solidus_legacy_return_authorizations 1.0.0

data/app/overrides/admin_legacy_return_authorizations.rb

@@ -0,0 +1,14 @@
+Deface::Override.new(
+  virtual_path: "spree/admin/shared/_order_submenu",
+  name: "admin_legacy_return_authorizations_submenu",
+  insert_bottom: "[data-hook='admin_order_tabs']",
+  text: %q(
+    <% if can? :display, Spree::LegacyReturnAuthorization %>
+      <% if @order.legacy_return_authorizations.exists? %>
+        <li<%== ' class="active"' if current == 'Legacy Return Authorizations' %>>
+          <%= link_to_with_icon 'share', Spree.t(:legacy_return_authorizations), admin_order_legacy_return_authorizations_url(@order) %>
+        </li>
+      <% end %>
+    <% end %>
+  )
+)

data/app/views/spree/admin/legacy_return_authorizations/_form.html.erb

@@ -0,0 +1,78 @@
+<div data-hook="admin_legacy_return_authorization_form_fields">
+  <table class="index">
+    <thead>
+      <tr data-hook="legacy_rma_header">
+        <th><%= Spree.t(:product) %></th>
+        <th><%= Spree.t(:quantity_shipped) %></th>
+        <th><%= Spree.t(:quantity_returned) %></th>
+        <th><%= Spree.t(:return_quantity) %></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @legacy_return_authorization.order.shipments.shipped.collect{|s| s.inventory_units.to_a}.flatten.group_by(&:variant).each do | variant, units| %>
+        <tr id="<%= dom_id(variant) %>" data-hook="legacy_rma_row" class="<%= cycle('odd', 'even')%>">
+          <td>
+            <div class="variant-name"><%= variant.name %></div>
+            <div class="variant-options"><%= variant.options_text %></div>
+          </td>
+          <td class="align-center"><%= units.select(&:shipped?).size %></td>
+          <td class="align-center"><%= units.select(&:returned?).size %></td>
+          <td class="return_quantity align-center">
+            <% if @legacy_return_authorization.received? %>
+              <%= @legacy_return_authorization.inventory_units.group_by(&:variant)[variant].try(:size) || 0 %>
+            <% elsif units.select(&:shipped?).empty? %>
+              0
+            <% else %>
+              <%= number_field_tag "return_quantity[#{variant.id}]",
+                @legacy_return_authorization.inventory_units.group_by(&:variant)[variant].try(:size) || 0, {:style => 'width:100px;', :min => 0} %>
+            <% end %>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+
+  <%= f.field_container :amount do %>
+    <%= f.label :amount, Spree.t(:amount) %> <span class="required">*</span><br />
+    <% if @legacy_return_authorization.received? %>
+      <%= @legacy_return_authorization.display_amount %>
+    <% else %>
+      <%= f.text_field :amount, {:style => 'width:80px;'} %> <%= Spree.t(:legacy_rma_value) %>: <span id="legacy_rma_value">0.00</span>
+      <%= f.error_message_on :amount %>
+    <% end %>
+  <% end %>
+
+  <%= f.field_container :reason do %>
+    <%= f.label :reason, Spree.t(:reason) %>
+    <%= f.text_area :reason, {:style => 'height:100px;', :class => 'fullwidth'} %>
+    <%= f.error_message_on :reason %>
+  <% end %>
+
+  <%= f.field_container :stock_location do %>
+    <%= f.label :stock_location, Spree.t(:stock_location) %>
+    <%= f.select :stock_location_id, Spree::StockLocation.active.to_a.collect{|l|[l.name, l.id]}, {:style => 'height:100px;', :class => 'fullwidth'} %>
+    <%= f.error_message_on :reason %>
+  <% end %>
+</div>
+
+<script>
+  var line_item_prices = {};
+  <% @legacy_return_authorization.order.line_items.group_by(&:variant).each do | variant, items| %>
+    line_item_prices[<%= variant.id.to_s %>] = <%= items.first.price %>;
+  <% end %>
+
+  $(document).ready(function(){
+    var legacy_rma_amount = 0;
+    $("td.return_quantity input").on('change', function() {
+      var legacy_rma_amount = 0;
+      $.each($("td.return_quantity input"), function(i, input) {
+        var variant_id = $(input).prop('id').replace("return_quantity_", "");
+         legacy_rma_amount += line_item_prices[variant_id] * $(input).val()
+      });
+
+      if(!isNaN(legacy_rma_amount)){
+        $("span#legacy_rma_value").html(legacy_rma_amount.toFixed(2));
+      }
+    })
+  });
+</script>

