spree_api 3.2.9 → 3.3.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/spree/api/base_controller.rb +11 -12
- data/app/controllers/spree/api/v1/checkouts_controller.rb +5 -8
- data/app/controllers/spree/api/v1/customer_returns_controller.rb +24 -0
- data/app/controllers/spree/api/v1/orders_controller.rb +13 -24
- data/app/controllers/spree/api/v1/payments_controller.rb +2 -3
- data/app/controllers/spree/api/v1/reimbursements_controller.rb +24 -0
- data/app/controllers/spree/api/v1/shipments_controller.rb +4 -4
- data/app/controllers/spree/api/v1/zones_controller.rb +8 -3
- data/app/helpers/spree/api/api_helpers.rb +13 -1
- data/app/models/concerns/spree/user_api_authentication.rb +19 -0
- data/app/models/concerns/spree/user_api_methods.rb +7 -0
- data/app/views/spree/api/v1/customer_returns/index.v1.rabl +7 -0
- data/app/views/spree/api/v1/line_items/show.v1.rabl +0 -1
- data/app/views/spree/api/v1/reimbursements/index.v1.rabl +7 -0
- data/config/initializers/user_class_extensions.rb +7 -0
- data/config/routes.rb +3 -0
- data/spec/controllers/spree/api/base_controller_spec.rb +84 -0
- data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +56 -0
- data/spec/controllers/spree/api/v1/checkouts_controller_spec.rb +361 -0
- data/spec/controllers/spree/api/v1/classifications_controller_spec.rb +48 -0
- data/spec/controllers/spree/api/v1/countries_controller_spec.rb +48 -0
- data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb +80 -0
- data/spec/controllers/spree/api/v1/customer_returns_controller_spec.rb +27 -0
- data/spec/controllers/spree/api/v1/images_controller_spec.rb +114 -0
- data/spec/controllers/spree/api/v1/inventory_units_controller_spec.rb +48 -0
- data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +210 -0
- data/spec/controllers/spree/api/v1/option_types_controller_spec.rb +122 -0
- data/spec/controllers/spree/api/v1/option_values_controller_spec.rb +141 -0
- data/spec/controllers/spree/api/v1/orders_controller_spec.rb +735 -0
- data/spec/controllers/spree/api/v1/payments_controller_spec.rb +234 -0
- data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +156 -0
- data/spec/controllers/spree/api/v1/products_controller_spec.rb +409 -0
- data/spec/controllers/spree/api/v1/promotion_application_spec.rb +50 -0
- data/spec/controllers/spree/api/v1/promotions_controller_spec.rb +64 -0
- data/spec/controllers/spree/api/v1/properties_controller_spec.rb +102 -0
- data/spec/controllers/spree/api/v1/reimbursements_controller_spec.rb +24 -0
- data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +161 -0
- data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +187 -0
- data/spec/controllers/spree/api/v1/states_controller_spec.rb +86 -0
- data/spec/controllers/spree/api/v1/stock_items_controller_spec.rb +151 -0
- data/spec/controllers/spree/api/v1/stock_locations_controller_spec.rb +113 -0
- data/spec/controllers/spree/api/v1/stock_movements_controller_spec.rb +84 -0
- data/spec/controllers/spree/api/v1/stores_controller_spec.rb +133 -0
- data/spec/controllers/spree/api/v1/tags_controller_spec.rb +102 -0
- data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +114 -0
- data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +177 -0
- data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
- data/spec/controllers/spree/api/v1/users_controller_spec.rb +153 -0
- data/spec/controllers/spree/api/v1/variants_controller_spec.rb +205 -0
- data/spec/controllers/spree/api/v1/zones_controller_spec.rb +91 -0
- data/spec/models/spree/legacy_user_spec.rb +19 -0
- data/spec/requests/rabl_cache_spec.rb +32 -0
- data/spec/requests/ransackable_attributes_spec.rb +79 -0
- data/spec/requests/version_spec.rb +19 -0
- data/spec/shared_examples/protect_product_actions.rb +17 -0
- data/spec/spec_helper.rb +63 -0
- data/spec/support/controller_hacks.rb +40 -0
- data/spec/support/database_cleaner.rb +14 -0
- data/spec/support/have_attributes_matcher.rb +13 -0
- data/spree_api.gemspec +4 -3
- metadata +105 -13
- data/app/views/spree/api/v1/config/money.v1.rabl +0 -2
- data/app/views/spree/api/v1/config/show.v1.rabl +0 -2
@@ -0,0 +1,153 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::UsersController, type: :controller do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let(:user) { create(:user, spree_api_key: rand.to_s) }
|
8
|
+
let(:stranger) { create(:user, email: 'stranger@example.com') }
|
9
|
+
let(:attributes) { [:id, :email, :created_at, :updated_at] }
|
10
|
+
|
11
|
+
context "as a normal user" do
|
12
|
+
it "can get own details" do
|
13
|
+
api_get :show, id: user.id, token: user.spree_api_key
|
14
|
+
|
15
|
+
expect(json_response['email']).to eq user.email
|
16
|
+
end
|
17
|
+
|
18
|
+
it "cannot get other users details" do
|
19
|
+
api_get :show, id: stranger.id, token: user.spree_api_key
|
20
|
+
|
21
|
+
assert_not_found!
