solidus_api 1.0.7 → 1.1.0.beta1

data/app/controllers/spree/api/stock_transfers_controller.rb

@@ -7,6 +7,7 @@ module Spree
         variant = Spree::Variant.accessible_by(current_ability, :show).find(params[:variant_id])
         @transfer_item = @stock_transfer.transfer_items.find_by(variant: variant)
         if @transfer_item.nil?
+          logger.error("variant_not_in_stock_transfer")
           render "spree/api/errors/variant_not_in_stock_transfer", status: 422
         elsif @transfer_item.update_attributes(received_quantity: @transfer_item.received_quantity + 1)
           render 'spree/api/stock_transfers/receive', status: 200

data/app/controllers/spree/api/users_controller.rb

@@ -1,56 +1,20 @@
-module Spree
-  module Api
-    class UsersController < Spree::Api::BaseController
+class Spree::Api::UsersController < Spree::Api::ResourceController
 
-      def index
-        @users = Spree.user_class.accessible_by(current_ability,:read).ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-        respond_with(@users)
-      end
+  private
 
-      def show
-        respond_with(user)
-      end
-
-      def new
-      end
-
-      def create
-        authorize! :create, Spree.user_class
-        @user = Spree.user_class.new(user_params)
-        if @user.save
-          respond_with(@user, :status => 201, :default_template => :show)
-        else
-          invalid_resource!(@user)
-        end
-      end
-
-      def update
-        authorize! :update, user
-        if user.update_attributes(user_params)
-          respond_with(user, :status => 200, :default_template => :show)
-        else
-          invalid_resource!(user)
-        end
-      end
-
-      def destroy
-        authorize! :destroy, user
-        user.destroy
-        respond_with(user, :status => 204)
-      end
-
-      private
+  def user
+    @user
+  end
 
-      def user
-        @user ||= Spree.user_class.accessible_by(current_ability, :read).find(params[:id])
-      end
+  def model_class
+    Spree.user_class
+  end
 
-      def user_params
-        params.require(:user).permit(permitted_user_attributes |
-                                       [bill_address_attributes: permitted_address_attributes,
-                                        ship_address_attributes: permitted_address_attributes])
-      end
+  def user_params
+    permitted_resource_params
+  end
 
-    end
+  def permitted_resource_attributes
+    super | [bill_address_attributes: permitted_address_attributes, ship_address_attributes: permitted_address_attributes]
   end
 end

data/app/controllers/spree/api/zones_controller.rb

@@ -4,7 +4,7 @@ module Spree
 
       def create
         authorize! :create, Zone
-        @zone = Zone.new(map_nested_attributes_keys(Spree::Zone, zone_params))
+        @zone = Zone.new(zone_params)
         if @zone.save
           respond_with(@zone, :status => 201, :default_template => :show)
         else
@@ -29,7 +29,7 @@ module Spree
 
       def update
         authorize! :update, zone
-        if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, zone_params))
+        if zone.update_attributes(zone_params)
           respond_with(zone, :status => 200, :default_template => :show)
         else
           invalid_resource!(zone)
@@ -39,7 +39,11 @@ module Spree
       private
 
       def zone_params
-        params.require(:zone).permit!
+        attrs = params.require(:zone).permit!
+        if attrs[:zone_members]
+          attrs[:zone_members_attributes] = attrs.delete(:zone_members)
+        end
+        attrs
       end
 
       def zone

data/app/helpers/spree/api/api_helpers.rb

@@ -33,7 +33,8 @@ module Spree
         :store_credit_history_attributes,
         :stock_transfer_attributes,
         :transfer_item_attributes,
-        :transfer_item_variant_attributes
+        :transfer_item_variant_attributes,
+        :variant_property_attributes
       ]
 
       mattr_reader *ATTRIBUTES
@@ -65,6 +66,10 @@ module Spree
         :slug, :description, :track_inventory
       ]
 
+      @@variant_property_attributes = [
+        :id, :property_id, :value, :property_name
+      ]
+
       @@image_attributes = [
         :id, :position, :attachment_content_type, :attachment_file_name, :type,
         :attachment_updated_at, :attachment_width, :attachment_height, :alt
@@ -119,8 +124,8 @@ module Spree
 
       @@address_attributes = [
         :id, :firstname, :lastname, :full_name, :address1, :address2, :city,
-        :zipcode, :phone, :company, :alternative_phone, :country_id, :state_id,
-        :state_name, :state_text
+        :zipcode, :phone, :company, :alternative_phone, :country_id, :country_iso,
+        :state_id, :state_name, :state_text
       ]
 
