spree_api 1.2.0 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
- data/app/controllers/spree/api/v1/addresses_controller.rb +2 -0
- data/app/controllers/spree/api/v1/base_controller.rb +12 -3
- data/app/controllers/spree/api/v1/countries_controller.rb +4 -1
- data/app/controllers/spree/api/v1/images_controller.rb +4 -1
- data/app/controllers/spree/api/v1/line_items_controller.rb +1 -1
- data/app/controllers/spree/api/v1/orders_controller.rb +10 -16
- data/app/controllers/spree/api/v1/payments_controller.rb +5 -1
- data/app/controllers/spree/api/v1/product_properties_controller.rb +64 -0
- data/app/controllers/spree/api/v1/products_controller.rb +2 -7
- data/app/controllers/spree/api/v1/return_authorizations_controller.rb +53 -0
- data/app/controllers/spree/api/v1/shipments_controller.rb +3 -0
- data/app/controllers/spree/api/v1/taxonomies_controller.rb +5 -2
- data/app/controllers/spree/api/v1/taxons_controller.rb +1 -1
- data/app/controllers/spree/api/v1/variants_controller.rb +21 -3
- data/app/controllers/spree/api/v1/zones_controller.rb +2 -2
- data/app/helpers/spree/api/api_helpers.rb +8 -0
- data/app/models/spree/api_configuration.rb +5 -0
- data/app/models/spree/order_decorator.rb +1 -0
- data/app/views/spree/api/v1/countries/index.rabl +7 -2
- data/app/views/spree/api/v1/countries/show.rabl +2 -2
- data/app/views/spree/api/v1/orders/index.rabl +1 -1
- data/app/views/spree/api/v1/orders/show.rabl +4 -1
- data/app/views/spree/api/v1/payments/index.rabl +7 -2
- data/app/views/spree/api/v1/product_properties/index.rabl +7 -0
- data/app/views/spree/api/v1/product_properties/new.rabl +2 -0
- data/app/views/spree/api/v1/product_properties/show.rabl +2 -0
- data/app/views/spree/api/v1/products/index.rabl +2 -1
- data/app/views/spree/api/v1/return_authorizations/index.rabl +7 -0
- data/app/views/spree/api/v1/return_authorizations/new.rabl +3 -0
- data/app/views/spree/api/v1/return_authorizations/show.rabl +2 -0
- data/app/views/spree/api/v1/taxonomies/index.rabl +7 -2
- data/app/views/spree/api/v1/variants/index.rabl +10 -3
- data/app/views/spree/api/v1/zones/index.rabl +7 -2
- data/config/routes.rb +3 -8
- data/lib/spree/api/engine.rb +4 -0
- data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +29 -7
- data/spec/controllers/spree/api/v1/base_controller_spec.rb +1 -0
- data/spec/controllers/spree/api/v1/countries_controller_spec.rb +25 -1
- data/spec/controllers/spree/api/v1/images_controller_spec.rb +42 -21
- data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/v1/orders_controller_spec.rb +51 -1
- data/spec/controllers/spree/api/v1/payments_controller_spec.rb +44 -3
- data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +117 -0
- data/spec/controllers/spree/api/v1/products_controller_spec.rb +33 -17
- data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +155 -0
- data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +18 -3
- data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +22 -3
- data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +8 -3
- data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
- data/spec/controllers/spree/api/v1/variants_controller_spec.rb +68 -4
- data/spec/controllers/spree/api/v1/zones_controller_spec.rb +46 -11
- data/spec/shared_examples/protect_product_actions.rb +17 -0
- data/spec/spec_helper.rb +5 -0
- data/spree_api.gemspec +0 -1
- metadata +28 -22
@@ -2,10 +2,11 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
module Spree
|
4
4
|
describe Spree::Api::V1::PaymentsController do
|
5
|
+
render_views
|
5
6
|
let!(:order) { create(:order) }
|
6
7
|
