spree_api 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. data/app/controllers/spree/api/v1/addresses_controller.rb +2 -0
  2. data/app/controllers/spree/api/v1/base_controller.rb +12 -3
  3. data/app/controllers/spree/api/v1/countries_controller.rb +4 -1
  4. data/app/controllers/spree/api/v1/images_controller.rb +4 -1
  5. data/app/controllers/spree/api/v1/line_items_controller.rb +1 -1
  6. data/app/controllers/spree/api/v1/orders_controller.rb +10 -16
  7. data/app/controllers/spree/api/v1/payments_controller.rb +5 -1
  8. data/app/controllers/spree/api/v1/product_properties_controller.rb +64 -0
  9. data/app/controllers/spree/api/v1/products_controller.rb +2 -7
  10. data/app/controllers/spree/api/v1/return_authorizations_controller.rb +53 -0
  11. data/app/controllers/spree/api/v1/shipments_controller.rb +3 -0
  12. data/app/controllers/spree/api/v1/taxonomies_controller.rb +5 -2
  13. data/app/controllers/spree/api/v1/taxons_controller.rb +1 -1
  14. data/app/controllers/spree/api/v1/variants_controller.rb +21 -3
  15. data/app/controllers/spree/api/v1/zones_controller.rb +2 -2
  16. data/app/helpers/spree/api/api_helpers.rb +8 -0
  17. data/app/models/spree/api_configuration.rb +5 -0
  18. data/app/models/spree/order_decorator.rb +1 -0
  19. data/app/views/spree/api/v1/countries/index.rabl +7 -2
  20. data/app/views/spree/api/v1/countries/show.rabl +2 -2
  21. data/app/views/spree/api/v1/orders/index.rabl +1 -1
  22. data/app/views/spree/api/v1/orders/show.rabl +4 -1
  23. data/app/views/spree/api/v1/payments/index.rabl +7 -2
  24. data/app/views/spree/api/v1/product_properties/index.rabl +7 -0
  25. data/app/views/spree/api/v1/product_properties/new.rabl +2 -0
  26. data/app/views/spree/api/v1/product_properties/show.rabl +2 -0
  27. data/app/views/spree/api/v1/products/index.rabl +2 -1
  28. data/app/views/spree/api/v1/return_authorizations/index.rabl +7 -0
  29. data/app/views/spree/api/v1/return_authorizations/new.rabl +3 -0
  30. data/app/views/spree/api/v1/return_authorizations/show.rabl +2 -0
  31. data/app/views/spree/api/v1/taxonomies/index.rabl +7 -2
  32. data/app/views/spree/api/v1/variants/index.rabl +10 -3
  33. data/app/views/spree/api/v1/zones/index.rabl +7 -2
  34. data/config/routes.rb +3 -8
  35. data/lib/spree/api/engine.rb +4 -0
  36. data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +29 -7
  37. data/spec/controllers/spree/api/v1/base_controller_spec.rb +1 -0
  38. data/spec/controllers/spree/api/v1/countries_controller_spec.rb +25 -1
  39. data/spec/controllers/spree/api/v1/images_controller_spec.rb +42 -21
  40. data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +1 -1
  41. data/spec/controllers/spree/api/v1/orders_controller_spec.rb +51 -1
  42. data/spec/controllers/spree/api/v1/payments_controller_spec.rb +44 -3
  43. data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +117 -0
  44. data/spec/controllers/spree/api/v1/products_controller_spec.rb +33 -17
  45. data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +155 -0
  46. data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +18 -3
  47. data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +22 -3
  48. data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +8 -3
  49. data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
  50. data/spec/controllers/spree/api/v1/variants_controller_spec.rb +68 -4
  51. data/spec/controllers/spree/api/v1/zones_controller_spec.rb +46 -11
  52. data/spec/shared_examples/protect_product_actions.rb +17 -0
  53. data/spec/spec_helper.rb +5 -0
  54. data/spree_api.gemspec +0 -1
  55. metadata +28 -22
@@ -2,10 +2,11 @@ require 'spec_helper'
2
2
 
3
3
  module Spree
4
4
  describe Spree::Api::V1::PaymentsController do
5
+ render_views
5
6
  let!(:order) { create(:order) }
6
7
  let!(:payment) { create(:payment, :order => order) }
7
8
  let!(:attributes) { [:id, :source_type, :source_id, :amount,
8
- :payment_method_id, :response_code, :state, :avs_response,
9
+ :payment_method_id, :response_code, :state, :avs_response,
9
10
  :created_at, :updated_at] }
10
11
 
