diff --git a/.rubocop_manual_todo.yml b/.rubocop_manual_todo.yml index 903227ac50..643b641081 100644 --- a/.rubocop_manual_todo.yml +++ b/.rubocop_manual_todo.yml @@ -110,18 +110,6 @@ Metrics/LineLength: - app/models/variant_override.rb - app/models/variant_override_set.rb - app/overrides/add_enterprise_fees_to_admin_configurations_menu.rb - - app/serializers/api/admin/basic_enterprise_serializer.rb - - app/serializers/api/admin/enterprise_fee_serializer.rb - - app/serializers/api/admin/enterprise_serializer.rb - - app/serializers/api/admin/exchange_serializer.rb - - app/serializers/api/admin/for_order_cycle/enterprise_serializer.rb - - app/serializers/api/admin/index_enterprise_serializer.rb - - app/serializers/api/admin/index_order_cycle_serializer.rb - - app/serializers/api/admin/line_item_serializer.rb - - app/serializers/api/admin/order_cycle_serializer.rb - - app/serializers/api/admin/subscription_serializer.rb - - app/serializers/api/admin/tag_rule_serializer.rb - - app/serializers/api/admin/variant_override_serializer.rb - app/services/cart_service.rb - app/services/default_stock_location.rb - app/services/embedded_page_service.rb diff --git a/app/controllers/api/orders_controller.rb b/app/controllers/api/orders_controller.rb index a03eb3b36b..9b7bf9b1d6 100644 --- a/app/controllers/api/orders_controller.rb +++ b/app/controllers/api/orders_controller.rb @@ -1,5 +1,10 @@ module Api class OrdersController < BaseController + def show + authorize! :read, order + render json: order, serializer: Api::OrderDetailedSerializer, current_order: order + end + def index authorize! :admin, Spree::Order @@ -19,5 +24,12 @@ module Api each_serializer: Api::Admin::OrderSerializer ) end + + def order + @order ||= Spree::Order. + where(number: params[:id]). + includes(line_items: { variant: [:product, :stock_items, :default_price] }). + first! + end end end diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb index 72f7986a38..f71c7c9d7e 100644 --- a/app/models/spree/ability_decorator.rb +++ b/app/models/spree/ability_decorator.rb @@ -207,12 +207,15 @@ class AbilityDecorator end def add_order_management_abilities(user) - # Enterprise User can only access orders that they are a distributor for can [:index, :create], Spree::Order can [:read, :update, :fire, :resend, :invoice, :print, :print_ticket], Spree::Order do |order| # We allow editing orders with a nil distributor as this state occurs # during the order creation process from the admin backend - order.distributor.nil? || user.enterprises.include?(order.distributor) || order.order_cycle.andand.coordinated_by?(user) + order.distributor.nil? || + # Enterprise User can access orders that they are a distributor for + user.enterprises.include?(order.distributor) || + # Enterprise User can access orders that are placed inside a OC they coordinate + order.order_cycle.andand.coordinated_by?(user) end can [:admin, :bulk_management, :managed], Spree::Order do user.admin? || user.enterprises.any?(&:is_distributor) diff --git a/app/serializers/api/address_serializer.rb b/app/serializers/api/address_serializer.rb index 73069822c4..4ef6d7d790 100644 --- a/app/serializers/api/address_serializer.rb +++ b/app/serializers/api/address_serializer.rb @@ -4,7 +4,11 @@ class Api::AddressSerializer < ActiveModel::Serializer attributes :id, :zipcode, :city, :state_name, :state_id, :phone, :firstname, :lastname, :address1, :address2, :city, :country_id, - :zipcode + :zipcode, :country_name + + def country_name + object.country.andand.name + end def state_name object.state.andand.abbr diff --git a/app/serializers/api/adjustment_serializer.rb b/app/serializers/api/adjustment_serializer.rb new file mode 100644 index 0000000000..254b173777 --- /dev/null +++ b/app/serializers/api/adjustment_serializer.rb @@ -0,0 +1,8 @@ +module Api + class AdjustmentSerializer < ActiveModel::Serializer + attributes :id, :amount, :label, :eligible, + :source_type, :source_id, + :adjustable_type, :adjustable_id, + :originator_type, :originator_id + end +end diff --git a/app/serializers/api/admin/basic_enterprise_serializer.rb b/app/serializers/api/admin/basic_enterprise_serializer.rb index 854b9b4019..880147e296 100644 --- a/app/serializers/api/admin/basic_enterprise_serializer.rb +++ b/app/serializers/api/admin/basic_enterprise_serializer.rb @@ -1,4 +1,4 @@ class Api::Admin::BasicEnterpriseSerializer < ActiveModel::Serializer - attributes :name, :id, :is_primary_producer, :is_distributor, :sells, :category, :payment_method_ids, :shipping_method_ids - attributes :producer_profile_only, :permalink + attributes :name, :id, :is_primary_producer, :is_distributor, :sells, :category, + :payment_method_ids, :shipping_method_ids, :producer_profile_only, :permalink end diff --git a/app/serializers/api/admin/customer_serializer.rb b/app/serializers/api/admin/customer_serializer.rb index f5fb4405be..2bc9f5a7db 100644 --- a/app/serializers/api/admin/customer_serializer.rb +++ b/app/serializers/api/admin/customer_serializer.rb @@ -1,6 +1,6 @@ class Api::Admin::CustomerSerializer < ActiveModel::Serializer - attributes :id, :email, :enterprise_id, :user_id, :code, :tags, :tag_list, :name - attributes :allow_charges, :default_card_present? + attributes :id, :email, :enterprise_id, :user_id, :code, :tags, :tag_list, :name, + :allow_charges, :default_card_present? has_one :ship_address, serializer: Api::AddressSerializer has_one :bill_address, serializer: Api::AddressSerializer diff --git a/app/serializers/api/admin/enterprise_fee_serializer.rb b/app/serializers/api/admin/enterprise_fee_serializer.rb index 2f7f7ca10e..dec43261d4 100644 --- a/app/serializers/api/admin/enterprise_fee_serializer.rb +++ b/app/serializers/api/admin/enterprise_fee_serializer.rb @@ -1,6 +1,6 @@ class Api::Admin::EnterpriseFeeSerializer < ActiveModel::Serializer - attributes :id, :enterprise_id, :fee_type, :name, :tax_category_id, :inherits_tax_category, :calculator_type - attributes :enterprise_name, :calculator_description, :calculator_settings + attributes :id, :enterprise_id, :fee_type, :name, :tax_category_id, :inherits_tax_category, + :calculator_type, :enterprise_name, :calculator_description, :calculator_settings def enterprise_name object.enterprise.andand.name @@ -16,7 +16,9 @@ class Api::Admin::EnterpriseFeeSerializer < ActiveModel::Serializer result = nil options[:controller].__send__(:with_format, :html) do - result = options[:controller].render_to_string partial: 'admin/enterprise_fees/calculator_settings', locals: { enterprise_fee: object } + result = options[:controller]. + render_to_string(partial: 'admin/enterprise_fees/calculator_settings', + locals: { enterprise_fee: object }) end result.gsub('[0]', '[{{ $index }}]').gsub('_0_', '_{{ $index }}_') diff --git a/app/serializers/api/admin/enterprise_serializer.rb b/app/serializers/api/admin/enterprise_serializer.rb index a4bba2b3d2..1d1e45e4e8 100644 --- a/app/serializers/api/admin/enterprise_serializer.rb +++ b/app/serializers/api/admin/enterprise_serializer.rb @@ -1,11 +1,12 @@ class Api::Admin::EnterpriseSerializer < ActiveModel::Serializer - attributes :name, :id, :is_primary_producer, :is_distributor, :sells, :category, :payment_method_ids, :shipping_method_ids - attributes :producer_profile_only, :long_description, :permalink - attributes :preferred_shopfront_message, :preferred_shopfront_closed_message, :preferred_shopfront_taxon_order, :preferred_shopfront_order_cycle_order - attributes :preferred_product_selection_from_inventory_only - attributes :owner, :contact, :users, :tag_groups, :default_tag_group - attributes :require_login, :allow_guest_orders, :allow_order_changes - attributes :logo, :promo_image + attributes :name, :id, :is_primary_producer, :is_distributor, :sells, :category, :permalink, + :payment_method_ids, :shipping_method_ids, :producer_profile_only, :long_description, + :preferred_shopfront_message, :preferred_shopfront_closed_message, + :preferred_shopfront_taxon_order, :preferred_shopfront_order_cycle_order, + :preferred_product_selection_from_inventory_only, + :owner, :contact, :users, :tag_groups, :default_tag_group, + :require_login, :allow_guest_orders, :allow_order_changes, + :logo, :promo_image has_one :owner, serializer: Api::Admin::UserSerializer has_many :users, serializer: Api::Admin::UserSerializer @@ -21,7 +22,9 @@ class Api::Admin::EnterpriseSerializer < ActiveModel::Serializer def tag_groups object.tag_rules.prioritised.reject(&:is_default).each_with_object([]) do |tag_rule, tag_groups| - tag_group = find_match(tag_groups, tag_rule.preferred_customer_tags.split(",").map{ |t| { text: t } }) + tag_group = find_match(tag_groups, tag_rule.preferred_customer_tags. + split(","). + map{ |t| { text: t } }) if tag_group[:rules].empty? tag_groups << tag_group tag_group[:position] = tag_groups.count @@ -32,13 +35,16 @@ class Api::Admin::EnterpriseSerializer < ActiveModel::Serializer def default_tag_group default_rules = object.tag_rules.select(&:is_default) - serialized_rules = ActiveModel::ArraySerializer.new(default_rules, each_serializer: Api::Admin::TagRuleSerializer) + serialized_rules = + ActiveModel::ArraySerializer.new(default_rules, + each_serializer: Api::Admin::TagRuleSerializer) { tags: [], rules: serialized_rules } end def find_match(tag_groups, tags) tag_groups.each do |tag_group| - return tag_group if tag_group[:tags].length == tags.length && (tag_group[:tags] & tags) == tag_group[:tags] + return tag_group if tag_group[:tags].length == tags.length && + (tag_group[:tags] & tags) == tag_group[:tags] end { tags: tags, rules: [] } end diff --git a/app/serializers/api/admin/exchange_serializer.rb b/app/serializers/api/admin/exchange_serializer.rb index 43d7a08ac8..ad81cfa9f1 100644 --- a/app/serializers/api/admin/exchange_serializer.rb +++ b/app/serializers/api/admin/exchange_serializer.rb @@ -1,6 +1,7 @@ class Api::Admin::ExchangeSerializer < ActiveModel::Serializer - attributes :id, :sender_id, :receiver_id, :incoming, :variants, :receival_instructions, :pickup_time, :pickup_instructions - attributes :tags, :tag_list + attributes :id, :sender_id, :receiver_id, :incoming, :variants, + :receival_instructions, :pickup_time, :pickup_instructions, + :tags, :tag_list has_many :enterprise_fees, serializer: Api::Admin::BasicEnterpriseFeeSerializer diff --git a/app/serializers/api/admin/for_order_cycle/enterprise_serializer.rb b/app/serializers/api/admin/for_order_cycle/enterprise_serializer.rb index 4d2afc9ed5..0d15bbb80b 100644 --- a/app/serializers/api/admin/for_order_cycle/enterprise_serializer.rb +++ b/app/serializers/api/admin/for_order_cycle/enterprise_serializer.rb @@ -1,12 +1,16 @@ require 'open_food_network/enterprise_issue_validator' class Api::Admin::ForOrderCycle::EnterpriseSerializer < ActiveModel::Serializer - attributes :id, :name, :managed, :supplied_products - attributes :issues_summary_supplier, :issues_summary_distributor - attributes :is_primary_producer, :is_distributor, :sells + attributes :id, :name, :managed, :supplied_products, + :issues_summary_supplier, :issues_summary_distributor, + :is_primary_producer, :is_distributor, :sells def issues_summary_supplier - issues = OpenFoodNetwork::EnterpriseIssueValidator.new(object).issues_summary confirmation_only: true + issues = + OpenFoodNetwork::EnterpriseIssueValidator. + new(object). + issues_summary(confirmation_only: true) + if issues.nil? && products.empty? issues = "no products in inventory" end @@ -23,7 +27,8 @@ class Api::Admin::ForOrderCycle::EnterpriseSerializer < ActiveModel::Serializer def