RubyGems - solidus_api - Versions diffs - 1.1.4 → 1.2.0.beta1 - Mend

solidus_api 1.1.4 → 1.2.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of solidus_api might be problematic. Click here for more details.

Files changed (21) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d2c2d5dcacdd54bff2af4a9f0c95267b946ef5ca
-  data.tar.gz: d408a4edde689abcf77a6d0c1997ae15134f7a37
+  metadata.gz: 0541b475d9a7c6163816b932d0e24098d63668c9
+  data.tar.gz: e238a5d6173dc3e22758fad5d9ae7ff72bf27c1d
 SHA512:
-  metadata.gz: 1be4bc3ad33669bd7ded7960bc68b2444230ced8dc3998f53a7344663a8c360a16c710a189ccf2544b05be5ddf96ea72f26fb5dc0edf39f4749164fa6fe2a27a
-  data.tar.gz: 9f0ec8af96cb1f98d4adf442cb5984ca66226b2bb604ab552f7d525a3c055abb6e2e9daf080fdaefd7b6e62d02f81642b41baeee056b847285c874379dbf86cb
+  metadata.gz: e6806e2569df73fea2bdababe36912878beaef9962483c42a59b093f021444556b42aba5b58e10bc2afa11a1bd880b58432cd810dbb9c693f62efabcd246190e
+  data.tar.gz: 448e5fb1b8ddeb83dd49bbd0bc2f8588f1665ae3fcdf89e4f4a3b671f2a3de2e5abc8e01c8e6aa1362e6c5c6323a142763fd2a2a4c9741c9b0f69a5909a13ff9

data/app/controllers/spree/api/base_controller.rb CHANGED Viewed

@@ -151,7 +151,7 @@ module Spree
       end
       def lock_order
-        Spree::OrderMutex.with_lock!(@order) { yield }
+        OrderMutex.with_lock!(@order) { yield }
       rescue Spree::OrderMutex::LockFailed => e
         render text: e.message, status: 409
       end

data/app/controllers/spree/api/checkouts_controller.rb CHANGED Viewed

@@ -56,14 +56,7 @@ module Spree
       def update
         authorize! :update, @order, order_token
-        update_params = if params[:payment_source].present?
-          ActiveSupport::Deprecation.warn("Passing payment_source is deprecated. Send source parameters inside payments_attributes[:source_attributes].", caller)
-          move_payment_source_into_payments_attributes(params)
-        else
-          params
-        end
-        if @order.update_from_params(update_params, permitted_checkout_attributes, request.headers.env)
+        if OrderUpdateAttributes.new(@order, update_params, request_env: request.headers.env).apply
           if can?(:admin, @order) && user_id.present?
             @order.associate_user!(Spree.user_class.find(user_id))
           end
@@ -87,6 +80,33 @@ module Spree
           params[:order][:user_id] if params[:order]
         end
+        def update_params
+          if update_params = massaged_params[:order]
+            update_params.permit(permitted_checkout_attributes)
+          else
+            # We current allow update requests without any parameters in them.
+            {}
+          end
+        end
+        def massaged_params
+          massaged_params = params.deep_dup
+          if params[:payment_source].present?
+            ActiveSupport::Deprecation.warn("Passing payment_source is deprecated. Send source parameters inside payments_attributes[:source_attributes].", caller)
+            move_payment_source_into_payments_attributes(massaged_params)
+          end
+          if params[:order] && params[:order][:existing_card].present?
+            ActiveSupport::Deprecation.warn("Passing order[:existing_card] is deprecated. Send existing_card_id inside of payments_attributes[:source_attributes].", caller)
+            move_existing_card_into_payments_attributes(massaged_params)
+          end
+          set_payment_parameters_amount(massaged_params, @order)
+          massaged_params
+        end
         # Should be overriden if you have areas of your checkout that don't match
         # up to a step within checkout_steps, such as a registration step
         def skip_state_validation?

