RubyGems - solidus_legacy_return_authorizations - Versions diffs - 1.0.0 - Mend

solidus_legacy_return_authorizations 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

data/app/overrides/admin_legacy_return_authorizations.rb ADDED Viewed

@@ -0,0 +1,14 @@
+Deface::Override.new(
+  virtual_path: "spree/admin/shared/_order_submenu",
+  name: "admin_legacy_return_authorizations_submenu",
+  insert_bottom: "[data-hook='admin_order_tabs']",
+  text: %q(
+    <% if can? :display, Spree::LegacyReturnAuthorization %>
+      <% if @order.legacy_return_authorizations.exists? %>
+        <li<%== ' class="active"' if current == 'Legacy Return Authorizations' %>>
+          <%= link_to_with_icon 'share', Spree.t(:legacy_return_authorizations), admin_order_legacy_return_authorizations_url(@order) %>
+        </li>
+      <% end %>
+    <% end %>
+  )
+)

data/app/views/spree/admin/legacy_return_authorizations/_form.html.erb ADDED Viewed

@@ -0,0 +1,78 @@
+<div data-hook="admin_legacy_return_authorization_form_fields">
+  <table class="index">
+    <thead>
+      <tr data-hook="legacy_rma_header">
+        <th><%= Spree.t(:product) %></th>
+        <th><%= Spree.t(:quantity_shipped) %></th>
+        <th><%= Spree.t(:quantity_returned) %></th>
+        <th><%= Spree.t(:return_quantity) %></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @legacy_return_authorization.order.shipments.shipped.collect{|s| s.inventory_units.to_a}.flatten.group_by(&:variant).each do | variant, units| %>
+        <tr id="<%= dom_id(variant) %>" data-hook="legacy_rma_row" class="<%= cycle('odd', 'even')%>">
+          <td>
+            <div class="variant-name"><%= variant.name %></div>
+            <div class="variant-options"><%= variant.options_text %></div>
+          </td>
+          <td class="align-center"><%= units.select(&:shipped?).size %></td>
+          <td class="align-center"><%= units.select(&:returned?).size %></td>
+          <td class="return_quantity align-center">
+            <% if @legacy_return_authorization.received? %>
+              <%= @legacy_return_authorization.inventory_units.group_by(&:variant)[variant].try(:size) || 0 %>
+            <% elsif units.select(&:shipped?).empty? %>
+              0
+            <% else %>
+              <%= number_field_tag "return_quantity[#{variant.id}]",
+                @legacy_return_authorization.inventory_units.group_by(&:variant)[variant].try(:size) || 0, {:style => 'width:100px;', :min => 0} %>
+            <% end %>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+  <%= f.field_container :amount do %>
+    <%= f.label :amount, Spree.t(:amount) %> <span class="required">*</span><br />
+    <% if @legacy_return_authorization.received? %>
+      <%= @legacy_return_authorization.display_amount %>
+    <% else %>
+      <%= f.text_field :amount, {:style => 'width:80px;'} %> <%= Spree.t(:legacy_rma_value) %>: <span id="legacy_rma_value">0.00</span>
+      <%= f.error_message_on :amount %>
+    <% end %>
+  <% end %>
+  <%= f.field_container :reason do %>
+    <%= f.label :reason, Spree.t(:reason) %>
+    <%= f.text_area :reason, {:style => 'height:100px;', :class => 'fullwidth'} %>
+    <%= f.error_message_on :reason %>
+  <% end %>
+  <%= f.field_container :stock_location do %>
+    <%= f.label :stock_location, Spree.t(:stock_location) %>
+    <%= f.select :stock_location_id, Spree::StockLocation.active.to_a.collect{|l|[l.name, l.id]}, {:style => 'height:100px;', :class => 'fullwidth'} %>
+    <%= f.error_message_on :reason %>
+  <% end %>
+</div>
+<script>
+  var line_item_prices = {};
+  <% @legacy_return_authorization.order.line_items.group_by(&:variant).each do | variant, items| %>
+    line_item_prices[<%= variant.id.to_s %>] = <%= items.first.price %>;
+  <% end %>
+  $(document).ready(function(){
+    var legacy_rma_amount = 0;
+    $("td.return_quantity input").on('change', function() {
+      var legacy_rma_amount = 0;
+      $.each($("td.return_quantity input"), function(i, input) {
+        var variant_id = $(input).prop('id').replace("return_quantity_", "");
+         legacy_rma_amount += line_item_prices[variant_id] * $(input).val()
+      });
+      if(!isNaN(legacy_rma_amount)){
+        $("span#legacy_rma_value").html(legacy_rma_amount.toFixed(2));
+      }
+    })
+  });
+</script>

