solidus_api 1.0.0.pre

data/spec/controllers/spree/api/credit_cards_controller_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::CreditCardsController, :type => :controller do
+    render_views
+
+    let!(:admin_user) do
+      user = Spree.user_class.new(:email => "spree@example.com", :id => 1)
+      user.generate_spree_api_key!
+      allow(user).to receive(:has_spree_role?).with('admin').and_return(true)
+      user
+    end
+
+    let!(:normal_user) do
+      user = Spree.user_class.new(:email => "spree2@example.com", :id => 2)
+      user.generate_spree_api_key!
+      user
+    end
+
+    let!(:card) { create(:credit_card, :user_id => admin_user.id, gateway_customer_profile_id: "random") }
+
+    before do
+      stub_authentication!
+    end
+
+    it "the user id doesn't exist" do
+      api_get :index, user_id: 1000
+      expect(response.status).to eq(404)
+    end
+
+    context "calling user is in admin role" do
+      let(:current_api_user) do
+        user = admin_user
+        user
+      end
+
+      it "no credit cards exist for user" do
+        api_get :index, user_id: normal_user.id
+
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(0)
+      end
+
+      it "can view all credit cards for user" do
+        api_get :index, user_id: current_api_user.id
+
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["credit_cards"].length).to eq(1)
+        expect(json_response["credit_cards"].first["id"]).to eq(card.id)
+      end
+    end
+
+    context "calling user is not in admin role" do
+      let(:current_api_user) do
+        user = normal_user
+        user
+      end
+
+      let!(:card) { create(:credit_card, :user_id => normal_user.id, gateway_customer_profile_id: "random") }
+
+      it "can not view user" do
+        api_get :index, user_id: admin_user.id
+
+        expect(response.status).to eq(404)
+      end
+
+      it "can view own credit cards" do
+        api_get :index, user_id: normal_user.id
+
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["credit_cards"].length).to eq(1)
+        expect(json_response["credit_cards"].first["id"]).to eq(card.id)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/images_controller_spec.rb

@@ -0,0 +1,93 @@
+require 'spec_helper'
+
+module Spree
+  describe Spree::Api::ImagesController, :type => :controller do
+    render_views
+
+    let!(:product) { create(:product) }
+    let!(:attributes) { [:id, :position, :attachment_content_type,
+                         :attachment_file_name, :type, :attachment_updated_at, :attachment_width,
+                         :attachment_height, :alt] }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can upload a new image for a variant" do
+        expect do
+          api_post :create,
+                   :image => { :attachment => upload_image('thinking-cat.jpg'),
+                               :viewable_type => 'Spree::Variant',
+                               :viewable_id => product.master.to_param  },
+                   :product_id => product.id
+          expect(response.status).to eq(201)
+          expect(json_response).to have_attributes(attributes)
+        end.to change(Image, :count).by(1)
+      end
+
+      context "working with an existing image" do
+        let!(:product_image) { product.master.images.create!(:attachment => image('thinking-cat.jpg')) }
+
+        it "can get a single product image" do
+          api_get :show, :id => product_image.id, :product_id => product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+        end
+
+        it "can get a single variant image" do
+          api_get :show, :id => product_image.id, :variant_id => product.master.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+        end
+
+        it "can get a list of product images" do
+          api_get :index, :product_id => product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_key("images")
+          expect(json_response["images"].first).to have_attributes(attributes)
+        end
+
+        it "can get a list of variant images" do
+          api_get :index, :variant_id => product.master.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_key("images")
+          expect(json_response["images"].first).to have_attributes(attributes)
+        end
+
+        it "can update image data" do
+          expect(product_image.position).to eq(1)
+          api_post :update, :image => { :position => 2 }, :id => product_image.id, :product_id => product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+          expect(product_image.reload.position).to eq(2)
+        end
+
+        it "can delete an image" do
+          api_delete :destroy, :id => product_image.id, :product_id => product.id
+          expect(response.status).to eq(204)
+          expect { product_image.reload }.to raise_error(ActiveRecord::RecordNotFound)
+        end
+      end
+    end
+
+    context "as a non-admin" do
+      it "cannot create an image" do
+        api_post :create, :product_id => product.id
+        assert_unauthorized!
+      end
+
+      it "cannot update an image" do
+        api_put :update, :id => 1, :product_id => product.id
+        assert_not_found!
+      end
+
+      it "cannot delete an image" do
+        api_delete :destroy, :id => 1, :product_id => product.id
+        assert_not_found!
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/inventory_units_controller_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::InventoryUnitsController, :type => :controller do
+    render_views
+
+    before do
+      stub_authentication!
