spree_api 3.1.14 → 3.2.0.rc1

data/spec/controllers/spree/api/v1/promotion_application_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::OrdersController, type: :controller do
+    render_views
+
+    before do
+      stub_authentication!
+    end
+
+    context "with an available promotion" do
+      let!(:order) { create(:order_with_line_items, line_items_count: 1) }
+      let!(:promotion) do 
+        promotion = Spree::Promotion.create(name: "10% off", code: "10off")
+        calculator = Spree::Calculator::FlatPercentItemTotal.create(preferred_flat_percent: "10")
+        action = Spree::Promotion::Actions::CreateItemAdjustments.create(calculator: calculator)
+        promotion.actions << action
+        promotion
+      end
+
+      it "can apply a coupon code to the order" do
+        expect(order.total).to eq(110.00)
+        api_put :apply_coupon_code, id: order.to_param, coupon_code: "10off", order_token: order.guest_token
+        expect(response.status).to eq(200)
+        expect(order.reload.total).to eq(109.00)
+        expect(json_response["success"]).to eq("The coupon code was successfully applied to your order.")
+        expect(json_response["error"]).to be_blank
+        expect(json_response["successful"]).to be true
+        expect(json_response["status_code"]).to eq("coupon_code_applied")
+      end
+
+      context "with an expired promotion" do
+        before do
+          promotion.starts_at = 2.weeks.ago
+          promotion.expires_at = 1.week.ago
+          promotion.save
+        end
+
+        it "fails to apply" do
+          api_put :apply_coupon_code, id: order.to_param, coupon_code: "10off", order_token: order.guest_token
+          expect(response.status).to eq(422)
+          expect(json_response["success"]).to be_blank
+          expect(json_response["error"]).to eq("The coupon code is expired")
+          expect(json_response["successful"]).to be false
+          expect(json_response["status_code"]).to eq("coupon_code_expired")
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/promotions_controller_spec.rb

@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::PromotionsController, type: :controller do
+    render_views
+
+    shared_examples "a JSON response" do
+      it 'should be ok' do
+        expect(subject).to be_ok
+      end
+
+      it 'should return JSON' do
+        payload = HashWithIndifferentAccess.new(JSON.parse(subject.body))
+        expect(payload).to_not be_nil
+        Spree::Api::ApiHelpers.promotion_attributes.each do |attribute|
+          expect(payload.has_key?(attribute)).to be true
+        end
+      end
+    end
+
+    before do
+      stub_authentication!
+    end
+
+    let(:promotion) { create :promotion, :with_order_adjustment, code: '10off' }
+
+    describe 'GET #show' do
+      subject { api_get :show, id: id }
+
+      context 'when admin' do
+        sign_in_as_admin!
+
+        context 'when finding by id' do
+          let(:id) { promotion.id }
+
+          it_behaves_like "a JSON response"
+        end
+
+        context 'when finding by code' do
+          let(:id) { promotion.code }
+
+          it_behaves_like "a JSON response"
+        end
+
+        context 'when id does not exist' do
+          let(:id) { 'argh' }
+
+          it 'should be 404' do
+            expect(subject.status).to eq(404)
+          end
+        end
+      end
+
+      context 'when non admin' do
+        let(:id) { promotion.id }
+
+        it 'should be unauthorized' do
+          subject
+          assert_unauthorized!
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/properties_controller_spec.rb

@@ -0,0 +1,102 @@
+require 'spec_helper'
+module Spree
+  describe Api::V1::PropertiesController, type: :controller do
+    render_views
+
+    let!(:property_1) { Property.create!(name: "foo", presentation: "Foo") }
+    let!(:property_2) { Property.create!(name: "bar", presentation: "Bar") }
+
+    let(:attributes) { [:id, :name, :presentation] }
+
+    before do
+      stub_authentication!
