Skip to content

Commit

Permalink
Merge branch 'api-credit-card-update-action'
Browse files Browse the repository at this point in the history
Resolves #208
  • Loading branch information
jordan-brough committed Jul 27, 2015
2 parents 4154681 + 3a3dd90 commit 8ec4c2a
Show file tree
Hide file tree
Showing 6 changed files with 116 additions and 54 deletions.
19 changes: 18 additions & 1 deletion api/app/controllers/spree/api/credit_cards_controller.rb
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
module Spree
module Api
class CreditCardsController < Spree::Api::BaseController
before_action :user
before_action :user, only: [:index]
before_action :find_credit_card, only: [:update]

def index
@credit_cards = user
Expand All @@ -12,6 +13,14 @@ def index
respond_with(@credit_cards)
end

def update
if @credit_card.update_attributes(credit_card_update_params)
respond_with(@credit_card, default_template: :show)
else
invalid_resource!(@credit_card)
end
end

private

def user
Expand All @@ -20,6 +29,14 @@ def user
end
end

def find_credit_card
@credit_card = Spree::CreditCard.find(params[:id])
authorize! :update, @credit_card
end

def credit_card_update_params
params.require(:credit_card).permit(permitted_credit_card_update_attributes)
end
end
end
end
2 changes: 2 additions & 0 deletions api/config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,8 @@
resources :credit_cards, only: [:index]
end

resources :credit_cards, only: [:update]

resources :properties
resources :stock_locations do
resources :stock_movements
Expand Down
136 changes: 84 additions & 52 deletions api/spec/controllers/spree/api/credit_cards_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,78 +2,110 @@

module Spree
describe Api::CreditCardsController, :type => :controller do
render_views
describe '#index' do
render_views

let!(:admin_user) do
user = Spree.user_class.new(:email => "spree@example.com", :id => 1)
user.generate_spree_api_key!
allow(user).to receive(:has_spree_role?).with('admin').and_return(true)
user
end

let!(:normal_user) do
user = Spree.user_class.new(:email => "spree2@example.com", :id => 2)
user.generate_spree_api_key!
user
end
let!(:admin_user) do
user = Spree.user_class.new(:email => "spree@example.com", :id => 1)
user.generate_spree_api_key!
allow(user).to receive(:has_spree_role?).with('admin').and_return(true)
user
end

let!(:card) { create(:credit_card, :user_id => admin_user.id, gateway_customer_profile_id: "random") }
let!(:normal_user) do
user = Spree.user_class.new(:email => "spree2@example.com", :id => 2)
user.generate_spree_api_key!
user
end

before do
stub_authentication!
end
let!(:card) { create(:credit_card, :user_id => admin_user.id, gateway_customer_profile_id: "random") }

it "the user id doesn't exist" do
api_get :index, user_id: 1000
expect(response.status).to eq(404)
end
before do
stub_authentication!
end

context "calling user is in admin role" do
let(:current_api_user) do
user = admin_user
user
it "the user id doesn't exist" do
api_get :index, user_id: 1000
expect(response.status).to eq(404)
end

it "no credit cards exist for user" do
api_get :index, user_id: normal_user.id
context "calling user is in admin role" do
let(:current_api_user) do
user = admin_user
user
end

expect(response.status).to eq(200)
expect(json_response["pages"]).to eq(0)
it "no credit cards exist for user" do
api_get :index, user_id: normal_user.id

expect(response.status).to eq(200)
expect(json_response["pages"]).to eq(0)
end

it "can view all credit cards for user" do
api_get :index, user_id: current_api_user.id

expect(response.status).to eq(200)
expect(json_response["pages"]).to eq(1)
expect(json_response["current_page"]).to eq(1)
expect(json_response["credit_cards"].length).to eq(1)
expect(json_response["credit_cards"].first["id"]).to eq(card.id)
end
end

it "can view all credit cards for user" do
api_get :index, user_id: current_api_user.id
context "calling user is not in admin role" do
let(:current_api_user) do
user = normal_user
user
end

let!(:card) { create(:credit_card, :user_id => normal_user.id, gateway_customer_profile_id: "random") }

