diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index b7e21eab..1d3cd010 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -266,7 +266,7 @@ Metrics/AbcSize: # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods, inherit_mode. # AllowedMethods: refine Metrics/BlockLength: - Max: 210 + Max: 212 # Offense count: 6 # Configuration parameters: CountBlocks. @@ -451,6 +451,24 @@ RSpec/DescribedClass: - "spec/models/ordergroup_spec.rb" - "spec/models/user_spec.rb" +# Offense count: 15 +# This cop supports unsafe autocorrection (--autocorrect-all). +RSpec/EmptyExampleGroup: + Exclude: + - 'spec/requests/api/article_categories_spec.rb' + - 'spec/requests/api/configs_spec.rb' + - 'spec/requests/api/financial_transaction_classes_spec.rb' + - 'spec/requests/api/financial_transaction_types_spec.rb' + - 'spec/requests/api/financial_transactions_spec.rb' + - 'spec/requests/api/navigations_spec.rb' + - 'spec/requests/api/order_articles_spec.rb' + - 'spec/requests/api/orders_spec.rb' + - 'spec/requests/api/user/financial_transactions_spec.rb' + - 'spec/requests/api/user/group_order_articles_spec.rb' + - 'spec/requests/api/user/users_spec.rb' + + + # Offense count: 65 # Configuration parameters: CountAsOne. RSpec/ExampleLength: @@ -581,6 +599,14 @@ RSpec/ScatteredSetup: - "spec/integration/balancing_spec.rb" - "spec/integration/login_spec.rb" +# Offense count: 4 +# Configuration parameters: AllowedPatterns, IgnoredPatterns. +# SupportedStyles: snake_case, camelCase +RSpec/VariableName: + EnforcedStyle: snake_case + AllowedPatterns: + - ^Authorization$ + # Offense count: 1 # Configuration parameters: IgnoreNameless, IgnoreSymbolicNames. RSpec/VerifiedDoubles: diff --git a/.ruby-version b/.ruby-version index d48d3702..37c2961c 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.6.9 +2.7.2 diff --git a/Dockerfile b/Dockerfile index c999b3d4..95479ce2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.6 +FROM ruby:2.7 RUN supercronicUrl=https://github.com/aptible/supercronic/releases/download/v0.1.3/supercronic-linux-amd64 && \ supercronicBin=/usr/local/bin/supercronic && \ @@ -15,13 +15,16 @@ ENV PORT=3000 \ WORKDIR /usr/src/app -COPY . ./ +COPY Gemfile Gemfile.lock ./ +COPY plugins/ ./plugins +COPY config/ ./config # install dependencies and generate crontab RUN buildDeps='libmagic-dev' && \ apt-get update && \ apt-get install --no-install-recommends -y $buildDeps && \ echo 'gem: --no-document' >> ~/.gemrc && \ + gem install bundler && \ bundle config build.nokogiri "--use-system-libraries" && \ bundle install --deployment --without development test -j 4 && \ apt-get purge -y --auto-remove $buildDeps && \ @@ -29,6 +32,8 @@ RUN buildDeps='libmagic-dev' && \ \ bundle exec whenever >crontab +COPY . ./ + # compile assets with temporary mysql server RUN export DATABASE_URL=mysql2://localhost/temp?encoding=utf8 && \ export SECRET_KEY_BASE=thisisnotimportantnow && \ diff --git a/Dockerfile-dev b/Dockerfile-dev index ca7865a5..37dce5f6 100644 --- a/Dockerfile-dev +++ b/Dockerfile-dev @@ -1,4 +1,4 @@ -FROM ruby:2.6 +FROM ruby:2.7 # Install dependencies RUN deps='libmagic-dev chromium nodejs' && \ @@ -19,6 +19,7 @@ ENV PORT=3000 \ WORKDIR /app +RUN gem install bundler RUN bundle config build.nokogiri "--use-system-libraries" EXPOSE 3000 diff --git a/Gemfile b/Gemfile index a6e27fae..e1ed43a7 100644 --- a/Gemfile +++ b/Gemfile @@ -1,11 +1,12 @@ # A sample Gemfile source "https://rubygems.org" -gem "rails", '~> 5.2' +gem "rails", '~> 7.0' +gem 'mail', '~> 2.7.1' # bug with mail 2.8.0 https://github.com/mikel/mail/issues/1489 -gem 'sass-rails' + +gem 'sassc-rails' gem 'less-rails' -gem 'uglifier', '>= 1.0.3' # See https://github.com/sstephenson/execjs#readme for more supported runtimes gem 'therubyracer', platforms: :ruby @@ -22,7 +23,7 @@ gem 'bootsnap', require: false gem 'mysql2' gem 'prawn' gem 'prawn-table' -gem 'haml' +gem 'haml', '~> 5.0' gem 'haml-rails' gem 'kaminari' gem 'simple_form' @@ -46,7 +47,8 @@ gem 'whenever', require: false # For defining cronjobs, see config/schedule.rb gem 'ruby-units' gem 'attribute_normalizer' gem 'ice_cube' -gem 'recurring_select' +# At time of development 01-06-2022 mmddyyyy necessary fix for config_helper.rb form builder was not in rubygems so we pull from github, see: https://github.com/gregschmit/recurring_select/pull/152 +gem 'recurring_select', git: 'https://github.com/gregschmit/recurring_select' gem 'roo' gem 'roo-xls' gem 'spreadsheet' @@ -55,6 +57,8 @@ gem 'gaffe' gem 'ruby-filemagic' gem 'mime-types' gem 'midi-smtp-server' +gem 'rswag-api' +gem 'rswag-ui' # we use the git version of acts_as_versioned, and need to include it in this Gemfile gem 'acts_as_versioned', git: 'https://github.com/technoweenie/acts_as_versioned.git' @@ -81,7 +85,8 @@ group :development do gem 'binding_of_caller' # gem "rails-i18n-debug" # chrome debugging extension https://github.com/dejan/rails_panel - gem 'meta_request' + # TODO: disabled due to https://github.com/rails/rails/issues/40781 + # gem 'meta_request' # Get infos when not using proper eager loading gem 'bullet' @@ -112,10 +117,15 @@ group :test do gem 'rspec-core' gem 'rspec-rerun' gem 'i18n-spec' + gem 'rails-controller-testing' # code coverage gem 'simplecov', require: false gem 'simplecov-lcov', require: false # api - gem 'apivore', require: false + gem 'rswag-specs' gem 'hashie', '~> 3.4.6', require: false # https://github.com/westfieldlabs/apivore/issues/114 end + +gem "importmap-rails", "~> 1.1" + +gem "terser", "~> 1.1" diff --git a/Gemfile.lock b/Gemfile.lock index c53687fb..a07ffe93 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,14 @@ +GIT + remote: https://github.com/gregschmit/recurring_select + revision: 29febc4c4abdd6c30636c33a7d2daecb09973ecf + specs: + recurring_select (3.0.0) + coffee-rails (>= 3.1) + ice_cube (>= 0.11) + jquery-rails (>= 3.0) + rails (>= 5.2) + sass-rails (>= 4.0) + GIT remote: https://github.com/technoweenie/acts_as_versioned.git revision: 63b1fc8529d028fae632fe80ec0cb25df56cd76b @@ -59,67 +70,83 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.8.1) - actionpack (= 5.2.8.1) + actioncable (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.8.1) - actionpack (= 5.2.8.1) - actionview (= 5.2.8.1) - activejob (= 5.2.8.1) + actionmailbox (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) + mail (>= 2.7.1) + net-imap + net-pop + net-smtp + actionmailer (7.0.4) + actionpack (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activesupport (= 7.0.4) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (5.2.8.1) - actionview (= 5.2.8.1) - activesupport (= 5.2.8.1) - rack (~> 2.0, >= 2.0.8) + actionpack (7.0.4) + actionview (= 7.0.4) + activesupport (= 7.0.4) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.8.1) - activesupport (= 5.2.8.1) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (7.0.4) + actionpack (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) + globalid (>= 0.6.0) + nokogiri (>= 1.8.5) + actionview (7.0.4) + activesupport (= 7.0.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) + rails-html-sanitizer (~> 1.1, >= 1.2.0) active_model_serializers (0.10.13) actionpack (>= 4.1, < 7.1) activemodel (>= 4.1, < 7.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (5.2.8.1) - activesupport (= 5.2.8.1) + activejob (7.0.4) + activesupport (= 7.0.4) globalid (>= 0.3.6) - activemodel (5.2.8.1) - activesupport (= 5.2.8.1) - activerecord (5.2.8.1) - activemodel (= 5.2.8.1) - activesupport (= 5.2.8.1) - arel (>= 9.0) - activestorage (5.2.8.1) - actionpack (= 5.2.8.1) - activerecord (= 5.2.8.1) - marcel (~> 1.0.0) - activesupport (5.2.8.1) + activemodel (7.0.4) + activesupport (= 7.0.4) + activerecord (7.0.4) + activemodel (= 7.0.4) + activesupport (= 7.0.4) + activestorage (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activesupport (= 7.0.4) + marcel (~> 1.0) + mini_mime (>= 1.1.0) + activesupport (7.0.4) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) acts_as_tree (2.9.1) activerecord (>= 3.0.0) addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) - apivore (1.6.2) - actionpack (>= 4, < 6) - hashie (~> 3.3) - json-schema (~> 2.5) - rspec (~> 3) - rspec-expectations (~> 3.1) - rspec-mocks (~> 3.1) apparition (0.6.0) capybara (~> 3.13, < 4) websocket-driver (>= 0.6.5) - arel (9.0.0) ast (2.4.2) attribute_normalizer (1.2.0) base32 (0.3.4) @@ -130,15 +157,15 @@ GEM bindex (0.8.1) binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) - bootsnap (1.13.0) + bootsnap (1.15.0) msgpack (~> 1.2) bootstrap-datepicker-rails (1.9.0.1) railties (>= 3.0) builder (3.2.4) - bullet (7.0.3) + bullet (7.0.7) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) - capybara (3.36.0) + capybara (3.38.0) addressable matrix mini_mime (>= 0.1.3) @@ -170,6 +197,7 @@ GEM activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) + date (3.3.3) date_time_attribute (0.1.2) activesupport (>= 3.0.0) debug_inspector (1.1.0) @@ -182,13 +210,13 @@ GEM diff-lcs (1.5.0) diffy (3.4.2) docile (1.4.0) - doorkeeper (5.6.0) + doorkeeper (5.6.2) railties (>= 5) - doorkeeper-i18n (5.2.5) + doorkeeper-i18n (5.2.6) doorkeeper (>= 5.2) email_reply_trimmer (0.1.13) - erubi (1.11.0) - eventmachine (1.2.7) + erubi (1.12.0) + eventmachine (1.0.9.1) exception_notification (4.5.0) actionmailer (>= 5.2, < 8) activesupport (>= 5.2, < 8) @@ -199,16 +227,15 @@ GEM factory_bot_rails (6.2.0) factory_bot (~> 6.2.0) railties (>= 5.0.0) - faker (2.22.0) + faker (3.1.0) i18n (>= 1.8.11, < 2) ffi (1.15.5) gaffe (1.2.0) rails (>= 4.0.0) globalid (1.0.0) activesupport (>= 5.0) - haml (6.0.5) - temple (>= 0.8.2) - thor + haml (5.2.2) + temple (>= 0.8.0) tilt haml-rails (2.1.0) actionpack (>= 5.1) @@ -227,6 +254,9 @@ GEM i18n-spec (0.6.0) iso ice_cube (0.16.4) + importmap-rails (1.1.5) + actionpack (>= 6.0.0) + railties (>= 6.0.0) inherited_resources (1.13.1) actionpack (>= 5.2, < 7.1) has_scope (~> 0.6) @@ -235,13 +265,13 @@ GEM interception (0.5) iso (0.4.0) i18n - jquery-rails (4.5.0) + jquery-rails (4.5.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (2.6.2) - json-schema (2.8.1) - addressable (>= 2.4) + json (2.6.3) + json-schema (3.0.0) + addressable (>= 2.8) jsonapi-renderer (0.2.2) kaminari (1.2.2) activesupport (>= 4.1.0) @@ -261,7 +291,7 @@ GEM actionpack (>= 5.0) less (~> 2.6.0) sprockets (~> 3.0) - libv8 (3.16.14.19) + libv8 (3.16.14.19-x86_64-linux) listen (3.7.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) @@ -282,29 +312,33 @@ GEM thin marcel (1.0.2) matrix (0.4.2) - meta_request (0.7.3) - rack-contrib (>= 1.1, < 3) - railties (>= 3.0.0, < 7) method_source (1.0.0) midi-smtp-server (3.0.3) mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2022.0105) mini_mime (1.1.2) - mini_portile2 (2.8.0) - minitest (5.16.3) + minitest (5.17.0) mono_logger (1.1.1) msgpack (1.6.0) multi_json (1.15.0) mustermann (3.0.0) ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) + net-imap (0.3.4) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout + net-smtp (0.3.3) + net-protocol nio4r (2.5.8) - nokogiri (1.13.10) - mini_portile2 (~> 2.8.0) + nokogiri (1.13.10-x86_64-linux) racc (~> 1.4) parallel (1.22.1) - parser (3.1.2.1) + parser (3.2.0.0) ast (~> 2.4.1) pdf-core (0.9.0) polyglot (0.3.5) @@ -322,75 +356,73 @@ GEM pry-stack_explorer (0.6.1) binding_of_caller (~> 1.0) pry (~> 0.13) - public_suffix (5.0.0) - puma (5.6.5) + public_suffix (5.0.1) + puma (6.0.2) nio4r (~> 2.0) - racc (1.6.1) - rack (2.2.4) - rack-contrib (2.3.0) - rack (~> 2.0) + racc (1.6.2) + rack (2.2.5) rack-cors (1.1.1) rack (>= 2.0.0) - rack-protection (3.0.4) + rack-protection (3.0.5) rack rack-test (2.0.2) rack (>= 1.3) - rails (5.2.8.1) - actioncable (= 5.2.8.1) - actionmailer (= 5.2.8.1) - actionpack (= 5.2.8.1) - actionview (= 5.2.8.1) - activejob (= 5.2.8.1) - activemodel (= 5.2.8.1) - activerecord (= 5.2.8.1) - activestorage (= 5.2.8.1) - activesupport (= 5.2.8.1) - bundler (>= 1.3.0) - railties (= 5.2.8.1) - sprockets-rails (>= 2.0.0) + rails (7.0.4) + actioncable (= 7.0.4) + actionmailbox (= 7.0.4) + actionmailer (= 7.0.4) + actionpack (= 7.0.4) + actiontext (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activemodel (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) + bundler (>= 1.15.0) + railties (= 7.0.4) rails-assets-listjs (0.2.0.beta.4) railties (>= 3.1) + rails-controller-testing (1.0.5) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.4) loofah (~> 2.19, >= 2.19.1) - rails-i18n (5.1.3) + rails-i18n (7.0.6) i18n (>= 0.7, < 2) - railties (>= 5.0, < 6) + railties (>= 6.0.0, < 8) rails-settings-cached (0.4.3) rails (>= 4.2.0) rails_tokeninput (1.7.0) railties (>= 3.1.0) - railties (5.2.8.1) - actionpack (= 5.2.8.1) - activesupport (= 5.2.8.1) + railties (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) method_source - rake (>= 0.8.7) - thor (>= 0.19.0, < 2.0) + rake (>= 12.2) + thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.0.6) - ransack (2.5.0) - activerecord (>= 5.2.4) - activesupport (>= 5.2.4) + ransack (3.2.1) + activerecord (>= 6.1.5) + activesupport (>= 6.1.5) i18n rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - recurring_select (3.0.0) - coffee-rails (>= 3.1) - ice_cube (>= 0.11) - jquery-rails (>= 3.0) - rails (>= 5.2) - sass-rails (>= 4.0) redis (5.0.5) redis-client (>= 0.9.0) - redis-client (0.9.0) + redis-client (0.11.2) connection_pool - redis-namespace (1.9.0) + redis-namespace (1.10.0) redis (>= 4) ref (2.0.0) - regexp_parser (2.6.0) + regexp_parser (2.6.1) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) @@ -400,57 +432,67 @@ GEM redis-namespace (~> 1.6) sinatra (>= 0.9.2) rexml (3.2.5) - roo (2.8.3) + roo (2.9.0) nokogiri (~> 1) rubyzip (>= 1.3.0, < 3.0.0) roo-xls (1.2.0) nokogiri roo (>= 2.0.0, < 3) spreadsheet (> 0.9.0) - rspec (3.11.0) - rspec-core (~> 3.11.0) - rspec-expectations (~> 3.11.0) - rspec-mocks (~> 3.11.0) - rspec-core (3.11.0) - rspec-support (~> 3.11.0) - rspec-expectations (3.11.1) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.0) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-mocks (3.11.1) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-rails (5.1.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - railties (>= 5.2) - rspec-core (~> 3.10) - rspec-expectations (~> 3.10) - rspec-mocks (~> 3.10) - rspec-support (~> 3.10) + rspec-support (~> 3.12.0) + rspec-rails (6.0.1) + actionpack (>= 6.1) + activesupport (>= 6.1) + railties (>= 6.1) + rspec-core (~> 3.11) + rspec-expectations (~> 3.11) + rspec-mocks (~> 3.11) + rspec-support (~> 3.11) rspec-rerun (1.1.0) rspec (~> 3.0) - rspec-support (3.11.1) - rubocop (1.36.0) + rspec-support (3.12.0) + rswag-api (2.7.0) + railties (>= 3.1, < 7.1) + rswag-specs (2.7.0) + activesupport (>= 3.1, < 7.1) + json-schema (>= 2.2, < 4.0) + railties (>= 3.1, < 7.1) + rspec-core (>= 2.14) + rswag-ui (2.7.0) + actionpack (>= 3.1, < 7.1) + railties (>= 3.1, < 7.1) + rubocop (1.43.0) json (~> 2.3) parallel (~> 1.10) - parser (>= 3.1.2.1) + parser (>= 3.2.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.20.1, < 2.0) + rubocop-ast (>= 1.24.1, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.21.0) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.24.1) parser (>= 3.1.1.0) - rubocop-rails (2.16.1) + rubocop-rails (2.17.4) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.33.0, < 2.0) - rubocop-rspec (2.13.2) + rubocop-rspec (2.16.0) rubocop (~> 1.33) ruby-filemagic (0.7.3) ruby-ole (1.2.12.2) - ruby-prof (1.4.3) + ruby-prof (1.4.5) ruby-progressbar (1.11.0) ruby-units (3.0.0) ruby2_keywords (0.0.5) @@ -475,21 +517,21 @@ GEM simple_form (5.1.0) actionpack (>= 5.2) activemodel (>= 5.2) - simplecov (0.21.2) + simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov-lcov (0.8.0) simplecov_json_formatter (0.1.4) - sinatra (3.0.4) + sinatra (3.0.5) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) - rack-protection (= 3.0.4) + rack-protection (= 3.0.5) tilt (~> 2.0) - skinny (0.2.2) - eventmachine (~> 1.0) - thin + skinny (0.2.4) + eventmachine (~> 1.0.0) + thin (>= 1.5, < 1.7) spreadsheet (1.3.0) ruby-ole sprockets (3.7.2) @@ -503,17 +545,19 @@ GEM sqlite3-ruby (1.3.3) sqlite3 (>= 1.3.3) table_print (1.5.7) - temple (0.8.2) + temple (0.10.0) + terser (1.1.13) + execjs (>= 0.3.0, < 3) therubyracer (0.12.3) libv8 (~> 3.16.14.15) ref - thin (1.8.1) - daemons (~> 1.0, >= 1.0.9) - eventmachine (~> 1.0, >= 1.0.4) - rack (>= 1, < 3) + thin (1.6.2) + daemons (>= 1.0.9) + eventmachine (>= 1.0.0) + rack (>= 1.0.0) thor (1.2.1) - thread_safe (0.3.6) tilt (2.0.11) + timeout (0.3.1) ttfunk (1.7.0) twitter-bootstrap-rails (2.2.8) actionpack (>= 3.1) @@ -522,20 +566,18 @@ GEM railties (>= 3.1) twitter-text (1.14.7) unf (~> 0.1.0) - tzinfo (1.2.10) - thread_safe (~> 0.1) - uglifier (4.2.0) - execjs (>= 0.3.0, < 3) + tzinfo (2.0.5) + concurrent-ruby (~> 1.0) unf (0.1.4) unf_ext unf_ext (0.0.8.2) - unicode-display_width (2.3.0) + unicode-display_width (2.4.2) uniform_notifier (1.16.0) - web-console (3.7.0) - actionview (>= 5.0) - activemodel (>= 5.0) + web-console (4.2.0) + actionview (>= 6.0.0) + activemodel (>= 6.0.0) bindex (>= 0.4.0) - railties (>= 5.0) + railties (>= 6.0.0) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -549,15 +591,15 @@ GEM twitter-text xpath (3.2.0) nokogiri (~> 1.8) + zeitwerk (2.6.6) PLATFORMS - ruby + x86_64-linux DEPENDENCIES active_model_serializers (~> 0.10.0) acts_as_tree acts_as_versioned! - apivore apparition attribute_normalizer better_errors @@ -582,19 +624,20 @@ DEPENDENCIES foodsoft_polls! foodsoft_wiki! gaffe - haml + haml (~> 5.0) haml-rails hashie (~> 3.4.6) i18n-js (~> 3.0.0.rc8) i18n-spec ice_cube + importmap-rails (~> 1.1) inherited_resources jquery-rails kaminari less-rails listen + mail (~> 2.7.1) mailcatcher - meta_request midi-smtp-server mime-types mysql2 @@ -604,26 +647,30 @@ DEPENDENCIES pry-stack_explorer puma rack-cors - rails (~> 5.2) + rails (~> 7.0) rails-assets-listjs (= 0.2.0.beta.4) + rails-controller-testing rails-i18n rails-settings-cached (= 0.4.3) rails_tokeninput ransack - recurring_select + recurring_select! resque roo roo-xls rspec-core rspec-rails rspec-rerun + rswag-api + rswag-specs + rswag-ui rubocop rubocop-rails rubocop-rspec ruby-filemagic ruby-prof ruby-units - sass-rails + sassc-rails sd_notify select2-rails simple-navigation (~> 3.14.0) @@ -635,11 +682,11 @@ DEPENDENCIES sprockets (< 4) sqlite3 (~> 1.3.6) table_print + terser (~> 1.1) therubyracer twitter-bootstrap-rails (~> 2.2.8) - uglifier (>= 1.0.3) web-console whenever BUNDLED WITH - 1.17.3 + 2.4.5 diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application_legacy.js similarity index 100% rename from app/assets/javascripts/application.js rename to app/assets/javascripts/application_legacy.js diff --git a/app/controllers/finance/financial_transactions_controller.rb b/app/controllers/finance/financial_transactions_controller.rb index 930acebe..e0c53e19 100644 --- a/app/controllers/finance/financial_transactions_controller.rb +++ b/app/controllers/finance/financial_transactions_controller.rb @@ -18,7 +18,7 @@ class Finance::FinancialTransactionsController < ApplicationController sort = "created_on DESC" end - @q = FinancialTransaction.search(params[:q]) + @q = FinancialTransaction.ransack(params[:q]) @financial_transactions_all = @q.result(distinct: true).includes(:user).order(sort) @financial_transactions_all = @financial_transactions_all.visible unless params[:show_hidden] @financial_transactions_all = @financial_transactions_all.where(ordergroup_id: @ordergroup.id) if @ordergroup diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index 86f9e2eb..d01a78ca 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -18,7 +18,7 @@ class HomeController < ApplicationController @bank_accounts = @types.includes(:bank_account).map(&:bank_account).uniq.compact @bank_accounts = [BankAccount.last] if @bank_accounts.empty? else - redirect_to root_url, alert: I18n.t('group_orders.errors.no_member') + redirect_to root_path, alert: I18n.t('group_orders.errors.no_member') end end @@ -26,7 +26,7 @@ class HomeController < ApplicationController if @current_user.update(user_params) @current_user.ordergroup.update(ordergroup_params) if ordergroup_params session[:locale] = @current_user.locale - redirect_to my_profile_url, notice: I18n.t('home.changes_saved') + redirect_to my_profile_path, notice: I18n.t('home.changes_saved') else render :profile end @@ -64,7 +64,7 @@ class HomeController < ApplicationController # cancel personal memberships direct from the myProfile-page def cancel_membership if params[:membership_id] - membership = @current_user.memberships.find!(params[:membership_id]) + membership = @current_user.memberships.find(params[:membership_id]) else membership = @current_user.memberships.find_by_group_id!(params[:group_id]) end diff --git a/app/javascript/application.js b/app/javascript/application.js new file mode 100644 index 00000000..beff742e --- /dev/null +++ b/app/javascript/application.js @@ -0,0 +1 @@ +// Configure your import map in config/importmap.rb. Read more: https://github.com/rails/importmap-rails diff --git a/lib/api/errors.rb b/app/lib/api/errors.rb similarity index 100% rename from lib/api/errors.rb rename to app/lib/api/errors.rb diff --git a/lib/apple_bar.rb b/app/lib/apple_bar.rb similarity index 75% rename from lib/apple_bar.rb rename to app/lib/apple_bar.rb index a2176ea3..236417c6 100644 --- a/lib/apple_bar.rb +++ b/app/lib/apple_bar.rb @@ -14,23 +14,23 @@ class AppleBar def group_bar_state if apples >= 100 'success' + elsif FoodsoftConfig[:stop_ordering_under].present? && + (apples >= FoodsoftConfig[:stop_ordering_under]) + 'warning' else - if FoodsoftConfig[:stop_ordering_under].present? and - apples >= FoodsoftConfig[:stop_ordering_under] - 'warning' - else - 'danger' - end + 'danger' end end # Use apples as percentage, but show at least 10 percent def group_bar_width - @ordergroup.apples < 2 ? 2 : @ordergroup.apples + [@ordergroup.apples, 2].max end def mean_order_amount_per_job - (1 / @global_avg).round rescue 0 + (1 / @global_avg).round + rescue + 0 end def apples diff --git a/lib/articles_csv.rb b/app/lib/articles_csv.rb similarity index 87% rename from lib/articles_csv.rb rename to app/lib/articles_csv.rb index 910de9be..55bc7fc5 100644 --- a/lib/articles_csv.rb +++ b/app/lib/articles_csv.rb @@ -1,4 +1,4 @@ -class ArticlesCsv < RenderCSV +class ArticlesCsv < RenderCsv include ApplicationHelper def header @@ -16,7 +16,7 @@ class ArticlesCsv < RenderCSV Article.human_attribute_name(:unit_quantity), '', '', - Article.human_attribute_name(:article_category), + Article.human_attribute_name(:article_category) ] end @@ -36,7 +36,7 @@ class ArticlesCsv < RenderCSV o.unit_quantity, '', '', - o.article_category.try(:name), + o.article_category.try(:name) ] end end diff --git a/lib/bank_account_connector.rb b/app/lib/bank_account_connector.rb similarity index 90% rename from lib/bank_account_connector.rb rename to app/lib/bank_account_connector.rb index 93e7cc7c..b728ebb9 100644 --- a/lib/bank_account_connector.rb +++ b/app/lib/bank_account_connector.rb @@ -8,9 +8,7 @@ class BankAccountConnector nil end - def text - @text - end + attr_reader :text end class TextField @@ -24,13 +22,7 @@ class BankAccountConnector nil end - def name - @name - end - - def value - @value - end + attr_reader :name, :value def label @label || @name.to_s @@ -73,17 +65,7 @@ class BankAccountConnector @bank_account.iban end - def auto_submit - @auto_submit - end - - def controls - @controls - end - - def count - @count - end + attr_reader :auto_submit, :controls, :count def text(data) @controls += [TextItem.new(data)] @@ -142,11 +124,9 @@ class BankAccountConnector @bank_account.save! end - def load(data) - end + def load(data); end - def dump - end + def dump; end def t(key, args = {}) return t(".fields.#{key}") unless key.is_a? String diff --git a/lib/bank_account_connector_external.rb b/app/lib/bank_account_connector_external.rb similarity index 100% rename from lib/bank_account_connector_external.rb rename to app/lib/bank_account_connector_external.rb diff --git a/lib/bank_account_information_importer.rb b/app/lib/bank_account_information_importer.rb similarity index 100% rename from lib/bank_account_information_importer.rb rename to app/lib/bank_account_information_importer.rb diff --git a/lib/bank_transaction_reference.rb b/app/lib/bank_transaction_reference.rb similarity index 85% rename from lib/bank_transaction_reference.rb rename to app/lib/bank_transaction_reference.rb index d033c544..22b9f181 100644 --- a/lib/bank_transaction_reference.rb +++ b/app/lib/bank_transaction_reference.rb @@ -1,7 +1,7 @@ class BankTransactionReference # parses a string from a bank transaction field def self.parse(data) - m = /(^|[^\w\.])FS(?\d+)(\.(?\d+))?(?([A-Za-z]+\d+(\.\d+)?)+)([^\w\.]|$)/.match(data) + m = /(^|[^\w.])FS(?\d+)(\.(?\d+))?(?([A-Za-z]+\d+(\.\d+)?)+)([^\w.]|$)/.match(data) return unless m parts = {} @@ -13,7 +13,7 @@ class BankTransactionReference ret = { group: m[:group].to_i, parts: parts } ret[:user] = m[:user].to_i if m[:user] - return ret + ret end def self.js_code_for_user(user) diff --git a/lib/bank_transactions_csv.rb b/app/lib/bank_transactions_csv.rb similarity index 93% rename from lib/bank_transactions_csv.rb rename to app/lib/bank_transactions_csv.rb index 34c39403..4adbc192 100644 --- a/lib/bank_transactions_csv.rb +++ b/app/lib/bank_transactions_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class BankTransactionsCsv < RenderCSV +class BankTransactionsCsv < RenderCsv include ApplicationHelper def header diff --git a/lib/date_time_attribute_validate.rb b/app/lib/date_time_attribute_validate.rb similarity index 82% rename from lib/date_time_attribute_validate.rb rename to app/lib/date_time_attribute_validate.rb index 08138d02..23127898 100644 --- a/lib/date_time_attribute_validate.rb +++ b/app/lib/date_time_attribute_validate.rb @@ -27,12 +27,20 @@ module DateTimeAttributeValidate define_method("#{attribute}_date_value=") do |val| self.instance_variable_set("@#{attribute}_is_set", true) self.instance_variable_set("@#{attribute}_date_value", val) - self.send("#{attribute}_date=", val) rescue nil + begin + self.send("#{attribute}_date=", val) + rescue + nil + end end define_method("#{attribute}_time_value=") do |val| self.instance_variable_set("@#{attribute}_is_set", true) self.instance_variable_set("@#{attribute}_time_value", val) - self.send("#{attribute}_time=", val) rescue nil + begin + self.send("#{attribute}_time=", val) + rescue + nil + end end # fallback to field when values are not set @@ -48,11 +56,19 @@ module DateTimeAttributeValidate # validate date and time define_method("#{attribute}_datetime_value_valid") do date = self.instance_variable_get("@#{attribute}_date_value") - unless date.blank? || (Date.parse(date) rescue nil) + unless date.blank? || begin + Date.parse(date) + rescue + nil + end errors.add(attribute, "is not a valid date") # @todo I18n end time = self.instance_variable_get("@#{attribute}_time_value") - unless time.blank? || (Time.parse(time) rescue nil) + unless time.blank? || begin + Time.parse(time) + rescue + nil + end errors.add(attribute, "is not a valid time") # @todo I18n end end diff --git a/lib/financial_transactions_csv.rb b/app/lib/financial_transactions_csv.rb similarity index 95% rename from lib/financial_transactions_csv.rb rename to app/lib/financial_transactions_csv.rb index dc21d892..fc12d000 100644 --- a/lib/financial_transactions_csv.rb +++ b/app/lib/financial_transactions_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class FinancialTransactionsCsv < RenderCSV +class FinancialTransactionsCsv < RenderCsv include ApplicationHelper def header diff --git a/lib/foodsoft/expansion_variables.rb b/app/lib/foodsoft/expansion_variables.rb similarity index 96% rename from lib/foodsoft/expansion_variables.rb rename to app/lib/foodsoft/expansion_variables.rb index bcf67e7a..97f7b6bb 100644 --- a/lib/foodsoft/expansion_variables.rb +++ b/app/lib/foodsoft/expansion_variables.rb @@ -54,8 +54,8 @@ module Foodsoft # @param options [Hash] Extra variables to expand # @return [String] Expanded string def self.expand(str, options = {}) - str.gsub /{{([._a-zA-Z0-9]+)}}/ do - options[$1] || self.get($1) + str.gsub(/{{([._a-zA-Z0-9]+)}}/) do + options[::Regexp.last_match(1)] || self.get(::Regexp.last_match(1)) end end diff --git a/lib/foodsoft_config.rb b/app/lib/foodsoft_config.rb similarity index 98% rename from lib/foodsoft_config.rb rename to app/lib/foodsoft_config.rb index 5a370459..6ea166d3 100644 --- a/lib/foodsoft_config.rb +++ b/app/lib/foodsoft_config.rb @@ -44,6 +44,8 @@ class FoodsoftConfig # @return [ActiveSupport::HashWithIndifferentAccess] Current configuration from configuration file. mattr_accessor :config + mattr_accessor :default_config + # Configuration file location. # Taken from environment variable +FOODSOFT_APP_CONFIG+, # or else +config/app_config.yml+. @@ -189,7 +191,7 @@ class FoodsoftConfig # @return [Hash] Full configuration. def to_hash - keys.to_h { |k| [k, self[k]] } + keys.index_with { |k| self[k] } end # for using active_model_serializer in the api/v1/configs controller @@ -216,7 +218,6 @@ class FoodsoftConfig # end # # @return [Hash] Default configuration values - mattr_accessor :default_config private @@ -229,7 +230,7 @@ class FoodsoftConfig end def setup_database - database_config = ActiveRecord::Base.configurations[Rails.env] + database_config = ActiveRecord::Base.configurations.find_db_config(Rails.env).configuration_hash database_config = database_config.merge(config[:database]) if config[:database].present? ActiveRecord::Base.establish_connection(database_config) end diff --git a/lib/foodsoft_date_util.rb b/app/lib/foodsoft_date_util.rb similarity index 84% rename from lib/foodsoft_date_util.rb rename to app/lib/foodsoft_date_util.rb index 98dc1c61..a14ad453 100644 --- a/lib/foodsoft_date_util.rb +++ b/app/lib/foodsoft_date_util.rb @@ -6,7 +6,11 @@ module FoodsoftDateUtil schedule = IceCube::Schedule.new(start) schedule.add_recurrence_rule rule_from(options[:recurr]) # @todo handle ical parse errors - occ = (schedule.next_occurrence(from).to_time rescue nil) + occ = begin + schedule.next_occurrence(from).to_time + rescue + nil + end end if options && options[:time] && occ occ = occ.beginning_of_day.advance(seconds: Time.parse(options[:time]).seconds_since_midnight) @@ -17,9 +21,10 @@ module FoodsoftDateUtil # @param p [String, Symbol, Hash, IceCube::Rule] What to return a rule from. # @return [IceCube::Rule] Recurring rule def self.rule_from(p) - if p.is_a? String + case p + when String IceCube::Rule.from_ical(p) - elsif p.is_a? Hash + when Hash IceCube::Rule.from_hash(p) else p diff --git a/lib/foodsoft_file.rb b/app/lib/foodsoft_file.rb similarity index 100% rename from lib/foodsoft_file.rb rename to app/lib/foodsoft_file.rb diff --git a/lib/foodsoft_mail_receiver.rb b/app/lib/foodsoft_mail_receiver.rb similarity index 73% rename from lib/foodsoft_mail_receiver.rb rename to app/lib/foodsoft_mail_receiver.rb index 560e7edd..18e93be3 100644 --- a/lib/foodsoft_mail_receiver.rb +++ b/app/lib/foodsoft_mail_receiver.rb @@ -19,7 +19,7 @@ class FoodsoftMailReceiver < MidiSmtpServer::Smtpd private - def on_rcpt_to_event(ctx, rcpt_to) + def on_rcpt_to_event(_ctx, rcpt_to) recipient = rcpt_to.gsub(/^\s*<\s*(.*)\s*>\s*$/, '\1') @handlers << self.class.find_handler(recipient) rcpt_to @@ -29,20 +29,18 @@ class FoodsoftMailReceiver < MidiSmtpServer::Smtpd end def on_message_data_event(ctx) - begin - @handlers.each do |handler| - handler.call(ctx[:message][:data]) - end - rescue => error - ExceptionNotifier.notify_exception(error, data: ctx) - raise error - ensure - @handlers.clear + @handlers.each do |handler| + handler.call(ctx[:message][:data]) end + rescue => error + ExceptionNotifier.notify_exception(error, data: ctx) + raise error + ensure + @handlers.clear end def self.find_handler(recipient) - m = /(?[^@\.]+)\.(?