data/app/views/spree/admin/legacy_return_authorizations/edit.html.erb

@@ -0,0 +1,32 @@
+<% content_for :page_actions do %>
+  <li>
+    <% if @legacy_return_authorization.can_receive? %>
+      <%= button_link_to Spree.t(:receive), fire_admin_order_legacy_return_authorization_url(@order, @legacy_return_authorization, :e => 'receive'), :method => :put, :data => { :confirm => Spree.t(:are_you_sure) }, :icon => 'download-alt' %>
+    <% end %>
+  </li>
+  <li>
+    <% if @legacy_return_authorization.can_cancel? %>
+      <%= button_link_to Spree.t('actions.cancel'), fire_admin_order_legacy_return_authorization_url(@order, @legacy_return_authorization, :e => 'cancel'), :method => :put, :data => { :confirm => Spree.t(:are_you_sure) }, :icon => 'remove' %>
+    <% end %>
+  </li>
+<% end %>
+
+<%= render :partial => 'spree/admin/shared/order_tabs', :locals => { :current => 'Legacy Return Authorizations' } %>
+
+<% content_for :page_title do %>
+  <i class="fa fa-arrow-right"></i> <%= Spree.t(:legacy_return_authorization) %> <%= @legacy_return_authorization.number %> (<%= Spree.t(@legacy_return_authorization.state.downcase) %>)
+<% end %>
+
+
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @legacy_return_authorization } %>
+<%= form_for [:admin, @order, @legacy_return_authorization] do |f| %>
+  <fieldset class="no-border-top">
+    <%= render :partial => 'form', :locals => { :f => f } %>
+
+    <div class="form-buttons filter-actions actions" data-hook="buttons">
+      <%= button Spree.t('actions.update'), 'repeat' %>
+      <span class="or"><%= Spree.t(:or) %></span>
+      <%= button_link_to Spree.t('actions.cancel'), admin_order_legacy_return_authorizations_url(@order), :icon => 'remove' %>
+    </div>
+  </fieldset>
+<% end %>

data/app/views/spree/admin/legacy_return_authorizations/index.html.erb

@@ -0,0 +1,48 @@
+<%= render :partial => 'spree/admin/shared/order_tabs', :locals => { :current => 'Legacy Return Authorizations' } %>
+
+<% content_for :page_actions do %>
+  <% if can?(:display, Spree::Order) %>
+    <li><%= button_link_to Spree.t(:back_to_orders_list), spree.admin_orders_path, :icon => 'arrow-left' %></li>
+  <% end %>
+<% end %>
+
+<% content_for :page_title do %>
+  <i class="fa fa-arrow-right"></i> <%= Spree.t(:legacy_return_authorizations) %>
+<% end %>
+
+<% if @order.shipments.any?(&:shipped?) || @order.legacy_return_authorizations.any? %>
+  <table class="index">
+    <thead data-hook="legacy_rma_header">
+      <tr>
+        <th><%= Spree.t(:legacy_rma_number) %></th>
+        <th><%= Spree.t(:status) %></th>
+        <th><%= Spree.t(:amount) %></th>
+        <th><%= "#{Spree.t('date')}/#{Spree.t('time')}" %></th>
+        <th class="actions"></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @legacy_return_authorizations.each do |legacy_return_authorization| %>
+        <tr id="<%= spree_dom_id(legacy_return_authorization) %>" data-hook="legacy_rma_row" class="<%= cycle('odd', 'even')%>">
+          <td><%= legacy_return_authorization.number %></td>
+          <td><%= Spree.t(legacy_return_authorization.state.downcase) %></td>
+          <td><%= legacy_return_authorization.display_amount.to_html %></td>
+          <td><%= pretty_time(legacy_return_authorization.created_at) %></td>
+          <td class="actions">
+            <% if can?(:update, legacy_return_authorization) %>
+              <%= link_to_edit legacy_return_authorization, :no_text => true, :class => 'edit' %>
+            <% end %>
+            <% if can?(:destroy, legacy_return_authorization) && !legacy_return_authorization.received? %>
+              &nbsp;
+              <%= link_to_delete legacy_return_authorization, :no_text => true %>
+            <% end %>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+<% else %>
+  <div data-hook="legacy_rma_cannont_create" class="no-objects-found">
+    <%= Spree.t(:cannot_create_returns) %>
+  </div>
+<% end %>