+      @inventory_unit = create(:inventory_unit)
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+      let(:variant) { create(:variant) }
+
+      it "gets an inventory unit" do
+        api_get :show, :id => @inventory_unit.id
+        expect(json_response['state']).to eq @inventory_unit.state
+      end
+
+      it "updates an inventory unit" do
+        api_put :update, :id => @inventory_unit.id,
+                         :inventory_unit => { variant_id: variant.id }
+        json_response['variant_id'].should eq variant.id
+      end
+
+      context 'fires state event' do
+        it 'if supplied with :fire param' do
+          api_put :update, :id => @inventory_unit.id,
+                           :fire => 'ship',
+                           :inventory_unit => { variant_id: variant.id }
+
+          expect(json_response['state']).to eq 'shipped'
+        end
+
+        it 'and returns exception if cannot fire' do
+          api_put :update, :id => @inventory_unit.id,
+                           :fire => 'return'
+          expect(json_response['exception']).to match /cannot transition to return/
+        end
+
+        it 'and returns exception bad state' do
+          api_put :update, :id => @inventory_unit.id,
+                           :fire => 'bad'
+          expect(json_response['exception']).to match /cannot transition to bad/
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/line_items_controller_spec.rb

@@ -0,0 +1,186 @@
+require 'spec_helper'
+
+module Spree
+  PermittedAttributes.module_eval do
+    mattr_writer :line_item_attributes
+  end
+
+  unless PermittedAttributes.line_item_attributes.include? :some_option
+    PermittedAttributes.line_item_attributes += [:some_option]
+  end
+
+  # This should go in an initializer
+  Spree::Api::LineItemsController.line_item_options += [:some_option]
+
+  describe Api::LineItemsController, :type => :controller do
+    render_views
+
+    let!(:order) { create(:order_with_line_items, line_items_count: 1) }
+
+    let(:product) { create(:product) }
+    let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
+    let(:resource_scoping) { { :order_id => order.to_param } }
+
+    before do
+      stub_authentication!
+    end
+
+    it "can learn how to create a new line item" do
+      api_get :new
+      expect(json_response["attributes"]).to eq(["quantity", "price", "variant_id"])
+      required_attributes = json_response["required_attributes"]
+      expect(required_attributes).to include("quantity", "variant_id")
+    end
+
+    context "authenticating with a token" do
+      it "can add a new line item to an existing order" do
+        api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }, :order_token => order.guest_token
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["variant"]["name"]).not_to be_blank
+      end
+
+      it "can add a new line item to an existing order with token in header" do
+        request.headers["X-Spree-Order-Token"] = order.guest_token
+        api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["variant"]["name"]).not_to be_blank
+      end
+    end
+
+    context "as the order owner" do
+      before do
+        allow_any_instance_of(Order).to receive_messages :user => current_api_user
+      end
+
+      it "can add a new line item to an existing order" do
+        api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["variant"]["name"]).not_to be_blank
+      end
+
+      it "can add a new line item to an existing order with options" do
+        expect_any_instance_of(LineItem).to receive(:some_option=).with(4)
+        api_post :create,
+                 line_item: {
+                   variant_id: product.master.to_param,
+                   quantity: 1,
+                   options: { some_option: 4 }
+                 }
+        expect(response.status).to eq(201)
+      end
+
+      it "default quantity to 1 if none is given" do
+        api_post :create, :line_item => { :variant_id => product.master.to_param }
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response[:quantity]).to eq 1
+      end
+
+      it "increases a line item's quantity if it exists already" do
+        order.line_items.create(:variant_id => product.master.id, :quantity => 10)
+        api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+        expect(response.status).to eq(201)
+        order.reload
+        expect(order.line_items.count).to eq(2) # 1 original due to factory, + 1 in this test
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["quantity"]).to eq(11)
+      end
+
+      it "can update a line item on the order" do
+        line_item = order.line_items.first
+        api_put :update, :id => line_item.id, :line_item => { :quantity => 101 }
+        expect(response.status).to eq(200)
+        order.reload
+        expect(order.total).to eq(1010) # 10 original due to factory, + 1000 in this test
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["quantity"]).to eq(101)
+      end
+
+      it "can update a line item's options on the order" do
+        expect_any_instance_of(LineItem).to receive(:some_option=).with(12)
+        line_item = order.line_items.first
+        api_put :update,
+                id: line_item.id,
+                line_item: { quantity: 1, options: { some_option: 12 } }
