spree_api 3.1.14 → 3.2.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +3 -1
- data/app/controllers/spree/api/base_controller.rb +2 -2
- data/app/controllers/spree/api/v1/addresses_controller.rb +1 -1
- data/app/controllers/spree/api/v1/classifications_controller.rb +1 -1
- data/app/controllers/spree/api/v1/images_controller.rb +3 -0
- data/app/controllers/spree/api/v1/inventory_units_controller.rb +3 -3
- data/app/controllers/spree/api/v1/line_items_controller.rb +3 -0
- data/app/controllers/spree/api/v1/option_types_controller.rb +16 -7
- data/app/controllers/spree/api/v1/option_values_controller.rb +6 -3
- data/app/controllers/spree/api/v1/orders_controller.rb +13 -24
- data/app/controllers/spree/api/v1/payments_controller.rb +0 -1
- data/app/controllers/spree/api/v1/products_controller.rb +8 -5
- data/app/controllers/spree/api/v1/stock_items_controller.rb +1 -1
- data/app/controllers/spree/api/v1/stock_locations_controller.rb +1 -1
- data/app/controllers/spree/api/v1/tags_controller.rb +28 -0
- data/app/controllers/spree/api/v1/taxonomies_controller.rb +7 -4
- data/app/controllers/spree/api/v1/taxons_controller.rb +4 -1
- data/app/controllers/spree/api/v1/users_controller.rb +5 -3
- data/app/controllers/spree/api/v1/zones_controller.rb +3 -3
- data/app/helpers/spree/api/api_helpers.rb +4 -1
- data/app/models/spree/api_configuration.rb +1 -1
- data/app/views/spree/api/errors/invalid_api_key.v1.rabl +1 -1
- data/app/views/spree/api/errors/invalid_resource.v1.rabl +1 -1
- data/app/views/spree/api/errors/must_specify_api_key.v1.rabl +1 -1
- data/app/views/spree/api/errors/not_found.v1.rabl +1 -1
- data/app/views/spree/api/errors/unauthorized.v1.rabl +1 -1
- data/app/views/spree/api/v1/countries/show.v1.rabl +1 -1
- data/app/views/spree/api/v1/line_items/show.v1.rabl +2 -2
- data/app/views/spree/api/v1/option_types/show.v1.rabl +1 -1
- data/app/views/spree/api/v1/orders/invalid_shipping_method.v1.rabl +1 -1
- data/app/views/spree/api/v1/orders/payment.v1.rabl +1 -1
- data/app/views/spree/api/v1/orders/show.v1.rabl +9 -9
- data/app/views/spree/api/v1/payments/credit_over_limit.v1.rabl +1 -1
- data/app/views/spree/api/v1/payments/update_forbidden.v1.rabl +1 -1
- data/app/views/spree/api/v1/products/show.v1.rabl +5 -5
- data/app/views/spree/api/v1/shipments/cannot_ready_shipment.v1.rabl +1 -1
- data/app/views/spree/api/v1/shipments/show.v1.rabl +7 -7
- data/app/views/spree/api/v1/shipments/small.v1.rabl +8 -8
- data/app/views/spree/api/v1/tags/index.v1.rabl +9 -0
- data/app/views/spree/api/v1/taxonomies/jstree.rabl +2 -2
- data/app/views/spree/api/v1/taxonomies/nested.v1.rabl +2 -2
- data/app/views/spree/api/v1/taxons/jstree.rabl +3 -3
- data/app/views/spree/api/v1/taxons/show.v1.rabl +1 -1
- data/app/views/spree/api/v1/taxons/taxons.v1.rabl +1 -1
- data/app/views/spree/api/v1/users/show.v1.rabl +3 -2
- data/app/views/spree/api/v1/variants/big.v1.rabl +3 -3
- data/app/views/spree/api/v1/variants/small.v1.rabl +3 -2
- data/app/views/spree/api/v1/zones/show.v1.rabl +1 -1
- data/config/routes.rb +4 -6
- data/db/migrate/20100107141738_add_api_key_to_spree_users.rb +2 -2
- data/db/migrate/20120411123334_resize_api_key_field.rb +2 -2
- data/db/migrate/20120530054546_rename_api_key_to_spree_api_key.rb +1 -1
