diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 1d3cd010..b7e21eab 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -266,7 +266,7 @@ Metrics/AbcSize: # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods, inherit_mode. # AllowedMethods: refine Metrics/BlockLength: - Max: 212 + Max: 210 # Offense count: 6 # Configuration parameters: CountBlocks. @@ -451,24 +451,6 @@ RSpec/DescribedClass: - "spec/models/ordergroup_spec.rb" - "spec/models/user_spec.rb" -# Offense count: 15 -# This cop supports unsafe autocorrection (--autocorrect-all). -RSpec/EmptyExampleGroup: - Exclude: - - 'spec/requests/api/article_categories_spec.rb' - - 'spec/requests/api/configs_spec.rb' - - 'spec/requests/api/financial_transaction_classes_spec.rb' - - 'spec/requests/api/financial_transaction_types_spec.rb' - - 'spec/requests/api/financial_transactions_spec.rb' - - 'spec/requests/api/navigations_spec.rb' - - 'spec/requests/api/order_articles_spec.rb' - - 'spec/requests/api/orders_spec.rb' - - 'spec/requests/api/user/financial_transactions_spec.rb' - - 'spec/requests/api/user/group_order_articles_spec.rb' - - 'spec/requests/api/user/users_spec.rb' - - - # Offense count: 65 # Configuration parameters: CountAsOne. RSpec/ExampleLength: @@ -599,14 +581,6 @@ RSpec/ScatteredSetup: - "spec/integration/balancing_spec.rb" - "spec/integration/login_spec.rb" -# Offense count: 4 -# Configuration parameters: AllowedPatterns, IgnoredPatterns. -# SupportedStyles: snake_case, camelCase -RSpec/VariableName: - EnforcedStyle: snake_case - AllowedPatterns: - - ^Authorization$ - # Offense count: 1 # Configuration parameters: IgnoreNameless, IgnoreSymbolicNames. RSpec/VerifiedDoubles: diff --git a/.ruby-version b/.ruby-version index 37c2961c..d48d3702 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.7.2 +2.6.9 diff --git a/Dockerfile b/Dockerfile index 95479ce2..c999b3d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.7 +FROM ruby:2.6 RUN supercronicUrl=https://github.com/aptible/supercronic/releases/download/v0.1.3/supercronic-linux-amd64 && \ supercronicBin=/usr/local/bin/supercronic && \ @@ -15,16 +15,13 @@ ENV PORT=3000 \ WORKDIR /usr/src/app -COPY Gemfile Gemfile.lock ./ -COPY plugins/ ./plugins -COPY config/ ./config +COPY . ./ # install dependencies and generate crontab RUN buildDeps='libmagic-dev' && \ apt-get update && \ apt-get install --no-install-recommends -y $buildDeps && \ echo 'gem: --no-document' >> ~/.gemrc && \ - gem install bundler && \ bundle config build.nokogiri "--use-system-libraries" && \ bundle install --deployment --without development test -j 4 && \ apt-get purge -y --auto-remove $buildDeps && \ @@ -32,8 +29,6 @@ RUN buildDeps='libmagic-dev' && \ \ bundle exec whenever >crontab -COPY . ./ - # compile assets with temporary mysql server RUN export DATABASE_URL=mysql2://localhost/temp?encoding=utf8 && \ export SECRET_KEY_BASE=thisisnotimportantnow && \ diff --git a/Dockerfile-dev b/Dockerfile-dev index 37dce5f6..ca7865a5 100644 --- a/Dockerfile-dev +++ b/Dockerfile-dev @@ -1,4 +1,4 @@ -FROM ruby:2.7 +FROM ruby:2.6 # Install dependencies RUN deps='libmagic-dev chromium nodejs' && \ @@ -19,7 +19,6 @@ ENV PORT=3000 \ WORKDIR /app -RUN gem install bundler RUN bundle config build.nokogiri "--use-system-libraries" EXPOSE 3000 diff --git a/Gemfile b/Gemfile index 01c2cfd7..a6e27fae 100644 --- a/Gemfile +++ b/Gemfile @@ -1,12 +1,11 @@ # A sample Gemfile source "https://rubygems.org" -gem "rails", '~> 7.0' -gem 'mail', '~> 2.7.1' # bug with mail 2.8.0 https://github.com/mikel/mail/issues/1489 +gem "rails", '~> 5.2' - -gem 'sassc-rails' +gem 'sass-rails' gem 'less-rails' +gem 'uglifier', '>= 1.0.3' # See https://github.com/sstephenson/execjs#readme for more supported runtimes gem 'therubyracer', platforms: :ruby @@ -47,8 +46,7 @@ gem 'whenever', require: false # For defining cronjobs, see config/schedule.rb gem 'ruby-units' gem 'attribute_normalizer' gem 'ice_cube' -# At time of development 01-06-2022 mmddyyyy necessary fix for config_helper.rb form builder was not in rubygems so we pull from github, see: https://github.com/gregschmit/recurring_select/pull/152 -gem 'recurring_select', git: 'https://github.com/gregschmit/recurring_select' +gem 'recurring_select' gem 'roo' gem 'roo-xls' gem 'spreadsheet' @@ -57,8 +55,6 @@ gem 'gaffe' gem 'ruby-filemagic' gem 'mime-types' gem 'midi-smtp-server' -gem 'rswag-api' -gem 'rswag-ui' # we use the git version of acts_as_versioned, and need to include it in this Gemfile gem 'acts_as_versioned', git: 'https://github.com/technoweenie/acts_as_versioned.git' @@ -85,8 +81,7 @@ group :development do gem 'binding_of_caller' # gem "rails-i18n-debug" # chrome debugging extension https://github.com/dejan/rails_panel - # TODO: disabled due to https://github.com/rails/rails/issues/40781 - # gem 'meta_request' + gem 'meta_request' # Get infos when not using proper eager loading gem 'bullet' @@ -117,15 +112,10 @@ group :test do gem 'rspec-core' gem 'rspec-rerun' gem 'i18n-spec' - gem 'rails-controller-testing' # code coverage gem 'simplecov', require: false gem 'simplecov-lcov', require: false # api - gem 'rswag-specs' + gem 'apivore', require: false gem 'hashie', '~> 3.4.6', require: false # https://github.com/westfieldlabs/apivore/issues/114 end - -gem "importmap-rails", "~> 1.1" - -gem "terser", "~> 1.1" diff --git a/Gemfile.lock b/Gemfile.lock index 5b1a9fe7..c53687fb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,14 +1,3 @@ -GIT - remote: https://github.com/gregschmit/recurring_select - revision: 29febc4c4abdd6c30636c33a7d2daecb09973ecf - specs: - recurring_select (3.0.0) - coffee-rails (>= 3.1) - ice_cube (>= 0.11) - jquery-rails (>= 3.0) - rails (>= 5.2) - sass-rails (>= 4.0) - GIT remote: https://github.com/technoweenie/acts_as_versioned.git revision: 63b1fc8529d028fae632fe80ec0cb25df56cd76b @@ -70,83 +59,67 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.4) - actionpack (= 7.0.4) - activesupport (= 7.0.4) + actioncable (5.2.8.1) + actionpack (= 5.2.8.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4) - actionpack (= 7.0.4) - activejob (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) - mail (>= 2.7.1) - net-imap - net-pop - net-smtp - actionmailer (7.0.4) - actionpack (= 7.0.4) - actionview (= 7.0.4) - activejob (= 7.0.4) - activesupport (= 7.0.4) + actionmailer (5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) mail (~> 2.5, >= 2.5.4) - net-imap - net-pop - net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.4) - actionview (= 7.0.4) - activesupport (= 7.0.4) - rack (~> 2.0, >= 2.2.0) + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.4) - actionpack (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) - globalid (>= 0.6.0) - nokogiri (>= 1.8.5) - actionview (7.0.4) - activesupport (= 7.0.4) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) active_model_serializers (0.10.13) actionpack (>= 4.1, < 7.1) activemodel (>= 4.1, < 7.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (7.0.4) - activesupport (= 7.0.4) + activejob (5.2.8.1) + activesupport (= 5.2.8.1) globalid (>= 0.3.6) - activemodel (7.0.4) - activesupport (= 7.0.4) - activerecord (7.0.4) - activemodel (= 7.0.4) - activesupport (= 7.0.4) - activestorage (7.0.4) - actionpack (= 7.0.4) - activejob (= 7.0.4) - activerecord (= 7.0.4) - activesupport (= 7.0.4) - marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (7.0.4) + activemodel (5.2.8.1) + activesupport (= 5.2.8.1) + activerecord (5.2.8.1) + activemodel (= 5.2.8.1) + activesupport (= 5.2.8.1) + arel (>= 9.0) + activestorage (5.2.8.1) + actionpack (= 5.2.8.1) + activerecord (= 5.2.8.1) + marcel (~> 1.0.0) + activesupport (5.2.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 1.6, < 2) - minitest (>= 5.1) - tzinfo (~> 2.0) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) acts_as_tree (2.9.1) activerecord (>= 3.0.0) addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) + apivore (1.6.2) + actionpack (>= 4, < 6) + hashie (~> 3.3) + json-schema (~> 2.5) + rspec (~> 3) + rspec-expectations (~> 3.1) + rspec-mocks (~> 3.1) apparition (0.6.0) capybara (~> 3.13, < 4) websocket-driver (>= 0.6.5) + arel (9.0.0) ast (2.4.2) attribute_normalizer (1.2.0) base32 (0.3.4) @@ -157,15 +130,15 @@ GEM bindex (0.8.1) binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) - bootsnap (1.15.0) + bootsnap (1.13.0) msgpack (~> 1.2) bootstrap-datepicker-rails (1.9.0.1) railties (>= 3.0) builder (3.2.4) - bullet (7.0.7) + bullet (7.0.3) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) - capybara (3.38.0) + capybara (3.36.0) addressable matrix mini_mime (>= 0.1.3) @@ -197,7 +170,6 @@ GEM activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) - date (3.3.3) date_time_attribute (0.1.2) activesupport (>= 3.0.0) debug_inspector (1.1.0) @@ -210,13 +182,13 @@ GEM diff-lcs (1.5.0) diffy (3.4.2) docile (1.4.0) - doorkeeper (5.6.2) + doorkeeper (5.6.0) railties (>= 5) - doorkeeper-i18n (5.2.6) + doorkeeper-i18n (5.2.5) doorkeeper (>= 5.2) email_reply_trimmer (0.1.13) - erubi (1.12.0) - eventmachine (1.0.9.1) + erubi (1.11.0) + eventmachine (1.2.7) exception_notification (4.5.0) actionmailer (>= 5.2, < 8) activesupport (>= 5.2, < 8) @@ -227,14 +199,14 @@ GEM factory_bot_rails (6.2.0) factory_bot (~> 6.2.0) railties (>= 5.0.0) - faker (3.1.0) + faker (2.22.0) i18n (>= 1.8.11, < 2) ffi (1.15.5) gaffe (1.2.0) rails (>= 4.0.0) globalid (1.0.0) activesupport (>= 5.0) - haml (6.1.1) + haml (6.0.5) temple (>= 0.8.2) thor tilt @@ -255,9 +227,6 @@ GEM i18n-spec (0.6.0) iso ice_cube (0.16.4) - importmap-rails (1.1.5) - actionpack (>= 6.0.0) - railties (>= 6.0.0) inherited_resources (1.13.1) actionpack (>= 5.2, < 7.1) has_scope (~> 0.6) @@ -266,13 +235,13 @@ GEM interception (0.5) iso (0.4.0) i18n - jquery-rails (4.5.1) + jquery-rails (4.5.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (2.6.3) - json-schema (3.0.0) - addressable (>= 2.8) + json (2.6.2) + json-schema (2.8.1) + addressable (>= 2.4) jsonapi-renderer (0.2.2) kaminari (1.2.2) activesupport (>= 4.1.0) @@ -292,7 +261,7 @@ GEM actionpack (>= 5.0) less (~> 2.6.0) sprockets (~> 3.0) - libv8 (3.16.14.19-x86_64-linux) + libv8 (3.16.14.19) listen (3.7.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) @@ -313,33 +282,29 @@ GEM thin marcel (1.0.2) matrix (0.4.2) + meta_request (0.7.3) + rack-contrib (>= 1.1, < 3) + railties (>= 3.0.0, < 7) method_source (1.0.0) midi-smtp-server (3.0.3) mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2022.0105) mini_mime (1.1.2) - minitest (5.17.0) + mini_portile2 (2.8.0) + minitest (5.16.3) mono_logger (1.1.1) msgpack (1.6.0) multi_json (1.15.0) mustermann (3.0.0) ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) - net-imap (0.3.4) - date - net-protocol - net-pop (0.1.2) - net-protocol - net-protocol (0.2.1) - timeout - net-smtp (0.3.3) - net-protocol nio4r (2.5.8) - nokogiri (1.13.10-x86_64-linux) + nokogiri (1.13.10) + mini_portile2 (~> 2.8.0) racc (~> 1.4) parallel (1.22.1) - parser (3.2.0.0) + parser (3.1.2.1) ast (~> 2.4.1) pdf-core (0.9.0) polyglot (0.3.5) @@ -357,73 +322,75 @@ GEM pry-stack_explorer (0.6.1) binding_of_caller (~> 1.0) pry (~> 0.13) - public_suffix (5.0.1) - puma (6.0.2) + public_suffix (5.0.0) + puma (5.6.5) nio4r (~> 2.0) - racc (1.6.2) - rack (2.2.5) + racc (1.6.1) + rack (2.2.4) + rack-contrib (2.3.0) + rack (~> 2.0) rack-cors (1.1.1) rack (>= 2.0.0) - rack-protection (3.0.5) + rack-protection (3.0.4) rack rack-test (2.0.2) rack (>= 1.3) - rails (7.0.4) - actioncable (= 7.0.4) - actionmailbox (= 7.0.4) - actionmailer (= 7.0.4) - actionpack (= 7.0.4) - actiontext (= 7.0.4) - actionview (= 7.0.4) - activejob (= 7.0.4) - activemodel (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) - bundler (>= 1.15.0) - railties (= 7.0.4) + rails (5.2.8.1) + actioncable (= 5.2.8.1) + actionmailer (= 5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) + activemodel (= 5.2.8.1) + activerecord (= 5.2.8.1) + activestorage (= 5.2.8.1) + activesupport (= 5.2.8.1) + bundler (>= 1.3.0) + railties (= 5.2.8.1) + sprockets-rails (>= 2.0.0) rails-assets-listjs (0.2.0.beta.4) railties (>= 3.1) - rails-controller-testing (1.0.5) - actionpack (>= 5.0.1.rc1) - actionview (>= 5.0.1.rc1) - activesupport (>= 5.0.1.rc1) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.4) loofah (~> 2.19, >= 2.19.1) - rails-i18n (7.0.6) + rails-i18n (5.1.3) i18n (>= 0.7, < 2) - railties (>= 6.0.0, < 8) + railties (>= 5.0, < 6) rails-settings-cached (0.4.3) rails (>= 4.2.0) rails_tokeninput (1.7.0) railties (>= 3.1.0) - railties (7.0.4) - actionpack (= 7.0.4) - activesupport (= 7.0.4) + railties (5.2.8.1) + actionpack (= 5.2.8.1) + activesupport (= 5.2.8.1) method_source - rake (>= 12.2) - thor (~> 1.0) - zeitwerk (~> 2.5) + rake (>= 0.8.7) + thor (>= 0.19.0, < 2.0) rainbow (3.1.1) rake (13.0.6) - ransack (3.2.1) - activerecord (>= 6.1.5) - activesupport (>= 6.1.5) + ransack (2.5.0) + activerecord (>= 5.2.4) + activesupport (>= 5.2.4) i18n rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) + recurring_select (3.0.0) + coffee-rails (>= 3.1) + ice_cube (>= 0.11) + jquery-rails (>= 3.0) + rails (>= 5.2) + sass-rails (>= 4.0) redis (5.0.5) redis-client (>= 0.9.0) - redis-client (0.11.2) + redis-client (0.9.0) connection_pool - redis-namespace (1.10.0) + redis-namespace (1.9.0) redis (>= 4) ref (2.0.0) - regexp_parser (2.6.1) + regexp_parser (2.6.0) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) @@ -433,67 +400,57 @@ GEM redis-namespace (~> 1.6) sinatra (>= 0.9.2) rexml (3.2.5) - roo (2.9.0) + roo (2.8.3) nokogiri (~> 1) rubyzip (>= 1.3.0, < 3.0.0) roo-xls (1.2.0) nokogiri roo (>= 2.0.0, < 3) spreadsheet (> 0.9.0) - rspec (3.12.0) - rspec-core (~> 3.12.0) - rspec-expectations (~> 3.12.0) - rspec-mocks (~> 3.12.0) - rspec-core (3.12.0) - rspec-support (~> 3.12.0) - rspec-expectations (3.12.1) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.12.0) - rspec-mocks (3.12.1) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.12.0) - rspec-rails (6.0.1) - actionpack (>= 6.1) - activesupport (>= 6.1) - railties (>= 6.1) - rspec-core (~> 3.11) - rspec-expectations (~> 3.11) - rspec-mocks (~> 3.11) - rspec-support (~> 3.11) + rspec-support (~> 3.11.0) + rspec-rails (5.1.2) + actionpack (>= 5.2) + activesupport (>= 5.2) + railties (>= 5.2) + rspec-core (~> 3.10) + rspec-expectations (~> 3.10) + rspec-mocks (~> 3.10) + rspec-support (~> 3.10) rspec-rerun (1.1.0) rspec (~> 3.0) - rspec-support (3.12.0) - rswag-api (2.7.0) - railties (>= 3.1, < 7.1) - rswag-specs (2.7.0) - activesupport (>= 3.1, < 7.1) - json-schema (>= 2.2, < 4.0) - railties (>= 3.1, < 7.1) - rspec-core (>= 2.14) - rswag-ui (2.7.0) - actionpack (>= 3.1, < 7.1) - railties (>= 3.1, < 7.1) - rubocop (1.43.0) + rspec-support (3.11.1) + rubocop (1.36.0) json (~> 2.3) parallel (~> 1.10) - parser (>= 3.2.0.0) + parser (>= 3.1.2.1) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.24.1, < 2.0) + rubocop-ast (>= 1.20.1, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.24.1) + unicode-display_width (>= 1.4.0, < 3.0) + rubocop-ast (1.21.0) parser (>= 3.1.1.0) - rubocop-rails (2.17.4) + rubocop-rails (2.16.1) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.33.0, < 2.0) - rubocop-rspec (2.16.0) + rubocop-rspec (2.13.2) rubocop (~> 1.33) ruby-filemagic (0.7.3) ruby-ole (1.2.12.2) - ruby-prof (1.4.5) + ruby-prof (1.4.3) ruby-progressbar (1.11.0) ruby-units (3.0.0) ruby2_keywords (0.0.5) @@ -518,21 +475,21 @@ GEM simple_form (5.1.0) actionpack (>= 5.2) activemodel (>= 5.2) - simplecov (0.22.0) + simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov-lcov (0.8.0) simplecov_json_formatter (0.1.4) - sinatra (3.0.5) + sinatra (3.0.4) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) - rack-protection (= 3.0.5) + rack-protection (= 3.0.4) tilt (~> 2.0) - skinny (0.2.4) - eventmachine (~> 1.0.0) - thin (>= 1.5, < 1.7) + skinny (0.2.2) + eventmachine (~> 1.0) + thin spreadsheet (1.3.0) ruby-ole sprockets (3.7.2) @@ -546,19 +503,17 @@ GEM sqlite3-ruby (1.3.3) sqlite3 (>= 1.3.3) table_print (1.5.7) - temple (0.9.1) - terser (1.1.13) - execjs (>= 0.3.0, < 3) + temple (0.8.2) therubyracer (0.12.3) libv8 (~> 3.16.14.15) ref - thin (1.6.2) - daemons (>= 1.0.9) - eventmachine (>= 1.0.0) - rack (>= 1.0.0) + thin (1.8.1) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) thor (1.2.1) + thread_safe (0.3.6) tilt (2.0.11) - timeout (0.3.1) ttfunk (1.7.0) twitter-bootstrap-rails (2.2.8) actionpack (>= 3.1) @@ -567,18 +522,20 @@ GEM railties (>= 3.1) twitter-text (1.14.7) unf (~> 0.1.0) - tzinfo (2.0.5) - concurrent-ruby (~> 1.0) + tzinfo (1.2.10) + thread_safe (~> 0.1) + uglifier (4.2.0) + execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext unf_ext (0.0.8.2) - unicode-display_width (2.4.2) + unicode-display_width (2.3.0) uniform_notifier (1.16.0) - web-console (4.2.0) - actionview (>= 6.0.0) - activemodel (>= 6.0.0) + web-console (3.7.0) + actionview (>= 5.0) + activemodel (>= 5.0) bindex (>= 0.4.0) - railties (>= 6.0.0) + railties (>= 5.0) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -592,15 +549,15 @@ GEM twitter-text xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.6) PLATFORMS - x86_64-linux + ruby DEPENDENCIES active_model_serializers (~> 0.10.0) acts_as_tree acts_as_versioned! + apivore apparition attribute_normalizer better_errors @@ -631,14 +588,13 @@ DEPENDENCIES i18n-js (~> 3.0.0.rc8) i18n-spec ice_cube - importmap-rails (~> 1.1) inherited_resources jquery-rails kaminari less-rails listen - mail (~> 2.7.1) mailcatcher + meta_request midi-smtp-server mime-types mysql2 @@ -648,30 +604,26 @@ DEPENDENCIES pry-stack_explorer puma rack-cors - rails (~> 7.0) + rails (~> 5.2) rails-assets-listjs (= 0.2.0.beta.4) - rails-controller-testing rails-i18n rails-settings-cached (= 0.4.3) rails_tokeninput ransack - recurring_select! + recurring_select resque roo roo-xls rspec-core rspec-rails rspec-rerun - rswag-api - rswag-specs - rswag-ui rubocop rubocop-rails rubocop-rspec ruby-filemagic ruby-prof ruby-units - sassc-rails + sass-rails sd_notify select2-rails simple-navigation (~> 3.14.0) @@ -683,11 +635,11 @@ DEPENDENCIES sprockets (< 4) sqlite3 (~> 1.3.6) table_print - terser (~> 1.1) therubyracer twitter-bootstrap-rails (~> 2.2.8) + uglifier (>= 1.0.3) web-console whenever BUNDLED WITH - 2.4.5 + 1.17.3 diff --git a/app/assets/javascripts/application_legacy.js b/app/assets/javascripts/application.js similarity index 100% rename from app/assets/javascripts/application_legacy.js rename to app/assets/javascripts/application.js diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index d01a78ca..86f9e2eb 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -18,7 +18,7 @@ class HomeController < ApplicationController @bank_accounts = @types.includes(:bank_account).map(&:bank_account).uniq.compact @bank_accounts = [BankAccount.last] if @bank_accounts.empty? else - redirect_to root_path, alert: I18n.t('group_orders.errors.no_member') + redirect_to root_url, alert: I18n.t('group_orders.errors.no_member') end end @@ -26,7 +26,7 @@ class HomeController < ApplicationController if @current_user.update(user_params) @current_user.ordergroup.update(ordergroup_params) if ordergroup_params session[:locale] = @current_user.locale - redirect_to my_profile_path, notice: I18n.t('home.changes_saved') + redirect_to my_profile_url, notice: I18n.t('home.changes_saved') else render :profile end @@ -64,7 +64,7 @@ class HomeController < ApplicationController # cancel personal memberships direct from the myProfile-page def cancel_membership if params[:membership_id] - membership = @current_user.memberships.find(params[:membership_id]) + membership = @current_user.memberships.find!(params[:membership_id]) else membership = @current_user.memberships.find_by_group_id!(params[:group_id]) end diff --git a/app/javascript/application.js b/app/javascript/application.js deleted file mode 100644 index beff742e..00000000 --- a/app/javascript/application.js +++ /dev/null @@ -1 +0,0 @@ -// Configure your import map in config/importmap.rb. Read more: https://github.com/rails/importmap-rails diff --git a/app/views/layouts/_header.html.haml b/app/views/layouts/_header.html.haml index 66e14355..974ce8f2 100644 --- a/app/views/layouts/_header.html.haml +++ b/app/views/layouts/_header.html.haml @@ -8,10 +8,10 @@ = csrf_meta_tags = stylesheet_link_tag "application", :media => "all" //%link(href="images/favicon.ico" rel="shortcut icon") + = yield(:head) = foodcoop_css_tag - %body = yield @@ -19,9 +19,7 @@ Javascripts \================================================== / Placed at the end of the document so the pages load faster - = javascript_importmap_tags - = javascript_include_tag "application_legacy" - + = javascript_include_tag "application" :javascript I18n.defaultLocale = "#{I18n.default_locale}"; I18n.locale = "#{I18n.locale}"; diff --git a/bin/importmap b/bin/importmap deleted file mode 100755 index 36502ab1..00000000 --- a/bin/importmap +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env ruby - -require_relative "../config/application" -require "importmap/commands" diff --git a/bin/setup b/bin/setup index ec47b79b..94fd4d79 100755 --- a/bin/setup +++ b/bin/setup @@ -1,33 +1,36 @@ #!/usr/bin/env ruby -require "fileutils" +require 'fileutils' +include FileUtils # path to your application root. -APP_ROOT = File.expand_path("..", __dir__) +APP_ROOT = File.expand_path('..', __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") end -FileUtils.chdir APP_ROOT do - # This script is a way to set up or update your development environment automatically. - # This script is idempotent, so that you can run it at any time and get an expectable outcome. +chdir APP_ROOT do + # This script is a starting point to setup your application. # Add necessary setup steps to this file. - puts "== Installing dependencies ==" - system! "gem install bundler --conservative" - system("bundle check") || system!("bundle install") + puts '== Installing dependencies ==' + system! 'gem install bundler --conservative' + system('bundle check') || system!('bundle install') + + # Install JavaScript dependencies if using Yarn + # system('bin/yarn') # puts "\n== Copying sample files ==" - # unless File.exist?("config/database.yml") - # FileUtils.cp "config/database.yml.sample", "config/database.yml" + # unless File.exist?('config/database.yml') + # cp 'config/database.yml.sample', 'config/database.yml' # end puts "\n== Preparing database ==" - system! "bin/rails db:prepare" + system! 'bin/rails db:setup' puts "\n== Removing old logs and tempfiles ==" - system! "bin/rails log:clear tmp:clear" + system! 'bin/rails log:clear tmp:clear' puts "\n== Restarting application server ==" - system! "bin/rails restart" + system! 'bin/rails restart' end diff --git a/config/application.rb b/config/application.rb index 9c0ade99..544e534c 100644 --- a/config/application.rb +++ b/config/application.rb @@ -9,7 +9,7 @@ Bundler.require(*Rails.groups) module Foodsoft class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 7.0 + config.load_defaults 5.0 # Settings in config/environments/* take precedence over those specified here. # Application configuration can go into files in config/initializers @@ -36,6 +36,9 @@ module Foodsoft # Configure the default encoding used in templates for Ruby 1.9. config.encoding = "utf-8" + # TODO: Remove this. See CVE-2022-32224 for details. + config.active_record.yaml_column_permitted_classes = [BigDecimal, Date, Symbol, Time] + # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true @@ -63,12 +66,6 @@ module Foodsoft # Load legacy scripts from vendor config.assets.precompile += ['vendor/assets/javascripts/*.js'] - config.active_record.yaml_column_permitted_classes = [Symbol, BigDecimal] - - config.autoloader = :zeitwerk - - # Ex:- :default =>'' - # CORS for API config.middleware.insert_before 0, Rack::Cors do allow do diff --git a/config/environments/production.rb b/config/environments/production.rb index d08234e5..0560b38d 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,5 +1,3 @@ -require "active_support/core_ext/integer/time" - # Foodsoft production configuration. # # This file is in the public domain. @@ -29,23 +27,23 @@ Rails.application.configure do config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? # Compress JavaScripts and CSS. - config.assets.js_compressor = :terser + config.assets.js_compressor = :uglifier config.assets.css_compressor = :sass # Do not fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.asset_host = "http://assets.example.com" + # config.action_controller.asset_host = 'http://assets.example.com' # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX - # Store uploaded files on the local file system (see config/storage.yml for options). + # Store uploaded files on the local file system (see config/storage.yml for options) config.active_storage.service = :local - # Mount Action Cable outside main process or domain. + # Mount Action Cable outside main process or domain # config.action_cable.mount_path = nil # config.action_cable.url = 'wss://example.com/cable' # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] @@ -53,8 +51,6 @@ Rails.application.configure do # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = ENV["RAILS_FORCE_SSL"] != "false" - # Include generic and useful information about system operation, but avoid logging too much - # information to avoid inadvertent exposure of personally identifiable information (PII). # Set to :debug to see everything in the log. config.log_level = :info @@ -67,10 +63,6 @@ Rails.application.configure do # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Use a real queuing backend for Active Job (and separate queues per environment). - # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "foodsoft_production" - config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. @@ -106,7 +98,7 @@ Rails.application.configure do end # Use default logging formatter so that PID and timestamp are not suppressed. - config.log_formatter = Logger::Formatter.new + config.log_formatter = ::Logger::Formatter.new # Use a different logger for distributed setups. # require 'syslog/logger' diff --git a/config/environments/test.rb b/config/environments/test.rb index 6ea4d1e7..ccf3767f 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,31 +1,30 @@ -require "active_support/core_ext/integer/time" - -# The test environment is used exclusively to run your application's -# test suite. You never need to work with it otherwise. Remember that -# your test database is "scratch space" for the test suite and is wiped -# and recreated between test runs. Don't rely on the data there! +# Foodsoft test configuration. +# +# This file is in the public domain. Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # Turn false under Spring and add config.action_view.cache_template_loading = true. + # The test environment is used exclusively to run your application's + # test suite. You never need to work with it otherwise. Remember that + # your test database is "scratch space" for the test suite and is wiped + # and recreated between test runs. Don't rely on the data there! config.cache_classes = true - # Eager loading loads your whole application. When running a single test locally, - # this probably isn't necessary. It's a good idea to do in a continuous integration - # system, or in some way before deploying your code. - config.eager_load = ENV["CI"].present? + # Do not eager load code on boot. This avoids loading your whole application + # just for the purpose of running a single test. If you are using a tool that + # preloads Rails for running tests, you may have to set it to true. + config.eager_load = false # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{1.hour.to_i}" + 'Cache-Control' => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - config.cache_store = :null_store # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false @@ -33,7 +32,7 @@ Rails.application.configure do # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false - # Store uploaded files on the local file system in a temporary directory. + # Store uploaded files on the local file system in a temporary directory config.active_storage.service = :test config.action_mailer.perform_caching = false @@ -46,15 +45,6 @@ Rails.application.configure do # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - - # Raises error for missing translations. - # config.i18n.raise_on_missing_translations = true - - # Annotate rendered view with file names. - # config.action_view.annotate_rendered_view_with_filenames = true + # Raises error for missing translations + # config.action_view.raise_on_missing_translations = true end diff --git a/config/importmap.rb b/config/importmap.rb deleted file mode 100644 index 050818ab..00000000 --- a/config/importmap.rb +++ /dev/null @@ -1,2 +0,0 @@ -# Pin npm packages by running ./bin/importmap -pin "application", preload: true \ No newline at end of file diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index e1c4d5fa..4b828e80 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -5,8 +5,10 @@ Rails.application.config.assets.version = '1.0' # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path +# Add Yarn node_modules folder to the asset load path. +Rails.application.config.assets.paths << Rails.root.join('node_modules') # Precompile additional assets. # application.js, application.css, and all non-JS/CSS in the app/assets # folder are already added. -Rails.application.config.assets.precompile += %w( application_legacy.js jquery.min.js ) +# Rails.application.config.assets.precompile += %w( admin.js admin.css ) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 54f47cf1..d3bcaa5e 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,25 +1,25 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy. -# See the Securing Rails Applications Guide for more information: -# https://guides.rubyonrails.org/security.html#content-security-policy-header +# Define an application-wide content security policy +# For further information see the following documentation +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -# Rails.application.configure do -# config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" -# end -# -# # Generate session nonces for permitted importmap and inline scripts -# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } -# config.content_security_policy_nonce_directives = %w(script-src) -# -# # Report violations without enforcing the policy. -# # config.content_security_policy_report_only = true +# Rails.application.config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https + +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" # end + +# If you are using UJS then enable automatic nonce generation +# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } + +# Report CSP violations to a specified URI +# For further information see the following documentation: +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only +# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb deleted file mode 100644 index e5a82f16..00000000 --- a/config/initializers/cors.rb +++ /dev/null @@ -1,16 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Avoid CORS issues when API is called from the frontend app. -# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests. - -# Read more: https://github.com/cyu/rack-cors - -# Rails.application.config.middleware.insert_before 0, Rack::Cors do -# allow do -# origins "example.com" -# -# resource "*", -# headers: :any, -# methods: [:get, :post, :put, :patch, :delete, :options, :head] -# end -# end diff --git a/config/initializers/currency_display.rb b/config/initializers/currency_display.rb index 71d108d2..7caa6a64 100644 --- a/config/initializers/currency_display.rb +++ b/config/initializers/currency_display.rb @@ -1,7 +1,7 @@ # remove all currency translations, so that we can set the default language and # have it shown in all other languages too -I18n.available_locales.each do |locale| - unless locale == I18n.default_locale - I18n.backend.store_translations(locale, number: { currency: { format: { unit: nil } } }) +::I18n.available_locales.each do |locale| + unless locale == ::I18n.default_locale + ::I18n.backend.store_translations(locale, number: { currency: { format: { unit: nil } } }) end end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index adc6568c..4a994e1e 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,8 +1,4 @@ # Be sure to restart your server when you modify this file. -# Configure parameters to be filtered from the log file. Use this to limit dissemination of -# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported -# notations and behaviors. -Rails.application.config.filter_parameters += [ - :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn -] +# Configure sensitive parameters which will be filtered from the log file. +Rails.application.config.filter_parameters += [:password] diff --git a/config/initializers/mail_receiver.rb b/config/initializers/mail_receiver.rb index 088d7c93..67288cc1 100644 --- a/config/initializers/mail_receiver.rb +++ b/config/initializers/mail_receiver.rb @@ -1,3 +1 @@ -Rails.application.config.to_prepare do - FoodsoftMailReceiver.register BounceMailReceiver -end +FoodsoftMailReceiver.register BounceMailReceiver diff --git a/config/initializers/new_framework_defaults.rb b/config/initializers/new_framework_defaults.rb new file mode 100644 index 00000000..fac64e0a --- /dev/null +++ b/config/initializers/new_framework_defaults.rb @@ -0,0 +1,17 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 5.0 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Enable per-form CSRF tokens. Previous versions had false. +Rails.application.config.action_controller.per_form_csrf_tokens = false + +# Enable origin-checking CSRF mitigation. Previous versions had false. +Rails.application.config.action_controller.forgery_protection_origin_check = false + +# Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`. +# Previous versions had false. +ActiveSupport.to_time_preserves_timezone = false diff --git a/config/initializers/new_framework_defaults_5_1.rb b/config/initializers/new_framework_defaults_5_1.rb new file mode 100644 index 00000000..9010abd5 --- /dev/null +++ b/config/initializers/new_framework_defaults_5_1.rb @@ -0,0 +1,14 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 5.1 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Make `form_with` generate non-remote forms. +Rails.application.config.action_view.form_with_generates_remote_forms = false + +# Unknown asset fallback will return the path passed in when the given +# asset is not present in the asset pipeline. +# Rails.application.config.assets.unknown_asset_fallback = false diff --git a/config/initializers/new_framework_defaults_5_2.rb b/config/initializers/new_framework_defaults_5_2.rb new file mode 100644 index 00000000..5132a0b1 --- /dev/null +++ b/config/initializers/new_framework_defaults_5_2.rb @@ -0,0 +1,38 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 5.2 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Make Active Record use stable #cache_key alongside new #cache_version method. +# This is needed for recyclable cache keys. +# Rails.application.config.active_record.cache_versioning = true + +# Use AES-256-GCM authenticated encryption for encrypted cookies. +# Also, embed cookie expiry in signed or encrypted cookies for increased security. +# +# This option is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 5.2. +# +# Existing cookies will be converted on read then written with the new scheme. +# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true + +# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages +# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true. +# Rails.application.config.active_support.use_authenticated_message_encryption = true + +# Add default protection from forgery to ActionController::Base instead of in +# ApplicationController. +# Rails.application.config.action_controller.default_protect_from_forgery = true + +# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and +# 'f' after migrating old data. +Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true + +# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. +# Rails.application.config.active_support.use_sha1_digests = true + +# Make `form_with` generate id attributes for any generated HTML tags. +# Rails.application.config.action_view.form_with_generates_ids = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb deleted file mode 100644 index 00f64d71..00000000 --- a/config/initializers/permissions_policy.rb +++ /dev/null @@ -1,11 +0,0 @@ -# Define an application-wide HTTP permissions policy. For further -# information see https://developers.google.com/web/updates/2018/06/feature-policy -# -# Rails.application.config.permissions_policy do |f| -# f.camera :none -# f.gyroscope :none -# f.microphone :none -# f.usb :none -# f.fullscreen :self -# f.payment :self, "https://secure.example.com" -# end diff --git a/config/initializers/rails6_backports.rb b/config/initializers/rails6_backports.rb new file mode 100644 index 00000000..b72f4220 --- /dev/null +++ b/config/initializers/rails6_backports.rb @@ -0,0 +1,98 @@ +raise "Remove no-longer-needed #{__FILE__}!" if Rails::VERSION::MAJOR >= 6 + +require "weakref" + +module ActiveRecord + # Backport https://github.com/rails/rails/pull/36998 and https://github.com/rails/rails/pull/36999 + # to avoid `ThreadError: can't create Thread: Resource temporarily unavailable` issues + module ConnectionAdapters + class ConnectionPool + class Reaper + @mutex = Mutex.new + @pools = {} + @threads = {} + + class << self + def register_pool(pool, frequency) # :nodoc: + @mutex.synchronize do + unless @threads[frequency]&.alive? + @threads[frequency] = spawn_thread(frequency) + end + @pools[frequency] ||= [] + @pools[frequency] << WeakRef.new(pool) + end + end + + private + + def spawn_thread(frequency) + Thread.new(frequency) do |t| + running = true + while running + sleep t + @mutex.synchronize do + @pools[frequency].select!(&:weakref_alive?) + @pools[frequency].each do |p| + p.reap + p.flush + rescue WeakRef::RefError + end + + if @pools[frequency].empty? + @pools.delete(frequency) + @threads.delete(frequency) + running = false + end + end + end + end + end + end + + def run + return unless frequency && frequency > 0 + + self.class.register_pool(pool, frequency) + end + end + + def reap + stale_connections = synchronize do + return unless @connections + + @connections.select do |conn| + conn.in_use? && !conn.owner.alive? + end.each(&:steal!) + end + + stale_connections.each do |conn| + if conn.active? + conn.reset! + checkin conn + else + remove conn + end + end + end + + def flush(minimum_idle = @idle_timeout) + return if minimum_idle.nil? + + idle_connections = synchronize do + return unless @connections + + @connections.select do |conn| + !conn.in_use? && conn.seconds_idle >= minimum_idle + end.each do |conn| + conn.lease + + @available.delete conn + @connections.delete conn + end + end + + idle_connections.each(&:disconnect!) + end + end + end +end diff --git a/config/initializers/rswag_api.rb b/config/initializers/rswag_api.rb deleted file mode 100644 index e4b798f6..00000000 --- a/config/initializers/rswag_api.rb +++ /dev/null @@ -1,13 +0,0 @@ -Rswag::Api.configure do |c| - # Specify a root folder where Swagger JSON files are located - # This is used by the Swagger middleware to serve requests for API descriptions - # NOTE: If you're using rswag-specs to generate Swagger, you'll need to ensure - # that it's configured to generate files in the same folder - c.swagger_root = Rails.root.to_s + '/swagger' - - # Inject a lambda function to alter the returned Swagger prior to serialization - # The function will have access to the rack env for the current request - # For example, you could leverage this to dynamically assign the "host" property - # - # c.swagger_filter = lambda { |swagger, env| swagger['host'] = env['HTTP_HOST'] } -end diff --git a/config/initializers/rswag_ui.rb b/config/initializers/rswag_ui.rb deleted file mode 100644 index cc9f2ef8..00000000 --- a/config/initializers/rswag_ui.rb +++ /dev/null @@ -1,15 +0,0 @@ -Rswag::Ui.configure do |c| - # List the Swagger endpoints that you want to be documented through the - # swagger-ui. The first parameter is the path (absolute or relative to the UI - # host) to the corresponding endpoint and the second is a title that will be - # displayed in the document selector. - # NOTE: If you're using rspec-api to expose Swagger files - # (under swagger_root) as JSON or YAML endpoints, then the list below should - # correspond to the relative paths for those endpoints. - - c.swagger_endpoint '/api-docs/v1/swagger.yaml', 'API V1 Docs' - - # Add Basic Auth in case your API is private - # c.basic_auth_enabled = true - # c.basic_auth_credentials 'username', 'password' -end diff --git a/config/initializers/zeitwerk.rb b/config/initializers/zeitwerk.rb deleted file mode 100644 index 9c505a26..00000000 --- a/config/initializers/zeitwerk.rb +++ /dev/null @@ -1,5 +0,0 @@ -# config/initializers/zeitwerk.rb -ActiveSupport::Dependencies - .autoload_paths - .delete("#{Rails.root}/app/controllers/concerns") - \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 83e65707..5b27eba4 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,6 +1,4 @@ Rails.application.routes.draw do - mount Rswag::Ui::Engine => '/api-docs' - mount Rswag::Api::Engine => '/api-docs' get "order_comments/new" get "comments/new" diff --git a/db/migrate/20230106144438_add_service_name_to_active_storage_blobs.active_storage.rb b/db/migrate/20230106144438_add_service_name_to_active_storage_blobs.active_storage.rb deleted file mode 100644 index a15c6ce8..00000000 --- a/db/migrate/20230106144438_add_service_name_to_active_storage_blobs.active_storage.rb +++ /dev/null @@ -1,22 +0,0 @@ -# This migration comes from active_storage (originally 20190112182829) -class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0] - def up - return unless table_exists?(:active_storage_blobs) - - unless column_exists?(:active_storage_blobs, :service_name) - add_column :active_storage_blobs, :service_name, :string - - if configured_service = ActiveStorage::Blob.service.name - ActiveStorage::Blob.unscoped.update_all(service_name: configured_service) - end - - change_column :active_storage_blobs, :service_name, :string, null: false - end - end - - def down - return unless table_exists?(:active_storage_blobs) - - remove_column :active_storage_blobs, :service_name - end -end diff --git a/db/migrate/20230106144439_create_active_storage_variant_records.active_storage.rb b/db/migrate/20230106144439_create_active_storage_variant_records.active_storage.rb deleted file mode 100644 index e1020fc9..00000000 --- a/db/migrate/20230106144439_create_active_storage_variant_records.active_storage.rb +++ /dev/null @@ -1,28 +0,0 @@ -# This migration comes from active_storage (originally 20191206030411) -class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0] - def change - return unless table_exists?(:active_storage_blobs) - - # Use Active Record's configured type for primary key - create_table :active_storage_variant_records, id: primary_key_type, if_not_exists: true do |t| - t.belongs_to :blob, null: false, index: false, type: blobs_primary_key_type - t.string :variation_digest, null: false - - t.index [:blob_id, :variation_digest], name: "index_active_storage_variant_records_uniqueness", unique: true - t.foreign_key :active_storage_blobs, column: :blob_id - end - end - - private - - def primary_key_type - config = Rails.configuration.generators - config.options[config.orm][:primary_key_type] || :primary_key - end - - def blobs_primary_key_type - pkey_name = connection.primary_key(:active_storage_blobs) - pkey_column = connection.columns(:active_storage_blobs).find { |c| c.name == pkey_name } - pkey_column.bigint? ? :bigint : pkey_column.type - end -end diff --git a/db/migrate/20230106144440_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb b/db/migrate/20230106144440_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb deleted file mode 100644 index 93c8b85a..00000000 --- a/db/migrate/20230106144440_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb +++ /dev/null @@ -1,8 +0,0 @@ -# This migration comes from active_storage (originally 20211119233751) -class RemoveNotNullOnActiveStorageBlobsChecksum < ActiveRecord::Migration[6.0] - def change - return unless table_exists?(:active_storage_blobs) - - change_column_null(:active_storage_blobs, :checksum, true) - end -end diff --git a/db/schema.rb b/db/schema.rb index 50c24c41..ce812b3f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2,60 +2,54 @@ # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. # -# This file is the source Rails uses to define your schema when running `bin/rails -# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to -# be faster and is potentially less error prone than running all of your -# migrations from scratch. Old migrations may fail to apply correctly if those -# migrations use external dependencies or application code. +# Note that this schema.rb definition is the authoritative source for your +# database schema. If you need to create the application database on another +# system, you should be using db:schema:load, not running all the migrations +# from scratch. The latter is a flawed and unsustainable approach (the more migrations +# you'll amass, the slower it'll run and the greater likelihood for issues). # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do - create_table "active_storage_attachments", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| +ActiveRecord::Schema.define(version: 2021_02_05_090257) do + + create_table "active_storage_attachments", id: :integer, force: :cascade do |t| t.string "name", null: false t.string "record_type", null: false t.bigint "record_id", null: false t.bigint "blob_id", null: false - t.datetime "created_at", precision: nil, null: false + t.datetime "created_at", null: false t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id" t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true end - create_table "active_storage_blobs", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "active_storage_blobs", id: :integer, force: :cascade do |t| t.string "key", null: false t.string "filename", null: false t.string "content_type" t.text "metadata" t.bigint "byte_size", null: false - t.string "checksum" - t.datetime "created_at", precision: nil, null: false - t.string "service_name", null: false + t.string "checksum", null: false + t.datetime "created_at", null: false t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true end - create_table "active_storage_variant_records", charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| - t.integer "blob_id", null: false - t.string "variation_digest", null: false - t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true - end - - create_table "article_categories", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "article_categories", id: :integer, force: :cascade do |t| t.string "name", default: "", null: false t.string "description" t.index ["name"], name: "index_article_categories_on_name", unique: true end - create_table "article_prices", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "article_prices", id: :integer, force: :cascade do |t| t.integer "article_id", null: false t.decimal "price", precision: 8, scale: 2, default: "0.0", null: false t.decimal "tax", precision: 8, scale: 2, default: "0.0", null: false t.decimal "deposit", precision: 8, scale: 2, default: "0.0", null: false t.integer "unit_quantity" - t.datetime "created_at", precision: nil + t.datetime "created_at" t.index ["article_id"], name: "index_article_prices_on_article_id" end - create_table "articles", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "articles", id: :integer, force: :cascade do |t| t.string "name", default: "", null: false t.integer "supplier_id", default: 0, null: false t.integer "article_category_id", default: 0, null: false @@ -64,15 +58,15 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.boolean "availability", default: true, null: false t.string "manufacturer" t.string "origin" - t.datetime "shared_updated_on", precision: nil + t.datetime "shared_updated_on" t.decimal "price", precision: 8, scale: 2 t.float "tax" t.decimal "deposit", precision: 8, scale: 2, default: "0.0" t.integer "unit_quantity", default: 1, null: false t.string "order_number" - t.datetime "created_at", precision: nil - t.datetime "updated_at", precision: nil - t.datetime "deleted_at", precision: nil + t.datetime "created_at" + t.datetime "updated_at" + t.datetime "deleted_at" t.string "type" t.integer "quantity", default: 0 t.index ["article_category_id"], name: "index_articles_on_article_category_id" @@ -81,31 +75,31 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.index ["type"], name: "index_articles_on_type" end - create_table "assignments", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "assignments", id: :integer, force: :cascade do |t| t.integer "user_id", default: 0, null: false t.integer "task_id", default: 0, null: false t.boolean "accepted", default: false t.index ["user_id", "task_id"], name: "index_assignments_on_user_id_and_task_id", unique: true end - create_table "bank_accounts", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "bank_accounts", id: :integer, force: :cascade do |t| t.string "name", null: false t.string "iban" t.string "description" t.decimal "balance", precision: 12, scale: 2, default: "0.0", null: false - t.datetime "last_import", precision: nil + t.datetime "last_import" t.string "import_continuation_point" t.integer "bank_gateway_id" end - create_table "bank_gateways", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "bank_gateways", id: :integer, force: :cascade do |t| t.string "name", null: false t.string "url", null: false t.string "authorization" t.integer "unattended_user_id" end - create_table "bank_transactions", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "bank_transactions", id: :integer, force: :cascade do |t| t.integer "bank_account_id", null: false t.string "external_id" t.date "date" @@ -114,32 +108,32 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.string "reference" t.text "text" t.text "receipt" - t.binary "image", size: :medium + t.binary "image", limit: 16777215 t.integer "financial_link_id" t.index ["financial_link_id"], name: "index_bank_transactions_on_financial_link_id" end - create_table "documents", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "documents", id: :integer, force: :cascade do |t| t.string "name" t.string "mime" - t.binary "data", size: :long + t.binary "data", limit: 4294967295 t.integer "created_by_user_id" - t.datetime "created_at", precision: nil - t.datetime "updated_at", precision: nil + t.datetime "created_at" + t.datetime "updated_at" t.integer "parent_id" t.index ["parent_id"], name: "index_documents_on_parent_id" end - create_table "financial_links", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "financial_links", id: :integer, force: :cascade do |t| t.text "note" end - create_table "financial_transaction_classes", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "financial_transaction_classes", id: :integer, force: :cascade do |t| t.string "name", null: false t.boolean "ignore_for_account_balance", default: false, null: false end - create_table "financial_transaction_types", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "financial_transaction_types", id: :integer, force: :cascade do |t| t.string "name", null: false t.integer "financial_transaction_class_id", null: false t.string "name_short" @@ -147,12 +141,12 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.index ["name_short"], name: "index_financial_transaction_types_on_name_short" end - create_table "financial_transactions", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "financial_transactions", id: :integer, force: :cascade do |t| t.integer "ordergroup_id" t.decimal "amount", precision: 8, scale: 2, default: "0.0", null: false t.text "note", null: false t.integer "user_id", default: 0, null: false - t.datetime "created_on", precision: nil, null: false + t.datetime "created_on", null: false t.integer "financial_transaction_type_id", null: false t.integer "financial_link_id" t.integer "reverts_id" @@ -161,20 +155,20 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.index ["reverts_id"], name: "index_financial_transactions_on_reverts_id", unique: true end - create_table "group_order_article_quantities", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "group_order_article_quantities", id: :integer, force: :cascade do |t| t.integer "group_order_article_id", default: 0, null: false t.integer "quantity", default: 0 t.integer "tolerance", default: 0 - t.datetime "created_on", precision: nil, null: false + t.datetime "created_on", null: false t.index ["group_order_article_id"], name: "index_group_order_article_quantities_on_group_order_article_id" end - create_table "group_order_articles", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "group_order_articles", id: :integer, force: :cascade do |t| t.integer "group_order_id", default: 0, null: false t.integer "order_article_id", default: 0, null: false t.integer "quantity", default: 0, null: false t.integer "tolerance", default: 0, null: false - t.datetime "updated_on", precision: nil, null: false + t.datetime "updated_on", null: false t.decimal "result", precision: 8, scale: 3 t.decimal "result_computed", precision: 8, scale: 3 t.index ["group_order_id", "order_article_id"], name: "goa_index", unique: true @@ -182,12 +176,12 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.index ["order_article_id"], name: "index_group_order_articles_on_order_article_id" end - create_table "group_orders", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "group_orders", id: :integer, force: :cascade do |t| t.integer "ordergroup_id" t.integer "order_id", default: 0, null: false t.decimal "price", precision: 8, scale: 2, default: "0.0", null: false t.integer "lock_version", default: 0, null: false - t.datetime "updated_on", precision: nil, null: false + t.datetime "updated_on", null: false t.integer "updated_by_user_id" t.decimal "transport", precision: 8, scale: 2 t.index ["order_id"], name: "index_group_orders_on_order_id" @@ -195,18 +189,18 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.index ["ordergroup_id"], name: "index_group_orders_on_ordergroup_id" end - create_table "groups", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "groups", id: :integer, force: :cascade do |t| t.string "type", default: "", null: false t.string "name", default: "", null: false t.string "description" t.decimal "account_balance", precision: 12, scale: 2, default: "0.0", null: false - t.datetime "created_on", precision: nil, null: false + t.datetime "created_on", null: false t.boolean "role_admin", default: false, null: false t.boolean "role_suppliers", default: false, null: false t.boolean "role_article_meta", default: false, null: false t.boolean "role_finance", default: false, null: false t.boolean "role_orders", default: false, null: false - t.datetime "deleted_at", precision: nil + t.datetime "deleted_at" t.string "contact_person" t.string "contact_phone" t.string "contact_address" @@ -220,16 +214,16 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.index ["name"], name: "index_groups_on_name", unique: true end - create_table "invites", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "invites", id: :integer, force: :cascade do |t| t.string "token", default: "", null: false - t.datetime "expires_at", precision: nil, null: false + t.datetime "expires_at", null: false t.integer "group_id", default: 0, null: false t.integer "user_id", default: 0, null: false t.string "email", default: "", null: false t.index ["token"], name: "index_invites_on_token" end - create_table "invoices", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "invoices", id: :integer, force: :cascade do |t| t.integer "supplier_id" t.string "number" t.date "date" @@ -238,16 +232,16 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.decimal "amount", precision: 8, scale: 2, default: "0.0", null: false t.decimal "deposit", precision: 8, scale: 2, default: "0.0", null: false t.decimal "deposit_credit", precision: 8, scale: 2, default: "0.0", null: false - t.datetime "created_at", precision: nil - t.datetime "updated_at", precision: nil + t.datetime "created_at" + t.datetime "updated_at" t.integer "created_by_user_id" t.string "attachment_mime" - t.binary "attachment_data", size: :medium + t.binary "attachment_data", limit: 16777215 t.integer "financial_link_id" t.index ["supplier_id"], name: "index_invoices_on_supplier_id" end - create_table "links", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "links", id: :integer, force: :cascade do |t| t.string "name", null: false t.string "url", null: false t.integer "workgroup_id" @@ -255,81 +249,81 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.string "authorization" end - create_table "mail_delivery_status", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| - t.datetime "created_at", precision: nil + create_table "mail_delivery_status", id: :integer, force: :cascade do |t| + t.datetime "created_at" t.string "email", null: false t.string "message", null: false t.string "attachment_mime" - t.binary "attachment_data", size: :long + t.binary "attachment_data", limit: 4294967295 t.index ["email"], name: "index_mail_delivery_status_on_email" end - create_table "memberships", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "memberships", id: :integer, force: :cascade do |t| t.integer "group_id", default: 0, null: false t.integer "user_id", default: 0, null: false t.index ["user_id", "group_id"], name: "index_memberships_on_user_id_and_group_id", unique: true end - create_table "message_recipients", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "message_recipients", id: :integer, force: :cascade do |t| t.integer "message_id", null: false t.integer "user_id", null: false t.integer "email_state", default: 0, null: false - t.datetime "read_at", precision: nil + t.datetime "read_at" t.index ["message_id"], name: "index_message_recipients_on_message_id" t.index ["user_id", "read_at"], name: "index_message_recipients_on_user_id_and_read_at" end - create_table "messages", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "messages", id: :integer, force: :cascade do |t| t.integer "sender_id" t.string "subject", null: false t.text "body" t.boolean "private", default: false - t.datetime "created_at", precision: nil + t.datetime "created_at" t.integer "reply_to" t.integer "group_id" t.string "salt" - t.binary "received_email", size: :medium + t.binary "received_email", limit: 16777215 end - create_table "oauth_access_grants", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "oauth_access_grants", id: :integer, force: :cascade do |t| t.integer "resource_owner_id", null: false t.integer "application_id", null: false t.string "token", null: false t.integer "expires_in", null: false t.text "redirect_uri", null: false - t.datetime "created_at", precision: nil, null: false - t.datetime "revoked_at", precision: nil + t.datetime "created_at", null: false + t.datetime "revoked_at" t.string "scopes" t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true end - create_table "oauth_access_tokens", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "oauth_access_tokens", id: :integer, force: :cascade do |t| t.integer "resource_owner_id" t.integer "application_id" t.string "token", null: false t.string "refresh_token" t.integer "expires_in" - t.datetime "revoked_at", precision: nil - t.datetime "created_at", precision: nil, null: false + t.datetime "revoked_at" + t.datetime "created_at", null: false t.string "scopes" t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id" t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true end - create_table "oauth_applications", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "oauth_applications", id: :integer, force: :cascade do |t| t.string "name", null: false t.string "uid", null: false t.string "secret", null: false t.text "redirect_uri", null: false t.string "scopes", default: "", null: false - t.datetime "created_at", precision: nil - t.datetime "updated_at", precision: nil + t.datetime "created_at" + t.datetime "updated_at" t.boolean "confidential", default: true, null: false t.index ["uid"], name: "index_oauth_applications_on_uid", unique: true end - create_table "order_articles", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "order_articles", id: :integer, force: :cascade do |t| t.integer "order_id", default: 0, null: false t.integer "article_id", default: 0, null: false t.integer "quantity", default: 0, null: false @@ -343,45 +337,45 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.index ["order_id"], name: "index_order_articles_on_order_id" end - create_table "order_comments", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "order_comments", id: :integer, force: :cascade do |t| t.integer "order_id" t.integer "user_id" t.text "text" - t.datetime "created_at", precision: nil + t.datetime "created_at" t.index ["order_id"], name: "index_order_comments_on_order_id" end - create_table "orders", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "orders", id: :integer, force: :cascade do |t| t.integer "supplier_id" t.text "note" - t.datetime "starts", precision: nil - t.datetime "ends", precision: nil + t.datetime "starts" + t.datetime "ends" t.string "state", default: "open" t.integer "lock_version", default: 0, null: false t.integer "updated_by_user_id" t.decimal "foodcoop_result", precision: 8, scale: 2 t.integer "created_by_user_id" - t.datetime "boxfill", precision: nil + t.datetime "boxfill" t.integer "invoice_id" t.date "pickup" - t.datetime "last_sent_mail", precision: nil + t.datetime "last_sent_mail" t.integer "end_action", default: 0, null: false t.decimal "transport", precision: 8, scale: 2 t.index ["state"], name: "index_orders_on_state" end - create_table "page_versions", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "page_versions", id: :integer, force: :cascade do |t| t.integer "page_id" t.integer "lock_version" t.text "body" t.integer "updated_by" t.integer "redirect" t.integer "parent_id" - t.datetime "updated_at", precision: nil + t.datetime "updated_at" t.index ["page_id"], name: "index_page_versions_on_page_id" end - create_table "pages", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "pages", id: :integer, force: :cascade do |t| t.string "title" t.text "body" t.string "permalink" @@ -389,41 +383,41 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.integer "updated_by" t.integer "redirect" t.integer "parent_id" - t.datetime "created_at", precision: nil - t.datetime "updated_at", precision: nil + t.datetime "created_at" + t.datetime "updated_at" t.index ["permalink"], name: "index_pages_on_permalink" t.index ["title"], name: "index_pages_on_title" end - create_table "periodic_task_groups", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "periodic_task_groups", id: :integer, force: :cascade do |t| t.date "next_task_date" - t.datetime "created_at", precision: nil, null: false - t.datetime "updated_at", precision: nil, null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end - create_table "poll_choices", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "poll_choices", id: :integer, force: :cascade do |t| t.integer "poll_vote_id", null: false t.integer "choice", null: false t.integer "value", null: false t.index ["poll_vote_id", "choice"], name: "index_poll_choices_on_poll_vote_id_and_choice", unique: true end - create_table "poll_votes", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "poll_votes", id: :integer, force: :cascade do |t| t.integer "poll_id", null: false t.integer "user_id", null: false t.integer "ordergroup_id" t.text "note" - t.datetime "created_at", precision: nil - t.datetime "updated_at", precision: nil + t.datetime "created_at" + t.datetime "updated_at" t.index ["poll_id", "user_id", "ordergroup_id"], name: "index_poll_votes_on_poll_id_and_user_id_and_ordergroup_id", unique: true end - create_table "polls", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "polls", id: :integer, force: :cascade do |t| t.integer "created_by_user_id", null: false t.string "name", null: false t.text "description" - t.datetime "starts", precision: nil - t.datetime "ends", precision: nil + t.datetime "starts" + t.datetime "ends" t.boolean "one_vote_per_ordergroup", default: false, null: false t.text "required_ordergroup_custom_fields" t.text "required_user_custom_fields" @@ -433,66 +427,66 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.integer "multi_select_count", default: 0, null: false t.integer "min_points" t.integer "max_points" - t.datetime "created_at", precision: nil - t.datetime "updated_at", precision: nil + t.datetime "created_at" + t.datetime "updated_at" t.index ["final_choice"], name: "index_polls_on_final_choice" end - create_table "printer_job_updates", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "printer_job_updates", id: :integer, force: :cascade do |t| t.integer "printer_job_id", null: false - t.datetime "created_at", precision: nil, null: false + t.datetime "created_at", null: false t.string "state", null: false t.text "message" t.index ["printer_job_id", "created_at"], name: "index_printer_job_updates_on_printer_job_id_and_created_at" end - create_table "printer_jobs", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "printer_jobs", id: :integer, force: :cascade do |t| t.integer "order_id" t.string "document", null: false t.integer "created_by_user_id", null: false t.integer "finished_by_user_id" - t.datetime "finished_at", precision: nil + t.datetime "finished_at" t.index ["finished_at"], name: "index_printer_jobs_on_finished_at" end - create_table "settings", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "settings", id: :integer, force: :cascade do |t| t.string "var", null: false t.text "value" t.integer "thing_id" t.string "thing_type", limit: 30 - t.datetime "created_at", precision: nil, null: false - t.datetime "updated_at", precision: nil, null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.index ["thing_type", "thing_id", "var"], name: "index_settings_on_thing_type_and_thing_id_and_var", unique: true end - create_table "stock_changes", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "stock_changes", id: :integer, force: :cascade do |t| t.integer "stock_event_id" t.integer "order_id" t.integer "stock_article_id" t.integer "quantity", default: 0 - t.datetime "created_at", precision: nil + t.datetime "created_at" t.index ["stock_article_id"], name: "index_stock_changes_on_stock_article_id" t.index ["stock_event_id"], name: "index_stock_changes_on_stock_event_id" end - create_table "stock_events", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "stock_events", id: :integer, force: :cascade do |t| t.integer "supplier_id" t.date "date" - t.datetime "created_at", precision: nil + t.datetime "created_at" t.text "note" t.integer "invoice_id" t.string "type", null: false t.index ["supplier_id"], name: "index_stock_events_on_supplier_id" end - create_table "supplier_categories", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "supplier_categories", id: :integer, force: :cascade do |t| t.string "name", null: false t.string "description" t.integer "financial_transaction_class_id" t.integer "bank_account_id" end - create_table "suppliers", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "suppliers", id: :integer, force: :cascade do |t| t.string "name", default: "", null: false t.string "address", default: "", null: false t.string "phone", default: "", null: false @@ -507,21 +501,21 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.string "note" t.integer "shared_supplier_id" t.string "min_order_quantity" - t.datetime "deleted_at", precision: nil + t.datetime "deleted_at" t.string "shared_sync_method" t.string "iban" t.integer "supplier_category_id" t.index ["name"], name: "index_suppliers_on_name", unique: true end - create_table "tasks", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "tasks", id: :integer, force: :cascade do |t| t.string "name", default: "", null: false t.text "description" t.date "due_date" t.boolean "done", default: false t.integer "workgroup_id" - t.datetime "created_on", precision: nil, null: false - t.datetime "updated_on", precision: nil, null: false + t.datetime "created_on", null: false + t.datetime "updated_on", null: false t.integer "required_users", default: 1 t.integer "duration", default: 1 t.integer "periodic_task_group_id" @@ -531,7 +525,7 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.index ["workgroup_id"], name: "index_tasks_on_workgroup_id" end - create_table "users", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + create_table "users", id: :integer, force: :cascade do |t| t.string "nick" t.string "password_hash", default: "", null: false t.string "password_salt", default: "", null: false @@ -539,16 +533,15 @@ ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do t.string "last_name", default: "", null: false t.string "email", default: "", null: false t.string "phone" - t.datetime "created_on", precision: nil, null: false + t.datetime "created_on", null: false t.string "reset_password_token" - t.datetime "reset_password_expires", precision: nil - t.datetime "last_login", precision: nil - t.datetime "last_activity", precision: nil - t.datetime "deleted_at", precision: nil + t.datetime "reset_password_expires" + t.datetime "last_login" + t.datetime "last_activity" + t.datetime "deleted_at" t.string "iban" t.index ["email"], name: "index_users_on_email", unique: true t.index ["nick"], name: "index_users_on_nick", unique: true end - add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id" end diff --git a/db/seeds/seed_helper.rb b/db/seeds/seed_helper.rb index a1f958bf..574be356 100644 --- a/db/seeds/seed_helper.rb +++ b/db/seeds/seed_helper.rb @@ -8,10 +8,10 @@ def seed_group_orders # order 3..12 times a random article go = og.group_orders.create!(order: order, updated_by_user_id: 1) - (rand(10) + 3).times do + (3 + rand(10)).times do goa = go.group_order_articles.find_or_create_by!(order_article: order.order_articles.offset(rand(noas)).first) unit_quantity = goa.order_article.price.unit_quantity - goa.update_quantities rand([4, unit_quantity * 2 + 2].max), rand(unit_quantity) + goa.update_quantities rand([4, 2 * unit_quantity + 2].max), rand(unit_quantity) end end # update totals diff --git a/doc/API.md b/doc/API.md index f295e82f..2e09cfa4 100644 --- a/doc/API.md +++ b/doc/API.md @@ -5,11 +5,9 @@ like listing open orders, updating the ordergroup's order, and listing financial transactions. Not all Foodsoft functionality is available through the API, but we're open for new additions. -The API is documented using [Open API 3.0.1](https://github.com/OAI/OpenAPI-Specification) -/ [Swagger](https://swagger.io/) in [swagger.yaml](/swagger/v1/swagger.yaml). +The API is documented using [Open API 2.0](https://github.com/OAI/OpenAPI-Specification) +/ [Swagger](https://swagger.io/) in [swagger.v1.yml](swagger.v1.yml). This provides a machine-readable reference that is used to provide documentation. -It is generated by [rswag](https://github.com/rswag) wich also provides api-tests. -It can be generated running `RAILS_ENV=test rails rswag`. **Note:** the current OAuth scopes may be subject to change, until the next release of Foodsoft. diff --git a/doc/swagger.v1.yml b/doc/swagger.v1.yml new file mode 100644 index 00000000..d8e793d3 --- /dev/null +++ b/doc/swagger.v1.yml @@ -0,0 +1,1106 @@ +swagger: '2.0' +info: + title: Foodsoft API v1 + version: '1.0.0' + description: > + [Foodsoft](https://github.com/foodcoops/foodsoft) is web-based software to manage + a non-profit food coop (product catalog, ordering, accounting, job scheduling). + + + This is a description of Foodsoft's API v1. + + + Note that each food cooperative typically has their own instance (on a shared + server or their own installation), and there are just as many APIs (if the Foodsoft + version is recent enough). + This API description points to the default development url with the default + Foodsoft scope - that would be [http://localhost:3000/f](http://localhost:3000/f). + + You may find the search parameters for index endpoints lacking. They are not + documented here, because there are too many combinations. For now, you'll need + to resort to [Ransack](https://github.com/activerecord-hackery/ransack) and + looking at Foodsoft's `ransackable_*` model class methods. +externalDocs: + description: General Foodsoft API documentation + url: https://github.com/foodcoops/foodsoft/blob/master/doc/API.md + +# development url with default scope +host: localhost:3000 +schemes: + - 'http' +basePath: /f/api/v1 + +produces: + - 'application/json' + +paths: + /user: + get: + summary: info about the currently logged-in user + tags: + - 1. User + responses: + 200: + description: success + schema: + type: object + properties: + user: + $ref: '#/definitions/User' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope + schema: + $ref: '#/definitions/Error403' + security: + - foodsoft_auth: ['user:read', 'user:write'] + + /user/financial_overview: + get: + summary: financial summary about the currently logged-in user + tags: + - 1. User + - 6. FinancialTransaction + responses: + 200: + description: success + schema: + type: object + properties: + financial_overview: + $ref: '#/definitions/FinanceOverview' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope + schema: + $ref: '#/definitions/Error403' + security: + - foodsoft_auth: ['finance:user'] + + /user/financial_transactions: + get: + summary: financial transactions of the member's ordergroup + tags: + - 1. User + - 6. FinancialTransaction + parameters: + - $ref: '#/parameters/page' + - $ref: '#/parameters/per_page' + responses: + 200: + description: success + schema: + type: object + properties: + financial_transactions: + type: array + items: + $ref: '#/definitions/FinancialTransaction' + meta: + $ref: '#/definitions/Meta' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: user has no ordergroup or missing scope + schema: + $ref: '#/definitions/Error403' + security: + - foodsoft_auth: ['finance:user'] + post: + summary: create new financial transaction (requires enabled self service) + tags: + - 1. User + - 6. FinancialTransaction + parameters: + - in: body + name: body + description: financial transaction to create + required: true + schema: + $ref: '#/definitions/FinancialTransactionForCreate' + responses: + 200: + description: success + schema: + type: object + properties: + financial_transaction: + $ref: '#/definitions/FinancialTransaction' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: user has no ordergroup, is below minimum balance, self service is disabled, or missing scope + schema: + $ref: '#/definitions/Error403' + 404: + description: financial transaction type not found + schema: + $ref: '#/definitions/Error404' + 422: + description: invalid parameter value + schema: + $ref: '#/definitions/Error422' + /user/financial_transactions/{id}: + parameters: + - $ref: '#/parameters/idInUrl' + get: + summary: find financial transaction by id + tags: + - 1. User + - 6. FinancialTransaction + responses: + 200: + description: success + schema: + type: object + properties: + financial_transaction: + $ref: '#/definitions/FinancialTransaction' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: user has no ordergroup or missing scope + schema: + $ref: '#/definitions/Error403' + 404: + description: not found + schema: + $ref: '#/definitions/Error404' + security: + - foodsoft_auth: ['finance:user'] + + /user/group_order_articles: + get: + summary: group order articles + tags: + - 1. User + - 2. Order + parameters: + - $ref: '#/parameters/page' + - $ref: '#/parameters/per_page' + - $ref: '#/parameters/q_ordered' + responses: + 200: + description: success + schema: + type: object + properties: + group_order_articles: + type: array + items: + $ref: '#/definitions/GroupOrderArticle' + meta: + $ref: '#/definitions/Meta' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: user has no ordergroup or missing scope + schema: + $ref: '#/definitions/Error403' + security: + - foodsoft_auth: ['group_orders:user'] + post: + summary: create new group order article + tags: + - 1. User + - 2. Order + parameters: + - in: body + name: body + description: group order article to create + required: true + schema: + $ref: '#/definitions/GroupOrderArticleForCreate' + responses: + 200: + description: success + schema: + type: object + properties: + group_order_article: + $ref: '#/definitions/GroupOrderArticle' + order_article: + $ref: '#/definitions/OrderArticle' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope + schema: + $ref: '#/definitions/Error403' + 404: + description: order article not found in open orders + schema: + $ref: '#/definitions/Error404' + 422: + description: invalid parameter value or group order article already exists + schema: + $ref: '#/definitions/Error422' + /user/group_order_articles/{id}: + parameters: + - $ref: '#/parameters/idInUrl' + get: + summary: find group order article by id + tags: + - 1. User + - 2. Order + responses: + 200: + description: success + schema: + type: object + properties: + group_order_article: + $ref: '#/definitions/GroupOrderArticle' + order_article: + $ref: '#/definitions/OrderArticle' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: user has no ordergroup or missing scope + schema: + $ref: '#/definitions/Error403' + 404: + description: not found + schema: + $ref: '#/definitions/Error404' + security: + - foodsoft_auth: ['group_orders:user'] + patch: + summary: update a group order article (but delete if quantity and tolerance are zero) + tags: + - 1. User + - 2. Order + parameters: + - $ref: '#/parameters/idInUrl' + - in: body + name: body + description: group order article update + required: true + schema: + $ref: '#/definitions/GroupOrderArticleForUpdate' + responses: + 200: + description: success + schema: + type: object + properties: + group_order_article: + $ref: '#/definitions/GroupOrderArticle' + order_article: + $ref: '#/definitions/OrderArticle' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope + schema: + $ref: '#/definitions/Error403' + 404: + description: order article not found in open orders + schema: + $ref: '#/definitions/Error404' + 422: + description: invalid parameter value + schema: + $ref: '#/definitions/Error422' + delete: + summary: remove group order article + tags: + - 1. User + - 2. Order + parameters: + - $ref: '#/parameters/idInUrl' + responses: + 200: + description: success + schema: + type: object + properties: + group_order_article: + $ref: '#/definitions/GroupOrderArticle' + order_article: + $ref: '#/definitions/OrderArticle' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope + schema: + $ref: '#/definitions/Error403' + 404: + description: order article not found in open orders + schema: + $ref: '#/definitions/Error404' + + /financial_transactions: + get: + summary: financial transactions + tags: + - 6. FinancialTransaction + parameters: + - $ref: '#/parameters/page' + - $ref: '#/parameters/per_page' + responses: + 200: + description: success + schema: + type: object + properties: + financial_transactions: + type: array + items: + $ref: '#/definitions/FinancialTransaction' + meta: + $ref: '#/definitions/Meta' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope or no permission + schema: + $ref: '#/definitions/Error403' + security: + - foodsoft_auth: ['finance:read', 'finance:write'] + /financial_transactions/{id}: + parameters: + - $ref: '#/parameters/idInUrl' + get: + summary: find financial transaction by id + tags: + - 6. FinancialTransaction + responses: + 200: + description: success + schema: + type: object + properties: + financial_transaction: + $ref: '#/definitions/FinancialTransaction' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope or no permission + schema: + $ref: '#/definitions/Error403' + 404: + description: not found + schema: + $ref: '#/definitions/Error404' + security: + - foodsoft_auth: ['finance:read', 'finance:write'] + /orders: + get: + summary: orders + tags: + - 2. Order + parameters: + - $ref: '#/parameters/page' + - $ref: '#/parameters/per_page' + responses: + 200: + description: success + schema: + type: object + properties: + orders: + type: array + items: + $ref: '#/definitions/Order' + meta: + $ref: '#/definitions/Meta' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope or no permission + schema: + $ref: '#/definitions/Error403' + security: + - foodsoft_auth: ['orders:read', 'orders:write'] + /orders/{id}: + parameters: + - $ref: '#/parameters/idInUrl' + get: + summary: find order by id + tags: + - 2. Order + responses: + 200: + description: success + schema: + type: object + properties: + order: + $ref: '#/definitions/Order' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope or no permission + schema: + $ref: '#/definitions/Error403' + 404: + description: not found + schema: + $ref: '#/definitions/Error404' + security: + - foodsoft_auth: ['orders:read', 'orders:write'] + /order_articles: + get: + summary: order articles + tags: + - 2. Order + parameters: + - $ref: '#/parameters/page' + - $ref: '#/parameters/per_page' + - $ref: '#/parameters/q_ordered' + responses: + 200: + description: success + schema: + type: object + properties: + order_articles: + type: array + items: + $ref: '#/definitions/OrderArticle' + meta: + $ref: '#/definitions/Meta' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope or no permission + schema: + $ref: '#/definitions/Error403' + security: + - foodsoft_auth: ['group_orders:user'] + /order_articles/{id}: + parameters: + - $ref: '#/parameters/idInUrl' + get: + summary: find order article by id + tags: + - 2. Order + responses: + 200: + description: success + schema: + type: object + properties: + order_article: + $ref: '#/definitions/OrderArticle' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope or no permission + schema: + $ref: '#/definitions/Error403' + 404: + description: not found + schema: + $ref: '#/definitions/Error404' + security: + - foodsoft_auth: ['orders:read', 'orders:write'] + /article_categories: + get: + summary: article categories + tags: + - 2. Category + parameters: + - $ref: '#/parameters/page' + - $ref: '#/parameters/per_page' + responses: + 200: + description: success + schema: + type: object + properties: + article_categories: + type: array + items: + $ref: '#/definitions/ArticleCategory' + meta: + $ref: '#/definitions/Meta' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + + security: + - foodsoft_auth: ['all'] + /article_categories/{id}: + parameters: + - $ref: '#/parameters/idInUrl' + get: + summary: find article category by id + tags: + - 2. Category + responses: + 200: + description: success + schema: + type: object + properties: + article_category: + $ref: '#/definitions/ArticleCategory' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 404: + description: not found + schema: + $ref: '#/definitions/Error404' + security: + - foodsoft_auth: ['all'] + + /financial_transaction_classes: + get: + summary: financial transaction classes + tags: + - 2. Category + parameters: + - $ref: '#/parameters/page' + - $ref: '#/parameters/per_page' + responses: + 200: + description: success + schema: + type: object + properties: + financial_transaction_classes: + type: array + items: + $ref: '#/definitions/FinancialTransactionClass' + meta: + $ref: '#/definitions/Meta' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + + security: + - foodsoft_auth: ['all'] + /financial_transaction_classes/{id}: + parameters: + - $ref: '#/parameters/idInUrl' + get: + summary: find financial transaction class by id + tags: + - 2. Category + responses: + 200: + description: success + schema: + type: object + properties: + financial_transaction_class: + $ref: '#/definitions/FinancialTransactionClass' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 404: + description: not found + schema: + $ref: '#/definitions/Error404' + security: + - foodsoft_auth: ['all'] + + /financial_transaction_types: + get: + summary: financial transaction types + tags: + - 2. Category + parameters: + - $ref: '#/parameters/page' + - $ref: '#/parameters/per_page' + responses: + 200: + description: success + schema: + type: object + properties: + financial_transaction_types: + type: array + items: + $ref: '#/definitions/FinancialTransactionType' + meta: + $ref: '#/definitions/Meta' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + + security: + - foodsoft_auth: ['all'] + /financial_transaction_types/{id}: + parameters: + - $ref: '#/parameters/idInUrl' + get: + summary: find financial transaction type by id + tags: + - 2. Category + responses: + 200: + description: success + schema: + type: object + properties: + financial_transaction_type: + $ref: '#/definitions/FinancialTransactionType' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 404: + description: not found + schema: + $ref: '#/definitions/Error404' + security: + - foodsoft_auth: ['all'] + + /config: + get: + summary: configuration variables + tags: + - 7. General + responses: + 200: + description: success + schema: + type: object + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + 403: + description: missing scope or no permission + schema: + $ref: '#/definitions/Error403' + security: + - foodsoft_auth: ['config:user', 'config:read', 'config:write'] + /navigation: + get: + summary: navigation + tags: + - 7. General + responses: + 200: + description: success + schema: + type: object + properties: + navigation: + $ref: '#/definitions/Navigation' + 401: + description: not logged-in + schema: + $ref: '#/definitions/Error401' + security: + - foodsoft_auth: [] + +parameters: + # url parameters + idInUrl: + name: id + type: integer + in: path + minimum: 1 + required: true + + # query parameters + page: + name: page + type: integer + in: query + description: page number + minimum: 0 + default: 0 + per_page: + name: per_page + type: integer + in: query + description: items per page + minimum: 0 + default: 20 + + # non-ransack query parameters + q_ordered: + name: q[ordered] + type: string + in: query + description: "'member' show articles ordered by the user's ordergroup, 'all' by all members, and 'supplier' ordered at the supplier" + enum: ['member', 'all', 'supplier'] + +definitions: + # models + User: + type: object + properties: + id: + type: integer + name: + type: string + description: full name + email: + type: string + description: email address + locale: + type: string + description: language code + required: ['id', 'name', 'email'] + + FinancialTransactionForCreate: + type: object + properties: + amount: + type: number + description: amount credited (negative for a debit transaction) + financial_transaction_type_id: + type: integer + description: id of the type of the transaction + note: + type: string + description: note entered with the transaction + required: ['amount', 'financial_transaction_type_id', 'note'] + FinancialTransaction: + allOf: + - $ref: '#/definitions/FinancialTransactionForCreate' + - type: object + properties: + id: + type: integer + user_id: + type: ['integer', 'null'] + description: id of user who entered the transaction (may be null for deleted users or 0 for a system user) + user_name: + type: ['string', 'null'] + description: name of user who entered the transaction (may be null or empty string for deleted users or system users) + financial_transaction_type_name: + type: string + description: name of the type of the transaction + created_at: + type: string + format: date-time + description: when the transaction was entered + required: ['id', 'user_id', 'user_name', 'financial_transaction_type_name', 'created_at'] + + FinancialTransactionClass: + type: object + properties: + id: + type: integer + name: + type: string + description: full name + required: ['id', 'name'] + + FinancialTransactionType: + type: object + properties: + id: + type: integer + name: + type: string + description: full name + name_short: + type: ['string', 'null'] + description: short name (used for bank transfers) + bank_account_id: + type: ['integer', 'null'] + description: id of the bank account used for this transaction type + bank_account_name: + type: ['string', 'null'] + description: name of the bank account used for this transaction type + bank_account_iban: + type: ['string', 'null'] + description: IBAN of the bank account used for this transaction type + financial_transaction_class_id: + type: integer + description: id of the class of the transaction + financial_transaction_class_name: + type: string + description: name of the class of the transaction + required: ['id', 'name', 'financial_transaction_class_id', 'financial_transaction_class_name'] + + FinanceOverview: + type: object + properties: + account_balance: + type: number + description: booked accout balance of ordergroup + available_funds: + type: number + description: fund available to order articles + financial_transaction_class_sums: + type: array + items: + type: object + properties: + id: + type: integer + description: id of the financial transaction class + name: + type: string + description: name of the financial transaction class + amount: + type: number + description: sum of the amounts belonging to the financial transaction class + required: ['id', 'name', 'amount'] + required: ['account_balance', 'available_funds', 'financial_transaction_class_sums'] + + ArticleCategory: + type: object + properties: + id: + type: integer + name: + type: string + required: ['id', 'name'] + + Order: + type: object + properties: + id: + type: integer + name: + type: string + description: name of the order's supplier (or stock) + starts: + type: string + format: date-time + description: when the order was opened + ends: + type: ['string', 'null'] + format: date-time + description: when the order will close or was closed + boxfill: + type: ['string', 'null'] + format: date-time + description: when the order will enter or entered the boxfill phase + pickup: + type: ['string', 'null'] + format: date + description: pickup date + is_open: + type: boolean + description: if the order is currently open or not + is_boxfill: + type: boolean + description: if the order is currently in the boxfill phase or not + + Article: + type: object + properties: + id: + type: integer + name: + type: string + supplier_id: + type: integer + description: id of supplier, or 0 for stock articles + supplier_name: + type: ['string', 'null'] + description: name of the supplier, or null for stock articles + unit: + type: string + description: amount of each unit, e.g. "100 g" or "kg" + unit_quantity: + type: integer + description: units can only be ordered from the supplier in multiples of unit_quantity + note: + type: ['string', 'null'] + description: generic note + manufacturer: + type: ['string', 'null'] + description: manufacturer + origin: + type: ['string', 'null'] + description: origin, preferably (starting with a) 2-letter ISO country code + article_category_id: + type: integer + description: id of article category + quantity_available: + type: integer + description: number of units available (only present on stock articles) + required: ['id', 'name', 'supplier_id', 'supplier_name', 'unit', 'unit_quantity', 'note', 'manufacturer', 'origin', 'article_category_id'] + + OrderArticle: + type: object + properties: + id: + type: integer + order_id: + type: integer + description: id of order this order article belongs to + price: + type: number + format: float + description: foodcoop price + quantity: + type: integer + description: number of units ordered by members + tolerance: + type: integer + description: number of extra units that members are willing to buy to fill a box + units_to_order: + type: integer + description: number of units to order from the supplier + article: + $ref: '#/definitions/Article' + + GroupOrderArticleForUpdate: + type: object + properties: + quantity: + type: integer + description: number of units ordered by the user's ordergroup + tolerance: + type: integer + description: number of extra units the user's ordergroup is willing to buy for filling a box + GroupOrderArticleForCreate: + allOf: + - $ref: '#/definitions/GroupOrderArticleForUpdate' + - type: object + properties: + order_article_id: + type: integer + description: id of order article + GroupOrderArticle: + allOf: + - $ref: '#/definitions/GroupOrderArticleForCreate' + - type: object + properties: + id: + type: integer + result: + type: number + format: float + description: number of units the user's ordergroup will receive or has received + total_price: + type: number + format: float + description: total price of this group order article + + Navigation: + type: array + items: + type: object + properties: + name: + type: string + description: title + url: + type: string + description: link + items: + $ref: '#/definitions/Navigation' + required: ['name'] + minProperties: 2 # name+url or name+items + + # collection meta object in root of a response + Meta: + type: object + properties: + page: + type: integer + description: page number of the returned collection + per_page: + type: integer + description: number of items per page + total_pages: + type: integer + description: total number of pages + total_count: + type: integer + description: total number of items in the collection + required: ['page', 'per_page', 'total_pages', 'total_count'] + + Error: + type: object + properties: + error: + type: string + description: error code + error_description: + type: string + description: human-readable error message (localized) + Error404: + type: object + properties: + error: + type: string + description: 'not_found' + error_description: + $ref: '#/definitions/Error/properties/error_description' + Error401: + type: object + properties: + error: + type: string + description: 'unauthorized' + error_description: + $ref: '#/definitions/Error/properties/error_description' + Error403: + type: object + properties: + error: + type: string + description: 'forbidden or invalid_scope' + error_description: + $ref: '#/definitions/Error/properties/error_description' + Error422: + type: object + properties: + error: + type: string + description: unprocessable entity + error_description: + $ref: '#/definitions/Error/properties/error_description' + + +securityDefinitions: + foodsoft_auth: + type: oauth2 + flow: implicit + authorizationUrl: http://localhost:3000/f/oauth/authorize + scopes: + config:user: reading Foodsoft configuration for regular users + config:read: reading Foodsoft configuration values + config:write: reading and updating Foodsoft configuration values + finance:user: accessing your own financial transactions + finance:read: reading all financial transactions + finance:write: reading and creating financial transactions + user:read: reading your own user profile + user:write: reading and updating your own user profile + offline_access: retain access after user has logged out diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index b0a325db..0a8b3fec 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -11,7 +11,6 @@ services: build: context: . dockerfile: Dockerfile-dev - platform: linux/x86_64 command: ./proc-start worker volumes: - bundle:/usr/local/bundle diff --git a/app/lib/api/errors.rb b/lib/api/errors.rb similarity index 100% rename from app/lib/api/errors.rb rename to lib/api/errors.rb diff --git a/app/lib/apple_bar.rb b/lib/apple_bar.rb similarity index 75% rename from app/lib/apple_bar.rb rename to lib/apple_bar.rb index 236417c6..a2176ea3 100644 --- a/app/lib/apple_bar.rb +++ b/lib/apple_bar.rb @@ -14,23 +14,23 @@ class AppleBar def group_bar_state if apples >= 100 'success' - elsif FoodsoftConfig[:stop_ordering_under].present? && - (apples >= FoodsoftConfig[:stop_ordering_under]) - 'warning' else - 'danger' + if FoodsoftConfig[:stop_ordering_under].present? and + apples >= FoodsoftConfig[:stop_ordering_under] + 'warning' + else + 'danger' + end end end # Use apples as percentage, but show at least 10 percent def group_bar_width - [@ordergroup.apples, 2].max + @ordergroup.apples < 2 ? 2 : @ordergroup.apples end def mean_order_amount_per_job - (1 / @global_avg).round - rescue - 0 + (1 / @global_avg).round rescue 0 end def apples diff --git a/app/lib/articles_csv.rb b/lib/articles_csv.rb similarity index 87% rename from app/lib/articles_csv.rb rename to lib/articles_csv.rb index 55bc7fc5..910de9be 100644 --- a/app/lib/articles_csv.rb +++ b/lib/articles_csv.rb @@ -1,4 +1,4 @@ -class ArticlesCsv < RenderCsv +class ArticlesCsv < RenderCSV include ApplicationHelper def header @@ -16,7 +16,7 @@ class ArticlesCsv < RenderCsv Article.human_attribute_name(:unit_quantity), '', '', - Article.human_attribute_name(:article_category) + Article.human_attribute_name(:article_category), ] end @@ -36,7 +36,7 @@ class ArticlesCsv < RenderCsv o.unit_quantity, '', '', - o.article_category.try(:name) + o.article_category.try(:name), ] end end diff --git a/app/lib/bank_account_connector.rb b/lib/bank_account_connector.rb similarity index 90% rename from app/lib/bank_account_connector.rb rename to lib/bank_account_connector.rb index b728ebb9..93e7cc7c 100644 --- a/app/lib/bank_account_connector.rb +++ b/lib/bank_account_connector.rb @@ -8,7 +8,9 @@ class BankAccountConnector nil end - attr_reader :text + def text + @text + end end class TextField @@ -22,7 +24,13 @@ class BankAccountConnector nil end - attr_reader :name, :value + def name + @name + end + + def value + @value + end def label @label || @name.to_s @@ -65,7 +73,17 @@ class BankAccountConnector @bank_account.iban end - attr_reader :auto_submit, :controls, :count + def auto_submit + @auto_submit + end + + def controls + @controls + end + + def count + @count + end def text(data) @controls += [TextItem.new(data)] @@ -124,9 +142,11 @@ class BankAccountConnector @bank_account.save! end - def load(data); end + def load(data) + end - def dump; end + def dump + end def t(key, args = {}) return t(".fields.#{key}") unless key.is_a? String diff --git a/app/lib/bank_account_connector_external.rb b/lib/bank_account_connector_external.rb similarity index 100% rename from app/lib/bank_account_connector_external.rb rename to lib/bank_account_connector_external.rb diff --git a/app/lib/bank_account_information_importer.rb b/lib/bank_account_information_importer.rb similarity index 100% rename from app/lib/bank_account_information_importer.rb rename to lib/bank_account_information_importer.rb diff --git a/app/lib/bank_transaction_reference.rb b/lib/bank_transaction_reference.rb similarity index 85% rename from app/lib/bank_transaction_reference.rb rename to lib/bank_transaction_reference.rb index 22b9f181..d033c544 100644 --- a/app/lib/bank_transaction_reference.rb +++ b/lib/bank_transaction_reference.rb @@ -1,7 +1,7 @@ class BankTransactionReference # parses a string from a bank transaction field def self.parse(data) - m = /(^|[^\w.])FS(?\d+)(\.(?\d+))?(?([A-Za-z]+\d+(\.\d+)?)+)([^\w.]|$)/.match(data) + m = /(^|[^\w\.])FS(?\d+)(\.(?\d+))?(?([A-Za-z]+\d+(\.\d+)?)+)([^\w\.]|$)/.match(data) return unless m parts = {} @@ -13,7 +13,7 @@ class BankTransactionReference ret = { group: m[:group].to_i, parts: parts } ret[:user] = m[:user].to_i if m[:user] - ret + return ret end def self.js_code_for_user(user) diff --git a/app/lib/bank_transactions_csv.rb b/lib/bank_transactions_csv.rb similarity index 93% rename from app/lib/bank_transactions_csv.rb rename to lib/bank_transactions_csv.rb index 4adbc192..34c39403 100644 --- a/app/lib/bank_transactions_csv.rb +++ b/lib/bank_transactions_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class BankTransactionsCsv < RenderCsv +class BankTransactionsCsv < RenderCSV include ApplicationHelper def header diff --git a/app/lib/date_time_attribute_validate.rb b/lib/date_time_attribute_validate.rb similarity index 82% rename from app/lib/date_time_attribute_validate.rb rename to lib/date_time_attribute_validate.rb index 23127898..08138d02 100644 --- a/app/lib/date_time_attribute_validate.rb +++ b/lib/date_time_attribute_validate.rb @@ -27,20 +27,12 @@ module DateTimeAttributeValidate define_method("#{attribute}_date_value=") do |val| self.instance_variable_set("@#{attribute}_is_set", true) self.instance_variable_set("@#{attribute}_date_value", val) - begin - self.send("#{attribute}_date=", val) - rescue - nil - end + self.send("#{attribute}_date=", val) rescue nil end define_method("#{attribute}_time_value=") do |val| self.instance_variable_set("@#{attribute}_is_set", true) self.instance_variable_set("@#{attribute}_time_value", val) - begin - self.send("#{attribute}_time=", val) - rescue - nil - end + self.send("#{attribute}_time=", val) rescue nil end # fallback to field when values are not set @@ -56,19 +48,11 @@ module DateTimeAttributeValidate # validate date and time define_method("#{attribute}_datetime_value_valid") do date = self.instance_variable_get("@#{attribute}_date_value") - unless date.blank? || begin - Date.parse(date) - rescue - nil - end + unless date.blank? || (Date.parse(date) rescue nil) errors.add(attribute, "is not a valid date") # @todo I18n end time = self.instance_variable_get("@#{attribute}_time_value") - unless time.blank? || begin - Time.parse(time) - rescue - nil - end + unless time.blank? || (Time.parse(time) rescue nil) errors.add(attribute, "is not a valid time") # @todo I18n end end diff --git a/app/lib/financial_transactions_csv.rb b/lib/financial_transactions_csv.rb similarity index 95% rename from app/lib/financial_transactions_csv.rb rename to lib/financial_transactions_csv.rb index fc12d000..dc21d892 100644 --- a/app/lib/financial_transactions_csv.rb +++ b/lib/financial_transactions_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class FinancialTransactionsCsv < RenderCsv +class FinancialTransactionsCsv < RenderCSV include ApplicationHelper def header diff --git a/app/lib/foodsoft/expansion_variables.rb b/lib/foodsoft/expansion_variables.rb similarity index 96% rename from app/lib/foodsoft/expansion_variables.rb rename to lib/foodsoft/expansion_variables.rb index 97f7b6bb..bcf67e7a 100644 --- a/app/lib/foodsoft/expansion_variables.rb +++ b/lib/foodsoft/expansion_variables.rb @@ -54,8 +54,8 @@ module Foodsoft # @param options [Hash] Extra variables to expand # @return [String] Expanded string def self.expand(str, options = {}) - str.gsub(/{{([._a-zA-Z0-9]+)}}/) do - options[::Regexp.last_match(1)] || self.get(::Regexp.last_match(1)) + str.gsub /{{([._a-zA-Z0-9]+)}}/ do + options[$1] || self.get($1) end end diff --git a/app/lib/foodsoft_config.rb b/lib/foodsoft_config.rb similarity index 98% rename from app/lib/foodsoft_config.rb rename to lib/foodsoft_config.rb index 6ea166d3..5a370459 100644 --- a/app/lib/foodsoft_config.rb +++ b/lib/foodsoft_config.rb @@ -44,8 +44,6 @@ class FoodsoftConfig # @return [ActiveSupport::HashWithIndifferentAccess] Current configuration from configuration file. mattr_accessor :config - mattr_accessor :default_config - # Configuration file location. # Taken from environment variable +FOODSOFT_APP_CONFIG+, # or else +config/app_config.yml+. @@ -191,7 +189,7 @@ class FoodsoftConfig # @return [Hash] Full configuration. def to_hash - keys.index_with { |k| self[k] } + keys.to_h { |k| [k, self[k]] } end # for using active_model_serializer in the api/v1/configs controller @@ -218,6 +216,7 @@ class FoodsoftConfig # end # # @return [Hash] Default configuration values + mattr_accessor :default_config private @@ -230,7 +229,7 @@ class FoodsoftConfig end def setup_database - database_config = ActiveRecord::Base.configurations.find_db_config(Rails.env).configuration_hash + database_config = ActiveRecord::Base.configurations[Rails.env] database_config = database_config.merge(config[:database]) if config[:database].present? ActiveRecord::Base.establish_connection(database_config) end diff --git a/app/lib/foodsoft_date_util.rb b/lib/foodsoft_date_util.rb similarity index 84% rename from app/lib/foodsoft_date_util.rb rename to lib/foodsoft_date_util.rb index a14ad453..98dc1c61 100644 --- a/app/lib/foodsoft_date_util.rb +++ b/lib/foodsoft_date_util.rb @@ -6,11 +6,7 @@ module FoodsoftDateUtil schedule = IceCube::Schedule.new(start) schedule.add_recurrence_rule rule_from(options[:recurr]) # @todo handle ical parse errors - occ = begin - schedule.next_occurrence(from).to_time - rescue - nil - end + occ = (schedule.next_occurrence(from).to_time rescue nil) end if options && options[:time] && occ occ = occ.beginning_of_day.advance(seconds: Time.parse(options[:time]).seconds_since_midnight) @@ -21,10 +17,9 @@ module FoodsoftDateUtil # @param p [String, Symbol, Hash, IceCube::Rule] What to return a rule from. # @return [IceCube::Rule] Recurring rule def self.rule_from(p) - case p - when String + if p.is_a? String IceCube::Rule.from_ical(p) - when Hash + elsif p.is_a? Hash IceCube::Rule.from_hash(p) else p diff --git a/app/lib/foodsoft_file.rb b/lib/foodsoft_file.rb similarity index 100% rename from app/lib/foodsoft_file.rb rename to lib/foodsoft_file.rb diff --git a/app/lib/foodsoft_mail_receiver.rb b/lib/foodsoft_mail_receiver.rb similarity index 73% rename from app/lib/foodsoft_mail_receiver.rb rename to lib/foodsoft_mail_receiver.rb index 18e93be3..560e7edd 100644 --- a/app/lib/foodsoft_mail_receiver.rb +++ b/lib/foodsoft_mail_receiver.rb @@ -19,7 +19,7 @@ class FoodsoftMailReceiver < MidiSmtpServer::Smtpd private - def on_rcpt_to_event(_ctx, rcpt_to) + def on_rcpt_to_event(ctx, rcpt_to) recipient = rcpt_to.gsub(/^\s*<\s*(.*)\s*>\s*$/, '\1') @handlers << self.class.find_handler(recipient) rcpt_to @@ -29,18 +29,20 @@ class FoodsoftMailReceiver < MidiSmtpServer::Smtpd end def on_message_data_event(ctx) - @handlers.each do |handler| - handler.call(ctx[:message][:data]) + begin + @handlers.each do |handler| + handler.call(ctx[:message][:data]) + end + rescue => error + ExceptionNotifier.notify_exception(error, data: ctx) + raise error + ensure + @handlers.clear end - rescue => error - ExceptionNotifier.notify_exception(error, data: ctx) - raise error - ensure - @handlers.clear end def self.find_handler(recipient) - m = /(?[^@.]+)\.(?
[^@]+)(@(?[^@]+))?/.match recipient + m = /(?[^@\.]+)\.(?
[^@]+)(@(?[^@]+))?/.match recipient raise "recipient is missing or has an invalid format" if m.nil? raise "Foodcoop '#{m[:foodcoop]}' could not be found" unless FoodsoftConfig.allowed_foodcoop? m[:foodcoop] @@ -49,7 +51,7 @@ class FoodsoftMailReceiver < MidiSmtpServer::Smtpd @@registered_classes.each do |klass| if match = klass.regexp.match(m[:address]) handler = klass.new match - return ->(data) { handler.received(data) } + return lambda { |data| handler.received(data) } end end diff --git a/app/lib/invoices_csv.rb b/lib/invoices_csv.rb similarity index 95% rename from app/lib/invoices_csv.rb rename to lib/invoices_csv.rb index eecad298..aa20cd08 100644 --- a/app/lib/invoices_csv.rb +++ b/lib/invoices_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class InvoicesCsv < RenderCsv +class InvoicesCsv < RenderCSV include ApplicationHelper def header @@ -32,7 +32,7 @@ class InvoicesCsv < RenderCsv t.deposit, t.deposit_credit, t.paid_on, - t.note + t.note, ] end end diff --git a/app/lib/order_csv.rb b/lib/order_csv.rb similarity index 96% rename from app/lib/order_csv.rb rename to lib/order_csv.rb index b238f90c..6ec96581 100644 --- a/app/lib/order_csv.rb +++ b/lib/order_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class OrderCsv < RenderCsv +class OrderCsv < RenderCSV def header [ OrderArticle.human_attribute_name(:units_to_order), diff --git a/app/lib/order_pdf.rb b/lib/order_pdf.rb similarity index 99% rename from app/lib/order_pdf.rb rename to lib/order_pdf.rb index 164be66b..034ca51f 100644 --- a/app/lib/order_pdf.rb +++ b/lib/order_pdf.rb @@ -1,4 +1,4 @@ -class OrderPdf < RenderPdf +class OrderPdf < RenderPDF attr_reader :order def initialize(order, options = {}) diff --git a/app/lib/order_txt.rb b/lib/order_txt.rb similarity index 81% rename from app/lib/order_txt.rb rename to lib/order_txt.rb index 7f23e705..5ad1fba6 100644 --- a/app/lib/order_txt.rb +++ b/lib/order_txt.rb @@ -1,5 +1,5 @@ class OrderTxt - def initialize(order, _options = {}) + def initialize(order, options = {}) @order = order end @@ -15,10 +15,10 @@ class OrderTxt text += "****** " + I18n.t('orders.fax.to_address') + "\n\n" text += "#{FoodsoftConfig[:name]}\n#{contact[:street]}\n#{contact[:zip_code]} #{contact[:city]}\n\n" text += "****** " + I18n.t('orders.fax.articles') + "\n\n" - text += format("%8s %8s %s\n", I18n.t('orders.fax.number'), I18n.t('orders.fax.amount'), I18n.t('orders.fax.name')) + text += "%8s %8s %s\n" % [I18n.t('orders.fax.number'), I18n.t('orders.fax.amount'), I18n.t('orders.fax.name')] # now display all ordered articles @order.order_articles.ordered.includes([:article, :article_price]).each do |oa| - text += format("%8s %8d %s\n", oa.article.order_number, oa.units_to_order.to_i, oa.article.name) + text += "%8s %8d %s\n" % [oa.article.order_number, oa.units_to_order.to_i, oa.article.name] end text end diff --git a/app/lib/ordergroups_csv.rb b/lib/ordergroups_csv.rb similarity index 85% rename from app/lib/ordergroups_csv.rb rename to lib/ordergroups_csv.rb index f6fba00f..c41d2e83 100644 --- a/app/lib/ordergroups_csv.rb +++ b/lib/ordergroups_csv.rb @@ -1,4 +1,4 @@ -class OrdergroupsCsv < RenderCsv +class OrdergroupsCsv < RenderCSV include ApplicationHelper def header @@ -14,9 +14,9 @@ class OrdergroupsCsv < RenderCsv Ordergroup.human_attribute_name(:break_start), Ordergroup.human_attribute_name(:break_end), Ordergroup.human_attribute_name(:last_user_activity), - Ordergroup.human_attribute_name(:last_order) + Ordergroup.human_attribute_name(:last_order), ] - row + Ordergroup.custom_fields.pluck(:label) + row + Ordergroup.custom_fields.map { |f| f[:label] } end def data @@ -33,7 +33,7 @@ class OrdergroupsCsv < RenderCsv o.break_start, o.break_end, o.last_user_activity, - o.last_order.try(:starts) + o.last_order.try(:starts), ] yield row + Ordergroup.custom_fields.map { |f| o.settings.custom_fields[f[:name]] } end diff --git a/app/lib/render_csv.rb b/lib/render_csv.rb similarity index 98% rename from app/lib/render_csv.rb rename to lib/render_csv.rb index 1f20b075..b900f1f7 100644 --- a/app/lib/render_csv.rb +++ b/lib/render_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class RenderCsv +class RenderCSV include ActionView::Helpers::NumberHelper def initialize(object, options = {}) diff --git a/app/lib/render_pdf.rb b/lib/render_pdf.rb similarity index 97% rename from app/lib/render_pdf.rb rename to lib/render_pdf.rb index 479dc4a3..a5cde2b6 100644 --- a/app/lib/render_pdf.rb +++ b/lib/render_pdf.rb @@ -18,7 +18,7 @@ class RotatedCell < Prawn::Table::Cell::Text (height + (border_top_width / 2.0) + (border_bottom_width / 2.0)) / tan_rotation end - def styled_width_of(_text) + def styled_width_of(text) options = @text_options.reject { |k| k == :style } with_font { (@pdf.height_of(@content, options) + padding_top + padding_bottom) / tan_rotation } end @@ -52,7 +52,7 @@ class RotatedCell < Prawn::Table::Cell::Text end end -class RenderPdf < Prawn::Document +class RenderPDF < Prawn::Document include ActionView::Helpers::NumberHelper include ApplicationHelper @@ -156,10 +156,9 @@ class RenderPdf < Prawn::Document def pdf_add_page_breaks?