spree_api 2.1.1 → 2.1.2

data/spec/controllers/spree/api/payments_controller_spec.rb

@@ -5,11 +5,12 @@ module Spree
     render_views
     let!(:order) { create(:order) }
     let!(:payment) { create(:payment, :order => order) }
-    let!(:attributes) { [:id, :source_type, :source_id, :amount,
+    let!(:attributes) { [:id, :source_type, :source_id, :amount, :display_amount,
                          :payment_method_id, :response_code, :state, :avs_response,
                          :created_at, :updated_at] }
 
     let(:resource_scoping) { { :order_id => order.to_param } }
+
     before do
       stub_authentication!
     end
@@ -43,6 +44,11 @@ module Spree
           json_response.should have_attributes(attributes)
         end
 
+        it "cannot update a payment" do
+          api_put :update, :id => payment.to_param, :payment => { :amount => 2.01 }
+          assert_unauthorized!
+        end
+
         it "cannot authorize a payment" do
           api_put :authorize, :id => payment.to_param
           assert_unauthorized!
@@ -93,84 +99,120 @@ module Spree
       end
 
       context "for a given payment" do
+        context "updating" do
+          it "can update" do
+            payment.update_attributes(:state => 'pending')
+            api_put :update, :id => payment.to_param, :payment => { :amount => 2.01 }
+            response.status.should == 200
+            payment.reload.amount.should == 2.01
+          end
 
-        it "can authorize" do
-          api_put :authorize, :id => payment.to_param
-          response.status.should == 200
-          payment.reload
-          payment.state.should == "pending"
+          context "update fails" do
+            it "returns a 422 status when the amount is invalid" do
+              payment.update_attributes(:state => 'pending')
+              api_put :update, :id => payment.to_param, :payment => { :amount => 'invalid' }
+              response.status.should == 422
+              json_response["error"].should == "Invalid resource. Please fix errors and try again."
+            end
+
+            it "returns a 403 status when the payment is not pending" do
+              payment.update_attributes(:state => 'completed')
+              api_put :update, :id => payment.to_param, :payment => { :amount => 2.01 }
+              response.status.should == 403
+              json_response["error"].should == "This payment cannot be updated because it is completed."
+            end
+          end
         end
 
-        context "authorization fails" do
-          before do
-            fake_response = double(:success? => false, :to_s => "Could not authorize card")
-            Spree::Gateway::Bogus.any_instance.should_receive(:authorize).and_return(fake_response)
+        context "authorizing" do
+          it "can authorize" do
             api_put :authorize, :id => payment.to_param
-          end 
-
-          it "returns a 422 status" do
-            response.status.should == 422
-            json_response["error"].should == "There was a problem with the payment gateway: Could not authorize card"
+            response.status.should == 200
+            payment.reload.state.should == "pending"
           end
 
-          it "returns a 422 status" do
-            pending "Investigate why a payment.reload after the request raises 'stack level too deep'" 
-            payment.reload
-            payment.state.should == "failed"
+          context "authorization fails" do
+            before do
+              fake_response = double(:success? => false, :to_s => "Could not authorize card")
+              Spree::Gateway::Bogus.any_instance.should_receive(:authorize).and_return(fake_response)
+              api_put :authorize, :id => payment.to_param
+            end
+
+            it "returns a 422 status" do
+              response.status.should == 422
+              json_response["error"].should == "There was a problem with the payment gateway: Could not authorize card"
+            end
+
+            it "does not raise a stack level error" do
+              pending "Investigate why a payment.reload after the request raises 'stack level too deep'"
+              payment.reload.state.should == "failed"
+            end
           end
         end
 
-        it "can capture" do
-          api_put :capture, :id => payment.to_param
-          response.status.should == 200
-          payment.reload
-          payment.state.should == "completed"
-        end
-
-        it "returns a 422 status when purchasing fails" do
-          fake_response = double(:success? => false, :to_s => "Insufficient funds")
-          Spree::Gateway::Bogus.any_instance.should_receive(:capture).and_return(fake_response)
-          api_put :capture, :id => payment.to_param
-          response.status.should == 422
-          json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
-        end
+        context "capturing" do
+          it "can capture" do
+            api_put :capture, :id => payment.to_param
+            response.status.should == 200
+            payment.reload.state.should == "completed"
+          end
 