data/app/views/spree/api/legacy_return_authorizations/index.v1.rabl

@@ -0,0 +1,7 @@
+object false
+child(@legacy_return_authorizations => :legacy_return_authorizations) do
+  attributes *legacy_return_authorization_attributes
+end
+node(:count) { @legacy_return_authorizations.count }
+node(:current_page) { params[:page] || 1 }
+node(:pages) { @legacy_return_authorizations.num_pages }

data/app/views/spree/api/legacy_return_authorizations/new.v1.rabl

@@ -0,0 +1,3 @@
+object false
+node(:attributes) { [*legacy_return_authorization_attributes] }
+node(:required_attributes) { required_fields_for(Spree::LegacyReturnAuthorization) }

data/app/views/spree/api/legacy_return_authorizations/show.v1.rabl

@@ -0,0 +1,2 @@
+object @legacy_return_authorization
+attributes *legacy_return_authorization_attributes

data/bin/rails

@@ -0,0 +1,7 @@
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+ENGINE_ROOT = File.expand_path('../..', __FILE__)
+ENGINE_PATH = File.expand_path('../../lib/spree_legacy_return_authorizations/engine', __FILE__)
+
+require 'rails/all'
+require 'rails/engine/commands'

data/circle.yml

@@ -0,0 +1,6 @@
+machine:
+  ruby:
+    version: 2.1.5
+test:
+  pre:
+    - bundle exec rake test_app

data/config/locales/en.yml

@@ -0,0 +1,19 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  activerecord:
+    attributes:
+      spree/legacy_return_authorization:
+        amount: Amount
+    models:
+      spree/legacy_return_authorization:
+        one: Legacy Return Authorization
+        other: Legacy Return Authorizations
+  spree:
+    legacy_return_authorization: Legacy Return Authorization
+    legacy_return_authorization_updated: Legacy Return authorization updated
+    legacy_return_authorizations: Legacy Return Authorizations
+    legacy_rma_credit: Legacy RMA Credit
+    legacy_rma_number: Legacy RMA Number
+    legacy_rma_value: Legacy RMA Value

data/config/routes.rb

@@ -0,0 +1,25 @@
+Spree::Core::Engine.routes.draw do
+  namespace :api, defaults: { format: 'json' } do
+    concern :legacy_return_routes do
+      resources :legacy_return_authorizations, except: [:new, :create] do
+        member do
+          put :add
+          put :cancel
+          put :receive
+        end
+      end
+    end
+    resources :checkouts, only: [], concerns: :legacy_return_routes
+    resources :orders, only: [], concerns: :legacy_return_routes
+  end
+
+  namespace :admin do
+    resources :orders, except: [:show] do
+      resources :legacy_return_authorizations, except: [:new, :create] do
+        member do
+          put :fire
+        end
+      end
+    end
+  end
+end

data/db/migrate/20140710044402_create_spree_legacy_return_authorizations.rb

@@ -0,0 +1,26 @@
+class CreateSpreeLegacyReturnAuthorizations < ActiveRecord::Migration
+  def up
+    # If this is a migrated database that had legacy returns in it then the table will already exist.
+    # But if this is a dev box, etc that's just including this extension then we need to create the table.
+    if !table_exists?(:spree_legacy_return_authorizations)
+      create_table :spree_legacy_return_authorizations do |t|
+        t.string   "number"
+        t.string   "state"
+        t.decimal  "amount", precision: 10, scale: 2, default: 0.0, null: false
+        t.integer  "order_id"
+        t.text     "reason"
+        t.datetime "created_at"
+        t.datetime "updated_at"
+        t.integer  "stock_location_id"
+      end
+
+      add_column :spree_inventory_units, :legacy_return_authorization_id, :integer
+      add_index :spree_inventory_units, :legacy_return_authorization_id
+    end
+  end
+
+  def down
+    drop_table :spree_legacy_return_authorizations
+    remove_column :spree_inventory_units, :legacy_return_authorization_id
+  end
+end

data/lib/generators/solidus_legacy_return_authorizations/install/install_generator.rb

