solidus_api 1.0.0.pre

data/spec/controllers/spree/api/return_authorizations_controller_spec.rb

@@ -0,0 +1,173 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::ReturnAuthorizationsController, :type => :controller do
+    render_views
+
+    let!(:order) { create(:shipped_order) }
+
+    let(:product) { create(:product) }
+    let(:attributes) { [:id, :memo, :state] }
+    let(:resource_scoping) { { :order_id => order.to_param } }
+
+    before do
+      stub_authentication!
+    end
+
+    shared_examples_for 'a return authorization creator' do
+      it "can create a new return authorization" do
+        stock_location = FactoryGirl.create(:stock_location)
+        reason = FactoryGirl.create(:return_authorization_reason)
+        rma_params = { :stock_location_id => stock_location.id,
+                       :return_authorization_reason_id => reason.id,
+                       :memo => "Defective" }
+        api_post :create, :order_id => order.number, :return_authorization => rma_params
+        response.status.should == 201
+        json_response.should have_attributes(attributes)
+        json_response["state"].should_not be_blank
+      end
+    end
+
+    context "as the order owner" do
+      before do
+        allow_any_instance_of(Order).to receive_messages :user => current_api_user
+      end
+
+      it "cannot see any return authorizations" do
+        api_get :index
+        assert_unauthorized!
+      end
+
+      it "cannot see a single return authorization" do
+        api_get :show, :id => 1
+        assert_unauthorized!
+      end
+
+      it "cannot learn how to create a new return authorization" do
+        api_get :new
+        assert_unauthorized!
+      end
+
+      it_behaves_like "a return authorization creator"
+
+      it "cannot update a return authorization" do
+        api_put :update, id: 0
+        assert_not_found!
+      end
+
+      it "cannot delete a return authorization" do
+        api_delete :destroy, id: 0
+        assert_not_found!
+      end
+    end
+
+    context "as another non-admin user that's not the order's owner" do
+      before do
+        Order.any_instance.stub :user => create(:user)
+      end
+
+      it "cannot create a new return authorization" do
+        api_post :create
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can show return authorization" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_get :show, :order_id => order.number, :id => return_authorization.id
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).not_to be_blank
+      end
+
+      it "can get a list of return authorizations" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        FactoryGirl.create(:return_authorization, :order => order)
+        api_get :index, { :order_id => order.number }
+        expect(response.status).to eq(200)
+        return_authorizations = json_response["return_authorizations"]
+        expect(return_authorizations.first).to have_attributes(attributes)
+        expect(return_authorizations.first).not_to eq(return_authorizations.last)
+      end
+
+      it 'can control the page size through a parameter' do
+        FactoryGirl.create(:return_authorization, :order => order)
+        FactoryGirl.create(:return_authorization, :order => order)
+        api_get :index, :order_id => order.number, :per_page => 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        FactoryGirl.create(:return_authorization, :order => order)
+        expected_result = create(:return_authorization, :memo => 'damaged')
+        order.return_authorizations << expected_result
+        api_get :index, :q => { :memo_cont => 'damaged' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['return_authorizations'].first['memo']).to eq expected_result.memo
+      end
+
+      it "can learn how to create a new return authorization" do
+        api_get :new
+        expect(json_response["attributes"]).to eq(["id", "number", "state", "order_id", "memo", "created_at", "updated_at"])
+        required_attributes = json_response["required_attributes"]
+        expect(required_attributes).to include("order")
+      end
+
+      it "can update a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_put :update, :id => return_authorization.id, :return_authorization => { :memo => "ABC" }
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+      end
+
+      it "can cancel a return authorization on the order" do
+        FactoryGirl.create(:new_return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        expect(return_authorization.state).to eq("authorized")
+        api_delete :cancel, :id => return_authorization.id
+        expect(response.status).to eq(200)
+        expect(return_authorization.reload.state).to eq("canceled")
+      end
+
+      it "can delete a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_delete :destroy, :id => return_authorization.id
+        expect(response.status).to eq(204)
+        expect { return_authorization.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it_behaves_like "a return authorization creator"
+    end
+
+    context "as just another user" do
+      it "cannot add a return authorization to the order" do
+        api_post :create, :return_autorization => { :order_id => order.number, :memo => "Defective" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_put :update, :id => return_authorization.id, :return_authorization => { :memo => "ABC" }
+        assert_unauthorized!
+        expect(return_authorization.reload.memo).not_to eq("ABC")
+      end
+
+      it "cannot delete a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, :order => order)
+        return_authorization = order.return_authorizations.first
+        api_delete :destroy, :id => return_authorization.id
+        assert_unauthorized!
