3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Test::More tests => 7;
25 use t::lib::TestBuilder;
30 use C4::Members::Messaging;
32 use Koha::DateUtils qw(dt_from_string output_pref);
33 use Koha::Exceptions::Patron;
34 use Koha::Exceptions::Patron::Attribute;
35 use Koha::Old::Patrons;
36 use Koha::Patron::Attributes;
37 use Koha::Patron::Debarments qw( AddDebarment );
39 use JSON qw(encode_json);
41 my $schema = Koha::Database->new->schema;
42 my $builder = t::lib::TestBuilder->new;
44 my $t = Test::Mojo->new('Koha::REST::V1');
45 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
47 subtest 'list() tests' => sub {
51 $schema->storage->txn_begin;
52 unauthorized_access_tests('GET', undef, undef);
53 $schema->storage->txn_rollback;
55 subtest 'librarian access tests' => sub {
58 $schema->storage->txn_begin;
60 my $librarian = $builder->build_object(
62 class => 'Koha::Patrons',
63 value => { flags => 2**4 } # borrowers flag = 4
66 my $password = 'thePassword123';
67 $librarian->set_password( { password => $password, skip_validation => 1 } );
68 my $userid = $librarian->userid;
70 $t->get_ok("//$userid:$password@/api/v1/patrons")
73 $t->get_ok("//$userid:$password@/api/v1/patrons?cardnumber=" . $librarian->cardnumber)
75 ->json_is('/0/cardnumber' => $librarian->cardnumber);
77 $t->get_ok("//$userid:$password@/api/v1/patrons?q={\"cardnumber\":\"" . $librarian->cardnumber ."\"}")
79 ->json_is('/0/cardnumber' => $librarian->cardnumber);
81 $t->get_ok("//$userid:$password@/api/v1/patrons?address2=" . $librarian->address2)
83 ->json_is('/0/address2' => $librarian->address2);
85 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
86 AddDebarment({ borrowernumber => $patron->borrowernumber });
88 $t->get_ok("//$userid:$password@/api/v1/patrons?restricted=" . Mojo::JSON->true . "&cardnumber=" . $patron->cardnumber )
90 ->json_has('/0/restricted')
91 ->json_is( '/0/restricted' => Mojo::JSON->true )
94 subtest 'searching date and date-time fields' => sub {
98 my $date_of_birth = '1980-06-18';
99 my $last_seen = '2021-06-25 14:05:35';
101 my $patron = $builder->build_object(
103 class => 'Koha::Patrons',
105 dateofbirth => $date_of_birth,
106 lastseen => $last_seen,
111 my $last_seen_rfc3339 = $last_seen . "z";
113 $t->get_ok("//$userid:$password@/api/v1/patrons?date_of_birth=" . $date_of_birth . "&cardnumber=" . $patron->cardnumber)
115 ->json_is( '/0/patron_id' => $patron->id, 'Filtering by date works' );
117 $t->get_ok("//$userid:$password@/api/v1/patrons?last_seen=" . $last_seen_rfc3339 . "&cardnumber=" . $patron->cardnumber)
119 ->json_is( '/0/patron_id' => $patron->id, 'Filtering by date-time works' );
123 date_of_birth => $date_of_birth,
124 cardnumber => $patron->cardnumber,
128 $t->get_ok("//$userid:$password@/api/v1/patrons?q=$q")
130 ->json_is( '/0/patron_id' => $patron->id, 'Filtering by date works' );
134 last_seen => $last_seen_rfc3339,
135 cardnumber => $patron->cardnumber,
139 $t->get_ok("//$userid:$password@/api/v1/patrons?q=$q")
141 ->json_is( '/0/patron_id' => $patron->id, 'Filtering by date-time works' );
144 $schema->storage->txn_rollback;
147 subtest 'search_limited() tests' => sub {
151 $schema->storage->txn_begin;
153 my $library_1 = $builder->build_object({ class => 'Koha::Libraries' });
154 my $library_2 = $builder->build_object({ class => 'Koha::Libraries' });
156 my $patron_1 = $builder->build_object({ class => 'Koha::Patrons', value => { branchcode => $library_1->id } });
157 my $patron_2 = $builder->build_object({ class => 'Koha::Patrons', value => { branchcode => $library_1->id } });
158 my $patron_3 = $builder->build_object({ class => 'Koha::Patrons', value => { branchcode => $library_2->id } });
160 my @libraries_where_can_see_patrons = ($library_1->id, $library_2->id);
