RubyGems - spree_backend - Versions diffs - 3.0.5 → 3.0.6 - Mend

spree_backend 3.0.5 → 3.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

data/spec/controllers/spree/admin/missing_products_controller_spec.rb ADDED

@@ -0,0 +1,18 @@
+require 'spec_helper'
+# This test exists in this file because in the standard admin/products_controller spec
+# There is the stub_authorization call. This call is not triggered for this test because
+# the load_resource filter in Spree::Admin::ResourceController is prepended to the filter chain
+# this means this call is triggered before the authorize_admin call and in this case
+# the load_resource filter halts the request meaning authorize_admin is not called at all.
+describe Spree::Admin::ProductsController, :type => :controller do
+  stub_authorization!
+  # Regression test for GH #538
+  it "cannot find a non-existent product" do
+    spree_get :edit, :id => "non-existent-product"
+    expect(response).to redirect_to(spree.admin_products_path)
+    expect(flash[:error]).to eql("Product is not found")
+  end
+end

data/spec/controllers/spree/admin/orders/customer_details_controller_spec.rb ADDED

@@ -0,0 +1,42 @@
+require "spec_helper"
+require "cancan"
+require "spree/testing_support/bar_ability"
+describe Spree::Admin::Orders::CustomerDetailsController, type: :controller do
+  context "with authorization" do
+    stub_authorization!
+    let(:order) do
+      mock_model(
+        Spree::Order,
+        total:           100,
+        number:          "R123456789",
+        billing_address: mock_model(Spree::Address)
+      )
+    end
+    before do
+      allow(Spree::Order).to receive_message_chain(:friendly, :find).and_return(order)
+    end
+    context "#update" do
+      it "does refresh the shipment rates with all shipping methods" do
+        allow(order).to receive_messages(update_attributes: true)
+        allow(order).to receive_messages(next: false)
+        expect(order).to receive(:refresh_shipment_rates)
+          .with(Spree::ShippingMethod::DISPLAY_ON_FRONT_AND_BACK_END)
+        attributes = {
+          order_id: order.number,
+          order: {
+            email: "",
+            use_billing: "",
+            bill_address_attributes: {},
+            ship_address_attributes: {}
+          }
+        }
+        spree_put :update, attributes
+      end
+    end
+  end
+end

