From 62a481449ab798183a4e26a208946bcbc5912c31 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Fri, 10 Jul 2020 09:38:31 +0100 Subject: [PATCH] Bug 23634: (QA follow-up) Catch all email cases in API The API was only catching the primary email change case, but we need to catch email, emailpro and B_email. We were also not accounting for any of the emails (on PUT or from the DB) being undefined. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Marcel de Rooy Signed-off-by: Aleisha Amohia (cherry picked from commit 0a6f3e285ed2e792f1e49dfe85ff82bf12e61ded) Signed-off-by: Victor Grousset/tuxayo --- Koha/REST/V1/Patrons.pm | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/Koha/REST/V1/Patrons.pm b/Koha/REST/V1/Patrons.pm index 512d9dc4a5..9f75803566 100644 --- a/Koha/REST/V1/Patrons.pm +++ b/Koha/REST/V1/Patrons.pm @@ -199,10 +199,23 @@ sub update { my $user = $c->stash('koha.user'); if ( $patron->is_superlibrarian and !$user->is_superlibrarian ) { + my $put_email = $body->{email} // qw{}; + my $db_email = $patron->email // qw{}; + my $put_email_pro = $body->{secondary_email} // qw{}; + my $db_email_pro = $patron->emailpro // qw{}; + my $put_email_B = $body->{altaddress_email} // qw{}; + my $db_email_B = $patron->B_email // qw{}; + return $c->render( status => 403, - openapi => { error => "Not enough privileges to change a superlibrarian's email" } - ) if $body->{email} ne $patron->email ; + openapi => { + error => + "Not enough privileges to change a superlibrarian's email" + } + ) + if ($put_email ne $db_email) + || ($put_email_pro ne $db_email_pro) + || ($put_email_B ne $db_email_B); } $body = _to_model($c->validation->param('body')); -- 2.39.5