data/app/views/spree/admin/legacy_return_authorizations/edit.html.erb ADDED Viewed

@@ -0,0 +1,32 @@
+<% content_for :page_actions do %>
+  <li>
+    <% if @legacy_return_authorization.can_receive? %>
+      <%= button_link_to Spree.t(:receive), fire_admin_order_legacy_return_authorization_url(@order, @legacy_return_authorization, :e => 'receive'), :method => :put, :data => { :confirm => Spree.t(:are_you_sure) }, :icon => 'download-alt' %>
+    <% end %>
+  </li>
+  <li>
+    <% if @legacy_return_authorization.can_cancel? %>
+      <%= button_link_to Spree.t('actions.cancel'), fire_admin_order_legacy_return_authorization_url(@order, @legacy_return_authorization, :e => 'cancel'), :method => :put, :data => { :confirm => Spree.t(:are_you_sure) }, :icon => 'remove' %>
+    <% end %>
+  </li>
+<% end %>
+<%= render :partial => 'spree/admin/shared/order_tabs', :locals => { :current => 'Legacy Return Authorizations' } %>
+<% content_for :page_title do %>
+  <i class="fa fa-arrow-right"></i> <%= Spree.t(:legacy_return_authorization) %> <%= @legacy_return_authorization.number %> (<%= Spree.t(@legacy_return_authorization.state.downcase) %>)
+<% end %>
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @legacy_return_authorization } %>
+<%= form_for [:admin, @order, @legacy_return_authorization] do |f| %>
+  <fieldset class="no-border-top">
+    <%= render :partial => 'form', :locals => { :f => f } %>
+    <div class="form-buttons filter-actions actions" data-hook="buttons">
+      <%= button Spree.t('actions.update'), 'repeat' %>
+      <span class="or"><%= Spree.t(:or) %></span>
+      <%= button_link_to Spree.t('actions.cancel'), admin_order_legacy_return_authorizations_url(@order), :icon => 'remove' %>
+    </div>
+  </fieldset>
+<% end %>

data/app/views/spree/admin/legacy_return_authorizations/index.html.erb ADDED Viewed

