goca-spree-api 3.1.14.rails.5.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: '017008a6e01cd473ce0ae66f63d77d694d567dac'
+  data.tar.gz: 50c0d18d0e5fb4d58eb8f64dd03641edd6deceeb
+SHA512:
+  metadata.gz: a2b8942053b8005824019e90b6985789d2e1dc1d7b891e8120b7fa54a06513c1ab7a682bdb38c91f3a64a8eb179e8a8a01e9bd3b2a79c9066c66b5cbeebecfa1
+  data.tar.gz: 0115a87496fd609a4a6e01fe4aeda894355bc18fc38fbaca3653de03c7a130a9c525712c307cd59858618c2e4e8001989e2b925a29b1a9743153e6ea95648032

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,5 @@
+eval(File.read(File.dirname(__FILE__) + '/../common_spree_dependencies.rb'))
+
+gem 'spree_core', :path => '../core'
+
+gemspec

data/LICENSE

@@ -0,0 +1,26 @@
+Copyright (c) 2007-2015, Spree Commerce, Inc. and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/Rakefile

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+require 'rspec/core/rake_task'
+require 'spree/testing_support/common_rake'
+require 'rails/all'
+
+RSpec::Core::RakeTask.new
+
+task default: :spec
+
+desc "Generates a dummy app for testing"
+task :test_app do
+  ENV['LIB_NAME'] = 'spree/api'
+  Rake::Task['common:test_app'].invoke
+end

data/app/controllers/spree/api/base_controller.rb

@@ -0,0 +1,167 @@
+require_dependency 'spree/api/controller_setup'
+
+module Spree
+  module Api
+    class BaseController < ActionController::Base
+      include Spree::Api::ControllerSetup
+      include Spree::Core::ControllerHelpers::Store
+      include Spree::Core::ControllerHelpers::StrongParameters
+
+      attr_accessor :current_api_user
+
+      before_action :set_content_type
+      before_action :load_user
+      before_action :authorize_for_order, if: Proc.new { order_token.present? }
+      before_action :authenticate_user
+      before_action :load_user_roles
+
+      rescue_from ActionController::ParameterMissing, with: :error_during_processing
+      rescue_from ActiveRecord::RecordInvalid, with: :error_during_processing
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found
+      rescue_from CanCan::AccessDenied, with: :unauthorized
+      rescue_from Spree::Core::GatewayError, with: :gateway_error
+
+      helper Spree::Api::ApiHelpers
+
+      def map_nested_attributes_keys(klass, attributes)
+        nested_keys = klass.nested_attributes_options.keys
+        attributes.inject({}) do |h, (k,v)|
+          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
+          h[key] = v
+          h
+        end.with_indifferent_access
+      end
+
+      # users should be able to set price when importing orders via api
+      def permitted_line_item_attributes
+        if @current_user_roles.include?("admin")
+          super + [:price, :variant_id, :sku]
+        else
+          super
+        end
+      end
+
+      def content_type
+        case params[:format]
+        when "json"
+          "application/json; charset=utf-8"
+        when "xml"
+          "text/xml; charset=utf-8"
+        end
+      end
+
+      private
+
+      def set_content_type
+        headers["Content-Type"] = content_type
+      end
+
+      def load_user
+        @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
