spree_api 2.2.0 → 2.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +2 -49
  3. data/LICENSE +1 -1
  4. data/app/controllers/spree/api/addresses_controller.rb +0 -4
  5. data/app/controllers/spree/api/base_controller.rb +20 -18
  6. data/app/controllers/spree/api/checkouts_controller.rb +2 -7
  7. data/app/controllers/spree/api/images_controller.rb +11 -3
  8. data/app/controllers/spree/api/line_items_controller.rb +9 -7
  9. data/app/controllers/spree/api/orders_controller.rb +1 -5
  10. data/app/controllers/spree/api/products_controller.rb +1 -2
  11. data/app/helpers/spree/api/api_helpers.rb +1 -1
  12. data/app/views/spree/api/line_items/show.v1.rabl +2 -2
  13. data/app/views/spree/api/products/show.v1.rabl +3 -3
  14. data/app/views/spree/api/shipments/show.v1.rabl +1 -1
  15. data/app/views/spree/api/stock_items/show.v1.rabl +1 -1
  16. data/app/views/spree/api/variants/{variant_full.v1.rabl → big.v1.rabl} +4 -8
  17. data/app/views/spree/api/variants/index.v1.rabl +1 -1
  18. data/app/views/spree/api/variants/show.v1.rabl +2 -3
  19. data/app/views/spree/api/variants/{variant.v1.rabl → small.v1.rabl} +5 -0
  20. data/config/routes.rb +4 -2
  21. data/lib/spree/api/controller_setup.rb +0 -12
  22. data/lib/spree/api/responders/rabl_template.rb +9 -0
  23. data/lib/spree/api/testing_support/caching.rb +10 -0
  24. data/lib/spree/api/testing_support/helpers.rb +0 -1
  25. data/spec/controllers/spree/api/base_controller_spec.rb +23 -0
  26. data/spec/controllers/spree/api/checkouts_controller_spec.rb +10 -0
  27. data/spec/controllers/spree/api/images_controller_spec.rb +7 -6
  28. data/spec/controllers/spree/api/line_items_controller_spec.rb +20 -4
  29. data/spec/controllers/spree/api/orders_controller_spec.rb +1 -1
  30. data/spec/controllers/spree/api/products_controller_spec.rb +18 -0
  31. data/spec/controllers/spree/api/users_controller_spec.rb +2 -3
  32. data/spec/controllers/spree/api/variants_controller_spec.rb +9 -0
  33. data/spec/requests/rabl_cache_spec.rb +29 -0
  34. data/spec/spec_helper.rb +1 -0
  35. metadata +10 -13
  36. data/app/models/spree/order_decorator.rb +0 -171
  37. data/app/models/spree/user_decorator.rb +0 -13
  38. data/app/overrides/api_admin_user_edit_form.rb +0 -7
  39. data/app/views/spree/admin/users/_api_fields.html.erb +0 -31
  40. data/spec/models/spree/order_spec.rb +0 -301
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4e802b7e59fd0ecbd4af2cdaae70e049780d4f2f
4
- data.tar.gz: 296836af524b2aff916ac7f7d5fa6a4211997194
3
+ metadata.gz: 2b9a1e586735e3cc1e1cee5cd20399b9921dc7b2
4
+ data.tar.gz: cb20dc4dc54932929151ce653e94964cc367a89f
5
5
  SHA512:
6
- metadata.gz: fce325a070ade67fa025cbbc9026736ab956537adfa2fb8bf3858cb1fc2eab7c827f1ea543db9d9f5a35864d718fe94ef37cb92f37cfef96faf460bc641584e7
7
- data.tar.gz: 7d346032e759b80968da1deb2081c73d266f97853a388461b90febddcfa510baa7b6ed366d11eac6866fe4dcaa8de126a6e788ce11bdfd673b1b76c4b12b895d
6
+ metadata.gz: bdc2ad8bdf4143851a2a16ecbad2dfe6bacde972a4f6e42bfa59907edf62e55ae4f5077bd58a37d84a8cedb29187aaa22f90aeef221b18bc8b873ed82b4b363a
7
+ data.tar.gz: 8ab5f9384fe52caffe246354ba6b16b62343d5b495d19feee302d89b9fdecbb499b6fb139efe1f0386f1a29dea8549947737ef632c89ce0c8b323a10c63cfe3d
data/CHANGELOG.md CHANGED
@@ -1,51 +1,4 @@
1
- ## Spree 2.2.0 (unreleased) ##
1
+ ## Spree 2.2.1 (unreleased) ##
2
2
 
