t/db_dependent/api/v1/cities.t

   1 #!/usr/bin/env perl
   2
   3 # This file is part of Koha.
   4 #
   5 # Koha is free software; you can redistribute it and/or modify it under the
   6 # terms of the GNU General Public License as published by the Free Software
   7 # Foundation; either version 3 of the License, or (at your option) any later
   8 # version.
   9 #
  10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
  11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  12 # A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License along
  15 # with Koha; if not, write to the Free Software Foundation, Inc.,
  16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  17
  18 use Modern::Perl;
  19
  20 use Test::More tests => 5;
  21 use Test::Mojo;
  22 use Test::Warn;
  23
  24 use t::lib::TestBuilder;
  25 use t::lib::Mocks;
  26
  27 use C4::Auth;
  28 use Koha::Cities;
  29 use Koha::Database;
  30
  31 my $schema  = Koha::Database->new->schema;
  32 my $builder = t::lib::TestBuilder->new;
  33
  34 # FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
  35 # this affects the other REST api tests
  36 t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
  37
  38 my $remote_address = '127.0.0.1';
  39 my $t              = Test::Mojo->new('Koha::REST::V1');
  40
  41 subtest 'list() tests' => sub {
  42
  43     plan tests => 18;
  44
  45     $schema->storage->txn_begin;
  46
  47     Koha::Cities->search->delete;
  48     my ( $borrowernumber, $session_id ) = create_user_and_session({ authorized => 1 });
  49
  50     ## Authorized user tests
  51     # No cities, so empty array should be returned
  52     my $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
  53     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
  54     $tx->req->env( { REMOTE_ADDR => $remote_address } );
  55     $t->request_ok($tx)
  56       ->status_is(200)
  57       ->json_is( [] );
  58
  59     my $city = $builder->build_object({ class => 'Koha::Cities' });
  60
  61     # One city created, should get returned
  62     $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
  63     $tx->req->cookies({ name => 'CGISESSID', value => $session_id });
  64     $tx->req->env({ REMOTE_ADDR => $remote_address });
  65     $t->request_ok($tx)
  66       ->status_is(200)
  67       ->json_is( [Koha::REST::V1::Cities::_to_api( $city->TO_JSON )] );
  68
  69     my $another_city = $builder->build_object(
  70         { class => 'Koha::Cities', value => { city_country => $city->city_country } } );
  71     my $city_with_another_country = $builder->build_object({ class => 'Koha::Cities' });
  72
  73     # Two cities created, they should both be returned
  74     $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
  75     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
  76     $tx->req->env( { REMOTE_ADDR => $remote_address } );
  77     $t->request_ok($tx)->status_is(200)
  78       ->json_is([Koha::REST::V1::Cities::_to_api($city->TO_JSON),
  79                  Koha::REST::V1::Cities::_to_api($another_city->TO_JSON),
  80                  Koha::REST::V1::Cities::_to_api($city_with_another_country->TO_JSON)
  81                  ] );
  82
  83     # Filtering works, two cities sharing city_country
  84     $tx = $t->ua->build_tx( GET => "/api/v1/cities?country=" . $city->city_country );
  85     $tx->req->cookies({ name => 'CGISESSID', value => $session_id });
  86     $tx->req->env({ REMOTE_ADDR => $remote_address });
  87     $t->request_ok($tx)
  88       ->status_is(200)
  89       ->json_is([ Koha::REST::V1::Cities::_to_api($city->TO_JSON),
  90                   Koha::REST::V1::Cities::_to_api($another_city->TO_JSON)
  91                   ]);
  92
  93     $tx = $t->ua->build_tx( GET => "/api/v1/cities?name=" . $city->city_name );
  94     $tx->req->cookies({ name => 'CGISESSID', value => $session_id });
  95     $tx->req->env({ REMOTE_ADDR => $remote_address });
  96     $t->request_ok($tx)
  97       ->status_is(200)
  98       ->json_is( [Koha::REST::V1::Cities::_to_api($city->TO_JSON)] );
  99
 100     # Warn on unsupported query parameter
 101     $tx = $t->ua->build_tx( GET => '/api/v1/cities?city_blah=blah' );
 102     $tx->req->cookies({ name => 'CGISESSID', value => $session_id });
 103     $tx->req->env({ REMOTE_ADDR => $remote_address });
 104     $t->request_ok($tx)
 105       ->status_is(400)
 106       ->json_is( [{ path => '/query/city_blah', message => 'Malformed query string'}] );
 107
 108     $schema->storage->txn_rollback;
 109 };
 110
 111 subtest 'get() tests' => sub {
 112
 113     plan tests => 6;
 114
 115     $schema->storage->txn_begin;
 116
 117     my $city = $builder->build_object({ class => 'Koha::Cities' });
 118     my ( $borrowernumber, $session_id ) = create_user_and_session({ authorized => 1 });
 119
 120     my $tx = $t->ua->build_tx( GET => "/api/v1/cities/" . $city->id );
 121     $tx->req->cookies({ name => 'CGISESSID', value => $session_id });
 122     $tx->req->env({ REMOTE_ADDR => $remote_address });
 123     $t->request_ok($tx)
 124       ->status_is(200)