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -27,24 +27,8 @@ module Spree
       def create
         authorize! :create, Order
-        if can?(:admin, Order)
-          order_user = if order_params[:user_id]
-            Spree.user_class.find(order_params[:user_id])
-          else
-            current_api_user
-          end
-          @order = Spree::Core::Importer::Order.import(order_user, order_params)
-          respond_with(@order, default_template: :show, status: 201)
-        else
-          @order = Spree::Order.create!(user: current_api_user, store: current_store)
-          if @order.contents.update_cart(order_params)
-            respond_with(@order, default_template: :show, status: 201)
-          else
-            invalid_resource!(@order)
-          end
-        end
+        @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
+        respond_with(@order, default_template: :show, status: 201)
       end
       def empty
@@ -125,6 +109,15 @@ module Spree
         params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address].present?
       end
+      # @api public
+      def determine_order_user
+        if order_params[:user_id].present?
+          Spree.user_class.find(order_params[:user_id])
+        else
+          current_api_user
+        end
+      end
       def permitted_order_attributes
         can?(:admin, Spree::Order) ? (super + admin_order_attributes) : super
       end

data/app/controllers/spree/api/payments_controller.rb CHANGED Viewed

@@ -17,8 +17,7 @@ module Spree
       end
       def create
-        @order.validate_payments_attributes(payment_params)
-        @payment = @order.payments.build(payment_params)
+        @payment = PaymentCreate.new(@order, payment_params).build
         if @payment.save
           respond_with(@payment, status: 201, default_template: :show)
         else

data/app/controllers/spree/api/products_controller.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Spree
       def index
         if params[:ids]
           ids = params[:ids].split(",").flatten
-          @products = product_scope.where(:id => ids)
+          @products = product_scope.where(id: ids)
         else
           @products = product_scope.ransack(params[:q]).result
         end
@@ -59,14 +59,14 @@ module Spree
       #
       def create
         authorize! :create, Product
-        params[:product][:available_on] ||= Time.now
+        params[:product][:available_on] ||= Time.current
         set_up_shipping_category
         options = { variants_attrs: variants_params, options_attrs: option_types_params }
         @product = Core::Importer::Product.new(nil, product_params, options).create
         if @product.persisted?
-          respond_with(@product, :status => 201, :default_template => :show)
+          respond_with(@product, status: 201, default_template: :show)
         else
           invalid_resource!(@product)
         end
@@ -80,7 +80,7 @@ module Spree
         @product = Core::Importer::Product.new(@product, product_params, options).update
         if @product.errors.empty?
-          respond_with(@product.reload, :status => 200, :default_template => :show)
+          respond_with(@product.reload, status: 200, default_template: :show)
         else
           invalid_resource!(@product)
         end

data/app/controllers/spree/api/shipments_controller.rb CHANGED Viewed

@@ -116,11 +116,12 @@ module Spree
       def find_shipment
         if @order.present?
-          @shipment = @order.shipments.accessible_by(current_ability, :update).find_by!(number: params[:id])
+          @shipment = @order.shipments.find_by!(number: params[:id])
         else
-          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
+          @shipment = Spree::Shipment.readonly(false).find_by!(number: params[:id])
           @order = @shipment.order
         end
+        authorize! :update, @shipment
       end
       def update_shipment

data/solidus_api.gemspec CHANGED Viewed

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-version = File.read(File.expand_path("../../SOLIDUS_VERSION", __FILE__)).strip
+require_relative '../core/lib/spree/core/version.rb'
 Gem::Specification.new do |gem|
   gem.author        = 'Solidus Team'
@@ -14,9 +14,9 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.name          = "solidus_api"
   gem.require_paths = ["lib"]
-  gem.version       = version
+  gem.version         = Spree.solidus_version
-  gem.add_dependency 'solidus_core', version
+  gem.add_dependency 'solidus_core', gem.version
   gem.add_dependency 'rabl', ['>= 0.9.4.pre1', '< 0.12.0']
   gem.add_dependency 'versioncake', '~> 2.3.1'
 end