+        expect(response.status).to eq(200)
+      end
+
+      it "can delete a line item on the order" do
+        line_item = order.line_items.first
+        api_delete :destroy, :id => line_item.id
+        expect(response.status).to eq(204)
+        order.reload
+        expect(order.line_items.count).to eq(0) # 1 original due to factory, - 1 in this test
+        expect { line_item.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      context "order contents changed after shipments were created" do
+        let!(:order) { Order.create }
+        let!(:line_item) { order.contents.add(product.master) }
+
+        before { order.create_proposed_shipments }
+
+        it "clear out shipments on create" do
+          expect(order.reload.shipments).not_to be_empty
+          api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+          expect(order.reload.shipments).to be_empty
+        end
+
+        it "clear out shipments on update" do
+          expect(order.reload.shipments).not_to be_empty
+          api_put :update, :id => line_item.id, :line_item => { :quantity => 1000 }
+          expect(order.reload.shipments).to be_empty
+        end
+
+        it "clear out shipments on delete" do
+          expect(order.reload.shipments).not_to be_empty
+          api_delete :destroy, :id => line_item.id
+          expect(order.reload.shipments).to be_empty
+        end
+
+        context "order is completed" do
+          before do
+            allow(order).to receive_messages completed?: true
+            allow(Order).to receive_message_chain :includes, find_by!: order
+          end
+
+          it "doesn't destroy shipments or restart checkout flow" do
+            expect(order.reload.shipments).not_to be_empty
+            api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+            expect(order.reload.shipments).not_to be_empty
+          end
+        end
+      end
+    end
+
+    context "as just another user" do
+      before do
+        user = create(:user)
+        allow(Spree.user_class).to receive(:find_by).
+                                     and_return(user)
+      end
+
+      it "cannot add a new line item to the order" do
+        api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+        assert_unauthorized!
+      end
+
+      it "cannot update a line item on the order" do
+        line_item = order.line_items.first
+        api_put :update, :id => line_item.id, :line_item => { :quantity => 1000 }
+        assert_unauthorized!
+        expect(line_item.reload.quantity).not_to eq(1000)
+      end
+
+      it "cannot delete a line item on the order" do
+        line_item = order.line_items.first
+        api_delete :destroy, :id => line_item.id
+        assert_unauthorized!
+        expect { line_item.reload }.not_to raise_error
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/option_types_controller_spec.rb

@@ -0,0 +1,116 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::OptionTypesController, :type => :controller do
+    render_views
+
+    let(:attributes) { [:id, :name, :position, :presentation] }
+    let!(:option_value) { create(:option_value) }
+    let!(:option_type) { option_value.option_type }
+
+    before do
+      stub_authentication!
+    end
+
+    def check_option_values(option_values)
+      expect(option_values.count).to eq(1)
+      expect(option_values.first).to have_attributes([:id, :name, :presentation,
+                                                  :option_type_name, :option_type_id])
+    end
+
+    it "can list all option types" do
+      api_get :index
+      expect(json_response.count).to eq(1)
+      expect(json_response.first).to have_attributes(attributes)
+
+      check_option_values(json_response.first["option_values"])
+    end
+
+    it "can search for an option type" do
+      create(:option_type, :name => "buzz")
+      api_get :index, :q => { :name_cont => option_type.name }
+      expect(json_response.count).to eq(1)
+      expect(json_response.first).to have_attributes(attributes)
+    end
+
+    it "can retrieve a list of specific option types" do
+      option_type_1 = create(:option_type)
+      option_type_2 = create(:option_type)
+      api_get :index, :ids => "#{option_type.id},#{option_type_1.id}"
+      expect(json_response.count).to eq(2)
+
+      check_option_values(json_response.first["option_values"])
+    end
+
+    it "can list a single option type" do
+      api_get :show, :id => option_type.id
+      expect(json_response).to have_attributes(attributes)
+      check_option_values(json_response["option_values"])
+    end
+
+    it "cannot create a new option type" do
+      api_post :create, :option_type => {
+                        :name => "Option Type",
+                        :presentation => "Option Type"
+                      }
+      assert_unauthorized!
+    end
+
+    it "cannot alter an option type" do
+      original_name = option_type.name
+      api_put :update, :id => option_type.id,
+                        :option_type => {
+                          :name => "Option Type"
+                        }
+      assert_not_found!
+      expect(option_type.reload.name).to eq(original_name)
+    end
+
+    it "cannot delete an option type" do
+      api_delete :destroy, :id => option_type.id
+      assert_not_found!