supplied_products serializer = Api::Admin::ForOrderCycle::SuppliedProductSerializer - ActiveModel::ArraySerializer.new(products, each_serializer: serializer, order_cycle: order_cycle) + ActiveModel::ArraySerializer.new(products, each_serializer: serializer, + order_cycle: order_cycle) end private diff --git a/app/serializers/api/admin/index_enterprise_serializer.rb b/app/serializers/api/admin/index_enterprise_serializer.rb index d1d315d63d..8946686c5f 100644 --- a/app/serializers/api/admin/index_enterprise_serializer.rb +++ b/app/serializers/api/admin/index_enterprise_serializer.rb @@ -1,9 +1,8 @@ require 'open_food_network/enterprise_issue_validator' class Api::Admin::IndexEnterpriseSerializer < ActiveModel::Serializer - attributes :name, :id, :permalink, :is_primary_producer, :sells, :producer_profile_only, :owned, :edit_path - - attributes :issues, :warnings + attributes :name, :id, :permalink, :is_primary_producer, :sells, :producer_profile_only, :owned, + :edit_path, :issues, :warnings def owned return true if options[:spree_current_user].admin? diff --git a/app/serializers/api/admin/index_order_cycle_serializer.rb b/app/serializers/api/admin/index_order_cycle_serializer.rb index 144bc38a7c..f621f32dc0 100644 --- a/app/serializers/api/admin/index_order_cycle_serializer.rb +++ b/app/serializers/api/admin/index_order_cycle_serializer.rb @@ -5,9 +5,9 @@ module Api class IndexOrderCycleSerializer < ActiveModel::Serializer include OrderCyclesHelper - attributes :id, :name, :orders_open_at, :orders_close_at, :status, :variant_count, :deletable - attributes :coordinator, :producers, :shops, :viewing_as_coordinator - attributes :edit_path, :clone_path, :delete_path, :subscriptions_count + attributes :id, :name, :orders_open_at, :orders_close_at, :status, :variant_count, :deletable, + :coordinator, :producers, :shops, :viewing_as_coordinator, + :edit_path, :clone_path, :delete_path, :subscriptions_count has_many :schedules, serializer: Api::Admin::IdNameSerializer @@ -68,7 +68,10 @@ module Api private def visible_enterprises - @visible_enterprises ||= OpenFoodNetwork::OrderCyclePermissions.new(options[:current_user], object).visible_enterprises + @visible_enterprises ||= + OpenFoodNetwork::OrderCyclePermissions. + new(options[:current_user], object). + visible_enterprises end end end diff --git a/app/serializers/api/admin/line_item_serializer.rb b/app/serializers/api/admin/line_item_serializer.rb index 5feeddc43a..63ae22a6fb 100644 --- a/app/serializers/api/admin/line_item_serializer.rb +++ b/app/serializers/api/admin/line_item_serializer.rb @@ -1,5 +1,6 @@ class Api::Admin::LineItemSerializer < ActiveModel::Serializer - attributes :id, :quantity, :max_quantity, :price, :supplier, :final_weight_volume, :units_product, :units_variant + attributes :id, :quantity, :max_quantity, :price, :supplier, :final_weight_volume, + :units_product, :units_variant has_one :order, serializer: Api::Admin::IdSerializer @@ -20,7 +21,8 @@ class Api::Admin::LineItemSerializer < ActiveModel::Serializer end def max_quantity - return object.quantity unless object.max_quantity.present? && object.max_quantity > object.quantity + return object.quantity unless object.max_quantity.present? && + object.max_quantity > object.quantity object.max_quantity end end diff --git a/app/serializers/api/admin/order_cycle_serializer.rb b/app/serializers/api/admin/order_cycle_serializer.rb index 4989530e37..52e6f52711 100644 --- a/app/serializers/api/admin/order_cycle_serializer.rb +++ b/app/serializers/api/admin/order_cycle_serializer.rb @@ -1,10 +1,10 @@ require 'open_food_network/order_cycle_permissions' class Api::Admin::OrderCycleSerializer < ActiveModel::Serializer - attributes :id, :name, :orders_open_at, :orders_close_at, :coordinator_id, :exchanges - attributes :editable_variants_for_incoming_exchanges, :editable_variants_for_outgoing_exchanges - attributes :visible_variants_for_outgoing_exchanges - attributes :viewing_as_coordinator, :schedule_ids, :subscriptions_count + attributes :id, :name, :orders_open_at, :orders_close_at, :coordinator_id, :exchanges, + :editable_variants_for_incoming_exchanges, :editable_variants_for_outgoing_exchanges, + :visible_variants_for_outgoing_exchanges, + :viewing_as_coordinator, :schedule_ids, :subscriptions_count has_many :coordinator_fees, serializer: Api::IdSerializer @@ -25,8 +25,14 @@ class Api::Admin::OrderCycleSerializer < ActiveModel::Serializer end def exchanges - scoped_exchanges = OpenFoodNetwork::OrderCyclePermissions.new(options[:current_user], object).visible_exchanges.by_enterprise_name - ActiveModel::ArraySerializer.new(scoped_exchanges, each_serializer: Api::Admin::ExchangeSerializer, current_user: options[:current_user]) + scoped_exchanges = + OpenFoodNetwork::OrderCyclePermissions. + new(options[:current_user], object). + visible_exchanges.by_enterprise_name + + ActiveModel::ArraySerializer. + new(scoped_exchanges, each_serializer: Api::Admin::ExchangeSerializer, + current_user: options[:current_user]) end def editable_variants_for_incoming_exchanges @@ -66,9 +72,13 @@ class Api::Admin::OrderCycleSerializer < ActiveModel::Serializer # for shops. We need this here to allow hubs to restrict visible variants to only those in # their inventory if they so choose variants = if enterprise.prefers_product_selection_from_inventory_only? - permissions.visible_variants_for_outgoing_exchanges_to(enterprise).visible_for(enterprise) + permissions. + visible_variants_for_outgoing_exchanges_to(enterprise). + visible_for(enterprise) else - permissions.visible_variants_for_outgoing_exchanges_to(enterprise).not_hidden_for(enterprise) + permissions. + visible_variants_for_outgoing_exchanges_to(enterprise). + not_hidden_for(enterprise) end.pluck(:id) visible[enterprise.id] = variants if variants.any? end diff --git a/app/serializers/api/admin/order_serializer.rb b/app/serializers/api/admin/order_serializer.rb index 1836fcfa44..83707e8af5 100644 --- a/app/serializers/api/admin/order_serializer.rb +++ b/app/serializers/api/admin/order_serializer.rb @@ -1,8 +1,9 @@ class Api::Admin::OrderSerializer < ActiveModel::Serializer - attributes :id, :number, :full_name, :email, :phone, :completed_at, :display_total - attributes :edit_path, :state, :payment_state, :shipment_state - attributes :payments_path, :ship_path, :ready_to_ship, :created_at - attributes :distributor_name, :special_instructions, :payment_capture_path + attributes :id, :number, :user_id, :full_name, :email, :phone, :completed_at, :display_total, + :edit_path, :state, :payment_state, :shipment_state, + :payments_path, :ship_path, :ready_to_ship, :created_at, + :distributor_name, :special_instructions, :payment_capture_path, + :item_total, :adjustment_total, :payment_total, :total has_one :distributor, serializer: Api::Admin::IdSerializer has_one :order_cycle, serializer: Api::Admin::IdSerializer diff --git a/app/serializers/api/admin/subscription_serializer.rb b/app/serializers/api/admin/subscription_serializer.rb index 91b30e4e8c..10b2634772 100644 --- a/app/serializers/api/admin/subscription_serializer.rb +++ b/app/serializers/api/admin/subscription_serializer.rb @@ -1,9 +1,10 @@ module Api module Admin class SubscriptionSerializer < ActiveModel::Serializer - attributes :id, :shop_id, :customer_id, :schedule_id, :payment_method_id, :shipping_method_id, :begins_at, :ends_at - attributes :customer_email, :schedule_name, :edit_path, :canceled_at, :paused_at, :state - attributes :shipping_fee_estimate, :payment_fee_estimate + attributes :id, :shop_id, :customer_id, :schedule_id, :payment_method_id, :shipping_method_id, + :begins_at, :ends_at, + :customer_email, :schedule_name, :edit_path, :canceled_at, :paused_at, :state, + :shipping_fee_estimate, :payment_fee_estimate