spree_api 3.2.9 → 3.3.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/base_controller.rb +11 -12
  3. data/app/controllers/spree/api/v1/checkouts_controller.rb +5 -8
  4. data/app/controllers/spree/api/v1/customer_returns_controller.rb +24 -0
  5. data/app/controllers/spree/api/v1/orders_controller.rb +13 -24
  6. data/app/controllers/spree/api/v1/payments_controller.rb +2 -3
  7. data/app/controllers/spree/api/v1/reimbursements_controller.rb +24 -0
  8. data/app/controllers/spree/api/v1/shipments_controller.rb +4 -4
  9. data/app/controllers/spree/api/v1/zones_controller.rb +8 -3
  10. data/app/helpers/spree/api/api_helpers.rb +13 -1
  11. data/app/models/concerns/spree/user_api_authentication.rb +19 -0
  12. data/app/models/concerns/spree/user_api_methods.rb +7 -0
  13. data/app/views/spree/api/v1/customer_returns/index.v1.rabl +7 -0
  14. data/app/views/spree/api/v1/line_items/show.v1.rabl +0 -1
  15. data/app/views/spree/api/v1/reimbursements/index.v1.rabl +7 -0
  16. data/config/initializers/user_class_extensions.rb +7 -0
  17. data/config/routes.rb +3 -0
  18. data/spec/controllers/spree/api/base_controller_spec.rb +84 -0
  19. data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +56 -0
  20. data/spec/controllers/spree/api/v1/checkouts_controller_spec.rb +361 -0
  21. data/spec/controllers/spree/api/v1/classifications_controller_spec.rb +48 -0
  22. data/spec/controllers/spree/api/v1/countries_controller_spec.rb +48 -0
  23. data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb +80 -0
  24. data/spec/controllers/spree/api/v1/customer_returns_controller_spec.rb +27 -0
  25. data/spec/controllers/spree/api/v1/images_controller_spec.rb +114 -0
  26. data/spec/controllers/spree/api/v1/inventory_units_controller_spec.rb +48 -0
  27. data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +210 -0
  28. data/spec/controllers/spree/api/v1/option_types_controller_spec.rb +122 -0
  29. data/spec/controllers/spree/api/v1/option_values_controller_spec.rb +141 -0
  30. data/spec/controllers/spree/api/v1/orders_controller_spec.rb +735 -0
  31. data/spec/controllers/spree/api/v1/payments_controller_spec.rb +234 -0
  32. data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +156 -0
  33. data/spec/controllers/spree/api/v1/products_controller_spec.rb +409 -0
  34. data/spec/controllers/spree/api/v1/promotion_application_spec.rb +50 -0
  35. data/spec/controllers/spree/api/v1/promotions_controller_spec.rb +64 -0
  36. data/spec/controllers/spree/api/v1/properties_controller_spec.rb +102 -0
  37. data/spec/controllers/spree/api/v1/reimbursements_controller_spec.rb +24 -0
  38. data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +161 -0
  39. data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +187 -0
  40. data/spec/controllers/spree/api/v1/states_controller_spec.rb +86 -0
  41. data/spec/controllers/spree/api/v1/stock_items_controller_spec.rb +151 -0
  42. data/spec/controllers/spree/api/v1/stock_locations_controller_spec.rb +113 -0
  43. data/spec/controllers/spree/api/v1/stock_movements_controller_spec.rb +84 -0
  44. data/spec/controllers/spree/api/v1/stores_controller_spec.rb +133 -0
  45. data/spec/controllers/spree/api/v1/tags_controller_spec.rb +102 -0
  46. data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +114 -0
  47. data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +177 -0
  48. data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
  49. data/spec/controllers/spree/api/v1/users_controller_spec.rb +153 -0
  50. data/spec/controllers/spree/api/v1/variants_controller_spec.rb +205 -0
