spree_api 3.1.14 → 3.2.0.rc1

data/spec/controllers/spree/api/v1/classifications_controller_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::ClassificationsController, type: :controller do
+    let(:taxon) do
+      taxon = create(:taxon)
+
+      3.times do
+        product = create(:product)
+        product.taxons << taxon
+      end
+      taxon
+    end
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a user" do
+      it "cannot change the order of a product" do
+        api_put :update, taxon_id: taxon, product_id: taxon.products.first, position: 1
+        expect(response.status).to eq(401)
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      let(:last_product) { taxon.products.last }
+
+      it "can change the order a product" do
+        classification = taxon.classifications.find_by(product_id: last_product.id)
+        expect(classification.position).to eq(3)
+        api_put :update, taxon_id: taxon.id, product_id: last_product.id, position: 0
+        expect(response.status).to eq(200)
+        expect(classification.reload.position).to eq(1)
+      end
+
+      it "should touch the taxon" do
+        taxon.update_attributes(updated_at: Time.current - 10.seconds)
+        taxon_last_updated_at = taxon.updated_at
+        api_put :update, taxon_id: taxon.id, product_id: last_product.id, position: 0
+        taxon.reload
+        expect(taxon_last_updated_at.to_i).to_not eq(taxon.updated_at.to_i)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/countries_controller_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::CountriesController, type: :controller do
+    render_views
+
+    before do
+      stub_authentication!
+      @state = create(:state)
+      @country = @state.country
+    end
+
+    it "gets all countries" do
+      api_get :index
+      expect(json_response['countries'].first['iso3']).to eq @country.iso3
+    end
+
+    context "with two countries" do
+      before { @zambia = create(:country, name: "Zambia") }
+
+      it "can view all countries" do
+        api_get :index
+        expect(json_response['count']).to eq(2)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(1)
+      end
+
+      it 'can query the results through a paramter' do
+        api_get :index, q: { name_cont: 'zam' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['countries'].first['name']).to eq @zambia.name
+      end
+
+      it 'can control the page size through a parameter' do
+        api_get :index, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+    end
+
+    it "includes states" do
+      api_get :show, id: @country.id
+      states = json_response['states']
+      expect(states.first['name']).to eq @state.name
+    end
+  end
+end

data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::CreditCardsController, type: :controller do
+    render_views
+
+    let!(:admin_user) do
+      user = Spree.user_class.new(email: "spree@example.com", id: 1)
+      user.generate_spree_api_key!
+      allow(user).to receive(:has_spree_role?).with('admin').and_return(true)
+      user
+    end
+
+    let!(:normal_user) do
+      user = Spree.user_class.new(email: "spree2@example.com", id: 2)
+      user.generate_spree_api_key!
+      user
+    end
+
+    let!(:card) { create(:credit_card, user_id: admin_user.id, gateway_customer_profile_id: "random") }
+
+    before do
+      stub_authentication!
+    end
+
+    it "the user id doesn't exist" do
+      api_get :index, user_id: 1000
+      expect(response.status).to eq(404)
+    end
+
+    context "calling user is in admin role" do
+      let(:current_api_user) do
+        user = admin_user
+        user
+      end
+
+      it "no credit cards exist for user" do
+        api_get :index, user_id: normal_user.id
+
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(0)
+      end
+
+      it "can view all credit cards for user" do
+        api_get :index, user_id: current_api_user.id
+
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["credit_cards"].length).to eq(1)
+        expect(json_response["credit_cards"].first["id"]).to eq(card.id)
+      end
+    end
+
+    context "calling user is not in admin role" do
+      let(:current_api_user) do
+        user = normal_user
+        user
+      end
+
+      let!(:card) { create(:credit_card, user_id: normal_user.id, gateway_customer_profile_id: "random") }
+
+      it "can not view user" do
+        api_get :index, user_id: admin_user.id
+
+        expect(response.status).to eq(404)
+      end
+
+      it "can view own credit cards" do
+        api_get :index, user_id: normal_user.id
+
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["credit_cards"].length).to eq(1)
+        expect(json_response["credit_cards"].first["id"]).to eq(card.id)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/images_controller_spec.rb

@@ -0,0 +1,114 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::ImagesController, type: :controller do
+    render_views
+
+    let!(:product) { create(:product) }
+    let!(:attributes) { [:id, :position, :attachment_content_type,
+                         :attachment_file_name, :type, :attachment_updated_at, :attachment_width,
+                         :attachment_height, :alt] }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can learn how to create a new image" do
+        api_get :new, product_id: product.id
+        expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+        expect(json_response["required_attributes"]).to be_empty
+      end
+
