spree_api 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/app/controllers/spree/api/v1/addresses_controller.rb +2 -0
- data/app/controllers/spree/api/v1/base_controller.rb +12 -3
- data/app/controllers/spree/api/v1/countries_controller.rb +4 -1
- data/app/controllers/spree/api/v1/images_controller.rb +4 -1
- data/app/controllers/spree/api/v1/line_items_controller.rb +1 -1
- data/app/controllers/spree/api/v1/orders_controller.rb +10 -16
- data/app/controllers/spree/api/v1/payments_controller.rb +5 -1
- data/app/controllers/spree/api/v1/product_properties_controller.rb +64 -0
- data/app/controllers/spree/api/v1/products_controller.rb +2 -7
- data/app/controllers/spree/api/v1/return_authorizations_controller.rb +53 -0
- data/app/controllers/spree/api/v1/shipments_controller.rb +3 -0
- data/app/controllers/spree/api/v1/taxonomies_controller.rb +5 -2
- data/app/controllers/spree/api/v1/taxons_controller.rb +1 -1
- data/app/controllers/spree/api/v1/variants_controller.rb +21 -3
- data/app/controllers/spree/api/v1/zones_controller.rb +2 -2
- data/app/helpers/spree/api/api_helpers.rb +8 -0
- data/app/models/spree/api_configuration.rb +5 -0
- data/app/models/spree/order_decorator.rb +1 -0
- data/app/views/spree/api/v1/countries/index.rabl +7 -2
- data/app/views/spree/api/v1/countries/show.rabl +2 -2
- data/app/views/spree/api/v1/orders/index.rabl +1 -1
- data/app/views/spree/api/v1/orders/show.rabl +4 -1
- data/app/views/spree/api/v1/payments/index.rabl +7 -2
- data/app/views/spree/api/v1/product_properties/index.rabl +7 -0
- data/app/views/spree/api/v1/product_properties/new.rabl +2 -0
- data/app/views/spree/api/v1/product_properties/show.rabl +2 -0
- data/app/views/spree/api/v1/products/index.rabl +2 -1
- data/app/views/spree/api/v1/return_authorizations/index.rabl +7 -0
- data/app/views/spree/api/v1/return_authorizations/new.rabl +3 -0
- data/app/views/spree/api/v1/return_authorizations/show.rabl +2 -0
- data/app/views/spree/api/v1/taxonomies/index.rabl +7 -2
- data/app/views/spree/api/v1/variants/index.rabl +10 -3
- data/app/views/spree/api/v1/zones/index.rabl +7 -2
- data/config/routes.rb +3 -8
- data/lib/spree/api/engine.rb +4 -0
- data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +29 -7
- data/spec/controllers/spree/api/v1/base_controller_spec.rb +1 -0
- data/spec/controllers/spree/api/v1/countries_controller_spec.rb +25 -1
- data/spec/controllers/spree/api/v1/images_controller_spec.rb +42 -21
- data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/v1/orders_controller_spec.rb +51 -1
- data/spec/controllers/spree/api/v1/payments_controller_spec.rb +44 -3
- data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +117 -0
- data/spec/controllers/spree/api/v1/products_controller_spec.rb +33 -17
- data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +155 -0
- data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +18 -3
- data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +22 -3
- data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +8 -3
- data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
- data/spec/controllers/spree/api/v1/variants_controller_spec.rb +68 -4
- data/spec/controllers/spree/api/v1/zones_controller_spec.rb +46 -11
- data/spec/shared_examples/protect_product_actions.rb +17 -0
- data/spec/spec_helper.rb +5 -0
- data/spree_api.gemspec +0 -1
- metadata +28 -22
@@ -2,10 +2,11 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
module Spree
|
4
4
|
describe Spree::Api::V1::PaymentsController do
|
5
|
+
render_views
|
5
6
|
let!(:order) { create(:order) }
|
6
7
|
let!(:payment) { create(:payment, :order => order) }