@@ -0,0 +1,48 @@
+<%= render :partial => 'spree/admin/shared/order_tabs', :locals => { :current => 'Legacy Return Authorizations' } %>
+<% content_for :page_actions do %>
+  <% if can?(:display, Spree::Order) %>
+    <li><%= button_link_to Spree.t(:back_to_orders_list), spree.admin_orders_path, :icon => 'arrow-left' %></li>
+  <% end %>
+<% end %>
+<% content_for :page_title do %>
+  <i class="fa fa-arrow-right"></i> <%= Spree.t(:legacy_return_authorizations) %>
+<% end %>
+<% if @order.shipments.any?(&:shipped?) || @order.legacy_return_authorizations.any? %>
+  <table class="index">
+    <thead data-hook="legacy_rma_header">
+      <tr>
+        <th><%= Spree.t(:legacy_rma_number) %></th>
+        <th><%= Spree.t(:status) %></th>
+        <th><%= Spree.t(:amount) %></th>
+        <th><%= "#{Spree.t('date')}/#{Spree.t('time')}" %></th>
+        <th class="actions"></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @legacy_return_authorizations.each do |legacy_return_authorization| %>
+        <tr id="<%= spree_dom_id(legacy_return_authorization) %>" data-hook="legacy_rma_row" class="<%= cycle('odd', 'even')%>">
+          <td><%= legacy_return_authorization.number %></td>
+          <td><%= Spree.t(legacy_return_authorization.state.downcase) %></td>
+          <td><%= legacy_return_authorization.display_amount.to_html %></td>
+          <td><%= pretty_time(legacy_return_authorization.created_at) %></td>
+          <td class="actions">
+            <% if can?(:update, legacy_return_authorization) %>
+              <%= link_to_edit legacy_return_authorization, :no_text => true, :class => 'edit' %>
+            <% end %>
+            <% if can?(:destroy, legacy_return_authorization) && !legacy_return_authorization.received? %>
+              &nbsp;
+              <%= link_to_delete legacy_return_authorization, :no_text => true %>
+            <% end %>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+<% else %>
+  <div data-hook="legacy_rma_cannont_create" class="no-objects-found">
+    <%= Spree.t(:cannot_create_returns) %>
+  </div>
+<% end %>

data/app/views/spree/api/legacy_return_authorizations/index.v1.rabl ADDED Viewed

@@ -0,0 +1,7 @@
+object false
+child(@legacy_return_authorizations => :legacy_return_authorizations) do
+  attributes *legacy_return_authorization_attributes
+end
+node(:count) { @legacy_return_authorizations.count }
+node(:current_page) { params[:page] || 1 }
+node(:pages) { @legacy_return_authorizations.num_pages }

data/app/views/spree/api/legacy_return_authorizations/new.v1.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object false
+node(:attributes) { [*legacy_return_authorization_attributes] }
+node(:required_attributes) { required_fields_for(Spree::LegacyReturnAuthorization) }

data/app/views/spree/api/legacy_return_authorizations/show.v1.rabl ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ object @legacy_return_authorization
2	+ attributes *legacy_return_authorization_attributes

data/bin/rails ADDED Viewed

@@ -0,0 +1,7 @@
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+ENGINE_ROOT = File.expand_path('../..', __FILE__)
+ENGINE_PATH = File.expand_path('../../lib/spree_legacy_return_authorizations/engine', __FILE__)
+require 'rails/all'
+require 'rails/engine/commands'

data/circle.yml ADDED Viewed

@@ -0,0 +1,6 @@
+machine:
+  ruby:
+    version: 2.1.5
+test:
+  pre:
+    - bundle exec rake test_app

data/config/locales/en.yml ADDED Viewed

@@ -0,0 +1,19 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+en:
+  activerecord:
+    attributes:
+      spree/legacy_return_authorization:
+        amount: Amount
+    models:
+      spree/legacy_return_authorization:
+        one: Legacy Return Authorization
+        other: Legacy Return Authorizations
+  spree:
+    legacy_return_authorization: Legacy Return Authorization
+    legacy_return_authorization_updated: Legacy Return authorization updated
+    legacy_return_authorizations: Legacy Return Authorizations
+    legacy_rma_credit: Legacy RMA Credit
+    legacy_rma_number: Legacy RMA Number
+    legacy_rma_value: Legacy RMA Value

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,25 @@
+Spree::Core::Engine.routes.draw do
+  namespace :api, defaults: { format: 'json' } do
+    concern :legacy_return_routes do
+      resources :legacy_return_authorizations, except: [:new, :create] do
+        member do
+          put :add
+          put :cancel
+          put :receive
+        end
+      end
+    end
+    resources :checkouts, only: [], concerns: :legacy_return_routes
+    resources :orders, only: [], concerns: :legacy_return_routes
+  end
+  namespace :admin do
+    resources :orders, except: [:show] do
+      resources :legacy_return_authorizations, except: [:new, :create] do
+        member do
+          put :fire
+        end
+      end
+    end
+  end
+end

data/db/migrate/20140710044402_create_spree_legacy_return_authorizations.rb ADDED Viewed