let!(:payment) { create(:payment, :order => order) }
|
7
8
|
let!(:attributes) { [:id, :source_type, :source_id, :amount,
|
8
|
-
:payment_method_id, :response_code, :state, :avs_response,
|
9
|
+
:payment_method_id, :response_code, :state, :avs_response,
|
9
10
|
:created_at, :updated_at] }
|
10
11
|
|
11
12
|
let(:resource_scoping) { { :order_id => order.to_param } }
|
@@ -21,7 +22,7 @@ module Spree
|
|
21
22
|
|
22
23
|
it "can view the payments for their order" do
|
23
24
|
api_get :index
|
24
|
-
json_response.first.should have_attributes(attributes)
|
25
|
+
json_response["payments"].first.should have_attributes(attributes)
|
25
26
|
end
|
26
27
|
|
27
28
|
it "can learn how to create a new payment" do
|
@@ -66,7 +67,29 @@ module Spree
|
|
66
67
|
it "can view the payments on any order" do
|
67
68
|
api_get :index
|
68
69
|
response.status.should == 200
|
69
|
-
json_response.first.should have_attributes(attributes)
|
70
|
+
json_response["payments"].first.should have_attributes(attributes)
|
71
|
+
end
|
72
|
+
|
73
|
+
context "multiple payments" do
|
74
|
+
before { @payment = create(:payment, :order => order, :response_code => '99999') }
|
75
|
+
|
76
|
+
it "can view all payments on an order" do
|
77
|
+
api_get :index
|
78
|
+
json_response["count"].should == 2
|
79
|
+
end
|
80
|
+
|
81
|
+
it 'can control the page size through a parameter' do
|
82
|
+
api_get :index, :per_page => 1
|
83
|
+
json_response['count'].should == 1
|
84
|
+
json_response['current_page'].should == 1
|
85
|
+
json_response['pages'].should == 2
|
86
|
+
end
|
87
|
+
|
88
|
+
it 'can query the results through a paramter' do
|
89
|
+
api_get :index, :q => { :response_code_cont => '999' }
|
90
|
+
json_response['count'].should == 1
|
91
|
+
json_response['payments'].first['payment']['response_code'].should eq @payment.response_code
|
92
|
+
end
|
70
93
|
end
|
71
94
|
|
72
95
|
context "for a given payment" do
|
@@ -88,6 +111,24 @@ module Spree
|
|
88
111
|
payment.state.should == "failed"
|
89
112
|
end
|
90
113
|
|
114
|
+
it "can capture" do
|
115
|
+
api_put :capture, :id => payment.to_param
|
116
|
+
response.status.should == 200
|
117
|
+
payment.reload
|
118
|
+
payment.state.should == "completed"
|
119
|
+
end
|
120
|
+
|
121
|
+
it "returns a 422 status when purchasing fails" do
|
122
|
+
fake_response = stub(:success? => false, :to_s => "Insufficient funds")
|
123
|
+
Spree::Gateway::Bogus.any_instance.should_receive(:capture).and_return(fake_response)
|
124
|
+
api_put :capture, :id => payment.to_param
|
125
|
+
response.status.should == 422
|
126
|
+
json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
|
127
|
+
|
128
|
+
payment.reload
|
129
|
+
payment.state.should == "pending"
|
130
|
+
end
|
131
|
+
|
91
132
|
it "can purchase" do
|
92
133
|
api_put :purchase, :id => payment.to_param
|
93
134
|
response.status.should == 200
|
@@ -0,0 +1,117 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'shared_examples/protect_product_actions'
|
3
|
+
|
4
|
+
module Spree
|
5
|
+
describe Spree::Api::V1::ProductPropertiesController do
|
6
|
+
render_views
|
7
|
+
|
8
|
+
let!(:product) { create(:product) }
|
9
|
+
let!(:property_1) {product.product_properties.create(:property_name => "My Property 1", :value => "my value 1")}
|
10
|
+
let!(:property_2) {product.product_properties.create(:property_name => "My Property 2", :value => "my value 2")}
|
11
|
+
|
12
|
+
let(:attributes) { [:id, :product_id, :property_id, :value, :property_name] }
|
13
|
+
let(:resource_scoping) { { :product_id => product.to_param } }
|
14
|
+
|
15
|
+
before do
|
16
|
+
stub_authentication!
