spree_api 3.2.9 → 3.3.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/base_controller.rb +11 -12
  3. data/app/controllers/spree/api/v1/checkouts_controller.rb +5 -8
  4. data/app/controllers/spree/api/v1/customer_returns_controller.rb +24 -0
  5. data/app/controllers/spree/api/v1/orders_controller.rb +13 -24
  6. data/app/controllers/spree/api/v1/payments_controller.rb +2 -3
  7. data/app/controllers/spree/api/v1/reimbursements_controller.rb +24 -0
  8. data/app/controllers/spree/api/v1/shipments_controller.rb +4 -4
  9. data/app/controllers/spree/api/v1/zones_controller.rb +8 -3
  10. data/app/helpers/spree/api/api_helpers.rb +13 -1
  11. data/app/models/concerns/spree/user_api_authentication.rb +19 -0
  12. data/app/models/concerns/spree/user_api_methods.rb +7 -0
  13. data/app/views/spree/api/v1/customer_returns/index.v1.rabl +7 -0
  14. data/app/views/spree/api/v1/line_items/show.v1.rabl +0 -1
  15. data/app/views/spree/api/v1/reimbursements/index.v1.rabl +7 -0
  16. data/config/initializers/user_class_extensions.rb +7 -0
  17. data/config/routes.rb +3 -0
  18. data/spec/controllers/spree/api/base_controller_spec.rb +84 -0
  19. data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +56 -0
  20. data/spec/controllers/spree/api/v1/checkouts_controller_spec.rb +361 -0
  21. data/spec/controllers/spree/api/v1/classifications_controller_spec.rb +48 -0
  22. data/spec/controllers/spree/api/v1/countries_controller_spec.rb +48 -0
  23. data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb +80 -0
  24. data/spec/controllers/spree/api/v1/customer_returns_controller_spec.rb +27 -0
  25. data/spec/controllers/spree/api/v1/images_controller_spec.rb +114 -0
  26. data/spec/controllers/spree/api/v1/inventory_units_controller_spec.rb +48 -0
  27. data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +210 -0
  28. data/spec/controllers/spree/api/v1/option_types_controller_spec.rb +122 -0
  29. data/spec/controllers/spree/api/v1/option_values_controller_spec.rb +141 -0
  30. data/spec/controllers/spree/api/v1/orders_controller_spec.rb +735 -0
  31. data/spec/controllers/spree/api/v1/payments_controller_spec.rb +234 -0
  32. data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +156 -0
  33. data/spec/controllers/spree/api/v1/products_controller_spec.rb +409 -0
  34. data/spec/controllers/spree/api/v1/promotion_application_spec.rb +50 -0
  35. data/spec/controllers/spree/api/v1/promotions_controller_spec.rb +64 -0
  36. data/spec/controllers/spree/api/v1/properties_controller_spec.rb +102 -0
  37. data/spec/controllers/spree/api/v1/reimbursements_controller_spec.rb +24 -0
  38. data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +161 -0
  39. data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +187 -0
  40. data/spec/controllers/spree/api/v1/states_controller_spec.rb +86 -0
  41. data/spec/controllers/spree/api/v1/stock_items_controller_spec.rb +151 -0
  42. data/spec/controllers/spree/api/v1/stock_locations_controller_spec.rb +113 -0
  43. data/spec/controllers/spree/api/v1/stock_movements_controller_spec.rb +84 -0
  44. data/spec/controllers/spree/api/v1/stores_controller_spec.rb +133 -0
  45. data/spec/controllers/spree/api/v1/tags_controller_spec.rb +102 -0
  46. data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +114 -0
  47. data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +177 -0
  48. data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
  49. data/spec/controllers/spree/api/v1/users_controller_spec.rb +153 -0
  50. data/spec/controllers/spree/api/v1/variants_controller_spec.rb +205 -0
  51. data/spec/controllers/spree/api/v1/zones_controller_spec.rb +91 -0
  52. data/spec/models/spree/legacy_user_spec.rb +19 -0
  53. data/spec/requests/rabl_cache_spec.rb +32 -0
  54. data/spec/requests/ransackable_attributes_spec.rb +79 -0
  55. data/spec/requests/version_spec.rb +19 -0
  56. data/spec/shared_examples/protect_product_actions.rb +17 -0
  57. data/spec/spec_helper.rb +63 -0
  58. data/spec/support/controller_hacks.rb +40 -0
  59. data/spec/support/database_cleaner.rb +14 -0
  60. data/spec/support/have_attributes_matcher.rb +13 -0
  61. data/spree_api.gemspec +4 -3
  62. metadata +105 -13
  63. data/app/views/spree/api/v1/config/money.v1.rabl +0 -2
  64. data/app/views/spree/api/v1/config/show.v1.rabl +0 -2
@@ -0,0 +1,153 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::UsersController, type: :controller do
5
+ render_views
6
+
7
+ let(:user) { create(:user, spree_api_key: rand.to_s) }
8
+ let(:stranger) { create(:user, email: 'stranger@example.com') }
9
+ let(:attributes) { [:id, :email, :created_at, :updated_at] }
10
+
11
+ context "as a normal user" do
12
+ it "can get own details" do
13
+ api_get :show, id: user.id, token: user.spree_api_key
14
+
15
+ expect(json_response['email']).to eq user.email
16
+ end
17
+
18
+ it "cannot get other users details" do
19
+ api_get :show, id: stranger.id, token: user.spree_api_key
20
+
21
+ assert_not_found!
