solidus_api 1.1.4 → 1.2.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of solidus_api might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/app/controllers/spree/api/base_controller.rb +1 -1
- data/app/controllers/spree/api/checkouts_controller.rb +28 -8
- data/app/controllers/spree/api/orders_controller.rb +11 -18
- data/app/controllers/spree/api/payments_controller.rb +1 -2
- data/app/controllers/spree/api/products_controller.rb +4 -4
- data/app/controllers/spree/api/shipments_controller.rb +3 -2
- data/solidus_api.gemspec +3 -3
- data/spec/controllers/spree/api/checkouts_controller_spec.rb +94 -25
- data/spec/controllers/spree/api/classifications_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/orders_controller_spec.rb +78 -104
- data/spec/controllers/spree/api/payments_controller_spec.rb +0 -11
- data/spec/controllers/spree/api/products_controller_spec.rb +7 -8
- data/spec/controllers/spree/api/shipments_controller_spec.rb +20 -5
- data/spec/controllers/spree/api/stock_transfers_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/taxons_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/transfer_items_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/variants_controller_spec.rb +4 -4
- data/spec/models/spree/legacy_user_spec.rb +61 -15
- data/spec/spec_helper.rb +0 -1
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0541b475d9a7c6163816b932d0e24098d63668c9
|
4
|
+
data.tar.gz: e238a5d6173dc3e22758fad5d9ae7ff72bf27c1d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e6806e2569df73fea2bdababe36912878beaef9962483c42a59b093f021444556b42aba5b58e10bc2afa11a1bd880b58432cd810dbb9c693f62efabcd246190e
|
7
|
+
data.tar.gz: 448e5fb1b8ddeb83dd49bbd0bc2f8588f1665ae3fcdf89e4f4a3b671f2a3de2e5abc8e01c8e6aa1362e6c5c6323a142763fd2a2a4c9741c9b0f69a5909a13ff9
|
@@ -56,14 +56,7 @@ module Spree
|
|
56
56
|
def update
|
57
57
|
authorize! :update, @order, order_token
|
58
58
|
|
59
|
-
|
60
|
-
ActiveSupport::Deprecation.warn("Passing payment_source is deprecated. Send source parameters inside payments_attributes[:source_attributes].", caller)
|
61
|
-
move_payment_source_into_payments_attributes(params)
|
62
|
-
else
|
63
|
-
params
|
64
|
-
end
|
65
|
-
|
66
|
-
if @order.update_from_params(update_params, permitted_checkout_attributes, request.headers.env)
|
59
|
+
if OrderUpdateAttributes.new(@order, update_params, request_env: request.headers.env).apply
|
67
60
|
if can?(:admin, @order) && user_id.present?
|
68
61
|
@order.associate_user!(Spree.user_class.find(user_id))
|
69
62
|
end
|
@@ -87,6 +80,33 @@ module Spree
|
|
87
80
|
params[:order][:user_id] if params[:order]
|
88
81
|
end
|
89
82
|
|
83
|
+
def update_params
|
84
|
+
if update_params = massaged_params[:order]
|
85
|
+
update_params.permit(permitted_checkout_attributes)
|
86
|
+
else
|
87
|
+
# We current allow update requests without any parameters in them.
|
88
|
+
{}
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
def massaged_params
|
93
|
+
massaged_params = params.deep_dup
|
94
|
+
|
95
|
+
if params[:payment_source].present?
|
96
|
+
ActiveSupport::Deprecation.warn("Passing payment_source is deprecated. Send source parameters inside payments_attributes[:source_attributes].", caller)
|
97
|
+
move_payment_source_into_payments_attributes(massaged_params)
|
98
|
+
end
|
99
|
+
|
100
|
+
if params[:order] && params[:order][:existing_card].present?
|
101
|
+
ActiveSupport::Deprecation.warn("Passing order[:existing_card] is deprecated. Send existing_card_id inside of payments_attributes[:source_attributes].", caller)
|
102
|
+
move_existing_card_into_payments_attributes(massaged_params)
|
103
|
+
end
|
104
|
+
|
105
|
+
set_payment_parameters_amount(massaged_params, @order)
|
106
|
+
|
107
|
+
massaged_params
|
108
|
+
end
|
109
|
+
|
90
110
|
# Should be overriden if you have areas of your checkout that don't match
|
91
111
|
# up to a step within checkout_steps, such as a registration step
|
92
112
|
def skip_state_validation?
|
@@ -27,24 +27,8 @@ module Spree
|
|
27
27
|
|
28
28
|
def create
|
29
29
|
authorize! :create, Order
|
30
|
-
|
31
|
-
|
32
|
-
order_user = if order_params[:user_id]
|
33
|
-
Spree.user_class.find(order_params[:user_id])
|
34
|
-
else
|
35
|
-
current_api_user
|
36
|
-
end
|
37
|
-
|
38
|
-
@order = Spree::Core::Importer::Order.import(order_user, order_params)
|
39
|
-
respond_with(@order, default_template: :show, status: 201)
|
40
|
-
else
|
41
|
-
@order = Spree::Order.create!(user: current_api_user, store: current_store)
|
42
|
-
if @order.contents.update_cart(order_params)
|
43
|
-
respond_with(@order, default_template: :show, status: 201)
|
44
|
-
else
|
45
|
-
invalid_resource!(@order)
|
46
|
-
end
|
47
|
-
end
|
30
|
+
@order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
|
31
|
+
respond_with(@order, default_template: :show, status: 201)
|
48
32
|
end
|
49
33
|
|
50
34
|
def empty
|
@@ -125,6 +109,15 @@ module Spree
|
|
125
109
|
params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address].present?
