search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 25898: Prohibit indirect object notation
[koha.git] / t / db_dependent / api / v1 / holds.t
blobff4f70ab1e84ba52798c78f9ba97a5db72d8363a
1 #!/usr/bin/env perl
2
3 # This file is part of Koha.
4 #
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
17
18 use Modern::Perl;
19
20 use Test::More tests => 9;
21 use Test::Mojo;
22 use t::lib::TestBuilder;
23 use t::lib::Mocks;
24
25 use DateTime;
26
27 use C4::Context;
28 use Koha::Patrons;
29 use C4::Reserves;
30 use C4::Items;
31
32 use Koha::Database;
33 use Koha::DateUtils;
34 use Koha::Biblios;
35 use Koha::Biblioitems;
36 use Koha::Items;
37 use Koha::CirculationRules;
38
39 my $schema = Koha::Database->new->schema;
40 my $builder = t::lib::TestBuilder->new();
41
42 $schema->storage->txn_begin;
43
44 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
45
46 my $t = Test::Mojo->new('Koha::REST::V1');
47
48 my $categorycode = $builder->build({ source => 'Category' })->{categorycode};
49 my $branchcode = $builder->build({ source => 'Branch' })->{branchcode};
50 my $branchcode2 = $builder->build({ source => 'Branch' })->{branchcode};
51 my $itemtype = $builder->build({ source => 'Itemtype' })->{itemtype};
52
53 # Generic password for everyone
54 my $password = 'thePassword123';
55
56 # User without any permissions
57 my $nopermission = $builder->build_object({
58 class => 'Koha::Patrons',
59 value => {
60 branchcode => $branchcode,
61 categorycode => $categorycode,
62 flags => 0
63 }
64 });
65 $nopermission->set_password( { password => $password, skip_validation => 1 } );
66 my $nopermission_userid = $nopermission->userid;
67
68 my $patron_1 = $builder->build_object(
69 {
70 class => 'Koha::Patrons',
71 value => {
72 categorycode => $categorycode,
73 branchcode => $branchcode,
74 surname => 'Test Surname',
75 flags => 80, #borrowers and reserveforothers flags
76 }
77 }
78 );
79 $patron_1->set_password( { password => $password, skip_validation => 1 } );
80 my $userid_1 = $patron_1->userid;
81
82 my $patron_2 = $builder->build_object(
83 {
84 class => 'Koha::Patrons',
85 value => {
86 categorycode => $categorycode,
87 branchcode => $branchcode,
88 surname => 'Test Surname 2',
89 flags => 16, # borrowers flag
90 }
91 }
92 );
93 $patron_2->set_password( { password => $password, skip_validation => 1 } );
94 my $userid_2 = $patron_2->userid;
95
96 my $patron_3 = $builder->build_object(
97 {
98 class => 'Koha::Patrons',
99 value => {
100 categorycode => $categorycode,
101 branchcode => $branchcode,
102 surname => 'Test Surname 3',
103 flags => 64, # reserveforothers flag
104 }
105 }
106 );
107 $patron_3->set_password( { password => $password, skip_validation => 1 } );
108 my $userid_3 = $patron_3->userid;
109
110 my $biblio_1 = $builder->build_sample_biblio;
111 my $item_1 = $builder->build_sample_item({ biblionumber => $biblio_1->biblionumber, itype => $itemtype });
112
113 my $biblio_2 = $builder->build_sample_biblio;
114 my $item_2 = $builder->build_sample_item({ biblionumber => $biblio_2->biblionumber, itype => $itemtype });