11
12
  let(:resource_scoping) { { :order_id => order.to_param } }
@@ -21,7 +22,7 @@ module Spree
21
22
 
22
23
  it "can view the payments for their order" do
23
24
  api_get :index
24
- json_response.first.should have_attributes(attributes)
25
+ json_response["payments"].first.should have_attributes(attributes)
25
26
  end
26
27
 
27
28
  it "can learn how to create a new payment" do
@@ -66,7 +67,29 @@ module Spree
66
67
  it "can view the payments on any order" do
67
68
  api_get :index
68
69
  response.status.should == 200
69
- json_response.first.should have_attributes(attributes)
70
+ json_response["payments"].first.should have_attributes(attributes)
71
+ end
72
+
73
+ context "multiple payments" do
74
+ before { @payment = create(:payment, :order => order, :response_code => '99999') }
75
+
76
+ it "can view all payments on an order" do
77
+ api_get :index
78
+ json_response["count"].should == 2
79
+ end
80
+
81
+ it 'can control the page size through a parameter' do
82
+ api_get :index, :per_page => 1
83
+ json_response['count'].should == 1
84
+ json_response['current_page'].should == 1
85
+ json_response['pages'].should == 2
86
+ end
87
+
88
+ it 'can query the results through a paramter' do
89
+ api_get :index, :q => { :response_code_cont => '999' }
90
+ json_response['count'].should == 1
91
+ json_response['payments'].first['payment']['response_code'].should eq @payment.response_code
92
+ end
70
93
  end
71
94
 
72
95
  context "for a given payment" do
@@ -88,6 +111,24 @@ module Spree
88
111
  payment.state.should == "failed"
89
112
  end
90
113
 
