spree_api 3.2.9 → 3.3.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/base_controller.rb +11 -12
  3. data/app/controllers/spree/api/v1/checkouts_controller.rb +5 -8
  4. data/app/controllers/spree/api/v1/customer_returns_controller.rb +24 -0
  5. data/app/controllers/spree/api/v1/orders_controller.rb +13 -24
  6. data/app/controllers/spree/api/v1/payments_controller.rb +2 -3
  7. data/app/controllers/spree/api/v1/reimbursements_controller.rb +24 -0
  8. data/app/controllers/spree/api/v1/shipments_controller.rb +4 -4
  9. data/app/controllers/spree/api/v1/zones_controller.rb +8 -3
  10. data/app/helpers/spree/api/api_helpers.rb +13 -1
  11. data/app/models/concerns/spree/user_api_authentication.rb +19 -0
  12. data/app/models/concerns/spree/user_api_methods.rb +7 -0
  13. data/app/views/spree/api/v1/customer_returns/index.v1.rabl +7 -0
  14. data/app/views/spree/api/v1/line_items/show.v1.rabl +0 -1
  15. data/app/views/spree/api/v1/reimbursements/index.v1.rabl +7 -0
  16. data/config/initializers/user_class_extensions.rb +7 -0
  17. data/config/routes.rb +3 -0
  18. data/spec/controllers/spree/api/base_controller_spec.rb +84 -0
  19. data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +56 -0
  20. data/spec/controllers/spree/api/v1/checkouts_controller_spec.rb +361 -0
  21. data/spec/controllers/spree/api/v1/classifications_controller_spec.rb +48 -0
  22. data/spec/controllers/spree/api/v1/countries_controller_spec.rb +48 -0
  23. data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb +80 -0
  24. data/spec/controllers/spree/api/v1/customer_returns_controller_spec.rb +27 -0
  25. data/spec/controllers/spree/api/v1/images_controller_spec.rb +114 -0
  26. data/spec/controllers/spree/api/v1/inventory_units_controller_spec.rb +48 -0
  27. data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +210 -0
  28. data/spec/controllers/spree/api/v1/option_types_controller_spec.rb +122 -0
  29. data/spec/controllers/spree/api/v1/option_values_controller_spec.rb +141 -0
  30. data/spec/controllers/spree/api/v1/orders_controller_spec.rb +735 -0
  31. data/spec/controllers/spree/api/v1/payments_controller_spec.rb +234 -0
  32. data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +156 -0
  33. data/spec/controllers/spree/api/v1/products_controller_spec.rb +409 -0
  34. data/spec/controllers/spree/api/v1/promotion_application_spec.rb +50 -0
  35. data/spec/controllers/spree/api/v1/promotions_controller_spec.rb +64 -0
  36. data/spec/controllers/spree/api/v1/properties_controller_spec.rb +102 -0
  37. data/spec/controllers/spree/api/v1/reimbursements_controller_spec.rb +24 -0
  38. data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +161 -0
  39. data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +187 -0
  40. data/spec/controllers/spree/api/v1/states_controller_spec.rb +86 -0
  41. data/spec/controllers/spree/api/v1/stock_items_controller_spec.rb +151 -0
  42. data/spec/controllers/spree/api/v1/stock_locations_controller_spec.rb +113 -0
  43. data/spec/controllers/spree/api/v1/stock_movements_controller_spec.rb +84 -0
  44. data/spec/controllers/spree/api/v1/stores_controller_spec.rb +133 -0
  45. data/spec/controllers/spree/api/v1/tags_controller_spec.rb +102 -0
  46. data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +114 -0
  47. data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +177 -0
  48. data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
  49. data/spec/controllers/spree/api/v1/users_controller_spec.rb +153 -0
  50. data/spec/controllers/spree/api/v1/variants_controller_spec.rb +205 -0
  51. data/spec/controllers/spree/api/v1/zones_controller_spec.rb +91 -0
  52. data/spec/models/spree/legacy_user_spec.rb +19 -0
  53. data/spec/requests/rabl_cache_spec.rb +32 -0
  54. data/spec/requests/ransackable_attributes_spec.rb +79 -0
  55. data/spec/requests/version_spec.rb +19 -0
  56. data/spec/shared_examples/protect_product_actions.rb +17 -0
  57. data/spec/spec_helper.rb +63 -0
  58. data/spec/support/controller_hacks.rb +40 -0
  59. data/spec/support/database_cleaner.rb +14 -0
  60. data/spec/support/have_attributes_matcher.rb +13 -0
  61. data/spree_api.gemspec +4 -3
  62. metadata +105 -13
  63. data/app/views/spree/api/v1/config/money.v1.rabl +0 -2
  64. data/app/views/spree/api/v1/config/show.v1.rabl +0 -2
@@ -0,0 +1,84 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::StockMovementsController, type: :controller do
5
+ render_views
6
+
7
+ let!(:stock_location) { create(:stock_location_with_items) }
8
+ let!(:stock_item) { stock_location.stock_items.order(:id).first }
9
+ let!(:stock_movement) { create(:stock_movement, stock_item: stock_item) }
10
+ let!(:attributes) { [:id, :quantity, :stock_item_id] }
11
+
12
+ before do
13
+ stub_authentication!