115
116 my $dbh = C4::Context->dbh;
117 $dbh->do('DELETE FROM reserves');
118 Koha::CirculationRules->search()->delete();
119 Koha::CirculationRules->set_rules(
120 {
121 categorycode => undef,
122 branchcode => undef,
123 itemtype => undef,
124 rules => {
125 reservesallowed => 1,
126 holds_per_record => 99
127 }
128 }
129 );
130
131 my $reserve_id = C4::Reserves::AddReserve(
132 {
133 branchcode => $branchcode,
134 borrowernumber => $patron_1->borrowernumber,
135 biblionumber => $biblio_1->biblionumber,
136 priority => 1,
137 itemnumber => $item_1->itemnumber,
138 }
139 );
140
141 # Add another reserve to be able to change first reserve's rank
142 my $reserve_id2 = C4::Reserves::AddReserve(
143 {
144 branchcode => $branchcode,
145 borrowernumber => $patron_2->borrowernumber,
146 biblionumber => $biblio_1->biblionumber,
147 priority => 2,
148 itemnumber => $item_1->itemnumber,
149 }
150 );
151
152 my $suspended_until = DateTime->now->add(days => 10)->truncate( to => 'day' );
153 my $expiration_date = DateTime->now->add(days => 10)->truncate( to => 'day' );
154
155 my $post_data = {
156 patron_id => int($patron_1->borrowernumber),
157 biblio_id => int($biblio_1->biblionumber),
158 item_id => int($item_1->itemnumber),
159 pickup_library_id => $branchcode,
160 expiration_date => output_pref({ dt => $expiration_date, dateformat => 'rfc3339', dateonly => 1 }),
161 priority => 2,
162 };
163 my $put_data = {
164 priority => 2,
165 suspended_until => output_pref({ dt => $suspended_until, dateformat => 'rfc3339' }),
166 };
167
168 subtest "Test endpoints without authentication" => sub {
169 plan tests => 8;
170 $t->get_ok('/api/v1/holds')
171 ->status_is(401);
172 $t->post_ok('/api/v1/holds')
173 ->status_is(401);
174 $t->put_ok('/api/v1/holds/0')
175 ->status_is(401);
176 $t->delete_ok('/api/v1/holds/0')
177 ->status_is(401);
178 };
179
180 subtest "Test endpoints without permission" => sub {
181
182 plan tests => 10;
183
184 $t->get_ok( "//$nopermission_userid:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber ) # no permission
185 ->status_is(403);
186
187 $t->get_ok( "//$userid_3:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber ) # no permission
188 ->status_is(403);
189
190 $t->post_ok( "//$nopermission_userid:$password@/api/v1/holds" => json => $post_data )
191 ->status_is(403);
192
193 $t->put_ok( "//$nopermission_userid:$password@/api/v1/holds/0" => json => $put_data )
194 ->status_is(403);
195
196 $t->delete_ok( "//$nopermission_userid:$password@/api/v1/holds/0" )
197 ->status_is(403);
198 };
199
200 subtest "Test endpoints with permission" => sub {
201
202 plan tests => 62;
203
204 $t->get_ok( "//$userid_1:$password@/api/v1/holds" )
205 ->status_is(200)
206 ->json_has('/0')
207 ->json_has('/1')
208 ->json_hasnt('/2');
209
210 $t->get_ok( "//$userid_1:$password@/api/v1/holds?priority=2" )
211 ->status_is(200)
212 ->json_is('/0/patron_id', $patron_2->borrowernumber)
213 ->json_hasnt('/1');
214
215 # While suspended_until is date-time, it's always set to midnight.
