Commit graph

232 commits

Author SHA1 Message Date
b93e15c235
Bug 30588: Add the option to require 2FA setup on first staff login
Bug 28786 added the ability to turn on a two-factor authentication,
using a One Time Password (OTP).
Once enabled on the system, librarian had the choice to enable or
disable it for themselves.
For security reason an administrator could decide to force the
librarians to use this second authentication step.

This patch adds a third option to the existing syspref, 'Enforced', for
that purpose.

QA notes: the code we had in the members/two_factor_auth.pl controller
has been moved to REST API controller methods (with their tests and
swagger specs), for reusability reason. Code from template has been
moved to an include file for the same reason.

Test plan:
A. Regression tests
As we modified the code we need first to confirm the existing features
are still working as expected.
1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to
enable and access the second authentication step
2. Turn it on (enabled) and confirm that you are able to enable it in your account
3. Logout and confirm then that you are able to login into Koha

B. The new option
1. Set the pref to "enforced"
2. You are not logged out, logged in users stay logged in
3. Pick a user that does not have 2FA setup, login
4. Notice the new screen (UI is a bit ugly, suggestions welcomed)
5. Try to access Koha without enabling 2FA, you shouldn't be able to
access any pages
6. Setup 2FA and confirm that you are redirected to the login screen
7. Login, send the correct pin code
=> You are fully logged in!

Note that at 6 we could redirect to the mainpage, without the need to
login again, but I think it's preferable to reduce the change to
C4::Auth. If it's considered mandatory by QA I could have a look on
another bug report.

Sponsored-by: Rijksmuseum, Netherlands

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 11:36:57 -03:00
00f0780b7f
Bug 17170: (QA follow-up) Spec cleanup
This patch removes not required (for now) query parameters as we can
query using q= on those. They can be added back eventually, if needed.

Attributes now match the database as well.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 11:15:22 -03:00
adf252d96c
Bug 17170: Add API route for SearchFilters
This adds the API routes and tests

Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/]

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 11:15:14 -03:00
Johanna Raisa
86a744cbfd
Bug 31555: change holds GET permission to place_holds
This patch changes holds' GET REST API endpoint permission
to place_holds to match with request.pl

Test plan:
1) prove t/db_dependent/api/v1/holds.t

Sponsored-by: Koha-Suomi Oy

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-11 10:49:18 -03:00
b9cab0967e
Bug 30982: (QA follow-up) Spelling
[1] Correct: BackgrounJob
[2] If should filter out not current jobs
=> Had a hard time reading that one until I replaced if by it.
=> Decided to rephrase it in a more positive way.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-23 08:57:50 -03:00
88cc881521
Bug 30982: API tweaks
This patch makes the following changes to the 'background_jobs' API:

* We now call them 'jobs'
* Removed deprecated query parameter definitions
* Added only_current query parameter
* Controller gets adapted to use $rs->filter_by_current when
  only_current is passed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-23 08:57:49 -03:00
1d0f096eaf
Bug 30982: Add 'context' to the REST API specs
context has been added by bug 30889

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-23 08:57:48 -03:00
b9b3b93d93
Bug 30982: Add tests and implement GET /background_jobs/$id
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-23 08:57:48 -03:00
b702e9b08d
Bug 30982: REST API specs
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-23 08:57:40 -03:00
c3b9e5e841
Bug 29144: Copy and remove branches.opac_info (dbrev)
Test plan:
Run dbrev.
Check api URL: /api/v1/public/libraries (with/without suffix /[branch_code].

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-16 09:55:20 -03:00
7e991d0702
Bug 29939: Use the REST API for ratings
This patch replaces opac-ratings-ajax.pl with a new REST API route
POST /public/biblios/42/ratings

Note that we could go further and refactor the 'start_rating' select
code.

Test plan:
Test the "star ratings" feature at the OPAC, on the different page
where it's displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-22 11:31:15 -03:00
25c522fea1
Bug 28787: Rename the REST API route to /auth/otp/token_delivery
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Sponsored-by: Rijksmuseum, Netherlands

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-09 13:38:44 -03:00
c0864cfdea
Bug 28787: (follow-up) Changes in API auth, moved otp out of Letters
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Sponsored-by: Rijksmuseum, Netherlands

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-09 13:38:43 -03:00
6e099d0bbd
Bug 28787: Send a notice with the TOTP token
Bug 28786 let librarians enable a Two-factor authentication but force them to use
an application to generate the TOTP token.