[^@]+)(@(?[^@]+))?/.match recipient + m = /(?[^@.]+)\.(?
[^@]+)(@(?[^@]+))?/.match recipient raise "recipient is missing or has an invalid format" if m.nil? raise "Foodcoop '#{m[:foodcoop]}' could not be found" unless FoodsoftConfig.allowed_foodcoop? m[:foodcoop] @@ -51,7 +49,7 @@ class FoodsoftMailReceiver < MidiSmtpServer::Smtpd @@registered_classes.each do |klass| if match = klass.regexp.match(m[:address]) handler = klass.new match - return lambda { |data| handler.received(data) } + return ->(data) { handler.received(data) } end end diff --git a/lib/invoices_csv.rb b/app/lib/invoices_csv.rb similarity index 95% rename from lib/invoices_csv.rb rename to app/lib/invoices_csv.rb index aa20cd08..eecad298 100644 --- a/lib/invoices_csv.rb +++ b/app/lib/invoices_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class InvoicesCsv < RenderCSV +class InvoicesCsv < RenderCsv include ApplicationHelper def header @@ -32,7 +32,7 @@ class InvoicesCsv < RenderCSV t.deposit, t.deposit_credit, t.paid_on, - t.note, + t.note ] end end diff --git a/lib/order_csv.rb b/app/lib/order_csv.rb similarity index 96% rename from lib/order_csv.rb rename to app/lib/order_csv.rb index 6ec96581..b238f90c 100644 --- a/lib/order_csv.rb +++ b/app/lib/order_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class OrderCsv < RenderCSV +class OrderCsv < RenderCsv def header [ OrderArticle.human_attribute_name(:units_to_order), diff --git a/lib/order_pdf.rb b/app/lib/order_pdf.rb similarity index 99% rename from lib/order_pdf.rb rename to app/lib/order_pdf.rb index 034ca51f..164be66b 100644 --- a/lib/order_pdf.rb +++ b/app/lib/order_pdf.rb @@ -1,4 +1,4 @@ -class OrderPdf < RenderPDF +class OrderPdf < RenderPdf attr_reader :order def initialize(order, options = {}) diff --git a/lib/order_txt.rb b/app/lib/order_txt.rb similarity index 81% rename from lib/order_txt.rb rename to app/lib/order_txt.rb index 5ad1fba6..7f23e705 100644 --- a/lib/order_txt.rb +++ b/app/lib/order_txt.rb @@ -1,5 +1,5 @@ class OrderTxt - def initialize(order, options = {}) + def initialize(order, _options = {}) @order = order end @@ -15,10 +15,10 @@ class OrderTxt text += "****** " + I18n.t('orders.fax.to_address') + "\n\n" text += "#{FoodsoftConfig[:name]}\n#{contact[:street]}\n#{contact[:zip_code]} #{contact[:city]}\n\n" text += "****** " + I18n.t('orders.fax.articles') + "\n\n" - text += "%8s %8s %s\n" % [I18n.t('orders.fax.number'), I18n.t('orders.fax.amount'), I18n.t('orders.fax.name')] + text += format("%8s %8s %s\n", I18n.t('orders.fax.number'), I18n.t('orders.fax.amount'), I18n.t('orders.fax.name')) # now display all ordered articles @order.order_articles.ordered.includes([:article, :article_price]).each do |oa| - text += "%8s %8d %s\n" % [oa.article.order_number, oa.units_to_order.to_i, oa.article.name] + text += format("%8s %8d %s\n", oa.article.order_number, oa.units_to_order.to_i, oa.article.name) end text end diff --git a/lib/ordergroups_csv.rb b/app/lib/ordergroups_csv.rb similarity index 85% rename from lib/ordergroups_csv.rb rename to app/lib/ordergroups_csv.rb index c41d2e83..f6fba00f 100644 --- a/lib/ordergroups_csv.rb +++ b/app/lib/ordergroups_csv.rb @@ -1,4 +1,4 @@ -class OrdergroupsCsv < RenderCSV +class OrdergroupsCsv < RenderCsv include ApplicationHelper def header @@ -14,9 +14,9 @@ class OrdergroupsCsv < RenderCSV Ordergroup.human_attribute_name(:break_start), Ordergroup.human_attribute_name(:break_end), Ordergroup.human_attribute_name(:last_user_activity), - Ordergroup.human_attribute_name(:last_order), + Ordergroup.human_attribute_name(:last_order) ] - row + Ordergroup.custom_fields.map { |f| f[:label] } + row + Ordergroup.custom_fields.pluck(:label) end def data @@ -33,7 +33,7 @@ class OrdergroupsCsv < RenderCSV o.break_start, o.break_end, o.last_user_activity, - o.last_order.try(:starts), + o.last_order.try(:starts) ] yield row + Ordergroup.custom_fields.map { |f| o.settings.custom_fields[f[:name]] } end diff --git a/lib/render_csv.rb b/app/lib/render_csv.rb similarity index 98% rename from lib/render_csv.rb rename to app/lib/render_csv.rb index b900f1f7..1f20b075 100644 --- a/lib/render_csv.rb +++ b/app/lib/render_csv.rb @@ -1,6 +1,6 @@ require 'csv' -class RenderCSV +class RenderCsv include ActionView::Helpers::NumberHelper def initialize(object, options = {}) diff --git a/lib/render_pdf.rb b/app/lib/render_pdf.rb similarity index 97% rename from lib/render_pdf.rb rename to app/lib/render_pdf.rb index a5cde2b6..479dc4a3 100644 --- a/lib/render_pdf.rb +++ b/app/lib/render_pdf.rb @@ -18,7 +18,7 @@ class RotatedCell < Prawn::Table::Cell::Text (height + (border_top_width / 2.0) + (border_bottom_width / 2.0)) / tan_rotation end - def styled_width_of(text) + def styled_width_of(_text) options = @text_options.reject { |k| k == :style } with_font { (@pdf.height_of(@content, options) + padding_top + padding_bottom) / tan_rotation } end @@ -52,7 +52,7 @@ class RotatedCell < Prawn::Table::Cell::Text end end -class RenderPDF < Prawn::Document +class RenderPdf < Prawn::Document include ActionView::Helpers::NumberHelper include ApplicationHelper @@ -156,9 +156,10 @@ class RenderPDF < Prawn::Document def pdf_add_page_breaks?(docid = nil) docid ||= self.class.name.underscore cfg = FoodsoftConfig[:pdf_add_page_breaks] - if cfg.is_a? Array + case cfg + when Array cfg.index(docid.to_s).any? - elsif cfg.is_a? Hash + when Hash cfg[docid.to_s] else cfg diff --git a/lib/spreadsheet_file.rb b/app/lib/spreadsheet_file.rb similarity index 100% rename from lib/spreadsheet_file.rb rename to app/lib/spreadsheet_file.rb diff --git a/lib/templates/haml/scaffold/_form.html.haml b/app/lib/templates/haml/scaffold/_form.html.haml similarity index 100% rename from lib/templates/haml/scaffold/_form.html.haml rename to app/lib/templates/haml/scaffold/_form.html.haml diff --git a/lib/token_verifier.rb b/app/lib/token_verifier.rb similarity index 97% rename from lib/token_verifier.rb rename to app/lib/token_verifier.rb index a8a0f1eb..b481d60f 100644 --- a/lib/token_verifier.rb +++ b/app/lib/token_verifier.rb @@ -21,8 +21,6 @@ class TokenVerifier < ActiveSupport::MessageVerifier # return original message if r.length > 2 r[2] - else - nil end end @@ -32,8 +30,6 @@ class TokenVerifier < ActiveSupport::MessageVerifier class InvalidPrefix < ActiveSupport::MessageVerifier::InvalidSignature; end - protected - def self.secret # secret_key_base for Rails 4, but Rails 3 initializer may still be used Foodsoft::Application.config.secret_key_base || Foodsoft::Application.config.secret_token diff --git a/lib/users_csv.rb b/app/lib/users_csv.rb similarity index 97% rename from lib/users_csv.rb rename to app/lib/users_csv.rb index 56ec3a23..a7d54698 100644 --- a/lib/users_csv.rb +++ b/app/lib/users_csv.rb @@ -1,4 +1,4 @@ -class UsersCsv < RenderCSV +class UsersCsv < RenderCsv include ApplicationHelper def header diff --git a/app/models/group_order.rb b/app/models/group_order.rb index c789ef4e..f3153c44 100644 --- a/app/models/group_order.rb +++ b/app/models/group_order.rb @@ -32,8 +32,8 @@ class GroupOrder < ApplicationRecord # Generate some data for the javascript methods in ordering view def load_data data = {} - data[:account_balance] = ordergroup.nil? ? BigDecimal.new('+Infinity') : ordergroup.account_balance - data[:available_funds] = ordergroup.nil? ? BigDecimal.new('+Infinity') : ordergroup.get_available_funds(self) + data[:account_balance] = ordergroup.nil? ? BigDecimal('+Infinity') : ordergroup.account_balance + data[:available_funds] = ordergroup.nil? ? BigDecimal('+Infinity') : ordergroup.get_available_funds(self) # load prices and other stuff.... data[:order_articles] = {} diff --git a/app/views/layouts/_header.html.haml b/app/views/layouts/_header.html.haml index 974ce8f2..66e14355 100644 --- a/app/views/layouts/_header.html.haml +++ b/app/views/layouts/_header.html.haml @@ -8,10 +8,10 @@ = csrf_meta_tags = stylesheet_link_tag "application", :media => "all" //%link(href="images/favicon.ico" rel="shortcut icon") - = yield(:head) = foodcoop_css_tag + %body = yield @@ -19,7 +19,9 @@ Javascripts \================================================== / Placed at the end of the document so the pages load faster - = javascript_include_tag "application" + = javascript_importmap_tags + = javascript_include_tag "application_legacy" + :javascript I18n.defaultLocale = "#{I18n.default_locale}"; I18n.locale = "#{I18n.locale}"; diff --git a/bin/importmap b/bin/importmap new file mode 100755 index 00000000..36502ab1 --- /dev/null +++ b/bin/importmap @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby + +require_relative "../config/application" +require "importmap/commands" diff --git a/bin/setup b/bin/setup index 94fd4d79..ec47b79b 100755 --- a/bin/setup +++ b/bin/setup @@ -1,36 +1,33 @@ #!/usr/bin/env ruby -require 'fileutils' -include FileUtils +require "fileutils" # path to your application root. -APP_ROOT = File.expand_path('..', __dir__) +APP_ROOT = File.expand_path("..", __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") end -chdir APP_ROOT do - # This script is a starting point to setup your application. +FileUtils.chdir APP_ROOT do + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. - puts '== Installing dependencies ==' - system! 'gem install bundler --conservative' - system('bundle check') || system!('bundle install') - - # Install JavaScript dependencies if using Yarn - # system('bin/yarn') + puts "== Installing dependencies ==" + system! "gem install bundler --conservative" + system("bundle check") || system!("bundle install") # puts "\n== Copying sample files ==" - # unless File.exist?('config/database.yml') - # cp 'config/database.yml.sample', 'config/database.yml' + # unless File.exist?("config/database.yml") + # FileUtils.cp "config/database.yml.sample", "config/database.yml" # end puts "\n== Preparing database ==" - system! 'bin/rails db:setup' + system! "bin/rails db:prepare" puts "\n== Removing old logs and tempfiles ==" - system! 'bin/rails log:clear tmp:clear' + system! "bin/rails log:clear tmp:clear" puts "\n== Restarting application server ==" - system! 'bin/rails restart' + system! "bin/rails restart" end diff --git a/config/application.rb b/config/application.rb index 544e534c..9c0ade99 100644 --- a/config/application.rb +++ b/config/application.rb @@ -9,7 +9,7 @@ Bundler.require(*Rails.groups) module Foodsoft class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 5.0 + config.load_defaults 7.0 # Settings in config/environments/* take precedence over those specified here. # Application configuration can go into files in config/initializers @@ -36,9 +36,6 @@ module Foodsoft # Configure the default encoding used in templates for Ruby 1.9. config.encoding = "utf-8" - # TODO: Remove this. See CVE-2022-32224 for details. - config.active_record.yaml_column_permitted_classes = [BigDecimal, Date, Symbol, Time] - # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true @@ -66,6 +63,12 @@ module Foodsoft # Load legacy scripts from vendor config.assets.precompile += ['vendor/assets/javascripts/*.js'] + config.active_record.yaml_column_permitted_classes = [Symbol, BigDecimal] + + config.autoloader = :zeitwerk + + # Ex:- :default =>'' + # CORS for API config.middleware.insert_before 0, Rack::Cors do allow do diff --git a/config/environments/production.rb b/config/environments/production.rb index 0560b38d..d08234e5 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,3 +1,5 @@ +require "active_support/core_ext/integer/time" + # Foodsoft production configuration. # # This file is in the public domain. @@ -27,23 +29,23 @@ Rails.application.configure do config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? # Compress JavaScripts and CSS. - config.assets.js_compressor = :uglifier + config.assets.js_compressor = :terser config.assets.css_compressor = :sass # Do not fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX - # Store uploaded files on the local file system (see config/storage.yml for options) + # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local - # Mount Action Cable outside main process or domain + # Mount Action Cable outside main process or domain. # config.action_cable.mount_path = nil # config.action_cable.url = 'wss://example.com/cable' # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] @@ -51,6 +53,8 @@ Rails.application.configure do # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = ENV["RAILS_FORCE_SSL"] != "false" + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). # Set to :debug to see everything in the log. config.log_level = :info @@ -63,6 +67,10 @@ Rails.application.configure do # Use a different cache store in production. # config.cache_store = :mem_cache_store + # Use a real queuing backend for Active Job (and separate queues per environment). + # config.active_job.queue_adapter = :resque + # config.active_job.queue_name_prefix = "foodsoft_production" + config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. @@ -98,7 +106,7 @@ Rails.application.configure do end # Use default logging formatter so that PID and timestamp are not suppressed. - config.log_formatter = ::Logger::Formatter.new + config.log_formatter = Logger::Formatter.new # Use a different logger for distributed setups. # require 'syslog/logger' diff --git a/config/environments/test.rb b/config/environments/test.rb index ccf3767f..6ea4d1e7 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,30 +1,31 @@ -# Foodsoft test configuration. -# -# This file is in the public domain. +require "active_support/core_ext/integer/time" + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that - # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! + # Turn false under Spring and add config.action_view.cache_template_loading = true. config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.to_i}" + "Cache-Control" => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false + config.cache_store = :null_store # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false @@ -32,7 +33,7 @@ Rails.application.configure do # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false - # Store uploaded files on the local file system in a temporary directory + # Store uploaded files on the local file system in a temporary directory. config.active_storage.service = :test config.action_mailer.perform_caching = false @@ -45,6 +46,15 @@ Rails.application.configure do # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + + # Raises error for missing translations. + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true end diff --git a/config/importmap.rb b/config/importmap.rb new file mode 100644 index 00000000..050818ab --- /dev/null +++ b/config/importmap.rb @@ -0,0 +1,2 @@ +# Pin npm packages by running ./bin/importmap +pin "application", preload: true \ No newline at end of file diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index 4b828e80..e1c4d5fa 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -5,10 +5,8 @@ Rails.application.config.assets.version = '1.0' # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path -# Add Yarn node_modules folder to the asset load path. -Rails.application.config.assets.paths << Rails.root.join('node_modules') # Precompile additional assets. # application.js, application.css, and all non-JS/CSS in the app/assets # folder are already added. -# Rails.application.config.assets.precompile += %w( admin.js admin.css ) +Rails.application.config.assets.precompile += %w( application_legacy.js jquery.min.js ) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index d3bcaa5e..54f47cf1 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,25 +1,25 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -# Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https - -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap and inline scripts +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true # end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb new file mode 100644 index 00000000..e5a82f16 --- /dev/null +++ b/config/initializers/cors.rb @@ -0,0 +1,16 @@ +# Be sure to restart your server when you modify this file. + +# Avoid CORS issues when API is called from the frontend app. +# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests. + +# Read more: https://github.com/cyu/rack-cors + +# Rails.application.config.middleware.insert_before 0, Rack::Cors do +# allow do +# origins "example.com" +# +# resource "*", +# headers: :any, +# methods: [:get, :post, :put, :patch, :delete, :options, :head] +# end +# end diff --git a/config/initializers/currency_display.rb b/config/initializers/currency_display.rb index 7caa6a64..71d108d2 100644 --- a/config/initializers/currency_display.rb +++ b/config/initializers/currency_display.rb @@ -1,7 +1,7 @@ # remove all currency translations, so that we can set the default language and # have it shown in all other languages too -::I18n.available_locales.each do |locale| - unless locale == ::I18n.default_locale - ::I18n.backend.store_translations(locale, number: { currency: { format: { unit: nil } } }) +I18n.available_locales.each do |locale| + unless locale == I18n.default_locale + I18n.backend.store_translations(locale, number: { currency: { format: { unit: nil } } }) end end diff --git a/config/initializers/extensions.rb b/config/initializers/extensions.rb index 799f52e6..68c7c8f4 100644 --- a/config/initializers/extensions.rb +++ b/config/initializers/extensions.rb @@ -3,7 +3,7 @@ class String # remove comma from decimal inputs def self.delocalized_decimal(string) if !string.blank? and string.is_a?(String) - BigDecimal.new(string.sub(',', '.')) + BigDecimal(string.sub(',', '.')) else string end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1e..adc6568c 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. +Rails.application.config.filter_parameters += [ + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] diff --git a/config/initializers/mail_receiver.rb b/config/initializers/mail_receiver.rb index 67288cc1..088d7c93 100644 --- a/config/initializers/mail_receiver.rb +++ b/config/initializers/mail_receiver.rb @@ -1 +1,3 @@ -FoodsoftMailReceiver.register BounceMailReceiver +Rails.application.config.to_prepare do + FoodsoftMailReceiver.register BounceMailReceiver +end diff --git a/config/initializers/new_framework_defaults.rb b/config/initializers/new_framework_defaults.rb deleted file mode 100644 index fac64e0a..00000000 --- a/config/initializers/new_framework_defaults.rb +++ /dev/null @@ -1,17 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 5.0 upgrade. -# -# Once upgraded flip defaults one by one to migrate to the new default. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. - -# Enable per-form CSRF tokens. Previous versions had false. -Rails.application.config.action_controller.per_form_csrf_tokens = false - -# Enable origin-checking CSRF mitigation. Previous versions had false. -Rails.application.config.action_controller.forgery_protection_origin_check = false - -# Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`. -# Previous versions had false. -ActiveSupport.to_time_preserves_timezone = false diff --git a/config/initializers/new_framework_defaults_5_1.rb b/config/initializers/new_framework_defaults_5_1.rb deleted file mode 100644 index 9010abd5..00000000 --- a/config/initializers/new_framework_defaults_5_1.rb +++ /dev/null @@ -1,14 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 5.1 upgrade. -# -# Once upgraded flip defaults one by one to migrate to the new default. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. - -# Make `form_with` generate non-remote forms. -Rails.application.config.action_view.form_with_generates_remote_forms = false - -# Unknown asset fallback will return the path passed in when the given -# asset is not present in the asset pipeline. -# Rails.application.config.assets.unknown_asset_fallback = false diff --git a/config/initializers/new_framework_defaults_5_2.rb b/config/initializers/new_framework_defaults_5_2.rb deleted file mode 100644 index 5132a0b1..00000000 --- a/config/initializers/new_framework_defaults_5_2.rb +++ /dev/null @@ -1,38 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 5.2 upgrade. -# -# Once upgraded flip defaults one by one to migrate to the new default. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. - -# Make Active Record use stable #cache_key alongside new #cache_version method. -# This is needed for recyclable cache keys. -# Rails.application.config.active_record.cache_versioning = true - -# Use AES-256-GCM authenticated encryption for encrypted cookies. -# Also, embed cookie expiry in signed or encrypted cookies for increased security. -# -# This option is not backwards compatible with earlier Rails versions. -# It's best enabled when your entire app is migrated and stable on 5.2. -# -# Existing cookies will be converted on read then written with the new scheme. -# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true - -# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages -# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true. -# Rails.application.config.active_support.use_authenticated_message_encryption = true - -# Add default protection from forgery to ActionController::Base instead of in -# ApplicationController. -# Rails.application.config.action_controller.default_protect_from_forgery = true - -# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and -# 'f' after migrating old data. -Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true - -# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. -# Rails.application.config.active_support.use_sha1_digests = true - -# Make `form_with` generate id attributes for any generated HTML tags. -# Rails.application.config.action_view.form_with_generates_ids = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb new file mode 100644 index 00000000..00f64d71 --- /dev/null +++ b/config/initializers/permissions_policy.rb @@ -0,0 +1,11 @@ +# Define an application-wide HTTP permissions policy. For further +# information see https://developers.google.com/web/updates/2018/06/feature-policy +# +# Rails.application.config.permissions_policy do |f| +# f.camera :none +# f.gyroscope :none +# f.microphone :none +# f.usb :none +# f.fullscreen :self +# f.payment :self, "https://secure.example.com" +# end diff --git a/config/initializers/rails6_backports.rb b/config/initializers/rails6_backports.rb deleted file mode 100644 index b72f4220..00000000 --- a/config/initializers/rails6_backports.rb +++ /dev/null @@ -1,98 +0,0 @@ -raise "Remove no-longer-needed #{__FILE__}!" if Rails::VERSION::MAJOR >= 6 - -require "weakref" - -module ActiveRecord - # Backport https://github.com/rails/rails/pull/36998 and https://github.com/rails/rails/pull/36999 - # to avoid `ThreadError: can't create Thread: Resource temporarily unavailable` issues - module ConnectionAdapters - class ConnectionPool - class Reaper - @mutex = Mutex.new - @pools = {} - @threads = {} - - class << self - def register_pool(pool, frequency) # :nodoc: - @mutex.synchronize do - unless @threads[frequency]&.alive? - @threads[frequency] = spawn_thread(frequency) - end - @pools[frequency] ||= [] - @pools[frequency] << WeakRef.new(pool) - end - end - - private - - def spawn_thread(frequency) - Thread.new(frequency) do |t| - running = true - while running - sleep t - @mutex.synchronize do - @pools[frequency].select!