 125       ->json_is(Koha::REST::V1::Cities::_to_api($city->TO_JSON));
 126
 127     my $city_to_delete = $builder->build_object({ class => 'Koha::Cities' });
 128     my $non_existent_id = $city_to_delete->id;
 129     $city_to_delete->delete;
 130
 131     $tx = $t->ua->build_tx( GET => "/api/v1/cities/" . $non_existent_id );
 132     $tx->req->cookies({ name => 'CGISESSID', value => $session_id });
 133     $tx->req->env({ REMOTE_ADDR => $remote_address });
 134     $t->request_ok($tx)
 135       ->status_is(404)
 136       ->json_is( '/error' => 'City not found' );
 137
 138     $schema->storage->txn_rollback;
 139 };
 140
 141 subtest 'add() tests' => sub {
 142
 143     plan tests => 17;
 144
 145     $schema->storage->txn_begin;
 146
 147     my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
 148       create_user_and_session( { authorized => 0 } );
 149     my ( $authorized_borrowernumber, $authorized_session_id ) =
 150       create_user_and_session( { authorized => 1 } );
 151     my $city = {
 152         name        => "City Name",
 153         state       => "City State",
 154         postal_code => "City Zipcode",
 155         country     => "City Country"
 156     };
 157
 158     # Unauthorized attempt to write
 159     my $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city );
 160     $tx->req->cookies({ name => 'CGISESSID', value => $unauthorized_session_id });
 161     $tx->req->env({ REMOTE_ADDR => $remote_address });
 162     $t->request_ok($tx)
 163       ->status_is(403);
 164
 165     # Authorized attempt to write invalid data
 166     my $city_with_invalid_field = {
 167         blah        => "City Blah",
 168         state       => "City State",
 169         postal_code => "City Zipcode",
 170         country     => "City Country"
 171     };
 172
 173     $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city_with_invalid_field );
 174     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 175     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 176     $t->request_ok($tx)
 177       ->status_is(400)
 178       ->json_is(
 179         "/errors" => [
 180             {
 181                 message => "Properties not allowed: blah.",
 182                 path    => "/body"
 183             }
 184         ]
 185       );
 186
 187     # Authorized attempt to write
 188     $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city );
 189     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 190     $tx->req->env({ REMOTE_ADDR => $remote_address });
 191     my $city_id =
 192       $t->request_ok($tx)
 193         ->status_is(200)
 194         ->json_is( '/name'        => $city->{name} )
 195         ->json_is( '/state'       => $city->{state} )
 196         ->json_is( '/postal_code' => $city->{postal_code} )
 197         ->json_is( '/country'     => $city->{country} )
 198         ->tx->res->json->{city_id};
 199
 200     # Authorized attempt to create with null id
 201     $city->{city_id} = undef;
 202     $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city );
 203     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 204     $tx->req->env({ REMOTE_ADDR => $remote_address });
 205     $t->request_ok($tx)
 206       ->status_is(400)
 207       ->json_has('/errors');
 208
 209     # Authorized attempt to create with existing id
 210     $city->{city_id} = $city_id;
 211     $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city );
 212     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 213     $tx->req->env({ REMOTE_ADDR => $remote_address });
 214     $t->request_ok($tx)
 215       ->status_is(400)
 216       ->json_is(
 217         "/errors" => [
 218             {
 219                 message => "Read-only.",
 220                 path    => "/body/city_id"
 221             }
 222         ]
 223     );
 224
 225     $schema->storage->txn_rollback;
 226 };
 227
 228 subtest 'update() tests' => sub {
 229
 230     plan tests => 15;
 231
 232     $schema->storage->txn_begin;
 233
 234     my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
 235       create_user_and_session( { authorized => 0 } );
 236     my ( $authorized_borrowernumber, $authorized_session_id ) =
 237       create_user_and_session( { authorized => 1 } );
 238
 239     my $city_id = $builder->build_object({ class => 'Koha::Cities' } )->id;
 240
 241     # Unauthorized attempt to update
 242     my $tx = $t->ua->build_tx( PUT => "/api/v1/cities/$city_id" => json =>
 243           { name => 'New unauthorized name change' } );
 244     $tx->req->cookies({ name => 'CGISESSID', value => $unauthorized_session_id });
 245     $tx->req->env({ REMOTE_ADDR => $remote_address });
 246     $t->request_ok($tx)
 247       ->status_is(403);
 248
 249     # Attempt partial update on a PUT
 250     my $city_with_missing_field = {
 251         name    => 'New name',
 252         state   => 'New state',
 253         country => 'New country'
 254     };
 255
 256     $tx = $t->ua->build_tx(
 257         PUT => "/api/v1/cities/$city_id" => json => $city_with_missing_field );