  51. data/spec/controllers/spree/api/v1/zones_controller_spec.rb +91 -0
  52. data/spec/models/spree/legacy_user_spec.rb +19 -0
  53. data/spec/requests/rabl_cache_spec.rb +32 -0
  54. data/spec/requests/ransackable_attributes_spec.rb +79 -0
  55. data/spec/requests/version_spec.rb +19 -0
  56. data/spec/shared_examples/protect_product_actions.rb +17 -0
  57. data/spec/spec_helper.rb +63 -0
  58. data/spec/support/controller_hacks.rb +40 -0
  59. data/spec/support/database_cleaner.rb +14 -0
  60. data/spec/support/have_attributes_matcher.rb +13 -0
  61. data/spree_api.gemspec +4 -3
  62. metadata +105 -13
  63. data/app/views/spree/api/v1/config/money.v1.rabl +0 -2
  64. data/app/views/spree/api/v1/config/show.v1.rabl +0 -2
@@ -0,0 +1,361 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::CheckoutsController, type: :controller do
5
+ render_views
6
+
7
+ shared_examples_for 'action which loads order using load_order_with_lock' do
8
+ before do
9
+ allow(controller).to receive(:load_order).with(true).and_return(true)
10
+ end
11
+
12
+ it 'should invoke load_order_with_lock' do
13
+ expect(controller).to receive(:load_order_with_lock).exactly(1).times
14
+ end
15
+
16
+ it 'should invoke load_order' do
17
+ expect(controller).to receive(:load_order).with(true).exactly(1).times.and_return(true)
18
+ end
19
+
20
+ context 'ensure no double_render_error' do
21
+ before do
22
+ def controller.load_order(*)
23
+ respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
24
+ end
25
+ end
26
+
27
+ it 'should not generate double_render_error' do
28
+ expect(response).to be_success
29
+ end
30
+ end
31
+
32
+ after do
33
+ send_request
34
+ end
35
+ end
36
+
37
+ before(:each) do
38
+ stub_authentication!
39
+ Spree::Config[:track_inventory_levels] = false
40
+ country_zone = create(:zone, name: 'CountryZone')
41
+ @state = create(:state)
42
+ @country = @state.country
43
+ country_zone.members.create(zoneable: @country)
44
+ create(:stock_location)
45
+
46
+ @shipping_method = create(:shipping_method, zones: [country_zone])
47
+ @payment_method = create(:credit_card_payment_method)
48
+ end
49
+
50
+ after do
51
+ Spree::Config[:track_inventory_levels] = true
52
+ end
53
+
54
+ context "PUT 'update'" do
55
+ let(:order) do
56
+ order = create(:order_with_line_items)
57
+ # Order should be in a pristine state
58
+ # Without doing this, the order may transition from 'cart' straight to 'delivery'
59
+ order.shipments.delete_all
60
+ order
61
+ end
62
+
63
+ before(:each) do
64
+ allow_any_instance_of(Order).to receive_messages(confirmation_required?: true)
65
+ allow_any_instance_of(Order).to receive_messages(payment_required?: true)
66
+ end
67
+
68
+ it "should transition a recently created order from cart to address" do
69
+ expect(order.state).to eq "cart"
70
+ expect(order.email).not_to be_nil
71
+ api_put :update, id: order.to_param, order_token: order.guest_token
72
+ expect(order.reload.state).to eq "address"
73
+ end
74
+
75
+ it "should transition a recently created order from cart to address with order token in header" do
76
+ expect(order.state).to eq "cart"
77
+ expect(order.email).not_to be_nil
78
+ request.headers["X-Spree-Order-Token"] = order.guest_token
79
+ api_put :update, id: order.to_param
80
+ expect(order.reload.state).to eq "address"
81
+ end
82
+
83
+ it "can take line_items_attributes as a parameter" do
84
+ line_item = order.line_items.first
85
+ api_put :update, id: order.to_param, order_token: order.guest_token,
86
+ order: { line_items_attributes: { 0 => { id: line_item.id, quantity: 1 } } }