+      expect { option_type.reload }.not_to raise_error
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create an option type" do
+        api_post :create, :option_type => {
+                          :name => "Option Type",
+                          :presentation => "Option Type"
+                        }
+        expect(json_response).to have_attributes(attributes)
+        expect(response.status).to eq(201)
+      end
+
+      it "cannot create an option type with invalid attributes" do
+        api_post :create, :option_type => {}
+        expect(response.status).to eq(422)
+      end
+
+      it "can update an option type" do
+        original_name = option_type.name
+        api_put :update, :id => option_type.id, :option_type => {
+                              :name => "Option Type",
+                            }
+        expect(response.status).to eq(200)
+
+        option_type.reload
+        expect(option_type.name).to eq("Option Type")
+      end
+
+      it "cannot update an option type with invalid attributes" do
+        api_put :update, :id => option_type.id, :option_type => {
+                          :name => ""
+                         }
+        expect(response.status).to eq(422)
+      end
+
+      it "can delete an option type" do
+        api_delete :destroy, :id => option_type.id
+        expect(response.status).to eq(204)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/option_values_controller_spec.rb

@@ -0,0 +1,135 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::OptionValuesController, :type => :controller do
+    render_views
+
+    let(:attributes) { [:id, :name, :presentation, :option_type_name, :option_type_name] }
+    let!(:option_value) { create(:option_value) }
+    let!(:option_type) { option_value.option_type }
+
+    before do
+      stub_authentication!
+    end
+
+    def check_option_values(option_values)
+      expect(option_values.count).to eq(1)
+      expect(option_values.first).to have_attributes([:id, :name, :presentation,
+                                                  :option_type_name, :option_type_id])
+    end
+
+    context "without any option type scoping" do
+      before do
+        # Create another option value with a brand new option type
+        create(:option_value, :option_type => create(:option_type))
+      end
+
+      it "can retrieve a list of all option values" do
+        api_get :index
+        expect(json_response.count).to eq(2)
+        expect(json_response.first).to have_attributes(attributes)
+      end
+    end
+
+    context "for a particular option type" do
+      let(:resource_scoping) { { :option_type_id => option_type.id } }
+
+      it "can list all option values" do
+        api_get :index
+        expect(json_response.count).to eq(1)
+        expect(json_response.first).to have_attributes(attributes)
+      end
+
+      it "can search for an option type" do
+        create(:option_value, :name => "buzz")
+        api_get :index, :q => { :name_cont => option_value.name }
+        expect(json_response.count).to eq(1)
+        expect(json_response.first).to have_attributes(attributes)
+      end
+
+      it "can retrieve a list of option types" do
+        option_value_1 = create(:option_value, :option_type => option_type)
+        option_value_2 = create(:option_value, :option_type => option_type)
+        api_get :index, :ids => [option_value.id, option_value_1.id]
+        expect(json_response.count).to eq(2)
+      end
+
+      it "can list a single option value" do
+        api_get :show, :id => option_value.id
+        expect(json_response).to have_attributes(attributes)
+      end
+
+      it "cannot create a new option value" do
+        api_post :create, :option_value => {
+                          :name => "Option Value",
+                          :presentation => "Option Value"
+                        }
+        assert_unauthorized!
+      end
+
+      it "cannot alter an option value" do
+        original_name = option_type.name
+        api_put :update, :id => option_type.id,
+                          :option_value => {
+                            :name => "Option Value"
+                          }
+        assert_not_found!
+        expect(option_type.reload.name).to eq(original_name)
+      end
+
+      it "cannot delete an option value" do
+        api_delete :destroy, :id => option_type.id
+        assert_not_found!
+        expect { option_type.reload }.not_to raise_error
+      end
+
+      context "as an admin" do
+        sign_in_as_admin!
+
+        it "can create an option value" do
+          api_post :create, :option_value => {
+                            :name => "Option Value",
+                            :presentation => "Option Value"
+                          }
+          expect(json_response).to have_attributes(attributes)
+          expect(response.status).to eq(201)
+        end
+
+        it "cannot create an option type with invalid attributes" do
+          api_post :create, :option_value => {}
+          expect(response.status).to eq(422)
+        end
+
+        it "can update an option value" do
+          original_name = option_value.name
+          api_put :update, :id => option_value.id, :option_value => {
+                                :name => "Option Value",
+                              }
+          expect(response.status).to eq(200)
+
+          option_value.reload
+          expect(option_value.name).to eq("Option Value")
+        end
+
+        it "permits the correct attributes" do
+          expect(controller).to receive(:permitted_option_value_attributes)
+          api_put :update, :id => option_value.id, :option_value => {
+                            :name => ""
+                           }
+        end
+
+        it "cannot update an option value with invalid attributes" do
+          api_put :update, :id => option_value.id, :option_value => {
+                            :name => ""
+                           }
+          expect(response.status).to eq(422)
+        end
+
+        it "can delete an option value" do
+          api_delete :destroy, :id => option_value.id
+          expect(response.status).to eq(204)
+        end
+      end
+    end
+  end
+end