|
7
8
|
let!(:attributes) { [:id, :source_type, :source_id, :amount,
|
8
|
-
:payment_method_id, :response_code, :state, :avs_response,
|
9
|
+
:payment_method_id, :response_code, :state, :avs_response,
|
9
10
|
:created_at, :updated_at] }
|
10
11
|
|
11
12
|
let(:resource_scoping) { { :order_id => order.to_param } }
|
@@ -21,7 +22,7 @@ module Spree
|
|
21
22
|
|
22
23
|
it "can view the payments for their order" do
|
23
24
|
api_get :index
|
24
|
-
json_response.first.should have_attributes(attributes)
|
25
|
+
json_response["payments"].first.should have_attributes(attributes)
|
25
26
|
end
|
26
27
|
|
27
28
|
it "can learn how to create a new payment" do
|
@@ -66,7 +67,29 @@ module Spree
|
|
66
67
|
it "can view the payments on any order" do
|
67
68
|
api_get :index
|
68
69
|
response.status.should == 200
|
69
|
-
json_response.first.should have_attributes(attributes)
|
70
|
+
json_response["payments"].first.should have_attributes(attributes)
|
71
|
+
end
|
72
|
+
|
73
|
+
context "multiple payments" do
|
74
|
+
before { @payment = create(:payment, :order => order, :response_code => '99999') }
|
75
|
+
|
76
|
+
it "can view all payments on an order" do
|
77
|
+
api_get :index
|
78
|
+
json_response["count"].should == 2
|
79
|
+
end
|
80
|
+
|
81
|
+
it 'can control the page size through a parameter' do
|
82
|
+
api_get :index, :per_page => 1
|
83
|
+
json_response['count'].should == 1
|
84
|
+
json_response['current_page'].should == 1
|
85
|
+
json_response['pages'].should == 2
|
86
|
+
end
|
87
|
+
|
88
|
+
it 'can query the results through a paramter' do
|
89
|
+
api_get :index, :q => { :response_code_cont => '999' }
|
90
|
+
json_response['count'].should == 1
|
91
|
+
json_response['payments'].first['payment']['response_code'].should eq @payment.response_code
|
92
|
+
end
|
70
93
|
end
|
71
94
|
|
72
95
|
context "for a given payment" do
|
@@ -88,6 +111,24 @@ module Spree
|
|
88
111
|
payment.state.should == "failed"
|
89
112
|
end
|
90
113
|
|
114
|
+
it "can capture" do
|
115
|
+
api_put :capture, :id => payment.to_param
|
116
|
+
response.status.should == 200
|
117
|
+
payment.reload
|
118
|
+
payment.state.should == "completed"
|
119
|
+
end
|
120
|
+
|
121
|
+
it "returns a 422 status when purchasing fails" do
|
122
|
+
fake_response = stub(:success? => false, :to_s => "Insufficient funds")
|
123
|
+
Spree::Gateway::Bogus.any_instance.should_receive(:capture).and_return(fake_response)
|
124
|
+
api_put :capture, :id => payment.to_param
|
125
|
+
response.status.should == 422
|
126
|
+
json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
|
127
|
+
|
128
|
+
payment.reload
|
129
|
+
payment.state.should == "pending"
|
130
|
+
end
|
131
|
+
|
91
132
|
it "can purchase" do
|
92
133
|
api_put :purchase, :id => payment.to_param
|
93
134
|
response.status.should == 200
|
@@ -0,0 +1,117 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'shared_examples/protect_product_actions'
|
3
|
+
|
4
|
+
module Spree
|
5
|
+
describe Spree::Api::V1::ProductPropertiesController do
|
6
|
+
render_views
|
7
|
+
|
8
|
+
let!(:product) { create(:product) }
|
9
|
+
let!(:property_1) {product.product_properties.create(:property_name => "My Property 1", :value => "my value 1")}
|
10
|
+
let!(:property_2) {product.product_properties.create(:property_name => "My Property 2", :value => "my value 2")}
|
11
|
+
|
12
|
+
let(:attributes) { [:id, :product_id, :property_id, :value, :property_name] }
|
13
|
+
let(:resource_scoping) { { :product_id => product.to_param } }
|
14
|
+
|
15
|
+
before do
|
16
|
+
stub_authentication!
