spree_api 3.2.9 → 3.3.0.rc1

data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb

@@ -0,0 +1,161 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::ReturnAuthorizationsController, type: :controller do
+    render_views
+
+    let!(:order) { create(:shipped_order) }
+
+    let(:product) { create(:product) }
+    let(:attributes) { [:id, :memo, :state] }
+    let(:resource_scoping) { { order_id: order.to_param } }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as the order owner" do
+      before do
+        allow_any_instance_of(Order).to receive_messages user: current_api_user
+      end
+
+      it "cannot see any return authorizations" do
+        api_get :index
+        assert_unauthorized!
+      end
+
+      it "cannot see a single return authorization" do
+        api_get :show, id: 1
+        assert_unauthorized!
+      end
+
+      it "cannot learn how to create a new return authorization" do
+        api_get :new
+        assert_unauthorized!
+      end
+
+      it "cannot create a new return authorization" do
+        api_post :create
+        assert_unauthorized!
+      end
+
+      it "cannot update a return authorization" do
+        api_put :update, id: 1
+        assert_not_found!
+      end
+
+      it "cannot delete a return authorization" do
+        api_delete :destroy, id: 1
+        assert_not_found!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can show return authorization" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_get :show, order_id: order.number, id: return_authorization.id
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).not_to be_blank
+      end
+
+      it "can get a list of return authorizations" do
+        FactoryGirl.create(:return_authorization, order: order)
+        FactoryGirl.create(:return_authorization, order: order)
+        api_get :index, { order_id: order.number }
+        expect(response.status).to eq(200)
+        return_authorizations = json_response["return_authorizations"]
+        expect(return_authorizations.first).to have_attributes(attributes)
+        expect(return_authorizations.first).not_to eq(return_authorizations.last)
+      end
+
+      it 'can control the page size through a parameter' do
+        FactoryGirl.create(:return_authorization, order: order)
+        FactoryGirl.create(:return_authorization, order: order)
+        api_get :index, order_id: order.number, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        FactoryGirl.create(:return_authorization, order: order)
+        expected_result = create(:return_authorization, memo: 'damaged')
+        order.return_authorizations << expected_result
+        api_get :index, q: { memo_cont: 'damaged' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['return_authorizations'].first['memo']).to eq expected_result.memo
+      end
+
+      it "can learn how to create a new return authorization" do
+        api_get :new
+        expect(json_response["attributes"]).to eq(["id", "number", "state", "order_id", "memo", "created_at", "updated_at"])
+        required_attributes = json_response["required_attributes"]
+        expect(required_attributes).to include("order")
+      end
+
+      it "can update a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_put :update, id: return_authorization.id, return_authorization: { memo: "ABC" }
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+      end
+
+      it "can cancel a return authorization on the order" do
+        FactoryGirl.create(:new_return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        expect(return_authorization.state).to eq("authorized")
+        api_delete :cancel, id: return_authorization.id
+        expect(response.status).to eq(200)
+        expect(return_authorization.reload.state).to eq("canceled")
+      end
+
+      it "can delete a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_delete :destroy, id: return_authorization.id
+        expect(response.status).to eq(204)
+        expect { return_authorization.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it "can add a new return authorization to an existing order" do
+        stock_location = FactoryGirl.create(:stock_location)
+        reason = FactoryGirl.create(:return_authorization_reason)
+        rma_params = { stock_location_id: stock_location.id,
+                       return_authorization_reason_id: reason.id,
+                       memo: "Defective" }
+        api_post :create, order_id: order.number, return_authorization: rma_params
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).not_to be_blank
+      end
+    end
+
+    context "as just another user" do
+      it "cannot add a return authorization to the order" do
+        api_post :create, return_autorization: { order_id: order.number, memo: "Defective" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_put :update, id: return_authorization.id, return_authorization: { memo: "ABC" }
+        assert_unauthorized!