+    end
+
+    it "can see a list of all properties" do
+      api_get :index
+      expect(json_response["properties"].count).to eq(2)
+      expect(json_response["properties"].first).to have_attributes(attributes)
+    end
+
+    it "can control the page size through a parameter" do
+      api_get :index, per_page: 1
+      expect(json_response['properties'].count).to eq(1)
+      expect(json_response['current_page']).to eq(1)
+      expect(json_response['pages']).to eq(2)
+    end
+
+    it 'can query the results through a parameter' do
+      api_get :index, q: { name_cont: 'ba' }
+      expect(json_response['count']).to eq(1)
+      expect(json_response['properties'].first['presentation']).to eq property_2.presentation
+    end
+
+    it "retrieves a list of properties by id" do
+      api_get :index, ids: [property_1.id]
+      expect(json_response["properties"].first).to have_attributes(attributes)
+      expect(json_response["count"]).to eq(1)
+    end
+
+    it "retrieves a list of properties by ids string" do
+      api_get :index, ids: [property_1.id, property_2.id].join(",")
+      expect(json_response["properties"].first).to have_attributes(attributes)
+      expect(json_response["properties"][1]).to have_attributes(attributes)
+      expect(json_response["count"]).to eq(2)
+    end
+
+    it "can see a single property" do
+      api_get :show, id: property_1.id
+      expect(json_response).to have_attributes(attributes)
+    end
+
+    it "can see a property by name" do
+      api_get :show, id: property_1.name
+      expect(json_response).to have_attributes(attributes)
+    end
+
+    it "can learn how to create a new property" do
+      api_get :new
+      expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+      expect(json_response["required_attributes"]).to be_empty
+    end
+
+    it "cannot create a new property if not an admin" do
+      api_post :create, property: { name: "My Property 3" }
+      assert_unauthorized!
+    end
+
+    it "cannot update a property" do
+      api_put :update, id: property_1.name, property: { presentation: "my value 456" }
+      assert_unauthorized!
+    end
+
+    it "cannot delete a property" do
+      api_delete :destroy, id: property_1.id
+      assert_unauthorized!
+      expect { property_1.reload }.not_to raise_error
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create a new property" do
+        expect(Spree::Property.count).to eq(2)
+        api_post :create, property: { name: "My Property 3", presentation: "my value 3" }
+        expect(json_response).to have_attributes(attributes)
+        expect(response.status).to eq(201)
+        expect(Spree::Property.count).to eq(3)
+      end
+
+      it "can update a property" do
+        api_put :update, id: property_1.name, property: { presentation: "my value 456" }
+        expect(response.status).to eq(200)
+      end
+
+      it "can delete a property" do
+        api_delete :destroy, id: property_1.name
+        expect(response.status).to eq(204)
+        expect { property_1.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb

@@ -0,0 +1,161 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::ReturnAuthorizationsController, type: :controller do
+    render_views
+
+    let!(:order) { create(:shipped_order) }
+
+    let(:product) { create(:product) }
+    let(:attributes) { [:id, :memo, :state] }
+    let(:resource_scoping) { { order_id: order.to_param } }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as the order owner" do
+      before do
+        allow_any_instance_of(Order).to receive_messages user: current_api_user
+      end
+
+      it "cannot see any return authorizations" do
+        api_get :index
+        assert_unauthorized!
+      end
+
+      it "cannot see a single return authorization" do
+        api_get :show, id: 1
+        assert_unauthorized!
+      end
+
+      it "cannot learn how to create a new return authorization" do
+        api_get :new
+        assert_unauthorized!
+      end
+
+      it "cannot create a new return authorization" do
+        api_post :create
+        assert_unauthorized!
+      end
+
+      it "cannot update a return authorization" do
+        api_put :update, id: 1
+        assert_not_found!