|
17
|
+
end
|
18
|
+
|
19
|
+
context "if product is deleted" do
|
20
|
+
before do
|
21
|
+
product.update_column(:deleted_at, Time.now)
|
22
|
+
end
|
23
|
+
|
24
|
+
it "can not see a list of product properties" do
|
25
|
+
api_get :index
|
26
|
+
response.status.should == 404
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
it "can see a list of all product properties" do
|
31
|
+
api_get :index
|
32
|
+
json_response["product_properties"].count.should eq 2
|
33
|
+
json_response["product_properties"].first.should have_attributes(attributes)
|
34
|
+
end
|
35
|
+
|
36
|
+
it "can control the page size through a parameter" do
|
37
|
+
api_get :index, :per_page => 1
|
38
|
+
json_response['product_properties'].count.should == 1
|
39
|
+
json_response['current_page'].should == 1
|
40
|
+
json_response['pages'].should == 2
|
41
|
+
end
|
42
|
+
|
43
|
+
it 'can query the results through a paramter' do
|
44
|
+
Spree::ProductProperty.last.update_attribute(:value, 'loose')
|
45
|
+
property = Spree::ProductProperty.last
|
46
|
+
api_get :index, :q => { :value_cont => 'loose' }
|
47
|
+
json_response['count'].should == 1
|
48
|
+
json_response['product_properties'].first['product_property']['value'].should eq property.value
|
49
|
+
end
|
50
|
+
|
51
|
+
it "can see a single product_property" do
|
52
|
+
api_get :show, :id => property_1.property_name
|
53
|
+
json_response.should have_attributes(attributes)
|
54
|
+
end
|
55
|
+
|
56
|
+
it "can learn how to create a new product property" do
|
57
|
+
api_get :new
|
58
|
+
json_response["attributes"].should == attributes.map(&:to_s)
|
59
|
+
json_response["required_attributes"].should be_empty
|
60
|
+
end
|
61
|
+
|
62
|
+
it "cannot create a new product property if not an admin" do
|
63
|
+
api_post :create, :product_property => { :property_name => "My Property 3" }
|
64
|
+
assert_unauthorized!
|
65
|
+
end
|
66
|
+
|
67
|
+
it "cannot update a product property" do
|
68
|
+
api_put :update, :id => property_1.property_name, :product_property => { :value => "my value 456" }
|
69
|
+
assert_unauthorized!
|
70
|
+
end
|
71
|
+
|
72
|
+
it "cannot delete a product property" do
|
73
|
+
api_delete :destroy, :property_name => property_1.property_name
|
74
|
+
assert_unauthorized!
|
75
|
+
lambda { property_1.reload }.should_not raise_error
|
76
|
+
end
|
77
|
+
|
78
|
+
context "as an admin" do
|
79
|
+
sign_in_as_admin!
|
80
|
+
|
81
|
+
it "can create a new product property" do
|
82
|
+
expect do
|
83
|
+
api_post :create, :product_property => { :property_name => "My Property 3", :value => "my value 3" }
|
84
|
+
end.to change(product.product_properties, :count).by(1)
|
85
|
+
json_response.should have_attributes(attributes)
|
86
|
+
response.status.should == 201
|
87
|
+
end
|
88
|
+
|
89
|
+
it "can update a product property" do
|
90
|
+
api_put :update, :id => property_1.property_name, :product_property => { :value => "my value 456" }
|
91
|
+
response.status.should == 200
|
92
|
+
end
|
93
|
+
|
94
|
+
it "can delete a variant" do
|
95
|
+
api_delete :destroy, :id => property_1.property_name
|
96
|
+
response.status.should == 204
|
97
|
+
lambda { property_1.reload }.should raise_error(ActiveRecord::RecordNotFound)
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
context "with product identified by id" do
|
102
|
+
let(:resource_scoping) { { :product_id => product.id } }
|
103
|
+
it "can see a list of all product properties" do
|
104
|
+
api_get :index
|
105
|
+
json_response["product_properties"].count.should eq 2
|
106
|
+
json_response["product_properties"].first.should have_attributes(attributes)
|
107
|
+
end
|
108
|
+
|
109
|
+
it "can see a single product_property by id" do
|
110
|
+
api_get :show, :id => property_1.id
