solidus_api 1.0.0.pre

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8f7e1c99f480436edbb45f9d9e3d946879794a7f
+  data.tar.gz: 8cca45deec26d1b9f7dcbf03eb66f2dfb0f8ba01
+SHA512:
+  metadata.gz: 54ddece7d71fafe19fdb104acd90b823ca011dd2fdec6c0e6df56e3a396994336fa1d2adb973a18b51ef5b07ef5bc49ed3e32494ea2be31b1f99fc990bf9b5bc
+  data.tar.gz: a7ff37cb7e28ffe0a6bbedb442a79256997cbf504623ae0f48b98fdb8dcc261236aa0f153bbf20d328352cb582f90dd683cfea90cad8025034ae7794681c1c68

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/CHANGELOG.md

@@ -0,0 +1 @@
+## Spree 2.4.0 (unreleased) ##

data/Gemfile

@@ -0,0 +1,5 @@
+eval(File.read(File.dirname(__FILE__) + '/../common_spree_dependencies.rb'))
+
+gem 'solidus_core', :path => '../core'
+
+gemspec

data/LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2007-2014, Spree Commerce, Inc. and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

data/Rakefile

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+require 'rspec/core/rake_task'
+require 'spree/testing_support/common_rake'
+require 'rails/all'
+
+RSpec::Core::RakeTask.new
+
+task :default => :spec
+
+desc "Generates a dummy app for testing"
+task :test_app do
+  ENV['LIB_NAME'] = 'spree/api'
+  Rake::Task['common:test_app'].invoke
+end

data/app/controllers/spree/api/addresses_controller.rb

@@ -0,0 +1,43 @@
+module Spree
+  module Api
+    class AddressesController < Spree::Api::BaseController
+      before_action :find_order
+
+      def show
+        authorize! :read, @order, order_token
+        find_address
+        respond_with(@address)
+      end
+
+      def update
+        authorize! :update, @order, order_token
+        find_address
+
+        if @address.update_attributes(address_params)
+          respond_with(@address, :default_template => :show)
+        else
+          invalid_resource!(@address)
+        end
+      end
+
+      private
+        def address_params
+          params.require(:address).permit(permitted_address_attributes)
+        end
+
+        def find_order
+          @order = Spree::Order.find_by!(number: order_id)
+        end
+
+        def find_address
+          @address = if @order.bill_address_id == params[:id].to_i
+            @order.bill_address
+          elsif @order.ship_address_id == params[:id].to_i
+            @order.ship_address
+          else
+            raise CanCan::AccessDenied
+          end
+        end
+    end
+  end
+end