(&:weakref_alive?) - @pools[frequency].each do |p| - p.reap - p.flush - rescue WeakRef::RefError - end - - if @pools[frequency].empty? - @pools.delete(frequency) - @threads.delete(frequency) - running = false - end - end - end - end - end - end - - def run - return unless frequency && frequency > 0 - - self.class.register_pool(pool, frequency) - end - end - - def reap - stale_connections = synchronize do - return unless @connections - - @connections.select do |conn| - conn.in_use? && !conn.owner.alive? - end.each(&:steal!) - end - - stale_connections.each do |conn| - if conn.active? - conn.reset! - checkin conn - else - remove conn - end - end - end - - def flush(minimum_idle = @idle_timeout) - return if minimum_idle.nil? - - idle_connections = synchronize do - return unless @connections - - @connections.select do |conn| - !conn.in_use? && conn.seconds_idle >= minimum_idle - end.each do |conn| - conn.lease - - @available.delete conn - @connections.delete conn - end - end - - idle_connections.each(&:disconnect!) - end - end - end -end diff --git a/config/initializers/rswag_api.rb b/config/initializers/rswag_api.rb new file mode 100644 index 00000000..e4b798f6 --- /dev/null +++ b/config/initializers/rswag_api.rb @@ -0,0 +1,13 @@ +Rswag::Api.configure do |c| + # Specify a root folder where Swagger JSON files are located + # This is used by the Swagger middleware to serve requests for API descriptions + # NOTE: If you're using rswag-specs to generate Swagger, you'll need to ensure + # that it's configured to generate files in the same folder + c.swagger_root = Rails.root.to_s + '/swagger' + + # Inject a lambda function to alter the returned Swagger prior to serialization + # The function will have access to the rack env for the current request + # For example, you could leverage this to dynamically assign the "host" property + # + # c.swagger_filter = lambda { |swagger, env| swagger['host'] = env['HTTP_HOST'] } +end diff --git a/config/initializers/rswag_ui.rb b/config/initializers/rswag_ui.rb new file mode 100644 index 00000000..cc9f2ef8 --- /dev/null +++ b/config/initializers/rswag_ui.rb @@ -0,0 +1,15 @@ +Rswag::Ui.configure do |c| + # List the Swagger endpoints that you want to be documented through the + # swagger-ui. The first parameter is the path (absolute or relative to the UI + # host) to the corresponding endpoint and the second is a title that will be + # displayed in the document selector. + # NOTE: If you're using rspec-api to expose Swagger files + # (under swagger_root) as JSON or YAML endpoints, then the list below should + # correspond to the relative paths for those endpoints. + + c.swagger_endpoint '/api-docs/v1/swagger.yaml', 'API V1 Docs' + + # Add Basic Auth in case your API is private + # c.basic_auth_enabled = true + # c.basic_auth_credentials 'username', 'password' +end diff --git a/config/initializers/zeitwerk.rb b/config/initializers/zeitwerk.rb new file mode 100644 index 00000000..9c505a26 --- /dev/null +++ b/config/initializers/zeitwerk.rb @@ -0,0 +1,5 @@ +# config/initializers/zeitwerk.rb +ActiveSupport::Dependencies + .autoload_paths + .delete("#{Rails.root}/app/controllers/concerns") + \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 5b27eba4..83e65707 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,4 +1,6 @@ Rails.application.routes.draw do + mount Rswag::Ui::Engine => '/api-docs' + mount Rswag::Api::Engine => '/api-docs' get "order_comments/new" get "comments/new" diff --git a/db/migrate/20230106144438_add_service_name_to_active_storage_blobs.active_storage.rb b/db/migrate/20230106144438_add_service_name_to_active_storage_blobs.active_storage.rb new file mode 100644 index 00000000..a15c6ce8 --- /dev/null +++ b/db/migrate/20230106144438_add_service_name_to_active_storage_blobs.active_storage.rb @@ -0,0 +1,22 @@ +# This migration comes from active_storage (originally 20190112182829) +class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0] + def up + return unless table_exists?(:active_storage_blobs) + + unless column_exists?(:active_storage_blobs, :service_name) + add_column :active_storage_blobs, :service_name, :string + + if configured_service = ActiveStorage::Blob.service.name + ActiveStorage::Blob.unscoped.update_all(service_name: configured_service) + end + + change_column :active_storage_blobs, :service_name, :string, null: false + end + end + + def down + return unless table_exists?(:active_storage_blobs) + + remove_column :active_storage_blobs, :service_name + end +end diff --git a/db/migrate/20230106144439_create_active_storage_variant_records.active_storage.rb b/db/migrate/20230106144439_create_active_storage_variant_records.active_storage.rb new file mode 100644 index 00000000..e1020fc9 --- /dev/null +++ b/db/migrate/20230106144439_create_active_storage_variant_records.active_storage.rb @@ -0,0 +1,28 @@ +# This migration comes from active_storage (originally 20191206030411) +class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0] + def change + return unless table_exists?(:active_storage_blobs) + + # Use Active Record's configured type for primary key + create_table :active_storage_variant_records, id: primary_key_type, if_not_exists: true do |t| + t.belongs_to :blob, null: false, index: false, type: blobs_primary_key_type + t.string :variation_digest, null: false + + t.index [:blob_id, :variation_digest], name: "index_active_storage_variant_records_uniqueness", unique: true + t.foreign_key :active_storage_blobs, column: :blob_id + end + end + + private + + def primary_key_type + config = Rails.configuration.generators + config.options[config.orm][:primary_key_type] || :primary_key + end + + def blobs_primary_key_type + pkey_name = connection.primary_key(:active_storage_blobs) + pkey_column = connection.columns(:active_storage_blobs).find { |c| c.name == pkey_name } + pkey_column.bigint? ? :bigint : pkey_column.type + end +end diff --git a/db/migrate/20230106144440_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb b/db/migrate/20230106144440_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb new file mode 100644 index 00000000..93c8b85a --- /dev/null +++ b/db/migrate/20230106144440_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb @@ -0,0 +1,8 @@ +# This migration comes from active_storage (originally 20211119233751) +class RemoveNotNullOnActiveStorageBlobsChecksum < ActiveRecord::Migration[6.0] + def change + return unless table_exists?(:active_storage_blobs) + + change_column_null(:active_storage_blobs, :checksum, true) + end +end diff --git a/db/schema.rb b/db/schema.rb index ce812b3f..50c24c41 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2,54 +2,60 @@ # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. # -# Note that this schema.rb definition is the authoritative source for your -# database schema. If you need to create the application database on another -# system, you should be using db:schema:load, not running all the migrations -# from scratch. The latter is a flawed and unsustainable approach (the more migrations -# you'll amass, the slower it'll run and the greater likelihood for issues). +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to +# be faster and is potentially less error prone than running all of your +# migrations from scratch. Old migrations may fail to apply correctly if those +# migrations use external dependencies or application code. # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2021_02_05_090257) do - - create_table "active_storage_attachments", id: :integer, force: :cascade do |t| +ActiveRecord::Schema[7.0].define(version: 2023_01_06_144440) do + create_table "active_storage_attachments", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", null: false t.string "record_type", null: false t.bigint "record_id", null: false t.bigint "blob_id", null: false - t.datetime "created_at", null: false + t.datetime "created_at", precision: nil, null: false t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id" t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true end - create_table "active_storage_blobs", id: :integer, force: :cascade do |t| + create_table "active_storage_blobs", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "key", null: false t.string "filename", null: false t.string "content_type" t.text "metadata" t.bigint "byte_size", null: false - t.string "checksum", null: false - t.datetime "created_at", null: false + t.string "checksum" + t.datetime "created_at", precision: nil, null: false + t.string "service_name", null: false t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true end - create_table "article_categories", id: :integer, force: :cascade do |t| + create_table "active_storage_variant_records", charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + t.integer "blob_id", null: false + t.string "variation_digest", null: false + t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true + end + + create_table "article_categories", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", default: "", null: false t.string "description" t.index ["name"], name: "index_article_categories_on_name", unique: true end - create_table "article_prices", id: :integer, force: :cascade do |t| + create_table "article_prices", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "article_id", null: false t.decimal "price", precision: 8, scale: 2, default: "0.0", null: false t.decimal "tax", precision: 8, scale: 2, default: "0.0", null: false t.decimal "deposit", precision: 8, scale: 2, default: "0.0", null: false t.integer "unit_quantity" - t.datetime "created_at" + t.datetime "created_at", precision: nil t.index ["article_id"], name: "index_article_prices_on_article_id" end - create_table "articles", id: :integer, force: :cascade do |t| + create_table "articles", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", default: "", null: false t.integer "supplier_id", default: 0, null: false t.integer "article_category_id", default: 0, null: false @@ -58,15 +64,15 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.boolean "availability", default: true, null: false t.string "manufacturer" t.string "origin" - t.datetime "shared_updated_on" + t.datetime "shared_updated_on", precision: nil t.decimal "price", precision: 8, scale: 2 t.float "tax" t.decimal "deposit", precision: 8, scale: 2, default: "0.0" t.integer "unit_quantity", default: 1, null: false t.string "order_number" - t.datetime "created_at" - t.datetime "updated_at" - t.datetime "deleted_at" + t.datetime "created_at", precision: nil + t.datetime "updated_at", precision: nil + t.datetime "deleted_at", precision: nil t.string "type" t.integer "quantity", default: 0 t.index ["article_category_id"], name: "index_articles_on_article_category_id" @@ -75,31 +81,31 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.index ["type"], name: "index_articles_on_type" end - create_table "assignments", id: :integer, force: :cascade do |t| + create_table "assignments", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "user_id", default: 0, null: false t.integer "task_id", default: 0, null: false t.boolean "accepted", default: false t.index ["user_id", "task_id"], name: "index_assignments_on_user_id_and_task_id", unique: true end - create_table "bank_accounts", id: :integer, force: :cascade do |t| + create_table "bank_accounts", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", null: false t.string "iban" t.string "description" t.decimal "balance", precision: 12, scale: 2, default: "0.0", null: false - t.datetime "last_import" + t.datetime "last_import", precision: nil t.string "import_continuation_point" t.integer "bank_gateway_id" end - create_table "bank_gateways", id: :integer, force: :cascade do |t| + create_table "bank_gateways", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", null: false t.string "url", null: false t.string "authorization" t.integer "unattended_user_id" end - create_table "bank_transactions", id: :integer, force: :cascade do |t| + create_table "bank_transactions", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "bank_account_id", null: false t.string "external_id" t.date "date" @@ -108,32 +114,32 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.string "reference" t.text "text" t.text "receipt" - t.binary "image", limit: 16777215 + t.binary "image", size: :medium t.integer "financial_link_id" t.index ["financial_link_id"], name: "index_bank_transactions_on_financial_link_id" end - create_table "documents", id: :integer, force: :cascade do |t| + create_table "documents", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name" t.string "mime" - t.binary "data", limit: 4294967295 + t.binary "data", size: :long t.integer "created_by_user_id" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", precision: nil + t.datetime "updated_at", precision: nil t.integer "parent_id" t.index ["parent_id"], name: "index_documents_on_parent_id" end - create_table "financial_links", id: :integer, force: :cascade do |t| + create_table "financial_links", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.text "note" end - create_table "financial_transaction_classes", id: :integer, force: :cascade do |t| + create_table "financial_transaction_classes", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", null: false t.boolean "ignore_for_account_balance", default: false, null: false end - create_table "financial_transaction_types", id: :integer, force: :cascade do |t| + create_table "financial_transaction_types", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", null: false t.integer "financial_transaction_class_id", null: false t.string "name_short" @@ -141,12 +147,12 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.index ["name_short"], name: "index_financial_transaction_types_on_name_short" end - create_table "financial_transactions", id: :integer, force: :cascade do |t| + create_table "financial_transactions", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "ordergroup_id" t.decimal "amount", precision: 8, scale: 2, default: "0.0", null: false t.text "note", null: false t.integer "user_id", default: 0, null: false - t.datetime "created_on", null: false + t.datetime "created_on", precision: nil, null: false t.integer "financial_transaction_type_id", null: false t.integer "financial_link_id" t.integer "reverts_id" @@ -155,20 +161,20 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.index ["reverts_id"], name: "index_financial_transactions_on_reverts_id", unique: true end - create_table "group_order_article_quantities", id: :integer, force: :cascade do |t| + create_table "group_order_article_quantities", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "group_order_article_id", default: 0, null: false t.integer "quantity", default: 0 t.integer "tolerance", default: 0 - t.datetime "created_on", null: false + t.datetime "created_on", precision: nil, null: false t.index ["group_order_article_id"], name: "index_group_order_article_quantities_on_group_order_article_id" end - create_table "group_order_articles", id: :integer, force: :cascade do |t| + create_table "group_order_articles", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "group_order_id", default: 0, null: false t.integer "order_article_id", default: 0, null: false t.integer "quantity", default: 0, null: false t.integer "tolerance", default: 0, null: false - t.datetime "updated_on", null: false + t.datetime "updated_on", precision: nil, null: false t.decimal "result", precision: 8, scale: 3 t.decimal "result_computed", precision: 8, scale: 3 t.index ["group_order_id", "order_article_id"], name: "goa_index", unique: true @@ -176,12 +182,12 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.index ["order_article_id"], name: "index_group_order_articles_on_order_article_id" end - create_table "group_orders", id: :integer, force: :cascade do |t| + create_table "group_orders", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "ordergroup_id" t.integer "order_id", default: 0, null: false t.decimal "price", precision: 8, scale: 2, default: "0.0", null: false t.integer "lock_version", default: 0, null: false - t.datetime "updated_on", null: false + t.datetime "updated_on", precision: nil, null: false t.integer "updated_by_user_id" t.decimal "transport", precision: 8, scale: 2 t.index ["order_id"], name: "index_group_orders_on_order_id" @@ -189,18 +195,18 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.index ["ordergroup_id"], name: "index_group_orders_on_ordergroup_id" end - create_table "groups", id: :integer, force: :cascade do |t| + create_table "groups", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "type", default: "", null: false t.string "name", default: "", null: false t.string "description" t.decimal "account_balance", precision: 12, scale: 2, default: "0.0", null: false - t.datetime "created_on", null: false + t.datetime "created_on", precision: nil, null: false t.boolean "role_admin", default: false, null: false t.boolean "role_suppliers", default: false, null: false t.boolean "role_article_meta", default: false, null: false t.boolean "role_finance", default: false, null: false t.boolean "role_orders", default: false, null: false - t.datetime "deleted_at" + t.datetime "deleted_at", precision: nil t.string "contact_person" t.string "contact_phone" t.string "contact_address" @@ -214,16 +220,16 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.index ["name"], name: "index_groups_on_name", unique: true end - create_table "invites", id: :integer, force: :cascade do |t| + create_table "invites", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "token", default: "", null: false - t.datetime "expires_at", null: false + t.datetime "expires_at", precision: nil, null: false t.integer "group_id", default: 0, null: false t.integer "user_id", default: 0, null: false t.string "email", default: "", null: false t.index ["token"], name: "index_invites_on_token" end - create_table "invoices", id: :integer, force: :cascade do |t| + create_table "invoices", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "supplier_id" t.string "number" t.date "date" @@ -232,16 +238,16 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.decimal "amount", precision: 8, scale: 2, default: "0.0", null: false t.decimal "deposit", precision: 8, scale: 2, default: "0.0", null: false t.decimal "deposit_credit", precision: 8, scale: 2, default: "0.0", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", precision: nil + t.datetime "updated_at", precision: nil t.integer "created_by_user_id" t.string "attachment_mime" - t.binary "attachment_data", limit: 16777215 + t.binary "attachment_data", size: :medium t.integer "financial_link_id" t.index ["supplier_id"], name: "index_invoices_on_supplier_id" end - create_table "links", id: :integer, force: :cascade do |t| + create_table "links", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", null: false t.string "url", null: false t.integer "workgroup_id" @@ -249,81 +255,81 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.string "authorization" end - create_table "mail_delivery_status", id: :integer, force: :cascade do |t| - t.datetime "created_at" + create_table "mail_delivery_status", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + t.datetime "created_at", precision: nil t.string "email", null: false t.string "message", null: false t.string "attachment_mime" - t.binary "attachment_data", limit: 4294967295 + t.binary "attachment_data", size: :long t.index ["email"], name: "index_mail_delivery_status_on_email" end - create_table "memberships", id: :integer, force: :cascade do |t| + create_table "memberships", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "group_id", default: 0, null: false t.integer "user_id", default: 0, null: false t.index ["user_id", "group_id"], name: "index_memberships_on_user_id_and_group_id", unique: true end - create_table "message_recipients", id: :integer, force: :cascade do |t| + create_table "message_recipients", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "message_id", null: false t.integer "user_id", null: false t.integer "email_state", default: 0, null: false - t.datetime "read_at" + t.datetime "read_at", precision: nil t.index ["message_id"], name: "index_message_recipients_on_message_id" t.index ["user_id", "read_at"], name: "index_message_recipients_on_user_id_and_read_at" end - create_table "messages", id: :integer, force: :cascade do |t| + create_table "messages", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "sender_id" t.string "subject", null: false t.text "body" t.boolean "private", default: false - t.datetime "created_at" + t.datetime "created_at", precision: nil t.integer "reply_to" t.integer "group_id" t.string "salt" - t.binary "received_email", limit: 16777215 + t.binary "received_email", size: :medium end - create_table "oauth_access_grants", id: :integer, force: :cascade do |t| + create_table "oauth_access_grants", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "resource_owner_id", null: false t.integer "application_id", null: false t.string "token", null: false t.integer "expires_in", null: false t.text "redirect_uri", null: false - t.datetime "created_at", null: false - t.datetime "revoked_at" + t.datetime "created_at", precision: nil, null: false + t.datetime "revoked_at", precision: nil t.string "scopes" t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true end - create_table "oauth_access_tokens", id: :integer, force: :cascade do |t| + create_table "oauth_access_tokens", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "resource_owner_id" t.integer "application_id" t.string "token", null: false t.string "refresh_token" t.integer "expires_in" - t.datetime "revoked_at" - t.datetime "created_at", null: false + t.datetime "revoked_at", precision: nil + t.datetime "created_at", precision: nil, null: false t.string "scopes" t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id" t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true end - create_table "oauth_applications", id: :integer, force: :cascade do |t| + create_table "oauth_applications", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", null: false t.string "uid", null: false t.string "secret", null: false t.text "redirect_uri", null: false t.string "scopes", default: "", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", precision: nil + t.datetime "updated_at", precision: nil t.boolean "confidential", default: true, null: false t.index ["uid"], name: "index_oauth_applications_on_uid", unique: true end - create_table "order_articles", id: :integer, force: :cascade do |t| + create_table "order_articles", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "order_id", default: 0, null: false t.integer "article_id", default: 0, null: false t.integer "quantity", default: 0, null: false @@ -337,45 +343,45 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.index ["order_id"], name: "index_order_articles_on_order_id" end - create_table "order_comments", id: :integer, force: :cascade do |t| + create_table "order_comments", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "order_id" t.integer "user_id" t.text "text" - t.datetime "created_at" + t.datetime "created_at", precision: nil t.index ["order_id"], name: "index_order_comments_on_order_id" end - create_table "orders", id: :integer, force: :cascade do |t| + create_table "orders", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "supplier_id" t.text "note" - t.datetime "starts" - t.datetime "ends" + t.datetime "starts", precision: nil + t.datetime "ends", precision: nil t.string "state", default: "open" t.integer "lock_version", default: 0, null: false t.integer "updated_by_user_id" t.decimal "foodcoop_result", precision: 8, scale: 2 t.integer "created_by_user_id" - t.datetime "boxfill" + t.datetime "boxfill", precision: nil t.integer "invoice_id" t.date "pickup" - t.datetime "last_sent_mail" + t.datetime "last_sent_mail", precision: nil t.integer "end_action", default: 0, null: false t.decimal "transport", precision: 8, scale: 2 t.index ["state"], name: "index_orders_on_state" end - create_table "page_versions", id: :integer, force: :cascade do |t| + create_table "page_versions", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "page_id" t.integer "lock_version" t.text "body" t.integer "updated_by" t.integer "redirect" t.integer "parent_id" - t.datetime "updated_at" + t.datetime "updated_at", precision: nil t.index ["page_id"], name: "index_page_versions_on_page_id" end - create_table "pages", id: :integer, force: :cascade do |t| + create_table "pages", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "title" t.text "body" t.string "permalink" @@ -383,41 +389,41 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.integer "updated_by" t.integer "redirect" t.integer "parent_id" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", precision: nil + t.datetime "updated_at", precision: nil t.index ["permalink"], name: "index_pages_on_permalink" t.index ["title"], name: "index_pages_on_title" end - create_table "periodic_task_groups", id: :integer, force: :cascade do |t| + create_table "periodic_task_groups", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.date "next_task_date" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "created_at", precision: nil, null: false + t.datetime "updated_at", precision: nil, null: false end - create_table "poll_choices", id: :integer, force: :cascade do |t| + create_table "poll_choices", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "poll_vote_id", null: false t.integer "choice", null: false t.integer "value", null: false t.index ["poll_vote_id", "choice"], name: "index_poll_choices_on_poll_vote_id_and_choice", unique: true end - create_table "poll_votes", id: :integer, force: :cascade do |t| + create_table "poll_votes", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "poll_id", null: false t.integer "user_id", null: false t.integer "ordergroup_id" t.text "note" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", precision: nil + t.datetime "updated_at", precision: nil t.index ["poll_id", "user_id", "ordergroup_id"], name: "index_poll_votes_on_poll_id_and_user_id_and_ordergroup_id", unique: true end - create_table "polls", id: :integer, force: :cascade do |t| + create_table "polls", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "created_by_user_id", null: false t.string "name", null: false t.text "description" - t.datetime "starts" - t.datetime "ends" + t.datetime "starts", precision: nil + t.datetime "ends", precision: nil t.boolean "one_vote_per_ordergroup", default: false, null: false t.text "required_ordergroup_custom_fields" t.text "required_user_custom_fields" @@ -427,66 +433,66 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.integer "multi_select_count", default: 0, null: false t.integer "min_points" t.integer "max_points" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", precision: nil + t.datetime "updated_at", precision: nil t.index ["final_choice"], name: "index_polls_on_final_choice" end - create_table "printer_job_updates", id: :integer, force: :cascade do |t| + create_table "printer_job_updates", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "printer_job_id", null: false - t.datetime "created_at", null: false + t.datetime "created_at", precision: nil, null: false t.string "state", null: false t.text "message" t.index ["printer_job_id", "created_at"], name: "index_printer_job_updates_on_printer_job_id_and_created_at" end - create_table "printer_jobs", id: :integer, force: :cascade do |t| + create_table "printer_jobs", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "order_id" t.string "document", null: false t.integer "created_by_user_id", null: false t.integer "finished_by_user_id" - t.datetime "finished_at" + t.datetime "finished_at", precision: nil t.index ["finished_at"], name: "index_printer_jobs_on_finished_at" end - create_table "settings", id: :integer, force: :cascade do |t| + create_table "settings", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "var", null: false t.text "value" t.integer "thing_id" t.string "thing_type", limit: 30 - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "created_at", precision: nil, null: false + t.datetime "updated_at", precision: nil, null: false t.index ["thing_type", "thing_id", "var"], name: "index_settings_on_thing_type_and_thing_id_and_var", unique: true end - create_table "stock_changes", id: :integer, force: :cascade do |t| + create_table "stock_changes", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "stock_event_id" t.integer "order_id" t.integer "stock_article_id" t.integer "quantity", default: 0 - t.datetime "created_at" + t.datetime "created_at", precision: nil t.index ["stock_article_id"], name: "index_stock_changes_on_stock_article_id" t.index ["stock_event_id"], name: "index_stock_changes_on_stock_event_id" end - create_table "stock_events", id: :integer, force: :cascade do |t| + create_table "stock_events", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.integer "supplier_id" t.date "date" - t.datetime "created_at" + t.datetime "created_at", precision: nil t.text "note" t.integer "invoice_id" t.string "type", null: false t.index ["supplier_id"], name: "index_stock_events_on_supplier_id" end - create_table "supplier_categories", id: :integer, force: :cascade do |t| + create_table "supplier_categories", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", null: false t.string "description" t.integer "financial_transaction_class_id" t.integer "bank_account_id" end - create_table "suppliers", id: :integer, force: :cascade do |t| + create_table "suppliers", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", default: "", null: false t.string "address", default: "", null: false t.string "phone", default: "", null: false @@ -501,21 +507,21 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.string "note" t.integer "shared_supplier_id" t.string "min_order_quantity" - t.datetime "deleted_at" + t.datetime "deleted_at", precision: nil t.string "shared_sync_method" t.string "iban" t.integer "supplier_category_id" t.index ["name"], name: "index_suppliers_on_name", unique: true end - create_table "tasks", id: :integer, force: :cascade do |t| + create_table "tasks", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "name", default: "", null: false t.text "description" t.date "due_date" t.boolean "done", default: false t.integer "workgroup_id" - t.datetime "created_on", null: false - t.datetime "updated_on", null: false + t.datetime "created_on", precision: nil, null: false + t.datetime "updated_on", precision: nil, null: false t.integer "required_users", default: 1 t.integer "duration", default: 1 t.integer "periodic_task_group_id" @@ -525,7 +531,7 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.index ["workgroup_id"], name: "index_tasks_on_workgroup_id" end - create_table "users", id: :integer, force: :cascade do |t| + create_table "users", id: :integer, charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| t.string "nick" t.string "password_hash", default: "", null: false t.string "password_salt", default: "", null: false @@ -533,15 +539,16 @@ ActiveRecord::Schema.define(version: 2021_02_05_090257) do t.string "last_name", default: "", null: false t.string "email", default: "", null: false t.string "phone" - t.datetime "created_on", null: false + t.datetime "created_on", precision: nil, null: false t.string "reset_password_token" - t.datetime "reset_password_expires" - t.datetime "last_login" - t.datetime "last_activity" - t.datetime "deleted_at" + t.datetime "reset_password_expires", precision: nil + t.datetime "last_login", precision: nil + t.datetime "last_activity", precision: nil + t.datetime "deleted_at", precision: nil t.string "iban" t.index ["email"], name: "index_users_on_email", unique: true t.index ["nick"], name: "index_users_on_nick", unique: true end + add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id" end diff --git a/db/seeds/seed_helper.rb b/db/seeds/seed_helper.rb index 574be356..a1f958bf 100644 --- a/db/seeds/seed_helper.rb +++ b/db/seeds/seed_helper.rb @@ -8,10 +8,10 @@ def seed_group_orders # order 3..12 times a random article go = og.group_orders.create!