87
+ expect(response.status).to eq(200)
88
+ expect(order.reload.state).to eq "address"
89
+ end
90
+
91
+ it "can take line_items as a parameter" do
92
+ line_item = order.line_items.first
93
+ api_put :update, id: order.to_param, order_token: order.guest_token,
94
+ order: { line_items: { 0 => { id: line_item.id, quantity: 1 } } }
95
+ expect(response.status).to eq(200)
96
+ expect(order.reload.state).to eq "address"
97
+ end
98
+
99
+ it "will return an error if the order cannot transition" do
100
+ skip "not sure if this test is valid"
101
+ order.bill_address = nil
102
+ order.save
103
+ order.update_column(:state, "address")
104
+ api_put :update, id: order.to_param, order_token: order.guest_token
105
+ # Order has not transitioned
106
+ expect(response.status).to eq(422)
107
+ end
108
+
109
+ context "transitioning to delivery" do
110
+ before do
111
+ order.update_column(:state, "address")
112
+ end
113
+
114
+ let(:address) do
115
+ {
116
+ firstname: 'John',
117
+ lastname: 'Doe',
118
+ address1: '7735 Old Georgetown Road',
119
+ city: 'Bethesda',
120
+ phone: '3014445002',
121
+ zipcode: '20814',
122
+ state_id: @state.id,
123
+ country_id: @country.id
124
+ }
125
+ end
126
+
127
+ it "can update addresses and transition from address to delivery" do
128
+ api_put :update,
129
+ id: order.to_param, order_token: order.guest_token,
130
+ order: {
131
+ bill_address_attributes: address,
132
+ ship_address_attributes: address
133
+ }
134
+ expect(json_response['state']).to eq('delivery')
135
+ expect(json_response['bill_address']['firstname']).to eq('John')
136
+ expect(json_response['ship_address']['firstname']).to eq('John')
137
+ expect(response.status).to eq(200)
138
+ end
139
+
140
+ # Regression Spec for #5389 & #5880
141
+ it "can update addresses but not transition to delivery w/o shipping setup" do
142
+ Spree::ShippingMethod.destroy_all
143
+ api_put :update,
144
+ id: order.to_param, order_token: order.guest_token,
145
+ order: {
146
+ bill_address_attributes: address,
147
+ ship_address_attributes: address
148
+ }
149
+ expect(json_response['error']).to eq(I18n.t(:could_not_transition, scope: "spree.api.order"))
150
+ expect(response.status).to eq(422)
151
+ end
152
+
153
+ # Regression test for #4498
154
+ it "does not contain duplicate variant data in delivery return" do
155
+ api_put :update,
156
+ id: order.to_param, order_token: order.guest_token,
157
+ order: {
158
+ bill_address_attributes: address,
159
+ ship_address_attributes: address
160
+ }
161
+ # Shipments manifests should not return the ENTIRE variant
162
+ # This information is already present within the order's line items
163
+ expect(json_response['shipments'].first['manifest'].first['variant']).to be_nil
164
+ expect(json_response['shipments'].first['manifest'].first['variant_id']).to_not be_nil
165
+ end
166
+ end
167
+
168
+ it "can update shipping method and transition from delivery to payment" do
169
+ order.update_column(:state, "delivery")
170
+ shipment = create(:shipment, order: order)
171
+ shipment.refresh_rates
172
+ shipping_rate = shipment.shipping_rates.where(selected: false).first
173
+ api_put :update, id: order.to_param, order_token: order.guest_token,
174
+ order: { shipments_attributes: { "0" => { selected_shipping_rate_id: shipping_rate.id, id: shipment.id } } }
175
+ expect(response.status).to eq(200)
176
+ # Find the correct shipment...
177
+ json_shipment = json_response['shipments'].detect { |s| s["id"] == shipment.id }
178
+ # Find the correct shipping rate for that shipment...
