dup_spree_api 1.3.0.rc1

data/spec/controllers/spree/api/shipments_controller_spec.rb

@@ -0,0 +1,59 @@
+require 'spec_helper'
+
+describe Spree::Api::ShipmentsController do
+  render_views
+  let!(:shipment) { create(:shipment) }
+  let!(:attributes) { [:id, :tracking, :number, :cost, :shipped_at] }
+
+  before do
+    stub_authentication!
+  end
+
+  let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
+
+  context "as a non-admin" do
+    it "cannot make a shipment ready" do
+      api_put :ready
+      assert_unauthorized!
+    end
+
+    it "cannot make a shipment shipped" do
+      api_put :ship
+      assert_unauthorized!
+    end
+  end
+
+  context "as an admin" do
+    sign_in_as_admin!
+
+    it "can make a shipment ready" do
+      Spree::Order.any_instance.stub(:paid? => true, :complete? => true)
+      api_put :ready
+      json_response.should have_attributes(attributes)
+      json_response["state"].should == "ready"
+      shipment.reload.state.should == "ready"
+    end
+
+    it "cannot make a shipment ready if the order is unpaid" do
+      Spree::Order.any_instance.stub(:paid? => false)
+      api_put :ready
+      json_response["error"].should == "Cannot ready shipment."
+      response.status.should == 422
+    end
+
+    context "can transition a shipment from ready to ship" do
+      before do
+        Spree::Order.any_instance.stub(:paid? => true, :complete? => true)
+        shipment.update!(shipment.order)
+        shipment.state.should == "ready"
+      end
+
+      it "can transition a shipment from ready to ship" do
+        shipment.reload
+        api_put :ship, :order_id => shipment.order.to_param, :id => shipment.to_param, :shipment => { :tracking => "123123" }
+        json_response.should have_attributes(attributes)
+        json_response["state"].should == "shipped"
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/taxonomies_controller_spec.rb

@@ -0,0 +1,107 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::TaxonomiesController do
+    render_views
+
+    let(:taxonomy) { create(:taxonomy) }
+    let(:taxon) { create(:taxon, :name => "Ruby", :taxonomy => taxonomy) }
+    let(:taxon2) { create(:taxon, :name => "Rails", :taxonomy => taxonomy) }
+    let(:attributes) { [:id, :name] }
+
+    before do
+      stub_authentication!
+      taxon2.children << create(:taxon, :name => "3.2.2", :taxonomy => taxonomy)
+      taxon.children << taxon2
+      taxonomy.root.children << taxon
+    end
+
+    context "as a normal user" do
+      it "gets all taxonomies" do
+        api_get :index
+
+        json_response["taxonomies"].first['name'].should eq taxonomy.name
+        json_response["taxonomies"].first['root']['taxons'].count.should eq 1
+      end
+
+      it 'can control the page size through a parameter' do
+        create(:taxonomy)
+        api_get :index, :per_page => 1
+        json_response['count'].should == 1
+        json_response['current_page'].should == 1
+        json_response['pages'].should == 2
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:taxonomy, :name => 'Style')
+        api_get :index, :q => { :name_cont => 'style' }
+        json_response['count'].should == 1
+        json_response['taxonomies'].first['name'].should eq expected_result.name
+      end
+
+      it "gets a single taxonomy" do
+        api_get :show, :id => taxonomy.id
+
+        json_response['name'].should eq taxonomy.name
+
+        children = json_response['root']['taxons']
+        children.count.should eq 1
+        children.first['name'].should eq taxon.name
+        children.first.key?('taxons').should be_false
+      end
+
+      it "gets a single taxonomy with set=nested" do
+        api_get :show, :id => taxonomy.id, :set => 'nested'
+
+        json_response['name'].should eq taxonomy.name
+
+        children = json_response['root']['taxons']
+        children.first.key?('taxons').should be_true
+      end
+
+      it "can learn how to create a new taxonomy" do
+        api_get :new
+        json_response["attributes"].should == attributes.map(&:to_s)
+        required_attributes = json_response["required_attributes"]
+        required_attributes.should include("name")
+      end
+
+      it "cannot create a new taxonomy if not an admin" do
+        api_post :create, :taxonomy => { :name => "Location" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a taxonomy" do
+        api_put :update, :id => taxonomy.id, :taxonomy => { :name => "I hacked your store!" }
+        assert_unauthorized!
+      end
+
+      it "cannot delete a taxonomy" do
+        api_delete :destroy, :id => taxonomy.id
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create" do
+        api_post :create, :taxonomy => { :name => "Colors"}
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+      end
+
+      it "cannot create a new taxonomy with invalid attributes" do
+        api_post :create, :taxonomy => {}
+        response.status.should == 422
+        json_response["error"].should == "Invalid resource. Please fix errors and try again."
+        errors = json_response["errors"]
+      end
+
+      it "can destroy" do
+        api_delete :destroy, :id => taxonomy.id
+        response.status.should == 204
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/taxons_controller_spec.rb