14
+ end
15
+
16
+ context 'as a user' do
17
+ it 'cannot see a list of stock movements' do
18
+ api_get :index, stock_location_id: stock_location.to_param
19
+ expect(response.status).to eq(404)
20
+ end
21
+
22
+ it 'cannot see a stock movement' do
23
+ api_get :show, stock_location_id: stock_location.to_param, id: stock_movement.id
24
+ expect(response.status).to eq(404)
25
+ end
26
+
27
+ it 'cannot create a stock movement' do
28
+ params = {
29
+ stock_location_id: stock_location.to_param,
30
+ stock_movement: {
31
+ stock_item_id: stock_item.to_param
32
+ }
33
+ }
34
+
35
+ api_post :create, params
36
+ expect(response.status).to eq(404)
37
+ end
38
+ end
39
+
40
+ context 'as an admin' do
41
+ sign_in_as_admin!
42
+
43
+ it 'gets list of stock movements' do
44
+ api_get :index, stock_location_id: stock_location.to_param
45
+ expect(json_response['stock_movements'].first).to have_attributes(attributes)
46
+ expect(json_response['stock_movements'].first['stock_item']['count_on_hand']).to eq 11
47
+ end
48
+
49
+ it 'can control the page size through a parameter' do
50
+ create(:stock_movement, stock_item: stock_item)
51
+ api_get :index, stock_location_id: stock_location.to_param, per_page: 1
52
+ expect(json_response['count']).to eq(1)
53
+ expect(json_response['current_page']).to eq(1)
54
+ expect(json_response['pages']).to eq(2)
55
+ end
56
+
57
+ it 'can query the results through a paramter' do
58
+ expected_result = create(:stock_movement, :received, quantity: 10, stock_item: stock_item)
59
+ api_get :index, stock_location_id: stock_location.to_param, q: { quantity_eq: '10' }
60
+ expect(json_response['count']).to eq(1)
61
+ end
62
+
63
+ it 'gets a stock movement' do
64
+ api_get :show, stock_location_id: stock_location.to_param, id: stock_movement.to_param
65
+ expect(json_response).to have_attributes(attributes)
66
+ expect(json_response['stock_item_id']).to eq stock_movement.stock_item_id
67
+ end
68
+
69
+ it 'can create a new stock movement' do
70
+ params = {
71
+ stock_location_id: stock_location.to_param,
72
+ stock_movement: {
73
+ stock_item_id: stock_item.to_param
74
+ }
75
+ }
76
+
77
+ api_post :create, params
78
+ expect(response.status).to eq(201)
79
+ expect(json_response).to have_attributes(attributes)
80
+ end
81
+ end
82
+ end
83
+ end
84
+
@@ -0,0 +1,133 @@
1
+ require "spec_helper"
2
+
3
+ module Spree
4
+ describe Api::V1::StoresController, type: :controller do
5
+ render_views
6
+
7
+ let!(:store) do
8
+ create(:store, name: "My Spree Store", url: "spreestore.example.com")
9
+ end
10
+
11
+ before do
12
+ stub_authentication!