|
22
|
+
end
|
23
|
+
|
24
|
+
it "can learn how to create a new user" do
|
25
|
+
api_get :new, token: user.spree_api_key
|
26
|
+
expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
|
27
|
+
end
|
28
|
+
|
29
|
+
it "can create a new user" do
|
30
|
+
user_params = {
|
31
|
+
email: 'new@example.com', password: 'spree123', password_confirmation: 'spree123'
|
32
|
+
}
|
33
|
+
|
34
|
+
api_post :create, user: user_params, token: user.spree_api_key
|
35
|
+
expect(json_response['email']).to eq 'new@example.com'
|
36
|
+
end
|
37
|
+
|
38
|
+
# there's no validations on LegacyUser?
|
39
|
+
xit "cannot create a new user with invalid attributes" do
|
40
|
+
api_post :create, user: {}, token: user.spree_api_key
|
41
|
+
expect(response.status).to eq(422)
|
42
|
+
expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
|
43
|
+
errors = json_response["errors"]
|
44
|
+
end
|
45
|
+
|
46
|
+
it "can update own details" do
|
47
|
+
country = create(:country)
|
48
|
+
api_put :update, id: user.id, token: user.spree_api_key, user: {
|
49
|
+
email: "mine@example.com",
|
50
|
+
bill_address_attributes: {
|
51
|
+
first_name: 'First',
|
52
|
+
last_name: 'Last',
|
53
|
+
address1: '1 Test Rd',
|
54
|
+
city: 'City',
|
55
|
+
country_id: country.id,
|
56
|
+
state_id: 1,
|
57
|
+
zipcode: '55555',
|
58
|
+
phone: '5555555555'
|
59
|
+
},
|
60
|
+
ship_address_attributes: {
|
61
|
+
first_name: 'First',
|
62
|
+
last_name: 'Last',
|
63
|
+
address1: '1 Test Rd',
|
64
|
+
city: 'City',
|
65
|
+
country_id: country.id,
|
66
|
+
state_id: 1,
|
67
|
+
zipcode: '55555',
|
68
|
+
phone: '5555555555'
|
69
|
+
}
|
70
|
+
}
|
71
|
+
expect(json_response['email']).to eq 'mine@example.com'
|
72
|
+
expect(json_response['bill_address']).to_not be_nil
|
73
|
+
expect(json_response['ship_address']).to_not be_nil
|
74
|
+
end
|
75
|
+
|
76
|
+
it "cannot update other users details" do
|
77
|
+
api_put :update, id: stranger.id, token: user.spree_api_key, user: { email: "mine@example.com" }
|
78
|
+
assert_not_found!
|
79
|
+
end
|
80
|
+
|
81
|
+
it "can delete itself" do
|
82
|
+
api_delete :destroy, id: user.id, token: user.spree_api_key
|
83
|
+
expect(response.status).to eq(204)
|
84
|
+
end
|
85
|
+
|
86
|
+
it "cannot delete other user" do
|
87
|
+
api_delete :destroy, id: stranger.id, token: user.spree_api_key
|
88
|
+
assert_not_found!