(order: order, updated_by_user_id: 1) - (3 + rand(10)).times do + (rand(10) + 3).times do goa = go.group_order_articles.find_or_create_by!(order_article: order.order_articles.offset(rand(noas)).first) unit_quantity = goa.order_article.price.unit_quantity - goa.update_quantities rand([4, 2 * unit_quantity + 2].max), rand(unit_quantity) + goa.update_quantities rand([4, unit_quantity * 2 + 2].max), rand(unit_quantity) end end # update totals diff --git a/doc/API.md b/doc/API.md index 2e09cfa4..f295e82f 100644 --- a/doc/API.md +++ b/doc/API.md @@ -5,9 +5,11 @@ like listing open orders, updating the ordergroup's order, and listing financial transactions. Not all Foodsoft functionality is available through the API, but we're open for new additions. -The API is documented using [Open API 2.0](https://github.com/OAI/OpenAPI-Specification) -/ [Swagger](https://swagger.io/) in [swagger.v1.yml](swagger.v1.yml). +The API is documented using [Open API 3.0.1](https://github.com/OAI/OpenAPI-Specification) +/ [Swagger](https://swagger.io/) in [swagger.yaml](/swagger/v1/swagger.yaml). This provides a machine-readable reference that is used to provide documentation. +It is generated by [rswag](https://github.com/rswag) wich also provides api-tests. +It can be generated running `RAILS_ENV=test rails rswag`. **Note:** the current OAuth scopes may be subject to change, until the next release of Foodsoft. diff --git a/doc/swagger.v1.yml b/doc/swagger.v1.yml deleted file mode 100644 index d8e793d3..00000000 --- a/doc/swagger.v1.yml +++ /dev/null @@ -1,1106 +0,0 @@ -swagger: '2.0' -info: - title: Foodsoft API v1 - version: '1.0.0' - description: > - [Foodsoft](https://github.com/foodcoops/foodsoft) is web-based software to manage - a non-profit food coop (product catalog, ordering, accounting, job scheduling). - - - This is a description of Foodsoft's API v1. - - - Note that each food cooperative typically has their own instance (on a shared - server or their own installation), and there are just as many APIs (if the Foodsoft - version is recent enough). - This API description points to the default development url with the default - Foodsoft scope - that would be [http://localhost:3000/f](http://localhost:3000/f). - - You may find the search parameters for index endpoints lacking. They are not - documented here, because there are too many combinations. For now, you'll need - to resort to [Ransack](https://github.com/activerecord-hackery/ransack) and - looking at Foodsoft's `ransackable_*` model class methods. -externalDocs: - description: General Foodsoft API documentation - url: https://github.com/foodcoops/foodsoft/blob/master/doc/API.md - -# development url with default scope -host: localhost:3000 -schemes: - - 'http' -basePath: /f/api/v1 - -produces: - - 'application/json' - -paths: - /user: - get: - summary: info about the currently logged-in user - tags: - - 1. User - responses: - 200: - description: success - schema: - type: object - properties: - user: - $ref: '#/definitions/User' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope - schema: - $ref: '#/definitions/Error403' - security: - - foodsoft_auth: ['user:read', 'user:write'] - - /user/financial_overview: - get: - summary: financial summary about the currently logged-in user - tags: - - 1. User - - 6. FinancialTransaction - responses: - 200: - description: success - schema: - type: object - properties: - financial_overview: - $ref: '#/definitions/FinanceOverview' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope - schema: - $ref: '#/definitions/Error403' - security: - - foodsoft_auth: ['finance:user'] - - /user/financial_transactions: - get: - summary: financial transactions of the member's ordergroup - tags: - - 1. User - - 6. FinancialTransaction - parameters: - - $ref: '#/parameters/page' - - $ref: '#/parameters/per_page' - responses: - 200: - description: success - schema: - type: object - properties: - financial_transactions: - type: array - items: - $ref: '#/definitions/FinancialTransaction' - meta: - $ref: '#/definitions/Meta' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: user has no ordergroup or missing scope - schema: - $ref: '#/definitions/Error403' - security: - - foodsoft_auth: ['finance:user'] - post: - summary: create new financial transaction (requires enabled self service) - tags: - - 1. User - - 6. FinancialTransaction - parameters: - - in: body - name: body - description: financial transaction to create - required: true - schema: - $ref: '#/definitions/FinancialTransactionForCreate' - responses: - 200: - description: success - schema: - type: object - properties: - financial_transaction: - $ref: '#/definitions/FinancialTransaction' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: user has no ordergroup, is below minimum balance, self service is disabled, or missing scope - schema: - $ref: '#/definitions/Error403' - 404: - description: financial transaction type not found - schema: - $ref: '#/definitions/Error404' - 422: - description: invalid parameter value - schema: - $ref: '#/definitions/Error422' - /user/financial_transactions/{id}: - parameters: - - $ref: '#/parameters/idInUrl' - get: - summary: find financial transaction by id - tags: - - 1. User - - 6. FinancialTransaction - responses: - 200: - description: success - schema: - type: object - properties: - financial_transaction: - $ref: '#/definitions/FinancialTransaction' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: user has no ordergroup or missing scope - schema: - $ref: '#/definitions/Error403' - 404: - description: not found - schema: - $ref: '#/definitions/Error404' - security: - - foodsoft_auth: ['finance:user'] - - /user/group_order_articles: - get: - summary: group order articles - tags: - - 1. User - - 2. Order - parameters: - - $ref: '#/parameters/page' - - $ref: '#/parameters/per_page' - - $ref: '#/parameters/q_ordered' - responses: - 200: - description: success - schema: - type: object - properties: - group_order_articles: - type: array - items: - $ref: '#/definitions/GroupOrderArticle' - meta: - $ref: '#/definitions/Meta' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: user has no ordergroup or missing scope - schema: - $ref: '#/definitions/Error403' - security: - - foodsoft_auth: ['group_orders:user'] - post: - summary: create new group order article - tags: - - 1. User - - 2. Order - parameters: - - in: body - name: body - description: group order article to create - required: true - schema: - $ref: '#/definitions/GroupOrderArticleForCreate' - responses: - 200: - description: success - schema: - type: object - properties: - group_order_article: - $ref: '#/definitions/GroupOrderArticle' - order_article: - $ref: '#/definitions/OrderArticle' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope - schema: - $ref: '#/definitions/Error403' - 404: - description: order article not found in open orders - schema: - $ref: '#/definitions/Error404' - 422: - description: invalid parameter value or group order article already exists - schema: - $ref: '#/definitions/Error422' - /user/group_order_articles/{id}: - parameters: - - $ref: '#/parameters/idInUrl' - get: - summary: find group order article by id - tags: - - 1. User - - 2. Order - responses: - 200: - description: success - schema: - type: object - properties: - group_order_article: - $ref: '#/definitions/GroupOrderArticle' - order_article: - $ref: '#/definitions/OrderArticle' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: user has no ordergroup or missing scope - schema: - $ref: '#/definitions/Error403' - 404: - description: not found - schema: - $ref: '#/definitions/Error404' - security: - - foodsoft_auth: ['group_orders:user'] - patch: - summary: update a group order article (but delete if quantity and tolerance are zero) - tags: - - 1. User - - 2. Order - parameters: - - $ref: '#/parameters/idInUrl' - - in: body - name: body - description: group order article update - required: true - schema: - $ref: '#/definitions/GroupOrderArticleForUpdate' - responses: - 200: - description: success - schema: - type: object - properties: - group_order_article: - $ref: '#/definitions/GroupOrderArticle' - order_article: - $ref: '#/definitions/OrderArticle' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope - schema: - $ref: '#/definitions/Error403' - 404: - description: order article not found in open orders - schema: - $ref: '#/definitions/Error404' - 422: - description: invalid parameter value - schema: - $ref: '#/definitions/Error422' - delete: - summary: remove group order article - tags: - - 1. User - - 2. Order - parameters: - - $ref: '#/parameters/idInUrl' - responses: - 200: - description: success - schema: - type: object - properties: - group_order_article: - $ref: '#/definitions/GroupOrderArticle' - order_article: - $ref: '#/definitions/OrderArticle' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope - schema: - $ref: '#/definitions/Error403' - 404: - description: order article not found in open orders - schema: - $ref: '#/definitions/Error404' - - /financial_transactions: - get: - summary: financial transactions - tags: - - 6. FinancialTransaction - parameters: - - $ref: '#/parameters/page' - - $ref: '#/parameters/per_page' - responses: - 200: - description: success - schema: - type: object - properties: - financial_transactions: - type: array - items: - $ref: '#/definitions/FinancialTransaction' - meta: - $ref: '#/definitions/Meta' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope or no permission - schema: - $ref: '#/definitions/Error403' - security: - - foodsoft_auth: ['finance:read', 'finance:write'] - /financial_transactions/{id}: - parameters: - - $ref: '#/parameters/idInUrl' - get: - summary: find financial transaction by id - tags: - - 6. FinancialTransaction - responses: - 200: - description: success - schema: - type: object - properties: - financial_transaction: - $ref: '#/definitions/FinancialTransaction' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope or no permission - schema: - $ref: '#/definitions/Error403' - 404: - description: not found - schema: - $ref: '#/definitions/Error404' - security: - - foodsoft_auth: ['finance:read', 'finance:write'] - /orders: - get: - summary: orders - tags: - - 2. Order - parameters: - - $ref: '#/parameters/page' - - $ref: '#/parameters/per_page' - responses: - 200: - description: success - schema: - type: object - properties: - orders: - type: array - items: - $ref: '#/definitions/Order' - meta: - $ref: '#/definitions/Meta' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope or no permission - schema: - $ref: '#/definitions/Error403' - security: - - foodsoft_auth: ['orders:read', 'orders:write'] - /orders/{id}: - parameters: - - $ref: '#/parameters/idInUrl' - get: - summary: find order by id - tags: - - 2. Order - responses: - 200: - description: success - schema: - type: object - properties: - order: - $ref: '#/definitions/Order' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope or no permission - schema: - $ref: '#/definitions/Error403' - 404: - description: not found - schema: - $ref: '#/definitions/Error404' - security: - - foodsoft_auth: ['orders:read', 'orders:write'] - /order_articles: - get: - summary: order articles - tags: - - 2. Order - parameters: - - $ref: '#/parameters/page' - - $ref: '#/parameters/per_page' - - $ref: '#/parameters/q_ordered' - responses: - 200: - description: success - schema: - type: object - properties: - order_articles: - type: array - items: - $ref: '#/definitions/OrderArticle' - meta: - $ref: '#/definitions/Meta' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope or no permission - schema: - $ref: '#/definitions/Error403' - security: - - foodsoft_auth: ['group_orders:user'] - /order_articles/{id}: - parameters: - - $ref: '#/parameters/idInUrl' - get: - summary: find order article by id - tags: - - 2. Order - responses: - 200: - description: success - schema: - type: object - properties: - order_article: - $ref: '#/definitions/OrderArticle' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope or no permission - schema: - $ref: '#/definitions/Error403' - 404: - description: not found - schema: - $ref: '#/definitions/Error404' - security: - - foodsoft_auth: ['orders:read', 'orders:write'] - /article_categories: - get: - summary: article categories - tags: - - 2. Category - parameters: - - $ref: '#/parameters/page' - - $ref: '#/parameters/per_page' - responses: - 200: - description: success - schema: - type: object - properties: - article_categories: - type: array - items: - $ref: '#/definitions/ArticleCategory' - meta: - $ref: '#/definitions/Meta' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - - security: - - foodsoft_auth: ['all'] - /article_categories/{id}: - parameters: - - $ref: '#/parameters/idInUrl' - get: - summary: find article category by id - tags: - - 2. Category - responses: - 200: - description: success - schema: - type: object - properties: - article_category: - $ref: '#/definitions/ArticleCategory' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 404: - description: not found - schema: - $ref: '#/definitions/Error404' - security: - - foodsoft_auth: ['all'] - - /financial_transaction_classes: - get: - summary: financial transaction classes - tags: - - 2. Category - parameters: - - $ref: '#/parameters/page' - - $ref: '#/parameters/per_page' - responses: - 200: - description: success - schema: - type: object - properties: - financial_transaction_classes: - type: array - items: - $ref: '#/definitions/FinancialTransactionClass' - meta: - $ref: '#/definitions/Meta' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - - security: - - foodsoft_auth: ['all'] - /financial_transaction_classes/{id}: - parameters: - - $ref: '#/parameters/idInUrl' - get: - summary: find financial transaction class by id - tags: - - 2. Category - responses: - 200: - description: success - schema: - type: object - properties: - financial_transaction_class: - $ref: '#/definitions/FinancialTransactionClass' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 404: - description: not found - schema: - $ref: '#/definitions/Error404' - security: - - foodsoft_auth: ['all'] - - /financial_transaction_types: - get: - summary: financial transaction types - tags: - - 2. Category - parameters: - - $ref: '#/parameters/page' - - $ref: '#/parameters/per_page' - responses: - 200: - description: success - schema: - type: object - properties: - financial_transaction_types: - type: array - items: - $ref: '#/definitions/FinancialTransactionType' - meta: - $ref: '#/definitions/Meta' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - - security: - - foodsoft_auth: ['all'] - /financial_transaction_types/{id}: - parameters: - - $ref: '#/parameters/idInUrl' - get: - summary: find financial transaction type by id - tags: - - 2. Category - responses: - 200: - description: success - schema: - type: object - properties: - financial_transaction_type: - $ref: '#/definitions/FinancialTransactionType' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 404: - description: not found - schema: - $ref: '#/definitions/Error404' - security: - - foodsoft_auth: ['all'] - - /config: - get: - summary: configuration variables - tags: - - 7. General - responses: - 200: - description: success - schema: - type: object - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - 403: - description: missing scope or no permission - schema: - $ref: '#/definitions/Error403' - security: - - foodsoft_auth: ['config:user', 'config:read', 'config:write'] - /navigation: - get: - summary: navigation - tags: - - 7. General - responses: - 200: - description: success - schema: - type: object - properties: - navigation: - $ref: '#/definitions/Navigation' - 401: - description: not logged-in - schema: - $ref: '#/definitions/Error401' - security: - - foodsoft_auth: [] - -parameters: - # url parameters - idInUrl: - name: id - type: integer - in: path - minimum: 1 - required: true - - # query parameters - page: - name: page - type: integer - in: query - description: page number - minimum: 0 - default: 0 - per_page: - name: per_page - type: integer - in: query - description: items per page - minimum: 0 - default: 20 - - # non-ransack query parameters - q_ordered: - name: q[ordered] - type: string - in: query - description: "'member' show articles ordered by the user's ordergroup, 'all' by all members, and 'supplier' ordered at the supplier" - enum: ['member', 'all', 'supplier'] - -definitions: - # models - User: - type: object - properties: - id: - type: integer - name: - type: string - description: full name - email: - type: string - description: email address - locale: - type: string - description: language code - required: ['id', 'name', 'email'] - - FinancialTransactionForCreate: - type: object - properties: - amount: - type: number - description: amount credited (negative for a debit transaction) - financial_transaction_type_id: - type: integer - description: id of the type of the transaction - note: - type: string - description: note entered with the transaction - required: ['amount', 'financial_transaction_type_id', 'note'] - FinancialTransaction: - allOf: - - $ref: '#/definitions/FinancialTransactionForCreate' - - type: object - properties: - id: - type: integer - user_id: - type: ['integer', 'null'] - description: id of user who entered the transaction (may be null for deleted users or 0 for a system user) - user_name: - type: ['string', 'null'] - description: name of user who entered the transaction (may be null or empty string for deleted users or system users) - financial_transaction_type_name: - type: string - description: name of the type of the transaction - created_at: - type: string - format: date-time - description: when the transaction was entered - required: ['id', 'user_id', 'user_name', 'financial_transaction_type_name', 'created_at'] - - FinancialTransactionClass: - type: object - properties: - id: - type: integer - name: - type: string - description: full name - required: ['id', 'name'] - - FinancialTransactionType: - type: object - properties: - id: - type: integer - name: - type: string - description: full name - name_short: - type: ['string', 'null'] - description: short name (used for bank transfers) - bank_account_id: - type: ['integer', 'null'] - description: id of the bank account used for this transaction type - bank_account_name: - type: ['string', 'null'] - description: name of the bank account used for this transaction type - bank_account_iban: - type: ['string', 'null'] - description: IBAN of the bank account used for this transaction type - financial_transaction_class_id: - type: integer - description: id of the class of the transaction - financial_transaction_class_name: - type: string - description: name of the class of the transaction - required: ['id', 'name', 'financial_transaction_class_id', 'financial_transaction_class_name'] - - FinanceOverview: - type: object - properties: - account_balance: - type: number - description: booked accout balance of ordergroup - available_funds: - type: number - description: fund available to order articles - financial_transaction_class_sums: - type: array - items: - type: object - properties: - id: - type: integer - description: id of the financial transaction class - name: - type: string - description: name of the financial transaction class - amount: - type: number - description: sum of the amounts belonging to the financial transaction class - required: ['id', 'name', 'amount'] - required: ['account_balance', 'available_funds', 'financial_transaction_class_sums'] - - ArticleCategory: - type: object - properties: - id: - type: integer - name: - type: string - required: ['id', 'name'] - - Order: - type: object - properties: - id: - type: integer - name: - type: string - description: name of the order's supplier (or stock) - starts: - type: string - format: date-time - description: when the order was opened - ends: - type: ['string', 'null'] - format: date-time - description: when the order will close or was closed - boxfill: - type: ['string', 'null'] - format: date-time - description: when the order will enter or entered the boxfill phase - pickup: - type: ['string', 'null'] - format: date - description: pickup date - is_open: - type: boolean - description: if the order is currently open or not - is_boxfill: - type: boolean - description: if the order is currently in the boxfill phase or not - - Article: - type: object - properties: - id: - type: integer - name: - type: string - supplier_id: - type: integer - description: id of supplier, or 0 for stock articles - supplier_name: - type: ['string', 'null'] - description: name of the supplier, or null for stock articles - unit: - type: string - description: amount of each unit, e.g. "100 g" or "kg" - unit_quantity: - type: integer - description: units can only be ordered from the supplier in multiples of unit_quantity - note: - type: ['string', 'null'] - description: generic note - manufacturer: - type: ['string', 'null'] - description: manufacturer - origin: - type: ['string', 'null'] - description: origin, preferably (starting with a) 2-letter ISO country code - article_category_id: - type: integer - description: id of article category - quantity_available: - type: integer - description: number of units available (only present on stock articles) - required: ['id', 'name', 'supplier_id', 'supplier_name', 'unit', 'unit_quantity', 'note', 'manufacturer', 'origin', 'article_category_id'] - - OrderArticle: - type: object - properties: - id: - type: integer - order_id: - type: integer - description: id of order this order article belongs to - price: - type: number - format: float - description: foodcoop price - quantity: - type: integer - description: number of units ordered by members - tolerance: - type: integer - description: number of extra units that members are willing to buy to fill a box - units_to_order: - type: integer - description: number of units to order from the supplier - article: - $ref: '#/definitions/Article' - - GroupOrderArticleForUpdate: - type: object - properties: - quantity: - type: integer - description: number of units ordered by the user's ordergroup - tolerance: - type: integer - description: number of extra units the user's ordergroup is willing to buy for filling a box - GroupOrderArticleForCreate: - allOf: - - $ref: '#/definitions/GroupOrderArticleForUpdate' - - type: object - properties: - order_article_id: - type: integer - description: id of order article - GroupOrderArticle: - allOf: - - $ref: '#/definitions/GroupOrderArticleForCreate' - - type: object - properties: - id: - type: integer - result: - type: number - format: float - description: number of units the user's ordergroup will receive or has received - total_price: - type: number - format: float - description: total price of this group order article - - Navigation: - type: array - items: - type: object - properties: - name: - type: string - description: title - url: - type: string - description: link - items: - $ref: '#/definitions/Navigation' - required: ['name'] - minProperties: 2 # name+url or name+items - - # collection meta object in root of a response - Meta: - type: object - properties: - page: - type: integer - description: page number of the returned collection - per_page: - type: integer - description: number of items per page - total_pages: - type: integer - description: total number of pages - total_count: - type: integer - description: total number of items in the collection - required: ['page', 'per_page', 'total_pages', 'total_count'] - - Error: - type: object - properties: - error: - type: string - description: error code - error_description: - type: string - description: human-readable error message (localized) - Error404: - type: object - properties: - error: - type: string - description: 'not_found' - error_description: - $ref: '#/definitions/Error/properties/error_description' - Error401: - type: object - properties: - error: - type: string - description: 'unauthorized' - error_description: - $ref: '#/definitions/Error/properties/error_description' - Error403: - type: object - properties: - error: - type: string - description: 'forbidden or invalid_scope' - error_description: - $ref: '#/definitions/Error/properties/error_description' - Error422: - type: object - properties: - error: - type: string - description: unprocessable entity - error_description: - $ref: '#/definitions/Error/properties/error_description' - - -securityDefinitions: - foodsoft_auth: - type: oauth2 - flow: implicit - authorizationUrl: http://localhost:3000/f/oauth/authorize - scopes: - config:user: reading Foodsoft configuration for regular users - config:read: reading Foodsoft configuration values - config:write: reading and updating Foodsoft configuration values - finance:user: accessing your own financial transactions - finance:read: reading all financial transactions - finance:write: reading and creating financial transactions - user:read: reading your own user profile - user:write: reading and updating your own user profile - offline_access: retain access after user has logged out diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index 0a8b3fec..b0a325db 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -11,6 +11,7 @@ services: build: context: . dockerfile: Dockerfile-dev + platform: linux/x86_64 command: ./proc-start worker volumes: - bundle:/usr/local/bundle diff --git a/plugins/current_orders/app/controllers/current_orders/articles_controller.rb b/plugins/current_orders/app/controllers/current_orders/articles_controller.rb index 0e4b7dd9..ef23f332 100644 --- a/plugins/current_orders/app/controllers/current_orders/articles_controller.rb +++ b/plugins/current_orders/app/controllers/current_orders/articles_controller.rb @@ -32,7 +32,7 @@ class CurrentOrders::ArticlesController < ApplicationController else @order_articles = OrderArticle.where(order_id: @current_orders.all.map(&:id)) end - @q = OrderArticle.search(params[:q]) + @q = OrderArticle.ransack(params[:q]) @order_articles = @order_articles.ordered.merge(@q.result).includes(:article, :article_price) @order_article = @order_articles.where(id: params[:id]).first end diff --git a/spec/api/v1/order_articles_spec.rb b/spec/api/v1/order_articles_spec.rb deleted file mode 100644 index e65867db..00000000 --- a/spec/api/v1/order_articles_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -require 'spec_helper' - -# Most routes are tested in the swagger_spec, this tests (non-ransack) parameters. -describe Api::V1::OrderArticlesController, type: :controller do - include ApiOAuth - let(:api_scopes) { ['orders:read'] } - - let(:json_order_articles) { json_response['order_articles'] } - let(:json_order_article_ids) { json_order_articles.map { |joa| joa["id"] } } - - describe "GET :index" do - context "with param q[ordered]" do - let(:order) { create(:order, article_count: 4) } - let(:order_articles) { order.order_articles } - - before do - order_articles[0].update!