RubyGems - propel_api - Versions diffs - 0.1.1 - Mend

propel_api 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

data/lib/generators/propel_api/templates/tests/controller_test_template.rb.tt ADDED Viewed

@@ -0,0 +1,485 @@
+# frozen_string_literal: true
+require "test_helper"
+class <%= controller_class_name_with_namespace %>ControllerTest < ActionDispatch::IntegrationTest
+  def setup
+    @organization = organizations(:one)
+    @user = users(:one)
+    @<%= singular_table_name %> = <%= table_name %>(:one)
+    @token = @user.generate_jwt_token
+    @auth_headers = { 'Authorization' => "Bearer #{@token}" }
+    # Ensure test <%= singular_table_name %> belongs to test user's organization
+    @<%= singular_table_name %>.update!(organization: @organization)
+  end
+  # === AUTHENTICATION TESTS ===
+  test "should not access index without authentication" do
+    get <%= api_route_helper %>_url
+    assert_response :unauthorized
+    response_body = JSON.parse(response.body)
+    assert_equal "No token provided", response_body["error"]
+  end
+  test "should not access index with invalid token" do
+    get <%= api_route_helper %>_url, headers: { 'Authorization' => 'Bearer invalid_token' }
+    assert_response :unauthorized
+    response_body = JSON.parse(response.body)
+    assert_equal "Invalid token", response_body["error"]
+  end
+  test "should not access show without authentication" do
+    get <%= api_route_helper %>_url(@<%= singular_table_name %>)
+    assert_response :unauthorized
+  end
+  test "should not create without authentication" do
+    assert_no_difference('<%= class_name %>.count') do
+      post <%= api_route_helper %>_url, params: { data: valid_<%= singular_table_name %>_params }
+    end
+    assert_response :unauthorized
+  end
+  test "should not update without authentication" do
+    patch <%= api_route_helper %>_url(@<%= singular_table_name %>), params: { data: { title: "Updated" } }
+    assert_response :unauthorized
+  end
+  test "should not destroy without authentication" do
+    assert_no_difference('<%= class_name %>.count') do
+      delete <%= api_route_helper %>_url(@<%= singular_table_name %>)
+    end
+    assert_response :unauthorized
+  end
+  # === INDEX TESTS ===
+  test "should get index with authentication" do
+    get <%= api_route_helper %>_url, headers: @auth_headers
+    assert_response :success
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'data'
+    assert_includes response_body.keys, 'pagination'
+    # Should return array of <%= table_name %>
+    assert_kind_of Array, response_body['data']
+  end
+  test "should return paginated results" do
+    get <%= api_route_helper %>_url, headers: @auth_headers
+    assert_response :success
+    response_body = JSON.parse(response.body)
+    pagination = response_body['pagination']
+    # Should include pagination metadata
+    assert_includes pagination.keys, 'page'
+    assert_includes pagination.keys, 'items'
+    assert_includes pagination.keys, 'count'
+    assert_includes pagination.keys, 'pages'
+    assert_includes pagination.keys, 'last'
+    assert_includes pagination.keys, 'next'
+    assert_includes pagination.keys, 'prev'
+  end
+  test "should only show records for user's organization" do
+    # Create record for different organization
+    other_org = Organization.create!(name: "Other Organization")
+    other_<%= singular_table_name %> = <%= class_name %>.create!(
+<% attributes.each_with_index do |attribute, index| -%>
+<% if attribute.name == "organization" && attribute.type == :references -%>
+      <%= attribute.name %>: other_org<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name == "user" && attribute.type == :references -%>
+      <%= attribute.name %>: @user<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :references -%>
+      <%= attribute.name %>: @<%= attribute.name %><%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :string -%>
+      <%= attribute.name %>: "Other Org <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :text -%>
+      <%= attribute.name %>: "Other org <%= attribute.name.humanize %> content"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :integer -%>
+      <%= attribute.name %>: 999<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :boolean -%>
+      <%= attribute.name %>: true<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :decimal || attribute.type == :float -%>
+      <%= attribute.name %>: 99.99<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: "other_value"<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% end -%>
+    )
+    get <%= api_route_helper %>_url, headers: @auth_headers
+    assert_response :success
+    response_body = JSON.parse(response.body)
+    <%= table_name %>_ids = response_body['data'].map { |item| item['id'] }
+    # Should not include other organization's record