@@ -0,0 +1,26 @@
+class CreateSpreeLegacyReturnAuthorizations < ActiveRecord::Migration
+  def up
+    # If this is a migrated database that had legacy returns in it then the table will already exist.
+    # But if this is a dev box, etc that's just including this extension then we need to create the table.
+    if !table_exists?(:spree_legacy_return_authorizations)
+      create_table :spree_legacy_return_authorizations do |t|
+        t.string   "number"
+        t.string   "state"
+        t.decimal  "amount", precision: 10, scale: 2, default: 0.0, null: false
+        t.integer  "order_id"
+        t.text     "reason"
+        t.datetime "created_at"
+        t.datetime "updated_at"
+        t.integer  "stock_location_id"
+      end
+      add_column :spree_inventory_units, :legacy_return_authorization_id, :integer
+      add_index :spree_inventory_units, :legacy_return_authorization_id
+    end
+  end
+  def down
+    drop_table :spree_legacy_return_authorizations
+    remove_column :spree_inventory_units, :legacy_return_authorization_id
+  end
+end

data/lib/generators/solidus_legacy_return_authorizations/install/install_generator.rb ADDED Viewed

@@ -0,0 +1,29 @@
+module SolidusLegacyReturnAuthorizations
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      class_option :auto_run_migrations, type: :boolean, default: false
+      def add_javascripts
+        append_file 'vendor/assets/javascripts/spree/backend/all.js', "//= require spree/backend/solidus_legacy_return_authorizations\n"
+      end
+      def add_stylesheets
+        inject_into_file 'vendor/assets/stylesheets/spree/backend/all.css', " *= require spree/backend/solidus_legacy_return_authorizations\n", before: /\*\//, verbose: true
+      end
+      def add_migrations
+        run 'bundle exec rake railties:install:migrations FROM=solidus_legacy_return_authorizations'
+      end
+      def run_migrations
+        run_migrations = options[:auto_run_migrations] || ['', 'y', 'Y'].include?(ask 'Would you like to run the migrations now? [Y/n]')
+        if run_migrations
+          run 'bundle exec rake db:migrate'
+        else
+          puts 'Skipping rake db:migrate, don\'t forget to run it!'
+        end
+      end
+    end
+  end
+end

data/lib/solidus_legacy_return_authorizations.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require 'spree_core'
2	+ require 'spree_legacy_return_authorizations/engine'

data/lib/spree_legacy_return_authorizations/engine.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module SpreeLegacyReturnAuthorizations
+  class Engine < Rails::Engine
+    require 'spree/core'
+    isolate_namespace Spree
+    engine_name 'solidus_legacy_return_authorizations'
+    # use rspec for tests
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+    def self.activate
+      Dir.glob(File.join(File.dirname(__FILE__), '../../app/**/*_decorator*.rb')) do |c|
+        Rails.configuration.cache_classes ? require(c) : load(c)
+      end
+    end
+    config.to_prepare &method(:activate).to_proc
+  end
+end

data/lib/spree_legacy_return_authorizations/factories.rb ADDED Viewed

@@ -0,0 +1,13 @@
+FactoryGirl.define do
+  factory :legacy_return_authorization, class: Spree::LegacyReturnAuthorization do
+    number '100'
+    amount 100.00
+    association(:order, factory: :shipped_order)
+    reason 'no particular reason'
+    state 'received'
+  end
+  factory :new_legacy_return_authorization, class: Spree::LegacyReturnAuthorization do
+    association(:order, factory: :shipped_order)
+  end
+end

