3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test::More tests => 7;
24 use t::lib::TestBuilder;
29 use Koha::Patron::Debarments qw/AddDebarment/;
31 my $schema = Koha::Database->new->schema;
32 my $builder = t::lib::TestBuilder->new;
34 my $t = Test::Mojo->new('Koha::REST::V1');
35 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
37 subtest 'list() tests' => sub {
40 $schema->storage->txn_begin;
41 unauthorized_access_tests('GET', undef, undef);
42 $schema->storage->txn_rollback;
44 subtest 'librarian access tests' => sub {
47 $schema->storage->txn_begin;
49 my $librarian = $builder->build_object(
51 class => 'Koha::Patrons',
52 value => { flags => 2**4 } # borrowers flag = 4
55 my $password = 'thePassword123';
56 $librarian->set_password( { password => $password, skip_validation => 1 } );
57 my $userid = $librarian->userid;
59 $t->get_ok("//$userid:$password@/api/v1/patrons")
62 $t->get_ok("//$userid:$password@/api/v1/patrons?cardnumber=" . $librarian->cardnumber)
64 ->json_is('/0/cardnumber' => $librarian->cardnumber);
66 $t->get_ok("//$userid:$password@/api/v1/patrons?address2=" . $librarian->address2)
68 ->json_is('/0/address2' => $librarian->address2);
70 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
71 AddDebarment({ borrowernumber => $patron->borrowernumber });
73 $t->get_ok("//$userid:$password@/api/v1/patrons?restricted=" . Mojo::JSON->true . "&cardnumber=" . $patron->cardnumber )
75 ->json_has('/0/restricted')
76 ->json_is( '/0/restricted' => Mojo::JSON->true )
79 $schema->storage->txn_rollback;
83 subtest 'get() tests' => sub {
86 $schema->storage->txn_begin;
87 unauthorized_access_tests('GET', -1, undef);
88 $schema->storage->txn_rollback;
90 subtest 'librarian access tests' => sub {
93 $schema->storage->txn_begin;
95 my $librarian = $builder->build_object(
97 class => 'Koha::Patrons',
98 value => { flags => 2**4 } # borrowers flag = 4
101 my $password = 'thePassword123';
102 $librarian->set_password( { password => $password, skip_validation => 1 } );
103 my $userid = $librarian->userid;
105 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
107 $t->get_ok("//$userid:$password@/api/v1/patrons/" . $patron->id)
109 ->json_is('/patron_id' => $patron->id)
110 ->json_is('/category_id' => $patron->categorycode )
111 ->json_is('/surname' => $patron->surname)
112 ->json_is('/patron_card_lost' => Mojo::JSON->false );
114 $schema->storage->txn_rollback;
118 subtest 'add() tests' => sub {
121 $schema->storage->txn_begin;
123 my $patron = $builder->build_object( { class => 'Koha::Patrons' } )->to_api;
125 unauthorized_access_tests('POST', undef, $patron);
127 $schema->storage->txn_rollback;
129 subtest 'librarian access tests' => sub {
132 $schema->storage->txn_begin;
134 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
135 my $newpatron = $patron->to_api;
136 # delete RO attributes
137 delete $newpatron->{patron_id};
138 delete $newpatron->{restricted};
139 delete $newpatron->{anonymized};
141 # Create a library just to make sure its ID doesn't exist on the DB
142 my $library_to_delete = $builder->build_object({ class => 'Koha::Libraries' });
143 my $deleted_library_id = $library_to_delete->id;
145 $library_to_delete->delete;
147 my $librarian = $builder->build_object(
149 class => 'Koha::Patrons',
150 value => { flags => 2**4 } # borrowers flag = 4
153 my $password = 'thePassword123';
154 $librarian->set_password( { password => $password, skip_validation => 1 } );
155 my $userid = $librarian->userid;
157 $newpatron->{library_id} = $deleted_library_id;
160 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
162 ->json_is('/error' => "Duplicate ID"); }
163 qr/^DBD::mysql::st execute failed: Duplicate entry/;
165 $newpatron->{library_id} = $patron->branchcode;
167 # Create a library just to make sure its ID doesn't exist on the DB
168 my $category_to_delete = $builder->build_object({ class => 'Koha::Patron::Categories' });
169 my $deleted_category_id = $category_to_delete->id;
171 $category_to_delete->delete;
173 $newpatron->{category_id} = $deleted_category_id; # Test invalid patron category
175 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
177 ->json_is('/error' => "Given category_id does not exist");
178 $newpatron->{category_id} = $patron->categorycode;
180 $newpatron->{falseproperty} = "Non existent property";
182 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
185 delete $newpatron->{falseproperty};
187 my $patron_to_delete = $builder->build_object({ class => 'Koha::Patrons' });