216 my $expected_suspended_until = $suspended_until->strftime('%FT00:00:00%z');
217 substr($expected_suspended_until, -2, 0, ':');
218
219 $t->put_ok( "//$userid_1:$password@/api/v1/holds/$reserve_id" => json => $put_data )
220 ->status_is(200)
221 ->json_is( '/hold_id', $reserve_id )
222 ->json_is( '/suspended_until', $expected_suspended_until )
223 ->json_is( '/priority', 2 )
224 ->json_is( '/pickup_library_id', $branchcode );
225
226 # Change only pickup library, everything else should remain
227 $t->put_ok( "//$userid_1:$password@/api/v1/holds/$reserve_id" => json => { pickup_library_id => $branchcode2 } )
228 ->status_is(200)
229 ->json_is( '/hold_id', $reserve_id )
230 ->json_is( '/suspended_until', $expected_suspended_until )
231 ->json_is( '/priority', 2 )
232 ->json_is( '/pickup_library_id', $branchcode2 );
233
234 # Reset suspended_until, everything else should remain
235 $t->put_ok( "//$userid_1:$password@/api/v1/holds/$reserve_id" => json => { suspended_until => undef } )
236 ->status_is(200)
237 ->json_is( '/hold_id', $reserve_id )
238 ->json_is( '/suspended_until', undef )
239 ->json_is( '/priority', 2 )
240 ->json_is( '/pickup_library_id', $branchcode2 );
241
242 $t->delete_ok( "//$userid_3:$password@/api/v1/holds/$reserve_id" )
243 ->status_is(204, 'SWAGGER3.2.4')
244 ->content_is('', 'SWAGGER3.3.4');
245
246 $t->put_ok( "//$userid_3:$password@/api/v1/holds/$reserve_id" => json => $put_data )
247 ->status_is(404)
248 ->json_has('/error');
249
250 $t->delete_ok( "//$userid_3:$password@/api/v1/holds/$reserve_id" )
251 ->status_is(404)
252 ->json_has('/error');
253
254 $t->get_ok( "//$userid_2:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber )
255 ->status_is(200)
256 ->json_is([]);
257
258 my $inexisting_borrowernumber = $patron_2->borrowernumber * 2;
259 $t->get_ok( "//$userid_1:$password@/api/v1/holds?patron_id=$inexisting_borrowernumber")
260 ->status_is(200)
261 ->json_is([]);
262
263 $t->delete_ok( "//$userid_3:$password@/api/v1/holds/$reserve_id2" )
264 ->status_is(204, 'SWAGGER3.2.4')
265 ->content_is('', 'SWAGGER3.3.4');
266
267 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
268 ->status_is(201)
269 ->json_has('/hold_id');
270 # Get id from response
271 $reserve_id = $t->tx->res->json->{hold_id};
272
273 $t->get_ok( "//$userid_1:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber )
274 ->status_is(200)
275 ->json_is('/0/hold_id', $reserve_id)
276 ->json_is('/0/expiration_date', output_pref({ dt => $expiration_date, dateformat => 'rfc3339', dateonly => 1 }))
277 ->json_is('/0/pickup_library_id', $branchcode);
278
279 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
280 ->status_is(403)
281 ->json_like('/error', qr/itemAlreadyOnHold/);
282
283 $post_data->{biblionumber} = int($biblio_2->biblionumber);
284 $post_data->{itemnumber} = int($item_2->itemnumber);
285
286 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
287 ->status_is(403)
288 ->json_like('/error', qr/itemAlreadyOnHold/);
289
290 my $to_delete_patron = $builder->build_object({ class => 'Koha::Patrons' });
291 my $deleted_patron_id = $to_delete_patron->borrowernumber;
292 $to_delete_patron->delete;
293
294 my $tmp_patron_id = $post_data->{patron_id};
295 $post_data->{patron_id} = $deleted_patron_id;
296 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
297 ->status_is(400)
298 ->json_is( { error => 'patron_id not found' } );
299
300 # Restore the original patron_id as it is expected by the next subtest
301 # FIXME: this tests need to be rewritten from scratch
302 $post_data->{patron_id} = $tmp_patron_id;
303 };
304
305 subtest 'Reserves with itemtype' => sub {
306 plan tests => 10;
307
308 my $post_data = {
309 patron_id => int($patron_1->borrowernumber),
