a175 Bug 16330: Remove validation code from Koha::Patron
This patch removes previously added validation code from Koha::Patron
as we will rely on the DB structure and relationships to catch the same
problems. This is implemented on bug 19828.

This patch also adapts the API controller class to expect this behaviour
change from Koha::Patron. The expected exceptions are adjusted, and some
minor changes take place. The API tests are adjusted as well.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/Koha/Patrons.t
 k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests should still pass

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-29 11:42:07 -03:00
e36dc18376 Bug 16330: (QA follow-up) ModMember requires borrowernumber
Works perfectly. Well done everyone!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-29 11:42:07 -03:00
dd9b6c1651 Bug 16330: Move patches to OpenAPI
This patch refactors the original work so it implements the controllers
and the spec using Mojolicious::Plugin::OpenAPI, and OpenAPI for the specification.

It removes the ability for patrons without permissions to edit their own data or their
guarantee's. This will be moved to a patron modification requests endpoint for simplicity.

It makes use of bugs 19410 and 19686 and their dependencies to deal with parameters handling,
query building and pagination.

Tests are adapted.

To test:
- Apply this patches and the dependencies
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off :-D

Sponsored-by: ByWater Solutions

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-29 11:42:06 -03:00
Benjamin Rokseth
7b8909cb90 Bug 16330: Add routes to add, update and delete patrons
This patch adds support for add, edit and delete patrons via REST API.

GET  /api/v1/patrons                   Get patron list from params
GET  /api/v1/patrons/<borrowernumber>  Get single patron
POST /api/v1/patrons                   Create a new patron
PUT  /api/v1/patrons/<borrowernumber>  Update data about patron
DEL  /api/v1/patrons/<borrowernumber>  Delete a patron

Revised Test plan:
1) Apply this patch
2) Run tests perl t/db_dependent/api/v1/patrons.t
3) Add a user with proper rights to use the REST API
4) play with your favourite REST client (curl/httpie, etc.):
   Authenticate with the user created above and get a CGISESSION id.
   Use the CGISESSION to add, edit and delete patrons via the API.
5) Use PUT /patrons/<borrowernumber> for a patron without borrowers
   flag. This should go into pending patron modification status and
   needs to be accepted by a librarian.

Please note there is no validation of body input in PUT/POST other
than branchcode,category,userid,cardnumber.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-29 11:42:06 -03:00
00374d0741 Bug 20167: Regression test
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-03-15 08:24:00 +00:00
3afbbdf48c Bug 20004: Unit tests
This patch adapts the unit tests for the cities endpoint to the
requirements from the RFC. This tests are expected to just fail
without the needed followup.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/cities.t
=> FAIL: Tests obviously don't pass without the followup patch.

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 17:53:41 -03:00
a1686054ac Bug 18403: rename Koha::Patron->can to has_permission
I do not exactly why but there is a conflict in the name of the method

prove t/db_dependent/api/v1/patrons.t failed with
[Mon Feb 12 17:13:16 2018] [error] Can't use string ("TO_JSON") as a
HASH ref while "strict refs" in use at
/home/vagrant/kohaclone/C4/Auth.pm line 2053.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 18:02:01 -03:00
Julian Maurice
c76281f3fc Bug 16213: Allow to select hold's itemtype when using API
Test plan:
1/ Use your usual "REST testing" tool to place a title-level hold with
an itemtype. The request should look like this:

POST /api/v1/holds
{
    "borrowernumber": 1234,
    "biblionumber": 456,
    "branchcode": "CPL",
    "itemtype": "A"
}

2/ Check that the hold was placed and the itemtype is correctly selected
3/ prove t/db_dependent/api/v1/holds.t

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-30 14:21:28 -03:00
400804ada1 Bug 18330: (follow-up) Adapt holds.t to match the new datetime format
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-14 16:58:22 -03:00
2725d3156a Bug 7317: (QA followup) Rename 'branch' for 'library'
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:16 -03:00
c99e814a6f Bug 7317: (followup) Migrate endpoint to OpenAPI
This patch moves the current endpoint implementation from Swagger2 to
the OpenAPI plugin.