188 $newpatron = $patron_to_delete->to_api;
189 # delete RO attributes
190 delete $newpatron->{patron_id};
191 delete $newpatron->{restricted};
192 delete $newpatron->{anonymized};
193 $patron_to_delete->delete;
195 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
196 ->status_is(201, 'Patron created successfully')
198 Location => qr|^\/api\/v1\/patrons/\d*|,
201 ->json_has('/patron_id', 'got a patron_id')
202 ->json_is( '/cardnumber' => $newpatron->{ cardnumber })
203 ->json_is( '/surname' => $newpatron->{ surname })
204 ->json_is( '/firstname' => $newpatron->{ firstname });
207 $t->post_ok("//$userid:$password@/api/v1/patrons" => json => $newpatron)
209 ->json_has( '/error', 'Fails when trying to POST duplicate cardnumber' )
210 ->json_like( '/conflict' => qr/(borrowers\.)?cardnumber/ ); }
211 qr/^DBD::mysql::st execute failed: Duplicate entry '(.*?)' for key '(borrowers\.)?cardnumber'/;
213 $schema->storage->txn_rollback;
217 subtest 'update() tests' => sub {
220 $schema->storage->txn_begin;
221 unauthorized_access_tests('PUT', 123, {email => 'nobody@example.com'});
222 $schema->storage->txn_rollback;
224 subtest 'librarian access tests' => sub {
227 $schema->storage->txn_begin;
229 my $authorized_patron = $builder->build_object(
231 class => 'Koha::Patrons',
232 value => { flags => 2**4 } # borrowers flag = 4
235 my $password = 'thePassword123';
236 $authorized_patron->set_password(
237 { password => $password, skip_validation => 1 } );
238 my $userid = $authorized_patron->userid;
240 my $unauthorized_patron = $builder->build_object(
242 class => 'Koha::Patrons',
243 value => { flags => 0 }
246 $unauthorized_patron->set_password( { password => $password, skip_validation => 1 } );
247 my $unauth_userid = $unauthorized_patron->userid;
249 my $patron_1 = $authorized_patron;
250 my $patron_2 = $unauthorized_patron;
251 my $newpatron = $unauthorized_patron->to_api;
252 # delete RO attributes
253 delete $newpatron->{patron_id};
254 delete $newpatron->{restricted};
255 delete $newpatron->{anonymized};
257 $t->put_ok("//$userid:$password@/api/v1/patrons/-1" => json => $newpatron)
259 ->json_has('/error', 'Fails when trying to PUT nonexistent patron');
261 # Create a library just to make sure its ID doesn't exist on the DB
262 my $category_to_delete = $builder->build_object({ class => 'Koha::Patron::Categories' });
263 my $deleted_category_id = $category_to_delete->id;
265 $category_to_delete->delete;
267 # Use an invalid category
268 $newpatron->{category_id} = $deleted_category_id;
270 $t->put_ok("//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron)
272 ->json_is('/error' => "Given category_id does not exist");
274 # Restore the valid category
275 $newpatron->{category_id} = $patron_2->categorycode;
277 # Create a library just to make sure its ID doesn't exist on the DB
278 my $library_to_delete = $builder->build_object({ class => 'Koha::Libraries' });
279 my $deleted_library_id = $library_to_delete->id;
281 $library_to_delete->delete;
283 # Use an invalid library_id
284 $newpatron->{library_id} = $deleted_library_id;
287 $t->put_ok("//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron)
289 ->json_is('/error' => "Given library_id does not exist"); }
290 qr/^DBD::mysql::st execute failed: Cannot add or update a child row: a foreign key constraint fails/;
292 # Restore the valid library_id
293 $newpatron->{library_id} = $patron_2->branchcode;
295 # Use an invalid attribute
296 $newpatron->{falseproperty} = "Non existent property";
298 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron )
300 ->json_is('/errors/0/message' =>
301 'Properties not allowed: falseproperty.');
303 # Get rid of the invalid attribute
304 delete $newpatron->{falseproperty};
306 # Set both cardnumber and userid to already existing values
307 $newpatron->{cardnumber} = $patron_1->cardnumber;
308 $newpatron->{userid} = $patron_1->userid;
311 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron )
313 ->json_has( '/error' => "Fails when trying to update to an existing cardnumber or userid")
314 ->json_like( '/conflict' => qr/(borrowers\.)?cardnumber/ ); }
315 qr/^DBD::mysql::st execute failed: Duplicate entry '(.*?)' for key '(borrowers\.)?cardnumber'/;
317 $newpatron->{ cardnumber } = $patron_1->id . $patron_2->id;
318 $newpatron->{ userid } = "user" . $patron_1->id.$patron_2->id;
319 $newpatron->{ surname } = "user" . $patron_1->id.$patron_2->id;
321 $t->put_ok( "//$userid:$password@/api/v1/patrons/" . $patron_2->borrowernumber => json => $newpatron )
