Tomas Cohen Arazi
8083bc2ff0
This patch removes the possibility to access the patron object identified by patron_id by the patron itself, or a guarantor. It does so by removing the permissions from the spec. The tests are adjusted to remove that use case. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/patrons.t => SUCCESS: Tests pass! - Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
704 lines
19 KiB
JSON
704 lines
19 KiB
JSON
{
|
|
"/patrons": {
|
|
"get": {
|
|
"x-mojo-to": "Patrons#list",
|
|
"operationId": "listPatrons",
|
|
"tags": ["patrons"],
|
|
"produces": [
|
|
"application/json"
|
|
],
|
|
"parameters": [{
|
|
"name": "patron_id",
|
|
"in": "query",
|
|
"description": "Search on patron_id",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "cardnumber",
|
|
"in": "query",
|
|
"description": "Case insensitive search on cardnumber",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "surname",
|
|
"in": "query",
|
|
"description": "Case insensitive search on surname",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "firstname",
|
|
"in": "query",
|
|
"description": "Case insensitive search on firstname",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "title",
|
|
"in": "query",
|
|
"description": "Case insensitive search on title",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "other_name",
|
|
"in": "query",
|
|
"description": "Case insensitive search on othernames",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "initials",
|
|
"in": "query",
|
|
"description": "Case insensitive search on initials",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "street_number",
|
|
"in": "query",
|
|
"description": "Case insensitive search on streetnumber",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "street_type",
|
|
"in": "query",
|
|
"description": "Case insensitive search on streettype",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "address",
|
|
"in": "query",
|
|
"description": "Case insensitive search on address",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "address2",
|
|
"in": "query",
|
|
"description": "Case insensitive search on address2",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "city",
|
|
"in": "query",
|
|
"description": "Case insensitive search on city",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "state",
|
|
"in": "query",
|
|
"description": "Case insensitive search on state",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "postal_code",
|
|
"in": "query",
|
|
"description": "Case insensitive search on zipcode",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "country",
|
|
"in": "query",
|
|
"description": "Case insensitive search on country",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "email",
|
|
"in": "query",
|
|
"description": "Case insensitive search on email",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "phone",
|
|
"in": "query",
|
|
"description": "Case insensitive search on phone",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "mobile",
|
|
"in": "query",
|
|
"description": "Case insensitive search on mobile",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "fax",
|
|
"in": "query",
|
|
"description": "Case insensitive search on fax",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "secondary_email",
|
|
"in": "query",
|
|
"description": "Case insensitive search on secondary_email",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "secondary_phone",
|
|
"in": "query",
|
|
"description": "Case insensitive search on secondary_phone",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_street_number",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_street_number",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_street_type",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_street_type",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_address",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_address",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_address2",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_address2",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_city",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_city",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_state",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_state",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_postal_code",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_postal_code",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_country",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_country",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_email",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_email",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_phone",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_phone",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "date_of_birth",
|
|
"in": "query",
|
|
"description": "Case insensitive search on date_of_birth",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "library_id",
|
|
"in": "query",
|
|
"description": "Case insensitive search on library_id",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "category_id",
|
|
"in": "query",
|
|
"description": "Case insensitive search on category_id",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "date_enrolled",
|
|
"in": "query",
|
|
"description": "Case insensitive search on date_enrolled",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "expiry_date",
|
|
"in": "query",
|
|
"description": "Case insensitive search on expiry_date",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "incorrect_address",
|
|
"in": "query",
|
|
"description": "Search on incorrect_address",
|
|
"required": false,
|
|
"type": "boolean"
|
|
}, {
|
|
"name": "patron_card_lost",
|
|
"in": "query",
|
|
"description": "Search on patron_card_lost",
|
|
"required": false,
|
|
"type": "boolean"
|
|
}, {
|
|
"name": "restricted",
|
|
"in": "query",
|
|
"description": "Filter search by restricted",
|
|
"required": false,
|
|
"type": "boolean"
|
|
}, {
|
|
"name": "guarantor_id",
|
|
"in": "query",
|
|
"description": "Search on guarantor_id",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "staff_notes",
|
|
"in": "query",
|
|
"description": "Case insensitive search on staff_notes",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "relationship_type",
|
|
"in": "query",
|
|
"description": "Case insensitive search on relationship_type",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "gender",
|
|
"in": "query",
|
|
"description": "Case insensitive search on gender",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "userid",
|
|
"in": "query",
|
|
"description": "Case insensitive search on userid",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "opac_notes",
|
|
"in": "query",
|
|
"description": "Case insensitive search on opac_notes",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altaddress_notes",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altaddress_notes",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "statistics_1",
|
|
"in": "query",
|
|
"description": "Case insensitive search on statistics_1",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "statistics_2",
|
|
"in": "query",
|
|
