3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test::More tests => 21;
22 use t::lib::TestBuilder;
31 my $schema = Koha::Database->new->schema;
32 my $builder = t::lib::TestBuilder->new();
34 $schema->storage->txn_begin;
36 # FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
37 # this affects the other REST api tests
38 t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
40 $ENV{REMOTE_ADDR} = '127.0.0.1';
41 my $t = Test::Mojo->new('Koha::REST::V1');
43 my $categorycode = $builder->build({ source => 'Category' })->{ categorycode };
44 my $branchcode = $builder->build({ source => 'Branch' })->{ branchcode };
45 my $guarantor = $builder->build({
48 branchcode => $branchcode,
49 categorycode => $categorycode,
53 my $borrower = $builder->build({
56 branchcode => $branchcode,
57 categorycode => $categorycode,
60 guarantorid => $guarantor->{borrowernumber},
64 $t->get_ok('/api/v1/patrons')
67 $t->get_ok("/api/v1/patrons/" . $borrower->{ borrowernumber })
70 my $session = C4::Auth::get_session('');
71 $session->param('number', $borrower->{ borrowernumber });
72 $session->param('id', $borrower->{ userid });
73 $session->param('ip', '127.0.0.1');
74 $session->param('lasttime', time());
77 my $session2 = C4::Auth::get_session('');
78 $session2->param('number', $guarantor->{ borrowernumber });
79 $session2->param('id', $guarantor->{ userid });
80 $session2->param('ip', '127.0.0.1');
81 $session2->param('lasttime', time());
84 my $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
85 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
89 $tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . ($borrower->{ borrowernumber }-1));
90 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
93 ->json_is('/required_permissions', {"borrowers" => "1"});
95 # User without permissions, but is the owner of the object
96 $tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{borrowernumber});
97 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
101 # User without permissions, but is the guarantor of the owner of the object
102 $tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{borrowernumber});
103 $tx->req->cookies({name => 'CGISESSID', value => $session2->id});
106 ->json_is('/guarantorid', $guarantor->{borrowernumber});
108 my $loggedinuser = $builder->build({
109 source => 'Borrower',
111 branchcode => $branchcode,
112 categorycode => $categorycode,
113 flags => 16 # borrowers flag
117 $session = C4::Auth::get_session('');
118 $session->param('number', $loggedinuser->{ borrowernumber });
119 $session->param('id', $loggedinuser->{ userid });
120 $session->param('ip', '127.0.0.1');
121 $session->param('lasttime', time());
124 $tx = $t->ua->build_tx(GET => '/api/v1/patrons');
125 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
126 $tx->req->env({REMOTE_ADDR => '127.0.0.1'});
130 $tx = $t->ua->build_tx(GET => "/api/v1/patrons/" . $borrower->{ borrowernumber });
131 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
134 ->json_is('/borrowernumber' => $borrower->{ borrowernumber })
135 ->json_is('/surname' => $borrower->{ surname })
136 ->json_is('/lost' => 1 );
138 $schema->storage->txn_rollback;