spree_api 3.1.14 → 3.2.0.rc1

data/spec/controllers/spree/api/v1/variants_controller_spec.rb

@@ -0,0 +1,205 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::VariantsController, type: :controller do
+    render_views
+
+    let(:option_value) { create(:option_value) }
+    let!(:product) { create(:product) }
+    let!(:variant) do
+      variant = product.master
+      variant.option_values << option_value
+      variant
+    end
+
+    let!(:base_attributes) { Api::ApiHelpers.variant_attributes }
+    let!(:show_attributes) { base_attributes.dup.push(:in_stock, :display_price) }
+    let!(:new_attributes) { base_attributes }
+
+    before do
+      stub_authentication!
+    end
+
+    it "can see a paginated list of variants" do
+      api_get :index
+      first_variant = json_response["variants"].first
+      expect(first_variant).to have_attributes(show_attributes)
+      expect(first_variant["stock_items"]).to be_present
+      expect(json_response["count"]).to eq(1)
+      expect(json_response["current_page"]).to eq(1)
+      expect(json_response["pages"]).to eq(1)
+    end
+
+    it 'can control the page size through a parameter' do
+      create(:variant)
+      api_get :index, per_page: 1
+      expect(json_response['count']).to eq(1)
+      expect(json_response['current_page']).to eq(1)
+      expect(json_response['pages']).to eq(3)
+    end
+
+    it 'can query the results through a parameter' do
+      expected_result = create(:variant, sku: 'FOOBAR')
+      api_get :index, q: { sku_cont: 'FOO' }
+      expect(json_response['count']).to eq(1)
+      expect(json_response['variants'].first['sku']).to eq expected_result.sku
+    end
+
+    it "variants returned contain option values data" do
+      api_get :index
+      option_values = json_response["variants"].last["option_values"]
+      expect(option_values.first).to have_attributes([:name,
+                                                 :presentation,
+                                                 :option_type_name,
+                                                 :option_type_id])
+    end
+
+    it "variants returned contain images data" do
+      variant.images.create!(attachment: image("thinking-cat.jpg"))
+
+      api_get :index
+
+      expect(json_response["variants"].last).to have_attributes([:images])
+      expect(json_response['variants'].first['images'].first).to have_attributes([:attachment_file_name,
+                                                                               :attachment_width,
+                                                                               :attachment_height,
+                                                                               :attachment_content_type,
+                                                                               :mini_url,
+                                                                               :small_url,
+                                                                               :product_url,
+                                                                               :large_url])
+
+    end
+
+    it 'variants returned do not contain cost price data' do
+      api_get :index
+      expect(json_response["variants"].first.has_key?(:cost_price)).to eq false
+    end
+
+    # Regression test for #2141
+    context "a deleted variant" do
+      before do
+        variant.update_column(:deleted_at, Time.current)
+      end
+
+      it "is not returned in the results" do
+        api_get :index
+        expect(json_response["variants"].count).to eq(0)
+      end
+
+      it "is not returned even when show_deleted is passed" do
+        api_get :index, show_deleted: true
+        expect(json_response["variants"].count).to eq(0)
+      end
+    end
+
+    context "pagination" do
+      it "can select the next page of variants" do
+        second_variant = create(:variant)
+        api_get :index, page: 2, per_page: 1
+        expect(json_response["variants"].first).to have_attributes(show_attributes)
+        expect(json_response["total_count"]).to eq(3)
+        expect(json_response["current_page"]).to eq(2)
+        expect(json_response["pages"]).to eq(3)
+      end
+    end
+
+    it "can see a single variant" do
+      api_get :show, id: variant.to_param
+      expect(json_response).to have_attributes(show_attributes)
+      expect(json_response["stock_items"]).to be_present
+      option_values = json_response["option_values"]
+      expect(option_values.first).to have_attributes([:name,
+                                                 :presentation,
+                                                 :option_type_name,
+                                                 :option_type_id])
+    end
+
+    it "can see a single variant with images" do
+      variant.images.create!(attachment: image("thinking-cat.jpg"))
+
+      api_get :show, id: variant.to_param
+
+      expect(json_response).to have_attributes(show_attributes + [:images])
+      option_values = json_response["option_values"]
+      expect(option_values.first).to have_attributes([:name,
+                                                 :presentation,
+                                                 :option_type_name,
+                                                 :option_type_id])
+    end
+
+    it "can learn how to create a new variant" do
+      api_get :new
+      expect(json_response["attributes"]).to eq(new_attributes.map(&:to_s))
+      expect(json_response["required_attributes"]).to be_empty
+    end
+
+    it "cannot create a new variant if not an admin" do
+      api_post :create, variant: { sku: "12345" }
+      assert_unauthorized!
+    end
+
+    it "cannot update a variant" do
+      api_put :update, id: variant.to_param, variant: { sku: "12345" }
+      assert_not_found!
+    end
+
+    it "cannot delete a variant" do
+      api_delete :destroy, id: variant.to_param
+      assert_not_found!
+      expect { variant.reload }.not_to raise_error
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+      let(:resource_scoping) { { product_id: variant.product.to_param } }
+
+      # Test for #2141
+      context "deleted variants" do
+        before do
+          variant.update_column(:deleted_at, Time.current)
+        end
+
+        it "are visible by admin" do
+          api_get :index, show_deleted: 1
+          expect(json_response["variants"].count).to eq(1)
+        end
+      end
+
+      it "can create a new variant" do
+        other_value = create(:option_value)
+        api_post :create, variant: {
+          sku: "12345",
+          price: "20",
+          option_value_ids: [option_value.id, other_value.id]
+        }
+
+        expect(json_response).to have_attributes(new_attributes)
+        expect(response.status).to eq(201)
+        expect(json_response["sku"]).to eq("12345")
+        expect(json_response["price"]).to match "20"
+
+        option_value_ids = json_response["option_values"].map { |o| o['id'] }
+        expect(option_value_ids).to match_array [option_value.id, other_value.id]
+
+        expect(variant.product.variants.count).to eq(1)
+      end
+
+      it "can update a variant" do
+        api_put :update, id: variant.to_param, variant: { sku: "12345" }
+        expect(response.status).to eq(200)
+      end
+
+      it "can delete a variant" do
+        api_delete :destroy, id: variant.to_param
+        expect(response.status).to eq(204)
+        expect { Spree::Variant.find(variant.id) }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it 'variants returned contain cost price data' do
+        api_get :index
+        expect(json_response["variants"].first.has_key?(:cost_price)).to eq true
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/zones_controller_spec.rb