data/spec/controllers/spree/api/checkouts_controller_spec.rb CHANGED Viewed

@@ -106,7 +106,7 @@ module Spree
           expect(response.status).to eq(200)
         end
-        # Regression Spec for #5389 & #5880
+        # Regression Spec for https://github.com/spree/spree/issues/5389 and https://github.com/spree/spree/issues/5880
         it "can update addresses but not transition to delivery w/o shipping setup" do
           Spree::ShippingMethod.destroy_all
           api_put :update,
@@ -119,7 +119,7 @@ module Spree
           expect(response.status).to eq(422)
         end
-        # Regression test for #4498
+        # Regression test for https://github.com/spree/spree/issues/4498
         it "does not contain duplicate variant data in delivery return" do
           api_put :update,
             id: order.to_param, order_token: order.guest_token,
@@ -163,19 +163,6 @@ module Spree
         expect(response.status).to eq(200)
       end
-      context "with disallowed payment method" do
-        it "returns not found" do
-          order.update_column(:state, "payment")
-          allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
-          @payment_method.update!(display_on: "back_end")
-          expect {
-            api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
-          }.not_to change { Spree::Payment.count }
-          expect(response.status).to eq(404)
-        end
-      end
       it "returns errors when source is required and missing" do
         order.update_column(:state, "payment")
         api_put :update, :id => order.to_param, :order_token => order.guest_token,
@@ -185,6 +172,29 @@ module Spree
         expect(source_errors).to include("can't be blank")
       end
+      describe 'setting the payment amount' do
+        let(:params) do
+          {
+            id: order.to_param,
+            order_token: order.guest_token,
+            order: {
+              payments_attributes: [
+                {
+                  payment_method_id: @payment_method.id.to_s,
+                  source_attributes: attributes_for(:credit_card),
+                },
+              ],
+            },
+          }
+        end
+        it 'sets the payment amount to the order total' do
+          api_put(:update, params)
+          expect(response.status).to eq(200)
+          expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
+        end
+      end
       describe 'payment method with source and transition from payment to confirm' do
         before do
           order.update_column(:state, "payment")
@@ -299,19 +309,78 @@ module Spree
         end
       end
-      it "allow users to reuse a credit card" do
-        order.update_column(:state, "payment")
-        credit_card = create(:credit_card, user_id: order.user_id, payment_method_id: @payment_method.id)
+      context 'reusing a credit card' do
+        before do
+          order.update_column(:state, "payment")
+        end
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-          order: { existing_card: credit_card.id }
+        let(:params) do
+          {
+            id: order.to_param,
+            order_token: order.guest_token,
+            order: {
+              payments_attributes: [
+                {
+                  source_attributes: {
+                    existing_card_id: credit_card.id.to_s,
+                    verification_value: '456',
+                  }
+                },
+              ],
+            },
+          }
+        end
+        let!(:credit_card) do
+          create(:credit_card, user_id: order.user_id, payment_method_id: @payment_method.id)
+        end
+        it 'succeeds' do
+          # unfortunately the credit card gets reloaded by `@order.next` before
+          # the controller action finishes so this is the best way I could think
+          # of to test that the verification_value gets set.
+          expect_any_instance_of(Spree::CreditCard).to(
+            receive(:verification_value=).with('456').and_call_original
+          )
+          api_put(:update, params)
+          expect(response.status).to eq 200
+          expect(order.credit_cards).to match_array [credit_card]
+        end
-        expect(response.status).to eq 200
-        expect(order.credit_cards).to match_array [credit_card]
+        context 'with deprecated existing_card parameters' do
+          let(:params) do
+            {
+              id: order.to_param,
+              order_token: order.guest_token,
+              order: {
+                existing_card: credit_card.id.to_s,
+              },
+              cvc_confirm: '456',
+            }
+          end
+          it 'succeeds' do
+            # unfortunately the credit card gets reloaded by `@order.next` before
+            # the controller action finishes so this is the best way I could think
+            # of to test that the verification_value gets set.
+            expect_any_instance_of(Spree::CreditCard).to(
+              receive(:verification_value=).with('456').and_call_original
+            )
+            ActiveSupport::Deprecation.silence do
+              api_put(:update, params)
+            end
+            expect(response.status).to eq 200
+            expect(order.credit_cards).to match_array [credit_card]
+          end
+        end
       end
       it "can transition from confirm to complete" do
-        order.update_columns(completed_at: Time.now, state: 'complete')
+        order.update_columns(completed_at: Time.current, state: 'complete')
         allow_any_instance_of(Spree::Order).to receive_messages(payment_required?: false)
         api_put :update, id: order.to_param, order_token: order.guest_token
         expect(json_response['state']).to eq('complete')
@@ -319,13 +388,13 @@ module Spree
       end
       it "returns the order if the order is already complete" do
-        order.update_columns(completed_at: Time.now, state: 'complete')
+        order.update_columns(completed_at: Time.current, state: 'complete')
         api_put :update, id: order.to_param, order_token: order.guest_token
         expect(json_response['number']).to eq(order.number)
         expect(response.status).to eq(200)
       end
-      # Regression test for #3784
+      # Regression test for https://github.com/spree/spree/issues/3784
       it "can update the special instructions for an order" do
         instructions = "Don't drop it. (Please)"
         api_put :update, id: order.to_param, order_token: order.guest_token,