       @@country_attributes = [:id, :iso_name, :iso, :iso3, :name, :numcode]
@@ -129,7 +134,7 @@ module Spree
 
       @@adjustment_attributes = [
         :id, :source_type, :source_id, :adjustable_type, :adjustable_id,
-        :originator_type, :originator_id, :amount, :label, :mandatory, :promotion_code,
+        :originator_type, :originator_id, :amount, :label, :promotion_code,
         :locked, :eligible,  :created_at, :updated_at
       ]
 

data/app/views/spree/api/address_books/show.v1.rabl

@@ -0,0 +1,4 @@
+collection @user_addresses
+node do |user_address|
+  partial("spree/api/addresses/show", object: user_address.address).merge(default: user_address.default)
+end

data/app/views/spree/api/orders/show.v1.rabl

@@ -2,7 +2,7 @@ object @order
 extends "spree/api/orders/order"
 
 child :available_payment_methods => :payment_methods do
-  attributes :id, :name, :environment, :method_type
+  attributes :id, :name, :method_type
 end
 
 child :billing_address => :bill_address do
@@ -21,7 +21,7 @@ child :payments => :payments do
   attributes *payment_attributes
 
   child :payment_method => :payment_method do
-    attributes :id, :name, :environment
+    attributes :id, :name
   end
 
   child :source => :source do

data/app/views/spree/api/variants/big.v1.rabl

@@ -9,6 +9,9 @@ node :total_on_hand do
   root_object.total_on_hand
 end
 
+child :variant_properties => :variant_properties do
+  attributes *variant_property_attributes
+end
 
 child(root_object.stock_items.accessible_by(current_ability) => :stock_items) do
   attributes :id, :count_on_hand, :stock_location_id, :backorderable

data/config/locales/en.yml

@@ -25,5 +25,4 @@ en:
         update_forbidden: "This payment cannot be updated because it is %{state}."
       shipment:
         cannot_ready: "Cannot ready shipment."
-      stock_location_required: "A stock_location_id parameter must be provided in order to retrieve stock movements."
       invalid_taxonomy_id: "Invalid taxonomy id."

data/config/routes.rb

@@ -61,6 +61,7 @@ Spree::Core::Engine.add_routes do
     resources :option_types do
       resources :option_values
     end
+    resources :option_values
 
     resources :option_values, only: :index
     get '/orders/mine', to: 'orders#mine', as: 'my_orders'
@@ -133,6 +134,8 @@ Spree::Core::Engine.add_routes do
       end
     end
 
+    resource :address_book, only: [:show, :update, :destroy]
+
     get '/config/money', to: 'config#money'
     get '/config', to: 'config#show'
     put '/classifications', to: 'classifications#update', as: :classifications

data/lib/spree/api/testing_support/helpers.rb

@@ -28,7 +28,7 @@ module Spree
         # This method can be overriden (with a let block) inside a context
         # For instance, if you wanted to have an admin user instead.
         def current_api_user
-          @current_api_user ||= stub_model(Spree::LegacyUser, email: "spree@example.com")
+          @current_api_user ||= stub_model(Spree::LegacyUser, email: "spree@example.com", spree_roles: [])
         end
 
         def image(filename)

data/lib/spree/api/testing_support/setup.rb

@@ -4,10 +4,7 @@ module Spree
       module Setup
         def sign_in_as_admin!
           let!(:current_api_user) do
-            user = stub_model(Spree::LegacyUser)
-            allow(user).to receive_message_chain(:spree_roles, :pluck).and_return(["admin"])
-            allow(user).to receive(:has_spree_role?).with("admin").and_return(true)
-            user
+            stub_model(Spree::LegacyUser, spree_roles: [Spree::Role.new(name: 'admin')])
           end
         end
       end