+        expect { return_authorization.reload }.not_to raise_error
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/shipments_controller_spec.rb

@@ -0,0 +1,252 @@
+require 'spec_helper'
+
+describe Spree::Api::ShipmentsController, :type => :controller do
+  render_views
+  let!(:shipment) { create(:shipment, address: create(:address), inventory_units: [build(:inventory_unit, shipment: nil)]) }
+  let!(:attributes) { [:id, :tracking, :number, :cost, :shipped_at, :stock_location_name, :order_id, :shipping_rates, :shipping_methods] }
+
+  before do
+    stub_authentication!
+  end
+
+  let!(:resource_scoping) { { id: shipment.to_param, shipment: { order_id: shipment.order.to_param } } }
+
+  context "as a non-admin" do
+    it "cannot make a shipment ready" do
+      api_put :ready
+      assert_not_found!
+    end
+
+    it "cannot make a shipment shipped" do
+      api_put :ship
+      assert_not_found!
+    end
+  end
+
+  context "as an admin" do
+    let!(:order) { shipment.order }
+    let!(:stock_location) { create(:stock_location_with_items) }
+    let!(:variant) { create(:variant) }
+
+    sign_in_as_admin!
+
+    # Start writing this spec a bit differently than before....
+    describe 'POST #create' do
+      let(:params) do
+        {
+          variant_id: stock_location.stock_items.first.variant.to_param,
+          shipment: { order_id: order.number },
+          stock_location_id: stock_location.to_param
+        }
+      end 
+      
+      subject do 
+        api_post :create, params
+      end
+
+      [:variant_id, :stock_location_id].each do |field|
+        context "when #{field} is missing" do
+          before do
+            params.delete(field)
+          end
+
+          it 'should return proper error' do
+            subject
+            expect(response.status).to eq(422)
+            expect(json_response['exception']).to eq("param is missing or the value is empty: #{field.to_s}")
+          end
+        end
+      end
+
+      it 'should create a new shipment' do
+        expect(subject).to be_ok
+        expect(json_response).to have_attributes(attributes)
+      end
+    end
+
+    it 'can update a shipment' do
+      params = {
+        shipment: {
+          stock_location_id: stock_location.to_param
+        }
+      }
+
+      api_put :update, params
+      expect(response.status).to eq(200)
+      expect(json_response['stock_location_name']).to eq(stock_location.name)
+    end
+
+    it "can make a shipment ready" do
+      allow_any_instance_of(Spree::Order).to receive_messages(:paid? => true, :complete? => true)
+      api_put :ready
+      expect(json_response).to have_attributes(attributes)
+      expect(json_response["state"]).to eq("ready")
+      expect(shipment.reload.state).to eq("ready")
+    end
+
+    it "cannot make a shipment ready if the order is unpaid" do
+      allow_any_instance_of(Spree::Order).to receive_messages(:paid? => false)
+      api_put :ready
+      expect(json_response["error"]).to eq("Cannot ready shipment.")
+      expect(response.status).to eq(422)
+    end
+
+    context 'for completed shipments' do
+      let(:order) { create :completed_order_with_totals }
+      let!(:resource_scoping) { { id: order.shipments.first.to_param, shipment: { order_id: order.to_param } } }
+
+      it 'adds a variant to a shipment' do
+        api_put :add, { variant_id: variant.to_param, quantity: 2 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(2)
+      end
+
+      it 'removes a variant from a shipment' do
+        order.contents.add(variant, 2)
+
+        api_put :remove, { variant_id: variant.to_param, quantity: 1 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(1)
+      end
+
+      it 'removes a destroyed variant from a shipment' do
+        order.contents.add(variant, 2)
+        variant.destroy
+
+        api_put :remove, { variant_id: variant.to_param, quantity: 1 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(1)
+      end
+    end
+
+    describe '#mine' do
+      subject do
+        api_get :mine, format: 'json', params: params
+      end
+
+      let(:params) { {} }
+
+      before { subject }
+
+      context "the current api user is authenticated and has orders" do
+        let(:current_api_user) { shipped_order.user }
+        let(:shipped_order) { create(:shipped_order) }
+
+        it 'succeeds' do
+          expect(response.status).to eq 200
+        end
+
+        describe 'json output' do
+          render_views
+
+          let(:rendered_shipment_ids) { json_response['shipments'].map { |s| s['id'] } }
+
+          it 'contains the shipments' do
+            expect(rendered_shipment_ids).to match_array current_api_user.orders.flat_map(&:shipments).map(&:id)
+          end
+        end
+
+        context 'with filtering' do
+          let(:params) { {q: {order_completed_at_not_null: 1}} }
+
+          let!(:incomplete_order) { create(:order, user: current_api_user) }
+
+          it 'filters' do
+            expect(assigns(:shipments).map(&:id)).to match_array current_api_user.orders.complete.flat_map(&:shipments).map(&:id)
+          end
+        end
+      end
+
+      context "the current api user does not exist" do
+        let(:current_api_user) { nil }
+
+        it "returns a 401" do
+          expect(response.status).to eq(401)
+        end
+      end
+    end
+
+  end
+
+  describe "#ship" do
+    let(:shipment) { create(:order_ready_to_ship).shipments.first }
+
+    let(:send_mailer) { nil }
+    subject { api_put :ship, id: shipment.to_param, send_mailer: send_mailer }
+
+    context "the user is allowed to ship the shipment" do
+      sign_in_as_admin!
