spree_backend 3.2.9 → 3.3.0.rc1

data/spec/controllers/spree/admin/orders_controller_spec.rb

@@ -0,0 +1,296 @@
+require 'spec_helper'
+require 'cancan'
+require 'spree/testing_support/bar_ability'
+
+# Ability to test access to specific model instances
+class OrderSpecificAbility
+  include CanCan::Ability
+
+  def initialize(user)
+    can [:admin, :manage], Spree::Order, number: 'R987654321'
+  end
+end
+
+describe Spree::Admin::OrdersController, type: :controller do
+
+  context "with authorization" do
+    stub_authorization!
+
+    before do
+      request.env["HTTP_REFERER"] = "http://localhost:3000"
+
+      # ensure no respond_overrides are in effect
+      if Spree::BaseController.spree_responders[:OrdersController].present?
+        Spree::BaseController.spree_responders[:OrdersController].clear
+      end
+    end
+
+    let(:order) do
+      mock_model(
+        Spree::Order,
+        completed?:      true,
+        total:           100,
+        number:          'R123456789',
+        all_adjustments: adjustments,
+        billing_address: mock_model(Spree::Address)
+      )
+    end
+
+    let(:adjustments) { double('adjustments') }
+
+    before do
+      allow(Spree::Order).to receive_message_chain(:includes, find_by!: order)
+    end
+
+    context "#approve" do
+      it "approves an order" do
+        expect(order).to receive(:approved_by).with(controller.try_spree_current_user)
+        spree_put :approve, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_approved)
+      end
+    end
+
+    context "#cancel" do
+      it "cancels an order" do
+        expect(order).to receive(:canceled_by).with(controller.try_spree_current_user)
+        spree_put :cancel, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_canceled)
+      end
+    end
+
+    context "#resume" do
+      it "resumes an order" do
+        expect(order).to receive(:resume!)
+        spree_put :resume, id: order.number
+        expect(flash[:success]).to eq Spree.t(:order_resumed)
+      end
+    end
+
+    context "pagination" do
+      it "can page through the orders" do
+        spree_get :index, page: 2, per_page: 10
+        expect(assigns[:orders].offset_value).to eq(10)
+        expect(assigns[:orders].limit_value).to eq(10)
+      end
+    end
+
+    # Test for #3346
+    context "#new" do
+      it "a new order has the current user assigned as a creator" do
+        spree_get :new
+        expect(assigns[:order].created_by).to eq(controller.try_spree_current_user)
+      end
+    end
+
+    # Regression test for #3684
+    describe "#edit" do
+      let(:display_value) { Spree::ShippingMethod::DISPLAY_ON_BACK_END }
+
+      before do
+        allow(controller).to receive(:can_not_transition_without_customer_info)
+        allow(order).to receive(:refresh_shipment_rates).with(display_value).and_return(true)
+      end
+
+      after do
+        spree_get :edit, id: order.number
+      end
+
+      it { expect(controller).to receive(:can_not_transition_without_customer_info) }
+      it { expect(order).to receive(:refresh_shipment_rates).with(display_value).and_return(true) }
+    end
+
+    # Test for #3919
+    context "search" do
+      let(:user) { create(:user) }
+
+      before do
+        allow(controller).to receive_messages spree_current_user: user
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'admin')
+
+        create(:completed_order_with_totals)
+        expect(Spree::Order.count).to eq 1
+      end
+
+      def send_request
+        spree_get :index, q: {
+          line_items_variant_id_in: Spree::Order.first.variants.map(&:id)
+        }
+      end
+
+      it 'does not display duplicate results' do
+        send_request
+        expect(assigns[:orders].map { |o| o.number }.count).to eq 1
+      end
+
+      it 'preloads users' do
+        expect(Spree::Order).to receive(:preload).with(:user).and_return(Spree::Order.all)
+        send_request
+      end
+    end
+
+    context "#open_adjustments" do
+      let(:closed) { double('closed_adjustments') }
+
+      before do
+        allow(adjustments).to receive(:closed).and_return(closed)
+        allow(closed).to receive(:update_all)
+      end
+
+      it "changes all the closed adjustments to open" do
+        expect(adjustments).to receive(:closed).and_return(closed)
+        expect(closed).to receive(:update_all).with(state: 'open')
+        spree_post :open_adjustments, id: order.number
+      end
+
+      it "sets the flash success message" do
+        spree_post :open_adjustments, id: order.number
+        expect(flash[:success]).to eql('All adjustments successfully opened!')
+      end
+
+      context 'when referer' do
+        before(:each) do