data/spec/controllers/spree/api/address_books_controller_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::AddressBooksController, :type => :controller do
+    render_views
+
+    context "unauthorized user" do
+      it "get 401 on /show" do
+        api_get :show
+        expect(response.status).to eq 401
+      end
+
+      it "get 401 on /update" do
+        api_put :update
+        expect(response.status).to eq 401
+      end
+
+      it "get 401 on /destroy" do
+        api_delete :destroy, address_id: 1
+        expect(response.status).to eq 401
+      end
+    end
+
+    context "authorized user with addresses" do
+      let(:address1) { create(:address) }
+      let(:address2) { create(:address, firstname: "Different") }
+
+      before do
+        stub_authentication!
+        current_api_user.save_in_address_book(address1.attributes, true)
+        current_api_user.save_in_address_book(address2.attributes, false)
+      end
+
+      it "gets their address book" do
+        api_get :show
+        expect(json_response.length).to eq 2
+      end
+
+      it "the first one is default" do
+        api_get :show
+        first, second = *json_response
+        expect(first["default"]).to be true
+        expect(second["default"]).to be false
+      end
+
+      it "can remove an address" do
+        api_delete :destroy, address_id: address1.id
+        expect(json_response.length).to eq 1
+      end
+
+      it "can update an address" do
+        updated_params = address2.attributes
+        updated_params[:firstname] = "Johnny"
+        updated_params[:default] = true
+        api_put :update, address_book: updated_params
+        expect(json_response.first["firstname"]).to eq "Johnny"
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/addresses_controller_spec.rb

@@ -10,20 +10,33 @@ module Spree
       @order = create(:order, :bill_address => @address)
     end
 
-    context "with their own address" do
+    context "with order" do
       before do
         allow_any_instance_of(Order).to receive_messages :user => current_api_user
       end
 
-      it "gets an address" do
-        api_get :show, :id => @address.id, :order_id => @order.number
-        expect(json_response['address1']).to eq @address.address1
-      end
+      context "with their own address" do
 
-      it "updates an address" do
-        api_put :update, :id => @address.id, :order_id => @order.number,
-                         :address => { :address1 => "123 Test Lane" }
-        expect(json_response['address1']).to eq '123 Test Lane'
+        it "gets an address" do
+          api_get :show, :id => @address.id, :order_id => @order.number
+          expect(json_response['address1']).to eq @address.address1
+        end
+
+        it "update replaces the readonly Address associated to the Order" do
+          api_put :update, :id => @address.id, :order_id => @order.number,
+                           :address => { :address1 => "123 Test Lane" }
+          expect(Order.find(@order.id).bill_address_id).not_to eq @address.id
+          expect(json_response['address1']).to eq '123 Test Lane'
+        end
+
+        it "receives the errors object if address is invalid" do
+          api_put :update, :id => @address.id, :order_id => @order.number,
+                           :address => { :address1 => "" }
+
+          expect(json_response['error']).not_to be_nil
+          expect(json_response['errors']).not_to be_nil
+          expect(json_response['errors']['address1'].first).to eq "can't be blank"
+        end
       end
 
       it "receives the errors object if address is invalid" do

data/spec/controllers/spree/api/base_controller_spec.rb

@@ -79,18 +79,6 @@ describe Spree::Api::BaseController, :type => :controller do
     }.to raise_error(Exception, "no joy")
   end
 
-  it "maps semantic keys to nested_attributes keys" do
-    klass = double(:nested_attributes_options => { :line_items => {},
-                                                  :bill_address => {} })
-    attributes = { 'line_items' => { :id => 1 },
-                   'bill_address' => { :id => 2 },
-                   'name' => 'test order' }
-
-    mapped = subject.map_nested_attributes_keys(klass, attributes)
-    expect(mapped.has_key?('line_items_attributes')).to be true
-    expect(mapped.has_key?('name')).to be true
-  end
-
   it "lets a subclass override the product associations that are eager-loaded" do
     expect(controller.respond_to?(:product_includes, true)).to be
   end

data/spec/controllers/spree/api/checkouts_controller_spec.rb

@@ -31,7 +31,6 @@ module Spree
       end
 
       before(:each) do
-        allow_any_instance_of(Order).to receive_messages(confirmation_required?: true)
         allow_any_instance_of(Order).to receive_messages(payment_required?: true)
       end
 
@@ -164,19 +163,6 @@ module Spree
         expect(response.status).to eq(200)
       end
 
-      context "with disallowed payment method" do
-        it "returns not found" do
-          order.update_column(:state, "payment")
-          allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
-          @payment_method.update!(display_on: "back_end")
-          expect {
-            api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
-          }.not_to change { Spree::Payment.count }
-          expect(response.status).to eq(404)
-        end
-      end
-
-
       it "returns errors when source is required and missing" do
         order.update_column(:state, "payment")
         api_put :update, :id => order.to_param, :order_token => order.guest_token,
@@ -186,40 +172,118 @@ module Spree
         expect(source_errors).to include("can't be blank")
       end
 
