spree_api 3.2.9 → 3.3.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/base_controller.rb +11 -12
  3. data/app/controllers/spree/api/v1/checkouts_controller.rb +5 -8
  4. data/app/controllers/spree/api/v1/customer_returns_controller.rb +24 -0
  5. data/app/controllers/spree/api/v1/orders_controller.rb +13 -24
  6. data/app/controllers/spree/api/v1/payments_controller.rb +2 -3
  7. data/app/controllers/spree/api/v1/reimbursements_controller.rb +24 -0
  8. data/app/controllers/spree/api/v1/shipments_controller.rb +4 -4
  9. data/app/controllers/spree/api/v1/zones_controller.rb +8 -3
  10. data/app/helpers/spree/api/api_helpers.rb +13 -1
  11. data/app/models/concerns/spree/user_api_authentication.rb +19 -0
  12. data/app/models/concerns/spree/user_api_methods.rb +7 -0
  13. data/app/views/spree/api/v1/customer_returns/index.v1.rabl +7 -0
  14. data/app/views/spree/api/v1/line_items/show.v1.rabl +0 -1
  15. data/app/views/spree/api/v1/reimbursements/index.v1.rabl +7 -0
  16. data/config/initializers/user_class_extensions.rb +7 -0
  17. data/config/routes.rb +3 -0
  18. data/spec/controllers/spree/api/base_controller_spec.rb +84 -0
  19. data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +56 -0
  20. data/spec/controllers/spree/api/v1/checkouts_controller_spec.rb +361 -0
  21. data/spec/controllers/spree/api/v1/classifications_controller_spec.rb +48 -0
  22. data/spec/controllers/spree/api/v1/countries_controller_spec.rb +48 -0
  23. data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb +80 -0
  24. data/spec/controllers/spree/api/v1/customer_returns_controller_spec.rb +27 -0
  25. data/spec/controllers/spree/api/v1/images_controller_spec.rb +114 -0
  26. data/spec/controllers/spree/api/v1/inventory_units_controller_spec.rb +48 -0
  27. data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +210 -0
  28. data/spec/controllers/spree/api/v1/option_types_controller_spec.rb +122 -0
  29. data/spec/controllers/spree/api/v1/option_values_controller_spec.rb +141 -0
  30. data/spec/controllers/spree/api/v1/orders_controller_spec.rb +735 -0
  31. data/spec/controllers/spree/api/v1/payments_controller_spec.rb +234 -0
  32. data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +156 -0
  33. data/spec/controllers/spree/api/v1/products_controller_spec.rb +409 -0
  34. data/spec/controllers/spree/api/v1/promotion_application_spec.rb +50 -0
  35. data/spec/controllers/spree/api/v1/promotions_controller_spec.rb +64 -0
  36. data/spec/controllers/spree/api/v1/properties_controller_spec.rb +102 -0
  37. data/spec/controllers/spree/api/v1/reimbursements_controller_spec.rb +24 -0
  38. data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +161 -0
  39. data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +187 -0
  40. data/spec/controllers/spree/api/v1/states_controller_spec.rb +86 -0
  41. data/spec/controllers/spree/api/v1/stock_items_controller_spec.rb +151 -0
  42. data/spec/controllers/spree/api/v1/stock_locations_controller_spec.rb +113 -0
  43. data/spec/controllers/spree/api/v1/stock_movements_controller_spec.rb +84 -0
  44. data/spec/controllers/spree/api/v1/stores_controller_spec.rb +133 -0
  45. data/spec/controllers/spree/api/v1/tags_controller_spec.rb +102 -0
  46. data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +114 -0
  47. data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +177 -0
  48. data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
  49. data/spec/controllers/spree/api/v1/users_controller_spec.rb +153 -0
  50. data/spec/controllers/spree/api/v1/variants_controller_spec.rb +205 -0