3
- * Api requires authentication by default now
4
-
3
+ * refactor the api to use a general importer in core gem.
5
4
  Peter Berkenbosch
6
-
7
- * Improve products_controller #create and #update for better support to create
8
- and update variants, option types and option values.
9
- See #4172 and #4240
10
-
11
- Bruno Buccolo / Washington Luiz / John Dyer
12
-
13
- * ApiHelpers attributes can now be extended without overriding instance
14
- methods. By using the same approach in PermittedAttributes. e.g.
15
-
16
- Spree::Api::ApiHelpers.order_attributes.push :locked_at
17
-
18
- Washington Luiz
19
-
20
- * Admin users can set the order channel when importing orders. By sing the
21
- channel attribute on Order model
22
-
23
- Washington Luiz
24
-
25
- * Cached products/show template, which can lead to drastically (65x) faster loading times on product requests. 806319709c4ce9a3d0026e00ec2d07372f51cdb8
26
-
27
- Ryan Bigg
28
-
29
- * The parts that make up an order's response from /api/orders/:num are cached, which can lead to a 5x improvement of speed for this API endpoint. 80ffb1e739606ac02ac86336ac13a51583bcc225
30
-
31
- Ryan Bigg
32
-
33
- * Cached variant objects which can lead to slightly faster loading times (4x) for each variant.
34
-
35
- Ryan Bigg
36
-
37
- * Added a route to allow for /api/variants/:id requests
38
-
39
- Ryan Bigg
40
-
41
- * Products response now contains a master variant separately from all the other variants. Previously all variants were grouped together.
42
-
43
- Ryan Bigg
44
-
45
- * Added API endpoint to retrieve a user's orders: /api/orders/mine. #4022
46
-
47
- Richard Nuno
48
-
49
- * Order token can now be passed as a header: `X-Spree-Order-Token`. #4148
50
-
51
- Lucjan Suski
data/LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2007-2013, Spree Commerce, Inc. and other contributors
1
+ Copyright (c) 2007-2014, Spree Commerce, Inc. and other contributors
2
2
  All rights reserved.
3
3
 
4
4
  Redistribution and use in source and binary forms, with or without modification,
@@ -41,10 +41,6 @@ module Spree
41
41
  end
42
42
  end
43
43
 
44
- def order_token
45
- request.headers["X-Spree-Order-Token"] || params[:order_token]
46
- end
47
-
48
44
  def load_and_authorize_address(permission)
49
45
  find_address
50
46
  if @order
@@ -2,18 +2,16 @@ require_dependency 'spree/api/controller_setup'
2
2
 
3
3
  module Spree
4
4
  module Api
5
- class BaseController < ActionController::Metal
6
- include ActionController::StrongParameters
5
+ class BaseController < ActionController::Base
7
6
  include Spree::Api::ControllerSetup
8
7
  include Spree::Core::ControllerHelpers::SSL
9
8
  include Spree::Core::ControllerHelpers::StrongParameters
10
- include ::ActionController::Head
11
- include ::ActionController::ConditionalGet
12
9
 
13
10
  attr_accessor :current_api_user
14
11
 
15
12
  before_filter :set_content_type
16
- before_filter :check_for_user_or_api_key, :if => :requires_authentication?
13
+ before_filter :load_user
14
+ before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
17
15
  before_filter :authenticate_user
18
16
  after_filter :set_jsonp_format
19
17
 