162 my $mocked_patron = Test::MockModule->new('Koha::Patron');
163 $mocked_patron->mock( 'libraries_where_can_see_patrons', sub
165 return @libraries_where_can_see_patrons;
169 my $librarian = $builder->build_object(
171 class => 'Koha::Patrons',
172 value => { flags => 2**4 } # borrowers flag = 4
175 my $password = 'thePassword123';
176 $librarian->set_password( { password => $password, skip_validation => 1 } );
177 my $userid = $librarian->userid;
179 $t->get_ok("//$userid:$password@/api/v1/patrons?_order_by=patron_id&q=" . encode_json({ library_id => [ $library_1->id, $library_2->id ] }))
181 ->json_is( '/0/patron_id' => $patron_1->id )
182 ->json_is( '/1/patron_id' => $patron_2->id )
183 ->json_is( '/2/patron_id' => $patron_3->id );
185 @libraries_where_can_see_patrons = ($library_2->id);
187 my $res = $t->get_ok("//$userid:$password@/api/v1/patrons?_order_by=patron_id&q=" . encode_json({ library_id => [ $library_1->id, $library_2->id ] }))
189 ->json_is( '/0/patron_id' => $patron_3->id, 'Returns the only allowed patron' )
192 is( scalar @{$res}, 1, 'Only one patron returned' );
194 $schema->storage->txn_rollback;
198 subtest 'get() tests' => sub {
202 $schema->storage->txn_begin;
203 unauthorized_access_tests('GET', -1, undef);
204 $schema->storage->txn_rollback;
206 subtest 'librarian access tests' => sub {
209 $schema->storage->txn_begin;
211 my $librarian = $builder->build_object(
213 class => 'Koha::Patrons',
214 value => { flags => 2**4 } # borrowers flag = 4
217 my $password = 'thePassword123';
218 $librarian->set_password( { password => $password, skip_validation => 1 } );
219 my $userid = $librarian->userid;
221 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
223 $t->get_ok("//$userid:$password@/api/v1/patrons/" . $patron->id)
225 ->json_is('/patron_id' => $patron->id)
226 ->json_is('/category_id' => $patron->categorycode )
227 ->json_is('/surname' => $patron->surname)
228 ->json_is('/patron_card_lost' => Mojo::JSON->false );
230 $schema->storage->txn_rollback;
233 subtest 'search_limited() tests' => sub {
237 $schema->storage->txn_begin;
239 my $library_1 = $builder->build_object({ class => 'Koha::Libraries' });
240 my $library_2 = $builder->build_object({ class => 'Koha::Libraries' });
241 my $library_3 = $builder->build_object({ class => 'Koha::Libraries' });
243 my $patron_1 = $builder->build_object({ class => 'Koha::Patrons', value => { branchcode => $library_1->id } });
244 my $patron_2 = $builder->build_object({ class => 'Koha::Patrons', value => { branchcode => $library_2->id } });
245 my $patron_3 = $builder->build_object({ class => 'Koha::Patrons', value => { branchcode => $library_3->id } });
247 my @libraries_where_can_see_patrons = ($library_1->id, $library_2->id);
249 my $mocked_patron = Test::MockModule->new('Koha::Patron');
250 $mocked_patron->mock( 'libraries_where_can_see_patrons', sub
252 return @libraries_where_can_see_patrons;
256 my $librarian = $builder->build_object(
257 { class => 'Koha::Patrons',
258 value => { flags => 2**4, branchcode => $library_3->id } # borrowers flag = 4
261 my $password = 'thePassword123';
262 $librarian->set_password( { password => $password, skip_validation => 1 } );
263 my $userid = $librarian->userid;
265 $t->get_ok("//$userid:$password@/api/v1/patrons/" . $patron_1->id )
267 ->json_is( '/patron_id' => $patron_1->id );
269 $t->get_ok("//$userid:$password@/api/v1/patrons/" . $patron_2->id )
271 ->json_is( '/patron_id' => $patron_2->id );
273 @libraries_where_can_see_patrons = ($library_1->id);
275 $t->get_ok("//$userid:$password@/api/v1/patrons/" . $patron_1->id )
277 ->json_is( '/patron_id' => $patron_1->id );
279 $t->get_ok("//$userid:$password@/api/v1/patrons/" . $patron_2->id )
