diff --git a/Guardfile b/Guardfile index 453841ee..8470c797 100644 --- a/Guardfile +++ b/Guardfile @@ -13,6 +13,7 @@ guard 'rspec' do watch(%r{^spec/support/(.+)\.rb$}) { "spec" } watch('config/routes.rb') { "spec/routing" } watch('app/controllers/application_controller.rb') { "spec/controllers" } + watch(%r{^app/views/supplier/([^.]+)\.}) { "spec/controllers/supplier/#{m[1]}"} # Capybara features specs watch(%r{^app/views/(.+)/.*\.(erb|haml)$}) { |m| "spec/features/#{m[1]}_spec.rb" } diff --git a/app/assets/javascripts/supplier/qsupplier.js.coffee b/app/assets/javascripts/supplier/qsupplier.js.coffee index adaaab80..d9fde4b1 100644 --- a/app/assets/javascripts/supplier/qsupplier.js.coffee +++ b/app/assets/javascripts/supplier/qsupplier.js.coffee @@ -98,7 +98,7 @@ root.Qsupplier= ) load_active_lists: () -> - $.get('/supplier/active_lists.json?section_id='+($('#current_section_selector').val() || ''), (res) => + $.get('/supplier/active_lists.json?section_id='+($('#section_selector').val() || ''), (res) => body = $('#active-lists-table tbody') body.find('tr').remove() foot = $('#active-lists-table tfoot') @@ -113,13 +113,11 @@ root.Qsupplier= ) load_active_orders: () -> - $.get('/supplier/active_orders.json?section_id='+($('#current_section_selector').val() || ''), (res) => + $.get('/supplier/active_orders.json?section_id='+($('#section_selector').val() || ''), (res) => body = $('#active-orders-table tbody') body.html('') foot = $('#active-orders-table tfoot') - if(!res.orders && !res.orders.length) - alert('No orders in list') - return + return unless res.orders for order in res.orders ord = new Order(order) body.append @mustache('#active-order-template', ord) diff --git a/app/assets/javascripts/user/application.js.erb b/app/assets/javascripts/user/application.js.erb index 11667034..f579520a 100644 --- a/app/assets/javascripts/user/application.js.erb +++ b/app/assets/javascripts/user/application.js.erb @@ -67,7 +67,13 @@ var $translations = { body: '%{email} wants to join the table', reject: 'Reject', approve: 'Approve', - waiting_for_confirmation: 'Waiting for approval of the person on this table...' + requestor: { + title: 'This table is occupied', + go_back: 'Back', + show_the_products: 'Show the menu', + join_this_table: 'Join this table', + waiting_for_confirmation: 'Waiting for approval of the person on this table...' + } }, move_table: { cannot_move_to_occupied_table: 'You cannot move to an occupied table', @@ -102,7 +108,13 @@ var $translations = { body: '%{email} wil ook op jouw lijst bestellen', reject: 'Afwijzen', approve: 'Toestaan', - waiting_for_confirmation: 'Wachten op toestemming van huidige gebruikers om hier te kunnen bestellen...' + requestor: { + title: 'Deze tafel is bezet', + go_back: 'Terug', + show_the_products: 'Toon het menu', + join_this_table: 'Ook bestellen aan deze tafel', + waiting_for_confirmation: 'Wachten op toestemming van huidige gebruikers om hier te kunnen bestellen...' + } }, move_table: { cannot_move_to_occupied_table: 'Je kan niet verhuizen naar een tafel die reeds gebruikt wordt.', diff --git a/app/assets/javascripts/user/quser.js.coffee b/app/assets/javascripts/user/quser.js.coffee index 38369c70..49fbb02e 100644 --- a/app/assets/javascripts/user/quser.js.coffee +++ b/app/assets/javascripts/user/quser.js.coffee @@ -386,7 +386,7 @@ class Quser cont = $('#join-occupied-table-progress-container') cont.html('') cont.append $($('').attr('src', "#{$asset_path}spinner.gif")) - cont.append $($('

').html(t('join_request.waiting_for_confirmation'))) + cont.append $($('

').html(t('join_request.requestor.waiting_for_confirmation'))) @ensure_token => $.post(data_host + '/user/join_occupied_table', $.extend({table_id: table_id}, @authentication_object)) #setInterval('Quser.check_if_can_join_occupied_table("'+table_id+'")', 7500) diff --git a/app/assets/stylesheets/user/qr_list.css.sass b/app/assets/stylesheets/user/qr_list.css.sass new file mode 100644 index 00000000..a24e5907 --- /dev/null +++ b/app/assets/stylesheets/user/qr_list.css.sass @@ -0,0 +1,6 @@ +#qr-list + margin: 0 + list-style: none + li + list-style: none + margin-bottom: 8px diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb index 8d1725fa..82edb182 100644 --- a/app/controllers/dashboard_controller.rb +++ b/app/controllers/dashboard_controller.rb @@ -14,7 +14,7 @@ class DashboardController < ApplicationController def demo_both - render layout: 'twitter-bootstrap' + render layout: 'demo-both' end # Testing action diff --git a/app/controllers/suppliers/lists_controller.rb b/app/controllers/suppliers/lists_controller.rb index 2868099d..77ab5cf0 100644 --- a/app/controllers/suppliers/lists_controller.rb +++ b/app/controllers/suppliers/lists_controller.rb @@ -22,7 +22,7 @@ module Suppliers # GET /lists/1 # GET /lists/1.json def show - @list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id]) + @list = List.