@@ -55,28 +53,23 @@ module Spree
55
53
  def set_content_type
56
54
  content_type = case params[:format]
57
55
  when "json"
58
- "application/json"
56
+ "application/json; charset=utf-8"
59
57
  when "xml"
60
- "text/xml"
58
+ "text/xml; charset=utf-8"
61
59
  end
62
60
  headers["Content-Type"] = content_type
63
61
  end
64
62
 
65
- def check_for_user_or_api_key
66
- # User is already authenticated with Spree, make request this way instead.
67
- return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
68
-
69
- if api_key.blank?
70
- render "spree/api/errors/must_specify_api_key", :status => 401 and return
71
- end
63
+ def load_user
64
+ @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
72
65
  end
73
66
 
74
67
  def authenticate_user
75
68
  unless @current_api_user
76
- if requires_authentication? || api_key.present?
77
- unless @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
78
- render "spree/api/errors/invalid_api_key", :status => 401 and return
79
- end
69
+ if requires_authentication? && api_key.blank? && order_token.blank?
70
+ render "spree/api/errors/must_specify_api_key", :status => 401 and return
71
+ elsif order_token.blank? && (requires_authentication? || api_key.present?)
72
+ render "spree/api/errors/invalid_api_key", :status => 401 and return
80
73
  else
81
74
  # An anonymous user
82
75
  @current_api_user = Spree.user_class.new
@@ -123,6 +116,10 @@ module Spree
123
116
  end
124
117
  helper_method :api_key
125
118
 
119
+ def order_token
120
+ request.headers["X-Spree-Order-Token"] || params[:order_token]
121
+ end
122
+
126
123
  def find_product(id)
127
124
  begin
128
125
  product_scope.friendly.find(id.to_s)
@@ -147,6 +144,11 @@ module Spree
147
144
 
148
145
  scope
149
146
  end
147
+
148
+ def authorize_for_order
149
+ @order = Spree::Order.find_by(number: params[:order_id] || params[:order_number] || params[:id])
150
+ authorize! :read, @order, order_token
151
+ end
150
152
  end
151
153
  end
152
154
  end
@@ -10,7 +10,7 @@ module Spree
10
10
 
11
11
  def create
12
12
  authorize! :create, Order
13
- @order = Order.build_from_api(current_api_user, nested_params)
13
+ @order = Spree::Core::Importer::Order.import(current_api_user, nested_params)
14
14
  respond_with(@order, default_template: 'spree/api/orders/show', status: 201)
15
15
  end
16
16
 
@@ -31,8 +31,7 @@ module Spree
31
31
  end
32
32
 
33
33
  def show
34
- load_order
35
- respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
34
+ redirect_to(api_order_path(params[:id]), status: 301)
36
35
  end
37
36
 
38
37
  def update
@@ -131,10 +130,6 @@ module Spree
131
130
  end
132
131
  false
133
132
  end
134
-
135
- def order_token
136
- request.headers["X-Spree-Order-Token"] || params[:order_token]
137
- end
138
133
  end
139
134
  end
140
135
  end
@@ -9,18 +9,18 @@ module Spree
9
9
 
10
10
  def create
11
11
  authorize! :create, Image
12
- @image = Image.create(image_params)
12
+ @image = scope.images.create(image_params)
13
13
  respond_with(@image, :status => 201, :default_template => :show)
14
14
  end
15
15
 
16
16
  def update
17
- @image = Image.accessible_by(current_ability, :update).find(params[:id])
17
+ @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
18
18
  @image.update_attributes(image_params)
19
19
  respond_with(@image, :default_template => :show)
20
20
  end
21
21
 
