Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/t/db_dependent/api/v1/acquisitions_vendors.t
Tomas Cohen Arazi b33d69684f
Bug 25048: Regression tests 
This patch adds regression tests for the response bodies and statuses on
DELETE actions against existing API routes. This is just enforcing the
existing (voted) Coding guidelines for the API (tm).

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/*.t
=> FAIL: Several routes have problems

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-29 16:24:37 +01:00

413 lines
15 KiB
Perl
Raw Blame History

#!/usr/bin/env perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Test::More tests => 5;
use Test::Mojo;
use Test::Warn;
use t::lib::TestBuilder;
use t::lib::Mocks;
use C4::Auth;
use Koha::Acquisition::Booksellers;
use Koha::Database;
my $schema = Koha::Database->new->schema;
my $builder = t::lib::TestBuilder->new;
# FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
# this affects the other REST api tests
t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
my $remote_address = '127.0.0.1';
my $t = Test::Mojo->new('Koha::REST::V1');
subtest 'list() and delete() tests | authorized user' => sub {
plan tests => 35;
$schema->storage->txn_begin;
$schema->resultset('Aqbasket')->search->delete;
Koha::Acquisition::Booksellers->search->delete;
my ( $borrowernumber, $session_id )
= create_user_and_session( { authorized => 1 } );
## Authorized user tests
# No vendors, so empty array should be returned
my $tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors' );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_is( [] );
my $vendor_name = 'Ruben libros';
my $vendor = $builder->build_object({ class => 'Koha::Acquisition::Booksellers', value => { name => $vendor_name } });
# One vendor created, should get returned
$tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors' );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_like( '/0/name' => qr/$vendor_name/ );
my $other_vendor_name = 'Amerindia';
my $other_vendor
= $builder->build_object({ class => 'Koha::Acquisition::Booksellers', value => { name => $other_vendor_name } });
$tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors' );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_like( '/0/name' => qr/Ruben/ )
->json_like( '/1/name' => qr/Amerindia/ );
$tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors?name=' . $vendor_name );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_like( '/0/name' => qr/Ruben/ );
$tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors?name=' . $other_vendor_name );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_like( '/0/name' => qr/Amerindia/ );
$tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors?accountnumber=' . $vendor->accountnumber );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_like( '/0/name' => qr/Ruben/ );
$tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors?accountnumber=' . $other_vendor->accountnumber );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_like( '/0/name' => qr/Amerindia/ );
$tx = $t->ua->build_tx( DELETE => '/api/v1/acquisitions/vendors/' . $vendor->id );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(204, 'SWAGGER3.2.4')
->content_is('', 'SWAGGER3.3.4');
$tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors' );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_like( '/0/name' => qr/$other_vendor_name/ )
->json_hasnt( '/1', 'Only one vendor' );
$tx = $t->ua->build_tx( DELETE => '/api/v1/acquisitions/vendors/' . $other_vendor->id );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(204, 'SWAGGER3.2.4')
->content_is('', 'SWAGGER3.3.4');
$tx = $t->ua->build_tx( GET => '/api/v1/acquisitions/vendors' );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_is( [] );
$schema->storage->txn_rollback;
};
subtest 'get() test' => sub {
plan tests => 9;
$schema->storage->txn_begin;
my $vendor = $builder->build_object({ class => 'Koha::Acquisition::Booksellers' });
my ( $borrowernumber, $session_id )
= create_user_and_session( { authorized => 1 } );
my $tx = $t->ua->build_tx( GET => "/api/v1/acquisitions/vendors/" . $vendor->id );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_is( $vendor->to_api );
my $non_existent_id = $vendor->id + 1;
$tx = $t->ua->build_tx( GET => "/api/v1/acquisitions/vendors/" . $non_existent_id );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(404)
->json_is( '/error' => 'Vendor not found' );
my ( $unauthorized_borrowernumber, $unauthorized_session_id )
= create_user_and_session( { authorized => 0 } );
$tx = $t->ua->build_tx( GET => "/api/v1/acquisitions/vendors/" . $vendor->id );
$tx->req->cookies( { name => 'CGISESSID', value => $unauthorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(403)
->json_is( '/error', 'Authorization failure. Missing required permission(s).' );
$schema->storage->txn_rollback;
};
subtest 'add() tests' => sub {
plan tests => 16;
$schema->storage->txn_begin;
my ( $unauthorized_borrowernumber, $unauthorized_session_id )
= create_user_and_session( { authorized => 0 } );
my ( $authorized_borrowernumber, $authorized_session_id )
= create_user_and_session( { authorized => 1 } );
my $vendor = { name => 'Ruben libros' };
# Unauthorized attempt to write
my $tx = $t->ua->build_tx( POST => "/api/v1/acquisitions/vendors" => json => $vendor );
$tx->req->cookies( { name => 'CGISESSID', value => $unauthorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(403);