13
+ end
14
+
15
+ context "as an admin" do
16
+ sign_in_as_admin!
17
+
18
+ let!(:non_default_store) do
19
+ create(:store,
20
+ name: "Extra Store",
21
+ url: "spreestore-5.example.com",
22
+ default: false
23
+ )
24
+ end
25
+
26
+ it "I can list the available stores" do
27
+ api_get :index
28
+ expect(json_response["stores"]).to eq([
29
+ {
30
+ "id" => store.id,
31
+ "name" => "My Spree Store",
32
+ "url" => "spreestore.example.com",
33
+ "meta_description" => nil,
34
+ "meta_keywords" => nil,
35
+ "seo_title" => nil,
36
+ "mail_from_address" => "spree@example.org",
37
+ "default_currency" => nil,
38
+ "code" => store.code,
39
+ "default" => true
40
+ },
41
+ {
42
+ "id" => non_default_store.id,
43
+ "name" => "Extra Store",
44
+ "url" => "spreestore-5.example.com",
45
+ "meta_description" => nil,
46
+ "meta_keywords" => nil,
47
+ "seo_title" => nil,
48
+ "mail_from_address" => "spree@example.org",
49
+ "default_currency" => nil,
50
+ "code" => non_default_store.code,
51
+ "default" => false
52
+ }
53
+ ])
54
+ end
55
+
56
+ it "I can get the store details" do
57
+ api_get :show, id: store.id
58
+ expect(json_response).to eq(
59
+ "id" => store.id,
60
+ "name" => "My Spree Store",
61
+ "url" => "spreestore.example.com",
62
+ "meta_description" => nil,
63
+ "meta_keywords" => nil,
64
+ "seo_title" => nil,
65
+ "mail_from_address" => "spree@example.org",
66
+ "default_currency" => nil,
67
+ "code" => store.code,
68
+ "default" => true
69
+ )
70
+ end
71
+
72
+ it "I can create a new store" do
73
+ store_hash = {
74
+ code: "spree123",
75
+ name: "Hack0rz",
76
+ url: "spree123.example.com",
77
+ mail_from_address: "me@example.com"
78
+ }
79
+ api_post :create, store: store_hash
80
+ expect(response.status).to eq(201)
81
+ end
82
+
83
+ it "I can update an existing store" do
84
+ store_hash = {
85
+ url: "spree123.example.com",
86
+ mail_from_address: "me@example.com"
87
+ }
88
+ api_put :update, id: store.id, store: store_hash
89
+ expect(response.status).to eq(200)
90
+ expect(store.reload.url).to eql "spree123.example.com"
91
+ expect(store.reload.mail_from_address).to eql "me@example.com"
92
+ end
93
+
94
+ context "deleting a store" do
95
+ it "will fail if it's the default Store" do
96
+ api_delete :destroy, id: store.id
97
+ expect(response.status).to eq(422)
98
+ expect(json_response["errors"]["base"]).to eql(
99
+ ["Cannot destroy the default Store."]
100
+ )
101
+ end
102
+
103
+ it "will destroy the store" do
104
+ api_delete :destroy, id: non_default_store.id
105
+ expect(response.status).to eq(204)
106
+ end
107
+ end
108
+ end
109
+
110
+ context "as an user" do
111
+
112
+ it "I cannot list all the stores" do
113
+ api_get :index
114
+ expect(response.status).to eq(401)
115
+ end
116
+
117
+ it "I cannot get the store details" do
118
+ api_get :show, id: store.id
119
+ expect(response.status).to eq(401)
120
+ end
121
+
122
+ it "I cannot create a new store" do
123
+ api_post :create, store: {}
124
+ expect(response.status).to eq(401)
125
+ end
126
+
127
+ it "I cannot update an existing store" do
128
+ api_put :update, id: store.id, store: {}
129
+ expect(response.status).to eq(401)
130
+ end
131
+ end
132
+ end
133
+ end
@@ -0,0 +1,102 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::TagsController, type: :controller do
5
+ render_views
6
+
7
+ let!(:tag) { create(:tag) }
8
+ let(:base_attributes) { Api::ApiHelpers.tag_attributes }
9
+
10
+ before do
11
+ stub_authentication!