22
22
  def destroy
23
- @image = Image.accessible_by(current_ability, :destroy).find(params[:id])
23
+ @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
24
24
  @image.destroy
25
25
  respond_with(@image, :status => 204)
26
26
  end
@@ -29,6 +29,14 @@ module Spree
29
29
  def image_params
30
30
  params.require(:image).permit(permitted_image_attributes)
31
31
  end
32
+
33
+ def scope
34
+ if params[:product_id]
35
+ scope = Spree::Product.friendly.find(params[:product_id])
36
+ elsif params[:variant_id]
37
+ scope = Spree::Variant.find(params[:variant_id])
38
+ end
39
+ end
32
40
  end
33
41
  end
34
42
  end
@@ -14,7 +14,7 @@ module Spree
14
14
  end
15
15
 
16
16
  def update
17
- @line_item = order.line_items.find(params[:id])
17
+ @line_item = find_line_item
18
18
  if @order.contents.update_cart(line_items_attributes)
19
19
  @order.ensure_updated_shipments
20
20
  @line_item.reload
@@ -25,7 +25,7 @@ module Spree
25
25
  end
26
26
 
27
27
  def destroy
28
- @line_item = order.line_items.find(params[:id])
28
+ @line_item = find_line_item
29
29
  variant = Spree::Variant.find(@line_item.variant_id)
30
30
  @order.contents.remove(variant, @line_item.quantity)
31
31
  @order.ensure_updated_shipments
@@ -35,10 +35,16 @@ module Spree
35
35
  private
36
36
 
37
37
  def order
38
- @order ||= Spree::Order.find_by!(number: params[:order_id])
38
+ @order ||= Spree::Order.includes(:line_items).find_by!(number: params[:order_id])
39
39
  authorize! :update, @order, order_token
40
40
  end
41
41
 
42
+ def find_line_item
43
+ id = params[:id].to_i
44
+ order.line_items.detect {|line_item| line_item.id == id} or
45
+ raise ActiveRecord::RecordNotFound
46
+ end
47
+
42
48
  def line_items_attributes
43
49
  { line_items_attributes: {
44
50
  id: params[:id],
@@ -49,10 +55,6 @@ module Spree
49
55
  def line_item_params
50
56
  params.require(:line_item).permit(:quantity, :variant_id)
51
57
  end
52
-
53
- def order_token
54
- request.headers["X-Spree-Order-Token"] || params[:order_token]
55
- end
56
58
  end
57
59
  end
58
60
  end
@@ -22,7 +22,7 @@ module Spree
22
22
 
23
23
  def create
24
24
  authorize! :create, Order
25
- @order = Order.build_from_api(current_api_user, order_params)
25
+ @order = Spree::Core::Importer::Order.import(current_api_user, order_params)
26
26
  respond_with(@order, default_template: :show, status: 201)
27
27
  end
28
28
 
@@ -145,10 +145,6 @@ module Spree
145
145
  @order.create_proposed_shipments
146
146
  end
147
147
 
148
- def order_token
149
- request.headers["X-Spree-Order-Token"] || params[:order_token]
150
- end
151
-
152
148
  end
153
149
  end
154
150
  end
@@ -114,8 +114,7 @@ module Spree
114
114
  def destroy
115
115
  @product = find_product(params[:id])
116
116
  authorize! :destroy, @product
117
- @product.update_attribute(:deleted_at, Time.now)
118
- @product.variants_including_master.update_all(:deleted_at => Time.now)
117
+ @product.destroy
119
118
  respond_with(@product, :status => 204)
120
119
  end
121
120
 
@@ -75,7 +75,7 @@ module Spree
75
75
  :user_id, :created_at, :updated_at, :completed_at, :payment_total,
76
76
  :shipment_state, :payment_state, :email, :special_instructions, :channel,
77
77
  :included_tax_total, :additional_tax_total, :display_included_tax_total,
78
- :display_additional_tax_total
78
+ :display_additional_tax_total, :tax_total, :currency
79
79
  ]
80
80
 