179
+ json_shipping_rate = json_shipment['shipping_rates'].detect { |sr| sr["id"] == shipping_rate.id }
180
+ # ... And finally ensure that it's selected
181
+ expect(json_shipping_rate['selected']).to be true
182
+ # Order should automatically transfer to payment because all criteria are met
183
+ expect(json_response['state']).to eq('payment')
184
+ end
185
+
186
+ it "can update payment method and transition from payment to confirm" do
187
+ order.update_column(:state, "payment")
188
+ api_put :update, id: order.to_param, order_token: order.guest_token,
189
+ order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
190
+ expect(json_response['state']).to eq('confirm')
191
+ expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
192
+ expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
193
+ expect(response.status).to eq(200)
194
+ end
195
+
196
+ it "can update payment method with source and transition from payment to confirm" do
197
+ order.update_column(:state, "payment")
198
+ source_attributes = {
199
+ number: "4111111111111111",
200
+ month: 1.month.from_now.month,
201
+ year: 1.month.from_now.year,
202
+ verification_value: "123",
203
+ name: "Spree Commerce"
204
+ }
205
+
206
+ api_put :update, id: order.to_param, order_token: order.guest_token,
207
+ order: { payments_attributes: [{ payment_method_id: @payment_method.id.to_s }],
208
+ payment_source: { @payment_method.id.to_s => source_attributes } }
209
+ expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
210
+ expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
211
+ expect(response.status).to eq(200)
212
+ end
213
+
214
+ it "returns errors when source is missing attributes" do
215
+ order.update_column(:state, "payment")
216
+ api_put :update, id: order.to_param, order_token: order.guest_token,
217
+ order: {
218
+ payments_attributes: [{ payment_method_id: @payment_method.id }]
219
+ },
220
+ payment_source: {
221
+ @payment_method.id.to_s => { name: "Spree" }
222
+ }
223
+
224
+ expect(response.status).to eq(422)
225
+ cc_errors = json_response['errors']['payments.Credit Card']
226
+ expect(cc_errors).to include("Number can't be blank")
227
+ expect(cc_errors).to include("Month is not a number")
228
+ expect(cc_errors).to include("Year is not a number")
229
+ expect(cc_errors).to include("Verification Value can't be blank")
230
+ end
231
+
232
+ it "allow users to reuse a credit card" do
233
+ order.update_column(:state, "payment")
234
+ credit_card = create(:credit_card, user_id: order.user_id, payment_method_id: @payment_method.id)
235
+
236
+ api_put :update, id: order.to_param, order_token: order.guest_token,
237
+ order: { existing_card: credit_card.id }
238
+
239
+ expect(response.status).to eq 200
240
+ expect(order.credit_cards).to match_array [credit_card]
241
+ end
242
+
243
+ it "can transition from confirm to complete" do
244
+ order.update_columns(state: 'confirm')
245
+ allow_any_instance_of(Spree::Order).to receive_messages(payment_required?: false)
246
+ api_put :update, id: order.to_param, order_token: order.guest_token
247
+ expect(json_response['state']).to eq('complete')
248
+ expect(response.status).to eq(200)
249
+ end
250
+
251
+ it "returns the order if the order is already complete" do
252
+ order.update_columns(completed_at: Time.current, state: 'complete')
253
+ api_put :update, id: order.to_param, order_token: order.guest_token
254
+ expect(json_response['number']).to eq(order.number)
255
+ expect(response.status).to eq(200)
256
+ end
257
+
258
+ # Regression test for #3784
259
+ it "can update the special instructions for an order" do
260
+ instructions = "Don't drop it. (Please)"
261
+ api_put :update, id: order.to_param, order_token: order.guest_token,
262
+ order: { special_instructions: instructions }
263
+ expect(json_response['special_instructions']).to eql(instructions)
264
+ end
265
+
266
+ context "as an admin" do
267
+ sign_in_as_admin!
268
+ it "can assign a user to the order" do
269
+ user = create(:user)
270
+ # Need to pass email as well so that validations succeed
271
+ api_put :update, id: order.to_param, order_token: order.guest_token,
272
+ order: { user_id: user.id, email: "guest@spreecommerce.org" }
273
+ expect(response.status).to eq(200)
274
+ expect(json_response['user_id']).to eq(user.id)
275
+ end
276
+ end
277
+
278
+ it "can assign an email to the order" do
279
+ api_put :update, id: order.to_param, order_token: order.guest_token,
280
+ order: { email: "guest@spreecommerce.org" }
281
+ expect(json_response['email']).to eq("guest@spreecommerce.org")
282
+ expect(response.status).to eq(200)