|
126
110
|
end
|
127
111
|
|
112
|
+
# @api public
|
113
|
+
def determine_order_user
|
114
|
+
if order_params[:user_id].present?
|
115
|
+
Spree.user_class.find(order_params[:user_id])
|
116
|
+
else
|
117
|
+
current_api_user
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
128
121
|
def permitted_order_attributes
|
129
122
|
can?(:admin, Spree::Order) ? (super + admin_order_attributes) : super
|
130
123
|
end
|
@@ -17,8 +17,7 @@ module Spree
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def create
|
20
|
-
@
|
21
|
-
@payment = @order.payments.build(payment_params)
|
20
|
+
@payment = PaymentCreate.new(@order, payment_params).build
|
22
21
|
if @payment.save
|
23
22
|
respond_with(@payment, status: 201, default_template: :show)
|
24
23
|
else
|
@@ -5,7 +5,7 @@ module Spree
|
|
5
5
|
def index
|
6
6
|
if params[:ids]
|
7
7
|
ids = params[:ids].split(",").flatten
|
8
|
-
@products = product_scope.where(:
|
8
|
+
@products = product_scope.where(id: ids)
|
9
9
|
else
|
10
10
|
@products = product_scope.ransack(params[:q]).result
|
11
11
|
end
|
@@ -59,14 +59,14 @@ module Spree
|
|
59
59
|
#
|
60
60
|
def create
|
61
61
|
authorize! :create, Product
|
62
|
-
params[:product][:available_on] ||= Time.
|
62
|
+
params[:product][:available_on] ||= Time.current
|
63
63
|
set_up_shipping_category
|
64
64
|
|
65
65
|
options = { variants_attrs: variants_params, options_attrs: option_types_params }
|
66
66
|
@product = Core::Importer::Product.new(nil, product_params, options).create
|
67
67
|
|
68
68
|
if @product.persisted?
|
69
|
-
respond_with(@product, :
|
69
|
+
respond_with(@product, status: 201, default_template: :show)
|
70
70
|
else
|
71
71
|
invalid_resource!(@product)
|
72
72
|
end
|
@@ -80,7 +80,7 @@ module Spree
|
|
80
80
|
@product = Core::Importer::Product.new(@product, product_params, options).update
|
81
81
|
|
82
82
|
if @product.errors.empty?
|
83
|
-
respond_with(@product.reload, :
|
83
|
+
respond_with(@product.reload, status: 200, default_template: :show)
|
84
84
|
else
|
85
85
|
invalid_resource!(@product)
|
86
86
|
end
|
@@ -116,11 +116,12 @@ module Spree
|
|
116
116
|
|
117
117
|
def find_shipment
|
118
118
|
if @order.present?
|
119
|
-
@shipment = @order.shipments.
|
119
|
+
@shipment = @order.shipments.find_by!(number: params[:id])
|
120
120
|
else
|
121
|
-
@shipment = Spree::Shipment.
|
121
|
+
@shipment = Spree::Shipment.readonly(false).find_by!(number: params[:id])
|
122
122
|
@order = @shipment.order
|
123
123
|
end
|
124
|
+
authorize! :update, @shipment
|
124
125
|
end
|
125
126
|
|
126
127
|
def update_shipment
|
data/solidus_api.gemspec
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
-
version
|
2
|
+
require_relative '../core/lib/spree/core/version.rb'
|
3
3
|
|
4
4
|
Gem::Specification.new do |gem|
|
5
5
|
gem.author = 'Solidus Team'
|
@@ -14,9 +14,9 @@ Gem::Specification.new do |gem|
|
|
14
14
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
15
15
|
gem.name = "solidus_api"
|
16
16
|
gem.require_paths = ["lib"]
|
17
|
-
gem.version
|
17
|
+
gem.version = Spree.solidus_version
|
18
18
|
|
19
|
-
gem.add_dependency 'solidus_core', version
|
19
|
+
gem.add_dependency 'solidus_core', gem.version
|
20
20
|
gem.add_dependency 'rabl', ['>= 0.9.4.pre1', '< 0.12.0']
|
21
21
|
gem.add_dependency 'versioncake', '~> 2.3.1'
|
22
22
|
end
|
@@ -106,7 +106,7 @@ module Spree
|
|
106
106
|
expect(response.status).to eq(200)
|
107
107
|
end
|
108
108
|
|
109
|
-
# Regression Spec for
|
109
|
+
# Regression Spec for https://github.com/spree/spree/issues/5389 and https://github.com/spree/spree/issues/5880
|
110
110
|
it "can update addresses but not transition to delivery w/o shipping setup" do
|
111
111
|
Spree::ShippingMethod.destroy_all
|
112
112
|
api_put :update,
|
@@ -119,7 +119,7 @@ module Spree
|
|
119
119
|
expect(response.status).to eq(422)
|
120
120
|
end
|
121
121
|
|
122
|
-
# Regression test for
|
122
|
+
# Regression test for https://github.com/spree/spree/issues/4498
|
123
123
|
it "does not contain duplicate variant data in delivery return" do
|
124
124
|
api_put :update,
|
125
125
|
id: order.to_param, order_token: order.guest_token,
|
@@ -163,19 +163,6 @@ module Spree
|
|
163
163
|
expect(response.status).to eq(200)
|
164
164
|
end
|
165
165
|
|
166
|
-
context "with disallowed payment method" do
|
167
|
-
it "returns not found" do
|
168
|
-
order.update_column(:state, "payment")
|
169
|
-
allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