281 ->json_is({ error => "Patron not found." });
283 $schema->storage->txn_rollback;
287 subtest 'add() tests' => sub {
290 $schema->storage->txn_begin;
292 my $patron = $builder->build_object( { class => 'Koha::Patrons' } )->to_api;
294 unauthorized_access_tests('POST', undef, $patron);
296 $schema->storage->txn_rollback;
298 subtest 'librarian access tests' => sub {
301 $schema->storage->txn_begin;
303 my $extended_attrs_exception;
306 my $attr = "Let's go";
308 # Mock early, so existing mandatory attributes don't break all the tests
309 my $mocked_patron = Test::MockModule->new('Koha::Patron');
310 $mocked_patron->mock(
311 'extended_attributes',
314 if ($extended_attrs_exception) {
315 if ( $extended_attrs_exception eq 'Koha::Exceptions::Patron::Attribute::NonRepeatable'
316 or $extended_attrs_exception eq 'Koha::Exceptions::Patron::Attribute::UniqueIDConstraint'
319 $extended_attrs_exception->throw(
320 attribute => Koha::Patron::Attribute->new(
321 { code => $code, attribute => $attr }
326 $extended_attrs_exception->throw( type => $type );
333 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
334 my $newpatron = $patron->to_api;
335 # delete RO attributes
336 delete $newpatron->{patron_id};
337 delete $newpatron->{restricted};
338 delete $newpatron->{anonymized};
340 # Create a library just to make sure its ID doesn't exist on the DB
341 my $library_to_delete = $builder->build_object({ class => 'Koha::Libraries' });
342 my $deleted_library_id = $library_to_delete->id;
344 $library_to_delete->delete;
346 my $librarian = $builder->build_object(
348 class => 'Koha::Patrons',
349 value => { flags => 2**4 } # borrowers flag = 4
352 my $password = 'thePassword123';
353 $librarian->set_password( { password => $password, skip_validation => 1 } );
354 my $userid = $librarian->userid;
356 $newpatron->{library_id} = $deleted_library_id;
359 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
361 ->json_is('/error' => "Duplicate ID"); }
362 qr/DBD::mysql::st execute failed: Duplicate entry/;
364 $newpatron->{library_id} = $patron->branchcode;
366 # Create a library just to make sure its ID doesn't exist on the DB
367 my $category_to_delete = $builder->build_object({ class => 'Koha::Patron::Categories' });
368 my $deleted_category_id = $category_to_delete->id;
370 $category_to_delete->delete;
372 $newpatron->{category_id} = $deleted_category_id; # Test invalid patron category
374 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
376 ->json_is('/error' => "Given category_id does not exist");
377 $newpatron->{category_id} = $patron->categorycode;
379 $newpatron->{falseproperty} = "Non existent property";
381 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
384 delete $newpatron->{falseproperty};
386 my $patron_to_delete = $builder->build_object({ class => 'Koha::Patrons' });
387 $newpatron = $patron_to_delete->to_api;
388 # delete RO attributes
389 delete $newpatron->{patron_id};
390 delete $newpatron->{restricted};
391 delete $newpatron->{anonymized};
392 $patron_to_delete->delete;
395 $newpatron->{date_of_birth} = '1980-06-18';
396 # Set a date-time field
397 $newpatron->{last_seen} = output_pref({ dt => dt_from_string->add( days => -1 ), dateformat => 'rfc3339' });
399 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
400 ->status_is(201, 'Patron created successfully')
402 Location => qr|^\/api\/v1\/patrons/\d*|,
405 ->json_has('/patron_id', 'got a patron_id')
406 ->json_is( '/cardnumber' => $newpatron->{ cardnumber })
407 ->json_is( '/surname' => $newpatron->{ surname })
408 ->json_is( '/firstname' => $newpatron->{ firstname })
409 ->json_is( '/date_of_birth' => $newpatron->{ date_of_birth }, 'Date field set (Bug 28585)' )
