solidus_api 1.0.0.pre

data/spec/controllers/spree/api/users_controller_spec.rb

@@ -0,0 +1,153 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::UsersController, :type => :controller do
+    render_views
+
+    let(:user) { create(:user, spree_api_key: SecureRandom.hex) }
+    let(:stranger) { create(:user, :email => 'stranger@example.com') }
+    let(:attributes) { [:id, :email, :created_at, :updated_at] }
+
+    context "as a normal user" do
+      it "can get own details" do
+        api_get :show, id: user.id, token: user.spree_api_key
+
+        expect(json_response['email']).to eq user.email
+      end
+
+      it "cannot get other users details" do
+        api_get :show, id: stranger.id, token: user.spree_api_key
+
+        assert_not_found!
+      end
+
+      it "can learn how to create a new user" do
+        api_get :new, token: user.spree_api_key
+        expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+      end
+
+      it "can create a new user" do
+        user_params = {
+          :email => 'new@example.com', :password => 'spree123', :password_confirmation => 'spree123'
+        }
+
+        api_post :create, :user => user_params, token: user.spree_api_key
+        expect(json_response['email']).to eq 'new@example.com'
+      end
+
+      # there's no validations on LegacyUser?
+      xit "cannot create a new user with invalid attributes" do
+        api_post :create, :user => {}, token: user.spree_api_key
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+        errors = json_response["errors"]
+      end
+
+      it "can update own details" do
+        country = create(:country)
+        api_put :update, id: user.id, token: user.spree_api_key, user: {
+          email: "mine@example.com",
+          bill_address_attributes: {
+            first_name: 'First',
+            last_name: 'Last',
+            address1: '1 Test Rd',
+            city: 'City',
+            country_id: country.id,
+            state_id: 1,
+            zipcode: '55555',
+            phone: '5555555555'
+          },
+          ship_address_attributes: {
+            first_name: 'First',
+            last_name: 'Last',
+            address1: '1 Test Rd',
+            city: 'City',
+            country_id: country.id,
+            state_id: 1,
+            zipcode: '55555',
+            phone: '5555555555'
+          }
+        }
+        expect(json_response['email']).to eq 'mine@example.com'
+        expect(json_response['bill_address']).to_not be_nil
+        expect(json_response['ship_address']).to_not be_nil
+      end
+
+      it "cannot update other users details" do
+        api_put :update, id: stranger.id, token: user.spree_api_key, user: { :email => "mine@example.com" }
+        assert_not_found!
+      end
+
+      it "can delete itself" do
+        api_delete :destroy, id: user.id, token: user.spree_api_key
+        expect(response.status).to eq(204)
+      end
+
+      it "cannot delete other user" do
+        api_delete :destroy, id: stranger.id, token: user.spree_api_key
+        assert_not_found!
+      end
+
+      it "should only get own details on index" do
+        2.times { create(:user) }
+        api_get :index, token: user.spree_api_key
+
+        expect(Spree.user_class.count).to eq 3
+        expect(json_response['count']).to eq 1
+        expect(json_response['users'].size).to eq 1
+      end
+    end
+
+    context "as an admin" do
+      before { stub_authentication! }
+
+      sign_in_as_admin!
+
+      it "gets all users" do
+        allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
+
+        2.times { create(:user) }
+
+        api_get :index
+        expect(Spree.user_class.count).to eq 2
+        expect(json_response['count']).to eq 2
+        expect(json_response['users'].size).to eq 2
+      end
+
+      it 'can control the page size through a parameter' do
+        2.times { create(:user) }
+        api_get :index, :per_page => 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:user, :email => 'brian@spreecommerce.com')
+        api_get :index, :q => { :email_cont => 'brian' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['users'].first['email']).to eq expected_result.email
+      end
+
+      it "can create" do
+        api_post :create, :user => { :email => "new@example.com", :password => 'spree123', :password_confirmation => 'spree123' }
+        expect(json_response).to have_attributes(attributes)
+        expect(response.status).to eq(201)
+      end
+
+      it "can destroy user without orders" do
+        user.orders.destroy_all
+        api_delete :destroy, :id => user.id
+        expect(response.status).to eq(204)
+      end
+
+      it "cannot destroy user with orders" do
+        create(:completed_order_with_totals, :user => user)
+        api_delete :destroy, :id => user.id
+        expect(json_response["exception"]).to eq "Spree::Core::DestroyWithOrdersError"
+        expect(response.status).to eq(422)
+      end
+
+    end
+  end
+end

data/spec/controllers/spree/api/variants_controller_spec.rb

@@ -0,0 +1,235 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::VariantsController, :type => :controller do
+    render_views
+
+    let!(:product) { create(:product) }
+    let!(:variant) do
+      variant = product.master
+      variant.option_values << create(:option_value)
+      variant
+    end
+
+    let!(:base_attributes) { Api::ApiHelpers.variant_attributes }
+    let!(:show_attributes) { base_attributes.dup.push(:in_stock, :display_price) }
+    let!(:new_attributes) { base_attributes }
+
+    before do
+      stub_authentication!
