From 69c01ee0f2dccd04cfbe8201ba580a15727f5280 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 1 Dec 2020 11:44:04 +0100 Subject: [PATCH] Bug 27117: Only place_holds permission is needed to adjust pickup locations The GET /pickup_locations route is requesting the whole reserveforothers permission whereas only the subpermission place_holds is needed. Test plan: 0. Don't apply this patch 1. Set the subpermission place_holds but modify_holds_priority 2. Edit a hold and click the pickup library dropdown list 3. You get a JS alert and log displays GET /api/v1/app.pl/api/v1/holds/5/pickup_locations 403 Forbidden 4. Apply this patch 5. Reload the page, click the dropdown list, modify the pickup location and save => Success! Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart --- api/v1/swagger/paths/holds.json | 2 +- t/db_dependent/api/v1/holds.t | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/api/v1/swagger/paths/holds.json b/api/v1/swagger/paths/holds.json index 3792985c8c..386b4a9470 100644 --- a/api/v1/swagger/paths/holds.json +++ b/api/v1/swagger/paths/holds.json @@ -672,7 +672,7 @@ }, "x-koha-authorization": { "permissions": { - "reserveforothers": "1" + "reserveforothers": "place_holds" } } } diff --git a/t/db_dependent/api/v1/holds.t b/t/db_dependent/api/v1/holds.t index 6d692d576d..7310a67153 100755 --- a/t/db_dependent/api/v1/holds.t +++ b/t/db_dependent/api/v1/holds.t @@ -690,11 +690,21 @@ subtest 'pickup_locations() tests' => sub { my $patron = $builder->build_object( { class => 'Koha::Patrons', - value => { userid => 'tomasito', flags => 1 } + value => { userid => 'tomasito', flags => 0 } } ); $patron->set_password( { password => $password, skip_validation => 1 } ); my $userid = $patron->userid; + $builder->build( + { + source => 'UserPermission', + value => { + borrowernumber => $patron->borrowernumber, + module_bit => 6, + code => 'place_holds', + }, + } + ); my $item_class = Test::MockModule->new('Koha::Item'); $item_class->mock( -- 2.39.5