410 ->json_is( '/last_seen' => $newpatron->{ last_seen }, 'Date-time field set (Bug 28585)' );
413 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
415 ->json_has( '/error', 'Fails when trying to POST duplicate cardnumber' )
416 ->json_like( '/conflict' => qr/(borrowers\.)?cardnumber/ ); }
417 qr/DBD::mysql::st execute failed: Duplicate entry '(.*?)' for key '(borrowers\.)?cardnumber'/;
419 subtest 'extended_attributes handling tests' => sub {
423 my $patrons_count = Koha::Patrons->search->count;
425 $extended_attrs_exception = 'Koha::Exceptions::Patron::MissingMandatoryExtendedAttribute';
427 "//$userid:$password@/api/v1/patrons" => json => {
428 "firstname" => "Katrina",
429 "surname" => "Fischer",
430 "address" => "Somewhere",
431 "category_id" => "ST",
432 "city" => "Konstanz",
433 "library_id" => "MPL"
436 ->json_is( '/error' =>
437 "Missing mandatory extended attribute (type=$type)" );
439 is( Koha::Patrons->search->count, $patrons_count, 'No patron added' );
441 $extended_attrs_exception = 'Koha::Exceptions::Patron::Attribute::InvalidType';
443 "//$userid:$password@/api/v1/patrons" => json => {
444 "firstname" => "Katrina",
445 "surname" => "Fischer",
446 "address" => "Somewhere",
447 "category_id" => "ST",
448 "city" => "Konstanz",
449 "library_id" => "MPL"
452 ->json_is( '/error' =>
453 "Tried to use an invalid attribute type. type=$type" );
455 is( Koha::Patrons->search->count, $patrons_count, 'No patron added' );
457 $extended_attrs_exception = 'Koha::Exceptions::Patron::Attribute::NonRepeatable';
459 "//$userid:$password@/api/v1/patrons" => json => {
460 "firstname" => "Katrina",
461 "surname" => "Fischer",
462 "address" => "Somewhere",
463 "category_id" => "ST",
464 "city" => "Konstanz",
465 "library_id" => "MPL"
468 ->json_is( '/error' =>
469 "Tried to add more than one non-repeatable attributes. type=$code value=$attr" );
471 is( Koha::Patrons->search->count, $patrons_count, 'No patron added' );
473 $extended_attrs_exception = 'Koha::Exceptions::Patron::Attribute::UniqueIDConstraint';
475 "//$userid:$password@/api/v1/patrons" => json => {
476 "firstname" => "Katrina",
477 "surname" => "Fischer",
478 "address" => "Somewhere",
479 "category_id" => "ST",
480 "city" => "Konstanz",
481 "library_id" => "MPL"
484 ->json_is( '/error' =>
485 "Your action breaks a unique constraint on the attribute. type=$code value=$attr" );
487 is( Koha::Patrons->search->count, $patrons_count, 'No patron added' );
489 $mocked_patron->unmock('extended_attributes');
490 # Temporarily get rid of mandatory attribute types
491 Koha::Patron::Attribute::Types->search({ mandatory => 1 })->delete;
492 # Create a couple attribute attribute types
493 my $repeatable_1 = $builder->build_object(
495 class => 'Koha::Patron::Attribute::Types',
500 category_code => 'ST'
504 my $repeatable_2 = $builder->build_object(
506 class => 'Koha::Patron::Attribute::Types',
511 category_code => 'ST'
516 my $patron_id = $t->post_ok(
517 "//$userid:$password@/api/v1/patrons" => json => {
518 "firstname" => "Katrina",
519 "surname" => "Fischer",
520 "address" => "Somewhere",
521 "category_id" => "ST",
522 "city" => "Konstanz",
523 "library_id" => "MPL",
524 "extended_attributes" => [
525 { type => $repeatable_1->code, value => 'a' },
526 { type => $repeatable_1->code, value => 'b' },
527 { type => $repeatable_1->code, value => 'c' },
528 { type => $repeatable_2->code, value => 'd' },
529 { type => $repeatable_2->code, value => 'e' }
532 )->status_is(201, 'Patron added')->tx->res->json->{patron_id};
533 my $extended_attributes = join( ' ', sort map {$_->attribute} Koha::Patrons->find($patron_id)->extended_attributes->as_list);
534 is( $extended_attributes, 'a b c d e', 'Extended attributes are stored correctly');
