forked from spree/spree
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
7 changed files
with
168 additions
and
0 deletions.
There are no files selected for viewing
51 changes: 51 additions & 0 deletions
51
api/app/controllers/spree/api/v1/return_authorizations_controller.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| module Spree | ||
| module Api | ||
| module V1 | ||
| class ReturnAuthorizationsController < Spree::Api::V1::BaseController | ||
|
|
||
| def index | ||
| authorize! :read, order | ||
| @return_authorizations = order.return_authorizations | ||
| end | ||
|
|
||
| def show | ||
| authorize! :read, order | ||
| @return_authorization = order.return_authorizations.find(params[:id]) | ||
| end | ||
|
|
||
| def create | ||
| authorize! :read, order | ||
| @return_authorization = order.return_authorizations.build(params[:return_authorization], :as => :api) | ||
| if @return_authorization.save | ||
| render :show, :status => 201 | ||
| else | ||
| invalid_resource!(@return_authorization) | ||
| end | ||
| end | ||
|
|
||
| def update | ||
| authorize! :read, order | ||
| @return_authorization = order.return_authorizations.find(params[:id]) | ||
| if @return_authorization.update_attributes(params[:return_authorization]) | ||
| render :show | ||
| else | ||
| invalid_resource!(@return_authorization) | ||
| end | ||
| end | ||
|
|
||
| def destroy | ||
| authorize! :read, order | ||
| @return_authorization = order.return_authorizations.find(params[:id]) | ||
| @return_authorization.destroy | ||
| render :text => nil, :status => 204 | ||
| end | ||
|
|
||
| private | ||
|
|
||
| def order | ||
| @order ||= Order.find_by_number!(params[:order_id]) | ||
| end | ||
| end | ||
| end | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| collection @return_authorizations => :return_authorizations | ||
| attributes *return_authorization_attributes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| object false | ||
| node(:attributes) { [*return_authorization_attributes] } | ||
| node(:required_attributes) { required_fields_for(Spree::ReturnAuthorization) } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| object @return_authorization | ||
| attributes *return_authorization_attributes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -24,6 +24,7 @@ | |
| end | ||
|
|
||
| resources :orders do | ||
| resources :return_authorizations | ||
| collection do | ||
| get :search | ||
| end | ||
|
|
||
105 changes: 105 additions & 0 deletions
105
api/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,105 @@ | ||
| require 'spec_helper' | ||
|
|
||
| module Spree | ||
| describe Api::V1::ReturnAuthorizationsController do | ||
| render_views | ||
|
|
||
| let!(:order) do | ||
| order = create(:order) | ||
| order.line_items << create(:line_item) | ||
| order.shipments << create(:shipment, :state => 'shipped') | ||
| order.finalize! | ||
| order.shipments.each(&:ready!) | ||
| order.shipments.each(&:ship!) | ||
| order | ||
| end | ||
|
|
||
| let(:product) { create(:product) } | ||
| let(:attributes) { [:id, :reason, :amount, :state] } | ||
| let(:resource_scoping) { { :order_id => order.to_param } } | ||
|
|
||
| before do | ||
| stub_authentication! | ||
| end | ||
|
|
||
| it "can learn how to create a new return authorization" do | ||
| api_get :new | ||
| json_response["attributes"].should == ["id", "number", "state", "amount", "order_id", "reason", "created_at", "updated_at"] | ||
| required_attributes = json_response["required_attributes"] | ||
| required_attributes.should include("order") | ||
| end | ||
|
|
||
| context "as the order owner" do | ||
| before do | ||
| Order.any_instance.stub :user => current_api_user | ||
| end | ||
|
|
||
| it "can add a new return authorization to an existing order" do | ||
| api_post :create, :return_autorization => { :order_id => order.id, :amount => 14.22, :reason => "Defective" } | ||
| response.status.should == 201 | ||
| json_response.should have_attributes(attributes) | ||
| json_response["return_authorization"]["state"].should_not be_blank | ||
| end | ||
|
|
||
| it "can show return authorization" do | ||
| order.return_authorizations << create(:return_authorization) | ||
| return_authorization = order.return_authorizations.first | ||
| api_get :show, :order_id => order.id, :id => return_authorization.id | ||
| response.status.should == 200 | ||
| json_response.should have_attributes(attributes) | ||
| json_response["return_authorization"]["state"].should_not be_blank | ||
| end | ||
|
|
||
| it "can get a list of return authorization" do | ||
| order.return_authorizations << create(:return_authorization) | ||
| order.return_authorizations << create(:return_authorization) | ||
| return_authorizations = order.return_authorizations | ||
| api_get :index, { :order_id => order.id } | ||
| response.status.should == 200 | ||
| return_authorizations = json_response["return_authorizations"] | ||
| return_authorizations.first.should have_attributes(attributes) | ||
| return_authorizations.first.should_not == return_authorizations.last | ||
| end | ||
|
|
||
| it "can update a return authorization on the order" do | ||
| order.return_authorizations << create(:return_authorization) | ||
| return_authorization = order.return_authorizations.first | ||
| api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 } | ||
| response.status.should == 200 | ||
| json_response.should have_attributes(attributes) | ||
| end | ||
|
|
||
| it "can delete a return authorization on the order" do | ||
| order.return_authorizations << create(:return_authorization) | ||
| return_authorization = order.return_authorizations.first | ||
| api_delete :destroy, :id => return_authorization.id | ||
| response.status.should == 204 | ||
| lambda { return_authorization.reload }.should raise_error(ActiveRecord::RecordNotFound) | ||
| end | ||
| end | ||
|
|
||
| context "as just another user" do | ||
| it "cannot add a return authorization to the order" do | ||
| api_post :create, :return_autorization => { :order_id => order.id, :amount => 14.22, :reason => "Defective" } | ||
| assert_unauthorized! | ||
| end | ||
|
|
||
| it "cannot update a return authorization on the order" do | ||
| order.return_authorizations << create(:return_authorization) | ||
| return_authorization = order.return_authorizations.first | ||
| api_put :update, :id => return_authorization.id, :return_authorization => { :amount => 19.99 } | ||
| assert_unauthorized! | ||
| return_authorization.reload.amount.should_not == 19.99 | ||
| end | ||
|
|
||
| it "cannot delete a return authorization on the order" do | ||
| order.return_authorizations << create(:return_authorization) | ||
| return_authorization = order.return_authorizations.first | ||
| api_delete :destroy, :id => return_authorization.id | ||
| assert_unauthorized! | ||
| lambda { return_authorization.reload }.should_not raise_error(ActiveRecord::RecordNotFound) | ||
| end | ||
| end | ||
|
|
||
| end | ||
| end |