+      end
+
+      it "cannot delete a return authorization" do
+        api_delete :destroy, id: 1
+        assert_not_found!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can show return authorization" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_get :show, order_id: order.number, id: return_authorization.id
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).not_to be_blank
+      end
+
+      it "can get a list of return authorizations" do
+        FactoryGirl.create(:return_authorization, order: order)
+        FactoryGirl.create(:return_authorization, order: order)
+        api_get :index, { order_id: order.number }
+        expect(response.status).to eq(200)
+        return_authorizations = json_response["return_authorizations"]
+        expect(return_authorizations.first).to have_attributes(attributes)
+        expect(return_authorizations.first).not_to eq(return_authorizations.last)
+      end
+
+      it 'can control the page size through a parameter' do
+        FactoryGirl.create(:return_authorization, order: order)
+        FactoryGirl.create(:return_authorization, order: order)
+        api_get :index, order_id: order.number, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        FactoryGirl.create(:return_authorization, order: order)
+        expected_result = create(:return_authorization, memo: 'damaged')
+        order.return_authorizations << expected_result
+        api_get :index, q: { memo_cont: 'damaged' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['return_authorizations'].first['memo']).to eq expected_result.memo
+      end
+
+      it "can learn how to create a new return authorization" do
+        api_get :new
+        expect(json_response["attributes"]).to eq(["id", "number", "state", "order_id", "memo", "created_at", "updated_at"])
+        required_attributes = json_response["required_attributes"]
+        expect(required_attributes).to include("order")
+      end
+
+      it "can update a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_put :update, id: return_authorization.id, return_authorization: { memo: "ABC" }
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+      end
+
+      it "can cancel a return authorization on the order" do
+        FactoryGirl.create(:new_return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        expect(return_authorization.state).to eq("authorized")
+        api_delete :cancel, id: return_authorization.id
+        expect(response.status).to eq(200)
+        expect(return_authorization.reload.state).to eq("canceled")
+      end
+
+      it "can delete a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_delete :destroy, id: return_authorization.id
+        expect(response.status).to eq(204)
+        expect { return_authorization.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it "can add a new return authorization to an existing order" do
+        stock_location = FactoryGirl.create(:stock_location)
+        reason = FactoryGirl.create(:return_authorization_reason)
+        rma_params = { stock_location_id: stock_location.id,
+                       return_authorization_reason_id: reason.id,
+                       memo: "Defective" }
+        api_post :create, order_id: order.number, return_authorization: rma_params
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).not_to be_blank
+      end
+    end
+
+    context "as just another user" do
+      it "cannot add a return authorization to the order" do
+        api_post :create, return_autorization: { order_id: order.number, memo: "Defective" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_put :update, id: return_authorization.id, return_authorization: { memo: "ABC" }
+        assert_unauthorized!
+        expect(return_authorization.reload.memo).not_to eq("ABC")
+      end
+
+      it "cannot delete a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_delete :destroy, id: return_authorization.id
+        assert_unauthorized!
+        expect { return_authorization.reload }.not_to raise_error
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/shipments_controller_spec.rb

@@ -0,0 +1,187 @@
+require 'spec_helper'
+
+describe Spree::Api::V1::ShipmentsController, type: :controller do
+  render_views
+  let!(:shipment) { create(:shipment) }
+  let!(:attributes) { [:id, :tracking, :number, :cost, :shipped_at, :stock_location_name, :order_id, :shipping_rates, :shipping_methods] }
+
+  before do
+    stub_authentication!
+  end
+
+  let!(:resource_scoping) { { id: shipment.to_param, shipment: { order_id: shipment.order.to_param } } }
+
+  context "as a non-admin" do
+    it "cannot make a shipment ready" do
+      api_put :ready
+      assert_not_found!
+    end
+
+    it "cannot make a shipment shipped" do
+      api_put :ship
+      assert_not_found!
+    end
+  end
+
+  context "as an admin" do
+    let!(:order) { shipment.order }
+    let!(:stock_location) { create(:stock_location_with_items) }
+    let!(:variant) { create(:variant) }
+
+    sign_in_as_admin!
+
+    # Start writing this spec a bit differently than before....
