RubyGems - solidus_backend - Versions diffs - 1.0.2 → 1.0.3 - Mend

solidus_backend 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (91) hide show

data/spec/controllers/spree/admin/missing_products_controller_spec.rb ADDED

@@ -0,0 +1,18 @@
+require 'spec_helper'
+# This test exists in this file because in the standard admin/products_controller spec
+# There is the stub_authorization call. This call is not triggered for this test because
+# the load_resource filter in Spree::Admin::ResourceController is prepended to the filter chain
+# this means this call is triggered before the authorize_admin call and in this case
+# the load_resource filter halts the request meaning authorize_admin is not called at all.
+describe Spree::Admin::ProductsController, :type => :controller do
+  stub_authorization!
+  # Regression test for GH #538
+  it "cannot find a non-existent product" do
+    spree_get :edit, :id => "non-existent-product"
+    expect(response).to redirect_to(spree.admin_products_path)
+    expect(flash[:error]).to eql("Product is not found")
+  end
+end

data/spec/controllers/spree/admin/orders/customer_details_controller_spec.rb ADDED

@@ -0,0 +1,80 @@
+require "spec_helper"
+require "cancan"
+require "spree/testing_support/bar_ability"
+describe Spree::Admin::Orders::CustomerDetailsController, type: :controller do
+  context "with authorization" do
+    stub_authorization!
+    let(:order) { create(:order, number: "R123456789") }
+    before { allow(Spree::Order).to receive(:find_by_number!) { order } }
+    context "#update" do
+      it "updates + progresses the order" do
+        expect(order).to receive(:update_attributes) { true }
+        expect(order).to receive(:next) { false }
+        attributes = { order_id: order.number, order: { email: "" } }
+        spree_put :update, attributes
+      end
+      it "does refresh the shipment rates with all shipping methods" do
+        expect(order).to receive(:refresh_shipment_rates)
+        attributes = { order_id: order.number, order: { email: "" } }
+        spree_put :update, attributes
+      end
+      # Regression spec
+      context 'completed order' do
+        let(:order) { create(:shipped_order) }
+        let(:attributes) do
+          {
+            order_id: order.number,
+            guest_checkout: 'false',
+            user_id: order.user_id,
+            order: { email: "foo@bar.com" }
+          }
+        end
+        it 'allows the updating of an email address' do
+          expect { spree_put :update, attributes }.to change { order.reload.email }.to eq 'foo@bar.com'
+          expect(response).to be_redirect
+        end
+      end
+      context "false guest checkout param" do
+        let!(:assigned_user){ create :user }
+        it "attempts to associate the user" do
+          attributes = {
+            order_id: order.number,
+            user_id: assigned_user.id,
+            guest_checkout: 'false',
+            order: { email: "" }
+          }
+          expect {
+            spree_put :update, attributes
+          }.to change{ order.reload.user }.to(assigned_user)
+        end
+      end
+      context "not false guest checkout param" do
+        it "does not attempt to associate the user" do
+          allow(order).to receive_messages(update_attributes: true,
+                                           next: false,
+                                           refresh_shipment_rates: true)
+          attributes = {
+            order_id: order.number,
+            order: { email: "foo@example.com" }
+          }
+          expect {
+            spree_put :update, attributes
+          }.not_to change{ order.reload.user }
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/admin/orders_controller_spec.rb ADDED

@@ -0,0 +1,472 @@
+require 'spec_helper'
+require 'cancan'
+require 'spree/testing_support/bar_ability'
+describe Spree::Admin::OrdersController, :type => :controller do
+  context "with authorization" do
+    stub_authorization!
+    before do
+      request.env["HTTP_REFERER"] = "http://localhost:3000"
+      # ensure no respond_overrides are in effect
+      if Spree::BaseController.spree_responders[:OrdersController].present?