@@ -0,0 +1,87 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::TaxonsController do
+    render_views
+
+    let(:taxonomy) { create(:taxonomy) }
+    let(:taxon) { create(:taxon, :name => "Ruby", :taxonomy => taxonomy) }
+    let(:taxon2) { create(:taxon, :name => "Rails", :taxonomy => taxonomy) }
+    let(:attributes) { ["id", "name", "permalink", "position", "parent_id", "taxonomy_id"] }
+
+    before do
+      stub_authentication!
+      taxon2.children << create(:taxon, :name => "3.2.2", :taxonomy => taxonomy)
+      taxon.children << taxon2
+      taxonomy.root.children << taxon
+    end
+
+    context "as a normal user" do
+      it "gets all taxons" do
+        api_get :index, :taxonomy_id => taxonomy.id
+
+        json_response.first['name'].should eq taxon.name
+        children = json_response.first['taxons']
+        children.count.should eq 1
+        children.first['name'].should eq taxon2.name
+        children.first['taxons'].count.should eq 1
+      end
+
+      it "gets a single taxon" do
+        api_get :show, :id => taxon.id, :taxonomy_id => taxonomy.id
+
+        json_response['name'].should eq taxon.name
+        json_response['taxons'].count.should eq 1
+      end
+
+      it "can learn how to create a new taxon" do
+        api_get :new, :taxonomy_id => taxonomy.id
+        json_response["attributes"].should == attributes.map(&:to_s)
+        required_attributes = json_response["required_attributes"]
+        required_attributes.should include("name")
+      end
+
+      it "cannot create a new taxon if not an admin" do
+        api_post :create, :taxonomy_id => taxonomy.id, :taxon => { :name => "Location" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a taxon" do
+        api_put :update, :taxonomy_id => taxonomy.id, :id => taxon.id, :taxon => { :name => "I hacked your store!" }
+        assert_unauthorized!
+      end
+
+      it "cannot delete a taxon" do
+        api_delete :destroy, :taxonomy_id => taxonomy.id, :id => taxon.id
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create" do
+        api_post :create, :taxonomy_id => taxonomy.id, :taxon => { :name => "Colors", :parent_id => taxon.id}
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+
+        taxon.reload.children.count.should eq 2
+      end
+
+      it "cannot create a new taxon with invalid attributes" do
+        api_post :create, :taxonomy_id => taxonomy.id, :taxon => {}
+        response.status.should == 422
+        json_response["error"].should == "Invalid resource. Please fix errors and try again."
+        errors = json_response["errors"]
+
+        taxon.reload.children.count.should eq 1
+      end
+
+      it "can destroy" do
+        api_delete :destroy, :taxonomy_id => taxonomy.id, :id => taxon.id
+        response.status.should == 204
+      end
+    end
+
+  end
+end