-        it "can purchase" do
-          api_put :purchase, :id => payment.to_param
-          response.status.should == 200
-          payment.reload
-          payment.state.should == "completed"
+          context "capturing fails" do
+            before do
+              fake_response = double(:success? => false, :to_s => "Insufficient funds")
+              Spree::Gateway::Bogus.any_instance.should_receive(:capture).and_return(fake_response)
+            end
+
+            it "returns a 422 status" do
+              api_put :capture, :id => payment.to_param
+              response.status.should == 422
+              json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
+            end
+          end
         end
 
-        context "purchasing fails" do
-          before do
-            fake_response = double(:success? => false, :to_s => "Insufficient funds")
-            Spree::Gateway::Bogus.any_instance.should_receive(:purchase).and_return(fake_response)
+        context "purchasing" do
+          it "can purchase" do
+            api_put :purchase, :id => payment.to_param
+            response.status.should == 200
+            payment.reload.state.should == "completed"
           end
 
-          it "returns a 422" do
-            api_put :purchase, :id => payment.to_param
-            response.status.should == 422
-            json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
+          context "purchasing fails" do
+            before do
+              fake_response = double(:success? => false, :to_s => "Insufficient funds")
+              Spree::Gateway::Bogus.any_instance.should_receive(:purchase).and_return(fake_response)
+            end
+
+            it "returns a 422 status" do
+              api_put :purchase, :id => payment.to_param
+              response.status.should == 422
+              json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
+            end
           end
         end
 
-        it "can void" do
-          api_put :void, :id => payment.to_param
-          response.status.should == 200
-          payment.reload
-          payment.state.should == "void"
-        end
+        context "voiding" do
+          it "can void" do
+            api_put :void, :id => payment.to_param
+            response.status.should == 200
+            payment.reload.state.should == "void"
+          end
 
-        it "returns a 422 status when voiding fails" do
-          fake_response = double(:success? => false, :to_s => "NO REFUNDS")
-          Spree::Gateway::Bogus.any_instance.should_receive(:void).and_return(fake_response)
-          api_put :void, :id => payment.to_param
-          response.status.should == 422
-          json_response["error"].should == "There was a problem with the payment gateway: NO REFUNDS"
+          context "voiding fails" do
+            before do
+              fake_response = double(:success? => false, :to_s => "NO REFUNDS")
+              Spree::Gateway::Bogus.any_instance.should_receive(:void).and_return(fake_response)
+            end
 
-          payment.reload
-          payment.state.should == "checkout"
+            it "returns a 422 status" do
+              api_put :void, :id => payment.to_param
+              response.status.should == 422
+              json_response["error"].should == "There was a problem with the payment gateway: NO REFUNDS"
+
+              payment.reload.state.should == "checkout"
+            end
+          end
         end
 
         context "crediting" do
@@ -181,31 +223,30 @@ module Spree
           it "can credit" do
             api_put :credit, :id => payment.to_param
             response.status.should == 200
-            payment.reload
-            payment.state.should == "completed"
+            payment.reload.state.should == "completed"
 
-            # Ensur that a credit payment was created, and it has correct credit amount
+            # Ensure that a credit payment was created, and it has correct credit amount
             credit_payment = Payment.where(:source_type => 'Spree::Payment', :source_id => payment.id).last
             credit_payment.amount.to_f.should == -45.75
           end
 
