spree_api 3.2.9 → 3.3.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/base_controller.rb +11 -12
  3. data/app/controllers/spree/api/v1/checkouts_controller.rb +5 -8
  4. data/app/controllers/spree/api/v1/customer_returns_controller.rb +24 -0
  5. data/app/controllers/spree/api/v1/orders_controller.rb +13 -24
  6. data/app/controllers/spree/api/v1/payments_controller.rb +2 -3
  7. data/app/controllers/spree/api/v1/reimbursements_controller.rb +24 -0
  8. data/app/controllers/spree/api/v1/shipments_controller.rb +4 -4
  9. data/app/controllers/spree/api/v1/zones_controller.rb +8 -3
  10. data/app/helpers/spree/api/api_helpers.rb +13 -1
  11. data/app/models/concerns/spree/user_api_authentication.rb +19 -0
  12. data/app/models/concerns/spree/user_api_methods.rb +7 -0
  13. data/app/views/spree/api/v1/customer_returns/index.v1.rabl +7 -0
  14. data/app/views/spree/api/v1/line_items/show.v1.rabl +0 -1
  15. data/app/views/spree/api/v1/reimbursements/index.v1.rabl +7 -0
  16. data/config/initializers/user_class_extensions.rb +7 -0
  17. data/config/routes.rb +3 -0
  18. data/spec/controllers/spree/api/base_controller_spec.rb +84 -0
  19. data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +56 -0
  20. data/spec/controllers/spree/api/v1/checkouts_controller_spec.rb +361 -0
  21. data/spec/controllers/spree/api/v1/classifications_controller_spec.rb +48 -0
  22. data/spec/controllers/spree/api/v1/countries_controller_spec.rb +48 -0
  23. data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb +80 -0
  24. data/spec/controllers/spree/api/v1/customer_returns_controller_spec.rb +27 -0
  25. data/spec/controllers/spree/api/v1/images_controller_spec.rb +114 -0
  26. data/spec/controllers/spree/api/v1/inventory_units_controller_spec.rb +48 -0
  27. data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +210 -0
  28. data/spec/controllers/spree/api/v1/option_types_controller_spec.rb +122 -0
  29. data/spec/controllers/spree/api/v1/option_values_controller_spec.rb +141 -0
  30. data/spec/controllers/spree/api/v1/orders_controller_spec.rb +735 -0
  31. data/spec/controllers/spree/api/v1/payments_controller_spec.rb +234 -0
  32. data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +156 -0
  33. data/spec/controllers/spree/api/v1/products_controller_spec.rb +409 -0
  34. data/spec/controllers/spree/api/v1/promotion_application_spec.rb +50 -0
  35. data/spec/controllers/spree/api/v1/promotions_controller_spec.rb +64 -0
  36. data/spec/controllers/spree/api/v1/properties_controller_spec.rb +102 -0
  37. data/spec/controllers/spree/api/v1/reimbursements_controller_spec.rb +24 -0
  38. data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +161 -0
  39. data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +187 -0
  40. data/spec/controllers/spree/api/v1/states_controller_spec.rb +86 -0
  41. data/spec/controllers/spree/api/v1/stock_items_controller_spec.rb +151 -0
  42. data/spec/controllers/spree/api/v1/stock_locations_controller_spec.rb +113 -0
  43. data/spec/controllers/spree/api/v1/stock_movements_controller_spec.rb +84 -0
  44. data/spec/controllers/spree/api/v1/stores_controller_spec.rb +133 -0
  45. data/spec/controllers/spree/api/v1/tags_controller_spec.rb +102 -0
  46. data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +114 -0
  47. data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +177 -0
  48. data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
  49. data/spec/controllers/spree/api/v1/users_controller_spec.rb +153 -0
  50. data/spec/controllers/spree/api/v1/variants_controller_spec.rb +205 -0
  51. data/spec/controllers/spree/api/v1/zones_controller_spec.rb +91 -0
  52. data/spec/models/spree/legacy_user_spec.rb +19 -0
  53. data/spec/requests/rabl_cache_spec.rb +32 -0
  54. data/spec/requests/ransackable_attributes_spec.rb +79 -0
  55. data/spec/requests/version_spec.rb +19 -0
  56. data/spec/shared_examples/protect_product_actions.rb +17 -0
  57. data/spec/spec_helper.rb +63 -0
  58. data/spec/support/controller_hacks.rb +40 -0
  59. data/spec/support/database_cleaner.rb +14 -0
  60. data/spec/support/have_attributes_matcher.rb +13 -0
  61. data/spree_api.gemspec +4 -3
  62. metadata +105 -13
  63. data/app/views/spree/api/v1/config/money.v1.rabl +0 -2
  64. data/app/views/spree/api/v1/config/show.v1.rabl +0 -2
@@ -0,0 +1,153 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::UsersController, type: :controller do
5
+ render_views
6
+
7
+ let(:user) { create(:user, spree_api_key: rand.to_s) }
8
+ let(:stranger) { create(:user, email: 'stranger@example.com') }
9
+ let(:attributes) { [:id, :email, :created_at, :updated_at] }
10
+
11
+ context "as a normal user" do
12
+ it "can get own details" do
13
+ api_get :show, id: user.id, token: user.spree_api_key
14
+
15
+ expect(json_response['email']).to eq user.email
16
+ end
17
+
18
+ it "cannot get other users details" do
19
+ api_get :show, id: stranger.id, token: user.spree_api_key
20
+
21
+ assert_not_found!
