3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test
::More tests
=> 6;
22 use t
::lib
::TestBuilder
;
35 use Koha
::Biblioitems
;
38 my $schema = Koha
::Database
->new->schema;
39 my $builder = t
::lib
::TestBuilder
->new();
41 $schema->storage->txn_begin;
43 # FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
44 # this affects the other REST api tests
45 t
::lib
::Mocks
::mock_preference
( 'SessionStorage', 'tmp' );
47 $ENV{REMOTE_ADDR
} = '127.0.0.1';
48 my $t = Test
::Mojo
->new('Koha::REST::V1');
51 my $categorycode = $builder->build({ source
=> 'Category' })->{categorycode
};
52 my $branchcode = $builder->build({ source
=> 'Branch' })->{branchcode
};
53 my $itemtype = $builder->build({ source
=> 'Itemtype' })->{itemtype
};
55 # User without any permissions
56 my $nopermission = $builder->build({
59 branchcode
=> $branchcode,
60 categorycode
=> $categorycode,
64 my $session_nopermission = C4
::Auth
::get_session
('');
65 $session_nopermission->param('number', $nopermission->{ borrowernumber
});
66 $session_nopermission->param('id', $nopermission->{ userid
});
67 $session_nopermission->param('ip', '127.0.0.1');
68 $session_nopermission->param('lasttime', time());
69 $session_nopermission->flush;
71 my $patron_1 = $builder->build_object(
73 class => 'Koha::Patrons',
75 categorycode
=> $categorycode,
76 branchcode
=> $branchcode,
77 surname
=> 'Test Surname',
78 flags
=> 80, #borrowers and reserveforothers flags
83 my $patron_2 = $builder->build_object(
85 class => 'Koha::Patrons',
87 categorycode
=> $categorycode,
88 branchcode
=> $branchcode,
89 surname
=> 'Test Surname 2',
90 flags
=> 16, # borrowers flag
95 my $patron_3 = $builder->build_object(
97 class => 'Koha::Patrons',
99 categorycode
=> $categorycode,
100 branchcode
=> $branchcode,
101 surname
=> 'Test Surname 3',
102 flags
=> 64, # reserveforothers flag
108 my $session = C4
::Auth
::get_session
('');
109 $session->param('number', $patron_1->borrowernumber);
110 $session->param('id', $patron_1->userid);
111 $session->param('ip', '127.0.0.1');
112 $session->param('lasttime', time());
114 my $session2 = C4
::Auth
::get_session
('');
115 $session2->param('number', $patron_2->borrowernumber);
116 $session2->param('id', $patron_2->userid);
117 $session2->param('ip', '127.0.0.1');
118 $session2->param('lasttime', time());
120 my $session3 = C4
::Auth
::get_session
('');
121 $session3->param('number', $patron_3->borrowernumber);
122 $session3->param('id', $patron_3->userid);
123 $session3->param('ip', '127.0.0.1');
124 $session3->param('lasttime', time());
127 my $biblionumber = create_biblio
('RESTful Web APIs');
128 my $item = create_item
($biblionumber, 'TEST000001');
129 my $itemnumber = $item->{itemnumber
};
130 $item->{itype
} = $itemtype;
131 C4
::Items
::ModItem
($item, $biblionumber, $itemnumber);
133 my $biblionumber2 = create_biblio
('RESTful Web APIs');
134 my $item2 = create_item
($biblionumber2, 'TEST000002');
135 my $itemnumber2 = $item2->{itemnumber
};
137 my $dbh = C4
::Context
->dbh;
138 $dbh->do('DELETE FROM reserves');
139 $dbh->do('DELETE FROM issuingrules');
141 INSERT INTO issuingrules (categorycode, branchcode, itemtype, reservesallowed)
143 }, {}, '*', '*', '*', 1);
145 my $reserve_id = C4
::Reserves
::AddReserve
($branchcode, $patron_1->borrowernumber,
146 $biblionumber, undef, 1, undef, undef, undef, '', $itemnumber);
148 # Add another reserve to be able to change first reserve's rank
149 my $reserve_id2 = C4
::Reserves
::AddReserve
($branchcode, $patron_2->borrowernumber,
150 $biblionumber, undef, 2, undef, undef, undef, '', $itemnumber);
152 my $suspended_until = DateTime
->now->add(days
=> 10)->truncate( to
=> 'day' );
153 my $expiration_date = DateTime
->now->add(days
=> 10)->truncate( to
=> 'day' );
156 patron_id
=> int($patron_1->borrowernumber),
157 biblio_id
=> int($biblionumber),
158 item_id
=> int($itemnumber),
159 pickup_library_id
=> $branchcode,
160 expiration_date
=> output_pref
({ dt
=> $expiration_date, dateformat
=> 'rfc3339', dateonly
=> 1 }),
165 suspended_until
=> output_pref
({ dt
=> $suspended_until, dateformat
=> 'rfc3339' }),
168 subtest
"Test endpoints without authentication" => sub {
170 $t->get_ok('/api/v1/holds')
172 $t->post_ok('/api/v1/holds')
174 $t->put_ok('/api/v1/holds/0')
176 $t->delete_ok('/api/v1/holds/0')
181 subtest
"Test endpoints without permission" => sub {
184 $tx = $t->ua->build_tx(GET
=> "/api/v1/holds?patron_id=" . $patron_1->borrowernumber);
