@@ -132,6 +132,152 @@ sub delete {
132132 };
133133}
134134
135+ =head3 public_create
136+
137+ Create a public virtual shelf
138+
139+ =cut
140+
141+ sub public_create {
142+ my $c = shift -> openapi-> valid_input or return ;
143+
144+ my $user = $c -> stash(' koha.user'
145+ my $json_body = $c -> req-> json;
146+
147+ $json_body -> {owner } = $user -> id;
148+
149+ return try {
150+
151+ my $list = Koha::Virtualshelf-> new_from_api($json_body );
152+ $list -> store-> discard_changes;
153+ $c -> res-> headers-> location( $c -> req-> url-> to_string . ' /' $list -> id );
154+ return $c -> render(
155+ status => 201,
156+ openapi => $c -> objects-> to_api($list ),
157+ );
158+ } catch {
159+ $c -> unhandled_exception($_ );
160+ };
161+ }
162+
163+ =head3 public_read
164+
165+ List the contents of a public virtual shelf or a virtual shelf you own
166+
167+ =cut
168+
169+ sub public_read {
170+ my $c = shift -> openapi-> valid_input or return ;
171+ my $user = $c -> stash(' koha.user'
172+
173+ my $list = Koha::Virtualshelves-> find( $c -> param(' list_id'
174+
175+ # if the list owner != to the user id, return 403
176+ unless ( $list -> owner == $user -> id || $list -> public == 1 ) {
177+ return $c -> render(
178+ status => 403,
179+ openapi => {
180+ error => " Forbidden - you can only view your own lists or lists that are public."
181+ error_code => " forbidden"
182+ },
183+ );
184+ }
185+ return $c -> render_resource_not_found(" List"
186+ unless $list ;
187+
188+ return $c -> render( status => 200, openapi => $c -> objects-> to_api($list ), );
189+ }
190+
191+ =head3 public_update
192+
193+ Update a public virtual shelf or a shelf you own
194+
195+ =cut
196+
197+ sub public_update {
198+ my $c = shift -> openapi-> valid_input or return ;
199+ my $user = $c -> stash(' koha.user'
200+
201+ my $list = Koha::Virtualshelves-> find( $c -> param(' list_id'
202+
203+ # if the list owner != to the user id, return 403
204+ if ( $list -> owner != $user -> id ) {
205+ return $c -> render(
206+ status => 403,
207+ openapi => {
208+ error => " Forbidden - you can only update your own lists"
209+ error_code => " forbidden"
210+ },
211+ );
212+ }
213+
214+ # if the allow_change_from_owner is false, return 403
215+ if ( $list -> allow_change_from_owner == 0 ) {
216+ return $c -> render(
217+ status => 403,
218+ openapi => {
219+ error => " Forbidden - you can't update this list"
220+ error_code => " forbidden"
221+ },
222+ );
223+ }
224+
225+ return $c -> render_resource_not_found(" List"
226+ unless $list ;
227+
228+ return try {
229+ $list -> set_from_api( $c -> req-> json );
230+ $list -> store();
231+ return $c -> render( status => 200, openapi => $c -> objects-> to_api($list ), );
232+ } catch {
233+ $c -> unhandled_exception($_ );
234+ };
235+ }
236+
237+ =head3 public_delete
238+
239+ Delete a public virtual shelf you own
240+
241+ =cut
242+
243+ sub public_delete {
244+ my $c = shift -> openapi-> valid_input or return ;
245+ my $user = $c -> stash(' koha.user'
246+
247+ my $list = Koha::Virtualshelves-> find( $c -> param(' list_id'
248+ return $c -> render_resource_not_found(" List"
249+ unless $list ;
250+
251+ # if the list owner != to the user id, return 403
252+ if ( $list -> owner != $user -> id ) {
253+ return $c -> render(
254+ status => 403,
255+ openapi => {
256+ error => " Forbidden - you can only update your own lists"
257+ error_code => " forbidden"
258+ },
259+ );
260+ }
261+
262+ # if the allow_change_from_owner is false, return 403
263+ if ( $list -> allow_change_from_owner == 0 ) {
264+ return $c -> render(
265+ status => 403,
266+ openapi => {
267+ error => " Forbidden - you can't update this list"
268+ error_code => " forbidden"
269+ },
270+ );
271+ }
272+
273+ return try {
274+ $list -> delete ;
275+ return $c -> render_resource_deleted;
276+ } catch {
277+ $c -> unhandled_exception($_ );
278+ };
279+ }
280+
135281=head3 list_public
136282
137283=cut
0 commit comments