+      it "can upload a new image for a variant" do
+        expect do
+          api_post :create,
+                   image: { attachment: upload_image('thinking-cat.jpg'),
+                               viewable_type: 'Spree::Variant',
+                               viewable_id: product.master.to_param  },
+                   product_id: product.id
+          expect(response.status).to eq(201)
+          expect(json_response).to have_attributes(attributes)
+        end.to change(Image, :count).by(1)
+      end
+
+      it "can't upload a new image for a variant without attachment" do
+        api_post :create,
+                 image: { viewable_type: 'Spree::Variant',
+                          viewable_id: product.master.to_param
+                        },
+                 product_id: product.id
+        expect(response.status).to eq(422)
+      end
+
+      context "working with an existing image" do
+        let!(:product_image) { product.master.images.create!(attachment: image('thinking-cat.jpg')) }
+
+        it "can get a single product image" do
+          api_get :show, id: product_image.id, product_id: product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+        end
+
+        it "can get a single variant image" do
+          api_get :show, id: product_image.id, variant_id: product.master.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+        end
+
+        it "can get a list of product images" do
+          api_get :index, product_id: product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_key("images")
+          expect(json_response["images"].first).to have_attributes(attributes)
+        end
+
+        it "can get a list of variant images" do
+          api_get :index, variant_id: product.master.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_key("images")
+          expect(json_response["images"].first).to have_attributes(attributes)
+        end
+
+        it "can update image data" do
+          expect(product_image.position).to eq(1)
+          api_post :update, image: { position: 2 }, id: product_image.id, product_id: product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+          expect(product_image.reload.position).to eq(2)
+        end
+
+        it "can't update an image without attachment" do
+          api_post :update,
+                   id: product_image.id, product_id: product.id
+          expect(response.status).to eq(422)
+        end
+
+        it "can delete an image" do
+          api_delete :destroy, id: product_image.id, product_id: product.id
+          expect(response.status).to eq(204)
+          expect { product_image.reload }.to raise_error(ActiveRecord::RecordNotFound)
+        end
+      end
+    end
+
+    context "as a non-admin" do
+      it "cannot create an image" do
+        api_post :create, product_id: product.id
+        assert_unauthorized!
+      end
+
+      it "cannot update an image" do
+        api_put :update, id: 1, product_id: product.id
+        assert_not_found!
+      end
+
+      it "cannot delete an image" do
+        api_delete :destroy, id: 1, product_id: product.id
+        assert_not_found!
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/inventory_units_controller_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::InventoryUnitsController, type: :controller do
+    render_views
+
+    before do
+      stub_authentication!
+      @inventory_unit = create(:inventory_unit)
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "gets an inventory unit" do
+        api_get :show, id: @inventory_unit.id
+        expect(json_response['state']).to eq @inventory_unit.state
+      end
+
+      it "updates an inventory unit" do
+        api_put :update, id: @inventory_unit.id,
+                         inventory_unit: { shipment_id: nil }
+        expect(json_response['shipment_id']).to be_nil
+      end
+
+      context 'fires state event' do
+        it 'if supplied with :fire param' do
+          api_put :update, id: @inventory_unit.id,
+                           fire: 'ship',
+                           inventory_unit: { shipment: { tracking: 'foobar' } }
+          expect(json_response['state']).to eq 'shipped'
+        end
+
+        it 'and returns exception if cannot fire' do
+          api_put :update, id: @inventory_unit.id,
+                           fire: 'return'
+          expect(json_response['exception']).to match /cannot transition to return/
+        end
+
+        it 'and returns exception bad state' do
+          api_put :update, id: @inventory_unit.id,
+                           fire: 'bad'
+          expect(json_response['exception']).to match /cannot transition to bad/
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/line_items_controller_spec.rb

@@ -0,0 +1,203 @@
+require 'spec_helper'
+
+module Spree
+  PermittedAttributes.module_eval do
+    mattr_writer :line_item_attributes
+  end
+
+  unless PermittedAttributes.line_item_attributes.include? :some_option
+    PermittedAttributes.line_item_attributes += [:some_option]
+  end
+
+  # This should go in an initializer
+  Spree::Api::V1::LineItemsController.line_item_options += [:some_option]
+
+  describe Api::V1::LineItemsController, type: :controller do
+    render_views
+
+    let!(:order) { create(:order_with_line_items, line_items_count: 1) }
+
+    let(:product) { create(:product) }
+    let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
+    let(:resource_scoping) { { order_id: order.to_param } }
+
+    before do
+      stub_authentication!