 258     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 259     $tx->req->env({ REMOTE_ADDR => $remote_address });
 260     $t->request_ok($tx)->status_is(400)
 261       ->json_is( "/errors" =>
 262           [ { message => "Missing property.", path => "/body/postal_code" } ]
 263       );
 264
 265     # Full object update on PUT
 266     my $city_with_updated_field = {
 267         name        => "London",
 268         state       => "City State",
 269         postal_code => "City Zipcode",
 270         country     => "City Country"
 271     };
 272
 273     $tx = $t->ua->build_tx( PUT => "/api/v1/cities/$city_id" => json => $city_with_updated_field );
 274     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 275     $tx->req->env({ REMOTE_ADDR => $remote_address });
 276     $t->request_ok($tx)
 277       ->status_is(200)
 278       ->json_is( '/name' => 'London' );
 279
 280     # Authorized attempt to write invalid data
 281     my $city_with_invalid_field = {
 282         blah        => "City Blah",
 283         state       => "City State",
 284         postal_code => "City Zipcode",
 285         country     => "City Country"
 286     };
 287
 288     $tx = $t->ua->build_tx( PUT => "/api/v1/cities/$city_id" => json => $city_with_invalid_field );
 289     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 290     $tx->req->env({ REMOTE_ADDR => $remote_address });
 291     $t->request_ok($tx)
 292       ->status_is(400)
 293       ->json_is(
 294         "/errors" => [
 295             {
 296                 message => "Properties not allowed: blah.",
 297                 path    => "/body"
 298             }
 299         ]
 300     );
 301
 302     my $city_to_delete = $builder->build_object({ class => 'Koha::Cities' });
 303     my $non_existent_id = $city_to_delete->id;
 304     $city_to_delete->delete;
 305
 306     $tx = $t->ua->build_tx( PUT => "/api/v1/cities/$non_existent_id" => json =>
 307           $city_with_updated_field );
 308     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 309     $tx->req->env({ REMOTE_ADDR => $remote_address });
 310     $t->request_ok($tx)
 311       ->status_is(404);
 312
 313     $schema->storage->txn_rollback;
 314
 315     # Wrong method (POST)
 316     $city_with_updated_field->{city_id} = 2;
 317
 318     $tx = $t->ua->build_tx(
 319         POST => "/api/v1/cities/$city_id" => json => $city_with_updated_field );
 320     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 321     $tx->req->env({ REMOTE_ADDR => $remote_address });
 322     $t->request_ok($tx)
 323       ->status_is(404);
 324 };
 325
 326 subtest 'delete() tests' => sub {
 327
 328     plan tests => 7;
 329
 330     $schema->storage->txn_begin;
 331
 332     my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
 333       create_user_and_session( { authorized => 0 } );
 334     my ( $authorized_borrowernumber, $authorized_session_id ) =
 335       create_user_and_session( { authorized => 1 } );
 336
 337     my $city_id = $builder->build_object({ class => 'Koha::Cities' })->id;
 338
 339     # Unauthorized attempt to delete
 340     my $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
 341     $tx->req->cookies({ name => 'CGISESSID', value => $unauthorized_session_id });
 342     $tx->req->env({ REMOTE_ADDR => $remote_address });
 343     $t->request_ok($tx)
 344       ->status_is(403);
 345
 346     $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
 347     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 348     $tx->req->env({ REMOTE_ADDR => $remote_address });
 349     $t->request_ok($tx)
 350       ->status_is(200)
 351       ->content_is('""');
 352
 353     $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
 354     $tx->req->cookies({ name => 'CGISESSID', value => $authorized_session_id });
 355     $tx->req->env({ REMOTE_ADDR => $remote_address });
 356     $t->request_ok($tx)
 357       ->status_is(404);
 358
 359     $schema->storage->txn_rollback;
 360 };
 361
 362 sub create_user_and_session {
 363
 364     my $args  = shift;
 365     my $flags = ( $args->{authorized} ) ? $args->{authorized} : 0;
 366     my $dbh   = C4::Context->dbh;
 367
 368     my $user = $builder->build(
 369         {
 370             source => 'Borrower',
 371             value  => {
 372                 flags => $flags
 373             }
 374         }
 375     );
 376
 377     # Create a session for the authorized user
 378     my $session = C4::Auth::get_session('');
 379     $session->param( 'number',   $user->{borrowernumber} );
 380     $session->param( 'id',       $user->{userid} );
 381     $session->param( 'ip',       '127.0.0.1' );
 382     $session->param( 'lasttime', time() );
 383     $session->flush;
 384
 385     if ( $args->{authorized} ) {
 386         $dbh->do( "
 387             INSERT INTO user_permissions (borrowernumber,module_bit,code)
 388             VALUES (?,3,'parameters_remaining_permissions')", undef,
 389             $user->{borrowernumber} );
 390     }
 391
 392     return ( $user->{borrowernumber}, $session->id );
 393 }
 394