This patch changes holds' GET REST API endpoint permission
to place_holds to match with request.pl
Test plan:
1) prove t/db_dependent/api/v1/holds.t
Sponsored-by: Koha-Suomi Oy
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
$ref: "../swagger.yaml#/definitions/error"
x-koha-authorization:
permissions:
- borrowers: edit_borrowers
+ reserveforothers: place_holds
post:
x-mojo-to: Holds#add
operationId: addHold
$t->get_ok( "//$nopermission_userid:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber ) # no permission
->status_is(403);
- $t->get_ok( "//$userid_3:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber ) # no permission
+ $t->get_ok( "//$userid_2:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber ) # no permission
->status_is(403);
$t->post_ok( "//$nopermission_userid:$password@/api/v1/holds" => json => $post_data )
->status_is(404)
->json_has('/error');
- $t->get_ok( "//$userid_2:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber )
+ $t->get_ok( "//$userid_3:$password@/api/v1/holds?patron_id=" . $patron_1->borrowernumber )
->status_is(200)
->json_is([]);