@@ -0,0 +1,29 @@
+module SolidusLegacyReturnAuthorizations
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+
+      class_option :auto_run_migrations, type: :boolean, default: false
+
+      def add_javascripts
+        append_file 'vendor/assets/javascripts/spree/backend/all.js', "//= require spree/backend/solidus_legacy_return_authorizations\n"
+      end
+
+      def add_stylesheets
+        inject_into_file 'vendor/assets/stylesheets/spree/backend/all.css', " *= require spree/backend/solidus_legacy_return_authorizations\n", before: /\*\//, verbose: true
+      end
+
+      def add_migrations
+        run 'bundle exec rake railties:install:migrations FROM=solidus_legacy_return_authorizations'
+      end
+
+      def run_migrations
+        run_migrations = options[:auto_run_migrations] || ['', 'y', 'Y'].include?(ask 'Would you like to run the migrations now? [Y/n]')
+        if run_migrations
+          run 'bundle exec rake db:migrate'
+        else
+          puts 'Skipping rake db:migrate, don\'t forget to run it!'
+        end
+      end
+    end
+  end
+end

data/lib/solidus_legacy_return_authorizations.rb

@@ -0,0 +1,2 @@
+require 'spree_core'
+require 'spree_legacy_return_authorizations/engine'

data/lib/spree_legacy_return_authorizations/engine.rb

@@ -0,0 +1,20 @@
+module SpreeLegacyReturnAuthorizations
+  class Engine < Rails::Engine
+    require 'spree/core'
+    isolate_namespace Spree
+    engine_name 'solidus_legacy_return_authorizations'
+
+    # use rspec for tests
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+
+    def self.activate
+      Dir.glob(File.join(File.dirname(__FILE__), '../../app/**/*_decorator*.rb')) do |c|
+        Rails.configuration.cache_classes ? require(c) : load(c)
+      end
+    end
+
+    config.to_prepare &method(:activate).to_proc
+  end
+end

data/lib/spree_legacy_return_authorizations/factories.rb

@@ -0,0 +1,13 @@
+FactoryGirl.define do
+  factory :legacy_return_authorization, class: Spree::LegacyReturnAuthorization do
+    number '100'
+    amount 100.00
+    association(:order, factory: :shipped_order)
+    reason 'no particular reason'
+    state 'received'
+  end
+
+  factory :new_legacy_return_authorization, class: Spree::LegacyReturnAuthorization do
+    association(:order, factory: :shipped_order)
+  end
+end

data/solidus_legacy_return_authorizations.gemspec

@@ -0,0 +1,29 @@
+# encoding: UTF-8
+
+Gem::Specification.new do |s|
+  s.platform    = Gem::Platform::RUBY
+  s.name        = "solidus_legacy_return_authorizations"
+  s.version     = "1.0.0"
+  s.summary     = "Interfaces for Spree 2.3 Legacy Return Authorizations"
+  s.description = "Provides models and admin interfaces to interact with the LegacyReturnAuthorization models from Spree versions prior to 2.4"
+  s.required_ruby_version = ">= 2.1"
+
+  s.authors    = ["Richard Nuno", "Jordan Brough"]
+
+  s.files       = `git ls-files`.split("\n")
+  s.test_files  = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.require_path = "lib"
+  s.requirements << "none"
+
+  s.add_dependency "solidus_core", [">= 1.0.0", "< 1.2.0"]
+
+  s.add_development_dependency "rspec-rails",  "~> 3.2"
+  s.add_development_dependency "simplecov"
+  s.add_development_dependency "sqlite3"
+  s.add_development_dependency "sass-rails", "~> 4.0.2"
+  s.add_development_dependency "coffee-rails"
+  s.add_development_dependency "capybara", "~> 2.1"
+  s.add_development_dependency "factory_girl", "~> 4.4"
+  s.add_development_dependency "database_cleaner"
+  s.add_development_dependency "ffaker"
+end

data/spec/controllers/admin/legacy_return_authorizations_controller_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Spree::Admin::LegacyReturnAuthorizationsController do
+  stub_authorization!
+
+  # Regression test for #1370 #3
+  let!(:legacy_return_authorization) { create(:legacy_return_authorization, reason: 'old reason') }
+
+  context "#update" do
+    let(:new_reason) { 'new reason' }
+
+    subject do
+      spree_put :update, {
+        id: legacy_return_authorization.to_param,
+        order_id: legacy_return_authorization.order.to_param,
+        legacy_return_authorization: {
+          :reason => new_reason,
+        },
+      }
+    end
+
+    before { subject }
+
+    it "redirects to legacy return authorizations index" do
+      expect(response).to redirect_to(spree.admin_order_legacy_return_authorizations_path(legacy_return_authorization.order))
+    end
+
+    it "updates the reason" do
+      expect(legacy_return_authorization.reload.reason).to eq new_reason
+    end
+  end
+end