- data/db/migrate/20131017162334_add_index_to_user_spree_api_key.rb +1 -1
- data/lib/spree/api/engine.rb +11 -3
- data/lib/spree/api/responders/rabl_template.rb +1 -1
- data/lib/spree/api/testing_support/caching.rb +2 -2
- data/spec/controllers/spree/api/base_controller_spec.rb +96 -0
- data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +56 -0
- data/spec/controllers/spree/api/v1/checkouts_controller_spec.rb +363 -0
- data/spec/controllers/spree/api/v1/classifications_controller_spec.rb +48 -0
- data/spec/controllers/spree/api/v1/countries_controller_spec.rb +48 -0
- data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb +80 -0
- data/spec/controllers/spree/api/v1/images_controller_spec.rb +114 -0
- data/spec/controllers/spree/api/v1/inventory_units_controller_spec.rb +48 -0
- data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +203 -0
- data/spec/controllers/spree/api/v1/option_types_controller_spec.rb +122 -0
- data/spec/controllers/spree/api/v1/option_values_controller_spec.rb +141 -0
- data/spec/controllers/spree/api/v1/orders_controller_spec.rb +735 -0
- data/spec/controllers/spree/api/v1/payments_controller_spec.rb +234 -0
- data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +147 -0
- data/spec/controllers/spree/api/v1/products_controller_spec.rb +409 -0
- data/spec/controllers/spree/api/v1/promotion_application_spec.rb +50 -0
- data/spec/controllers/spree/api/v1/promotions_controller_spec.rb +64 -0
- data/spec/controllers/spree/api/v1/properties_controller_spec.rb +102 -0
- data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +161 -0
- data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +187 -0
- data/spec/controllers/spree/api/v1/states_controller_spec.rb +86 -0
- data/spec/controllers/spree/api/v1/stock_items_controller_spec.rb +143 -0
- data/spec/controllers/spree/api/v1/stock_locations_controller_spec.rb +113 -0
- data/spec/controllers/spree/api/v1/stock_movements_controller_spec.rb +84 -0
- data/spec/controllers/spree/api/v1/stores_controller_spec.rb +133 -0
- data/spec/controllers/spree/api/v1/tags_controller_spec.rb +102 -0
- data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +114 -0
- data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +177 -0
- data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
- data/spec/controllers/spree/api/v1/users_controller_spec.rb +153 -0
- data/spec/controllers/spree/api/v1/variants_controller_spec.rb +205 -0
- data/spec/controllers/spree/api/v1/zones_controller_spec.rb +91 -0
- data/spec/models/spree/legacy_user_spec.rb +19 -0
- data/spec/requests/rabl_cache_spec.rb +32 -0
- data/spec/requests/ransackable_attributes_spec.rb +79 -0
- data/spec/requests/version_spec.rb +19 -0
- data/spec/shared_examples/protect_product_actions.rb +17 -0
- data/spec/spec_helper.rb +60 -0
- data/spec/support/controller_hacks.rb +40 -0
- data/spec/support/database_cleaner.rb +14 -0
- data/spec/support/have_attributes_matcher.rb +13 -0
- data/spree_api.gemspec +7 -4
- metadata +99 -14
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::TagsController, type: :controller do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let!(:tag) { create(:tag) }
|
8
|
+
let(:base_attributes) { Api::ApiHelpers.tag_attributes }
|
9
|
+
|
10
|
+
before do
|
11
|
+
stub_authentication!