322 ->status_is(200, 'Patron updated successfully')
323 ->json_has($newpatron);
324 is(Koha::Patrons->find( $patron_2->id )->cardnumber,
325 $newpatron->{ cardnumber }, 'Patron is really updated!');
327 $schema->storage->txn_rollback;
331 subtest 'delete() tests' => sub {
334 $schema->storage->txn_begin;
335 unauthorized_access_tests('DELETE', 123, undef);
336 $schema->storage->txn_rollback;
338 subtest 'librarian access test' => sub {
341 $schema->storage->txn_begin;
343 my $authorized_patron = $builder->build_object(
345 class => 'Koha::Patrons',
346 value => { flags => 2**4 } # borrowers flag = 4
349 my $password = 'thePassword123';
350 $authorized_patron->set_password(
351 { password => $password, skip_validation => 1 } );
352 my $userid = $authorized_patron->userid;
354 $t->delete_ok("//$userid:$password@/api/v1/patrons/-1")
355 ->status_is(404, 'Patron not found');
357 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
359 $t->delete_ok("//$userid:$password@/api/v1/patrons/" . $patron->borrowernumber)
360 ->status_is(200, 'Patron deleted successfully');
362 $schema->storage->txn_rollback;
366 subtest 'guarantors_can_see_charges() tests' => sub {
370 t::lib::Mocks::mock_preference( 'RESTPublicAPI', 1 );
371 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
373 $schema->storage->txn_begin;
375 my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { privacy_guarantor_fines => 0 } });
376 my $password = 'thePassword123';
377 $patron->set_password({ password => $password, skip_validation => 1 });
378 my $userid = $patron->userid;
379 my $patron_id = $patron->borrowernumber;
381 t::lib::Mocks::mock_preference( 'AllowPatronToSetFinesVisibilityForGuarantor', 0 );
383 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->true } )
385 ->json_is( '/error', 'The current configuration doesn\'t allow the requested action.' );
387 t::lib::Mocks::mock_preference( 'AllowPatronToSetFinesVisibilityForGuarantor', 1 );
389 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->true } )
393 ok( $patron->discard_changes->privacy_guarantor_fines, 'privacy_guarantor_fines has been set correctly' );
395 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_charges" => json => { allowed => Mojo::JSON->false } )
399 ok( !$patron->discard_changes->privacy_guarantor_fines, 'privacy_guarantor_fines has been set correctly' );
401 $schema->storage->txn_rollback;
404 subtest 'guarantors_can_see_checkouts() tests' => sub {
408 t::lib::Mocks::mock_preference( 'RESTPublicAPI', 1 );
409 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
411 $schema->storage->txn_begin;
413 my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { privacy_guarantor_checkouts => 0 } });
414 my $password = 'thePassword123';
415 $patron->set_password({ password => $password, skip_validation => 1 });
416 my $userid = $patron->userid;
417 my $patron_id = $patron->borrowernumber;
419 t::lib::Mocks::mock_preference( 'AllowPatronToSetCheckoutsVisibilityForGuarantor', 0 );
421 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->true } )
423 ->json_is( '/error', 'The current configuration doesn\'t allow the requested action.' );
425 t::lib::Mocks::mock_preference( 'AllowPatronToSetCheckoutsVisibilityForGuarantor', 1 );
427 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->true } )
431 ok( $patron->discard_changes->privacy_guarantor_checkouts, 'privacy_guarantor_checkouts has been set correctly' );
433 $t->put_ok( "//$userid:$password@/api/v1/public/patrons/$patron_id/guarantors/can_see_checkouts" => json => { allowed => Mojo::JSON->false } )
437 ok( !$patron->discard_changes->privacy_guarantor_checkouts, 'privacy_guarantor_checkouts has been set correctly' );
439 $schema->storage->txn_rollback;
442 # Centralized tests for 401s and 403s assuming the endpoint requires
443 # borrowers flag for access
444 sub unauthorized_access_tests {
445 my ($verb, $patron_id, $json) = @_;
447 my $endpoint = '/api/v1/patrons';
448 $endpoint .= ($patron_id) ? "/$patron_id" : '';
450 subtest 'unauthorized access tests' => sub {
453 my $verb_ok = lc($verb) . '_ok';
455 $t->$verb_ok($endpoint => json => $json)
458 my $unauthorized_patron = $builder->build_object(
460 class => 'Koha::Patrons',
461 value => { flags => 0 }
464 my $password = "thePassword123!";
465 $unauthorized_patron->set_password(
466 { password => $password, skip_validation => 1 } );
467 my $unauth_userid = $unauthorized_patron->userid;
469 $t->$verb_ok( "//$unauth_userid:$password\@$endpoint" => json => $json )
471 ->json_has('/required_permissions');