  51. data/spec/controllers/spree/api/v1/zones_controller_spec.rb +91 -0
  52. data/spec/models/spree/legacy_user_spec.rb +19 -0
  53. data/spec/requests/rabl_cache_spec.rb +32 -0
  54. data/spec/requests/ransackable_attributes_spec.rb +79 -0
  55. data/spec/requests/version_spec.rb +19 -0
  56. data/spec/shared_examples/protect_product_actions.rb +17 -0
  57. data/spec/spec_helper.rb +63 -0
  58. data/spec/support/controller_hacks.rb +40 -0
  59. data/spec/support/database_cleaner.rb +14 -0
  60. data/spec/support/have_attributes_matcher.rb +13 -0
  61. data/spree_api.gemspec +4 -3
  62. metadata +105 -13
  63. data/app/views/spree/api/v1/config/money.v1.rabl +0 -2
  64. data/app/views/spree/api/v1/config/show.v1.rabl +0 -2
@@ -0,0 +1,361 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::CheckoutsController, type: :controller do
5
+ render_views
6
+
7
+ shared_examples_for 'action which loads order using load_order_with_lock' do
8
+ before do
9
+ allow(controller).to receive(:load_order).with(true).and_return(true)
10
+ end
11
+
12
+ it 'should invoke load_order_with_lock' do
13
+ expect(controller).to receive(:load_order_with_lock).exactly(1).times
14
+ end
15
+
16
+ it 'should invoke load_order' do
17
+ expect(controller).to receive(:load_order).with(true).exactly(1).times.and_return(true)
18
+ end
19
+
20
+ context 'ensure no double_render_error' do
21
+ before do
22
+ def controller.load_order(*)
23
+ respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
24
+ end
25
+ end
26
+
27
+ it 'should not generate double_render_error' do
28
+ expect(response).to be_success
29
+ end
30
+ end
31
+
32
+ after do
33
+ send_request
34
+ end
35
+ end
36
+
37
+ before(:each) do
38
+ stub_authentication!
39
+ Spree::Config[:track_inventory_levels] = false
40
+ country_zone = create(:zone, name: 'CountryZone')
41
+ @state = create(:state)
42
+ @country = @state.country
43
+ country_zone.members.create(zoneable: @country)
44
+ create(:stock_location)
45
+
46
+ @shipping_method = create(:shipping_method, zones: [country_zone])
47
+ @payment_method = create(:credit_card_payment_method)
48
+ end
49
+
50
+ after do
51
+ Spree::Config[:track_inventory_levels] = true
52
+ end
53
+
54
+ context "PUT 'update'" do
55
+ let(:order) do
56
+ order = create(:order_with_line_items)
57
+ # Order should be in a pristine state
58
+ # Without doing this, the order may transition from 'cart' straight to 'delivery'
59
+ order.shipments.delete_all
60
+ order
61
+ end
62
+
63
+ before(:each) do
64
+ allow_any_instance_of(Order).to receive_messages(confirmation_required?: true)
65
+ allow_any_instance_of(Order).to receive_messages(payment_required?: true)
66
+ end
67
+
68
+ it "should transition a recently created order from cart to address" do
69
+ expect(order.state).to eq "cart"
70
+ expect(order.email).not_to be_nil
71
+ api_put :update, id: order.to_param, order_token: order.guest_token
72
+ expect(order.reload.state).to eq "address"
73
+ end
74
+
75
+ it "should transition a recently created order from cart to address with order token in header" do
76
+ expect(order.state).to eq "cart"
77
+ expect(order.email).not_to be_nil
78
+ request.headers["X-Spree-Order-Token"] = order.guest_token
79
+ api_put :update, id: order.to_param
80
+ expect(order.reload.state).to eq "address"
81
+ end
82
+
83
+ it "can take line_items_attributes as a parameter" do
84
+ line_item = order.line_items.first
85
+ api_put :update, id: order.to_param, order_token: order.guest_token,
86
+ order: { line_items_attributes: { 0 => { id: line_item.id, quantity: 1 } } }
