API v1 specs for user, config and navigation endpoints

doc/swagger.v1.yml

@@ -29,8 +29,94 @@ produces:
   - 'application/json'
 
 paths:
+  /user:
+    get:
+      summary: info about the currently logged-in user
+      tags:
+        - 1. User
+      responses:
+        200:
+          description: success
+          schema:
+            type: object
+            properties:
+              user:
+                $ref: '#/definitions/User'
+        401:
+          description: not logged-in
+          schema:
+            $ref: '#/definitions/Error401'
+      security:
+        - foodsoft_auth: ['all']
+  /config:
+    get:
+      summary: configuration variables
+      tags:
+        - 7. General
+      responses:
+        200:
+          description: success
+          schema:
+            type: object
+        401:
+          description: not logged-in
+          schema:
+            $ref: '#/definitions/Error401'
+      security:
+        - foodsoft_auth: ['all']
+  /navigation:
+    get:
+      summary: navigation
+      tags:
+        - 7. General
+      responses:
+        200:
+          description: success
+          schema:
+            type: object
+            properties:
+              navigation:
+                $ref: '#/definitions/Navigation'
+        401:
+          description: not logged-in
+          schema:
+            $ref: '#/definitions/Error401'
+      security:
+        - foodsoft_auth: ['all']
 
 definitions:
+  # models
+  User:
+    type: object
+    properties:
+      id:
+        type: integer
+      name:
+        type: string
+        description: full name
+      email:
+        type: string
+        description: email address
+      locale:
+        type: string
+        description: language code
+    required: ['id', 'name', 'email']
+  Navigation:
+    type: array
+    items:
+      type: object
+      properties:
+        name:
+          type: string
+          description: title
+        url:
+          type: string
+          description: link
+        items:
+          $ref: '#/definitions/Navigation'
+      required: ['name']
+      minProperties: 2 # name+url or name+items
+
   Error:
     type: object
     properties:

spec/api/v1/swagger_spec.rb

@@ -13,7 +13,37 @@ describe 'API v1', type: :apivore, order: :defined do
 
   subject { SwaggerCheckerFile.instance_for Rails.root.join('doc', 'swagger.v1.yml') }
 
+  context 'has valid paths' do
+    context 'user' do
+      # create multiple users to make sure we're getting the authenticated user, not just any
+      let!(:other_user_1) { create :user }
+      let!(:user)         { create :user }
+      let!(:other_user_2) { create :user }
+
+      it { is_expected.to validate(:get, '/user', 200, api_auth) }
+      it { is_expected.to validate(:get, '/user', 401) }
+
+      context 'with invalid access token' do
+        let(:api_access_token) { 'abc' }
+        it { is_expected.to validate(:get, '/user', 401, api_auth) }
+      end
+    end
+
+    context 'config' do
+      it { is_expected.to validate(:get, '/config', 200, api_auth) }
+      it { is_expected.to validate(:get, '/config', 401) }
+    end
+
+    context 'navigation' do
+      it { is_expected.to validate(:get, '/navigation', 200, api_auth) }
+      it { is_expected.to validate(:get, '/navigation', 401) }
+    end
+  end
+
+  # needs to be last context so it is always run at the end
+  context 'and finally' do
     it 'tests all documented routes' do
       is_expected.to validate_all_paths
     end
   end
+end

spec/factories/user.rb

@@ -15,6 +15,12 @@ FactoryBot.define do
         create :workgroup, role_admin: true, user_ids: [user.id]
       end
     end
+
+    trait :ordergroup do
+      after :create do |user, evaluator|
+        create :ordergroup, user_ids: [user.id]
+      end
+    end
   end
 
   factory :group do