it "can not view user" do
api_get :index, user_id: admin_user.id

expect(response.status).to eq(404)
end

expect(response.status).to eq(200)
expect(json_response["pages"]).to eq(1)
expect(json_response["current_page"]).to eq(1)
expect(json_response["credit_cards"].length).to eq(1)
expect(json_response["credit_cards"].first["id"]).to eq(card.id)
it "can view own credit cards" do
api_get :index, user_id: normal_user.id

expect(response.status).to eq(200)
expect(json_response["pages"]).to eq(1)
expect(json_response["current_page"]).to eq(1)
expect(json_response["credit_cards"].length).to eq(1)
expect(json_response["credit_cards"].first["id"]).to eq(card.id)
end
end
end

context "calling user is not in admin role" do
let(:current_api_user) do
user = normal_user
user
end
describe '#update' do
let(:credit_card) { create(:credit_card, name: 'Joe Shmoe', user: credit_card_user) }
let(:credit_card_user) { create(:user) }

let!(:card) { create(:credit_card, :user_id => normal_user.id, gateway_customer_profile_id: "random") }
before do
stub_authentication!
end

it "can not view user" do
api_get :index, user_id: admin_user.id
context 'when the user is authorized' do
let(:current_api_user) { credit_card_user }

expect(response.status).to eq(404)
it 'updates the credit card' do
expect {
api_put :update, id: credit_card.to_param, credit_card: {name: 'Jordan Brough'}
}.to change {
credit_card.reload.name
}.from('Joe Shmoe').to('Jordan Brough')
end
end

it "can view own credit cards" do
api_get :index, user_id: normal_user.id
context 'when the user is not authorized' do
let(:current_api_user) { create(:user) }

expect(response.status).to eq(200)
expect(json_response["pages"]).to eq(1)
expect(json_response["current_page"]).to eq(1)
expect(json_response["credit_cards"].length).to eq(1)
expect(json_response["credit_cards"].first["id"]).to eq(card.id)
it 'rejects the request' do
api_put :update, id: credit_card.to_param, credit_card: {name: 'Jordan Brough'}
expect(response.status).to eq(401)
end
end
end
end
Expand Down
2 changes: 1 addition & 1 deletion core/app/models/spree/ability.rb
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def grant_generic_user_permissions
can :create, ReturnAuthorization do |return_authorization|
return_authorization.order.user == user
end
can :display, CreditCard, user_id: user.id
can [:display, :update], CreditCard, user_id: user.id
can :display, Product
can :display, ProductProperty
can :display, Property
Expand Down
6 changes: 6 additions & 0 deletions core/lib/spree/core/controller_helpers/strong_parameters.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,12 @@ def permitted_attributes
to: :permitted_attributes,
prefix: :permitted

def permitted_credit_card_update_attributes
permitted_attributes.credit_card_update_attributes + [
address_attributes: permitted_address_attributes,
]
end

def permitted_payment_attributes
permitted_attributes.payment_attributes + [
source_attributes: permitted_source_attributes
Expand Down
5 changes: 5 additions & 0 deletions core/lib/spree/permitted_attributes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ module PermittedAttributes
ATTRIBUTES = [
:address_attributes,
:checkout_attributes,
:credit_card_update_attributes,
:customer_return_attributes,
:image_attributes,
:inventory_unit_attributes,
Expand Down Expand Up @@ -44,6 +45,10 @@ module PermittedAttributes
:coupon_code, :email, :shipping_method_id, :special_instructions, :use_billing
]

@@credit_card_update_attributes = [
:month, :year, :expiry, :first_name, :last_name, :name,
]

@@customer_return_attributes = [:stock_location_id, return_items_attributes: [:id, :inventory_unit_id, :return_authorization_id, :returned, :pre_tax_amount, :reception_status_event, :acceptance_status, :exchange_variant_id, :resellable]]

@@image_attributes = [:alt, :attachment, :position, :viewable_type, :viewable_id]
Expand Down

0 comments on commit 8ec4c2a

Please sign in to comment.