Bug 31793: (QA follow-up) Require editauthorities flag

This patch makes the route require the right permissions. Tests are
adjusted to reflect this new situation.

To test:
1. Apply this patch
2. Run:
   $ ktd --shell
  k$ prove t/db_dependent/api/v1/authorities.t
=> SUCCESS: Tests pass!
3. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

diff --git a/api/v1/swagger/paths/authorities.yaml b/api/v1/swagger/paths/authorities.yaml
index 0b47d41..80c85d1 100644 (file)
--- a/api/v1/swagger/paths/authorities.yaml
+++ b/api/v1/swagger/paths/authorities.yaml
@@ -74,11 +74,7 @@
         schema:
           $ref: "../swagger.yaml#/definitions/error"
       "404":
-        description: Biblio not found
-        schema:
-          $ref: "../swagger.yaml#/definitions/error"
-      "409":
-        description: Unable to perform action on biblio
+        description: Authority not found
         schema:
           $ref: "../swagger.yaml#/definitions/error"
       "500":
@@ -91,4 +87,4 @@
           $ref: "../swagger.yaml#/definitions/error"
     x-koha-authorization:
       permissions:
-        editcatalogue: edit_catalogue
+        editauthorities: "1"

diff --git a/t/db_dependent/api/v1/authorities.t b/t/db_dependent/api/v1/authorities.t
index 13e101f..0f20376 100755 (executable)
--- a/t/db_dependent/api/v1/authorities.t
+++ b/t/db_dependent/api/v1/authorities.t
@@ -141,17 +141,7 @@ subtest 'delete() tests' => sub {
     $t->delete_ok("//$userid:$password@/api/v1/authorities/".$authority->authid)
       ->status_is(403, 'Not enough permissions makes it return the right code');
 
-    # Add permissions
-    $builder->build(
-        {
-            source => 'UserPermission',
-            value  => {
-                borrowernumber => $patron->borrowernumber,
-                module_bit     => 9,
-                code           => 'edit_catalogue'
-            }
-        }
-    );
+    $patron->flags( 2 ** 14 )->store; # 14 => editauthorities userflag
 
     $t->delete_ok("//$userid:$password@/api/v1/authorities/".$authority->authid)
       ->status_is(204, 'SWAGGER3.2.4')
@@ -161,4 +151,4 @@ subtest 'delete() tests' => sub {
       ->status_is(404);
 
     $schema->storage->txn_rollback;
-};
\ No newline at end of file
+};