+    end
+
+    describe "#index" do
+
+      it "can see a paginated list of variants" do
+        api_get :index
+        first_variant = json_response["variants"].first
+        first_variant.should have_attributes(show_attributes)
+        first_variant["stock_items"].should be_present
+        json_response["count"].should == 1
+        json_response["current_page"].should == 1
+        json_response["pages"].should == 1
+      end
+
+      it 'can control the page size through a parameter' do
+        create(:variant)
+        api_get :index, :per_page => 1
+        json_response['count'].should == 1
+        json_response['current_page'].should == 1
+        json_response['pages'].should == 3
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:variant, :sku => 'FOOBAR')
+        api_get :index, :q => { :sku_cont => 'FOO' }
+        json_response['count'].should == 1
+        json_response['variants'].first['sku'].should eq expected_result.sku
+      end
+
+      it "variants returned contain option values data" do
+        api_get :index
+        option_values = json_response["variants"].last["option_values"]
+        option_values.first.should have_attributes([:name,
+                                                   :presentation,
+                                                   :option_type_name,
+                                                   :option_type_id])
+      end
+
+      it "variants returned contain images data" do
+        variant.images.create!(:attachment => image("thinking-cat.jpg"))
+
+        api_get :index
+
+        json_response["variants"].last.should have_attributes([:images])
+        json_response['variants'].first['images'].first.should have_attributes([:attachment_file_name,
+                                                                                 :attachment_width,
+                                                                                 :attachment_height,
+                                                                                 :attachment_content_type,
+                                                                                 :mini_url,
+                                                                                 :small_url,
+                                                                                 :product_url,
+                                                                                 :large_url])
+
+      end
+
+      # Regression test for #2141
+      context "a deleted variant" do
+        before do
+          variant.update_column(:deleted_at, Time.now)
+        end
+
+        it "is not returned in the results" do
+          api_get :index
+          json_response["variants"].count.should == 0
+        end
+
+        it "is not returned even when show_deleted is passed" do
+          api_get :index, :show_deleted => true
+          json_response["variants"].count.should == 0
+        end
+      end
+
+      context "stock filtering" do
+        subject { api_get :index, in_stock_only: true }
+
+        context "variant is out of stock" do
+          before do
+            variant.stock_items.update_all(count_on_hand: 0)
+          end
+
+          it "is not returned in the results" do
+            subject
+            expect(json_response["variants"].count).to eq 0
+          end
+        end
+
+        context "variant is in stock" do
+          before do
+            variant.stock_items.update_all(count_on_hand: 10)
+          end
+
+          it "is returned in the results" do
+            subject
+            expect(json_response["variants"].count).to eq 1
+          end
+        end
+      end
+
+      context "pagination" do
+        it "can select the next page of variants" do
+          second_variant = create(:variant)
+          api_get :index, :page => 2, :per_page => 1
+          json_response["variants"].first.should have_attributes(show_attributes)
+          json_response["total_count"].should == 3
+          json_response["current_page"].should == 2
+          json_response["pages"].should == 3
+        end
+      end
+
+      context "stock item filter" do