(docid = nil) docid ||= self.class.name.underscore cfg = FoodsoftConfig[:pdf_add_page_breaks] - case cfg - when Array + if cfg.is_a? Array cfg.index(docid.to_s).any? - when Hash + elsif cfg.is_a? Hash cfg[docid.to_s] else cfg diff --git a/app/lib/spreadsheet_file.rb b/lib/spreadsheet_file.rb similarity index 100% rename from app/lib/spreadsheet_file.rb rename to lib/spreadsheet_file.rb diff --git a/app/lib/templates/haml/scaffold/_form.html.haml b/lib/templates/haml/scaffold/_form.html.haml similarity index 100% rename from app/lib/templates/haml/scaffold/_form.html.haml rename to lib/templates/haml/scaffold/_form.html.haml diff --git a/app/lib/token_verifier.rb b/lib/token_verifier.rb similarity index 97% rename from app/lib/token_verifier.rb rename to lib/token_verifier.rb index b481d60f..a8a0f1eb 100644 --- a/app/lib/token_verifier.rb +++ b/lib/token_verifier.rb @@ -21,6 +21,8 @@ class TokenVerifier < ActiveSupport::MessageVerifier # return original message if r.length > 2 r[2] + else + nil end end @@ -30,6 +32,8 @@ class TokenVerifier < ActiveSupport::MessageVerifier class InvalidPrefix < ActiveSupport::MessageVerifier::InvalidSignature; end + protected + def self.secret # secret_key_base for Rails 4, but Rails 3 initializer may still be used Foodsoft::Application.config.secret_key_base || Foodsoft::Application.config.secret_token diff --git a/app/lib/users_csv.rb b/lib/users_csv.rb similarity index 97% rename from app/lib/users_csv.rb rename to lib/users_csv.rb index a7d54698..56ec3a23 100644 --- a/app/lib/users_csv.rb +++ b/lib/users_csv.rb @@ -1,4 +1,4 @@ -class UsersCsv < RenderCsv +class UsersCsv < RenderCSV include ApplicationHelper def header diff --git a/spec/api/v1/order_articles_spec.rb b/spec/api/v1/order_articles_spec.rb new file mode 100644 index 00000000..e65867db --- /dev/null +++ b/spec/api/v1/order_articles_spec.rb @@ -0,0 +1,59 @@ +require 'spec_helper' + +# Most routes are tested in the swagger_spec, this tests (non-ransack) parameters. +describe Api::V1::OrderArticlesController, type: :controller do + include ApiOAuth + let(:api_scopes) { ['orders:read'] } + + let(:json_order_articles) { json_response['order_articles'] } + let(:json_order_article_ids) { json_order_articles.map { |joa| joa["id"] } } + + describe "GET :index" do + context "with param q[ordered]" do + let(:order) { create(:order, article_count: 4) } + let(:order_articles) { order.order_articles } + + before do + order_articles[0].update!(quantity: 0, tolerance: 0, units_to_order: 0) + order_articles[1].update!(quantity: 1, tolerance: 0, units_to_order: 0) + order_articles[2].update!(quantity: 0, tolerance: 1, units_to_order: 0) + order_articles[3].update!(quantity: 0, tolerance: 0, units_to_order: 1) + end + + it "(unset)" do + get :index, params: { foodcoop: 'f' } + expect(json_order_articles.count).to eq 4 + end + + it "all" do + get :index, params: { foodcoop: 'f', q: { ordered: 'all' } } + expect(json_order_article_ids).to match_array order_articles[1..2].map(&:id) + end + + it "supplier" do + get :index, params: { foodcoop: 'f', q: { ordered: 'supplier' } } + expect(json_order_article_ids).to match_array [order_articles[3].id] + end + + it "member" do + get :index, params: { foodcoop: 'f', q: { ordered: 'member' } } + expect(json_order_articles.count).to eq 0 + end + + context "when ordered by user" do + let(:user) { create(:user, :ordergroup) } + let(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } + + before do + create(:group_order_article, group_order: go, order_article: order_articles[1], quantity: 1) + create(:group_order_article, group_order: go, order_article: order_articles[2], tolerance: 0) + end + + it "member" do + get :index, params: { foodcoop: 'f', q: { ordered: 'member' } } + expect(json_order_article_ids).to match_array order_articles[1..2].map(&:id) + end + end + end + end +end diff --git a/spec/api/v1/swagger_spec.rb b/spec/api/v1/swagger_spec.rb new file mode 100644 index 00000000..3da37332 --- /dev/null +++ b/spec/api/v1/swagger_spec.rb @@ -0,0 +1,284 @@ +require 'spec_helper' +require 'apivore' + +# we want to load a local file in YAML-format instead of a served JSON file +class SwaggerCheckerFile < Apivore::SwaggerChecker + def fetch_swagger! + YAML.load(File.read(swagger_path)) + end +end + +describe 'API v1', type: :apivore, order: :defined do + include ApiHelper + + subject { SwaggerCheckerFile.instance_for Rails.root.join('doc', 'swagger.v1.yml') } + + context 'has valid paths' do + context 'user' do + let(:api_scopes) { ['user:read'] } + # create multiple users to make sure we're getting the authenticated user, not just any + let!(:other_user_1) { create :user } + let!(:user) { create :user } + let!(:other_user_2) { create :user } + + it { is_expected.to validate(:get, '/user', 200, api_auth) } + it { is_expected.to validate(:get, '/user', 401) } + + it_handles_invalid_token_and_scope(:get, '/user') + end + + context 'user/financial_overview' do + let(:api_scopes) { ['finance:user'] } + let!(:user) { create :user, :ordergroup } + + it { is_expected.to validate(:get, '/user/financial_overview', 200, api_auth) } + it { is_expected.to validate(:get, '/user/financial_overview', 401) } + + it_handles_invalid_token_and_scope(:get, '/user/financial_overview') + end + + context 'user/financial_transactions' do + let(:api_scopes) { ['finance:user'] } + let(:other_user) { create :user, :ordergroup } + let!(:other_ft_1) { create :financial_transaction, ordergroup: other_user.ordergroup } + + context 'without ordergroup' do + it { is_expected.to validate(:get, '/user/financial_transactions', 403, api_auth) } + it { is_expected.to validate(:get, '/user/financial_transactions/{id}', 403, api_auth({ 'id' => other_ft_1.id })) } + end + + context 'with ordergroup' do + let(:user) { create :user, :ordergroup } + let!(:ft_1) { create :financial_transaction, ordergroup: user.ordergroup } + let!(:ft_2) { create :financial_transaction, ordergroup: user.ordergroup } + let!(:ft_3) { create :financial_transaction, ordergroup: user.ordergroup } + + let(:create_params) { { '_data' => { financial_transaction: { amount: 1, financial_transaction_type_id: ft_1.financial_transaction_type.id, note: 'note' } } } } + + it { is_expected.to validate(:get, '/user/financial_transactions', 200, api_auth) } + it { is_expected.to validate(:get, '/user/financial_transactions/{id}', 200, api_auth({ 'id' => ft_2.id })) } + it { is_expected.to validate(:get, '/user/financial_transactions/{id}', 404, api_auth({ 'id' => other_ft_1.id })) } + it { is_expected.to validate(:get, '/user/financial_transactions/{id}', 404, api_auth({ 'id' => FinancialTransaction.last.id + 1 })) } + + context 'without using self service' do + it { is_expected.to validate(:post, '/user/financial_transactions', 403, api_auth(create_params)) } + end + + context 'with using self service' do + before { FoodsoftConfig[:use_self_service] = true } + + it { is_expected.to validate(:post, '/user/financial_transactions', 200, api_auth(create_params)) } + + context 'with invalid financial transaction type' do + let(:create_params) { { '_data' => { financial_transaction: { amount: 1, financial_transaction_type_id: -1, note: 'note' } } } } + + it { is_expected.to validate(:post, '/user/financial_transactions', 404, api_auth(create_params)) } + end + + context 'without note' do + let(:create_params) { { '_data' => { financial_transaction: { amount: 1, financial_transaction_type_id: ft_1.financial_transaction_type.id } } } } + + it { is_expected.to validate(:post, '/user/financial_transactions', 422, api_auth(create_params)) } + end + + context 'without enough balance' do + before { FoodsoftConfig[:minimum_balance] = 1000 } + + it { is_expected.to validate(:post, '/user/financial_transactions', 403, api_auth(create_params)) } + end + end + + it_handles_invalid_token_and_scope(:get, '/user/financial_transactions') + it_handles_invalid_token_and_scope(:post, '/user/financial_transactions', -> { api_auth(create_params) }) + it_handles_invalid_token_and_scope(:get, '/user/financial_transactions/{id}', -> { api_auth('id' => ft_2.id) }) + end + end + + context 'user/group_order_articles' do + let(:api_scopes) { ['group_orders:user'] } + let(:order) { create(:order, article_count: 2) } + + let(:user_2) { create :user, :ordergroup } + let(:group_order_2) { create(:group_order, order: order, ordergroup: user_2.ordergroup) } + let!(:goa_2) { create :group_order_article, order_article: order.order_articles[0], group_order: group_order_2 } + + before { group_order_2.update_price!; user_2.ordergroup.update_stats! } + + context 'without ordergroup' do + it { is_expected.to validate(:get, '/user/group_order_articles', 403, api_auth) } + it { is_expected.to validate(:get, '/user/group_order_articles/{id}', 403, api_auth({ 'id' => goa_2.id })) } + end + + context 'with ordergroup' do + let(:user) { create :user, :ordergroup } + let(:update_params) { { 'id' => goa.id, '_data' => { group_order_article: { quantity: goa.quantity + 1, tolerance: 0 } } } } + let(:create_params) { { '_data' => { group_order_article: { order_article_id: order.order_articles[1].id, quantity: 1 } } } } + let(:group_order) { create(:group_order, order: order, ordergroup: user.ordergroup) } + let!(:goa) { create :group_order_article, order_article: order.order_articles[0], group_order: group_order } + + before { group_order.update_price!; user.ordergroup.update_stats! } + + it { is_expected.to validate(:get, '/user/group_order_articles', 200, api_auth) } + it { is_expected.to validate(:get, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } + it { is_expected.to validate(:get, '/user/group_order_articles/{id}', 404, api_auth({ 'id' => goa_2.id })) } + it { is_expected.to validate(:get, '/user/group_order_articles/{id}', 404, api_auth({ 'id' => GroupOrderArticle.last.id + 1 })) } + + it { is_expected.to validate(:post, '/user/group_order_articles', 200, api_auth(create_params)) } + it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 200, api_auth(update_params)) } + it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } + + context 'with an existing group_order_article' do + let(:create_params) { { '_data' => { group_order_article: { order_article_id: order.order_articles[0].id, quantity: 1 } } } } + + it { is_expected.to validate(:post, '/user/group_order_articles', 422, api_auth(create_params)) } + end + + context 'with invalid parameter values' do + let(:create_params) { { '_data' => { group_order_article: { order_article_id: order.order_articles[0].id, quantity: -1 } } } } + let(:update_params) { { 'id' => goa.id, '_data' => { group_order_article: { quantity: -1, tolerance: 0 } } } } + + it { is_expected.to validate(:post, '/user/group_order_articles', 422, api_auth(create_params)) } + it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 422, api_auth(update_params)) } + end + + context 'with a closed order' do + let(:order) { create(:order, article_count: 2, state: :finished) } + + it { is_expected.to validate(:post, '/user/group_order_articles', 404, api_auth(create_params)) } + it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 404, api_auth(update_params)) } + it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 404, api_auth({ 'id' => goa.id })) } + end + + context 'without enough balance' do + before { FoodsoftConfig[:minimum_balance] = 1000 } + + it { is_expected.to validate(:post, '/user/group_order_articles', 403, api_auth(create_params)) } + it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 403, api_auth(update_params)) } + it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } + end + + context 'without enough apple points' do + before { allow_any_instance_of(Ordergroup).to receive(:not_enough_apples?).and_return(true) } + + it { is_expected.to validate(:post, '/user/group_order_articles', 403, api_auth(create_params)) } + it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 403, api_auth(update_params)) } + it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } + end + + it_handles_invalid_token_and_scope(:get, '/user/group_order_articles') + it_handles_invalid_token_and_scope(:post, '/user/group_order_articles', -> { api_auth(create_params) }) + it_handles_invalid_token_and_scope(:get, '/user/group_order_articles/{id}', -> { api_auth({ 'id' => goa.id }) }) + it_handles_invalid_token_and_scope(:patch, '/user/group_order_articles/{id}', -> { api_auth(update_params) }) + it_handles_invalid_token_and_scope(:delete, '/user/group_order_articles/{id}', -> { api_auth({ 'id' => goa.id }) }) + end + end + + context 'config' do + let(:api_scopes) { ['config:user'] } + + it { is_expected.to validate(:get, '/config', 200, api_auth) } + it { is_expected.to validate(:get, '/config', 401) } + + it_handles_invalid_token_and_scope(:get, '/config') + end + + context 'navigation' do + it { is_expected.to validate(:get, '/navigation', 200, api_auth) } + it { is_expected.to validate(:get, '/navigation', 401) } + + it_handles_invalid_token(:get, '/navigation') + end + + context 'financial_transactions' do + let(:api_scopes) { ['finance:read'] } + let(:user) { create(:user, :role_finance) } + let(:other_user) { create :user, :ordergroup } + let!(:ft_1) { create :financial_transaction, ordergroup: other_user.ordergroup } + let!(:ft_2) { create :financial_transaction, ordergroup: other_user.ordergroup } + + it { is_expected.to validate(:get, '/financial_transactions', 200, api_auth) } + it { is_expected.to validate(:get, '/financial_transactions/{id}', 200, api_auth({ 'id' => ft_2.id })) } + it { is_expected.to validate(:get, '/financial_transactions/{id}', 404, api_auth({ 'id' => FinancialTransaction.last.id + 1 })) } + + context 'without role_finance' do + let(:user) { create(:user) } + + it { is_expected.to validate(:get, '/financial_transactions', 403, api_auth) } + it { is_expected.to validate(:get, '/financial_transactions/{id}', 403, api_auth({ 'id' => ft_2.id })) } + end + + it_handles_invalid_token_and_scope(:get, '/financial_transactions') + it_handles_invalid_token_and_scope(:get, '/financial_transactions/{id}', -> { api_auth({ 'id' => ft_2.id }) }) + end + + context 'financial_transaction_classes' do + let!(:cla_1) { create :financial_transaction_class } + let!(:cla_2) { create :financial_transaction_class } + + it { is_expected.to validate(:get, '/financial_transaction_classes', 200, api_auth) } + it { is_expected.to validate(:get, '/financial_transaction_classes/{id}', 200, api_auth({ 'id' => cla_2.id })) } + it { is_expected.to validate(:get, '/financial_transaction_classes/{id}', 404, api_auth({ 'id' => cla_2.id + 1 })) } + + it_handles_invalid_token(:get, '/financial_transaction_classes') + it_handles_invalid_token(:get, '/financial_transaction_classes/{id}', -> { api_auth({ 'id' => cla_1.id }) }) + end + + context 'financial_transaction_types' do + let!(:tpy_1) { create :financial_transaction_type } + let!(:tpy_2) { create :financial_transaction_type } + + it { is_expected.to validate(:get, '/financial_transaction_types', 200, api_auth) } + it { is_expected.to validate(:get, '/financial_transaction_types/{id}', 200, api_auth({ 'id' => tpy_2.id })) } + it { is_expected.to validate(:get, '/financial_transaction_types/{id}', 404, api_auth({ 'id' => tpy_2.id + 1 })) } + + it_handles_invalid_token(:get, '/financial_transaction_types') + it_handles_invalid_token(:get, '/financial_transaction_types/{id}', -> { api_auth({ 'id' => tpy_1.id }) }) + end + + context 'orders' do + let(:api_scopes) { ['orders:read'] } + let!(:order) { create :order } + + it { is_expected.to validate(:get, '/orders', 200, api_auth) } + it { is_expected.to validate(:get, '/orders/{id}', 200, api_auth({ 'id' => order.id })) } + it { is_expected.to validate(:get, '/orders/{id}', 404, api_auth({ 'id' => Order.last.id + 1 })) } + + it_handles_invalid_token_and_scope(:get, '/orders') + it_handles_invalid_token_and_scope(:get, '/orders/{id}', -> { api_auth({ 'id' => order.id }) }) + end + + context 'order_articles' do + let(:api_scopes) { ['orders:read'] } + let!(:order_article) { create(:order, article_count: 1).order_articles.first } + let!(:stock_article) { create(:stock_article) } + let!(:stock_order_article) { create(:stock_order, article_ids: [stock_article.id]).order_articles.first } + + it { is_expected.to validate(:get, '/order_articles', 200, api_auth) } + it { is_expected.to validate(:get, '/order_articles/{id}', 200, api_auth({ 'id' => order_article.id })) } + it { is_expected.to validate(:get, '/order_articles/{id}', 200, api_auth({ 'id' => stock_order_article.id })) } + it { is_expected.to validate(:get, '/order_articles/{id}', 404, api_auth({ 'id' => Article.last.id + 1 })) } + + it_handles_invalid_token_and_scope(:get, '/order_articles') + it_handles_invalid_token_and_scope(:get, '/order_articles/{id}', -> { api_auth({ 'id' => order_article.id }) }) + end + + context 'article_categories' do + let!(:cat_1) { create :article_category } + let!(:cat_2) { create :article_category } + + it { is_expected.to validate(:get, '/article_categories', 200, api_auth) } + it { is_expected.to validate(:get, '/article_categories/{id}', 200, api_auth({ 'id' => cat_2.id })) } + it { is_expected.to validate(:get, '/article_categories/{id}', 404, api_auth({ 'id' => cat_2.id + 1 })) } + + it_handles_invalid_token(:get, '/article_categories') + it_handles_invalid_token(:get, '/article_categories/{id}', -> { api_auth({ 'id' => cat_1.id }) }) + end + end + + # needs to be last context so it is always run at the end + context 'and finally' do + it 'tests all documented routes' do + is_expected.to validate_all_paths + end + end +end diff --git a/spec/api/v1/user/financial_transactions_spec.rb b/spec/api/v1/user/financial_transactions_spec.rb new file mode 100644 index 00000000..c7e8f826 --- /dev/null +++ b/spec/api/v1/user/financial_transactions_spec.rb @@ -0,0 +1,109 @@ +require 'spec_helper' + +# Most routes are tested in the swagger_spec, this tests endpoints that change data. +describe Api::V1::User::FinancialTransactionsController, type: :controller do + include ApiOAuth + let(:user) { create(:user, :ordergroup) } + let(:api_scopes) { ['finance:user'] } + + let(:ftc1) { create :financial_transaction_class } + let(:ftc2) { create :financial_transaction_class } + let(:ftt1) { create :financial_transaction_type, financial_transaction_class: ftc1 } + let(:ftt2) { create :financial_transaction_type, financial_transaction_class: ftc2 } + let(:ftt3) { create :financial_transaction_type, financial_transaction_class: ftc2 } + + let(:amount) { rand(-100..100) } + let(:note) { Faker::Lorem.sentence } + + let(:json_ft) { json_response['financial_transaction'] } + + shared_examples "financial_transactions endpoint success" do + before { request } + + it "returns status 200" do + expect(response).to have_http_status :ok + end + end + + shared_examples "financial_transactions create/update success" do + include_examples "financial_transactions endpoint success" + + it "returns the financial_transaction" do + expect(json_ft['id']).to be_present + expect(json_ft['financial_transaction_type_id']).to eq ftt1.id + expect(json_ft['financial_transaction_type_name']).to eq ftt1.name + expect(json_ft['amount']).to eq amount + expect(json_ft['note']).to eq note + expect(json_ft['user_id']).to eq user.id + end + + it "updates the financial_transaction" do + resulting_ft = FinancialTransaction.where(id: json_ft['id']).first + expect(resulting_ft).to be_present + expect(resulting_ft.financial_transaction_type).to eq ftt1 + expect(resulting_ft.amount).to eq amount + expect(resulting_ft.note).to eq note + expect(resulting_ft.user).to eq user + end + end + + shared_examples "financial_transactions endpoint failure" do |status| + it "returns status #{status}" do + request + expect(response.status).to eq status + end + + it "does not change the ordergroup" do + expect { request }.to_not change { + user.ordergroup.attributes + } + end + + it "does not change the financial_transactions of ordergroup" do + expect { request }.to_not change { + user.ordergroup.financial_transactions.count + } + end + end + + describe "POST :create" do + let(:ft_params) { { amount: amount, financial_transaction_type_id: ftt1.id, note: note } } + let(:request) { post :create, params: { financial_transaction: ft_params, foodcoop: 'f' } } + + context 'without using self service' do + include_examples "financial_transactions endpoint failure", 403 + end + + context 'with using self service' do + before { FoodsoftConfig[:use_self_service] = true } + + context "with no existing financial transaction" do + include_examples "financial_transactions create/update success" + end + + context "with existing financial transaction" do + before { user.ordergroup.add_financial_transaction! 5000, 'for ordering', user, ftt3 } + + include_examples "financial_transactions create/update success" + end + + context "with invalid financial transaction type" do + let(:ft_params) { { amount: amount, financial_transaction_type_id: -1, note: note } } + + include_examples "financial_transactions endpoint failure", 404 + end + + context "without note" do + let(:ft_params) { { amount: amount, financial_transaction_type_id: ftt1.id } } + + include_examples "financial_transactions endpoint failure", 422 + end + + context 'without enough balance' do + before { FoodsoftConfig[:minimum_balance] = 1000 } + + include_examples "financial_transactions endpoint failure", 403 + end + end + end +end diff --git a/spec/api/v1/user/group_order_articles_spec.rb b/spec/api/v1/user/group_order_articles_spec.rb new file mode 100644 index 00000000..3bfa299e --- /dev/null +++ b/spec/api/v1/user/group_order_articles_spec.rb @@ -0,0 +1,220 @@ +require 'spec_helper' + +# Most routes are tested in the swagger_spec, this tests endpoints that change data. +describe Api::V1::User::GroupOrderArticlesController, type: :controller do + include ApiOAuth + let(:user) { create(:user, :ordergroup) } + let(:json_goa) { json_response['group_order_article'] } + let(:json_oa) { json_response['order_article'] } + let(:api_scopes) { ['group_orders:user'] } + + let(:order) { create(:order, article_count: 1) } + let(:oa_1) { order.order_articles.first } + + let(:other_quantity) { rand(1..10) } + let(:other_tolerance) { rand(1..10) } + let(:user_other) { create(:user, :ordergroup) } + let!(:go_other) { create(:group_order, order: order, ordergroup: user_other.ordergroup) } + let!(:goa_other) { create(:group_order_article, group_order: go_other, order_article: oa_1, quantity: other_quantity, tolerance: other_tolerance) } + + before { go_other.update_price!; user_other.ordergroup.update_stats! } + + shared_examples "group_order_articles endpoint success" do + before { request } + + it "returns status 200" do + expect(response).to have_http_status :ok + end + + it "returns the order_article" do + expect(json_oa['id']).to eq oa_1.id + expect(json_oa['quantity']).to eq new_quantity + other_quantity + expect(json_oa['tolerance']).to eq new_tolerance + other_tolerance + end + + it "updates the group_order" do + go = nil + expect { + request + go = user.ordergroup.group_orders.where(order: order).last + }.to change { go&.updated_by }.to(user) + .and change { go&.price } + end + end + + shared_examples "group_order_articles create/update success" do + include_examples "group_order_articles endpoint success" + + it "returns the group_order_article" do + expect(json_goa['id']).to be_present + expect(json_goa['order_article_id']).to eq oa_1.id + expect(json_goa['quantity']).to eq new_quantity + expect(json_goa['tolerance']).to eq new_tolerance + end + + it "updates the group_order_article" do + resulting_goa = GroupOrderArticle.where(id: json_goa['id']).first + expect(resulting_goa).to be_present + expect(resulting_goa.quantity).to eq new_quantity + expect(resulting_goa.tolerance).to eq new_tolerance + end + end + + shared_examples "group_order_articles endpoint failure" do |status| + it "returns status #{status}" do + request + expect(response.status).to eq status + end + + it "does not change the group_order" do + expect { request }.to_not change { + go = user.ordergroup.group_orders.where(order: order).last + go&.attributes + } + end + + it "does not change the group_order_article" do + expect { request }.to_not change { + goa = GroupOrderArticle.joins(:group_order) + .where(order_article_id: oa_1.id, group_orders: { ordergroup: user.ordergroup }).last + goa&.attributes + } + end + end + + describe "POST :create" do + let(:new_quantity) { rand(1..10) } + let(:new_tolerance) { rand(1..10) } + + let(:goa_params) { { order_article_id: oa_1.id, quantity: new_quantity, tolerance: new_tolerance } } + let(:request) { post :create, params: { group_order_article: goa_params, foodcoop: 'f' } } + + context "with no existing group_order" do + include_examples "group_order_articles create/update success" + end + + context "with an existing group_order" do + let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } + + include_examples "group_order_articles create/update success" + end + + context "with an existing group_order_article" do + let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } + let!(:goa) { create(:group_order_article, group_order: go, order_article: oa_1, quantity: 0, tolerance: 1) } + + before { go.update_price!; user.ordergroup.update_stats! } + + include_examples "group_order_articles endpoint failure", 422 + end + + context "with invalid parameter values" do + let(:goa_params) { { order_article_id: oa_1.id, quantity: -1, tolerance: new_tolerance } } + + include_examples "group_order_articles endpoint failure", 422 + end + + context 'with a closed order' do + let(:order) { create(:order, article_count: 1, state: :finished) } + + include_examples "group_order_articles endpoint failure", 404 + end + + context 'without enough balance' do + before { FoodsoftConfig[:minimum_balance] = 1000 } + + include_examples "group_order_articles endpoint failure", 403 + end + + context 'without enough apple points' do + before { allow_any_instance_of(Ordergroup).to receive(:not_enough_apples?).and_return(true) } + + include_examples "group_order_articles endpoint failure", 403 + end + end + + describe "PATCH :update" do + let(:new_quantity) { rand(2..10) } + let(:goa_params) { { quantity: new_quantity, tolerance: new_tolerance } } + let(:request) { patch :update, params: { id: goa.id, group_order_article: goa_params, foodcoop: 'f' } } + let(:new_tolerance) { rand(2..10) } + + let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } + let!(:goa) { create(:group_order_article, group_order: go, order_article: oa_1, quantity: 1, tolerance: 0) } + + before { go.update_price!; user.ordergroup.update_stats! } + + context "happy flow" do + include_examples "group_order_articles create/update success" + end + + context "with invalid parameter values" do + let(:goa_params) { { order_article_id: oa_1.id, quantity: -1, tolerance: new_tolerance } } + + include_examples "group_order_articles endpoint failure", 422 + end + + context 'with a closed order' do + let(:order) { create(:order, article_count: 1, state: :finished) } + + include_examples "group_order_articles endpoint failure", 404 + end + + context 'without enough balance' do + before { FoodsoftConfig[:minimum_balance] = 1000 } + + include_examples "group_order_articles endpoint failure", 403 + end + + context 'without enough apple points' do + before { allow_any_instance_of(Ordergroup).to receive(:not_enough_apples?).and_return(true) } + + include_examples "group_order_articles endpoint failure", 403 + end + end + + describe "DELETE :destroy" do + let(:new_quantity) { 0 } + let(:request) { delete :destroy, params: { id: goa.id, foodcoop: 'f' } } + let(:new_tolerance) { 0 } + + let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } + let!