https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24401 --- Comment #47 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 197703 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=197703&action=edit Bug 24401: Return a typed response body from POST /checkins The original patch piped AddReturn's raw $messages hashref straight out to the client under a freeform `messages: object` schema. That leaks internal DBIC-shaped data (unblessed holds, recalls, transfers, claim objects) and leaves clients guessing which keys to expect. This replaces the response body with a typed schema (checkin.yaml) that maps AddReturn's grab-bag into structured fields: * hold_triggered / recall_triggered — ResFound, RecallFound, RecallNeedsTransfer, RecallPlacedAtHoldingBranch, TransferredRecall * transfer — NeedsTransfer, WasTransfered, TransferArrived, TransferTo, TransferTrigger * wrong_transfer — WrongTransfer, WrongTransferItem * fee_adjustments[] — LostItemFee{Refunded,Restored,Charged}, LostItemPaymentNotRefunded, ProcessingFeeRefunded * claim_resolved — ClaimAutoResolved, ReturnClaims * patron_debarred {status: new|extended|forever, until} — Debarred, PrevDebarred, ForeverDebarred * bundle_host — InBundle * warnings[] {code, context} — everything else (NotIssued, withdrawn, WasLost, LocalUse, NotAllowed, DestinationEqualsHolding, NotForLoanStatusUpdated, UpdateLastSeenError, BadBarcode, and any unrecognised key so no data is silently dropped) Status code goes 201 → 200: a checkin is an event outcome, not a resource creation, and no Location header is meaningful. Additional fixes from the QA review: * item_id is now required on GET /checkins/availability; OpenAPI rejects missing param with 400 before the controller runs (was falling through to Koha::Items->find(undef) → 404) * Dead 400 response definition removed from GET /availability * Blocker response on POST /checkins uses error_code CHECKIN_NOT_AUTHORIZED and includes structured blockers * 412 response includes the confirms hash and a confirmation_token so clients don't need a second round-trip to /availability * as_token is only minted when needs_confirmation, avoiding JWTs nobody will use Test plan: prove t/db_dependent/api/v1/checkins.t prove t/db_dependent/api/v1/checkouts.t prove t/Koha/Result/Availability.t prove t/db_dependent/Koha/Item/Availability/Checkin.t -- You are receiving this mail because: You are watching all bug changes.