From 4672e6e6c40cf595da7e836525e5b6e486f78efe Mon Sep 17 00:00:00 2001 From: Josef Moravec Date: Wed, 20 Feb 2019 21:30:49 +0000 Subject: [PATCH] Bug 13895: Remove the opac checks in privileged endpoint Test plan: prove t/db_dependent/api/v1/checkouts.t Signed-off-by: Nick Clemens --- Koha/REST/V1/Checkout.pm | 11 ----------- t/db_dependent/api/v1/checkouts.t | 10 +--------- 2 files changed, 1 insertion(+), 20 deletions(-) diff --git a/Koha/REST/V1/Checkout.pm b/Koha/REST/V1/Checkout.pm index 14a623b34a..a454fc4514 100644 --- a/Koha/REST/V1/Checkout.pm +++ b/Koha/REST/V1/Checkout.pm @@ -105,17 +105,6 @@ sub renew { my $borrowernumber = $checkout->borrowernumber; my $itemnumber = $checkout->itemnumber; - # Disallow renewal if OpacRenewalAllowed is off and user has insufficient rights - unless (C4::Context->preference('OpacRenewalAllowed')) { - my $user = $c->stash('koha.user'); - unless ($user && haspermission($user->userid, { circulate => "circulate_remaining_permissions" })) { - return $c->render( - status => 403, - openapi => { error => "Opac Renewal not allowed"} - ); - } - } - my ($can_renew, $error) = C4::Circulation::CanBookBeRenewed( $borrowernumber, $itemnumber); diff --git a/t/db_dependent/api/v1/checkouts.t b/t/db_dependent/api/v1/checkouts.t index 141beb4b05..d32cb5595f 100644 --- a/t/db_dependent/api/v1/checkouts.t +++ b/t/db_dependent/api/v1/checkouts.t @@ -17,7 +17,7 @@ use Modern::Perl; -use Test::More tests => 57; +use Test::More tests => 54; use Test::MockModule; use Test::Mojo; use t::lib::Mocks; @@ -187,14 +187,6 @@ $t->request_ok($tx) required_permissions => { circulate => "circulate_remaining_permissions" } }); -t::lib::Mocks::mock_preference( "OpacRenewalAllowed", 0 ); -$tx = $t->ua->build_tx(PUT => "/api/v1/checkouts/" . $issue2->issue_id); -$tx->req->cookies({name => 'CGISESSID', value => $patron_session->id}); -$t->request_ok($tx) - ->status_is(403) - ->json_is({ error => "Opac Renewal not allowed" }); - -t::lib::Mocks::mock_preference( "OpacRenewalAllowed", 1 ); $tx = $t->ua->build_tx(PUT => "/api/v1/checkouts/" . $issue2->issue_id); $tx->req->cookies({name => 'CGISESSID', value => $session->id}); $t->request_ok($tx) -- 2.39.5