87
+ expect(response.status).to eq(200)
88
+ expect(order.reload.state).to eq "address"
89
+ end
90
+
91
+ it "can take line_items as a parameter" do
92
+ line_item = order.line_items.first
93
+ api_put :update, id: order.to_param, order_token: order.guest_token,
94
+ order: { line_items: { 0 => { id: line_item.id, quantity: 1 } } }
95
+ expect(response.status).to eq(200)
96
+ expect(order.reload.state).to eq "address"
97
+ end
98
+
99
+ it "will return an error if the order cannot transition" do
100
+ skip "not sure if this test is valid"
101
+ order.bill_address = nil
102
+ order.save
103
+ order.update_column(:state, "address")
104
+ api_put :update, id: order.to_param, order_token: order.guest_token
105
+ # Order has not transitioned
106
+ expect(response.status).to eq(422)
107
+ end
108
+
109
+ context "transitioning to delivery" do
110
+ before do
111
+ order.update_column(:state, "address")
112
+ end
113
+
114
+ let(:address) do
115
+ {
116
+ firstname: 'John',
117
+ lastname: 'Doe',
118
+ address1: '7735 Old Georgetown Road',
119
+ city: 'Bethesda',
120
+ phone: '3014445002',
121
+ zipcode: '20814',
122
+ state_id: @state.id,
123
+ country_id: @country.id
124
+ }
125
+ end
126
+
127
+ it "can update addresses and transition from address to delivery" do
128
+ api_put :update,
129
+ id: order.to_param, order_token: order.guest_token,
130
+ order: {
131
+ bill_address_attributes: address,
132
+ ship_address_attributes: address
133
+ }
134
+ expect(json_response['state']).to eq('delivery')
135
+ expect(json_response['bill_address']['firstname']).to eq('John')
136
+ expect(json_response['ship_address']['firstname']).to eq('John')
137
+ expect(response.status).to eq(200)
138
+ end
139
+
140
+ # Regression Spec for #5389 & #5880
141
+ it "can update addresses but not transition to delivery w/o shipping setup" do
142
+ Spree::ShippingMethod.destroy_all
143
+ api_put :update,
144
+ id: order.to_param, order_token: order.guest_token,
145
+ order: {
146
+ bill_address_attributes: address,
147
+ ship_address_attributes: address
148
+ }
149
+ expect(json_response['error']).to eq(I18n.t(:could_not_transition, scope: "spree.api.order"))
150
+ expect(response.status).to eq(422)
151
+ end
152
+
153
+ # Regression test for #4498
154
+ it "does not contain duplicate variant data in delivery return" do
155
+ api_put :update,
156
+ id: order.to_param, order_token: order.guest_token,
157
+ order: {
158
+ bill_address_attributes: address,
159
+ ship_address_attributes: address
160
+ }
161
+ # Shipments manifests should not return the ENTIRE variant
162
+ # This information is already present within the order's line items
163
+ expect(json_response['shipments'].first['manifest'].first['variant']).to be_nil
164
+ expect(json_response['shipments'].first['manifest'].first['variant_id']).to_not be_nil
165
+ end
166
+ end
167
+
168
+ it "can update shipping method and transition from delivery to payment" do
169
+ order.update_column(:state, "delivery")
170
+ shipment = create(:shipment, order: order)
171
+ shipment.refresh_rates
172
+ shipping_rate = shipment.shipping_rates.where(selected: false).first
173
+ api_put :update, id: order.to_param, order_token: order.guest_token,
174
+ order: { shipments_attributes: { "0" => { selected_shipping_rate_id: shipping_rate.id, id: shipment.id } } }
175
+ expect(response.status).to eq(200)
176
+ # Find the correct shipment...
177
+ json_shipment = json_response['shipments'].detect { |s| s["id"] == shipment.id }
178
+ # Find the correct shipping rate for that shipment...