has_many :subscription_line_items, serializer: Api::Admin::SubscriptionLineItemSerializer has_many :closed_proxy_orders, serializer: Api::Admin::ProxyOrderSerializer diff --git a/app/serializers/api/admin/tag_rule_serializer.rb b/app/serializers/api/admin/tag_rule_serializer.rb index 61cbb7ad5f..7e07fa117c 100644 --- a/app/serializers/api/admin/tag_rule_serializer.rb +++ b/app/serializers/api/admin/tag_rule_serializer.rb @@ -16,7 +16,8 @@ module Api::Admin::TagRule end class FilterShippingMethodsSerializer < BaseSerializer - attributes :preferred_matched_shipping_methods_visibility, :preferred_shipping_method_tags, :shipping_method_tags + attributes :preferred_matched_shipping_methods_visibility, :preferred_shipping_method_tags, + :shipping_method_tags def shipping_method_tags object.preferred_shipping_method_tags.split(",") @@ -24,7 +25,8 @@ module Api::Admin::TagRule end class FilterPaymentMethodsSerializer < BaseSerializer - attributes :preferred_matched_payment_methods_visibility, :preferred_payment_method_tags, :payment_method_tags + attributes :preferred_matched_payment_methods_visibility, :preferred_payment_method_tags, + :payment_method_tags def payment_method_tags object.preferred_payment_method_tags.split(",") diff --git a/app/serializers/api/admin/variant_override_serializer.rb b/app/serializers/api/admin/variant_override_serializer.rb index c63e77c068..f21f751911 100644 --- a/app/serializers/api/admin/variant_override_serializer.rb +++ b/app/serializers/api/admin/variant_override_serializer.rb @@ -1,6 +1,6 @@ class Api::Admin::VariantOverrideSerializer < ActiveModel::Serializer - attributes :id, :hub_id, :variant_id, :sku, :price, :count_on_hand, :on_demand, :default_stock, :resettable - attributes :tag_list, :tags, :import_date + attributes :id, :hub_id, :variant_id, :sku, :price, :count_on_hand, :on_demand, :default_stock, + :resettable, :tag_list, :tags, :import_date def tag_list object.tag_list.join(",") diff --git a/app/serializers/api/admin/variant_serializer.rb b/app/serializers/api/admin/variant_serializer.rb index 479780064f..4ab886b270 100644 --- a/app/serializers/api/admin/variant_serializer.rb +++ b/app/serializers/api/admin/variant_serializer.rb @@ -1,8 +1,8 @@ class Api::Admin::VariantSerializer < ActiveModel::Serializer - attributes :id, :name, :producer_name, :image, :sku, :import_date - attributes :options_text, :unit_value, :unit_description, :unit_to_display - attributes :display_as, :display_name, :name_to_display - attributes :price, :on_demand, :on_hand, :in_stock, :stock_location_id, :stock_location_name + attributes :id, :name, :producer_name, :image, :sku, :import_date, + :options_text, :unit_value, :unit_description, :unit_to_display, + :display_as, :display_name, :name_to_display, + :price, :on_demand, :on_hand, :in_stock, :stock_location_id, :stock_location_name has_many :variant_overrides diff --git a/app/serializers/api/order_detailed_serializer.rb b/app/serializers/api/order_detailed_serializer.rb new file mode 100644 index 0000000000..424f7d91b7 --- /dev/null +++ b/app/serializers/api/order_detailed_serializer.rb @@ -0,0 +1,12 @@ +module Api + class OrderDetailedSerializer < Api::Admin::OrderSerializer + has_one :shipping_method, serializer: Api::ShippingMethodSerializer + has_one :ship_address, serializer: Api::AddressSerializer + has_one :bill_address, serializer: Api::AddressSerializer + + has_many :line_items, serializer: Api::LineItemSerializer + has_many :adjustments, serializer: Api::AdjustmentSerializer + + has_many :payments, serializer: Api::PaymentSerializer + end +end diff --git a/app/serializers/api/order_serializer.rb b/app/serializers/api/order_serializer.rb index 68c8f6a549..017f32bbf5 100644 --- a/app/serializers/api/order_serializer.rb +++ b/app/serializers/api/order_serializer.rb @@ -1,9 +1,9 @@ module Api class OrderSerializer < ActiveModel::Serializer - attributes :number, :completed_at, :total, :state, :shipment_state, :payment_state - attributes :outstanding_balance, :payments, :path, :cancel_path - attributes :changes_allowed, :changes_allowed_until, :item_count - attributes :shop_id + attributes :number, :completed_at, :total, :state, :shipment_state, :payment_state, + :outstanding_balance, :payments, :path, :cancel_path, + :changes_allowed, :changes_allowed_until, :item_count, + :shop_id has_many :payments, serializer: Api::PaymentSerializer diff --git a/app/serializers/api/payment_serializer.rb b/app/serializers/api/payment_serializer.rb index 8b956ecb1f..7172e21f12 100644 --- a/app/serializers/api/payment_serializer.rb +++ b/app/serializers/api/payment_serializer.rb @@ -1,6 +1,7 @@ module Api class PaymentSerializer < ActiveModel::Serializer attributes :amount, :updated_at, :payment_method, :state + def payment_method object.payment_method.try(:name) end diff --git a/app/serializers/api/variant_serializer.rb b/app/serializers/api/variant_serializer.rb index 518dd60d7c..54eae7aed5 100644 --- a/app/serializers/api/variant_serializer.rb +++ b/app/serializers/api/variant_serializer.rb @@ -1,9 +1,9 @@ class Api::VariantSerializer < ActiveModel::Serializer - attributes :id, :is_master, :product_name, :sku - attributes :options_text, :unit_value, :unit_description, :unit_to_display - attributes :display_as, :display_name, :name_to_display - attributes :price, :on_demand, :on_hand, :fees, :price_with_fees - attributes :tag_list + attributes :id, :is_master, :product_name, :sku, + :options_text, :unit_value, :unit_description, :unit_to_display, + :display_as, :display_name, :name_to_display, + :price, :on_demand, :on_hand, :fees, :price_with_fees, + :tag_list delegate :price, to: :object diff --git a/config/routes/api.rb b/config/routes/api.rb index 94b9e180f0..75d3638016 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -15,7 +15,7 @@ Openfoodnetwork::Application.routes.draw do resources :variants, :only => [:index] - resources :orders, only: [:index] do + resources :orders, only: [:index, :show] do get :managed, on: :collection resources :shipments, :only => [:create, :update] do diff --git a/spec/controllers/api/orders_controller_spec.rb b/spec/controllers/api/orders_controller_spec.rb index 0819733e82..05f9743303 100644 --- a/spec/controllers/api/orders_controller_spec.rb +++ b/spec/controllers/api/orders_controller_spec.rb @@ -5,13 +5,17 @@ module Api include AuthenticationWorkflow render_views + let!(:regular_user) { create(:user) } + let!(:admin_user) { create(:admin_user) } + + let!(:distributor) { create(:distributor_enterprise) } + let!(:coordinator) { create(:distributor_enterprise) } + let!(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator) } + describe '#index' do - let!(:distributor) { create(:distributor_enterprise) } let!(:distributor2) { create(:distributor_enterprise) } - let!(:supplier) { create(:supplier_enterprise) } - let!(:coordinator) { create(:distributor_enterprise) } let!(:coordinator2) { create(:distributor_enterprise) } - let!(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator) } + let!(:supplier) { create(:supplier_enterprise) } let!(:order_cycle2) { create(:simple_order_cycle, coordinator: coordinator2) } let!(:order1) do create(:order, order_cycle: order_cycle, state: 'complete', completed_at: Time.zone.now, @@ -45,8 +49,6 @@ module Api create(:line_item_with_shipment, order: order3, product: create(:product, supplier: supplier)) end - let!(:regular_user) { create(:user) } - let!(:admin_user) { create(:admin_user) } context 'as a regular user' do before do @@ -156,6 +158,110 @@ module Api end end + describe "#show" do + let!