22
+ end
23
+
24
+ it "can learn how to create a new user" do
25
+ api_get :new, token: user.spree_api_key
26
+ expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
27
+ end
28
+
29
+ it "can create a new user" do
30
+ user_params = {
31
+ email: 'new@example.com', password: 'spree123', password_confirmation: 'spree123'
32
+ }
33
+
34
+ api_post :create, user: user_params, token: user.spree_api_key
35
+ expect(json_response['email']).to eq 'new@example.com'
36
+ end
37
+
38
+ # there's no validations on LegacyUser?
39
+ xit "cannot create a new user with invalid attributes" do
40
+ api_post :create, user: {}, token: user.spree_api_key
41
+ expect(response.status).to eq(422)
42
+ expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
43
+ errors = json_response["errors"]
44
+ end
45
+
46
+ it "can update own details" do
47
+ country = create(:country)
48
+ api_put :update, id: user.id, token: user.spree_api_key, user: {
49
+ email: "mine@example.com",
50
+ bill_address_attributes: {
51
+ first_name: 'First',
52
+ last_name: 'Last',
53
+ address1: '1 Test Rd',
54
+ city: 'City',
55
+ country_id: country.id,
56
+ state_id: 1,
57
+ zipcode: '55555',
58
+ phone: '5555555555'
59
+ },
60
+ ship_address_attributes: {
61
+ first_name: 'First',
62
+ last_name: 'Last',
63
+ address1: '1 Test Rd',
64
+ city: 'City',
65
+ country_id: country.id,
66
+ state_id: 1,
67
+ zipcode: '55555',
68
+ phone: '5555555555'
69
+ }
70
+ }
71
+ expect(json_response['email']).to eq 'mine@example.com'
72
+ expect(json_response['bill_address']).to_not be_nil
73
+ expect(json_response['ship_address']).to_not be_nil
74
+ end
75
+
76
+ it "cannot update other users details" do
77
+ api_put :update, id: stranger.id, token: user.spree_api_key, user: { email: "mine@example.com" }
78
+ assert_not_found!
79
+ end
80
+
81
+ it "can delete itself" do
82
+ api_delete :destroy, id: user.id, token: user.spree_api_key
83
+ expect(response.status).to eq(204)
84
+ end
85
+
86
+ it "cannot delete other user" do
87
+ api_delete :destroy, id: stranger.id, token: user.spree_api_key
88
+ assert_not_found!
89
+ end
90
+
91
+ it "should only get own details on index" do
92
+ 2.times { create(:user) }
93
+ api_get :index, token: user.spree_api_key
94
+
95
+ expect(Spree.user_class.count).to eq 3
96
+ expect(json_response['count']).to eq 1
97
+ expect(json_response['users'].size).to eq 1
98
+ end
99
+ end
100
+
101
+ context "as an admin" do
102
+ before { stub_authentication! }
103
+
104
+ sign_in_as_admin!
