spree_api 3.2.9 → 3.3.0.rc1

data/spec/controllers/spree/api/v1/stock_movements_controller_spec.rb

@@ -0,0 +1,84 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::StockMovementsController, type: :controller do
+    render_views
+
+    let!(:stock_location) { create(:stock_location_with_items) }
+    let!(:stock_item) { stock_location.stock_items.order(:id).first }
+    let!(:stock_movement) { create(:stock_movement, stock_item: stock_item) }
+    let!(:attributes) { [:id, :quantity, :stock_item_id] }
+
+    before do
+      stub_authentication!
+    end
+
+    context 'as a user' do
+      it 'cannot see a list of stock movements' do
+        api_get :index, stock_location_id: stock_location.to_param
+        expect(response.status).to eq(404)
+      end
+
+      it 'cannot see a stock movement' do
+        api_get :show, stock_location_id: stock_location.to_param, id: stock_movement.id
+        expect(response.status).to eq(404)
+      end
+
+      it 'cannot create a stock movement' do
+        params = {
+          stock_location_id: stock_location.to_param,
+          stock_movement: {
+            stock_item_id: stock_item.to_param
+          }
+        }
+
+        api_post :create, params
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'as an admin' do
+      sign_in_as_admin!
+
+      it 'gets list of stock movements' do
+        api_get :index, stock_location_id: stock_location.to_param
+        expect(json_response['stock_movements'].first).to have_attributes(attributes)
+        expect(json_response['stock_movements'].first['stock_item']['count_on_hand']).to eq 11
+      end
+
+      it 'can control the page size through a parameter' do
+        create(:stock_movement, stock_item: stock_item)
+        api_get :index, stock_location_id: stock_location.to_param, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:stock_movement, :received, quantity: 10, stock_item: stock_item)
+        api_get :index, stock_location_id: stock_location.to_param, q: { quantity_eq: '10' }
+        expect(json_response['count']).to eq(1)
+      end
+
+      it 'gets a stock movement' do
+        api_get :show, stock_location_id: stock_location.to_param, id: stock_movement.to_param
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response['stock_item_id']).to eq stock_movement.stock_item_id
+      end
+
+      it 'can create a new stock movement' do
+        params = {
+          stock_location_id: stock_location.to_param,
+          stock_movement: {
+            stock_item_id: stock_item.to_param
+          }
+        }
+
+        api_post :create, params
+        expect(response.status).to eq(201)
+        expect(json_response).to have_attributes(attributes)
+      end
+    end
+  end
+end
+

data/spec/controllers/spree/api/v1/stores_controller_spec.rb

@@ -0,0 +1,133 @@
+require "spec_helper"
+
+module Spree
+  describe Api::V1::StoresController, type: :controller do
+    render_views
+
+    let!(:store) do
+      create(:store, name: "My Spree Store", url: "spreestore.example.com")
+    end
+
+    before do
+      stub_authentication!
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      let!(:non_default_store) do
+        create(:store,
+          name: "Extra Store",
+          url: "spreestore-5.example.com",
+          default: false
+        )
+      end
+
+      it "I can list the available stores" do
+        api_get :index
+        expect(json_response["stores"]).to eq([
+          {
+            "id" => store.id,
+            "name" => "My Spree Store",
+            "url" => "spreestore.example.com",
+            "meta_description" => nil,
+            "meta_keywords" => nil,
+            "seo_title" => nil,
+            "mail_from_address" => "spree@example.org",
+            "default_currency" => nil,
+            "code" => store.code,
+            "default" => true
+          },
+          {
+            "id" => non_default_store.id,
+            "name" => "Extra Store",
+            "url" => "spreestore-5.example.com",
+            "meta_description" => nil,
+            "meta_keywords" => nil,
+            "seo_title" => nil,
+            "mail_from_address" => "spree@example.org",
+            "default_currency" => nil,
+            "code" => non_default_store.code,
+            "default" => false
+          }
+        ])
+      end
+
+      it "I can get the store details" do
+        api_get :show, id: store.id
+        expect(json_response).to eq(
+          "id" => store.id,
+          "name" => "My Spree Store",
+          "url" => "spreestore.example.com",
+          "meta_description" => nil,
+          "meta_keywords" => nil,
+          "seo_title" => nil,
+          "mail_from_address" => "spree@example.org",
+          "default_currency" => nil,
+          "code" => store.code,
+          "default" => true
+        )
+      end
+
+      it "I can create a new store" do
+        store_hash = {
+          code: "spree123",
+          name: "Hack0rz",
+          url: "spree123.example.com",
+          mail_from_address: "me@example.com"
+        }
+        api_post :create, store: store_hash
+        expect(response.status).to eq(201)
+      end
+
+      it "I can update an existing store" do
+        store_hash = {
+          url: "spree123.example.com",
+          mail_from_address: "me@example.com"
+        }
+        api_put :update, id: store.id, store: store_hash
+        expect(response.status).to eq(200)
+        expect(store.reload.url).to eql "spree123.example.com"
+        expect(store.reload.mail_from_address).to eql "me@example.com"
+      end
+
+      context "deleting a store" do
+        it "will fail if it's the default Store" do
+          api_delete :destroy, id: store.id
+          expect(response.status).to eq(422)
+          expect(json_response["errors"]["base"]).to eql(
+          ["Cannot destroy the default Store."]
+          )
+        end
+
+        it "will destroy the store" do
+          api_delete :destroy, id: non_default_store.id
+          expect(response.status).to eq(204)
+        end
+      end
+    end
+
+    context "as an user" do
+
+      it "I cannot list all the stores" do
+        api_get :index
+        expect(response.status).to eq(401)
+      end
+
+      it "I cannot get the store details" do
+        api_get :show, id: store.id
+        expect(response.status).to eq(401)
+      end
+
+      it "I cannot create a new store" do
+        api_post :create, store: {}
+        expect(response.status).to eq(401)
+      end
+
+      it "I cannot update an existing store" do
+        api_put :update, id: store.id, store: {}
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/tags_controller_spec.rb

