From e04654052eadac2868fcf7e911705d22f6af1b9c Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Mon, 16 Sep 2019 15:06:09 -0300 Subject: [PATCH] Bug 23584: Add the controller method and tests This patchset adds endpoints for the patrons to change their privacy settings regarding their guarantors. The following endpoints are added: PUT /public/patrons/:patron_id/guarantors/can_see_charges PUT /public/patrons/:patron_id/guarantors/can_see_checkouts They can only be used by the patron themselves with valid sessions. And enforce the AllowPatronToSetCheckoutsVisibilityForGuarantor and AllowPatronToSetFinesVisibilityForGuarantor system preferences when required. All this is covered by unit tests. To test: 1) Run: $ kshell k$ prove t/db_dependent/api/v1/patrons.t => SUCCESS: Tests pass! - Sign off :-D Signed-off-by: Tomas Cohen Arazi Signed-off-by: Josef Moravec Signed-off-by: Liz Rea Signed-off-by: Martin Renvoize --- Koha/REST/V1/Patrons.pm | 86 +++++++++++++++++++++++++++++++++ t/db_dependent/api/v1/patrons.t | 78 +++++++++++++++++++++++++++++- 2 files changed, 163 insertions(+), 1 deletion(-) diff --git a/Koha/REST/V1/Patrons.pm b/Koha/REST/V1/Patrons.pm index 5e8e398eac..29331fc4d0 100644 --- a/Koha/REST/V1/Patrons.pm +++ b/Koha/REST/V1/Patrons.pm @@ -296,6 +296,92 @@ sub delete { }; } +=head3 guarantors_can_see_charges + +Method for setting whether guarantors can see the patron's charges. + +=cut + +sub guarantors_can_see_charges { + my $c = shift->openapi->valid_input or return; + + return try { + if ( C4::Context->preference('AllowPatronToSetFinesVisibilityForGuarantor') ) { + my $patron = $c->stash( 'koha.user' ); + my $privacy_setting = ($c->req->json->{allowed}) ? 1 : 0; + + $patron->privacy_guarantor_fines( $privacy_setting )->store; + + return $c->render( + status => 200, + openapi => {} + ); + } + else { + return $c->render( + status => 403, + openapi => { + error => + 'The current configuration doesn\'t allow the requested action.' + } + ); + } + } + catch { + return $c->render( + status => 500, + openapi => { + error => + "Something went wrong, check Koha logs for details. $_" + } + ); + }; +} + +=head3 guarantors_can_see_checkouts + +Method for setting whether guarantors can see the patron's checkouts. + +=cut + +sub guarantors_can_see_checkouts { + my $c = shift->openapi->valid_input or return; + + return try { + if ( C4::Context->preference('AllowPatronToSetCheckoutsVisibilityForGuarantor') ) { + my $patron = $c->stash( 'koha.user' ); + my $privacy_setting = ( $c->req->json->{allowed} ) ? 1 : 0; + + $patron->privacy_guarantor_checkouts( $privacy_setting )->store; + + return $c->render( + status => 200, + openapi => {} + ); + } + else { + return $c->render( + status => 403, + openapi => { + error => + 'The current configuration doesn\'t allow the requested action.' + } + ); + } + } + catch { + return $c->render( + status => 500, + openapi => { + error => + "Something went wrong, check Koha logs for details. $_" + } + ); + }; +} + +=head2 Internal methods + =head3 _to_api Helper function that maps unblessed Koha::Patron objects into REST api diff --git a/t/db_dependent/api/v1/patrons.t b/t/db_dependent/api/v1/patrons.t index 4f96a12430..f9b60bc4ac 100644 --- a/t/db_dependent/api/v1/patrons.t +++ b/t/db_dependent/api/v1/patrons.t @@ -17,7 +17,7 @@ use Modern::Perl; -use Test::More tests => 5; +use Test::More tests => 7; use Test::Mojo; use Test::Warn; @@ -342,6 +342,82 @@ subtest 'delete() tests' => sub { }; }; +subtest 'guarantors_can_see_charges() tests' => sub { + + plan tests => 11; + + t::lib::Mocks::mock_preference( 'RESTPublicAPI', 1 ); + t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 ); + + $schema->storage->txn_begin; + + my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { privacy_guarantor_fines => 0 } }); + my $password = 'thePassword123'; + $patron->set_password({ password => $password, skip_validation => 1 }); + my $userid = $patron->userid; + my $patron_id = $patron->borrowernumber; + + t::lib::Mocks::mock_preference( 'AllowPatronToSetFinesVisibilityForGuarantor', 0 ); + + $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->true } ) + ->status_is( 403 ) + ->json_is( '/error', 'The current configuration doesn\'t allow the requested action.' ); + + t::lib::Mocks::mock_preference( 'AllowPatronToSetFinesVisibilityForGuarantor', 1 ); + + $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->true } ) + ->status_is( 200 ) + ->json_is( {} ); + + ok( $patron->discard_changes->privacy_guarantor_fines, 'privacy_guarantor_fines has been set correctly' ); + + $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->false } ) + ->status_is( 200 ) + ->json_is( {} ); + + ok( !$patron->discard_changes->privacy_guarantor_fines, 'privacy_guarantor_fines has been set correctly' ); + + $schema->storage->txn_rollback; +}; + +subtest 'guarantors_can_see_checkouts() tests' => sub { + + plan tests => 11; + + t::lib::Mocks::mock_preference( 'RESTPublicAPI', 1 ); + t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 ); + + $schema->storage->txn_begin; + + my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { privacy_guarantor_checkouts => 0 } }); + my $password = 'thePassword123'; + $patron->set_password({ password => $password, skip_validation => 1 }); + my $userid = $patron->userid; + my $patron_id = $patron->borrowernumber; + + t::lib::Mocks::mock_preference( 'AllowPatronToSetCheckoutsVisibilityForGuarantor', 0 ); + + $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->true } ) + ->status_is( 403 ) + ->json_is( '/error', 'The current configuration doesn\'t allow the requested action.' ); + + t::lib::Mocks::mock_preference( 'AllowPatronToSetCheckoutsVisibilityForGuarantor', 1 ); + + $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->true } ) + ->status_is( 200 ) + ->json_is( {} ); + + ok( $patron->discard_changes->privacy_guarantor_checkouts, 'privacy_guarantor_checkouts has been set correctly' ); + + $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->false } ) + ->status_is( 200 ) + ->json_is( {} ); + + ok( !$patron->discard_changes->privacy_guarantor_checkouts, 'privacy_guarantor_checkouts has been set correctly' ); + + $schema->storage->txn_rollback; +}; + # Centralized tests for 401s and 403s assuming the endpoint requires # borrowers flag for access sub unauthorized_access_tests { -- 2.39.5