data/spec/controllers/spree/api/classifications_controller_spec.rb CHANGED Viewed

@@ -37,7 +37,7 @@ module Spree
       end
       it "should touch the taxon" do
-        taxon.update_attributes(updated_at: Time.now - 10.seconds)
+        taxon.update_attributes(updated_at: Time.current - 10.seconds)
         taxon_last_updated_at = taxon.updated_at
         api_put :update, taxon_id: taxon, product_id: last_product, position: 0
         taxon.reload

data/spec/controllers/spree/api/orders_controller_spec.rb CHANGED Viewed

@@ -29,62 +29,46 @@ module Spree
     describe "POST create" do
       let(:target_user) { create :user }
-      let(:date_override) { Time.parse('2015-01-01') }
-      let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
+      let(:date_override) { 3.days.ago }
-      subject { api_post :create, order: attributes }
+      before do
+        allow_any_instance_of(Spree::Ability).to receive(:can?).
+          and_return(true)
+        allow_any_instance_of(Spree::Ability).to receive(:can?).
+          with(:admin, Spree::Order).
+          and_return(can_admin)
+        allow(Spree.user_class).to receive(:find).
+          with(target_user.id).
+          and_return(target_user)
+      end
+      subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
       context "when the current user cannot administrate the order" do
-        stub_authorization! do |_|
-          can :create, Spree::Order
-        end
+        let(:can_admin) { false }
         it "does not include unpermitted params, or allow overriding the user", focus: true do
+          expect(Spree::Core::Importer::Order).to receive(:import).
+            once.
+            with(current_api_user, { "email" => target_user.email }).
+            and_call_original
           subject
-          expect(response).to be_success
-          order = Spree::Order.last
-          expect(order.user).to eq current_api_user
-          expect(order.email).to eq target_user.email
         end
         it { is_expected.to be_success }
-        context 'creating payment' do
-          let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
-          context "with allowed payment method" do
-            let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
-            it { is_expected.to be_success }
-            it "creates a payment" do
-              expect {
-                subject
-              }.to change { Spree::Payment.count }.by(1)
-            end
-          end
-          context "with disallowed payment method" do
-            let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
-            it { is_expected.to be_not_found }
-            it "creates no payments" do
-              expect {
-                subject
-              }.not_to change { Spree::Payment.count }
-            end
-          end
-        end
       end
       context "when the current user can administrate the order" do
-        stub_authorization! do |_|
-          can [:admin, :create], Spree::Order
-        end
+        let(:can_admin) { true }
         it "it permits all params and allows overriding the user" do
+          expect(Spree::Core::Importer::Order).to receive(:import).
+            once.
+            with(target_user, { "user_id" => target_user.id, "created_at" => date_override, "email" => target_user.email}).
+            and_call_original
           subject
-          order = Spree::Order.last
-          expect(order.user).to eq target_user
-          expect(order.email).to eq target_user.email
-          expect(order.created_at).to eq date_override
         end
         it { is_expected.to be_success }
@@ -97,65 +81,41 @@ module Spree
       let(:can_admin) { false }
       subject { api_put :update, id: order.to_param, order: order_params }
-      context "when the user cannot administer the order" do
-        stub_authorization! do |_|
-          can [:update], Spree::Order
-        end
-        it "updates the user's email" do
-          expect {
-            subject
-          }.to change { order.reload.email }.to("foo@foobar.com")
-        end
-        it { is_expected.to be_success }
-        it "does not associate users" do
-          expect {
-            subject
-          }.not_to change { order.reload.user }
-        end
+      before do
+        allow_any_instance_of(Spree::Ability).to receive(:can?).
+          and_return(true)
-        it "does not change forbidden attributes" do
-          expect {
-            subject
-          }.to_not change{ order.reload.number }
-        end
+        allow(Spree::Order).to receive(:find_by!).
+          with(number: order.number).
+          and_return(order)
-        context 'creating payment' do
-          let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
+        allow(Spree.user_class).to receive(:find).
+          with(user.id).
+          and_return(user)
-          context "with allowed payment method" do
-            let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
-            it { is_expected.to be_success }
-            it "creates a payment" do
-              expect {
-                subject
-              }.to change { Spree::Payment.count }.by(1)
-            end
-          end
+        allow_any_instance_of(Spree::Ability).to receive(:can?).
+          with(:admin, Spree::Order).
+          and_return(can_admin)
+      end
-          context "with disallowed payment method" do
-            let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
-            it { is_expected.to be_not_found }
-            it "creates no payments" do
-              expect {
-                subject
-              }.not_to change { Spree::Payment.count }
-            end
-          end
-        end
+      it "updates the cart contents" do
