spree_api 3.1.14 → 3.2.0.rc1

data/spec/controllers/spree/api/v1/tags_controller_spec.rb

@@ -0,0 +1,102 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::TagsController, type: :controller do
+    render_views
+
+    let!(:tag) { create(:tag) }
+    let(:base_attributes) { Api::ApiHelpers.tag_attributes }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a normal user" do
+      context "with caching enabled" do
+        let!(:tag_2) { create(:tag) }
+
+        before do
+          ActionController::Base.perform_caching = true
+        end
+
+        it "returns unique tags" do
+          api_get :index
+          tag_ids = json_response["tags"].map { |p| p["id"] }
+          expect(tag_ids.uniq.count).to eq(tag_ids.count)
+        end
+
+        after do
+          ActionController::Base.perform_caching = false
+        end
+      end
+
+      it "retrieves a list of tags" do
+        api_get :index
+        expect(json_response["tags"].first).to have_attributes(base_attributes)
+        expect(json_response["total_count"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
+      end
+
+      it "retrieves a list of tags by id" do
+        api_get :index, ids: [tag.id]
+        expect(json_response["tags"].first).to have_attributes(base_attributes)
+        expect(json_response["total_count"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
+      end
+
+      it "retrieves a list of tags by ids string" do
+        second_tag = create(:tag)
+        api_get :index, ids: [tag.id, second_tag.id].join(",")
+        expect(json_response["tags"].first).to have_attributes(base_attributes)
+        expect(json_response["tags"][1]).to have_attributes(base_attributes)
+        expect(json_response["total_count"]).to eq(2)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
+      end
+
+      context "pagination" do
+        let!(:second_tag) { create(:tag) }
+
+        it "can select the next page of tags" do
+          api_get :index, page: 2, per_page: 1
+          expect(json_response["tags"].first).to have_attributes(base_attributes)
+          expect(json_response["total_count"]).to eq(2)
+          expect(json_response["current_page"]).to eq(2)
+          expect(json_response["pages"]).to eq(2)
+        end
+
+        it 'can control the page size through a parameter' do
+          api_get :index, per_page: 1
+          expect(json_response['count']).to eq(1)
+          expect(json_response['total_count']).to eq(2)
+          expect(json_response['current_page']).to eq(1)
+          expect(json_response['pages']).to eq(2)
+        end
+      end
+
+      it "can search for tags" do
+        create(:tag, name: "The best tag in the world")
+        api_get :index, q: { name_cont: "best" }
+        expect(json_response["tags"].first).to have_attributes(base_attributes)
+        expect(json_response["count"]).to eq(1)
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can see all tags" do
+        api_get :index
+        expect(json_response["tags"].count).to eq(1)
+        expect(json_response["count"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb

@@ -0,0 +1,114 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::TaxonomiesController, type: :controller do
+    render_views
+
+    let(:taxonomy) { create(:taxonomy) }
+    let(:taxon) { create(:taxon, name: "Ruby", taxonomy: taxonomy) }
+    let(:taxon2) { create(:taxon, name: "Rails", taxonomy: taxonomy) }
+    let(:attributes) { [:id, :name] }
+
+    before do
+      stub_authentication!
+      taxon2.children << create(:taxon, name: "3.2.2", taxonomy: taxonomy)
+      taxon.children << taxon2
+      taxonomy.root.children << taxon
+    end
+
+    context "as a normal user" do
+      it "gets all taxonomies" do
+        api_get :index
+
+        expect(json_response["taxonomies"].first['name']).to eq taxonomy.name
+        expect(json_response["taxonomies"].first['root']['taxons'].count).to eq 1
+      end
+
+      it 'can control the page size through a parameter' do
+        create(:taxonomy)
+        api_get :index, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:taxonomy, name: 'Style')
+        api_get :index, q: { name_cont: 'style' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['taxonomies'].first['name']).to eq expected_result.name
+      end
+
+      it "gets a single taxonomy" do
+        api_get :show, id: taxonomy.id
+
+        expect(json_response['name']).to eq taxonomy.name
+
+        children = json_response['root']['taxons']
+        expect(children.count).to eq 1
+        expect(children.first['name']).to eq taxon.name
+        expect(children.first.key?('taxons')).to be false
+      end
+
+      it "gets a single taxonomy with set=nested" do
+        api_get :show, id: taxonomy.id, set: 'nested'
+
+        expect(json_response['name']).to eq taxonomy.name
+
+        children = json_response['root']['taxons']
+        expect(children.first.key?('taxons')).to be true
+      end
+
+      it "gets the jstree-friendly version of a taxonomy" do
+        api_get :jstree, id: taxonomy.id
+        expect(json_response["data"]).to eq(taxonomy.root.name)
+        expect(json_response["attr"]).to eq({ "id" => taxonomy.root.id, "name" => taxonomy.root.name})
+        expect(json_response["state"]).to eq("closed")
+      end
+
+      it "can learn how to create a new taxonomy" do
+        api_get :new
+        expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+        required_attributes = json_response["required_attributes"]
+        expect(required_attributes).to include("name")
+      end
+
+      it "cannot create a new taxonomy if not an admin" do
+        api_post :create, taxonomy: { name: "Location" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a taxonomy" do
+        api_put :update, id: taxonomy.id, taxonomy: { name: "I hacked your store!" }
+        assert_unauthorized!
+      end
+
+      it "cannot delete a taxonomy" do
+        api_delete :destroy, id: taxonomy.id
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create" do
+        api_post :create, taxonomy: { name: "Colors"}
+        expect(json_response).to have_attributes(attributes)
+        expect(response.status).to eq(201)
+      end
+
+      it "cannot create a new taxonomy with invalid attributes" do
+        api_post :create, taxonomy: {}
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+        errors = json_response["errors"]
+      end
+
+      it "can destroy" do
+        api_delete :destroy, id: taxonomy.id
+        expect(response.status).to eq(204)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/taxons_controller_spec.rb