data/solidus_legacy_return_authorizations.gemspec ADDED Viewed

@@ -0,0 +1,29 @@
+# encoding: UTF-8
+Gem::Specification.new do |s|
+  s.platform    = Gem::Platform::RUBY
+  s.name        = "solidus_legacy_return_authorizations"
+  s.version     = "1.0.0"
+  s.summary     = "Interfaces for Spree 2.3 Legacy Return Authorizations"
+  s.description = "Provides models and admin interfaces to interact with the LegacyReturnAuthorization models from Spree versions prior to 2.4"
+  s.required_ruby_version = ">= 2.1"
+  s.authors    = ["Richard Nuno", "Jordan Brough"]
+  s.files       = `git ls-files`.split("\n")
+  s.test_files  = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.require_path = "lib"
+  s.requirements << "none"
+  s.add_dependency "solidus_core", [">= 1.0.0", "< 1.2.0"]
+  s.add_development_dependency "rspec-rails",  "~> 3.2"
+  s.add_development_dependency "simplecov"
+  s.add_development_dependency "sqlite3"
+  s.add_development_dependency "sass-rails", "~> 4.0.2"
+  s.add_development_dependency "coffee-rails"
+  s.add_development_dependency "capybara", "~> 2.1"
+  s.add_development_dependency "factory_girl", "~> 4.4"
+  s.add_development_dependency "database_cleaner"
+  s.add_development_dependency "ffaker"
+end

data/spec/controllers/admin/legacy_return_authorizations_controller_spec.rb ADDED Viewed

@@ -0,0 +1,32 @@
+require 'spec_helper'
+describe Spree::Admin::LegacyReturnAuthorizationsController do
+  stub_authorization!
+  # Regression test for #1370 #3
+  let!(:legacy_return_authorization) { create(:legacy_return_authorization, reason: 'old reason') }
+  context "#update" do
+    let(:new_reason) { 'new reason' }
+    subject do
+      spree_put :update, {
+        id: legacy_return_authorization.to_param,
+        order_id: legacy_return_authorization.order.to_param,
+        legacy_return_authorization: {
+          :reason => new_reason,
+        },
+      }
+    end
+    before { subject }
+    it "redirects to legacy return authorizations index" do
+      expect(response).to redirect_to(spree.admin_order_legacy_return_authorizations_path(legacy_return_authorization.order))
+    end
+    it "updates the reason" do
+      expect(legacy_return_authorization.reload.reason).to eq new_reason
+    end
+  end
+end

data/spec/controllers/spree/api/legacy_return_authorizations_controller_spec.rb ADDED Viewed

