mirror of
https://github.com/we-promise/sure.git
synced 2026-04-07 14:31:25 +00:00
69d9f51d57
* Add files via upload Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * Add merchants and tags resources to routes Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * update * update spaces * fix: Apply CodeRabbit suggestions and add YARD documentation * docs: Add API documentation for merchants and tags endpoints * fix: Address CodeRabbit feedback on documentation * fix: Use authorize_scope! instead of ensure_read_scope * test(api): Add request specs for merchants and tags endpoints * test(api): Add request specs for merchants and tags endpoints * test(api): Convert specs to Minitest format in test/ * fix: Correct indentation for private methods * fix: merchant and tag test * Enhance tag tests for family scope and access Added tests to ensure tags from other families are not returned and that attempts to access them return 404. Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * Enhance merchants controller tests for family scope Added tests to ensure that merchants from other families are not returned in the index action and that accessing a merchant from another family returns a 404 error. Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> * Fix test/implementation * Remove old token test code * Improve test --------- Signed-off-by: Jose <39016041+jospaquim@users.noreply.github.com> Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
105 lines
2.8 KiB
Ruby
105 lines
2.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "test_helper"
|
|
|
|
class Api::V1::MerchantsControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
@user = users(:family_admin)
|
|
@other_family_user = users(:empty)
|
|
|
|
# Verify cross-family isolation setup is correct
|
|
assert_not_equal @user.family_id, @other_family_user.family_id,
|
|
"Test setup error: @other_family_user must belong to a different family"
|
|
|
|
@oauth_app = Doorkeeper::Application.create!(
|
|
name: "Test App",
|
|
redirect_uri: "https://example.com/callback",
|
|
scopes: "read"
|
|
)
|
|
|
|
@access_token = Doorkeeper::AccessToken.create!(
|
|
application: @oauth_app,
|
|
resource_owner_id: @user.id,
|
|
scopes: "read"
|
|
)
|
|
|
|
@merchant = @user.family.merchants.first || @user.family.merchants.create!(
|
|
name: "Test Merchant"
|
|
)
|
|
end
|
|
|
|
# Index action tests
|
|
test "index requires authentication" do
|
|
get api_v1_merchants_url
|
|
|
|
assert_response :unauthorized
|
|
end
|
|
|
|
test "index returns user's family merchants successfully" do
|
|
get api_v1_merchants_url, headers: auth_headers
|
|
|
|
assert_response :success
|
|
|
|
merchants = JSON.parse(response.body)
|
|
assert_kind_of Array, merchants
|
|
assert_not_empty merchants
|
|
|
|
merchant = merchants.first
|
|
assert merchant.key?("id")
|
|
assert merchant.key?("name")
|
|
assert merchant.key?("created_at")
|
|
assert merchant.key?("updated_at")
|
|
end
|
|
|
|
test "index does not return merchants from other families" do
|
|
# Create a merchant in another family
|
|
other_merchant = @other_family_user.family.merchants.create!(name: "Other Merchant")
|
|
|
|
get api_v1_merchants_url, headers: auth_headers
|
|
|
|
assert_response :success
|
|
merchants = JSON.parse(response.body)
|
|
merchant_ids = merchants.map { |m| m["id"] }
|
|
|
|
assert_includes merchant_ids, @merchant.id
|
|
assert_not_includes merchant_ids, other_merchant.id
|
|
end
|
|
|
|
# Show action tests
|
|
test "show requires authentication" do
|
|
get api_v1_merchant_url(@merchant)
|
|
|
|
assert_response :unauthorized
|
|
end
|
|
|
|
test "show returns merchant successfully" do
|
|
get api_v1_merchant_url(@merchant), headers: auth_headers
|
|
|
|
assert_response :success
|
|
|
|
merchant = JSON.parse(response.body)
|
|
assert_equal @merchant.id, merchant["id"]
|
|
assert_equal @merchant.name, merchant["name"]
|
|
end
|
|
|
|
test "show returns 404 for non-existent merchant" do
|
|
get api_v1_merchant_url(id: SecureRandom.uuid), headers: auth_headers
|
|
|
|
assert_response :not_found
|
|
end
|
|
|
|
test "show returns 404 for merchant from another family" do
|
|
other_merchant = @other_family_user.family.merchants.create!(name: "Other Merchant")
|
|
|
|
get api_v1_merchant_url(other_merchant), headers: auth_headers
|
|
|
|
assert_response :not_found
|
|
end
|
|
|
|
private
|
|
|
|
def auth_headers
|
|
{ "Authorization" => "Bearer #{@access_token.token}" }
|
|
end
|
|
end
|