283
+ end
284
+
285
+ it "can apply a coupon code to an order" do
286
+ order.update_column(:state, "payment")
287
+ expect(PromotionHandler::Coupon).to receive(:new).with(order).and_call_original
288
+ expect_any_instance_of(PromotionHandler::Coupon).to receive(:apply).and_return({ coupon_applied?: true })
289
+ api_put :update, id: order.to_param, order_token: order.guest_token, order: { coupon_code: "foobar" }
290
+ end
291
+
292
+ def send_request
293
+ api_put :update, id: order.to_param, order_token: order.guest_token
294
+ end
295
+
296
+ it_should_behave_like 'action which loads order using load_order_with_lock'
297
+ end
298
+
299
+ context "PUT 'next'" do
300
+ let!(:order) { create(:order_with_line_items) }
301
+ it "cannot transition to address without a line item" do
302
+ order.line_items.delete_all
303
+ order.update_column(:email, "spree@example.com")
304
+ api_put :next, id: order.to_param, order_token: order.guest_token
305
+ expect(response.status).to eq(422)
306
+ expect(json_response["errors"]["base"]).to include(Spree.t(:there_are_no_items_for_this_order))
307
+ end
308
+
309
+ it "can transition an order to the next state" do
310
+ order.update_column(:email, "spree@example.com")
311
+
312
+ api_put :next, id: order.to_param, order_token: order.guest_token
313
+ expect(response.status).to eq(200)
314
+ expect(json_response['state']).to eq('address')
315
+ end
316
+
317
+ it "cannot transition if order email is blank" do
318
+ order.update_columns(
319
+ state: 'address',
320
+ email: nil
321
+ )
322
+
323
+ api_put :next, id: order.to_param, order_token: order.guest_token
324
+ expect(response.status).to eq(422)
325
+ expect(json_response['error']).to match(/could not be transitioned/)
326
+ end
327
+
328
+ it "doesnt advance payment state if order has no payment" do
329
+ order.update_column(:state, "payment")
330
+ api_put :next, id: order.to_param, order_token: order.guest_token, order: {}
331
+ expect(json_response["errors"]["base"]).to include(Spree.t(:no_payment_found))
332
+ end
333
+
334
+ def send_request
335
+ api_put :next, id: order.to_param, order_token: order.guest_token
336
+ end
337
+
338
+ it_should_behave_like 'action which loads order using load_order_with_lock'
339
+ end
340
+
341
+ context "PUT 'advance'" do
342
+ let!(:order) { create(:order_with_line_items) }
343
+
344
+ it 'continues to advance advances an order while it can move forward' do
345
+ expect_any_instance_of(Spree::Order).to receive(:next).exactly(3).times.and_return(true, true, false)
346
+ api_put :advance, id: order.to_param, order_token: order.guest_token
347
+ end
348
+
349
+ it 'returns the order' do
350
+ api_put :advance, id: order.to_param, order_token: order.guest_token
351
+ expect(json_response['id']).to eq(order.id)
352
+ end
353
+
354
+ def send_request
355
+ api_put :advance, id: order.to_param, order_token: order.guest_token
356
+ end
357
+
358
+ it_should_behave_like 'action which loads order using load_order_with_lock'
359
+ end
360
+ end
361
+ end
@@ -0,0 +1,48 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::ClassificationsController, type: :controller do
5
+ let(:taxon) do
6
+ taxon = create(:taxon)
7
+
8
+ 3.times do
9
+ product = create(:product)
10
+ product.taxons << taxon
11
+ end
12
+ taxon
13
+ end
14
+
15
+ before do
16
+ stub_authentication!
17
+ end
18
+
19
+ context "as a user" do
20
+ it "cannot change the order of a product" do
21
+ api_put :update, taxon_id: taxon, product_id: taxon.products.first, position: 1
22
+ expect(response.status).to eq(401)
23
+ end
24
+ end
25
+
26
+ context "as an admin" do
27
+ sign_in_as_admin!
28
+
29
+ let(:last_product) { taxon.products.last }
30
+
31
+ it "can change the order a product" do
32
+ classification = taxon.classifications.find_by(product_id: last_product.id)
33
+ expect(classification.position).to eq(3)
34
+ api_put :update, taxon_id: taxon.id, product_id: last_product.id, position: 0
35
+ expect(response.status).to eq(200)
36
+ expect(classification.reload.position).to eq(1)
37
+ end
38
+
39
+ it "should touch the taxon" do
40
+ taxon.update_attributes(updated_at: Time.current - 10.seconds)
41
+ taxon_last_updated_at = taxon.updated_at
42
+ api_put :update, taxon_id: taxon.id, product_id: last_product.id, position: 0
43
+ taxon.reload
44
+ expect(taxon_last_updated_at.to_i).to_not eq(taxon.updated_at.to_i)
45
+ end
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,48 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::CountriesController, type: :controller do
5
+ render_views
6
+
7
+ before do
8
+ stub_authentication!
