search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 20167: Regression test
[koha.git] / t / db_dependent / api / v1 / holds.t
blobb3e3678c0c7216c78968595005cd661e9809c567
1 #!/usr/bin/env perl
2
3 # This file is part of Koha.
4 #
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
8 # version.
9 #
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
17
18 use Modern::Perl;
19
20 use Test::More tests => 5;
21 use Test::Mojo;
22 use t::lib::TestBuilder;
23 use t::lib::Mocks;
24
25 use DateTime;
26
27 use C4::Context;
28 use C4::Reserves;
29 use C4::Items;
30
31 use Koha::Database;
32 use Koha::DateUtils;
33 use Koha::Biblios;
34 use Koha::Biblioitems;
35 use Koha::Items;
36 use Koha::Patrons;
37
38 my $schema = Koha::Database->new->schema;
39 my $builder = t::lib::TestBuilder->new();
40
41 $schema->storage->txn_begin;
42
43 # FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
44 # this affects the other REST api tests
45 t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
46
47 $ENV{REMOTE_ADDR} = '127.0.0.1';
48 my $t = Test::Mojo->new('Koha::REST::V1');
49 my $tx;
50
51 my $categorycode = $builder->build({ source => 'Category' })->{categorycode};
52 my $branchcode = $builder->build({ source => 'Branch' })->{branchcode};
53 my $itemtype = $builder->build({ source => 'Itemtype' })->{itemtype};
54
55 # User without any permissions
56 my $nopermission = $builder->build({
57 source => 'Borrower',
58 value => {
59 branchcode => $branchcode,
60 categorycode => $categorycode,
61 flags => 0
62 }
63 });
64 my $session_nopermission = C4::Auth::get_session('');
65 $session_nopermission->param('number', $nopermission->{ borrowernumber });
66 $session_nopermission->param('id', $nopermission->{ userid });
67 $session_nopermission->param('ip', '127.0.0.1');
68 $session_nopermission->param('lasttime', time());
69 $session_nopermission->flush;
70
71 my $patron_1 = $builder->build_object(
72 {
73 class => 'Koha::Patrons',
74 value => {
75 categorycode => $categorycode,
76 branchcode => $branchcode,
77 surname => 'Test Surname',
78 flags => 80, #borrowers and reserveforothers flags
79 }
80 }
81 );
82
83 my $patron_2 = $builder->build_object(
84 {
85 class => 'Koha::Patrons',
86 value => {
87 categorycode => $categorycode,
88 branchcode => $branchcode,
89 surname => 'Test Surname 2',
90 flags => 16, # borrowers flag
91 }
92 }
93 );
94
95 my $patron_3 = $builder->build_object(
96 {
97 class => 'Koha::Patrons',
98 value => {
99 categorycode => $categorycode,
100 branchcode => $branchcode,
101 surname => 'Test Surname 3',
102 flags => 64, # reserveforothers flag
103 }
104 }
105 );
106
107 # Get sessions
108 my $session = C4::Auth::get_session('');
109 $session->param('number', $patron_1->borrowernumber);
110 $session->param('id', $patron_1->userid);
111 $session->param('ip', '127.0.0.1');
112 $session->param('lasttime', time());
113 $session->flush;
114 my $session2 = C4::Auth::get_session('');
115 $session2->param('number', $patron_2->borrowernumber);
116 $session2->param('id', $patron_2->userid);
117 $session2->param('ip', '127.0.0.1');
118 $session2->param('lasttime', time());
119 $session2->flush;
120 my $session3 = C4::Auth::get_session('');
121 $session3->param('number', $patron_3->borrowernumber);
122 $session3->param('id', $patron_3->userid);
123 $session3->param('ip', '127.0.0.1');
124 $session3->param('lasttime', time());
125 $session3->flush;
126
127 my $biblionumber = create_biblio('RESTful Web APIs');
128 my $item = create_item($biblionumber, 'TEST000001');
129 my $itemnumber = $item->{itemnumber};
130 $item->{itype} = $itemtype;
131 C4::Items::ModItem($item, $biblionumber, $itemnumber);
132
133 my $biblionumber2 = create_biblio('RESTful Web APIs');
134 my $item2 = create_item($biblionumber2, 'TEST000002');
135 my $itemnumber2 = $item2->{itemnumber};
136
137 my $dbh = C4::Context->dbh;
138 $dbh->do('DELETE FROM reserves');
139 $dbh->do('DELETE FROM issuingrules');
