spree_api 1.0.7 → 1.1.0.rc1

data/spec/controllers/spree/api/v1/line_items_controller_spec.rb

@@ -0,0 +1,77 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::LineItemsController do
+    render_views
+
+    let!(:order) do
+     order = Factory(:order)
+     order.line_items << Factory(:line_item)
+     order
+    end
+
+    let(:product) { Factory(:product) }
+    let(:attributes) { [:quantity, :price, :variant] }
+    let(:resource_scoping) { { :order_id => order.to_param } }
+
+    before do
+      stub_authentication!
+    end
+
+    it "can learn how to create a new line item" do
+      api_get :new
+      json_response["attributes"].should == ["quantity", "price", "variant_id"]
+      required_attributes = json_response["required_attributes"]
+      required_attributes.should include("quantity", "variant_id")
+    end
+
+    context "as the order owner" do
+      before do
+        Order.any_instance.stub :user => current_api_user
+      end
+
+      it "can add a new line item to an existing order" do
+        api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+        response.status.should == 201
+        json_response.should have_attributes(attributes)
+        json_response["line_item"]["variant"]["name"].should_not be_blank
+      end
+
+      it "can update a line item on the order" do
+        line_item = order.line_items.first
+        api_put :update, :id => line_item.id, :line_item => { :quantity => 1000 }
+        response.status.should == 200
+        json_response.should have_attributes(attributes)
+      end
+
+      it "can delete a line item on the order" do
+        line_item = order.line_items.first
+        api_delete :destroy, :id => line_item.id
+        response.status.should == 200
+        lambda { line_item.reload }.should raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
+    context "as just another user" do
+      it "cannot add a new line item to the order" do
+        api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+        assert_unauthorized!
+      end
+
+      it "cannot update a line item on the order" do
+        line_item = order.line_items.first
+        api_put :update, :id => line_item.id, :line_item => { :quantity => 1000 }
+        assert_unauthorized!
+        line_item.reload.quantity.should_not == 1000
+      end
+
+      it "cannot delete a line item on the order" do
+        line_item = order.line_items.first
+        api_delete :destroy, :id => line_item.id
+        assert_unauthorized!
+        lambda { line_item.reload }.should_not raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
+  end
+end

data/spec/controllers/spree/api/v1/orders_controller_spec.rb

@@ -0,0 +1,148 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::OrdersController do
+    render_views
+
+    let!(:order) { Factory(:order) }
+    let(:attributes) { [:number, :item_total, :total,
+                        :state, :adjustment_total, :credit_total,
+                        :user_id, :created_at, :updated_at,
+                        :completed_at, :payment_total, :shipment_state,
+                        :payment_state, :email, :special_instructions] }
+
+
+    before do
+      stub_authentication!
+    end
+
+    it "cannot view all orders" do
+      api_get :index
+      assert_unauthorized!
+    end
+
+    it "can view their own order" do
+      Order.any_instance.stub :user => current_api_user
+      api_get :show, :id => order.to_param
+      response.status.should == 200
+      json_response.should have_attributes(attributes)
+    end
+
+    it "can not view someone else's order" do
+      Order.any_instance.stub :user => stub_model(User)
+      api_get :show, :id => order.to_param
+      assert_unauthorized!
+    end
+
+    it "can create an order" do
+      variant = Factory(:variant)
+      api_post :create, :order => { :line_items => { variant.to_param => 5 } }
+      response.status.should == 200
+      order = Order.last
+      order.line_items.count.should == 1
+      order.line_items.first.variant.should == variant
+      order.line_items.first.quantity.should == 5
+      json_response["order"]["state"].should == "address"
+    end
+
+    context "working with an order" do
+      before do
+        Factory(:payment_method)
+        order.next # Switch from cart to address
+        order.ship_address.should be_nil
+        order.state.should == "address"
+      end
+
+      def clean_address(address)
+        address.delete(:state)
+        address.delete(:country)
+        address
+      end
+
+      let(:address_params) { { :country_id => Country.first.id, :state_id => State.first.id } }
+      let(:shipping_address) { clean_address(Factory.attributes_for(:address).merge!(address_params)) }
+      let(:billing_address) { clean_address(Factory.attributes_for(:address).merge!(address_params)) }
+      let!(:shipping_method) { Factory(:shipping_method) }
+      let!(:payment_method) { Factory(:payment_method) }
+
+      it "can add address information to an order" do
+        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
+
+        response.status.should == 200
+        order.reload
+        order.shipping_address.reload
+        order.billing_address.reload
+        # We can assume the rest of the parameters are set if these two are
+        order.shipping_address.firstname.should == shipping_address[:firstname]
+        order.billing_address.firstname.should == billing_address[:firstname]
+        order.state.should == "delivery"
+        json_response["order"]["shipping_methods"].should_not be_empty
+      end
+
+      it "cannot use an address that has no valid shipping methods" do
+        shipping_method.destroy
+        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
+        response.status.should == 422
+        json_response["errors"]["base"].should == ["No shipping methods available for selected location, please change your address and try again."]
+      end
+
+      it "can not add invalid ship address information to an order" do
+        shipping_address[:firstname] = ""
+        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
+
+        response.status.should == 422
+        json_response["errors"]["ship_address.firstname"].should_not be_blank
+      end
+
+      it "can not add invalid ship address information to an order" do
+        billing_address[:firstname] = ""
+        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
+
+        response.status.should == 422
+        json_response["errors"]["bill_address.firstname"].should_not be_blank
+      end
+
+      context "with a line item" do
+        before do
+          order.line_items << Factory(:line_item)
+        end
+
+        context "for delivery" do
+          before do
+            order.update_attribute(:state, "delivery")
+          end
+
+          it "can select a shipping method for an order" do
+            order.shipping_method.should be_nil
+            api_put :delivery, :id => order.to_param, :shipping_method_id => shipping_method.id
+            response.status.should == 200
+            order.reload
+            order.state.should == "payment"
+            order.shipping_method.should == shipping_method
+          end
+
+          it "cannot select an invalid shipping method for an order" do
+            order.shipping_method.should be_nil
+            api_put :delivery, :id => order.to_param, :shipping_method_id => '1234567890'
+            response.status.should == 422
+            json_response["errors"].should include("Invalid shipping method specified.")
+          end
+        end
+      end
+
+
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can view all orders" do
+        api_get :index
+        json_response["orders"].first.should have_attributes(attributes)
+        json_response["count"].should == 1
+        json_response["current_page"].should == 1
+        json_response["pages"].should == 1
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/products_controller_spec.rb