|
111
|
+
json_response.count.should eq 1
|
112
|
+
json_response.should have_attributes(attributes)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
end
|
117
|
+
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'shared_examples/protect_product_actions'
|
2
3
|
|
3
4
|
module Spree
|
4
5
|
describe Spree::Api::V1::ProductsController do
|
@@ -33,15 +34,24 @@ module Spree
|
|
33
34
|
second_product = create(:product)
|
34
35
|
api_get :index, :page => 2
|
35
36
|
json_response["products"].first.should have_attributes(attributes)
|
36
|
-
json_response["
|
37
|
+
json_response["total_count"].should == 2
|
37
38
|
json_response["current_page"].should == 2
|
38
39
|
json_response["pages"].should == 2
|
39
40
|
end
|
41
|
+
|
42
|
+
it 'can control the page size through a parameter' do
|
43
|
+
create(:product)
|
44
|
+
api_get :index, :per_page => 1
|
45
|
+
json_response['count'].should == 1
|
46
|
+
json_response['total_count'].should == 2
|
47
|
+
json_response['current_page'].should == 1
|
48
|
+
json_response['pages'].should == 2
|
49
|
+
end
|
40
50
|
end
|
41
51
|
|
42
52
|
it "can search for products" do
|
43
53
|
create(:product, :name => "The best product in the world")
|
44
|
-
api_get :
|
54
|
+
api_get :index, :q => { :name_cont => "best" }
|
45
55
|
json_response["products"].first.should have_attributes(attributes)
|
46
56
|
json_response["count"].should == 1
|
47
57
|
end
|
@@ -105,20 +115,7 @@ module Spree
|
|
105
115
|
required_attributes.should include("price")
|
106
116
|
end
|
107
117
|
|
108
|
-
|
109
|
-
api_post :create, :product => { :name => "Brand new product!" }
|
110
|
-
assert_unauthorized!
|
111
|
-
end
|
112
|
-
|
113
|
-
it "cannot update a product" do
|
114
|
-
api_put :update, :id => product.to_param, :product => { :name => "I hacked your store!" }
|
115
|
-
assert_unauthorized!
|
116
|
-
end
|
117
|
-
|
118
|
-
it "cannot delete a product" do
|
119
|
-
api_delete :destroy, :id => product.to_param
|
120
|
-
assert_unauthorized!
|
121
|
-
end
|
118
|
+
it_behaves_like "modifying product actions are restricted"
|
122
119
|
end
|
123
120
|
|
124
121
|
context "as an admin" do
|
@@ -156,6 +153,25 @@ module Spree
|
|
156
153
|
response.status.should == 201
|
157
154
|
end
|
158
155
|
|
156
|
+
# Regression test for #2140
|
157
|
+
context "with authentication_required set to false" do
|
158
|
+
before do
|
159
|
+
Spree::Api::Config.requires_authentication = false
|
160
|
+
end
|
161
|
+
|
162
|
+
after do
|
163
|
+
Spree::Api::Config.requires_authentication = true
|
164
|
+
end
|
165
|
+
|
166
|
+
it "can still create a product" do
|
167
|
+
api_post :create, :product => { :name => "The Other Product",
|
168
|
+
:price => 19.99 },
|
169
|
+
:token => "fake"
|
170
|
+
json_response.should have_attributes(attributes)
|
171
|
+
response.status.should == 201
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
159
175
|
it "cannot create a new product with invalid attributes" do
|
160
176
|
api_post :create, :product => {}
|
161
177
|
response.status.should == 422
|
@@ -180,7 +196,7 @@ module Spree
|
|
180
196
|
it "can delete a product" do
|
181
197
|
product.deleted_at.should be_nil
|
182
198
|
api_delete :destroy, :id => product.to_param
|
183
|
-
response.status.should ==
|
199
|
+
response.status.should == 204
|
184
200
|
product.reload.deleted_at.should_not be_nil
|
185
201
|
end
|
186
202
|
end
|
@@ -0,0 +1,155 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::ReturnAuthorizationsController do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let!(:order) do
|
8
|
+
order = create(:order)
|
9
|
+
order.line_items << create(:line_item)
|
10
|
+
order.shipments << create(:shipment, :state => 'shipped')
|
11
|
+
order.finalize!