22
+ end
23
+
24
+ it "can learn how to create a new user" do
25
+ api_get :new, token: user.spree_api_key
26
+ expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
27
+ end
28
+
29
+ it "can create a new user" do
30
+ user_params = {
31
+ email: 'new@example.com', password: 'spree123', password_confirmation: 'spree123'
32
+ }
33
+
34
+ api_post :create, user: user_params, token: user.spree_api_key
35
+ expect(json_response['email']).to eq 'new@example.com'
36
+ end
37
+
38
+ # there's no validations on LegacyUser?
39
+ xit "cannot create a new user with invalid attributes" do
40
+ api_post :create, user: {}, token: user.spree_api_key
41
+ expect(response.status).to eq(422)
42
+ expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
43
+ errors = json_response["errors"]
44
+ end
45
+
46
+ it "can update own details" do
47
+ country = create(:country)
48
+ api_put :update, id: user.id, token: user.spree_api_key, user: {
49
+ email: "mine@example.com",
50
+ bill_address_attributes: {
51
+ first_name: 'First',
52
+ last_name: 'Last',
53
+ address1: '1 Test Rd',
54
+ city: 'City',
55
+ country_id: country.id,
56
+ state_id: 1,
57
+ zipcode: '55555',
58
+ phone: '5555555555'
59
+ },
60
+ ship_address_attributes: {
61
+ first_name: 'First',
62
+ last_name: 'Last',
63
+ address1: '1 Test Rd',
64
+ city: 'City',
65
+ country_id: country.id,
66
+ state_id: 1,
67
+ zipcode: '55555',
68
+ phone: '5555555555'
69
+ }
70
+ }
71
+ expect(json_response['email']).to eq 'mine@example.com'
72
+ expect(json_response['bill_address']).to_not be_nil
73
+ expect(json_response['ship_address']).to_not be_nil
74
+ end
75
+
76
+ it "cannot update other users details" do
77
+ api_put :update, id: stranger.id, token: user.spree_api_key, user: { email: "mine@example.com" }
78
+ assert_not_found!
79
+ end
80
+
81
+ it "can delete itself" do
82
+ api_delete :destroy, id: user.id, token: user.spree_api_key
83
+ expect(response.status).to eq(204)
84
+ end
85
+
86
+ it "cannot delete other user" do
87
+ api_delete :destroy, id: stranger.id, token: user.spree_api_key
88
+ assert_not_found!
89
+ end
90
+
91
+ it "should only get own details on index" do
92
+ 2.times { create(:user) }
93
+ api_get :index, token: user.spree_api_key
94
+
95
+ expect(Spree.user_class.count).to eq 3
96
+ expect(json_response['count']).to eq 1
97
+ expect(json_response['users'].size).to eq 1
98
+ end
99
+ end
100
+
101
+ context "as an admin" do
102
+ before { stub_authentication! }
103
+
104
+ sign_in_as_admin!