|
89
|
+
end
|
90
|
+
|
91
|
+
it "should only get own details on index" do
|
92
|
+
2.times { create(:user) }
|
93
|
+
api_get :index, token: user.spree_api_key
|
94
|
+
|
95
|
+
expect(Spree.user_class.count).to eq 3
|
96
|
+
expect(json_response['count']).to eq 1
|
97
|
+
expect(json_response['users'].size).to eq 1
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
context "as an admin" do
|
102
|
+
before { stub_authentication! }
|
103
|
+
|
104
|
+
sign_in_as_admin!
|
105
|
+
|
106
|
+
it "gets all users" do
|
107
|
+
allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
|
108
|
+
|
109
|
+
2.times { create(:user) }
|
110
|
+
|
111
|
+
api_get :index
|
112
|
+
expect(Spree.user_class.count).to eq 2
|
113
|
+
expect(json_response['count']).to eq 2
|
114
|
+
expect(json_response['users'].size).to eq 2
|
115
|
+
end
|
116
|
+
|
117
|
+
it 'can control the page size through a parameter' do
|
118
|
+
2.times { create(:user) }
|
119
|
+
api_get :index, per_page: 1
|
120
|
+
expect(json_response['count']).to eq(1)
|
121
|
+
expect(json_response['current_page']).to eq(1)
|
122
|
+
expect(json_response['pages']).to eq(2)
|
123
|
+
end
|
124
|
+
|
125
|
+
it 'can query the results through a paramter' do
|
126
|
+
expected_result = create(:user, email: 'brian@spreecommerce.com')
|
127
|
+
api_get :index, q: { email_cont: 'brian' }
|
128
|
+
expect(json_response['count']).to eq(1)
|
129
|
+
expect(json_response['users'].first['email']).to eq expected_result.email
|
130
|
+
end
|
131
|
+
|
132
|
+
it "can create" do
|
133
|
+
api_post :create, user: { email: "new@example.com", password: 'spree123', password_confirmation: 'spree123' }
|
134
|
+
expect(json_response).to have_attributes(attributes)
|
135
|
+
expect(response.status).to eq(201)
|
136
|
+
end
|
137
|
+
|
138
|
+
it "can destroy user without orders" do
|
139
|
+
user.orders.destroy_all
|
140
|
+
api_delete :destroy, id: user.id
|
141
|
+
expect(response.status).to eq(204)
|
142
|
+
end
|
143
|
+
|
144
|
+
it "cannot destroy user with orders" do
|
145
|
+
create(:completed_order_with_totals, user: user)
|
146
|
+
api_delete :destroy, id: user.id
|
147
|
+
expect(json_response["exception"]).to eq "Spree::Core::DestroyWithOrdersError"
|
148
|
+
expect(response.status).to eq(422)
|
149
|
+
end
|
150
|
+
|
151
|
+
end
|
152
|
+
end
|
153
|
+
end
|
@@ -0,0 +1,205 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::VariantsController, type: :controller do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let(:option_value) { create(:option_value) }
|
8
|
+
let!(:product) { create(:product) }
|
9
|
+
let!(:variant) do
|
10
|
+
variant = product.master
|
11
|
+
variant.option_values << option_value
|
12
|
+
variant
|
13
|
+
end
|
14
|
+
|
15
|
+
let!(:base_attributes) { Api::ApiHelpers.variant_attributes }
|
16
|
+
let!(:show_attributes) { base_attributes.dup.push(:in_stock, :display_price) }
|
17
|
+
let!(:new_attributes) { base_attributes }
|
18
|
+
|
19
|
+
before do
|
20
|
+
stub_authentication!