This new enhancement add the ability to send an email containing the token to the
patron once it's authenticaed

The new notice template has the code '2FA_OTP_TOKEN'

Test plan:
- Setup the two-factor authentication (you need the config entry and the
syspref ON)
- Enable it for your logged in patron
- Logout
- Login and notice the new link "Send the code by email"
- Click on it and confirm that you received an email with the code
- Use the code to be fully logged in

QA question: Is 400 the correct error code to tell the email has not
been sent?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Sponsored-by: Rijksmuseum, Netherlands

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-09 13:38:43 -03:00
9309dedb53
Bug 30578: Remove circ/ysearch.pl in favor of the /patrons REST API route
This patch removes the circ/ysearch.pl script used by the jQuery autocomplete widget.
We can now use the /api/v1/patrons endpoint to retrieve the patrons and
generate the patron result list.

Prior to this patch the different occurrences were defining the style
and the list of patron's attributes to display for each option (name,
date of birth, age, address, etc.). Now they are all displaying the same
information.

To acchieve this we had to:
* Make js-date-format.inc and js-patron-get-age.inc available from js_includes.inc
and so available from everywhere, which is certainly a good move. We
could discuss why this code is in include file instead of JS files
however.
* Remove the .ajaxSetup call in tags-review.js to reduce its scope: an
underscore parameter was added to the REST API query (?)

A better solution would have been to extend the existing widget
(https://learn.jquery.com/jquery-ui/widget-factory/extending-widgets/)
but I didn't manage to do it, and I feel like there is a bug in jQuery
autocomplete. The "source" was not taken into account.
We could think about replacing the jQuery autocomplete with something
else, but that's outside the scope of this bug.

Test plan:
Search for patrons and confirm the autocomplete works and that the
"select" action works as before (either a redirect or select the
patrons) on the different views:
* Place a hold
* Search for tags (form on the left)
* In the header, "Check out" and "Search patrons"
* Add instructors to course reserves
* View logs (the "librarian" input)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-18 11:01:34 -03:00
c66032ba2c
Bug 28854: Improve lost details display for bundle items
This patch adds the return claim details to the bundle item status
display on the catalogue details page.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-13 10:35:36 -03:00
5f614c05fd
Bug 28854: Expose functionality to attach items to bundles
This patch adds methods the the Koha::Item object for managing item
bundling operations and then exposes those methods via the REST API.

We include the new `BundleNotLoanValue` preference for setting not
for loan values when an item is added to a bundle.

Finally, we expose bundle management via the catalogue details page.

Test plan:
0) Apply patches up to this point and run the database update
1) Configuration: `BundleNotLoanValue` should have been set by the
   database update and point to a newly added AV value.
2) Creating a new bundle
   * Add a new bib record
   * Mark the bib record as a 'collection' type by setting leader
     position 7 to 'c'
   * Add a new item to this bib record
   * You should see a new 'Manage bundle' button available in the
     'Actions' column of the Holdings table.
   * Clicking 'Manage bundle' should expand the table to include a new
     row directly beneath this one.
   * Use the new 'Add to bundle' button that appears in this row to
     trigger a modal that allows entering the barcode of items you wish
     to add to the bundle
   * Upon closing the modal, the bundle content table should reload and
     contain your newly associated items.
   * You can subsequently remove an item from a bundle using the new
     'Remove' button.
3) Not for loan
   * Items that have been added into a bundle should now appear as 'Not
     for loan' from their original biblio record and note which bundle
     they belong to.
4) Error cases
   * Try adding an item that already belongs to a bundle to another
     bundle: Note an error is displayed in the modal form.
5) The bundles feature can be disabled by unsetting the
   `BundleNotLoanValue` system preference.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-13 10:35:25 -03:00
86197c407d
Bug 24857: Fix missing additionalProperties in spec
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-08 19:11:23 -03:00
95a6ee4d53
Bug 24857: API spec
To test:
1 - prove t/db_dependent/api/v1/item_groups.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-08 15:59:55 -03:00
557dfa9eae
Bug 30275: (follow-up) Rebase fixes
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-05 09:46:12 -03:00
14a8e322e6
Bug 30275: Add alias to create renewal in api routes
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-05 09:46:06 -03:00
5fab94ffa0
Bug 30275: Add /api/v1/checkouts/{checkout_id}/renewals
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-05 09:46:04 -03:00
Johanna Raisa
71a95d3557
Bug 30780: Librarians with only "place_holds" permissions can not update holds data via REST API
This patch enables librarians with only "place_holds" permissions to cancel, suspend and resume holds via REST API.

