From 6853a2d7f6bf8795b204beeeaa65a8eb61f09308 Mon Sep 17 00:00:00 2001 From: Agustin Moyano Date: Tue, 10 Nov 2020 13:59:01 -0300 Subject: [PATCH] Bug 23019: (follow-up) Fix test permissions and API definition bugs Signed-off-by: Jonathan Druart --- api/v1/swagger/paths.json | 4 +- .../swagger/paths/import_batch_profiles.json | 12 +-- t/db_dependent/api/v1/import_batch_profiles.t | 73 +++++++++++++++++-- 3 files changed, 76 insertions(+), 13 deletions(-) diff --git a/api/v1/swagger/paths.json b/api/v1/swagger/paths.json index ebe8a0bf8a..14894fb546 100644 --- a/api/v1/swagger/paths.json +++ b/api/v1/swagger/paths.json @@ -113,8 +113,8 @@ "/import_batch_profiles": { "$ref": "paths/import_batch_profiles.json#/~1import_batch_profiles" }, - "/import_batch_profiles/{profile_id}": { - "$ref": "paths/import_batch_profiles.json#/~1import_batch_profiles~1{profile_id}" + "/import_batch_profiles/{import_batch_profile_id}": { + "$ref": "paths/import_batch_profiles.json#/~1import_batch_profiles~1{import_batch_profile_id}" }, "/rotas/{rota_id}/stages/{stage_id}/position": { "$ref": "paths/rotas.json#/~1rotas~1{rota_id}~1stages~1{stage_id}~1position" diff --git a/api/v1/swagger/paths/import_batch_profiles.json b/api/v1/swagger/paths/import_batch_profiles.json index db802f492b..588a67d6e4 100644 --- a/api/v1/swagger/paths/import_batch_profiles.json +++ b/api/v1/swagger/paths/import_batch_profiles.json @@ -67,7 +67,7 @@ }, "x-koha-authorization": { "permissions": { - "catalogue": "1" + "tools": "stage_marc_import" } } }, @@ -182,12 +182,12 @@ }, "x-koha-authorization": { "permissions": { - "catalogue": "1" + "tools": "stage_marc_import" } } } }, - "/import_batch_profiles/{profile_id}": { + "/import_batch_profiles/{import_batch_profile_id}": { "put": { "x-mojo-to": "ImportBatchProfiles#edit", "operationId": "editImportBatchProfiles", @@ -196,7 +196,7 @@ ], "parameters": [ { - "$ref": "../parameters.json#/profile_id_pp" + "$ref": "../parameters.json#/import_batch_profile_id_pp" }, { "name": "body", @@ -302,7 +302,7 @@ }, "x-koha-authorization": { "permissions": { - "catalogue": "1" + "tools": "stage_marc_import" } } }, @@ -311,7 +311,7 @@ "operationId": "deleteImportBatchProfiles", "tags": ["ImportBatchProfiles"], "parameters": [{ - "$ref": "../parameters.json#/profile_id_pp" + "$ref": "../parameters.json#/import_batch_profile_id_pp" } ], "produces": ["application/json"], diff --git a/t/db_dependent/api/v1/import_batch_profiles.t b/t/db_dependent/api/v1/import_batch_profiles.t index cda2f2da47..817067b37a 100755 --- a/t/db_dependent/api/v1/import_batch_profiles.t +++ b/t/db_dependent/api/v1/import_batch_profiles.t @@ -17,7 +17,7 @@ use Modern::Perl; -use Test::More tests => 4; +use Test::More tests => 5; use Test::Mojo; use t::lib::TestBuilder; use t::lib::Mocks; @@ -27,11 +27,50 @@ use Koha::ImportBatchProfiles; my $schema = Koha::Database->new->schema; my $builder = t::lib::TestBuilder->new(); +my $dbh = C4::Context->dbh; t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 ); my $t = Test::Mojo->new('Koha::REST::V1'); +subtest 'unauth access' => sub { + plan tests => 4; + + $schema->storage->txn_begin; + + # Patron without specific flag + my $patron1 = $builder->build_object( + { + class => 'Koha::Patrons', + value => { + flags => 4 + } + } + ); + + # Patron with correct flag, but without specific permission + my $patron2 = $builder->build_object( + { + class => 'Koha::Patrons', + value => { + flags => 4096 + } + } + ); + + my $uid = $patron1->userid; + my $pwd = $patron1->password; + $t->get_ok("//$uid:$pwd@/api/v1/import_batch_profiles?_order_by=+name") + ->status_is(403); + + $uid = $patron1->userid; + $pwd = $patron1->password; + $t->get_ok("//$uid:$pwd@/api/v1/import_batch_profiles?_order_by=+name") + ->status_is(403); + + $schema->storage->txn_rollback; +}; + subtest 'list profiles' => sub { plan tests => 4; @@ -46,11 +85,17 @@ subtest 'list profiles' => sub { { class => 'Koha::Patrons', value => { - flags => 1 + flags => 4096 } } ); + my $sth = $dbh->prepare("INSERT INTO user_permissions (borrowernumber, module_bit, code) + SELECT ?, bit, ? + FROM userflags + WHERE flag = ?"); + $sth->execute($patron->borrowernumber, 'stage_marc_import', 'tools'); + my $pwd = 'thePassword123'; $patron->set_password( { password => $pwd, skip_validation => 1 } ); @@ -77,11 +122,17 @@ subtest 'add profile' => sub { { class => 'Koha::Patrons', value => { - flags => 1 + flags => 4096 } } ); + my $sth = $dbh->prepare("INSERT INTO user_permissions (borrowernumber, module_bit, code) + SELECT ?, bit, ? + FROM userflags + WHERE flag = ?"); + $sth->execute($patron->borrowernumber, 'stage_marc_import', 'tools'); + my $pwd = 'thePassword123'; $patron->set_password( { password => $pwd, skip_validation => 1 } ); @@ -112,11 +163,17 @@ subtest 'edit profile' => sub { { class => 'Koha::Patrons', value => { - flags => 1 + flags => 4096 } } ); + my $sth = $dbh->prepare("INSERT INTO user_permissions (borrowernumber, module_bit, code) + SELECT ?, bit, ? + FROM userflags + WHERE flag = ?"); + $sth->execute($patron->borrowernumber, 'stage_marc_import', 'tools'); + my $pwd = 'thePassword123'; $patron->set_password( { password => $pwd, skip_validation => 1 } ); @@ -153,11 +210,17 @@ subtest 'delete profile' => sub { { class => 'Koha::Patrons', value => { - flags => 1 + flags => 4096 } } ); + my $sth = $dbh->prepare("INSERT INTO user_permissions (borrowernumber, module_bit, code) + SELECT ?, bit, ? + FROM userflags + WHERE flag = ?"); + $sth->execute($patron->borrowernumber, 'stage_marc_import', 'tools'); + my $pwd = 'thePassword123'; $patron->set_password( { password => $pwd, skip_validation => 1 } ); -- 2.39.5