[koha.git] / t / db_dependent / api / v1 / clubs_holds.t

#!/usr/bin/env perl

# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

use Modern::Perl;

use Test::More tests => 1;
use Test::Mojo;
use Test::Warn;

use t::lib::TestBuilder;
use t::lib::Mocks;

use C4::Auth;
use Koha::Database;

my $schema  = Koha::Database->new->schema;
my $builder = t::lib::TestBuilder->new;

# FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
# this affects the other REST api tests
t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );

my $remote_address = '127.0.0.1';
my $t              = Test::Mojo->new('Koha::REST::V1');

subtest 'add() tests' => sub {
    plan tests => 2;

    $schema->storage->txn_begin;

    my ($club_with_enrollments, $club_without_enrollments, $item, @enrollments) = create_test_data();

    unauthorized_access_tests('POST', "/api/v1/clubs/".$club_with_enrollments->id."/holds", undef, {
        biblio_id => $item->biblionumber,
        pickup_library_id => $item->home_branch->branchcode
    });

    $schema->storage->txn_rollback;

    subtest 'librarian access tests' => sub {
        plan tests => 8;

        $schema->storage->txn_begin;

        my ($club_with_enrollments, $club_without_enrollments, $item, @enrollments) = create_test_data();

        my ( undef, $session_id ) = create_user_and_session({ authorized => 1 });
        my $data = {
            biblio_id => $item->biblionumber,
            pickup_library_id => $item->home_branch->branchcode
        };
        my $tx = $t->ua->build_tx(POST => "/api/v1/clubs/".$club_without_enrollments->id."/holds" => json => $data);
        $tx->req->cookies({ name => 'CGISESSID', value => $session_id });
        $t->request_ok($tx)
            ->status_is(500)
            ->json_is('/error' => "Cannot place a hold on a club without patrons.");

        $tx = $t->ua->build_tx(POST => "/api/v1/clubs/".$club_with_enrollments->id."/holds" => json => $data);
        $tx->req->cookies({ name => 'CGISESSID', value => $session_id });
        $t->request_ok($tx)
          ->status_is(201, 'Created Hold')
          ->json_has('/club_hold_id', 'got a club hold id')
          ->json_is( '/club_id' => $club_with_enrollments->id)
          ->json_is( '/biblio_id'    => $item->biblionumber);

        $schema->storage->txn_rollback;
    };
};

sub unauthorized_access_tests {
    my ($verb, $endpoint, $club_hold_id, $json) = @_;

    $endpoint .= ($club_hold_id) ? "/$club_hold_id" : '';

    subtest 'unauthorized access tests' => sub {
        plan tests => 5;

        my $tx = $t->ua->build_tx($verb => $endpoint => json => $json);
        $t->request_ok($tx)
          ->status_is(401);

        my ($borrowernumber, $session_id) = create_user_and_session({
            authorized => 0 });

        $tx = $t->ua->build_tx($verb => $endpoint => json => $json);
        $tx->req->cookies({name => 'CGISESSID', value => $session_id});
        $t->request_ok($tx)
          ->status_is(403)
          ->json_has('/required_permissions');
    };
}

sub create_user_and_session {

    my $args  = shift;
    my $flags = ( $args->{authorized} ) ? 64 : 0;

    my $user = $builder->build(
        {
            source => 'Borrower',
            value  => {
                flags => $flags,
                gonenoaddress => 0,
                lost => 0,
                email => 'nobody@example.com',
                emailpro => 'nobody@example.com',
                B_email => 'nobody@example.com'
            }
        }
    );

    # Create a session for the authorized user
    my $session = C4::Auth::get_session('');
    $session->param( 'number',   $user->{borrowernumber} );
    $session->param( 'id',       $user->{userid} );
    $session->param( 'ip',       '127.0.0.1' );
    $session->param( 'lasttime', time() );
    $session->flush;

    return ( $user->{borrowernumber}, $session->id );
}

sub create_test_data {
    my $club_with_enrollments = $builder->build_object( { class => 'Koha::Clubs' } );
    my $club_without_enrollments = $builder->build_object( { class => 'Koha::Clubs' } );
    my $enrollment1 = $builder->build_object( { class => 'Koha::Club::Enrollments', value => { club_id => $club_with_enrollments->id, date_canceled => undef } } );
    my $enrollment2 = $builder->build_object( { class => 'Koha::Club::Enrollments', value => { club_id => $club_with_enrollments->id, date_canceled => undef } } );
    my $enrollment3 = $builder->build_object( { class => 'Koha::Club::Enrollments', value => { club_id => $club_with_enrollments->id, date_canceled => undef } } );
    my $enrollment4 = $builder->build_object( { class => 'Koha::Club::Enrollments', value => { club_id => $club_with_enrollments->id, date_canceled => undef } } );
    my $enrollment5 = $builder->build_object( { class => 'Koha::Club::Enrollments', value => { club_id => $club_with_enrollments->id, date_canceled => undef } } );
    my $enrollment6 = $builder->build_object( { class => 'Koha::Club::Enrollments', value => { club_id => $club_with_enrollments->id, date_canceled => undef } } );
    my $item        = $builder->build_sample_item();
    return ( $club_with_enrollments, $club_without_enrollments, $item, [ $enrollment1, $enrollment2, $enrollment3, $enrollment4, $enrollment5, $enrollment6 ] );
}