Bug 29523: Make Koha::Object->to_api respect accessibility
This patch makes the *to_api* method honour the accessibility check for
the object. This is relevant in the context of embedding single objects.
The Koha::Patron->to_api method is adjusted to reflect this behavior as
well (it does some manipulation after the ->to_api call and we need to
prevent it).
To test:
1. Apply up to the regression tests
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/Object.t
=> FAIL: A patron, that shouldn't be accessed, is returned by ->to_api
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
6. Pick Henry Acevedo from the sample data, assign him 'catalogue'
permissions and a know user/password combination
7. Enable basic authentication
8. Point your favourite tool (Postman?) to
GET http://kohadev-intra.myDNSname.org:8081/api/v1/biblio/245/checkouts
Set the following header: x-koha-embed: patron
Pick whatever biblio you want, actually.
=> SUCCESS: No checkouts
9. Perform a couple checkouts on the chosen biblio. Make sure one
checkout is for a patron on the same library as Henry, and the other
on a different one.
10. Repeat 8
=> SUCCESS: You see two checkouts. One of them has an attribute 'patron'
containing the patron from Henry's library. The other, has the
attribute set to 'null'.
11. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
projects / koha.git / commit