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) respond_to do |format| format.html {} format.json do @@ -36,6 +36,7 @@ module Suppliers def new @list = List.new @list.section_id = params[:section_id].presence + @tables = current_supplier.active_tables respond_to do |format| format.html # new.html.erb @@ -43,16 +44,36 @@ module Suppliers end end + # POST /lists + # POST /lists.json + def create + @list = List.new(params[:list]) + @list.supplier = current_supplier + + respond_to do |format| + if @list.save + format.html { redirect_to [:suppliers, @list.section || @list], notice: t('action.create.successfull', model: List.model_name.human) } + format.json { render json: @list, status: :created, location: @list } + else + format.html do + @tables = current_supplier.active_tables + render action: "new" + end + format.json { render json: @list.errors, status: :unprocessable_entity } + end + end + end + # GET /lists/1/edit def edit - @list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id]) + @list = List.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) @tables = current_supplier.active_tables end # PUT /lists/1 # PUT /lists/1.json def update - @list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id]) + @list = List.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) respond_to do |format| if @list.update_attributes(params[:list]) @@ -71,7 +92,7 @@ module Suppliers # DELETE /lists/1 # DELETE /lists/1.json def destroy - @list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id]) + @list = List.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) @list.destroy respond_to do |format| diff --git a/app/controllers/suppliers/products_controller.rb b/app/controllers/suppliers/products_controller.rb index a78e77c0..574f68e5 100644 --- a/app/controllers/suppliers/products_controller.rb +++ b/app/controllers/suppliers/products_controller.rb @@ -15,7 +15,7 @@ module Suppliers # GET /products/1 # GET /products/1.json def show - @product = ProductDecorator.find(params[:id]) + @product = ProductDecorator.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) respond_to do |format| format.html # show.html.erb @@ -27,6 +27,7 @@ module Suppliers # GET /products/new.json def new @product = Product.new + @product.add_product_category ProductCategory.find_by_supplier_id_and_id!(current_supplier.id, params[:product_category_id]) if params[:product_category_id].present? respond_to do |format| format.html # new.html.erb @@ -59,7 +60,7 @@ module Suppliers # PUT /products/1 # PUT /products/1.json def update - @product = Product.find(params[:id]) + @product = Product.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) respond_to do |format| if @product.update_attributes(params[:product]) @@ -75,7 +76,7 @@ module Suppliers # DELETE /products/1 # DELETE /products/1.json def destroy - @product = Product.find(params[:id]) + @product = Product.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) @product.destroy respond_to do |format| diff --git a/app/controllers/suppliers/tables_controller.rb b/app/controllers/suppliers/tables_controller.rb index ab418ea2..1a3cea4a 100644 --- a/app/controllers/suppliers/tables_controller.rb +++ b/app/controllers/suppliers/tables_controller.rb @@ -14,7 +14,7 @@ module Suppliers # GET /tables/1 # GET /tables/1.json def show - @table = Table.find(params[:id]) + @table= Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) respond_to do |format| format.html # show.html.erb @@ -59,7 +59,7 @@ module Suppliers # PUT /tables/1 # PUT /tables/1.json def update - @table = Table.find(params[:id]) + @table= Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) respond_to do |format| if @table.update_attributes(params[:table]) @@ -77,7 +77,7 @@ module Suppliers # DELETE /tables/1 # DELETE /tables/1.json def destroy - @table = Table.find(params[:id]) + @table= Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id]) @table.destroy respond_to do |format| diff --git a/app/models/list.rb b/app/models/list.rb index 024f6727..68068ee5 100644 --- a/app/models/list.rb +++ b/app/models/list.rb @@ -44,6 +44,12 @@ class List } }|, reduce_function: '_sum' + view :active_for_supplier_and_section_view, type: :custom, map_function: %[function(doc){ + if(doc.ruby_class == 'List' && doc.state == 'active'){ + emit([doc.supplier_id, doc.section_id], 1); + } + }], reduce_function: '_sum' + view :for_user_view, type: :custom, map_function: %|function(doc){ if(doc.ruby_class == 'List' && doc.user_ids && doc.user_ids.length){ doc.user_ids.forEach(function(uid){ @@ -77,6 +83,11 @@ class List database.view(active_by_section_id_view(key: section_id, reduce: false, include_docs: true)) end + # Return all currently active orders for a given section + def self.active_for_supplier_and_section(supplier, section_id, options = {}) + database.view(active_for_supplier_and_section_view(key: [supplier.id, section_id], reduce: false, include_docs: true)) + end + def self.active_for_table(table_id, options = {}) database.view(active_by_table_id_view(options.reverse_merge(key: table_id, reduce: false, include_docs: true))) end diff --git a/app/models/product.rb b/app/models/product.rb index 1b3f199c..5e4a576f 100644 --- a/app/models/product.rb +++ b/app/models/product.rb @@ -15,6 +15,7 @@ class Product validates :name, presence: true validates :supplier_id, presence: true validates :price, presence: true, numericality: true + view :by_supplier_id_and_id, key: [:supplier_id, :_id] after_save :persist_product_category_ids diff --git a/app/models/supplier.rb b/app/models/supplier.rb index e7407211..a2bb0044 100644 --- a/app/models/supplier.rb +++ b/app/models/supplier.rb @@ -50,7 +50,7 @@ class Supplier def active_lists(options = {}) return @active_lists if @active_lists.present? - @active_lists = List.active_for_supplier(id) + @active_lists = options[:section_id].present? ? List.active_for_supplier_and_section(self, options[:section_id]) : List.active_for_supplier(id) @active_lists.include_relations(table: :section, orders: {product_orders: :product}) @active_lists end diff --git a/app/models/table.rb b/app/models/table.rb index 727d1796..13e43b01 100644 --- a/app/models/table.rb +++ b/app/models/table.rb @@ -14,6 +14,7 @@ class Table validates :supplier_id, presence: true #validates :list_id, presence: true validates :number, numericality: {greater_than: 0} + view :by_supplier_id_and_id, key: [:supplier_id, :_id] #validates_uniqueness_of :number #view :by_number, key: :number # For uniqueness validation diff --git a/app/views/layouts/demo-both.html.slim b/app/views/layouts/demo-both.html.slim new file mode 100644 index 00000000..1122662b --- /dev/null +++ b/app/views/layouts/demo-both.html.slim @@ -0,0 +1,24 @@ +doctype html +html lang="en" + head + meta charset="utf-8" + meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" + meta name="viewport" content="width=device-width, initial-scale=1.0" + title= content_for?(:title) ? yield(:title) : application_title + = csrf_meta_tags + + /! Le HTML5 shim, for IE6-8 support of HTML elements + /[if lt IE 9] + = javascript_include_tag "http://html5shim.googlecode.com/svn/trunk/html5.js" + = stylesheet_link_tag "application", :media => "all" + link href="/images/apple-touch-icon-144x144.png" rel="apple-touch-icon-precomposed" sizes="144x144" + link href="/images/apple-touch-icon-114x114.png" rel="apple-touch-icon-precomposed" sizes="114x114" + link href="/images/apple-touch-icon-72x72.png" rel="apple-touch-icon-precomposed" sizes="72x72" + link href="/images/apple-touch-icon.png" rel="apple-touch-icon-precomposed" + link href="/favicon.ico" rel="shortcut icon" + body class=action_name + .container + .content + .row + .span12 + = yield diff --git a/app/views/supplier/edit.html.slim b/app/views/supplier/edit.html.slim index f6639358..83f6156e 100644 --- a/app/views/supplier/edit.html.slim +++ b/app/views/supplier/edit.html.slim @@ -35,4 +35,4 @@ .form-actions = f.submit nil, class: 'btn btn-primary' ' - = link_to t("helpers.links.cancel"), suppliers_path, class: 'btn' + = link_to t("helpers.links.cancel"), supplier_root_path, class: 'btn' diff --git a/app/views/supplier/home.html.slim b/app/views/supplier/home.html.slim index 8a35e14c..2bc675d8 100644 --- a/app/views/supplier/home.html.slim +++ b/app/views/supplier/home.html.slim @@ -7,6 +7,8 @@ javascript: $(function(){ $('#section_selector').change(function(){ + Qsupplier.load_active_orders(); + Qsupplier.load_active_lists(); var el = $(this); var linker = $(this).siblings('a'); if(el.val()){ diff --git a/app/views/suppliers/tables/_form.html.slim b/app/views/suppliers/tables/_form.html.slim index 67a124f6..f68b6ac2 100644 --- a/app/views/suppliers/tables/_form.html.slim +++ b/app/views/suppliers/tables/_form.html.slim @@ -11,4 +11,4 @@ .form-actions = f.submit nil, class: 'btn btn-primary' ' - = link_to t("helpers.links.cancel"), tables_path, class: 'btn' + = link_to t("helpers.links.cancel"), suppliers_tables_path, class: 'btn' diff --git a/app/views/user/join_occupied_table.html.slim b/app/views/user/join_occupied_table.html.slim index bf825dd6..b3a9d8d6 100644 --- a/app/views/user/join_occupied_table.html.slim +++ b/app/views/user/join_occupied_table.html.slim @@ -1,10 +1,10 @@ .page-header - h4= t('user.join_occupied_table.title') + h4 data-t="join_request.requestor.title" = t('user.join_occupied_table.title') .form-actions - = link_to t('user.join_occupied_table.back'), user_root_path, class: :btn + = link_to t('user.join_occupied_table.back'), user_root_path, class: :btn, data: {t: 'join_request.requestor.go_back'} ' - button.btn.btn-primary onclick="Quser.show_table_products()" = t('user.join_occupied_table.show_the_products') + button.btn.btn-primary onclick="Quser.show_table_products()" data-t='join_request.requestor.show_the_products'= t('user.join_occupied_table.show_the_products') ' - button.btn.btn-warning{onClick="Quser.join_occupied_table()"} = t('user.join_occupied_table.join_this_table') + button.btn.btn-warning onClick="Quser.join_occupied_table()" data-t='join_request.requestor.join_this_table'= t('user.join_occupied_table.join_this_table') #join-occupied-table-progress-container - onload_javascript 'Quser.watch_events()' diff --git a/make_mobile b/make_mobile index 0ef42822..240265e7 100755 --- a/make_mobile +++ b/make_mobile @@ -1,4 +1,4 @@ #!/usr/bin/env bash rm -rf public/assets; -QWAITER_MOBILE_EXPORT=yes RAILS_ENV=production rake assets:precompile; -QWAITER_MOBILE_EXPORT=yes RAILS_ENV=production rails runner script/build_mobile_app.rb +QWAITER_MOBILE_EXPORT=yes RAILS_ENV=production bundle exec rake assets:precompile; +QWAITER_MOBILE_EXPORT=yes RAILS_ENV=production bundle exec rails runner script/build_mobile_app.rb diff --git a/spec/controllers/supplier/edit_spec.rb b/spec/controllers/supplier/edit_spec.rb new file mode 100644 index 00000000..b293bf9e --- /dev/null +++ b/spec/controllers/supplier/edit_spec.rb @@ -0,0 +1,16 @@ +# encoding: UTF-8 +require 'spec_helper' + +describe SupplierController do + before :each do + @supplier = Supplier.find_by_email('supplier@qwaiter.com') || Supplier.create(name: 'Supplier', email: 'supplier@qwaiter.com', password: 'secret') + sign_in @supplier + end + + describe "GET settings" do + it 'displays the settings page' do + get :edit + end + end + +end diff --git a/spec/controllers/suppliers/lists_controller_spec.rb b/spec/controllers/suppliers/lists_controller_spec.rb new file mode 100644 index 00000000..5b46e969 --- /dev/null +++ b/spec/controllers/suppliers/lists_controller_spec.rb @@ -0,0 +1,174 @@ +# encoding: UTF-8 +require 'spec_helper' + +describe Suppliers::ListsController do + before :each do + @supplier = Supplier.find_by_email('supplier@qwaiter.com') || Supplier.create(name: 'Supplier', email: 'supplier@qwaiter.com', password: 'secret') + sign_in @supplier + end + + describe "GET #index" do + it "populates an array of lists" do + list = create :list, supplier: @supplier + get :index + assigns(:lists).should eq([list]) + end + + it "does not include lists from another supplier" do + list1 = create :list, supplier: @supplier + list2 = create :list + get :index + assigns(:lists).should eq([list1]) + end + + it "should render without errors when no objects are present" do + get :index + expect{ render_template :index }.not_to raise_error + end + + it "renders the :index view" do + get :index + response.should render_template :index + end + end + + describe "GET #show" do + it "assigns the requested list to @list" do + list = create :list, supplier: @supplier + get :show, id: list + assigns(:list).should eq(list) + end + + it "should not