t/db_dependent/api/v1/cities.t

   1 #!/usr/bin/env perl
   2
   3 # This file is part of Koha.
   4 #
   5 # Koha is free software; you can redistribute it and/or modify it under the
   6 # terms of the GNU General Public License as published by the Free Software
   7 # Foundation; either version 3 of the License, or (at your option) any later
   8 # version.
   9 #
  10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
  11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  12 # A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License along
  15 # with Koha; if not, write to the Free Software Foundation, Inc.,
  16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  17
  18 use Modern::Perl;
  19
  20 use Test::More tests => 5;
  21 use Test::Mojo;
  22 use Test::Warn;
  23
  24 use t::lib::TestBuilder;
  25 use t::lib::Mocks;
  26
  27 use Data::Printer colored => 1;
  28
  29 use C4::Auth;
  30 use Koha::Cities;
  31 use Koha::Database;
  32
  33 my $schema  = Koha::Database->new->schema;
  34 my $builder = t::lib::TestBuilder->new;
  35 # FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
  36 # this affects the other REST api tests
  37 t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
  38
  39 my $remote_address = '127.0.0.1';
  40 my $t              = Test::Mojo->new('Koha::REST::V1');
  41
  42 subtest 'list() tests' => sub {
  43
  44     plan tests => 19;
  45
  46     $schema->storage->txn_begin;
  47
  48     Koha::Cities->search->delete;
  49     my ( $borrowernumber, $session_id ) =
  50       create_user_and_session( { authorized => 0 } );
  51
  52     ## Authorized user tests
  53     # No cities, so empty array should be returned
  54     my $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
  55     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
  56     $tx->req->env( { REMOTE_ADDR => $remote_address } );
  57     $t->request_ok($tx)->status_is(200)->json_is( [] );
  58
  59     my $city_country = 'France';
  60     my $city         = $builder->build(
  61         { source => 'City', value => { city_country => $city_country } } );
  62
  63     # One city created, should get returned
  64     $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
  65     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
  66     $tx->req->env( { REMOTE_ADDR => $remote_address } );
  67     $t->request_ok($tx)->status_is(200)->json_is( [$city] );
  68
  69     my $another_city = $builder->build(
  70         { source => 'City', value => { city_country => $city_country } } );
  71     my $city_with_another_country = $builder->build( { source => 'City' } );
  72
  73     # Two cities created, they should both be returned
  74     $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
  75     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
  76     $tx->req->env( { REMOTE_ADDR => $remote_address } );
  77     $t->request_ok($tx)->status_is(200)
  78       ->json_is( [ $city, $another_city, $city_with_another_country ] );
  79
  80     # Filtering works, two cities sharing city_country
  81     $tx =
  82       $t->ua->build_tx( GET => "/api/v1/cities?city_country=" . $city_country );
  83     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
  84     $tx->req->env( { REMOTE_ADDR => $remote_address } );
  85     $t->request_ok($tx)->status_is(200)->json_is( [ $city, $another_city ] );
  86
  87     $tx = $t->ua->build_tx(
  88         GET => "/api/v1/cities?city_name=" . $city->{city_name} );
  89     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
  90     $tx->req->env( { REMOTE_ADDR => $remote_address } );
  91     $t->request_ok($tx)->status_is(200)->json_is( [$city] );
  92
  93     $tx = $t->ua->build_tx( GET => '/api/v1/cities?city_blah=blah' );
  94     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
  95     $tx->req->env( { REMOTE_ADDR => $remote_address } );
  96
  97     warning_like {
  98         $t->request_ok($tx)->status_is(500)
  99           ->json_like( '/error' => qr/Unknown column/ );
 100     }
 101     qr/Unknown column/, 'Wrong parameters raise warnings';
 102
 103     $schema->storage->txn_rollback;
 104 };
 105
 106 subtest 'get() tests' => sub {
 107
 108     plan tests => 6;
 109
 110     $schema->storage->txn_begin;
 111
 112     my $city = $builder->build( { source => 'City' } );
 113     my ( $borrowernumber, $session_id ) =
 114       create_user_and_session( { authorized => 0 } );
 115
 116     my $tx = $t->ua->build_tx( GET => "/api/v1/cities/" . $city->{cityid} );
 117     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
 118     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 119     $t->request_ok($tx)->status_is(200)->json_is($city);
 120
 121     my $non_existent_id = $city->{cityid} + 1;
 122     $tx = $t->ua->build_tx( GET => "/api/v1/cities/" . $non_existent_id );
 123     $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
 124     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 125     $t->request_ok($tx)->status_is(404)
 126       ->json_is( '/error' => 'City not found' );
 127
 128     $schema->storage->txn_rollback;
 129 };
 130
 131 subtest 'add() tests' => sub {
 132
 133     plan tests => 10;
 134
 135     $schema->storage->txn_begin;
 136
 137     my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
 138       create_user_and_session( { authorized => 0 } );
 139     my ( $authorized_borrowernumber, $authorized_session_id ) =
 140       create_user_and_session( { authorized => 1 } );
 141     my $city = {
 142         city_name    => "City Name",
 143         city_state   => "City State",
 144         city_zipcode => "City Zipcode",
 145         city_country => "City Country"
 146     };
 147
 148     # Unauthorized attempt to write
 149     my $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city );
 150     $tx->req->cookies(
 151         { name => 'CGISESSID', value => $unauthorized_session_id } );