|
12
|
+
end
|
13
|
+
|
14
|
+
context "as a normal user" do
|
15
|
+
context "with caching enabled" do
|
16
|
+
let!(:tag_2) { create(:tag) }
|
17
|
+
|
18
|
+
before do
|
19
|
+
ActionController::Base.perform_caching = true
|
20
|
+
end
|
21
|
+
|
22
|
+
it "returns unique tags" do
|
23
|
+
api_get :index
|
24
|
+
tag_ids = json_response["tags"].map { |p| p["id"] }
|
25
|
+
expect(tag_ids.uniq.count).to eq(tag_ids.count)
|
26
|
+
end
|
27
|
+
|
28
|
+
after do
|
29
|
+
ActionController::Base.perform_caching = false
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
it "retrieves a list of tags" do
|
34
|
+
api_get :index
|
35
|
+
expect(json_response["tags"].first).to have_attributes(base_attributes)
|
36
|
+
expect(json_response["total_count"]).to eq(1)
|
37
|
+
expect(json_response["current_page"]).to eq(1)
|
38
|
+
expect(json_response["pages"]).to eq(1)
|
39
|
+
expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
|
40
|
+
end
|
41
|
+
|
42
|
+
it "retrieves a list of tags by id" do
|
43
|
+
api_get :index, ids: [tag.id]
|
44
|
+
expect(json_response["tags"].first).to have_attributes(base_attributes)
|
45
|
+
expect(json_response["total_count"]).to eq(1)
|
46
|
+
expect(json_response["current_page"]).to eq(1)
|
47
|
+
expect(json_response["pages"]).to eq(1)
|
48
|
+
expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
|
49
|
+
end
|
50
|
+
|
51
|
+
it "retrieves a list of tags by ids string" do
|
52
|
+
second_tag = create(:tag)
|
53
|
+
api_get :index, ids: [tag.id, second_tag.id].join(",")
|
54
|
+
expect(json_response["tags"].first).to have_attributes(base_attributes)
|
55
|
+
expect(json_response["tags"][1]).to have_attributes(base_attributes)
|
56
|
+
expect(json_response["total_count"]).to eq(2)
|
57
|
+
expect(json_response["current_page"]).to eq(1)
|
58
|
+
expect(json_response["pages"]).to eq(1)
|
59
|
+
expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
|
60
|
+
end
|
61
|
+
|
62
|
+
context "pagination" do
|
63
|
+
let!(:second_tag) { create(:tag) }
|
64
|
+
|
65
|
+
it "can select the next page of tags" do
|
66
|
+
api_get :index, page: 2, per_page: 1
|
67
|
+
expect(json_response["tags"].first).to have_attributes(base_attributes)
|
68
|
+
expect(json_response["total_count"]).to eq(2)
|
69
|
+
expect(json_response["current_page"]).to eq(2)
|
70
|
+
expect(json_response["pages"]).to eq(2)
|
71
|
+
end
|
72
|
+
|
73
|
+
it 'can control the page size through a parameter' do
|
74
|
+
api_get :index, per_page: 1
|
75
|
+
expect(json_response['count']).to eq(1)
|
76
|
+
expect(json_response['total_count']).to eq(2)
|
77
|
+
expect(json_response['current_page']).to eq(1)
|
78
|
+
expect(json_response['pages']).to eq(2)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
it "can search for tags" do
|
83
|
+
create(:tag, name: "The best tag in the world")
|
84
|
+
api_get :index, q: { name_cont: "best" }
|
85
|
+
expect(json_response["tags"].first).to have_attributes(base_attributes)
|
86
|
+
expect(json_response["count"]).to eq(1)
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
context "as an admin" do
|
91
|
+
sign_in_as_admin!
|
92
|
+
|
93
|
+
it "can see all tags" do
|
94
|
+
api_get :index
|
95
|
+
expect(json_response["tags"].count).to eq(1)
|
96
|
+
expect(json_response["count"]).to eq(1)
|
97
|
+
expect(json_response["current_page"]).to eq(1)
|
98
|
+
expect(json_response["pages"]).to eq(1)
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
@@ -0,0 +1,114 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::TaxonomiesController, type: :controller do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let(:taxonomy) { create(:taxonomy) }
|
8
|
+
let(:taxon) { create(:taxon, name: "Ruby", taxonomy: taxonomy) }
|
9
|
+
let(:taxon2) { create(:taxon, name: "Rails", taxonomy: taxonomy) }
|
10
|
+
let(:attributes) { [:id, :name] }
|
11
|
+
|
12
|
+
before do
|
13
|
+
stub_authentication!
