Merge pull request #4268 from luisramos0/add_order_endpoint

Add api/orders/{order_number} API endpoint
2026-03-11 03:40:20 +00:00 · 2019-10-16 21:22:27 +01:00
parent e46875376e 50731e929e
commit ad247e2116
26 changed files with 260 additions and 87 deletions
--- a/spec/controllers/api/orders_controller_spec.rb
+++ b/spec/controllers/api/orders_controller_spec.rb
@@ -5,13 +5,17 @@ module Api
    include AuthenticationWorkflow
    render_views

+    let!(:regular_user) { create(:user) }
+    let!(:admin_user) { create(:admin_user) }
+
+    let!(:distributor) { create(:distributor_enterprise) }
+    let!(:coordinator) { create(:distributor_enterprise) }
+    let!(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator) }
+
    describe '#index' do
-      let!(:distributor) { create(:distributor_enterprise) }
      let!(:distributor2) { create(:distributor_enterprise) }
-      let!(:supplier) { create(:supplier_enterprise) }
-      let!(:coordinator) { create(:distributor_enterprise) }
      let!(:coordinator2) { create(:distributor_enterprise) }
-      let!(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator) }
+      let!(:supplier) { create(:supplier_enterprise) }
      let!(:order_cycle2) { create(:simple_order_cycle, coordinator: coordinator2) }
      let!(:order1) do
        create(:order, order_cycle: order_cycle, state: 'complete', completed_at: Time.zone.now,
@@ -45,8 +49,6 @@ module Api
        create(:line_item_with_shipment, order: order3,
                                         product: create(:product, supplier: supplier))
      end
-      let!(:regular_user) { create(:user) }
-      let!(:admin_user) { create(:admin_user) }

      context 'as a regular user' do
        before do
@@ -156,6 +158,110 @@ module Api
      end
    end

+    describe "#show" do
+      let!(:order) { create(:completed_order_with_totals, order_cycle: order_cycle, distributor: distributor ) }
+
+      context "Resource not found" do
+        before { allow(controller).to receive(:spree_current_user) { admin_user } }
+
+        it "when no order number is given" do
+          get :show, id: nil
+          expect(response).to have_http_status(:not_found)
+        end
+
+        it "when order number given is not in the systen" do
+          get :show, id: "X1321313232"
+          expect(response).to have_http_status(:not_found)
+        end
+      end
+
+      context "access" do
+        it "returns unauthorized, as a regular user" do
+          allow(controller).to receive(:spree_current_user) { regular_user }
+          get :show, id: order.number
+          assert_unauthorized!
+        end
+
+        it "returns the order, as an admin user" do
+          allow(controller).to receive(:spree_current_user) { admin_user }
+          get :show, id: order.number
+          expect_order
+        end
+
+        it "returns the order, as the order distributor owner" do
+          allow(controller).to receive(:spree_current_user) { order.distributor.owner }
+          get :show, id: order.number
+          expect_order
+        end
+
+        it "returns unauthorized, as the order product's supplier owner" do
+          allow(controller).to receive(:spree_current_user) { order.line_items.first.variant.product.supplier.owner }
+          get :show, id: order.number
+          assert_unauthorized!
+        end
+
+        it "returns the order, as the Order Cycle coorinator owner" do
+          allow(controller).to receive(:spree_current_user) { order.order_cycle.coordinator.owner }
+          get :show, id: order.number
+          expect_order
+        end
+      end
+
+      context "as distributor owner" do
+        let!(:order) { create(:completed_order_with_fees, order_cycle: order_cycle, distributor: distributor ) }
+
+        before { allow(controller).to receive(:spree_current_user) { order.distributor.owner } }
+
+        it "can view an order not in a standard state" do
+          order.update_attributes(completed_at: nil, state: 'shipped')
+          get :show, id: order.number
+          expect_order
+        end
+
+        it "can view an order with weight calculator (this validates case where options[current_order] is nil on the shipping method serializer)" do
+          order.shipping_method.update_attribute(:calculator, create(:weight_calculator, calculable: order))
+          allow(controller).to receive(:current_order).and_return order
+          get :show, id: order.number
+          expect_order
+        end
+
+        it "returns an order with all required fields" do
+          get :show, id: order.number
+
+          expect_order
+          expect(json_response.symbolize_keys.keys).to include(*order_detailed_attributes)
+
+          expect(json_response[:bill_address]).to include(
+            'address1' => order.bill_address.address1,
+            'lastname' => order.bill_address.lastname
+          )
+          expect(json_response[:ship_address]).to include(
+            'address1' => order.ship_address.address1,
+            'lastname' => order.ship_address.lastname
+          )
+          expect(json_response[:shipping_method][:name]).to eq order.shipping_method.name
+
+          expect(json_response[:adjustments].first).to include(
+            'label' => "Transaction fee",
+            'amount' => order.adjustments.payment_fee.first.amount.to_s
+          )
+          expect(json_response[:adjustments].second).to include(
+            'label' => "Shipping",
+            'amount' => order.adjustments.shipping.first.amount.to_s
+          )
+
+          expect(json_response[:payments].first[:amount]).to eq order.payments.first.amount.to_s
+          expect(json_response[:line_items].size).to eq order.line_items.size
+          expect(json_response[:line_items].first[:variant][:product_name]). to eq order.line_items.first.variant.product.name
+        end
+      end
+
+      def expect_order
+        expect(response.status).to eq 200
+        expect(json_response[:number]).to eq order.number
+      end
+    end
+
    private

    def serialized_orders(orders)
@@ -181,5 +287,12 @@ module Api
        :distributor_name, :special_instructions, :payment_capture_path
      ]
    end
+
+    def order_detailed_attributes
+      [
+        :number, :item_total, :total, :state, :adjustment_total, :payment_total,
+        :completed_at, :shipment_state, :payment_state, :email, :special_instructions
+      ]
+    end
  end
 end