105
+
106
+ it "gets all users" do
107
+ allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
108
+
109
+ 2.times { create(:user) }
110
+
111
+ api_get :index
112
+ expect(Spree.user_class.count).to eq 2
113
+ expect(json_response['count']).to eq 2
114
+ expect(json_response['users'].size).to eq 2
115
+ end
116
+
117
+ it 'can control the page size through a parameter' do
118
+ 2.times { create(:user) }
119
+ api_get :index, per_page: 1
120
+ expect(json_response['count']).to eq(1)
121
+ expect(json_response['current_page']).to eq(1)
122
+ expect(json_response['pages']).to eq(2)
123
+ end
124
+
125
+ it 'can query the results through a paramter' do
126
+ expected_result = create(:user, email: 'brian@spreecommerce.com')
127
+ api_get :index, q: { email_cont: 'brian' }
128
+ expect(json_response['count']).to eq(1)
129
+ expect(json_response['users'].first['email']).to eq expected_result.email
130
+ end
131
+
132
+ it "can create" do
133
+ api_post :create, user: { email: "new@example.com", password: 'spree123', password_confirmation: 'spree123' }
134
+ expect(json_response).to have_attributes(attributes)
135
+ expect(response.status).to eq(201)
136
+ end
137
+
138
+ it "can destroy user without orders" do
139
+ user.orders.destroy_all
140
+ api_delete :destroy, id: user.id
141
+ expect(response.status).to eq(204)
142
+ end
143
+
144
+ it "cannot destroy user with orders" do
145
+ create(:completed_order_with_totals, user: user)
146
+ api_delete :destroy, id: user.id
147
+ expect(json_response["exception"]).to eq "Spree::Core::DestroyWithOrdersError"
148
+ expect(response.status).to eq(422)
149
+ end
150
+
151
+ end
152
+ end
153
+ end
@@ -0,0 +1,205 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::VariantsController, type: :controller do
5
+ render_views
6
+
7
+ let(:option_value) { create(:option_value) }
8
+ let!(:product) { create(:product) }
9
+ let!(:variant) do
10
+ variant = product.master
11
+ variant.option_values << option_value
12
+ variant
13
+ end
14
+
15
+ let!(:base_attributes) { Api::ApiHelpers.variant_attributes }
16
+ let!(:show_attributes) { base_attributes.dup.push(:in_stock, :display_price) }
17
+ let!(:new_attributes) { base_attributes }
18
+
19
+ before do
20
+ stub_authentication!
21
+ end
22
+
23
+ it "can see a paginated list of variants" do
24
+ api_get :index
25
+ first_variant = json_response["variants"].first
26
+ expect(first_variant).to have_attributes(show_attributes)
27
+ expect(first_variant["stock_items"]).to be_present
28
+ expect(json_response["count"]).to eq(1)
29
+ expect(json_response["current_page"]).to eq(1)
30
+ expect(json_response["pages"]).to eq(1)
31
+ end
32
+
33
+ it 'can control the page size through a parameter' do
34
+ create(:variant)
35
+ api_get :index, per_page: 1
36
+ expect(json_response['count']).to eq(1)
37
+ expect(json_response['current_page']).to eq(1)
38
+ expect(json_response['pages']).to eq(3)
39
+ end
40
+
41
+ it 'can query the results through a parameter' do
42
+ expected_result = create(:variant, sku: 'FOOBAR')
43
+ api_get :index, q: { sku_cont: 'FOO' }
44
+ expect(json_response['count']).to eq(1)
45
+ expect(json_response['variants'].first['sku']).to eq expected_result.sku
46
+ end
47
+
48
+ it "variants returned contain option values data" do
49
+ api_get :index
50
+ option_values = json_response["variants"].last["option_values"]
51
+ expect(option_values.first).to have_attributes([:name,
52
+ :presentation,
53
+ :option_type_name,
54
+ :option_type_id])
55
+ end
56
+
57
+ it "variants returned contain images data" do
58
+ variant.images.create!(attachment: image("thinking-cat.jpg"))
59
+
60
+ api_get :index
61
+
62
+ expect(json_response["variants"].last).to have_attributes([:images])
63
+ expect(json_response['variants'].first['images'].first).to have_attributes([:attachment_file_name,
64
+ :attachment_width,
65
+ :attachment_height,
66
+ :attachment_content_type,
67
+ :mini_url,
68
+ :small_url,
69
+ :product_url,
70
+ :large_url])
71
+
72
+ end
73
+
74
+ it 'variants returned do not contain cost price data' do
75
+ api_get :index
76
+ expect(json_response["variants"].first.has_key?(:cost_price)).to eq false
77
+ end
78
+
79
+ # Regression test for #2141
80
+ context "a deleted variant" do
81
+ before do
82