179
+ json_shipping_rate = json_shipment['shipping_rates'].detect { |sr| sr["id"] == shipping_rate.id }
180
+ # ... And finally ensure that it's selected
181
+ expect(json_shipping_rate['selected']).to be true
182
+ # Order should automatically transfer to payment because all criteria are met
183
+ expect(json_response['state']).to eq('payment')
184
+ end
185
+
186
+ it "can update payment method and transition from payment to confirm" do
187
+ order.update_column(:state, "payment")
188
+ api_put :update, id: order.to_param, order_token: order.guest_token,
189
+ order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
190
+ expect(json_response['state']).to eq('confirm')
191
+ expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
192
+ expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
193
+ expect(response.status).to eq(200)
194
+ end
195
+
196
+ it "can update payment method with source and transition from payment to confirm" do
197
+ order.update_column(:state, "payment")
198
+ source_attributes = {
199
+ number: "4111111111111111",
200
+ month: 1.month.from_now.month,
201
+ year: 1.month.from_now.year,
202
+ verification_value: "123",
203
+ name: "Spree Commerce"
204
+ }
205
+
206
+ api_put :update, id: order.to_param, order_token: order.guest_token,
207
+ order: { payments_attributes: [{ payment_method_id: @payment_method.id.to_s }],
208
+ payment_source: { @payment_method.id.to_s => source_attributes } }
209
+ expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
210
+ expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
211
+ expect(response.status).to eq(200)
212
+ end
213
+
214
+ it "returns errors when source is missing attributes" do
215
+ order.update_column(:state, "payment")
216
+ api_put :update, id: order.to_param, order_token: order.guest_token,
217
+ order: {
218
+ payments_attributes: [{ payment_method_id: @payment_method.id }]
219
+ },
220
+ payment_source: {
221
+ @payment_method.id.to_s => { name: "Spree" }
222
+ }
223
+
224
+ expect(response.status).to eq(422)
225
+ cc_errors = json_response['errors']['payments.Credit Card']
226
+ expect(cc_errors).to include("Number can't be blank")
227
+ expect(cc_errors).to include("Month is not a number")
228
+ expect(cc_errors).to include("Year is not a number")
229
+ expect(cc_errors).to include("Verification Value can't be blank")
230
+ end
231
+
232
+ it "allow users to reuse a credit card" do
233
+ order.update_column(:state, "payment")
234
+ credit_card = create(:credit_card, user_id: order.user_id, payment_method_id: @payment_method.id)
235
+
236
+ api_put :update, id: order.to_param, order_token: order.guest_token,
237
+ order: { existing_card: credit_card.id }
238
+
239
+ expect(response.status).to eq 200
240
+ expect(order.credit_cards).to match_array [credit_card]
241
+ end
242
+
243
+ it "can transition from confirm to complete" do
244
+ order.update_columns(state: 'confirm')
245
+ allow_any_instance_of(Spree::Order).to receive_messages(payment_required?: false)
246
+ api_put :update, id: order.to_param, order_token: order.guest_token
247
+ expect(json_response['state']).to eq('complete')
248
+ expect(response.status).to eq(200)
249
+ end
250
+
251
+ it "returns the order if the order is already complete" do
252
+ order.update_columns(completed_at: Time.current, state: 'complete')
253
+ api_put :update, id: order.to_param, order_token: order.guest_token
254
+ expect(json_response['number']).to eq(order.number)
255
+ expect(response.status).to eq(200)
256
+ end
257
+
258
+ # Regression test for #3784
259
+ it "can update the special instructions for an order" do
260
+ instructions = "Don't drop it. (Please)"
261
+ api_put :update, id: order.to_param, order_token: order.guest_token,
262
+ order: { special_instructions: instructions }
263
+ expect(json_response['special_instructions']).to eql(instructions)
264
+ end
265
+
266
+ context "as an admin" do
267
+ sign_in_as_admin!
268
+ it "can assign a user to the order" do
269
+ user = create(:user)
270
+ # Need to pass email as well so that validations succeed
271
+ api_put :update, id: order.to_param, order_token: order.guest_token,
272
+ order: { user_id: user.id, email: "guest@spreecommerce.org" }
273
+ expect(response.status).to eq(200)
274
+ expect(json_response['user_id']).to eq(user.id)
275
+ end
276
+ end
277
+
278
+ it "can assign an email to the order" do
279
+ api_put :update, id: order.to_param, order_token: order.guest_token,
280
+ order: { email: "guest@spreecommerce.org" }
281
+ expect(json_response['email']).to eq("guest@spreecommerce.org")
282
+ expect(response.status).to eq(200)