@@ -0,0 +1,102 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::TagsController, type: :controller do
+    render_views
+
+    let!(:tag) { create(:tag) }
+    let(:base_attributes) { Api::ApiHelpers.tag_attributes }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a normal user" do
+      context "with caching enabled" do
+        let!(:tag_2) { create(:tag) }
+
+        before do
+          ActionController::Base.perform_caching = true
+        end
+
+        it "returns unique tags" do
+          api_get :index
+          tag_ids = json_response["tags"].map { |p| p["id"] }
+          expect(tag_ids.uniq.count).to eq(tag_ids.count)
+        end
+
+        after do
+          ActionController::Base.perform_caching = false
+        end
+      end
+
+      it "retrieves a list of tags" do
+        api_get :index
+        expect(json_response["tags"].first).to have_attributes(base_attributes)
+        expect(json_response["total_count"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
+      end
+
+      it "retrieves a list of tags by id" do
+        api_get :index, ids: [tag.id]
+        expect(json_response["tags"].first).to have_attributes(base_attributes)
+        expect(json_response["total_count"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
+      end
+
+      it "retrieves a list of tags by ids string" do
+        second_tag = create(:tag)
+        api_get :index, ids: [tag.id, second_tag.id].join(",")
+        expect(json_response["tags"].first).to have_attributes(base_attributes)
+        expect(json_response["tags"][1]).to have_attributes(base_attributes)
+        expect(json_response["total_count"]).to eq(2)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["per_page"]).to eq(Kaminari.config.default_per_page)
+      end
+
+      context "pagination" do
+        let!(:second_tag) { create(:tag) }
+
+        it "can select the next page of tags" do
+          api_get :index, page: 2, per_page: 1
+          expect(json_response["tags"].first).to have_attributes(base_attributes)
+          expect(json_response["total_count"]).to eq(2)
+          expect(json_response["current_page"]).to eq(2)
+          expect(json_response["pages"]).to eq(2)
+        end
+
+        it 'can control the page size through a parameter' do
+          api_get :index, per_page: 1
+          expect(json_response['count']).to eq(1)
+          expect(json_response['total_count']).to eq(2)
+          expect(json_response['current_page']).to eq(1)
+          expect(json_response['pages']).to eq(2)
+        end
+      end
+
+      it "can search for tags" do
+        create(:tag, name: "The best tag in the world")
+        api_get :index, q: { name_cont: "best" }
+        expect(json_response["tags"].first).to have_attributes(base_attributes)
+        expect(json_response["count"]).to eq(1)
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can see all tags" do
+        api_get :index
+        expect(json_response["tags"].count).to eq(1)
+        expect(json_response["count"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb

@@ -0,0 +1,114 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::TaxonomiesController, type: :controller do
+    render_views
+
+    let(:taxonomy) { create(:taxonomy) }
+    let(:taxon) { create(:taxon, name: "Ruby", taxonomy: taxonomy) }
+    let(:taxon2) { create(:taxon, name: "Rails", taxonomy: taxonomy) }
+    let(:attributes) { [:id, :name] }
+
+    before do
+      stub_authentication!
+      taxon2.children << create(:taxon, name: "3.2.2", taxonomy: taxonomy)
+      taxon.children << taxon2
+      taxonomy.root.children << taxon
+    end
+
+    context "as a normal user" do
+      it "gets all taxonomies" do
+        api_get :index
+
+        expect(json_response["taxonomies"].first['name']).to eq taxonomy.name
+        expect(json_response["taxonomies"].first['root']['taxons'].count).to eq 1
+      end
+
+      it 'can control the page size through a parameter' do
+        create(:taxonomy)
+        api_get :index, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+
+      it 'can query the results through a paramter' do
+        expected_result = create(:taxonomy, name: 'Style')
+        api_get :index, q: { name_cont: 'style' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['taxonomies'].first['name']).to eq expected_result.name
+      end
+
+      it "gets a single taxonomy" do
+        api_get :show, id: taxonomy.id
+
+        expect(json_response['name']).to eq taxonomy.name
+
+        children = json_response['root']['taxons']
+        expect(children.count).to eq 1
+        expect(children.first['name']).to eq taxon.name
+        expect(children.first.key?('taxons')).to be false
+      end
+
+      it "gets a single taxonomy with set=nested" do
+        api_get :show, id: taxonomy.id, set: 'nested'
+
+        expect(json_response['name']).to eq taxonomy.name
+
+        children = json_response['root']['taxons']
+        expect(children.first.key?('taxons')).to be true
+      end
+
+      it "gets the jstree-friendly version of a taxonomy" do
+        api_get :jstree, id: taxonomy.id
+        expect(json_response["data"]).to eq(taxonomy.root.name)
+        expect(json_response["attr"]).to eq({ "id" => taxonomy.root.id, "name" => taxonomy.root.name})
+        expect(json_response["state"]).to eq("closed")
+      end
+
+      it "can learn how to create a new taxonomy" do
+        api_get :new
+        expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+        required_attributes = json_response["required_attributes"]
+        expect(required_attributes).to include("name")
+      end
+
+      it "cannot create a new taxonomy if not an admin" do
+        api_post :create, taxonomy: { name: "Location" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a taxonomy" do
+        api_put :update, id: taxonomy.id, taxonomy: { name: "I hacked your store!" }
+        assert_unauthorized!
+      end
+
+      it "cannot delete a taxonomy" do
+        api_delete :destroy, id: taxonomy.id
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create" do
+        api_post :create, taxonomy: { name: "Colors"}
+        expect(json_response).to have_attributes(attributes)
+        expect(response.status).to eq(201)
+      end
+
+      it "cannot create a new taxonomy with invalid attributes" do
+        api_post :create, taxonomy: {}
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+        errors = json_response["errors"]
+      end
+
+      it "can destroy" do
+        api_delete :destroy, id: taxonomy.id
+        expect(response.status).to eq(204)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/taxons_controller_spec.rb