+ variant.update_column(:deleted_at, Time.current)
83
+ end
84
+
85
+ it "is not returned in the results" do
86
+ api_get :index
87
+ expect(json_response["variants"].count).to eq(0)
88
+ end
89
+
90
+ it "is not returned even when show_deleted is passed" do
91
+ api_get :index, show_deleted: true
92
+ expect(json_response["variants"].count).to eq(0)
93
+ end
94
+ end
95
+
96
+ context "pagination" do
97
+ it "can select the next page of variants" do
98
+ second_variant = create(:variant)
99
+ api_get :index, page: 2, per_page: 1
100
+ expect(json_response["variants"].first).to have_attributes(show_attributes)
101
+ expect(json_response["total_count"]).to eq(3)
102
+ expect(json_response["current_page"]).to eq(2)
103
+ expect(json_response["pages"]).to eq(3)
104
+ end
105
+ end
106
+
107
+ it "can see a single variant" do
108
+ api_get :show, id: variant.to_param
109
+ expect(json_response).to have_attributes(show_attributes)
110
+ expect(json_response["stock_items"]).to be_present
111
+ option_values = json_response["option_values"]
112
+ expect(option_values.first).to have_attributes([:name,
113
+ :presentation,
114
+ :option_type_name,
115
+ :option_type_id])
116
+ end
117
+
118
+ it "can see a single variant with images" do
119
+ variant.images.create!(attachment: image("thinking-cat.jpg"))
120
+
121
+ api_get :show, id: variant.to_param
122
+
123
+ expect(json_response).to have_attributes(show_attributes + [:images])
124
+ option_values = json_response["option_values"]
125
+ expect(option_values.first).to have_attributes([:name,
126
+ :presentation,
127
+ :option_type_name,
128
+ :option_type_id])
129
+ end
130
+
131
+ it "can learn how to create a new variant" do
132
+ api_get :new
133
+ expect(json_response["attributes"]).to eq(new_attributes.map(&:to_s))
134
+ expect(json_response["required_attributes"]).to be_empty
135
+ end
136
+
137
+ it "cannot create a new variant if not an admin" do
138
+ api_post :create, variant: { sku: "12345" }
139
+ assert_unauthorized!
140
+ end
141
+
142
+ it "cannot update a variant" do
143
+ api_put :update, id: variant.to_param, variant: { sku: "12345" }
144
+ assert_not_found!
145
+ end
146
+
147
+ it "cannot delete a variant" do
148
+ api_delete :destroy, id: variant.to_param
149
+ assert_not_found!
150
+ expect { variant.reload }.not_to raise_error
151
+ end
152
+
153
+ context "as an admin" do
154
+ sign_in_as_admin!
155
+ let(:resource_scoping) { { product_id: variant.product.to_param } }
156
+
157
+ # Test for #2141
158
+ context "deleted variants" do
159
+ before do
160
+ variant.update_column(:deleted_at, Time.current)
161
+ end
162
+
163
+ it "are visible by admin" do
164
+ api_get :index, show_deleted: 1
165
+ expect(json_response["variants"].count).to eq(1)
166
+ end
167
+ end
168
+
169
+ it "can create a new variant" do
170
+ other_value = create(:option_value)
171
+ api_post :create, variant: {
172
+ sku: "12345",
173
+ price: "20",
174
+ option_value_ids: [option_value.id, other_value.id]
175
+ }
176
+
177
+ expect(json_response).to have_attributes(new_attributes)
178
+ expect(response.status).to eq(201)
179
+ expect(json_response["sku"]).to eq("12345")
180
+ expect(json_response["price"]).to match "20"
181
+
182
+ option_value_ids = json_response["option_values"].map { |o| o['id'] }
183
+ expect(option_value_ids).to match_array [option_value.id, other_value.id]
184
+
185
+ expect(variant.product.variants.count).to eq(1)
186
+ end
187
+
188
+ it "can update a variant" do
189
+ api_put :update, id: variant.to_param, variant: { sku: "12345" }
190
+ expect(response.status).to eq(200)
191
+ end
192
+
193
+ it "can delete a variant" do
194
+ api_delete :destroy, id: variant.to_param
195
+ expect(response.status).to eq(204)
196
+ expect { Spree::Variant.find(variant.id) }.to raise_error(ActiveRecord::RecordNotFound)
197
+ end
198
+
199
+ it 'variants returned contain cost price data' do
200
+ api_get :index
201
+ expect(json_response["variants"].first.has_key?(:cost_price)).to eq true
202
+ end
203
+ end
204
+ end
205
+ end
@@ -0,0 +1,91 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::ZonesController, type: :controller do
5
+ render_views
6
+
7
+ let!(:attributes) { [:id, :name, :zone_members] }
8
+
9
+ before do
10
+ stub_authentication!
