RubyGems - spree_backend - Versions diffs - 3.0.5 → 3.0.6 - Mend

spree_backend 3.0.5 → 3.0.6

Files changed (98) hide show

data/spec/controllers/spree/admin/missing_products_controller_spec.rb ADDED

@@ -0,0 +1,18 @@
+require 'spec_helper'
+# This test exists in this file because in the standard admin/products_controller spec
+# There is the stub_authorization call. This call is not triggered for this test because
+# the load_resource filter in Spree::Admin::ResourceController is prepended to the filter chain
+# this means this call is triggered before the authorize_admin call and in this case
+# the load_resource filter halts the request meaning authorize_admin is not called at all.
+describe Spree::Admin::ProductsController, :type => :controller do
+  stub_authorization!
+  # Regression test for GH #538
+  it "cannot find a non-existent product" do
+    spree_get :edit, :id => "non-existent-product"
+    expect(response).to redirect_to(spree.admin_products_path)
+    expect(flash[:error]).to eql("Product is not found")
+  end
+end

data/spec/controllers/spree/admin/orders/customer_details_controller_spec.rb ADDED

@@ -0,0 +1,42 @@
+require "spec_helper"
+require "cancan"
+require "spree/testing_support/bar_ability"
+describe Spree::Admin::Orders::CustomerDetailsController, type: :controller do
+  context "with authorization" do
+    stub_authorization!
+    let(:order) do
+      mock_model(
+        Spree::Order,
+        total:           100,
+        number:          "R123456789",
+        billing_address: mock_model(Spree::Address)
+      )
+    end
+    before do
+      allow(Spree::Order).to receive_message_chain(:friendly, :find).and_return(order)
+    end
+    context "#update" do
+      it "does refresh the shipment rates with all shipping methods" do
+        allow(order).to receive_messages(update_attributes: true)
+        allow(order).to receive_messages(next: false)
+        expect(order).to receive(:refresh_shipment_rates)
+          .with(Spree::ShippingMethod::DISPLAY_ON_FRONT_AND_BACK_END)
+        attributes = {
+          order_id: order.number,
+          order: {
+            email: "",
+            use_billing: "",
+            bill_address_attributes: {},
+            ship_address_attributes: {}
+          }
+        }
+        spree_put :update, attributes
+      end
+    end
+  end
+end