+        let(:stock_location) { variant.stock_locations.first }
+        let!(:inactive_stock_location) { create(:stock_location, propagate_all_variants: true, name: "My special stock location", active: false) }
+
+        it "only returns stock items for active stock locations" do
+          api_get :index
+          variant = json_response['variants'].first
+          stock_items = variant['stock_items'].map { |si| si['stock_location_name'] }
+
+          expect(stock_items).to include stock_location.name
+          expect(stock_items).not_to include inactive_stock_location.name
+        end
+      end
+    end
+
+    describe "#show" do
+
+      it "can see a single variant" do
+        api_get :show, :id => variant.to_param
+        json_response.should have_attributes(show_attributes)
+        json_response["stock_items"].should be_present
+        option_values = json_response["option_values"]
+        option_values.first.should have_attributes([:name,
+                                                   :presentation,
+                                                   :option_type_name,
+                                                   :option_type_id])
+      end
+
+      it "can see a single variant with images" do
+        variant.images.create!(:attachment => image("thinking-cat.jpg"))
+
+        api_get :show, :id => variant.to_param
+
+        json_response.should have_attributes(show_attributes + [:images])
+        option_values = json_response["option_values"]
+        option_values.first.should have_attributes([:name,
+                                                   :presentation,
+                                                   :option_type_name,
+                                                   :option_type_id])
+      end
+    end
+
+    it "can learn how to create a new variant" do
+      api_get :new
+      expect(json_response["attributes"]).to eq(new_attributes.map(&:to_s))
+      expect(json_response["required_attributes"]).to be_empty
+    end
+
+    it "cannot create a new variant if not an admin" do
+      api_post :create, :variant => { :sku => "12345" }
+      assert_unauthorized!
+    end
+
+    it "cannot update a variant" do
+      api_put :update, :id => variant.to_param, :variant => { :sku => "12345" }
+      assert_not_found!
+    end
+
+    it "cannot delete a variant" do
+      api_delete :destroy, :id => variant.to_param
+      assert_not_found!
+      expect { variant.reload }.not_to raise_error
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+      let(:resource_scoping) { { :product_id => variant.product.to_param } }
+
+      # Test for #2141
+      context "deleted variants" do
+        before do
+          variant.update_column(:deleted_at, Time.now)
+        end
+
+        it "are visible by admin" do
+          api_get :index, :show_deleted => 1
+          expect(json_response["variants"].count).to eq(1)
+        end
+      end
+
+      it "can create a new variant" do
+        api_post :create, :variant => { :sku => "12345" }
+        expect(json_response).to have_attributes(new_attributes)
+        expect(response.status).to eq(201)
+        expect(json_response["sku"]).to eq("12345")
+
+        expect(variant.product.variants.count).to eq(1)
+      end
+
+      it "can update a variant" do
+        api_put :update, :id => variant.to_param, :variant => { :sku => "12345" }
+        expect(response.status).to eq(200)
+      end
+
+      it "can delete a variant" do
+        api_delete :destroy, :id => variant.to_param
+        expect(response.status).to eq(204)
+        expect { Spree::Variant.find(variant.id) }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it 'variants returned contain cost price data' do
+        api_get :index
+        expect(json_response["variants"].first.has_key?(:cost_price)).to eq true
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/zones_controller_spec.rb

@@ -0,0 +1,115 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::ZonesController, :type => :controller do
+    render_views
+
+    let!(:attributes) { [:id, :name, :zone_members] }
+
+    before do
+      stub_authentication!