12
+ end
13
+
14
+ context "as a normal user" do
15
+ context "with caching enabled" do
16
+ let!(:tag_2) { create(:tag) }
17
+
18
+ before do
19
+ ActionController::Base.perform_caching = true
20
+ end
21
+
22
+ it "returns unique tags" do
23
+ api_get :index
24
+ tag_ids = json_response["tags"].map { |p| p["id"] }
25
+ expect(tag_ids.uniq.count).to eq(tag_ids.count)
26
+ end
27
+
28
+ after do
29
+ ActionController::Base.perform_caching = false
30
+ end
31
+ end
32
+
33
+ it "retrieves a list of tags" do
34
+ api_get :index
35
+ expect(json_response["tags"].first).to have_attributes(base_attributes)
36
+ expect(json_response["total_count"]).to eq(1)
37
+ expect(json_response["current_page"]).to eq(1)
38
+ expect(json_response["pages"]).to eq(1)
39
+ expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
40
+ end
41
+
42
+ it "retrieves a list of tags by id" do
43
+ api_get :index, ids: [tag.id]
44
+ expect(json_response["tags"].first).to have_attributes(base_attributes)
45
+ expect(json_response["total_count"]).to eq(1)
46
+ expect(json_response["current_page"]).to eq(1)
47
+ expect(json_response["pages"]).to eq(1)
48
+ expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
49
+ end
50
+
51
+ it "retrieves a list of tags by ids string" do
52
+ second_tag = create(:tag)
53
+ api_get :index, ids: [tag.id, second_tag.id].join(",")
54
+ expect(json_response["tags"].first).to have_attributes(base_attributes)
55
+ expect(json_response["tags"][1]).to have_attributes(base_attributes)
56
+ expect(json_response["total_count"]).to eq(2)
57
+ expect(json_response["current_page"]).to eq(1)
58
+ expect(json_response["pages"]).to eq(1)
59
+ expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
60
+ end
61
+
62
+ context "pagination" do
63
+ let!(:second_tag) { create(:tag) }
64
+
65
+ it "can select the next page of tags" do
66
+ api_get :index, page: 2, per_page: 1
67
+ expect(json_response["tags"].first).to have_attributes(base_attributes)
68
+ expect(json_response["total_count"]).to eq(2)
69
+ expect(json_response["current_page"]).to eq(2)
70
+ expect(json_response["pages"]).to eq(2)
71
+ end
72
+
73
+ it 'can control the page size through a parameter' do
74
+ api_get :index, per_page: 1
75
+ expect(json_response['count']).to eq(1)
76
+ expect(json_response['total_count']).to eq(2)
77
+ expect(json_response['current_page']).to eq(1)
78
+ expect(json_response['pages']).to eq(2)
79
+ end
80
+ end
81
+
82
+ it "can search for tags" do
83
+ create(:tag, name: "The best tag in the world")
84
+ api_get :index, q: { name_cont: "best" }
85
+ expect(json_response["tags"].first).to have_attributes(base_attributes)
86
+ expect(json_response["count"]).to eq(1)
87
+ end
88
+ end
89
+
90
+ context "as an admin" do
91
+ sign_in_as_admin!
92
+
93
+ it "can see all tags" do
94
+ api_get :index
95
+ expect(json_response["tags"].count).to eq(1)
96
+ expect(json_response["count"]).to eq(1)
97
+ expect(json_response["current_page"]).to eq(1)
98
+ expect(json_response["pages"]).to eq(1)
99
+ end
100
+ end
101
+ end
102
+ end
@@ -0,0 +1,114 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::TaxonomiesController, type: :controller do
5
+ render_views
6
+
7
+ let(:taxonomy) { create(:taxonomy) }
8
+ let(:taxon) { create(:taxon, name: "Ruby", taxonomy: taxonomy) }
9
+ let(:taxon2) { create(:taxon, name: "Rails", taxonomy: taxonomy) }
10
+ let(:attributes) { [:id, :name] }
11
+
12
+ before do
13
+ stub_authentication!