+        expect(order.contents).to receive(:update_cart).
+          once.
+          with({"email" => "foo@foobar.com"})
+        subject
       end
+      it { is_expected.to be_success }
       context "when the user can administer the order" do
-        stub_authorization! do |_|
-          can [:admin, :update], Spree::Order
-        end
+        let(:can_admin) { true }
         it "will associate users" do
-          expect {
-            subject
-          }.to change { order.reload.user }.to(user)
+          expect(order).to receive(:associate_user!).
+            once.
+            with(user)
+          subject
         end
         it "updates the otherwise forbidden attributes" do
@@ -163,6 +123,17 @@ module Spree
             to("anothernumber")
         end
       end
+      context "when the user cannot administer the order" do
+        it "does not associate users" do
+          expect(order).to_not receive(:associate_user!)
+          subject
+        end
+        it "does not change forbidden attributes" do
+          expect{subject}.to_not change{order.reload.number}
+        end
+      end
     end
     it "cannot view all orders" do
@@ -214,9 +185,9 @@ module Spree
       end
       it "returns orders in reverse chronological order by completed_at" do
-        order.update_columns completed_at: Time.now
+        order.update_columns completed_at: Time.current
-        order2 = Order.create user: order.user, completed_at: Time.now - 1.day, store: store
+        order2 = Order.create user: order.user, completed_at: Time.current - 1.day, store: store
         expect(order2.created_at).to be > order.created_at
         order3 = Order.create user: order.user, completed_at: nil, store: store
         expect(order3.created_at).to be > order2.created_at
@@ -313,7 +284,7 @@ module Spree
       expect(json_response["checkout_steps"]).to eq(%w[address delivery confirm complete])
     end
-    # Regression test for #1992
+    # Regression test for https://github.com/spree/spree/issues/1992
     it "can view an order not in a standard state" do
       allow_any_instance_of(Order).to receive_messages :user => current_api_user
       order.update_column(:state, 'shipped')
@@ -350,7 +321,7 @@ module Spree
     end
     it "cannot cancel an order that doesn't belong to them" do
-      order.update_attribute(:completed_at, Time.now)
+      order.update_attribute(:completed_at, Time.current)
       order.update_attribute(:shipment_state, "ready")
       api_put :cancel, :id => order.to_param
       assert_unauthorized!
@@ -379,15 +350,18 @@ module Spree
       expect(json_response['email']).to eq "guest@spreecommerce.com"
     end
-    # Regression test for #3404
+    # Regression test for https://github.com/spree/spree/issues/3404
     it "can specify additional parameters for a line item" do
-      expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
+      expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
+      allow(order).to receive(:associate_user!)
+      allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
+      expect(line_item).to receive(:update_attributes!).with("special" => true)
       allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
       api_post :create, :order => {
         :line_items => {
           "0" => {
-            variant_id: variant.to_param, quantity: 5, special: "foo"
+            :variant_id => variant.to_param, :quantity => 5, :special => true
           }
         }
       }
@@ -418,7 +392,7 @@ module Spree
     end
     it "can create an order without any parameters" do
-      expect { api_post :create }.not_to raise_error
+      api_post :create
       expect(response.status).to eq(201)
       expect(json_response["state"]).to eq("cart")
     end
@@ -628,7 +602,7 @@ module Spree
             expect(json_response["shipments"]).not_to be_empty
             shipment = json_response["shipments"][0]
             # Test for correct shipping method attributes
-            # Regression test for #3206
+            # Regression test for https://github.com/spree/spree/issues/3206
             expect(shipment["shipping_methods"]).not_to be_nil
             json_shipping_method = shipment["shipping_methods"][0]
             expect(json_shipping_method["id"]).to eq(shipping_method.id)
@@ -638,7 +612,7 @@ module Spree
             expect(json_shipping_method["shipping_categories"]).not_to be_empty
             # Test for correct shipping rates attributes
-            # Regression test for #3206
+            # Regression test for https://github.com/spree/spree/issues/3206
             expect(shipment["shipping_rates"]).not_to be_nil
             shipping_rate = shipment["shipping_rates"][0]
             expect(shipping_rate["name"]).to eq(json_shipping_method["name"])
@@ -709,7 +683,7 @@ module Spree
           expect(json_response["pages"]).to eq(1)
         end
-        # Test for #1763
+        # Test for https://github.com/spree/spree/issues/1763
         it "can control the page size through a parameter" do
           api_get :index, :per_page => 1
           expect(json_response["orders"].count).to eq(1)
@@ -741,7 +715,7 @@ module Spree
       context "creation" do
         it "can create an order without any parameters" do
-          expect { api_post :create }.not_to raise_error
+          api_post :create
           expect(response.status).to eq(201)
           order = Order.last
           expect(json_response["state"]).to eq("cart")
@@ -780,7 +754,7 @@ module Spree
         before do
           Spree::Config[:mails_from] = "spree@example.com"
-          order.completed_at = Time.now
+          order.completed_at = Time.current
           order.state = 'complete'
           order.shipment_state = 'ready'
           order.save!