(quantity: 0, tolerance: 0, units_to_order: 0) - order_articles[1].update!(quantity: 1, tolerance: 0, units_to_order: 0) - order_articles[2].update!(quantity: 0, tolerance: 1, units_to_order: 0) - order_articles[3].update!(quantity: 0, tolerance: 0, units_to_order: 1) - end - - it "(unset)" do - get :index, params: { foodcoop: 'f' } - expect(json_order_articles.count).to eq 4 - end - - it "all" do - get :index, params: { foodcoop: 'f', q: { ordered: 'all' } } - expect(json_order_article_ids).to match_array order_articles[1..2].map(&:id) - end - - it "supplier" do - get :index, params: { foodcoop: 'f', q: { ordered: 'supplier' } } - expect(json_order_article_ids).to match_array [order_articles[3].id] - end - - it "member" do - get :index, params: { foodcoop: 'f', q: { ordered: 'member' } } - expect(json_order_articles.count).to eq 0 - end - - context "when ordered by user" do - let(:user) { create(:user, :ordergroup) } - let(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } - - before do - create(:group_order_article, group_order: go, order_article: order_articles[1], quantity: 1) - create(:group_order_article, group_order: go, order_article: order_articles[2], tolerance: 0) - end - - it "member" do - get :index, params: { foodcoop: 'f', q: { ordered: 'member' } } - expect(json_order_article_ids).to match_array order_articles[1..2].map(&:id) - end - end - end - end -end diff --git a/spec/api/v1/swagger_spec.rb b/spec/api/v1/swagger_spec.rb deleted file mode 100644 index 3da37332..00000000 --- a/spec/api/v1/swagger_spec.rb +++ /dev/null @@ -1,284 +0,0 @@ -require 'spec_helper' -require 'apivore' - -# we want to load a local file in YAML-format instead of a served JSON file -class SwaggerCheckerFile < Apivore::SwaggerChecker - def fetch_swagger! - YAML.load(File.read(swagger_path)) - end -end - -describe 'API v1', type: :apivore, order: :defined do - include ApiHelper - - subject { SwaggerCheckerFile.instance_for Rails.root.join('doc', 'swagger.v1.yml') } - - context 'has valid paths' do - context 'user' do - let(:api_scopes) { ['user:read'] } - # create multiple users to make sure we're getting the authenticated user, not just any - let!(:other_user_1) { create :user } - let!(:user) { create :user } - let!(:other_user_2) { create :user } - - it { is_expected.to validate(:get, '/user', 200, api_auth) } - it { is_expected.to validate(:get, '/user', 401) } - - it_handles_invalid_token_and_scope(:get, '/user') - end - - context 'user/financial_overview' do - let(:api_scopes) { ['finance:user'] } - let!(:user) { create :user, :ordergroup } - - it { is_expected.to validate(:get, '/user/financial_overview', 200, api_auth) } - it { is_expected.to validate(:get, '/user/financial_overview', 401) } - - it_handles_invalid_token_and_scope(:get, '/user/financial_overview') - end - - context 'user/financial_transactions' do - let(:api_scopes) { ['finance:user'] } - let(:other_user) { create :user, :ordergroup } - let!(:other_ft_1) { create :financial_transaction, ordergroup: other_user.ordergroup } - - context 'without ordergroup' do - it { is_expected.to validate(:get, '/user/financial_transactions', 403, api_auth) } - it { is_expected.to validate(:get, '/user/financial_transactions/{id}', 403, api_auth({ 'id' => other_ft_1.id })) } - end - - context 'with ordergroup' do - let(:user) { create :user, :ordergroup } - let!(:ft_1) { create :financial_transaction, ordergroup: user.ordergroup } - let!(:ft_2) { create :financial_transaction, ordergroup: user.ordergroup } - let!(:ft_3) { create :financial_transaction, ordergroup: user.ordergroup } - - let(:create_params) { { '_data' => { financial_transaction: { amount: 1, financial_transaction_type_id: ft_1.financial_transaction_type.id, note: 'note' } } } } - - it { is_expected.to validate(:get, '/user/financial_transactions', 200, api_auth) } - it { is_expected.to validate(:get, '/user/financial_transactions/{id}', 200, api_auth({ 'id' => ft_2.id })) } - it { is_expected.to validate(:get, '/user/financial_transactions/{id}', 404, api_auth({ 'id' => other_ft_1.id })) } - it { is_expected.to validate(:get, '/user/financial_transactions/{id}', 404, api_auth({ 'id' => FinancialTransaction.last.id + 1 })) } - - context 'without using self service' do - it { is_expected.to validate(:post, '/user/financial_transactions', 403, api_auth(create_params)) } - end - - context 'with using self service' do - before { FoodsoftConfig[:use_self_service] = true } - - it { is_expected.to validate(:post, '/user/financial_transactions', 200, api_auth(create_params)) } - - context 'with invalid financial transaction type' do - let(:create_params) { { '_data' => { financial_transaction: { amount: 1, financial_transaction_type_id: -1, note: 'note' } } } } - - it { is_expected.to validate(:post, '/user/financial_transactions', 404, api_auth(create_params)) } - end - - context 'without note' do - let(:create_params) { { '_data' => { financial_transaction: { amount: 1, financial_transaction_type_id: ft_1.financial_transaction_type.id } } } } - - it { is_expected.to validate(:post, '/user/financial_transactions', 422, api_auth(create_params)) } - end - - context 'without enough balance' do - before { FoodsoftConfig[:minimum_balance] = 1000 } - - it { is_expected.to validate(:post, '/user/financial_transactions', 403, api_auth(create_params)) } - end - end - - it_handles_invalid_token_and_scope(:get, '/user/financial_transactions') - it_handles_invalid_token_and_scope(:post, '/user/financial_transactions', -> { api_auth(create_params) }) - it_handles_invalid_token_and_scope(:get, '/user/financial_transactions/{id}', -> { api_auth('id' => ft_2.id) }) - end - end - - context 'user/group_order_articles' do - let(:api_scopes) { ['group_orders:user'] } - let(:order) { create(:order, article_count: 2) } - - let(:user_2) { create :user, :ordergroup } - let(:group_order_2) { create(:group_order, order: order, ordergroup: user_2.ordergroup) } - let!(:goa_2) { create :group_order_article, order_article: order.order_articles[0], group_order: group_order_2 } - - before { group_order_2.update_price!; user_2.ordergroup.update_stats! } - - context 'without ordergroup' do - it { is_expected.to validate(:get, '/user/group_order_articles', 403, api_auth) } - it { is_expected.to validate(:get, '/user/group_order_articles/{id}', 403, api_auth({ 'id' => goa_2.id })) } - end - - context 'with ordergroup' do - let(:user) { create :user, :ordergroup } - let(:update_params) { { 'id' => goa.id, '_data' => { group_order_article: { quantity: goa.quantity + 1, tolerance: 0 } } } } - let(:create_params) { { '_data' => { group_order_article: { order_article_id: order.order_articles[1].id, quantity: 1 } } } } - let(:group_order) { create(:group_order, order: order, ordergroup: user.ordergroup) } - let!(:goa) { create :group_order_article, order_article: order.order_articles[0], group_order: group_order } - - before { group_order.update_price!; user.ordergroup.update_stats! } - - it { is_expected.to validate(:get, '/user/group_order_articles', 200, api_auth) } - it { is_expected.to validate(:get, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } - it { is_expected.to validate(:get, '/user/group_order_articles/{id}', 404, api_auth({ 'id' => goa_2.id })) } - it { is_expected.to validate(:get, '/user/group_order_articles/{id}', 404, api_auth({ 'id' => GroupOrderArticle.last.id + 1 })) } - - it { is_expected.to validate(:post, '/user/group_order_articles', 200, api_auth(create_params)) } - it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 200, api_auth(update_params)) } - it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } - - context 'with an existing group_order_article' do - let(:create_params) { { '_data' => { group_order_article: { order_article_id: order.order_articles[0].id, quantity: 1 } } } } - - it { is_expected.to validate(:post, '/user/group_order_articles', 422, api_auth(create_params)) } - end - - context 'with invalid parameter values' do - let(:create_params) { { '_data' => { group_order_article: { order_article_id: order.order_articles[0].id, quantity: -1 } } } } - let(:update_params) { { 'id' => goa.id, '_data' => { group_order_article: { quantity: -1, tolerance: 0 } } } } - - it { is_expected.to validate(:post, '/user/group_order_articles', 422, api_auth(create_params)) } - it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 422, api_auth(update_params)) } - end - - context 'with a closed order' do - let(:order) { create(:order, article_count: 2, state: :finished) } - - it { is_expected.to validate(:post, '/user/group_order_articles', 404, api_auth(create_params)) } - it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 404, api_auth(update_params)) } - it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 404, api_auth({ 'id' => goa.id })) } - end - - context 'without enough balance' do - before { FoodsoftConfig[:minimum_balance] = 1000 } - - it { is_expected.to validate(:post, '/user/group_order_articles', 403, api_auth(create_params)) } - it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 403, api_auth(update_params)) } - it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } - end - - context 'without enough apple points' do - before { allow_any_instance_of(Ordergroup).to receive(:not_enough_apples?).and_return(true) } - - it { is_expected.to validate(:post, '/user/group_order_articles', 403, api_auth(create_params)) } - it { is_expected.to validate(:patch, '/user/group_order_articles/{id}', 403, api_auth(update_params)) } - it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } - end - - it_handles_invalid_token_and_scope(:get, '/user/group_order_articles') - it_handles_invalid_token_and_scope(:post, '/user/group_order_articles', -> { api_auth(create_params) }) - it_handles_invalid_token_and_scope(:get, '/user/group_order_articles/{id}', -> { api_auth({ 'id' => goa.id }) }) - it_handles_invalid_token_and_scope(:patch, '/user/group_order_articles/{id}', -> { api_auth(update_params) }) - it_handles_invalid_token_and_scope(:delete, '/user/group_order_articles/{id}', -> { api_auth({ 'id' => goa.id }) }) - end - end - - context 'config' do - let(:api_scopes) { ['config:user'] } - - it { is_expected.to validate(:get, '/config', 200, api_auth) } - it { is_expected.to validate(:get, '/config', 401) } - - it_handles_invalid_token_and_scope(:get, '/config') - end - - context 'navigation' do - it { is_expected.to validate(:get, '/navigation', 200, api_auth) } - it { is_expected.to validate(:get, '/navigation', 401) } - - it_handles_invalid_token(:get, '/navigation') - end - - context 'financial_transactions' do - let(:api_scopes) { ['finance:read'] } - let(:user) { create(:user, :role_finance) } - let(:other_user) { create :user, :ordergroup } - let!(:ft_1) { create :financial_transaction, ordergroup: other_user.ordergroup } - let!(:ft_2) { create :financial_transaction, ordergroup: other_user.ordergroup } - - it { is_expected.to validate(:get, '/financial_transactions', 200, api_auth) } - it { is_expected.to validate(:get, '/financial_transactions/{id}', 200, api_auth({ 'id' => ft_2.id })) } - it { is_expected.to validate(:get, '/financial_transactions/{id}', 404, api_auth({ 'id' => FinancialTransaction.last.id + 1 })) } - - context 'without role_finance' do - let(:user) { create(:user) } - - it { is_expected.to validate(:get, '/financial_transactions', 403, api_auth) } - it { is_expected.to validate(:get, '/financial_transactions/{id}', 403, api_auth({ 'id' => ft_2.id })) } - end - - it_handles_invalid_token_and_scope(:get, '/financial_transactions') - it_handles_invalid_token_and_scope(:get, '/financial_transactions/{id}', -> { api_auth({ 'id' => ft_2.id }) }) - end - - context 'financial_transaction_classes' do - let!(:cla_1) { create :financial_transaction_class } - let!(:cla_2) { create :financial_transaction_class } - - it { is_expected.to validate(:get, '/financial_transaction_classes', 200, api_auth) } - it { is_expected.to validate(:get, '/financial_transaction_classes/{id}', 200, api_auth({ 'id' => cla_2.id })) } - it { is_expected.to validate(:get, '/financial_transaction_classes/{id}', 404, api_auth({ 'id' => cla_2.id + 1 })) } - - it_handles_invalid_token(:get, '/financial_transaction_classes') - it_handles_invalid_token(:get, '/financial_transaction_classes/{id}', -> { api_auth({ 'id' => cla_1.id }) }) - end - - context 'financial_transaction_types' do - let!(:tpy_1) { create :financial_transaction_type } - let!(:tpy_2) { create :financial_transaction_type } - - it { is_expected.to validate(:get, '/financial_transaction_types', 200, api_auth) } - it { is_expected.to validate(:get, '/financial_transaction_types/{id}', 200, api_auth({ 'id' => tpy_2.id })) } - it { is_expected.to validate(:get, '/financial_transaction_types/{id}', 404, api_auth({ 'id' => tpy_2.id + 1 })) } - - it_handles_invalid_token(:get, '/financial_transaction_types') - it_handles_invalid_token(:get, '/financial_transaction_types/{id}', -> { api_auth({ 'id' => tpy_1.id }) }) - end - - context 'orders' do - let(:api_scopes) { ['orders:read'] } - let!(:order) { create :order } - - it { is_expected.to validate(:get, '/orders', 200, api_auth) } - it { is_expected.to validate(:get, '/orders/{id}', 200, api_auth({ 'id' => order.id })) } - it { is_expected.to validate(:get, '/orders/{id}', 404, api_auth({ 'id' => Order.last.id + 1 })) } - - it_handles_invalid_token_and_scope(:get, '/orders') - it_handles_invalid_token_and_scope(:get, '/orders/{id}', -> { api_auth({ 'id' => order.id }) }) - end - - context 'order_articles' do - let(:api_scopes) { ['orders:read'] } - let!(:order_article) { create(:order, article_count: 1).order_articles.first } - let!(:stock_article) { create(:stock_article) } - let!(:stock_order_article) { create(:stock_order, article_ids: [stock_article.id]).order_articles.first } - - it { is_expected.to validate(:get, '/order_articles', 200, api_auth) } - it { is_expected.to validate(:get, '/order_articles/{id}', 200, api_auth({ 'id' => order_article.id })) } - it { is_expected.to validate(:get, '/order_articles/{id}', 200, api_auth({ 'id' => stock_order_article.id })) } - it { is_expected.to validate(:get, '/order_articles/{id}', 404, api_auth({ 'id' => Article.last.id + 1 })) } - - it_handles_invalid_token_and_scope(:get, '/order_articles') - it_handles_invalid_token_and_scope(:get, '/order_articles/{id}', -> { api_auth({ 'id' => order_article.id }) }) - end - - context 'article_categories' do - let!(:cat_1) { create :article_category } - let!(:cat_2) { create :article_category } - - it { is_expected.to validate(:get, '/article_categories', 200, api_auth) } - it { is_expected.to validate(:get, '/article_categories/{id}', 200, api_auth({ 'id' => cat_2.id })) } - it { is_expected.to validate(:get, '/article_categories/{id}', 404, api_auth({ 'id' => cat_2.id + 1 })) } - - it_handles_invalid_token(:get, '/article_categories') - it_handles_invalid_token(:get, '/article_categories/{id}', -> { api_auth({ 'id' => cat_1.id }) }) - end - end - - # needs to be last context so it is always run at the end - context 'and finally' do - it 'tests all documented routes' do - is_expected.to validate_all_paths - end - end -end diff --git a/spec/api/v1/user/financial_transactions_spec.rb b/spec/api/v1/user/financial_transactions_spec.rb deleted file mode 100644 index c7e8f826..00000000 --- a/spec/api/v1/user/financial_transactions_spec.rb +++ /dev/null @@ -1,109 +0,0 @@ -require 'spec_helper' - -# Most routes are tested in the swagger_spec, this tests endpoints that change data. -describe Api::V1::User::FinancialTransactionsController, type: :controller do - include ApiOAuth - let(:user) { create(:user, :ordergroup) } - let(:api_scopes) { ['finance:user'] } - - let(:ftc1) { create :financial_transaction_class } - let(:ftc2) { create :financial_transaction_class } - let(:ftt1) { create :financial_transaction_type, financial_transaction_class: ftc1 } - let(:ftt2) { create :financial_transaction_type, financial_transaction_class: ftc2 } - let(:ftt3) { create :financial_transaction_type, financial_transaction_class: ftc2 } - - let(:amount) { rand(-100..100) } - let(:note) { Faker::Lorem.sentence } - - let(:json_ft) { json_response['financial_transaction'] } - - shared_examples "financial_transactions endpoint success" do - before { request } - - it "returns status 200" do - expect(response).to have_http_status :ok - end - end - - shared_examples "financial_transactions create/update success" do - include_examples "financial_transactions endpoint success" - - it "returns the financial_transaction" do - expect(json_ft['id']).to be_present - expect(json_ft['financial_transaction_type_id']).to eq ftt1.id - expect(json_ft['financial_transaction_type_name']).to eq ftt1.name - expect(json_ft['amount']).to eq amount - expect(json_ft['note']).to eq note - expect(json_ft['user_id']).to eq user.id - end - - it "updates the financial_transaction" do - resulting_ft = FinancialTransaction.where(id: json_ft['id']).first - expect(resulting_ft).to be_present - expect(resulting_ft.financial_transaction_type).to eq ftt1 - expect(resulting_ft.amount).to eq amount - expect(resulting_ft.note).to eq note - expect(resulting_ft.user).to eq user - end - end - - shared_examples "financial_transactions endpoint failure" do |status| - it "returns status #{status}" do - request - expect(response.status).to eq status - end - - it "does not change the ordergroup" do - expect { request }.to_not change { - user.ordergroup.attributes - } - end - - it "does not change the financial_transactions of ordergroup" do - expect { request }.to_not change { - user.ordergroup.financial_transactions.count - } - end - end - - describe "POST :create" do - let(:ft_params) { { amount: amount, financial_transaction_type_id: ftt1.id, note: note } } - let(:request) { post :create, params: { financial_transaction: ft_params, foodcoop: 'f' } } - - context 'without using self service' do - include_examples "financial_transactions endpoint failure", 403 - end - - context 'with using self service' do - before { FoodsoftConfig[:use_self_service] = true } - - context "with no existing financial transaction" do - include_examples "financial_transactions create/update success" - end - - context "with existing financial transaction" do - before { user.ordergroup.add_financial_transaction! 5000, 'for ordering', user, ftt3 } - - include_examples "financial_transactions create/update success" - end - - context "with invalid financial transaction type" do - let(:ft_params) { { amount: amount, financial_transaction_type_id: -1, note: note } } - - include_examples "financial_transactions endpoint failure", 404 - end - - context "without note" do - let(:ft_params) { { amount: amount, financial_transaction_type_id: ftt1.id } } - - include_examples "financial_transactions endpoint failure", 422 - end - - context 'without enough balance' do - before { FoodsoftConfig[:minimum_balance] = 1000 } - - include_examples "financial_transactions endpoint failure", 403 - end - end - end -end diff --git a/spec/api/v1/user/group_order_articles_spec.rb b/spec/api/v1/user/group_order_articles_spec.rb deleted file mode 100644 index 3bfa299e..00000000 --- a/spec/api/v1/user/group_order_articles_spec.rb +++ /dev/null @@ -1,220 +0,0 @@ -require 'spec_helper' - -# Most routes are tested in the swagger_spec, this tests endpoints that change data. -describe Api::V1::User::GroupOrderArticlesController, type: :controller do - include ApiOAuth - let(:user) { create(:user, :ordergroup) } - let(:json_goa) { json_response['group_order_article'] } - let(:json_oa) { json_response['order_article'] } - let(:api_scopes) { ['group_orders:user'] } - - let(:order) { create(:order, article_count: 1) } - let(:oa_1) { order.order_articles.first } - - let(:other_quantity) { rand(1..10) } - let(:other_tolerance) { rand(1..10) } - let(:user_other) { create(:user, :ordergroup) } - let!(:go_other) { create(:group_order, order: order, ordergroup: user_other.ordergroup) } - let!(:goa_other) { create(:group_order_article, group_order: go_other, order_article: oa_1, quantity: other_quantity, tolerance: other_tolerance) } - - before { go_other.update_price!; user_other.ordergroup.update_stats! } - - shared_examples "group_order_articles endpoint success" do - before { request } - - it "returns status 200" do - expect(response).to have_http_status :ok - end - - it "returns the order_article" do - expect(json_oa['id']).to eq oa_1.id - expect(json_oa['quantity']).to eq new_quantity + other_quantity - expect(json_oa['tolerance']).to eq new_tolerance + other_tolerance - end - - it "updates the group_order" do - go = nil - expect { - request - go = user.ordergroup.group_orders.where(order: order).last - }.to change { go&.updated_by }.to(user) - .and change { go&.price } - end - end - - shared_examples "group_order_articles create/update success" do - include_examples "group_order_articles endpoint success" - - it "returns the group_order_article" do - expect(json_goa['id']).to be_present - expect(json_goa['order_article_id']).to eq oa_1.id - expect(json_goa['quantity']).to eq new_quantity - expect(json_goa['tolerance']).to eq new_tolerance - end - - it "updates the group_order_article" do - resulting_goa = GroupOrderArticle.where(id: json_goa['id']).first - expect(resulting_goa).to be_present - expect(resulting_goa.quantity).to eq new_quantity - expect(resulting_goa.tolerance).to eq new_tolerance - end - end - - shared_examples "group_order_articles endpoint failure" do |status| - it "returns status #{status}" do - request - expect(response.status).to eq status - end - - it "does not change the group_order" do - expect { request }.to_not change { - go = user.ordergroup.group_orders.where(order: order).last - go&.attributes - } - end - - it "does not change the group_order_article" do - expect { request }.to_not change { - goa = GroupOrderArticle.joins(:group_order) - .where(order_article_id: oa_1.id, group_orders: { ordergroup: user.ordergroup }).last - goa&.attributes - } - end - end - - describe "POST :create" do - let(:new_quantity) { rand(1..10) } - let(:new_tolerance) { rand(1..10) } - - let(:goa_params) { { order_article_id: oa_1.id, quantity: new_quantity, tolerance: new_tolerance } } - let(:request) { post :create, params: { group_order_article: goa_params, foodcoop: 'f' } } - - context "with no existing group_order" do - include_examples "group_order_articles create/update success" - end - - context "with an existing group_order" do - let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } - - include_examples "group_order_articles create/update success" - end - - context "with an existing group_order_article" do - let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } - let!(:goa) { create(:group_order_article, group_order: go, order_article: oa_1, quantity: 0, tolerance: 1) } - - before { go.update_price!; user.ordergroup.update_stats! } - - include_examples "group_order_articles endpoint failure", 422 - end - - context "with invalid parameter values" do - let(:goa_params) { { order_article_id: oa_1.id, quantity: -1, tolerance: new_tolerance } } - - include_examples "group_order_articles endpoint failure", 422 - end - - context 'with a closed order' do - let(:order) { create(:order, article_count: 1, state: :finished) } - - include_examples "group_order_articles endpoint failure", 404 - end - - context 'without enough balance' do - before { FoodsoftConfig[:minimum_balance] = 1000 } - - include_examples "group_order_articles endpoint failure", 403 - end - - context 'without enough apple points' do - before { allow_any_instance_of(Ordergroup).to receive(:not_enough_apples?).and_return(true) } - - include_examples "group_order_articles endpoint failure", 403 - end - end - - describe "PATCH :update" do - let(:new_quantity) { rand(2..10) } - let(:goa_params) { { quantity: new_quantity, tolerance: new_tolerance } } - let(:request) { patch :update, params: { id: goa.id, group_order_article: goa_params, foodcoop: 'f' } } - let(:new_tolerance) { rand(2..10) } - - let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } - let!(:goa) { create(:group_order_article, group_order: go, order_article: oa_1, quantity: 1, tolerance: 0) } - - before { go.update_price!; user.ordergroup.update_stats! } - - context "happy flow" do - include_examples "group_order_articles create/update success" - end - - context "with invalid parameter values" do - let(:goa_params) { { order_article_id: oa_1.id, quantity: -1, tolerance: new_tolerance } } - - include_examples "group_order_articles endpoint failure", 422 - end - - context 'with a closed order' do - let(:order) { create(:order, article_count: 1, state: :finished) } - - include_examples "group_order_articles endpoint failure", 404 - end - - context 'without enough balance' do - before { FoodsoftConfig[:minimum_balance] = 1000 } - - include_examples "group_order_articles endpoint failure", 403 - end - - context 'without enough apple points' do - before { allow_any_instance_of(Ordergroup).to receive(:not_enough_apples?).and_return(true) } - - include_examples "group_order_articles endpoint failure", 403 - end - end - - describe "DELETE :destroy" do - let(:new_quantity) { 0 } - let(:request) { delete :destroy, params: { id: goa.id, foodcoop: 'f' } } - let(:new_tolerance) { 0 } - - let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } - let!