data/app/controllers/spree/api/base_controller.rb

@@ -0,0 +1,189 @@
+require 'spree/api/responders'
+
+module Spree
+  module Api
+    class BaseController < ActionController::Base
+      prepend_view_path Rails.root + "app/views"
+      append_view_path File.expand_path("../../../app/views", File.dirname(__FILE__))
+
+      self.responder = Spree::Api::Responders::AppResponder
+      respond_to :json
+
+      include CanCan::ControllerAdditions
+      include Spree::Core::ControllerHelpers::Store
+      include Spree::Core::ControllerHelpers::StrongParameters
+
+      class_attribute :admin_line_item_attributes
+      self.admin_line_item_attributes = [:price, :variant_id, :sku]
+
+      attr_accessor :current_api_user
+
+      class_attribute :error_notifier
+
+      before_action :set_content_type
+      before_action :load_user
+      before_action :authorize_for_order, if: Proc.new { order_token.present? }
+      before_action :authenticate_user
+      before_action :load_user_roles
+
+      rescue_from StandardError, with: :error_during_processing
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found
+      rescue_from CanCan::AccessDenied, with: :unauthorized
+      rescue_from Spree::Core::GatewayError, with: :gateway_error
+
+      helper Spree::Api::ApiHelpers
+
+      def map_nested_attributes_keys(klass, attributes)
+        nested_keys = klass.nested_attributes_options.keys
+        attributes.inject({}) do |h, (k,v)|
+          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
+          h[key] = v
+          h
+        end.with_indifferent_access
+      end
+
+      # users should be able to set price when importing orders via api
+      def permitted_line_item_attributes
+        if is_admin?
+          super + admin_line_item_attributes
+        else
+          super
+        end
+      end
+
+      protected
+
+      def is_admin?
+        current_api_user && current_api_user.has_spree_role?("admin")
+      end
+
+      private
+
+      def set_content_type
+        content_type = case params[:format]
+        when "json"
+          "application/json; charset=utf-8"
+        when "xml"
+          "text/xml; charset=utf-8"
+        end
+        headers["Content-Type"] = content_type
+      end
+
+      def load_user
+        @current_api_user ||= Spree.user_class.find_by(spree_api_key: api_key.to_s)
+      end
+
+      def authenticate_user
+        unless @current_api_user
+          if requires_authentication? && api_key.blank? && order_token.blank?
+            render "spree/api/errors/must_specify_api_key", :status => 401 and return
+          elsif order_token.blank? && (requires_authentication? || api_key.present?)
+            render "spree/api/errors/invalid_api_key", :status => 401 and return
+          end
+        end
+      end
+
+      def load_user_roles
+        @current_user_roles = if @current_api_user
+          @current_api_user.spree_roles.pluck(:name)
+        else
+          []
+        end
+      end
+
+      def unauthorized
+        render "spree/api/errors/unauthorized", status: 401 and return
+      end
+
+      def error_during_processing(exception)
+        Rails.logger.error exception.message
+        Rails.logger.error exception.backtrace.join("\n")
+
+        error_notifier.call(exception, self) if error_notifier
+
+        render text: { exception: exception.message }.to_json,
+          status: 422 and return
+      end
+
+      def gateway_error(exception)
+        @order.errors.add(:base, exception.message)
+        invalid_resource!(@order)
+      end
+
+      def requires_authentication?
+        Spree::Api::Config[:requires_authentication]
+      end
+
+      def not_found
+        render "spree/api/errors/not_found", status: 404 and return
+      end
+
+      def current_ability
+        Spree::Ability.new(current_api_user)
+      end
+
+      def current_currency
+        Spree::Config[:currency]
+      end
+      helper_method :current_currency
+
+      def invalid_resource!(resource)
+        @resource = resource
+        render "spree/api/errors/invalid_resource", :status => 422
+      end
+
+      def api_key
+        request.headers["X-Spree-Token"] || params[:token]
+      end
+      helper_method :api_key
+
+      def order_token
+        request.headers["X-Spree-Order-Token"] || params[:order_token]
+      end
+
+      def find_product(id)
+        product_scope.friendly.find(id.to_s)
+      rescue ActiveRecord::RecordNotFound
+        product_scope.find(id)
+      end
+
+      def product_scope
+        if is_admin?
+          scope = Product.with_deleted.accessible_by(current_ability, :read).includes(*product_includes)
+
+          unless params[:show_deleted]
+            scope = scope.not_deleted
+          end
+        else
+          scope = Product.accessible_by(current_ability, :read).active.includes(*product_includes)
+        end
+
+        scope
+      end
+
+      def variants_associations
+        [{ option_values: :option_type }, :default_price, :images]
+      end
+
+      def product_includes
+        [ :option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations ]
+      end
+
+      def order_id
+        params[:order_id] || params[:checkout_id] || params[:order_number]
+      end
+
+      def authorize_for_order
+        @order = Spree::Order.find_by(number: order_id)
+        authorize! :read, @order, order_token
+      end
+
+      def lock_order
+        OrderMutex.with_lock!(@order) { yield }
+      rescue Spree::OrderMutex::LockFailed => e
+        render text: e.message, status: 409
+      end
+
+    end
+  end
+end