14
+ taxon2.children << create(:taxon, name: "3.2.2", taxonomy: taxonomy)
15
+ taxon.children << taxon2
16
+ taxonomy.root.children << taxon
17
+ end
18
+
19
+ context "as a normal user" do
20
+ it "gets all taxonomies" do
21
+ api_get :index
22
+
23
+ expect(json_response["taxonomies"].first['name']).to eq taxonomy.name
24
+ expect(json_response["taxonomies"].first['root']['taxons'].count).to eq 1
25
+ end
26
+
27
+ it 'can control the page size through a parameter' do
28
+ create(:taxonomy)
29
+ api_get :index, per_page: 1
30
+ expect(json_response['count']).to eq(1)
31
+ expect(json_response['current_page']).to eq(1)
32
+ expect(json_response['pages']).to eq(2)
33
+ end
34
+
35
+ it 'can query the results through a paramter' do
36
+ expected_result = create(:taxonomy, name: 'Style')
37
+ api_get :index, q: { name_cont: 'style' }
38
+ expect(json_response['count']).to eq(1)
39
+ expect(json_response['taxonomies'].first['name']).to eq expected_result.name
40
+ end
41
+
42
+ it "gets a single taxonomy" do
43
+ api_get :show, id: taxonomy.id
44
+
45
+ expect(json_response['name']).to eq taxonomy.name
46
+
47
+ children = json_response['root']['taxons']
48
+ expect(children.count).to eq 1
49
+ expect(children.first['name']).to eq taxon.name
50
+ expect(children.first.key?('taxons')).to be false
51
+ end
52
+
53
+ it "gets a single taxonomy with set=nested" do
54
+ api_get :show, id: taxonomy.id, set: 'nested'
55
+
56
+ expect(json_response['name']).to eq taxonomy.name
57
+
58
+ children = json_response['root']['taxons']
59
+ expect(children.first.key?('taxons')).to be true
60
+ end
61
+
62
+ it "gets the jstree-friendly version of a taxonomy" do
63
+ api_get :jstree, id: taxonomy.id
64
+ expect(json_response["data"]).to eq(taxonomy.root.name)
65
+ expect(json_response["attr"]).to eq({ "id" => taxonomy.root.id, "name" => taxonomy.root.name})
66
+ expect(json_response["state"]).to eq("closed")
67
+ end
68
+
69
+ it "can learn how to create a new taxonomy" do
70
+ api_get :new
71
+ expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
72
+ required_attributes = json_response["required_attributes"]
73
+ expect(required_attributes).to include("name")
74
+ end
75
+
76
+ it "cannot create a new taxonomy if not an admin" do
77
+ api_post :create, taxonomy: { name: "Location" }
78
+ assert_unauthorized!
79
+ end
80
+
81
+ it "cannot update a taxonomy" do
82
+ api_put :update, id: taxonomy.id, taxonomy: { name: "I hacked your store!" }
83
+ assert_unauthorized!
84
+ end
85
+
86
+ it "cannot delete a taxonomy" do
87
+ api_delete :destroy, id: taxonomy.id
88
+ assert_unauthorized!
89
+ end
90
+ end
91
+
92
+ context "as an admin" do
93
+ sign_in_as_admin!
94
+
95
+ it "can create" do
96
+ api_post :create, taxonomy: { name: "Colors"}
97
+ expect(json_response).to have_attributes(attributes)
98
+ expect(response.status).to eq(201)
99
+ end
100
+
101
+ it "cannot create a new taxonomy with invalid attributes" do
102
+ api_post :create, taxonomy: {}
103
+ expect(response.status).to eq(422)
104
+ expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
105
+ errors = json_response["errors"]
106
+ end
107
+
108
+ it "can destroy" do
109
+ api_delete :destroy, id: taxonomy.id
110
+ expect(response.status).to eq(204)
111
+ end
112
+ end
113
+ end
114
+ end
@@ -0,0 +1,177 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::TaxonsController, type: :controller do
5
+ render_views
6
+
7
+ let(:taxonomy) { create(:taxonomy) }
8
+ let(:taxon) { create(:taxon, name: "Ruby", taxonomy: taxonomy) }
9
+ let(:taxon2) { create(:taxon, name: "Rails", taxonomy: taxonomy) }
10
+ let(:attributes) { ["id", "name", "pretty_name", "permalink", "parent_id", "taxonomy_id", "meta_title", "meta_description"] }
11
+
12
+ before do
13
+ stub_authentication!