|
14
|
+
taxon2.children << create(:taxon, name: "3.2.2", taxonomy: taxonomy)
|
15
|
+
taxon.children << taxon2
|
16
|
+
taxonomy.root.children << taxon
|
17
|
+
end
|
18
|
+
|
19
|
+
context "as a normal user" do
|
20
|
+
it "gets all taxonomies" do
|
21
|
+
api_get :index
|
22
|
+
|
23
|
+
expect(json_response["taxonomies"].first['name']).to eq taxonomy.name
|
24
|
+
expect(json_response["taxonomies"].first['root']['taxons'].count).to eq 1
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'can control the page size through a parameter' do
|
28
|
+
create(:taxonomy)
|
29
|
+
api_get :index, per_page: 1
|
30
|
+
expect(json_response['count']).to eq(1)
|
31
|
+
expect(json_response['current_page']).to eq(1)
|
32
|
+
expect(json_response['pages']).to eq(2)
|
33
|
+
end
|
34
|
+
|
35
|
+
it 'can query the results through a paramter' do
|
36
|
+
expected_result = create(:taxonomy, name: 'Style')
|
37
|
+
api_get :index, q: { name_cont: 'style' }
|
38
|
+
expect(json_response['count']).to eq(1)
|
39
|
+
expect(json_response['taxonomies'].first['name']).to eq expected_result.name
|
40
|
+
end
|
41
|
+
|
42
|
+
it "gets a single taxonomy" do
|
43
|
+
api_get :show, id: taxonomy.id
|
44
|
+
|
45
|
+
expect(json_response['name']).to eq taxonomy.name
|
46
|
+
|
47
|
+
children = json_response['root']['taxons']
|
48
|
+
expect(children.count).to eq 1
|
49
|
+
expect(children.first['name']).to eq taxon.name
|
50
|
+
expect(children.first.key?('taxons')).to be false
|
51
|
+
end
|
52
|
+
|
53
|
+
it "gets a single taxonomy with set=nested" do
|
54
|
+
api_get :show, id: taxonomy.id, set: 'nested'
|
55
|
+
|
56
|
+
expect(json_response['name']).to eq taxonomy.name
|
57
|
+
|
58
|
+
children = json_response['root']['taxons']
|
59
|
+
expect(children.first.key?('taxons')).to be true
|
60
|
+
end
|
61
|
+
|
62
|
+
it "gets the jstree-friendly version of a taxonomy" do
|
63
|
+
api_get :jstree, id: taxonomy.id
|
64
|
+
expect(json_response["data"]).to eq(taxonomy.root.name)
|
65
|
+
expect(json_response["attr"]).to eq({ "id" => taxonomy.root.id, "name" => taxonomy.root.name})
|
66
|
+
expect(json_response["state"]).to eq("closed")
|
67
|
+
end
|
68
|
+
|
69
|
+
it "can learn how to create a new taxonomy" do
|
70
|
+
api_get :new
|
71
|
+
expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
|
72
|
+
required_attributes = json_response["required_attributes"]
|
73
|
+
expect(required_attributes).to include("name")
|
74
|
+
end
|
75
|
+
|
76
|
+
it "cannot create a new taxonomy if not an admin" do
|
77
|
+
api_post :create, taxonomy: { name: "Location" }
|
78
|
+
assert_unauthorized!
|
79
|
+
end
|
80
|
+
|
81
|
+
it "cannot update a taxonomy" do
|
82
|
+
api_put :update, id: taxonomy.id, taxonomy: { name: "I hacked your store!" }
|
83
|
+
assert_unauthorized!
|
84
|
+
end
|
85
|
+
|
86
|
+
it "cannot delete a taxonomy" do
|
87
|
+
api_delete :destroy, id: taxonomy.id
|
88
|
+
assert_unauthorized!
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
context "as an admin" do
|
93
|
+
sign_in_as_admin!
