dup_spree_api 1.3.0.rc1

data/spec/controllers/spree/api/product_properties_controller_spec.rb

@@ -0,0 +1,116 @@
+require 'spec_helper'
+require 'shared_examples/protect_product_actions'
+
+module Spree
+  describe Spree::Api::ProductPropertiesController do
+    render_views
+
+    let!(:product) { create(:product) }
+    let!(:property_1) {product.product_properties.create(:property_name => "My Property 1", :value => "my value 1")}
+    let!(:property_2) {product.product_properties.create(:property_name => "My Property 2", :value => "my value 2")}
+
+    let(:attributes) { [:id, :product_id, :property_id, :value, :property_name] }
+    let(:resource_scoping) { { :product_id => product.to_param } }
+
+    before do
+      stub_authentication!
+    end
+
+    context "if product is deleted" do
+      before do
+        product.update_column(:deleted_at, Time.now)
+      end
+
+      it "can not see a list of product properties" do
+        api_get :index
+        response.status.should == 404
+      end
+    end
+
+    it "can see a list of all product properties" do
+      api_get :index
+      json_response["product_properties"].count.should eq 2
+      json_response["product_properties"].first.should have_attributes(attributes)
+    end
+
+    it "can control the page size through a parameter" do
+      api_get :index, :per_page => 1
+      json_response['product_properties'].count.should == 1
+      json_response['current_page'].should == 1
+      json_response['pages'].should == 2
+    end
+
+    it 'can query the results through a paramter' do
+      Spree::ProductProperty.last.update_attribute(:value, 'loose')
+      property = Spree::ProductProperty.last
+      api_get :index, :q => { :value_cont => 'loose' }
+      json_response['count'].should == 1
+      json_response['product_properties'].first['value'].should eq property.value
+    end
+
+    it "can see a single product_property" do
+      api_get :show, :id => property_1.property_name
+      json_response.should have_attributes(attributes)
+    end
+
+    it "can learn how to create a new product property" do
+      api_get :new
+      json_response["attributes"].should == attributes.map(&:to_s)
+      json_response["required_attributes"].should be_empty
+    end
+
+    it "cannot create a new product property if not an admin" do
+      api_post :create, :product_property => { :property_name => "My Property 3" }
+      assert_unauthorized!
+    end
+
+    it "cannot update a product property" do
+      api_put :update, :id => property_1.property_name, :product_property => { :value => "my value 456" }
+      assert_unauthorized!
+    end
+
+    it "cannot delete a product property" do
+      api_delete :destroy, :property_name => property_1.property_name
+      assert_unauthorized!
+      lambda { property_1.reload }.should_not raise_error
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create a new product property" do
+        expect do
+          api_post :create, :product_property => { :property_name => "My Property 3", :value => "my value 3" }
+        end.to change(product.product_properties, :count).by(1)
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+      end
+
+      it "can update a product property" do
+        api_put :update, :id => property_1.property_name, :product_property => { :value => "my value 456" }
+        response.status.should == 200
+      end
+
+      it "can delete a variant" do
+        api_delete :destroy, :id => property_1.property_name
+        response.status.should == 204
+        lambda { property_1.reload }.should raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
+    context "with product identified by id" do
+      let(:resource_scoping) { { :product_id => product.id } }
+      it "can see a list of all product properties" do
+        api_get :index
+        json_response["product_properties"].count.should eq 2
+        json_response["product_properties"].first.should have_attributes(attributes)
+      end
+
+      it "can see a single product_property by id" do
+        api_get :show, :id => property_1.id
+        json_response.should have_attributes(attributes)
+      end
+    end
+
+  end
+end