Test plan:
1) Try to cancel or suspend a hold with only "place_holds" permissions
2) See that it is forbidden.
3) Apply the patch
4) Cancel a hold again
5) The cancellation succeeds
6) prove t/db_dependent/api/v1/holds.t

Sponsored-by: Koha-Suomi Oy

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-13 11:48:10 -03:00
891972d0d3
Bug 30855: Rename /import => /import_batches
This patch renames the route to make it consistent for future additions.

To test:
1. Run
   $ git grep 'matches/chosen'
=> FAIL: all occurences use /api/v1/import/
2. Apply this patch
3. Run:
   $ git grep 'matches/chosen'
=> SUCCESS: All occurences have '/api/v1/import_batches/'
4. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/import_record_matches.t
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-02 13:42:28 -03:00
3b431117e4
Bug 30854: (QA follow-up) Spec fixes
This patch fixes minor spec QA issues:

* Missing summary for routes
* Missing error_code description for 500

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-01 13:36:41 -03:00
15f8d8f42b
Bug 30854: Missing description for 'import_record_matches' in swagger.yaml
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-01 13:36:41 -03:00
a3aaf10e59 Bug 29926: (QA follow-up) Date format missing in spec
On fixing the spec to have `format: date` I noticed the tests were
expecting explosions because of date handling not being done. The
OpenAPI plugin does this correctly when you set the format right.

So, I adapted the tests so they expect 400 and return the type error.

We don't usually add such tests (i.e. test the plugin does its job
correctly) but it doesn't hurt to keep them just in case something
really changes badly there (plugin bug?).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
b97bf747e9 Bug 29926: (QA follow-up) API design fixes
This patch makes the following changes to the spec:

* Password being the resource and expiration_date an attribute for it,
  so reorganizing things and also renaming the route.
* Be it undefined or defined, expiration date is only one and thus
  should use the PUT verb (as in overwrite).
* Minor bug 30194-related fixes.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
e18e1d9e9d Bug 29926: Add pasword expiration route for API
To test:
1 - prove -v t/db_dependent/api/v1/patrons_password_expiration.t

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
5ca99ca594 Bug 29924: (QA follow-up) Remove password_expiration_date from API
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
ef58458ad4 Bug 29924: (follow-up) Add password_expiration_date to API
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
63d324db28 Bug 30674: x-koha-override should use collectionFormat: csv
This patch makes this header parameter rely on the OpenAPI spec to
validate and document the available options.

Right now the only place is in POST and PUT /holds.

To test:
1. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/holds.t \
           t/db_dependent/api/v1/auth_authenticate_api_request.t
=> SUCCESS: Tests pass
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests still pass!
4. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2022-05-05 10:30:00 -03:00
9374824bc5 Bug 30663: Add x-koha-override options to /suggestions
This patch adds the x-koha-override header parameter to the route that
is used to create suggestions, POST /suggestions.

