Replace apivore with rswag for api tests (#969)

* Replace apivore api tests with rswag
* move to OpenAPI Spec 3.0.1
* a swagger UI is now reachable at http://localhost:3000/api-docs/index.html
*  swagger file is generated by running  `RAILS_ENV=test rails rswag`
    and it was moved from /docs/swagger.v1.yml to /swagger/v1/swagger.yml

---------

Co-authored-by: viehlieb <pf@pragma-shift.net>

spec/support/api_helper.rb

@@ -5,21 +5,60 @@ module ApiHelper
     let(:user) { create(:user) }
     let(:api_scopes) { [] } # empty scopes for stricter testing (in reality this would be default_scopes)
     let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token }
-    let(:api_authorization) { "Bearer #{api_access_token}" }
+    let(:Authorization) { "Bearer #{api_access_token}" }
 
-    def self.it_handles_invalid_token(method, path, params_block = -> { api_auth })
+    def self.it_handles_invalid_token
       context 'with invalid access token' do
-        let(:api_access_token) { 'abc' }
+        let(:Authorization) { 'abc' }
 
-        it { is_expected.to validate(method, path, 401, instance_exec(&params_block)) }
+        response 401, 'not logged-in' do
+          schema '$ref' => '#/components/schemas/Error401'
+          run_test!
+        end
       end
     end
 
-    def self.it_handles_invalid_scope(method, path, params_block = -> { api_auth })
+    def self.it_handles_invalid_token_with_id
+      context 'with invalid access token' do
+        let(:Authorization) { 'abc' }
+        let(:id) { 42 } # id doesn't matter here
+
+        response 401, 'not logged-in' do
+          schema '$ref' => '#/components/schemas/Error401'
+          run_test!
+        end
+      end
+    end
+
+    def self.it_handles_invalid_scope(description = 'missing scope')
       context 'with invalid scope' do
         let(:api_scopes) { ['none'] }
 
-        it { is_expected.to validate(method, path, 403, instance_exec(&params_block)) }
+        response 403, description do
+          schema '$ref' => '#/components/schemas/Error403'
+          run_test!
+        end
+      end
+    end
+
+    def self.it_handles_invalid_scope_with_id(description = 'missing scope')
+      context 'with invalid scope' do
+        let(:api_scopes) { ['none'] }
+        let(:id) { 42 } # id doesn't matter here
+
+        response 403, description do
+          schema '$ref' => '#/components/schemas/Error403'
+          run_test!
+        end
+      end
+    end
+
+    def self.it_cannot_find_object(description = 'not found')
+      let(:id) { 'invalid' }
+
+      response 404, description do
+        schema '$ref' => '#/components/schemas/Error404'
+        run_test!
       end
     end
 
@@ -27,13 +66,25 @@ module ApiHelper
       it_handles_invalid_token(*args)
       it_handles_invalid_scope(*args)
     end
-  end
 
-  # Add authentication to parameters for {Swagger::RspecHelpers#validate}
-  # @param params [Hash] Query parameters
-  # @return Query parameters with authentication header
-  # @see Swagger::RspecHelpers#validate
-  def api_auth(params = {})
-    { '_headers' => { 'Authorization' => api_authorization } }.deep_merge(params)
+    def self.id_url_param
+      parameter name: :id, in: :path, type: :integer, required: true
+    end
+
+    def self.pagination_param
+      parameter name: :per_page, in: :query, type: :integer, required: false
+      parameter name: :page, in: :query, type: :integer, required: false
+    end
+
+    def self.q_ordered_url_param
+      parameter name: :q, in: :query, required: false,
+                description: "'member' show articles ordered by the user's ordergroup, 'all' by all members, and 'supplier' ordered at the supplier",
+                schema: {
+                  type: :object,
+                  properties: {
+                    ordered: { '$ref' => '#/components/schemas/q_ordered' }
+                  }
+                }
+    end
   end
 end