data/spec/controllers/spree/admin/orders_controller_spec.rb ADDED

@@ -0,0 +1,247 @@
+require 'spec_helper'
+require 'cancan'
+require 'spree/testing_support/bar_ability'
+# Ability to test access to specific model instances
+class OrderSpecificAbility
+  include CanCan::Ability
+  def initialize(user)
+    can [:admin, :manage], Spree::Order, number: 'R987654321'
+  end
+end
+describe Spree::Admin::OrdersController, type: :controller do
+  context "with authorization" do
+    stub_authorization!
+    before do
+      request.env["HTTP_REFERER"] = "http://localhost:3000"
+      # ensure no respond_overrides are in effect
+      if Spree::BaseController.spree_responders[:OrdersController].present?
+        Spree::BaseController.spree_responders[:OrdersController].clear
+      end
+    end
+    let(:order) do
+      mock_model(
+        Spree::Order,
+        completed?:      true,
+        total:           100,
+        number:          'R123456789',
+        all_adjustments: adjustments,
+        billing_address: mock_model(Spree::Address)
+      )
+    end
+    let(:adjustments) { double('adjustments') }
+    before do
+      allow(Spree::Order).to receive_message_chain(:friendly, :find).and_return(order)
+    end
+    context "#approve" do
+      it "approves an order" do
+        expect(order).to receive(:approved_by).with(controller.try_spree_current_user)
+        spree_put :approve, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_approved)
+      end
+    end
+    context "#cancel" do
+      it "cancels an order" do
+        expect(order).to receive(:canceled_by).with(controller.try_spree_current_user)
+        spree_put :cancel, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_canceled)
+      end
+    end
+    context "#resume" do
+      it "resumes an order" do
+        expect(order).to receive(:resume!)
+        spree_put :resume, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_resumed)
+      end
+    end
+    context "pagination" do
+      it "can page through the orders" do
+        spree_get :index, page: 2, per_page: 10
+        expect(assigns[:orders].offset_value).to eq(10)
+        expect(assigns[:orders].limit_value).to eq(10)
+      end
+    end
+    # Test for #3346
+    context "#new" do
+      it "a new order has the current user assigned as a creator" do
+        spree_get :new
+        expect(assigns[:order].created_by).to eq(controller.try_spree_current_user)
+      end
+    end
+    # Regression test for #3684
+    context "#edit" do
+      it "does not refresh rates if the order is completed" do
+        allow(order).to receive_messages completed?: true
+        expect(order).not_to receive :refresh_shipment_rates
+        spree_get :edit, id: order.number
+      end
+      it "does refresh the rates if the order is incomplete" do
+        allow(order).to receive_messages completed?: false
+        expect(order).to receive :refresh_shipment_rates
+        spree_get :edit, id: order.number
+      end
+    end
+    # Test for #3919
+    context "search" do
+      let(:user) { create(:user) }
+      before do
+        allow(controller).to receive_messages spree_current_user: user
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'admin')
+        create(:completed_order_with_totals)
+        expect(Spree::Order.count).to eq 1
+      end
+      it "does not display duplicated results" do
+        spree_get :index, q: {
+          line_items_variant_id_in: Spree::Order.first.variants.map(&:id)
+        }
+        expect(assigns[:orders].map { |o| o.number }.count).to eq 1
+      end
+    end
+    context "#open_adjustments" do
+      let(:closed) { double('closed_adjustments') }
+      before do
+        allow(adjustments).to receive(:where).and_return(closed)
+        allow(closed).to receive(:update_all)
+      end
+      it "changes all the closed adjustments to open" do
+        expect(adjustments).to receive(:where).with(state: 'closed')
+          .and_return(closed)
+        expect(closed).to receive(:update_all).with(state: 'open')
+        spree_post :open_adjustments, id: order.number
+      end
+      it "sets the flash success message" do
+        spree_post :open_adjustments, id: order.number
+        expect(flash[:success]).to eql('All adjustments successfully opened!')
+      end
+      it "redirects back" do
+        spree_post :open_adjustments, id: order.number
+        expect(response).to redirect_to(:back)
+      end
+    end
+    context "#close_adjustments" do
+      let(:open) { double('open_adjustments') }
+      before do
+        allow(adjustments).to receive(:where).and_return(open)
+        allow(open).to receive(:update_all)
+      end
+      it "changes all the open adjustments to closed" do
+        expect(adjustments).to receive(:where).with(state: 'open')
+          .and_return(open)
+        expect(open).to receive(:update_all).with(state: 'closed')
+        spree_post :close_adjustments, id: order.number
+      end
+      it "sets the flash success message" do
+        spree_post :close_adjustments, id: order.number
+        expect(flash[:success]).to eql('All adjustments successfully closed!')
+      end
+      it "redirects back" do
+        spree_post :close_adjustments, id: order.number
+        expect(response).to redirect_to(:back)
+      end
+    end
+  end
+  context '#authorize_admin' do
+    let(:user) { create(:user) }
+    let(:order) { create(:completed_order_with_totals, number: 'R987654321') }
+    def with_ability(ability)
+      Spree::Ability.register_ability(ability)
+      yield
+    ensure
+      Spree::Ability.remove_ability(ability)
+    end
+    before do
+      allow(Spree::Order).to receive_messages find: order
+      allow(controller).to receive_messages spree_current_user: user
+    end
+    it 'should grant access to users with an admin role' do
+      user.spree_roles << Spree::Role.find_or_create_by(name: 'admin')
+      spree_post :index
+      expect(response).to render_template :index
+    end
+    it 'should grant access to users with an bar role' do
+      with_ability(BarAbility) do
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'bar')
+        spree_post :index
+        expect(response).to render_template :index
+      end
+    end
+    it 'should deny access to users with an bar role' do
+      with_ability(BarAbility) do
+        allow(order).to receive(:update_attributes).and_return true
+        allow(order).to receive(:user).and_return Spree.user_class.new
+        allow(order).to receive(:token).and_return nil
+        user.spree_roles.clear
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'bar')
+        spree_put :update, id: order.number
+        expect(response).to redirect_to('/unauthorized')
+      end
+    end
+    it 'should deny access to users without an admin role' do
+      allow(user).to receive_messages has_spree_role?: false
+      spree_post :index
+      expect(response).to redirect_to('/unauthorized')
+    end
+    it 'should restrict returned order(s) on index when using OrderSpecificAbility' do
+      number = order.number
+      3.times { create(:completed_order_with_totals) }
+      expect(Spree::Order.complete.count).to eq 4
+      with_ability(OrderSpecificAbility) do
+        allow(user).to receive_messages has_spree_role?: false
+        spree_get :index
+        expect(response).to render_template :index
+        expect(assigns['orders'].size).to eq 1
+        expect(assigns['orders'].first.number).to eq number
+        expect(Spree::Order.accessible_by(Spree::Ability.new(user), :index).pluck(:number)).to eq  [number]
+      end
+    end
+  end
+  context "order number not given" do
+    stub_authorization!
+    it "raise active record not found" do
+      expect {
+        spree_get :edit, id: 99999999
+      }.to raise_error ActiveRecord::RecordNotFound
+    end
+  end
+end