+      @zone = create(:zone, :name => 'Europe')
+    end
+
+    it "gets list of zones" do
+      api_get :index
+      expect(json_response['zones'].first).to have_attributes(attributes)
+    end
+
+    it 'can control the page size through a parameter' do
+      create(:zone)
+      api_get :index, :per_page => 1
+      expect(json_response['count']).to eq(1)
+      expect(json_response['current_page']).to eq(1)
+      expect(json_response['pages']).to eq(2)
+    end
+
+    it 'can query the results through a paramter' do
+      expected_result = create(:zone, :name => 'South America')
+      api_get :index, :q => { :name_cont => 'south' }
+      expect(json_response['count']).to eq(1)
+      expect(json_response['zones'].first['name']).to eq expected_result.name
+    end
+
+    it "gets a zone" do
+      api_get :show, :id => @zone.id
+      expect(json_response).to have_attributes(attributes)
+      expect(json_response['name']).to eq @zone.name
+      expect(json_response['zone_members'].size).to eq @zone.zone_members.count
+    end
+
+    context "specifying a rabl template to use" do
+      before do
+        Spree::Api::ZonesController.class_eval do
+          def custom_show
+            respond_with(zone)
+          end
+        end
+      end
+
+      it "uses the specified template" do
+        @routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
+          r.draw { get 'custom_show' => 'spree/api/zones#custom_show' }
+        end
+
+        request.headers['X-Spree-Template'] = 'show'
+        api_get :custom_show, :id => @zone.id
+        expect(response).to render_template('spree/api/zones/show')
+      end
+
+      it "falls back to the default template if the specified template does not exist" do
+        request.headers['X-Spree-Template'] = 'invoice'
+        api_get :show, :id => @zone.id
+        expect(response).to render_template('spree/api/zones/show')
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create a new zone" do
+        params = {
+          :zone => {
+            :name => "North Pole",
+            :zone_members => [
+              {
+                :zoneable_type => "Spree::Country",
+                :zoneable_id => 1
+              }
+            ]
+          }
+        }
+
+        api_post :create, params
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["zone_members"]).not_to be_empty
+      end
+
+      it "updates a zone" do
+        params = { :id => @zone.id,
+          :zone => {
+            :name => "North Pole",
+            :zone_members => [
+              {
+                :zoneable_type => "Spree::Country",
+                :zoneable_id => 1
+              }
+            ]
+          }
+        }
+
+        api_put :update, params
+        expect(response.status).to eq(200)
+        expect(json_response['name']).to eq 'North Pole'
+        expect(json_response['zone_members']).not_to be_blank
+      end
+
+      it "can delete a zone" do
+        api_delete :destroy, :id => @zone.id
+        expect(response.status).to eq(204)
+        expect { @zone.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end

data/spec/features/checkout_spec.rb

@@ -0,0 +1,187 @@
+require 'spec_helper'
+
+module Spree
+  describe 'Api Feature Specs', type: :request do
+    before { Spree::Api::Config[:requires_authentication] = false }
+    let!(:promotion) { FactoryGirl.create(:promotion, :with_order_adjustment, code: 'foo', weighted_order_adjustment_amount: 10) }
+    let(:promotion_code) { promotion.codes.first }
+    let(:bill_address) { FactoryGirl.create(:address) }
+    let(:ship_address) { FactoryGirl.create(:address) }
+    let(:variant_1) { FactoryGirl.create(:variant, price: 100.00) }
+    let(:variant_2) { FactoryGirl.create(:variant, price: 200.00) }
+    let(:payment_method) { FactoryGirl.create(:check_payment_method) }
+    let!(:shipping_method) do
+      FactoryGirl.create(:shipping_method).tap do |shipping_method|
+        shipping_method.zones.first.zone_members.create!(zoneable: ship_address.country)
+        shipping_method.calculator.set_preference(:amount, 10.0)
+      end
+    end
+
+    def parsed
+      JSON.parse(response.body)
+    end
+
+    def login
+      expect {
+        post '/api/users', user: { email: "featurecheckoutuser@example.com", password: "featurecheckoutuser" }
+      }.to change { Spree.user_class.count }.by 1
+      expect(response).to have_http_status(:created)
+      @user = Spree.user_class.find(parsed['id'])
+
+      # copied from api testing helpers support since we can't really sign in
+      allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { @user }
+    end
+
+    def create_order(order_params: {})
+      expect { post '/api/orders', order_params }.to change { Order.count }.by 1
+      expect(response).to have_http_status(:created)
+      @order = Order.find(parsed['id'])
+      expect(@order.email).to eq "featurecheckoutuser@example.com"
+    end
+
+    def update_order(order_params: {})
+      put "/api/orders/#{@order.number}", order_params
+      expect(response).to have_http_status(:ok)
+    end
+
+    def create_line_item(variant, quantity = 1)
+      expect {
+        post "/api/orders/#{@order.number}/line_items", line_item: { variant_id: variant.id, quantity: quantity }
+      }.to change { @order.line_items.count }.by 1
+      expect(response).to have_http_status(:created)
+    end
+
+    def add_promotion(promotion)
+      expect {
+        put "/api/orders/#{@order.number}/apply_coupon_code", coupon_code: promotion_code.value
+      }.to change { @order.promotions.count }.by 1
+      expect(response).to have_http_status(:ok)
+    end
+
+    def add_address(address, billing: true)
+      address_type = billing ? :bill_address : :ship_address
+      # It seems we are missing an order-scoped address api endpoint since we need
+      # to use update here.