310 biblio_id => int($biblio_1->biblionumber),
311 pickup_library_id => $branchcode,
312 item_type => $itemtype,
313 };
314
315 $t->delete_ok( "//$userid_3:$password@/api/v1/holds/$reserve_id" )
316 ->status_is(204, 'SWAGGER3.2.4')
317 ->content_is('', 'SWAGGER3.3.4');
318
319 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
320 ->status_is(201)
321 ->json_has('/hold_id');
322
323 $reserve_id = $t->tx->res->json->{hold_id};
324
325 $t->get_ok( "//$userid_1:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber )
326 ->status_is(200)
327 ->json_is('/0/hold_id', $reserve_id)
328 ->json_is('/0/item_type', $itemtype);
329 };
330
331
332 subtest 'test AllowHoldDateInFuture' => sub {
333
334 plan tests => 6;
335
336 $dbh->do('DELETE FROM reserves');
337
338 my $future_hold_date = DateTime->now->add(days => 10)->truncate( to => 'day' );
339
340 my $post_data = {
341 patron_id => int($patron_1->borrowernumber),
342 biblio_id => int($biblio_1->biblionumber),
343 item_id => int($item_1->itemnumber),
344 pickup_library_id => $branchcode,
345 expiration_date => output_pref({ dt => $expiration_date, dateformat => 'rfc3339', dateonly => 1 }),
346 hold_date => output_pref({ dt => $future_hold_date, dateformat => 'rfc3339', dateonly => 1 }),
347 priority => 2,
348 };
349
350 t::lib::Mocks::mock_preference( 'AllowHoldDateInFuture', 0 );
351
352 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
353 ->status_is(400)
354 ->json_has('/error');
355
356 t::lib::Mocks::mock_preference( 'AllowHoldDateInFuture', 1 );
357
358 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
359 ->status_is(201)
360 ->json_is('/hold_date', output_pref({ dt => $future_hold_date, dateformat => 'rfc3339', dateonly => 1 }));
361 };
362
363 subtest 'test AllowHoldPolicyOverride' => sub {
364
365 plan tests => 5;
366
367 $dbh->do('DELETE FROM reserves');
368
369 Koha::CirculationRules->set_rules(
370 {
371 itemtype => undef,
372 branchcode => undef,
373 rules => {
374 holdallowed => 1
375 }
376 }
377 );
378
379 t::lib::Mocks::mock_preference( 'AllowHoldPolicyOverride', 0 );
380
381 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
382 ->status_is(403)
383 ->json_has('/error');
384
385 t::lib::Mocks::mock_preference( 'AllowHoldPolicyOverride', 1 );
386
387 $t->post_ok( "//$userid_3:$password@/api/v1/holds" => json => $post_data )
388 ->status_is(201);
389 };
390
391 $schema->storage->txn_rollback;
392
393 subtest 'suspend and resume tests' => sub {
394
395 plan tests => 24;
396
397 $schema->storage->txn_begin;
398
399 my $password = 'AbcdEFG123';
400
401 my $patron = $builder->build_object(
402 { class => 'Koha::Patrons', value => { userid => 'tomasito', flags => 1 } } );
403 $patron->set_password({ password => $password, skip_validation => 1 });
404 my $userid = $patron->userid;
405
406 # Disable logging
407 t::lib::Mocks::mock_preference( 'HoldsLog', 0 );
408 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
409
410 my $hold = $builder->build_object(
411 { class => 'Koha::Holds',
412 value => { suspend => 0, suspend_until => undef, waitingdate => undef, found => undef }
413 }
414 );
415
416 ok( !$hold->is_suspended, 'Hold is not suspended' );
417 $t->post_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
418 ->status_is( 201, 'Hold suspension created' );
419
420 $hold->discard_changes; # refresh object
421
422 ok( $hold->is_suspended, 'Hold is suspended' );
423 $t->json_is('/end_date', undef, 'Hold suspension has no end date');
424
425 my $end_date = output_pref({
426 dt => dt_from_string( undef ),
427 dateformat => 'rfc3339',
428 dateonly => 1
429 });
430
431 $t->post_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" => json => { end_date => $end_date } );
