3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test::More tests => 20;
22 use t::lib::TestBuilder;
30 my $builder = t::lib::TestBuilder->new();
32 my $dbh = C4::Context->dbh;
33 $dbh->{AutoCommit} = 0;
34 $dbh->{RaiseError} = 1;
36 $ENV{REMOTE_ADDR} = '127.0.0.1';
37 my $t = Test::Mojo->new('Koha::REST::V1');
39 my $categorycode = $builder->build({ source => 'Category' })->{ categorycode };
40 my $branchcode = $builder->build({ source => 'Branch' })->{ branchcode };
41 my $guarantor = $builder->build({
44 branchcode => $branchcode,
45 categorycode => $categorycode,
49 my $borrower = $builder->build({
52 branchcode => $branchcode,
53 categorycode => $categorycode,
55 guarantorid => $guarantor->{borrowernumber},
59 $t->get_ok('/api/v1/patrons')
62 $t->get_ok("/api/v1/patrons/" . $borrower->{ borrowernumber })
65 my $session = C4::Auth::get_session('');
66 $session->param('number', $borrower->{ borrowernumber });
67 $session->param('id', $borrower->{ userid });
68 $session->param('ip', '127.0.0.1');
69 $session->param('lasttime', time());
72 my $session2 = C4::Auth::get_session('');
73 $session2->param('number', $guarantor->{ borrowernumber });
74 $session2->param('id', $guarantor->{ userid });
75 $session2->param('ip', '127.0.0.1');
76 $session2->param('lasttime', time());
79 my $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
80 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
84 $tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . ($borrower->{ borrowernumber }-1));
85 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
88 ->json_is('/required_permissions', {"borrowers" => "1"});
90 # User without permissions, but is the owner of the object
91 $tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{borrowernumber});
92 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
96 # User without permissions, but is the guarantor of the owner of the object
97 $tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{borrowernumber});
98 $tx->req->cookies({name => 'CGISESSID', value => $session2->id});
101 ->json_is('/guarantorid', $guarantor->{borrowernumber});
103 my $loggedinuser = $builder->build({
104 source => 'Borrower',
106 branchcode => $branchcode,
107 categorycode => $categorycode,
108 flags => 16 # borrowers flag
112 $session = C4::Auth::get_session('');
113 $session->param('number', $loggedinuser->{ borrowernumber });
114 $session->param('id', $loggedinuser->{ userid });
115 $session->param('ip', '127.0.0.1');
116 $session->param('lasttime', time());
119 $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
120 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
121 $tx->req->env({REMOTE_ADDR => '127.0.0.1'});
125 $tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{ borrowernumber });
126 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
129 ->json_is('/borrowernumber' => $borrower->{ borrowernumber })
130 ->json_is('/surname' => $borrower->{ surname });