537 subtest 'default patron messaging preferences handling' => sub {
541 t::lib::Mocks::mock_preference( 'EnhancedMessagingPreferences', 1 );
543 C4::Members::Messaging::SetMessagingPreference({
544 categorycode => 'ST',
545 message_attribute_id => 1,
546 message_transport_types => ['email'],
550 my $patron_id = $t->post_ok(
551 "//$userid:$password@/api/v1/patrons" => json => {
552 "firstname" => "Nick",
553 "surname" => "Clemens",
554 "address" => "Somewhere",
555 "category_id" => "ST",
556 "city" => "Smallville",
557 "library_id" => "MPL",
559 )->status_is(201, 'Patron added')->tx->res->json->{patron_id};
561 my $messaging_preferences = C4::Members::Messaging::GetMessagingPreferences({ borrowernumber => $patron_id, message_name => 'Item_Due' });
564 $messaging_preferences,
566 letter_code => 'DUEDGST',
568 transports => { email => 'DUEDGST' }
570 'Default messaging preferences set correctly'
574 $schema->storage->txn_rollback;
578 subtest 'update() tests' => sub {
581 $schema->storage->txn_begin;
582 unauthorized_access_tests('PUT', 123, {email => 'nobody@example.com'});
583 $schema->storage->txn_rollback;
585 subtest 'librarian access tests' => sub {
588 $schema->storage->txn_begin;
590 my $authorized_patron = $builder->build_object(
592 class => 'Koha::Patrons',
593 value => { flags => 1 }
596 my $password = 'thePassword123';
597 $authorized_patron->set_password(
598 { password => $password, skip_validation => 1 } );
599 my $userid = $authorized_patron->userid;
601 my $unauthorized_patron = $builder->build_object(
603 class => 'Koha::Patrons',
604 value => { flags => 0 }
607 $unauthorized_patron->set_password( { password => $password, skip_validation => 1 } );
608 my $unauth_userid = $unauthorized_patron->userid;
610 my $patron_1 = $authorized_patron;
611 my $patron_2 = $unauthorized_patron;
612 my $newpatron = $unauthorized_patron->to_api;
613 # delete RO attributes
614 delete $newpatron->{patron_id};
615 delete $newpatron->{restricted};
616 delete $newpatron->{anonymized};
618 $t->put_ok("//$userid:$password@/api/v1/patrons/-1" => json => $newpatron)
620 ->json_has('/error', 'Fails when trying to PUT nonexistent patron');
622 # Create a library just to make sure its ID doesn't exist on the DB
623 my $category_to_delete = $builder->build_object({ class => 'Koha::Patron::Categories' });
624 my $deleted_category_id = $category_to_delete->id;
626 $category_to_delete->delete;
628 # Use an invalid category
629 $newpatron->{category_id} = $deleted_category_id;
631 $t->put_ok("//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron)
633 ->json_is('/error' => "Given category_id does not exist");
635 # Restore the valid category
636 $newpatron->{category_id} = $patron_2->categorycode;
638 # Create a library just to make sure its ID doesn't exist on the DB
639 my $library_to_delete = $builder->build_object({ class => 'Koha::Libraries' });
640 my $deleted_library_id = $library_to_delete->id;
642 $library_to_delete->delete;
644 # Use an invalid library_id
645 $newpatron->{library_id} = $deleted_library_id;
648 $t->put_ok("//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron)
650 ->json_is('/error' => "Given library_id does not exist"); }
651 qr/DBD::mysql::st execute failed: Cannot add or update a child row: a foreign key constraint fails/;
653 # Restore the valid library_id
654 $newpatron->{library_id} = $patron_2->branchcode;
656 # Use an invalid attribute
657 $newpatron->{falseproperty} = "Non existent property";
659 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron )
661 ->json_is('/errors/0/message' =>
662 'Properties not allowed: falseproperty.');
664 # Get rid of the invalid attribute
665 delete $newpatron->{falseproperty};