+        expect(return_authorization.reload.memo).not_to eq("ABC")
+      end
+
+      it "cannot delete a return authorization on the order" do
+        FactoryGirl.create(:return_authorization, order: order)
+        return_authorization = order.return_authorizations.first
+        api_delete :destroy, id: return_authorization.id
+        assert_unauthorized!
+        expect { return_authorization.reload }.not_to raise_error
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/shipments_controller_spec.rb

@@ -0,0 +1,187 @@
+require 'spec_helper'
+
+describe Spree::Api::V1::ShipmentsController, type: :controller do
+  render_views
+  let!(:shipment) { create(:shipment) }
+  let!(:attributes) { [:id, :tracking, :number, :cost, :shipped_at, :stock_location_name, :order_id, :shipping_rates, :shipping_methods] }
+
+  before do
+    stub_authentication!
+  end
+
+  let!(:resource_scoping) { { id: shipment.to_param, shipment: { order_id: shipment.order.to_param } } }
+
+  context "as a non-admin" do
+    it "cannot make a shipment ready" do
+      api_put :ready
+      assert_not_found!
+    end
+
+    it "cannot make a shipment shipped" do
+      api_put :ship
+      assert_not_found!
+    end
+  end
+
+  context "as an admin" do
+    let!(:order) { shipment.order }
+    let!(:stock_location) { create(:stock_location_with_items) }
+    let!(:variant) { create(:variant) }
+
+    sign_in_as_admin!
+
+    # Start writing this spec a bit differently than before....
+    describe 'POST #create' do
+      let(:params) do
+        {
+          variant_id: stock_location.stock_items.first.variant.to_param,
+          shipment: { order_id: order.number },
+          stock_location_id: stock_location.to_param
+        }
+      end
+
+      subject do
+        api_post :create, params
+      end
+
+      [:variant_id, :stock_location_id].each do |field|
+        context "when #{field} is missing" do
+          before do
+            params.delete(field)
+          end
+
+          it 'should return proper error' do
+            subject
+            expect(response.status).to eq(422)
+            expect(json_response['exception']).to eq("param is missing or the value is empty: #{field.to_s}")
+          end
+        end
+      end
+
+      it 'should create a new shipment' do
+        expect(subject).to be_ok
+        expect(json_response).to have_attributes(attributes)
+      end
+    end
+
+    it 'can update a shipment' do
+      params = {
+        shipment: {
+          stock_location_id: stock_location.to_param
+        }
+      }
+
+      api_put :update, params
+      expect(response.status).to eq(200)
+      expect(json_response['stock_location_name']).to eq(stock_location.name)
+    end
+
+    it "can make a shipment ready" do
+      allow_any_instance_of(Spree::Order).to receive_messages(paid?: true, complete?: true)
+      api_put :ready
+      expect(json_response).to have_attributes(attributes)
+      expect(json_response["state"]).to eq("ready")
+      expect(shipment.reload.state).to eq("ready")
+    end
+
+    it "cannot make a shipment ready if the order is unpaid" do
+      allow_any_instance_of(Spree::Order).to receive_messages(paid?: false)
+      api_put :ready
+      expect(json_response["error"]).to eq("Cannot ready shipment.")