+      end
+
+      def authenticate_user
+        return if @current_api_user
+
+        if requires_authentication? && api_key.blank? && order_token.blank?
+          render "spree/api/errors/must_specify_api_key", status: 401 and return
+        elsif order_token.blank? && (requires_authentication? || api_key.present?)
+          render "spree/api/errors/invalid_api_key", status: 401 and return
+        else
+          # An anonymous user
+          @current_api_user = Spree.user_class.new
+        end
+      end
+
+      def load_user_roles
+        @current_user_roles = @current_api_user ? @current_api_user.spree_roles.pluck(:name) : []
+      end
+
+      def unauthorized
+        render "spree/api/errors/unauthorized", status: 401 and return
+      end
+
+      def error_during_processing(exception)
+        Rails.logger.error exception.message
+        Rails.logger.error exception.backtrace.join("\n")
+
+        unprocessable_entity(exception.message)
+      end
+
+      def unprocessable_entity(message)
+        render text: { exception: message }.to_json, status: 422
+      end
+
+      def gateway_error(exception)
+        @order.errors.add(:base, exception.message)
+        invalid_resource!(@order)
+      end
+
+      def requires_authentication?
+        Spree::Api::Config[:requires_authentication]
+      end
+
+      def not_found
+        render "spree/api/errors/not_found", status: 404 and return
+      end
+
+      def current_ability
+        Spree::Ability.new(current_api_user)
+      end
+
+      def invalid_resource!(resource)
+        @resource = resource
+        render "spree/api/errors/invalid_resource", status: 422
+      end
+
+      def api_key
+        request.headers["X-Spree-Token"] || params[:token]
+      end
+      helper_method :api_key
+
+      def order_token
+        request.headers["X-Spree-Order-Token"] || params[:order_token]
+      end
+
+      def find_product(id)
+        product_scope.friendly.find(id.to_s)
+      rescue ActiveRecord::RecordNotFound
+        product_scope.find(id)
+      end
+
+      def product_scope
+        if @current_user_roles.include?("admin")
+          scope = Product.with_deleted.accessible_by(current_ability, :read).includes(*product_includes)
+
+          unless params[:show_deleted]
+            scope = scope.not_deleted
+          end
+          unless params[:show_discontinued]
+            scope = scope.not_discontinued
+          end
+        else
+          scope = Product.accessible_by(current_ability, :read).active.includes(*product_includes)
+        end
+
+        scope
+      end
+
+      def variants_associations
+        [{ option_values: :option_type }, :default_price, :images]
+      end
+
+      def product_includes
+        [:option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations]
+      end
+
+      def order_id
+        params[:order_id] || params[:checkout_id] || params[:order_number]
+      end
+
+      def authorize_for_order
+        @order = Spree::Order.find_by(number: order_id)
+        authorize! :read, @order, order_token
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/addresses_controller.rb