667 # Set both cardnumber and userid to already existing values
668 $newpatron->{cardnumber} = $patron_1->cardnumber;
669 $newpatron->{userid} = $patron_1->userid;
672 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron )
674 ->json_has( '/error', "Fails when trying to update to an existing cardnumber or userid")
675 ->json_like( '/conflict' => qr/(borrowers\.)?cardnumber/ ); }
676 qr/DBD::mysql::st execute failed: Duplicate entry '(.*?)' for key '(borrowers\.)?cardnumber'/;
678 $newpatron->{ cardnumber } = $patron_1->id . $patron_2->id;
679 $newpatron->{ userid } = "user" . $patron_1->id.$patron_2->id;
680 $newpatron->{ surname } = "user" . $patron_1->id.$patron_2->id;
682 ## Trying to set to null on specially handled cases
683 # Special case: a date
684 $newpatron->{ date_of_birth } = undef;
685 # Special case: a date-time
686 $newpatron->{ last_seen } = undef;
688 my $result = $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron )
689 ->status_is(200, 'Patron updated successfully');
691 # Put back the RO attributes
692 $newpatron->{patron_id} = $unauthorized_patron->to_api->{patron_id};
693 $newpatron->{restricted} = $unauthorized_patron->to_api->{restricted};
694 $newpatron->{anonymized} = $unauthorized_patron->to_api->{anonymized};
696 my $got = $result->tx->res->json;
697 my $updated_on_got = delete $got->{updated_on};
698 my $updated_on_expected = delete $newpatron->{updated_on};
699 is_deeply($got, $newpatron, 'Returned patron from update matches expected');
700 is( t::lib::Dates::compare( $updated_on_got, $updated_on_expected ), 0, 'updated_on values matched' );
702 is(Koha::Patrons->find( $patron_2->id )->cardnumber,
703 $newpatron->{ cardnumber }, 'Patron is really updated!');
705 my $superlibrarian = $builder->build_object(
707 class => 'Koha::Patrons',
708 value => { flags => 1 }
712 $newpatron->{cardnumber} = $superlibrarian->cardnumber;
713 $newpatron->{userid} = $superlibrarian->userid;
714 $newpatron->{email} = 'nosense@no.no';
715 # delete RO attributes
716 delete $newpatron->{patron_id};
717 delete $newpatron->{restricted};
718 delete $newpatron->{anonymized};
721 $authorized_patron->flags( 2**4 )->store; # borrowers flag = 4
722 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $superlibrarian->borrowernumber => json => $newpatron )
723 ->status_is(403, "Non-superlibrarian user change of superlibrarian email forbidden")
724 ->json_is( { error => "Not enough privileges to change a superlibrarian's email" } );
727 $newpatron->{email} = undef;
728 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $superlibrarian->borrowernumber => json => $newpatron )
729 ->status_is(403, "Non-superlibrarian user change of superlibrarian email to undefined forbidden")
730 ->json_is( { error => "Not enough privileges to change a superlibrarian's email" } );
732 $newpatron->{email} = $superlibrarian->email;
733 $newpatron->{secondary_email} = 'nonsense@no.no';
736 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $superlibrarian->borrowernumber => json => $newpatron )
737 ->status_is(403, "Non-superlibrarian user change of superlibrarian secondary_email forbidden")
738 ->json_is( { error => "Not enough privileges to change a superlibrarian's email" } );
741 $newpatron->{secondary_email} = undef;
742 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $superlibrarian->borrowernumber => json => $newpatron )
743 ->status_is(403, "Non-superlibrarian user change of superlibrarian secondary_email to undefined forbidden")
744 ->json_is( { error => "Not enough privileges to change a superlibrarian's email" } );
746 $newpatron->{secondary_email} = $superlibrarian->emailpro;
747 $newpatron->{altaddress_email} = 'nonsense@no.no';
750 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $superlibrarian->borrowernumber => json => $newpatron )