114
+ it "can capture" do
115
+ api_put :capture, :id => payment.to_param
116
+ response.status.should == 200
117
+ payment.reload
118
+ payment.state.should == "completed"
119
+ end
120
+
121
+ it "returns a 422 status when purchasing fails" do
122
+ fake_response = stub(:success? => false, :to_s => "Insufficient funds")
123
+ Spree::Gateway::Bogus.any_instance.should_receive(:capture).and_return(fake_response)
124
+ api_put :capture, :id => payment.to_param
125
+ response.status.should == 422
126
+ json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
127
+
128
+ payment.reload
129
+ payment.state.should == "pending"
130
+ end
131
+
91
132
  it "can purchase" do
92
133
  api_put :purchase, :id => payment.to_param
93
134
  response.status.should == 200
@@ -0,0 +1,117 @@
1
+ require 'spec_helper'
2
+ require 'shared_examples/protect_product_actions'
3
+
4
+ module Spree
5
+ describe Spree::Api::V1::ProductPropertiesController do
6
+ render_views
7
+
8
+ let!(:product) { create(:product) }
9
+ let!(:property_1) {product.product_properties.create(:property_name => "My Property 1", :value => "my value 1")}
10
+ let!(:property_2) {product.product_properties.create(:property_name => "My Property 2", :value => "my value 2")}
11
+
12
+ let(:attributes) { [:id, :product_id, :property_id, :value, :property_name] }
13
+ let(:resource_scoping) { { :product_id => product.to_param } }
14
+
15
+ before do
16
+ stub_authentication!
17
+ end
18
+
19
+ context "if product is deleted" do
20
+ before do
21
+ product.update_column(:deleted_at, Time.now)
22
+ end
23
+
24
+ it "can not see a list of product properties" do
25
+ api_get :index
26
+ response.status.should == 404
27
+ end
28
+ end
29
+
30
+ it "can see a list of all product properties" do
31
+ api_get :index
32
+ json_response["product_properties"].count.should eq 2
33
+ json_response["product_properties"].first.should have_attributes(attributes)
34
+ end
35
+
36
+ it "can control the page size through a parameter" do
37
+ api_get :index, :per_page => 1
38
+ json_response['product_properties'].count.should == 1
39
+ json_response['current_page'].should == 1
40
+ json_response['pages'].should == 2
41
+ end
42
+
43
+ it 'can query the results through a paramter' do
44
+ Spree::ProductProperty.last.update_attribute(:value, 'loose')
45
+ property = Spree::ProductProperty.last
46
+ api_get :index, :q => { :value_cont => 'loose' }
47
+ json_response['count'].should == 1
48
+ json_response['product_properties'].first['product_property']['value'].should eq property.value
49
+ end
50
+
51
+ it "can see a single product_property" do
52
+ api_get :show, :id => property_1.property_name
53
+ json_response.should have_attributes(attributes)
54
+ end
55
+
56
+ it "can learn how to create a new product property" do
57
+ api_get :new
58
+ json_response["attributes"].should == attributes.map(&:to_s)
59
+ json_response["required_attributes"].should be_empty
60
+ end
61
+
62
+ it "cannot create a new product property if not an admin" do
63
+ api_post :create, :product_property => { :property_name => "My Property 3" }
64
+ assert_unauthorized!
65
+ end
66
+
67
+ it "cannot update a product property" do
68
+ api_put :update, :id => property_1.property_name, :product_property => { :value => "my value 456" }
69
+ assert_unauthorized!
70
+ end
71
+
72
+ it "cannot delete a product property" do
73
+ api_delete :destroy, :property_name => property_1.property_name
74
+ assert_unauthorized!
75
+ lambda { property_1.reload }.should_not raise_error
76
+ end
77
+
78
+ context "as an admin" do
79
+ sign_in_as_admin!
80
+
81
+ it "can create a new product property" do
82
+ expect do
83
+ api_post :create, :product_property => { :property_name => "My Property 3", :value => "my value 3" }
84
+ end.to change(product.product_properties, :count).by(1)
85
+ json_response.should have_attributes(attributes)
86
+ response.status.should == 201
87
+ end
88
+
89
+ it "can update a product property" do
90
+ api_put :update, :id => property_1.property_name, :product_property => { :value => "my value 456" }
91
+ response.status.should == 200
92
+ end
93
+
94
+ it "can delete a variant" do
95
+ api_delete :destroy, :id => property_1.property_name
96
+ response.status.should == 204
97
+ lambda { property_1.reload }.should raise_error(ActiveRecord::RecordNotFound)
98
+ end
99
+ end
100
+
101
+ context "with product identified by id" do
102
+ let(:resource_scoping) { { :product_id => product.id } }
103
+ it "can see a list of all product properties" do
104
+ api_get :index
105
+ json_response["product_properties"].count.should eq 2
106
+ json_response["product_properties"].first.should have_attributes(attributes)
107
+ end
108
+
109
+ it "can see a single product_property by id" do
110
+ api_get :show, :id => property_1.id
111
+ json_response.count.should eq 1
112
+ json_response.should have_attributes(attributes)
113
+ end
114
+ end
115
+
116
+ end
117
+ end
@@ -1,4 +1,5 @@
1
1
  require 'spec_helper'
2
+ require 'shared_examples/protect_product_actions'
2
3
 
3
4
  module Spree
4
5
  describe Spree::Api::V1::ProductsController do
@@ -33,15 +34,24 @@ module Spree
33
34
  second_product = create(:product)
34
35
  api_get :index, :page => 2
35
36
  json_response["products"].first.should have_attributes(attributes)
36
- json_response["count"].should == 2
37
+ json_response["total_count"].should == 2
37
38
  json_response["current_page"].should == 2
38
39
  json_response["pages"].should == 2
39
40
  end
41
+
42
+ it 'can control the page size through a parameter' do
43
+ create(:product)
44
+ api_get :index, :per_page => 1
45
+ json_response['count'].should == 1
46
+ json_response['total_count'].should == 2
47
+ json_response['current_page'].should == 1
48
+ json_response['pages'].should == 2
49
+ end
40
50
  end
41
51
 
42
52
  it "can search for products" do
43
53
  create(:product, :name => "The best product in the world")
44
- api_get :search, :q => { :name_cont => "best" }
54
+ api_get :index, :q => { :name_cont => "best" }
45
55
  json_response["products"].first.should have_attributes(attributes)
46
56
  json_response["count"].should == 1
47
57
  end
@@ -105,20 +115,7 @@ module Spree
105
115
  required_attributes.should include("price")
106
116
  end
107
117
 