|
17
|
+
end
|
18
|
+
|
19
|
+
context "if product is deleted" do
|
20
|
+
before do
|
21
|
+
product.update_column(:deleted_at, Time.now)
|
22
|
+
end
|
23
|
+
|
24
|
+
it "can not see a list of product properties" do
|
25
|
+
api_get :index
|
26
|
+
response.status.should == 404
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
it "can see a list of all product properties" do
|
31
|
+
api_get :index
|
32
|
+
json_response["product_properties"].count.should eq 2
|
33
|
+
json_response["product_properties"].first.should have_attributes(attributes)
|
34
|
+
end
|
35
|
+
|
36
|
+
it "can control the page size through a parameter" do
|
37
|
+
api_get :index, :per_page => 1
|
38
|
+
json_response['product_properties'].count.should == 1
|
39
|
+
json_response['current_page'].should == 1
|
40
|
+
json_response['pages'].should == 2
|
41
|
+
end
|
42
|
+
|
43
|
+
it 'can query the results through a paramter' do
|
44
|
+
Spree::ProductProperty.last.update_attribute(:value, 'loose')
|
45
|
+
property = Spree::ProductProperty.last
|
46
|
+
api_get :index, :q => { :value_cont => 'loose' }
|
47
|
+
json_response['count'].should == 1
|
48
|
+
json_response['product_properties'].first['product_property']['value'].should eq property.value
|
49
|
+
end
|
50
|
+
|
51
|
+
it "can see a single product_property" do
|
52
|
+
api_get :show, :id => property_1.property_name
|
53
|
+
json_response.should have_attributes(attributes)
|
54
|
+
end
|
55
|
+
|
56
|
+
it "can learn how to create a new product property" do
|
57
|
+
api_get :new
|
58
|
+
json_response["attributes"].should == attributes.map(&:to_s)
|
59
|
+
json_response["required_attributes"].should be_empty
|
60
|
+
end
|
61
|
+
|
62
|
+
it "cannot create a new product property if not an admin" do
|
63
|
+
api_post :create, :product_property => { :property_name => "My Property 3" }
|
64
|
+
assert_unauthorized!
|
65
|
+
end
|
66
|
+
|
67
|
+
it "cannot update a product property" do
|
68
|
+
api_put :update, :id => property_1.property_name, :product_property => { :value => "my value 456" }
|
69
|
+
assert_unauthorized!
|
70
|
+
end
|
71
|
+
|
72
|
+
it "cannot delete a product property" do
|
73
|
+
api_delete :destroy, :property_name => property_1.property_name
|
74
|
+
assert_unauthorized!
|
75
|
+
lambda { property_1.reload }.should_not raise_error
|
76
|
+
end
|
77
|
+
|
78
|
+
context "as an admin" do
|
79
|
+
sign_in_as_admin!
|
80
|
+
|
81
|
+
it "can create a new product property" do
|
82
|
+
expect do
|
83
|
+
api_post :create, :product_property => { :property_name => "My Property 3", :value => "my value 3" }
|
84
|
+
end.to change(product.product_properties, :count).by(1)
|
85
|
+
json_response.should have_attributes(attributes)
|
86
|
+
response.status.should == 201
|
87
|
+
end
|
88
|
+
|
89
|
+
it "can update a product property" do
|
90
|
+
api_put :update, :id => property_1.property_name, :product_property => { :value => "my value 456" }
|
91
|
+
response.status.should == 200
|
92
|
+
end
|
93
|
+
|
94
|
+
it "can delete a variant" do
|
95
|
+
api_delete :destroy, :id => property_1.property_name
|
96
|
+
response.status.should == 204
|
97
|
+
lambda { property_1.reload }.should raise_error(ActiveRecord::RecordNotFound)
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
context "with product identified by id" do
|
102
|
+
let(:resource_scoping) { { :product_id => product.id } }
|
103
|
+
it "can see a list of all product properties" do
|
104
|
+
api_get :index
|
105
|
+
json_response["product_properties"].count.should eq 2
|
106
|
+
json_response["product_properties"].first.should have_attributes(attributes)
|
107
|
+
end
|
108
|
+
|
109
|
+
it "can see a single product_property by id" do
|
110
|
+
api_get :show, :id => property_1.id