@@ -0,0 +1,91 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::ZonesController, type: :controller do
+    render_views
+
+    let!(:attributes) { [:id, :name, :zone_members] }
+
+    before do
+      stub_authentication!
+      @zone = create(:zone, name: 'Europe')
+    end
+
+    it "gets list of zones" do
+      api_get :index
+      expect(json_response['zones'].first).to have_attributes(attributes)
+    end
+
+    it 'can control the page size through a parameter' do
+      create(:zone)
+      api_get :index, per_page: 1
+      expect(json_response['count']).to eq(1)
+      expect(json_response['current_page']).to eq(1)
+      expect(json_response['pages']).to eq(2)
+    end
+
+    it 'can query the results through a paramter' do
+      expected_result = create(:zone, name: 'South America')
+      api_get :index, q: { name_cont: 'south' }
+      expect(json_response['count']).to eq(1)
+      expect(json_response['zones'].first['name']).to eq expected_result.name
+    end
+
+    it "gets a zone" do
+      api_get :show, id: @zone.id
+      expect(json_response).to have_attributes(attributes)
+      expect(json_response['name']).to eq @zone.name
+      expect(json_response['zone_members'].size).to eq @zone.zone_members.count
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      let!(:country) { create(:country) }
+
+      it "can create a new zone" do
+        params = {
+          zone: {
+            name: "North Pole",
+            zone_members: [
+              {
+                zoneable_type: "Spree::Country",
+                zoneable_id: country.id
+              }
+            ]
+          }
+        }
+
+        api_post :create, params
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["zone_members"]).not_to be_empty
+      end
+
+      it "updates a zone" do
+        params = { id: @zone.id,
+          zone: {
+            name: "North Pole",
+            zone_members: [
+              {
+                zoneable_type: "Spree::Country",
+                zoneable_id: country.id
+              }
+            ]
+          }
+        }
+
+        api_put :update, params
+        expect(response.status).to eq(200)
+        expect(json_response['name']).to eq 'North Pole'
+        expect(json_response['zone_members']).not_to be_blank
+      end
+
+      it "can delete a zone" do
+        api_delete :destroy, id: @zone.id
+        expect(response.status).to eq(204)
+        expect { @zone.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end

data/spec/models/spree/legacy_user_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+module Spree
+  describe LegacyUser, type: :model do
+    let(:user) { LegacyUser.new }
+
+    it "can generate an API key" do
+      expect(user).to receive(:save!)
+      user.generate_spree_api_key!
+      expect(user.spree_api_key).not_to be_blank
+    end
+
+    it "can clear an API key" do
+      expect(user).to receive(:save!)
+      user.clear_spree_api_key!
+      expect(user.spree_api_key).to be_blank
+    end
+  end
+end

