@@ -163,6 +163,152 @@ sub delete {
163163 };
164164}
165165
166+ =head3 public_create
167+
168+ Create a public virtual shelf
169+
170+ =cut
171+
172+ sub public_create {
173+ my $c = shift -> openapi-> valid_input or return ;
174+
175+ my $user = $c -> stash(' koha.user'
176+ my $json_body = $c -> req-> json;
177+
178+ $json_body -> {owner } = $user -> id;
179+
180+ return try {
181+
182+ my $list = Koha::Virtualshelf-> new_from_api($json_body );
183+ $list -> store-> discard_changes;
184+ $c -> res-> headers-> location( $c -> req-> url-> to_string . ' /' $list -> id );
185+ return $c -> render(
186+ status => 201,
187+ openapi => $c -> objects-> to_api($list ),
188+ );
189+ } catch {
190+ $c -> unhandled_exception($_ );
191+ };
192+ }
193+
194+ =head3 public_read
195+
196+ List the contents of a public virtual shelf or a virtual shelf you own
197+
198+ =cut
199+
200+ sub public_read {
201+ my $c = shift -> openapi-> valid_input or return ;
202+ my $user = $c -> stash(' koha.user'
203+
204+ my $list = Koha::Virtualshelves-> find( $c -> param(' list_id'
205+
206+ # if the list owner != to the user id, return 403
207+ unless ( $list -> owner == $user -> id || $list -> public == 1 ) {
208+ return $c -> render(
209+ status => 403,
210+ openapi => {
211+ error => " Forbidden - you can only view your own lists or lists that are public."
212+ error_code => " forbidden"
213+ },
214+ );
215+ }
216+ return $c -> render_resource_not_found(" List"
217+ unless $list ;
218+
219+ return $c -> render( status => 200, openapi => $c -> objects-> to_api($list ), );
220+ }
221+
222+ =head3 public_update
223+
224+ Update a public virtual shelf or a shelf you own
225+
226+ =cut
227+
228+ sub public_update {
229+ my $c = shift -> openapi-> valid_input or return ;
230+ my $user = $c -> stash(' koha.user'
231+
232+ my $list = Koha::Virtualshelves-> find( $c -> param(' list_id'
233+
234+ # if the list owner != to the user id, return 403
235+ if ( $list -> owner != $user -> id ) {
236+ return $c -> render(
237+ status => 403,
238+ openapi => {
239+ error => " Forbidden - you can only update your own lists"
240+ error_code => " forbidden"
241+ },
242+ );
243+ }
244+
245+ # if the allow_change_from_owner is false, return 403
246+ if ( $list -> allow_change_from_owner == 0 ) {
247+ return $c -> render(
248+ status => 403,
249+ openapi => {
250+ error => " Forbidden - you can't update this list"
251+ error_code => " forbidden"
252+ },
253+ );
254+ }
255+
256+ return $c -> render_resource_not_found(" List"
257+ unless $list ;
258+
259+ return try {
260+ $list -> set_from_api( $c -> req-> json );
261+ $list -> store();
262+ return $c -> render( status => 200, openapi => $c -> objects-> to_api($list ), );
263+ } catch {
264+ $c -> unhandled_exception($_ );
265+ };
266+ }
267+
268+ =head3 public_delete
269+
270+ Delete a public virtual shelf you own
271+
272+ =cut
273+
274+ sub public_delete {
275+ my $c = shift -> openapi-> valid_input or return ;
276+ my $user = $c -> stash(' koha.user'
277+
278+ my $list = Koha::Virtualshelves-> find( $c -> param(' list_id'
279+ return $c -> render_resource_not_found(" List"
280+ unless $list ;
281+
282+ # if the list owner != to the user id, return 403
283+ if ( $list -> owner != $user -> id ) {
284+ return $c -> render(
285+ status => 403,
286+ openapi => {
287+ error => " Forbidden - you can only update your own lists"
288+ error_code => " forbidden"
289+ },
290+ );
291+ }
292+
293+ # if the allow_change_from_owner is false, return 403
294+ if ( $list -> allow_change_from_owner == 0 ) {
295+ return $c -> render(
296+ status => 403,
297+ openapi => {
298+ error => " Forbidden - you can't update this list"
299+ error_code => " forbidden"
300+ },
301+ );
302+ }
303+
304+ return try {
305+ $list -> delete ;
306+ return $c -> render_resource_deleted;
307+ } catch {
308+ $c -> unhandled_exception($_ );
309+ };
310+ }
311+
166312=head3 list_public
167313
168314=cut
0 commit comments