81
81
  @@line_item_attributes = [:id, :quantity, :price, :variant_id]
@@ -5,11 +5,11 @@ node(:single_display_amount) { |li| li.single_display_amount.to_s }
5
5
  node(:display_amount) { |li| li.display_amount.to_s }
6
6
  node(:total) { |li| li.total }
7
7
  child :variant do
8
- extends "spree/api/variants/variant"
8
+ extends "spree/api/variants/small"
9
9
  attributes :product_id
10
10
  child(:images => :images) { extends "spree/api/images/show" }
11
11
  end
12
12
 
13
13
  child :adjustments => :adjustments do
14
14
  extends "spree/api/adjustments/show"
15
- end
15
+ end
@@ -1,14 +1,14 @@
1
1
  object @product
2
- cache [current_currency, @product]
2
+ cache [current_currency, root_object]
3
3
  attributes *product_attributes
4
4
  node(:display_price) { |p| p.display_price.to_s }
5
5
  node(:has_variants) { |p| p.has_variants? }
6
6
  child :master => :master do
7
- extends "spree/api/variants/show"
7
+ extends "spree/api/variants/small"
8
8
  end
9
9
 
10
10
  child :variants => :variants do
11
- extends "spree/api/variants/show"
11
+ extends "spree/api/variants/small"
12
12
  end
13
13
 
14
14
  child :option_types => :option_types do
@@ -25,7 +25,7 @@ end
25
25
 
26
26
  child :manifest => :manifest do
27
27
  child :variant => :variant do
28
- extends "spree/api/variants/show"
28
+ extends "spree/api/variants/small"
29
29
  end
30
30
  node(:quantity) { |m| m.quantity }
31
31
  node(:states) { |m| m.states }
@@ -1,5 +1,5 @@
1
1
  object @stock_item
2
2
  attributes *stock_item_attributes
3
3
  child(:variant) do
4
- extends "spree/api/variants/variant"
4
+ extends "spree/api/variants/small"
5
5
  end
@@ -1,13 +1,9 @@
1
1
  object @variant
2
- cache @variant
3
- extends "spree/api/variants/variant"
2
+ attributes *variant_attributes
4
3
 
5
- child(:images => :images) do
6
- attributes *image_attributes
7
- code(:urls) do |v|
8
- v.attachment.styles.keys.inject({}) { |urls, style| urls[style] = v.attachment.url(style); urls }
9
- end
10
- end
4
+ cache ['big_variant', root_object]
5
+
6
+ extends "spree/api/variants/small"
11
7
 
12
8
  child(:stock_items => :stock_items) do
13
9
  attributes :id, :count_on_hand, :stock_location_id, :backorderable
@@ -5,5 +5,5 @@ node(:current_page) { params[:page] ? params[:page].to_i : 1 }
5
5
  node(:pages) { @variants.num_pages }
6
6
 
7
7
  child(@variants => :variants) do
8
- extends "spree/api/variants/variant_full"
8
+ extends "spree/api/variants/big"
9
9
  end
@@ -1,4 +1,3 @@
1
1
  object @variant
2
- cache @variant
3
- extends "spree/api/variants/variant_full"
4
- child(:images => :images) { extends "spree/api/images/show" }
2
+ cache ['show', root_object]
3
+ extends "spree/api/variants/big"
@@ -1,7 +1,12 @@
1
1
  attributes *variant_attributes
2
+ cache ['small_variant', root_object]
3
+
2
4
  node(:display_price) { |p| p.display_price.to_s }
3
5
  node(:options_text) { |v| v.options_text }
4
6
  node(:in_stock) { |v| v.in_stock? }
7
+
5
8
  child :option_values => :option_values do
6
9
  attributes *option_value_attributes
7
10
  end
11
+
12
+ child(:images => :images) { extends "spree/api/images/show" }
data/config/routes.rb CHANGED
@@ -10,11 +10,11 @@ Spree::Core::Engine.add_routes do
10
10
 
11
11
  namespace :api, :defaults => { :format => 'json' } do
12
12
  resources :products do
13
+ resources :images
13
14
  resources :variants
14
15
  resources :product_properties
15
16
  end
16
17
 
