raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-24 20:36:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1984 from coopdevs/fix/api-key-taxons

Browse Source 
Disable api auth as there is no Spree api key set
This commit is contained in:
Enrico Stano
2018-01-05 10:31:36 +01:00
committed by GitHub
parent 8e0f2d2500 72889b5c36
commit edbed2c8d3
9 changed files with 119 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@@ -11,7 +11,7 @@ gem 'i18n-js', '~> 3.0.0'
gem 'nokogiri', '>= 1.6.7.1'
gem 'pg'
gem 'spree', github: 'openfoodfoundation/spree', branch: 'step-6a', ref: 'b1b33c7ec682e042bc939aac39dfa1f2de446227'
gem 'spree', github: 'openfoodfoundation/spree', branch: 'step-6a', ref: '86bf87f1b1e1b299edc8cd10a2486e44ba0a3987'
gem 'spree_i18n', github: 'spree/spree_i18n', branch: '1-3-stable'
gem 'spree_auth_devise', github: 'openfoodfoundation/spree_auth_devise', branch: 'spree-upgrade-intermediate'

6
Gemfile.lock
View File

@@ -30,8 +30,8 @@ GIT
GIT
remote: https://github.com/openfoodfoundation/spree.git
revision: b1b33c7ec682e042bc939aac39dfa1f2de446227
ref: b1b33c7ec682e042bc939aac39dfa1f2de446227
revision: 86bf87f1b1e1b299edc8cd10a2486e44ba0a3987
ref: 86bf87f1b1e1b299edc8cd10a2486e44ba0a3987
branch: step-6a
specs:
spree (1.3.99)
@@ -807,4 +807,4 @@ RUBY VERSION
ruby 2.1.5p273
BUNDLED WITH
1.15.4
1.16.0

7
app/controllers/api/enterprises_controller.rb
View File

@@ -60,7 +60,12 @@ module Api
def override_sells
has_hub = current_api_user.owned_enterprises.is_hub.any?
new_enterprise_is_producer = !!params[:enterprise][:is_primary_producer]
params[:enterprise][:sells] = (has_hub && !new_enterprise_is_producer) ? 'any' : 'unspecified'
params[:enterprise][:sells] = if has_hub && !new_enterprise_is_producer
'any'
else
'unspecified'
end
end
def override_visible

2
config/initializers/spree.rb
View File

@@ -12,8 +12,6 @@ require 'spree/core/calculated_adjustments_decorator'
require "#{Rails.root}/app/models/spree/payment_method_decorator"
require "#{Rails.root}/app/models/spree/gateway_decorator"
Spree::Api::Config[:requires_authentication] = true
Spree.config do |config|
config.shipping_instructions = true
config.address_requires_state = true