9
+ @state = create(:state)
10
+ @country = @state.country
11
+ end
12
+
13
+ it "gets all countries" do
14
+ api_get :index
15
+ expect(json_response['countries'].first['iso3']).to eq @country.iso3
16
+ end
17
+
18
+ context "with two countries" do
19
+ before { @zambia = create(:country, name: "Zambia") }
20
+
21
+ it "can view all countries" do
22
+ api_get :index
23
+ expect(json_response['count']).to eq(2)
24
+ expect(json_response['current_page']).to eq(1)
25
+ expect(json_response['pages']).to eq(1)
26
+ end
27
+
28
+ it 'can query the results through a paramter' do
29
+ api_get :index, q: { name_cont: 'zam' }
30
+ expect(json_response['count']).to eq(1)
31
+ expect(json_response['countries'].first['name']).to eq @zambia.name
32
+ end
33
+
34
+ it 'can control the page size through a parameter' do
35
+ api_get :index, per_page: 1
36
+ expect(json_response['count']).to eq(1)
37
+ expect(json_response['current_page']).to eq(1)
38
+ expect(json_response['pages']).to eq(2)
39
+ end
40
+ end
41
+
42
+ it "includes states" do
43
+ api_get :show, id: @country.id
44
+ states = json_response['states']
45
+ expect(states.first['name']).to eq @state.name
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,80 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::CreditCardsController, type: :controller do
5
+ render_views
6
+
7
+ let!(:admin_user) do
8
+ user = Spree.user_class.new(email: "spree@example.com", id: 1)
9
+ user.generate_spree_api_key!
10
+ allow(user).to receive(:has_spree_role?).with('admin').and_return(true)
11
+ user
12
+ end
13
+
14
+ let!(:normal_user) do
15
+ user = Spree.user_class.new(email: "spree2@example.com", id: 2)
16
+ user.generate_spree_api_key!
17
+ user
18
+ end
19
+
20
+ let!(:card) { create(:credit_card, user_id: admin_user.id, gateway_customer_profile_id: "random") }
21
+
22
+ before do
23
+ stub_authentication!
24
+ end
25
+
26
+ it "the user id doesn't exist" do
27
+ api_get :index, user_id: 1000
28
+ expect(response.status).to eq(404)
29
+ end
30
+
31
+ context "calling user is in admin role" do
32
+ let(:current_api_user) do
33
+ user = admin_user
34
+ user
35
+ end
36
+
37
+ it "no credit cards exist for user" do
38
+ api_get :index, user_id: normal_user.id
39
+
40
+ expect(response.status).to eq(200)
41
+ expect(json_response["pages"]).to eq(0)
42
+ end
43
+
44
+ it "can view all credit cards for user" do
45
+ api_get :index, user_id: current_api_user.id
46
+
47
+ expect(response.status).to eq(200)
48
+ expect(json_response["pages"]).to eq(1)
49
+ expect(json_response["current_page"]).to eq(1)
50
+ expect(json_response["credit_cards"].length).to eq(1)
51
+ expect(json_response["credit_cards"].first["id"]).to eq(card.id)
52
+ end
53
+ end
54
+
55
+ context "calling user is not in admin role" do
56
+ let(:current_api_user) do
57
+ user = normal_user
58
+ user
59
+ end
60
+
61
+ let!(:card) { create(:credit_card, user_id: normal_user.id, gateway_customer_profile_id: "random") }
62
+
63
+ it "can not view user" do
64
+ api_get :index, user_id: admin_user.id
65
+
66
+ expect(response.status).to eq(404)
67
+ end
68
+
69
+ it "can view own credit cards" do
70
+ api_get :index, user_id: normal_user.id
71
+
72
+ expect(response.status).to eq(200)
73
+ expect(json_response["pages"]).to eq(1)
74
+ expect(json_response["current_page"]).to eq(1)
75
+ expect(json_response["credit_cards"].length).to eq(1)
76
+ expect(json_response["credit_cards"].first["id"]).to eq(card.id)
77
+ end
78
+ end
79
+ end
80
+ end
@@ -0,0 +1,27 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::CustomerReturnsController, type: :controller do
5
+ render_views
6
+
7
+ before do
8
+ stub_authentication!