105
+
106
+ it "gets all users" do
107
+ allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
108
+
109
+ 2.times { create(:user) }
110
+
111
+ api_get :index
112
+ expect(Spree.user_class.count).to eq 2
113
+ expect(json_response['count']).to eq 2
114
+ expect(json_response['users'].size).to eq 2
115
+ end
116
+
117
+ it 'can control the page size through a parameter' do
118
+ 2.times { create(:user) }
119
+ api_get :index, per_page: 1
120
+ expect(json_response['count']).to eq(1)
121
+ expect(json_response['current_page']).to eq(1)
122
+ expect(json_response['pages']).to eq(2)
123
+ end
124
+
125
+ it 'can query the results through a paramter' do
126
+ expected_result = create(:user, email: 'brian@spreecommerce.com')
127
+ api_get :index, q: { email_cont: 'brian' }
128
+ expect(json_response['count']).to eq(1)
129
+ expect(json_response['users'].first['email']).to eq expected_result.email
130
+ end
131
+
132
+ it "can create" do
133
+ api_post :create, user: { email: "new@example.com", password: 'spree123', password_confirmation: 'spree123' }
134
+ expect(json_response).to have_attributes(attributes)
135
+ expect(response.status).to eq(201)
136
+ end
137
+
138
+ it "can destroy user without orders" do
139
+ user.orders.destroy_all
140
+ api_delete :destroy, id: user.id
141
+ expect(response.status).to eq(204)
142
+ end
143
+
144
+ it "cannot destroy user with orders" do
145
+ create(:completed_order_with_totals, user: user)
146
+ api_delete :destroy, id: user.id
147
+ expect(json_response["exception"]).to eq "Spree::Core::DestroyWithOrdersError"
148
+ expect(response.status).to eq(422)
149
+ end
150
+
151
+ end
152
+ end
153
+ end
@@ -0,0 +1,205 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::VariantsController, type: :controller do
5
+ render_views
6
+
7
+ let(:option_value) { create(:option_value) }
8
+ let!(:product) { create(:product) }
9
+ let!(:variant) do
10
+ variant = product.master
11
+ variant.option_values << option_value
12
+ variant
13
+ end
14
+
15
+ let!(:base_attributes) { Api::ApiHelpers.variant_attributes }
16
+ let!(:show_attributes) { base_attributes.dup.push(:in_stock, :display_price) }
17
+ let!(:new_attributes) { base_attributes }
18
+
19
+ before do
20
+ stub_authentication!
21
+ end
22
+
23
+ it "can see a paginated list of variants" do
24
+ api_get :index
25
+ first_variant = json_response["variants"].first
26
+ expect(first_variant).to have_attributes(show_attributes)
27
+ expect(first_variant["stock_items"]).to be_present
28
+ expect(json_response["count"]).to eq(1)
29
+ expect(json_response["current_page"]).to eq(1)
30
+ expect(json_response["pages"]).to eq(1)
31
+ end
32
+
33
+ it 'can control the page size through a parameter' do
34
+ create(:variant)
35
+ api_get :index, per_page: 1
36
+ expect(json_response['count']).to eq(1)
37
+ expect(json_response['current_page']).to eq(1)
38
+ expect(json_response['pages']).to eq(3)
39
+ end
40
+
41
+ it 'can query the results through a parameter' do
42
+ expected_result = create(:variant, sku: 'FOOBAR')
43
+ api_get :index, q: { sku_cont: 'FOO' }
44
+ expect(json_response['count']).to eq(1)
45
+ expect(json_response['variants'].first['sku']).to eq expected_result.sku
46
+ end
47
+
48
+ it "variants returned contain option values data" do
49
+ api_get :index
50
+ option_values = json_response["variants"].last["option_values"]
51
+ expect(option_values.first).to have_attributes([:name,
52
+ :presentation,
53
+ :option_type_name,
54
+ :option_type_id])
55
+ end
56
+
57
+ it "variants returned contain images data" do
58
+ variant.images.create!(attachment: image("thinking-cat.jpg"))
59
+
60
+ api_get :index
61
+
62
+ expect(json_response["variants"].last).to have_attributes([:images])
63
+ expect(json_response['variants'].first['images'].first).to have_attributes([:attachment_file_name,
64
+ :attachment_width,
65
+ :attachment_height,
66
+ :attachment_content_type,
67
+ :mini_url,
68
+ :small_url,
69
+ :product_url,
70
+ :large_url])
71
+
72
+ end
73
+
74
+ it 'variants returned do not contain cost price data' do
75
+ api_get :index
76
+ expect(json_response["variants"].first.has_key?(:cost_price)).to eq false
77
+ end
78
+
79
+ # Regression test for #2141
80
+ context "a deleted variant" do
81
+ before do
82