+    describe 'POST #create' do
+      let(:params) do
+        {
+          variant_id: stock_location.stock_items.first.variant.to_param,
+          shipment: { order_id: order.number },
+          stock_location_id: stock_location.to_param
+        }
+      end
+
+      subject do
+        api_post :create, params
+      end
+
+      [:variant_id, :stock_location_id].each do |field|
+        context "when #{field} is missing" do
+          before do
+            params.delete(field)
+          end
+
+          it 'should return proper error' do
+            subject
+            expect(response.status).to eq(422)
+            expect(json_response['exception']).to eq("param is missing or the value is empty: #{field.to_s}")
+          end
+        end
+      end
+
+      it 'should create a new shipment' do
+        expect(subject).to be_ok
+        expect(json_response).to have_attributes(attributes)
+      end
+    end
+
+    it 'can update a shipment' do
+      params = {
+        shipment: {
+          stock_location_id: stock_location.to_param
+        }
+      }
+
+      api_put :update, params
+      expect(response.status).to eq(200)
+      expect(json_response['stock_location_name']).to eq(stock_location.name)
+    end
+
+    it "can make a shipment ready" do
+      allow_any_instance_of(Spree::Order).to receive_messages(paid?: true, complete?: true)
+      api_put :ready
+      expect(json_response).to have_attributes(attributes)
+      expect(json_response["state"]).to eq("ready")
+      expect(shipment.reload.state).to eq("ready")
+    end
+
+    it "cannot make a shipment ready if the order is unpaid" do
+      allow_any_instance_of(Spree::Order).to receive_messages(paid?: false)
+      api_put :ready
+      expect(json_response["error"]).to eq("Cannot ready shipment.")
+      expect(response.status).to eq(422)
+    end
+
+    context 'for completed shipments' do
+      let(:order) { create :completed_order_with_totals }
+      let!(:resource_scoping) { { id: order.shipments.first.to_param, shipment: { order_id: order.to_param } } }
+
+      it 'adds a variant to a shipment' do
+        api_put :add, { variant_id: variant.to_param, quantity: 2 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(2)
+      end
+
+      it 'removes a variant from a shipment' do
+        order.contents.add(variant, 2)
+
+        api_put :remove, { variant_id: variant.to_param, quantity: 1 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(1)
+      end
+
+      it 'removes a destroyed variant from a shipment' do
+        order.contents.add(variant, 2)
+        variant.destroy
+
+        api_put :remove, { variant_id: variant.to_param, quantity: 1 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(1)
+      end
+    end
+
+    context "can transition a shipment from ready to ship" do
+      before do
+        allow_any_instance_of(Spree::Order).to receive_messages(paid?: true, complete?: true)
+        shipment.update!(shipment.order)
+        expect(shipment.state).to eq("ready")
+        allow_any_instance_of(Spree::ShippingRate).to receive_messages(cost: 5)
+      end
+
+      it "can transition a shipment from ready to ship" do
+        shipment.reload
+        api_put :ship, id: shipment.to_param, shipment: { tracking: "123123", order_id: shipment.order.to_param }
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).to eq("shipped")
+      end
+
+    end
+
+    describe '#mine' do
+      subject do
+        api_get :mine, format: 'json', params: params
+      end
+
+      let(:params) { {} }
+
+      before { subject }
+
+      context "the current api user is authenticated and has orders" do
+        let(:current_api_user) { shipped_order.user }
+        let(:shipped_order) { create(:shipped_order) }
+
+        it 'succeeds' do
+          expect(response.status).to eq 200
+        end
+
+        describe 'json output' do
+          render_views
+
+          let(:rendered_shipment_ids) { json_response['shipments'].map { |s| s['id'] } }
+
+          it 'contains the shipments' do
+            expect(rendered_shipment_ids).to match_array current_api_user.orders.flat_map(&:shipments).map(&:id)
+          end
+        end
+
+        context 'with filtering' do
+          let(:params) { {q: {order_completed_at_not_null: 1}} }
+
+          let!(:incomplete_order) { create(:order, user: current_api_user) }
+
+          it 'filters' do
+            expect(assigns(:shipments).map(&:id)).to match_array current_api_user.orders.complete.flat_map(&:shipments).map(&:id)
+          end
+        end
+      end
+
+      context "the current api user is not persisted" do
+        let(:current_api_user) { Spree.user_class.new }
+
+        it "returns a 401" do
+          expect(response.status).to eq(401)
+        end
+      end
+    end
+
+  end
+end