@@ -0,0 +1,177 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::TaxonsController, type: :controller do
+    render_views
+
+    let(:taxonomy) { create(:taxonomy) }
+    let(:taxon) { create(:taxon, name: "Ruby", taxonomy: taxonomy) }
+    let(:taxon2) { create(:taxon, name: "Rails", taxonomy: taxonomy) }
+    let(:attributes) { ["id", "name", "pretty_name", "permalink", "parent_id", "taxonomy_id"] }
+
+    before do
+      stub_authentication!
+      taxon2.children << create(:taxon, name: "3.2.2", taxonomy: taxonomy)
+      taxon.children << taxon2
+      taxonomy.root.children << taxon
+    end
+
+    context "as a normal user" do
+      it "gets all taxons for a taxonomy" do
+        api_get :index, taxonomy_id: taxonomy.id
+
+        expect(json_response['taxons'].first['name']).to eq taxon.name
+        children = json_response['taxons'].first['taxons']
+        expect(children.count).to eq 1
+        expect(children.first['name']).to eq taxon2.name
+        expect(children.first['taxons'].count).to eq 1
+      end
+
+      # Regression test for #4112
+      it "does not include children when asked not to" do
+        api_get :index, taxonomy_id: taxonomy.id, without_children: 1
+
+        expect(json_response['taxons'].first['name']).to eq(taxon.name)
+        expect(json_response['taxons'].first['taxons']).to be_nil
+      end
+
+      it "paginates through taxons" do
+        new_taxon = create(:taxon, name: "Go", taxonomy: taxonomy)
+        taxonomy.root.children << new_taxon
+        expect(taxonomy.root.children.count).to eql(2)
+        api_get :index, taxonomy_id: taxonomy.id, page: 1, per_page: 1
+        expect(json_response["count"]).to eql(1)
+        expect(json_response["total_count"]).to eql(2)
+        expect(json_response["current_page"]).to eql(1)
+        expect(json_response["per_page"]).to eql(1)
+        expect(json_response["pages"]).to eql(2)
+      end
+
+      describe 'searching' do
+        context 'with a name' do
+          before do
+            api_get :index, q: { name_cont: name }
+          end
+
+          context 'with one result' do
+            let(:name) { "Ruby" }
+
+            it "returns an array including the matching taxon" do
+              expect(json_response['taxons'].count).to eq(1)
+              expect(json_response['taxons'].first['name']).to eq "Ruby"
+            end
+          end
+
+          context 'with no results' do
+            let(:name) { "Imaginary" }
+
+            it 'returns an empty array of taxons' do
+              expect(json_response.keys).to include('taxons')
+              expect(json_response['taxons'].count).to eq(0)
+            end
+          end
+        end
+
+        context 'with no filters' do
+          it "gets all taxons" do
+            api_get :index
+
+            expect(json_response['taxons'].first['name']).to eq taxonomy.root.name
+            children = json_response['taxons'].first['taxons']
+            expect(children.count).to eq 1
+            expect(children.first['name']).to eq taxon.name
+            expect(children.first['taxons'].count).to eq 1
+          end
+        end
+      end
+
+      it "gets a single taxon" do
+        api_get :show, id: taxon.id, taxonomy_id: taxonomy.id
+
+        expect(json_response['name']).to eq taxon.name
+        expect(json_response['taxons'].count).to eq 1
+      end
+
+      it "gets all taxons in JSTree form" do
+        api_get :jstree, taxonomy_id: taxonomy.id, id: taxon.id
+        response = json_response.first
+        expect(response["data"]).to eq(taxon2.name)
+        expect(response["attr"]).to eq({ "name" => taxon2.name, "id" => taxon2.id})
+        expect(response["state"]).to eq("closed")
+      end
+
+      it "can learn how to create a new taxon" do
+        api_get :new, taxonomy_id: taxonomy.id
+        expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+        required_attributes = json_response["required_attributes"]
+        expect(required_attributes).to include("name")
+      end
+
+      it "cannot create a new taxon if not an admin" do
+        api_post :create, taxonomy_id: taxonomy.id, taxon: { name: "Location" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a taxon" do
+        api_put :update, taxonomy_id: taxonomy.id, id: taxon.id, taxon: { name: "I hacked your store!" }
+        assert_unauthorized!
+      end
+
+      it "cannot delete a taxon" do
+        api_delete :destroy, taxonomy_id: taxonomy.id, id: taxon.id
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create" do
+        api_post :create, taxonomy_id: taxonomy.id, taxon: { name: "Colors" }
+        expect(json_response).to have_attributes(attributes)
+        expect(response.status).to eq(201)
+
+        expect(taxonomy.reload.root.children.count).to eq 2
+        taxon = Spree::Taxon.where(name: 'Colors').first
+
+        expect(taxon.parent_id).to eq taxonomy.root.id
+        expect(taxon.taxonomy_id).to eq taxonomy.id
+      end
+
+      it "can update the position in the list" do
+        taxonomy.root.children << taxon2
+        api_put :update, taxonomy_id: taxonomy.id, id: taxon.id, taxon: {parent_id: taxon.parent_id, child_index: 2 }
+        expect(response.status).to eq(200)
+        expect(taxonomy.reload.root.children[0]).to eql taxon2
+        expect(taxonomy.reload.root.children[1]).to eql taxon
+      end
+
+      it "cannot create a new taxon with invalid attributes" do
+        api_post :create, taxonomy_id: taxonomy.id, taxon: { foo: :bar }
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+        errors = json_response["errors"]
+
+        expect(taxonomy.reload.root.children.count).to eq 1
+      end
+
+      it "cannot create a new taxon with invalid taxonomy_id" do
+        api_post :create, taxonomy_id: 1000, taxon: { name: "Colors" }
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+
+        errors = json_response["errors"]
+        expect(errors["taxonomy_id"]).not_to be_nil
+        expect(errors["taxonomy_id"].first).to eq "Invalid taxonomy id."
+
+        expect(taxonomy.reload.root.children.count).to eq 1
+      end
+
+      it "can destroy" do
+        api_delete :destroy, taxonomy_id: taxonomy.id, id: taxon.id
+        expect(response.status).to eq(204)
+      end
+    end
+
+  end
+end

data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb

@@ -0,0 +1,26 @@
+require 'shared_examples/protect_product_actions'
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::ProductsController, type: :controller do
+    render_views
+
+    let!(:product) { create(:product) }
+    let(:attributes) { [:id, :name, :description, :price, :available_on, :slug, :meta_description, :meta_keywords, :taxon_ids] }
+
+    context "without authentication" do
+      before { Spree::Api::Config[:requires_authentication] = false }
+
+      it "retrieves a list of products" do
+        api_get :index
+        expect(json_response["products"].first).to have_attributes(attributes)
+        expect(json_response["count"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+      end
+
+      it_behaves_like "modifying product actions are restricted"
+    end
+  end
+end
+