|
94
|
+
|
95
|
+
it "can create" do
|
96
|
+
api_post :create, taxonomy: { name: "Colors"}
|
97
|
+
expect(json_response).to have_attributes(attributes)
|
98
|
+
expect(response.status).to eq(201)
|
99
|
+
end
|
100
|
+
|
101
|
+
it "cannot create a new taxonomy with invalid attributes" do
|
102
|
+
api_post :create, taxonomy: {}
|
103
|
+
expect(response.status).to eq(422)
|
104
|
+
expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
|
105
|
+
errors = json_response["errors"]
|
106
|
+
end
|
107
|
+
|
108
|
+
it "can destroy" do
|
109
|
+
api_delete :destroy, id: taxonomy.id
|
110
|
+
expect(response.status).to eq(204)
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
@@ -0,0 +1,177 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::TaxonsController, type: :controller do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let(:taxonomy) { create(:taxonomy) }
|
8
|
+
let(:taxon) { create(:taxon, name: "Ruby", taxonomy: taxonomy) }
|
9
|
+
let(:taxon2) { create(:taxon, name: "Rails", taxonomy: taxonomy) }
|
10
|
+
let(:attributes) { ["id", "name", "pretty_name", "permalink", "parent_id", "taxonomy_id"] }
|
11
|
+
|
12
|
+
before do
|
13
|
+
stub_authentication!
|
14
|
+
taxon2.children << create(:taxon, name: "3.2.2", taxonomy: taxonomy)
|
15
|
+
taxon.children << taxon2
|
16
|
+
taxonomy.root.children << taxon
|
17
|
+
end
|
18
|
+
|
19
|
+
context "as a normal user" do
|
20
|
+
it "gets all taxons for a taxonomy" do
|
21
|
+
api_get :index, taxonomy_id: taxonomy.id
|
22
|
+
|
23
|
+
expect(json_response['taxons'].first['name']).to eq taxon.name
|
24
|
+
children = json_response['taxons'].first['taxons']
|
25
|
+
expect(children.count).to eq 1
|
26
|
+
expect(children.first['name']).to eq taxon2.name
|
27
|
+
expect(children.first['taxons'].count).to eq 1
|
28
|
+
end
|
29
|
+
|
30
|
+
# Regression test for #4112
|
31
|
+
it "does not include children when asked not to" do
|
32
|
+
api_get :index, taxonomy_id: taxonomy.id, without_children: 1
|
33
|
+
|
34
|
+
expect(json_response['taxons'].first['name']).to eq(taxon.name)
|
35
|
+
expect(json_response['taxons'].first['taxons']).to be_nil
|
36
|
+
end
|
37
|
+
|
38
|
+
it "paginates through taxons" do
|
39
|
+
new_taxon = create(:taxon, name: "Go", taxonomy: taxonomy)
|
40
|
+
taxonomy.root.children << new_taxon
|
41
|
+
expect(taxonomy.root.children.count).to eql(2)
|
42
|
+
api_get :index, taxonomy_id: taxonomy.id, page: 1, per_page: 1
|
43
|
+
expect(json_response["count"]).to eql(1)
|
44
|
+
expect(json_response["total_count"]).to eql(2)
|
45
|
+
expect(json_response["current_page"]).to eql(1)
|
46
|
+
expect(json_response["per_page"]).to eql(1)
|
47
|
+
expect(json_response["pages"]).to eql(2)
|
48
|
+
end
|
49
|
+
|
50
|
+
describe 'searching' do
|
51
|
+
context 'with a name' do
|
52
|
+
before do
|
53
|
+
api_get :index, q: { name_cont: name }
|
54
|
+
end
|
55
|
+
|
56
|
+
context 'with one result' do
|
57
|
+
let(:name) { "Ruby" }
|
58
|
+
|
59
|
+
it "returns an array including the matching taxon" do
|
60
|
+
expect(json_response['taxons'].count).to eq(1)
|
61
|
+
expect(json_response['taxons'].first['name']).to eq "Ruby"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
context 'with no results' do
|
66
|
+
let(:name) { "Imaginary" }
|
67
|
+
|
68
|
+
it 'returns an empty array of taxons' do
|
69
|
+
expect(json_response.keys).to include('taxons')
|
70
|
+
expect(json_response['taxons'].count).to eq(0)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
context 'with no filters' do
|
76
|
+
it "gets all taxons" do
|
77
|
+
api_get :index
|
78
|
+
|
79
|
+