140 $dbh->do(q{
141 INSERT INTO issuingrules (categorycode, branchcode, itemtype, reservesallowed)
142 VALUES (?, ?, ?, ?)
143 }, {}, '*', '*', '*', 1);
144
145 my $reserve_id = C4::Reserves::AddReserve($branchcode, $patron_1->borrowernumber,
146 $biblionumber, undef, 1, undef, undef, undef, '', $itemnumber);
147
148 # Add another reserve to be able to change first reserve's rank
149 my $reserve_id2 = C4::Reserves::AddReserve($branchcode, $patron_2->borrowernumber,
150 $biblionumber, undef, 2, undef, undef, undef, '', $itemnumber);
151
152 my $suspend_until = DateTime->now->add(days => 10)->ymd;
153 my $expirationdate = DateTime->now->add(days => 10)->ymd;
154
155 my $post_data = {
156 borrowernumber => int($patron_1->borrowernumber),
157 biblionumber => int($biblionumber),
158 itemnumber => int($itemnumber),
159 branchcode => $branchcode,
160 expirationdate => $expirationdate,
161 };
162 my $put_data = {
163 priority => 2,
164 suspend_until => $suspend_until,
165 };
166
167 subtest "Test endpoints without authentication" => sub {
168 plan tests => 8;
169 $t->get_ok('/api/v1/holds')
170 ->status_is(401);
171 $t->post_ok('/api/v1/holds')
172 ->status_is(401);
173 $t->put_ok('/api/v1/holds/0')
174 ->status_is(401);
175 $t->delete_ok('/api/v1/holds/0')
176 ->status_is(401);
177 };
178
179
180 subtest "Test endpoints without permission" => sub {
181 plan tests => 10;
182
183 $tx = $t->ua->build_tx(GET => "/api/v1/holds?borrowernumber=" . $patron_1->borrowernumber);
184 $tx->req->cookies({name => 'CGISESSID', value => $session_nopermission->id});
185 $t->request_ok($tx) # no permission
186 ->status_is(403);
187 $tx = $t->ua->build_tx(GET => "/api/v1/holds?borrowernumber=" . $patron_1->borrowernumber);
188 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
189 $t->request_ok($tx) # reserveforothers permission
190 ->status_is(403);
191 $tx = $t->ua->build_tx(POST => "/api/v1/holds" => json => $post_data );
192 $tx->req->cookies({name => 'CGISESSID', value => $session_nopermission->id});
193 $t->request_ok($tx) # no permission
194 ->status_is(403);
195 $tx = $t->ua->build_tx(PUT => "/api/v1/holds/0" => json => $put_data );
196 $tx->req->cookies({name => 'CGISESSID', value => $session_nopermission->id});
197 $t->request_ok($tx) # no permission
198 ->status_is(403);
199 $tx = $t->ua->build_tx(DELETE => "/api/v1/holds/0");
200 $tx->req->cookies({name => 'CGISESSID', value => $session_nopermission->id});
201 $t->request_ok($tx) # no permission
202 ->status_is(403);
203 };
204 subtest "Test endpoints without permission, but accessing own object" => sub {
205 plan tests => 16;
206
207 my $borrno_tmp = $post_data->{'borrowernumber'};
208 $post_data->{'borrowernumber'} = int $nopermission->{'borrowernumber'};
209 $tx = $t->ua->build_tx(POST => "/api/v1/holds" => json => $post_data);
210 $tx->req->cookies({name => 'CGISESSID', value => $session_nopermission->id});
211 $t->request_ok($tx) # create hold to myself
212 ->status_is(201)
213 ->json_has('/reserve_id');
214
215 $post_data->{'borrowernumber'} = $borrno_tmp;
216 $tx = $t->ua->build_tx(GET => "/api/v1/holds?borrowernumber=".$nopermission-> { borrowernumber });