It also takes advantage of the overloaded Koha::Illrequest::TO_JSON method
which has now the option to embed what's needed for the REST api.

The path spec is adjusted to fit OpenAPI, and some minor fixes are
applied:
- Missing 'metadata' query param
- 'ill' permissions should be required instead of 'borrowers'
- Full test coverage

To test:
- Apply  this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/illrequests.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:13 -03:00
Alex Sassmannshausen
8e86b5e093 Bug 7317: Interlibrary loans framework for Koha.
This Commit is at the heart of adding an interlibrary loans framework
for Koha.  The framework does not prescribe a particular workflow.
Instead it provides a general framework that can be extended &
implemented by individual backends whose responsibility it is to
implement a specific workflow.

The module is largely self-sufficient: it adds new tables to the Koha
database and touches only a few files in the Koha source tree.

Primarily, we add our files to the Makefile and the koha-conf.xml,
define ill paths for the REST API, and introduce links from the main
intranet, opac pages & user permissions.

Outside of this we simply add new files & functionality.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:12 -03:00
a1bf319829 Bug 19405: Prevent api/v1/holds.t to fail randomly
DBD::mysql::st execute failed: Duplicate entry 'cEMggO40gdPLhcVXbpry8x0izO8lHr8NafFIBJwm0D1HgiXA57YR0a0VVxhQBzvn' for key 'userid' [for Statement "INSERT INTO `borrowers` ( `branchcode`, `categorycode`, `flags`, `surname`, `userid`) VALUES ( ?, ?, ?, ?, ? )" with ParamValues: 0='N2ElsY9', 1='Kk8G', 2=80, 3='Test Surname', 4='cEMggO40gdPLhcVXbpry8x0izO8lHr8NafFIBJwm0D1HgiXA57YR0a0VVxhQBzvnnbgezJqmxqwz'] at /usr/share/perl5/DBIx/Class/Storage/DBI.pm line 1832.
DBIx::Class::Storage::DBI::_dbh_execute(): Duplicate entry 'cEMggO40gdPLhcVXbpry8x0izO8lHr8NafFIBJwm0D1HgiXA57YR0a0VVxhQBzvn' for key 'userid' at /kohadevbox/koha/Koha/Object.pm line 121
[18:52:19] t/db_dependent/api/v1/holds.t

Reading the code I guess it happens if TestBuilder generates a userid with the size of borrowers.userid (75 chars). In that case the following lines are wrong:

$borrower->userid($nopermission->{ userid }."z");
$borrower2->userid($nopermission->{ userid }."x");
$borrower3->userid($nopermission->{ userid }."y");

The 3 patrons will have the same userid.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-03 19:20:18 -03:00
17764fbe90 Bug 18120: /acquisitions/vendors unit tests
This patch introduces unit tests that need to be passed by an
/acquisitions/vendors/ REST endpoint.

To test:
- Apply the patch
- Run:
  $ sudo koha-shell kohadev
 k$ prove t/db_dependent/api/v1/acquisitions_vendors.t
=> FAIL: The endpoint is not present, should fail.

Sponsored-by: ByWater Solutions

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 17:13:13 -03:00
2bf98402a2 Bug 18137: (QA followup) Make sure the session exists and is expired on expiration tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Lari Taskula <lari.taskula@jns.fi>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-21 11:27:05 -03:00
Lari Taskula
b007919e35 Bug 18137: Make /cities Mojolicious::Plugin::OpenAPI compatible
Also:
- adding some missing and new response definitions into Swagger spec.

To test:
1. prove t/db_dependent/api/v1/cities.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-21 11:27:05 -03:00
Lari Taskula
915963ba7f Bug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible
Also:
- adding some missing and new response definitions into Swagger spec.
- fixing failing test due to Bug 17932's change of boolean values

To test:
1. prove t/db_dependent/api/v1/patrons.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-21 11:27:05 -03:00
Lari Taskula
e2fc524701 Bug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI
This patch migrates from Swagger2 to Mojolicious::Plugin::OpenAPI as Swagger2 is
no longer actively maintained.