|
170
|
-
@payment_method.update!(display_on: "back_end")
|
171
|
-
expect {
|
172
|
-
api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
|
173
|
-
}.not_to change { Spree::Payment.count }
|
174
|
-
expect(response.status).to eq(404)
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
|
179
166
|
it "returns errors when source is required and missing" do
|
180
167
|
order.update_column(:state, "payment")
|
181
168
|
api_put :update, :id => order.to_param, :order_token => order.guest_token,
|
@@ -185,6 +172,29 @@ module Spree
|
|
185
172
|
expect(source_errors).to include("can't be blank")
|
186
173
|
end
|
187
174
|
|
175
|
+
describe 'setting the payment amount' do
|
176
|
+
let(:params) do
|
177
|
+
{
|
178
|
+
id: order.to_param,
|
179
|
+
order_token: order.guest_token,
|
180
|
+
order: {
|
181
|
+
payments_attributes: [
|
182
|
+
{
|
183
|
+
payment_method_id: @payment_method.id.to_s,
|
184
|
+
source_attributes: attributes_for(:credit_card),
|
185
|
+
},
|
186
|
+
],
|
187
|
+
},
|
188
|
+
}
|
189
|
+
end
|
190
|
+
|
191
|
+
it 'sets the payment amount to the order total' do
|
192
|
+
api_put(:update, params)
|
193
|
+
expect(response.status).to eq(200)
|
194
|
+
expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
|
195
|
+
end
|
196
|
+
end
|
197
|
+
|
188
198
|
describe 'payment method with source and transition from payment to confirm' do
|
189
199
|
before do
|
190
200
|
order.update_column(:state, "payment")
|
@@ -299,19 +309,78 @@ module Spree
|
|
299
309
|
end
|
300
310
|
end
|
301
311
|
|
302
|
-
|
303
|
-
|
304
|
-
|
312
|
+
context 'reusing a credit card' do
|
313
|
+
before do
|
314
|
+
order.update_column(:state, "payment")
|
315
|
+
end
|
305
316
|
|
306
|
-
|
307
|
-
|
317
|
+
let(:params) do
|
318
|
+
{
|
319
|
+
id: order.to_param,
|
320
|
+
order_token: order.guest_token,
|
321
|
+
order: {
|
322
|
+
payments_attributes: [
|
323
|
+
{
|
324
|
+
source_attributes: {
|
325
|
+
existing_card_id: credit_card.id.to_s,
|
326
|
+
verification_value: '456',
|
327
|
+
}
|
328
|
+
},
|
329
|
+
],
|
330
|
+
},
|
331
|
+
}
|
332
|
+
end
|
333
|
+
|
334
|
+
let!(:credit_card) do
|
335
|
+
create(:credit_card, user_id: order.user_id, payment_method_id: @payment_method.id)
|
336
|
+
end
|
337
|
+
|
338
|
+
it 'succeeds' do
|
339
|
+
# unfortunately the credit card gets reloaded by `@order.next` before
|
340
|
+
# the controller action finishes so this is the best way I could think
|
341
|
+
# of to test that the verification_value gets set.
|
342
|
+
expect_any_instance_of(Spree::CreditCard).to(
|
343
|
+
receive(:verification_value=).with('456').and_call_original
|
344
|
+
)
|
345
|
+
|
346
|
+
api_put(:update, params)
|
347
|
+
|
348
|
+
expect(response.status).to eq 200
|
349
|
+
expect(order.credit_cards).to match_array [credit_card]
|
350
|
+
end
|
308
351
|
|
309
|
-
|
310
|
-
|
352
|
+
context 'with deprecated existing_card parameters' do
|
353
|
+
let(:params) do
|
354
|
+
{
|
355
|
+
id: order.to_param,
|
356
|
+
order_token: order.guest_token,
|
357
|
+
order: {
|
358
|
+
existing_card: credit_card.id.to_s,
|
359
|
+
},
|
360
|
+
cvc_confirm: '456',
|
361
|
+
}
|
362
|
+
end
|
363
|
+
|
364
|
+
it 'succeeds' do
|
365
|
+
# unfortunately the credit card gets reloaded by `@order.next` before
|
366
|
+
# the controller action finishes so this is the best way I could think
|
367
|
+
# of to test that the verification_value gets set.
|
368
|
+
expect_any_instance_of(Spree::CreditCard).to(
|
369
|
+
receive(:verification_value=).with('456').and_call_original
|
370
|
+
)
|
371
|
+
|
372
|
+
ActiveSupport::Deprecation.silence do
|
373
|
+
api_put(:update, params)
|
374
|
+
end
|
375
|
+
|
376
|
+
expect(response.status).to eq 200
|
377
|
+
expect(order.credit_cards).to match_array [credit_card]
|
378
|
+
end
|
379
|
+
end
|
311
380
|
end
|
312
381
|
|
313
382
|
it "can transition from confirm to complete" do
|
314
|
-
order.update_columns(completed_at: Time.
|
383
|
+
order.update_columns(completed_at: Time.current, state: 'complete')
|
315
384
|
allow_any_instance_of(Spree::Order).to receive_messages(payment_required?: false)
|
316
385
|
api_put :update, id: order.to_param, order_token: order.guest_token
|
317
386
|
expect(json_response['state']).to eq('complete')
|
@@ -319,13 +388,13 @@ module Spree
|
|
319
388
|
end
|
320
389
|
|
321
390
|
it "returns the order if the order is already complete" do
|
322
|
-
order.update_columns(completed_at: Time.