+      expect(response.status).to eq(422)
+    end
+
+    context 'for completed shipments' do
+      let(:order) { create :completed_order_with_totals }
+      let!(:resource_scoping) { { id: order.shipments.first.to_param, shipment: { order_id: order.to_param } } }
+
+      it 'adds a variant to a shipment' do
+        api_put :add, { variant_id: variant.to_param, quantity: 2 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(2)
+      end
+
+      it 'removes a variant from a shipment' do
+        order.contents.add(variant, 2)
+
+        api_put :remove, { variant_id: variant.to_param, quantity: 1 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(1)
+      end
+
+      it 'removes a destroyed variant from a shipment' do
+        order.contents.add(variant, 2)
+        variant.destroy
+
+        api_put :remove, { variant_id: variant.to_param, quantity: 1 }
+        expect(response.status).to eq(200)
+        expect(json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"]).to eq(1)
+      end
+    end
+
+    context "can transition a shipment from ready to ship" do
+      before do
+        allow_any_instance_of(Spree::Order).to receive_messages(paid?: true, complete?: true)
+        shipment.update!(shipment.order)
+        expect(shipment.state).to eq("ready")
+        allow_any_instance_of(Spree::ShippingRate).to receive_messages(cost: 5)
+      end
+
+      it "can transition a shipment from ready to ship" do
+        shipment.reload
+        api_put :ship, id: shipment.to_param, shipment: { tracking: "123123", order_id: shipment.order.to_param }
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).to eq("shipped")
+      end
+
+    end
+
+    describe '#mine' do
+      subject do
+        api_get :mine, format: 'json', params: params
+      end
+
+      let(:params) { {} }
+
+      before { subject }
+
+      context "the current api user is authenticated and has orders" do
+        let(:current_api_user) { shipped_order.user }
+        let(:shipped_order) { create(:shipped_order) }
+
+        it 'succeeds' do
+          expect(response.status).to eq 200
+        end
+
+        describe 'json output' do
+          render_views
+
+          let(:rendered_shipment_ids) { json_response['shipments'].map { |s| s['id'] } }
+
+          it 'contains the shipments' do
+            expect(rendered_shipment_ids).to match_array current_api_user.orders.flat_map(&:shipments).map(&:id)
+          end
+        end
+
+        context 'with filtering' do
+          let(:params) { {q: {order_completed_at_not_null: 1}} }
+
+          let!(:incomplete_order) { create(:order, user: current_api_user) }
+
+          it 'filters' do
+            expect(assigns(:shipments).map(&:id)).to match_array current_api_user.orders.complete.flat_map(&:shipments).map(&:id)
+          end
+        end
+      end
+
+      context "the current api user is not persisted" do
+        let(:current_api_user) { Spree.user_class.new }
+
+        it "returns a 401" do
+          expect(response.status).to eq(401)
+        end
+      end
+    end
+
+  end
+end

data/spec/controllers/spree/api/v1/states_controller_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::StatesController, type: :controller do
+    render_views
+
+    let!(:state) { create(:state, name: "Victoria") }
+    let(:attributes) { [:id, :name, :abbr, :country_id] }
+
+    before do
+      stub_authentication!
+    end
+
+    it "gets all states" do
+      api_get :index
+      expect(json_response["states"].first).to have_attributes(attributes)
+      expect(json_response['states'].first['name']).to eq(state.name)
+    end
+
+    it "gets all the states for a particular country" do
+      api_get :index, country_id: state.country.id
+      expect(json_response["states"].first).to have_attributes(attributes)
+      expect(json_response['states'].first['name']).to eq(state.name)
+    end
+
+    context "pagination" do
+      let(:scope) { double('scope') }
+
+      before do
+        expect(scope).to receive_messages(last: state)
+        expect(State).to receive_messages(accessible_by: scope)
+        expect(scope).to receive_messages(order: scope)
+        allow(scope).to receive_message_chain(:ransack, :result, :includes).and_return(scope)
+      end
+
+      it "does not paginate states results when asked not to do so" do
+        expect(scope).not_to receive(:page)
+        expect(scope).not_to receive(:per)
+        api_get :index
+      end
+
+      it "paginates when page parameter is passed through" do
+        expect(scope).to receive(:page).with("1").and_return(scope)
+        expect(scope).to receive(:per).with(nil).and_return(scope)
+        api_get :index, page: 1
+      end
+
+      it "paginates when per_page parameter is passed through" do