+ variant.update_column(:deleted_at, Time.current)
83
+ end
84
+
85
+ it "is not returned in the results" do
86
+ api_get :index
87
+ expect(json_response["variants"].count).to eq(0)
88
+ end
89
+
90
+ it "is not returned even when show_deleted is passed" do
91
+ api_get :index, show_deleted: true
92
+ expect(json_response["variants"].count).to eq(0)
93
+ end
94
+ end
95
+
96
+ context "pagination" do
97
+ it "can select the next page of variants" do
98
+ second_variant = create(:variant)
99
+ api_get :index, page: 2, per_page: 1
100
+ expect(json_response["variants"].first).to have_attributes(show_attributes)
101
+ expect(json_response["total_count"]).to eq(3)
102
+ expect(json_response["current_page"]).to eq(2)
103
+ expect(json_response["pages"]).to eq(3)
104
+ end
105
+ end
106
+
107
+ it "can see a single variant" do
108
+ api_get :show, id: variant.to_param
109
+ expect(json_response).to have_attributes(show_attributes)
110
+ expect(json_response["stock_items"]).to be_present
111
+ option_values = json_response["option_values"]
112
+ expect(option_values.first).to have_attributes([:name,
113
+ :presentation,
114
+ :option_type_name,
115
+ :option_type_id])
116
+ end
117
+
118
+ it "can see a single variant with images" do
119
+ variant.images.create!(attachment: image("thinking-cat.jpg"))
120
+
121
+ api_get :show, id: variant.to_param
122
+
123
+ expect(json_response).to have_attributes(show_attributes + [:images])
124
+ option_values = json_response["option_values"]
125
+ expect(option_values.first).to have_attributes([:name,
126
+ :presentation,
127
+ :option_type_name,
128
+ :option_type_id])
129
+ end
130
+
131
+ it "can learn how to create a new variant" do
132
+ api_get :new
133
+ expect(json_response["attributes"]).to eq(new_attributes.map(&:to_s))
134
+ expect(json_response["required_attributes"]).to be_empty
135
+ end
136
+
137
+ it "cannot create a new variant if not an admin" do
138
+ api_post :create, variant: { sku: "12345" }
139
+ assert_unauthorized!
140
+ end
141
+
142
+ it "cannot update a variant" do
143
+ api_put :update, id: variant.to_param, variant: { sku: "12345" }
144
+ assert_not_found!
145
+ end
146
+
147
+ it "cannot delete a variant" do
148
+ api_delete :destroy, id: variant.to_param
149
+ assert_not_found!
150
+ expect { variant.reload }.not_to raise_error
151
+ end
152
+
153
+ context "as an admin" do
154
+ sign_in_as_admin!
155
+ let(:resource_scoping) { { product_id: variant.product.to_param } }
156
+
157
+ # Test for #2141
158
+ context "deleted variants" do
159
+ before do
160
+ variant.update_column(:deleted_at, Time.current)
161
+ end
162
+
163
+ it "are visible by admin" do
164
+ api_get :index, show_deleted: 1
165
+ expect(json_response["variants"].count).to eq(1)
166
+ end
167
+ end
168
+
169
+ it "can create a new variant" do
170
+ other_value = create(:option_value)
171
+ api_post :create, variant: {
172
+ sku: "12345",
173
+ price: "20",
174
+ option_value_ids: [option_value.id, other_value.id]
175
+ }
176
+
177
+ expect(json_response).to have_attributes(new_attributes)
178
+ expect(response.status).to eq(201)
179
+ expect(json_response["sku"]).to eq("12345")
180
+ expect(json_response["price"]).to match "20"
181
+
182
+ option_value_ids = json_response["option_values"].map { |o| o['id'] }
183
+ expect(option_value_ids).to match_array [option_value.id, other_value.id]
184
+
185
+ expect(variant.product.variants.count).to eq(1)
186
+ end
187
+
188
+ it "can update a variant" do
189
+ api_put :update, id: variant.to_param, variant: { sku: "12345" }
190
+ expect(response.status).to eq(200)
191
+ end
192
+
193
+ it "can delete a variant" do
194
+ api_delete :destroy, id: variant.to_param
195
+ expect(response.status).to eq(204)
196
+ expect { Spree::Variant.find(variant.id) }.to raise_error(ActiveRecord::RecordNotFound)
197
+ end
198
+
199
+ it 'variants returned contain cost price data' do
200
+ api_get :index
201
+ expect(json_response["variants"].first.has_key?(:cost_price)).to eq true
202
+ end
203
+ end
204
+ end
205
+ end
@@ -0,0 +1,91 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe Api::V1::ZonesController, type: :controller do
5
+ render_views
6
+
7
+ let!(:attributes) { [:id, :name, :zone_members] }
8
+
9
+ before do
10
+ stub_authentication!