@@ -0,0 +1,46 @@
+module Spree
+  module Api
+    module V1
+      class AddressesController < Spree::Api::BaseController
+        before_action :find_order
+
+        def show
+          authorize! :read, @order, order_token
+          @address = find_address
+          respond_with(@address)
+        end
+
+        def update
+          authorize! :update, @order, order_token
+          @address = find_address
+
+          if @address.update_attributes(address_params)
+            respond_with(@address, :default_template => :show)
+          else
+            invalid_resource!(@address)
+          end
+        end
+
+        private
+
+        def address_params
+          params.require(:address).permit(permitted_address_attributes)
+        end
+
+        def find_order
+          @order = Spree::Order.find_by!(number: order_id)
+        end
+
+        def find_address
+          if @order.bill_address_id == params[:id].to_i
+            @order.bill_address
+          elsif @order.ship_address_id == params[:id].to_i
+            @order.ship_address
+          else
+            raise CanCan::AccessDenied
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/checkouts_controller.rb

@@ -0,0 +1,103 @@
+module Spree
+  module Api
+    module V1
+      class CheckoutsController < Spree::Api::BaseController
+        before_action :associate_user, only: :update
+        before_action :load_order_with_lock, only: [:next, :advance, :update]
+
+        include Spree::Core::ControllerHelpers::Auth
+        include Spree::Core::ControllerHelpers::Order
+        # This before_action comes from Spree::Core::ControllerHelpers::Order
+        skip_before_action :set_current_order
+
+        def next
+          authorize! :update, @order, order_token
+          @order.next!
+          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
+        rescue StateMachines::InvalidTransition
+          respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
+        end
+
+        def advance
+          authorize! :update, @order, order_token
+          while @order.next; end
+          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
+        end
+
+        def update
+          authorize! :update, @order, order_token
+
+          if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
+            if current_api_user.has_spree_role?('admin') && user_id.present?
+              @order.associate_user!(Spree.user_class.find(user_id))
+            end
+
+            return if after_update_attributes
+
+            if @order.completed? || @order.next
+              state_callback(:after)
+              respond_with(@order, default_template: 'spree/api/v1/orders/show')
+            else
+              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
+            end
+          else
+            invalid_resource!(@order)
+          end
+        end
+
+        private
+
+        def user_id
+          params[:order][:user_id] if params[:order]
+        end
+
+        def nested_params
+          map_nested_attributes_keys Order, params[:order] || {}
+        end
+
+        # Should be overriden if you have areas of your checkout that don't match
+        # up to a step within checkout_steps, such as a registration step
+        def skip_state_validation?
+          false
+        end
+
+        def load_order(lock = false)
+          @order = Spree::Order.lock(lock).find_by!(number: params[:id])
+          raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
+          @order.state = params[:state] if params[:state]
+          state_callback(:before)
+        end
+
+        def load_order_with_lock
+          load_order(true)
+        end
+
+        def raise_insufficient_quantity
+          respond_with(@order, default_template: 'spree/api/v1/orders/insufficient_quantity')
+        end
+
+        def state_callback(before_or_after = :before)
+          method_name = :"#{before_or_after}_#{@order.state}"
+          send(method_name) if respond_to?(method_name, true)
+        end
+
+        def after_update_attributes
+          if nested_params && nested_params[:coupon_code].present?
+            handler = PromotionHandler::Coupon.new(@order).apply
+
+            if handler.error.present?
+              @coupon_message = handler.error
+              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_apply_coupon')
+              return true
+            end
+          end
+          false
+        end
+
+        def order_id
+          super || params[:id]
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/classifications_controller.rb

@@ -0,0 +1,20 @@
+module Spree
+  module Api
+    module V1
+      class ClassificationsController < Spree::Api::BaseController
+        def update
+          authorize! :update, Product
+          authorize! :update, Taxon
+          classification = Spree::Classification.find_by(
+            product_id: params[:product_id],
+            taxon_id: params[:taxon_id]
+          )
+          # Because position we get back is 0-indexed.
+          # acts_as_list is 1-indexed.
+          classification.insert_at(params[:position].to_i + 1)
+          render nothing: true
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/countries_controller.rb

@@ -0,0 +1,24 @@
+module Spree
+  module Api
+    module V1
+      class CountriesController < Spree::Api::BaseController
+        skip_before_action :authenticate_user
+
+        def index
+          @countries = Country.accessible_by(current_ability, :read).ransack(params[:q]).result.
+                       order('name ASC').
+                       page(params[:page]).per(params[:per_page])
+          country = Country.order("updated_at ASC").last
+          if stale?(country)
+            respond_with(@countries)
+          end
+        end
+
+        def show
+          @country = Country.accessible_by(current_ability, :read).find(params[:id])
+          respond_with(@country)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/credit_cards_controller.rb

@@ -0,0 +1,27 @@
+module Spree
+  module Api
+    module V1
+      class CreditCardsController < Spree::Api::BaseController
+        before_action :user
+
+        def index
+          @credit_cards = user
+            .credit_cards
+            .accessible_by(current_ability, :read)
+            .with_payment_profile
+            .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@credit_cards)
+        end
+
+        private
+
+          def user
+            if params[:user_id].present?
+              @user ||= Spree::user_class.accessible_by(current_ability, :read).find(params[:user_id])
+            end
+          end
+
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/images_controller.rb