|
21
|
+
end
|
22
|
+
|
23
|
+
it "can see a paginated list of variants" do
|
24
|
+
api_get :index
|
25
|
+
first_variant = json_response["variants"].first
|
26
|
+
expect(first_variant).to have_attributes(show_attributes)
|
27
|
+
expect(first_variant["stock_items"]).to be_present
|
28
|
+
expect(json_response["count"]).to eq(1)
|
29
|
+
expect(json_response["current_page"]).to eq(1)
|
30
|
+
expect(json_response["pages"]).to eq(1)
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'can control the page size through a parameter' do
|
34
|
+
create(:variant)
|
35
|
+
api_get :index, per_page: 1
|
36
|
+
expect(json_response['count']).to eq(1)
|
37
|
+
expect(json_response['current_page']).to eq(1)
|
38
|
+
expect(json_response['pages']).to eq(3)
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'can query the results through a parameter' do
|
42
|
+
expected_result = create(:variant, sku: 'FOOBAR')
|
43
|
+
api_get :index, q: { sku_cont: 'FOO' }
|
44
|
+
expect(json_response['count']).to eq(1)
|
45
|
+
expect(json_response['variants'].first['sku']).to eq expected_result.sku
|
46
|
+
end
|
47
|
+
|
48
|
+
it "variants returned contain option values data" do
|
49
|
+
api_get :index
|
50
|
+
option_values = json_response["variants"].last["option_values"]
|
51
|
+
expect(option_values.first).to have_attributes([:name,
|
52
|
+
:presentation,
|
53
|
+
:option_type_name,
|
54
|
+
:option_type_id])
|
55
|
+
end
|
56
|
+
|
57
|
+
it "variants returned contain images data" do
|
58
|
+
variant.images.create!(attachment: image("thinking-cat.jpg"))
|
59
|
+
|
60
|
+
api_get :index
|
61
|
+
|
62
|
+
expect(json_response["variants"].last).to have_attributes([:images])
|
63
|
+
expect(json_response['variants'].first['images'].first).to have_attributes([:attachment_file_name,
|
64
|
+
:attachment_width,
|
65
|
+
:attachment_height,
|
66
|
+
:attachment_content_type,
|
67
|
+
:mini_url,
|
68
|
+
:small_url,
|
69
|
+
:product_url,
|
70
|
+
:large_url])
|
71
|
+
|
72
|
+
end
|
73
|
+
|
74
|
+
it 'variants returned do not contain cost price data' do
|
75
|
+
api_get :index
|
76
|
+
expect(json_response["variants"].first.has_key?(:cost_price)).to eq false
|
77
|
+
end
|
78
|
+
|
79
|
+
# Regression test for #2141
|
80
|
+
context "a deleted variant" do
|
81
|
+
before do
|
82
|
+
variant.update_column(:deleted_at, Time.current)
|
83
|
+
end
|
84
|
+
|
85
|
+
it "is not returned in the results" do
|
86
|
+
api_get :index
|
87
|
+
expect(json_response["variants"].count).to eq(0)
|
88
|
+
end
|
89
|
+
|
90
|
+
it "is not returned even when show_deleted is passed" do
|
91
|
+
api_get :index, show_deleted: true
|
92
|
+
expect(json_response["variants"].count).to eq(0)
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
context "pagination" do
|
97
|
+
it "can select the next page of variants" do
|
98
|
+
second_variant = create(:variant)
|
99
|
+
api_get :index, page: 2, per_page: 1
|
100
|
+
expect(json_response["variants"].first).to have_attributes(show_attributes)
|
101
|
+
expect(json_response["total_count"]).to eq(3)
|
102
|
+
expect(json_response["current_page"]).to eq(2)
|
103
|
+
expect(json_response["pages"]).to eq(3)
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
it "can see a single variant" do
|
108
|
+
api_get :show, id: variant.to_param
|
109
|
+
expect(json_response).to have_attributes(show_attributes)
|
110
|
+
expect(json_response["stock_items"]).to be_present
|
111
|
+
option_values = json_response["option_values"]
|
112
|
+
expect(option_values.first).to have_attributes([:name,
|
113
|
+
:presentation,
|
114
|
+
:option_type_name,
|
115
|
+
:option_type_id])
|
116
|
+
end
|
117
|
+
|
118
|
+
it "can see a single variant with images" do
|
119
|
+
variant.images.create!(attachment: image("thinking-cat.jpg"))
|
120
|
+
|
121
|
+
api_get :show, id: variant.to_param
|
122
|
+
|
123
|
+
expect(json_response).to have_attributes(show_attributes + [:images])
|
124
|
+
option_values = json_response["option_values"]
|
125
|
+
expect(option_values.first).to have_attributes([:name,
|
126
|
+
:presentation,
|
127
|
+
:option_type_name,
|
128
|
+
:option_type_id])
|
129
|
+
end
|
130
|
+
|
131
|
+
it "can learn how to create a new variant" do
|
132
|
+
api_get :new
|
133
|
+
expect(json_response["attributes"]).to eq(new_attributes.map(&:to_s))
|
134
|
+
expect(json_response["required_attributes"]).to be_empty
|
135
|
+
end
|
136
|
+
|
137
|
+
it "cannot create a new variant if not an admin" do
|
138
|
+
api_post :create, variant: { sku: "12345" }
|
139
|
+
assert_unauthorized!