+          request.env['HTTP_REFERER'] = root_url
+        end
+
+        it "redirects back" do
+          spree_post :open_adjustments, id: order.number
+          expect(response).to redirect_to(root_url)
+        end
+      end
+
+      context 'when no referer' do
+        before(:each) do
+          request.env['HTTP_REFERER'] = nil
+        end
+
+        it 'refirects to fallback location' do
+          spree_post :open_adjustments, id: order.number
+          expect(response).to redirect_to(admin_order_adjustments_url(order))
+        end
+      end
+    end
+
+    context "#close_adjustments" do
+      let(:open) { double('open_adjustments') }
+
+      before do
+        allow(adjustments).to receive(:open).and_return(open)
+        allow(open).to receive(:update_all)
+      end
+
+      it "changes all the open adjustments to closed" do
+        expect(adjustments).to receive(:open).and_return(open)
+        expect(open).to receive(:update_all).with(state: 'closed')
+        spree_post :close_adjustments, id: order.number
+      end
+
+      it "sets the flash success message" do
+        spree_post :close_adjustments, id: order.number
+        expect(flash[:success]).to eql('All adjustments successfully closed!')
+      end
+
+      context 'when referer' do
+        before(:each) do
+          request.env['HTTP_REFERER'] = root_url
+        end
+
+        it "redirects back" do
+          spree_post :close_adjustments, id: order.number
+          expect(response).to redirect_to(root_url)
+        end
+      end
+
+      context 'when no referer' do
+        before(:each) do
+          request.env['HTTP_REFERER'] = nil
+        end
+
+        it 'refirects to fallback location' do
+          spree_post :close_adjustments, id: order.number
+          expect(response).to redirect_to(admin_order_adjustments_url(order))
+        end
+      end
+    end
+  end
+
+  context '#authorize_admin' do
+    let(:user) { create(:user) }
+    let(:order) { create(:completed_order_with_totals, number: 'R987654321') }
+
+    def with_ability(ability)
+      Spree::Ability.register_ability(ability)
+      yield
+    ensure
+      Spree::Ability.remove_ability(ability)
+    end
+
+    before do
+      allow(Spree::Order).to receive_messages find: order
+      allow(controller).to receive_messages spree_current_user: user
+    end
+
+    it 'should grant access to users with an admin role' do
+      user.spree_roles << Spree::Role.find_or_create_by(name: 'admin')
+      spree_post :index
+      expect(response).to render_template :index
+    end
+
+    it 'should grant access to users with an bar role' do
+      with_ability(BarAbility) do
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'bar')
+        spree_post :index
+        expect(response).to render_template :index
+      end
+    end
+
+    it 'should deny access to users with an bar role' do
+      with_ability(BarAbility) do
+        allow(order).to receive(:update_attributes).and_return true
+        allow(order).to receive(:user).and_return Spree.user_class.new
+        allow(order).to receive(:token).and_return nil
+        user.spree_roles.clear
+        user.spree_roles << Spree::Role.find_or_create_by(name: 'bar')
+        spree_put :update, id: order.number
+        expect(response).to redirect_to(spree.forbidden_path)
+      end
+    end
+
+    it 'should deny access to users without an admin role' do
+      allow(user).to receive_messages has_spree_role?: false
+      spree_post :index
+      expect(response).to redirect_to(spree.forbidden_path)
+    end
+
+    it 'should deny access to not signed in users' do
+      allow(controller).to receive_messages spree_current_user: nil
+      spree_get :index
+      expect(response).to redirect_to(spree.root_path)
+    end
+
+    it 'should restrict returned order(s) on index when using OrderSpecificAbility' do
+      number = order.number
+
+      3.times { create(:completed_order_with_totals) }
+      expect(Spree::Order.complete.count).to eq 4
+
+      with_ability(OrderSpecificAbility) do
+        allow(user).to receive_messages has_spree_role?: false
+        spree_get :index
+        expect(response).to render_template :index
+        expect(assigns['orders'].distinct(false).size).to eq 1
+        expect(assigns['orders'].first.number).to eq number
+        expect(Spree::Order.accessible_by(Spree::Ability.new(user), :index).pluck(:number)).to eq [number]
+      end
+    end
+  end
+
+  context "order number not given" do
+    stub_authorization!
+
+    it "raise active record not found" do
+      expect {
+        spree_get :edit, id: 99999999
+      }.to raise_error ActiveRecord::RecordNotFound
+    end
+  end
+end