+      it "ships the shipment" do
+        Timecop.freeze do
+          subject
+          shipment.reload
+          expect(shipment.state).to eq 'shipped'
+          expect(shipment.shipped_at.to_i).to eq Time.now.to_i
+        end
+      end
+
+      context "send_mailer not present" do
+        it "sends the shipped shipments mailer" do
+          with_test_mail { subject }
+          expect(ActionMailer::Base.deliveries.size).to eq 1
+          expect(ActionMailer::Base.deliveries.last.subject).to match /Shipment Notification/
+        end
+      end
+
+      context "send_mailer set to false" do
+        let(:send_mailer) { 'false' }
+        it "does not send the shipped shipments mailer" do
+          with_test_mail { subject }
+          expect(ActionMailer::Base.deliveries.size).to eq 0
+        end
+      end
+
+      context "send_mailer set to true" do
+        let(:send_mailer) { 'true' }
+        it "sends the shipped shipments mailer" do
+          with_test_mail { subject }
+          expect(ActionMailer::Base.deliveries.size).to eq 1
+          expect(ActionMailer::Base.deliveries.last.subject).to match /Shipment Notification/
+        end
+      end
+    end
+
+    context "the user is not allowed to ship the shipment" do
+      sign_in_as_admin!
+
+      before do
+        ability = Spree::Ability.new(current_api_user)
+        ability.cannot :ship, Spree::Shipment
+        allow(controller).to receive(:current_ability) { ability }
+      end
+
+      it "does nothing" do
+        expect {
+          expect {
+            subject
+          }.not_to change(shipment, :state)
+        }.not_to change(shipment, :shipped_at)
+      end
+
+      it "responds with a 401" do
+        subject
+        expect(response.status).to eq 401
+      end
+    end
+
+    context "the user is not allowed to view the shipment" do
+      it "does nothing" do
+        expect {
+          expect {
+            subject
+          }.not_to change(shipment, :state)
+        }.not_to change(shipment, :shipped_at)
+      end
+
+      it "responds with a 404" do
+        subject
+        expect(response).to be_not_found
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/states_controller_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::StatesController, :type => :controller do
+    render_views
+
+    let!(:state) { create(:state, :name => "Victoria") }
+    let(:attributes) { [:id, :name, :abbr, :country_id] }
+
+    before do
+      stub_authentication!
+    end
+
+    it "gets all states" do
+      api_get :index
+      expect(json_response["states"].first).to have_attributes(attributes)
+      expect(json_response['states'].first['name']).to eq(state.name)
+    end
+
+    it "gets all the states for a particular country" do
+      api_get :index, :country_id => state.country.id
+      expect(json_response["states"].first).to have_attributes(attributes)
+      expect(json_response['states'].first['name']).to eq(state.name)
+    end
+
+    context "pagination" do
+      before do
+        expect(State).to receive(:accessible_by).and_return(@scope = double)
+        allow(@scope).to receive_message_chain(:ransack, :result, :includes, :order).and_return(@scope)
+      end
+
+      it "does not paginate states results when asked not to do so" do
+        expect(@scope).not_to receive(:page)
+        expect(@scope).not_to receive(:per)
+        api_get :index
+      end
+
+      it "paginates when page parameter is passed through" do
+        expect(@scope).to receive(:page).with(1).and_return(@scope)
+        expect(@scope).to receive(:per).with(nil)
+        api_get :index, :page => 1
+      end
+
+      it "paginates when per_page parameter is passed through" do
+        expect(@scope).to receive(:page).with(nil).and_return(@scope)
+        expect(@scope).to receive(:per).with(25)
+        api_get :index, :per_page => 25
+      end
+    end
+
+
+    context "with two states" do
+      before { create(:state, :name => "New South Wales") }
+
+      it "gets all states for a country" do
+        country = create(:country, :states_required => true)
+        state.country = country 
+        state.save
+
+        api_get :index, :country_id => country.id
+        expect(json_response["states"].first).to have_attributes(attributes)
+        expect(json_response["states"].count).to eq(1)
+        json_response["states_required"] = true
+      end
+
+      it "can view all states" do
+        api_get :index
+        expect(json_response["states"].first).to have_attributes(attributes)
+      end
+
+      it 'can query the results through a paramter' do
+        api_get :index, :q => { :name_cont => 'Vic' }
+        expect(json_response['states'].first['name']).to eq("Victoria")
+      end
+    end
+
+    it "can view a state" do
+      api_get :show, :id => state.id
+      expect(json_response).to have_attributes(attributes)
+    end
+  end
+end