283
+ end
284
+
285
+ it "can apply a coupon code to an order" do
286
+ order.update_column(:state, "payment")
287
+ expect(PromotionHandler::Coupon).to receive(:new).with(order).and_call_original
288
+ expect_any_instance_of(PromotionHandler::Coupon).to receive(:apply).and_return({ coupon_applied?: true })
289
+ api_put :update, id: order.to_param, order_token: order.guest_token, order: { coupon_code: "foobar" }
290
+ end
291
+
292
+ def send_request
293
+ api_put :update, id: order.to_param, order_token: order.guest_token
294
+ end
295
+
296
+ it_should_behave_like 'action which loads order using load_order_with_lock'
297
+ end
298
+
299
+ context "PUT 'next'" do
300
+ let!(:order) { create(:order_with_line_items) }
301
+ it "cannot transition to address without a line item" do
302
+ order.line_items.delete_all
303
+ order.update_column(:email, "spree@example.com")
304
+ api_put :next, id: order.to_param, order_token: order.guest_token
305
+ expect(response.status).to eq(422)
306
+ expect(json_response["errors"]["base"]).to include(Spree.t(:there_are_no_items_for_this_order))
307
+ end
308
+
309
+ it "can transition an order to the next state" do
310
+ order.update_column(:email, "spree@example.com")
311
+
312
+ api_put :next, id: order.to_param, order_token: order.guest_token
313
+ expect(response.status).to eq(200)
314
+ expect(json_response['state']).to eq('address')
315
+ end
316
+
317
+ it "cannot transition if order email is blank" do
318
+ order.update_columns(
319
+ state: 'address',
320
+ email: nil
321
+ )
322
+
323
+ api_put :next, id: order.to_param, order_token: order.guest_token
324
+ expect(response.status).to eq(422)
325
+ expect(json_response['error']).to match(/could not be transitioned/)
326
+ end
327
+
328
+ it "doesnt advance payment state if order has no payment" do
329
+ order.update_column(:state, "payment")
330
+ api_put :next, id: order.to_param, order_token: order.guest_token, order: {}
331
+ expect(json_response["errors"]["base"]).to include(Spree.t(:no_payment_found))
332
+ end
333
+
334
+ def send_request
335
+ api_put :next, id: order.to_param, order_token: order.guest_token
336
+ end
337
+
338
+ it_should_behave_like 'action which loads order using load_order_with_lock'
339
+ end
340
+
341
+ context "PUT 'advance'" do
342
+ let!(:order) { create(:order_with_line_items) }
343
+
344
+ it 'continues to advance advances an order while it can move forward' do
345
+ expect_any_instance_of(Spree::Order).to receive(:next).exactly(3).times.and_return(true, true, false)
346
+ api_put :advance, id: order.to_param, order_token: order.guest_token
347
+ end
348
+
349
+ it 'returns the order' do
350
+ api_put :advance, id: order.to_param, order_token: order.guest_token
351
+ expect(json_response['id']).to eq(order.id)
352
+ end
353
+
354
+ def send_request
355
+ api_put :advance, id: order.to_param, order_token: order.guest_token
356
+ end
357
+
358
+ it_should_behave_like 'action which loads order using load_order_with_lock'
359
+ end
360
+ end
361
+ end
@@ -0,0 +1,48 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::ClassificationsController, type: :controller do
5
+ let(:taxon) do
6
+ taxon = create(:taxon)
7
+
8
+ 3.times do
9
+ product = create(:product)
10
+ product.taxons << taxon
11
+ end
12
+ taxon
13
+ end
14
+
15
+ before do
16
+ stub_authentication!
17
+ end
18
+
19
+ context "as a user" do
20
+ it "cannot change the order of a product" do
21
+ api_put :update, taxon_id: taxon, product_id: taxon.products.first, position: 1
22
+ expect(response.status).to eq(401)
23
+ end
24
+ end
25
+
26
+ context "as an admin" do
27
+ sign_in_as_admin!
28
+
29
+ let(:last_product) { taxon.products.last }
30
+
31
+ it "can change the order a product" do
32
+ classification = taxon.classifications.find_by(product_id: last_product.id)
33
+ expect(classification.position).to eq(3)
34
+ api_put :update, taxon_id: taxon.id, product_id: last_product.id, position: 0
35
+ expect(response.status).to eq(200)
36
+ expect(classification.reload.position).to eq(1)
37
+ end
38
+
39
+ it "should touch the taxon" do
40
+ taxon.update_attributes(updated_at: Time.current - 10.seconds)
41
+ taxon_last_updated_at = taxon.updated_at
42
+ api_put :update, taxon_id: taxon.id, product_id: last_product.id, position: 0
43
+ taxon.reload
44
+ expect(taxon_last_updated_at.to_i).to_not eq(taxon.updated_at.to_i)
45
+ end
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,48 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::CountriesController, type: :controller do
5
+ render_views
6
+
7
+ before do
8
+ stub_authentication!