expect(json_response['taxons'].first['name']).to eq taxonomy.root.name
|
80
|
+
children = json_response['taxons'].first['taxons']
|
81
|
+
expect(children.count).to eq 1
|
82
|
+
expect(children.first['name']).to eq taxon.name
|
83
|
+
expect(children.first['taxons'].count).to eq 1
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
it "gets a single taxon" do
|
89
|
+
api_get :show, id: taxon.id, taxonomy_id: taxonomy.id
|
90
|
+
|
91
|
+
expect(json_response['name']).to eq taxon.name
|
92
|
+
expect(json_response['taxons'].count).to eq 1
|
93
|
+
end
|
94
|
+
|
95
|
+
it "gets all taxons in JSTree form" do
|
96
|
+
api_get :jstree, taxonomy_id: taxonomy.id, id: taxon.id
|
97
|
+
response = json_response.first
|
98
|
+
expect(response["data"]).to eq(taxon2.name)
|
99
|
+
expect(response["attr"]).to eq({ "name" => taxon2.name, "id" => taxon2.id})
|
100
|
+
expect(response["state"]).to eq("closed")
|
101
|
+
end
|
102
|
+
|
103
|
+
it "can learn how to create a new taxon" do
|
104
|
+
api_get :new, taxonomy_id: taxonomy.id
|
105
|
+
expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
|
106
|
+
required_attributes = json_response["required_attributes"]
|
107
|
+
expect(required_attributes).to include("name")
|
108
|
+
end
|
109
|
+
|
110
|
+
it "cannot create a new taxon if not an admin" do
|
111
|
+
api_post :create, taxonomy_id: taxonomy.id, taxon: { name: "Location" }
|
112
|
+
assert_unauthorized!
|
113
|
+
end
|
114
|
+
|
115
|
+
it "cannot update a taxon" do
|
116
|
+
api_put :update, taxonomy_id: taxonomy.id, id: taxon.id, taxon: { name: "I hacked your store!" }
|
117
|
+
assert_unauthorized!
|
118
|
+
end
|
119
|
+
|
120
|
+
it "cannot delete a taxon" do
|
121
|
+
api_delete :destroy, taxonomy_id: taxonomy.id, id: taxon.id
|
122
|
+
assert_unauthorized!
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
context "as an admin" do
|
127
|
+
sign_in_as_admin!
|
128
|
+
|
129
|
+
it "can create" do
|
130
|
+
api_post :create, taxonomy_id: taxonomy.id, taxon: { name: "Colors" }
|
131
|
+
expect(json_response).to have_attributes(attributes)
|
132
|
+
expect(response.status).to eq(201)
|
133
|
+
|
134
|
+
expect(taxonomy.reload.root.children.count).to eq 2
|
135
|
+
taxon = Spree::Taxon.where(name: 'Colors').first
|
136
|
+
|
137
|
+
expect(taxon.parent_id).to eq taxonomy.root.id
|
138
|
+
expect(taxon.taxonomy_id).to eq taxonomy.id
|
139
|
+
end
|
140
|
+
|
141
|
+
it "can update the position in the list" do
|
142
|
+
taxonomy.root.children << taxon2
|
143
|
+
api_put :update, taxonomy_id: taxonomy.id, id: taxon.id, taxon: {parent_id: taxon.parent_id, child_index: 2 }
|
144
|
+
expect(response.status).to eq(200)
|
145
|
+
expect(taxonomy.reload.root.children[0]).to eql taxon2
|
146
|
+
expect(taxonomy.reload.root.children[1]).to eql taxon
|
147
|
+
end
|
148
|
+
|
149
|
+
it "cannot create a new taxon with invalid attributes" do
|
150
|
+
api_post :create, taxonomy_id: taxonomy.id, taxon: { foo: :bar }
|
151
|
+
expect(response.status).to eq(422)
|
152
|
+
expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
|
153
|
+
errors = json_response["errors"]
|
154
|
+
|
155
|
+
expect(taxonomy.reload.root.children.count).to eq 1
|
156
|
+
end
|
157
|
+
|
158
|
+
it "cannot create a new taxon with invalid taxonomy_id" do
|
159
|
+
api_post :create, taxonomy_id: 1000, taxon: { name: "Colors" }
|
160
|
+
expect(response.status).to eq(422)
|
161
|
+
expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
|
162
|
+
|
163
|
+
errors = json_response["errors"]
|
164
|
+
expect(errors["taxonomy_id"]).not_to be_nil
|
165
|
+
expect(errors["taxonomy_id"].first).to eq "Invalid taxonomy id."