+        expect(scope).to receive(:page).with(nil).and_return(scope)
+        expect(scope).to receive(:per).with("25").and_return(scope)
+        api_get :index, per_page: 25
+      end
+    end
+
+
+    context "with two states" do
+      before { create(:state, name: "New South Wales") }
+
+      it "gets all states for a country" do
+        country = create(:country, states_required: true)
+        state.country = country
+        state.save
+
+        api_get :index, country_id: country.id
+        expect(json_response["states"].first).to have_attributes(attributes)
+        expect(json_response["states"].count).to eq(1)
+        json_response["states_required"] = true
+      end
+
+      it "can view all states" do
+        api_get :index
+        expect(json_response["states"].first).to have_attributes(attributes)
+      end
+
+      it 'can query the results through a paramter' do
+        api_get :index, q: { name_cont: 'Vic' }
+        expect(json_response['states'].first['name']).to eq("Victoria")
+      end
+    end
+
+    it "can view a state" do
+      api_get :show, id: state.id
+      expect(json_response).to have_attributes(attributes)
+    end
+  end
+end

data/spec/controllers/spree/api/v1/stock_items_controller_spec.rb

@@ -0,0 +1,151 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::StockItemsController, type: :controller do
+    render_views
+
+    let!(:stock_location) { create(:stock_location_with_items) }
+    let!(:stock_item) { stock_location.stock_items.order(:id).first }
+    let!(:attributes) { [:id, :count_on_hand, :backorderable,
+                         :stock_location_id, :variant_id] }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a normal user" do
+      it "cannot list stock items for a stock location" do
+        api_get :index, stock_location_id: stock_location.to_param
+        expect(response.status).to eq(404)
+      end
+
+      it "cannot see a stock item" do
+        api_get :show, stock_location_id: stock_location.to_param, id: stock_item.to_param
+        expect(response.status).to eq(404)
+      end
+
+      it "cannot create a stock item" do
+        variant = create(:variant)
+        params = {
+          stock_location_id: stock_location.to_param,
+          stock_item: {
+            variant_id: variant.id,
+            count_on_hand: '20'
+          }
+        }
+
+        api_post :create, params
+        expect(response.status).to eq(404)
+      end
+
+      it "cannot update a stock item" do
+        api_put :update, stock_location_id: stock_location.to_param,
+          id: stock_item.to_param
+        expect(response.status).to eq(404)
+      end
+
+      it "cannot destroy a stock item" do
+        api_delete :destroy, stock_location_id: stock_location.to_param,
+          id: stock_item.to_param
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it 'cannot list of stock items' do
+        api_get :index, stock_location_id: stock_location.to_param
+        expect(json_response['stock_items'].first).to have_attributes(attributes)
+        expect(json_response['stock_items'].first['variant']['sku']).to include 'SKU'
+      end
+
+      it 'requires a stock_location_id to be passed as a parameter' do
+        api_get :index
+        expect(json_response['error']).to match(/stock_location_id parameter must be provided/)
+        expect(response.status).to eq(422)
+      end
+
+      it 'can control the page size through a parameter' do
+        api_get :index, stock_location_id: stock_location.to_param, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+      end
+
+      it 'can query the results through a paramter (count_on_hand)' do
+        stock_item.update_column(:count_on_hand, 30)
+        api_get :index, stock_location_id: stock_location.to_param, q: { count_on_hand_eq: '30' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['stock_items'].first['count_on_hand']).to eq 30
+      end
+
+      it 'can query the results through a paramter (variant_id)' do
+        api_get :index, stock_location_id: stock_location.to_param, q: { variant_id_eq: 999999 }
+        expect(json_response['count']).to eq(0)
+        api_get :index, stock_location_id: stock_location.to_param, q: { variant_id_eq: stock_item.variant_id }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['stock_items'].first['variant_id']).to eq stock_item.variant_id
+      end
+
+      it 'gets a stock item' do
+        api_get :show, stock_location_id: stock_location.to_param, id: stock_item.to_param
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response['count_on_hand']).to eq stock_item.count_on_hand
+      end
+
+      it 'can create a new stock item' do
+        variant = create(:variant)
+        # Creating a variant also creates stock items.