217 $tx->req->cookies({name => 'CGISESSID', value => $session_nopermission->id});
218 $t->request_ok($tx) # get my own holds
219 ->status_is(200)
220 ->json_is('/0/borrowernumber', $nopermission->{ borrowernumber })
221 ->json_is('/0/biblionumber', $biblionumber)
222 ->json_is('/0/itemnumber', $itemnumber)
223 ->json_is('/0/expirationdate', $expirationdate)
224 ->json_is('/0/branchcode', $branchcode);
225
226 my $reserve_id3 = Koha::Holds->find({ borrowernumber => $nopermission->{borrowernumber} })->reserve_id;
227 $tx = $t->ua->build_tx(PUT => "/api/v1/holds/$reserve_id3" => json => $put_data);
228 $tx->req->cookies({name => 'CGISESSID', value => $session_nopermission->id});
229 $t->request_ok($tx) # create hold to myself
230 ->status_is(200)->json_is( '/reserve_id', $reserve_id3 )->json_is(
231 '/suspend_until',
232 output_pref(
233 {
234 dateformat => 'rfc3339',
235 dt => dt_from_string( $suspend_until . ' 00:00:00', 'sql' )
236 }
237 )
238 )
239 ->json_is( '/priority', 2 )
240 ->json_is( '/itemnumber', $itemnumber );
241 };
242
243 subtest "Test endpoints with permission" => sub {
244 plan tests => 45;
245
246 $tx = $t->ua->build_tx(GET => '/api/v1/holds');
247 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
248 $t->request_ok($tx)
249 ->status_is(200)
250 ->json_has('/0')
251 ->json_has('/1')
252 ->json_has('/2')
253 ->json_hasnt('/3');
254
255 $tx = $t->ua->build_tx(GET => '/api/v1/holds?priority=2');
256 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
257 $t->request_ok($tx)
258 ->status_is(200)
259 ->json_is('/0/borrowernumber', $nopermission->{borrowernumber})
260 ->json_hasnt('/1');
261
262 $tx = $t->ua->build_tx(PUT => "/api/v1/holds/$reserve_id" => json => $put_data);
263 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
264 $t->request_ok($tx)->status_is(200)->json_is( '/reserve_id', $reserve_id )
265 ->json_is(
266 '/suspend_until',
267 output_pref(
268 {
269 dateformat => 'rfc3339',
270 dt => dt_from_string( $suspend_until . ' 00:00:00', 'sql' )
271 }
272 )
273 )
274 ->json_is( '/priority', 2 );
275
276 $tx = $t->ua->build_tx(DELETE => "/api/v1/holds/$reserve_id");
277 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
278 $t->request_ok($tx)
279 ->status_is(200);
280
281 $tx = $t->ua->build_tx(PUT => "/api/v1/holds/$reserve_id" => json => $put_data);
282 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
283 $t->request_ok($tx)
284 ->status_is(404)
285 ->json_has('/error');
286
287 $tx = $t->ua->build_tx(DELETE => "/api/v1/holds/$reserve_id");
288 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
289 $t->request_ok($tx)
290 ->status_is(404)
291 ->json_has('/error');
292
293 $tx = $t->ua->build_tx(GET => "/api/v1/holds?borrowernumber=" . $patron_1->borrowernumber);
294 $tx->req->cookies({name => 'CGISESSID', value => $session2->id}); # get with borrowers flag
295 $t->request_ok($tx)
296 ->status_is(200)
297 ->json_is([]);
298
299 my $inexisting_borrowernumber = $patron_2->borrowernumber * 2;
300 $tx = $t->ua->build_tx(GET => "/api/v1/holds?borrowernumber=$inexisting_borrowernumber");