data/spec/controllers/spree/admin/payment_methods_controller_spec.rb ADDED

@@ -0,0 +1,49 @@
+require 'spec_helper'
+module Spree
+  class GatewayWithPassword < PaymentMethod
+    preference :password, :string, :default => "password"
+  end
+  describe Admin::PaymentMethodsController, :type => :controller do
+    stub_authorization!
+    let(:payment_method) { GatewayWithPassword.create!(:name => "Bogus", :preferred_password => "haxme") }
+    # regression test for #2094
+    it "does not clear password on update" do
+      expect(payment_method.preferred_password).to eq("haxme")
+      spree_put :update, :id => payment_method.id, :payment_method => { :type => payment_method.class.to_s, :preferred_password => "" }
+      expect(response).to redirect_to(spree.edit_admin_payment_method_path(payment_method))
+      payment_method.reload
+      expect(payment_method.preferred_password).to eq("haxme")
+    end
+    context "tries to save invalid payment" do
+      it "doesn't break, responds nicely" do
+        expect {
+          spree_post :create, :payment_method => { :name => "", :type => "Spree::Gateway::Bogus" }
+        }.not_to raise_error
+      end
+    end
+    it "can create a payment method of a valid type" do
+      expect {
+        spree_post :create, :payment_method => { :name => "Test Method", :type => "Spree::Gateway::Bogus" }
+      }.to change(Spree::PaymentMethod, :count).by(1)
+      expect(response).to be_redirect
+      expect(response).to redirect_to spree.edit_admin_payment_method_path(assigns(:payment_method))
+    end
+    it "can not create a payment method of an invalid type" do
+      expect {
+        spree_post :create, :payment_method => { :name => "Invalid Payment Method", :type => "Spree::InvalidType" }
+      }.to change(Spree::PaymentMethod, :count).by(0)
+      expect(response).to be_redirect
+      expect(response).to redirect_to spree.new_admin_payment_method_path
+    end
+  end
+end

data/spec/controllers/spree/admin/payments_controller_spec.rb ADDED

@@ -0,0 +1,97 @@
+require 'spec_helper'
+module Spree
+  module Admin
+    describe PaymentsController, :type => :controller do
+      stub_authorization!
+      let(:order) { create(:order) }
+      context "with a valid credit card" do
+        let(:order) { create(:order_with_line_items, :state => "payment") }
+        let(:payment_method) { create(:credit_card_payment_method, :display_on => "back_end") }
+        before do
+          attributes = {
+            :order_id => order.number,
+            :card => "new",
+            :payment => {
+              :amount => order.total,
+              :payment_method_id => payment_method.id.to_s,
+              :source_attributes => {
+                :name => "Test User",
+                :number => "4111 1111 1111 1111",
+                :expiry => "09 / #{Time.now.year + 1}",
+                :verification_value => "123"
+              }
+            }
+          }
+          spree_post :create, attributes
+        end
+        it "should process payment correctly" do
+          expect(order.payments.count).to eq(1)
+          expect(response).to redirect_to(spree.admin_order_payments_path(order))
+          expect(order.reload.state).to eq('complete')
+        end
+        # Regression for #4768
+        it "doesnt process the same payment twice" do
+          expect(Spree::LogEntry.where(source: order.payments.first).count).to eq(1)
+        end
+      end
+      # Regression test for #3233
+      context "with a backend payment method" do
+        before do
+          @payment_method = create(:check_payment_method, :display_on => "back_end")
+        end
+        it "loads backend payment methods" do
+          spree_get :new, :order_id => order.number
+          expect(response.status).to eq(200)
+          expect(assigns[:payment_methods]).to include(@payment_method)
+        end
+      end
+      context "order has billing address" do
+        before do
+          order.bill_address = create(:address)
+          order.save!
+        end
+        context "order does not have payments" do
+          it "redirect to new payments page" do
+            spree_get :index, { amount: 100, order_id: order.number }
+            expect(response).to redirect_to(spree.new_admin_order_payment_path(order))
+          end
+        end
+        context "order has payments" do
+          before do
+            order.payments << create(:payment, amount: order.total, order: order, state: 'completed')
+          end
+          it "shows the payments page" do
+            spree_get :index, { amount: 100, order_id: order.number }
+            expect(response.code).to eq "200"
+          end
+        end
+      end
+      context "order does not have a billing address" do
+        before do
+          order.bill_address = nil
+          order.save
+        end
+        it "should redirect to the customer details page" do
+          spree_get :index, { amount: 100, order_id: order.number }
+          expect(response).to redirect_to(spree.edit_admin_order_customer_path(order))
+        end
+      end
+    end
+  end
+end