The idea is that adding suggestions will be rejected under certain
conditions unless x-koha-override is passed with appropriate values. The
added overrides are:

* any
* max_total
* max_pending

Tests are added for the expected behavior.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2022-05-05 10:26:41 -03:00
22c8d6ecc3
Bug 22785: (follow-up) no additionalProperties
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2022-05-04 13:19:09 +01:00
19a2c53ddd Bug 30536: (QA follow-up) POD + Spec Consistency
Well spotted, this patch fixes the specs to be consistent and adds a
little detail to the POD as requested.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-03 11:19:51 -10:00
d0ec2460a6 Bug 30536: Update spec files
This patch removes superflous x-koha-embed defintions at the top level
of the endpoint specifications. It also replaces a few x-koha-embeds at
the top level with parameter lists where this had been missed in
preceeding patches.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-03 11:19:51 -10:00
68a5bcc693 Bug 22785: (QA follow-up) Remove superflous spec files
We don't need these any more.. I think they crept back in during
rebases

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-03 11:19:50 -10:00
48ae97e361 Bug 22785: Allow option to choose which record match is applied during import
This patchset adds the display of all matches found during import to the import management screen

A staff member with the permission to manage batches will be able to select for any individual record which match, or none, should be used during import

To test:
1 - Import a batch of records or export existing records from your catalog
2 - Import the file (again) and select a matching rule that will find matches
3 - Note that you now have radio buttons allowing you to select a record, or none
4 - Test scenarios:
    I - When 'Action if matching record found' is 'Ignore'
        a - Imported record ignored if match is selected
        b - 'Action if no match found' followed if no match is selected (Ignore matches)
    II - When 'Action if matching record found' is 'Replace'
        a - The chosen record is the one overlayed (you can edit the chosen record before importing to confirm)
        b - 'Action if no match found' followed if no match is selected (Ignore matches)
    III - When 'Action if matching record found' is 'Add incoming record'
        a - Record is added regardless of matches
5 - Confirm 'Diff' 'View' links work as expected
6 - Confirm that after records are imported the radio buttons to choose are disabled

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Bug 22785: API files

Signed-off-by: Ben Daeuber <bdaeuber@cityoffargo.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-03 11:19:50 -10:00
2bbc684f8a Bug 30534: Remove guarantor_id attribute from the patron object
This patch removes an attribute that was actually removed 3 years ago
and causes an exception when trying to search for it. The API responses
don't include it anyways.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-25 10:00:22 -10:00
dd91077f91
Bug 29810: Fix patron embed definitions
Due to a race and a bad rebase, the patrons embeds added on bug 30063
didn't get copied to the parameters secition, thus breaking embedding.

To test:
1. In master, open the patron search page and the inspector
2. Perform a search
=> FAIL: No results
=> FAIL: There's an error 500 in the API response, mentioning embedding
is not allowed
3. Apply this patch
4. Restart all
6. Repeat 2
=> SUCCESS: Results are back!
=> SUCCESS: No more API errors
7. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2022-04-14 11:42:01 +01:00
de14e5c37a Bug 29810: Document x-koha-embed header on orders endpoints
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 11:40:16 +02:00
3ac7bcbec0 Bug 29810: Document x-koha-embed header on libraries endpoints
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 11:40:16 +02:00
ccfb7cc240 Bug 29810: Document x-koha-embed header on cash registers endpoints
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 11:40:16 +02:00
c90daefb63 Bug 29810: Document x-koha-embed header on biblios endpoints
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 11:40:16 +02:00
9558535de4 Bug 29810: Document x-koha-embed header on checkouts endpoints
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 11:40:16 +02:00
ea8e51f776 Bug 29810: Document x-koha-embed header on patrons endpoints
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-12 11:40:16 +02:00
b25f6f1c30 Bug 30394: Add x-koha-request-id support on API routes
This patch adds the x-koha-request-id to all GET routes that rely on
objects.search, for immediate support for the header.

The patch itself is trivial:
- It adds the header parameter definition to the top level swagger.yaml
- It adds a reference on each route that already implements q params,
  etc

To test:
1. Apply the patch
2. Reload plack
3. Notice the API still works
4. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/query.t
=> SUCCESS: It now passes! The /cities route implements the
x-koha-request-id header pass through.
5. Run the rest of the API tests
=> SUCCESS: All good
6. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 16:23:46 +02:00
e79a66e656 Bug 30063: Fix permission for GET /patrons
edit_borrowers should be enough, we don't need the whole borrowers
module flag

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 09:47:02 +02:00
fe7a630273 Bug 30063: Overdues count
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 09:47:01 +02:00
f3834f7ebe Bug 30063: Number of checkouts
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 09:47:00 +02:00