This migration involves some minor changes to our Swagger specification documents
and to controllers. Each operation is migrated in following patches separately.
Please see Mojolicious::Plugin::OpenAPI and its tutorial for more documentation.

The patch also refactors some API authentication -related code by taking advantage
of Koha::Exceptions. Authentication is now handled via Mojolicious's "under->to"
functionality. The actual authentication & authorization checks are moved to
Koha::REST::V1::Auth. Added a HTTP 503 response for when database update is
required, instead of returning an authentication failure as before.

To test:
1. prove t/db_dependent/api/v1/auth.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-21 11:27:04 -03:00
164b13690a Bug 19119: Remove definitions.t
This patch removes t/db_dependent/api/v1/swagger/definitions.t

Its goal is not simple to achieve, and worth moving into the QA tools instead.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-20 16:07:33 -03:00
Lari Taskula
50a2efdcc1 Bug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 18137)
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-20 16:07:07 -03:00
b1ba7fac2c Bug 18292: Remove return 1 statements in tests
The test files do not need to return 1

Patch generated with:
perl -p -i -e "s/^1;\n//xsm" t/**/*.t

Test plan:
  git grep '^1;$' t/**/*.t
should not return any results

NOTE: does not fix C4/SIP/t, nor xt tests.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:42 -03:00
a696843f82 Bug 18826 - (QA Followup) Add mock SessionStorage to patrons.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-24 13:14:55 -03:00
d5dc473382 Bug 18826: rollback transaction for api tests
The holds.t tests for the REST api do no rollback properly and modify
the DB (no cleanup).
This comes from a bug caused by SessionStorage = mysql (default)

The error is:
    "rollback ineffective with AutoCommit enabled"

Test plan:
  select count(*) from borrowers;
  prove t/db_dependent/api/v1/holds.t
  select count(*) from borrowers;
=> The number of entry must be the same before and after the tests have
been executed

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-24 13:14:55 -03:00
cd42ce2252 Bug 18262: Fix api/holds.t tests
biblioitem must be created with a biblio

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-18 11:31:35 -03:00
39d090a8b6 Bug 17932: (followup) Fix /patrons endpoint
Bug 17927 introduced data type fixes on the /patrons endpoint (integer
and boolean types got fixed). This led to the /patrons endpoint not to
work because the underlying code didn't provide the right data.

With the introduction of TO_JSON on Koha::Object(s) we now have a way to
output the proper data types.

This patch does so by:
- Adding is_boolean => 1 to the relevant columns on the Borrower.pm
  schema file.
- Tweaking the controller class for the /patrons endpoint so it doesn't
  use the $object(s)->unblessed call but just let the Mojo::JSON library
  pick out TO_JSON implementation instead on rendering the output.
- It adds a new test for booleans.

To test:
- Have 17927 applied
- Run:
  $ prove t/db_dependent/api/v1/patrons.t
=> FAIL: Tests fail [1]
- Apply this patches
- Run:
  $ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off! :-D

[1] It is self explanatory to just try the API using any of the
available tools (I use HttpRequester on Firefox)

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 15:33:00 +00:00
f67adfcb11 Bug 17654: Add tests to enforce swagger definition files integrity
The swagger definition error we found on bug 17651 should have been
caught earlier with tests.

Now we are testing for nullable columns.

QA: Have a look at the FIXME

Test plan:
Apply without 17651 (revert if already pushed)
The tests won't pass
On top of 17651 the tests will pass

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-18 14:04:22 +00:00
2a73cdac5b Bug 17431: Remove use of C4::Items and C4::Biblio
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-17 16:22:32 +00:00
620a8fb823 Bug 17431: Create the object we need instead of assuming something exists
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-17 16:22:31 +00:00
Lari Taskula
f9e9f52018 Bug 17431: (follow-up) Fix issuingrules
Issuingrules could had prevented holds.t from passing with error tooManyReserves.
This patch sets issuingrules at the beginning of the test to make sure reserves
are allowed.