data/spec/controllers/spree/api/payments_controller_spec.rb CHANGED Viewed

@@ -43,17 +43,6 @@ module Spree
             expect(response.status).to eq(201)
             expect(json_response).to have_attributes(attributes)
           end
-          context "disallowed payment method" do
-            it "does not create a new payment" do
-              PaymentMethod.first.update!(display_on: "back_end")
-              expect {
-                api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
-              }.not_to change { Spree::Payment.count }
-              expect(response.status).to eq(404)
-            end
-          end
         end
         context "payment source is required" do

data/spec/controllers/spree/api/products_controller_spec.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Spree
     render_views
     let!(:product) { create(:product) }
-    let!(:inactive_product) { create(:product, available_on: Time.now.tomorrow, name: "inactive") }
+    let!(:inactive_product) { create(:product, available_on: Time.current.tomorrow, name: "inactive") }
     let(:base_attributes) { Api::ApiHelpers.product_attributes }
     let(:show_attributes) { base_attributes.dup.push(:has_variants) }
     let(:new_attributes) { base_attributes }
@@ -222,7 +222,7 @@ module Spree
         expect(json_response["pages"]).to eq(1)
       end
-      # Regression test for #1626
+      # Regression test for https://github.com/spree/spree/issues/1626
       context "deleted products" do
         before do
           create(:product, :deleted_at => 1.day.ago)
@@ -305,14 +305,14 @@ module Spree
           expect(json_response["taxon_ids"]).to eq([taxon_1.id,])
         end
-        # Regression test for #4123
+        # Regression test for https://github.com/spree/spree/issues/4123
         it "puts the created product in the given taxons" do
           product_data[:taxon_ids] = [taxon_1.id, taxon_2.id].join(',')
           api_post :create, :product => product_data
           expect(json_response["taxon_ids"]).to eq([taxon_1.id, taxon_2.id])
         end
-        # Regression test for #2140
+        # Regression test for https://github.com/spree/spree/issues/2140
         context "with authentication_required set to false" do
           before do
             Spree::Api::Config.requires_authentication = false
@@ -334,8 +334,7 @@ module Spree
           expect(response.status).to eq(422)
           expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
           errors = json_response["errors"]
-          errors.delete("slug") # Don't care about this one.
-          expect(errors.keys).to match_array(["name", "price", "shipping_category_id"])
+          expect(errors.keys).to include("name", "price", "shipping_category_id")
         end
       end
@@ -392,13 +391,13 @@ module Spree
           expect(json_response["errors"]["name"]).to eq(["can't be blank"])
         end
-        # Regression test for #4123
+        # Regression test for https://github.com/spree/spree/issues/4123
         it "puts the created product in the given taxon" do
           api_put :update, :id => product.to_param, :product => {:taxon_ids => taxon_1.id.to_s}
           expect(json_response["taxon_ids"]).to eq([taxon_1.id])
         end
-        # Regression test for #4123
+        # Regression test for https://github.com/spree/spree/issues/4123
         it "puts the created product in the given taxons" do
           api_put :update, :id => product.to_param, :product => {:taxon_ids => [taxon_1.id, taxon_2.id].join(',')}
           expect(json_response["taxon_ids"]).to match_array([taxon_1.id, taxon_2.id])