@@ -0,0 +1,159 @@
+require 'spec_helper'
+
+module Spree
+  describe Spree::Api::V1::ProductsController do
+    render_views
+
+    let!(:product) { Factory(:product) }
+    let!(:inactive_product) { Factory(:product, :available_on => Time.now.tomorrow, :name => "inactive") }
+    let(:attributes) { [:id, :name, :description, :price, :available_on, :permalink, :count_on_hand, :meta_description, :meta_keywords] }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a normal user" do
+      it "retrieves a list of products" do
+        api_get :index
+        json_response["products"].first.should have_attributes(attributes)
+        json_response["count"].should == 1
+        json_response["current_page"].should == 1
+        json_response["pages"].should == 1
+      end
+
+      it "does not list unavailable products" do
+        api_get :index
+        json_response["products"].first["name"].should_not eq("inactive")
+      end
+
+      context "pagination" do
+        default_per_page(1)
+
+        it "can select the next page of products" do
+          second_product = Factory(:product)
+          api_get :index, :page => 2
+          json_response["products"].first.should have_attributes(attributes)
+          json_response["count"].should == 2
+          json_response["current_page"].should == 2
+          json_response["pages"].should == 2
+        end
+      end
+
+      it "gets a single product" do
+        product.master.images.create!(:attachment => image("thinking-cat.jpg"))
+        api_get :show, :id => product.to_param
+        json_response.should have_attributes(attributes)
+        product_json = json_response["product"]
+        product_json["variants"].first.should have_attributes([:name,
+                                                              :is_master,
+                                                              :count_on_hand,
+                                                              :price])
+
+        product_json["images"].first.should have_attributes([:attachment_file_name,
+                                                            :attachment_width,
+                                                            :attachment_height,
+                                                            :attachment_content_type])
+      end
+
+
+      context "finds a product by permalink first then by id" do
+        let!(:other_product) { Factory(:product, :permalink => "these-are-not-the-droids-you-are-looking-for") }
+
+        before do
+          product.update_attribute(:permalink, "#{other_product.id}-and-1-ways")
+        end
+
+        specify do
+          api_get :show, :id => product.to_param
+          json_response["product"]["permalink"].should =~ /and-1-ways/
+          product.destroy
+
+          api_get :show, :id => other_product.id
+          json_response["product"]["permalink"].should =~ /droids/
+        end
+      end
+
+      it "cannot see inactive products" do
+        api_get :show, :id => inactive_product.to_param
+        json_response["error"].should == "The resource you were looking for could not be found."
+        response.status.should == 404
+      end
+
+      it "returns a 404 error when it cannot find a product" do
+        api_get :show, :id => "non-existant"
+        json_response["error"].should == "The resource you were looking for could not be found."
+        response.status.should == 404
+      end
+
+      it "can learn how to create a new product" do
+        api_get :new
+        json_response["attributes"].should == attributes.map(&:to_s)
+        required_attributes = json_response["required_attributes"]
+        required_attributes.should include("name")
+        required_attributes.should include("price")
+      end
+
+      it "cannot create a new product if not an admin" do
+        api_post :create, :product => { :name => "Brand new product!" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a product" do
+        api_put :update, :id => product.to_param, :product => { :name => "I hacked your store!" }
+        assert_unauthorized!
+      end
+
+      it "cannot delete a product" do
+        api_delete :destroy, :id => product.to_param
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can see all products" do
+        api_get :index
+        json_response["products"].count.should == 2
+        json_response["count"].should == 2
+        json_response["current_page"].should == 1
+        json_response["pages"].should == 1
+      end
+
+      it "can create a new product" do
+        api_post :create, :product => { :name => "The Other Product",
+                                        :price => 19.99 }
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+      end
+
+      it "cannot create a new product with invalid attributes" do
+        api_post :create, :product => {}
+        response.status.should == 422
+        json_response["error"].should == "Invalid resource. Please fix errors and try again."
+        errors = json_response["errors"]
+        errors.delete("permalink") # Don't care about this one.
+        errors.keys.should =~ ["name", "price"]
+      end
+
+      it "can update a product" do
+        api_put :update, :id => product.to_param, :product => { :name => "New and Improved Product!" }
+        response.status.should == 200
+      end
+
+      it "cannot update a product with an invalid attribute" do
+        api_put :update, :id => product.to_param, :product => { :name => "" }
+        response.status.should == 422
+        json_response["error"].should == "Invalid resource. Please fix errors and try again."
+        json_response["errors"]["name"].should == ["can't be blank"]
+      end
+
+      it "can delete a product" do
+        product.deleted_at.should be_nil
+        api_delete :destroy, :id => product.to_param
+        response.status.should == 200
+        product.reload.deleted_at.should_not be_nil
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/variants_controller_spec.rb