data/spec/controllers/spree/api/products_controller_spec.rb

@@ -0,0 +1,211 @@
+require 'spec_helper'
+require 'shared_examples/protect_product_actions'
+
+module Spree
+  describe Spree::Api::ProductsController do
+    render_views
+
+    let!(:product) { create(:product) }
+    let!(:inactive_product) { create(:product, :available_on => Time.now.tomorrow, :name => "inactive") }
+    let(:attributes) { [:id, :name, :description, :price, :available_on, :permalink, :count_on_hand, :meta_description, :meta_keywords, :taxon_ids] }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a normal user" do
+      it "retrieves a list of products" do
+        api_get :index
+        json_response["products"].first.should have_attributes(attributes)
+        json_response["count"].should == 1
+        json_response["current_page"].should == 1
+        json_response["pages"].should == 1
+      end
+
+      it "does not list unavailable products" do
+        api_get :index
+        json_response["products"].first["name"].should_not eq("inactive")
+      end
+
+      context "pagination" do
+        default_per_page(1)
+
+        it "can select the next page of products" do
+          second_product = create(:product)
+          api_get :index, :page => 2
+          json_response["products"].first.should have_attributes(attributes)
+          json_response["total_count"].should == 2
+          json_response["current_page"].should == 2
+          json_response["pages"].should == 2
+        end
+
+        it 'can control the page size through a parameter' do
+          create(:product)
+          api_get :index, :per_page => 1
+          json_response['count'].should == 1
+          json_response['total_count'].should == 2
+          json_response['current_page'].should == 1
+          json_response['pages'].should == 2
+        end
+      end
+
+      context "jsonp" do
+        it "retrieves a list of products of jsonp" do
+          api_get :index, {:callback => 'callback'}
+          response.body.should =~ /^callback\(.*\)$/
+          response.header['Content-Type'].should include('application/javascript')
+        end
+      end
+
+      it "can search for products" do
+        create(:product, :name => "The best product in the world")
+        api_get :index, :q => { :name_cont => "best" }
+        json_response["products"].first.should have_attributes(attributes)
+        json_response["count"].should == 1
+      end
+
+      it "gets a single product" do
+        product.master.images.create!(:attachment => image("thinking-cat.jpg"))
+        product.set_property("spree", "rocks")
+        api_get :show, :id => product.to_param
+        json_response.should have_attributes(attributes)
+        json_response['variants'].first.should have_attributes([:name,
+                                                              :is_master,
+                                                              :count_on_hand,
+                                                              :price])
+
+        json_response["images"].first.should have_attributes([:attachment_file_name,
+                                                            :attachment_width,
+                                                            :attachment_height,
+                                                            :attachment_content_type])
+
+        json_response["product_properties"].first.should have_attributes([:value,
+                                                                         :product_id,
+                                                                         :property_name])
+      end
+
+
+      context "finds a product by permalink first then by id" do
+        let!(:other_product) { create(:product, :permalink => "these-are-not-the-droids-you-are-looking-for") }
+
+        before do
+          product.update_attribute(:permalink, "#{other_product.id}-and-1-ways")
+        end
+
+        specify do
+          api_get :show, :id => product.to_param
+          json_response["permalink"].should =~ /and-1-ways/
+          product.destroy
+
+          api_get :show, :id => other_product.id
+          json_response["permalink"].should =~ /droids/
+        end
+      end
+
+      it "cannot see inactive products" do
+        api_get :show, :id => inactive_product.to_param
+        json_response["error"].should == "The resource you were looking for could not be found."
+        response.status.should == 404
+      end
+
+      it "returns a 404 error when it cannot find a product" do
+        api_get :show, :id => "non-existant"
+        json_response["error"].should == "The resource you were looking for could not be found."
+        response.status.should == 404
+      end
+
+      it "can learn how to create a new product" do
+        api_get :new
+        json_response["attributes"].should == attributes.map(&:to_s)
+        required_attributes = json_response["required_attributes"]
+        required_attributes.should include("name")
+        required_attributes.should include("price")
+      end
+
+      it_behaves_like "modifying product actions are restricted"
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can see all products" do
+        api_get :index
+        json_response["products"].count.should == 2
+        json_response["count"].should == 2
+        json_response["current_page"].should == 1
+        json_response["pages"].should == 1
+      end
+
+      # Regression test for #1626
+      context "deleted products" do
+        before do
+          create(:product, :deleted_at => Time.now)
+        end
+
+        it "does not include deleted products" do
+          api_get :index
+          json_response["products"].count.should == 2
+        end
+
+        it "can include deleted products" do
+          api_get :index, :show_deleted => 1
+          json_response["products"].count.should == 3
+        end
+      end
+
+      it "can create a new product" do
+        api_post :create, :product => { :name => "The Other Product",
+                                        :price => 19.99 }
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+      end
+
+      # Regression test for #2140
+      context "with authentication_required set to false" do
+        before do
+          Spree::Api::Config.requires_authentication = false
+        end
+
+        after do
+          Spree::Api::Config.requires_authentication = true
+        end
+
+        it "can still create a product" do
+          api_post :create, :product => { :name => "The Other Product",
+                                          :price => 19.99 },
+                            :token => "fake"
+          json_response.should have_attributes(attributes)
+          response.status.should == 201
+        end
+      end
+
+      it "cannot create a new product with invalid attributes" do
+        api_post :create, :product => {}
+        response.status.should == 422
+        json_response["error"].should == "Invalid resource. Please fix errors and try again."
+        errors = json_response["errors"]
+        errors.delete("permalink") # Don't care about this one.
+        errors.keys.should =~ ["name", "price"]
+      end
+
+      it "can update a product" do
+        api_put :update, :id => product.to_param, :product => { :name => "New and Improved Product!" }
+        response.status.should == 200
+      end
+
+      it "cannot update a product with an invalid attribute" do
+        api_put :update, :id => product.to_param, :product => { :name => "" }
+        response.status.should == 422
+        json_response["error"].should == "Invalid resource. Please fix errors and try again."
+        json_response["errors"]["name"].should == ["can't be blank"]
+      end
+
+      it "can delete a product" do
+        product.deleted_at.should be_nil
+        api_delete :destroy, :id => product.to_param
+        response.status.should == 204
+        product.reload.deleted_at.should_not be_nil
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/return_authorizations_controller_spec.rb