|
111
|
+
json_response.count.should eq 1
|
112
|
+
json_response.should have_attributes(attributes)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
end
|
117
|
+
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'shared_examples/protect_product_actions'
|
2
3
|
|
3
4
|
module Spree
|
4
5
|
describe Spree::Api::V1::ProductsController do
|
@@ -33,15 +34,24 @@ module Spree
|
|
33
34
|
second_product = create(:product)
|
34
35
|
api_get :index, :page => 2
|
35
36
|
json_response["products"].first.should have_attributes(attributes)
|
36
|
-
json_response["
|
37
|
+
json_response["total_count"].should == 2
|
37
38
|
json_response["current_page"].should == 2
|
38
39
|
json_response["pages"].should == 2
|
39
40
|
end
|
41
|
+
|
42
|
+
it 'can control the page size through a parameter' do
|
43
|
+
create(:product)
|
44
|
+
api_get :index, :per_page => 1
|
45
|
+
json_response['count'].should == 1
|
46
|
+
json_response['total_count'].should == 2
|
47
|
+
json_response['current_page'].should == 1
|
48
|
+
json_response['pages'].should == 2
|
49
|
+
end
|
40
50
|
end
|
41
51
|
|
42
52
|
it "can search for products" do
|
43
53
|
create(:product, :name => "The best product in the world")
|
44
|
-
api_get :
|
54
|
+
api_get :index, :q => { :name_cont => "best" }
|
45
55
|
json_response["products"].first.should have_attributes(attributes)
|
46
56
|
json_response["count"].should == 1
|
47
57
|
end
|
@@ -105,20 +115,7 @@ module Spree
|
|
105
115
|
required_attributes.should include("price")
|
106
116
|
end
|
107
117
|
|
108
|
-
|
109
|
-
api_post :create, :product => { :name => "Brand new product!" }
|
110
|
-
assert_unauthorized!
|
111
|
-
end
|
112
|
-
|
113
|
-
it "cannot update a product" do
|
114
|
-
api_put :update, :id => product.to_param, :product => { :name => "I hacked your store!" }
|
115
|
-
assert_unauthorized!
|
116
|
-
end
|
117
|
-
|
118
|
-
it "cannot delete a product" do
|
119
|
-
api_delete :destroy, :id => product.to_param
|
120
|
-
assert_unauthorized!
|
121
|
-
end
|
118
|
+
it_behaves_like "modifying product actions are restricted"
|
122
119
|
end
|
123
120
|
|
124
121
|
context "as an admin" do
|
@@ -156,6 +153,25 @@ module Spree
|
|
156
153
|
response.status.should == 201
|
157
154
|
end
|
158
155
|
|
156
|
+
# Regression test for #2140
|
157
|
+
context "with authentication_required set to false" do
|
158
|
+
before do
|
159
|
+
Spree::Api::Config.requires_authentication = false
|
160
|
+
end
|
161
|
+
|
162
|
+
after do
|
163
|
+
Spree::Api::Config.requires_authentication = true
|
164
|
+
end
|
165
|
+
|
166
|
+
it "can still create a product" do
|
167
|
+
api_post :create, :product => { :name => "The Other Product",
|
168
|
+
:price => 19.99 },
|
169
|
+
:token => "fake"
|
170
|
+
json_response.should have_attributes(attributes)
|
171
|
+
response.status.should == 201
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
159
175
|
it "cannot create a new product with invalid attributes" do
|
160
176
|
api_post :create, :product => {}
|
161
177
|
response.status.should == 422
|
@@ -180,7 +196,7 @@ module Spree
|
|
180
196
|
it "can delete a product" do
|
181
197
|
product.deleted_at.should be_nil
|
182
198
|
api_delete :destroy, :id => product.to_param
|
183
|
-
response.status.should ==
|
199
|
+
response.status.should == 204
|
184
200
|
product.reload.deleted_at.should_not be_nil
|
185
201
|
end
|
186
202
|
end
|
@@ -0,0 +1,155 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::ReturnAuthorizationsController do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let!(:order) do
|
8
|
+
order = create(:order)
|
9
|
+
order.line_items << create(:line_item)
|
10
|
+
order.shipments << create(:shipment, :state => 'shipped')
|
11
|
+
order.finalize!