|
166
|
+
|
167
|
+
expect(taxonomy.reload.root.children.count).to eq 1
|
168
|
+
end
|
169
|
+
|
170
|
+
it "can destroy" do
|
171
|
+
api_delete :destroy, taxonomy_id: taxonomy.id, id: taxon.id
|
172
|
+
expect(response.status).to eq(204)
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
176
|
+
end
|
177
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'shared_examples/protect_product_actions'
|
2
|
+
require 'spec_helper'
|
3
|
+
|
4
|
+
module Spree
|
5
|
+
describe Api::V1::ProductsController, type: :controller do
|
6
|
+
render_views
|
7
|
+
|
8
|
+
let!(:product) { create(:product) }
|
9
|
+
let(:attributes) { [:id, :name, :description, :price, :available_on, :slug, :meta_description, :meta_keywords, :taxon_ids] }
|
10
|
+
|
11
|
+
context "without authentication" do
|
12
|
+
before { Spree::Api::Config[:requires_authentication] = false }
|
13
|
+
|
14
|
+
it "retrieves a list of products" do
|
15
|
+
api_get :index
|
16
|
+
expect(json_response["products"].first).to have_attributes(attributes)
|
17
|
+
expect(json_response["count"]).to eq(1)
|
18
|
+
expect(json_response["current_page"]).to eq(1)
|
19
|
+
expect(json_response["pages"]).to eq(1)
|
20
|
+
end
|
21
|
+
|
22
|
+
it_behaves_like "modifying product actions are restricted"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
@@ -0,0 +1,153 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::UsersController, type: :controller do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let(:user) { create(:user, spree_api_key: rand.to_s) }
|
8
|
+
let(:stranger) { create(:user, email: 'stranger@example.com') }
|
9
|
+
let(:attributes) { [:id, :email, :created_at, :updated_at] }
|
10
|
+
|
11
|
+
context "as a normal user" do
|
12
|
+
it "can get own details" do
|
13
|
+
api_get :show, id: user.id, token: user.spree_api_key
|
14
|
+
|
15
|
+
expect(json_response['email']).to eq user.email
|
16
|
+
end
|
17
|
+
|
18
|
+
it "cannot get other users details" do
|
19
|
+
api_get :show, id: stranger.id, token: user.spree_api_key
|
20
|
+
|
21
|
+
assert_not_found!
|
22
|
+
end
|
23
|
+
|
24
|
+
it "can learn how to create a new user" do
|
25
|
+
api_get :new, token: user.spree_api_key
|
26
|
+
expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
|
27
|
+
end
|
28
|
+
|
29
|
+
it "can create a new user" do
|
30
|
+
user_params = {
|
31
|
+
email: 'new@example.com', password: 'spree123', password_confirmation: 'spree123'
|
32
|
+
}
|
33
|
+
|
34
|
+
api_post :create, user: user_params, token: user.spree_api_key
|
35
|
+
expect(json_response['email']).to eq 'new@example.com'
|
36
|
+
end
|
37
|
+
|
38
|
+
# there's no validations on LegacyUser?
|
39
|
+
xit "cannot create a new user with invalid attributes" do
|
40
|
+
api_post :create, user: {}, token: user.spree_api_key
|
41
|
+
expect(response.status).to eq(422)
|
42
|
+
expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
|
43
|
+
errors = json_response["errors"]
|
44
|
+
end
|
45
|
+
|
46
|
+
it "can update own details" do
|
47
|
+
country = create(:country)
|
48
|
+
api_put :update, id: user.id, token: user.spree_api_key, user: {
|
49
|
+
email: "mine@example.com",
|
50
|
+
bill_address_attributes: {
|
51
|
+
first_name: 'First',
|
52
|
+
last_name: 'Last',
|
53
|
+
address1: '1 Test Rd',
|
54
|
+
city: 'City',
|
55
|
+
country_id: country.id,
|
56
|
+
state_id: 1,
|
57
|
+
zipcode: '55555',
|
58
|
+
phone: '5555555555'
|
59
|
+
},
|
60
|
+
ship_address_attributes: {
|
61
|
+
first_name: 'First',
|
62
|
+
last_name: 'Last',
|
63
|
+
address1: '1 Test Rd',
|
64
|
+
city: 'City',
|
65
|
+
country_id: country.id,
|
66
|
+
state_id: 1,
|
67
|
+
zipcode: '55555',
|
68
|
+
phone: '5555555555'
|
69
|
+
}
|
70
|
+
}
|
71
|
+
expect(json_response['email']).to eq 'mine@example.com'
|
72
|
+
expect(json_response['bill_address']).to_not be_nil
|
73
|
+
expect(json_response['ship_address']).to_not be_nil
|
74
|
+
end
|
75
|
+
|
76
|
+
it "cannot update other users details" do
|
77
|
+
api_put :update, id: stranger.id, token: user.spree_api_key, user: { email: "mine@example.com" }
|
78
|
+
assert_not_found!