41
spec/controllers/api/enterprises_controller_spec.rb
View File

@@ -7,22 +7,29 @@ module Api
let(:enterprise) { create(:distributor_enterprise) }
before do
stub_authentication!
Enterprise.stub(:find).and_return(enterprise)
end
context "as an enterprise owner" do
let(:enterprise_owner) { create_enterprise_user enterprise_limit: 10 }
let(:enterprise) { create(:distributor_enterprise, owner: enterprise_owner) }
let!(:enterprise) { create(:distributor_enterprise, owner: enterprise_owner) }
before do
Spree.user_class.stub :find_by_spree_api_key => enterprise_owner
allow(controller).to receive(:spree_current_user) { enterprise_owner }
end
describe "creating an enterprise" do
let(:australia) { Spree::Country.find_by_name('Australia') }
let(:new_enterprise_params) { {enterprise: {name: 'name', email: 'email@example.com', address_attributes: {address1: '123 Abc Street', city: 'Northcote', zipcode: '3070', state_id: australia.states.first, country_id: australia.id } } } }
let(:new_enterprise_params) do
{
enterprise: {
name: 'name', email: 'email@example.com', address_attributes: {
address1: '123 Abc Street',
city: 'Northcote',
zipcode: '3070',
state_id: australia.states.first,
country_id: australia.id
}
}
}
end
it "creates as sells=any when it is not a producer" do
spree_post :create, new_enterprise_params
@@ -39,35 +46,37 @@ module Api
before do
enterprise_manager.enterprise_roles.build(enterprise: enterprise).save
Spree.user_class.stub :find_by_spree_api_key => enterprise_manager
allow(controller).to receive(:spree_current_user) { enterprise_manager }
end
describe "submitting a valid image" do
before do
allow(Enterprise)
.to receive(:find_by_permalink).with(enterprise.id.to_s) { enterprise }
enterprise.stub(:update_attributes).and_return(true)
end
it "I can update enterprise image" do
spree_post :update_image, logo: 'a logo'
spree_post :update_image, logo: 'a logo', id: enterprise.id
response.should be_success
end
end
end
describe "as an non-managing user" do
context "as an non-managing user" do
let(:non_managing_user) { create_enterprise_user }
before do
Spree.user_class.stub :find_by_spree_api_key => non_managing_user
allow(Enterprise)
.to receive(:find_by_permalink).with(enterprise.id.to_s) { enterprise }
allow(controller).to receive(:spree_current_user) { non_managing_user }
end
describe "submitting a valid image" do
before do
enterprise.stub(:update_attributes).and_return(true)
end
before { enterprise.stub(:update_attributes).and_return(true) }
it "I can't update enterprise image" do
spree_post :update_image, logo: 'a logo'
spree_post :update_image, logo: 'a logo', id: enterprise.id
assert_unauthorized!
end
end

68
spec/controllers/api/order_cycles_controller_spec.rb
View File

@@ -14,8 +14,7 @@ module Api
let(:attributes) { [:id, :name, :suppliers, :distributors] }
before do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => current_api_user
allow(controller).to receive(:spree_current_user) { current_api_user }
end
context "as a normal user" do
@@ -77,38 +76,37 @@ module Api
let!(:order_cycle) { create(:simple_order_cycle, suppliers: [oc_supplier], distributors: [oc_distributor]) }
context "as the user of a supplier to an order cycle" do
before :each do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => oc_supplier_user
spree_get :accessible, { :template => 'bulk_index', :format => :json }
before do
allow(controller).to receive(:spree_current_user) { oc_supplier_user }
end
it "gives me access" do
spree_get :accessible, { :template => 'bulk_index', :format => :json }
json_response.length.should == 1
json_response[0]['id'].should == order_cycle.id
end
end
context "as the user of some other supplier" do
before :each do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => other_supplier_user
spree_get :accessible, { :template => 'bulk_index', :format => :json }
before do
allow(controller).to receive(:spree_current_user) { other_supplier_user }
end
it "does not give me access" do
spree_get :accessible, { :template => 'bulk_index', :format => :json }
json_response.length.should == 0
end
end
context "as the user of a hub for the order cycle" do
before :each do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => oc_distributor_user
spree_get :accessible, { :template => 'bulk_index', :format => :json }
before do
allow(controller).to receive(:spree_current_user) { oc_distributor_user }
end
it "gives me access" do
spree_get :accessible, { :template => 'bulk_index', :format => :json }
json_response.length.should == 1
json_response[0]['id'].should == order_cycle.id
end
@@ -125,39 +123,32 @@ module Api
let(:params) { { format: :json, as: 'distributor' } }
before do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => user
allow(controller).to receive(:spree_current_user) { user }
end
context "as the manager of a supplier in an order cycle" do
before do
user.enterprise_roles.create(enterprise: producer)
spree_get :accessible, params
end
before { user.enterprise_roles.create(enterprise: producer) }
it "does not return the order cycle" do
spree_get :accessible, params
expect(assigns(:order_cycles)).to_not include oc
end
end
context "as the manager of a distributor in an order cycle" do
before do
user.enterprise_roles.create(enterprise: distributor)
spree_get :accessible, params
end
before { user.enterprise_roles.create(enterprise: distributor) }
it "returns the order cycle" do
spree_get :accessible, params
expect(assigns(:order_cycles)).to include oc
end
end
context "as the manager of the coordinator of an order cycle" do
before do
user.enterprise_roles.create(enterprise: coordinator)
spree_get :accessible, params
end
before { user.enterprise_roles.create(enterprise: coordinator) }
it "returns the order cycle" do
spree_get :accessible, params
expect(assigns(:order_cycles)).to include oc
end
end
@@ -173,39 +164,32 @@ module Api
let(:params) { { format: :json, as: 'producer' } }
before do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => user
allow(controller).to receive(:spree_current_user) { user }
end
context "as the manager of a producer in an order cycle" do
before do
user.enterprise_roles.create(enterprise: producer)
spree_get :accessible, params
end
before { user.enterprise_roles.create(enterprise: producer) }
it "returns the order cycle" do
spree_get :accessible, params
expect(assigns(:order_cycles)).to include oc
end
end
context "as the manager of a distributor in an order cycle" do
before do
user.enterprise_roles.create(enterprise: distributor)
spree_get :accessible, params
end
before { user.enterprise_roles.create(enterprise: distributor) }
it "does not return the order cycle" do
spree_get :accessible, params
expect(assigns(:order_cycles)).to_not include oc
end
end
context "as the manager of the coordinator of an order cycle" do
before do
user.enterprise_roles.create(enterprise: coordinator)
spree_get :accessible, params
end
before { user.enterprise_roles.create(enterprise: coordinator) }
it "returns the order cycle" do
spree_get :accessible, params
expect(assigns(:order_cycles)).to include oc
end
end