"description": "Case insensitive search on statistics_2",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_firstname",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_firstname",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_surname",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_surname",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_address",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_address",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_address2",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_address2",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_city",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_city",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_state",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_state",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_postal_code",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_postal_code",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_country",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_country",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "altcontact_phone",
|
|
"in": "query",
|
|
"description": "Case insensitive search on altcontact_phone",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "sms_number",
|
|
"in": "query",
|
|
"description": "Case insensitive search on sms_number",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "sms_provider_id",
|
|
"in": "query",
|
|
"description": "Case insensitive search on sms_provider_id",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "privacy",
|
|
"in": "query",
|
|
"description": "Search on privacy",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "privacy_guarantor_checkouts",
|
|
"in": "query",
|
|
"description": "Search on privacy_guarantor_checkouts",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "check_previous_checkout",
|
|
"in": "query",
|
|
"description": "Case insensitive search on check_previous_checkout",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "updated_on",
|
|
"in": "query",
|
|
"description": "Search on updated_on",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "last_seen",
|
|
"in": "query",
|
|
"description": "Case insensitive search on last_seen",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "lang",
|
|
"in": "query",
|
|
"description": "Case insensitive search on lang",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"name": "login_attempts",
|
|
"in": "query",
|
|
"description": "Search on login_attempts",
|
|
"required": false,
|
|
"type": "string"
|
|
}, {
|
|
"$ref": "../parameters.json#/match"
|
|
}, {
|
|
"$ref": "../parameters.json#/order_by"
|
|
}, {
|
|
"$ref": "../parameters.json#/page"
|
|
}, {
|
|
"$ref": "../parameters.json#/per_page"
|
|
}],
|
|
"responses": {
|
|
"200": {
|
|
"description": "A list of patrons",
|
|
"schema": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "../definitions.json#/patron"
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Authentication required",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "Access forbidden",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Internal server error",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
}
|
|
},
|
|
"x-koha-authorization": {
|
|
"permissions": {
|
|
"borrowers": "1"
|
|
}
|
|
}
|
|
},
|
|
"post": {
|
|
"x-mojo-to": "Patrons#add",
|
|
"operationId": "addPatron",
|
|
"tags": ["patrons"],
|
|
"parameters": [{
|
|
"name": "body",
|
|
"in": "body",
|
|
"description": "A JSON object containing information about the new patron",
|
|
"required": true,
|
|
"schema": {
|
|
"$ref": "../definitions.json#/patron"
|
|
}
|
|
}],
|
|
"consumes": ["application/json"],
|
|
"produces": ["application/json"],
|
|
"responses": {
|
|
"201": {
|
|
"description": "A successfully created patron",
|
|
"schema": {
|
|
"items": {
|
|
"$ref": "../definitions.json#/patron"
|
|
}
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Bad parameter",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Authentication required",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "Access forbidden",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "Resource not found",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"409": {
|
|
"description": "Conflict in creating resource",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Internal server error",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"503": {
|
|
"description": "Under maintenance",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
}
|
|
},
|
|
"x-koha-authorization": {
|
|
"permissions": {
|
|
"borrowers": "edit_borrowers"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"/patrons/{patron_id}": {
|
|
"get": {
|
|
"x-mojo-to": "Patrons#get",
|
|
"operationId": "getPatron",
|
|
"tags": ["patrons"],
|
|
"parameters": [{
|
|
"$ref": "../parameters.json#/patron_id_pp"
|
|
}],
|
|
"produces": [
|
|
"application/json"
|
|
],
|
|
"responses": {
|
|
"200": {
|
|
"description": "A patron",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/patron"
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Authentication required",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "Access forbidden",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "Patron not found",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Internal server error",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"503": {
|
|
"description": "Under maintenance",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
}
|
|
},
|
|
"x-koha-authorization": {
|
|
"permissions": {
|
|
"borrowers": "edit_borrowers"
|
|
}
|
|
}
|
|
},
|
|
"put": {
|
|
"x-mojo-to": "Patrons#update",
|
|
"operationId": "updatePatron",
|
|
"tags": ["patrons"],
|
|
"parameters": [
|
|
{
|
|
"$ref": "../parameters.json#/patron_id_pp"
|
|
},
|
|
{
|
|
"name": "body",
|
|
"in": "body",
|
|
"description": "A JSON object containing new information about existing patron",
|
|
"required": true,
|
|
"schema": {
|
|
"$ref": "../definitions.json#/patron"
|
|
}
|
|
}
|
|
],
|
|
"consumes": ["application/json"],
|
|
"produces": ["application/json"],
|
|
"responses": {
|
|
"200": {
|
|
"description": "A successfully updated patron",
|
|
"schema": {
|
|
"items": {
|
|
"$ref": "../definitions.json#/patron"
|
|
}
|
|
}
|
|
},
|
|
"202": {
|
|
"description": "Accepted and waiting for librarian verification",
|
|
"schema": {
|
|
"type": "object"
|
|
}
|
|
},
|
|
"204": {
|
|
"description": "No Content",
|
|
"schema": {
|
|
"type": "object"
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Bad parameter",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "Access forbidden",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "Resource not found",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"409": {
|
|
"description": "Conflict in updating resource",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Internal server error",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
}
|
|
},
|
|
"x-koha-authorization": {
|
|
"permissions": {
|
|
"borrowers": "1"
|
|
}
|
|
}
|
|
},
|
|
"delete": {
|
|
"x-mojo-to": "Patrons#delete",
|
|
"operationId": "deletePatron",
|
|
"tags": ["patrons"],
|
|
"parameters": [{
|
|
"$ref": "../parameters.json#/patron_id_pp"
|
|
}],
|
|
"produces": ["application/json"],
|
|
"responses": {
|
|
"200": {
|
|
"description": "Patron deleted successfully",
|
|
"schema": {
|
|
"type": "object"
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Patron deletion failed",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Authentication required",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "Access forbidden",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "Patron not found",
|
|
"schema": {
|
|
"$ref": "../definitions.json#/error"
|
|
}
|
|
}
|
|
},
|
|
"x-koha-authorization": {
|
|
"permissions": {
|
|
"borrowers": "1"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|