Merge pull request #9 from Horlawhumy-dev/fix-api-doc

Provide more context to API Docs
Horlawhumy-dev · Jul 3, 2024 · 6378fe1 · 6378fe1
2 parents f2e55d6 + 80b3c8c
commit 6378fe1
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 0 deletions.
diff --git a/api_doc.txt b/api_doc.txt
@@ -7,20 +7,24 @@ Auth Endpoints:
 1. POST /api/users/register/
    - Description: Create a new user
    - Request Body: name, email, password, password2, address
+   - Auth: Not required
    - Response: name, email, password, password2, address
 
 2. POST /api/users/login/
    - Description: login user
    - Request Body: email, password
+   - Auth: Not required
    - Response: id, metadata, refresh_token, access_token
 
 3. GET /api/users/profile
    - Description: Retrieve user profile by access token provided
+   - Auth: Bearer token
    - Response: all user fields
 
 4. POST /api/users/logout/
    - Description: Logout auth user
    - Request Body: refresh_token
+   - Auth: Bearer token
    - Response: nil
 
 
@@ -29,26 +33,32 @@ Inventory Products Endpoints:
 1. POST /api/inventory/products/
    - Description: Create a new product by admin user
    - Request Body: name, description, price, quantity, address
+   - Auth: Bearer token
    - Response: id, owner, name, description, price, quantity, created_at, updated_at
 
 2. GET /api/inventory/products
    - Description: List products for an admin user
    - Request Body: nil
+   - Auth: Bearer token
    - Response: list of products
 
 3. PUT /api/inventory/products/:id
    - Description: Update product by an admin user
+   - Request Body: any field(s)
+   - Auth: Bearer token
    - Response: id, owner, name, description, price, quantity, created_at, updated_at
 
 4. DELETE /api/inventory/products/:id
    - Description: Delete product published by an admin user
    - Request Body: nil
+   - Auth: Bearer token
    - Response: nil
 
 Note: This search functionality works when postgres database is used
 5. GET /api/inventory/products/search?q=
    - Description: Search for products by the specified field
    - Request Body: nil
+   - Auth: Bearer token
    - Response: list of products
    - Search From: title, description
 
@@ -66,12 +76,14 @@ Inventory Orders Endpoints:
         }
     ]
    }
+   - Auth: Bearer token
 
    - Response: order fields data
 
 2. GET /api/inventory/orders/
    - Description: List orders
    - Request Body: nil
+   - Auth: Bearer token
    - Response: list of orders
    - Filters: status, date_from, date_to
 
@@ -81,17 +93,20 @@ Inventory Orders Endpoints:
    {
     "status": "completed"
    }
+   - Auth: Bearer token
    - Response: order fields data
 
 4. DELETE /api/inventory/orders/:id/
    - Description: Delete order
    - Request Body: nil
+   - Auth: Bearer token
    - Response: nil
 
 
 5. GET /api/inventory/orders/:id/
    - Description: Get order detail
    - Request Body: nil
+   - Auth: Bearer token
    - Response: order data
 
 
@@ -100,6 +115,7 @@ Inventory Report Endpoints:
 1. GET /api/inventory/report/stock/
    - Description: Get product out of stock
    - Request Body: nil
+   - Auth: Bearer token
    - Response: 
    [
       {
@@ -115,6 +131,7 @@ Inventory Report Endpoints:
 2. GET /api/inventory/report/sales/
    - Description: Get product order sales by certain period
    - Request Body: nil
+   - Auth: Bearer token
    - Response: 
    [
       {

diff --git a/test/test_product.py b/test/test_product.py
@@ -0,0 +1,61 @@
+import pytest
+from django.urls import reverse
+from rest_framework import status
+from rest_framework.test import APIClient
+from users.models import User
+from inventory.models import Product
+
+@pytest.fixture
+def api_client():
+    return APIClient()
+
+@pytest.fixture
+def admin_user(db):
+    return User.objects.create_user(email='[email protected]', username='admin', password='admin123', is_staff=True)
+
+@pytest.fixture
+def regular_user(db):
+    return User.objects.create_user(username='user',email='[email protected]', password='user123')
+
+@pytest.fixture
+def product_data():
+    return {
+        'name': 'Test Product',
+        'description': 'Test Description',
+        'quantity': 10,
+        'price': 100.0
+    }
+
+@pytest.mark.django_db
+def test_admin_can_create_product(api_client, admin_user, product_data):
+    url = reverse('product_add')
+    api_client.force_authenticate(user=admin_user)
+    response = api_client.post(url, product_data, format='json')
+    assert response.status_code == status.HTTP_201_CREATED
+    assert response.data['name'] == product_data['name']
+    assert response.data['description'] == product_data['description']
+    assert response.data['quantity'] == product_data['quantity']
+    assert response.data['price'] == product_data['price']
+
+# @pytest.mark.django_db
+# def test_non_admin_cannot_create_product(api_client, regular_user, product_data):
+#     url = reverse('product_add')
+#     api_client.force_authenticate(user=regular_user)
+#     response = api_client.post(url, product_data, format='json')
+#     assert response.status_code == status.HTTP_403_FORBIDDEN
+
+# @pytest.mark.django_db
+# def test_create_product_with_invalid_data(api_client, admin_user, product_data):
+#     url = reverse('product_add')
+#     api_client.force_authenticate(user=admin_user)
+#     invalid_data = product_data.copy()
+#     invalid_data['price'] = -100  # Invalid price
+#     response = api_client.post(url, invalid_data, format='json')
+#     assert response.status_code == status.HTTP_400_BAD_REQUEST
+#     assert 'price' in response.data
+
+# @pytest.mark.django_db
+# def test_unauthenticated_user_cannot_create_product(api_client, product_data):
+#     url = reverse('product_add')
+#     response = api_client.post(url, product_data, format='json')
+#     assert response.status_code == status.HTTP_401_UNAUTHORIZED