23
spec/controllers/spree/api/line_items_controller_spec.rb
View File

@@ -5,24 +5,27 @@ module Spree
render_views
before do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => current_api_user
end
def self.make_simple_data!
let!(:order) { FactoryGirl.create(:order, state: 'complete', completed_at: Time.zone.now) }
let!(:line_item) { FactoryGirl.create(:line_item, order: order, final_weight_volume: 500) }
allow(controller).to receive(:spree_current_user) { current_api_user }
end
#test that when a line item is updated, an order's fees are updated too
context "as an admin user" do
sign_in_as_admin!
make_simple_data!
let(:order) { FactoryGirl.create(:order, state: 'complete', completed_at: Time.zone.now) }
let(:line_item) { FactoryGirl.create(:line_item, order: order, final_weight_volume: 500) }
context "as a line item is updated" do
before { allow(controller).to receive(:order) { order } }
it "update distribution charge on the order" do
line_item_params = { order_id: order.number, id: line_item.id, line_item: { id: line_item.id, final_weight_volume: 520 }, format: :json}
allow(controller).to receive(:order) { order }
line_item_params = {
order_id: order.number,
id: line_item.id,
line_item: { id: line_item.id, final_weight_volume: 520 },
format: :json
}
expect(order).to receive(:update_distribution_charge!)
spree_post :update, line_item_params
end