 152     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 153     $t->request_ok($tx)->status_is(403);
 154
 155     # Authorized attempt to write
 156     $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city );
 157     $tx->req->cookies(
 158         { name => 'CGISESSID', value => $authorized_session_id } );
 159     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 160     $t->request_ok($tx)->status_is(200)
 161       ->json_is( '/city_name'    => $city->{city_name} )
 162       ->json_is( '/city_state'   => $city->{city_state} )
 163       ->json_is( '/city_zipcode' => $city->{city_zipcode} )
 164       ->json_is( '/city_country' => $city->{city_country} );
 165
 166     my $city_with_invalid_field = {
 167         city_blah    => "City Blah",
 168         city_state   => "City State",
 169         city_zipcode => "City Zipcode",
 170         city_country => "City Country"
 171     };
 172
 173     # Authorized attempt to write invalid data
 174     $tx = $t->ua->build_tx(
 175         POST => "/api/v1/cities/" => json => $city_with_invalid_field );
 176     $tx->req->cookies(
 177         { name => 'CGISESSID', value => $authorized_session_id } );
 178     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 179     $t->request_ok($tx)->status_is(500);
 180
 181     $schema->storage->txn_rollback;
 182 };
 183
 184 subtest 'update() tests' => sub {
 185
 186     plan tests => 10;
 187
 188     $schema->storage->txn_begin;
 189
 190     my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
 191       create_user_and_session( { authorized => 0 } );
 192     my ( $authorized_borrowernumber, $authorized_session_id ) =
 193       create_user_and_session( { authorized => 1 } );
 194
 195     my $city_id = $builder->build( { source => 'City' } )->{cityid};
 196
 197     # Unauthorized attempt to update
 198     my $tx = $t->ua->build_tx( PUT => "/api/v1/cities/$city_id" => json =>
 199           { city_name => 'New unauthorized name change' } );
 200     $tx->req->cookies(
 201         { name => 'CGISESSID', value => $unauthorized_session_id } );
 202     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 203     $t->request_ok($tx)->status_is(403);
 204
 205     $tx = $t->ua->build_tx(
 206         PUT => "/api/v1/cities/$city_id" => json => { city_name => 'New name' }
 207     );
 208     $tx->req->cookies(
 209         { name => 'CGISESSID', value => $authorized_session_id } );
 210     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 211     $t->request_ok($tx)->status_is(200)->json_is( '/city_name' => 'New name' );
 212
 213     $tx = $t->ua->build_tx(
 214         PUT => "/api/v1/cities/$city_id" => json => { city_blah => 'New blah' }
 215     );
 216     $tx->req->cookies(
 217         { name => 'CGISESSID', value => $authorized_session_id } );
 218     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 219     $t->request_ok($tx)->status_is(500)
 220       ->json_is( '/error' => "No method city_blah for Koha::City" );
 221
 222     my $non_existent_id = $city_id + 1;
 223     $tx = $t->ua->build_tx( PUT => "/api/v1/cities/$non_existent_id" => json =>
 224           { city_name => 'New name' } );
 225     $tx->req->cookies(
 226         { name => 'CGISESSID', value => $authorized_session_id } );
 227     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 228     $t->request_ok($tx)->status_is(404);
 229
 230     $schema->storage->txn_rollback;
 231 };
 232
 233 subtest 'delete() tests' => sub {
 234
 235     plan tests => 7;
 236
 237     $schema->storage->txn_begin;
 238
 239     my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
 240       create_user_and_session( { authorized => 0 } );
 241     my ( $authorized_borrowernumber, $authorized_session_id ) =
 242       create_user_and_session( { authorized => 1 } );
 243
 244     my $city_id = $builder->build( { source => 'City' } )->{cityid};
 245
 246     # Unauthorized attempt to update
 247     my $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
 248     $tx->req->cookies(
 249         { name => 'CGISESSID', value => $unauthorized_session_id } );
 250     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 251     $t->request_ok($tx)->status_is(403);
 252
 253     $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
 254     $tx->req->cookies(
 255         { name => 'CGISESSID', value => $authorized_session_id } );
 256     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 257     $t->request_ok($tx)->status_is(200)->content_is('');
 258
 259     $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
 260     $tx->req->cookies(
 261         { name => 'CGISESSID', value => $authorized_session_id } );
 262     $tx->req->env( { REMOTE_ADDR => $remote_address } );
 263     $t->request_ok($tx)->status_is(404);
 264
 265     $schema->storage->txn_rollback;
 266 };
 267
 268 sub create_user_and_session {
 269
 270     my $args  = shift;
 271     my $flags = ( $args->{authorized} ) ? $args->{authorized} : 0;
 272     my $dbh   = C4::Context->dbh;
 273
 274     my $user = $builder->build(
 275         {
 276             source => 'Borrower',
 277             value  => {
 278                 flags => $flags
 279             }
 280         }
 281     );
 282
 283     # Create a session for the authorized user
 284     my $session = C4::Auth::get_session('');
 285     $session->param( 'number',   $user->{borrowernumber} );
 286     $session->param( 'id',       $user->{userid} );
 287     $session->param( 'ip',       '127.0.0.1' );
 288     $session->param( 'lasttime', time() );
 289     $session->flush;
 290
 291     if ( $args->{authorized} ) {
 292         $dbh->do( "
 293             INSERT INTO user_permissions (borrowernumber,module_bit,code)
 294             VALUES (?,3,'parameters_remaining_permissions')", undef,
 295             $user->{borrowernumber} );
 296     }
 297
 298     return ( $user->{borrowernumber}, $session->id );
 299 }
 300
 301 1;