11
+ @zone = create(:zone, name: 'Europe')
12
+ end
13
+
14
+ it "gets list of zones" do
15
+ api_get :index
16
+ expect(json_response['zones'].first).to have_attributes(attributes)
17
+ end
18
+
19
+ it 'can control the page size through a parameter' do
20
+ create(:zone)
21
+ api_get :index, per_page: 1
22
+ expect(json_response['count']).to eq(1)
23
+ expect(json_response['current_page']).to eq(1)
24
+ expect(json_response['pages']).to eq(2)
25
+ end
26
+
27
+ it 'can query the results through a paramter' do
28
+ expected_result = create(:zone, name: 'South America')
29
+ api_get :index, q: { name_cont: 'south' }
30
+ expect(json_response['count']).to eq(1)
31
+ expect(json_response['zones'].first['name']).to eq expected_result.name
32
+ end
33
+
34
+ it "gets a zone" do
35
+ api_get :show, id: @zone.id
36
+ expect(json_response).to have_attributes(attributes)
37
+ expect(json_response['name']).to eq @zone.name
38
+ expect(json_response['zone_members'].size).to eq @zone.zone_members.count
39
+ end
40
+
41
+ context "as an admin" do
42
+ sign_in_as_admin!
43
+
44
+ let!(:country) { create(:country) }
45
+
46
+ it "can create a new zone" do
47
+ params = {
48
+ zone: {
49
+ name: "North Pole",
50
+ zone_members: [
51
+ {
52
+ zoneable_type: "Spree::Country",
53
+ zoneable_id: country.id
54
+ }
55
+ ]
56
+ }
57
+ }
58
+
59
+ api_post :create, params
60
+ expect(response.status).to eq(201)
61
+ expect(json_response).to have_attributes(attributes)
62
+ expect(json_response["zone_members"]).not_to be_empty
63
+ end
64
+
65
+ it "updates a zone" do
66
+ params = { id: @zone.id,
67
+ zone: {
68
+ name: "North Pole",
69
+ zone_members: [
70
+ {
71
+ zoneable_type: "Spree::Country",
72
+ zoneable_id: country.id
73
+ }
74
+ ]
75
+ }
76
+ }
77
+
78
+ api_put :update, params
79
+ expect(response.status).to eq(200)
80
+ expect(json_response['name']).to eq 'North Pole'
81
+ expect(json_response['zone_members']).not_to be_blank
82
+ end
83
+
84
+ it "can delete a zone" do
85
+ api_delete :destroy, id: @zone.id
86
+ expect(response.status).to eq(204)
87
+ expect { @zone.reload }.to raise_error(ActiveRecord::RecordNotFound)
88
+ end
89
+ end
90
+ end
91
+ end
@@ -0,0 +1,19 @@
1
+ require 'spec_helper'
2
+
3
+ module Spree
4
+ describe LegacyUser, type: :model do
5
+ let(:user) { LegacyUser.new }
6
+
7
+ it "can generate an API key" do
8
+ expect(user).to receive(:save!)
9
+ user.generate_spree_api_key!
10
+ expect(user.spree_api_key).not_to be_blank
11
+ end
12
+
13
+ it "can clear an API key" do
14
+ expect(user).to receive(:save!)
15
+ user.clear_spree_api_key!