+    assert_not_includes <%= table_name %>_ids, other_<%= singular_table_name %>.id
+    # Should include own organization's record
+    assert_includes <%= table_name %>_ids, @<%= singular_table_name %>.id
+  end
+  # === SHOW TESTS ===
+  test "should show <%= singular_table_name %> with authentication" do
+    get <%= api_route_helper %>_url(@<%= singular_table_name %>), headers: @auth_headers
+    assert_response :success
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'data'
+    <%= singular_table_name %>_data = response_body['data']
+    assert_equal @<%= singular_table_name %>.id, <%= singular_table_name %>_data['id']
+  end
+  test "should return 404 for non-existent <%= singular_table_name %>" do
+    get <%= api_route_helper %>_url(0), headers: @auth_headers
+    assert_response :not_found
+  end
+  test "should not show <%= singular_table_name %> from different organization" do
+    other_org = Organization.create!(name: "Other Organization")
+    other_<%= singular_table_name %> = <%= class_name %>.create!(
+<% attributes.each_with_index do |attribute, index| -%>
+<% if attribute.name == "organization" && attribute.type == :references -%>
+      <%= attribute.name %>: other_org<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name == "user" && attribute.type == :references -%>
+      <%= attribute.name %>: @user<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :references -%>
+      <%= attribute.name %>: @<%= attribute.name %><%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :string -%>
+      <%= attribute.name %>: "Other Org <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :text -%>
+      <%= attribute.name %>: "Other org <%= attribute.name.humanize %> content"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :integer -%>
+      <%= attribute.name %>: 999<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :boolean -%>
+      <%= attribute.name %>: true<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :decimal || attribute.type == :float -%>
+      <%= attribute.name %>: 99.99<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: "other_value"<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% end -%>
+    )
+    get <%= api_route_helper %>_url(other_<%= singular_table_name %>), headers: @auth_headers
+    assert_response :not_found
+  end
+  # === CREATE TESTS ===
+  test "should create <%= singular_table_name %> with valid params" do
+    assert_difference('<%= class_name %>.count', 1) do
+      post <%= api_route_helper %>_url,
+           params: { data: valid_<%= singular_table_name %>_params },
+           headers: @auth_headers
+    end
+    assert_response :created
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'data'
+    created_<%= singular_table_name %> = response_body['data']
+    assert_equal @organization.id, created_<%= singular_table_name %>['organization']['id']
+    assert_equal @user.id, created_<%= singular_table_name %>['user']['id']
+  end
+  test "should not create <%= singular_table_name %> with invalid params" do
+    assert_no_difference('<%= class_name %>.count') do
+      post <%= api_route_helper %>_url,
+           params: { data: invalid_<%= singular_table_name %>_params },
+           headers: @auth_headers
+    end
+    assert_response :unprocessable_entity
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'errors'
+  end
+  test "should auto-assign organization and user on create" do
+    params = valid_<%= singular_table_name %>_params
+    params.delete(:organization_id)  # Don't send organization_id
+    params.delete(:user_id)          # Don't send user_id
+    assert_difference('<%= class_name %>.count', 1) do
+      post <%= api_route_helper %>_url,
+           params: { data: params },
+           headers: @auth_headers
+    end
+    assert_response :created
+    # Should automatically assign current user's organization and user
+    created_<%= singular_table_name %> = <%= class_name %>.last
+    assert_equal @organization.id, created_<%= singular_table_name %>.organization_id
+    assert_equal @user.id, created_<%= singular_table_name %>.user_id
+  end
+  # === UPDATE TESTS ===
+  test "should update <%= singular_table_name %> with valid params" do
+<% if attributes.any? { |attr| attr.type == :string && attr.name != "organization" && attr.name != "user" } -%>
+<% string_attr = attributes.find { |attr| attr.type == :string && attr.name != "organization" && attr.name != "user" } -%>
+    new_<%= string_attr.name %> = "Updated <%= string_attr.name.humanize %>"
+    patch <%= api_route_helper %>_url(@<%= singular_table_name %>),
+          params: { data: { <%= string_attr.name %>: new_<%= string_attr.name %> } },
+          headers: @auth_headers
+    assert_response :success
+    @<%= singular_table_name %>.reload
+    assert_equal new_<%= string_attr.name %>, @<%= singular_table_name %>.<%= string_attr.name %>
