reidransom/test-stock-bookings.sh

## test-stock-bookings.sh
#!/bin/bash
#
# test-stock-bookings.sh - Current RMS API Stock Bookings Bug Reproduction
#
# BACKGROUND:
#   We've discovered a permissions issue with the Current RMS API's /stock_bookings
#   endpoint. While our OAuth authentication works correctly for most endpoints
#   (opportunities, clone, etc.), the /stock_bookings endpoint returns 401 Unauthorized
#   when using the same credentials.
#
#   This is blocking our ability to programmatically copy stock allocations when
#   replicating opportunities.
#
# BUG DETAILS:
#   Working endpoints:
#     - GET /opportunities/{id} ✓
#     - GET /opportunities/{id}/clone ✓
#     - PUT /opportunities/{id} ✓
#     - POST /opportunities ✓
#
#   Failing endpoint:
#     - GET /stock_bookings?q[opportunity_id_eq]={id} ✗ (401 Unauthorized)
#
#   All requests use the same OAuth Bearer token and X-SUBDOMAIN header.
#
# USAGE:
#   ./test-stock-bookings.sh
#
#   The script will:
#     1. Test two working endpoints as a control group
#     2. Test the failing /stock_bookings endpoint
#     3. Display color-coded results (green = success, red = failure)
#     4. Pretty-print JSON responses for debugging
#
# OUTPUT:
#   - HTTP status codes for each request
#   - Full JSON response bodies
#   - Summary comparing expected vs actual behavior
#
# REQUIREMENTS:
#   - curl (pre-installed on macOS)
#   - python3 (for JSON pretty-printing, optional)
#
# CONFIGURATION:
#   Edit the variables below to test with different parameters.
#
# SUPPORT REQUEST:
#   This test script was created in response to a support ticket where we asked:
#   "Is /stock_bookings a restricted endpoint that requires additional OAuth scopes
#   or account-level permissions? If so, could you please enable it for our account?"
#
# NEXT STEPS:
#   Once the Current RMS team resolves the permissions issue, this script can be
#   used to verify the fix.
#

# Configuration
API_BASE_URL="https://api.current-rms.com/api/v1"
BEARER_TOKEN="YOUR_TOKEN_HERE"
SUBDOMAIN="cmsi"
OPPORTUNITY_ID="2936"

# Colors for output
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo "======================================"
echo "Stock Bookings API Test"
echo "======================================"
echo ""

# Function to make API call and display result
test_endpoint() {
    local method=$1
    local endpoint=$2
    local description=$3

    echo -e "${YELLOW}Testing: ${description}${NC}"
    echo "Endpoint: ${method} ${endpoint}"

    response=$(curl -s -w "\n%{http_code}" -X "${method}" \
        -H "Authorization: Bearer ${BEARER_TOKEN}" \
        -H "X-SUBDOMAIN: ${SUBDOMAIN}" \
        -H "Content-Type: application/json" \
        "${API_BASE_URL}${endpoint}")

    # Extract status code (last line) and body (everything else)
    http_code=$(echo "$response" | tail -n1)
    body=$(echo "$response" | sed '$d')

    echo "Status Code: ${http_code}"

    if [ "${http_code}" -eq 200 ] || [ "${http_code}" -eq 201 ]; then
        echo -e "${GREEN}✓ SUCCESS${NC}"
    else
        echo -e "${RED}✗ FAILED${NC}"
    fi

    echo "Response body:"
    echo "${body}" | python3 -m json.tool 2>/dev/null || echo "${body}"
    echo ""
    echo "--------------------------------------"
    echo ""
}

# Test working endpoints
echo "=== WORKING ENDPOINTS (Control Group) ==="
echo ""

test_endpoint "GET" "/opportunities/${OPPORTUNITY_ID}" \
    "Get specific opportunity (WORKING)"

test_endpoint "GET" "/opportunities/${OPPORTUNITY_ID}/clone" \
    "Get cloneable opportunity data (WORKING)"

# Test the problematic endpoint
echo "=== PROBLEMATIC ENDPOINT ==="
echo ""

test_endpoint "GET" "/stock_bookings?q[opportunity_id_eq]=${OPPORTUNITY_ID}" \
    "Get stock bookings for opportunity (FAILING - 401)"