+        # We don't want any to exist (as they would conflict with what we're about to create)
+        StockItem.delete_all
+        params = {
+          stock_location_id: stock_location.to_param,
+          stock_item: {
+            variant_id: variant.id,
+            count_on_hand: '20'
+          }
+        }
+
+        api_post :create, params
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+      end
+
+      it 'can update a stock item to add new inventory' do
+        expect(stock_item.count_on_hand).to eq(10)
+        params = {
+          id: stock_item.to_param,
+          stock_item: {
+            count_on_hand: 40,
+          }
+        }
+
+        api_put :update, params
+        expect(response.status).to eq(200)
+        expect(json_response['count_on_hand']).to eq 50
+      end
+
+      it 'can set a stock item to modify the current inventory' do
+        expect(stock_item.count_on_hand).to eq(10)
+
+        params = {
+          id: stock_item.to_param,
+          stock_item: {
+            count_on_hand: 40,
+            force: true,
+          }
+        }
+
+        api_put :update, params
+        expect(response.status).to eq(200)
+        expect(json_response['count_on_hand']).to eq 40
+      end
+
+      it 'can delete a stock item' do
+        api_delete :destroy, id: stock_item.to_param
+        expect(response.status).to eq(204)
+        expect { Spree::StockItem.find(stock_item.id) }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/stock_locations_controller_spec.rb

@@ -0,0 +1,113 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::StockLocationsController, type: :controller do
+    render_views
+
+    let!(:stock_location) { create(:stock_location) }
+    let!(:attributes) { [:id, :name, :address1, :address2, :city, :state_id, :state_name, :country_id, :zipcode, :phone, :active] }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a user" do
+      it "cannot see stock locations" do
+        api_get :index
+        expect(response.status).to eq(401)
+      end
+
+      it "cannot see a single stock location" do
+        api_get :show, id: stock_location.id
+        expect(response.status).to eq(404)
+      end
+
+      it "cannot create a new stock location" do
+        params = {
+          stock_location: {
+            name: "North Pole",
+            active: true
+          }
+        }
+
+        api_post :create, params
+        expect(response.status).to eq(401)
+      end
+
+      it "cannot update a stock location" do
+        api_put :update, stock_location: { name: "South Pole" }, id: stock_location.to_param
+        expect(response.status).to eq(404)
+      end
+
+      it "cannot delete a stock location" do
+        api_put :destroy, id: stock_location.to_param
+        expect(response.status).to eq(404)
+      end
+    end
+
+    
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "gets list of stock locations" do
+        api_get :index
+        expect(json_response['stock_locations'].first).to have_attributes(attributes)
+        expect(json_response['stock_locations'].first['country']).not_to be_nil
+        expect(json_response['stock_locations'].first['state']).not_to be_nil
+      end
+
+      it 'can control the page size through a parameter' do
+        create(:stock_location)
+        api_get :index, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:stock_location, name: 'South America')
+        api_get :index, q: { name_cont: 'south' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['stock_locations'].first['name']).to eq expected_result.name
+      end
+
+      it "gets a stock location" do
+        api_get :show, id: stock_location.to_param
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response['name']).to eq stock_location.name
+      end
+
+      it "can create a new stock location" do
+        params = {
+          stock_location: {
+            name: "North Pole",
+            active: true
+          }
+        }
+
+        api_post :create, params
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+      end
+
+      it "can update a stock location" do
+        params = {
+          id: stock_location.to_param,
+          stock_location: {
+            name: "South Pole"
+          }
+        }
+
+        api_put :update, params
+        expect(response.status).to eq(200)
+        expect(json_response['name']).to eq 'South Pole'
+      end
+
+      it "can delete a stock location" do
+        api_delete :destroy, id: stock_location.to_param
+        expect(response.status).to eq(204)
+        expect { stock_location.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end