|
391
|
+
order.update_columns(completed_at: Time.current, state: 'complete')
|
323
392
|
api_put :update, id: order.to_param, order_token: order.guest_token
|
324
393
|
expect(json_response['number']).to eq(order.number)
|
325
394
|
expect(response.status).to eq(200)
|
326
395
|
end
|
327
396
|
|
328
|
-
# Regression test for
|
397
|
+
# Regression test for https://github.com/spree/spree/issues/3784
|
329
398
|
it "can update the special instructions for an order" do
|
330
399
|
instructions = "Don't drop it. (Please)"
|
331
400
|
api_put :update, id: order.to_param, order_token: order.guest_token,
|
@@ -37,7 +37,7 @@ module Spree
|
|
37
37
|
end
|
38
38
|
|
39
39
|
it "should touch the taxon" do
|
40
|
-
taxon.update_attributes(updated_at: Time.
|
40
|
+
taxon.update_attributes(updated_at: Time.current - 10.seconds)
|
41
41
|
taxon_last_updated_at = taxon.updated_at
|
42
42
|
api_put :update, taxon_id: taxon, product_id: last_product, position: 0
|
43
43
|
taxon.reload
|
@@ -29,62 +29,46 @@ module Spree
|
|
29
29
|
|
30
30
|
describe "POST create" do
|
31
31
|
let(:target_user) { create :user }
|
32
|
-
let(:date_override) {
|
33
|
-
let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
|
32
|
+
let(:date_override) { 3.days.ago }
|
34
33
|
|
35
|
-
|
34
|
+
before do
|
35
|
+
allow_any_instance_of(Spree::Ability).to receive(:can?).
|
36
|
+
and_return(true)
|
37
|
+
|
38
|
+
allow_any_instance_of(Spree::Ability).to receive(:can?).
|
39
|
+
with(:admin, Spree::Order).
|
40
|
+
and_return(can_admin)
|
41
|
+
|
42
|
+
allow(Spree.user_class).to receive(:find).
|
43
|
+
with(target_user.id).
|
44
|
+
and_return(target_user)
|
45
|
+
end
|
46
|
+
|
47
|
+
subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
|
36
48
|
|
37
49
|
context "when the current user cannot administrate the order" do
|
38
|
-
|
39
|
-
can :create, Spree::Order
|
40
|
-
end
|
50
|
+
let(:can_admin) { false }
|
41
51
|
|
42
52
|
it "does not include unpermitted params, or allow overriding the user", focus: true do
|
53
|
+
expect(Spree::Core::Importer::Order).to receive(:import).
|
54
|
+
once.
|
55
|
+
with(current_api_user, { "email" => target_user.email }).
|
56
|
+
and_call_original
|
43
57
|
subject
|
44
|
-
expect(response).to be_success
|
45
|
-
order = Spree::Order.last
|
46
|
-
expect(order.user).to eq current_api_user
|
47
|
-
expect(order.email).to eq target_user.email
|
48
58
|
end
|
49
59
|
|
50
60
|
it { is_expected.to be_success }
|
51
|
-
|
52
|
-
context 'creating payment' do
|
53
|
-
let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
|
54
|
-
|
55
|
-
context "with allowed payment method" do
|
56
|
-
let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
|
57
|
-
it { is_expected.to be_success }
|
58
|
-
it "creates a payment" do
|
59
|
-
expect {
|
60
|
-
subject
|
61
|
-
}.to change { Spree::Payment.count }.by(1)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
context "with disallowed payment method" do
|
66
|
-
let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
|
67
|
-
it { is_expected.to be_not_found }
|
68
|
-
it "creates no payments" do
|
69
|
-
expect {
|
70
|
-
subject
|
71
|
-
}.not_to change { Spree::Payment.count }
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
75
61
|
end
|
76
62
|
|
77
63
|
context "when the current user can administrate the order" do
|
78
|
-
|
79
|
-
can [:admin, :create], Spree::Order
|
80
|
-
end
|
64
|
+
let(:can_admin) { true }
|
81
65
|
|
82
66
|
it "it permits all params and allows overriding the user" do
|
67
|
+
expect(Spree::Core::Importer::Order).to receive(:import).
|
68
|
+
once.
|
69
|
+
with(target_user, { "user_id" => target_user.id, "created_at" => date_override, "email" => target_user.email}).
|
70
|
+
and_call_original
|
83
71
|
subject
|
84
|
-
order = Spree::Order.last
|
85
|
-
expect(order.user).to eq target_user
|
86
|
-
expect(order.email).to eq target_user.email
|
87
|
-
expect(order.created_at).to eq date_override
|
88
72
|
end
|
89
73
|
|
90
74
|
it { is_expected.to be_success }
|
@@ -97,65 +81,41 @@ module Spree
|
|
97
81
|
let(:can_admin) { false }
|
98
82
|
subject { api_put :update, id: order.to_param, order: order_params }
|
99
83
|
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
end
|
104
|
-
|
105
|
-
it "updates the user's email" do
|
106
|
-
expect {
|
107
|
-
subject
|
108
|
-
}.to change { order.reload.email }.to("foo@foobar.com")
|
109
|
-
end
|
110
|
-
|
111
|
-
it { is_expected.to be_success }
|
112
|
-
|
113
|
-
it "does not associate users" do
|
114
|
-
expect {
|
115
|
-
subject
|
116
|
-
}.not_to change { order.reload.user }
|
117
|
-
end
|
84
|
+
before do
|
85
|
+
allow_any_instance_of(Spree::Ability).to receive(:can?).