(:order) { create(:completed_order_with_totals, order_cycle: order_cycle, distributor: distributor ) } + + context "Resource not found" do + before { allow(controller).to receive(:spree_current_user) { admin_user } } + + it "when no order number is given" do + get :show, id: nil + expect(response).to have_http_status(:not_found) + end + + it "when order number given is not in the systen" do + get :show, id: "X1321313232" + expect(response).to have_http_status(:not_found) + end + end + + context "access" do + it "returns unauthorized, as a regular user" do + allow(controller).to receive(:spree_current_user) { regular_user } + get :show, id: order.number + assert_unauthorized! + end + + it "returns the order, as an admin user" do + allow(controller).to receive(:spree_current_user) { admin_user } + get :show, id: order.number + expect_order + end + + it "returns the order, as the order distributor owner" do + allow(controller).to receive(:spree_current_user) { order.distributor.owner } + get :show, id: order.number + expect_order + end + + it "returns unauthorized, as the order product's supplier owner" do + allow(controller).to receive(:spree_current_user) { order.line_items.first.variant.product.supplier.owner } + get :show, id: order.number + assert_unauthorized! + end + + it "returns the order, as the Order Cycle coorinator owner" do + allow(controller).to receive(:spree_current_user) { order.order_cycle.coordinator.owner } + get :show, id: order.number + expect_order + end + end + + context "as distributor owner" do + let!(:order) { create(:completed_order_with_fees, order_cycle: order_cycle, distributor: distributor ) } + + before { allow(controller).to receive(:spree_current_user) { order.distributor.owner } } + + it "can view an order not in a standard state" do + order.update_attributes(completed_at: nil, state: 'shipped') + get :show, id: order.number + expect_order + end + + it "can view an order with weight calculator (this validates case where options[current_order] is nil on the shipping method serializer)" do + order.shipping_method.update_attribute(:calculator, create(:weight_calculator, calculable: order)) + allow(controller).to receive(:current_order).and_return order + get :show, id: order.number + expect_order + end + + it "returns an order with all required fields" do + get :show, id: order.number + + expect_order + expect(json_response.symbolize_keys.keys).to include(*order_detailed_attributes) + + expect(json_response[:bill_address]).to include( + 'address1' => order.bill_address.address1, + 'lastname' => order.bill_address.lastname + ) + expect(json_response[:ship_address]).to include( + 'address1' => order.ship_address.address1, + 'lastname' => order.ship_address.lastname + ) + expect(json_response[:shipping_method][:name]).to eq order.shipping_method.name + + expect(json_response[:adjustments].first).to include( + 'label' => "Transaction fee", + 'amount' => order.adjustments.payment_fee.first.amount.to_s + ) + expect(json_response[:adjustments].second).to include( + 'label' => "Shipping", + 'amount' => order.adjustments.shipping.first.amount.to_s + ) + + expect(json_response[:payments].first[:amount]).to eq order.payments.first.amount.to_s + expect(json_response[:line_items].size).to eq order.line_items.size + expect(json_response[:line_items].first[:variant][:product_name]). to eq order.line_items.first.variant.product.name + end + end + + def expect_order + expect(response.status).to eq 200 + expect(json_response[:number]).to eq order.number + end + end + private def serialized_orders(orders) @@ -181,5 +287,12 @@ module Api :distributor_name, :special_instructions, :payment_capture_path ] end + + def order_detailed_attributes + [ + :number, :item_total, :total, :state, :adjustment_total, :payment_total, + :completed_at, :shipment_state, :payment_state, :email, :special_instructions + ] + end end end