+    end
+
+    it "can learn how to create a new line item" do
+      api_get :new
+      expect(json_response["attributes"]).to eq(["quantity", "price", "variant_id"])
+      required_attributes = json_response["required_attributes"]
+      expect(required_attributes).to include("quantity", "variant_id")
+    end
+
+    context "authenticating with a token" do
+      it "can add a new line item to an existing order" do
+        api_post :create, line_item: { variant_id: product.master.to_param, quantity: 1 }, order_token: order.guest_token
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["variant"]["name"]).not_to be_blank
+      end
+
+      it "can add a new line item to an existing order with token in header" do
+        request.headers["X-Spree-Order-Token"] = order.guest_token
+        api_post :create, line_item: { variant_id: product.master.to_param, quantity: 1 }
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["variant"]["name"]).not_to be_blank
+      end
+    end
+
+    context "as the order owner" do
+      before do
+        allow_any_instance_of(Order).to receive_messages user: current_api_user
+      end
+
+      it "can add a new line item to an existing order" do
+        api_post :create, line_item: { variant_id: product.master.to_param, quantity: 1 }
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["variant"]["name"]).not_to be_blank
+      end
+
+      it "can add a new line item to an existing order with options" do
+        expect_any_instance_of(LineItem).to receive(:some_option=).with("foo")
+        api_post :create,
+                 line_item: {
+                   variant_id: product.master.to_param,
+                   quantity: 1,
+                   options: { some_option: "foo" }
+                 }
+        expect(response.status).to eq(201)
+      end
+
+      it "default quantity to 1 if none is given" do
+        api_post :create, line_item: { variant_id: product.master.to_param }
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response[:quantity]).to eq 1
+      end
+
+      it "increases a line item's quantity if it exists already" do
+        order.line_items.create(variant_id: product.master.id, quantity: 10)
+        api_post :create, line_item: { variant_id: product.master.to_param, quantity: 1 }
+        expect(response.status).to eq(201)
+        order.reload
+        expect(order.line_items.count).to eq(2) # 1 original due to factory, + 1 in this test
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["quantity"]).to eq(11)
+      end
+
+      it "can update a line item on the order" do
+        line_item = order.line_items.first
+        api_put :update, id: line_item.id, line_item: { quantity: 101 }
+        expect(response.status).to eq(200)
+        order.reload
+        expect(order.total).to eq(1010) # 10 original due to factory, + 1000 in this test
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["quantity"]).to eq(101)
+      end
+
+      it "can update a line item's options on the order" do
+        expect_any_instance_of(LineItem).to receive(:some_option=).with("foo")
+        line_item = order.line_items.first
+        api_put :update,
+                id: line_item.id,
+                line_item: { quantity: 1, options: { some_option: "foo" } }
+        expect(response.status).to eq(200)
+      end
+
+      it "can delete a line item on the order" do
+        line_item = order.line_items.first
+        api_delete :destroy, id: line_item.id
+        expect(response.status).to eq(204)
+        order.reload
+        expect(order.line_items.count).to eq(0) # 1 original due to factory, - 1 in this test
+        expect { line_item.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      context "order contents changed after shipments were created" do
+        let!(:order) { Order.create }
+        let!(:line_item) { order.contents.add(product.master) }
+
+        before { order.create_proposed_shipments }
+
+        it "clear out shipments on create" do
+          expect(order.reload.shipments).not_to be_empty
+          api_post :create, line_item: { variant_id: product.master.to_param, quantity: 1 }
+          expect(order.reload.shipments).to be_empty
+        end
+
+        it "clear out shipments on update" do
+          expect(order.reload.shipments).not_to be_empty
+          api_put :update, id: line_item.id, line_item: { quantity: 1000 }
+          expect(order.reload.shipments).to be_empty
+        end
+
+        it "clear out shipments on delete" do
+          expect(order.reload.shipments).not_to be_empty
+          api_delete :destroy, id: line_item.id
+          expect(order.reload.shipments).to be_empty
+        end
+
+        context "order is completed" do
+          before do
+            allow(order).to receive_messages completed?: true
+            allow(Order).to receive_message_chain :includes, find_by!: order
+          end
+
+          it "doesn't destroy shipments or restart checkout flow" do
+            expect(order.reload.shipments).not_to be_empty
+            api_post :create, line_item: { variant_id: product.master.to_param, quantity: 1 }
+            expect(order.reload.shipments).not_to be_empty
+          end
+
+          context 'deleting line items' do
+            it 'restocks product after line item removal' do
+              line_item = order.line_items.first
+              variant = line_item.variant
+              expect do
+                api_delete :destroy, id: line_item.id
+              end.to change { variant.total_on_hand }.by(line_item.quantity)
+
+              expect(response.status).to eq(204)
+              order.reload
+              expect(order.line_items.count).to eq(0)
+            end
+
+            it 'calls `restock` on proper stock location' do
+              expect(order.shipments.first.stock_location).to receive(:restock)
+              api_delete :destroy, id: line_item.id
+            end
+          end
+        end
+      end
+    end
+
+    context "as just another user" do
+      before do
+        user = create(:user)
+      end
+
+      it "cannot add a new line item to the order" do
+        api_post :create, line_item: { variant_id: product.master.to_param, quantity: 1 }
+        assert_unauthorized!
+      end
+
+      it "cannot update a line item on the order" do
+        line_item = order.line_items.first
+        api_put :update, id: line_item.id, line_item: { quantity: 1000 }
+        assert_unauthorized!
+        expect(line_item.reload.quantity).not_to eq(1000)
+      end
+
+      it "cannot delete a line item on the order" do
+        line_item = order.line_items.first
+        api_delete :destroy, id: line_item.id
+        assert_unauthorized!
+        expect { line_item.reload }.not_to raise_error
+      end
+    end
+  end
+end