+        Spree::BaseController.spree_responders[:OrdersController].clear
+      end
+    end
+    let(:order) do
+      mock_model(
+        Spree::Order,
+        completed?:      true,
+        total:           100,
+        number:          'R123456789',
+        all_adjustments: adjustments,
+        ship_address: mock_model(Spree::Address),
+      )
+    end
+    let(:adjustments) { double('adjustments') }
+    before do
+      allow(Spree::Order).to receive_messages(find_by_number!: order)
+      allow(order).to receive_messages(contents: Spree::OrderContents.new(order))
+    end
+    context "#approve" do
+      it "approves an order" do
+        expect(order.contents).to receive(:approve).with(user: controller.try_spree_current_user)
+        spree_put :approve, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_approved)
+      end
+    end
+    context "#cancel" do
+      it "cancels an order" do
+        expect(order).to receive(:canceled_by).with(controller.try_spree_current_user)
+        spree_put :cancel, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_canceled)
+      end
+    end
+    context "#resume" do
+      it "resumes an order" do
+        expect(order).to receive(:resume!)
+        spree_put :resume, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_resumed)
+      end
+    end
+    context "pagination" do
+      it "can page through the orders" do
+        spree_get :index, :page => 2, :per_page => 10
+        expect(assigns[:orders].offset_value).to eq(10)
+        expect(assigns[:orders].limit_value).to eq(10)
+      end
+    end
+    # Test for #3346
+    context "#new" do
+      let(:user) { create(:user) }
+      before do
+        allow(controller).to receive_messages :spree_current_user => user
+      end
+      it "imports a new order and sets the current user as a creator" do
+        expect(Spree::Core::Importer::Order).to receive(:import)
+          .with(nil, hash_including(created_by_id: controller.try_spree_current_user.id))
+          .and_return(order)
+        spree_get :new
+      end
+      it "sets frontend_viewable to false" do
+        expect(Spree::Core::Importer::Order).to receive(:import)
+          .with(nil, hash_including(frontend_viewable: false ))
+          .and_return(order)
+        spree_get :new
+      end
+      it "should associate the order with a store" do
+        expect(Spree::Core::Importer::Order).to receive(:import)
+          .with(user, hash_including(store_id: controller.current_store.id))
+          .and_return(order)
+        spree_get :new, { user_id: user.id }
+      end
+      context "when a user_id is passed as a parameter" do
+        let(:user)  { mock_model(Spree.user_class) }
+        before { allow(Spree.user_class).to receive_messages :find_by_id => user }
+        it "imports a new order and assigns the user to the order" do
+          expect(Spree::Core::Importer::Order).to receive(:import)
+            .with(user, hash_including(created_by_id: controller.try_spree_current_user.id))
+            .and_return(order)
+          spree_get :new, { user_id: user.id }
+        end
+      end
+      it "should redirect to cart" do
+        spree_get :new
+        expect(response).to redirect_to(spree.cart_admin_order_path(Spree::Order.last))
+      end
+    end
+    # Regression test for #3684
+    context "#edit" do
+      it "does not refresh rates if the order is completed" do
+        allow(order).to receive_messages :completed? => true
+        expect(order).not_to receive :refresh_shipment_rates
+        spree_get :edit, :id => order.number
+      end
+      it "does refresh the rates if the order is incomplete" do
+        allow(order).to receive_messages :completed? => false
+        expect(order).to receive :refresh_shipment_rates
+        spree_get :edit, :id => order.number
+      end
+      context "when order does not have a ship address" do
+        before do
+          allow(order).to receive_messages :ship_address => nil
+        end
+        context 'when order_bill_address_used is true' do
+          before { Spree::Config[:order_bill_address_used] = true }
+          it "should redirect to the customer details page" do
+            spree_get :edit, :id => order.number
+            expect(response).to redirect_to(spree.edit_admin_order_customer_path(order))
+          end
+        end
+        context 'when order_bill_address_used is false' do
+          before { Spree::Config[:order_bill_address_used] = false }
+          it "should redirect to the customer details page" do
+            spree_get :edit, :id => order.number
+            expect(response).to redirect_to(spree.edit_admin_order_customer_path(order))
+          end
+        end
+      end
+    end
+    describe '#advance' do
+      subject do
+        spree_put :advance, id: order.number
+      end
+      context 'when incomplete' do
+        before do
+          allow(order).to receive(:completed?).and_return(false, true)
