mirror of
https://github.com/we-promise/sure.git
synced 2026-04-22 21:44:11 +00:00
# test(api): Add request specs for merchants and tags endpoints (#645)
* Add files via upload Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * Add merchants and tags resources to routes Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * update * update spaces * fix: Apply CodeRabbit suggestions and add YARD documentation * docs: Add API documentation for merchants and tags endpoints * fix: Address CodeRabbit feedback on documentation * fix: Use authorize_scope! instead of ensure_read_scope * test(api): Add request specs for merchants and tags endpoints * test(api): Add request specs for merchants and tags endpoints * test(api): Convert specs to Minitest format in test/ * fix: Correct indentation for private methods * fix: merchant and tag test * Enhance tag tests for family scope and access Added tests to ensure tags from other families are not returned and that attempts to access them return 404. Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * Enhance merchants controller tests for family scope Added tests to ensure that merchants from other families are not returned in the index action and that accessing a merchant from another family returns a 404 error. Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * Fix test/implementation * Remove old token test code * Improve test --------- Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
This commit is contained in:
Jose
104
test/controllers/api/v1/merchants_controller_test.rb
Normal file
104
test/controllers/api/v1/merchants_controller_test.rb
Normal file
@@ -0,0 +1,104 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require "test_helper"
|
||||
|
||||
class Api::V1::MerchantsControllerTest < ActionDispatch::IntegrationTest
|
||||
setup do
|
||||
@user = users(:family_admin)
|
||||
@other_family_user = users(:empty)
|
||||
|
||||
# Verify cross-family isolation setup is correct
|
||||
assert_not_equal @user.family_id, @other_family_user.family_id,
|
||||
"Test setup error: @other_family_user must belong to a different family"
|
||||
|
||||
@oauth_app = Doorkeeper::Application.create!(
|
||||
name: "Test App",
|
||||
redirect_uri: "https://example.com/callback",
|
||||
scopes: "read"
|
||||
)
|
||||
|
||||
@access_token = Doorkeeper::AccessToken.create!(
|
||||
application: @oauth_app,
|
||||
resource_owner_id: @user.id,
|
||||
scopes: "read"
|
||||
)
|
||||
|
||||
@merchant = @user.family.merchants.first || @user.family.merchants.create!(
|
||||
name: "Test Merchant"
|
||||
)
|
||||
end
|
||||
|
||||
# Index action tests
|
||||
test "index requires authentication" do
|
||||
get api_v1_merchants_url
|
||||
|
||||
assert_response :unauthorized
|
||||
end
|
||||
|
||||
test "index returns user's family merchants successfully" do
|
||||
get api_v1_merchants_url, headers: auth_headers
|
||||
|
||||
assert_response :success
|
||||
|
||||
merchants = JSON.parse(response.body)
|
||||
assert_kind_of Array, merchants
|
||||
assert_not_empty merchants
|
||||
|
||||
merchant = merchants.first
|
||||
assert merchant.key?("id")
|
||||
assert merchant.key?("name")
|
||||
assert merchant.key?("created_at")
|
||||
assert merchant.key?("updated_at")
|
||||
end
|
||||
|
||||
test "index does not return merchants from other families" do
|
||||
# Create a merchant in another family
|
||||
other_merchant = @other_family_user.family.merchants.create!(name: "Other Merchant")
|
||||
|
||||
get api_v1_merchants_url, headers: auth_headers
|
||||
|
||||
assert_response :success
|
||||
merchants = JSON.parse(response.body)
|
||||
merchant_ids = merchants.map { |m| m["id"] }
|
||||
|
||||
assert_includes merchant_ids, @merchant.id
|
||||
assert_not_includes merchant_ids, other_merchant.id
|
||||
end
|
||||
|
||||
# Show action tests
|
||||
test "show requires authentication" do
|
||||
get api_v1_merchant_url(@merchant)
|
||||
|
||||
assert_response :unauthorized
|
||||
end
|
||||
|
||||
test "show returns merchant successfully" do
|
||||
get api_v1_merchant_url(@merchant), headers: auth_headers
|
||||
|
||||
assert_response :success
|
||||
|
||||
merchant = JSON.parse(response.body)
|
||||
assert_equal @merchant.id, merchant["id"]
|
||||
assert_equal @merchant.name, merchant["name"]
|
||||
end
|
||||
|
||||
test "show returns 404 for non-existent merchant" do
|
||||
get api_v1_merchant_url(id: SecureRandom.uuid), headers: auth_headers
|
||||
|
||||
assert_response :not_found
|
||||
end
|
||||
|
||||
test "show returns 404 for merchant from another family" do
|
||||
other_merchant = @other_family_user.family.merchants.create!(name: "Other Merchant")
|
||||
|
||||
get api_v1_merchant_url(other_merchant), headers: auth_headers
|
||||
|
||||
assert_response :not_found
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def auth_headers
|
||||
{ "Authorization" => "Bearer #{@access_token.token}" }
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user