16
+ expect(user.spree_api_key).to be_blank
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,32 @@
1
+ require 'spec_helper'
2
+
3
+ describe "Rabl Cache", type: :request, caching: true do
4
+ let!(:user) { create(:admin_user) }
5
+
6
+ before do
7
+ create(:variant)
8
+ user.generate_spree_api_key!
9
+ expect(Spree::Product.count).to eq(1)
10
+ end
11
+
12
+ it "doesn't create a cache key collision for models with different rabl templates" do
13
+ get "/api/v1/variants", params: { token: user.spree_api_key }
14
+ expect(response.status).to eq(200)
15
+
16
+ # Make sure we get a non master variant
17
+ variant_a = JSON.parse(response.body)['variants'].select do |v|
18
+ !v['is_master']
19
+ end.first
20
+
21
+ expect(variant_a['is_master']).to be false
22
+ expect(variant_a['stock_items']).not_to be_nil
23
+
24
+ get "/api/v1/products/#{Spree::Product.first.id}", params: { token: user.spree_api_key }
25
+ expect(response.status).to eq(200)
26
+ variant_b = JSON.parse(response.body)['variants'].last
27
+ expect(variant_b['is_master']).to be false
28
+
29
+ expect(variant_a['id']).to eq(variant_b['id'])
30
+ expect(variant_b['stock_items']).to be_nil
31
+ end
32
+ end
@@ -0,0 +1,79 @@
1
+ require 'spec_helper'
2
+
3
+ describe "Ransackable Attributes" do
4
+ let(:user) { create(:user).tap(&:generate_spree_api_key!) }
5
+ let(:order) { create(:order_with_line_items, user: user) }
6
+ context "filtering by attributes one association away" do
7
+ it "does not allow the filtering of variants by order attributes" do
8
+ 2.times { create(:variant) }
9
+
10
+ get "/api/v1/variants?q[orders_email_start]=#{order.email}", params: { token: user.spree_api_key }
11
+
12
+ variants_response = JSON.parse(response.body)
13
+ expect(variants_response['total_count']).to eq(Spree::Variant.count)
14
+ end
15
+ end
16
+
17
+ context "filtering by attributes two associations away" do
18
+ it "does not allow the filtering of variants by user attributes" do
19
+ 2.times { create(:variant) }
20
+
21
+ get "/api/v1/variants?q[orders_user_email_start]=#{order.user.email}", params: { token: user.spree_api_key }
22
+
23
+ variants_response = JSON.parse(response.body)
24
+ expect(variants_response['total_count']).to eq(Spree::Variant.count)
25
+ end
26
+ end
27
+
28
+ context "it maintains desired association behavior" do
29
+ it "allows filtering of variants product name" do
30
+ product = create(:product, name: "Fritos")
31
+ variant = create(:variant, product: product)
32
+ other_variant = create(:variant)
33
+
34
+ get "/api/v1/variants?q[product_name_or_sku_cont]=fritos", params: { token: user.spree_api_key }
35
+
36
+ skus = JSON.parse(response.body)['variants'].map { |variant| variant['sku'] }
37
+ expect(skus).to include variant.sku
38
+ expect(skus).not_to include other_variant.sku
39
+ end
40
+ end
41
+
42
+ context "filtering by attributes" do
43
+ it "most attributes are not filterable by default" do
44
+ product = create(:product, meta_title: "special product")
45
+ other_product = create(:product)
46
+
47
+ get "/api/v1/products?q[meta_title_cont]=special", params: { token: user.spree_api_key }
48
+
49
+ products_response = JSON.parse(response.body)
50
+ expect(products_response['total_count']).to eq(Spree::Product.count)
51
+ end
52
+
53
+ it "id is filterable by default" do
54
+ product = create(:product)
55
+ other_product = create(:product)
56
+
57
+ get "/api/v1/products?q[id_eq]=#{product.id}", params: { token: user.spree_api_key }
58
+
59
+ product_names = JSON.parse(response.body)['products'].map { |product| product['name'] }
60
+ expect(product_names).to include product.name
61
+ expect(product_names).not_to include other_product.name
62
+ end
63
+ end
64
+
65
+ context "filtering by whitelisted attributes" do
66
+ it "filtering is supported for whitelisted attributes" do
67
+ product = create(:product, name: "Fritos")
68
+ other_product = create(:product)
69
+
70
+ get "/api/v1/products?q[name_cont]=fritos", params: { token: user.spree_api_key }
71
+
72
+ product_names = JSON.parse(response.body)['products'].map { |product| product['name'] }
73
+ expect(product_names).to include product.name
74
+ expect(product_names).not_to include other_product.name
75
+ end
76
+ end
77
+
78
+
79
+ end
@@ -0,0 +1,19 @@
1
+ require 'spec_helper'
2
+
3
+ describe "Version", type: :request do
4
+ let!(:countries) { 2.times.map { create :country } }
5
+
6
+ describe "/api" do
7
+ it "be a redirect" do
8
+ get "/api/countries"
9
+ expect(response).to have_http_status 301
10
+ end
11
+ end
12
+
13
+ describe "/api/v1" do
14
+ it "be successful" do
15
+ get "/api/v1/countries"
16
+ expect(response).to have_http_status 200
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,17 @@
1
+ shared_examples "modifying product actions are restricted" do
2
+ it "cannot create a new product if not an admin" do
3
+ api_post :create, product: { name: "Brand new product!" }
4
+ assert_unauthorized!