|
140
|
+
end
|
141
|
+
|
142
|
+
it "cannot update a variant" do
|
143
|
+
api_put :update, id: variant.to_param, variant: { sku: "12345" }
|
144
|
+
assert_not_found!
|
145
|
+
end
|
146
|
+
|
147
|
+
it "cannot delete a variant" do
|
148
|
+
api_delete :destroy, id: variant.to_param
|
149
|
+
assert_not_found!
|
150
|
+
expect { variant.reload }.not_to raise_error
|
151
|
+
end
|
152
|
+
|
153
|
+
context "as an admin" do
|
154
|
+
sign_in_as_admin!
|
155
|
+
let(:resource_scoping) { { product_id: variant.product.to_param } }
|
156
|
+
|
157
|
+
# Test for #2141
|
158
|
+
context "deleted variants" do
|
159
|
+
before do
|
160
|
+
variant.update_column(:deleted_at, Time.current)
|
161
|
+
end
|
162
|
+
|
163
|
+
it "are visible by admin" do
|
164
|
+
api_get :index, show_deleted: 1
|
165
|
+
expect(json_response["variants"].count).to eq(1)
|
166
|
+
end
|
167
|
+
end
|
168
|
+
|
169
|
+
it "can create a new variant" do
|
170
|
+
other_value = create(:option_value)
|
171
|
+
api_post :create, variant: {
|
172
|
+
sku: "12345",
|
173
|
+
price: "20",
|
174
|
+
option_value_ids: [option_value.id, other_value.id]
|
175
|
+
}
|
176
|
+
|
177
|
+
expect(json_response).to have_attributes(new_attributes)
|
178
|
+
expect(response.status).to eq(201)
|
179
|
+
expect(json_response["sku"]).to eq("12345")
|
180
|
+
expect(json_response["price"]).to match "20"
|
181
|
+
|
182
|
+
option_value_ids = json_response["option_values"].map { |o| o['id'] }
|
183
|
+
expect(option_value_ids).to match_array [option_value.id, other_value.id]
|
184
|
+
|
185
|
+
expect(variant.product.variants.count).to eq(1)
|
186
|
+
end
|
187
|
+
|
188
|
+
it "can update a variant" do
|
189
|
+
api_put :update, id: variant.to_param, variant: { sku: "12345" }
|
190
|
+
expect(response.status).to eq(200)
|
191
|
+
end
|
192
|
+
|
193
|
+
it "can delete a variant" do
|
194
|
+
api_delete :destroy, id: variant.to_param
|
195
|
+
expect(response.status).to eq(204)
|
196
|
+
expect { Spree::Variant.find(variant.id) }.to raise_error(ActiveRecord::RecordNotFound)
|
197
|
+
end
|
198
|
+
|
199
|
+
it 'variants returned contain cost price data' do
|
200
|
+
api_get :index
|
201
|
+
expect(json_response["variants"].first.has_key?(:cost_price)).to eq true
|
202
|
+
end
|
203
|
+
end
|
204
|
+
end
|
205
|
+
end
|
@@ -0,0 +1,91 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe Api::V1::ZonesController, type: :controller do
|
5
|
+
render_views
|
6
|
+
|
7
|
+
let!(:attributes) { [:id, :name, :zone_members] }
|
8
|
+
|
9
|
+
before do
|
10
|
+
stub_authentication!