data/spec/controllers/spree/api/unauthenticated_products_controller_spec.rb

@@ -0,0 +1,26 @@
+require 'shared_examples/protect_product_actions'
+require 'spec_helper'
+
+module Spree
+  describe Spree::Api::ProductsController do
+    render_views
+
+    let!(:product) { create(:product) }
+    let(:attributes) { [:id, :name, :description, :price, :available_on, :permalink, :count_on_hand, :meta_description, :meta_keywords, :taxon_ids] }
+
+    context "without authentication" do
+      before { Spree::Api::Config[:requires_authentication] = false }
+
+      it "retreives a list of products" do
+        api_get :index
+        json_response["products"].first.should have_attributes(attributes)
+        json_response["count"].should == 1
+        json_response["current_page"].should == 1
+        json_response["pages"].should == 1
+      end
+
+      it_behaves_like "modifying product actions are restricted"
+    end
+  end
+end
+

data/spec/controllers/spree/api/variants_controller_spec.rb

@@ -0,0 +1,155 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::VariantsController do
+    render_views
+
+
+    let!(:product) { create(:product) }
+    let!(:variant) do
+      variant = product.master
+      variant.option_values << create(:option_value)
+      variant
+    end
+    let!(:attributes) { [:id, :name, :count_on_hand,
+                         :sku, :price, :weight, :height,
+                         :width, :depth, :is_master, :cost_price,
+                         :permalink] }
+
+    before do
+      stub_authentication!
+    end
+
+    it "can see a paginated list of variants" do
+      api_get :index
+      json_response["variants"].first.should have_attributes(attributes)
+      json_response["count"].should == 1
+      json_response["current_page"].should == 1
+      json_response["pages"].should == 1
+    end
+
+    it 'can control the page size through a parameter' do
+      create(:variant)
+      api_get :index, :per_page => 1
+      json_response['count'].should == 1
+      json_response['current_page'].should == 1
+      json_response['pages'].should == 3
+    end
+
+    it 'can query the results through a paramter' do
+      expected_result = create(:variant, :sku => 'FOOBAR')
+      api_get :index, :q => { :sku_cont => 'FOO' }
+      json_response['count'].should == 1
+      json_response['variants'].first['sku'].should eq expected_result.sku
+    end
+
+    it "variants returned contain option values data" do
+      api_get :index
+      option_values = json_response["variants"].last["option_values"]
+      option_values.first.should have_attributes([:name,
+                                                 :presentation,
+                                                 :option_type_name,
+                                                 :option_type_id])
+    end
+
+    # Regression test for #2141
+    context "a deleted variant" do
+      before do
+        variant.update_column(:deleted_at, Time.now)
+      end
+
+      it "is not returned in the results" do
+        api_get :index
+        json_response["variants"].count.should == 0
+      end
+
+      it "is not returned even when show_deleted is passed" do
+        api_get :index, :show_deleted => true
+        json_response["variants"].count.should == 0
+      end
+    end
+
+    context "pagination" do
+      default_per_page(1)
+
+      it "can select the next page of variants" do
+        second_variant = create(:variant)
+        api_get :index, :page => 2
+        json_response["variants"].first.should have_attributes(attributes)
+        json_response["total_count"].should == 3
+        json_response["current_page"].should == 2
+        json_response["pages"].should == 3
+      end
+    end
+
+    it "can see a single variant" do
+      api_get :show, :id => variant.to_param
+      json_response.should have_attributes(attributes)
+      option_values = json_response["option_values"]
+      option_values.first.should have_attributes([:name,
+                                                 :presentation,
+                                                 :option_type_name,
+                                                 :option_type_id])
+    end
+
+    it "can learn how to create a new variant" do
+      api_get :new
+      json_response["attributes"].should == attributes.map(&:to_s)
+      json_response["required_attributes"].should be_empty
+    end
+
+    it "cannot create a new variant if not an admin" do
+      api_post :create, :variant => { :sku => "12345" }
+      assert_unauthorized!
+    end
+
+    it "cannot update a variant" do
+      api_put :update, :id => variant.to_param, :variant => { :sku => "12345" }
+      assert_unauthorized!
+    end
+
+    it "cannot delete a variant" do
+      api_delete :destroy, :id => variant.to_param
+      assert_unauthorized!
+      lambda { variant.reload }.should_not raise_error
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+      let(:resource_scoping) { { :product_id => variant.product.to_param } }
+
+      # Test for #2141
+      context "deleted variants" do
+        before do
+          variant.update_column(:deleted_at, Time.now)
+        end
+
+        it "are visible by admin" do
+          api_get :index, :show_deleted => 1
+          json_response["variants"].count.should == 1
+        end
+      end
+
+      it "can create a new variant" do
+        api_post :create, :variant => { :sku => "12345" }
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+
+        variant.product.variants.count.should == 1
+      end
+
+      it "can update a variant" do
+        api_put :update, :id => variant.to_param, :variant => { :sku => "12345" }
+        response.status.should == 200
+      end
+
+      it "can delete a variant" do
+        api_delete :destroy, :id => variant.to_param
+        response.status.should == 204
+        lambda { variant.reload }.should raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
+
+  end
+end

