From df22d207f267e60a00126ce1a0965241dd9771e4 Mon Sep 17 00:00:00 2001
From: Tomas Cohen Arazi <tomascohen@theke.io>
Date: Mon, 20 Dec 2021 12:05:59 -0300
Subject: [PATCH] Bug 29018: Make DELETE /patrons/:patron_id check things

When the route was implemented, the checks were overlooked. This patch
adds checks for:
- Guarantees
- Debts
- Current checkouts

Any of those will block deletion, as it should.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: Tests fail, the route misses checks
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! The three conditions prevent deletion!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 4948faacc0807773d4a8540b8bbc02db56d1729f)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
---
 Koha/REST/V1/Patrons.pm           | 37 +++++++++++++++++++++++++++----
 api/v1/swagger/paths/patrons.json | 12 ++++++++++
 2 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/Koha/REST/V1/Patrons.pm b/Koha/REST/V1/Patrons.pm
index 5eba4bdee3..abefe227a5 100644
--- a/Koha/REST/V1/Patrons.pm
+++ b/Koha/REST/V1/Patrons.pm
@@ -315,10 +315,39 @@ sub delete {
 
     return try {
 
-        $patron->delete;
-        return $c->render(
-            status  => 204,
-            openapi => q{}
+        if ( $patron->checkouts->count > 0 ) {
+            return $c->render(
+                status  => 409,
+                openapi => { error => 'Pending checkouts prevent deletion' }
+            );
+        }
+
+        my $account = $patron->account;
+
+        if ( $account->outstanding_debits->total_outstanding > 0 ) {
+            return $c->render(
+                status  => 409,
+                openapi => { error => 'Pending debts prevent deletion' }
+            );
+        }
+
+        if ( $patron->guarantee_relationships->count > 0 ) {
+            return $c->render(
+                status  => 409,
+                openapi => { error => 'Patron is a guarantor and it prevents deletion' }
+            );
+        }
+
+        $patron->_result->result_source->schema->txn_do(
+            sub {
+                $patron->move_to_deleted;
+                $patron->delete;
+
+                return $c->render(
+                    status  => 204,
+                    openapi => q{}
+                );
+            }
         );
     } catch {
         if ( blessed $_ && $_->isa('Koha::Exceptions::Patron::FailedDeleteAnonymousPatron') ) {
diff --git a/api/v1/swagger/paths/patrons.json b/api/v1/swagger/paths/patrons.json
index 3e4e7739a1..6eab8b0109 100644
--- a/api/v1/swagger/paths/patrons.json
+++ b/api/v1/swagger/paths/patrons.json
@@ -695,6 +695,18 @@
           "schema": {
             "$ref": "../definitions.json#/error"
           }
+        },
+        "409": {
+          "description": "Conflict in updating resource",
+          "schema": {
+            "$ref": "../definitions.json#/error"
+          }
+        },
+        "500": {
+          "description": "Internal server error",
+          "schema": {
+            "$ref": "../definitions.json#/error"
+          }
         }
       },
       "x-koha-authorization": {
-- 
2.39.5