data/spec/controllers/spree/admin/payment_methods_controller_spec.rb

@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+module Spree
+  class GatewayWithPassword < PaymentMethod
+    preference :password, :string, default: "password"
+  end
+
+  describe Admin::PaymentMethodsController, type: :controller do
+    stub_authorization!
+
+    let(:payment_method) { GatewayWithPassword.create!(name: "Bogus", preferred_password: "haxme") }
+
+    # regression test for #2094
+    it "does not clear password on update" do
+      expect(payment_method.preferred_password).to eq("haxme")
+      spree_put :update, id: payment_method.id, payment_method: { type: payment_method.class.to_s, preferred_password: "" }
+      expect(response).to redirect_to(spree.edit_admin_payment_method_path(payment_method))
+
+      payment_method.reload
+      expect(payment_method.preferred_password).to eq("haxme")
+    end
+
+    it 'saves payment method preferences on update' do
+      spree_put :update,
+                id: payment_method.id,
+                payment_method: {
+                  type: payment_method.class.to_s,
+                  name: 'Bogus'
+                },
+                gateway_with_password: {
+                  preferred_password: "abc"
+                }
+
+      payment_method.reload
+      expect(payment_method.preferred_password).to eq("abc")
+    end
+
+    context "tries to save invalid payment" do
+      it "doesn't break, responds nicely" do
+        expect {
+          spree_post :create, payment_method: { name: "", type: "Spree::Gateway::Bogus" }
+        }.not_to raise_error
+      end
+    end
+
+    it "can create a payment method of a valid type" do
+      expect {
+        spree_post :create, payment_method: { name: "Test Method", type: "Spree::Gateway::Bogus" }
+      }.to change(Spree::PaymentMethod, :count).by(1)
+
+      expect(response).to be_redirect
+      expect(response).to redirect_to spree.edit_admin_payment_method_path(assigns(:payment_method))
+    end
+
+    it "can not create a payment method of an invalid type" do
+      expect {
+        spree_post :create, payment_method: { name: "Invalid Payment Method", type: "Spree::InvalidType" }
+      }.to change(Spree::PaymentMethod, :count).by(0)
+
+      expect(response).to be_redirect
+      expect(response).to redirect_to spree.new_admin_payment_method_path
+    end
+  end
+end

data/spec/controllers/spree/admin/payments_controller_spec.rb

@@ -0,0 +1,97 @@
+require 'spec_helper'
+
+module Spree
+  module Admin
+    describe PaymentsController, type: :controller do
+      stub_authorization!
+
+      let(:order) { create(:order) }
+
+      context "with a valid credit card" do
+        let(:order) { create(:order_with_line_items, state: "payment") }
+        let(:payment_method) { create(:credit_card_payment_method, display_on: "back_end") }
+
+        before do
+          attributes = {
+            order_id: order.number,
+            card: "new",
+            payment: {
+              amount: order.total,
+              payment_method_id: payment_method.id.to_s,
+              source_attributes: {
+                name: "Test User",
+                number: "4111 1111 1111 1111",
+                expiry: "09 / #{Time.current.year + 1}",
+                verification_value: "123"
+              }
+            }
+          }
+          spree_post :create, attributes
+        end
+
+        it "should process payment correctly" do
+          expect(order.payments.count).to eq(1)
+          expect(response).to redirect_to(spree.admin_order_payments_path(order))
+          expect(order.reload.state).to eq('complete')
+        end
+
+        # Regression for #4768
+        it "doesnt process the same payment twice" do
+          expect(Spree::LogEntry.where(source: order.payments.first).count).to eq(1)
+        end
+      end
+
+      # Regression test for #3233
+      context "with a backend payment method" do
+        before do
+          @payment_method = create(:check_payment_method, display_on: "back_end")
+        end
+
+        it "loads backend payment methods" do
+          spree_get :new, order_id: order.number
+          expect(response.status).to eq(200)
+          expect(assigns[:payment_methods]).to include(@payment_method)
+        end
+      end
+
+      context "order has billing address" do
+        before do
+          order.bill_address = create(:address)
+          order.save!
+        end
+
+        context "order does not have payments" do
+          it "redirect to new payments page" do
+            spree_get :index, { amount: 100, order_id: order.number }
+            expect(response).to redirect_to(spree.new_admin_order_payment_path(order))
+          end
+        end
+
+        context "order has payments" do
+          before do
+            order.payments << create(:payment, amount: order.total, order: order, state: 'completed')
+          end
+
+          it "shows the payments page" do
+            spree_get :index, { amount: 100, order_id: order.number }
+            expect(response.code).to eq "200"
+          end
+        end
+
+      end
+
+      context "order does not have a billing address" do
+        before do
+          order.bill_address = nil
+          order.save
+        end
+
+        it "should redirect to the customer details page" do
+          spree_get :index, { amount: 100, order_id: order.number }
+          expect(response).to redirect_to(spree.edit_admin_order_customer_path(order))
+        end
+      end
+
+    end
+  end
+end