14
+ taxon2.children << create(:taxon, name: "3.2.2", taxonomy: taxonomy)
15
+ taxon.children << taxon2
16
+ taxonomy.root.children << taxon
17
+ end
18
+
19
+ context "as a normal user" do
20
+ it "gets all taxons for a taxonomy" do
21
+ api_get :index, taxonomy_id: taxonomy.id
22
+
23
+ expect(json_response['taxons'].first['name']).to eq taxon.name
24
+ children = json_response['taxons'].first['taxons']
25
+ expect(children.count).to eq 1
26
+ expect(children.first['name']).to eq taxon2.name
27
+ expect(children.first['taxons'].count).to eq 1
28
+ end
29
+
30
+ # Regression test for #4112
31
+ it "does not include children when asked not to" do
32
+ api_get :index, taxonomy_id: taxonomy.id, without_children: 1
33
+
34
+ expect(json_response['taxons'].first['name']).to eq(taxon.name)
35
+ expect(json_response['taxons'].first['taxons']).to be_nil
36
+ end
37
+
38
+ it "paginates through taxons" do
39
+ new_taxon = create(:taxon, name: "Go", taxonomy: taxonomy)
40
+ taxonomy.root.children << new_taxon
41
+ expect(taxonomy.root.children.count).to eql(2)
42
+ api_get :index, taxonomy_id: taxonomy.id, page: 1, per_page: 1
43
+ expect(json_response["count"]).to eql(1)
44
+ expect(json_response["total_count"]).to eql(2)
45
+ expect(json_response["current_page"]).to eql(1)
46
+ expect(json_response["per_page"]).to eql(1)
47
+ expect(json_response["pages"]).to eql(2)
48
+ end
49
+
50
+ describe 'searching' do
51
+ context 'with a name' do
52
+ before do
53
+ api_get :index, q: { name_cont: name }
54
+ end
55
+
56
+ context 'with one result' do
57
+ let(:name) { "Ruby" }
58
+
59
+ it "returns an array including the matching taxon" do
60
+ expect(json_response['taxons'].count).to eq(1)
61
+ expect(json_response['taxons'].first['name']).to eq "Ruby"
62
+ end
63
+ end
64
+
65
+ context 'with no results' do
66
+ let(:name) { "Imaginary" }
67
+
68
+ it 'returns an empty array of taxons' do
69
+ expect(json_response.keys).to include('taxons')
70
+ expect(json_response['taxons'].count).to eq(0)
71
+ end
72
+ end
73
+ end
74
+
75
+ context 'with no filters' do
76
+ it "gets all taxons" do
77
+ api_get :index
78
+
79
+ expect(json_response['taxons'].first['name']).to eq taxonomy.root.name
80
+ children = json_response['taxons'].first['taxons']
81
+ expect(children.count).to eq 1
82
+ expect(children.first['name']).to eq taxon.name
83
+ expect(children.first['taxons'].count).to eq 1
84
+ end
85
+ end
86
+ end
87
+
88
+ it "gets a single taxon" do
89
+ api_get :show, id: taxon.id, taxonomy_id: taxonomy.id
90
+
91
+ expect(json_response['name']).to eq taxon.name
92
+ expect(json_response['taxons'].count).to eq 1
93
+ end
94
+
95
+ it "gets all taxons in JSTree form" do
96
+ api_get :jstree, taxonomy_id: taxonomy.id, id: taxon.id
97
+ response = json_response.first
98
+ expect(response["data"]).to eq(taxon2.name)
99
+ expect(response["attr"]).to eq({ "name" => taxon2.name, "id" => taxon2.id})
100
+ expect(response["state"]).to eq("closed")
101
+ end
102
+
103
+ it "can learn how to create a new taxon" do
104
+ api_get :new, taxonomy_id: taxonomy.id
105
+ expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
106
+ required_attributes = json_response["required_attributes"]
107
+ expect(required_attributes).to include("name")
108
+ end
109
+
110
+ it "cannot create a new taxon if not an admin" do
111
+ api_post :create, taxonomy_id: taxonomy.id, taxon: { name: "Location" }
112
+ assert_unauthorized!