17
- resources :images
18
18
  resources :checkouts do
19
19
  member do
20
20
  put :next
@@ -22,7 +22,9 @@ Spree::Core::Engine.add_routes do
22
22
  end
23
23
  end
24
24
 
25
- resources :variants, :only => [:index, :show]
25
+ resources :variants, :only => [:index, :show] do
26
+ resources :images
27
+ end
26
28
 
27
29
  resources :option_types do
28
30
  resources :option_values
@@ -5,18 +5,6 @@ module Spree
5
5
  module ControllerSetup
6
6
  def self.included(klass)
7
7
  klass.class_eval do
8
- include AbstractController::ViewPaths
9
- include AbstractController::Callbacks
10
- include AbstractController::Helpers
11
-
12
- include ActiveSupport::Rescuable
13
-
14
- include ActionController::Rendering
15
- include ActionController::ImplicitRender
16
- include ActionController::Rescue
17
- include ActionController::MimeResponds
18
- include ActionController::Head
19
-
20
8
  include CanCan::ControllerAdditions
21
9
  include Spree::Core::ControllerHelpers::Auth
22
10
 
@@ -16,6 +16,15 @@ module Spree
16
16
  def template
17
17
  request.headers['X-Spree-Template'] || controller.params[:template] || options[:default_template]
18
18
  end
19
+
20
+ def api_behavior(error)
21
+ if controller.params[:action] == "destroy"
22
+ # Render a blank template
23
+ super
24
+ else
25
+ # Do nothing and fallback to the default template
26
+ end
27
+ end
19
28
  end
20
29
  end
21
30
  end
@@ -0,0 +1,10 @@
1
+ RSpec.configure do |config|
2
+ config.before(:each, :caching => true) do
3
+ ActionController::Base.perform_caching = true
4
+ end
5
+
6
+ config.after(:each, :caching => true) do
7
+ ActionController::Base.perform_caching = false
8
+ Rails.cache.clear
9
+ end
10
+ end
@@ -17,7 +17,6 @@ module Spree
17
17
  end
18
18
 
19
19
  def stub_authentication!
20
- controller.stub :check_for_user_or_api_key
21
20
  Spree::LegacyUser.stub(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
22
21
  end
23
22
 
@@ -21,6 +21,29 @@ describe Spree::Api::BaseController do
21
21
  end
22
22
  end
23
23
 
24
+ context "when validating based on an order token" do
25
+ let!(:order) { create :order }
26
+
27
+ context "with a correct order token" do
28
+ it "succeeds" do
29
+ api_get :index, order_token: order.token, order_id: order.number
30
+ response.status.should == 200
31
+ end
32
+
33
+ it "succeeds with an order_number parameter" do
34
+ api_get :index, order_token: order.token, order_number: order.number
35
+ response.status.should == 200
36
+ end
37
+ end
38
+
39
+ context "with an incorrect order token" do
40
+ it "returns unauthorized" do
41
+ api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
42
+ response.status.should == 401
43
+ end
44
+ end
45
+ end
46
+
24
47
  context "cannot make a request to the API" do
25
48
  it "without an API key" do
26
49
  api_get :index
@@ -21,6 +21,16 @@ module Spree
21
21
  Spree::Config[:track_inventory_levels] = true
22
22
  end
23
23
 
24
+ context "GET 'show'" do
25
+ let(:order) { create(:order) }
26
+
27
+ it "redirects to Orders#show" do
28
+ api_get :show, :id => order.number
29
+ response.status.should == 301
30
+ response.should redirect_to("/api/orders/#{order.number}")
31
+ end
32
+ end
33
+
24
34
  context "POST 'create'" do
25
35
  it "creates a new order when no parameters are passed" do
26
36
  api_post :create
@@ -21,7 +21,8 @@ module Spree
21
21
  api_post :create,
22
22
  :image => { :attachment => upload_image('thinking-cat.jpg'),
23
23
  :viewable_type => 'Spree::Variant',
24
- :viewable_id => product.master.to_param }
24
+ :viewable_id => product.master.to_param },
25
+ :product_id => product.id
25
26
  response.status.should == 201
26
27
  json_response.should have_attributes(attributes)
27
28
  end.should change(Image, :count).by(1)
@@ -32,14 +33,14 @@ module Spree
32
33
 