|
11
|
+
@zone = create(:zone, name: 'Europe')
|
12
|
+
end
|
13
|
+
|
14
|
+
it "gets list of zones" do
|
15
|
+
api_get :index
|
16
|
+
expect(json_response['zones'].first).to have_attributes(attributes)
|
17
|
+
end
|
18
|
+
|
19
|
+
it 'can control the page size through a parameter' do
|
20
|
+
create(:zone)
|
21
|
+
api_get :index, per_page: 1
|
22
|
+
expect(json_response['count']).to eq(1)
|
23
|
+
expect(json_response['current_page']).to eq(1)
|
24
|
+
expect(json_response['pages']).to eq(2)
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'can query the results through a paramter' do
|
28
|
+
expected_result = create(:zone, name: 'South America')
|
29
|
+
api_get :index, q: { name_cont: 'south' }
|
30
|
+
expect(json_response['count']).to eq(1)
|
31
|
+
expect(json_response['zones'].first['name']).to eq expected_result.name
|
32
|
+
end
|
33
|
+
|
34
|
+
it "gets a zone" do
|
35
|
+
api_get :show, id: @zone.id
|
36
|
+
expect(json_response).to have_attributes(attributes)
|
37
|
+
expect(json_response['name']).to eq @zone.name
|
38
|
+
expect(json_response['zone_members'].size).to eq @zone.zone_members.count
|
39
|
+
end
|
40
|
+
|
41
|
+
context "as an admin" do
|
42
|
+
sign_in_as_admin!
|
43
|
+
|
44
|
+
let!(:country) { create(:country) }
|
45
|
+
|
46
|
+
it "can create a new zone" do
|
47
|
+
params = {
|
48
|
+
zone: {
|
49
|
+
name: "North Pole",
|
50
|
+
zone_members: [
|
51
|
+
{
|
52
|
+
zoneable_type: "Spree::Country",
|
53
|
+
zoneable_id: country.id
|
54
|
+
}
|
55
|
+
]
|
56
|
+
}
|
57
|
+
}
|
58
|
+
|
59
|
+
api_post :create, params
|
60
|
+
expect(response.status).to eq(201)
|
61
|
+
expect(json_response).to have_attributes(attributes)
|
62
|
+
expect(json_response["zone_members"]).not_to be_empty
|
63
|
+
end
|
64
|
+
|
65
|
+
it "updates a zone" do
|
66
|
+
params = { id: @zone.id,
|
67
|
+
zone: {
|
68
|
+
name: "North Pole",
|
69
|
+
zone_members: [
|
70
|
+
{
|
71
|
+
zoneable_type: "Spree::Country",
|
72
|
+
zoneable_id: country.id
|
73
|
+
}
|
74
|
+
]
|
75
|
+
}
|
76
|
+
}
|
77
|
+
|
78
|
+
api_put :update, params
|
79
|
+
expect(response.status).to eq(200)
|
80
|
+
expect(json_response['name']).to eq 'North Pole'
|
81
|
+
expect(json_response['zone_members']).not_to be_blank
|
82
|
+
end
|
83
|
+
|
84
|
+
it "can delete a zone" do
|
85
|
+
api_delete :destroy, id: @zone.id
|
86
|
+
expect(response.status).to eq(204)
|
87
|
+
expect { @zone.reload }.to raise_error(ActiveRecord::RecordNotFound)
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
describe LegacyUser, type: :model do
|
5
|
+
let(:user) { LegacyUser.new }
|
6
|
+
|
7
|
+
it "can generate an API key" do
|
8
|
+
expect(user).to receive(:save!)
|
9
|
+
user.generate_spree_api_key!
|
10
|
+
expect(user.spree_api_key).not_to be_blank
|
11
|
+
end
|
12
|
+
|
13
|
+
it "can clear an API key" do
|
14
|
+
expect(user).to receive(:save!)
|
15
|
+
user.clear_spree_api_key!
|
16
|
+
expect(user.spree_api_key).to be_blank
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "Rabl Cache", type: :request, caching: true do
|
4
|
+
let!(:user) { create(:admin_user) }
|
5
|
+
|
6
|
+
before do
|
7
|
+
create(:variant)
|
8
|
+
user.generate_spree_api_key!