11
+ @zone = create(:zone, name: 'Europe')
12
+ end
13
+
14
+ it "gets list of zones" do
15
+ api_get :index
16
+ expect(json_response['zones'].first).to have_attributes(attributes)
17
+ end
18
+
19
+ it 'can control the page size through a parameter' do
20
+ create(:zone)
21
+ api_get :index, per_page: 1
22
+ expect(json_response['count']).to eq(1)
23
+ expect(json_response['current_page']).to eq(1)
24
+ expect(json_response['pages']).to eq(2)
25
+ end
26
+
27
+ it 'can query the results through a paramter' do
28
+ expected_result = create(:zone, name: 'South America')
29
+ api_get :index, q: { name_cont: 'south' }
30
+ expect(json_response['count']).to eq(1)
31
+ expect(json_response['zones'].first['name']).to eq expected_result.name
32
+ end
33
+
34
+ it "gets a zone" do
35
+ api_get :show, id: @zone.id
36
+ expect(json_response).to have_attributes(attributes)
37
+ expect(json_response['name']).to eq @zone.name
38
+ expect(json_response['zone_members'].size).to eq @zone.zone_members.count
39
+ end
40
+
41
+ context "as an admin" do
42
+ sign_in_as_admin!
43
+
44
+ let!(:country) { create(:country) }
45
+
46
+ it "can create a new zone" do
47
+ params = {
48
+ zone: {
49
+ name: "North Pole",
50
+ zone_members: [
51
+ {
52
+ zoneable_type: "Spree::Country",
53
+ zoneable_id: country.id
54
+ }
55
+ ]
56
+ }
57
+ }
58
+
59
+ api_post :create, params
60
+ expect(response.status).to eq(201)
61
+ expect(json_response).to have_attributes(attributes)
62
+ expect(json_response["zone_members"]).not_to be_empty
63
+ end
64
+
65
+ it "updates a zone" do
66
+ params = { id: @zone.id,
67
+ zone: {
68
+ name: "North Pole",
69
+ zone_members: [
70
+ {
71
+ zoneable_type: "Spree::Country",
72
+ zoneable_id: country.id
73
+ }
74
+ ]
75
+ }
76
+ }
77
+
78
+ api_put :update, params
79
+ expect(response.status).to eq(200)
80
+ expect(json_response['name']).to eq 'North Pole'
81
+ expect(json_response['zone_members']).not_to be_blank
82
+ end
83
+
84
+ it "can delete a zone" do
85
+ api_delete :destroy, id: @zone.id
86
+ expect(response.status).to eq(204)
87
+ expect { @zone.reload }.to raise_error(ActiveRecord::RecordNotFound)
88
+ end
89
+ end
90
+ end
91
+ end
@@ -0,0 +1,19 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe LegacyUser, type: :model do
5
+ let(:user) { LegacyUser.new }
6
+
7
+ it "can generate an API key" do
8
+ expect(user).to receive(:save!)
9
+ user.generate_spree_api_key!
10
+ expect(user.spree_api_key).not_to be_blank
11
+ end
12
+
13
+ it "can clear an API key" do
14
+ expect(user).to receive(:save!)
15
+ user.clear_spree_api_key!
