[Koha-bugs] [Bug 17314] REST API: Add API route to create, list and delete a purchase suggestion

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Sat Dec 10 23:28:16 CET 2016 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17314

--- Comment #6 from Jiri Kozlovsky <mail at jkozlovsky.cz> ---
(In reply to Jiri Kozlovsky from comment #5)
> Created attachment 58098 [details] [review]
> Implemented suggestions REST API

Basic test plan 1.part:
1. Login using account without any permissions and copy Cookie's
CGISESSID=TOKEN and copy it's borrowernumber
2. Using your favorite HttpRequester send POST to /api/v1/suggestions with the
cookie in Headers:
{
  "title": "Suggested title",
  "author": "hawking",
  "suggestedby": "BORROWER_NUMBER"
}
3. Obtain the suggestionid from the response and send GET to
/api/v1/suggestions/YOUR_SUGG_ID
4. Check that returned data matches data sent at point 2.
5. Send PUT request to /api/v1/suggestions/YOUR_SUGG_ID:
{
  "title": "Updated suggested title"
}
6. Repeat steps 3 + 4.
7. Login using another account again without any permissions and copy Cookie's
CGISESSID=TOKEN
8. Using your favorite HttpRequester send POST to /api/v1/suggestions with the
cookie in Headers:
{
  "title": "Suggested title",
  "author": "hawking",
  "suggestedby": "YOUR_BORROWER_NUMBER",
  "STATUS": "ACCEPTED"
}
9. Check that error was returned.
10. Create valid suggestion (repeat 8. step, but remove the STATUS) and
remember the suggestionid.
11. Send PUT request to /api/v1/suggestions/YOUR_SUGG_ID:
{
  "STATUS": "ACCEPTED"
}
12. Check that error was returned.
13. Send GET request to suggestionid from the first user. (Check that you don't
have enough permissions)
14. Send GET request to suggestionid of current user. (should succeed)
15. Send DELETE request to suggestion of current user. (should return 200 OK
only .. without any body)
16. Repeat 14. point - should fail.
17. Send GET request to /api/v1/suggestions/?suggestedby=BORROWER_NUMBER
18. Check that there were returned all active suggestions for the user.
19. Send DELETE request to suggestion of the first user (not enough permissions
- should fail)

Basic test plan 2.part:
1. Login using user with permissions of "acquisition" and copy your CGISESSID
from the Cookie.
2. Using your favorite HttpRequester send POST to /api/v1/suggestions with the
cookie in Headers:
{
  "title": "Suggested title from librarian",
  "author": "hawking",
  "STATUS": "ACCEPTED",
  "suggestedby": "BORROWER_NUMBER"
}
3. Check that new suggestion was created successfully and note the
suggestionid.
4. Disable "AnonSuggestions" syspref and repeat 1. & 2. step without
"suggestedby". (should fail because anonymous suggestions are disabled)
5. Enable "AnonSuggestions" syspref and repeat 1. & 2. step without
"suggestedby". (success)
6. Send PUT request to /api/v1/suggestions/YOUR_SUGG_ID:
{
  "STATUS": "REJECTED"
}
7. Check that the suggestion was updated successfully.

This should provide you basic understanding of how does "add", "update", "list"
and "delete" work.

Now you can test the following:
1. While adding / updating suggestion with patronreason or branchcode or STATUS
or itemtype specified, check that the API refuses invalid values, while accepts
valid ones.
2. While adding / updating suggestion with suggestedby or managedby specified,
as a user with acquisition permissions, check that the API refuses ids which
are invalid, while accepts valid ones (invalid are nonexisting
borrowernumbers).
3. Setup "MaxOpenSuggestions" syspref to custom value and check that it applies
to all borrowers excluding anonymous suggestions.
4. Setup "OPACSuggestionMandatoryFields" syspref to custom values and check
that those required fields are required only while creating suggestions, not
when updating, because you may want to update only a title for example.
5. Setup "AllowPurchaseSuggestionBranchChoice" syspref to enabled and check
that regular users (without acquisition rights) can create and update
suggestions with branchcode specified. Also check that it is forbidden for them
to do so when the syspref is disabled.
6. Check that regular users can create and update suggestions only with the
following fields specified:
('suggestedby', 'title', 'author', 'copyrightdate', 'isbn', 'publishercode',
'collectiontitle', 'place', 'itemtype', 'patronreason', 'note') ... branchcode
is added when syspref AllowPurchaseSuggestionBranchChoice is enabled.

... That's it ! You got it all covered!

Btw, thanks for signing this off in advance !

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list