|
12
|
+
order.shipments.each(&:ready!)
|
13
|
+
order.shipments.each(&:ship!)
|
14
|
+
order
|
15
|
+
end
|
16
|
+
|
17
|
+
let(:product) { create(:product) }
|
18
|
+
let(:attributes) { [:id, :reason, :amount, :state] }
|
19
|
+
let(:resource_scoping) { { :order_id => order.to_param } }
|
20
|
+
|
21
|
+
before do
|
22
|
+
stub_authentication!
|
23
|
+
end
|
24
|
+
|
25
|
+
context "as the order owner" do
|
26
|
+
before do
|
27
|
+
Order.any_instance.stub :user => current_api_user
|
28
|
+
end
|
29
|
+
|
30
|
+
it "cannot see any return authorizations" do
|
31
|
+
api_get :index
|
32
|
+
assert_unauthorized!
|
33
|
+
end
|
34
|
+
|
35
|
+
it "cannot see a single return authorization" do
|
36
|
+
api_get :show, :id => 1
|
37
|
+
assert_unauthorized!
|
38
|
+
end
|
39
|
+
|
40
|
+
it "cannot learn how to create a new return authorization" do
|
41
|
+
api_get :new
|
42
|
+
assert_unauthorized!
|
43
|
+
end
|
44
|
+
|
45
|
+
it "cannot create a new return authorization" do
|
46
|
+
api_post :create
|
47
|
+
assert_unauthorized!
|
48
|
+
end
|
49
|
+
|
50
|
+
it "cannot update a return authorization" do
|
51
|
+
api_put :update
|
52
|
+
assert_unauthorized!
|
53
|
+
end
|
54
|
+
|
55
|
+
it "cannot delete a return authorization" do
|
56
|
+
api_delete :destroy
|
57
|
+
assert_unauthorized!
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
context "as an admin" do
|
62
|
+
sign_in_as_admin!
|
63
|
+
|
64
|
+
it "can show return authorization" do
|
65
|
+
order.return_authorizations << create(:return_authorization)
|
66
|
+
return_authorization = order.return_authorizations.first
|
67
|
+
api_get :show, :order_id => order.id, :id => return_authorization.id
|
68
|
+
response.status.should == 200
|
69
|
+
json_response.should have_attributes(attributes)
|
70
|
+
json_response["return_authorization"]["state"].should_not be_blank
|
71
|
+
end
|
72
|
+
|
73
|
+
it "can get a list of return authorizations" do
|
74
|
+
order.return_authorizations << create(:return_authorization)
|
75
|
+
order.return_authorizations << create(:return_authorization)
|
76
|
+
api_get :index, { :order_id => order.id }
|
77
|
+
response.status.should == 200
|
78
|
+
return_authorizations = json_response["return_authorizations"]
|
79
|
+
return_authorizations.first.should have_attributes(attributes)
|
80
|
+
return_authorizations.first.should_not == return_authorizations.last
|
81
|
+
end
|
82
|
+
|
83
|
+
it 'can control the page size through a parameter' do
|
84
|
+
order.return_authorizations << create(:return_authorization)
|
85
|
+
order.return_authorizations << create(:return_authorization)
|
86
|
+
api_get :index, :order_id => order.id, :per_page => 1
|
87
|
+
json_response['count'].should == 1
|
88
|
+
json_response['current_page'].should == 1
|
89
|
+
json_response['pages'].should == 2
|
90
|
+
end
|
91
|
+
|
92
|
+
it 'can query the results through a paramter' do
|
93
|
+
order.return_authorizations << create(:return_authorization)
|
94
|
+
expected_result = create(:return_authorization, :reason => 'damaged')
|
95
|
+
order.return_authorizations << expected_result
|
96
|
+
api_get :index, :q => { :reason_cont => 'damage' }
|
97
|
+
json_response['count'].should == 1
|
98
|
+
json_response['return_authorizations'].first['return_authorization']['reason'].should eq expected_result.reason
|
99
|
+
end
|
100
|
+
|
101
|
+
it "can learn how to create a new return authorization" do
|
102
|
+
api_get :new
|
103
|
+
json_response["attributes"].should == ["id", "number", "state", "amount", "order_id", "reason", "created_at", "updated_at"]