@@ -0,0 +1,56 @@
+module Spree
+  module Api
+    module V1
+      class ImagesController < Spree::Api::BaseController
+        def index
+          @images = scope.images.accessible_by(current_ability, :read)
+          respond_with(@images)
+        end
+
+        def show
+          @image = Image.accessible_by(current_ability, :read).find(params[:id])
+          respond_with(@image)
+        end
+
+        def create
+          authorize! :create, Image
+          @image = scope.images.new(image_params)
+          if @image.save
+            respond_with(@image, status: 201, default_template: :show)
+          else
+            invalid_resource!(@image)
+          end
+        end
+
+        def update
+          @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
+          if @image.update_attributes(image_params)
+            respond_with(@image, default_template: :show)
+          else
+            invalid_resource!(@image)
+          end
+        end
+
+        def destroy
+          @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
+          @image.destroy
+          respond_with(@image, status: 204)
+        end
+
+        private
+
+        def image_params
+          params.require(:image).permit(permitted_image_attributes)
+        end
+
+        def scope
+          if params[:product_id]
+            Spree::Product.friendly.find(params[:product_id])
+          elsif params[:variant_id]
+            Spree::Variant.find(params[:variant_id])
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/inventory_units_controller.rb

@@ -0,0 +1,54 @@
+module Spree
+  module Api
+    module V1
+      class InventoryUnitsController < Spree::Api::BaseController
+        before_action :prepare_event, only: :update
+
+        def show
+          @inventory_unit = inventory_unit
+          respond_with(@inventory_unit)
+        end
+
+        def update
+          authorize! :update, inventory_unit.order
+
+          inventory_unit.transaction do
+            if inventory_unit.update_attributes(inventory_unit_params)
+              fire
+              render :show, :status => 200
+            else
+              invalid_resource!(inventory_unit)
+            end
+          end
+        end
+
+        private
+
+        def inventory_unit
+          @inventory_unit ||= InventoryUnit.accessible_by(current_ability, :read).find(params[:id])
+        end
+
+        def prepare_event
+          return unless @event = params[:fire]
+
+          can_event = "can_#{@event}?"
+
+          unless inventory_unit.respond_to?(can_event) &&
+                 inventory_unit.send(can_event)
+            render :text => { :exception => "cannot transition to #{@event}" }.to_json,
+                   :status => 200
+            false
+          end
+        end
+
+        def fire
+          inventory_unit.send("#{@event}!") if @event
+        end
+        
+        def inventory_unit_params
+          params.require(:inventory_unit).permit(permitted_inventory_unit_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/line_items_controller.rb

@@ -0,0 +1,70 @@
+module Spree
+  module Api
+    module V1
+      class LineItemsController < Spree::Api::BaseController
+        class_attribute :line_item_options
+
+        self.line_item_options = []
+
+        def create
+          variant = Spree::Variant.find(params[:line_item][:variant_id])
+          @line_item = order.contents.add(
+              variant,
+              params[:line_item][:quantity] || 1,
+              line_item_params[:options] || {}
+          )
+
+          if @line_item.errors.empty?
+            respond_with(@line_item, status: 201, default_template: :show)
+          else
+            invalid_resource!(@line_item)
+          end
+        end
+
+        def update
+          @line_item = find_line_item
+          if @order.contents.update_cart(line_items_attributes)
+            @line_item.reload
+            respond_with(@line_item, default_template: :show)
+          else
+            invalid_resource!(@line_item)
+          end
+        end
+
+        def destroy
+          @line_item = find_line_item
+          @order.contents.remove_line_item(@line_item)
+          respond_with(@line_item, status: 204)
+        end
+
+        private
+          def order
+            @order ||= Spree::Order.includes(:line_items).find_by!(number: order_id)
+            authorize! :update, @order, order_token
+          end
+
+          def find_line_item
+            id = params[:id].to_i
+            order.line_items.detect { |line_item| line_item.id == id } or
+                raise ActiveRecord::RecordNotFound
+          end
+
+          def line_items_attributes
+            {line_items_attributes: {
+                id: params[:id],
+                quantity: params[:line_item][:quantity],
+                options: line_item_params[:options] || {}
+            }}
+          end
+
+          def line_item_params
+            params.require(:line_item).permit(
+                :quantity,
+                :variant_id,
+                options: line_item_options
+            )
+          end
+      end
+    end
+  end
+end