Koha/t/db_dependent/api/v1/patrons.t
Jonathan Druart a1686054ac Bug 18403: rename Koha::Patron->can to has_permission
I do not exactly why but there is a conflict in the name of the method

prove t/db_dependent/api/v1/patrons.t failed with
[Mon Feb 12 17:13:16 2018] [error] Can't use string ("TO_JSON") as a
HASH ref while "strict refs" in use at
/home/vagrant/kohaclone/C4/Auth.pm line 2053.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 18:02:01 -03:00

138 lines
4.4 KiB
Perl

#!/usr/bin/env perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
use Modern::Perl;
use Test::More tests => 21;
use Test::Mojo;
use t::lib::TestBuilder;
use t::lib::Mocks;
use C4::Auth;
use C4::Context;
use Koha::Database;
use Koha::Patron;
my $schema = Koha::Database->new->schema;
my $builder = t::lib::TestBuilder->new();
$schema->storage->txn_begin;
# FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
# this affects the other REST api tests
t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
$ENV{REMOTE_ADDR} = '127.0.0.1';
my $t = Test::Mojo->new('Koha::REST::V1');
my $categorycode = $builder->build({ source => 'Category' })->{ categorycode };
my $branchcode = $builder->build({ source => 'Branch' })->{ branchcode };
my $guarantor = $builder->build({
source => 'Borrower',
value => {
branchcode => $branchcode,
categorycode => $categorycode,
flags => 0,
}
});
my $borrower = $builder->build({
source => 'Borrower',
value => {
branchcode => $branchcode,
categorycode => $categorycode,
flags => 0,
lost => 1,
guarantorid => $guarantor->{borrowernumber},
}
});
$t->get_ok('/api/v1/patrons')
->status_is(401);
$t->get_ok("/api/v1/patrons/" . $borrower->{ borrowernumber })
->status_is(401);
my $session = C4::Auth::get_session('');
$session->param('number', $borrower->{ borrowernumber });
$session->param('id', $borrower->{ userid });
$session->param('ip', '127.0.0.1');
$session->param('lasttime', time());
$session->flush;
my $session2 = C4::Auth::get_session('');
$session2->param('number', $guarantor->{ borrowernumber });
$session2->param('id', $guarantor->{ userid });
$session2->param('ip', '127.0.0.1');
$session2->param('lasttime', time());
$session2->flush;
my $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
$tx->req->cookies({name => 'CGISESSID', value => $session->id});
$t->request_ok($tx)
->status_is(403);
$tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . ($borrower->{ borrowernumber }-1));
$tx->req->cookies({name => 'CGISESSID', value => $session->id});
$t->request_ok($tx)
->status_is(403)
->json_is('/required_permissions', {"borrowers" => "edit_borrowers"});
# User without permissions, but is the owner of the object
$tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{borrowernumber});
$tx->req->cookies({name => 'CGISESSID', value => $session->id});
$t->request_ok($tx)
->status_is(200);
# User without permissions, but is the guarantor of the owner of the object
$tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{borrowernumber});
$tx->req->cookies({name => 'CGISESSID', value => $session2->id});
$t->request_ok($tx)
->status_is(200)
->json_is('/guarantorid', $guarantor->{borrowernumber});
my $loggedinuser = $builder->build({
source => 'Borrower',
value => {
branchcode => $branchcode,
categorycode => $categorycode,
flags => 16 # borrowers flag
}
});
$session = C4::Auth::get_session('');
$session->param('number', $loggedinuser->{ borrowernumber });
$session->param('id', $loggedinuser->{ userid });
$session->param('ip', '127.0.0.1');
$session->param('lasttime', time());
$session->flush;
$tx = $t->ua->build_tx(GET => '/api/v1/patrons');
$tx->req->cookies({name => 'CGISESSID', value => $session->id});
$tx->req->env({REMOTE_ADDR => '127.0.0.1'});
$t->request_ok($tx)
->status_is(200);
$tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{ borrowernumber });
$tx->req->cookies({name => 'CGISESSID', value => $session->id});
$t->request_ok($tx)
->status_is(200)
->json_is('/borrowernumber' => $borrower->{ borrowernumber })
->json_is('/surname' => $borrower->{ surname })
->json_is('/lost' => Mojo::JSON->true );
$schema->storage->txn_rollback;