9
+ @state = create(:state)
10
+ @country = @state.country
11
+ end
12
+
13
+ it "gets all countries" do
14
+ api_get :index
15
+ expect(json_response['countries'].first['iso3']).to eq @country.iso3
16
+ end
17
+
18
+ context "with two countries" do
19
+ before { @zambia = create(:country, name: "Zambia") }
20
+
21
+ it "can view all countries" do
22
+ api_get :index
23
+ expect(json_response['count']).to eq(2)
24
+ expect(json_response['current_page']).to eq(1)
25
+ expect(json_response['pages']).to eq(1)
26
+ end
27
+
28
+ it 'can query the results through a paramter' do
29
+ api_get :index, q: { name_cont: 'zam' }
30
+ expect(json_response['count']).to eq(1)
31
+ expect(json_response['countries'].first['name']).to eq @zambia.name
32
+ end
33
+
34
+ it 'can control the page size through a parameter' do
35
+ api_get :index, per_page: 1
36
+ expect(json_response['count']).to eq(1)
37
+ expect(json_response['current_page']).to eq(1)
38
+ expect(json_response['pages']).to eq(2)
39
+ end
40
+ end
41
+
42
+ it "includes states" do
43
+ api_get :show, id: @country.id
44
+ states = json_response['states']
45
+ expect(states.first['name']).to eq @state.name
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,80 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::CreditCardsController, type: :controller do
5
+ render_views
6
+
7
+ let!(:admin_user) do
8
+ user = Spree.user_class.new(email: "spree@example.com", id: 1)
9
+ user.generate_spree_api_key!
10
+ allow(user).to receive(:has_spree_role?).with('admin').and_return(true)
11
+ user
12
+ end
13
+
14
+ let!(:normal_user) do
15
+ user = Spree.user_class.new(email: "spree2@example.com", id: 2)
16
+ user.generate_spree_api_key!
17
+ user
18
+ end
19
+
20
+ let!(:card) { create(:credit_card, user_id: admin_user.id, gateway_customer_profile_id: "random") }
21
+
22
+ before do
23
+ stub_authentication!
24
+ end
25
+
26
+ it "the user id doesn't exist" do
27
+ api_get :index, user_id: 1000
28
+ expect(response.status).to eq(404)
29
+ end
30
+
31
+ context "calling user is in admin role" do
32
+ let(:current_api_user) do
33
+ user = admin_user
34
+ user
35
+ end
36
+
37
+ it "no credit cards exist for user" do
38
+ api_get :index, user_id: normal_user.id
39
+
40
+ expect(response.status).to eq(200)
41
+ expect(json_response["pages"]).to eq(0)
42
+ end
43
+
44
+ it "can view all credit cards for user" do
45
+ api_get :index, user_id: current_api_user.id
46
+
47
+ expect(response.status).to eq(200)
48
+ expect(json_response["pages"]).to eq(1)
49
+ expect(json_response["current_page"]).to eq(1)
50
+ expect(json_response["credit_cards"].length).to eq(1)
51
+ expect(json_response["credit_cards"].first["id"]).to eq(card.id)
52
+ end
53
+ end
54
+
55
+ context "calling user is not in admin role" do
56
+ let(:current_api_user) do
57
+ user = normal_user
58
+ user
59
+ end
60
+
61
+ let!(:card) { create(:credit_card, user_id: normal_user.id, gateway_customer_profile_id: "random") }
62
+
63
+ it "can not view user" do
64
+ api_get :index, user_id: admin_user.id
65
+
66
+ expect(response.status).to eq(404)
67
+ end
68
+
69
+ it "can view own credit cards" do
70
+ api_get :index, user_id: normal_user.id
71
+
72
+ expect(response.status).to eq(200)
73
+ expect(json_response["pages"]).to eq(1)
74
+ expect(json_response["current_page"]).to eq(1)
75
+ expect(json_response["credit_cards"].length).to eq(1)
76
+ expect(json_response["credit_cards"].first["id"]).to eq(card.id)
77
+ end
78
+ end
79
+ end
80
+ end
@@ -0,0 +1,27 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::CustomerReturnsController, type: :controller do
5
+ render_views
6
+
7
+ before do
8
+ stub_authentication!
