use Modern::Perl;
use Mojo::Base 'Mojolicious';
+use C4::Auth qw( check_cookie_auth get_session );
+use Koha::Borrowers;
+
sub startup {
my $self = shift;
my $route = $self->routes->under->to(
cb => sub {
my $c = shift;
- my $user = $c->param('user');
- # Do the authentication stuff here...
- $c->stash('user', $user);
+
+ my ($status, $sessionID) = check_cookie_auth($c->cookie('CGISESSID'));
+ if ($status eq "ok") {
+ my $session = get_session($sessionID);
+ my $user = Koha::Borrowers->find($session->param('number'));
+ $c->stash('koha.user' => $user);
+ }
+
return 1;
}
);
use Mojo::Base 'Mojolicious::Controller';
+use C4::Auth qw( haspermission );
use Koha::Borrowers;
sub list_borrowers {
my ($c, $args, $cb) = @_;
+ my $user = $c->stash('koha.user');
+ unless ($user && haspermission($user->userid, {borrowers => 1})) {
+ return $c->$cb({error => "You don't have the required permission"}, 403);
+ }
+
my $borrowers = Koha::Borrowers->search;
$c->$cb($borrowers->unblessed, 200);
sub get_borrower {
my ($c, $args, $cb) = @_;
- my $borrower = Koha::Borrowers->find($args->{borrowernumber});
+ my $user = $c->stash('koha.user');
- if ($borrower) {
- return $c->$cb($borrower->unblessed, 200);
+ unless ( $user
+ && ( $user->borrowernumber == $args->{borrowernumber}
+ || haspermission($user->userid, {borrowers => 1}) ) )
+ {
+ return $c->$cb({error => "You don't have the required permission"}, 403);
+ }
+
+ my $borrower = Koha::Borrowers->find($args->{borrowernumber});
+ unless ($borrower) {
+ return $c->$cb({error => "Borrower not found"}, 404);
}
- $c->$cb({error => "Borrower not found"}, 404);
+ return $c->$cb($borrower->unblessed, 200);
}
1;
"$ref": "#/definitions/borrower"
}
}
+ },
+ "403": {
+ "description": "Access forbidden",
+ "schema": {
+ "$ref": "#/definitions/error"
+ }
}
}
}
"$ref": "#/definitions/borrower"
}
},
+ "403": {
+ "description": "Access forbidden",
+ "schema": {
+ "$ref": "#/definitions/error"
+ }
+ },
"404": {
"description": "Borrower not found",
"schema": {