display a list of another supplier" do + list = create :list + get :show, id: list + response.status.should == 404 + end + + it "renders the #show view" do + list = create :list, supplier: @supplier + get :show, id: list + response.should render_template :show + end + end + + describe "GET #new" do + it "assigns a new list to @list" do + get :new + assigns(:list).should be_a List + end + + it "renders the #show view" do + get :new + response.should render_template :new + end + end + + describe "POST #create" do + context "with valid attributes" do + it "creates a new list" do + expect{ + post :create, list: attributes_for(:list, supplier: @supplier) + }.to change(List, :count).by(1) + end + + it "redirects to the new list" do + post :create, list: attributes_for(:list, supplier: @supplier) + response.should redirect_to [:suppliers, List.last] + end + + it "should not be possible to create a list for another supplier" do + supplier2 = create :supplier + post :create, list: attributes_for(:list, price: '6.66', supplier: supplier2) + List.find_by_price(6.66).supplier_id.should == @supplier.id + end + end + + context "with invalid attributes" do + it "does not save the new list" do + expect{ + post :create, list: {table_id: ''} + }.to_not change(List, :count) + end + + it "re-renders the new method" do + post :create, list: {table_id: ''} + response.should render_template :new + end + end + end + + describe 'PUT update' do + before :each do + @list = create :list, supplier: @supplier + end + + context "valid attributes" do + it "located the requested list" do + put :update, id: @list, list: attributes_for(:list, supplier: @supplier) + @list.reload + assigns(:list).should eq(@list) + end + + it "changes @list's attributes" do + put :update, id: @list, list: attributes_for(:list, price: "7.22", supplier: @supplier) + @list.reload + @list.price.should eq(7.22) + end + + it "redirects to the updated list" do + put :update, id: @list, list: attributes_for(:list, supplier: @supplier) + response.should redirect_to [:suppliers, @list] + end + it "should not be possible to update a list to another supplier" do + supplier2 = create :supplier + put :update, id: @list, list: attributes_for(:list, supplier: supplier2) + @list.reload + @list.supplier_id.should == @supplier.id + end + + it "should not be possible to update a list of another supplier" do + list = create :list, price: '7.22' + put :update, id: list, list: {price: '6.66'} + list.reload + list.price.should == 7.22 + end + end + + context "invalid attributes" do + it "locates the requested list" do + put :update, id: @list, list: {table_id: ''} + assigns(:list).should eq(@list) + end + + it "re-renders the edit method" do + put :update, id: @list, list: {table_id: ''} + response.should render_template :edit + end + end + end + + describe 'DELETE destroy' do + before :each do + @list = create :list, supplier: @supplier + end + + it "deletes the list" do + expect{ + delete :destroy, id: @list + }.to change(List, :count).by(-1) + end + + it "redirects to lists#index" do + delete :destroy, id: @list + response.should redirect_to [:suppliers, :lists] + end + + it "should not be possible to delete a list of another supplier" do + list = create :list + expect{ + delete :destroy, id: list + }.to_not change(List, :count) + end + end +end diff --git a/spec/controllers/suppliers/products_controller_spec.rb b/spec/controllers/suppliers/products_controller_spec.rb new file mode 100644 index 00000000..f6019f2d --- /dev/null +++ b/spec/controllers/suppliers/products_controller_spec.rb @@ -0,0 +1,173 @@ +# encoding: UTF-8 +require 'spec_helper' + +describe Suppliers::ProductsController do + before :each do + @supplier = Supplier.find_by_email('supplier@qwaiter.com') || Supplier.create(name: 'Supplier', email: 'supplier@qwaiter.com', password: 'secret') + sign_in @supplier + end + + describe "GET #index" do + it "populates an array of products" do + product = create :product, supplier: @supplier + get :index + assigns(:products).should eq([product]) + end + + it "does not include products from another supplier" do + product1 = create :product, supplier: @supplier + product2 = create :product + get :index + assigns(:products).should eq([product1]) + end + + it "should render without errors when no objects are present" do + get :index + expect{ render_template :index }.not_to