-          it "returns a 422 status when crediting fails" do
-            fake_response = double(:success? => false, :to_s => "NO CREDIT FOR YOU")
-            Spree::Gateway::Bogus.any_instance.should_receive(:credit).and_return(fake_response)
-            api_put :credit, :id => payment.to_param
-            response.status.should == 422
-            json_response["error"].should == "There was a problem with the payment gateway: NO CREDIT FOR YOU"
-          end
-
-          it "cannot credit over credit_allowed limit" do
-            api_put :credit, :id => payment.to_param, :amount => 1000000
-            response.status.should == 422
-            json_response["error"].should == "This payment can only be credited up to 45.75. Please specify an amount less than or equal to this number."
+          context "crediting fails" do
+            it "returns a 422 status" do
+              fake_response = double(:success? => false, :to_s => "NO CREDIT FOR YOU")
+              Spree::Gateway::Bogus.any_instance.should_receive(:credit).and_return(fake_response)
+              api_put :credit, :id => payment.to_param
+              response.status.should == 422
+              json_response["error"].should == "There was a problem with the payment gateway: NO CREDIT FOR YOU"
+            end
+
+            it "cannot credit over credit_allowed limit" do
+              api_put :credit, :id => payment.to_param, :amount => 1000000
+              response.status.should == 422
+              json_response["error"].should == "This payment can only be credited up to 45.75. Please specify an amount less than or equal to this number."
+            end
           end
         end
       end
-
     end
-
   end
 end

data/spec/controllers/spree/api/stock_items_controller_spec.rb

@@ -13,40 +13,76 @@ module Spree
       stub_authentication!
     end
 
-    it 'gets list of stock items' do
-      api_get :index, stock_location_id: stock_location.to_param
-      json_response['stock_items'].first.should have_attributes(attributes)
-      json_response['stock_items'].first['variant']['sku'].should eq 'ABC'
-    end
+    context "as a normal user" do
+      it "cannot list stock items for a stock location" do
+        api_get :index, stock_location_id: stock_location.to_param
+        response.status.should == 404
+      end
 
-    it 'requires a stock_location_id to be passed as a parameter' do
-      api_get :index
-      json_response['error'].should =~ /stock_location_id parameter must be provided/
-      response.status.should == 422
-    end
+      it "cannot see a stock item" do
+        api_get :show, stock_location_id: stock_location.to_param, id: stock_item.to_param
+        response.status.should == 404
+      end
 
-    it 'can control the page size through a parameter' do
-      api_get :index, stock_location_id: stock_location.to_param, per_page: 1
-      json_response['count'].should == 1
-      json_response['current_page'].should == 1
-    end
+      it "cannot create a stock item" do
+        variant = create(:variant)
+        params = {
+          stock_location_id: stock_location.to_param,
+          stock_item: {
+            variant_id: variant.id,
+            count_on_hand: '20'
+          }
+        }
 
-    it 'can query the results through a paramter' do
-      stock_item.update_column(:count_on_hand, 30)
-      api_get :index, stock_location_id: stock_location.to_param, q: { count_on_hand_eq: '30' }
-      json_response['count'].should == 1
-      json_response['stock_items'].first['count_on_hand'].should eq 30
-    end
+        api_post :create, params
+        response.status.should == 404
+      end
+
+      it "cannot update a stock item" do
+        api_put :update, stock_location_id: stock_location.to_param, stock_item_id: stock_item.to_param
+        response.status.should == 404
+      end
 
-    it 'gets a stock item' do
-      api_get :show, stock_location_id: stock_location.to_param, id: stock_item.to_param
-      json_response.should have_attributes(attributes)
-      json_response['count_on_hand'].should eq stock_item.count_on_hand
+      it "cannot destroy a stock item" do
+        api_delete :destroy, stock_location_id: stock_location.to_param, stock_item_id: stock_item.to_param
+        response.status.should == 404
+      end
     end
 
-    context 'as an admin' do
+    context "as an admin" do
       sign_in_as_admin!
 