185 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_nopermission->id});
186 $t->request_ok($tx) # no permission
188 $tx = $t->ua->build_tx(GET
=> "/api/v1/holds?patron_id=" . $patron_1->borrowernumber);
189 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
190 $t->request_ok($tx) # reserveforothers permission
192 $tx = $t->ua->build_tx(POST
=> "/api/v1/holds" => json
=> $post_data );
193 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_nopermission->id});
194 $t->request_ok($tx) # no permission
196 $tx = $t->ua->build_tx(PUT
=> "/api/v1/holds/0" => json
=> $put_data );
197 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_nopermission->id});
198 $t->request_ok($tx) # no permission
200 $tx = $t->ua->build_tx(DELETE
=> "/api/v1/holds/0");
201 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_nopermission->id});
202 $t->request_ok($tx) # no permission
206 subtest
"Test endpoints with permission" => sub {
210 $tx = $t->ua->build_tx(GET
=> '/api/v1/holds');
211 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session->id});
218 $tx = $t->ua->build_tx(GET
=> '/api/v1/holds?priority=2');
219 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session->id});
222 ->json_is('/0/patron_id', $patron_2->borrowernumber)
225 $tx = $t->ua->build_tx(PUT
=> "/api/v1/holds/$reserve_id" => json
=> $put_data);
226 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
229 ->json_is( '/hold_id', $reserve_id )
230 ->json_is( '/suspended_until', output_pref
({ dt
=> $suspended_until, dateformat
=> 'rfc3339' }) )
231 ->json_is( '/priority', 2 );
233 $tx = $t->ua->build_tx(DELETE
=> "/api/v1/holds/$reserve_id");
234 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
238 $tx = $t->ua->build_tx(PUT
=> "/api/v1/holds/$reserve_id" => json
=> $put_data);
239 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
242 ->json_has('/error');
244 $tx = $t->ua->build_tx(DELETE
=> "/api/v1/holds/$reserve_id");
245 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
248 ->json_has('/error');
250 $tx = $t->ua->build_tx(GET
=> "/api/v1/holds?patron_id=" . $patron_1->borrowernumber);
251 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session2->id}); # get with borrowers flag
256 my $inexisting_borrowernumber = $patron_2->borrowernumber * 2;
257 $tx = $t->ua->build_tx(GET
=> "/api/v1/holds?patron_id=$inexisting_borrowernumber");
258 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session->id});
263 $tx = $t->ua->build_tx(DELETE
=> "/api/v1/holds/$reserve_id2");
264 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
268 $tx = $t->ua->build_tx(POST
=> "/api/v1/holds" => json
=> $post_data);
269 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
272 ->json_has('/hold_id');
273 $reserve_id = $t->tx->res->json->{hold_id
};
275 $tx = $t->ua->build_tx(GET
=> "/api/v1/holds?patron_id=" . $patron_1->borrowernumber);
276 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session->id});
279 ->json_is('/0/hold_id', $reserve_id)
280 ->json_is('/0/expiration_date', output_pref
({ dt
=> $expiration_date, dateformat
=> 'rfc3339', dateonly
=> 1 }))
281 ->json_is('/0/pickup_library_id', $branchcode);
283 $tx = $t->ua->build_tx(POST
=> "/api/v1/holds" => json
=> $post_data);
284 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
287 ->json_like('/error', qr
/itemAlreadyOnHold
/);
289 $post_data->{biblionumber
} = int($biblionumber2);
290 $post_data->{itemnumber
} = int($itemnumber2);
291 $tx = $t->ua->build_tx(POST
=> "/api/v1/holds" => json
=> $post_data);
292 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
295 ->json_like('/error', qr
/itemAlreadyOnHold
/);
298 subtest
'Reserves with itemtype' => sub {
302 patron_id
=> int($patron_1->borrowernumber),
303 biblio_id
=> int($biblionumber),
304 pickup_library_id
=> $branchcode,
305 item_type
=> $itemtype,
308 $tx = $t->ua->build_tx(DELETE
=> "/api/v1/holds/$reserve_id");
309 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
313 $tx = $t->ua->build_tx(POST
=> "/api/v1/holds" => json
=> $post_data);
314 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session3->id});
317 ->json_has('/hold_id');
319 $reserve_id = $t->tx->res->json->{hold_id
};
321 $tx = $t->ua->build_tx(GET
=> "/api/v1/holds?patron_id=" . $patron_1->borrowernumber);
322 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session->id});
325 ->json_is('/0/hold_id', $reserve_id)
326 ->json_is('/0/item_type', $itemtype);
329 $schema->storage->txn_rollback;
331 subtest
'suspend and resume tests' => sub {