|
12
|
+
order.shipments.each(&:ready!)
|
13
|
+
order.shipments.each(&:ship!)
|
14
|
+
order
|
15
|
+
end
|
16
|
+
|
17
|
+
let(:product) { create(:product) }
|
18
|
+
let(:attributes) { [:id, :reason, :amount, :state] }
|
19
|
+
let(:resource_scoping) { { :order_id => order.to_param } }
|
20
|
+
|
21
|
+
before do
|
22
|
+
stub_authentication!
|
23
|
+
end
|
24
|
+
|
25
|
+
context "as the order owner" do
|
26
|
+
before do
|
27
|
+
Order.any_instance.stub :user => current_api_user
|
28
|
+
end
|
29
|
+
|
30
|
+
it "cannot see any return authorizations" do
|
31
|
+
api_get :index
|
32
|
+
assert_unauthorized!
|
33
|
+
end
|
34
|
+
|
35
|
+
it "cannot see a single return authorization" do
|
36
|
+
api_get :show, :id => 1
|
37
|
+
assert_unauthorized!
|
38
|
+
end
|
39
|
+
|
40
|
+
it "cannot learn how to create a new return authorization" do
|
41
|
+
api_get :new
|
42
|
+
assert_unauthorized!
|
43
|
+
end
|
44
|
+
|
45
|
+
it "cannot create a new return authorization" do
|
46
|
+
api_post :create
|
47
|
+
assert_unauthorized!
|
48
|
+
end
|
49
|
+
|
50
|
+
it "cannot update a return authorization" do
|
51
|
+
api_put :update
|
52
|
+
assert_unauthorized!
|
53
|
+
end
|
54
|
+
|
55
|
+
it "cannot delete a return authorization" do
|
56
|
+
api_delete :destroy
|
57
|
+
assert_unauthorized!
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
context "as an admin" do
|
62
|
+
sign_in_as_admin!
|
63
|
+
|
64
|
+
it "can show return authorization" do
|
65
|
+
order.return_authorizations << create(:return_authorization)
|
66
|
+
return_authorization = order.return_authorizations.first
|
67
|
+
api_get :show, :order_id => order.id, :id => return_authorization.id
|
68
|
+
response.status.should == 200
|
69
|
+
json_response.should have_attributes(attributes)
|
70
|
+
json_response["return_authorization"]["state"].should_not be_blank
|
71
|
+
end
|
72
|
+
|
73
|
+
it "can get a list of return authorizations" do
|
74
|
+
order.return_authorizations << create(:return_authorization)
|
75
|
+
order.return_authorizations << create(:return_authorization)
|
76
|
+
api_get :index, { :order_id => order.id }
|
77
|
+
response.status.should == 200
|
78
|
+
return_authorizations = json_response["return_authorizations"]
|
79
|
+
return_authorizations.first.should have_attributes(attributes)
|
80
|
+
return_authorizations.first.should_not == return_authorizations.last
|
81
|
+
end
|
82
|
+
|
83
|
+
it 'can control the page size through a parameter' do
|
84
|
+
order.return_authorizations << create(:return_authorization)
|
85
|
+
order.return_authorizations << create(:return_authorization)
|
86
|
+
api_get :index, :order_id => order.id, :per_page => 1
|
87
|
+
json_response['count'].should == 1
|
88
|
+
json_response['current_page'].should == 1
|
89
|
+
json_response['pages'].should == 2
|
90
|
+
end
|
91
|
+
|
92
|
+
it 'can query the results through a paramter' do
|
93
|
+
order.return_authorizations << create(:return_authorization)
|
94
|
+
expected_result = create(:return_authorization, :reason => 'damaged')
|
95
|
+
order.return_authorizations << expected_result
|
96
|
+
api_get :index, :q => { :reason_cont => 'damage' }
|
97
|
+
json_response['count'].should == 1
|
98
|
+
json_response['return_authorizations'].first['return_authorization']['reason'].should eq expected_result.reason
|
99
|
+
end
|
100
|
+
|
101
|
+
it "can learn how to create a new return authorization" do
|
102
|
+
api_get :new
|
103
|
+
json_response["attributes"].should == ["id", "number", "state", "amount", "order_id", "reason", "created_at", "updated_at"]