+      it 'cannot list of stock items' do
+        api_get :index, stock_location_id: stock_location.to_param
+        json_response['stock_items'].first.should have_attributes(attributes)
+        json_response['stock_items'].first['variant']['sku'].should eq 'ABC'
+      end
+
+      it 'requires a stock_location_id to be passed as a parameter' do
+        api_get :index
+        json_response['error'].should =~ /stock_location_id parameter must be provided/
+        response.status.should == 422
+      end
+
+      it 'can control the page size through a parameter' do
+        api_get :index, stock_location_id: stock_location.to_param, per_page: 1
+        json_response['count'].should == 1
+        json_response['current_page'].should == 1
+      end
+
+      it 'can query the results through a paramter' do
+        stock_item.update_column(:count_on_hand, 30)
+        api_get :index, stock_location_id: stock_location.to_param, q: { count_on_hand_eq: '30' }
+        json_response['count'].should == 1
+        json_response['stock_items'].first['count_on_hand'].should eq 30
+      end
+
+      it 'gets a stock item' do
+        api_get :show, stock_location_id: stock_location.to_param, id: stock_item.to_param
+        json_response.should have_attributes(attributes)
+        json_response['count_on_hand'].should eq stock_item.count_on_hand
+      end
+
       it 'can create a new stock item' do
         variant = create(:variant)
         # Creating a variant also creates stock items.

data/spec/controllers/spree/api/stock_locations_controller_spec.rb

@@ -11,45 +11,72 @@ module Spree
       stub_authentication!
     end
 
-    it "gets list of stock locations" do
-      api_get :index
-      json_response['stock_locations'].first.should have_attributes(attributes)
-    end
+    context "as a user" do
+      it "cannot see stock locations" do
+        api_get :index
+        response.status.should == 401
+      end
 
-    it "includes the country" do
-      api_get :index
-      json_response['stock_locations'].first['country'].should_not be_nil
-    end
+      it "cannot see a single stock location" do
+        api_get :show, :id => stock_location.id
+        response.status.should == 404
+      end
 
-    it "includes the state" do
-      api_get :index
-      json_response['stock_locations'].first['state'].should_not be_nil
-    end
+      it "cannot create a new stock location" do
+        params = {
+          stock_location: {
+            name: "North Pole",
+            active: true
+          }
+        }
 
-    it 'can control the page size through a parameter' do
-      create(:stock_location)
-      api_get :index, per_page: 1
-      json_response['count'].should == 1
-      json_response['current_page'].should == 1
-      json_response['pages'].should == 2
-    end
+        api_post :create, params
+        response.status.should == 401
+      end
 
-    it 'can query the results through a paramter' do
-      expected_result = create(:stock_location, name: 'South America')
-      api_get :index, q: { name_cont: 'south' }
-      json_response['count'].should == 1
-      json_response['stock_locations'].first['name'].should eq expected_result.name
-    end
+      it "cannot update a stock location" do
+        api_put :update, :stock_location => { :name => "South Pole" }, :id => stock_location.to_param
+        response.status.should == 404
+      end
 
-    it "gets a stock location" do
-      api_get :show, id: stock_location.to_param
-      json_response.should have_attributes(attributes)
-      json_response['name'].should eq stock_location.name
+      it "cannot delete a stock location" do
+        api_put :destroy, :id => stock_location.to_param
+        response.status.should == 404
+      end
     end
 
+    
     context "as an admin" do
       sign_in_as_admin!
 
+      it "gets list of stock locations" do
+        api_get :index
+        json_response['stock_locations'].first.should have_attributes(attributes)
+        json_response['stock_locations'].first['country'].should_not be_nil
+        json_response['stock_locations'].first['state'].should_not be_nil
+      end
+
+      it 'can control the page size through a parameter' do
+        create(:stock_location)
+        api_get :index, per_page: 1
+        json_response['count'].should == 1
+        json_response['current_page'].should == 1
+        json_response['pages'].should == 2
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:stock_location, name: 'South America')
+        api_get :index, q: { name_cont: 'south' }
+        json_response['count'].should == 1
+        json_response['stock_locations'].first['name'].should eq expected_result.name
+      end
+
+      it "gets a stock location" do
+        api_get :show, id: stock_location.to_param
+        json_response.should have_attributes(attributes)
+        json_response['name'].should eq stock_location.name
+      end
+
       it "can create a new stock location" do
         params = {
           stock_location: {