5
+ end
6
+
7
+ it "cannot update a product" do
8
+ api_put :update, id: product.to_param, product: { name: "I hacked your store!" }
9
+ assert_unauthorized!
10
+ end
11
+
12
+ it "cannot delete a product" do
13
+ api_delete :destroy, id: product.to_param
14
+ assert_unauthorized!
15
+ end
16
+ end
17
+
@@ -0,0 +1,63 @@
1
+ if ENV["COVERAGE"]
2
+ # Run Coverage report
3
+ require 'simplecov'
4
+ SimpleCov.start do
5
+ add_group 'Controllers', 'app/controllers'
6
+ add_group 'Helpers', 'app/helpers'
7
+ add_group 'Mailers', 'app/mailers'
8
+ add_group 'Models', 'app/models'
9
+ add_group 'Views', 'app/views'
10
+ add_group 'Libraries', 'lib'
11
+ end
12
+ end
13
+
14
+ # This file is copied to spec/ when you run 'rails generate rspec:install'
15
+ ENV["RAILS_ENV"] ||= 'test'
16
+
17
+ begin
18
+ require File.expand_path("../dummy/config/environment", __FILE__)
19
+ rescue LoadError
20
+ puts "Could not load dummy application. Please ensure you have run `bundle exec rake test_app`"
21
+ exit
22
+ end
23
+
24
+ require 'rspec/rails'
25
+ require 'ffaker'
26
+
27
+ # Requires supporting ruby files with custom matchers and macros, etc,
28
+ # in spec/support/ and its subdirectories.
29
+ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
30
+
31
+ require 'spree/testing_support/factories'
32
+ require 'spree/testing_support/preferences'
33
+
34
+ require 'spree/api/testing_support/caching'
35
+ require 'spree/api/testing_support/helpers'
36
+ require 'spree/api/testing_support/setup'
37
+ require 'spree/testing_support/shoulda_matcher_configuration'
38
+
39
+ RSpec.configure do |config|
40
+ config.backtrace_exclusion_patterns = [/gems\/activesupport/, /gems\/actionpack/, /gems\/rspec/]
41
+ config.color = true
42
+ config.fail_fast = ENV['FAIL_FAST'] || false
43
+ config.infer_spec_type_from_file_location!
44
+ config.raise_errors_for_deprecations!
45
+ config.use_transactional_fixtures = true
46
+
47
+ config.include FactoryGirl::Syntax::Methods
48
+ config.include Spree::Api::TestingSupport::Helpers, type: :controller
49
+ config.extend Spree::Api::TestingSupport::Setup, type: :controller
50
+ config.include Spree::TestingSupport::Preferences, type: :controller
51
+
52
+ config.before do
53
+ Spree::Api::Config[:requires_authentication] = true
54
+ end
55
+
56
+ config.include VersionCake::TestHelpers, type: :controller
57
+ config.before(:each, type: :controller) do
58
+ set_request_version('', 1)
59
+ end
60
+
61
+ config.order = :random
62
+ Kernel.srand config.seed
63
+ end