432
433 $hold->discard_changes; # refresh object
434
435 ok( $hold->is_suspended, 'Hold is suspended' );
436 $t->json_is(
437 '/end_date',
438 output_pref({
439 dt => dt_from_string( $hold->suspend_until ),
440 dateformat => 'rfc3339',
441 dateonly => 1
442 }),
443 'Hold suspension has correct end date'
444 );
445
446 $t->delete_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
447 ->status_is(204, 'SWAGGER3.2.4')
448 ->content_is('', 'SWAGGER3.3.4');
449
450 # Pass a an expiration date for the suspension
451 my $date = dt_from_string()->add( days => 5 );
452 $t->post_ok(
453 "//$userid:$password@/api/v1/holds/"
454 . $hold->id
455 . "/suspension" => json => {
456 end_date =>
457 output_pref( { dt => $date, dateformat => 'rfc3339', dateonly => 1 } )
458 }
459 )->status_is( 201, 'Hold suspension created' )
460 ->json_is( '/end_date',
461 output_pref( { dt => $date, dateformat => 'rfc3339', dateonly => 1 } ) )
462 ->header_is( Location => "/api/v1/holds/" . $hold->id . "/suspension", 'The Location header is set' );
463
464 $t->delete_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
465 ->status_is(204, 'SWAGGER3.2.4')
466 ->content_is('', 'SWAGGER3.3.4');
467
468 $hold->set_waiting->discard_changes;
469
470 $t->post_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
471 ->status_is( 400, 'Cannot suspend waiting hold' )
472 ->json_is( '/error', 'Found hold cannot be suspended. Status=W' );
473
474 $hold->set_transfer->discard_changes;
475
476 $t->post_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
477 ->status_is( 400, 'Cannot suspend hold on transfer' )
478 ->json_is( '/error', 'Found hold cannot be suspended. Status=T' );
479
480 $schema->storage->txn_rollback;
481 };
482
483 subtest 'PUT /holds/{hold_id}/priority tests' => sub {
484
485 plan tests => 14;
486
487 $schema->storage->txn_begin;
488
489 my $password = 'AbcdEFG123';
490
491 my $library = $builder->build_object({ class => 'Koha::Libraries' });
492 my $patron_np = $builder->build_object(
493 { class => 'Koha::Patrons', value => { flags => 0 } } );
494 $patron_np->set_password( { password => $password, skip_validation => 1 } );
495 my $userid_np = $patron_np->userid;
496
497 my $patron = $builder->build_object(
498 { class => 'Koha::Patrons', value => { flags => 0 } } );
499 $patron->set_password( { password => $password, skip_validation => 1 } );
500 my $userid = $patron->userid;
501 $builder->build(
502 {
503 source => 'UserPermission',
504 value => {
505 borrowernumber => $patron->borrowernumber,
506 module_bit => 6,
507 code => 'modify_holds_priority',
508 },
509 }
510 );
511
512 # Disable logging
513 t::lib::Mocks::mock_preference( 'HoldsLog', 0 );
514 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
515
516 my $biblio = $builder->build_sample_biblio;
517 my $patron_1 = $builder->build_object(
518 {
519 class => 'Koha::Patrons',
520 value => { branchcode => $library->branchcode }
521 }
522 );
523 my $patron_2 = $builder->build_object(
524 {
525 class => 'Koha::Patrons',
526 value => { branchcode => $library->branchcode }
527 }
528 );
529 my $patron_3 = $builder->build_object(
530 {
531 class => 'Koha::Patrons',
532 value => { branchcode => $library->branchcode }
533 }
534 );
535
536 my $hold_1 = Koha::Holds->find(
537 AddReserve(
538 {
539 branchcode => $library->branchcode,
540 borrowernumber => $patron_1->borrowernumber,
541 biblionumber => $biblio->biblionumber,
542 priority => 1,
543 }
544 )
545 );
546 my $hold_2 = Koha::Holds->find(
547 AddReserve(
548 {
549 branchcode => $library->branchcode,
550 borrowernumber => $patron_2->borrowernumber,
551 biblionumber => $biblio->biblionumber,
552 priority => 2,
553 }
554 )
555 );
556 my $hold_3 = Koha::Holds->find(