108
- it "cannot create a new product if not an admin" do
109
- api_post :create, :product => { :name => "Brand new product!" }
110
- assert_unauthorized!
111
- end
112
-
113
- it "cannot update a product" do
114
- api_put :update, :id => product.to_param, :product => { :name => "I hacked your store!" }
115
- assert_unauthorized!
116
- end
117
-
118
- it "cannot delete a product" do
119
- api_delete :destroy, :id => product.to_param
120
- assert_unauthorized!
121
- end
118
+ it_behaves_like "modifying product actions are restricted"
122
119
  end
123
120
 
124
121
  context "as an admin" do
@@ -156,6 +153,25 @@ module Spree
156
153
  response.status.should == 201
157
154
  end
158
155
 
156
+ # Regression test for #2140
157
+ context "with authentication_required set to false" do
158
+ before do
159
+ Spree::Api::Config.requires_authentication = false
160
+ end
161
+
162
+ after do
163
+ Spree::Api::Config.requires_authentication = true
164
+ end
165
+
166
+ it "can still create a product" do
167
+ api_post :create, :product => { :name => "The Other Product",
168
+ :price => 19.99 },
169
+ :token => "fake"
170
+ json_response.should have_attributes(attributes)
171
+ response.status.should == 201
172
+ end
173
+ end
174
+
159
175
  it "cannot create a new product with invalid attributes" do
160
176
  api_post :create, :product => {}
161
177
  response.status.should == 422
@@ -180,7 +196,7 @@ module Spree
180
196
  it "can delete a product" do
181
197
  product.deleted_at.should be_nil
182
198
  api_delete :destroy, :id => product.to_param
183
- response.status.should == 200
199
+ response.status.should == 204
184
200
  product.reload.deleted_at.should_not be_nil
185
201
  end
186
202
  end
@@ -0,0 +1,155 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::ReturnAuthorizationsController do
5
+ render_views
6
+
7
+ let!(:order) do
8
+ order = create(:order)
9
+ order.line_items << create(:line_item)
10
+ order.shipments << create(:shipment, :state => 'shipped')
11
+ order.finalize!
12
+ order.shipments.each(&:ready!)
13
+ order.shipments.each(&:ship!)
14
+ order
15
+ end
16
+
17
+ let(:product) { create(:product) }
18
+ let(:attributes) { [:id, :reason, :amount, :state] }
19
+ let(:resource_scoping) { { :order_id => order.to_param } }
20
+
21
+ before do
22
+ stub_authentication!
23
+ end
24
+
25
+ context "as the order owner" do
26
+ before do
27
+ Order.any_instance.stub :user => current_api_user
28
+ end
29
+
30
+ it "cannot see any return authorizations" do
31
+ api_get :index
32
+ assert_unauthorized!
33
+ end
34
+
35
+ it "cannot see a single return authorization" do
36
+ api_get :show, :id => 1
37
+ assert_unauthorized!
38
+ end
39
+
40
+ it "cannot learn how to create a new return authorization" do
41
+ api_get :new
42
+ assert_unauthorized!
43
+ end
44
+
45
+ it "cannot create a new return authorization" do
46
+ api_post :create
47
+ assert_unauthorized!
48
+ end
49
+
50
+ it "cannot update a return authorization" do
51
+ api_put :update
52
+ assert_unauthorized!
53
+ end
54
+
55
+ it "cannot delete a return authorization" do
56
+ api_delete :destroy
57
+ assert_unauthorized!
58
+ end
59
+ end
60
+
61
+ context "as an admin" do
62
+ sign_in_as_admin!
63
+
64
+ it "can show return authorization" do
65
+ order.return_authorizations << create(:return_authorization)
66
+ return_authorization = order.return_authorizations.first
67
+ api_get :show, :order_id => order.id, :id => return_authorization.id
68
+ response.status.should == 200
69
+ json_response.should have_attributes(attributes)
70
+ json_response["return_authorization"]["state"].should_not be_blank
71
+ end
72
+
73
+ it "can get a list of return authorizations" do
74
+ order.return_authorizations << create(:return_authorization)
75
+ order.return_authorizations << create(:return_authorization)
76
+ api_get :index, { :order_id => order.id }
77
+ response.status.should == 200
78
+ return_authorizations = json_response["return_authorizations"]
79
+ return_authorizations.first.should have_attributes(attributes)
80
+ return_authorizations.first.should_not == return_authorizations.last
81
+ end
82
+
83
+ it 'can control the page size through a parameter' do
84
+ order.return_authorizations << create(:return_authorization)