+      expect {
+        update_order(order_params: { order: { address_type => address.attributes.except('id') } })
+      }.to change { @order.reload.public_send(address_type) }.to address
+    end
+
+    def add_payment
+      expect {
+        post "/api/orders/#{@order.number}/payments", payment: { payment_method_id: payment_method.id }
+      }.to change { @order.reload.payments.count }.by 1
+      expect(response).to have_http_status(:created)
+      expect(@order.payments.last.payment_method).to eq payment_method
+    end
+
+    def advance
+      put "/api/checkouts/#{@order.number}/advance"
+      expect(response).to have_http_status(:ok)
+    end
+
+    def complete
+      put "/api/checkouts/#{@order.number}/complete"
+      expect(response).to have_http_status(:ok)
+    end
+
+    def assert_order_expectations
+      @order.reload
+      expect(@order.state).to eq 'complete'
+      expect(@order.completed_at).to be_a ActiveSupport::TimeWithZone
+      expect(@order.item_total).to eq 600.00
+      expect(@order.total).to eq 600.00
+      expect(@order.adjustment_total).to eq -10.00
+      expect(@order.shipment_total).to eq 10.00
+      expect(@order.user).to eq @user
+      expect(@order.bill_address).to eq bill_address
+      expect(@order.ship_address).to eq ship_address
+      expect(@order.payments.length).to eq 1
+      expect(@order.line_items.any? { |li| li.variant == variant_1 && li.quantity == 2 }).to eq true
+      expect(@order.line_items.any? { |li| li.variant == variant_2 && li.quantity == 2 }).to eq true
+      expect(@order.promotions).to eq [promotion]
+    end
+
+    it "is able to checkout with individualized requests" do
+      login
+      create_order
+
+      create_line_item(variant_1, 2)
+      add_promotion(promotion)
+      create_line_item(variant_2, 2)
+
+      add_address(bill_address)
+      add_address(ship_address, billing: false)
+
+      add_payment
+
+      advance
+      complete
+
+      assert_order_expectations
+    end
+
+    it "is able to checkout with the create request" do
+      login
+
+      create_order(order_params: {
+        order: {
+          bill_address: bill_address.as_json.except('id'),
+          ship_address: ship_address.as_json.except('id'),
+          line_items: {
+            0 => { variant_id: variant_1.id, quantity: 2 },
+            1 => { variant_id: variant_2.id, quantity: 2 }
+          },
+          # Would like to do this, but the save process from the orders controller
+          # does not actually call what it needs to to apply this coupon code :(
+          # coupon_code: promotion.code,
+
+          # Would like to do this, but it puts the payment in a complete state,
+          # which the order does not like when transitioning from confirm to complete
+          # since it looks to process pending payments.
+          # payments: [ { payment_method: payment_method.name, state: "pending" } ],
+        }
+      })
+
+      add_promotion(promotion)
+      add_payment
+
+      advance
+      complete
+
+      assert_order_expectations
+    end
+
+    it "is able to checkout with the update request" do
+      login
+
+      create_order
+      update_order(order_params: {
+        order: {
+          bill_address: bill_address.as_json.except('id'),
+          ship_address: ship_address.as_json.except('id'),
+          line_items: {
+            0 => { variant_id: variant_1.id, quantity: 2 },
+            1 => { variant_id: variant_2.id, quantity: 2 }
+          },
+          # Would like to do this, but the save process from the orders controller
+          # does not actually call what it needs to to apply this coupon code :(
+          # coupon_code: promotion.code,
+
+          # Would like to do this, but it puts the payment in a complete state,
+          # which the order does not like when transitioning from confirm to complete
+          # since it looks to process pending payments.
+          # payments: [ { payment_method: payment_method.name, state: "pending" } ],
+        }
+      })
+
+      add_promotion(promotion)
+      add_payment
+
+      advance
+      complete
+
+      assert_order_expectations
+    end
+  end
+end