335 $schema->storage->txn_begin;
337 my $password = 'AbcdEFG123';
339 my $patron = $builder->build_object(
340 { class => 'Koha::Patrons', value
=> { userid
=> 'tomasito', flags
=> 1 } } );
341 $patron->set_password({ password
=> $password, skip_validation
=> 1 });
342 my $userid = $patron->userid;
345 t
::lib
::Mocks
::mock_preference
( 'HoldsLog', 0 );
346 t
::lib
::Mocks
::mock_preference
( 'RESTBasicAuth', 1 );
348 my $hold = $builder->build_object(
349 { class => 'Koha::Holds',
350 value
=> { suspend
=> 0, suspend_until
=> undef, waitingdate
=> undef }
354 ok
( !$hold->is_suspended, 'Hold is not suspended' );
355 $t->post_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
356 ->status_is( 201, 'Hold suspension created' );
358 $hold->discard_changes; # refresh object
360 ok
( $hold->is_suspended, 'Hold is suspended' );
364 { dt
=> dt_from_string
( $hold->suspend_until ),
365 dateformat
=> 'rfc3339',
371 $t->delete_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
372 ->status_is( 204, "Correct status when deleting a resource" )
375 # Pass a an expiration date for the suspension
376 my $date = dt_from_string
()->add( days
=> 5 );
378 "//$userid:$password@/api/v1/holds/"
380 . "/suspension" => json
=> {
382 output_pref
( { dt
=> $date, dateformat
=> 'rfc3339', dateonly
=> 1 } )
384 )->status_is( 201, 'Hold suspension created' )
385 ->json_is( '/end_date',
386 output_pref
( { dt
=> $date, dateformat
=> 'rfc3339', dateonly
=> 1 } ) )
387 ->header_is( Location
=> "/api/v1/holds/" . $hold->id . "/suspension", 'The Location header is set' );
389 $t->delete_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
390 ->status_is( 204, "Correct status when deleting a resource" )
393 $hold->set_waiting->discard_changes;
395 $t->post_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
396 ->status_is( 400, 'Cannot suspend waiting hold' )
397 ->json_is( '/error', 'Found hold cannot be suspended. Status=W' );
399 $hold->set_waiting(1)->discard_changes;
401 $t->post_ok( "//$userid:$password@/api/v1/holds/" . $hold->id . "/suspension" )
402 ->status_is( 400, 'Cannot suspend waiting hold' )
403 ->json_is( '/error', 'Found hold cannot be suspended. Status=T' );
405 $schema->storage->txn_rollback;
408 subtest
'PUT /holds/{hold_id}/priority tests' => sub {
412 $schema->storage->txn_begin;
414 my $password = 'AbcdEFG123';
416 my $patron_np = $builder->build_object(
417 { class => 'Koha::Patrons', value
=> { flags
=> 0 } } );
418 $patron_np->set_password( { password
=> $password, skip_validation
=> 1 } );
419 my $userid_np = $patron_np->userid;
421 my $patron = $builder->build_object(
422 { class => 'Koha::Patrons', value
=> { flags
=> 0 } } );
423 $patron->set_password( { password
=> $password, skip_validation
=> 1 } );
424 my $userid = $patron->userid;
427 source
=> 'UserPermission',
429 borrowernumber
=> $patron->borrowernumber,
431 code
=> 'modify_holds_priority',
437 t
::lib
::Mocks
::mock_preference
( 'HoldsLog', 0 );
438 t
::lib
::Mocks
::mock_preference
( 'RESTBasicAuth', 1 );
440 my $biblio = $builder->build_sample_biblio;
442 my $hold_1 = $builder->build_object(
444 class => 'Koha::Holds',
447 suspend_until
=> undef,
448 waitingdate
=> undef,
449 biblionumber
=> $biblio->biblionumber,
454 my $hold_2 = $builder->build_object(
456 class => 'Koha::Holds',
459 suspend_until
=> undef,
460 waitingdate
=> undef,
461 biblionumber
=> $biblio->biblionumber,
466 my $hold_3 = $builder->build_object(
468 class => 'Koha::Holds',
471 suspend_until
=> undef,
472 waitingdate
=> undef,
473 biblionumber
=> $biblio->biblionumber,
479 $t->put_ok( "//$userid_np:$password@/api/v1/holds/"
481 . "/priority" => json
=> 1 )->status_is(403);
483 $t->put_ok( "//$userid:$password@/api/v1/holds/"
485 . "/priority" => json
=> 1 )->status_is(200)->json_is(1);
487 is
( $hold_1->discard_changes->priority, 2, 'Priority adjusted correctly' );
488 is
( $hold_2->discard_changes->priority, 3, 'Priority adjusted correctly' );
489 is
( $hold_3->discard_changes->priority, 1, 'Priority adjusted correctly' );
491 $schema->storage->txn_rollback;
497 my $biblio = Koha
::Biblio
->new( { title
=> $title } )->store;
498 my $biblioitem = Koha
::Biblioitem
->new({biblionumber
=> $biblio->biblionumber})->store;
500 return $biblio->biblionumber;
504 my ( $biblionumber, $barcode ) = @_;
506 Koha
::Items
->search( { barcode
=> $barcode } )->delete;
507 my $builder = t
::lib
::TestBuilder
->new;
508 my $item = $builder->build(
512 biblionumber
=> $biblionumber,