# Authorized attempt to write invalid data
my $vendor_with_invalid_field = {
name => 'Amerindia',
address5 => 'An address'
};
$tx = $t->ua->build_tx(
POST => "/api/v1/acquisitions/vendors" => json => $vendor_with_invalid_field );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(400)
->json_is(
"/errors" => [
{ message => "Properties not allowed: address5.",
path => "/body"
}
]
);
# Authorized attempt to write
$tx = $t->ua->build_tx( POST => "/api/v1/acquisitions/vendors" => json => $vendor );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
my $vendor_id = $t->request_ok($tx)
->status_is( 201, 'SWAGGER3 .2.1' )
->header_like( Location => qr|^\/api\/v1\/acquisitions\/vendors/\d*|, 'SWAGGER3.4.1')
->json_is( '/name' => $vendor->{name} )
->json_is( '/address1' => $vendor->{address1} )->tx->res->json('/id')
; # read the response vendor id for later use
# Authorized attempt to create with null id
$vendor->{id} = undef;
$tx = $t->ua->build_tx( POST => "/api/v1/acquisitions/vendors" => json => $vendor );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(400)
->json_has('/errors');
# Authorized attempt to create with existing id
$vendor->{id} = $vendor_id;
$tx = $t->ua->build_tx( POST => "/api/v1/acquisitions/vendors" => json => $vendor );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(400)
->json_is(
"/errors" => [
{ message => "Read-only.",
path => "/body/id"
}
]
);
$schema->storage->txn_rollback;
};
subtest 'update() tests' => sub {
plan tests => 15;
$schema->storage->txn_begin;
my ( $unauthorized_borrowernumber, $unauthorized_session_id )
= create_user_and_session( { authorized => 0 } );
my ( $authorized_borrowernumber, $authorized_session_id )
= create_user_and_session( { authorized => 1 } );
my $vendor_id = $builder->build( { source => 'Aqbookseller' } )->{id};
# Unauthorized attempt to update
my $tx = $t->ua->build_tx( PUT => "/api/v1/acquisitions/vendors/$vendor_id" => json =>
{ city_name => 'New unauthorized name change' } );
$tx->req->cookies( { name => 'CGISESSID', value => $unauthorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(403);
# Attempt partial update on a PUT
my $vendor_without_mandatory_field = { address1 => 'New address' };
$tx = $t->ua->build_tx( PUT => "/api/v1/acquisitions/vendors/$vendor_id" => json =>
$vendor_without_mandatory_field );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(400)
->json_is( "/errors" => [ { message => "Missing property.", path => "/body/name" } ] );
# Full object update on PUT
my $vendor_with_updated_field = { name => "London books", };
$tx = $t->ua->build_tx(
PUT => "/api/v1/acquisitions/vendors/$vendor_id" => json => $vendor_with_updated_field );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(200)
->json_is( '/name' => 'London books' );
# Authorized attempt to write invalid data
my $vendor_with_invalid_field = {
blah => "Blah",
address1 => "Address 1",
address2 => "Address 2",
address3 => "Address 3"
};
$tx = $t->ua->build_tx(
PUT => "/api/v1/acquisitions/vendors/$vendor_id" => json => $vendor_with_invalid_field );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(400)
->json_is(
"/errors" => [
{ message => "Properties not allowed: blah.",
path => "/body"
}
]
);
my $non_existent_id = $vendor_id + 1;
$tx = $t->ua->build_tx( PUT => "/api/v1/acquisitions/vendors/$non_existent_id" => json =>
$vendor_with_updated_field );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)->status_is(404);
$schema->storage->txn_rollback;
# Wrong method (POST)
$vendor_with_updated_field->{id} = 2;
$tx = $t->ua->build_tx(
POST => "/api/v1/acquisitions/vendors/$vendor_id" => json => $vendor_with_updated_field );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(404);
};
subtest 'delete() tests' => sub {
plan tests => 7;
$schema->storage->txn_begin;
my ( $unauthorized_borrowernumber, $unauthorized_session_id )
= create_user_and_session( { authorized => 0 } );
my ( $authorized_borrowernumber, $authorized_session_id )
= create_user_and_session( { authorized => 1 } );
my $vendor_id = $builder->build( { source => 'Aqbookseller' } )->{id};
# Unauthorized attempt to update
my $tx = $t->ua->build_tx( DELETE => "/api/v1/acquisitions/vendors/$vendor_id" );
$tx->req->cookies( { name => 'CGISESSID', value => $unauthorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(403);
$tx = $t->ua->build_tx( DELETE => "/api/v1/acquisitions/vendors/$vendor_id" );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(204, 'SWAGGER3.2.4')
->content_is('', 'SWAGGER3.3.4');
$tx = $t->ua->build_tx( DELETE => "/api/v1/acquisitions/vendors/$vendor_id" );
$tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(404);
$schema->storage->txn_rollback;
};
sub create_user_and_session {
my $args = shift;
my $flags = ( $args->{authorized} ) ? 2052 : 0;
# my $flags = ( $args->{authorized} ) ? $args->{authorized} : 0;
my $dbh = C4::Context->dbh;
my $user = $builder->build(
{ source => 'Borrower',
value => { flags => $flags }
}
);
# Create a session for the authorized user
my $session = C4::Auth::get_session('');
$session->param( 'number', $user->{borrowernumber} );
$session->param( 'id', $user->{userid} );
$session->param( 'ip', '127.0.0.1' );
$session->param( 'lasttime', time() );
$session->flush;
if ( $args->{authorized} ) {
$dbh->do(
q{
INSERT INTO user_permissions (borrowernumber,module_bit,code)
VALUES (?,11,'vendors_manage')},
undef, $user->{borrowernumber}
);
}
return ( $user->{borrowernumber}, $session->id );
}
1;
View git blame Copy permalink