From bc55051e494efa5fd62f825e6d863dbdaddd30e8 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Mon, 6 Mar 2023 17:32:32 +0000 Subject: [PATCH] Bug 30979: Limit public checkout endpoint using preference The public api endpoint for self-checkout should only be enabled in the case where the OpacTrustedSelfCheckout option is enabled. Signed-off-by: Silvia Meakins Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- Koha/REST/V1/Checkouts.pm | 12 ++++++++++++ api/v1/swagger/paths/public_patrons.yaml | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/Koha/REST/V1/Checkouts.pm b/Koha/REST/V1/Checkouts.pm index 66ed9510eb..214c4a4020 100644 --- a/Koha/REST/V1/Checkouts.pm +++ b/Koha/REST/V1/Checkouts.pm @@ -189,6 +189,18 @@ sub add { my $patron_id = $body->{patron_id}; my $onsite = $body->{onsite_checkout}; + if ( $c->stash('is_public') + && !C4::Context->preference('OpacTrustedCheckout') ) + { + return $c->render( + status => 405, + openapi => { + error => 'Feature disabled', + error_code => 'FEATURE_DISABLED' + } + ); + } + return try { my $item = Koha::Items->find($item_id); unless ($item) { diff --git a/api/v1/swagger/paths/public_patrons.yaml b/api/v1/swagger/paths/public_patrons.yaml index 80ea489836..3e5faf5255 100644 --- a/api/v1/swagger/paths/public_patrons.yaml +++ b/api/v1/swagger/paths/public_patrons.yaml @@ -102,6 +102,10 @@ description: Cannot create checkout schema: $ref: "../swagger.yaml#/definitions/error" + "405": + description: Method not allowed + schema: + $ref: "../swagger.yaml#/definitions/error" "409": description: Conflict in creating checkout schema: -- 2.39.5