@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::VariantsController do
+    render_views
+
+
+    let!(:product) { Factory(:product) }
+    let!(:variant) do
+      variant = product.master
+      variant.option_values << Factory(:option_value)
+      variant
+    end
+    let!(:attributes) { [:id, :name, :count_on_hand,
+                         :sku, :price, :weight, :height,
+                         :width, :depth, :is_master, :cost_price] }
+
+    before do
+      stub_authentication!
+    end
+
+    it "can see a list of all variants" do
+      api_get :index
+      json_response.first.should have_attributes(attributes)
+      option_values = json_response.last["variant"]["option_values"]
+      option_values.first.should have_attributes([:name,
+                                                 :presentation,
+                                                 :option_type_name,
+                                                 :option_type_id])
+    end
+
+    it "can see a single variant" do
+      api_get :show, :id => variant.to_param
+      json_response.should have_attributes(attributes)
+      option_values = json_response["variant"]["option_values"]
+      option_values.first.should have_attributes([:name,
+                                                 :presentation,
+                                                 :option_type_name,
+                                                 :option_type_id])
+    end
+
+    it "can learn how to create a new variant" do
+      api_get :new
+      json_response["attributes"].should == attributes.map(&:to_s)
+      json_response["required_attributes"].should be_empty
+    end
+
+    it "cannot create a new variant if not an admin" do
+      api_post :create, :variant => { :sku => "12345" }
+      assert_unauthorized!
+    end
+
+    it "cannot update a variant" do
+      api_put :update, :id => variant.to_param, :variant => { :sku => "12345" }
+      assert_unauthorized!
+    end
+
+    it "cannot delete a variant" do
+      api_delete :destroy, :id => variant.to_param
+      assert_unauthorized!
+      lambda { variant.reload }.should_not raise_error
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+      let(:resource_scoping) { { :product_id => variant.product.to_param } }
+
+      it "can create a new variant" do
+        api_post :create, :variant => { :sku => "12345" }
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+
+        variant.product.variants.count.should == 1
+      end
+
+      it "can update a variant" do
+        api_put :update, :id => variant.to_param, :variant => { :sku => "12345" }
+        response.status.should == 200
+      end
+
+      it "can delete a variant" do
+        api_delete :destroy, :id => variant.to_param
+        response.status.should == 200
+        lambda { variant.reload }.should raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
+
+  end
+end