301 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
302 $t->request_ok($tx)
303 ->status_is(200)
304 ->json_is([]);
305
306 $tx = $t->ua->build_tx(DELETE => "/api/v1/holds/$reserve_id2");
307 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
308 $t->request_ok($tx)
309 ->status_is(200);
310
311 $tx = $t->ua->build_tx(POST => "/api/v1/holds" => json => $post_data);
312 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
313 $t->request_ok($tx)
314 ->status_is(201)
315 ->json_has('/reserve_id');
316 $reserve_id = $t->tx->res->json->{reserve_id};
317
318 $tx = $t->ua->build_tx(GET => "/api/v1/holds?borrowernumber=" . $patron_1->borrowernumber);
319 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
320 $t->request_ok($tx)
321 ->status_is(200)
322 ->json_is('/0/reserve_id', $reserve_id)
323 ->json_is('/0/expirationdate', $expirationdate)
324 ->json_is('/0/branchcode', $branchcode);
325
326 $tx = $t->ua->build_tx(POST => "/api/v1/holds" => json => $post_data);
327 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
328 $t->request_ok($tx)
329 ->status_is(403)
330 ->json_like('/error', qr/itemAlreadyOnHold/);
331
332 $post_data->{biblionumber} = int($biblionumber2);
333 $post_data->{itemnumber} = int($itemnumber2);
334 $tx = $t->ua->build_tx(POST => "/api/v1/holds" => json => $post_data);
335 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
336 $t->request_ok($tx)
337 ->status_is(403)
338 ->json_like('/error', qr/tooManyReserves/);
339 };
340
341
342 subtest 'Reserves with itemtype' => sub {
343 plan tests => 9;
344
345 my $post_data = {
346 borrowernumber => int($patron_1->borrowernumber),
347 biblionumber => int($biblionumber),
348 branchcode => $branchcode,
349 itemtype => $itemtype,
350 };
351
352 $tx = $t->ua->build_tx(DELETE => "/api/v1/holds/$reserve_id");
353 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
354 $t->request_ok($tx)
355 ->status_is(200);
356
357 $tx = $t->ua->build_tx(POST => "/api/v1/holds" => json => $post_data);
358 $tx->req->cookies({name => 'CGISESSID', value => $session3->id});
359 $t->request_ok($tx)
360 ->status_is(201)
361 ->json_has('/reserve_id');
362
363 $reserve_id = $t->tx->res->json->{reserve_id};
364
365 $tx = $t->ua->build_tx(GET => "/api/v1/holds?borrowernumber=" . $patron_1->borrowernumber);
366 $tx->req->cookies({name => 'CGISESSID', value => $session->id});
367 $t->request_ok($tx)
368 ->status_is(200)
369 ->json_is('/0/reserve_id', $reserve_id)
370 ->json_is('/0/itemtype', $itemtype);
371 };
372
373 $schema->storage->txn_rollback;
374
375 sub create_biblio {
376 my ($title) = @_;
377
378 my $biblio = Koha::Biblio->new( { title => $title } )->store;
379 my $biblioitem = Koha::Biblioitem->new({biblionumber => $biblio->biblionumber})->store;
380
381 return $biblio->biblionumber;
382 }
383
384 sub create_item {
385 my ( $biblionumber, $barcode ) = @_;
386
387 Koha::Items->search( { barcode => $barcode } )->delete;
388 my $builder = t::lib::TestBuilder->new;
389 my $item = $builder->build(
390 {
391 source => 'Item',
392 value => {
393 biblionumber => $biblionumber,
394 barcode => $barcode,
395 }
396 }
397 );
398
399 return $item;
400 }
Koha ILS