557 AddReserve(
558 {
559 branchcode => $library->branchcode,
560 borrowernumber => $patron_3->borrowernumber,
561 biblionumber => $biblio->biblionumber,
562 priority => 3,
563 }
564 )
565 );
566
567 $t->put_ok( "//$userid_np:$password@/api/v1/holds/"
568 . $hold_3->id
569 . "/priority" => json => 1 )->status_is(403);
570
571 $t->put_ok( "//$userid:$password@/api/v1/holds/"
572 . $hold_3->id
573 . "/priority" => json => 1 )->status_is(200)->json_is(1);
574
575 is( $hold_1->discard_changes->priority, 2, 'Priority adjusted correctly' );
576 is( $hold_2->discard_changes->priority, 3, 'Priority adjusted correctly' );
577 is( $hold_3->discard_changes->priority, 1, 'Priority adjusted correctly' );
578
579 $t->put_ok( "//$userid:$password@/api/v1/holds/"
580 . $hold_3->id
581 . "/priority" => json => 3 )->status_is(200)->json_is(3);
582
583 is( $hold_1->discard_changes->priority, 1, 'Priority adjusted correctly' );
584 is( $hold_2->discard_changes->priority, 2, 'Priority adjusted correctly' );
585 is( $hold_3->discard_changes->priority, 3, 'Priority adjusted correctly' );
586
587 $schema->storage->txn_rollback;
588 };
589
590 subtest 'add() tests (maxreserves behaviour)' => sub {
591
592 plan tests => 7;
593
594 $schema->storage->txn_begin;
595
596 $dbh->do('DELETE FROM reserves');
597
598 Koha::CirculationRules->new->delete;
599
600 my $password = 'AbcdEFG123';
601
602 my $patron = $builder->build_object(
603 { class => 'Koha::Patrons', value => { userid => 'tomasito', flags => 1 } } );
604 $patron->set_password({ password => $password, skip_validation => 1 });
605 my $userid = $patron->userid;
606
607 Koha::CirculationRules->set_rules(
608 {
609 itemtype => undef,
610 branchcode => undef,
611 categorycode => undef,
612 rules => {
613 reservesallowed => 3
614 }
615 }
616 );
617
618 Koha::CirculationRules->set_rules(
619 {
620 branchcode => undef,
621 categorycode => $patron->categorycode,
622 rules => {
623 max_holds => 4,
624 }
625 }
626 );
627
628 my $biblio_1 = $builder->build_sample_biblio;
629 my $item_1 = $builder->build_sample_item({ biblionumber => $biblio_1->biblionumber });
630 my $biblio_2 = $builder->build_sample_biblio;
631 my $item_2 = $builder->build_sample_item({ biblionumber => $biblio_2->biblionumber });
632 my $biblio_3 = $builder->build_sample_biblio;
633 my $item_3 = $builder->build_sample_item({ biblionumber => $biblio_3->biblionumber });
634
635 # Disable logging
636 t::lib::Mocks::mock_preference( 'HoldsLog', 0 );
637 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
638 t::lib::Mocks::mock_preference( 'maxreserves', 2 );
639 t::lib::Mocks::mock_preference( 'AllowHoldPolicyOverride', 0 );
640
641 my $post_data = {
642 patron_id => $patron->borrowernumber,
643 biblio_id => $biblio_1->biblionumber,
644 pickup_library_id => $item_1->home_branch->branchcode,
645 item_type => $item_1->itype,
646 };
647
648 $t->post_ok( "//$userid:$password@/api/v1/holds" => json => $post_data )
649 ->status_is(201);
650
651 $post_data = {
652 patron_id => $patron->borrowernumber,
653 biblio_id => $biblio_2->biblionumber,
654 pickup_library_id => $item_2->home_branch->branchcode,
655 item_id => $item_2->itemnumber
656 };
657
658 $t->post_ok( "//$userid:$password@/api/v1/holds" => json => $post_data )
659 ->status_is(201);
660
661 $post_data = {
662 patron_id => $patron->borrowernumber,
663 biblio_id => $biblio_3->biblionumber,
664 pickup_library_id => $item_1->home_branch->branchcode,
665 item_id => $item_3->itemnumber
666 };
667
668 $t->post_ok( "//$userid:$password@/api/v1/holds" => json => $post_data )
669 ->status_is(403)
670 ->json_is( { error => 'Hold cannot be placed. Reason: tooManyReserves' } );
671
672 $schema->storage->txn_rollback;
673 };
Koha ILS