|
86
|
+
and_return(true)
|
118
87
|
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
}.to_not change{ order.reload.number }
|
123
|
-
end
|
88
|
+
allow(Spree::Order).to receive(:find_by!).
|
89
|
+
with(number: order.number).
|
90
|
+
and_return(order)
|
124
91
|
|
125
|
-
|
126
|
-
|
92
|
+
allow(Spree.user_class).to receive(:find).
|
93
|
+
with(user.id).
|
94
|
+
and_return(user)
|
127
95
|
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
expect {
|
133
|
-
subject
|
134
|
-
}.to change { Spree::Payment.count }.by(1)
|
135
|
-
end
|
136
|
-
end
|
96
|
+
allow_any_instance_of(Spree::Ability).to receive(:can?).
|
97
|
+
with(:admin, Spree::Order).
|
98
|
+
and_return(can_admin)
|
99
|
+
end
|
137
100
|
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
subject
|
144
|
-
}.not_to change { Spree::Payment.count }
|
145
|
-
end
|
146
|
-
end
|
147
|
-
end
|
101
|
+
it "updates the cart contents" do
|
102
|
+
expect(order.contents).to receive(:update_cart).
|
103
|
+
once.
|
104
|
+
with({"email" => "foo@foobar.com"})
|
105
|
+
subject
|
148
106
|
end
|
149
107
|
|
108
|
+
it { is_expected.to be_success }
|
109
|
+
|
150
110
|
context "when the user can administer the order" do
|
151
|
-
|
152
|
-
can [:admin, :update], Spree::Order
|
153
|
-
end
|
111
|
+
let(:can_admin) { true }
|
154
112
|
|
155
113
|
it "will associate users" do
|
156
|
-
expect
|
157
|
-
|
158
|
-
|
114
|
+
expect(order).to receive(:associate_user!).
|
115
|
+
once.
|
116
|
+
with(user)
|
117
|
+
|
118
|
+
subject
|
159
119
|
end
|
160
120
|
|
161
121
|
it "updates the otherwise forbidden attributes" do
|
@@ -163,6 +123,17 @@ module Spree
|
|
163
123
|
to("anothernumber")
|
164
124
|
end
|
165
125
|
end
|
126
|
+
|
127
|
+
context "when the user cannot administer the order" do
|
128
|
+
it "does not associate users" do
|
129
|
+
expect(order).to_not receive(:associate_user!)
|
130
|
+
subject
|
131
|
+
end
|
132
|
+
|
133
|
+
it "does not change forbidden attributes" do
|
134
|
+
expect{subject}.to_not change{order.reload.number}
|
135
|
+
end
|
136
|
+
end
|
166
137
|
end
|
167
138
|
|
168
139
|
it "cannot view all orders" do
|
@@ -214,9 +185,9 @@ module Spree
|
|
214
185
|
end
|
215
186
|
|
216
187
|
it "returns orders in reverse chronological order by completed_at" do
|
217
|
-
order.update_columns completed_at: Time.
|
188
|
+
order.update_columns completed_at: Time.current
|
218
189
|
|
219
|
-
order2 = Order.create user: order.user, completed_at: Time.
|
190
|
+
order2 = Order.create user: order.user, completed_at: Time.current - 1.day, store: store
|
220
191
|
expect(order2.created_at).to be > order.created_at
|
221
192
|
order3 = Order.create user: order.user, completed_at: nil, store: store
|
222
193
|
expect(order3.created_at).to be > order2.created_at
|
@@ -313,7 +284,7 @@ module Spree
|
|
313
284
|
expect(json_response["checkout_steps"]).to eq(%w[address delivery confirm complete])
|
314
285
|
end
|
315
286
|
|
316
|
-
# Regression test for
|
287
|
+
# Regression test for https://github.com/spree/spree/issues/1992
|
317
288
|
it "can view an order not in a standard state" do
|
318
289
|
allow_any_instance_of(Order).to receive_messages :user => current_api_user
|
319
290
|
order.update_column(:state, 'shipped')
|
@@ -350,7 +321,7 @@ module Spree
|
|
350
321
|
end
|
351
322
|
|
352
323
|
it "cannot cancel an order that doesn't belong to them" do
|
353
|
-
order.update_attribute(:completed_at, Time.
|
324
|
+
order.update_attribute(:completed_at, Time.current)
|
354
325
|
order.update_attribute(:shipment_state, "ready")
|
355
326
|
api_put :cancel, :id => order.to_param
|
356
327
|
assert_unauthorized!
|
@@ -379,15 +350,18 @@ module Spree
|
|
379
350
|
expect(json_response['email']).to eq "guest@spreecommerce.com"
|
380
351
|
end
|
381
352
|
|
382
|
-
# Regression test for
|
353
|
+
# Regression test for https://github.com/spree/spree/issues/3404
|
383
354
|
it "can specify additional parameters for a line item" do
|
384
|
-
|
355
|
+
expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
|
356
|
+
allow(order).to receive(:associate_user!)
