From f1ca5b7473575b9c2ec13ba272fa99d044c4d990 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 19 Mar 2020 17:04:31 -0300 Subject: [PATCH] Bug 24909: Add unprivileged route to get a bibliographic record This patch adds a route to get bibliographic records without privileged access. This needs to match the OPAC expected behaviour. Some things were considered on the implementation: - The ViewPolicy filter that hides/shows things based on the frameworks needded to be used, as in the OPAC. - OpacHiddenItems and OpacHiddenItemsExceptions need to be considered for hiding records the same way the OPAC is expected to. - Avoid using OpacHiddenItemsExceptions, but rely on the patron category instead (use Koha::Patron::Category->override_hidden_items abstraction is used instead so it should keep working once 22547 is moved forward). - Tests should cover all the use cases: * logged in user * anonymous user * logged in with category that overrides * logged in with category that doesn't override This is all implemented on the tests. To test: 1. Apply the tests patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/biblios.t => FAIL: Route not implemented 3. Apply the rest of the patches 4. Repeat 2 => SUCCESS: Tests pass! 5. Try it with your favourite API tool (Postman?) 6. Sign off :-D Note: please notice there isn't a default fallback behaviour for when you don't specify the Accept header, so testing this on a regular browser will just print the accepted mime types instead of the record itself. To test this with a tool (like Postman) you should enable RESTBasicAuthe and make the tool use Basic authentication with valid credentials. And you need to specify any of the following strings on the Accept header: - application/marcxml+xml - application/marc-in-json - application/marc - text/plain Signed-off-by: David Nind Signed-off-by: Jonathan Druart Signed-off-by: Martin Renvoize (cherry picked from commit b97158dd1342ea060a29297df3d691f05065c227) Signed-off-by: Aleisha Amohia --- Koha/REST/V1/Biblios.pm | 99 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 2 deletions(-) diff --git a/Koha/REST/V1/Biblios.pm b/Koha/REST/V1/Biblios.pm index 57b5241ee4..cee90e3be0 100644 --- a/Koha/REST/V1/Biblios.pm +++ b/Koha/REST/V1/Biblios.pm @@ -20,6 +20,7 @@ use Modern::Perl; use Mojo::Base 'Mojolicious::Controller'; use Koha::Biblios; +use Koha::RecordProcessor; use C4::Biblio qw(DelBiblio); use MARC::Record::MiJ; @@ -154,8 +155,103 @@ sub delete { }; } -=head2 Internal methods +=head3 get_public + +Controller function that handles retrieving a single biblio object + +=cut + +sub get_public { + my $c = shift->openapi->valid_input or return; + + my $biblio = Koha::Biblios->find( + { biblionumber => $c->validation->param('biblio_id') }, + { prefetch => ['metadata'] } ); + + unless ($biblio) { + return $c->render( + status => 404, + openapi => { + error => "Object not found." + } + ); + } + + return try { + + my $record = $biblio->metadata->record; + + my $opachiddenitems_rules = C4::Context->yaml_preference('OpacHiddenItems'); + my $patron = $c->stash('koha.user'); + + # Check if the biblio should be hidden for unprivileged access + # unless there's a logged in user, and there's an exception for it's + # category + unless ( $patron and $patron->category->override_hidden_items ) { + if ( $biblio->hidden_in_opac({ rules => $opachiddenitems_rules }) ) + { + return $c->render( + status => 404, + openapi => { + error => "Object not found." + } + ); + } + } + my $marcflavour = C4::Context->preference("marcflavour"); + + my $record_processor = Koha::RecordProcessor->new({ + filters => 'ViewPolicy', + options => { + interface => 'opac', + frameworkcode => $biblio->frameworkcode + } + }); + # Apply framework's filtering to MARC::Record object + $record_processor->process($record); + + $c->respond_to( + marcxml => { + status => 200, + format => 'marcxml', + text => $record->as_xml_record + }, + mij => { + status => 200, + format => 'mij', + text => $record->to_mij + }, + marc => { + status => 200, + format => 'marc', + text => $record->as_usmarc + }, + txt => { + status => 200, + format => 'text/plain', + text => $record->as_formatted + }, + any => { + status => 406, + openapi => [ + "application/marcxml+xml", + "application/marc-in-json", + "application/marc", + "text/plain" + ] + } + ); + } + catch { + return $c->render( + status => 500, + openapi => { error => "Something went wrong, check the logs ($_)" } + ); + }; +} + +=head2 Internal methods =head3 _to_api @@ -209,7 +305,6 @@ sub build_json_biblio { return _to_api($response); } - =head2 Global variables =head3 $to_api_mapping -- 2.39.5