+<% else -%>
+    # Update test for <%= singular_table_name %> - customize based on your model's attributes
+    patch <%= api_route_helper %>_url(@<%= singular_table_name %>),
+          params: { data: valid_<%= singular_table_name %>_params },
+          headers: @auth_headers
+    assert_response :success
+<% end -%>
+  end
+  test "should not update <%= singular_table_name %> with invalid params" do
+    patch <%= api_route_helper %>_url(@<%= singular_table_name %>),
+          params: { data: invalid_<%= singular_table_name %>_params },
+          headers: @auth_headers
+    assert_response :unprocessable_entity
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'errors'
+  end
+  test "should not update <%= singular_table_name %> from different organization" do
+    other_org = Organization.create!(name: "Other Organization")
+    other_<%= singular_table_name %> = <%= class_name %>.create!(
+<% attributes.each_with_index do |attribute, index| -%>
+<% if attribute.name == "organization" && attribute.type == :references -%>
+      <%= attribute.name %>: other_org<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name == "user" && attribute.type == :references -%>
+      <%= attribute.name %>: @user<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :references -%>
+      <%= attribute.name %>: @<%= attribute.name %><%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :string -%>
+      <%= attribute.name %>: "Other Org <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :text -%>
+      <%= attribute.name %>: "Other org <%= attribute.name.humanize %> content"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :integer -%>
+      <%= attribute.name %>: 999<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :boolean -%>
+      <%= attribute.name %>: true<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :decimal || attribute.type == :float -%>
+      <%= attribute.name %>: 99.99<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: "other_value"<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% end -%>
+    )
+    patch <%= api_route_helper %>_url(other_<%= singular_table_name %>),
+          params: { data: valid_<%= singular_table_name %>_params },
+          headers: @auth_headers
+    assert_response :not_found
+  end
+  # === DESTROY TESTS ===
+  test "should destroy <%= singular_table_name %>" do
+    assert_difference('<%= class_name %>.count', -1) do
+      delete <%= api_route_helper %>_url(@<%= singular_table_name %>), headers: @auth_headers
+    end
+    assert_response :no_content
+  end
+  test "should not destroy <%= singular_table_name %> from different organization" do
+    other_org = Organization.create!(name: "Other Organization")
+    other_<%= singular_table_name %> = <%= class_name %>.create!(
+<% attributes.each_with_index do |attribute, index| -%>
+<% if attribute.name == "organization" && attribute.type == :references -%>
+      <%= attribute.name %>: other_org<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name == "user" && attribute.type == :references -%>
+      <%= attribute.name %>: @user<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :references -%>
+      <%= attribute.name %>: @<%= attribute.name %><%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :string -%>
+      <%= attribute.name %>: "Other Org <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :text -%>
+      <%= attribute.name %>: "Other org <%= attribute.name.humanize %> content"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :integer -%>
+      <%= attribute.name %>: 999<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :boolean -%>
+      <%= attribute.name %>: true<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :decimal || attribute.type == :float -%>
+      <%= attribute.name %>: 99.99<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: "other_value"<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% end -%>
+    )
+    assert_no_difference('<%= class_name %>.count') do
+      delete <%= api_route_helper %>_url(other_<%= singular_table_name %>), headers: @auth_headers
+    end
+    assert_response :not_found
+  end
+  # === PARAMETER HANDLING TESTS ===
+  test "should accept valid data structure" do
+    post <%= api_route_helper %>_url,
+         params: { data: valid_<%= singular_table_name %>_params },
+         headers: @auth_headers
+    assert_response :created
+  end
+  test "should reject params without data wrapper" do
+    post <%= api_route_helper %>_url,
+         params: valid_<%= singular_table_name %>_params,  # No data wrapper
+         headers: @auth_headers
+    assert_response :unprocessable_entity
+  end
+  test "should filter permitted params only" do
+    params_with_extra = valid_<%= singular_table_name %>_params.merge(
+      forbidden_field: "should_be_ignored",
+      admin_only_field: true
+    )