data/spec/controllers/spree/admin/orders_controller_spec.rb ADDED

@@ -0,0 +1,247 @@
+require 'spec_helper'
+require 'cancan'
+require 'spree/testing_support/bar_ability'
+# Ability to test access to specific model instances
+class OrderSpecificAbility
+  include CanCan::Ability
+  def initialize(user)
+    can [:admin, :manage], Spree::Order, number: 'R987654321'
+  end
+end
+describe Spree::Admin::OrdersController, type: :controller do
+  context "with authorization" do
+    stub_authorization!
+    before do
+      request.env["HTTP_REFERER"] = "http://localhost:3000"
+      # ensure no respond_overrides are in effect
+      if Spree::BaseController.spree_responders[:OrdersController].present?
+        Spree::BaseController.spree_responders[:OrdersController].clear
+      end
+    end
+    let(:order) do
+      mock_model(
+        Spree::Order,
+        completed?:      true,
+        total:           100,
+        number:          'R123456789',
+        all_adjustments: adjustments,
+        billing_address: mock_model(Spree::Address)
+      )
+    end
+    let(:adjustments) { double('adjustments') }
+    before do
+      allow(Spree::Order).to receive_message_chain(:friendly, :find).and_return(order)
+    end
+    context "#approve" do
+      it "approves an order" do
+        expect(order).to receive(:approved_by).with(controller.try_spree_current_user)
+        spree_put :approve, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_approved)
+      end
+    end
+    context "#cancel" do
+      it "cancels an order" do
+        expect(order).to receive(:canceled_by).with(controller.try_spree_current_user)
+        spree_put :cancel, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_canceled)
+      end
+    end
+    context "#resume" do
+      it "resumes an order" do
+        expect(order).to receive(:resume!)
+        spree_put :resume, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_resumed)
+      end
+    end
+    context "pagination" do
+      it "can page through the orders" do
+        spree_get :index, page: 2, per_page: 10
+        expect(assigns[:orders].offset_value).to eq(10)
+        expect(assigns[:orders].limit_value).to eq(10)
+      end
+    end
+    # Test for #3346
+    context "#new" do
+      it "a new order has the current user assigned as a creator" do
+        spree_get :new
+        expect(assigns[:order].created_by).to eq(controller.try_spree_current_user)
+      end
+    end
+    # Regression test for #3684
+    context "#edit" do
+      it "does not refresh rates if the order is completed" do
+        allow(order).to receive_messages completed?: true
+        expect(order).not_to receive :refresh_shipment_rates
+        spree_get :edit, id: order.number
+      end
+      it "does refresh the rates if the order is incomplete" do
+        allow(order).to receive_messages completed?: false
+        expect(order).to receive :refresh_shipment_rates
+        spree_get :edit, id: order.number
+      end
+    end
+    # Test for #3919
+    context "search" do
+      let(:user) { create(:user) }
+      before do
+        allow(controller).to receive_messages spree_current_user: user
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'admin')
+        create(:completed_order_with_totals)
+        expect(Spree::Order.count).to eq 1
+      end
+      it "does not display duplicated results" do
+        spree_get :index, q: {
+          line_items_variant_id_in: Spree::Order.first.variants.map(&:id)
+        }
+        expect(assigns[:orders].map { |o| o.number }.count).to eq 1
+      end
+    end
+    context "#open_adjustments" do
+      let(:closed) { double('closed_adjustments') }
+      before do
+        allow(adjustments).to receive(:where).and_return(closed)
+        allow(closed).to receive(:update_all)
+      end
+      it "changes all the closed adjustments to open" do
+        expect(adjustments).to receive(:where).with(state: 'closed')
+          .and_return(closed)
+        expect(closed).to receive(:update_all).with(state: 'open')
+        spree_post :open_adjustments, id: order.number
+      end
+      it "sets the flash success message" do
+        spree_post :open_adjustments, id: order.number
+        expect(flash[:success]).to eql('All adjustments successfully opened!')
+      end
+      it "redirects back" do
+        spree_post :open_adjustments, id: order.number
+        expect(response).to redirect_to(:back)
+      end
+    end
+    context "#close_adjustments" do
+      let(:open) { double('open_adjustments') }
+      before do
+        allow(adjustments).to receive(:where).and_return(open)
+        allow(open).to receive(:update_all)
+      end
+      it "changes all the open adjustments to closed" do
+        expect(adjustments).to receive(:where).with(state: 'open')
+          .and_return(open)
+        expect(open).to receive(:update_all).with(state: 'closed')
+        spree_post :close_adjustments, id: order.number
+      end
+      it "sets the flash success message" do
+        spree_post :close_adjustments, id: order.number
+        expect(flash[:success]).to eql('All adjustments successfully closed!')
+      end
+      it "redirects back" do
+        spree_post :close_adjustments, id: order.number
+        expect(response).to redirect_to(:back)
+      end
+    end
+  end
+  context '#authorize_admin' do
+    let(:user) { create(:user) }
+    let(:order) { create(:completed_order_with_totals, number: 'R987654321') }
+    def with_ability(ability)
+      Spree::Ability.register_ability(ability)
+      yield
+    ensure
+      Spree::Ability.remove_ability(ability)
+    end
+    before do
+      allow(Spree::Order).to receive_messages find: order
+      allow(controller).to receive_messages spree_current_user: user
+    end
+    it 'should grant access to users with an admin role' do
+      user.spree_roles << Spree::Role.find_or_create_by(name: 'admin')
+      spree_post :index
+      expect(response).to render_template :index
+    end
+    it 'should grant access to users with an bar role' do
+      with_ability(BarAbility) do
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'bar')
+        spree_post :index
+        expect(response).to render_template :index
+      end
+    end
+    it 'should deny access to users with an bar role' do
+      with_ability(BarAbility) do
+        allow(order).to receive(:update_attributes).and_return true
+        allow(order).to receive(:user).and_return Spree.user_class.new
+        allow(order).to receive(:token).and_return nil
+        user.spree_roles.clear
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'bar')
+        spree_put :update, id: order.number
+        expect(response).to redirect_to('/unauthorized')
+      end
+    end
+    it 'should deny access to users without an admin role' do
+      allow(user).to receive_messages has_spree_role?: false
+      spree_post :index
+      expect(response).to redirect_to('/unauthorized')
+    end
+    it 'should restrict returned order(s) on index when using OrderSpecificAbility' do
+      number = order.number
+      3.times { create(:completed_order_with_totals) }
+      expect(Spree::Order.complete.count).to eq 4
+      with_ability(OrderSpecificAbility) do
+        allow(user).to receive_messages has_spree_role?: false
+        spree_get :index
+        expect(response).to render_template :index
+        expect(assigns['orders'].size).to eq 1
+        expect(assigns['orders'].first.number).to eq number
+        expect(Spree::Order.accessible_by(Spree::Ability.new(user), :index).pluck(:number)).to eq  [number]
+      end
+    end
+  end
+  context "order number not given" do
+    stub_authorization!
+    it "raise active record not found" do
+      expect {
+        spree_get :edit, id: 99999999
+      }.to raise_error ActiveRecord::RecordNotFound
+    end
+  end
+end