9
+ @customer_return = create(:customer_return)
10
+ end
11
+
12
+ describe '#index' do
13
+ let(:order) { customer_return.order }
14
+ let(:customer_return) { create(:customer_return) }
15
+
16
+ before do
17
+ api_get :index
18
+ end
19
+
20
+ it 'loads customer returns' do
21
+ expect(response.status).to eq(200)
22
+ expect(json_response['count']).to eq(1)
23
+ end
24
+ end
25
+ end
26
+ end
27
+
@@ -0,0 +1,114 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::ImagesController, type: :controller do
5
+ render_views
6
+
7
+ let!(:product) { create(:product) }
8
+ let!(:attributes) { [:id, :position, :attachment_content_type,
9
+ :attachment_file_name, :type, :attachment_updated_at, :attachment_width,
10
+ :attachment_height, :alt] }
11
+
12
+ before do
13
+ stub_authentication!
14
+ end
15
+
16
+ context "as an admin" do
17
+ sign_in_as_admin!
18
+
19
+ it "can learn how to create a new image" do
20
+ api_get :new, product_id: product.id
21
+ expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
22
+ expect(json_response["required_attributes"]).to be_empty
23
+ end
24
+
25
+ it "can upload a new image for a variant" do
26
+ expect do
27
+ api_post :create,
28
+ image: { attachment: upload_image('thinking-cat.jpg'),
29
+ viewable_type: 'Spree::Variant',
30
+ viewable_id: product.master.to_param },
31
+ product_id: product.id
32
+ expect(response.status).to eq(201)
33
+ expect(json_response).to have_attributes(attributes)
34
+ end.to change(Image, :count).by(1)
35
+ end
36
+
37
+ it "can't upload a new image for a variant without attachment" do
38
+ api_post :create,
39
+ image: { viewable_type: 'Spree::Variant',
40
+ viewable_id: product.master.to_param
41
+ },
42
+ product_id: product.id
43
+ expect(response.status).to eq(422)
44
+ end
45
+
46
+ context "working with an existing image" do
47
+ let!(:product_image) { product.master.images.create!(attachment: image('thinking-cat.jpg')) }
48
+
49
+ it "can get a single product image" do
50
+ api_get :show, id: product_image.id, product_id: product.id
51
+ expect(response.status).to eq(200)
52
+ expect(json_response).to have_attributes(attributes)
53
+ end
54
+
55
+ it "can get a single variant image" do
56
+ api_get :show, id: product_image.id, variant_id: product.master.id
57
+ expect(response.status).to eq(200)
58
+ expect(json_response).to have_attributes(attributes)
59
+ end
60
+
61
+ it "can get a list of product images" do
62
+ api_get :index, product_id: product.id
63
+ expect(response.status).to eq(200)
64
+ expect(json_response).to have_key("images")
65
+ expect(json_response["images"].first).to have_attributes(attributes)
66
+ end
67
+
68
+ it "can get a list of variant images" do
69
+ api_get :index, variant_id: product.master.id
70
+ expect(response.status).to eq(200)
71
+ expect(json_response).to have_key("images")
72
+ expect(json_response["images"].first).to have_attributes(attributes)
73
+ end
74
+
75
+ it "can update image data" do
76
+ expect(product_image.position).to eq(1)
77
+ api_post :update, image: { position: 2 }, id: product_image.id, product_id: product.id
78
+ expect(response.status).to eq(200)
79
+ expect(json_response).to have_attributes(attributes)
80
+ expect(product_image.reload.position).to eq(2)
81
+ end
82
+
83
+ it "can't update an image without attachment" do
84
+ api_post :update,
85
+ id: product_image.id, product_id: product.id
86
+ expect(response.status).to eq(422)
87
+ end
88
+
89
+ it "can delete an image" do
90
+ api_delete :destroy, id: product_image.id, product_id: product.id
91
+ expect(response.status).to eq(204)
92
+ expect { product_image.reload }.to raise_error(ActiveRecord::RecordNotFound)
93
+ end
94
+ end
95
+ end
96
+
97
+ context "as a non-admin" do
98
+ it "cannot create an image" do
99
+ api_post :create, product_id: product.id
100
+ assert_unauthorized!
101
+ end
102
+
103
+ it "cannot update an image" do
104
+ api_put :update, id: 1, product_id: product.id
105
+ assert_not_found!
106
+ end
107
+
108
+ it "cannot delete an image" do
109
+ api_delete :destroy, id: 1, product_id: product.id
110
+ assert_not_found!
111
+ end
112
+ end
113
+ end
114
+ end