data/spec/controllers/spree/admin/products_controller_spec.rb

@@ -0,0 +1,137 @@
+require 'spec_helper'
+
+describe Spree::Admin::ProductsController, type: :controller do
+  stub_authorization!
+
+  context "#index" do
+    let(:ability_user) { stub_model(Spree::LegacyUser, has_spree_role?: true) }
+
+    # Regression test for #1259
+    it "can find a product by SKU" do
+      product = create(:product, sku: "ABC123")
+      spree_get :index, q: { sku_start: "ABC123" }
+      expect(assigns[:collection]).not_to be_empty
+      expect(assigns[:collection]).to include(product)
+    end
+  end
+
+  # regression test for #1370
+  context "adding properties to a product" do
+    let!(:product) { create(:product) }
+    specify do
+      spree_put :update, id: product.to_param, product: { product_properties_attributes: { "1" => { property_name: "Foo", value: "bar" } } }
+      expect(flash[:success]).to eq("Product #{product.name.inspect} has been successfully updated!")
+    end
+
+  end
+
+  # regression test for #801
+  describe '#destroy' do
+    let(:product) { mock_model(Spree::Product) }
+    let(:products) { double(ActiveRecord::Relation) }
+
+    def send_request
+      spree_delete :destroy, id: product, format: :js
+    end
+
+    context 'will successfully destroy product' do
+      before do
+        allow(Spree::Product).to receive(:friendly).and_return(products)
+        allow(products).to receive(:find).with(product.id.to_s).and_return(product)
+        allow(product).to receive(:destroy).and_return(true)
+      end
+
+      describe 'expects to receive' do
+        it { expect(Spree::Product).to receive(:friendly).and_return(products) }
+        it { expect(products).to receive(:find).with(product.id.to_s).and_return(product) }
+        it { expect(product).to receive(:destroy).and_return(true) }
+
+        after { send_request }
+      end
+
+      describe 'assigns' do
+        before { send_request }
+        it { expect(assigns(:product)).to eq(product) }
+      end
+
+      describe 'response' do
+        before { send_request }
+        it { expect(response).to have_http_status(:ok) }
+        it { expect(flash[:success]).to eq(Spree.t('notice_messages.product_deleted')) }
+      end
+    end
+
+    context 'will not successfully destroy product' do
+      before do
+        allow(Spree::Product).to receive(:friendly).and_return(products)
+        allow(products).to receive(:find).with(product.id.to_s).and_return(product)
+        allow(product).to receive(:destroy).and_return(false)
+      end
+
+      describe 'expects to receive' do
+        it { expect(Spree::Product).to receive(:friendly).and_return(products) }
+        it { expect(products).to receive(:find).with(product.id.to_s).and_return(product) }
+        it { expect(product).to receive(:destroy).and_return(false) }
+
+        after { send_request }
+      end
+
+      describe 'assigns' do
+        before { send_request }
+        it { expect(assigns(:product)).to eq(product) }
+      end
+
+      describe 'response' do
+        before { send_request }
+        it { expect(response).to have_http_status(:ok) }
+        it { expect(flash[:error]).to eq(Spree.t('notice_messages.product_not_deleted')) }
+      end
+    end
+  end
+
+  describe '#clone' do
+    let(:product) { create(:custom_product, name: 'MyProduct', sku: 'MySku') }
+    let(:product2) { create(:custom_product, name: 'COPY OF MyProduct', sku: 'COPY OF MySku') }
+    let(:variant) do
+      create(:master_variant, name: 'COPY OF MyProduct', sku: 'COPY OF MySku', created_at: product.created_at - 1.day)
+    end
+
+    def send_request
+      spree_post :clone, id: product, format: :js
+    end
+
+    context 'will successfully clone product' do
+      before do
+        allow(product).to receive(:duplicate).and_return(product2)
+      end
+
+      describe 'response' do
+        before { send_request }
+        it { expect(response).to have_http_status(:found) }
+        it { expect(response).to be_redirect }
+        it { expect(flash[:success]).to eq(Spree.t('notice_messages.product_cloned')) }
+      end
+    end
+
+    context 'will not successfully clone product' do
+      before do
+        variant
+      end
+
+      describe 'response' do
+        before { send_request }
+        it { expect(response).to have_http_status(:found) }
+        it { expect(response).to be_redirect }
+        it { expect(flash[:error]).to eq(Spree.t('notice_messages.product_not_cloned')) }
+      end
+    end
+  end
+
+  context "stock" do
+    let(:product) { create(:product) }
+    it "restricts stock location based on accessible attributes" do
+      expect(Spree::StockLocation).to receive(:accessible_by).and_return([])
+      spree_get :stock, id: product
+    end
+  end
+end