@@ -0,0 +1,177 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::TaxonsController, type: :controller do
+    render_views
+
+    let(:taxonomy) { create(:taxonomy) }
+    let(:taxon) { create(:taxon, name: "Ruby", taxonomy: taxonomy) }
+    let(:taxon2) { create(:taxon, name: "Rails", taxonomy: taxonomy) }
+    let(:attributes) { ["id", "name", "pretty_name", "permalink", "parent_id", "taxonomy_id", "meta_title", "meta_description"] }
+
+    before do
+      stub_authentication!
+      taxon2.children << create(:taxon, name: "3.2.2", taxonomy: taxonomy)
+      taxon.children << taxon2
+      taxonomy.root.children << taxon
+    end
+
+    context "as a normal user" do
+      it "gets all taxons for a taxonomy" do
+        api_get :index, taxonomy_id: taxonomy.id
+
+        expect(json_response['taxons'].first['name']).to eq taxon.name
+        children = json_response['taxons'].first['taxons']
+        expect(children.count).to eq 1
+        expect(children.first['name']).to eq taxon2.name
+        expect(children.first['taxons'].count).to eq 1
+      end
+
+      # Regression test for #4112
+      it "does not include children when asked not to" do
+        api_get :index, taxonomy_id: taxonomy.id, without_children: 1
+
+        expect(json_response['taxons'].first['name']).to eq(taxon.name)
+        expect(json_response['taxons'].first['taxons']).to be_nil
+      end
+
+      it "paginates through taxons" do
+        new_taxon = create(:taxon, name: "Go", taxonomy: taxonomy)
+        taxonomy.root.children << new_taxon
+        expect(taxonomy.root.children.count).to eql(2)
+        api_get :index, taxonomy_id: taxonomy.id, page: 1, per_page: 1
+        expect(json_response["count"]).to eql(1)
+        expect(json_response["total_count"]).to eql(2)
+        expect(json_response["current_page"]).to eql(1)
+        expect(json_response["per_page"]).to eql(1)
+        expect(json_response["pages"]).to eql(2)
+      end
+
+      describe 'searching' do
+        context 'with a name' do
+          before do
+            api_get :index, q: { name_cont: name }
+          end
+
+          context 'with one result' do
+            let(:name) { "Ruby" }
+
+            it "returns an array including the matching taxon" do
+              expect(json_response['taxons'].count).to eq(1)
+              expect(json_response['taxons'].first['name']).to eq "Ruby"
+            end
+          end
+
+          context 'with no results' do
+            let(:name) { "Imaginary" }
+
+            it 'returns an empty array of taxons' do
+              expect(json_response.keys).to include('taxons')
+              expect(json_response['taxons'].count).to eq(0)
+            end
+          end
+        end
+
+        context 'with no filters' do
+          it "gets all taxons" do
+            api_get :index
+
+            expect(json_response['taxons'].first['name']).to eq taxonomy.root.name
+            children = json_response['taxons'].first['taxons']
+            expect(children.count).to eq 1
+            expect(children.first['name']).to eq taxon.name
+            expect(children.first['taxons'].count).to eq 1
+          end
+        end
+      end
+
+      it "gets a single taxon" do
+        api_get :show, id: taxon.id, taxonomy_id: taxonomy.id
+
+        expect(json_response['name']).to eq taxon.name
+        expect(json_response['taxons'].count).to eq 1
+      end
+
+      it "gets all taxons in JSTree form" do
+        api_get :jstree, taxonomy_id: taxonomy.id, id: taxon.id
+        response = json_response.first
+        expect(response["data"]).to eq(taxon2.name)
+        expect(response["attr"]).to eq({ "name" => taxon2.name, "id" => taxon2.id})
+        expect(response["state"]).to eq("closed")
+      end
+
+      it "can learn how to create a new taxon" do
+        api_get :new, taxonomy_id: taxonomy.id
+        expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+        required_attributes = json_response["required_attributes"]
+        expect(required_attributes).to include("name")
+      end
+
+      it "cannot create a new taxon if not an admin" do
+        api_post :create, taxonomy_id: taxonomy.id, taxon: { name: "Location" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a taxon" do
+        api_put :update, taxonomy_id: taxonomy.id, id: taxon.id, taxon: { name: "I hacked your store!" }
+        assert_unauthorized!
+      end
+
+      it "cannot delete a taxon" do
+        api_delete :destroy, taxonomy_id: taxonomy.id, id: taxon.id
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create" do
+        api_post :create, taxonomy_id: taxonomy.id, taxon: { name: "Colors" }
+        expect(json_response).to have_attributes(attributes)
+        expect(response.status).to eq(201)
+
+        expect(taxonomy.reload.root.children.count).to eq 2
+        taxon = Spree::Taxon.where(name: 'Colors').first
+
+        expect(taxon.parent_id).to eq taxonomy.root.id
+        expect(taxon.taxonomy_id).to eq taxonomy.id
+      end
+
+      it "can update the position in the list" do
+        taxonomy.root.children << taxon2
+        api_put :update, taxonomy_id: taxonomy.id, id: taxon.id, taxon: {parent_id: taxon.parent_id, child_index: 2 }
+        expect(response.status).to eq(200)
+        expect(taxonomy.reload.root.children[0]).to eql taxon2
+        expect(taxonomy.reload.root.children[1]).to eql taxon
+      end
+
+      it "cannot create a new taxon with invalid attributes" do
+        api_post :create, taxonomy_id: taxonomy.id, taxon: { foo: :bar }
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+        errors = json_response["errors"]
+
+        expect(taxonomy.reload.root.children.count).to eq 1
+      end
+
+      it "cannot create a new taxon with invalid taxonomy_id" do
+        api_post :create, taxonomy_id: 1000, taxon: { name: "Colors" }
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+
+        errors = json_response["errors"]
+        expect(errors["taxonomy_id"]).not_to be_nil
+        expect(errors["taxonomy_id"].first).to eq "Invalid taxonomy id."
+
+        expect(taxonomy.reload.root.children.count).to eq 1
+      end
+
+      it "can destroy" do
+        api_delete :destroy, taxonomy_id: taxonomy.id, id: taxon.id
+        expect(response.status).to eq(204)
+      end
+    end
+
+  end
+end

data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb

@@ -0,0 +1,26 @@
+require 'shared_examples/protect_product_actions'
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::ProductsController, type: :controller do
+    render_views
+
+    let!(:product) { create(:product) }
+    let(:attributes) { [:id, :name, :description, :price, :available_on, :slug, :meta_description, :meta_keywords, :taxon_ids] }
+
+    context "without authentication" do
+      before { Spree::Api::Config[:requires_authentication] = false }
+
+      it "retrieves a list of products" do
+        api_get :index
+        expect(json_response["products"].first).to have_attributes(attributes)
+        expect(json_response["count"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["pages"]).to eq(1)
+      end
+
+      it_behaves_like "modifying product actions are restricted"
+    end
+  end
+end
+