33
34
  it "can update image data" do
34
35
  product_image.position.should == 1
35
- api_post :update, :image => { :position => 2 }, :id => product_image.id
36
+ api_post :update, :image => { :position => 2 }, :id => product_image.id, :product_id => product.id
36
37
  response.status.should == 200
37
38
  json_response.should have_attributes(attributes)
38
39
  product_image.reload.position.should == 2
39
40
  end
40
41
 
41
42
  it "can delete an image" do
42
- api_delete :destroy, :id => product_image.id
43
+ api_delete :destroy, :id => product_image.id, :product_id => product.id
43
44
  response.status.should == 204
44
45
  lambda { product_image.reload }.should raise_error(ActiveRecord::RecordNotFound)
45
46
  end
@@ -48,17 +49,17 @@ module Spree
48
49
 
49
50
  context "as a non-admin" do
50
51
  it "cannot create an image" do
51
- api_post :create
52
+ api_post :create, :product_id => product.id
52
53
  assert_unauthorized!
53
54
  end
54
55
 
55
56
  it "cannot update an image" do
56
- api_put :update, :id => 1
57
+ api_put :update, :id => 1, :product_id => product.id
57
58
  assert_not_found!
58
59
  end
59
60
 
60
61
  it "cannot delete an image" do
61
- api_delete :destroy, :id => 1
62
+ api_delete :destroy, :id => 1, :product_id => product.id
62
63
  assert_not_found!
63
64
  end
64
65
  end
@@ -10,11 +10,8 @@ module Spree
10
10
  let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
11
11
  let(:resource_scoping) { { :order_id => order.to_param } }
12
12
 
13
- before do
14
- stub_authentication!
15
- end
16
-
17
13
  it "can learn how to create a new line item" do
14
+ controller.stub :try_spree_current_user => current_api_user
18
15
  api_get :new
19
16
  json_response["attributes"].should == ["quantity", "price", "variant_id"]
20
17
  required_attributes = json_response["required_attributes"]
@@ -40,6 +37,7 @@ module Spree
40
37
 
41
38
  context "as the order owner" do
42
39
  before do
40
+ controller.stub :try_spree_current_user => current_api_user
43
41
  Order.any_instance.stub :user => current_api_user
44
42
  end
45
43
 
@@ -102,10 +100,28 @@ module Spree
102
100
  api_delete :destroy, :id => line_item.id
103
101
  expect(order.reload.shipments).to be_empty
104
102
  end
103
+
104
+ context "order is completed" do
105
+ before do
106
+ order.stub completed?: true
107
+ Order.stub_chain :includes, find_by!: order
108
+ end
109
+
110
+ it "doesn't destroy shipments or restart checkout flow" do
111
+ expect(order.reload.shipments).not_to be_empty
112
+ api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
113
+ expect(order.reload.shipments).not_to be_empty
114
+ end
115
+ end
105
116
  end
106
117
  end
107
118
 
108
119
  context "as just another user" do
120
+ before do
121
+ user = create(:user)
122
+ controller.stub :try_spree_current_user => user
123
+ end
124
+
109
125
  it "cannot add a new line item to the order" do
110
126
  api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
111
127
  assert_unauthorized!
@@ -13,7 +13,7 @@ module Spree
13
13
  :user_id, :created_at, :updated_at,
14
14
  :completed_at, :payment_total, :shipment_state,
15
15
  :payment_state, :email, :special_instructions,
16
- :total_quantity, :display_item_total] }
16
+ :total_quantity, :display_item_total, :currency] }
17
17
 
18
18
  let(:address_params) { { :country_id => Country.first.id, :state_id => State.first.id } }
19
19