|
357
|
+
allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
|
358
|
+
expect(line_item).to receive(:update_attributes!).with("special" => true)
|
385
359
|
|
386
360
|
allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
|
387
361
|
api_post :create, :order => {
|
388
362
|
:line_items => {
|
389
363
|
"0" => {
|
390
|
-
variant_id
|
364
|
+
:variant_id => variant.to_param, :quantity => 5, :special => true
|
391
365
|
}
|
392
366
|
}
|
393
367
|
}
|
@@ -418,7 +392,7 @@ module Spree
|
|
418
392
|
end
|
419
393
|
|
420
394
|
it "can create an order without any parameters" do
|
421
|
-
|
395
|
+
api_post :create
|
422
396
|
expect(response.status).to eq(201)
|
423
397
|
expect(json_response["state"]).to eq("cart")
|
424
398
|
end
|
@@ -628,7 +602,7 @@ module Spree
|
|
628
602
|
expect(json_response["shipments"]).not_to be_empty
|
629
603
|
shipment = json_response["shipments"][0]
|
630
604
|
# Test for correct shipping method attributes
|
631
|
-
# Regression test for
|
605
|
+
# Regression test for https://github.com/spree/spree/issues/3206
|
632
606
|
expect(shipment["shipping_methods"]).not_to be_nil
|
633
607
|
json_shipping_method = shipment["shipping_methods"][0]
|
634
608
|
expect(json_shipping_method["id"]).to eq(shipping_method.id)
|
@@ -638,7 +612,7 @@ module Spree
|
|
638
612
|
expect(json_shipping_method["shipping_categories"]).not_to be_empty
|
639
613
|
|
640
614
|
# Test for correct shipping rates attributes
|
641
|
-
# Regression test for
|
615
|
+
# Regression test for https://github.com/spree/spree/issues/3206
|
642
616
|
expect(shipment["shipping_rates"]).not_to be_nil
|
643
617
|
shipping_rate = shipment["shipping_rates"][0]
|
644
618
|
expect(shipping_rate["name"]).to eq(json_shipping_method["name"])
|
@@ -709,7 +683,7 @@ module Spree
|
|
709
683
|
expect(json_response["pages"]).to eq(1)
|
710
684
|
end
|
711
685
|
|
712
|
-
# Test for
|
686
|
+
# Test for https://github.com/spree/spree/issues/1763
|
713
687
|
it "can control the page size through a parameter" do
|
714
688
|
api_get :index, :per_page => 1
|
715
689
|
expect(json_response["orders"].count).to eq(1)
|
@@ -741,7 +715,7 @@ module Spree
|
|
741
715
|
|
742
716
|
context "creation" do
|
743
717
|
it "can create an order without any parameters" do
|
744
|
-
|
718
|
+
api_post :create
|
745
719
|
expect(response.status).to eq(201)
|
746
720
|
order = Order.last
|
747
721
|
expect(json_response["state"]).to eq("cart")
|
@@ -780,7 +754,7 @@ module Spree
|
|
780
754
|
before do
|
781
755
|
Spree::Config[:mails_from] = "spree@example.com"
|
782
756
|
|
783
|
-
order.completed_at = Time.
|
757
|
+
order.completed_at = Time.current
|
784
758
|
order.state = 'complete'
|
785
759
|
order.shipment_state = 'ready'
|
786
760
|
order.save!
|
@@ -43,17 +43,6 @@ module Spree
|
|
43
43
|
expect(response.status).to eq(201)
|
44
44
|
expect(json_response).to have_attributes(attributes)
|
45
45
|
end
|
46
|
-
|
47
|
-
context "disallowed payment method" do
|
48
|
-
it "does not create a new payment" do
|
49
|
-
PaymentMethod.first.update!(display_on: "back_end")
|
50
|
-
|
51
|
-
expect {
|
52
|
-
api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
|
53
|
-
}.not_to change { Spree::Payment.count }
|
54
|
-
expect(response.status).to eq(404)
|
55
|
-
end
|
56
|
-
end
|
57
46
|
end
|
58
47
|
|
59
48
|
context "payment source is required" do
|
@@ -6,7 +6,7 @@ module Spree
|
|
6
6
|
render_views
|
7
7
|
|
8
8
|
let!(:product) { create(:product) }
|
9
|
-
let!(:inactive_product) { create(:product, available_on: Time.
|
9
|
+
let!(:inactive_product) { create(:product, available_on: Time.current.tomorrow, name: "inactive") }
|
10
10
|
let(:base_attributes) { Api::ApiHelpers.product_attributes }
|
11
11
|
let(:show_attributes) { base_attributes.dup.push(:has_variants) }
|
12
12
|
let(:new_attributes) { base_attributes }
|
@@ -222,7 +222,7 @@ module Spree
|
|
222
222
|
expect(json_response["pages"]).to eq(1)
|
223
223
|
end
|
224
224
|
|
225
|
-
# Regression test for
|
225
|
+
# Regression test for https://github.com/spree/spree/issues/1626
|
226
226
|
context "deleted products" do
|
227
227
|
before do
|
228
228
|
create(:product, :deleted_at => 1.day.ago)
|
@@ -305,14 +305,14 @@ module Spree
|
|
305
305
|
expect(json_response["taxon_ids"]).to eq([taxon_1.id,])
|
306
306
|
end
|
307
307
|
|
308
|
-
# Regression test for
|
308
|
+
# Regression test for https://github.com/spree/spree/issues/4123
|
309
309
|
it "puts the created product in the given taxons" do
|
310
310
|
product_data[:taxon_ids] = [taxon_1.id, taxon_2.id].join(',')
|
311
311
|
api_post :create, :product => product_data
|
312
312
|
expect(json_response["taxon_ids"]).to eq([taxon_1.id, taxon_2.id])
|
313
313
|
end
|
314
314
|
|
315
|
-
# Regression test for
|
315
|
+
# Regression test for https://github.com/spree/spree/issues/2140
|
316
316
|
context "with authentication_required set to false" do
|
317
317
|
before do
|
318
318
|
Spree::Api::Config.requires_authentication = false
|
@@ -334,8 +334,7 @@ module Spree
|
|
334
334
|
expect(response.status).to eq(422)
|
335
335
|
expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
|
336
336
|
errors = json_response["errors"]
|
337
|
-
errors.