echo ""
echo "======================================"
echo "Test Complete"
echo "======================================"
echo ""
echo "Expected behavior:"
echo "  - Opportunities endpoints should return 200 OK"
echo "  - Stock bookings endpoint should also return 200 OK"
echo ""
echo "Actual behavior:"
echo "  - Stock bookings endpoint returns 401 Unauthorized"
echo "  - Same Bearer token and headers are used for all requests"
echo ""
echo "This suggests a permissions/scope issue specific to the"
echo "/stock_bookings endpoint."
	#!/bin/bash
	#
	# test-stock-bookings.sh - Current RMS API Stock Bookings Bug Reproduction
	#
	# BACKGROUND:
	# We've discovered a permissions issue with the Current RMS API's /stock_bookings
	# endpoint. While our OAuth authentication works correctly for most endpoints
	# (opportunities, clone, etc.), the /stock_bookings endpoint returns 401 Unauthorized
	# when using the same credentials.
	#
	# This is blocking our ability to programmatically copy stock allocations when
	# replicating opportunities.
	#
	# BUG DETAILS:
	# Working endpoints:
	# - GET /opportunities/{id} ✓
	# - GET /opportunities/{id}/clone ✓
	# - PUT /opportunities/{id} ✓
	# - POST /opportunities ✓
	#
	# Failing endpoint:
	# - GET /stock_bookings?q[opportunity_id_eq]={id} ✗ (401 Unauthorized)
	#
	# All requests use the same OAuth Bearer token and X-SUBDOMAIN header.
	#
	# USAGE:
	# ./test-stock-bookings.sh
	#
	# The script will:
	# 1. Test two working endpoints as a control group
	# 2. Test the failing /stock_bookings endpoint
	# 3. Display color-coded results (green = success, red = failure)
	# 4. Pretty-print JSON responses for debugging
	#
	# OUTPUT:
	# - HTTP status codes for each request
	# - Full JSON response bodies
	# - Summary comparing expected vs actual behavior
	#
	# REQUIREMENTS:
	# - curl (pre-installed on macOS)
	# - python3 (for JSON pretty-printing, optional)
	#
	# CONFIGURATION:
	# Edit the variables below to test with different parameters.
	#
	# SUPPORT REQUEST:
	# This test script was created in response to a support ticket where we asked:
	# "Is /stock_bookings a restricted endpoint that requires additional OAuth scopes
	# or account-level permissions? If so, could you please enable it for our account?"
	#
	# NEXT STEPS:
	# Once the Current RMS team resolves the permissions issue, this script can be
	# used to verify the fix.
	#

	# Configuration
	API_BASE_URL="https://api.current-rms.com/api/v1"
	BEARER_TOKEN="YOUR_TOKEN_HERE"
	SUBDOMAIN="cmsi"
	OPPORTUNITY_ID="2936"

	# Colors for output
	GREEN='\033[0;32m'
	RED='\033[0;31m'
	YELLOW='\033[1;33m'
	NC='\033[0m' # No Color

	echo "======================================"
	echo "Stock Bookings API Test"
	echo "======================================"
	echo ""

	# Function to make API call and display result
	test_endpoint() {
	local method=$1
	local endpoint=$2
	local description=$3

	echo -e "${YELLOW}Testing: ${description}${NC}"
	echo "Endpoint: ${method} ${endpoint}"

	response=$(curl -s -w "\n%{http_code}" -X "${method}" \
	-H "Authorization: Bearer ${BEARER_TOKEN}" \
	-H "X-SUBDOMAIN: ${SUBDOMAIN}" \
	-H "Content-Type: application/json" \
	"${API_BASE_URL}${endpoint}")

	# Extract status code (last line) and body (everything else)
	http_code=$(echo "$response" \| tail -n1)
	body=$(echo "$response" \| sed '$d')

	echo "Status Code: ${http_code}"

	if [ "${http_code}" -eq 200 ] \|\| [ "${http_code}" -eq 201 ]; then
	echo -e "${GREEN}✓ SUCCESS${NC}"
	else
	echo -e "${RED}✗ FAILED${NC}"
	fi

	echo "Response body:"
	echo "${body}" \| python3 -m json.tool 2>/dev/null \|\| echo "${body}"
	echo ""
	echo "--------------------------------------"
	echo ""
	}

	# Test working endpoints
	echo "=== WORKING ENDPOINTS (Control Group) ==="
	echo ""

	test_endpoint "GET" "/opportunities/${OPPORTUNITY_ID}" \
	"Get specific opportunity (WORKING)"

	test_endpoint "GET" "/opportunities/${OPPORTUNITY_ID}/clone" \
	"Get cloneable opportunity data (WORKING)"

	# Test the problematic endpoint
	echo "=== PROBLEMATIC ENDPOINT ==="
	echo ""

	test_endpoint "GET" "/stock_bookings?q[opportunity_id_eq]=${OPPORTUNITY_ID}" \
	"Get stock bookings for opportunity (FAILING - 401)"

	echo ""
	echo "======================================"
	echo "Test Complete"
	echo "======================================"
	echo ""
	echo "Expected behavior:"
	echo " - Opportunities endpoints should return 200 OK"
	echo " - Stock bookings endpoint should also return 200 OK"
	echo ""
	echo "Actual behavior:"
	echo " - Stock bookings endpoint returns 401 Unauthorized"
	echo " - Same Bearer token and headers are used for all requests"
	echo ""
	echo "This suggests a permissions/scope issue specific to the"
	echo "/stock_bookings endpoint."
No results found