|
9
|
+
expect(Spree::Product.count).to eq(1)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "doesn't create a cache key collision for models with different rabl templates" do
|
13
|
+
get "/api/v1/variants", params: { token: user.spree_api_key }
|
14
|
+
expect(response.status).to eq(200)
|
15
|
+
|
16
|
+
# Make sure we get a non master variant
|
17
|
+
variant_a = JSON.parse(response.body)['variants'].select do |v|
|
18
|
+
!v['is_master']
|
19
|
+
end.first
|
20
|
+
|
21
|
+
expect(variant_a['is_master']).to be false
|
22
|
+
expect(variant_a['stock_items']).not_to be_nil
|
23
|
+
|
24
|
+
get "/api/v1/products/#{Spree::Product.first.id}", params: { token: user.spree_api_key }
|
25
|
+
expect(response.status).to eq(200)
|
26
|
+
variant_b = JSON.parse(response.body)['variants'].last
|
27
|
+
expect(variant_b['is_master']).to be false
|
28
|
+
|
29
|
+
expect(variant_a['id']).to eq(variant_b['id'])
|
30
|
+
expect(variant_b['stock_items']).to be_nil
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "Ransackable Attributes" do
|
4
|
+
let(:user) { create(:user).tap(&:generate_spree_api_key!) }
|
5
|
+
let(:order) { create(:order_with_line_items, user: user) }
|
6
|
+
context "filtering by attributes one association away" do
|
7
|
+
it "does not allow the filtering of variants by order attributes" do
|
8
|
+
2.times { create(:variant) }
|
9
|
+
|
10
|
+
get "/api/v1/variants?q[orders_email_start]=#{order.email}", params: { token: user.spree_api_key }
|
11
|
+
|
12
|
+
variants_response = JSON.parse(response.body)
|
13
|
+
expect(variants_response['total_count']).to eq(Spree::Variant.count)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
context "filtering by attributes two associations away" do
|
18
|
+
it "does not allow the filtering of variants by user attributes" do
|
19
|
+
2.times { create(:variant) }
|
20
|
+
|
21
|
+
get "/api/v1/variants?q[orders_user_email_start]=#{order.user.email}", params: { token: user.spree_api_key }
|
22
|
+
|
23
|
+
variants_response = JSON.parse(response.body)
|
24
|
+
expect(variants_response['total_count']).to eq(Spree::Variant.count)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "it maintains desired association behavior" do
|
29
|
+
it "allows filtering of variants product name" do
|
30
|
+
product = create(:product, name: "Fritos")
|
31
|
+
variant = create(:variant, product: product)
|
32
|
+
other_variant = create(:variant)
|
33
|
+
|
34
|
+
get "/api/v1/variants?q[product_name_or_sku_cont]=fritos", params: { token: user.spree_api_key }
|
35
|
+
|
36
|
+
skus = JSON.parse(response.body)['variants'].map { |variant| variant['sku'] }
|
37
|
+
expect(skus).to include variant.sku
|
38
|
+
expect(skus).not_to include other_variant.sku
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
context "filtering by attributes" do
|
43
|
+
it "most attributes are not filterable by default" do
|
44
|
+
product = create(:product, meta_title: "special product")
|
45
|
+
other_product = create(:product)
|
46
|
+
|
47
|
+
get "/api/v1/products?q[meta_title_cont]=special", params: { token: user.spree_api_key }
|
48
|
+
|
49
|
+
products_response = JSON.parse(response.body)
|
50
|
+
expect(products_response['total_count']).to eq(Spree::Product.count)
|
51
|
+
end
|
52
|
+
|
53
|
+
it "id is filterable by default" do
|
54
|
+
product = create(:product)
|
55
|
+
other_product = create(:product)
|
56
|
+
|
57
|
+
get "/api/v1/products?q[id_eq]=#{product.id}", params: { token: user.spree_api_key }
|
58
|
+
|
59
|
+
product_names = JSON.parse(response.body)['products'].map { |product| product['name'] }
|
60
|
+
expect(product_names).to include product.name
|
61
|
+
expect(product_names).not_to include other_product.name
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
context "filtering by whitelisted attributes" do
|
66
|
+
it "filtering is supported for whitelisted attributes" do
|
67
|
+
product = create(:product, name: "Fritos")
|
68
|
+
other_product = create(:product)
|
69
|
+
|
70
|
+
get "/api/v1/products?q[name_cont]=fritos", params: { token: user.spree_api_key }
|
71
|
+
|
72
|
+
product_names = JSON.parse(response.body)['products'].map { |product| product['name'] }
|
73
|
+
expect(product_names).to include product.name
|
74
|
+
expect(product_names).not_to include other_product.name
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
|
79
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "Version", type: :request do
|
4
|
+
let!(:countries) { 2.times.map { create :country } }
|
5
|
+
|
6
|
+
describe "/api" do
|
7
|
+
it "be a redirect" do
|
8
|
+
get "/api/countries"
|
9
|
+
expect(response).to have_http_status 301
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
describe "/api/v1" do
|
14
|
+
it "be successful" do
|
15
|
+
get "/api/v1/countries"
|
16
|
+
expect(response).to have_http_status 200
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
shared_examples "modifying product actions are restricted" do
|
2
|
+
it "cannot create a new product if not an admin" do
|
3
|
+
api_post :create, product: { name: "Brand new product!" }
|
4
|
+
assert_unauthorized!