+          allow(order).to receive(:next).and_return(true, false)
+        end
+        context 'when successful' do
+          before { allow(order).to receive(:confirm?).and_return(true) }
+          it 'messages and redirects' do
+            subject
+            expect(flash[:success]).to eq Spree.t('order_ready_for_confirm')
+            expect(response).to redirect_to(spree.confirm_admin_order_path(order))
+          end
+        end
+        context 'when unsuccessful' do
+          before do
+            allow(order).to receive(:confirm?).and_return(false)
+            allow(order).to receive(:errors).and_return(double(full_messages: ['failed']))
+          end
+          it 'messages and redirects' do
+            subject
+            expect(flash[:error]) == order.errors.full_messages
+            expect(response).to redirect_to(spree.confirm_admin_order_path(order))
+          end
+        end
+      end
+      context 'when already completed' do
+        before { allow(order).to receive_messages :completed? => true }
+        it 'messages and redirects' do
+          subject
+          expect(flash[:notice]).to eq Spree.t('order_already_completed')
+          expect(response).to redirect_to(spree.edit_admin_order_path(order))
+        end
+      end
+    end
+    context '#confirm' do
+      subject do
+        spree_get :confirm, id: order.number
+      end
+      context 'when in confirm' do
+        before { allow(order).to receive_messages completed?: false, confirm?: true }
+        it 'renders the confirm page' do
+          subject
+          expect(response.status).to eq 200
+          expect(response).to render_template(:confirm)
+        end
+      end
+      context 'when before confirm' do
+        before { order.stub completed?: false, confirm?: false }
+        it 'renders the confirm_advance template (to allow refreshing of the order)' do
+          subject
+          expect(response.status).to eq 200
+          expect(response).to render_template(:confirm_advance)
+        end
+      end
+      context 'when already completed' do
+        before { allow(order).to receive_messages completed?: true }
+        it 'redirects to edit' do
+          subject
+          expect(response).to redirect_to(spree.edit_admin_order_path(order))
+        end
+      end
+    end
+    context "#complete" do
+      subject do
+        spree_put :complete, id: order.number
+      end
+      context 'when successful' do
+        before { allow(order).to receive(:complete!) }
+        it 'completes the order' do
+          expect(order).to receive(:complete!)
+          subject
+        end
+        it 'messages and redirects' do
+          subject
+          expect(flash[:success]).to eq Spree.t(:order_completed)
+          expect(response).to redirect_to(spree.edit_admin_order_path(order))
+        end
+      end
+      context 'with an StateMachines::InvalidTransition error' do
+        let(:order) { create(:order) }
+        it 'messages and redirects' do
+          subject
+          expect(response).to redirect_to(spree.confirm_admin_order_path(order))
+          expect(flash[:error].to_s).to include("Cannot transition state via :complete from :cart")
+        end
+      end
+      context 'insufficient stock to complete the order' do
+        before do
+          expect(order).to receive(:complete!).and_raise Spree::Order::InsufficientStock
+        end
+        it 'messages and redirects' do
+          subject
+          expect(response).to redirect_to(spree.cart_admin_order_path(order))
+          expect(flash[:error].to_s).to eq Spree.t(:insufficient_stock_for_order)
+        end
+      end
+    end
+    # Test for #3919
+    context "search" do
+      let(:user) { create(:user) }
+      before do
+        allow(controller).to receive_messages :spree_current_user => user
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'admin')
+        create(:completed_order_with_totals)
+        expect(Spree::Order.count).to eq 1
+      end
+      it "does not display duplicated results" do
+        spree_get :index, q: {
+          line_items_variant_id_in: Spree::Order.first.variants.map(&:id)
+        }
+        expect(assigns[:orders].map { |o| o.number }.count).to eq 1
+      end
+    end
+    context "#open_adjustments" do
+      let(:closed) { double('closed_adjustments') }
+      before do
+        allow(adjustments).to receive(:where).and_return(closed)
+        allow(closed).to receive(:update_all)
+      end
+      it "changes all the closed adjustments to open" do
+        expect(adjustments).to receive(:where).with(state: 'closed')
+          .and_return(closed)
+        expect(closed).to receive(:update_all).with(state: 'open')
+        spree_post :open_adjustments, id: order.number
+      end
+      it "sets the flash success message" do
+        spree_post :open_adjustments, id: order.number
+        expect(flash[:success]).to eql('All adjustments successfully opened!')