751 ->status_is(403, "Non-superlibrarian user change of superlibrarian altaddress_email forbidden")
752 ->json_is( { error => "Not enough privileges to change a superlibrarian's email" } );
755 $newpatron->{altaddress_email} = undef;
756 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $superlibrarian->borrowernumber => json => $newpatron )
757 ->status_is(403, "Non-superlibrarian user change of superlibrarian altaddress_email to undefined forbidden")
758 ->json_is( { error => "Not enough privileges to change a superlibrarian's email" } );
760 # update patron without sending email
761 delete $newpatron->{email};
762 delete $newpatron->{secondary_email};
763 delete $newpatron->{altaddress_email};
766 $newpatron->{date_of_birth} = '1980-06-18';
767 # Set a date-time field
768 $newpatron->{last_seen} = output_pref({ dt => dt_from_string->add( days => -1 ), dateformat => 'rfc3339' });
770 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $superlibrarian->borrowernumber => json => $newpatron )
771 ->status_is(200, "Non-superlibrarian user can edit superlibrarian successfully if not changing email")
772 ->json_is( '/date_of_birth' => $newpatron->{ date_of_birth }, 'Date field set (Bug 28585)' )
773 ->json_is( '/last_seen' => $newpatron->{ last_seen }, 'Date-time field set (Bug 28585)' );
775 $schema->storage->txn_rollback;
779 subtest 'delete() tests' => sub {
782 $schema->storage->txn_begin;
783 unauthorized_access_tests('DELETE', 123, undef);
784 $schema->storage->txn_rollback;
786 subtest 'librarian access test' => sub {
789 $schema->storage->txn_begin;
791 my $authorized_patron = $builder->build_object(
793 class => 'Koha::Patrons',
794 value => { flags => 2**4 } # borrowers flag = 4
797 my $password = 'thePassword123';
798 $authorized_patron->set_password(
799 { password => $password, skip_validation => 1 } );
800 my $userid = $authorized_patron->userid;
802 $t->delete_ok("//$userid:$password@/api/v1/patrons/-1")
803 ->status_is(404, 'Patron not found');
805 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
807 t::lib::Mocks::mock_preference('AnonymousPatron', $patron->borrowernumber);
808 $t->delete_ok("//$userid:$password@/api/v1/patrons/" . $patron->borrowernumber)
809 ->status_is(403, 'Anonymous patron cannot be deleted')
810 ->json_is( { error => 'Anonymous patron cannot be deleted' } );
811 t::lib::Mocks::mock_preference('AnonymousPatron', 0); # back to default
813 t::lib::Mocks::mock_preference( 'borrowerRelationship', 'parent' );
815 my $checkout = $builder->build_object(
817 class => 'Koha::Checkouts',
818 value => { borrowernumber => $patron->borrowernumber }
821 my $debit = $patron->account->add_debit({ amount => 10, interface => 'intranet', type => 'MANUAL' });
822 my $guarantee = $builder->build_object({ class => 'Koha::Patrons' });
824 $guarantee->add_guarantor({ guarantor_id => $patron->id, relationship => 'parent' });
826 $t->delete_ok("//$userid:$password@/api/v1/patrons/" . $patron->borrowernumber)
827 ->status_is(409, 'Patron with checkouts cannot be deleted')
828 ->json_is( { error => 'Pending checkouts prevent deletion' } );
830 # Make sure it has no pending checkouts
833 $t->delete_ok("//$userid:$password@/api/v1/patrons/" . $patron->borrowernumber)
834 ->status_is(409, 'Patron with debt cannot be deleted')
835 ->json_is( { error => 'Pending debts prevent deletion' } );
837 # Make sure it has no debt
838 $patron->account->pay({ amount => 10, debits => [ $debit ] });
840 $t->delete_ok("//$userid:$password@/api/v1/patrons/" . $patron->borrowernumber)
841 ->status_is(409, 'Patron with guarantees cannot be deleted')
842 ->json_is( { error => 'Patron is a guarantor and it prevents deletion' } );