To test:
1. Apply patch & Run t/db_dependent/api/v1/holds.t
2. Observe test pass

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-17 16:22:31 +00:00
Lari Taskula
9fca67d467 Bug 17431: Fix failing test t/db_dependent/api/v1/holds.t
This patch fixed failing test for t/db_dependent/api/v1/holds.t which was broken
after Bug 14695.

$ perl t/db_dependent/api/v1/holds.t
...
not ok 42 - similar match for JSON Pointer "/error"
    #   Failed test 'similar match for JSON Pointer "/error"'
    #   at t/db_dependent/api/v1/holds.t line 291.
    #                   'Reserve cannot be placed. Reason: itemAlreadyOnHold'
    #     doesn't match '(?^u:tooManyReserves)'
    # Looks like you failed 1 test of 42.
not ok 4 - Test endpoints with permission

To test:
1. Run t/db_dependent/api/v1/holds.t and observe it fail.
2. Apply patch.
3. Run the test again and observe it pass.

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-17 16:22:31 +00:00
e08639129a Bug 17428: [REST] best practice followup
This followup alters a few area's to be aligned more closely with
RESTfull best practices:

* PUT should always be full objects, and not partial updates (use PATCH
  for partials)
* Validate query parameters instead of blindly passing them to the model
  * Functional Change: Convert filter params from 'equality' to 'starts with'
    matching
* Update tests to check for swagger validation errors instead of koha exceptions
* Mark 'id' as readOnly so swagger may prevent, via validation, id
  changes.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-28 14:42:49 +00:00
ef5b32f942 Bug 17428: [REST] Cities endpoint unit tests
This patch introduces unit tests for the cities endpoint.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-28 14:42:48 +00:00
9e477baa5e Bug 17032 [QA Followup] - Update path to swagger.json file
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:00:09 +00:00
09a76c0f8f Bug 17032: Remove warning "keys on reference is experimental"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 12:57:52 +00:00
Lari Taskula
07cfcc77c5 Bug 17032: Make sure Swagger object definition is up-to-date with Koha-object
If a definition in api/v1/definitions/*.json has a corresponding Koha-object by
filename, compare properties of the definition and columns of the Koha-object
and ensure that all columns are defined inside properties of the definition.

To test:
1. Run t/db_dependent/api/v1/swagger/definitions.t
2. See that all of the tests pass. (If not, file a bug report to fix missing
   properties in the Swagger definition.)
3. Remove a property from api/v1/swagger/definitions/patron.json
4. Repeat step 1
5. See that test fails and lets you know that the property you just removed
   is missing from the definition.

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 12:57:52 +00:00
Lari Taskula
985265c0be Bug 14868: Display required permissions in permission error response
When user does not have required permissions to use API operation, it would be
useful to let them know which permissions he is missing. Since they are now
defined in Swagger, we can easily render them into the response.

To test:
1. Use a patron without any permissions
2. Make GET request to http://yourlib/api/v1/patrons
3. Observe permission error and see that required_permissions are displayed.
4. Run t/db_dependent/api/v1/patrons.t

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 12:20:36 +00:00
Lari Taskula
00a50a9400 Bug 14868: Use x-koha-authorization in current routes
To test:
1. Run t/db_dependent/api/v1/holds.t
2. Run t/db_dependent/api/v1/patrons.t

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 12:20:36 +00:00
Julian Maurice
975be0aef0 Bug 16271: Allow more filters on /api/v1/holds
borrowernumber parameter is no longer required and you can filter on
every column of reserves table

Some example requests
- GET /api/v1/holds
- GET /api/v1/holds?biblionumber=123
- GET /api/v1/holds?borrowernumber=456
- GET /api/v1/holds?priority=0&found=W

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:18:19 +00:00
Julian Maurice
9d31efa2b5 Bug 13903: (QA followup) change routes to /holds
GET    /holds?borrowernumber=X (list)
POST   /holds                  (create)
PUT    /holds/{reserve_id}     (update)
DELETE /holds/{reserve_id}     (delete)