-      it "can update payment method with source and transition from payment to confirm" do
-        order.update_column(:state, "payment")
-        source_attributes = {
-          number: "4111111111111111",
-          month: 1.month.from_now.month,
-          year: 1.month.from_now.year,
-          verification_value: "123",
-          name: "Spree Commerce"
-        }
+      describe 'payment method with source and transition from payment to confirm' do
+        before do
+          order.update_column(:state, "payment")
+        end
 
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-          order: { payments_attributes: [{ payment_method_id: @payment_method.id.to_s }]},
-                      payment_source: { @payment_method.id.to_s => source_attributes }
-        expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
-        expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
-        expect(response.status).to eq(200)
+        let(:params) do
+          {
+            id: order.to_param,
+            order_token: order.guest_token,
+            order: {
+              payments_attributes: [
+                {
+                  payment_method_id: @payment_method.id.to_s,
+                  source_attributes: attributes_for(:credit_card),
+                },
+              ],
+            },
+          }
+        end
+
+        it 'succeeds' do
+          api_put(:update, params)
+          expect(response.status).to eq(200)
+          expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
+          expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
+        end
+
+        context 'with deprecated payment_source parameters' do
+          let(:params) do
+            {
+              id: order.to_param,
+              order_token: order.guest_token,
+              order: {
+                payments_attributes: [
+                  { payment_method_id: @payment_method.id.to_s },
+                ],
+              },
+              payment_source: { @payment_method.id.to_s => attributes_for(:credit_card) },
+            }
+          end
+
+          it "succeeds" do
+            ActiveSupport::Deprecation.silence do
+              api_put(:update, params)
+            end
+            expect(response.status).to eq(200)
+            expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
+            expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
+          end
+        end
       end
 
-      it "returns errors when source is missing attributes" do
-        order.update_column(:state, "payment")
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-          order: {
-            payments_attributes: [{ payment_method_id: @payment_method.id }]
-          },
-          payment_source: {
-            @payment_method.id.to_s => { name: "Spree" }
+      context 'when source is missing attributes' do
+        before do
+          order.update_column(:state, "payment")
+        end
+
+        let(:params) do
+          {
+            id: order.to_param,
+            order_token: order.guest_token,
+            order: {
+              payments_attributes: [
+                {
+                  payment_method_id: @payment_method.id.to_s,
+                  source_attributes: {name: "Spree"},
+                },
+              ],
+            },
           }
+        end
 
-        expect(response.status).to eq(422)
-        cc_errors = json_response['errors']['payments.Credit Card']
-        expect(cc_errors).to include("Number can't be blank")
-        expect(cc_errors).to include("Month is not a number")
-        expect(cc_errors).to include("Year is not a number")
-        expect(cc_errors).to include("Verification Value can't be blank")
+        it 'returns errors' do
+          api_put(:update, params)
+
+          expect(response.status).to eq(422)
+          cc_errors = json_response['errors']['payments.Credit Card']
+          expect(cc_errors).to include("Number can't be blank")
+          expect(cc_errors).to include("Month is not a number")
+          expect(cc_errors).to include("Year is not a number")
+          expect(cc_errors).to include("Verification Value can't be blank")
+        end
+
+        context 'with deprecated payment_source parameters' do
+          let(:params) do
+            {
+              id: order.to_param,
+              order_token: order.guest_token,
+              order: {
+                payments_attributes: [
+                  {payment_method_id: @payment_method.id.to_s},
+                ],
+              },
+              payment_source: {
+                @payment_method.id.to_s => {name: "Spree"},
+              },
+            }
+          end
+
+          it 'returns errors' do
+            ActiveSupport::Deprecation.silence do
+              api_put(:update, params)
+            end
+
+            expect(response.status).to eq(422)
+            cc_errors = json_response['errors']['payments.Credit Card']
+            expect(cc_errors).to include("Number can't be blank")
+            expect(cc_errors).to include("Month is not a number")
+            expect(cc_errors).to include("Year is not a number")
+            expect(cc_errors).to include("Verification Value can't be blank")
+          end
+        end
       end
 
       it "allow users to reuse a credit card" do
@@ -276,8 +340,6 @@ module Spree
       end
 
       it "can apply a coupon code to an order" do
-        skip "ensure that the order totals are properly updated, see frontend orders_controller or checkout_controller as example"
-
         order.update_column(:state, "payment")
         expect(PromotionHandler::Coupon).to receive(:new).with(order).and_call_original
         expect_any_instance_of(PromotionHandler::Coupon).to receive(:apply).and_return({ coupon_applied?: true })