data/spec/controllers/spree/api/zones_controller_spec.rb

@@ -0,0 +1,111 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::ZonesController do
+    render_views
+
+    let!(:attributes) { [:id, :name, :zone_members] }
+
+    before do
+      stub_authentication!
+      @zone = create(:zone, :name => 'Europe')
+    end
+
+    it "gets list of zones" do
+      api_get :index
+      json_response['zones'].first.should have_attributes(attributes)
+    end
+
+    it 'can control the page size through a parameter' do
+      create(:zone)
+      api_get :index, :per_page => 1
+      json_response['count'].should == 1
+      json_response['current_page'].should == 1
+      json_response['pages'].should == 2
+    end
+
+    it 'can query the results through a paramter' do
+      expected_result = create(:zone, :name => 'South America')
+      api_get :index, :q => { :name_cont => 'south' }
+      json_response['count'].should == 1
+      json_response['zones'].first['name'].should eq expected_result.name
+    end
+
+    it "gets a zone" do
+      api_get :show, :id => @zone.id
+      json_response.should have_attributes(attributes)
+      json_response['name'].should eq @zone.name
+      json_response['zone_members'].size.should eq @zone.zone_members.count
+    end
+
+    context "specifying a rabl template to use" do
+      before do
+        Spree::Api::ZonesController.class_eval do
+          def custom_show
+            respond_with(zone)
+          end
+        end
+      end
+
+      it "uses the specified template" do
+        request.env['X-Spree-Template'] = 'show'
+        api_get :custom_show, :id => @zone.id
+        response.should render_template('spree/api/zones/show')
+      end
+
+      it "falls back to the default template if the specified template does not exist" do
+        request.env['X-Spree-Template'] = 'invoice'
+        api_get :show, :id => @zone.id
+        response.should render_template('spree/api/zones/show')
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create a new zone" do
+        params = {
+          :zone => {
+            :name => "North Pole",
+            :zone_members => [
+              {
+                :zoneable_type => "Spree::Country",
+                :zoneable_id => 1
+              }
+            ]
+          }
+        }
+
+        api_post :create, params
+        response.status.should == 201
+        json_response.should have_attributes(attributes)
+        json_response["zone_members"].should_not be_empty
+      end
+
+      it "updates a zone" do
+        params = { :id => @zone.id,
+          :zone => {
+            :name => "North Pole",
+            :zone_members => [
+              {
+                :zoneable_type => "Spree::Country",
+                :zoneable_id => 1
+              }
+            ]
+          }
+        }
+
+        api_put :update, params
+        response.status.should == 200
+        json_response['name'].should eq 'North Pole'
+        json_response['zone_members'].should_not be_blank
+      end
+
+      it "can delete a zone" do
+        api_delete :destroy, :id => @zone.id
+        response.status.should == 204
+        lambda { @zone.reload }.should raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end