Unit tests in t/db_dependent/api/v1/holds.t

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-04 13:54:01 +00:00
Julian Maurice
70928807d8 Bug 13903: Add API routes to list, create, update, delete reserves
GET    /reserves?borrowernumber=X (list)
POST   /reserves                  (create)
PUT    /reserves/{reserve_id}     (update)
DELETE /reserves/{reserve_id}     (delete)

Unit tests in t/db_dependent/api/v1/reserves.t

Test plan:
1. Apply patch
2. Run unit tests
3. Play with the API with your favorite REST client, using documentation
   in the swagger.json file
4. Try to make reserves until the maximum number of reserves for a user
   is reached (you should have a 403 error)

Depends on bug 15126

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-04 13:54:01 +00:00
3691bd8419 Bug 15548: Move new patron related code to Patron*
The 'borrower' should not be used anymore, especially for new code.
This patch move files and rename variables newly pushed (i.e. in the Koha
namespace).

Test plan:
1/
  git grep Koha::Borrower
should not return code in use.

2/
Prove the different modified test files

3/ Do some clicks in the member^Wpatron module to be sure there is not
an obvious error.

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as described. Tested with Circulation, Members/Patrons, Discharge,
Restrictions modules and the must common functionalities

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-03-03 14:38:26 -07:00
Julian Maurice
f60f352812 Bug 13799: Rename t/.../v1/borrowers.t to t/.../v1/patrons.t
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-04 13:47:33 -03:00
5533d65801 Bug 13799: (QA followup) make tests use random data
With the introduction of TestBuilder there's no need to
rely on existing data on the DB (the original patch relies
on categories and branches already existing).

This patch creates a random branch, category and two borrowers
with the fixed data that is needed for the tests. It adjusts
the tests to use the randomized data instead of the previously
fixed one.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The feature works as expected and all tests passes. koha-qa.pl too.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-04 13:47:33 -03:00
Julian Maurice
631694cd96 Bug 13799: Fix API unit tests
They were failing because of the now required 'borrowers' permission

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-04 13:47:33 -03:00
Julian Maurice
63cb4b9d3e Bug 13799: Add missing license notices
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-04 13:47:33 -03:00
Julian Maurice
c83cd77411 Bug 13799: RESTful API with Mojolicious and Swagger2
Actual routes are:
  /borrowers
    Return a list of all borrowers in Koha

  /borrowers/{borrowernumber}
    Return the borrower identified by {borrowernumber}
    (eg. /borrowers/1)

There is a test file you can run with:
  $ prove t/db_dependent/rest/borrowers.t

All API stuff is in /api/v1 (except Perl modules)
So we have:
  /api/v1/script.cgi     CGI script
  /api/v1/swagger.json   Swagger specification

Change both OPAC and Intranet VirtualHosts to access the API,
so we have:
  http://OPAC/api/v1/swagger.json   Swagger specification
  http://OPAC/api/v1/{path}         API endpoint
  http://INTRANET/api/v1/swagger.json   Swagger specification
  http://INTRANET/api/v1/{path}         API endpoint

Add a (disabled) virtual host in Apache configuration api.HOSTNAME,
so we have:
  http://api.HOSTNAME/api/v1/swagger.json   Swagger specification
  http://api.HOSTNAME/api/v1/{path}         API endpoint

Add 'unblessed' subroutines to both Koha::Objects and Koha::Object to be
able to pass it to Mojolicious

Test plan:
  1/ Install Perl modules Mojolicious and Swagger2
  2/ perl Makefile.PL
  3/ make && make install
  4/ Change etc/koha-httpd.conf and copy it to the right place if needed
  5/ Reload Apache
  6/ Check that http://(OPAC|INTRANET)/api/v1/borrowers and
     http://(OPAC|INTRANET)/api/v1/borrowers/{borrowernumber} works

Optionally, you could verify that http://(OPAC|INTRANET)/vX/borrowers
(where X is an integer greater than 1) returns a 404 error

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-04 13:47:32 -03:00