|
5
|
+
end
|
6
|
+
|
7
|
+
it "cannot update a product" do
|
8
|
+
api_put :update, id: product.to_param, product: { name: "I hacked your store!" }
|
9
|
+
assert_unauthorized!
|
10
|
+
end
|
11
|
+
|
12
|
+
it "cannot delete a product" do
|
13
|
+
api_delete :destroy, id: product.to_param
|
14
|
+
assert_unauthorized!
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,63 @@
|
|
1
|
+
if ENV["COVERAGE"]
|
2
|
+
# Run Coverage report
|
3
|
+
require 'simplecov'
|
4
|
+
SimpleCov.start do
|
5
|
+
add_group 'Controllers', 'app/controllers'
|
6
|
+
add_group 'Helpers', 'app/helpers'
|
7
|
+
add_group 'Mailers', 'app/mailers'
|
8
|
+
add_group 'Models', 'app/models'
|
9
|
+
add_group 'Views', 'app/views'
|
10
|
+
add_group 'Libraries', 'lib'
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
# This file is copied to spec/ when you run 'rails generate rspec:install'
|
15
|
+
ENV["RAILS_ENV"] ||= 'test'
|
16
|
+
|
17
|
+
begin
|
18
|
+
require File.expand_path("../dummy/config/environment", __FILE__)
|
19
|
+
rescue LoadError
|
20
|
+
puts "Could not load dummy application. Please ensure you have run `bundle exec rake test_app`"
|
21
|
+
exit
|
22
|
+
end
|
23
|
+
|
24
|
+
require 'rspec/rails'
|
25
|
+
require 'ffaker'
|
26
|
+
|
27
|
+
# Requires supporting ruby files with custom matchers and macros, etc,
|
28
|
+
# in spec/support/ and its subdirectories.
|
29
|
+
Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
|
30
|
+
|
31
|
+
require 'spree/testing_support/factories'
|
32
|
+
require 'spree/testing_support/preferences'
|
33
|
+
|
34
|
+
require 'spree/api/testing_support/caching'
|
35
|
+
require 'spree/api/testing_support/helpers'
|
36
|
+
require 'spree/api/testing_support/setup'
|
37
|
+
require 'spree/testing_support/shoulda_matcher_configuration'
|
38
|
+
|
39
|
+
RSpec.configure do |config|
|
40
|
+
config.backtrace_exclusion_patterns = [/gems\/activesupport/, /gems\/actionpack/, /gems\/rspec/]
|
41
|
+
config.color = true
|
42
|
+
config.fail_fast = ENV['FAIL_FAST'] || false
|
43
|
+
config.infer_spec_type_from_file_location!
|
44
|
+
config.raise_errors_for_deprecations!
|
45
|
+
config.use_transactional_fixtures = true
|
46
|
+
|
47
|
+
config.include FactoryGirl::Syntax::Methods
|
48
|
+
config.include Spree::Api::TestingSupport::Helpers, type: :controller
|
49
|
+
config.extend Spree::Api::TestingSupport::Setup, type: :controller
|
50
|
+
config.include Spree::TestingSupport::Preferences, type: :controller
|
51
|
+
|
52
|
+
config.before do
|
53
|
+
Spree::Api::Config[:requires_authentication] = true
|
54
|
+
end
|
55
|
+
|
56
|
+
config.include VersionCake::TestHelpers, type: :controller
|
57
|
+
config.before(:each, type: :controller) do
|
58
|
+
set_request_version('', 1)
|
59
|
+
end
|
60
|
+
|
61
|
+
config.order = :random
|
62
|
+
Kernel.srand config.seed
|
63
|
+
end
|