(:goa) { create(:group_order_article, group_order: go, order_article: oa_1) } - - before { go.update_price!; user.ordergroup.update_stats! } - - shared_examples "group_order_articles destroy success" do - include_examples "group_order_articles endpoint success" - - it "does not return the group_order_article" do - expect(json_goa).to be_nil - end - - it "deletes the group_order_article" do - expect(GroupOrderArticle.where(id: goa.id)).to be_empty - end - end - - context "happy flow" do - include_examples "group_order_articles destroy success" - end - - context 'with a closed order' do - let(:order) { create(:order, article_count: 1, state: :finished) } - - include_examples "group_order_articles endpoint failure", 404 - end - - context 'without enough balance' do - before { FoodsoftConfig[:minimum_balance] = 1000 } - - include_examples "group_order_articles destroy success" - end - - context 'without enough apple points' do - before { allow_any_instance_of(Ordergroup).to receive(:not_enough_apples?).and_return(true) } - - include_examples "group_order_articles destroy success" - end - end -end diff --git a/spec/api/v1/user/ordergroup_spec.rb b/spec/api/v1/user/ordergroup_spec.rb deleted file mode 100644 index 5eacb63e..00000000 --- a/spec/api/v1/user/ordergroup_spec.rb +++ /dev/null @@ -1,55 +0,0 @@ -require 'spec_helper' - -describe Api::V1::User::OrdergroupController, type: :controller do - include ApiOAuth - let(:user) { create :user, :ordergroup } - let(:api_scopes) { ['finance:user'] } - - let(:ftc1) { create :financial_transaction_class } - let(:ftc2) { create :financial_transaction_class } - let(:ftt1) { create :financial_transaction_type, financial_transaction_class: ftc1 } - let(:ftt2) { create :financial_transaction_type, financial_transaction_class: ftc2 } - let(:ftt3) { create :financial_transaction_type, financial_transaction_class: ftc2 } - - describe "GET :financial_overview" do - let(:order) { create(:order, article_count: 1) } - let(:json_financial_overview) { json_response['financial_overview'] } - let(:oa_1) { order.order_articles.first } - - let!(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } - let!(:goa) { create(:group_order_article, group_order: go, order_article: oa_1, quantity: 1, tolerance: 0) } - - before { go.update_price!; user.ordergroup.update_stats! } - - before do - og = user.ordergroup - og.add_financial_transaction!(-1, '-1', user, ftt1) - og.add_financial_transaction!(2, '2', user, ftt1) - og.add_financial_transaction!(3, '3', user, ftt1) - - og.add_financial_transaction!(-10, '-10', user, ftt2) - og.add_financial_transaction!(20, '20', user, ftt2) - og.add_financial_transaction!(30, '30', user, ftt2) - - og.add_financial_transaction!(-100, '-100', user, ftt3) - og.add_financial_transaction!(200, '200', user, ftt3) - og.add_financial_transaction!(300, '300', user, ftt3) - end - - it "returns correct values" do - get :financial_overview, params: { foodcoop: 'f' } - expect(json_financial_overview['account_balance']).to eq 444 - expect(json_financial_overview['available_funds']).to eq 444 - go.price - - ftcs = Hash[json_financial_overview['financial_transaction_class_sums'].map { |x| [x['id'], x] }] - - ftcs1 = ftcs[ftc1.id] - expect(ftcs1['name']).to eq ftc1.name - expect(ftcs1['amount']).to eq 4 - - ftcs2 = ftcs[ftc2.id] - expect(ftcs2['name']).to eq ftc2.name - expect(ftcs2['amount']).to eq 440 - end - end -end diff --git a/spec/app_config.yml b/spec/app_config.yml index 2e146be9..a9bd72b0 100644 --- a/spec/app_config.yml +++ b/spec/app_config.yml @@ -6,6 +6,7 @@ default: &defaults multi_coop_install: false + use_self_service: true default_scope: 'f' name: FC Minimal diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb new file mode 100644 index 00000000..35db7574 --- /dev/null +++ b/spec/controllers/application_controller_spec.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe ApplicationController, type: :controller do + describe 'current' do + it 'returns current ApplicationController' do + described_class.new.send(:store_controller) + expect(described_class.current).to be_instance_of described_class + end + end +end diff --git a/spec/controllers/articles_controller_spec.rb b/spec/controllers/articles_controller_spec.rb new file mode 100644 index 00000000..b8772054 --- /dev/null +++ b/spec/controllers/articles_controller_spec.rb @@ -0,0 +1,348 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe ArticlesController, type: :controller do + let(:user) { create :user, :role_article_meta } + let(:article_category_a) { create :article_category, name: "AAAA" } + let(:article_category_b) { create :article_category, name: "BBBB" } + let(:article_category_c) { create :article_category, name: "CCCC" } + let(:supplier) { create :supplier} + let(:article_a) { create :article, name: 'AAAA', note: "ZZZZ", unit: '750 g', article_category: article_category_b, availability: false, supplier_id: supplier.id } + let(:article_b) { create :article, name: 'BBBB', note: "XXXX", unit: '500 g', article_category: article_category_a, availability: true, supplier_id: supplier.id } + let(:article_c) { create :article, name: 'CCCC', note: "YYYY", unit: '250 g', article_category: article_category_c, availability: true, supplier_id: supplier.id } + let(:article_no_supplier) { create :article, name: 'no_supplier', note: "no_supplier", unit: '100 g', article_category: article_category_b, availability: true } + + let(:order) { create :order } + let(:order2) { create :order } + + def get_with_supplier(action, params: {}, xhr: false, format: nil) + params['supplier_id'] = supplier.id + get_with_defaults(action, params: params, xhr: xhr, format: format) + end + + def post_with_supplier(action, params: {}, xhr: false, format: nil) + params['supplier_id'] = supplier.id + post_with_defaults(action, params: params, xhr: xhr, format: format) + end + + before { login user } + + describe 'GET index' do + before do + supplier + article_a + article_b + article_c + supplier.reload + end + it 'assigns sorting on articles' do + sortings = [ + ['name', [article_a, article_b, article_c]], + ['name_reverse', [article_c, article_b, article_a]], + ['note', [article_b, article_c, article_a]], + ['note_reverse', [article_a, article_c, article_b]], + ['unit', [article_c, article_b, article_a]], + ['unit_reverse', [article_a, article_b, article_c]], + ['article_category', [article_b, article_a, article_c]], + ['article_category_reverse', [article_c, article_a, article_b]], + ['availability', [article_a, article_b, article_c]], + ['availability_reverse', [article_b, article_c, article_a]] + ] + sortings.each do |sorting| + get_with_supplier :index, params: { sort: sorting[0] } + expect(response).to have_http_status(:success) + expect(assigns(:articles).to_a).to eq(sorting[1]) + end + end + + it 'triggers an article csv' do + get_with_supplier :index, format: :csv + expect(response.header['Content-Type']).to include('text/csv') + expect(response.body).to include(article_a.unit, article_b.unit) + end + end + + describe 'new' do + it 'renders form for a new article' do + get_with_supplier :new, xhr: true + expect(response).to have_http_status(:success) + end + end + + describe 'copy' do + it 'renders form with copy of an article' do + get_with_supplier :copy, params: { article_id: article_a.id }, xhr: true + expect(assigns(:article).attributes).to eq(article_a.dup.attributes) + expect(response).to have_http_status(:success) + end + end + + describe '#create' do + it 'creates a new article' do + valid_attributes = article_a.attributes.except('id') + valid_attributes['name'] = 'ABAB' + get_with_supplier :create, params: { article: valid_attributes }, xhr: true + expect(response).to have_http_status(:success) + end + + it 'fails to create a new article and renders #new' do + get_with_supplier :create, params: { article: { id: nil } }, xhr: true + expect(response).to have_http_status(:success) + expect(response).to render_template('articles/new') + end + end + + describe 'edit' do + it 'opens form to edit article attributes' do + get_with_supplier :edit, params: { id: article_a.id }, xhr: true + expect(response).to have_http_status(:success) + expect(response).to render_template('articles/new') + end + end + + describe '#edit all' do + it 'renders edit_all' do + get_with_supplier :edit_all, xhr: true + expect(response).to have_http_status(:success) + expect(response).to render_template('articles/edit_all') + end + end + + describe '#update' do + it 'updates article attributes' do + get_with_supplier :update, params: { id: article_a.id, article: { unit: '300 g' } }, xhr: true + expect(assigns(:article).unit).to eq('300 g') + expect(response).to have_http_status(:success) + end + + it 'updates article with empty name attribute' do + get_with_supplier :update, params: { id: article_a.id, article: { name: nil } }, xhr: true + expect(response).to render_template('articles/new') + end + end + + describe '#update_all' do + it 'updates all articles' do + get_with_supplier :update_all, params: { articles: { "#{article_a.id}": attributes_for(:article), "#{article_b.id}": attributes_for(:article) } } + expect(response).to have_http_status(:redirect) + end + + it 'fails on updating all articles' do + get_with_supplier :update_all, params: { articles: { "#{article_a.id}": attributes_for(:article, name: 'ab') } } + expect(response).to have_http_status(:success) + expect(response).to render_template('articles/edit_all') + end + end + + describe '#update_selected' do + let(:order_article) { create :order_article, order: order, article: article_no_supplier } + + before do + order_article + end + + it 'updates selected articles' do + get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_b.id] } + expect(response).to have_http_status(:redirect) + end + + it 'destroys selected articles' do + get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_b.id], selected_action: 'destroy' } + article_a.reload + article_b.reload + expect(article_a).to be_deleted + expect(article_b).to be_deleted + expect(response).to have_http_status(:redirect) + end + + it 'sets availability false on selected articles' do + get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_b.id], selected_action: 'setNotAvailable' } + article_a.reload + article_b.reload + expect(article_a).not_to be_availability + expect(article_b).not_to be_availability + expect(response).to have_http_status(:redirect) + end + + it 'sets availability true on selected articles' do + get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_b.id], selected_action: 'setAvailable' } + article_a.reload + article_b.reload + expect(article_a).to be_availability + expect(article_b).to be_availability + expect(response).to have_http_status(:redirect) + end + + it 'fails deletion if one article is in open order' do + get_with_supplier :update_selected, params: { selected_articles: [article_a.id, article_no_supplier.id], selected_action: 'destroy' } + article_a.reload + article_no_supplier.reload + expect(article_a).not_to be_deleted + expect(article_no_supplier).not_to be_deleted + expect(response).to have_http_status(:redirect) + end + end + + describe '#parse_upload' do + let(:file) { Rack::Test::UploadedFile.new(Rails.root.join('spec/fixtures/files/upload_test.csv'), original_filename: 'upload_test.csv') } + + it 'updates particles from spreadsheet' do + post_with_supplier :parse_upload, params: { articles: { file: file, outlist_absent: '1', convert_units: '1' } } + expect(response).to have_http_status(:success) + end + + it 'missing file not updates particles from spreadsheet' do + post_with_supplier :parse_upload, params: { articles: { file: nil, outlist_absent: '1', convert_units: '1' } } + expect(response).to have_http_status(:redirect) + expect(flash[:alert]).to match(I18n.t('errors.general_msg', msg: "undefined method `original_filename' for \"\":String").to_s) + end + end + + describe '#sync' do + # TODO: double render error in controller + it 'throws double render error' do + expect do + post :sync, params: { foodcoop: FoodsoftConfig[:default_scope], supplier_id: supplier.id } + end.to raise_error(AbstractController::DoubleRenderError) + end + + xit 'updates particles from spreadsheet' do + post :sync, params: { foodcoop: FoodsoftConfig[:default_scope], supplier_id: supplier.id, articles: { '#{article_a.id}': attributes_for(:article), '#{article_b.id}': attributes_for(:article) } } + expect(response).to have_http_status(:redirect) + end + end + + describe '#destroy' do + let(:order_article) { create :order_article, order: order, article: article_no_supplier } + + before do + order_article + end + + it 'does not delete article if order open' do + get_with_supplier :destroy, params: { id: article_no_supplier.id }, xhr: true + expect(assigns(:article)).not_to be_deleted + expect(response).to have_http_status(:success) + expect(response).to render_template('articles/destroy') + end + + it 'deletes article if order closed' do + get_with_supplier :destroy, params: { id: article_b.id }, xhr: true + expect(assigns(:article)).to be_deleted + expect(response).to have_http_status(:success) + expect(response).to render_template('articles/destroy') + end + end + + describe '#update_synchronized' do + let(:order_article) { create :order_article, order: order, article: article_no_supplier } + + before do + order_article + article_a + article_b + article_no_supplier + end + + it 'deletes articles' do + # TODO: double render error in controller + get_with_supplier :update_synchronized, params: { outlisted_articles: { article_a.id => article_a, article_b.id => article_b } } + article_a.reload + article_b.reload + expect(article_a).to be_deleted + expect(article_b).to be_deleted + expect(response).to have_http_status(:redirect) + end + + it 'updates articles' do + get_with_supplier :update_synchronized, params: { articles: { article_a.id => { name: 'NewNameA' }, article_b.id => { name: 'NewNameB' } } } + expect(assigns(:updated_articles).first.name).to eq 'NewNameA' + expect(response).to have_http_status(:redirect) + end + + it 'does not update articles if article with same name exists' do + get_with_supplier :update_synchronized, params: { articles: { article_a.id => { unit: '2000 g' }, article_b.id => { name: 'AAAA' } } } + error_array = [assigns(:updated_articles).first.errors.first, assigns(:updated_articles).last.errors.first] + expect(error_array).to include(ActiveModel::Error) + expect(response).to have_http_status(:success) + end + + it 'does update articles if article with same name was deleted before' do + get_with_supplier :update_synchronized, params: { + outlisted_articles: { article_a.id => article_a }, + articles: { + article_a.id => { name: 'NewName' }, + article_b.id => { name: 'AAAA' } + } + } + error_array = [assigns(:updated_articles).first.errors.first, assigns(:updated_articles).last.errors.first] + expect(error_array).not_to be_any + expect(response).to have_http_status(:redirect) + end + + it 'does not delete articles in open order' do + get_with_supplier :update_synchronized, params: { outlisted_articles: { article_no_supplier.id => article_no_supplier } } + article_no_supplier.reload + expect(article_no_supplier).not_to be_deleted + expect(response).to have_http_status(:success) + end + + it 'assigns updated article_pairs on error' do + get_with_supplier :update_synchronized, params: { + articles: { article_a.id => { name: 'EEEE' } }, + outlisted_articles: { article_no_supplier.id => article_no_supplier } + } + expect(assigns(:updated_article_pairs).first).to eq([article_a, { name: 'EEEE' }]) + article_no_supplier.reload + expect(article_no_supplier).not_to be_deleted + expect(response).to have_http_status(:success) + end + + it 'updates articles in open order' do + get_with_supplier :update_synchronized, params: { articles: { article_no_supplier.id => { name: 'EEEE' } } } + article_no_supplier.reload + expect(article_no_supplier.name).to eq 'EEEE' + expect(response).to have_http_status(:redirect) + end + end + + describe '#shared' do + let(:shared_supplier) { create :shared_supplier, shared_articles: [shared_article] } + let(:shared_article) { create :shared_article, name: 'shared' } + let(:article_s) { create :article, name: 'SSSS', note: 'AAAA', unit: '250 g', article_category: article_category_a, availability: false } + + let(:supplier_with_shared) { create :supplier, shared_supplier: shared_supplier } + + it 'renders view with articles' do + get_with_defaults :shared, params: { supplier_id: supplier_with_shared.id, name_cont_all_joined: 'shared' }, xhr: true + expect(assigns(:supplier).shared_supplier.shared_articles).to be_any + expect(assigns(:articles)).to be_any + expect(response).to have_http_status(:success) + end + end + + describe '#import' do + let(:shared_supplier) { create :shared_supplier, shared_articles: [shared_article] } + let(:shared_article) { create :shared_article, name: 'shared' } + + before do + shared_article + article_category_a + end + + it 'fills form with article details' do + get_with_supplier :import, params: { article_category_id: article_category_b.id, direct: 'true', shared_article_id: shared_article.id }, xhr: true + expect(assigns(:article)).not_to be_nil + expect(response).to have_http_status(:success) + expect(response).to render_template(:create) + end + + it 'does redirect to :new if param :direct not set' do + get_with_supplier :import, params: { article_category_id: article_category_b.id, shared_article_id: shared_article.id }, xhr: true + expect(assigns(:article)).not_to be_nil + expect(response).to have_http_status(:success) + expect(response).to render_template(:new) + end + end +end diff --git a/spec/controllers/concerns/auth_concern_spec.rb b/spec/controllers/concerns/auth_concern_spec.rb new file mode 100644 index 00000000..10bf8ec7 --- /dev/null +++ b/spec/controllers/concerns/auth_concern_spec.rb @@ -0,0 +1,212 @@ +# frozen_string_literal: true + +require 'spec_helper' + +class DummyAuthController < ApplicationController; end + +describe 'Auth concern', type: :controller do + controller DummyAuthController do + # Defining a dummy action for an anynomous controller which inherits from the described class. + def authenticate_blank + authenticate + end + + def authenticate_unknown_group + authenticate('nooby') + end + + def authenticate_pickups + authenticate('pickups') + head :ok unless performed? + end + + def authenticate_finance_or_orders + authenticate('finance_or_orders') + head :ok unless performed? + end + + def try_authenticate_membership_or_admin + authenticate_membership_or_admin + end + + def try_authenticate_or_token + authenticate_or_token('xyz') + head :ok unless performed? + end + + def call_deny_access + deny_access + end + + def call_current_user + current_user + end + + def call_login_and_redirect_to_return_to + user = User.find(params[:user_id]) + login_and_redirect_to_return_to(user) + end + + def call_login + user = User.find(params[:user_id]) + login(user) + end + end + + # unit testing protected/private methods + describe 'protected/private methods' do + let(:user) { create :user } + let(:wrong_user) { create :user } + + describe '#current_user' do + before do + login user + routes.draw { get 'call_current_user' => 'dummy_auth#call_current_user' } + end + + describe 'with valid session' do + it 'returns current_user' do + get_with_defaults :call_current_user, params: { user_id: user.id }, format: JSON + expect(assigns(:current_user)).to eq user + end + end + + describe 'with invalid session' do + it 'not returns current_user' do + session[:user_id] = nil + get_with_defaults :call_current_user, params: { user_id: nil }, format: JSON + expect(assigns(:current_user)).to be_nil + end + end + end + + describe '#deny_access' do + it 'redirects to root_url' do + login user + routes.draw { get 'deny_access' => 'dummy_auth#call_deny_access' } + get_with_defaults :call_deny_access + expect(response).to redirect_to(root_url) + end + end + + describe '#login' do + before do + routes.draw { get 'call_login' => 'dummy_auth#call_login' } + end + + it 'sets user in session' do + login wrong_user + get_with_defaults :call_login, params: { user_id: user.id }, format: JSON + expect(session[:user_id]).to eq user.id + expect(session[:scope]).to eq FoodsoftConfig.scope + expect(session[:locale]).to eq user.locale + end + end + + describe '#login_and_redirect_to_return_to' do + it 'redirects to already set target' do + login user + session[:return_to] = my_profile_url + routes.draw { get 'call_login_and_redirect_to_return_to' => 'dummy_auth#call_login_and_redirect_to_return_to' } + get_with_defaults :call_login_and_redirect_to_return_to, params: { user_id: user.id } + expect(session[:return_to]).to be_nil + end + end + end + + describe 'authenticate' do + describe 'not logged in' do + it 'does not authenticate' do + routes.draw { get 'authenticate_blank' => 'dummy_auth#authenticate_blank' } + get_with_defaults :authenticate_blank + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(login_path) + expect(flash[:alert]).to match(I18n.t('application.controller.error_authn')) + end + end + + describe 'logged in' do + let(:user) { create :user } + let(:pickups_user) { create :user, :role_pickups } + let(:finance_user) { create :user, :role_finance } + let(:orders_user) { create :user, :role_orders } + + it 'does not authenticate with unknown group' do + login user + routes.draw { get 'authenticate_unknown_group' => 'dummy_auth#authenticate_unknown_group' } + get_with_defaults :authenticate_unknown_group + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(root_path) + expect(flash[:alert]).to match(I18n.t('application.controller.error_denied', sign_in: ActionController::Base.helpers.link_to(I18n.t('application.controller.error_denied_sign_in'), login_path))) + end + + it 'does not authenticate with pickups group' do + login pickups_user + routes.draw { get 'authenticate_pickups' => 'dummy_auth#authenticate_pickups' } + get_with_defaults :authenticate_pickups + expect(response).to have_http_status(:success) + end + + it 'does not authenticate with finance group' do + login finance_user + routes.draw { get 'authenticate_finance_or_orders' => 'dummy_auth#authenticate_finance_or_orders' } + get_with_defaults :authenticate_finance_or_orders + expect(response).to have_http_status(:success) + end + + it 'does not authenticate with orders group' do + login orders_user + routes.draw { get 'authenticate_finance_or_orders' => 'dummy_auth#authenticate_finance_or_orders' } + get_with_defaults :authenticate_finance_or_orders + expect(response).to have_http_status(:success) + end + end + end + + describe 'authenticate_membership_or_admin' do + describe 'logged in' do + let(:pickups_user) { create :user, :role_pickups } + let(:workgroup) { create :workgroup } + + it 'redirects with not permitted group' do + group_id = workgroup.id + login pickups_user + routes.draw { get 'try_authenticate_membership_or_admin' => 'dummy_auth#try_authenticate_membership_or_admin' } + get_with_defaults :try_authenticate_membership_or_admin, params: { id: group_id } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(root_path) + expect(flash[:alert]).to match(I18n.t('application.controller.error_members_only')) + end + end + end + + describe 'authenticate_or_token' do + describe 'logged in' do + let(:token_verifier) { TokenVerifier.new('xyz') } + let(:token_msg) { token_verifier.generate } + let(:user) { create :user } + + before { login user } + + it 'authenticates token' do + routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' } + get_with_defaults :try_authenticate_or_token, params: { token: token_msg } + expect(response).not_to have_http_status(:redirect) + end + + it 'redirects on faulty token' do + routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' } + get_with_defaults :try_authenticate_or_token, params: { token: 'abc' } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(root_path) + expect(flash[:alert]).to match(I18n.t('application.controller.error_token')) + end + + it 'authenticates current user on empty token' do + routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' } + get_with_defaults :try_authenticate_or_token + expect(response).to have_http_status(:success) + end + end + end +end diff --git a/spec/controllers/finance/balancing_controller_spec.rb b/spec/controllers/finance/balancing_controller_spec.rb new file mode 100644 index 00000000..d62b9974 --- /dev/null +++ b/spec/controllers/finance/balancing_controller_spec.rb @@ -0,0 +1,211 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Finance::BalancingController, type: :controller do + let(:user) { create :user, :role_finance, :role_orders, groups: [create(:ordergroup)] } + + before { login user } + + describe 'GET index' do + let(:order) { create :order } + + it 'renders index page' do + get_with_defaults :index + expect(response).to have_http_status(:success) + expect(response).to render_template('finance/balancing/index') + end + end + + describe 'new balancing' do + let(:supplier) { create :supplier } + let(:article1) { create :article, name: 'AAAA', supplier: supplier, unit_quantity: 1 } + let(:article2) { create :article, name: 'AAAB', supplier: supplier, unit_quantity: 1 } + + let(:order) { create :order, supplier: supplier, article_ids: [article1.id, article2.id] } + + let(:go1) { create :group_order, order: order } + let(:go2) { create :group_order, order: order } + let(:oa1) { order.order_articles.find_by_article_id(article1.id) } + let(:oa2) { order.order_articles.find_by_article_id(article2.id) } + let(:oa3) { order2.order_articles.find_by_article_id(article2.id) } + let(:goa1) { create :group_order_article, group_order: go1, order_article: oa1 } + let(:goa2) { create :group_order_article, group_order: go1, order_article: oa2 } + + before do + goa1.update_quantities(3, 0) + goa2.update_quantities(1, 0) + oa1.update_results! + oa2.update_results! + end + + it 'renders new order page' do + get_with_defaults :new, params: { order_id: order.id } + expect(response).to have_http_status(:success) + expect(response).to render_template('finance/balancing/new') + end + + it 'assigns sorting on articles' do + sortings = [ + ['name', [oa1, oa2]], + ['name_reverse', [oa2, oa1]], + ['order_number', [oa1, oa2]], + ['order_number_reverse', [oa1, oa2]] # just one order + ] + sortings.each do |sorting| + get_with_defaults :new, params: { order_id: order.id, sort: sorting[0] } + expect(response).to have_http_status(:success) + expect(assigns(:articles).to_a).to eq(sorting[1]) + end + end + end + + describe 'update summary' do + let(:order) { create(:order) } + + it 'shows the summary view' do + get_with_defaults :update_summary, params: { id: order.id }, xhr: true + expect(response).to have_http_status(:success) + expect(response).to render_template('finance/balancing/update_summary') + end + end + + describe 'new_on_order' do + let(:order) { create(:order) } + let(:order_article) { order.order_articles.first } + + it 'calls article update' do + get_with_defaults :new_on_order_article_update, params: { id: order.id, order_article_id: order_article.id }, xhr: true + expect(response).not_to render_template(layout: 'application') + expect(response).to render_template('finance/balancing/new_on_order_article_update') + end + + it 'calls article create' do + get_with_defaults :new_on_order_article_create, params: { id: order.id, order_article_id: order_article.id }, xhr: true + expect(response).not_to render_template(layout: 'application') + expect(response).to render_template('finance/balancing/new_on_order_article_create') + end + end + + describe 'edit_note' do + let(:order) { create(:order) } + + it 'updates order note' do + get_with_defaults :edit_note, params: { id: order.id, order: { note: 'Hello' } }, xhr: true + expect(response).to have_http_status(:success) + expect(response).to render_template('finance/balancing/edit_note') + end + end + + describe 'update_note' do + let(:order) { create(:order) } + + it 'updates order note' do + get_with_defaults :update_note, params: { id: order.id, order: { note: 'Hello' } }, xhr: true + expect(response).to have_http_status(:success) + end + + it 'redirects to edit note on failed update' do + get_with_defaults :update_note, params: { id: order.id, order: { article_ids: nil } }, xhr: true + expect(response).to have_http_status(:success) + expect(response).to render_template('finance/balancing/edit_note') + end + end + + describe 'transport' do + let(:order) { create(:order) } + + it 'calls the edit transport view' do + get_with_defaults :edit_transport, params: { id: order.id }, xhr: true + expect(response).to have_http_status(:success) + expect(response).to render_template('finance/balancing/edit_transport') + end + + it 'does redirect if order valid' do + get_with_defaults :update_transport, params: { id: order.id, order: { ends: Time.now } }, xhr: true + expect(response).to have_http_status(:redirect) + expect(assigns(:order).errors.count).to eq(0) + expect(response).to redirect_to(new_finance_order_path(order_id: order.id)) + end + + it 'does redirect if order invalid' do + get_with_defaults :update_transport, params: { id: order.id, order: { starts: Time.now + 2, ends: Time.now } }, xhr: true + expect(assigns(:order).errors.count).to eq(1) + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(new_finance_order_path(order_id: order.id)) + end + end + + describe 'confirm' do + let(:order) { create(:order) } + + it 'renders the confirm template' do + get_with_defaults :confirm, params: { id: order.id }, xhr: true + expect(response).to have_http_status(:success) + expect(response).to render_template('finance/balancing/confirm') + end + end + + describe 'close and update account balances' do + let(:order) { create(:order) } + let(:order1) { create(:order, ends: Time.now) } + let(:fft) { create(:financial_transaction_type) } + + it 'does not close order if ends not set' do + get_with_defaults :close, params: { id: order.id, type: fft.id } + expect(assigns(:order)).not_to be_closed + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(new_finance_order_url(order_id: order.id)) + end + + it 'closes order' do + get_with_defaults :close, params: { id: order1.id, type: fft.id } + expect(assigns(:order)).to be_closed + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(finance_order_index_url) + end + end + + describe 'close direct' do + let(:order) { create(:order) } + + it 'does not close order if already closed' do + order.close_direct!