(:goa) { create(:group_order_article, group_order: go, order_article: oa_1) } + + before { go.update_price!; user.ordergroup.update_stats! } + + shared_examples "group_order_articles destroy success" do + include_examples "group_order_articles endpoint success" + + it "does not return the group_order_article" do + expect(json_goa).to be_nil + end + + it "deletes the group_order_article" do + expect(GroupOrderArticle.where(id: goa.id)).to be_empty + end + end + + context "happy flow" do + include_examples "group_order_articles destroy success" + end + + context 'with a closed order' do + let(:order) { create(:order, article_count: 1, state: :finished) } + + include_examples "group_order_articles endpoint failure", 404 + end + + context 'without enough balance' do + before { FoodsoftConfig[:minimum_balance] = 1000 } + + include_examples "group_order_articles destroy success" + end + + context 'without enough apple points' do + before { allow_any_instance_of(Ordergroup).to receive(:not_enough_apples?).and_return(true) } + + include_examples "group_order_articles destroy success" + end + end +end diff --git a/spec/api/v1/user/ordergroup_spec.rb b/spec/api/v1/user/ordergroup_spec.rb new file mode 100644 index 00000000..5eacb63e --- /dev/null +++ b/spec/api/v1/user/ordergroup_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper' + +describe Api::V1::User::OrdergroupController, type: :controller do + include ApiOAuth + let(:user) { create :user, :ordergroup } + let(:api_scopes) { ['finance:user'] } + + let(:ftc1) { create :financial_transaction_class } + let(:ftc2) { create :financial_transaction_class } + let(:ftt1) { create :financial_transaction_type, financial_transaction_class: ftc1 } + let(:ftt2) { create :financial_transaction_type, financial_transaction_class: ftc2 } + let(:ftt3) { create :financial_transaction_type, financial_transaction_class: ftc2 } + + describe "GET :financial_overview" do + let(:order) { create(:order, article_count: 1) } + let(:json_financial_overview) { json_response['financial_overview'] } + let(:oa_1) { order.order_articles.first } + + let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } + let!(:goa) { create(:group_order_article, group_order: go, order_article: oa_1, quantity: 1, tolerance: 0) } + + before { go.update_price!; user.ordergroup.update_stats! } + + before do + og = user.ordergroup + og.add_financial_transaction!(-1, '-1', user, ftt1) + og.add_financial_transaction!(2, '2', user, ftt1) + og.add_financial_transaction!(3, '3', user, ftt1) + + og.add_financial_transaction!(-10, '-10', user, ftt2) + og.add_financial_transaction!(20, '20', user, ftt2) + og.add_financial_transaction!(30, '30', user, ftt2) + + og.add_financial_transaction!(-100, '-100', user, ftt3) + og.add_financial_transaction!(200, '200', user, ftt3) + og.add_financial_transaction!(300, '300', user, ftt3) + end + + it "returns correct values" do + get :financial_overview, params: { foodcoop: 'f' } + expect(json_financial_overview['account_balance']).to eq 444 + expect(json_financial_overview['available_funds']).to eq 444 - go.price + + ftcs = Hash[json_financial_overview['financial_transaction_class_sums'].map { |x| [x['id'], x] }] + + ftcs1 = ftcs[ftc1.id] + expect(ftcs1['name']).to eq ftc1.name + expect(ftcs1['amount']).to eq 4 + + ftcs2 = ftcs[ftc2.id] + expect(ftcs2['name']).to eq ftc2.name + expect(ftcs2['amount']).to eq 440 + end + end +end diff --git a/spec/app_config.yml b/spec/app_config.yml index a9bd72b0..2e146be9 100644 --- a/spec/app_config.yml +++ b/spec/app_config.yml @@ -6,7 +6,6 @@ default: &defaults multi_coop_install: false - use_self_service: true default_scope: 'f' name: FC Minimal diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb deleted file mode 100644 index 35db7574..00000000 --- a/spec/controllers/application_controller_spec.rb +++ /dev/null @@ -1,12 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe ApplicationController, type: :controller do - describe 'current' do - it 'returns current ApplicationController' do - described_class.new.send(:store_controller) - expect(described_class.current).to be_instance_of described_class - end - end -end diff --git a/spec/controllers/articles_controller_spec.rb b/spec/controllers/articles_controller_spec.rb deleted file mode 100644 index b8772054..00000000 --- a/spec/controllers/articles_controller_spec.rb +++ /dev/null @@ -1,348 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe ArticlesController, type: :controller do - let(:user) { create :user, :role_article_meta } - let(:article_category_a) { create :article_category, name: "AAAA" } - let(:article_category_b) { create :article_category, name: "BBBB" } - let(:article_category_c) { create :article_category, name: "CCCC" } - let(:supplier) { create :supplier} - let(:article_a) { create :article, name: 'AAAA', note: "ZZZZ", unit: '750 g', article_category: article_category_b, availability: false, supplier_id: supplier.id } - let(:article_b) { create :article, name: 'BBBB', note: "XXXX", unit: '500 g', article_category: article_category_a, availability: true, supplier_id: supplier.id } - let(:article_c) { create :article, name: 'CCCC', note: "YYYY", unit: '250 g', article_category: article_category_c, availability: true, supplier_id: supplier.id } - let(:article_no_supplier) { create :article, name: 'no_supplier', note: "no_supplier", unit: '100 g', article_category: article_category_b, availability: true } - - let(:order) { create :order } - let(:order2) { create :order } - - def get_with_supplier(action, params: {}, xhr: false, format: nil) - params['supplier_id'] = supplier.id - get_with_defaults(action, params: params, xhr: xhr, format: format) - end - - def post_with_supplier(action, params: {}, xhr: false, format: nil) - params['supplier_id'] = supplier.id - post_with_defaults(action, params: params, xhr: xhr, format: format) - end - - before { login user } - - describe 'GET index' do - before do - supplier - article_a - article_b - article_c - supplier.reload - end - it 'assigns sorting on articles' do - sortings = [ - ['name', [article_a, article_b, article_c]], - ['name_reverse', [article_c, article_b, article_a]], - ['note', [article_b, article_c, article_a]], - ['note_reverse', [article_a, article_c, article_b]], - ['unit', [article_c, article_b, article_a]], - ['unit_reverse', [article_a, article_b, article_c]], - ['article_category', [article_b, article_a, article_c]], - ['article_category_reverse', [article_c, article_a, article_b]], - ['availability', [article_a, article_b, article_c]], - ['availability_reverse', [article_b, article_c, article_a]] - ] - sortings.each do |sorting| - get_with_supplier :index, params: { sort: sorting[0] } - expect(response).to have_http_status(:success) - expect(assigns(:articles).to_a).to eq(sorting[1]) - end - end - - it 'triggers an article csv' do - get_with_supplier :index, format: :csv - expect(response.header['Content-Type']).to include('text/csv') - expect(response.body).to include(article_a.unit, article_b.unit) - end - end - - describe 'new' do - it 'renders form for a new article' do - get_with_supplier :new, xhr: true - expect(response).to have_http_status(:success) - end - end - - describe 'copy' do - it 'renders form with copy of an article' do - get_with_supplier :copy, params: { article_id: article_a.id }, xhr: true - expect(assigns(:article).attributes).to eq(article_a.dup.attributes) - expect(response).to have_http_status(:success) - end - end - - describe '#create' do - it 'creates a new article' do - valid_attributes = article_a.attributes.except('id') - valid_attributes['name'] = 'ABAB' - get_with_supplier :create, params: { article: valid_attributes }, xhr: true - expect(response).to have_http_status(:success) - end - - it 'fails to create a new article and renders #new' do - get_with_supplier :create, params: { article: { id: nil } }, xhr: true - expect(response).to have_http_status(:success) - expect(response).to render_template('articles/new') - end - end - - describe 'edit' do - it 'opens form to edit article attributes' do - get_with_supplier :edit, params: { id: article_a.id }, xhr: true - expect(response).to have_http_status(:success) - expect(response).to render_template('articles/new') - end - end - - describe '#edit all' do - it 'renders edit_all' do - get_with_supplier :edit_all, xhr: true - expect(response).to have_http_status(:success) - expect(response).to render_template('articles/edit_all') - end - end - - describe '#update' do - it 'updates article attributes' do - get_with_supplier :update, params: { id: article_a.id, article: { unit: '300 g' } }, xhr: true - expect(assigns(:article).unit).to eq('300 g') - expect(response).to have_http_status(:success) - end - - it 'updates article with empty name attribute' do - get_with_supplier :update, params: { id: article_a.id, article: { name: nil } }, xhr: true - expect(response).to render_template('articles/new') - end - end - - describe '#update_all' do - it 'updates all articles' do - get_with_supplier :update_all, params: { articles: { "#{article_a.id}": attributes_for(:article), "#{article_b.id}": attributes_for(:article) } } - expect(response).to have_http_status(:redirect) - end - - it 'fails on updating all articles' do - get_with_supplier :update_all, params: { articles: { "#{article_a.id}": attributes_for(:article, name: 'ab') } } - expect(response).to have_http_status(:success) - expect(response).to render_template('articles/edit_all') - end - end - - describe '#update_selected' do - let(:order_article) { create :order_article, order: order, article: article_no_supplier } - - before do - order_article - end - - it 'updates selected articles' do - get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_b.id] } - expect(response).to have_http_status(:redirect) - end - - it 'destroys selected articles' do - get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_b.id], selected_action: 'destroy' } - article_a.reload - article_b.reload - expect(article_a).to be_deleted - expect(article_b).to be_deleted - expect(response).to have_http_status(:redirect) - end - - it 'sets availability false on selected articles' do - get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_b.id], selected_action: 'setNotAvailable' } - article_a.reload - article_b.reload - expect(article_a).not_to be_availability - expect(article_b).not_to be_availability - expect(response).to have_http_status(:redirect) - end - - it 'sets availability true on selected articles' do - get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_b.id], selected_action: 'setAvailable' } - article_a.reload - article_b.reload - expect(article_a).to be_availability - expect(article_b).to be_availability - expect(response).to have_http_status(:redirect) - end - - it 'fails deletion if one article is in open order' do - get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_no_supplier.id], selected_action: 'destroy' } - article_a.reload - article_no_supplier.reload - expect(article_a).not_to be_deleted - expect(article_no_supplier).not_to be_deleted - expect(response).to have_http_status(:redirect) - end - end - - describe '#parse_upload' do - let(:file) { Rack::Test::UploadedFile.new(Rails.root.join('spec/fixtures/files/upload_test.csv'), original_filename: 'upload_test.csv') } - - it 'updates particles from spreadsheet' do - post_with_supplier :parse_upload, params: { articles: { file: file, outlist_absent: '1', convert_units: '1' } } - expect(response).to have_http_status(:success) - end - - it 'missing file not updates particles from spreadsheet' do - post_with_supplier :parse_upload, params: { articles: { file: nil, outlist_absent: '1', convert_units: '1' } } - expect(response).to have_http_status(:redirect) - expect(flash[:alert]).to match(I18n.t('errors.general_msg', msg: "undefined method `original_filename' for \"\":String").to_s) - end - end - - describe '#sync' do - # TODO: double render error in controller - it 'throws double render error' do - expect do - post :sync, params: { foodcoop: FoodsoftConfig[:default_scope], supplier_id: supplier.id } - end.to raise_error(AbstractController::DoubleRenderError) - end - - xit 'updates particles from spreadsheet' do - post :sync, params: { foodcoop: FoodsoftConfig[:default_scope], supplier_id: supplier.id, articles: { '#{article_a.id}': attributes_for(:article), '#{article_b.id}': attributes_for(:article) } } - expect(response).to have_http_status(:redirect) - end - end - - describe '#destroy' do - let(:order_article) { create :order_article, order: order, article: article_no_supplier } - - before do - order_article - end - - it 'does not delete article if order open' do - get_with_supplier :destroy, params: { id: article_no_supplier.id }, xhr: true - expect(assigns(:article)).not_to be_deleted - expect(response).to have_http_status(:success) - expect(response).to render_template('articles/destroy') - end - - it 'deletes article if order closed' do - get_with_supplier :destroy, params: { id: article_b.id }, xhr: true - expect(assigns(:article)).to be_deleted - expect(response).to have_http_status(:success) - expect(response).to render_template('articles/destroy') - end - end - - describe '#update_synchronized' do - let(:order_article) { create :order_article, order: order, article: article_no_supplier } - - before do - order_article - article_a - article_b - article_no_supplier - end - - it 'deletes articles' do - # TODO: double render error in controller - get_with_supplier :update_synchronized, params: { outlisted_articles: { article_a.id => article_a, article_b.id => article_b } } - article_a.reload - article_b.reload - expect(article_a).to be_deleted - expect(article_b).to be_deleted - expect(response).to have_http_status(:redirect) - end - - it 'updates articles' do - get_with_supplier :update_synchronized, params: { articles: { article_a.id => { name: 'NewNameA' }, article_b.id => { name: 'NewNameB' } } } - expect(assigns(:updated_articles).first.name).to eq 'NewNameA' - expect(response).to have_http_status(:redirect) - end - - it 'does not update articles if article with same name exists' do - get_with_supplier :update_synchronized, params: { articles: { article_a.id => { unit: '2000 g' }, article_b.id => { name: 'AAAA' } } } - error_array = [assigns(:updated_articles).first.errors.first, assigns(:updated_articles).last.errors.first] - expect(error_array).to include(ActiveModel::Error) - expect(response).to have_http_status(:success) - end - - it 'does update articles if article with same name was deleted before' do - get_with_supplier :update_synchronized, params: { - outlisted_articles: { article_a.id => article_a }, - articles: { - article_a.id => { name: 'NewName' }, - article_b.id => { name: 'AAAA' } - } - } - error_array = [assigns(:updated_articles).first.errors.first, assigns(:updated_articles).last.errors.first] - expect(error_array).not_to be_any - expect(response).to have_http_status(:redirect) - end - - it 'does not delete articles in open order' do - get_with_supplier :update_synchronized, params: { outlisted_articles: { article_no_supplier.id => article_no_supplier } } - article_no_supplier.reload - expect(article_no_supplier).not_to be_deleted - expect(response).to have_http_status(:success) - end - - it 'assigns updated article_pairs on error' do - get_with_supplier :update_synchronized, params: { - articles: { article_a.id => { name: 'EEEE' } }, - outlisted_articles: { article_no_supplier.id => article_no_supplier } - } - expect(assigns(:updated_article_pairs).first).to eq([article_a, { name: 'EEEE' }]) - article_no_supplier.reload - expect(article_no_supplier).not_to be_deleted - expect(response).to have_http_status(:success) - end - - it 'updates articles in open order' do - get_with_supplier :update_synchronized, params: { articles: { article_no_supplier.id => { name: 'EEEE' } } } - article_no_supplier.reload - expect(article_no_supplier.name).to eq 'EEEE' - expect(response).to have_http_status(:redirect) - end - end - - describe '#shared' do - let(:shared_supplier) { create :shared_supplier, shared_articles: [shared_article] } - let(:shared_article) { create :shared_article, name: 'shared' } - let(:article_s) { create :article, name: 'SSSS', note: 'AAAA', unit: '250 g', article_category: article_category_a, availability: false } - - let(:supplier_with_shared) { create :supplier, shared_supplier: shared_supplier } - - it 'renders view with articles' do - get_with_defaults :shared, params: { supplier_id: supplier_with_shared.id, name_cont_all_joined: 'shared' }, xhr: true - expect(assigns(:supplier).shared_supplier.shared_articles).to be_any - expect(assigns(:articles)).to be_any - expect(response).to have_http_status(:success) - end - end - - describe '#import' do - let(:shared_supplier) { create :shared_supplier, shared_articles: [shared_article] } - let(:shared_article) { create :shared_article, name: 'shared' } - - before do - shared_article - article_category_a - end - - it 'fills form with article details' do - get_with_supplier :import, params: { article_category_id: article_category_b.id, direct: 'true', shared_article_id: shared_article.id }, xhr: true - expect(assigns(:article)).not_to be_nil - expect(response).to have_http_status(:success) - expect(response).to render_template(:create) - end - - it 'does redirect to :new if param :direct not set' do - get_with_supplier :import, params: { article_category_id: article_category_b.id, shared_article_id: shared_article.id }, xhr: true - expect(assigns(:article)).not_to be_nil - expect(response).to have_http_status(:success) - expect(response).to render_template(:new) - end - end -end diff --git a/spec/controllers/concerns/auth_concern_spec.rb b/spec/controllers/concerns/auth_concern_spec.rb deleted file mode 100644 index 10bf8ec7..00000000 --- a/spec/controllers/concerns/auth_concern_spec.rb +++ /dev/null @@ -1,212 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -class DummyAuthController < ApplicationController; end - -describe 'Auth concern', type: :controller do - controller DummyAuthController do - # Defining a dummy action for an anynomous controller which inherits from the described class. - def authenticate_blank - authenticate - end - - def authenticate_unknown_group - authenticate('nooby') - end - - def authenticate_pickups - authenticate('pickups') - head :ok unless performed? - end - - def authenticate_finance_or_orders - authenticate('finance_or_orders') - head :ok unless performed? - end - - def try_authenticate_membership_or_admin - authenticate_membership_or_admin - end - - def try_authenticate_or_token - authenticate_or_token('xyz') - head :ok unless performed? - end - - def call_deny_access - deny_access - end - - def call_current_user - current_user - end - - def call_login_and_redirect_to_return_to - user = User.find(params[:user_id]) - login_and_redirect_to_return_to(user) - end - - def call_login - user = User.find(params[:user_id]) - login(user) - end - end - - # unit testing protected/private methods - describe 'protected/private methods' do - let(:user) { create :user } - let(:wrong_user) { create :user } - - describe '#current_user' do - before do - login user - routes.draw { get 'call_current_user' => 'dummy_auth#call_current_user' } - end - - describe 'with valid session' do - it 'returns current_user' do - get_with_defaults :call_current_user, params: { user_id: user.id }, format: JSON - expect(assigns(:current_user)).to eq user - end - end - - describe 'with invalid session' do - it 'not returns current_user' do - session[:user_id] = nil - get_with_defaults :call_current_user, params: { user_id: nil }, format: JSON - expect(assigns(:current_user)).to be_nil - end - end - end - - describe '#deny_access' do - it 'redirects to root_url' do - login user - routes.draw { get 'deny_access' => 'dummy_auth#call_deny_access' } - get_with_defaults :call_deny_access - expect(response).to redirect_to(root_url) - end - end - - describe '#login' do - before do - routes.draw { get 'call_login' => 'dummy_auth#call_login' } - end - - it 'sets user in session' do - login wrong_user - get_with_defaults :call_login, params: { user_id: user.id }, format: JSON - expect(session[:user_id]).to eq user.id - expect(session[:scope]).to eq FoodsoftConfig.scope - expect(session[:locale]).to eq user.locale - end - end - - describe '#login_and_redirect_to_return_to' do - it 'redirects to already set target' do - login user - session[:return_to] = my_profile_url - routes.draw { get 'call_login_and_redirect_to_return_to' => 'dummy_auth#call_login_and_redirect_to_return_to' } - get_with_defaults :call_login_and_redirect_to_return_to, params: { user_id: user.id } - expect(session[:return_to]).to be_nil - end - end - end - - describe 'authenticate' do - describe 'not logged in' do - it 'does not authenticate' do - routes.draw { get 'authenticate_blank' => 'dummy_auth#authenticate_blank' } - get_with_defaults :authenticate_blank - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(login_path) - expect(flash[:alert]).to match(I18n.t('application.controller.error_authn')) - end - end - - describe 'logged in' do - let(:user) { create :user } - let(:pickups_user) { create :user, :role_pickups } - let(:finance_user) { create :user, :role_finance } - let(:orders_user) { create :user, :role_orders } - - it 'does not authenticate with unknown group' do - login user - routes.draw { get 'authenticate_unknown_group' => 'dummy_auth#authenticate_unknown_group' } - get_with_defaults :authenticate_unknown_group - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(root_path) - expect(flash[:alert]).to match(I18n.t('application.controller.error_denied', sign_in: ActionController::Base.helpers.link_to(I18n.t('application.controller.error_denied_sign_in'), login_path))) - end - - it 'does not authenticate with pickups group' do - login pickups_user - routes.draw { get 'authenticate_pickups' => 'dummy_auth#authenticate_pickups' } - get_with_defaults :authenticate_pickups - expect(response).to have_http_status(:success) - end - - it 'does not authenticate with finance group' do - login finance_user - routes.draw { get 'authenticate_finance_or_orders' => 'dummy_auth#authenticate_finance_or_orders' } - get_with_defaults :authenticate_finance_or_orders - expect(response).to have_http_status(:success) - end - - it 'does not authenticate with orders group' do - login orders_user - routes.draw { get 'authenticate_finance_or_orders' => 'dummy_auth#authenticate_finance_or_orders' } - get_with_defaults :authenticate_finance_or_orders - expect(response).to have_http_status(:success) - end - end - end - - describe 'authenticate_membership_or_admin' do - describe 'logged in' do - let(:pickups_user) { create :user, :role_pickups } - let(:workgroup) { create :workgroup } - - it 'redirects with not permitted group' do - group_id = workgroup.id - login pickups_user - routes.draw { get 'try_authenticate_membership_or_admin' => 'dummy_auth#try_authenticate_membership_or_admin' } - get_with_defaults :try_authenticate_membership_or_admin, params: { id: group_id } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(root_path) - expect(flash[:alert]).to match(I18n.t('application.controller.error_members_only')) - end - end - end - - describe 'authenticate_or_token' do - describe 'logged in' do - let(:token_verifier) { TokenVerifier.new('xyz') } - let(:token_msg) { token_verifier.generate } - let(:user) { create :user } - - before { login user } - - it 'authenticates token' do - routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' } - get_with_defaults :try_authenticate_or_token, params: { token: token_msg } - expect(response).not_to have_http_status(:redirect) - end - - it 'redirects on faulty token' do - routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' } - get_with_defaults :try_authenticate_or_token, params: { token: 'abc' } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(root_path) - expect(flash[:alert]).to match(I18n.t('application.controller.error_token')) - end - - it 'authenticates current user on empty token' do - routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' } - get_with_defaults :try_authenticate_or_token - expect(response).to have_http_status(:success) - end - end - end -end diff --git a/spec/controllers/finance/balancing_controller_spec.rb b/spec/controllers/finance/balancing_controller_spec.rb deleted file mode 100644 index d62b9974..00000000 --- a/spec/controllers/finance/balancing_controller_spec.rb +++ /dev/null @@ -1,211 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe Finance::BalancingController, type: :controller do - let(:user) { create :user, :role_finance, :role_orders, groups: [create(:ordergroup)] } - - before { login user } - - describe 'GET index' do - let(:order) { create :order } - - it 'renders index page' do - get_with_defaults :index - expect(response).to have_http_status(:success) - expect(response).to render_template('finance/balancing/index') - end - end - - describe 'new balancing' do - let(:supplier) { create :supplier } - let(:article1) { create :article, name: 'AAAA', supplier: supplier, unit_quantity: 1 } - let(:article2) { create :article, name: 'AAAB', supplier: supplier, unit_quantity: 1 } - - let(:order) { create :order, supplier: supplier, article_ids: [article1.id, article2.id] } - - let(:go1) { create :group_order, order: order } - let(:go2) { create :group_order, order: order } - let(:oa1) { order.order_articles.find_by_article_id(article1.id) } - let(:oa2) { order.order_articles.find_by_article_id(article2.id) } - let(:oa3) { order2.order_articles.find_by_article_id(article2.id) } - let(:goa1) { create :group_order_article, group_order: go1, order_article: oa1 } - let(:goa2) { create :group_order_article, group_order: go1, order_article: oa2 } - - before do - goa1.update_quantities(3, 0) - goa2.update_quantities(1, 0) - oa1.update_results! - oa2.update_results! - end - - it 'renders new order page' do - get_with_defaults :new, params: { order_id: order.id } - expect(response).to have_http_status(:success) - expect(response).to render_template('finance/balancing/new') - end - - it 'assigns sorting on articles' do - sortings = [ - ['name', [oa1, oa2]], - ['name_reverse', [oa2, oa1]], - ['order_number', [oa1, oa2]], - ['order_number_reverse', [oa1, oa2]] # just one order - ] - sortings.each do |sorting| - get_with_defaults :new, params: { order_id: order.id, sort: sorting[0] } - expect(response).to have_http_status(:success) - expect(assigns(:articles).to_a).to eq(sorting[1]) - end - end - end - - describe 'update summary' do - let(:order) { create(:order) } - - it 'shows the summary view' do - get_with_defaults :update_summary, params: { id: order.id }, xhr: true - expect(response).to have_http_status(:success) - expect(response).to render_template('finance/balancing/update_summary') - end - end - - describe 'new_on_order' do - let(:order) { create(:order) } - let(:order_article) { order.order_articles.first } - - it 'calls article update' do - get_with_defaults :new_on_order_article_update, params: { id: order.id, order_article_id: order_article.id }, xhr: true - expect(response).not_to render_template(layout: 'application') - expect(response).to render_template('finance/balancing/new_on_order_article_update') - end - - it 'calls article create' do - get_with_defaults :new_on_order_article_create, params: { id: order.id, order_article_id: order_article.id }, xhr: true - expect(response).not_to render_template(layout: 'application') - expect(response).to render_template('finance/balancing/new_on_order_article_create') - end - end - - describe 'edit_note' do - let(:order) { create(:order) } - - it 'updates order note' do - get_with_defaults :edit_note, params: { id: order.id, order: { note: 'Hello' } }, xhr: true - expect(response).to have_http_status(:success) - expect(response).to render_template('finance/balancing/edit_note') - end - end - - describe 'update_note' do - let(:order) { create(:order) } - - it 'updates order note' do - get_with_defaults :update_note, params: { id: order.id, order: { note: 'Hello' } }, xhr: true - expect(response).to have_http_status(:success) - end - - it 'redirects to edit note on failed update' do - get_with_defaults :update_note, params: { id: order.id, order: { article_ids: nil } }, xhr: true - expect(response).to have_http_status(:success) - expect(response).to render_template('finance/balancing/edit_note') - end - end - - describe 'transport' do - let(:order) { create(:order) } - - it 'calls the edit transport view' do - get_with_defaults :edit_transport, params: { id: order.id }, xhr: true - expect(response).to have_http_status(:success) - expect(response).to render_template('finance/balancing/edit_transport') - end - - it 'does redirect if order valid' do - get_with_defaults :update_transport, params: { id: order.id, order: { ends: Time.now } }, xhr: true - expect(response).to have_http_status(:redirect) - expect(assigns(:order).errors.count).to eq(0) - expect(response).to redirect_to(new_finance_order_path(order_id: order.id)) - end - - it 'does redirect if order invalid' do - get_with_defaults :update_transport, params: { id: order.id, order: { starts: Time.now + 2, ends: Time.now } }, xhr: true - expect(assigns(:order).errors.count).to eq(1) - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(new_finance_order_path(order_id: order.id)) - end - end - - describe 'confirm' do - let(:order) { create(:order) } - - it 'renders the confirm template' do - get_with_defaults :confirm, params: { id: order.id }, xhr: true - expect(response).to have_http_status(:success) - expect(response).to render_template('finance/balancing/confirm') - end - end - - describe 'close and update account balances' do - let(:order) { create(:order) } - let(:order1) { create(:order, ends: Time.now) } - let(:fft) { create(:financial_transaction_type) } - - it 'does not close order if ends not set' do - get_with_defaults :close, params: { id: order.id, type: fft.id } - expect(assigns(:order)).not_to be_closed - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(new_finance_order_url(order_id: order.id)) - end - - it 'closes order' do - get_with_defaults :close, params: { id: order1.id, type: fft.id } - expect(assigns(:order)).to be_closed - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(finance_order_index_url) - end - end - - describe 'close direct' do - let(:order) { create(:order) } - - it 'does not close order if already closed' do - order.close_direct!