16
+ expect(user.spree_api_key).to be_blank
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,32 @@
1
+ require 'spec_helper'
2
+
3
+ describe "Rabl Cache", type: :request, caching: true do
4
+ let!(:user) { create(:admin_user) }
5
+
6
+ before do
7
+ create(:variant)
8
+ user.generate_spree_api_key!
9
+ expect(Spree::Product.count).to eq(1)
10
+ end
11
+
12
+ it "doesn't create a cache key collision for models with different rabl templates" do
13
+ get "/api/v1/variants", params: { token: user.spree_api_key }
14
+ expect(response.status).to eq(200)
15
+
16
+ # Make sure we get a non master variant
17
+ variant_a = JSON.parse(response.body)['variants'].select do |v|
18
+ !v['is_master']
19
+ end.first
20
+
21
+ expect(variant_a['is_master']).to be false
22
+ expect(variant_a['stock_items']).not_to be_nil
23
+
24
+ get "/api/v1/products/#{Spree::Product.first.id}", params: { token: user.spree_api_key }
25
+ expect(response.status).to eq(200)
26
+ variant_b = JSON.parse(response.body)['variants'].last
27
+ expect(variant_b['is_master']).to be false
28
+
29
+ expect(variant_a['id']).to eq(variant_b['id'])
30
+ expect(variant_b['stock_items']).to be_nil
31
+ end
32
+ end
@@ -0,0 +1,79 @@
1
+ require 'spec_helper'
2
+
3
+ describe "Ransackable Attributes" do
4
+ let(:user) { create(:user).tap(&:generate_spree_api_key!) }
5
+ let(:order) { create(:order_with_line_items, user: user) }
6
+ context "filtering by attributes one association away" do
7
+ it "does not allow the filtering of variants by order attributes" do
8
+ 2.times { create(:variant) }
9
+
10
+ get "/api/v1/variants?q[orders_email_start]=#{order.email}", params: { token: user.spree_api_key }
11
+
12
+ variants_response = JSON.parse(response.body)
13
+ expect(variants_response['total_count']).to eq(Spree::Variant.count)
14
+ end
15
+ end
16
+
17
+ context "filtering by attributes two associations away" do
18
+ it "does not allow the filtering of variants by user attributes" do
19
+ 2.times { create(:variant) }
20
+
21
+ get "/api/v1/variants?q[orders_user_email_start]=#{order.user.email}", params: { token: user.spree_api_key }
22
+
23
+ variants_response = JSON.parse(response.body)
24
+ expect(variants_response['total_count']).to eq(Spree::Variant.count)
25
+ end
26
+ end
27
+
28
+ context "it maintains desired association behavior" do
29
+ it "allows filtering of variants product name" do
30
+ product = create(:product, name: "Fritos")
31
+ variant = create(:variant, product: product)
32
+ other_variant = create(:variant)
33
+
34
+ get "/api/v1/variants?q[product_name_or_sku_cont]=fritos", params: { token: user.spree_api_key }
35
+
36
+ skus = JSON.parse(response.body)['variants'].map { |variant| variant['sku'] }
37
+ expect(skus).to include variant.sku
38
+ expect(skus).not_to include other_variant.sku
39
+ end
40
+ end
41
+
42
+ context "filtering by attributes" do
43
+ it "most attributes are not filterable by default" do
44
+ product = create(:product, meta_title: "special product")
45
+ other_product = create(:product)
46
+
47
+ get "/api/v1/products?q[meta_title_cont]=special", params: { token: user.spree_api_key }
48
+
49
+ products_response = JSON.parse(response.body)
50
+ expect(products_response['total_count']).to eq(Spree::Product.count)
51
+ end
52
+
53
+ it "id is filterable by default" do
54
+ product = create(:product)
55
+ other_product = create(:product)
56
+
57
+ get "/api/v1/products?q[id_eq]=#{product.id}", params: { token: user.spree_api_key }
58
+
59
+ product_names = JSON.parse(response.body)['products'].map { |product| product['name'] }
60
+ expect(product_names).to include product.name
61
+ expect(product_names).not_to include other_product.name
62
+ end
63
+ end
64
+
65
+ context "filtering by whitelisted attributes" do
66
+ it "filtering is supported for whitelisted attributes" do
67
+ product = create(:product, name: "Fritos")
68
+ other_product = create(:product)
69
+
70
+ get "/api/v1/products?q[name_cont]=fritos", params: { token: user.spree_api_key }
71
+
72
+ product_names = JSON.parse(response.body)['products'].map { |product| product['name'] }
73
+ expect(product_names).to include product.name
74
+ expect(product_names).not_to include other_product.name
75
+ end
76
+ end
77
+
78
+
79
+ end
@@ -0,0 +1,19 @@
1
+ require 'spec_helper'
2
+
3
+ describe "Version", type: :request do
4
+ let!(:countries) { 2.times.map { create :country } }
5
+
6
+ describe "/api" do
7
+ it "be a redirect" do
8
+ get "/api/countries"
9
+ expect(response).to have_http_status 301
10
+ end
11
+ end
12
+
13
+ describe "/api/v1" do
14
+ it "be successful" do
15
+ get "/api/v1/countries"
16
+ expect(response).to have_http_status 200
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,17 @@
1
+ shared_examples "modifying product actions are restricted" do
2
+ it "cannot create a new product if not an admin" do
3
+ api_post :create, product: { name: "Brand new product!" }
4
+ assert_unauthorized!