|
338
|
-
expect(errors.keys).to match_array(["name", "price", "shipping_category_id"])
|
337
|
+
expect(errors.keys).to include("name", "price", "shipping_category_id")
|
339
338
|
end
|
340
339
|
end
|
341
340
|
|
@@ -392,13 +391,13 @@ module Spree
|
|
392
391
|
expect(json_response["errors"]["name"]).to eq(["can't be blank"])
|
393
392
|
end
|
394
393
|
|
395
|
-
# Regression test for
|
394
|
+
# Regression test for https://github.com/spree/spree/issues/4123
|
396
395
|
it "puts the created product in the given taxon" do
|
397
396
|
api_put :update, :id => product.to_param, :product => {:taxon_ids => taxon_1.id.to_s}
|
398
397
|
expect(json_response["taxon_ids"]).to eq([taxon_1.id])
|
399
398
|
end
|
400
399
|
|
401
|
-
# Regression test for
|
400
|
+
# Regression test for https://github.com/spree/spree/issues/4123
|
402
401
|
it "puts the created product in the given taxons" do
|
403
402
|
api_put :update, :id => product.to_param, :product => {:taxon_ids => [taxon_1.id, taxon_2.id].join(',')}
|
404
403
|
expect(json_response["taxon_ids"]).to match_array([taxon_1.id, taxon_2.id])
|
@@ -14,12 +14,27 @@ describe Spree::Api::ShipmentsController, :type => :controller do
|
|
14
14
|
context "as a non-admin" do
|
15
15
|
it "cannot make a shipment ready" do
|
16
16
|
api_put :ready
|
17
|
-
|
17
|
+
assert_unauthorized!
|
18
18
|
end
|
19
19
|
|
20
20
|
it "cannot make a shipment shipped" do
|
21
21
|
api_put :ship
|
22
|
-
|
22
|
+
assert_unauthorized!
|
23
|
+
end
|
24
|
+
|
25
|
+
it "cannot remove order contents from shipment" do
|
26
|
+
api_put :remove
|
27
|
+
assert_unauthorized!
|
28
|
+
end
|
29
|
+
|
30
|
+
it "cannot add contents to the shipment" do
|
31
|
+
api_put :add
|
32
|
+
assert_unauthorized!
|
33
|
+
end
|
34
|
+
|
35
|
+
it "cannot update the shipment" do
|
36
|
+
api_put :update
|
37
|
+
assert_unauthorized!
|
23
38
|
end
|
24
39
|
end
|
25
40
|
|
@@ -220,7 +235,7 @@ describe Spree::Api::ShipmentsController, :type => :controller do
|
|
220
235
|
subject
|
221
236
|
shipment.reload
|
222
237
|
expect(shipment.state).to eq 'shipped'
|
223
|
-
expect(shipment.shipped_at.to_i).to eq Time.
|
238
|
+
expect(shipment.shipped_at.to_i).to eq Time.current.to_i
|
224
239
|
end
|
225
240
|
end
|
226
241
|
|
@@ -279,9 +294,9 @@ describe Spree::Api::ShipmentsController, :type => :controller do
|
|
279
294
|
}.not_to change(shipment, :shipped_at)
|
280
295
|
end
|
281
296
|
|
282
|
-
it "responds with a
|
297
|
+
it "responds with a 401" do
|
283
298
|
subject
|
284
|
-
expect(response).to
|
299
|
+
expect(response).to be_unauthorized
|
285
300
|
end
|
286
301
|
end
|
287
302
|
end
|
@@ -27,7 +27,7 @@ module Spree
|
|
27
27
|
expect(children.first['taxons'].count).to eq 1
|
28
28
|
end
|
29
29
|
|
30
|
-
# Regression test for
|
30
|
+
# Regression test for https://github.com/spree/spree/issues/4112
|
31
31
|
it "does not include children when asked not to" do
|
32
32
|
api_get :index, :taxonomy_id => taxonomy.id, :without_children => 1
|
33
33
|
|
@@ -72,10 +72,10 @@ module Spree
|
|
72
72
|
|
73
73
|
end
|
74
74
|
|
75
|
-
# Regression test for
|
75
|
+
# Regression test for https://github.com/spree/spree/issues/2141
|
76
76
|
context "a deleted variant" do
|
77
77
|
before do
|
78
|
-
variant.update_column(:deleted_at, Time.
|
78
|
+
variant.update_column(:deleted_at, Time.current)
|
79
79
|
end
|
80
80
|
|
81
81
|
it "is not returned in the results" do
|
@@ -223,10 +223,10 @@ module Spree
|
|
223
223
|
sign_in_as_admin!
|
224
224
|
let(:resource_scoping) { { :product_id => variant.product.to_param } }
|
225
225
|
|
226
|
-
# Test for
|
226
|
+
# Test for https://github.com/spree/spree/issues/2141
|
227
227
|
context "deleted variants" do
|
228
228
|
before do
|
229
|
-
variant.update_column(:deleted_at, Time.