(user) - get_with_defaults :close_direct, params: { id: order.id } - expect(assigns(:order)).to be_closed - end - - it 'closes order directly' do - get_with_defaults :close_direct, params: { id: order.id } - expect(assigns(:order)).to be_closed - end - end - - describe 'close all direct' do - let(:invoice) { create(:invoice) } - let(:invoice1) { create(:invoice) } - let(:order) { create(:order, state: 'finished', ends: Time.now + 2.hours, invoice: invoice) } - let(:order1) { create(:order, state: 'finished', ends: Time.now + 2.hours) } - - before do - order - order1 - end - - it 'does close orders' do - get_with_defaults :close_all_direct_with_invoice - order.reload - expect(order).to be_closed - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(finance_order_index_url) - end - - it 'does not close orders when invoice not set' do - get_with_defaults :close_all_direct_with_invoice - order1.reload - expect(order1).not_to be_closed - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(finance_order_index_url) - end - end -end diff --git a/spec/controllers/finance/base_controller_spec.rb b/spec/controllers/finance/base_controller_spec.rb deleted file mode 100644 index 388f3a17..00000000 --- a/spec/controllers/finance/base_controller_spec.rb +++ /dev/null @@ -1,30 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe Finance::BaseController, type: :controller do - let(:user) { create :user, :role_finance, :role_orders, :ordergroup } - - before { login user } - - describe 'GET index' do - let(:fin_trans) { create_list :financial_transaction, 3, user: user, ordergroup: user.ordergroup } - let(:orders) { create_list :order, 2, state: 'finished' } - let(:invoices) { create_list :invoice, 4 } - - before do - fin_trans - orders - invoices - end - - it 'renders index page' do - get_with_defaults :index - expect(response).to have_http_status(:success) - expect(response).to render_template('finance/index') - expect(assigns(:financial_transactions).size).to eq(fin_trans.size) - expect(assigns(:orders).size).to eq(orders.size) - expect(assigns(:unpaid_invoices).size).to eq(invoices.size) - end - end -end diff --git a/spec/controllers/home_controller_spec.rb b/spec/controllers/home_controller_spec.rb deleted file mode 100644 index be106282..00000000 --- a/spec/controllers/home_controller_spec.rb +++ /dev/null @@ -1,197 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe HomeController, type: :controller do - let(:user) { create :user } - - describe 'GET index' do - describe 'NOT logged in' do - it 'redirects' do - get_with_defaults :profile - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(login_path) - end - end - - describe 'logegd in' do - before { login user } - - it 'assigns tasks' do - get_with_defaults :index - - expect(assigns(:unaccepted_tasks)).not_to be_nil - expect(assigns(:next_tasks)).not_to be_nil - expect(assigns(:unassigned_tasks)).not_to be_nil - expect(response).to render_template('home/index') - end - end - end - - describe 'GET profile' do - before { login user } - - it 'renders dashboard' do - get_with_defaults :profile - expect(response).to have_http_status(:success) - expect(response).to render_template('home/profile') - end - end - - describe 'GET reference_calculator' do - describe 'with simple user' do - before { login user } - - it 'redirects to home' do - get_with_defaults :reference_calculator - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(root_path) - end - end - - describe 'with ordergroup user' do - let(:og_user) { create :user, :ordergroup } - - before { login og_user } - - it 'renders reference calculator' do - get_with_defaults :reference_calculator - expect(response).to have_http_status(:success) - expect(response).to render_template('home/reference_calculator') - end - end - end - - describe 'GET update_profile' do - describe 'with simple user' do - let(:unchanged_attributes) { user.attributes.slice('first_name', 'last_name', 'email') } - let(:changed_attributes) { attributes_for :user } - let(:invalid_attributes) { { email: 'e.mail.com' } } - - before { login user } - - it 'renders profile after update with invalid attributes' do - get_with_defaults :update_profile, params: { user: invalid_attributes } - expect(response).to have_http_status(:success) - expect(response).to render_template('home/profile') - expect(assigns(:current_user).errors.present?).to be true - end - - it 'redirects to profile after update with unchanged attributes' do - get_with_defaults :update_profile, params: { user: unchanged_attributes } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(my_profile_path) - end - - it 'redirects to profile after update' do - patch :update_profile, params: { foodcoop: FoodsoftConfig[:default_scope], user: changed_attributes } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(my_profile_path) - expect(flash[:notice]).to match(/#{I18n.t('home.changes_saved')}/) - expect(user.reload.attributes.slice(:first_name, :last_name, :email)).to eq(changed_attributes.slice('first_name', 'last_name', 'email')) - end - end - - describe 'with ordergroup user' do - let(:og_user) { create :user, :ordergroup } - let(:unchanged_attributes) { og_user.attributes.slice('first_name', 'last_name', 'email') } - let(:changed_attributes) { unchanged_attributes.merge({ ordergroup: { contact_address: 'new Adress 7' } }) } - - before { login og_user } - - it 'redirects to home after update' do - get_with_defaults :update_profile, params: { user: changed_attributes } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(my_profile_path) - expect(og_user.reload.ordergroup.contact_address).to eq('new Adress 7') - end - end - end - - describe 'GET ordergroup' do - describe 'with simple user' do - before { login user } - - it 'redirects to home' do - get_with_defaults :ordergroup - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(root_path) - end - end - - describe 'with ordergroup user' do - let(:og_user) { create :user, :ordergroup } - - before { login og_user } - - it 'renders ordergroup' do - get_with_defaults :ordergroup - expect(response).to have_http_status(:success) - expect(response).to render_template('home/ordergroup') - end - - describe 'assigns sortings' do - let(:fin_trans1) { create :financial_transaction, user: og_user, ordergroup: og_user.ordergroup, note: 'A', amount: 100 } - let(:fin_trans2) { create :financial_transaction, user: og_user, ordergroup: og_user.ordergroup, note: 'B', amount: 200, created_on: Time.now + 1.minute } - - before do - fin_trans1 - fin_trans2 - end - - it 'by criteria' do - sortings = [ - ['date', [fin_trans1, fin_trans2]], - ['note', [fin_trans1, fin_trans2]], - ['amount', [fin_trans1, fin_trans2]], - ['date_reverse', [fin_trans2, fin_trans1]], - ['note_reverse', [fin_trans2, fin_trans1]], - ['amount_reverse', [fin_trans2, fin_trans1]] - ] - sortings.each do |sorting| - get_with_defaults :ordergroup, params: { sort: sorting[0] } - expect(response).to have_http_status(:success) - expect(assigns(:financial_transactions).to_a).to eq(sorting[1]) - end - end - end - end - end - - describe 'GET cancel_membership' do - describe 'with simple user without group' do - before { login user } - - it 'fails' do - expect do - get_with_defaults :cancel_membership - end.to raise_error(ActiveRecord::RecordNotFound) - expect do - get_with_defaults :cancel_membership, params: { membership_id: 424242 } - end.to raise_error(ActiveRecord::RecordNotFound) - end - end - - describe 'with ordergroup user' do - let(:fin_user) { create :user, :role_finance } - - before { login fin_user } - - it 'removes user from group' do - membership = fin_user.memberships.first - get_with_defaults :cancel_membership, params: { group_id: fin_user.groups.first.id } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(my_profile_path) - expect(flash[:notice]).to match(/#{I18n.t('home.ordergroup_cancelled', :group => membership.group.name)}/) - end - - it 'removes user membership' do - membership = fin_user.memberships.first - get_with_defaults :cancel_membership, params: { membership_id: membership.id } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(my_profile_path) - expect(flash[:notice]).to match(/#{I18n.t('home.ordergroup_cancelled', :group => membership.group.name)}/) - end - end - end -end diff --git a/spec/controllers/login_controller_spec.rb b/spec/controllers/login_controller_spec.rb deleted file mode 100644 index c824e429..00000000 --- a/spec/controllers/login_controller_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe LoginController, type: :controller do - let(:invite) { create :invite } - - describe 'GET accept_invitation' do - let(:expired_invite) { create :expired_invite } - - describe 'with valid token' do - it 'accepts invitation' do - get_with_defaults :accept_invitation, params: { token: invite.token } - expect(response).to have_http_status(:success) - expect(response).to render_template('login/accept_invitation') - end - end - - describe 'with invalid token' do - it 'redirects to login' do - get_with_defaults :accept_invitation, params: { token: invite.token + 'XX' } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(login_url) - expect(flash[:alert]).to match(I18n.t('login.controller.error_invite_invalid')) - end - end - - describe 'with timed out token' do - it 'redirects to login' do - get_with_defaults :accept_invitation, params: { token: expired_invite.token } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(login_url) - expect(flash[:alert]).to match(I18n.t('login.controller.error_invite_invalid')) - end - end - - describe 'without group' do - it 'redirects to login' do - invite.group.destroy - get_with_defaults :accept_invitation, params: { token: invite.token } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(login_url) - expect(flash[:alert]).to match(I18n.t('login.controller.error_group_invalid')) - end - end - end - - describe 'POST accept_invitation' do - describe 'with invalid parameters' do - it 'renders accept_invitation view' do - post_with_defaults :accept_invitation, params: { token: invite.token, user: invite.user.slice('first_name') } - expect(response).to have_http_status(:success) - expect(response).to render_template('login/accept_invitation') - expect(assigns(:user).errors.present?).to be true - end - end - - describe 'with valid parameters' do - it 'redirects to login' do - post_with_defaults :accept_invitation, params: { token: invite.token, user: invite.user.slice('first_name', 'password') } - expect(response).to have_http_status(:redirect) - expect(response).to redirect_to(login_url) - expect(flash[:notice]).to match(I18n.t('login.controller.accept_invitation.notice')) - end - end - end -end diff --git a/spec/factories/invite.rb b/spec/factories/invite.rb deleted file mode 100644 index 51d48840..00000000 --- a/spec/factories/invite.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'factory_bot' - -FactoryBot.define do - factory :invite do - user { create :user } - group { create :group } - email { Faker::Internet.email } - - factory :expired_invite do - after :create do |invite| - invite.update_column(:expires_at, Time.now.yesterday) - end - end - end -end diff --git a/spec/factories/order_article.rb b/spec/factories/order_article.rb deleted file mode 100644 index 99ca8701..00000000 --- a/spec/factories/order_article.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'factory_bot' - -FactoryBot.define do - factory :order_article do - order { create :order } - article { create :article } - end -end diff --git a/spec/fixtures/files/upload_test.csv b/spec/fixtures/files/upload_test.csv deleted file mode 100644 index ac2f59b0..00000000 --- a/spec/fixtures/files/upload_test.csv +++ /dev/null @@ -1,3 +0,0 @@ -avail.;Order number;Name;Note;Manufacturer;Origin;Unit;Price (net);VAT;Deposit;Unit quantity;"";"";Category -"";;AAAA;AAAA;;;500 g;25.55;6.0;0.0;1;"";"";AAAA -"";;BBBB;BBBB;;;250 g;12.11;6.0;0.0;2;"";"";BBBB diff --git a/spec/fixtures/upload_test.csv b/spec/fixtures/upload_test.csv deleted file mode 100644 index ac2f59b0..00000000 --- a/spec/fixtures/upload_test.csv +++ /dev/null @@ -1,3 +0,0 @@ -avail.;Order number;Name;Note;Manufacturer;Origin;Unit;Price (net);VAT;Deposit;Unit quantity;"";"";Category -"";;AAAA;AAAA;;;500 g;25.55;6.0;0.0;1;"";"";AAAA -"";;BBBB;BBBB;;;250 g;12.11;6.0;0.0;2;"";"";BBBB diff --git a/spec/models/supplier_spec.rb b/spec/models/supplier_spec.rb index 6bcc6e7b..70ba6def 100644 --- a/spec/models/supplier_spec.rb +++ b/spec/models/supplier_spec.rb @@ -19,13 +19,9 @@ describe Supplier do end it 'return correct tolerance' do - supplier = create :supplier - articles = create_list(:article, 1, unit_quantity: 1, supplier_id: supplier.id) - supplier.reload + supplier = create :supplier, articles: create_list(:article, 1, unit_quantity: 1) expect(supplier.has_tolerance?).to be false - supplier2 = create :supplier - articles = create_list(:article, 1, unit_quantity: 2, supplier_id: supplier2.id) - supplier.reload + supplier2 = create :supplier, articles: create_list(:article, 1, unit_quantity: 2) expect(supplier2.has_tolerance?).to be true end diff --git a/spec/requests/api/article_categories_spec.rb b/spec/requests/api/article_categories_spec.rb deleted file mode 100644 index 4c079ff2..00000000 --- a/spec/requests/api/article_categories_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -require 'swagger_helper' - -describe 'Article Categories', type: :request do - include ApiHelper - - path '/article_categories' do - get 'article categories' do - tags 'Category' - produces 'application/json' - pagination_param - let(:order_article) { create(:order, article_count: 1).order_articles.first } - let(:stock_article) { create(:stock_article) } - let(:stock_order_article) { create(:stock_order, article_ids: [stock_article.id]).order_articles.first } - - response '200', 'success' do - schema type: :object, properties: { - article_categories: { - type: :array, - items: { - '$ref': '#/components/schemas/ArticleCategory' - } - } - } - run_test! - end - - it_handles_invalid_token - end - end - - path '/article_categories/{id}' do - get 'find article category by id' do - tags 'Category' - produces 'application/json' - id_url_param - - response '200', 'article category found' do - schema type: :object, properties: { - article_categories: { - type: :array, - items: { - '$ref': '#/components/schemas/ArticleCategory' - } - } - } - let(:id) { create(:article_category, name: 'dairy').id } - run_test! - end - it_handles_invalid_token_with_id - it_cannot_find_object - end - end -end diff --git a/spec/requests/api/configs_spec.rb b/spec/requests/api/configs_spec.rb deleted file mode 100644 index 75f48ceb..00000000 --- a/spec/requests/api/configs_spec.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'swagger_helper' - -describe 'Config', type: :request do - include ApiHelper - - path '/config' do - get 'configuration variables' do - tags 'General' - produces 'application/json' - let(:api_scopes) { ['config:user'] } - - response '200', 'success' do - schema type: :object, properties: {} - run_test! - end - - it_handles_invalid_token_and_scope - end - end -end diff --git a/spec/requests/api/financial_transaction_classes_spec.rb b/spec/requests/api/financial_transaction_classes_spec.rb deleted file mode 100644 index 1eaf046f..00000000 --- a/spec/requests/api/financial_transaction_classes_spec.rb +++ /dev/null @@ -1,54 +0,0 @@ -require 'swagger_helper' - -describe 'Financial Transaction Classes', type: :request do - include ApiHelper - - path '/financial_transaction_classes' do - get 'financial transaction classes' do - tags 'Category' - produces 'application/json' - pagination_param - let(:financial_transaction_class) { create(:financial_transaction_class) } - - response '200', 'success' do - schema type: :object, properties: { - meta: { '$ref' => '#/components/schemas/Meta' }, - financial_transaction_class: { - type: :array, - items: { - '$ref': '#/components/schemas/FinancialTransactionClass' - } - } - } - - run_test! - end - - it_handles_invalid_token - end - end - - path '/financial_transaction_classes/{id}' do - get 'Retrieves a financial transaction class' do - tags 'Category' - produces 'application/json' - id_url_param - - response '200', 'financial transaction class found' do - schema type: :object, properties: { - financial_transaction_classes: { - type: :array, - items: { - '$ref': '#/components/schemas/FinancialTransactionClass' - } - } - } - let(:id) { create(:financial_transaction_class).id } - run_test! - end - - it_handles_invalid_token_with_id - it_cannot_find_object 'financial transaction class not found' - end - end -end diff --git a/spec/requests/api/financial_transaction_types_spec.rb b/spec/requests/api/financial_transaction_types_spec.rb deleted file mode 100644 index 82a30f83..00000000 --- a/spec/requests/api/financial_transaction_types_spec.rb +++ /dev/null @@ -1,52 +0,0 @@ -require 'swagger_helper' - -describe 'Financial Transaction types', type: :request do - include ApiHelper - - path '/financial_transaction_types' do - get 'financial transaction types' do - tags 'Category' - produces 'application/json' - pagination_param - let(:financial_transaction_type) { create(:financial_transaction_type) } - response '200', 'success' do - schema type: :object, properties: { - meta: { '$ref' => '#/components/schemas/Meta' }, - financial_transaction_type: { - type: :array, - items: { - '$ref': '#/components/schemas/FinancialTransactionType' - } - } - } - run_test! - end - - it_handles_invalid_token - end - end - - path '/financial_transaction_types/{id}' do - get 'find financial transaction type by id' do - tags 'Category' - produces 'application/json' - id_url_param - - response '200', 'financial transaction type found' do - schema type: :object, properties: { - financial_transaction_types: { - type: :array, - items: { - '$ref': '#/components/schemas/FinancialTransactionType' - } - } - } - let(:id) { create(:financial_transaction_type).id } - run_test! - end - - it_handles_invalid_token_with_id - it_cannot_find_object 'financial transaction type not found' - end - end -end diff --git a/spec/requests/api/financial_transactions_spec.rb b/spec/requests/api/financial_transactions_spec.rb deleted file mode 100644 index 1d3ef2b9..00000000 --- a/spec/requests/api/financial_transactions_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -require 'swagger_helper' - -describe 'Financial Transaction', type: :request do - include ApiHelper - let!(:finance_user) { create(:user, groups: [create(:workgroup, role_finance: true)]) } - let!(:api_scopes) { ['finance:read', 'finance:write'] } - let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: finance_user.id, scopes: api_scopes&.join(' ')).token } - let(:financial_transaction) { create(:financial_transaction, user: user) } - - path '/financial_transactions' do - get 'financial transactions' do - tags 'Financial Transaction' - produces 'application/json' - pagination_param - - response '200', 'success' do - schema type: :object, properties: { - meta: { '$ref' => '#/components/schemas/Meta' }, - financial_transaction: { - type: :array, - items: { - '$ref': '#/components/schemas/FinancialTransaction' - } - } - } - - run_test! - end - it_handles_invalid_token_and_scope - end - end - - path '/financial_transactions/{id}' do - get 'Retrieves a financial transaction ' do - tags 'Financial Transaction' - produces 'application/json' - id_url_param - - response '200', 'financial transaction found' do - schema type: :object, properties: { - financial_transaction: { - type: :array, - items: { - '$ref': '#/components/schemas/FinancialTransaction' - } - } - } - let(:id) { FinancialTransaction.create(user: user).id } - run_test! - end - it_handles_invalid_token_with_id - it_handles_invalid_scope_with_id - it_cannot_find_object 'financial transaction not found' - end - end -end diff --git a/spec/requests/api/navigations_spec.rb b/spec/requests/api/navigations_spec.rb deleted file mode 100644 index c2312437..00000000 --- a/spec/requests/api/navigations_spec.rb +++ /dev/null @@ -1,24 +0,0 @@ -require 'swagger_helper' - -describe 'Navigation', type: :request do - include ApiHelper - - path '/navigation' do - get 'navigation' do - tags 'General' - produces 'application/json' - - response '200', 'success' do - schema type: :object, properties: { - navigation: { - '$ref' => '#/components/schemas/Navigation' - } - } - - run_test! - end - - it_handles_invalid_token - end - end -end diff --git a/spec/requests/api/order_articles_spec.rb b/spec/requests/api/order_articles_spec.rb deleted file mode 100644 index 17feefa6..00000000 --- a/spec/requests/api/order_articles_spec.rb +++ /dev/null @@ -1,115 +0,0 @@ -require 'swagger_helper' - -describe 'Order Articles', type: :request do - include ApiHelper - - path '/order_articles' do - get 'order articles' do - tags 'Order' - produces 'application/json' - pagination_param - q_ordered_url_param - - let(:api_scopes) { ['orders:read', 'orders:write'] } - let(:order) { create(:order, article_count: 4) } - let(:order_articles) { order.order_articles } - - before do - order_articles[0].update! quantity: 0, tolerance: 0, units_to_order: 0 - order_articles[1].update! quantity: 1, tolerance: 0, units_to_order: 0 - order_articles[2].update! quantity: 0, tolerance: 1, units_to_order: 0 - order_articles[3].update! quantity: 0, tolerance: 0, units_to_order: 1 - end - - response '200', 'success' do - schema type: :object, properties: { - meta: { '$ref' => '#/components/schemas/Meta' }, - order_articles: { - type: :array, - items: { - '$ref': '#/components/schemas/OrderArticle' - } - } - } - describe '(unset)' do - run_test! - end - - describe 'all' do - let(:q) { { q: { ordered: 'all' } } } - - run_test! do |response| - json_order_articles = JSON.parse(response.body)['order_articles'] - json_order_article_ids = json_order_articles.map { |d| d['id'].to_i } - expect(json_order_article_ids).to match_array order_articles[1..2].map(&:id) - end - end - - describe 'when ordered by supplier' do - let(:q) { { q: { ordered: 'supplier' } } } - - run_test! do |response| - json_order_articles = JSON.parse(response.body)['order_articles'] - json_order_article_ids = json_order_articles.map { |d| d['id'].to_i } - expect(json_order_article_ids).to match_array [order_articles[3].id] - end - end - - describe 'when ordered by member' do - let(:q) { { q: { ordered: 'member' } } } - - run_test! do |response| - json_order_articles = JSON.parse(response.body)['order_articles'] - expect(json_order_articles.count).to eq 0 - end - end - - context 'when ordered by user' do - let(:user) { create(:user, :ordergroup) } - let(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } - - before do - create(:group_order_article, group_order: go, order_article: order_articles[1], quantity: 1) - create(:group_order_article, group_order: go, order_article: order_articles[2], tolerance: 0) - end - - describe 'member' do - let(:q) { { q: { ordered: 'member' } } } - - run_test! do |response| - json_order_articles = JSON.parse(response.body)['order_articles'] - json_order_article_ids = json_order_articles.map { |d| d['id'].to_i } - expect(json_order_article_ids).to match_array order_articles[1..2].map(&:id) - end - end - end - end - - it_handles_invalid_token_and_scope - end - end - - path '/order_articles/{id}' do - get 'order articles' do - tags 'Order' - produces 'application/json' - id_url_param - let(:api_scopes) { ['orders:read', 'orders:write'] } - - response '200', 'success' do - schema type: :object, properties: { - order_article: { - '$ref': '#/components/schemas/OrderArticle' - } - } - let(:order) { create(:order, article_count: 1) } - let(:id) { order.order_articles.first.id } - - run_test! - end - - it_handles_invalid_token_and_scope - it_cannot_find_object 'order article not found' - end - end -end diff --git a/spec/requests/api/orders_spec.rb b/spec/requests/api/orders_spec.rb deleted file mode 100644 index c0505d7f..00000000 --- a/spec/requests/api/orders_spec.rb +++ /dev/null @@ -1,55 +0,0 @@ -require 'swagger_helper' - -describe 'Orders', type: :request do - include ApiHelper - let(:api_scopes) { ['orders:read'] } - - path '/orders' do - get 'orders' do - tags 'Order' - produces 'application/json' - pagination_param - let(:order) { create(:order) } - - response '200', 'success' do - schema type: :object, properties: { - meta: { '$ref' => '#/components/schemas/Meta' }, - ordes: { - type: :array, - items: { - '$ref': '#/components/schemas/Order' - } - } - } - - run_test! - end - - it_handles_invalid_token_and_scope - end - end - - path '/orders/{id}' do - get 'Order' do - tags 'Order' - produces 'application/json' - id_url_param - - let(:order) { create(:order) } - - response '200', 'success' do - schema type: :object, properties: { - order: { '$ref' => '#/components/schemas/Order' } - } - let(:id) { order.id } - - run_test! do |response| - expect(JSON.parse(response.body)['order']['id']).to eq order.id - end - end - - it_handles_invalid_token_and_scope - it_cannot_find_object 'order not found' - end - end -end diff --git a/spec/requests/api/user/financial_transactions_spec.rb