(user) + get_with_defaults :close_direct, params: { id: order.id } + expect(assigns(:order)).to be_closed + end + + it 'closes order directly' do + get_with_defaults :close_direct, params: { id: order.id } + expect(assigns(:order)).to be_closed + end + end + + describe 'close all direct' do + let(:invoice) { create(:invoice) } + let(:invoice1) { create(:invoice) } + let(:order) { create(:order, state: 'finished', ends: Time.now + 2.hours, invoice: invoice) } + let(:order1) { create(:order, state: 'finished', ends: Time.now + 2.hours) } + + before do + order + order1 + end + + it 'does close orders' do + get_with_defaults :close_all_direct_with_invoice + order.reload + expect(order).to be_closed + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(finance_order_index_url) + end + + it 'does not close orders when invoice not set' do + get_with_defaults :close_all_direct_with_invoice + order1.reload + expect(order1).not_to be_closed + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(finance_order_index_url) + end + end +end diff --git a/spec/controllers/finance/base_controller_spec.rb b/spec/controllers/finance/base_controller_spec.rb new file mode 100644 index 00000000..388f3a17 --- /dev/null +++ b/spec/controllers/finance/base_controller_spec.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Finance::BaseController, type: :controller do + let(:user) { create :user, :role_finance, :role_orders, :ordergroup } + + before { login user } + + describe 'GET index' do + let(:fin_trans) { create_list :financial_transaction, 3, user: user, ordergroup: user.ordergroup } + let(:orders) { create_list :order, 2, state: 'finished' } + let(:invoices) { create_list :invoice, 4 } + + before do + fin_trans + orders + invoices + end + + it 'renders index page' do + get_with_defaults :index + expect(response).to have_http_status(:success) + expect(response).to render_template('finance/index') + expect(assigns(:financial_transactions).size).to eq(fin_trans.size) + expect(assigns(:orders).size).to eq(orders.size) + expect(assigns(:unpaid_invoices).size).to eq(invoices.size) + end + end +end diff --git a/spec/controllers/home_controller_spec.rb b/spec/controllers/home_controller_spec.rb new file mode 100644 index 00000000..be106282 --- /dev/null +++ b/spec/controllers/home_controller_spec.rb @@ -0,0 +1,197 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe HomeController, type: :controller do + let(:user) { create :user } + + describe 'GET index' do + describe 'NOT logged in' do + it 'redirects' do + get_with_defaults :profile + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(login_path) + end + end + + describe 'logegd in' do + before { login user } + + it 'assigns tasks' do + get_with_defaults :index + + expect(assigns(:unaccepted_tasks)).not_to be_nil + expect(assigns(:next_tasks)).not_to be_nil + expect(assigns(:unassigned_tasks)).not_to be_nil + expect(response).to render_template('home/index') + end + end + end + + describe 'GET profile' do + before { login user } + + it 'renders dashboard' do + get_with_defaults :profile + expect(response).to have_http_status(:success) + expect(response).to render_template('home/profile') + end + end + + describe 'GET reference_calculator' do + describe 'with simple user' do + before { login user } + + it 'redirects to home' do + get_with_defaults :reference_calculator + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(root_path) + end + end + + describe 'with ordergroup user' do + let(:og_user) { create :user, :ordergroup } + + before { login og_user } + + it 'renders reference calculator' do + get_with_defaults :reference_calculator + expect(response).to have_http_status(:success) + expect(response).to render_template('home/reference_calculator') + end + end + end + + describe 'GET update_profile' do + describe 'with simple user' do + let(:unchanged_attributes) { user.attributes.slice('first_name', 'last_name', 'email') } + let(:changed_attributes) { attributes_for :user } + let(:invalid_attributes) { { email: 'e.mail.com' } } + + before { login user } + + it 'renders profile after update with invalid attributes' do + get_with_defaults :update_profile, params: { user: invalid_attributes } + expect(response).to have_http_status(:success) + expect(response).to render_template('home/profile') + expect(assigns(:current_user).errors.present?).to be true + end + + it 'redirects to profile after update with unchanged attributes' do + get_with_defaults :update_profile, params: { user: unchanged_attributes } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(my_profile_path) + end + + it 'redirects to profile after update' do + patch :update_profile, params: { foodcoop: FoodsoftConfig[:default_scope], user: changed_attributes } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(my_profile_path) + expect(flash[:notice]).to match(/#{I18n.t('home.changes_saved')}/) + expect(user.reload.attributes.slice(:first_name, :last_name, :email)).to eq(changed_attributes.slice('first_name', 'last_name', 'email')) + end + end + + describe 'with ordergroup user' do + let(:og_user) { create :user, :ordergroup } + let(:unchanged_attributes) { og_user.attributes.slice('first_name', 'last_name', 'email') } + let(:changed_attributes) { unchanged_attributes.merge({ ordergroup: { contact_address: 'new Adress 7' } }) } + + before { login og_user } + + it 'redirects to home after update' do + get_with_defaults :update_profile, params: { user: changed_attributes } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(my_profile_path) + expect(og_user.reload.ordergroup.contact_address).to eq('new Adress 7') + end + end + end + + describe 'GET ordergroup' do + describe 'with simple user' do + before { login user } + + it 'redirects to home' do + get_with_defaults :ordergroup + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(root_path) + end + end + + describe 'with ordergroup user' do + let(:og_user) { create :user, :ordergroup } + + before { login og_user } + + it 'renders ordergroup' do + get_with_defaults :ordergroup + expect(response).to have_http_status(:success) + expect(response).to render_template('home/ordergroup') + end + + describe 'assigns sortings' do + let(:fin_trans1) { create :financial_transaction, user: og_user, ordergroup: og_user.ordergroup, note: 'A', amount: 100 } + let(:fin_trans2) { create :financial_transaction, user: og_user, ordergroup: og_user.ordergroup, note: 'B', amount: 200, created_on: Time.now + 1.minute } + + before do + fin_trans1 + fin_trans2 + end + + it 'by criteria' do + sortings = [ + ['date', [fin_trans1, fin_trans2]], + ['note', [fin_trans1, fin_trans2]], + ['amount', [fin_trans1, fin_trans2]], + ['date_reverse', [fin_trans2, fin_trans1]], + ['note_reverse', [fin_trans2, fin_trans1]], + ['amount_reverse', [fin_trans2, fin_trans1]] + ] + sortings.each do |sorting| + get_with_defaults :ordergroup, params: { sort: sorting[0] } + expect(response).to have_http_status(:success) + expect(assigns(:financial_transactions).to_a).to eq(sorting[1]) + end + end + end + end + end + + describe 'GET cancel_membership' do + describe 'with simple user without group' do + before { login user } + + it 'fails' do + expect do + get_with_defaults :cancel_membership + end.to raise_error(ActiveRecord::RecordNotFound) + expect do + get_with_defaults :cancel_membership, params: { membership_id: 424242 } + end.to raise_error(ActiveRecord::RecordNotFound) + end + end + + describe 'with ordergroup user' do + let(:fin_user) { create :user, :role_finance } + + before { login fin_user } + + it 'removes user from group' do + membership = fin_user.memberships.first + get_with_defaults :cancel_membership, params: { group_id: fin_user.groups.first.id } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(my_profile_path) + expect(flash[:notice]).to match(/#{I18n.t('home.ordergroup_cancelled', :group => membership.group.name)}/) + end + + it 'removes user membership' do + membership = fin_user.memberships.first + get_with_defaults :cancel_membership, params: { membership_id: membership.id } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(my_profile_path) + expect(flash[:notice]).to match(/#{I18n.t('home.ordergroup_cancelled', :group => membership.group.name)}/) + end + end + end +end diff --git a/spec/controllers/login_controller_spec.rb b/spec/controllers/login_controller_spec.rb new file mode 100644 index 00000000..c824e429 --- /dev/null +++ b/spec/controllers/login_controller_spec.rb @@ -0,0 +1,67 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe LoginController, type: :controller do + let(:invite) { create :invite } + + describe 'GET accept_invitation' do + let(:expired_invite) { create :expired_invite } + + describe 'with valid token' do + it 'accepts invitation' do + get_with_defaults :accept_invitation, params: { token: invite.token } + expect(response).to have_http_status(:success) + expect(response).to render_template('login/accept_invitation') + end + end + + describe 'with invalid token' do + it 'redirects to login' do + get_with_defaults :accept_invitation, params: { token: invite.token + 'XX' } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(login_url) + expect(flash[:alert]).to match(I18n.t('login.controller.error_invite_invalid')) + end + end + + describe 'with timed out token' do + it 'redirects to login' do + get_with_defaults :accept_invitation, params: { token: expired_invite.token } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(login_url) + expect(flash[:alert]).to match(I18n.t('login.controller.error_invite_invalid')) + end + end + + describe 'without group' do + it 'redirects to login' do + invite.group.destroy + get_with_defaults :accept_invitation, params: { token: invite.token } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(login_url) + expect(flash[:alert]).to match(I18n.t('login.controller.error_group_invalid')) + end + end + end + + describe 'POST accept_invitation' do + describe 'with invalid parameters' do + it 'renders accept_invitation view' do + post_with_defaults :accept_invitation, params: { token: invite.token, user: invite.user.slice('first_name') } + expect(response).to have_http_status(:success) + expect(response).to render_template('login/accept_invitation') + expect(assigns(:user).errors.present?).to be true + end + end + + describe 'with valid parameters' do + it 'redirects to login' do + post_with_defaults :accept_invitation, params: { token: invite.token, user: invite.user.slice('first_name', 'password') } + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(login_url) + expect(flash[:notice]).to match(I18n.t('login.controller.accept_invitation.notice')) + end + end + end +end diff --git a/spec/factories/invite.rb b/spec/factories/invite.rb new file mode 100644 index 00000000..51d48840 --- /dev/null +++ b/spec/factories/invite.rb @@ -0,0 +1,15 @@ +require 'factory_bot' + +FactoryBot.define do + factory :invite do + user { create :user } + group { create :group } + email { Faker::Internet.email } + + factory :expired_invite do + after :create do |invite| + invite.update_column(:expires_at, Time.now.yesterday) + end + end + end +end diff --git a/spec/factories/order_article.rb b/spec/factories/order_article.rb new file mode 100644 index 00000000..99ca8701 --- /dev/null +++ b/spec/factories/order_article.rb @@ -0,0 +1,8 @@ +require 'factory_bot' + +FactoryBot.define do + factory :order_article do + order { create :order } + article { create :article } + end +end diff --git a/spec/fixtures/files/upload_test.csv b/spec/fixtures/files/upload_test.csv new file mode 100644 index 00000000..ac2f59b0 --- /dev/null +++ b/spec/fixtures/files/upload_test.csv @@ -0,0 +1,3 @@ +avail.;Order number;Name;Note;Manufacturer;Origin;Unit;Price (net);VAT;Deposit;Unit quantity;"";"";Category +"";;AAAA;AAAA;;;500 g;25.55;6.0;0.0;1;"";"";AAAA +"";;BBBB;BBBB;;;250 g;12.11;6.0;0.0;2;"";"";BBBB diff --git a/spec/fixtures/upload_test.csv b/spec/fixtures/upload_test.csv new file mode 100644 index 00000000..ac2f59b0 --- /dev/null +++ b/spec/fixtures/upload_test.csv @@ -0,0 +1,3 @@ +avail.;Order number;Name;Note;Manufacturer;Origin;Unit;Price (net);VAT;Deposit;Unit quantity;"";"";Category +"";;AAAA;AAAA;;;500 g;25.55;6.0;0.0;1;"";"";AAAA +"";;BBBB;BBBB;;;250 g;12.11;6.0;0.0;2;"";"";BBBB diff --git a/spec/models/supplier_spec.rb b/spec/models/supplier_spec.rb index 70ba6def..6bcc6e7b 100644 --- a/spec/models/supplier_spec.rb +++ b/spec/models/supplier_spec.rb @@ -19,9 +19,13 @@ describe Supplier do end it 'return correct tolerance' do - supplier = create :supplier, articles: create_list(:article, 1, unit_quantity: 1) + supplier = create :supplier + articles = create_list(:article, 1, unit_quantity: 1, supplier_id: supplier.id) + supplier.reload expect(supplier.has_tolerance?).to be false - supplier2 = create :supplier, articles: create_list(:article, 1, unit_quantity: 2) + supplier2 = create :supplier + articles = create_list(:article, 1, unit_quantity: 2, supplier_id: supplier2.id) + supplier.reload expect(supplier2.has_tolerance?).to be true end diff --git a/spec/requests/api/article_categories_spec.rb b/spec/requests/api/article_categories_spec.rb new file mode 100644 index 00000000..4c079ff2 --- /dev/null +++ b/spec/requests/api/article_categories_spec.rb @@ -0,0 +1,53 @@ +require 'swagger_helper' + +describe 'Article Categories', type: :request do + include ApiHelper + + path '/article_categories' do + get 'article categories' do + tags 'Category' + produces 'application/json' + pagination_param + let(:order_article) { create(:order, article_count: 1).order_articles.first } + let(:stock_article) { create(:stock_article) } + let(:stock_order_article) { create(:stock_order, article_ids: [stock_article.id]).order_articles.first } + + response '200', 'success' do + schema type: :object, properties: { + article_categories: { + type: :array, + items: { + '$ref': '#/components/schemas/ArticleCategory' + } + } + } + run_test! + end + + it_handles_invalid_token + end + end + + path '/article_categories/{id}' do + get 'find article category by id' do + tags 'Category' + produces 'application/json' + id_url_param + + response '200', 'article category found' do + schema type: :object, properties: { + article_categories: { + type: :array, + items: { + '$ref': '#/components/schemas/ArticleCategory' + } + } + } + let(:id) { create(:article_category, name: 'dairy').id } + run_test! + end + it_handles_invalid_token_with_id + it_cannot_find_object + end + end +end diff --git a/spec/requests/api/configs_spec.rb b/spec/requests/api/configs_spec.rb new file mode 100644 index 00000000..75f48ceb --- /dev/null +++ b/spec/requests/api/configs_spec.rb @@ -0,0 +1,20 @@ +require 'swagger_helper' + +describe 'Config', type: :request do + include ApiHelper + + path '/config' do + get 'configuration variables' do + tags 'General' + produces 'application/json' + let(:api_scopes) { ['config:user'] } + + response '200', 'success' do + schema type: :object, properties: {} + run_test! + end + + it_handles_invalid_token_and_scope + end + end +end diff --git a/spec/requests/api/financial_transaction_classes_spec.rb b/spec/requests/api/financial_transaction_classes_spec.rb new file mode 100644 index 00000000..1eaf046f --- /dev/null +++ b/spec/requests/api/financial_transaction_classes_spec.rb @@ -0,0 +1,54 @@ +require 'swagger_helper' + +describe 'Financial Transaction Classes', type: :request do + include ApiHelper + + path '/financial_transaction_classes' do + get 'financial transaction classes' do + tags 'Category' + produces 'application/json' + pagination_param + let(:financial_transaction_class) { create(:financial_transaction_class) } + + response '200', 'success' do + schema type: :object, properties: { + meta: { '$ref' => '#/components/schemas/Meta' }, + financial_transaction_class: { + type: :array, + items: { + '$ref': '#/components/schemas/FinancialTransactionClass' + } + } + } + + run_test! + end + + it_handles_invalid_token + end + end + + path '/financial_transaction_classes/{id}' do + get 'Retrieves a financial transaction class' do + tags 'Category' + produces 'application/json' + id_url_param + + response '200', 'financial transaction class found' do + schema type: :object, properties: { + financial_transaction_classes: { + type: :array, + items: { + '$ref': '#/components/schemas/FinancialTransactionClass' + } + } + } + let(:id) { create(:financial_transaction_class).id } + run_test! + end + + it_handles_invalid_token_with_id + it_cannot_find_object 'financial transaction class not found' + end + end +end diff --git a/spec/requests/api/financial_transaction_types_spec.rb b/spec/requests/api/financial_transaction_types_spec.rb new file mode 100644 index 00000000..82a30f83 --- /dev/null +++ b/spec/requests/api/financial_transaction_types_spec.rb @@ -0,0 +1,52 @@ +require 'swagger_helper' + +describe 'Financial Transaction types', type: :request do + include ApiHelper + + path '/financial_transaction_types' do + get 'financial transaction types' do + tags 'Category' + produces 'application/json' + pagination_param + let(:financial_transaction_type) { create(:financial_transaction_type) } + response '200', 'success' do + schema type: :object, properties: { + meta: { '$ref' => '#/components/schemas/Meta' }, + financial_transaction_type: { + type: :array, + items: { + '$ref': '#/components/schemas/FinancialTransactionType' + } + } + } + run_test! + end + + it_handles_invalid_token + end + end + + path '/financial_transaction_types/{id}' do + get 'find financial transaction type by id' do + tags 'Category' + produces 'application/json' + id_url_param + + response '200', 'financial transaction type found' do + schema type: :object, properties: { + financial_transaction_types: { + type: :array, + items: { + '$ref': '#/components/schemas/FinancialTransactionType' + } + } + } + let(:id) { create(:financial_transaction_type).id } + run_test! + end + + it_handles_invalid_token_with_id + it_cannot_find_object 'financial transaction type not found' + end + end +end diff --git a/spec/requests/api/financial_transactions_spec.rb b/spec/requests/api/financial_transactions_spec.rb new file mode 100644 index 00000000..1d3ef2b9 --- /dev/null +++ b/spec/requests/api/financial_transactions_spec.rb @@ -0,0 +1,56 @@ +require 'swagger_helper' + +describe 'Financial Transaction', type: :request do + include ApiHelper + let!(:finance_user) { create(:user, groups: [create(:workgroup, role_finance: true)]) } + let!(:api_scopes) { ['finance:read', 'finance:write'] } + let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: finance_user.id, scopes: api_scopes&.join(' ')).token } + let(:financial_transaction) { create(:financial_transaction, user: user) } + + path '/financial_transactions' do + get 'financial transactions' do + tags 'Financial Transaction' + produces 'application/json' + pagination_param + + response '200', 'success' do + schema type: :object, properties: { + meta: { '$ref' => '#/components/schemas/Meta' }, + financial_transaction: { + type: :array, + items: { + '$ref': '#/components/schemas/FinancialTransaction' + } + } + } + + run_test! + end + it_handles_invalid_token_and_scope + end + end + + path '/financial_transactions/{id}' do + get 'Retrieves a financial transaction ' do + tags 'Financial Transaction' + produces 'application/json' + id_url_param + + response '200', 'financial transaction found' do + schema type: :object, properties: { + financial_transaction: { + type: :array, + items: { + '$ref': '#/components/schemas/FinancialTransaction' + } + } + } + let(:id) { FinancialTransaction.create(user: user).id } + run_test! + end + it_handles_invalid_token_with_id + it_handles_invalid_scope_with_id + it_cannot_find_object 'financial transaction not found' + end + end +end diff --git a/spec/requests/api/navigations_spec.rb b/spec/requests/api/navigations_spec.rb new file mode 100644 index 00000000..c2312437 --- /dev/null +++ b/spec/requests/api/navigations_spec.rb @@ -0,0 +1,24 @@ +require 'swagger_helper' + +describe 'Navigation', type: :request do + include ApiHelper + + path '/navigation' do + get 'navigation' do + tags 'General' + produces 'application/json' + + response '200', 'success' do + schema type: :object, properties: { + navigation: { + '$ref' => '#/components/schemas/Navigation' + } + } + + run_test! + end + + it_handles_invalid_token + end + end +end diff --git a/spec/requests/api/order_articles_spec.rb b/spec/requests/api/order_articles_spec.rb new file mode 100644 index 00000000..17feefa6 --- /dev/null +++ b/spec/requests/api/order_articles_spec.rb @@ -0,0 +1,115 @@ +require 'swagger_helper' + +describe 'Order Articles', type: :request do + include ApiHelper + + path '/order_articles' do + get 'order articles' do + tags 'Order' + produces 'application/json' + pagination_param + q_ordered_url_param + + let(:api_scopes) { ['orders:read', 'orders:write'] } + let(:order) { create(:order, article_count: 4) } + let(:order_articles) { order.order_articles } + + before do + order_articles[0].update! quantity: 0, tolerance: 0, units_to_order: 0 + order_articles[1].update! quantity: 1, tolerance: 0, units_to_order: 0 + order_articles[2].update! quantity: 0, tolerance: 1, units_to_order: 0 + order_articles[3].update! quantity: 0, tolerance: 0, units_to_order: 1 + end + + response '200', 'success' do + schema type: :object, properties: { + meta: { '$ref' => '#/components/schemas/Meta' }, + order_articles: { + type: :array, + items: { + '$ref': '#/components/schemas/OrderArticle' + } + } + } + describe '(unset)' do + run_test! + end + + describe 'all' do + let(:q) { { q: { ordered: 'all' } } } + + run_test! do |response| + json_order_articles = JSON.parse(response.body)['order_articles'] + json_order_article_ids = json_order_articles.map { |d| d['id'].to_i } + expect(json_order_article_ids).to match_array order_articles[1..2].map(&:id) + end + end + + describe 'when ordered by supplier' do + let(:q) { { q: { ordered: 'supplier' } } } + + run_test! do |response| + json_order_articles = JSON.parse(response.body)['order_articles'] + json_order_article_ids = json_order_articles.map { |d| d['id'].to_i } + expect(json_order_article_ids).to match_array [order_articles[3].id] + end + end + + describe 'when ordered by member' do + let(:q) { { q: { ordered: 'member' } } } + + run_test! do |response| + json_order_articles = JSON.parse(response.body)['order_articles'] + expect(json_order_articles.count).to eq 0 + end + end + + context 'when ordered by user' do + let(:user) { create(:user, :ordergroup) } + let(:go) { create(:group_order, order: order, ordergroup: user.ordergroup) } + + before do + create(:group_order_article, group_order: go, order_article: order_articles[1], quantity: 1) + create(:group_order_article, group_order: go, order_article: order_articles[2], tolerance: 0) + end + + describe 'member' do + let(:q) { { q: { ordered: 'member' } } } + + run_test! do |response| + json_order_articles = JSON.parse(response.body)['order_articles'] + json_order_article_ids = json_order_articles.map { |d| d['id'].to_i } + expect(json_order_article_ids).to match_array order_articles[1..2].map(&:id) + end + end + end + end + + it_handles_invalid_token_and_scope + end + end + + path '/order_articles/{id}' do + get 'order articles' do + tags 'Order' + produces 'application/json' + id_url_param + let(:api_scopes) { ['orders:read', 'orders:write'] } + + response '200', 'success' do + schema type: :object, properties: { + order_article: { + '$ref': '#/components/schemas/OrderArticle' + } + } + let(:order) { create(:order, article_count: 1) } + let(:id) { order.order_articles.first.id } + + run_test! + end + + it_handles_invalid_token_and_scope + it_cannot_find_object 'order article not found' + end + end +end diff --git a/spec/requests/api/orders_spec.rb b/spec/requests/api/orders_spec.rb new file mode 100644 index 00000000..c0505d7f --- /dev/null +++ b/spec/requests/api/orders_spec.rb @@ -0,0 +1,55 @@ +require 'swagger_helper' + +describe 'Orders', type: :request do + include ApiHelper + let(:api_scopes) { ['orders:read'] } + + path '/orders' do + get 'orders' do + tags 'Order' + produces 'application/json' + pagination_param + let(:order) { create(:order) } + + response '200', 'success' do + schema type: :object, properties: { + meta: { '$ref' => '#/components/schemas/Meta' }, + ordes: { + type: :array, + items: { + '$ref': '#/components/schemas/Order' + } + } + } + + run_test! + end + + it_handles_invalid_token_and_scope + end + end + + path '/orders/{id}' do + get 'Order' do + tags 'Order' + produces 'application/json' + id_url_param + + let(:order) { create(:order) } + + response '200', 'success' do + schema type: :object, properties: { + order: { '$ref' => '#/components/schemas/Order' } + } + let(:id) { order.id } + + run_test! do |response| + expect(JSON.parse(response.body)['order']['id']).to eq order.id + end + end + + it_handles_invalid_token_and_scope + it_cannot_find_object 'order not found' + end + end +end diff --git a/spec/requests/api/user/financial_transactions_spec.rb