|
104
|
+
required_attributes = json_response["required_attributes"]
|
105
|
+
required_attributes.should include("order")
|
106
|
+
end
|
107
|
+
|
108
|
+
it "can update a return authorization on the order" do
|
109
|
+
order.return_authorizations << create(:return_authorization)
|
110
|
+
return_authorization = order.return_authorizations.first
|
111
|
+
api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 }
|
112
|
+
response.status.should == 200
|
113
|
+
json_response.should have_attributes(attributes)
|
114
|
+
end
|
115
|
+
|
116
|
+
it "can delete a return authorization on the order" do
|
117
|
+
order.return_authorizations << create(:return_authorization)
|
118
|
+
return_authorization = order.return_authorizations.first
|
119
|
+
api_delete :destroy, :id => return_authorization.id
|
120
|
+
response.status.should == 204
|
121
|
+
lambda { return_authorization.reload }.should raise_error(ActiveRecord::RecordNotFound)
|
122
|
+
end
|
123
|
+
|
124
|
+
it "can add a new return authorization to an existing order" do
|
125
|
+
api_post :create, :return_autorization => { :order_id => order.id, :amount => 14.22, :reason => "Defective" }
|
126
|
+
response.status.should == 201
|
127
|
+
json_response.should have_attributes(attributes)
|
128
|
+
json_response["return_authorization"]["state"].should_not be_blank
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
context "as just another user" do
|
133
|
+
it "cannot add a return authorization to the order" do
|
134
|
+
api_post :create, :return_autorization => { :order_id => order.id, :amount => 14.22, :reason => "Defective" }
|
135
|
+
assert_unauthorized!
|
136
|
+
end
|
137
|
+
|
138
|
+
it "cannot update a return authorization on the order" do
|
139
|
+
order.return_authorizations << create(:return_authorization)
|
140
|
+
return_authorization = order.return_authorizations.first
|
141
|
+
api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 }
|
142
|
+
assert_unauthorized!
|
143
|
+
return_authorization.reload.amount.should_not == 19.99
|
144
|
+
end
|
145
|
+
|
146
|
+
it "cannot delete a return authorization on the order" do
|
147
|
+
order.return_authorizations << create(:return_authorization)
|
148
|
+
return_authorization = order.return_authorizations.first
|
149
|
+
api_delete :destroy, :id => return_authorization.id
|
150
|
+
assert_unauthorized!
|
151
|
+
lambda { return_authorization.reload }.should_not raise_error(ActiveRecord::RecordNotFound)
|
152
|
+
end
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
@@ -1,16 +1,31 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Spree::Api::V1::ShipmentsController do
|
4
|
+
render_views
|
4
5
|
let!(:shipment) { create(:shipment) }
|
5
6
|
let!(:attributes) { [:id, :tracking, :number, :cost, :shipped_at] }
|
6
7
|
|
7
8
|
before do
|
8
|
-
Spree::Order.any_instance.stub(:paid? => true)
|
9
|
+
Spree::Order.any_instance.stub(:paid? => true, :complete? => true)
|
9
10
|
stub_authentication!
|
10
11
|
end
|
11
12
|
|
12
|
-
|
13
|
-
|
13
|
+
let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
|
14
|
+
|
15
|
+
context "as a non-admin" do
|
16
|
+
it "cannot make a shipment ready" do
|
17
|
+
api_put :ready
|
18
|
+
assert_unauthorized!
|
19
|
+
end
|
20
|
+
|
21
|
+
it "cannot make a shipment shipped" do
|
22
|
+
api_put :ship
|
23
|
+
assert_unauthorized!
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
context "as an admin" do
|
28
|
+
sign_in_as_admin!
|
14
29
|
|
15
30
|
it "can make a shipment ready" do
|
16
31
|
api_put :ready
|