9
+ @customer_return = create(:customer_return)
10
+ end
11
+
12
+ describe '#index' do
13
+ let(:order) { customer_return.order }
14
+ let(:customer_return) { create(:customer_return) }
15
+
16
+ before do
17
+ api_get :index
18
+ end
19
+
20
+ it 'loads customer returns' do
21
+ expect(response.status).to eq(200)
22
+ expect(json_response['count']).to eq(1)
23
+ end
24
+ end
25
+ end
26
+ end
27
+
@@ -0,0 +1,114 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::ImagesController, type: :controller do
5
+ render_views
6
+
7
+ let!(:product) { create(:product) }
8
+ let!(:attributes) { [:id, :position, :attachment_content_type,
9
+ :attachment_file_name, :type, :attachment_updated_at, :attachment_width,
10
+ :attachment_height, :alt] }
11
+
12
+ before do
13
+ stub_authentication!
14
+ end
15
+
16
+ context "as an admin" do
17
+ sign_in_as_admin!
18
+
19
+ it "can learn how to create a new image" do
20
+ api_get :new, product_id: product.id
21
+ expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
22
+ expect(json_response["required_attributes"]).to be_empty
23
+ end
24
+
25
+ it "can upload a new image for a variant" do
26
+ expect do
27
+ api_post :create,
28
+ image: { attachment: upload_image('thinking-cat.jpg'),
29
+ viewable_type: 'Spree::Variant',
30
+ viewable_id: product.master.to_param },
31
+ product_id: product.id
32
+ expect(response.status).to eq(201)
33
+ expect(json_response).to have_attributes(attributes)
34
+ end.to change(Image, :count).by(1)
35
+ end
36
+
37
+ it "can't upload a new image for a variant without attachment" do
38
+ api_post :create,
39
+ image: { viewable_type: 'Spree::Variant',
40
+ viewable_id: product.master.to_param
41
+ },
42
+ product_id: product.id
43
+ expect(response.status).to eq(422)
44
+ end
45
+
46
+ context "working with an existing image" do
47
+ let!(:product_image) { product.master.images.create!(attachment: image('thinking-cat.jpg')) }
48
+
49
+ it "can get a single product image" do
50
+ api_get :show, id: product_image.id, product_id: product.id
51
+ expect(response.status).to eq(200)
52
+ expect(json_response).to have_attributes(attributes)
53
+ end
54
+
55
+ it "can get a single variant image" do
56
+ api_get :show, id: product_image.id, variant_id: product.master.id
57
+ expect(response.status).to eq(200)
58
+ expect(json_response).to have_attributes(attributes)
59
+ end
60
+
61
+ it "can get a list of product images" do
62
+ api_get :index, product_id: product.id
63
+ expect(response.status).to eq(200)
64
+ expect(json_response).to have_key("images")
65
+ expect(json_response["images"].first).to have_attributes(attributes)
66
+ end
67
+
68
+ it "can get a list of variant images" do
69
+ api_get :index, variant_id: product.master.id
70
+ expect(response.status).to eq(200)
71
+ expect(json_response).to have_key("images")
72
+ expect(json_response["images"].first).to have_attributes(attributes)
73
+ end
74
+
75
+ it "can update image data" do
76
+ expect(product_image.position).to eq(1)
77
+ api_post :update, image: { position: 2 }, id: product_image.id, product_id: product.id
78
+ expect(response.status).to eq(200)
79
+ expect(json_response).to have_attributes(attributes)
80
+ expect(product_image.reload.position).to eq(2)
81
+ end
82
+
83
+ it "can't update an image without attachment" do
84
+ api_post :update,
85
+ id: product_image.id, product_id: product.id
86
+ expect(response.status).to eq(422)
87
+ end
88
+
89
+ it "can delete an image" do
90
+ api_delete :destroy, id: product_image.id, product_id: product.id
91
+ expect(response.status).to eq(204)
92
+ expect { product_image.reload }.to raise_error(ActiveRecord::RecordNotFound)
93
+ end
94
+ end
95
+ end
96
+
97
+ context "as a non-admin" do
98
+ it "cannot create an image" do
99
+ api_post :create, product_id: product.id
100
+ assert_unauthorized!
101
+ end
102
+
103
+ it "cannot update an image" do
104
+ api_put :update, id: 1, product_id: product.id
105
+ assert_not_found!
106
+ end
107
+
108
+ it "cannot delete an image" do
109
+ api_delete :destroy, id: 1, product_id: product.id
110
+ assert_not_found!
111
+ end
112
+ end
113
+ end
114
+ end