data/spec/controllers/spree/api/shipments_controller_spec.rb CHANGED Viewed

@@ -14,12 +14,27 @@ describe Spree::Api::ShipmentsController, :type => :controller do
   context "as a non-admin" do
     it "cannot make a shipment ready" do
       api_put :ready
-      assert_not_found!
+      assert_unauthorized!
     end
     it "cannot make a shipment shipped" do
       api_put :ship
-      assert_not_found!
+      assert_unauthorized!
+    end
+    it "cannot remove order contents from shipment" do
+      api_put :remove
+      assert_unauthorized!
+    end
+    it "cannot add contents to the shipment" do
+      api_put :add
+      assert_unauthorized!
+    end
+    it "cannot update the shipment" do
+      api_put :update
+      assert_unauthorized!
     end
   end
@@ -220,7 +235,7 @@ describe Spree::Api::ShipmentsController, :type => :controller do
           subject
           shipment.reload
           expect(shipment.state).to eq 'shipped'
-          expect(shipment.shipped_at.to_i).to eq Time.now.to_i
+          expect(shipment.shipped_at.to_i).to eq Time.current.to_i
         end
       end
@@ -279,9 +294,9 @@ describe Spree::Api::ShipmentsController, :type => :controller do
         }.not_to change(shipment, :shipped_at)
       end
-      it "responds with a 404" do
+      it "responds with a 401" do
         subject
-        expect(response).to be_not_found
+        expect(response).to be_unauthorized
       end
     end
   end

data/spec/controllers/spree/api/stock_transfers_controller_spec.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module Spree
           before do
             stock_transfer.finalize(user)
-            stock_transfer.ship(shipped_at: Time.now)
+            stock_transfer.ship(shipped_at: Time.current)
             stock_transfer.source_location.stock_item(transfer_item.variant_id).set_count_on_hand(0)
           end

data/spec/controllers/spree/api/taxons_controller_spec.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Spree
         expect(children.first['taxons'].count).to eq 1
       end
-      # Regression test for #4112
+      # Regression test for https://github.com/spree/spree/issues/4112
       it "does not include children when asked not to" do
         api_get :index, :taxonomy_id => taxonomy.id, :without_children => 1

data/spec/controllers/spree/api/transfer_items_controller_spec.rb CHANGED Viewed

@@ -134,7 +134,7 @@ module Spree
         context "has been finalized" do
           before do
-            stock_transfer.update_attributes(finalized_at: Time.now)
+            stock_transfer.update_attributes(finalized_at: Time.current)
           end
           it "returns an error status code" do

data/spec/controllers/spree/api/variants_controller_spec.rb CHANGED Viewed

@@ -72,10 +72,10 @@ module Spree
       end
-      # Regression test for #2141
+      # Regression test for https://github.com/spree/spree/issues/2141
       context "a deleted variant" do
         before do
-          variant.update_column(:deleted_at, Time.now)
+          variant.update_column(:deleted_at, Time.current)
         end
         it "is not returned in the results" do
@@ -223,10 +223,10 @@ module Spree
       sign_in_as_admin!
       let(:resource_scoping) { { :product_id => variant.product.to_param } }
-      # Test for #2141
+      # Test for https://github.com/spree/spree/issues/2141
       context "deleted variants" do
         before do
-          variant.update_column(:deleted_at, Time.now)
+          variant.update_column(:deleted_at, Time.current)
         end
         it "are visible by admin" do