data/app/controllers/spree/api/checkouts_controller.rb

@@ -0,0 +1,133 @@
+module Spree
+  module Api
+    class CheckoutsController < Spree::Api::BaseController
+      before_filter :load_order, only: [:next, :advance, :update, :complete]
+      around_filter :lock_order, only: [:next, :advance, :update, :complete]
+      before_filter :update_order_state, only: [:next, :advance, :update, :complete]
+
+      rescue_from Spree::Order::InsufficientStock, with: :insufficient_stock_error
+
+      include Spree::Core::ControllerHelpers::Order
+      # This before_filter comes from Spree::Core::ControllerHelpers::Order
+      skip_before_action :set_current_order
+
+      def next
+        if @order.confirm?
+          ActiveSupport::Deprecation.warn "Using Spree::Api::CheckoutsController#next to transition to complete is deprecated. Please use #complete instead of #next.", caller
+          complete
+          return
+        end
+
+        authorize! :update, @order, order_token
+        if !expected_total_ok?(params[:expected_total])
+          respond_with(@order, default_template: 'spree/api/orders/expected_total_mismatch', status: 400)
+          return
+        end
+        authorize! :update, @order, order_token
+        @order.next!
+        respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
+      rescue StateMachines::InvalidTransition
+        respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
+      end
+
+      def advance
+        authorize! :update, @order, order_token
+        @order.contents.advance
+        respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
+      end
+
+      def complete
+        authorize! :update, @order, order_token
+        if !expected_total_ok?(params[:expected_total])
+          respond_with(@order, default_template: 'spree/api/orders/expected_total_mismatch', status: 400)
+        else
+          @order.complete!
+          respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
+        end
+      rescue StateMachines::InvalidTransition
+        respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
+      end
+
+      def update
+        authorize! :update, @order, order_token
+
+        if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
+          if current_api_user.has_spree_role?('admin') && user_id.present?
+            @order.associate_user!(Spree.user_class.find(user_id))
+          end
+
+          return if after_update_attributes
+
+          if @order.completed? || @order.next
+            state_callback(:after)
+            respond_with(@order, default_template: 'spree/api/orders/show')
+          else
+            respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
+          end
+        else
+          invalid_resource!(@order)
+        end
+      end
+
+      private
+        def user_id
+          params[:order][:user_id] if params[:order]
+        end
+
+        def nested_params
+          map_nested_attributes_keys Order, params[:order] || {}
+        end
+
+        # Should be overriden if you have areas of your checkout that don't match
+        # up to a step within checkout_steps, such as a registration step
+        def skip_state_validation?
+          false
+        end
+
+        def load_order
+          @order = Spree::Order.find_by!(number: params[:id])
+          raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
+        end
+
+        def update_order_state
+          @order.state = params[:state] if params[:state]
+          state_callback(:before)
+        end
+
+        def raise_insufficient_quantity
+          respond_with(@order, default_template: 'spree/api/orders/insufficient_quantity')
+        end
+
+        def state_callback(before_or_after = :before)
+          method_name = :"#{before_or_after}_#{@order.state}"
+          send(method_name) if respond_to?(method_name, true)
+        end
+
+        def after_update_attributes
+          if nested_params && nested_params[:coupon_code].present?
+            handler = PromotionHandler::Coupon.new(@order).apply
+
+            if handler.error.present?
+              @coupon_message = handler.error
+              respond_with(@order, default_template: 'spree/api/orders/could_not_apply_coupon')
+              return true
+            end
+          end
+          false
+        end
+
+        def order_id
+          super || params[:id]
+        end
+
+        def expected_total_ok?(expected_total)
+          return true if expected_total.blank?
+          @order.total == BigDecimal(expected_total)
+        end
+
+        def insufficient_stock_error(exception)
+          render json: { errors: [I18n.t(:quantity_is_not_available, :scope => "spree.api.order")], type: 'insufficient_stock' }, status: 422
+        end
+    end
+  end
+end

data/app/controllers/spree/api/classifications_controller.rb

@@ -0,0 +1,18 @@
+module Spree
+  module Api
+    class ClassificationsController < Spree::Api::BaseController
+      def update
+        authorize! :update, Product
+        authorize! :update, Taxon
+        classification = Spree::Classification.find_by(
+          :product_id => params[:product_id],
+          :taxon_id => params[:taxon_id]
+        )
+        # Because position we get back is 0-indexed.
+        # acts_as_list is 1-indexed.
+        classification.insert_at(params[:position].to_i + 1)
+        render :nothing => true
+      end
+    end
+  end
+end