b/spec/requests/api/user/financial_transactions_spec.rb deleted file mode 100644 index 4fb69cd6..00000000 --- a/spec/requests/api/user/financial_transactions_spec.rb +++ /dev/null @@ -1,109 +0,0 @@ -require 'swagger_helper' - -describe 'User', type: :request do - include ApiHelper - - let(:api_scopes) { ['finance:user'] } - let(:user) { create :user, groups: [create(:ordergroup)] } - let(:other_user2) { create :user } - let(:ft) { create(:financial_transaction, user: user, ordergroup: user.ordergroup) } - - before do - ft - end - - path '/user/financial_transactions' do - post 'create new financial transaction (requires enabled self service)' do - tags 'Financial Transaction' - consumes 'application/json' - produces 'application/json' - - parameter name: :financial_transaction, in: :body, schema: { - type: :object, - properties: { - amount: { type: :integer }, - financial_transaction_type: { type: :integer }, - note: { type: :string } - } - } - - let(:financial_transaction) { { amount: 3, financial_transaction_type_id: create(:financial_transaction_type).id, note: 'lirum larum' } } - - response '200', 'success' do - schema type: :object, properties: { - financial_transaction: { '$ref': '#/components/schemas/FinancialTransaction' } - } - run_test! - end - - it_handles_invalid_token_with_id - it_handles_invalid_scope_with_id 'user has no ordergroup, is below minimum balance, self service is disabled, or missing scope' - - response '404', 'financial transaction type not found' do - schema '$ref' => '#/components/schemas/Error404' - let(:financial_transaction) { { amount: 3, financial_transaction_type_id: 'invalid', note: 'lirum larum' } } - run_test! - end - - # TODO: fix controller to actually send a 422 for invalid params? - # Expected response code '200' to match '422' - # Response body: {"financial_transaction":{"id":316,"user_id":599,"user_name":"Lisbeth ","amount":-3.0,"note":"-2","created_at":"2022-12-12T13:05:32.000+01:00","financial_transaction_type_id":346,"financial_transaction_type_name":"aut est iste #9"}} - # - # response '422', 'invalid parameter value' do - # # schema '$ref' => '#/components/schemas/Error422' - # let(:financial_transaction) { { amount: -3, financial_transaction_type_id: create(:financial_transaction_type).id, note: -2 } } - # run_test! - # end - end - - get "financial transactions of the member's ordergroup" do - tags 'User', 'Financial Transaction' - produces 'application/json' - pagination_param - - response '200', 'success' do - schema type: :object, properties: { - meta: { '$ref': '#/components/schemas/Meta' }, - financial_transaction: { - type: :array, - items: { - '$ref': '#/components/schemas/FinancialTransaction' - } - } - } - - run_test! do |response| - data = JSON.parse(response.body) - expect(data['financial_transactions'].first['id']).to eq(ft.id) - end - end - - it_handles_invalid_token_and_scope - end - end - - path '/user/financial_transactions/{id}' do - get 'find financial transaction by id' do - tags 'User', 'Financial Transaction' - produces 'application/json' - id_url_param - - response '200', 'success' do - schema type: :object, properties: { - financial_transaction: { - '$ref': '#/components/schemas/FinancialTransaction' - } - } - let(:id) { ft.id } - run_test! do |response| - data = JSON.parse(response.body) - expect(data['financial_transaction']['id']).to eq(ft.id) - end - end - - it_handles_invalid_token_with_id - it_handles_invalid_scope_with_id 'user has no ordergroup or missing scope' - it_cannot_find_object 'financial transaction not found' - end - end -end diff --git a/spec/requests/api/user/group_order_articles_spec.rb b/spec/requests/api/user/group_order_articles_spec.rb deleted file mode 100644 index 205a4070..00000000 --- a/spec/requests/api/user/group_order_articles_spec.rb +++ /dev/null @@ -1,192 +0,0 @@ -require 'swagger_helper' - -describe 'User', type: :request do - include ApiHelper - - let(:api_scopes) { ['group_orders:user'] } - let(:user) { create :user, groups: [create(:ordergroup)] } - let(:other_user2) { create :user } - let(:order) { create(:order, article_count: 4) } - let(:order_articles) { order.order_articles } - let(:group_order) { create :group_order, ordergroup: user.ordergroup, order_id: order.id } - let(:goa) { create :group_order_article, group_order: group_order, order_article: order_articles.first } - - before do - goa - end - - path '/user/group_order_articles' do - get 'group order articles' do - tags 'User', 'Order' - produces 'application/json' - pagination_param - q_ordered_url_param - - response '200', 'success' do - schema type: :object, properties: { - meta: { '$ref': '#/components/schemas/Meta' }, - group_order_article: { - type: :array, - items: { - '$ref': '#/components/schemas/GroupOrderArticle' - } - } - } - - run_test! do |response| - data = JSON.parse(response.body) - expect(data['group_order_articles'].first['id']).to eq(goa.id) - end - end - - it_handles_invalid_token - it_handles_invalid_scope 'user has no ordergroup or missing scope' - end - - post 'create new group order article' do - tags 'User', 'Order' - consumes 'application/json' - produces 'application/json' - parameter name: :group_order_article, in: :body, - description: 'group order article to create', - required: true, - schema: { '$ref': '#/components/schemas/GroupOrderArticleForCreate' } - - let(:group_order_article) { { order_article_id: order_articles.last.id, quantity: 1, tolerance: 2 } } - response '200', 'success' do - schema type: :object, properties: { - group_order_article: { - '$ref': '#/components/schemas/GroupOrderArticle' - }, - order_article: { - '$ref': '#/components/schemas/OrderArticle' - } - } - run_test! - end - - it_handles_invalid_token_with_id - it_handles_invalid_scope_with_id 'user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope' - - response '404', 'order article not found in open orders' do - let(:group_order_article) { { order_article_id: 'invalid', quantity: 1, tolerance: 2 } } - schema '$ref' => '#/components/schemas/Error404' - run_test! - end - - response '422', 'invalid parameter value or group order article already exists' do - let(:group_order_article) { { order_article_id: goa.order_article_id, quantity: 1, tolerance: 2 } } - schema '$ref' => '#/components/schemas/Error422' - run_test! - end - end - end - - path '/user/group_order_articles/{id}' do - get 'find group order article by id' do - tags 'User', 'Order' - produces 'application/json' - id_url_param - - response '200', 'success' do - schema type: :object, properties: { - group_order_article: { - '$ref': '#/components/schemas/GroupOrderArticle' - }, - order_article: { - '$ref': '#/components/schemas/OrderArticle' - } - } - - let(:id) { goa.id } - run_test! do |response| - data = JSON.parse(response.body) - expect(data['group_order_article']['id']).to eq(goa.id) - end - end - - it_handles_invalid_scope_with_id - it_handles_invalid_token_with_id - it_cannot_find_object 'group order article not found' - end - - patch 'update a group order article (but delete if quantity and tolerance are zero)' do - tags 'User', 'Order' - consumes 'application/json' - produces 'application/json' - id_url_param - parameter name: :group_order_article, in: :body, - description: 'group order article update', - required: true, - schema: { '$ref': '#/components/schemas/GroupOrderArticleForUpdate' } - - let(:id) { goa.id } - let(:group_order_article) { { order_article_id: goa.order_article_id, quantity: 2, tolerance: 2 } } - - response '200', 'success' do - schema type: :object, properties: { - group_order_article: { - '$ref': '#/components/schemas/GroupOrderArticle' - } - } - run_test! - end - - response 401, 'not logged-in' do - schema '$ref' => '#/components/schemas/Error401' - let(:Authorization) { 'abc' } - run_test! - end - - response 403, 'user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope' do - let(:api_scopes) { ['none'] } - schema '$ref' => '#/components/schemas/Error403' - run_test! - end - - response '404', 'order article not found in open orders' do - schema type: :object, properties: { - group_order_article: { - '$ref': '#/components/schemas/GroupOrderArticle' - } - } - let(:id) { 'invalid' } - run_test! - end - - response '422', 'invalid parameter value' do - let(:group_order_article) { { order_article_id: 'invalid', quantity: -5, tolerance: 'invalid' } } - schema '$ref' => '#/components/schemas/Error422' - run_test! - end - end - - delete 'remove group order article' do - tags 'User', 'Order' - consumes 'application/json' - produces 'application/json' - id_url_param - let(:api_scopes) { ['group_orders:user'] } - - response '200', 'success' do - schema type: :object, properties: { - group_order_article: { - '$ref': '#/components/schemas/GroupOrderArticle' - } - } - let(:id) { goa.id } - run_test! - end - - it_handles_invalid_token_with_id - - response 403, 'user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope' do - let(:api_scopes) { ['none'] } - schema '$ref' => '#/components/schemas/Error403' - run_test! - end - - it_cannot_find_object 'order article not found in open orders' - end - end -end diff --git a/spec/requests/api/user/users_spec.rb b/spec/requests/api/user/users_spec.rb deleted file mode 100644 index 0d3196bc..00000000 --- a/spec/requests/api/user/users_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -require 'swagger_helper' - -describe 'User', type: :request do - include ApiHelper - - path '/user' do - get 'info about the currently logged-in user' do - tags 'User' - produces 'application/json' - let(:api_scopes) { ['user:read'] } - let(:other_user1) { create :user } - let(:user) { create :user } - let(:other_user2) { create :user } - - response '200', 'success' do - schema type: :object, - properties: { - user: { - type: :object, - properties: { - id: { - type: :integer - }, - name: { - type: :string, - description: 'full name' - }, - email: { - type: :string, - description: 'email address' - }, - locale: { - type: :string, - description: 'language code' - } - }, - required: %w[id name email] - } - } - - run_test! do |response| - data = JSON.parse(response.body) - expect(data['user']['id']).to eq(user.id) - end - end - - it_handles_invalid_token_and_scope - end - end - - path '/user/financial_overview' do - get 'financial summary about the currently logged-in user' do - tags 'User', 'Financial Transaction' - produces 'application/json' - let(:user) { create :user, :ordergroup } - let(:api_scopes) { ['finance:user'] } - FinancialTransactionClass.create(name: 'TestTransaction') - - response 200, 'success' do - schema type: :object, - properties: { - financial_overview: { - type: :object, - properties: { - - account_balance: { - type: :number, - description: 'booked accout balance of ordergroup' - }, - available_funds: { - type: :number, - description: 'fund available to order articles' - }, - financial_transaction_class_sums: { - type: :array, - properties: { - id: { - type: :integer, - description: 'id of the financial transaction class' - }, - name: { - type: :string, - description: 'name of the financial transaction class' - }, - amount: { - type: :number, - description: 'sum of the amounts belonging to the financial transaction class' - } - }, - required: %w[id name amount] - } - }, - required: %w[account_balance available_funds financial_transaction_class_sums] - } - } - - run_test! - end - - it_handles_invalid_token_and_scope - end - end -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 41894406..88dea423 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -21,10 +21,6 @@ Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f } RSpec.configure do |config| # We use capybara with webkit, and need database_cleaner - config.before(:suite) do - DatabaseCleaner.clean_with(:truncation) - end - config.before(:each) do DatabaseCleaner.strategy = (RSpec.current_example.metadata[:js] ? :truncation : :transaction) DatabaseCleaner.start @@ -55,8 +51,8 @@ RSpec.configure do |config| # --seed 1234 config.order = "random" - config.include SpecTestHelper, type: :controller config.include SessionHelper, type: :feature + # Automatically determine spec from directory structure, see: # https://www.relishapp.com/rspec/rspec-rails/v/3-0/docs/directory-structure config.infer_spec_type_from_file_location! diff --git a/spec/support/api_helper.rb b/spec/support/api_helper.rb index 86e2ca07..ee0225f5 100644 --- a/spec/support/api_helper.rb +++ b/spec/support/api_helper.rb @@ -5,60 +5,21 @@ module ApiHelper let(:user) { create(:user) } let(:api_scopes) { [] } # empty scopes for stricter testing (in reality this would be default_scopes) let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token } - let(:Authorization) { "Bearer #{api_access_token}" } + let(:api_authorization) { "Bearer #{api_access_token}" } - def self.it_handles_invalid_token + def self.it_handles_invalid_token(method, path, params_block = -> { api_auth }) context 'with invalid access token' do - let(:Authorization) { 'abc' } + let(:api_access_token) { 'abc' } - response 401, 'not logged-in' do - schema '$ref' => '#/components/schemas/Error401' - run_test! - end + it { is_expected.to validate(method, path, 401, instance_exec(¶ms_block)) } end end - def self.it_handles_invalid_token_with_id - context 'with invalid access token' do - let(:Authorization) { 'abc' } - let(:id) { 42 } # id doesn't matter here - - response 401, 'not logged-in' do - schema '$ref' => '#/components/schemas/Error401' - run_test! - end - end - end - - def self.it_handles_invalid_scope(description = 'missing scope') + def self.it_handles_invalid_scope(method, path, params_block = -> { api_auth }) context 'with invalid scope' do let(:api_scopes) { ['none'] } - response 403, description do - schema '$ref' => '#/components/schemas/Error403' - run_test! - end - end - end - - def self.it_handles_invalid_scope_with_id(description = 'missing scope') - context 'with invalid scope' do - let(:api_scopes) { ['none'] } - let(:id) { 42 } # id doesn't matter here - - response 403, description do - schema '$ref' => '#/components/schemas/Error403' - run_test! - end - end - end - - def self.it_cannot_find_object(description = 'not found') - let(:id) { 'invalid' } - - response 404, description do - schema '$ref' => '#/components/schemas/Error404' - run_test! + it { is_expected.to validate(method, path, 403, instance_exec(¶ms_block)) } end end @@ -66,25 +27,13 @@ module ApiHelper it_handles_invalid_token(*args) it_handles_invalid_scope(*args) end + end - def self.id_url_param - parameter name: :id, in: :path, type: :integer, required: true - end - - def self.pagination_param - parameter name: :per_page, in: :query, type: :integer, required: false - parameter name: :page, in: :query, type: :integer, required: false - end - - def self.q_ordered_url_param - parameter name: :q, in: :query, required: false, - description: "'member' show articles ordered by the user's ordergroup, 'all' by all members, and 'supplier' ordered at the supplier", - schema: { - type: :object, - properties: { - ordered: { '$ref' => '#/components/schemas/q_ordered' } - } - } - end + # Add authentication to parameters for {Swagger::RspecHelpers#validate} + # @param params [Hash] Query parameters + # @return Query parameters with authentication header + # @see Swagger::RspecHelpers#validate + def api_auth(params = {}) + { '_headers' => { 'Authorization' => api_authorization } }.deep_merge(params) end end diff --git a/spec/support/spec_test_helper.rb b/spec/support/spec_test_helper.rb deleted file mode 100644 index 58a1c0ef..00000000 --- a/spec/support/spec_test_helper.rb +++ /dev/null @@ -1,28 +0,0 @@ -# frozen_string_literal: true - -module SpecTestHelper - def login(user) - user = User.where(:nick => user.nick).first if user.is_a?(Symbol) - session[:user_id] = user.id - session[:scope] = FoodsoftConfig[:default_scope] # Save scope in session to not allow switching between foodcoops with one account - session[:locale] = user.locale - end - - def current_user - User.find(session[:user_id]) - end - - def get_with_defaults(action, params: {}, xhr: false, format: nil) - params['foodcoop'] = FoodsoftConfig[:default_scope] - get action, params: params, xhr: xhr, format: format - end - - def post_with_defaults(action, params: {}, xhr: false, format: nil) - params['foodcoop'] = FoodsoftConfig[:default_scope] - post action, params: params, xhr: xhr, format: format - end -end - -RSpec.configure do |config| - config.include SpecTestHelper, :type => :controller -end diff --git a/spec/swagger_helper.rb b/spec/swagger_helper.rb deleted file mode 100644 index 912504b8..00000000 --- a/spec/swagger_helper.rb +++ /dev/null @@ -1,513 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.configure do |config| - # Specify a root folder where Swagger JSON files are generated - # NOTE: If you're using the rswag-api to serve API descriptions, you'll need - # to ensure that it's configured to serve Swagger from the same folder - config.swagger_root = Rails.root.join('swagger').to_s - - # Define one or more Swagger documents and provide global metadata for each one - # When you run the 'rswag:specs:swaggerize' rake task, the complete Swagger will - # be generated at the provided relative path under swagger_root - # By default, the operations defined in spec files are added to the first - # document below. You can override this behavior by adding a swagger_doc tag to the - # the root example_group in your specs, e.g. describe '...', swagger_doc: 'v2/swagger.json' - config.swagger_docs = { - 'v1/swagger.yaml' => { - openapi: '3.0.3', - info: { - title: 'API V1', - version: 'v1' - }, - paths: {}, - components: { - schemas: { - pagination: { - type: :object, - properties: { - recordCount: { type: :integer }, - pageCount: { type: :integer }, - currentPage: { type: :integer }, - pageSize: { type: :integer } - }, - required: %w(recordCount pageCount currentPage pageSize) - }, - Order: { - type: :object, - properties: { - id: { - type: :integer - }, - name: { - type: :string, - description: "name of the order's supplier (or stock)" - }, - starts: { - type: :string, - format: 'date-time', - description: 'when the order was opened' - }, - ends: { - type: :string, - nullable: true, - format: 'date-time', - description: 'when the order will close or was closed' - }, - boxfill: { - type: :string, - nullable: true, - format: 'date-time', - description: 'when the order will enter or entered the boxfill phase' - }, - pickup: { - type: :string, - nullable: true, - format: :date, - description: 'pickup date' - }, - is_open: { - type: :boolean, - description: 'if the order is currently open or not' - }, - is_boxfill: { - type: :boolean, - description: 'if the order is currently in the boxfill phase or not' - } - } - }, - Article: { - type: :object, - properties: { - id: { - type: :integer - }, - name: { - type: :string - }, - supplier_id: { - type: :integer, - description: 'id of supplier, or 0 for stock articles' - }, - supplier_name: { - type: :string, - nullable: true, - description: 'name of the supplier, or null for stock articles' - }, - unit: { - type: :string, - description: 'amount of each unit, e.g. "100 g" or "kg"' - }, - unit_quantity: { - type: :integer, - description: 'units can only be ordered from the supplier in multiples of unit_quantity' - }, - note: { - type: :string, - nullable: true, - description: 'generic note' - }, - manufacturer: { - type: :string, - nullable: true, - description: 'manufacturer' - }, - origin: { - type: :string, - nullable: true, - description: 'origin, preferably (starting with a) 2-letter ISO country code' - }, - article_category_id: { - type: :integer, - description: 'id of article category' - }, - quantity_available: { - type: :integer, - description: 'number of units available (only present on stock articles)' - } - }, - required: %w[id name supplier_id supplier_name unit unit_quantity note manufacturer origin article_category_id] - }, - OrderArticle: { - type: :object, - properties: { - id: { - type: :integer - }, - order_id: { - type: :integer, - description: 'id of order this order article belongs to' - }, - price: { - type: :number, - format: :float, - description: 'foodcoop price' - }, - quantity: { - type: :integer, - description: 'number of units ordered by members' - }, - tolerance: { - type: :integer, - description: 'number of extra units that members are willing to buy to fill a box' - }, - units_to_order: { - type: :integer, - description: 'number of units to order from the supplier' - }, - article: { - '$ref': '#/components/schemas/Article' - } - } - }, - ArticleCategory: { - type: :object, - properties: { - id: { - type: :integer - }, - name: { - type: :string - } - }, - required: %w[id name] - }, - FinancialTransaction: { - allOf: [ - { '$ref': '#/components/schemas/FinancialTransactionForCreate' }, - { - type: :object, - properties: { - id: { - type: :integer - }, - amount: { - type: :number, - format: :float, - description: 'amount credited (negative for a debit transaction)' - }, - financial_transaction_type_id: { - type: :integer, - description: 'id of the type of the transaction' - }, - note: { - type: :string, - description: 'note entered with the transaction' - }, - user_id: { - type: :integer, - nullable: true, - description: 'id of user who entered the transaction (may be null for deleted users or 0 for a system user)' - }, - user_name: { - type: :string, - nullable: true, - description: 'name of user who entered the transaction (may be null or empty string for deleted users or system users)' - }, - financial_transaction_type_name: { - type: :string, - description: 'name of the type of the transaction' - }, - created_at: { - type: :string, - format: 'date-time', - description: 'when the transaction was entered' - } - }, - required: %w[id user_id user_name financial_transaction_type_name created_at] - } - ] - }, - FinancialTransactionForCreate: { - type: :object, - properties: { - amount: { - type: :number, - format: :float, - description: 'amount credited (negative for a debit transaction)' - }, - financial_transaction_type_id: - { - type: :integer, - description: 'id of the type of the transaction' - }, - note: { - type: :string, - description: 'note entered with the transaction' - } - }, - required: %w[amount note user_id] - }, - FinancialTransactionClass: { - type: :object, - properties: { - id: { - type: :integer - }, - name: { - type: :string - } - }, - required: %w[id name] - }, - FinancialTransactionType: { - type: :object, - properties: { - id: { - type: :integer - }, - name: { - type: :string - }, - name_short: { - type: :string, - nullable: true, - description: 'short name (used for bank transfers)' - }, - bank_account_id: { - type: :integer, - nullable: true, - description: 'id of the bank account used for this transaction type' - }, - bank_account_name: { - type: :string, - nullable: true, - description: 'name of the bank account used for this transaction type' - }, - bank_account_iban: { - type: :string, - nullable: true, - description: 'IBAN of the bank account used for this transaction type' - }, - financial_transaction_class_id: { - type: :integer, - description: 'id of the class of the transaction' - }, - financial_transaction_class_name: { - type: :string, - description: 'name of the class of the transaction' - } - }, - required: %w[id name financial_transaction_class_id financial_transaction_class_name] - }, - GroupOrderArticleForUpdate: { - type: :object, - properties: { - quantity: - { - type: :integer, - description: 'number of units ordered by the users ordergroup' - }, - tolerance: - { - type: :integer, - description: 'number of extra units the users ordergroup is willing to buy for filling a box' - } - } - }, - GroupOrderArticleForCreate: { - allOf: [ - { '$ref': '#/components/schemas/GroupOrderArticleForUpdate' }, - { - type: :object, - properties: { - order_article_id: - { - type: :integer, - description: 'id of order article' - } - } - } - ] - }, - GroupOrderArticle: { - allOf: [ - { '$ref': '#/components/schemas/GroupOrderArticleForCreate' }, - { - type: :object, - properties: { - id: { - type: :integer - }, - result: { - type: :number, - format: :float, - description: 'number of units the users ordergroup will receive or has received' - }, - total_price: - { - type: :number, - format: :float, - description: 'total price of this group order article' - }, - order_article_id: - { - type: :integer, - description: 'id of order article' - } - }, - required: %w[order_article_id] - } - ] - }, - q_ordered: { - type: :object, - properties: { - ordered: { - type: :string, - enum: %w[member all supplier] - } - } - }, - Meta: { - type: :object, - properties: { - page: { - type: :integer, - description: 'page number of the returned collection' - }, - per_page: { - type: :integer, - description: 'number of items per page' - }, - total_pages: { - type: :integer, - description: 'total number of pages' - }, - total_count: { - type: :integer, - description: 'total number of items in the collection' - } - }, - required: %w[page per_page total_pages total_count] - }, - Navigation: { - type: :array, - items: { - type: :object, - properties: { - name: { - type: :string, - description: 'title' - }, - url: { - type: :string, - description: 'link' - }, - items: { - '$ref': "#/components/schemas/Navigation" - } - }, - required: ['name'], - minProperties: 2 # name+url or name+items - } - }, - Error: { - type: :object, - properties: { - error: { - type: :string, - description: 'error code' - }, - error_description: { - type: :string, - description: 'human-readable error message (localized)' - } - } - }, - Error401: { - type: :object, - properties: { - error: { - type: :string, - description: 'unauthorized' - }, - error_description: { - '$ref': '#/components/schemas/Error/properties/error_description' - } - } - }, - Error403: { - type: :object, - properties: { - error: { - type: :string, - description: 'forbidden or invalid_scope' - }, - error_description: { - '$ref': '#/components/schemas/Error/properties/error_description' - } - } - }, - Error404: { - type: :object, - properties: { - error: { - type: :string, - description: 'not_found' - }, - error_description: { - '$ref': '#/components/schemas/Error/properties/error_description' - } - } - }, - Error422: { - type: :object, - properties: { - error: { - type: :string, - description: 'unprocessable entity' - }, - error_description: { - '$ref': '#/components/schemas/Error/properties/error_description' - } - } - } - }, - securitySchemes: { - oauth2: { - type: :oauth2, - flows: { - implicit: { - authorizationUrl: 'http://localhost:3000/f/oauth/authorize', - scopes: { - 'config:user': 'reading Foodsoft configuration for regular users', - 'config:read': 'reading Foodsoft configuration values', - 'config:write': 'reading and updating Foodsoft configuration values', - 'finance:user': 'accessing your own financial transactions', - 'finance:read': 'reading all financial transactions', - 'finance:write': 'reading and creating financial transactions', - 'user:read': 'reading your own user profile', - 'user:write': 'reading and updating your own user profile', - offline_access: 'retain access after user has logged out' - } - } - } - } - } - }, - servers: [ - { - url: 'http://{defaultHost}/f/api/v1', - variables: { - defaultHost: { - default: 'localhost:3000' - } - } - } - ], - security: [ - oauth2: [ - 'user:read' - ] - ] - } - } - - # Specify the format of the output Swagger file when running 'rswag:specs:swaggerize'. - # The swagger_docs configuration option has the filename including format in - # the key, this may want to be changed to avoid putting yaml in json files. - # Defaults to json. Accepts ':json' and ':yaml'. - config.swagger_format = :yaml -end diff --git a/vendor/javascript/.keep b/vendor/javascript/.keep deleted file mode 100644 index e69de29b..00000000