|
104
|
+
required_attributes = json_response["required_attributes"]
|
105
|
+
required_attributes.should include("order")
|
106
|
+
end
|
107
|
+
|
108
|
+
it "can update a return authorization on the order" do
|
109
|
+
order.return_authorizations << create(:return_authorization)
|
110
|
+
return_authorization = order.return_authorizations.first
|
111
|
+
api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 }
|
112
|
+
response.status.should == 200
|
113
|
+
json_response.should have_attributes(attributes)
|
114
|
+
end
|
115
|
+
|
116
|
+
it "can delete a return authorization on the order" do
|
117
|
+
order.return_authorizations << create(:return_authorization)
|
118
|
+
return_authorization = order.return_authorizations.first
|
119
|
+
api_delete :destroy, :id => return_authorization.id
|
120
|
+
response.status.should == 204
|
121
|
+
lambda { return_authorization.reload }.should raise_error(ActiveRecord::RecordNotFound)
|
122
|
+
end
|
123
|
+
|
124
|
+
it "can add a new return authorization to an existing order" do
|
125
|
+
api_post :create, :return_autorization => { :order_id => order.id, :amount => 14.22, :reason => "Defective" }
|
126
|
+
response.status.should == 201
|
127
|
+
json_response.should have_attributes(attributes)
|
128
|
+
json_response["return_authorization"]["state"].should_not be_blank
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
context "as just another user" do
|
133
|
+
it "cannot add a return authorization to the order" do
|
134
|
+
api_post :create, :return_autorization => { :order_id => order.id, :amount => 14.22, :reason => "Defective" }
|
135
|
+
assert_unauthorized!
|
136
|
+
end
|
137
|
+
|
138
|
+
it "cannot update a return authorization on the order" do
|
139
|
+
order.return_authorizations << create(:return_authorization)
|
140
|
+
return_authorization = order.return_authorizations.first
|
141
|
+
api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 }
|
142
|
+
assert_unauthorized!
|
143
|
+
return_authorization.reload.amount.should_not == 19.99
|
144
|
+
end
|
145
|
+
|
146
|
+
it "cannot delete a return authorization on the order" do
|
147
|
+
order.return_authorizations << create(:return_authorization)
|
148
|
+
return_authorization = order.return_authorizations.first
|
149
|
+
api_delete :destroy, :id => return_authorization.id
|
150
|
+
assert_unauthorized!
|
151
|
+
lambda { return_authorization.reload }.should_not raise_error(ActiveRecord::RecordNotFound)
|
152
|
+
end
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
@@ -1,16 +1,31 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Spree::Api::V1::ShipmentsController do
|
4
|
+
render_views
|
4
5
|
let!(:shipment) { create(:shipment) }
|
5
6
|
let!(:attributes) { [:id, :tracking, :number, :cost, :shipped_at] }
|
6
7
|
|
7
8
|
before do
|
8
|
-
Spree::Order.any_instance.stub(:paid? => true)
|
9
|
+
Spree::Order.any_instance.stub(:paid? => true, :complete? => true)
|
9
10
|
stub_authentication!
|
10
11
|
end
|
11
12
|
|
12
|
-
|
13
|
-
|
13
|
+
let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
|
14
|
+
|
15
|
+
context "as a non-admin" do
|
16
|
+
it "cannot make a shipment ready" do
|
17
|
+
api_put :ready
|
18
|
+
assert_unauthorized!
|
19
|
+
end
|
20
|
+
|
21
|
+
it "cannot make a shipment shipped" do
|
22
|
+
api_put :ship
|
23
|
+
assert_unauthorized!
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
context "as an admin" do
|
28
|
+
sign_in_as_admin!
|
14
29
|
|
15
30
|
it "can make a shipment ready" do
|
16
31
|
api_put :ready
|