data/spec/models/spree/legacy_user_spec.rb CHANGED Viewed

@@ -26,29 +26,75 @@ module Spree
       expect { user.clear_spree_api_key }.to change(user, :spree_api_key).to be_blank
     end
-    context "admin role auto-api-key grant" do # so the admin user can do admin api actions
-      let(:user) { create(:user) }
-      before { expect(user.spree_roles).to be_blank }
-      subject { user.spree_roles << role }
+    context "auto-api-key grant" do
+      context "after role user create" do
+        let(:user) { create(:user) }
+        before { expect(user.spree_roles).to be_blank }
+        subject { user.spree_roles << role }
-      context "admin role" do
-        let(:role) { create(:role, name: "admin") }
+        context "roles_for_auto_api_key default" do
+          let(:role) { create(:role, name: "admin") }
+          context "the user has no api key" do
+            before { user.clear_spree_api_key! }
+            it { expect { subject }.to change { user.reload.spree_api_key }.from(nil) }
+          end
+          context "the user already has an api key" do
+            before { user.generate_spree_api_key! }
+            it { expect { subject }.not_to change { user.reload.spree_api_key } }
+          end
+        end
+        context "roles_for_auto_api_key is defined" do
+          let (:role) { create(:role, name: 'hobbit') }
+          let(:undesired_role) { create(:role, name: "foo") }
+          before {
+            user.clear_spree_api_key!
+            Spree::Config.roles_for_auto_api_key = ['hobbit']
+          }
-        context "the user has no api key" do
-          before { user.clear_spree_api_key! }
           it { expect { subject }.to change { user.reload.spree_api_key }.from(nil) }
+          it { expect { user.spree_roles << undesired_role }.not_to change { user.reload.spree_api_key } }
         end
-        context "the user already has an api key" do
-          before { user.generate_spree_api_key! }
-          it { expect { subject }.not_to change { user.reload.spree_api_key } }
+        context "for all roles" do
+          let (:role) { create(:role, name: 'hobbit') }
+          let (:other_role) { create(:role, name: 'wizard') }
+          let (:other_user) { create(:user) }
+          before {
+            user.clear_spree_api_key!
+            other_user.clear_spree_api_key!
+            Spree::Config.generate_api_key_for_all_roles = true
+          }
+          it { expect { subject }.to change { user.reload.spree_api_key }.from(nil) }
+          it { expect { other_user.spree_roles << other_role }.to change { other_user.reload.spree_api_key }.from(nil) }
         end
       end
-      context "non-admin role" do
-        let(:role) { create(:role, name: "foo") }
-        before { user.clear_spree_api_key! }
-        it { expect { subject }.not_to change { user.reload.spree_api_key } }
+      context "after user create" do
+        let(:user) { LegacyUser.new }
+        context "generate_api_key_for_all_roles" do
+          it "does not grant api key default" do
+            expect(user.spree_api_key).to eq(nil)
+            user.save!
+            expect(user.spree_api_key).to eq(nil)
+          end
+          it "grants an api key on create when set to true" do
+            Spree::Config.generate_api_key_for_all_roles = true
+            expect(user.spree_api_key).to eq(nil)
+            user.save!
+            expect(user.spree_api_key).not_to eq(nil)
+          end
+        end
       end
     end
   end

data/spec/spec_helper.rb CHANGED Viewed

@@ -30,7 +30,6 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
 require 'spree/testing_support/factories'
 require 'spree/testing_support/preferences'
-require 'spree/testing_support/authorization_helpers'
 require 'spree/api/testing_support/caching'
 require 'spree/api/testing_support/helpers'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_api
 version: !ruby/object:Gem::Version
-  version: 1.1.4
+  version: 1.2.0.beta1
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-12-12 00:00:00.000000000 Z
+date: 2016-01-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.1.4
+        version: 1.2.0.beta1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.1.4
+        version: 1.2.0.beta1
 - !ruby/object:Gem::Dependency
   name: rabl
   requirement: !ruby/object:Gem::Requirement
@@ -279,12 +279,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.11
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: REST API for the Solidus e-commerce framework.