Bug 13895: Remove the opac checks in privileged endpoint

Test plan:
prove t/db_dependent/api/v1/checkouts.t

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/Koha/REST/V1/Checkout.pm b/Koha/REST/V1/Checkout.pm
index 14a623b..a454fc4 100644 (file)
--- a/Koha/REST/V1/Checkout.pm
+++ b/Koha/REST/V1/Checkout.pm
@@ -105,17 +105,6 @@ sub renew {
     my $borrowernumber = $checkout->borrowernumber;
     my $itemnumber = $checkout->itemnumber;
 
-    # Disallow renewal if OpacRenewalAllowed is off and user has insufficient rights
-    unless (C4::Context->preference('OpacRenewalAllowed')) {
-        my $user = $c->stash('koha.user');
-        unless ($user && haspermission($user->userid, { circulate => "circulate_remaining_permissions" })) {
-            return $c->render(
-                status => 403,
-                openapi => { error => "Opac Renewal not allowed"}
-            );
-        }
-    }
-
     my ($can_renew, $error) = C4::Circulation::CanBookBeRenewed(
         $borrowernumber, $itemnumber);
 

diff --git a/t/db_dependent/api/v1/checkouts.t b/t/db_dependent/api/v1/checkouts.t
index 141beb4..d32cb55 100644 (file)
--- a/t/db_dependent/api/v1/checkouts.t
+++ b/t/db_dependent/api/v1/checkouts.t
@@ -17,7 +17,7 @@
 
 use Modern::Perl;
 
-use Test::More tests => 57;
+use Test::More tests => 54;
 use Test::MockModule;
 use Test::Mojo;
 use t::lib::Mocks;
@@ -187,14 +187,6 @@ $t->request_ok($tx)
               required_permissions => { circulate => "circulate_remaining_permissions" }
                                                });
 
-t::lib::Mocks::mock_preference( "OpacRenewalAllowed", 0 );
-$tx = $t->ua->build_tx(PUT => "/api/v1/checkouts/" . $issue2->issue_id);
-$tx->req->cookies({name => 'CGISESSID', value => $patron_session->id});
-$t->request_ok($tx)
-  ->status_is(403)
-  ->json_is({ error => "Opac Renewal not allowed" });
-
-t::lib::Mocks::mock_preference( "OpacRenewalAllowed", 1 );
 $tx = $t->ua->build_tx(PUT => "/api/v1/checkouts/" . $issue2->issue_id);
 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
 $t->request_ok($tx)