113
+ end
114
+
115
+ it "cannot update a taxon" do
116
+ api_put :update, taxonomy_id: taxonomy.id, id: taxon.id, taxon: { name: "I hacked your store!" }
117
+ assert_unauthorized!
118
+ end
119
+
120
+ it "cannot delete a taxon" do
121
+ api_delete :destroy, taxonomy_id: taxonomy.id, id: taxon.id
122
+ assert_unauthorized!
123
+ end
124
+ end
125
+
126
+ context "as an admin" do
127
+ sign_in_as_admin!
128
+
129
+ it "can create" do
130
+ api_post :create, taxonomy_id: taxonomy.id, taxon: { name: "Colors" }
131
+ expect(json_response).to have_attributes(attributes)
132
+ expect(response.status).to eq(201)
133
+
134
+ expect(taxonomy.reload.root.children.count).to eq 2
135
+ taxon = Spree::Taxon.where(name: 'Colors').first
136
+
137
+ expect(taxon.parent_id).to eq taxonomy.root.id
138
+ expect(taxon.taxonomy_id).to eq taxonomy.id
139
+ end
140
+
141
+ it "can update the position in the list" do
142
+ taxonomy.root.children << taxon2
143
+ api_put :update, taxonomy_id: taxonomy.id, id: taxon.id, taxon: {parent_id: taxon.parent_id, child_index: 2 }
144
+ expect(response.status).to eq(200)
145
+ expect(taxonomy.reload.root.children[0]).to eql taxon2
146
+ expect(taxonomy.reload.root.children[1]).to eql taxon
147
+ end
148
+
149
+ it "cannot create a new taxon with invalid attributes" do
150
+ api_post :create, taxonomy_id: taxonomy.id, taxon: { foo: :bar }
151
+ expect(response.status).to eq(422)
152
+ expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
153
+ errors = json_response["errors"]
154
+
155
+ expect(taxonomy.reload.root.children.count).to eq 1
156
+ end
157
+
158
+ it "cannot create a new taxon with invalid taxonomy_id" do
159
+ api_post :create, taxonomy_id: 1000, taxon: { name: "Colors" }
160
+ expect(response.status).to eq(422)
161
+ expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
162
+
163
+ errors = json_response["errors"]
164
+ expect(errors["taxonomy_id"]).not_to be_nil
165
+ expect(errors["taxonomy_id"].first).to eq "Invalid taxonomy id."
166
+
167
+ expect(taxonomy.reload.root.children.count).to eq 1
168
+ end
169
+
170
+ it "can destroy" do
171
+ api_delete :destroy, taxonomy_id: taxonomy.id, id: taxon.id
172
+ expect(response.status).to eq(204)
173
+ end
174
+ end
175
+
176
+ end
177
+ end
@@ -0,0 +1,26 @@
1
+ require 'shared_examples/protect_product_actions'
2
+ require 'spec_helper'
3
+
4
+ module Spree
5
+ describe Api::V1::ProductsController, type: :controller do
6
+ render_views
7
+
8
+ let!(:product) { create(:product) }
9
+ let(:attributes) { [:id, :name, :description, :price, :available_on, :slug, :meta_description, :meta_keywords, :taxon_ids] }
10
+
11
+ context "without authentication" do
12
+ before { Spree::Api::Config[:requires_authentication] = false }
13
+
14
+ it "retrieves a list of products" do
15
+ api_get :index
16
+ expect(json_response["products"].first).to have_attributes(attributes)
17
+ expect(json_response["count"]).to eq(1)
18
+ expect(json_response["current_page"]).to eq(1)
19
+ expect(json_response["pages"]).to eq(1)
20
+ end
21
+
22
+ it_behaves_like "modifying product actions are restricted"
23
+ end
24
+ end
25
+ end
26
+