69
spec/controllers/spree/api/products_controller_spec.rb
View File

@@ -1,26 +1,26 @@
require 'spec_helper'
require 'spree/api/testing_support/helpers'
module Spree
describe Spree::Api::ProductsController, type: :controller do
include Spree::Api::TestingSupport::Helpers
render_views
let(:supplier) { FactoryGirl.create(:supplier_enterprise) }
let(:supplier2) { FactoryGirl.create(:supplier_enterprise) }
let!(:product1) { FactoryGirl.create(:product, supplier: supplier) }
let!(:product2) { FactoryGirl.create(:product, supplier: supplier) }
let!(:product3) { FactoryGirl.create(:product, supplier: supplier) }
let(:product_other_supplier) { FactoryGirl.create(:product, supplier: supplier2) }
let(:supplier) { create(:supplier_enterprise) }
let(:supplier2) { create(:supplier_enterprise) }
let!(:product1) { create(:product, supplier: supplier) }
let(:product_other_supplier) { create(:product, supplier: supplier2) }
let(:attributes) { [:id, :name, :supplier, :price, :on_hand, :available_on, :permalink_live] }
let(:current_api_user) { build_stubbed(:user) }
before do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => current_api_user
allow(controller).to receive(:spree_current_user) { current_api_user }
end
context "as a normal user" do
sign_in_as_user!
before do
allow(current_api_user)
.to receive(:has_spree_role?).with("admin").and_return(false)
end
it "should deny me access to managed products" do
spree_get :managed, { :template => 'bulk_index', :format => :json }
@@ -29,10 +29,10 @@ module Spree
end
context "as an enterprise user" do
sign_in_as_enterprise_user! [:supplier]
before :each do
spree_get :index, { :template => 'bulk_index', :format => :json }
let(:current_api_user) do
user = create(:user)
user.enterprise_roles.create(enterprise: supplier)
user
end
it "retrieves a list of managed products" do
@@ -57,7 +57,10 @@ module Spree
end
context "as an administrator" do
sign_in_as_admin!
before do
allow(current_api_user)
.to receive(:has_spree_role?).with("admin").and_return(true)
end
it "retrieves a list of managed products" do
spree_get :managed, { :template => 'bulk_index', :format => :json }
@@ -72,7 +75,11 @@ module Spree
end
it "sorts products in ascending id order" do
FactoryGirl.create(:product, supplier: supplier)
FactoryGirl.create(:product, supplier: supplier)
spree_get :index, { :template => 'bulk_index', :format => :json }
ids = json_response.map{ |product| product['id'] }
ids[0].should < ids[1]
ids[1].should < ids[2]
@@ -90,14 +97,14 @@ module Spree
it "should allow available_on to be nil" do
spree_get :index, { :template => 'bulk_index', :format => :json }
json_response.size.should == 3
json_response.size.should == 1
product5 = FactoryGirl.create(:product)
product5.available_on = nil
product5.save!
spree_get :index, { :template => 'bulk_index', :format => :json }
json_response.size.should == 4
json_response.size.should == 2
end
it "soft deletes a product" do
@@ -109,38 +116,50 @@ module Spree
end
describe '#clone' do
before do
spree_post :clone, product_id: product1.id, format: :json
end
context 'as a normal user' do
sign_in_as_user!
before do
allow(current_api_user)
.to receive(:has_spree_role?).with("admin").and_return(false)
end
it 'denies access' do
spree_post :clone, product_id: product1.id, format: :json
assert_unauthorized!
end
end
context 'as an enterprise user' do
sign_in_as_enterprise_user! [:supplier]
let(:current_api_user) do
user = create(:user)
user.enterprise_roles.create(enterprise: supplier)
user
end
it 'responds with a successful response' do
spree_post :clone, product_id: product1.id, format: :json
expect(response.status).to eq(201)
end
it 'clones the product' do
spree_post :clone, product_id: product1.id, format: :json
expect(json_response['name']).to eq("COPY OF #{product1.name}")
end
end
context 'as an administrator' do
sign_in_as_admin!
before do
allow(current_api_user)
.to receive(:has_spree_role?).with("admin").and_return(true)
end
it 'responds with a successful response' do
spree_post :clone, product_id: product1.id, format: :json
expect(response.status).to eq(201)
end
it 'clones the product' do
spree_post :clone, product_id: product1.id, format: :json
expect(json_response['name']).to eq("COPY OF #{product1.name}")
end
end

3
spec/controllers/spree/api/variants_controller_spec.rb
View File

@@ -11,8 +11,7 @@ module Spree
let(:attributes) { [:id, :options_text, :price, :on_hand, :unit_value, :unit_description, :on_demand, :display_as, :display_name] }
before do
stub_authentication!
Spree.user_class.stub :find_by_spree_api_key => current_api_user
allow(controller).to receive(:spree_current_user) { current_api_user }
end
context "as a normal user" do