85
+ order.return_authorizations << create(:return_authorization)
86
+ api_get :index, :order_id => order.id, :per_page => 1
87
+ json_response['count'].should == 1
88
+ json_response['current_page'].should == 1
89
+ json_response['pages'].should == 2
90
+ end
91
+
92
+ it 'can query the results through a paramter' do
93
+ order.return_authorizations << create(:return_authorization)
94
+ expected_result = create(:return_authorization, :reason => 'damaged')
95
+ order.return_authorizations << expected_result
96
+ api_get :index, :q => { :reason_cont => 'damage' }
97
+ json_response['count'].should == 1
98
+ json_response['return_authorizations'].first['return_authorization']['reason'].should eq expected_result.reason
99
+ end
100
+
101
+ it "can learn how to create a new return authorization" do
102
+ api_get :new
103
+ json_response["attributes"].should == ["id", "number", "state", "amount", "order_id", "reason", "created_at", "updated_at"]
104
+ required_attributes = json_response["required_attributes"]
105
+ required_attributes.should include("order")
106
+ end
107
+
108
+ it "can update a return authorization on the order" do
109
+ order.return_authorizations << create(:return_authorization)
110
+ return_authorization = order.return_authorizations.first
111
+ api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 }
112
+ response.status.should == 200
113
+ json_response.should have_attributes(attributes)
114
+ end
115
+
116
+ it "can delete a return authorization on the order" do
117
+ order.return_authorizations << create(:return_authorization)
118
+ return_authorization = order.return_authorizations.first
119
+ api_delete :destroy, :id => return_authorization.id
120
+ response.status.should == 204
121
+ lambda { return_authorization.reload }.should raise_error(ActiveRecord::RecordNotFound)
122
+ end
123
+
124
+ it "can add a new return authorization to an existing order" do
125
+ api_post :create, :return_autorization => { :order_id => order.id, :amount => 14.22, :reason => "Defective" }
126
+ response.status.should == 201
127
+ json_response.should have_attributes(attributes)
128
+ json_response["return_authorization"]["state"].should_not be_blank
129
+ end
130
+ end
131
+
132
+ context "as just another user" do
133
+ it "cannot add a return authorization to the order" do
134
+ api_post :create, :return_autorization => { :order_id => order.id, :amount => 14.22, :reason => "Defective" }
135
+ assert_unauthorized!
136
+ end
137
+
138
+ it "cannot update a return authorization on the order" do
139
+ order.return_authorizations << create(:return_authorization)
140
+ return_authorization = order.return_authorizations.first
141
+ api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 }
142
+ assert_unauthorized!
143
+ return_authorization.reload.amount.should_not == 19.99
144
+ end
145
+
146
+ it "cannot delete a return authorization on the order" do
147
+ order.return_authorizations << create(:return_authorization)
148
+ return_authorization = order.return_authorizations.first
149
+ api_delete :destroy, :id => return_authorization.id
150
+ assert_unauthorized!
151
+ lambda { return_authorization.reload }.should_not raise_error(ActiveRecord::RecordNotFound)
152
+ end
153
+ end
154
+ end
155
+ end
@@ -1,16 +1,31 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Spree::Api::V1::ShipmentsController do
4
+ render_views
4
5
  let!(:shipment) { create(:shipment) }
5
6
  let!(:attributes) { [:id, :tracking, :number, :cost, :shipped_at] }
6
7
 
7
8
  before do
8
- Spree::Order.any_instance.stub(:paid? => true)
9
+ Spree::Order.any_instance.stub(:paid? => true, :complete? => true)
9
10
  stub_authentication!
10
11
  end
11
12
 
12
- context "working with a shipment" do
13
- let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
13
+ let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
14
+
15
+ context "as a non-admin" do
16
+ it "cannot make a shipment ready" do
17
+ api_put :ready
18
+ assert_unauthorized!
19
+ end
20
+
21
+ it "cannot make a shipment shipped" do
22
+ api_put :ship
23
+ assert_unauthorized!
24
+ end
25
+ end
26
+
27
+ context "as an admin" do
28
+ sign_in_as_admin!
14
29
 
15
30
  it "can make a shipment ready" do
16
31
  api_put :ready