+    post <%= api_route_helper %>_url,
+         params: { data: params_with_extra },
+         headers: @auth_headers
+    # Should create successfully but ignore forbidden fields
+    assert_response :created
+    created_<%= singular_table_name %> = <%= class_name %>.last
+    assert_not created_<%= singular_table_name %>.respond_to?(:forbidden_field)
+  end
+  # === JSON FACET RESPONSE TESTS ===
+  test "index should return short facet data" do
+    get <%= api_route_helper %>_url, headers: @auth_headers
+    assert_response :success
+    response_body = JSON.parse(response.body)
+    first_item = response_body['data'].first
+    # Should include ID and short facet fields
+    assert_includes first_item.keys, 'id'
+<%
+  short_attributes = attributes.select do |attr|
+    identifying_fields = %w[name title label slug username email status state active published visible enabled]
+    simple_types = [:string, :integer, :boolean, :decimal, :float]
+    excluded_patterns = /\A(description|content|body|notes|comment|bio|about|summary|created_at|updated_at|deleted_at|password|digest|token|secret|key|salt|encrypted|confirmation|unlock|reset|api_key|access_token|refresh_token)\z/i
+    security_patterns = /(password|digest|token|secret|key|salt|encrypted|confirmation|unlock|reset|api_key)/i
+    identifying_fields.include?(attr.name.to_s) ||
+    (simple_types.include?(attr.type) &&
+     attr.name.to_s !~ excluded_patterns &&
+     attr.name.to_s !~ security_patterns &&
+     attr.name.to_s.length < 20)
+  end
+  short_attributes.each do |attribute| -%>
+    assert_includes first_item.keys, '<%= attribute.name %>'
+<% end -%>
+  end
+  test "show should return details facet data" do
+    get <%= api_route_helper %>_url(@<%= singular_table_name %>), headers: @auth_headers
+    assert_response :success
+    response_body = JSON.parse(response.body)
+    <%= singular_table_name %>_data = response_body['data']
+    # Should include ID and details facet fields
+    assert_includes <%= singular_table_name %>_data.keys, 'id'
+<%
+  detail_attributes = attributes.reject do |attr|
+    excluded_patterns = /\A(created_at|updated_at|deleted_at|password_digest|reset_password_token|confirmation_token|unlock_token)\z/i
+    security_patterns = /(password|digest|token|secret|key|salt|encrypted|confirmation|unlock|reset|api_key|access_token|refresh_token)/i
+    excluded_types = [:binary]
+    excluded_patterns.match?(attr.name.to_s) ||
+    security_patterns.match?(attr.name.to_s) ||
+    excluded_types.include?(attr.type)
+  end
+  detail_attributes.each do |attribute| -%>
+    assert_includes <%= singular_table_name %>_data.keys, '<%= attribute.name %>'
+<% end -%>
+  end
+  private
+  def valid_<%= singular_table_name %>_params
+    {
+<% attributes.each_with_index do |attribute, index| -%>
+<% if attribute.type == :references -%>
+      <%= attribute.name %>_id: @<%= attribute.name %>.id<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :string -%>
+      <%= attribute.name %>: "Test <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :text -%>
+      <%= attribute.name %>: "Test <%= attribute.name.humanize %> content"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :integer -%>
+      <%= attribute.name %>: 42<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :boolean -%>
+      <%= attribute.name %>: true<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :decimal || attribute.type == :float -%>
+      <%= attribute.name %>: 123.45<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: "test_value"<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% end -%>
+    }
+  end
+  def invalid_<%= singular_table_name %>_params
+    {
+<% attributes.each_with_index do |attribute, index| -%>
+<% if attribute.required? -%>
+<% if attribute.type == :references -%>
+      <%= attribute.name %>_id: nil<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :string -%>
+      <%= attribute.name %>: nil<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :text -%>
+      <%= attribute.name %>: nil<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :integer -%>
+      <%= attribute.name %>: "not_a_number"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :boolean -%>
+      <%= attribute.name %>: nil<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :decimal || attribute.type == :float -%>
+      <%= attribute.name %>: "not_a_number"<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: nil<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% else -%>
+<% if attribute.type == :integer -%>
+      <%= attribute.name %>: "not_a_number"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :decimal || attribute.type == :float -%>
+      <%= attribute.name %>: "not_a_number"<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: ""<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% end -%>
+<% end -%>
+    }
+  end
+end