data/spec/controllers/spree/api/legacy_return_authorizations_controller_spec.rb

@@ -0,0 +1,157 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::LegacyReturnAuthorizationsController do
+    render_views
+
+    let!(:order) { create(:shipped_order) }
+
+    let(:product) { create(:product) }
+    let(:attributes) { [:id, :reason, :amount, :state] }
+    let(:resource_scoping) { { :order_id => order.to_param } }
+
+    before do
+      stub_api_controller_authentication!
+    end
+
+    context "as the order owner" do
+      before do
+        allow_any_instance_of(Order).to receive_messages :user => current_api_user
+      end
+
+      it "cannot see any legacy return authorizations" do
+        spree_get :index, order_id: order.to_param, format: :json
+        assert_unauthorized!
+      end
+
+      it "cannot see a single legacy return authorization" do
+        spree_get :show, order_id: order.to_param, :id => 1, format: :json
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      before do
+        stub_api_controller_authentication!(admin: true)
+      end
+
+      it "can show legacy return authorization" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_get :show, :order_id => order.number, :id => legacy_return_authorization.id, format: :json
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).not_to be_blank
+      end
+
+      it "can get a list of legacy return authorizations" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        spree_get :index, :order_id => order.number, format: :json
+        expect(response.status).to eq(200)
+        legacy_return_authorizations = json_response["legacy_return_authorizations"]
+        expect(legacy_return_authorizations.first).to have_attributes(attributes)
+        expect(legacy_return_authorizations.first).not_to eq(legacy_return_authorizations.last)
+      end
+
+      it 'can control the page size through a parameter' do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        spree_get :index, :order_id => order.number, :per_page => 1, format: :json
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a parameter' do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        expected_result = create(:legacy_return_authorization, :reason => 'damaged')
+        order.legacy_return_authorizations << expected_result
+        spree_get :index, :q => { :reason_cont => 'damage' }, order_id: order.to_param, format: :json
+        expect(json_response['count']).to eq(1)
+        expect(json_response['legacy_return_authorizations'].first['reason']).to eq expected_result.reason
+      end
+
+      it "can update a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_put :update, :id => legacy_return_authorization.id, :legacy_return_authorization => { :amount => 19.99 }, format: :json, order_id: order.to_param
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+      end
+
+      it "can add an inventory unit to a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        inventory_unit = legacy_return_authorization.returnable_inventory.first
+        expect(inventory_unit).to be
+        expect(legacy_return_authorization.inventory_units).to be_empty
+        spree_put :add, :id => legacy_return_authorization.id, variant_id: inventory_unit.variant.id, quantity: 1, format: :json, order_id: order.to_param
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+        expect(legacy_return_authorization.reload.inventory_units).not_to be_empty
+      end
+
+      it "can mark a legacy return authorization as received on the order with an inventory unit" do
+        FactoryGirl.create(:new_legacy_return_authorization, :order => order, :stock_location_id => order.shipments.first.stock_location.id)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        expect(legacy_return_authorization.state).to eq("authorized")
+
+        # prep (use a rspec context or a factory instead?)
+        inventory_unit = legacy_return_authorization.returnable_inventory.first
+        expect(inventory_unit).to be
+        expect(legacy_return_authorization.inventory_units).to be_empty
+        spree_put :add, :id => legacy_return_authorization.id, variant_id: inventory_unit.variant.id, quantity: 1, format: :json, order_id: order.to_param
+        # end prep
+
+        spree_delete :receive, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        expect(response.status).to eq(200)
+        expect(legacy_return_authorization.reload.state).to eq("received")
+      end
+
+      it "cannot mark a legacy return authorization as received on the order with no inventory units" do
+        FactoryGirl.create(:new_legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        expect(legacy_return_authorization.state).to eq("authorized")
+        spree_delete :receive, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        expect(response.status).to eq(422)
+        expect(legacy_return_authorization.reload.state).to eq("authorized")
+      end
+
+      it "can cancel a legacy return authorization on the order" do
+        FactoryGirl.create(:new_legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        expect(legacy_return_authorization.state).to eq("authorized")
+        spree_delete :cancel, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        expect(response.status).to eq(200)
+        expect(legacy_return_authorization.reload.state).to eq("canceled")
+      end
+
+      it "can delete a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_delete :destroy, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        expect(response.status).to eq(204)
+        expect { legacy_return_authorization.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
+    context "as just another user" do
+      it "cannot update a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_put :update, :id => legacy_return_authorization.id, :legacy_return_authorization => { :amount => 19.99 }, format: :json, order_id: order.to_param
+        assert_unauthorized!
+        expect(legacy_return_authorization.reload.amount).not_to eq(19.99)
+      end
+
+      it "cannot delete a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_delete :destroy, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        assert_unauthorized!
+        expect { legacy_return_authorization.reload }.not_to raise_error
+      end
+    end
+  end
+end