|
79
|
+
end
|
80
|
+
|
81
|
+
it "can delete itself" do
|
82
|
+
api_delete :destroy, id: user.id, token: user.spree_api_key
|
83
|
+
expect(response.status).to eq(204)
|
84
|
+
end
|
85
|
+
|
86
|
+
it "cannot delete other user" do
|
87
|
+
api_delete :destroy, id: stranger.id, token: user.spree_api_key
|
88
|
+
assert_not_found!
|
89
|
+
end
|
90
|
+
|
91
|
+
it "should only get own details on index" do
|
92
|
+
2.times { create(:user) }
|
93
|
+
api_get :index, token: user.spree_api_key
|
94
|
+
|
95
|
+
expect(Spree.user_class.count).to eq 3
|
96
|
+
expect(json_response['count']).to eq 1
|
97
|
+
expect(json_response['users'].size).to eq 1
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
context "as an admin" do
|
102
|
+
before { stub_authentication! }
|
103
|
+
|
104
|
+
sign_in_as_admin!
|
105
|
+
|
106
|
+
it "gets all users" do
|
107
|
+
allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
|
108
|
+
|
109
|
+
2.times { create(:user) }
|
110
|
+
|
111
|
+
api_get :index
|
112
|
+
expect(Spree.user_class.count).to eq 2
|
113
|
+
expect(json_response['count']).to eq 2
|
114
|
+
expect(json_response['users'].size).to eq 2
|
115
|
+
end
|
116
|
+
|
117
|
+
it 'can control the page size through a parameter' do
|
118
|
+
2.times { create(:user) }
|
119
|
+
api_get :index, per_page: 1
|
120
|
+
expect(json_response['count']).to eq(1)
|
121
|
+
expect(json_response['current_page']).to eq(1)
|
122
|
+
expect(json_response['pages']).to eq(2)
|
123
|
+
end
|
124
|
+
|
125
|
+
it 'can query the results through a paramter' do
|
126
|
+
expected_result = create(:user, email: 'brian@spreecommerce.com')
|
127
|
+
api_get :index, q: { email_cont: 'brian' }
|
128
|
+
expect(json_response['count']).to eq(1)
|
129
|
+
expect(json_response['users'].first['email']).to eq expected_result.email
|
130
|
+
end
|
131
|
+
|
132
|
+
it "can create" do
|
133
|
+
api_post :create, user: { email: "new@example.com", password: 'spree123', password_confirmation: 'spree123' }
|
134
|
+
expect(json_response).to have_attributes(attributes)
|
135
|
+
expect(response.status).to eq(201)
|
136
|
+
end
|
137
|
+
|
138
|
+
it "can destroy user without orders" do
|
139
|
+
user.orders.destroy_all
|
140
|
+
api_delete :destroy, id: user.id
|
141
|
+
expect(response.status).to eq(204)
|
142
|
+
end
|
143
|
+
|
144
|
+
it "cannot destroy user with orders" do
|
145
|
+
create(:completed_order_with_totals, user: user)
|
146
|
+
api_delete :destroy, id: user.id
|
147
|
+
expect(json_response["exception"]).to eq "Spree::Core::DestroyWithOrdersError"
|
148
|
+
expect(response.status).to eq(422)
|
149
|
+
end
|
150
|
+
|
151
|
+
end
|
152
|
+
end
|
153
|
+
end
|