From a054c569dd0579187f28efa66d763cb4cd06d8d3 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 8 Feb 2024 20:18:35 -0300 Subject: [PATCH] Bug 31791: Add x-record-source-id header to POST /biblios This patch adds support for setting the record source on the API. It does so by adding support for a new header `x-record-source-id`. Setting the record source is restricted to patrons with the `set_record_sources` permission. A 403 error is returned on an attempt to set it without the correct permissions. The feature is documented on the spec. To test: 1. Apply this patch 2. Run: $ ktd --shell k$ prove t/db_dependent/api/v1/biblios.t => SUCCESS: Tests pass! Tests cover the right use cases! 3. Play with Postman (or similar) 4. Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass Signed-off-by: Arthur Suzuki Signed-off-by: Katrin Fischer --- Koha/REST/V1/Biblios.pm | 19 +++++++++++++--- api/v1/swagger/paths/biblios.yaml | 1 + api/v1/swagger/swagger.yaml | 6 ++++++ t/db_dependent/api/v1/biblios.t | 36 ++++++++++++++++++++++++++++++- 4 files changed, 58 insertions(+), 4 deletions(-) diff --git a/Koha/REST/V1/Biblios.pm b/Koha/REST/V1/Biblios.pm index 0097dd12ea..8a93537ad9 100644 --- a/Koha/REST/V1/Biblios.pm +++ b/Koha/REST/V1/Biblios.pm @@ -26,6 +26,7 @@ use Koha::RecordProcessor; use C4::Biblio qw( DelBiblio AddBiblio ModBiblio ); use C4::Search qw( FindDuplicate ); +use C4::Auth qw( haspermission ); use C4::Barcodes::ValueBuilder; use C4::Context; @@ -653,6 +654,19 @@ sub add { my $flavour = $headers->header('x-record-schema'); $flavour //= C4::Context->preference('marcflavour'); + my $record_source_id = $headers->header('x-record-source-id'); + + if ($record_source_id) { + + # We've been passed a record source. Verify they are allowed to + unless ( haspermission( $c->stash('koha.user')->userid, { editcatalogue => 'set_record_sources' } ) ) { + return $c->render( + status => 403, + openapi => { error => 'You do not have permission to set the record source' } + ); + } + } + my $record; my $frameworkcode = $headers->header('x-framework-id'); @@ -690,12 +704,11 @@ sub add { } ) unless !$duplicatebiblionumber || $confirm_not_duplicate; - my ( $biblionumber, $oldbibitemnum ); - ( $biblionumber, $oldbibitemnum ) = AddBiblio( $record, $frameworkcode ); + my ( $biblio_id ) = AddBiblio( $record, $frameworkcode, { record_source_id => $record_source_id } ); $c->render( status => 200, - openapi => { id => $biblionumber } + openapi => { id => $biblio_id } ); } catch { diff --git a/api/v1/swagger/paths/biblios.yaml b/api/v1/swagger/paths/biblios.yaml index 10b2b42820..f41a08363e 100644 --- a/api/v1/swagger/paths/biblios.yaml +++ b/api/v1/swagger/paths/biblios.yaml @@ -22,6 +22,7 @@ - $ref: "../swagger.yaml#/parameters/framework_id_header" - $ref: "../swagger.yaml#/parameters/marc_schema_header" - $ref: "../swagger.yaml#/parameters/confirm_not_duplicate_header" + - $ref: "../swagger.yaml#/parameters/record_source_id_header" produces: - application/json responses: diff --git a/api/v1/swagger/swagger.yaml b/api/v1/swagger/swagger.yaml index 92061c8fd8..c58176c059 100644 --- a/api/v1/swagger/swagger.yaml +++ b/api/v1/swagger/swagger.yaml @@ -865,6 +865,12 @@ parameters: name: quote_id required: true type: integer + record_source_id_header: + description: Internal record source identifier. + name: x-record-source-id + in: header + required: false + type: string request_id_header: description: Request id header in: header diff --git a/t/db_dependent/api/v1/biblios.t b/t/db_dependent/api/v1/biblios.t index dfa4403db3..a5d0f66dcb 100755 --- a/t/db_dependent/api/v1/biblios.t +++ b/t/db_dependent/api/v1/biblios.t @@ -896,7 +896,7 @@ subtest 'set_rating() tests' => sub { subtest 'post() tests' => sub { - plan tests => 13; + plan tests => 14; $schema->storage->txn_begin; @@ -1319,6 +1319,40 @@ subtest 'post() tests' => sub { ->status_is(200) ->json_has('/id'); + subtest 'x-record-source-id header tests' => sub { + + plan tests => 5; + + my $record_source = + $builder->build_object( { class => 'Koha::RecordSources', value => { can_be_edited => 0 } } ); + + $t->post_ok( + "//$userid:$password@/api/v1/biblios" => { + 'Content-Type' => 'application/marc', 'x-framework-id' => $frameworkcode, + 'x-record-source-id' => $record_source->id + } => $marc + )->status_is(403)->json_is( '/error' => 'You do not have permission to set the record source' ); + + # Add required subpermission + $builder->build( + { + source => 'UserPermission', + value => { + borrowernumber => $patron->id, + module_bit => 9, + code => 'set_record_sources' + } + } + ); + + $t->post_ok( + "//$userid:$password@/api/v1/biblios" => { + 'Content-Type' => 'application/marc', 'x-framework-id' => $frameworkcode, + 'x-record-source-id' => $record_source->id + } => $marc + )->status_is(200); + }; + $schema->storage->txn_rollback; }; -- 2.39.5