data/spec/requests/rabl_cache_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe "Rabl Cache", type: :request, caching: true do
+  let!(:user)  { create(:admin_user) }
+
+  before do
+    create(:variant)
+    user.generate_spree_api_key!
+    expect(Spree::Product.count).to eq(1)
+  end
+
+  it "doesn't create a cache key collision for models with different rabl templates" do
+    get "/api/v1/variants", params: { token: user.spree_api_key }
+    expect(response.status).to eq(200)
+
+    # Make sure we get a non master variant
+    variant_a = JSON.parse(response.body)['variants'].select do |v|
+      !v['is_master']
+    end.first
+
+    expect(variant_a['is_master']).to be false
+    expect(variant_a['stock_items']).not_to be_nil
+
+    get "/api/v1/products/#{Spree::Product.first.id}", params: { token: user.spree_api_key }
+    expect(response.status).to eq(200)
+    variant_b = JSON.parse(response.body)['variants'].last
+    expect(variant_b['is_master']).to be false
+
+    expect(variant_a['id']).to eq(variant_b['id'])
+    expect(variant_b['stock_items']).to be_nil
+  end
+end

data/spec/requests/ransackable_attributes_spec.rb

@@ -0,0 +1,79 @@
+require 'spec_helper'
+
+describe "Ransackable Attributes" do
+  let(:user) { create(:user).tap(&:generate_spree_api_key!) }
+  let(:order) { create(:order_with_line_items, user: user) }
+  context "filtering by attributes one association away" do
+    it "does not allow the filtering of variants by order attributes" do
+      2.times { create(:variant) }
+
+      get "/api/v1/variants?q[orders_email_start]=#{order.email}", params: { token: user.spree_api_key }
+
+      variants_response = JSON.parse(response.body)
+      expect(variants_response['total_count']).to eq(Spree::Variant.count)
+    end
+  end
+
+  context "filtering by attributes two associations away" do
+    it "does not allow the filtering of variants by user attributes" do
+      2.times { create(:variant) }
+
+      get "/api/v1/variants?q[orders_user_email_start]=#{order.user.email}", params: { token: user.spree_api_key }
+
+      variants_response = JSON.parse(response.body)
+      expect(variants_response['total_count']).to eq(Spree::Variant.count)
+    end
+  end
+
+  context "it maintains desired association behavior" do
+    it "allows filtering of variants product name" do
+      product = create(:product, name: "Fritos")
+      variant = create(:variant, product: product)
+      other_variant = create(:variant)
+
+      get "/api/v1/variants?q[product_name_or_sku_cont]=fritos", params: { token: user.spree_api_key }
+
+      skus = JSON.parse(response.body)['variants'].map { |variant| variant['sku'] }
+      expect(skus).to include variant.sku
+      expect(skus).not_to include other_variant.sku
+    end
+  end
+
+  context "filtering by attributes" do
+    it "most attributes are not filterable by default" do
+      product = create(:product, meta_title: "special product")
+      other_product = create(:product)
+
+      get "/api/v1/products?q[meta_title_cont]=special", params: { token: user.spree_api_key }
+
+      products_response = JSON.parse(response.body)
+      expect(products_response['total_count']).to eq(Spree::Product.count)
+    end
+
+    it "id is filterable by default" do
+      product = create(:product)
+      other_product = create(:product)
+
+      get "/api/v1/products?q[id_eq]=#{product.id}", params: { token: user.spree_api_key }
+
+      product_names = JSON.parse(response.body)['products'].map { |product| product['name'] }
+      expect(product_names).to include product.name
+      expect(product_names).not_to include other_product.name
+    end
+  end
+
+  context "filtering by whitelisted attributes" do
+    it "filtering is supported for whitelisted attributes" do
+      product = create(:product, name: "Fritos")
+      other_product = create(:product)
+
+      get "/api/v1/products?q[name_cont]=fritos", params: { token: user.spree_api_key }
+
+      product_names = JSON.parse(response.body)['products'].map { |product| product['name'] }
+      expect(product_names).to include product.name
+      expect(product_names).not_to include other_product.name
+    end
+  end
+
+
+end

data/spec/requests/version_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+describe "Version", type: :request do
+  let!(:countries) { 2.times.map { create :country } }
+
+  describe "/api" do
+    it "be a redirect" do
+      get "/api/countries"
+      expect(response).to have_http_status 301
+    end
+  end
+
+  describe "/api/v1" do
+    it "be successful" do
+      get "/api/v1/countries"
+      expect(response).to have_http_status 200
+    end
+  end
+end