b/spec/requests/api/user/financial_transactions_spec.rb new file mode 100644 index 00000000..4fb69cd6 --- /dev/null +++ b/spec/requests/api/user/financial_transactions_spec.rb @@ -0,0 +1,109 @@ +require 'swagger_helper' + +describe 'User', type: :request do + include ApiHelper + + let(:api_scopes) { ['finance:user'] } + let(:user) { create :user, groups: [create(:ordergroup)] } + let(:other_user2) { create :user } + let(:ft) { create(:financial_transaction, user: user, ordergroup: user.ordergroup) } + + before do + ft + end + + path '/user/financial_transactions' do + post 'create new financial transaction (requires enabled self service)' do + tags 'Financial Transaction' + consumes 'application/json' + produces 'application/json' + + parameter name: :financial_transaction, in: :body, schema: { + type: :object, + properties: { + amount: { type: :integer }, + financial_transaction_type: { type: :integer }, + note: { type: :string } + } + } + + let(:financial_transaction) { { amount: 3, financial_transaction_type_id: create(:financial_transaction_type).id, note: 'lirum larum' } } + + response '200', 'success' do + schema type: :object, properties: { + financial_transaction: { '$ref': '#/components/schemas/FinancialTransaction' } + } + run_test! + end + + it_handles_invalid_token_with_id + it_handles_invalid_scope_with_id 'user has no ordergroup, is below minimum balance, self service is disabled, or missing scope' + + response '404', 'financial transaction type not found' do + schema '$ref' => '#/components/schemas/Error404' + let(:financial_transaction) { { amount: 3, financial_transaction_type_id: 'invalid', note: 'lirum larum' } } + run_test! + end + + # TODO: fix controller to actually send a 422 for invalid params? + # Expected response code '200' to match '422' + # Response body: {"financial_transaction":{"id":316,"user_id":599,"user_name":"Lisbeth ","amount":-3.0,"note":"-2","created_at":"2022-12-12T13:05:32.000+01:00","financial_transaction_type_id":346,"financial_transaction_type_name":"aut est iste #9"}} + # + # response '422', 'invalid parameter value' do + # # schema '$ref' => '#/components/schemas/Error422' + # let(:financial_transaction) { { amount: -3, financial_transaction_type_id: create(:financial_transaction_type).id, note: -2 } } + # run_test! + # end + end + + get "financial transactions of the member's ordergroup" do + tags 'User', 'Financial Transaction' + produces 'application/json' + pagination_param + + response '200', 'success' do + schema type: :object, properties: { + meta: { '$ref': '#/components/schemas/Meta' }, + financial_transaction: { + type: :array, + items: { + '$ref': '#/components/schemas/FinancialTransaction' + } + } + } + + run_test! do |response| + data = JSON.parse(response.body) + expect(data['financial_transactions'].first['id']).to eq(ft.id) + end + end + + it_handles_invalid_token_and_scope + end + end + + path '/user/financial_transactions/{id}' do + get 'find financial transaction by id' do + tags 'User', 'Financial Transaction' + produces 'application/json' + id_url_param + + response '200', 'success' do + schema type: :object, properties: { + financial_transaction: { + '$ref': '#/components/schemas/FinancialTransaction' + } + } + let(:id) { ft.id } + run_test! do |response| + data = JSON.parse(response.body) + expect(data['financial_transaction']['id']).to eq(ft.id) + end + end + + it_handles_invalid_token_with_id + it_handles_invalid_scope_with_id 'user has no ordergroup or missing scope' + it_cannot_find_object 'financial transaction not found' + end + end +end diff --git a/spec/requests/api/user/group_order_articles_spec.rb b/spec/requests/api/user/group_order_articles_spec.rb new file mode 100644 index 00000000..205a4070 --- /dev/null +++ b/spec/requests/api/user/group_order_articles_spec.rb @@ -0,0 +1,192 @@ +require 'swagger_helper' + +describe 'User', type: :request do + include ApiHelper + + let(:api_scopes) { ['group_orders:user'] } + let(:user) { create :user, groups: [create(:ordergroup)] } + let(:other_user2) { create :user } + let(:order) { create(:order, article_count: 4) } + let(:order_articles) { order.order_articles } + let(:group_order) { create :group_order, ordergroup: user.ordergroup, order_id: order.id } + let(:goa) { create :group_order_article, group_order: group_order, order_article: order_articles.first } + + before do + goa + end + + path '/user/group_order_articles' do + get 'group order articles' do + tags 'User', 'Order' + produces 'application/json' + pagination_param + q_ordered_url_param + + response '200', 'success' do + schema type: :object, properties: { + meta: { '$ref': '#/components/schemas/Meta' }, + group_order_article: { + type: :array, + items: { + '$ref': '#/components/schemas/GroupOrderArticle' + } + } + } + + run_test! do |response| + data = JSON.parse(response.body) + expect(data['group_order_articles'].first['id']).to eq(goa.id) + end + end + + it_handles_invalid_token + it_handles_invalid_scope 'user has no ordergroup or missing scope' + end + + post 'create new group order article' do + tags 'User', 'Order' + consumes 'application/json' + produces 'application/json' + parameter name: :group_order_article, in: :body, + description: 'group order article to create', + required: true, + schema: { '$ref': '#/components/schemas/GroupOrderArticleForCreate' } + + let(:group_order_article) { { order_article_id: order_articles.last.id, quantity: 1, tolerance: 2 } } + response '200', 'success' do + schema type: :object, properties: { + group_order_article: { + '$ref': '#/components/schemas/GroupOrderArticle' + }, + order_article: { + '$ref': '#/components/schemas/OrderArticle' + } + } + run_test! + end + + it_handles_invalid_token_with_id + it_handles_invalid_scope_with_id 'user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope' + + response '404', 'order article not found in open orders' do + let(:group_order_article) { { order_article_id: 'invalid', quantity: 1, tolerance: 2 } } + schema '$ref' => '#/components/schemas/Error404' + run_test! + end + + response '422', 'invalid parameter value or group order article already exists' do + let(:group_order_article) { { order_article_id: goa.order_article_id, quantity: 1, tolerance: 2 } } + schema '$ref' => '#/components/schemas/Error422' + run_test! + end + end + end + + path '/user/group_order_articles/{id}' do + get 'find group order article by id' do + tags 'User', 'Order' + produces 'application/json' + id_url_param + + response '200', 'success' do + schema type: :object, properties: { + group_order_article: { + '$ref': '#/components/schemas/GroupOrderArticle' + }, + order_article: { + '$ref': '#/components/schemas/OrderArticle' + } + } + + let(:id) { goa.id } + run_test! do |response| + data = JSON.parse(response.body) + expect(data['group_order_article']['id']).to eq(goa.id) + end + end + + it_handles_invalid_scope_with_id + it_handles_invalid_token_with_id + it_cannot_find_object 'group order article not found' + end + + patch 'update a group order article (but delete if quantity and tolerance are zero)' do + tags 'User', 'Order' + consumes 'application/json' + produces 'application/json' + id_url_param + parameter name: :group_order_article, in: :body, + description: 'group order article update', + required: true, + schema: { '$ref': '#/components/schemas/GroupOrderArticleForUpdate' } + + let(:id) { goa.id } + let(:group_order_article) { { order_article_id: goa.order_article_id, quantity: 2, tolerance: 2 } } + + response '200', 'success' do + schema type: :object, properties: { + group_order_article: { + '$ref': '#/components/schemas/GroupOrderArticle' + } + } + run_test! + end + + response 401, 'not logged-in' do + schema '$ref' => '#/components/schemas/Error401' + let(:Authorization) { 'abc' } + run_test! + end + + response 403, 'user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope' do + let(:api_scopes) { ['none'] } + schema '$ref' => '#/components/schemas/Error403' + run_test! + end + + response '404', 'order article not found in open orders' do + schema type: :object, properties: { + group_order_article: { + '$ref': '#/components/schemas/GroupOrderArticle' + } + } + let(:id) { 'invalid' } + run_test! + end + + response '422', 'invalid parameter value' do + let(:group_order_article) { { order_article_id: 'invalid', quantity: -5, tolerance: 'invalid' } } + schema '$ref' => '#/components/schemas/Error422' + run_test! + end + end + + delete 'remove group order article' do + tags 'User', 'Order' + consumes 'application/json' + produces 'application/json' + id_url_param + let(:api_scopes) { ['group_orders:user'] } + + response '200', 'success' do + schema type: :object, properties: { + group_order_article: { + '$ref': '#/components/schemas/GroupOrderArticle' + } + } + let(:id) { goa.id } + run_test! + end + + it_handles_invalid_token_with_id + + response 403, 'user has no ordergroup, order not open, is below minimum balance, has not enough apple points, or missing scope' do + let(:api_scopes) { ['none'] } + schema '$ref' => '#/components/schemas/Error403' + run_test! + end + + it_cannot_find_object 'order article not found in open orders' + end + end +end diff --git a/spec/requests/api/user/users_spec.rb b/spec/requests/api/user/users_spec.rb new file mode 100644 index 00000000..0d3196bc --- /dev/null +++ b/spec/requests/api/user/users_spec.rb @@ -0,0 +1,103 @@ +require 'swagger_helper' + +describe 'User', type: :request do + include ApiHelper + + path '/user' do + get 'info about the currently logged-in user' do + tags 'User' + produces 'application/json' + let(:api_scopes) { ['user:read'] } + let(:other_user1) { create :user } + let(:user) { create :user } + let(:other_user2) { create :user } + + response '200', 'success' do + schema type: :object, + properties: { + user: { + type: :object, + properties: { + id: { + type: :integer + }, + name: { + type: :string, + description: 'full name' + }, + email: { + type: :string, + description: 'email address' + }, + locale: { + type: :string, + description: 'language code' + } + }, + required: %w[id name email] + } + } + + run_test! do |response| + data = JSON.parse(response.body) + expect(data['user']['id']).to eq(user.id) + end + end + + it_handles_invalid_token_and_scope + end + end + + path '/user/financial_overview' do + get 'financial summary about the currently logged-in user' do + tags 'User', 'Financial Transaction' + produces 'application/json' + let(:user) { create :user, :ordergroup } + let(:api_scopes) { ['finance:user'] } + FinancialTransactionClass.create(name: 'TestTransaction') + + response 200, 'success' do + schema type: :object, + properties: { + financial_overview: { + type: :object, + properties: { + + account_balance: { + type: :number, + description: 'booked accout balance of ordergroup' + }, + available_funds: { + type: :number, + description: 'fund available to order articles' + }, + financial_transaction_class_sums: { + type: :array, + properties: { + id: { + type: :integer, + description: 'id of the financial transaction class' + }, + name: { + type: :string, + description: 'name of the financial transaction class' + }, + amount: { + type: :number, + description: 'sum of the amounts belonging to the financial transaction class' + } + }, + required: %w[id name amount] + } + }, + required: %w[account_balance available_funds financial_transaction_class_sums] + } + } + + run_test! + end + + it_handles_invalid_token_and_scope + end + end +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 88dea423..41894406 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -21,6 +21,10 @@ Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f } RSpec.configure do |config| # We use capybara with webkit, and need database_cleaner + config.before(:suite) do + DatabaseCleaner.clean_with(:truncation) + end + config.before(:each) do DatabaseCleaner.strategy = (RSpec.current_example.metadata[:js] ? :truncation : :transaction) DatabaseCleaner.start @@ -51,8 +55,8 @@ RSpec.configure do |config| # --seed 1234 config.order = "random" + config.include SpecTestHelper, type: :controller config.include SessionHelper, type: :feature - # Automatically determine spec from directory structure, see: # https://www.relishapp.com/rspec/rspec-rails/v/3-0/docs/directory-structure config.infer_spec_type_from_file_location! diff --git a/spec/support/api_helper.rb b/spec/support/api_helper.rb index ee0225f5..86e2ca07 100644 --- a/spec/support/api_helper.rb +++ b/spec/support/api_helper.rb @@ -5,21 +5,60 @@ module ApiHelper let(:user) { create(:user) } let(:api_scopes) { [] } # empty scopes for stricter testing (in reality this would be default_scopes) let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token } - let(:api_authorization) { "Bearer #{api_access_token}" } + let(:Authorization) { "Bearer #{api_access_token}" } - def self.it_handles_invalid_token(method, path, params_block = -> { api_auth }) + def self.it_handles_invalid_token context 'with invalid access token' do - let(:api_access_token) { 'abc' } + let(:Authorization) { 'abc' } - it { is_expected.to validate(method, path, 401, instance_exec(¶ms_block)) } + response 401, 'not logged-in' do + schema '$ref' => '#/components/schemas/Error401' + run_test! + end end end - def self.it_handles_invalid_scope(method, path, params_block = -> { api_auth }) + def self.it_handles_invalid_token_with_id + context 'with invalid access token' do + let(:Authorization) { 'abc' } + let(:id) { 42 } # id doesn't matter here + + response 401, 'not logged-in' do + schema '$ref' => '#/components/schemas/Error401' + run_test! + end + end + end + + def self.it_handles_invalid_scope(description = 'missing scope') context 'with invalid scope' do let(:api_scopes) { ['none'] } - it { is_expected.to validate(method, path, 403, instance_exec(¶ms_block)) } + response 403, description do + schema '$ref' => '#/components/schemas/Error403' + run_test! + end + end + end + + def self.it_handles_invalid_scope_with_id(description = 'missing scope') + context 'with invalid scope' do + let(:api_scopes) { ['none'] } + let(:id) { 42 } # id doesn't matter here + + response 403, description do + schema '$ref' => '#/components/schemas/Error403' + run_test! + end + end + end + + def self.it_cannot_find_object(description = 'not found') + let(:id) { 'invalid' } + + response 404, description do + schema '$ref' => '#/components/schemas/Error404' + run_test! end end @@ -27,13 +66,25 @@ module ApiHelper it_handles_invalid_token(*args) it_handles_invalid_scope(*args) end - end - # Add authentication to parameters for {Swagger::RspecHelpers#validate} - # @param params [Hash] Query parameters - # @return Query parameters with authentication header - # @see Swagger::RspecHelpers#validate - def api_auth(params = {}) - { '_headers' => { 'Authorization' => api_authorization } }.deep_merge(params) + def self.id_url_param + parameter name: :id, in: :path, type: :integer, required: true + end + + def self.pagination_param + parameter name: :per_page, in: :query, type: :integer, required: false + parameter name: :page, in: :query, type: :integer, required: false + end + + def self.q_ordered_url_param + parameter name: :q, in: :query, required: false, + description: "'member' show articles ordered by the user's ordergroup, 'all' by all members, and 'supplier' ordered at the supplier", + schema: { + type: :object, + properties: { + ordered: { '$ref' => '#/components/schemas/q_ordered' } + } + } + end end end diff --git a/spec/support/spec_test_helper.rb b/spec/support/spec_test_helper.rb new file mode 100644 index 00000000..58a1c0ef --- /dev/null +++ b/spec/support/spec_test_helper.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +module SpecTestHelper + def login(user) + user = User.where(:nick => user.nick).first if user.is_a?(Symbol) + session[:user_id] = user.id + session[:scope] = FoodsoftConfig[:default_scope] # Save scope in session to not allow switching between foodcoops with one account + session[:locale] = user.locale + end + + def current_user + User.find(session[:user_id]) + end + + def get_with_defaults(action, params: {}, xhr: false, format: nil) + params['foodcoop'] = FoodsoftConfig[:default_scope] + get action, params: params, xhr: xhr, format: format + end + + def post_with_defaults(action, params: {}, xhr: false, format: nil) + params['foodcoop'] = FoodsoftConfig[:default_scope] + post action, params: params, xhr: xhr, format: format + end +end + +RSpec.configure do |config| + config.include SpecTestHelper, :type => :controller +end diff --git a/spec/swagger_helper.rb b/spec/swagger_helper.rb new file mode 100644 index 00000000..912504b8 --- /dev/null +++ b/spec/swagger_helper.rb @@ -0,0 +1,513 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.configure do |config| + # Specify a root folder where Swagger JSON files are generated + # NOTE: If you're using the rswag-api to serve API descriptions, you'll need + # to ensure that it's configured to serve Swagger from the same folder + config.swagger_root = Rails.root.join('swagger').to_s + + # Define one or more Swagger documents and provide global metadata for each one + # When you run the 'rswag:specs:swaggerize' rake task, the complete Swagger will + # be generated at the provided relative path under swagger_root + # By default, the operations defined in spec files are added to the first + # document below. You can override this behavior by adding a swagger_doc tag to the + # the root example_group in your specs, e.g. describe '...', swagger_doc: 'v2/swagger.json' + config.swagger_docs = { + 'v1/swagger.yaml' => { + openapi: '3.0.3', + info: { + title: 'API V1', + version: 'v1' + }, + paths: {}, + components: { + schemas: { + pagination: { + type: :object, + properties: { + recordCount: { type: :integer }, + pageCount: { type: :integer }, + currentPage: { type: :integer }, + pageSize: { type: :integer } + }, + required: %w(recordCount pageCount currentPage pageSize) + }, + Order: { + type: :object, + properties: { + id: { + type: :integer + }, + name: { + type: :string, + description: "name of the order's supplier (or stock)" + }, + starts: { + type: :string, + format: 'date-time', + description: 'when the order was opened' + }, + ends: { + type: :string, + nullable: true, + format: 'date-time', + description: 'when the order will close or was closed' + }, + boxfill: { + type: :string, + nullable: true, + format: 'date-time', + description: 'when the order will enter or entered the boxfill phase' + }, + pickup: { + type: :string, + nullable: true, + format: :date, + description: 'pickup date' + }, + is_open: { + type: :boolean, + description: 'if the order is currently open or not' + }, + is_boxfill: { + type: :boolean, + description: 'if the order is currently in the boxfill phase or not' + } + } + }, + Article: { + type: :object, + properties: { + id: { + type: :integer + }, + name: { + type: :string + }, + supplier_id: { + type: :integer, + description: 'id of supplier, or 0 for stock articles' + }, + supplier_name: { + type: :string, + nullable: true, + description: 'name of the supplier, or null for stock articles' + }, + unit: { + type: :string, + description: 'amount of each unit, e.g. "100 g" or "kg"' + }, + unit_quantity: { + type: :integer, + description: 'units can only be ordered from the supplier in multiples of unit_quantity' + }, + note: { + type: :string, + nullable: true, + description: 'generic note' + }, + manufacturer: { + type: :string, + nullable: true, + description: 'manufacturer' + }, + origin: { + type: :string, + nullable: true, + description: 'origin, preferably (starting with a) 2-letter ISO country code' + }, + article_category_id: { + type: :integer, + description: 'id of article category' + }, + quantity_available: { + type: :integer, + description: 'number of units available (only present on stock articles)' + } + }, + required: %w[id name supplier_id supplier_name unit unit_quantity note manufacturer origin article_category_id] + }, + OrderArticle: { + type: :object, + properties: { + id: { + type: :integer + }, + order_id: { + type: :integer, + description: 'id of order this order article belongs to' + }, + price: { + type: :number, + format: :float, + description: 'foodcoop price' + }, + quantity: { + type: :integer, + description: 'number of units ordered by members' + }, + tolerance: { + type: :integer, + description: 'number of extra units that members are willing to buy to fill a box' + }, + units_to_order: { + type: :integer, + description: 'number of units to order from the supplier' + }, + article: { + '$ref': '#/components/schemas/Article' + } + } + }, + ArticleCategory: { + type: :object, + properties: { + id: { + type: :integer + }, + name: { + type: :string + } + }, + required: %w[id name] + }, + FinancialTransaction: { + allOf: [ + { '$ref': '#/components/schemas/FinancialTransactionForCreate' }, + { + type: :object, + properties: { + id: { + type: :integer + }, + amount: { + type: :number, + format: :float, + description: 'amount credited (negative for a debit transaction)' + }, + financial_transaction_type_id: { + type: :integer, + description: 'id of the type of the transaction' + }, + note: { + type: :string, + description: 'note entered with the transaction' + }, + user_id: { + type: :integer, + nullable: true, + description: 'id of user who entered the transaction (may be null for deleted users or 0 for a system user)' + }, + user_name: { + type: :string, + nullable: true, + description: 'name of user who entered the transaction (may be null or empty string for deleted users or system users)' + }, + financial_transaction_type_name: { + type: :string, + description: 'name of the type of the transaction' + }, + created_at: { + type: :string, + format: 'date-time', + description: 'when the transaction was entered' + } + }, + required: %w[id user_id user_name financial_transaction_type_name created_at] + } + ] + }, + FinancialTransactionForCreate: { + type: :object, + properties: { + amount: { + type: :number, + format: :float, + description: 'amount credited (negative for a debit transaction)' + }, + financial_transaction_type_id: + { + type: :integer, + description: 'id of the type of the transaction' + }, + note: { + type: :string, + description: 'note entered with the transaction' + } + }, + required: %w[amount note user_id] + }, + FinancialTransactionClass: { + type: :object, + properties: { + id: { + type: :integer + }, + name: { + type: :string + } + }, + required: %w[id name] + }, + FinancialTransactionType: { + type: :object, + properties: { + id: { + type: :integer + }, + name: { + type: :string + }, + name_short: { + type: :string, + nullable: true, + description: 'short name (used for bank transfers)' + }, + bank_account_id: { + type: :integer, + nullable: true, + description: 'id of the bank account used for this transaction type' + }, + bank_account_name: { + type: :string, + nullable: true, + description: 'name of the bank account used for this transaction type' + }, + bank_account_iban: { + type: :string, + nullable: true, + description: 'IBAN of the bank account used for this transaction type' + }, + financial_transaction_class_id: { + type: :integer, + description: 'id of the class of the transaction' + }, + financial_transaction_class_name: { + type: :string, + description: 'name of the class of the transaction' + } + }, + required: %w[id name financial_transaction_class_id financial_transaction_class_name] + }, + GroupOrderArticleForUpdate: { + type: :object, + properties: { + quantity: + { + type: :integer, + description: 'number of units ordered by the users ordergroup' + }, + tolerance: + { + type: :integer, + description: 'number of extra units the users ordergroup is willing to buy for filling a box' + } + } + }, + GroupOrderArticleForCreate: { + allOf: [ + { '$ref': '#/components/schemas/GroupOrderArticleForUpdate' }, + { + type: :object, + properties: { + order_article_id: + { + type: :integer, + description: 'id of order article' + } + } + } + ] + }, + GroupOrderArticle: { + allOf: [ + { '$ref': '#/components/schemas/GroupOrderArticleForCreate' }, + { + type: :object, + properties: { + id: { + type: :integer + }, + result: { + type: :number, + format: :float, + description: 'number of units the users ordergroup will receive or has received' + }, + total_price: + { + type: :number, + format: :float, + description: 'total price of this group order article' + }, + order_article_id: + { + type: :integer, + description: 'id of order article' + } + }, + required: %w[order_article_id] + } + ] + }, + q_ordered: { + type: :object, + properties: { + ordered: { + type: :string, + enum: %w[member all supplier] + } + } + }, + Meta: { + type: :object, + properties: { + page: { + type: :integer, + description: 'page number of the returned collection' + }, + per_page: { + type: :integer, + description: 'number of items per page' + }, + total_pages: { + type: :integer, + description: 'total number of pages' + }, + total_count: { + type: :integer, + description: 'total number of items in the collection' + } + }, + required: %w[page per_page total_pages total_count] + }, + Navigation: { + type: :array, + items: { + type: :object, + properties: { + name: { + type: :string, + description: 'title' + }, + url: { + type: :string, + description: 'link' + }, + items: { + '$ref': "#/components/schemas/Navigation" + } + }, + required: ['name'], + minProperties: 2 # name+url or name+items + } + }, + Error: { + type: :object, + properties: { + error: { + type: :string, + description: 'error code' + }, + error_description: { + type: :string, + description: 'human-readable error message (localized)' + } + } + }, + Error401: { + type: :object, + properties: { + error: { + type: :string, + description: 'unauthorized' + }, + error_description: { + '$ref': '#/components/schemas/Error/properties/error_description' + } + } + }, + Error403: { + type: :object, + properties: { + error: { + type: :string, + description: 'forbidden or invalid_scope' + }, + error_description: { + '$ref': '#/components/schemas/Error/properties/error_description' + } + } + }, + Error404: { + type: :object, + properties: { + error: { + type: :string, + description: 'not_found' + }, + error_description: { + '$ref': '#/components/schemas/Error/properties/error_description' + } + } + }, + Error422: { + type: :object, + properties: { + error: { + type: :string, + description: 'unprocessable entity' + }, + error_description: { + '$ref': '#/components/schemas/Error/properties/error_description' + } + } + } + }, + securitySchemes: { + oauth2: { + type: :oauth2, + flows: { + implicit: { + authorizationUrl: 'http://localhost:3000/f/oauth/authorize', + scopes: { + 'config:user': 'reading Foodsoft configuration for regular users', + 'config:read': 'reading Foodsoft configuration values', + 'config:write': 'reading and updating Foodsoft configuration values', + 'finance:user': 'accessing your own financial transactions', + 'finance:read': 'reading all financial transactions', + 'finance:write': 'reading and creating financial transactions', + 'user:read': 'reading your own user profile', + 'user:write': 'reading and updating your own user profile', + offline_access: 'retain access after user has logged out' + } + } + } + } + } + }, + servers: [ + { + url: 'http://{defaultHost}/f/api/v1', + variables: { + defaultHost: { + default: 'localhost:3000' + } + } + } + ], + security: [ + oauth2: [ + 'user:read' + ] + ] + } + } + + # Specify the format of the output Swagger file when running 'rswag:specs:swaggerize'. + # The swagger_docs configuration option has the filename including format in + # the key, this may want to be changed to avoid putting yaml in json files. + # Defaults to json. Accepts ':json' and ':yaml'. + config.swagger_format = :yaml +end diff --git a/vendor/javascript/.keep b/vendor/javascript/.keep new file mode 100644 index 00000000..e69de29b