845 $patron->guarantee_relationships->delete;
847 $t->delete_ok("//$userid:$password@/api/v1/patrons/" . $patron->borrowernumber)
848 ->status_is(204, 'SWAGGER3.2.4')
849 ->content_is('', 'SWAGGER3.3.4');
851 my $deleted_patrons = Koha::Old::Patrons->search({ borrowernumber => $patron->borrowernumber });
852 is( $deleted_patrons->count, 1, 'The patron has been moved to the vault' );
854 $schema->storage->txn_rollback;
858 subtest 'guarantors_can_see_charges() tests' => sub {
862 t::lib::Mocks::mock_preference( 'RESTPublicAPI', 1 );
863 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
865 $schema->storage->txn_begin;
867 my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { privacy_guarantor_fines => 0 } });
868 my $password = 'thePassword123';
869 $patron->set_password({ password => $password, skip_validation => 1 });
870 my $userid = $patron->userid;
871 my $patron_id = $patron->borrowernumber;
873 t::lib::Mocks::mock_preference( 'AllowPatronToSetFinesVisibilityForGuarantor', 0 );
875 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->true } )
877 ->json_is( '/error', 'The current configuration doesn\'t allow the requested action.' );
879 t::lib::Mocks::mock_preference( 'AllowPatronToSetFinesVisibilityForGuarantor', 1 );
881 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->true } )
885 ok( $patron->discard_changes->privacy_guarantor_fines, 'privacy_guarantor_fines has been set correctly' );
887 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->false } )
891 ok( !$patron->discard_changes->privacy_guarantor_fines, 'privacy_guarantor_fines has been set correctly' );
893 $schema->storage->txn_rollback;
896 subtest 'guarantors_can_see_checkouts() tests' => sub {
900 t::lib::Mocks::mock_preference( 'RESTPublicAPI', 1 );
901 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
903 $schema->storage->txn_begin;
905 my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { privacy_guarantor_checkouts => 0 } });
906 my $password = 'thePassword123';
907 $patron->set_password({ password => $password, skip_validation => 1 });
908 my $userid = $patron->userid;
909 my $patron_id = $patron->borrowernumber;
911 t::lib::Mocks::mock_preference( 'AllowPatronToSetCheckoutsVisibilityForGuarantor', 0 );
913 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->true } )
915 ->json_is( '/error', 'The current configuration doesn\'t allow the requested action.' );
917 t::lib::Mocks::mock_preference( 'AllowPatronToSetCheckoutsVisibilityForGuarantor', 1 );
919 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->true } )
923 ok( $patron->discard_changes->privacy_guarantor_checkouts, 'privacy_guarantor_checkouts has been set correctly' );
925 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->false } )
929 ok( !$patron->discard_changes->privacy_guarantor_checkouts, 'privacy_guarantor_checkouts has been set correctly' );
931 $schema->storage->txn_rollback;
934 # Centralized tests for 401s and 403s assuming the endpoint requires
935 # borrowers flag for access
936 sub unauthorized_access_tests {
937 my ($verb, $patron_id, $json) = @_;
939 my $endpoint = '/api/v1/patrons';
940 $endpoint .= ($patron_id) ? "/$patron_id" : '';
942 subtest 'unauthorized access tests' => sub {
945 my $verb_ok = lc($verb) . '_ok';
947 $t->$verb_ok($endpoint => json => $json)
950 my $unauthorized_patron = $builder->build_object(
952 class => 'Koha::Patrons',
953 value => { flags => 0 }
956 my $password = "thePassword123!";
957 $unauthorized_patron->set_password(
958 { password => $password, skip_validation => 1 } );
959 my $unauth_userid = $unauthorized_patron->userid;
961 $t->$verb_ok( "//$unauth_userid:$password\@$endpoint" => json => $json )
963 ->json_has('/required_permissions');