@@ -0,0 +1,155 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::ReturnAuthorizationsController do
+    render_views
+
+    let!(:order) do
+     order = create(:order)
+     order.line_items << create(:line_item)
+     order.shipments << create(:shipment, :state => 'shipped')
+     order.finalize!
+     order.shipments.update_all(:state => 'shipped')
+     order.inventory_units.update_all(:state => 'shipped')
+     order
+    end
+
+    let(:product) { create(:product) }
+    let(:attributes) { [:id, :reason, :amount, :state] }
+    let(:resource_scoping) { { :order_id => order.to_param } }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as the order owner" do
+      before do
+        Order.any_instance.stub :user => current_api_user
+      end
+
+      it "cannot see any return authorizations" do
+        api_get :index
+        assert_unauthorized!
+      end
+
+      it "cannot see a single return authorization" do
+        api_get :show, :id => 1
+        assert_unauthorized!
+      end
+
+      it "cannot learn how to create a new return authorization" do
+        api_get :new
+        assert_unauthorized!
+      end
+
+      it "cannot create a new return authorization" do
+        api_post :create
+        assert_unauthorized!
+      end
+
+      it "cannot update a return authorization" do
+        api_put :update
+        assert_unauthorized!
+      end
+
+      it "cannot delete a return authorization" do
+        api_delete :destroy
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can show return authorization" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_get :show, :order_id => order.number, :id => return_authorization.id
+        response.status.should == 200
+        json_response.should have_attributes(attributes)
+        json_response["state"].should_not be_blank
+      end
+
+      it "can get a list of return authorizations" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        FactoryGirl.create(:return_authorization, :order => order)
+        api_get :index, { :order_id => order.number }
+        response.status.should == 200
+        return_authorizations = json_response["return_authorizations"]
+        return_authorizations.first.should have_attributes(attributes)
+        return_authorizations.first.should_not == return_authorizations.last
+      end
+
+      it 'can control the page size through a parameter' do
+        FactoryGirl.create(:return_authorization, :order => order)
+        FactoryGirl.create(:return_authorization, :order => order)
+        api_get :index, :order_id => order.number, :per_page => 1
+        json_response['count'].should == 1
+        json_response['current_page'].should == 1
+        json_response['pages'].should == 2
+      end
+
+      it 'can query the results through a paramter' do
+        FactoryGirl.create(:return_authorization, :order => order)
+        expected_result = create(:return_authorization, :reason => 'damaged')
+        order.return_authorizations << expected_result
+        api_get :index, :q => { :reason_cont => 'damage' }
+        json_response['count'].should == 1
+        json_response['return_authorizations'].first['reason'].should eq expected_result.reason
+      end
+
+      it "can learn how to create a new return authorization" do
+        api_get :new
+        json_response["attributes"].should == ["id", "number", "state", "amount", "order_id", "reason", "created_at", "updated_at"]
+        required_attributes = json_response["required_attributes"]
+        required_attributes.should include("order")
+      end
+
+      it "can update a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 }
+        response.status.should == 200
+        json_response.should have_attributes(attributes)
+      end
+
+      it "can delete a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_delete :destroy, :id => return_authorization.id
+        response.status.should == 204
+        lambda { return_authorization.reload }.should raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it "can add a new return authorization to an existing order" do
+        api_post :create, :return_autorization => { :order_id => order.number, :amount => 14.22, :reason => "Defective" }
+        response.status.should == 201
+        json_response.should have_attributes(attributes)
+        json_response["state"].should_not be_blank
+      end
+    end
+
+    context "as just another user" do
+      it "cannot add a return authorization to the order" do
+        api_post :create, :return_autorization => { :order_id => order.number, :amount => 14.22, :reason => "Defective" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 }
+        assert_unauthorized!
+        return_authorization.reload.amount.should_not == 19.99
+      end
+
+      it "cannot delete a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_delete :destroy, :id => return_authorization.id
+        assert_unauthorized!
+        lambda { return_authorization.reload }.should_not raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end