+      end
+      it "redirects back" do
+        spree_post :open_adjustments, id: order.number
+        expect(response).to redirect_to(:back)
+      end
+    end
+    context "#close_adjustments" do
+      let(:open) { double('open_adjustments') }
+      before do
+        allow(adjustments).to receive(:where).and_return(open)
+        allow(open).to receive(:update_all)
+      end
+      it "changes all the open adjustments to closed" do
+        expect(adjustments).to receive(:where).with(state: 'open')
+          .and_return(open)
+        expect(open).to receive(:update_all).with(state: 'closed')
+        spree_post :close_adjustments, id: order.number
+      end
+      it "sets the flash success message" do
+        spree_post :close_adjustments, id: order.number
+        expect(flash[:success]).to eql('All adjustments successfully closed!')
+      end
+      it "redirects back" do
+        spree_post :close_adjustments, id: order.number
+        expect(response).to redirect_to(:back)
+      end
+    end
+  end
+  context '#authorize_admin' do
+    let(:user) { create(:user) }
+    let(:order) { create(:completed_order_with_totals, :number => 'R987654321') }
+    before do
+      allow(Spree::Order).to receive_messages :find_by_number! => order
+      allow(controller).to receive_messages :spree_current_user => user
+    end
+    it 'should grant access to users with an admin role' do
+      user.spree_roles << Spree::Role.find_or_create_by(name: 'admin')
+      spree_post :index
+      expect(response).to render_template :index
+    end
+    it 'should grant access to users with an bar role' do
+      user.spree_roles << Spree::Role.find_or_create_by(name: 'bar')
+      Spree::Ability.register_ability(BarAbility)
+      spree_post :index
+      expect(response).to render_template :index
+      Spree::Ability.remove_ability(BarAbility)
+    end
+    it 'should deny access to users with an bar role' do
+      allow(order).to receive(:update_attributes).and_return true
+      allow(order).to receive(:user).and_return Spree.user_class.new
+      allow(order).to receive(:token).and_return nil
+      user.spree_roles.clear
+      user.spree_roles << Spree::Role.find_or_create_by(name: 'bar')
+      Spree::Ability.register_ability(BarAbility)
+      spree_put :update, { :id => 'R123' }
+      expect(response).to redirect_to('/unauthorized')
+      Spree::Ability.remove_ability(BarAbility)
+    end
+    it 'should deny access to users without an admin role' do
+      allow(user).to receive_messages :has_spree_role? => false
+      spree_post :index
+      expect(response).to redirect_to('/unauthorized')
+    end
+    context 'with only permissions on Order' do
+      stub_authorization! do |ability|
+        can [:admin, :manage], Spree::Order, :number => 'R987654321'
+      end
+      it 'should restrict returned order(s) on index when using OrderSpecificAbility' do
+        number = order.number
+        3.times { create(:completed_order_with_totals) }
+        expect(Spree::Order.complete.count).to eq 4
+        allow(user).to receive_messages :has_spree_role? => false
+        spree_get :index
+        expect(response).to render_template :index
+        expect(assigns['orders'].size).to eq 1
+        expect(assigns['orders'].first.number).to eq number
+      end
+    end
+  end
+  context "order number not given" do
+    stub_authorization!
+    it "raise active record not found" do
+      expect {
+        spree_get :edit, id: 0
+      }.to raise_error ActiveRecord::RecordNotFound
+    end
+  end
+  describe "#update" do
+    stub_authorization!
+    let(:order) { create(:order) }
+    let(:payload) do
+      {
+        id: order.number,
+        order: { email: "foo@bar.com" }
+      }
+    end
+    before do
+      allow(order.contents).to receive(:update_cart)
+      expect(Spree::Order).to receive(:find_by_number!) { order }
+    end
+    subject { spree_put :update, payload }
+    it "attempts to update the order" do
+      expect(order.contents).to receive(:update_cart).with(payload[:order])
+      subject
+    end
+    context "the order is already completed" do
+      before { allow(order).to receive(:completed?) { true } }
+      it "renders the edit route" do
+        subject
+        expect(response).to render_template(:edit)
+      end
+    end
+    context "the order is not completed" do
+      before { allow(order).to receive(:completed?) { false } }
+      it "redirects to the customer path" do
+        subject
+        expect(response).to redirect_to(spree.admin_order_customer_path(order))
+      end
+    end
+    context "the order has no line items" do
+      let(:order) { Spree::Order.new(:number => "1234") }
+      it "includes an error on the order" do
+        subject
+        expect(order.errors[:line_items]).to include Spree.t('errors.messages.blank')
+      end
+    end
+  end
+end