@@ -0,0 +1,157 @@
+require 'spec_helper'
+module Spree
+  describe Api::LegacyReturnAuthorizationsController do
+    render_views
+    let!(:order) { create(:shipped_order) }
+    let(:product) { create(:product) }
+    let(:attributes) { [:id, :reason, :amount, :state] }
+    let(:resource_scoping) { { :order_id => order.to_param } }
+    before do
+      stub_api_controller_authentication!
+    end
+    context "as the order owner" do
+      before do
+        allow_any_instance_of(Order).to receive_messages :user => current_api_user
+      end
+      it "cannot see any legacy return authorizations" do
+        spree_get :index, order_id: order.to_param, format: :json
+        assert_unauthorized!
+      end
+      it "cannot see a single legacy return authorization" do
+        spree_get :show, order_id: order.to_param, :id => 1, format: :json
+        assert_unauthorized!
+      end
+    end
+    context "as an admin" do
+      before do
+        stub_api_controller_authentication!(admin: true)
+      end
+      it "can show legacy return authorization" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_get :show, :order_id => order.number, :id => legacy_return_authorization.id, format: :json
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+        expect(json_response["state"]).not_to be_blank
+      end
+      it "can get a list of legacy return authorizations" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        spree_get :index, :order_id => order.number, format: :json
+        expect(response.status).to eq(200)
+        legacy_return_authorizations = json_response["legacy_return_authorizations"]
+        expect(legacy_return_authorizations.first).to have_attributes(attributes)
+        expect(legacy_return_authorizations.first).not_to eq(legacy_return_authorizations.last)
+      end
+      it 'can control the page size through a parameter' do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        spree_get :index, :order_id => order.number, :per_page => 1, format: :json
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+      it 'can query the results through a parameter' do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        expected_result = create(:legacy_return_authorization, :reason => 'damaged')
+        order.legacy_return_authorizations << expected_result
+        spree_get :index, :q => { :reason_cont => 'damage' }, order_id: order.to_param, format: :json
+        expect(json_response['count']).to eq(1)
+        expect(json_response['legacy_return_authorizations'].first['reason']).to eq expected_result.reason
+      end
+      it "can update a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_put :update, :id => legacy_return_authorization.id, :legacy_return_authorization => { :amount => 19.99 }, format: :json, order_id: order.to_param
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+      end
+      it "can add an inventory unit to a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        inventory_unit = legacy_return_authorization.returnable_inventory.first
+        expect(inventory_unit).to be
+        expect(legacy_return_authorization.inventory_units).to be_empty
+        spree_put :add, :id => legacy_return_authorization.id, variant_id: inventory_unit.variant.id, quantity: 1, format: :json, order_id: order.to_param
+        expect(response.status).to eq(200)
+        expect(json_response).to have_attributes(attributes)
+        expect(legacy_return_authorization.reload.inventory_units).not_to be_empty
+      end
+      it "can mark a legacy return authorization as received on the order with an inventory unit" do
+        FactoryGirl.create(:new_legacy_return_authorization, :order => order, :stock_location_id => order.shipments.first.stock_location.id)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        expect(legacy_return_authorization.state).to eq("authorized")
+        # prep (use a rspec context or a factory instead?)
+        inventory_unit = legacy_return_authorization.returnable_inventory.first
+        expect(inventory_unit).to be
+        expect(legacy_return_authorization.inventory_units).to be_empty
+        spree_put :add, :id => legacy_return_authorization.id, variant_id: inventory_unit.variant.id, quantity: 1, format: :json, order_id: order.to_param
+        # end prep
+        spree_delete :receive, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        expect(response.status).to eq(200)
+        expect(legacy_return_authorization.reload.state).to eq("received")
+      end
+      it "cannot mark a legacy return authorization as received on the order with no inventory units" do
+        FactoryGirl.create(:new_legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        expect(legacy_return_authorization.state).to eq("authorized")
+        spree_delete :receive, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        expect(response.status).to eq(422)
+        expect(legacy_return_authorization.reload.state).to eq("authorized")
+      end
+      it "can cancel a legacy return authorization on the order" do
+        FactoryGirl.create(:new_legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        expect(legacy_return_authorization.state).to eq("authorized")
+        spree_delete :cancel, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        expect(response.status).to eq(200)
+        expect(legacy_return_authorization.reload.state).to eq("canceled")
+      end
+      it "can delete a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_delete :destroy, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        expect(response.status).to eq(204)
+        expect { legacy_return_authorization.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+    context "as just another user" do
+      it "cannot update a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_put :update, :id => legacy_return_authorization.id, :legacy_return_authorization => { :amount => 19.99 }, format: :json, order_id: order.to_param
+        assert_unauthorized!
+        expect(legacy_return_authorization.reload.amount).not_to eq(19.99)
+      end
+      it "cannot delete a legacy return authorization on the order" do
+        FactoryGirl.create(:legacy_return_authorization, :order => order)
+        legacy_return_authorization = order.legacy_return_authorizations.first
+        spree_delete :destroy, :id => legacy_return_authorization.id, format: :json, order_id: order.to_param
+        assert_unauthorized!
+        expect { legacy_return_authorization.reload }.not_to raise_error
+      end
+    end
+  end
+end