raise_error + end + + it "renders the :index view" do + get :index + response.should render_template :index + end + end + + describe "GET #show" do + it "assigns the requested product to @product" do + product = create :product, supplier: @supplier + get :show, id: product + assigns(:product).should eq(product) + end + + it "should not display a product of another supplier" do + product = create :product + get :show, id: product + response.status.should == 404 + end + + it "renders the #show view" do + product = create :product, supplier: @supplier + get :show, id: product + response.should render_template :show + end + end + + describe "GET #new" do + it "assigns a new product to @product" do + get :new + assigns(:product).should be_a Product + end + + it "renders the #show view" do + get :new + response.should render_template :new + end + end + + describe "POST #create" do + context "with valid attributes" do + it "creates a new product" do + expect{ + post :create, product: attributes_for(:product, supplier: @supplier) + }.to change(Product, :count).by(1) + end + + it "redirects to the new product" do + post :create, product: attributes_for(:product, supplier: @supplier) + response.should redirect_to [:suppliers, Product.last] + end + + it "should not be possible to create a product for another supplier" do + supplier2 = create :supplier + post :create, product: attributes_for(:product, name: 'Trying to hack', supplier: supplier2) + Product.find_by_name('Trying to hack').supplier_id.should == @supplier.id + end + end + + context "with invalid attributes" do + it "does not save the new product" do + expect{ + post :create, product: {name: ''} + }.to_not change(Product, :count) + end + + it "re-renders the new method" do + post :create, product: {name: ''} + response.should render_template :new + end + end + end + + describe 'PUT update' do + before :each do + @product = create :product, supplier: @supplier + end + + context "valid attributes" do + it "located the requested product" do + put :update, id: @product, product: attributes_for(:product, supplier: @supplier) + @product.reload + assigns(:product).should eq(@product) + end + + it "changes @product's attributes" do + put :update, id: @product, product: attributes_for(:product, name: "ChangedByTest", supplier: @supplier) + @product.reload + @product.name.should eq("ChangedByTest") + end + + it "redirects to the updated product" do + put :update, id: @product, product: attributes_for(:product, supplier: @supplier) + response.should redirect_to [:suppliers, @product] + end + it "should not be possible to update a product to another supplier" do + supplier2 = create :supplier + put :update, id: @product, product: attributes_for(:product, name: "Trying to hack", supplier: supplier2) + Product.find_by_name('Trying to hack').supplier_id.should == @supplier.id + end + + it "should not be possible to update a product of another supplier" do + product = create :product, name: 'Other supplier product' + put :update, id: product, product: {name: "Trying to hack"} + product.reload + product.name.should == 'Other supplier product' + end + end + + context "invalid attributes" do + it "locates the requested product" do + put :update, id: @product, product: {name: ''} + assigns(:product).should eq(@product) + end + + it "re-renders the edit method" do + put :update, id: @product, product: {name: ''} + response.should render_template :edit + end + end + end + + describe 'DELETE destroy' do + before :each do + @product = create :product, supplier: @supplier + end + + it "deletes the product" do + expect{ + delete :destroy, id: @product + }.to change(Product, :count).by(-1) + end + + it "redirects to products#index" do + delete :destroy, id: @product + response.should redirect_to [:suppliers, :products] + end + + it "should not be possible to delete a product of another supplier" do + product = create :product + expect{ + delete :destroy, id: product + }.to_not change(Product, :count) + end + end +end diff --git a/spec/controllers/suppliers/tables_controller_spec.rb b/spec/controllers/suppliers/tables_controller_spec.rb new file mode 100644 index 00000000..3c8155fd --- /dev/null +++ b/spec/controllers/suppliers/tables_controller_spec.rb @@ -0,0 +1,173 @@ +# encoding: UTF-8 +require 'spec_helper' + +describe Suppliers::TablesController do + before :each do + @supplier = Supplier.find_by_email('supplier@qwaiter.com') || Supplier.create(name: 'Supplier', email: 'supplier@qwaiter.com', password: 'secret') + sign_in @supplier + end + + describe "GET #index" do + it "populates an array of tables" do + table = create :table, supplier: @supplier + get :index + assigns(:tables).should eq([table]) + end + + it "does not include tables from another supplier" do + table1 = create :table, supplier: @supplier + table2 = create :table + get :index + assigns(:tables).should eq([table1]) + end + + it "should render without errors when no objects are present" do + get :index + expect{ render_template :index }.not_to raise_error + end + + it "renders the :index view" do + get :index + response.should render_template :index + end + end + + describe "GET #show" do + it "assigns the requested table to @table" do + table = create :table, supplier: @supplier + get :show, id: table + assigns(:table).should eq(table) + end + + it "should not display a table of another supplier" do + table = create :table + get :show, id: table + response.status.should == 404 + end + + it "renders the #show view" do + table = create :table, supplier: @supplier + get :show, id: table + response.should render_template :show + end + end + + describe "GET #new" do + it "assigns a new table to @table" do + get :new + assigns(:table).should be_a Table + end + + it "renders the #show view" do + get :new + response.should render_template :new + end + end + + describe "POST #create" do + context "with valid attributes" do + it "creates a new table" do + expect{ + post :create, table: attributes_for(:table, supplier: @supplier) + }.to change(Table, :count).by(1) + end + + it "redirects to the new table" do + post :create, table: attributes_for(:table, supplier: @supplier) + response.should redirect_to [:suppliers, Table.last] + end + + it "should not be possible to create a table for another supplier" do + supplier2 = create :supplier + post :create, table: attributes_for(:table, number: 6, supplier: supplier2) + Table.find_by_number(6).supplier_id.should == @supplier.id + end + end + + context "with invalid attributes" do + it "does not save the new table" do + expect{ + post :create, table: {number: '-6'} + }.to_not change(Table, :count) + end + + it "re-renders the new method" do + post :create, table: {number: '-6'} + response.should render_template :new + end + end + end + + describe 'PUT update' do + before :each do + @table = create :table, supplier: @supplier + end + + context "valid attributes" do + it "located the requested table" do + put :update, id: @table, table: attributes_for(:table, supplier: @supplier) + @table.reload + assigns(:table).should eq(@table) + end + + it "changes @table's attributes" do + put :update, id: @table, table: attributes_for(:table, number: "14", supplier: @supplier) + @table.reload + @table.number.should eq(14) + end + + it "redirects to the updated table" do + put :update, id: @table, table: attributes_for(:table, supplier: @supplier) + response.should redirect_to [:suppliers, @table] + end + it "should not be possible to update a table to another supplier" do + supplier2 = create :supplier + put :update, id: @table, table: attributes_for(:table, number: 6, supplier: supplier2) + Table.find_by_number(6).supplier_id.should == @supplier.id + end + + it "should not be possible to update a table of another supplier" do + table = create :table, number: 11 + put :update, id: table, table: {number: 6} + table.reload + table.number.should == 11 + end + end + + context "invalid attributes" do + it "locates the requested table" do + put :update, id: @table, table: {number: '-6'} + assigns(:table).should eq(@table) + end + + it "re-renders the edit method" do + put :update, id: @table, table: {number: '-6'} + response.should render_template :edit + end + end + end + + describe 'DELETE destroy' do + before :each do + @table = create :table, supplier: @supplier + end + + it "deletes the table" do + expect{ + delete :destroy, id: @table + }.to change(Table, :count).by(-1) + end + + it "redirects to tables#index" do + delete :destroy, id: @table + response.should redirect_to [:suppliers, :tables] + end + + it "should not be possible to delete a table of another supplier" do + table = create :table + expect{ + delete :destroy, id: table + }.to_not change(Table, :count) + end + end +end