data/app/controllers/spree/api/config_controller.rb

@@ -0,0 +1,6 @@
+module Spree
+  module Api
+    class ConfigController < Spree::Api::BaseController
+    end
+  end
+end

data/app/controllers/spree/api/countries_controller.rb

@@ -0,0 +1,23 @@
+module Spree
+  module Api
+    class CountriesController < Spree::Api::BaseController
+      skip_before_action :check_for_user_or_api_key
+      skip_before_action :authenticate_user
+
+      def index
+        @countries = Country.accessible_by(current_ability, :read).ransack(params[:q]).result.
+                     includes(:states).order('name ASC').
+                     page(params[:page]).per(params[:per_page])
+        country = Country.order("updated_at ASC").last
+        if stale?(country)
+          respond_with(@countries)
+        end
+      end
+
+      def show
+        @country = Country.accessible_by(current_ability, :read).find(params[:id])
+        respond_with(@country)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/credit_cards_controller.rb

@@ -0,0 +1,25 @@
+module Spree
+  module Api
+    class CreditCardsController < Spree::Api::BaseController
+      before_action :user
+
+      def index
+        @credit_cards = user
+          .credit_cards
+          .accessible_by(current_ability, :read)
+          .with_payment_profile
+          .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@credit_cards)
+      end
+
+      private
+
+        def user
+          if params[:user_id].present?
+            @user ||= Spree::user_class.accessible_by(current_ability, :read).find(params[:user_id])
+          end
+        end
+
+    end
+  end
+end

data/app/controllers/spree/api/images_controller.rb

@@ -0,0 +1,47 @@
+module Spree
+  module Api
+    class ImagesController < Spree::Api::BaseController
+
+      def index
+        @images = scope.images.accessible_by(current_ability, :read)
+        respond_with(@images)
+      end
+
+      def show
+        @image = Image.accessible_by(current_ability, :read).find(params[:id])
+        respond_with(@image)
+      end
+
+      def create
+        authorize! :create, Image
+        @image = scope.images.create(image_params)
+        respond_with(@image, :status => 201, :default_template => :show)
+      end
+
+      def update
+        @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
+        @image.update_attributes(image_params)
+        respond_with(@image, :default_template => :show)
+      end
+
+      def destroy
+        @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
+        @image.destroy
+        respond_with(@image, :status => 204)
+      end
+
+      private
+        def image_params
+          params.require(:image).permit(permitted_image_attributes)
+        end
+
+        def scope
+          if params[:product_id]
+            scope = Spree::Product.friendly.find(params[:product_id])
+          elsif params[:variant_id]
+            scope = Spree::Variant.find(params[:variant_id])
+          end
+        end
+    end
+  end
+end

data/app/controllers/spree/api/inventory_units_controller.rb

@@ -0,0 +1,52 @@
+module Spree
+  module Api
+    class InventoryUnitsController < Spree::Api::BaseController
+      before_action :prepare_event, only: :update
+
+      def show
+        @inventory_unit = inventory_unit
+        respond_with(@inventory_unit)
+      end
+
+      def update
+        authorize! :update, inventory_unit.order
+
+        inventory_unit.transaction do
+          if inventory_unit.update_attributes(inventory_unit_params)
+            fire
+            render :show, :status => 200
+          else
+            invalid_resource!(inventory_unit)
+          end
+        end
+      end
+
+      private
+
+      def inventory_unit
+        @inventory_unit ||= InventoryUnit.accessible_by(current_ability, :read).find(params[:id])
+      end
+
+      def prepare_event
+        return unless @event = params[:fire]
+
+        can_event = "can_#{@event}?"
+
+        unless inventory_unit.respond_to?(can_event) &&
+               inventory_unit.send(can_event)
+          render :text => { :exception => "cannot transition to #{@event}" }.to_json,
+                 :status => 200
+          false
+        end
+      end
+
+      def fire
+        inventory_unit.send("#{@event}!") if @event
+      end
+      
+      def inventory_unit_params
+        params.require(:inventory_unit).permit(permitted_inventory_unit_attributes)
+      end
+    end
+  end
+end