Chatwoot/spec/controllers/api/v1/widget/inboxes_controller_spec.rb

require 'rails_helper'

RSpec.describe '/api/v1/widget/inboxes', type: :request do
  let(:account) { create(:account) }
  let(:inbox) { create(:inbox, account: account) }
  let(:admin) { create(:user, account: account, role: :administrator) }
  let(:agent) { create(:user, account: account, role: :agent) }

  describe 'POST /api/v1/widget/inboxes' do
    let(:params) { { website: { website_name: 'test', website_url: 'test.com', widget_color: '#eaeaea' } } }

    context 'when unauthenticated user' do
      it 'returns unauthorized' do
        post '/api/v1/widget/inboxes', params: params
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context 'when user is logged in' do
      context 'with user as administrator' do
        it 'creates inbox and returns website_token' do
          post '/api/v1/widget/inboxes', params: params, headers: admin.create_new_auth_token

          expect(response).to have_http_status(:success)
          json_response = JSON.parse(response.body)

          expect(json_response['name']).to eq('test')
          expect(json_response['website_token']).not_to be_empty
        end
      end

      context 'with user as agent' do
        it 'returns unauthorized' do
          post '/api/v1/widget/inboxes',
               params: params,
               headers: agent.create_new_auth_token

          expect(response).to have_http_status(:unauthorized)
        end
      end
    end
  end

  describe 'PATCH /api/v1/widget/inboxes/:id' do
    let(:update_params) { { website: { widget_color: '#eaeaea' } } }

    context 'when unauthenticated user' do
      it 'returns unauthorized' do
        patch "/api/v1/widget/inboxes/#{inbox.channel_id}", params: update_params
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context 'when user is logged in' do
      context 'with user as administrator' do
        it 'updates website channel' do
          patch "/api/v1/widget/inboxes/#{inbox.channel_id}",
                params: update_params,
                headers: admin.create_new_auth_token

          expect(response).to have_http_status(:success)
          json_response = JSON.parse(response.body)

          expect(json_response['widget_color']).to eq('#eaeaea')
        end
      end

      context 'with user as agent' do
        it 'returns unauthorized' do
          patch "/api/v1/widget/inboxes/#{inbox.channel_id}",
                params: update_params,
                headers: agent.create_new_auth_token

          expect(response).to have_http_status(:unauthorized)
        end
      end
    end
  end
end