data/spec/controllers/spree/admin/payment_methods_controller_spec.rb ADDED

@@ -0,0 +1,49 @@
+require 'spec_helper'
+module Spree
+  class GatewayWithPassword < PaymentMethod
+    preference :password, :string, :default => "password"
+  end
+  describe Admin::PaymentMethodsController, :type => :controller do
+    stub_authorization!
+    let(:payment_method) { GatewayWithPassword.create!(:name => "Bogus", :preferred_password => "haxme") }
+    # regression test for #2094
+    it "does not clear password on update" do
+      expect(payment_method.preferred_password).to eq("haxme")
+      spree_put :update, :id => payment_method.id, :payment_method => { :type => payment_method.class.to_s, :preferred_password => "" }
+      expect(response).to redirect_to(spree.edit_admin_payment_method_path(payment_method))
+      payment_method.reload
+      expect(payment_method.preferred_password).to eq("haxme")
+    end
+    context "tries to save invalid payment" do
+      it "doesn't break, responds nicely" do
+        expect {
+          spree_post :create, :payment_method => { :name => "", :type => "Spree::Gateway::Bogus" }
+        }.not_to raise_error
+      end
+    end
+    it "can create a payment method of a valid type" do
+      expect {
+        spree_post :create, :payment_method => { :name => "Test Method", :type => "Spree::Gateway::Bogus" }
+      }.to change(Spree::PaymentMethod, :count).by(1)
+      expect(response).to be_redirect
+      expect(response).to redirect_to spree.edit_admin_payment_method_path(assigns(:payment_method))
+    end
+    it "can not create a payment method of an invalid type" do
+      expect {
+        spree_post :create, :payment_method => { :name => "Invalid Payment Method", :type => "Spree::InvalidType" }
+      }.to change(Spree::PaymentMethod, :count).by(0)
+      expect(response).to be_redirect
+      expect(response).to redirect_to spree.new_admin_payment_method_path
+    end
+  end
+end

data/spec/controllers/spree/admin/payments_controller_spec.rb ADDED

@@ -0,0 +1,97 @@
+require 'spec_helper'
+module Spree
+  module Admin
+    describe PaymentsController, :type => :controller do
+      stub_authorization!
+      let(:order) { create(:order) }
+      context "with a valid credit card" do
+        let(:order) { create(:order_with_line_items, :state => "payment") }
+        let(:payment_method) { create(:credit_card_payment_method, :display_on => "back_end") }
+        before do
+          attributes = {
+            :order_id => order.number,
+            :card => "new",
+            :payment => {
+              :amount => order.total,
+              :payment_method_id => payment_method.id.to_s,
+              :source_attributes => {
+                :name => "Test User",
+                :number => "4111 1111 1111 1111",
+                :expiry => "09 / #{Time.now.year + 1}",
+                :verification_value => "123"
+              }
+            }
+          }
+          spree_post :create, attributes
+        end
+        it "should process payment correctly" do
+          expect(order.payments.count).to eq(1)
+          expect(response).to redirect_to(spree.admin_order_payments_path(order))
+          expect(order.reload.state).to eq('complete')
+        end
+        # Regression for #4768
+        it "doesnt process the same payment twice" do
+          expect(Spree::LogEntry.where(source: order.payments.first).count).to eq(1)
+        end
+      end
+      # Regression test for #3233
+      context "with a backend payment method" do
+        before do
+          @payment_method = create(:check_payment_method, :display_on => "back_end")
+        end
+        it "loads backend payment methods" do
+          spree_get :new, :order_id => order.number
+          expect(response.status).to eq(200)
+          expect(assigns[:payment_methods]).to include(@payment_method)
+        end
+      end
+      context "order has billing address" do
+        before do
+          order.bill_address = create(:address)
+          order.save!
+        end
+        context "order does not have payments" do
+          it "redirect to new payments page" do
+            spree_get :index, { amount: 100, order_id: order.number }
+            expect(response).to redirect_to(spree.new_admin_order_payment_path(order))
+          end
+        end
+        context "order has payments" do
+          before do
+            order.payments << create(:payment, amount: order.total, order: order, state: 'completed')
+          end
+          it "shows the payments page" do
+            spree_get :index, { amount: 100, order_id: order.number }
+            expect(response.code).to eq "200"
+          end
+        end
+      end
+      context "order does not have a billing address" do
+        before do
+          order.bill_address = nil
+          order.save
+        end
+        it "should redirect to the customer details page" do
+          spree_get :index, { amount: 100, order_id: order.number }
+          expect(response).to redirect_to(spree.edit_admin_order_customer_path(order))
+        end
+      end
+    end
+  end
+end