data/spec/controllers/spree/api/v1/users_controller_spec.rb

@@ -0,0 +1,153 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::UsersController, type: :controller do
+    render_views
+
+    let(:user) { create(:user, spree_api_key: rand.to_s) }
+    let(:stranger) { create(:user, email: 'stranger@example.com') }
+    let(:attributes) { [:id, :email, :created_at, :updated_at] }
+
+    context "as a normal user" do
+      it "can get own details" do
+        api_get :show, id: user.id, token: user.spree_api_key
+
+        expect(json_response['email']).to eq user.email
+      end
+
+      it "cannot get other users details" do
+        api_get :show, id: stranger.id, token: user.spree_api_key
+
+        assert_not_found!
+      end
+
+      it "can learn how to create a new user" do
+        api_get :new, token: user.spree_api_key
+        expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+      end
+
+      it "can create a new user" do
+        user_params = {
+          email: 'new@example.com', password: 'spree123', password_confirmation: 'spree123'
+        }
+
+        api_post :create, user: user_params, token: user.spree_api_key
+        expect(json_response['email']).to eq 'new@example.com'
+      end
+
+      # there's no validations on LegacyUser?
+      xit "cannot create a new user with invalid attributes" do
+        api_post :create, user: {}, token: user.spree_api_key
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+        errors = json_response["errors"]
+      end
+
+      it "can update own details" do
+        country = create(:country)
+        api_put :update, id: user.id, token: user.spree_api_key, user: {
+          email: "mine@example.com",
+          bill_address_attributes: {
+            first_name: 'First',
+            last_name: 'Last',
+            address1: '1 Test Rd',
+            city: 'City',
+            country_id: country.id,
+            state_id: 1,
+            zipcode: '55555',
+            phone: '5555555555'
+          },
+          ship_address_attributes: {
+            first_name: 'First',
+            last_name: 'Last',
+            address1: '1 Test Rd',
+            city: 'City',
+            country_id: country.id,
+            state_id: 1,
+            zipcode: '55555',
+            phone: '5555555555'
+          }
+        }
+        expect(json_response['email']).to eq 'mine@example.com'
+        expect(json_response['bill_address']).to_not be_nil
+        expect(json_response['ship_address']).to_not be_nil
+      end
+
+      it "cannot update other users details" do
+        api_put :update, id: stranger.id, token: user.spree_api_key, user: { email: "mine@example.com" }
+        assert_not_found!
+      end
+
+      it "can delete itself" do
+        api_delete :destroy, id: user.id, token: user.spree_api_key
+        expect(response.status).to eq(204)
+      end
+
+      it "cannot delete other user" do
+        api_delete :destroy, id: stranger.id, token: user.spree_api_key
+        assert_not_found!
+      end
+
+      it "should only get own details on index" do
+        2.times { create(:user) }
+        api_get :index, token: user.spree_api_key
+
+        expect(Spree.user_class.count).to eq 3
+        expect(json_response['count']).to eq 1
+        expect(json_response['users'].size).to eq 1
+      end
+    end
+
+    context "as an admin" do
+      before { stub_authentication! }
+
+      sign_in_as_admin!
+
+      it "gets all users" do
+        allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
+
+        2.times { create(:user) }
+
+        api_get :index
+        expect(Spree.user_class.count).to eq 2
+        expect(json_response['count']).to eq 2
+        expect(json_response['users'].size).to eq 2
+      end
+
+      it 'can control the page size through a parameter' do
+        2.times { create(:user) }
+        api_get :index, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:user, email: 'brian@spreecommerce.com')
+        api_get :index, q: { email_cont: 'brian' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['users'].first['email']).to eq expected_result.email
+      end
+
+      it "can create" do
+        api_post :create, user: { email: "new@example.com", password: 'spree123', password_confirmation: 'spree123' }
+        expect(json_response).to have_attributes(attributes)
+        expect(response.status).to eq(201)
+      end
+
+      it "can destroy user without orders" do
+        user.orders.destroy_all
+        api_delete :destroy, id: user.id
+        expect(response.status).to eq(204)
+      end
+
+      it "cannot destroy user with orders" do
+        create(:completed_order_with_totals, user: user)
+        api_delete :destroy, id: user.id
+        expect(json_response["exception"]).to eq "Spree::Core::DestroyWithOrdersError"
+        expect(response.status).to eq(422)
+      end
+
+    end
+  end
+end