data/spec/controllers/spree/admin/promotion_actions_controller_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+describe Spree::Admin::PromotionActionsController, type: :controller do
+  stub_authorization!
+
+  let!(:promotion) { create(:promotion) }
+
+  it "can create a promotion action of a valid type" do
+    spree_post :create, promotion_id: promotion.id, action_type: "Spree::Promotion::Actions::CreateAdjustment"
+    expect(response).to be_redirect
+    expect(response).to redirect_to spree.edit_admin_promotion_path(promotion)
+    expect(promotion.actions.count).to eq(1)
+  end
+
+  it "can not create a promotion action of an invalid type" do
+    spree_post :create, promotion_id: promotion.id, action_type: "Spree::InvalidType"
+    expect(response).to be_redirect
+    expect(response).to redirect_to spree.edit_admin_promotion_path(promotion)
+    expect(promotion.rules.count).to eq(0)
+  end
+end

data/spec/controllers/spree/admin/promotion_rules_controller_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+describe Spree::Admin::PromotionRulesController, type: :controller do
+  stub_authorization!
+
+  let!(:promotion) { create(:promotion) }
+
+  it "can create a promotion rule of a valid type" do
+    spree_post :create, promotion_id: promotion.id, promotion_rule: { type: "Spree::Promotion::Rules::Product" }
+    expect(response).to be_redirect
+    expect(response).to redirect_to spree.edit_admin_promotion_path(promotion)
+    expect(promotion.rules.count).to eq(1)
+  end
+
+  it "can not create a promotion rule of an invalid type" do
+    spree_post :create, promotion_id: promotion.id, promotion_rule: { type: "Spree::InvalidType" }
+    expect(response).to be_redirect
+    expect(response).to redirect_to spree.edit_admin_promotion_path(promotion)
+    expect(promotion.rules.count).to eq(0)
+  end
+end

data/spec/controllers/spree/admin/promotions_controller_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+describe Spree::Admin::PromotionsController, type: :controller do
+  stub_authorization!
+
+  let!(:promotion1) { create(:promotion, name: "name1", code: "code1", path: "path1") }
+  let!(:promotion2) { create(:promotion, name: "name2", code: "code2", path: "path2") }
+  let!(:category) { create :promotion_category }
+
+  context "#index" do
+    it "succeeds" do
+      spree_get :index
+      expect(assigns[:promotions]).to match_array [promotion2, promotion1]
+    end
+
+    it "assigns promotion categories" do
+      spree_get :index
+      expect(assigns[:promotion_categories]).to match_array [category]
+    end
+
+    context "search" do
+      it "pages results" do
+        spree_get :index, per_page: '1'
+        expect(assigns[:promotions]).to eq [promotion2]
+      end
+
+      it "filters by name" do
+        spree_get :index, q: {name_cont: promotion1.name}
+        expect(assigns[:promotions]).to eq [promotion1]
+      end
+
+      it "filters by code" do
+        spree_get :index, q: {code_cont: promotion1.code}
+        expect(assigns[:promotions]).to eq [promotion1]
+      end
+
+      it "filters by path" do
+        spree_get :index, q: {path_cont: promotion1.path}
+        expect(assigns[:promotions]).to eq [promotion1]
+      end
+    end
+  end
+
+end