5
+ end
6
+
7
+ it "cannot update a product" do
8
+ api_put :update, id: product.to_param, product: { name: "I hacked your store!" }
9
+ assert_unauthorized!
10
+ end
11
+
12
+ it "cannot delete a product" do
13
+ api_delete :destroy, id: product.to_param
14
+ assert_unauthorized!
15
+ end
16
+ end
17
+
@@ -0,0 +1,63 @@
1
+ if ENV["COVERAGE"]
2
+ # Run Coverage report
3
+ require 'simplecov'
4
+ SimpleCov.start do
5
+ add_group 'Controllers', 'app/controllers'
6
+ add_group 'Helpers', 'app/helpers'
7
+ add_group 'Mailers', 'app/mailers'
8
+ add_group 'Models', 'app/models'
9
+ add_group 'Views', 'app/views'
10
+ add_group 'Libraries', 'lib'
11
+ end
12
+ end
13
+
14
+ # This file is copied to spec/ when you run 'rails generate rspec:install'
15
+ ENV["RAILS_ENV"] ||= 'test'
16
+
17
+ begin
18
+ require File.expand_path("../dummy/config/environment", __FILE__)
19
+ rescue LoadError
20
+ puts "Could not load dummy application. Please ensure you have run `bundle exec rake test_app`"
21
+ exit
22
+ end
23
+
24
+ require 'rspec/rails'
25
+ require 'ffaker'
26
+
27
+ # Requires supporting ruby files with custom matchers and macros, etc,
28
+ # in spec/support/ and its subdirectories.
29
+ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
30
+
31
+ require 'spree/testing_support/factories'
32
+ require 'spree/testing_support/preferences'
33
+
34
+ require 'spree/api/testing_support/caching'
35
+ require 'spree/api/testing_support/helpers'
36
+ require 'spree/api/testing_support/setup'
37
+ require 'spree/testing_support/shoulda_matcher_configuration'
38
+
39
+ RSpec.configure do |config|
40
+ config.backtrace_exclusion_patterns = [/gems\/activesupport/, /gems\/actionpack/, /gems\/rspec/]
41
+ config.color = true
42
+ config.fail_fast = ENV['FAIL_FAST'] || false
43
+ config.infer_spec_type_from_file_location!
44
+ config.raise_errors_for_deprecations!
45
+ config.use_transactional_fixtures = true
46
+
47
+ config.include FactoryGirl::Syntax::Methods
48
+ config.include Spree::Api::TestingSupport::Helpers, type: :controller
49
+ config.extend Spree::Api::TestingSupport::Setup, type: :controller
50
+ config.include Spree::TestingSupport::Preferences, type: :controller
51
+
52
+ config.before do
53
+ Spree::Api::Config[:requires_authentication] = true
54
+ end
55
+
56
+ config.include VersionCake::TestHelpers, type: :controller
57
+ config.before(:each, type: :controller) do
58
+ set_request_version('', 1)
59
+ end
60
+
61
+ config.order = :random
62
+ Kernel.srand config.seed
63
+ end