|
229
|
+
variant.update_column(:deleted_at, Time.current)
|
230
230
|
end
|
231
231
|
|
232
232
|
it "are visible by admin" do
|
@@ -26,29 +26,75 @@ module Spree
|
|
26
26
|
expect { user.clear_spree_api_key }.to change(user, :spree_api_key).to be_blank
|
27
27
|
end
|
28
28
|
|
29
|
-
context "
|
30
|
-
|
31
|
-
|
32
|
-
|
29
|
+
context "auto-api-key grant" do
|
30
|
+
context "after role user create" do
|
31
|
+
let(:user) { create(:user) }
|
32
|
+
before { expect(user.spree_roles).to be_blank }
|
33
|
+
subject { user.spree_roles << role }
|
33
34
|
|
34
|
-
|
35
|
-
|
35
|
+
context "roles_for_auto_api_key default" do
|
36
|
+
let(:role) { create(:role, name: "admin") }
|
37
|
+
|
38
|
+
context "the user has no api key" do
|
39
|
+
before { user.clear_spree_api_key! }
|
40
|
+
it { expect { subject }.to change { user.reload.spree_api_key }.from(nil) }
|
41
|
+
end
|
42
|
+
|
43
|
+
context "the user already has an api key" do
|
44
|
+
before { user.generate_spree_api_key! }
|
45
|
+
it { expect { subject }.not_to change { user.reload.spree_api_key } }
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
context "roles_for_auto_api_key is defined" do
|
50
|
+
let (:role) { create(:role, name: 'hobbit') }
|
51
|
+
let(:undesired_role) { create(:role, name: "foo") }
|
52
|
+
|
53
|
+
before {
|
54
|
+
user.clear_spree_api_key!
|
55
|
+
Spree::Config.roles_for_auto_api_key = ['hobbit']
|
56
|
+
}
|
36
57
|
|
37
|
-
context "the user has no api key" do
|
38
|
-
before { user.clear_spree_api_key! }
|
39
58
|
it { expect { subject }.to change { user.reload.spree_api_key }.from(nil) }
|
59
|
+
it { expect { user.spree_roles << undesired_role }.not_to change { user.reload.spree_api_key } }
|
40
60
|
end
|
41
61
|
|
42
|
-
context "
|
43
|
-
|
44
|
-
|
62
|
+
context "for all roles" do
|
63
|
+
let (:role) { create(:role, name: 'hobbit') }
|
64
|
+
let (:other_role) { create(:role, name: 'wizard') }
|
65
|
+
let (:other_user) { create(:user) }
|
66
|
+
|
67
|
+
before {
|
68
|
+
user.clear_spree_api_key!
|
69
|
+
other_user.clear_spree_api_key!
|
70
|
+
Spree::Config.generate_api_key_for_all_roles = true
|
71
|
+
}
|
72
|
+
|
73
|
+
it { expect { subject }.to change { user.reload.spree_api_key }.from(nil) }
|
74
|
+
it { expect { other_user.spree_roles << other_role }.to change { other_user.reload.spree_api_key }.from(nil) }
|
45
75
|
end
|
46
76
|
end
|
47
77
|
|
48
|
-
context "
|
49
|
-
let(:
|
50
|
-
|
51
|
-
|
78
|
+
context "after user create" do
|
79
|
+
let(:user) { LegacyUser.new }
|
80
|
+
|
81
|
+
context "generate_api_key_for_all_roles" do
|
82
|
+
it "does not grant api key default" do
|
83
|
+
expect(user.spree_api_key).to eq(nil)
|
84
|
+
|
85
|
+
user.save!
|
86
|
+
expect(user.spree_api_key).to eq(nil)
|
87
|
+
end
|
88
|
+
|
89
|
+
it "grants an api key on create when set to true" do
|
90
|
+
Spree::Config.generate_api_key_for_all_roles = true
|
91
|
+
|
92
|
+
expect(user.spree_api_key).to eq(nil)
|
93
|
+
|
94
|
+
user.save!
|
95
|
+
expect(user.spree_api_key).not_to eq(nil)
|
96
|
+
end
|
97
|
+
end
|
52
98
|
end
|
53
99
|
end
|
54
100
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -30,7 +30,6 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
|
|
30
30
|
|
31
31
|
require 'spree/testing_support/factories'
|
32
32
|
require 'spree/testing_support/preferences'
|
33
|
-
require 'spree/testing_support/authorization_helpers'
|
34
33
|
|
35
34
|
require 'spree/api/testing_support/caching'
|
36
35
|
require 'spree/api/testing_support/helpers'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: solidus_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0.beta1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Solidus Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-01-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: solidus_core
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 1.
|
19
|
+
version: 1.2.0.beta1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 1.
|
26
|
+
version: 1.2.0.beta1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rabl
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -279,12 +279,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
279
279
|
version: '0'
|
280
280
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
281
281
|
requirements:
|
282
|
-
- - "
|
282
|
+
- - ">"
|
283
283
|
- !ruby/object:Gem::Version
|
284
|
-
version:
|
284
|
+
version: 1.3.1
|
285
285
|
requirements: []
|
286
286
|
rubyforge_project:
|
287
|
-
rubygems_version: 2.
|
287
|
+
rubygems_version: 2.5.1
|
288
288
|
signing_key:
|
289
289
|
specification_version: 4
|
290
290
|
summary: REST API for the Solidus e-commerce framework.
|