solidus_api 2.10.2 → 2.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (99) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/app/controllers/spree/api/addresses_controller.rb +1 -1
  4. data/app/controllers/spree/api/base_controller.rb +11 -3
  5. data/app/controllers/spree/api/checkouts_controller.rb +1 -11
  6. data/app/controllers/spree/api/countries_controller.rb +2 -2
  7. data/app/controllers/spree/api/credit_cards_controller.rb +2 -2
  8. data/app/controllers/spree/api/customer_returns_controller.rb +67 -0
  9. data/app/controllers/spree/api/images_controller.rb +4 -4
  10. data/app/controllers/spree/api/inventory_units_controller.rb +1 -1
  11. data/app/controllers/spree/api/option_types_controller.rb +3 -3
  12. data/app/controllers/spree/api/option_values_controller.rb +2 -2
  13. data/app/controllers/spree/api/orders_controller.rb +1 -1
  14. data/app/controllers/spree/api/payments_controller.rb +1 -1
  15. data/app/controllers/spree/api/product_properties_controller.rb +9 -14
  16. data/app/controllers/spree/api/promotions_controller.rb +3 -12
  17. data/app/controllers/spree/api/properties_controller.rb +3 -3
  18. data/app/controllers/spree/api/resource_controller.rb +2 -2
  19. data/app/controllers/spree/api/return_authorizations_controller.rb +3 -3
  20. data/app/controllers/spree/api/shipments_controller.rb +1 -1
  21. data/app/controllers/spree/api/states_controller.rb +3 -3
  22. data/app/controllers/spree/api/stock_items_controller.rb +2 -2
  23. data/app/controllers/spree/api/stock_locations_controller.rb +3 -3
  24. data/app/controllers/spree/api/stock_movements_controller.rb +3 -3
  25. data/app/controllers/spree/api/stores_controller.rb +3 -3
  26. data/app/controllers/spree/api/taxonomies_controller.rb +2 -2
  27. data/app/controllers/spree/api/taxons_controller.rb +4 -4
  28. data/app/controllers/spree/api/users_controller.rb +13 -0
  29. data/app/controllers/spree/api/variants_controller.rb +3 -3
  30. data/app/controllers/spree/api/zones_controller.rb +2 -2
  31. data/app/helpers/spree/api/api_helpers.rb +18 -5
  32. data/app/views/spree/api/customer_returns/index.json.jbuilder +6 -0
  33. data/app/views/spree/api/customer_returns/new.json.jbuilder +4 -0
  34. data/app/views/spree/api/customer_returns/show.json.jbuilder +3 -0
  35. data/app/views/spree/api/errors/could_not_transition.json.jbuilder +4 -0
  36. data/app/views/spree/api/orders/could_not_transition.json.jbuilder +5 -0
  37. data/config/locales/en.yml +2 -0
  38. data/config/routes.rb +6 -3
  39. data/lib/spree/api/testing_support/helpers.rb +1 -1
  40. data/openapi/authentication.md +9 -1
  41. data/openapi/checkout-flow.md +17 -4
  42. data/openapi/main.hub.yml +1 -1
  43. data/openapi/solidus-api.oas.yml +6753 -0
  44. data/solidus_api.gemspec +19 -19
  45. metadata +16 -116
  46. data/openapi/api.oas2.yml +0 -6108
  47. data/script/rails +0 -10
  48. data/spec/controllers/spree/api/base_controller_spec.rb +0 -118
  49. data/spec/controllers/spree/api/resource_controller_spec.rb +0 -190
  50. data/spec/features/checkout_spec.rb +0 -192
  51. data/spec/fixtures/thinking-cat.jpg +0 -0
  52. data/spec/lib/spree_api_responders_spec.rb +0 -10
  53. data/spec/models/spree/legacy_user_spec.rb +0 -103
  54. data/spec/requests/api/address_books_spec.rb +0 -240
  55. data/spec/requests/jbuilder_cache_spec.rb +0 -34
  56. data/spec/requests/ransackable_attributes_spec.rb +0 -79
  57. data/spec/requests/spree/api/addresses_controller_spec.rb +0 -57
  58. data/spec/requests/spree/api/checkouts_controller_spec.rb +0 -484
  59. data/spec/requests/spree/api/classifications_controller_spec.rb +0 -50
  60. data/spec/requests/spree/api/config_controller_spec.rb +0 -26
  61. data/spec/requests/spree/api/countries_controller_spec.rb +0 -48
  62. data/spec/requests/spree/api/coupon_codes_controller_spec.rb +0 -105
  63. data/spec/requests/spree/api/credit_cards_controller_spec.rb +0 -105
  64. data/spec/requests/spree/api/images_controller_spec.rb +0 -99
  65. data/spec/requests/spree/api/inventory_units_controller_spec.rb +0 -55
  66. data/spec/requests/spree/api/line_items_controller_spec.rb +0 -213
  67. data/spec/requests/spree/api/option_types_controller_spec.rb +0 -116
  68. data/spec/requests/spree/api/option_values_controller_spec.rb +0 -138
  69. data/spec/requests/spree/api/orders_controller_spec.rb +0 -954
  70. data/spec/requests/spree/api/payments_controller_spec.rb +0 -259
  71. data/spec/requests/spree/api/product_properties_controller_spec.rb +0 -114
  72. data/spec/requests/spree/api/products_controller_spec.rb +0 -422
  73. data/spec/requests/spree/api/promotion_application_spec.rb +0 -50
  74. data/spec/requests/spree/api/promotions_controller_spec.rb +0 -67
  75. data/spec/requests/spree/api/properties_controller_spec.rb +0 -102
  76. data/spec/requests/spree/api/return_authorizations_controller_spec.rb +0 -180
  77. data/spec/requests/spree/api/shipments_controller_spec.rb +0 -532
  78. data/spec/requests/spree/api/states_controller_spec.rb +0 -69
  79. data/spec/requests/spree/api/stock_items_controller_spec.rb +0 -311
  80. data/spec/requests/spree/api/stock_locations_controller_spec.rb +0 -170
  81. data/spec/requests/spree/api/stock_movements_controller_spec.rb +0 -81
  82. data/spec/requests/spree/api/store_credit_events_controller_spec.rb +0 -59
  83. data/spec/requests/spree/api/stores_controller_spec.rb +0 -134
  84. data/spec/requests/spree/api/taxonomies_controller_spec.rb +0 -114
  85. data/spec/requests/spree/api/taxons_controller_spec.rb +0 -217
  86. data/spec/requests/spree/api/unauthenticated_products_controller_spec.rb +0 -27
  87. data/spec/requests/spree/api/users_controller_spec.rb +0 -151
  88. data/spec/requests/spree/api/variants_controller_spec.rb +0 -340
  89. data/spec/requests/spree/api/zones_controller_spec.rb +0 -89
  90. data/spec/shared_examples/protect_product_actions.rb +0 -18
  91. data/spec/spec_helper.rb +0 -73
  92. data/spec/support/be_paginated_matcher.rb +0 -9
  93. data/spec/support/controller_hacks.rb +0 -43
  94. data/spec/support/database_cleaner.rb +0 -16
  95. data/spec/support/have_attributes_matcher.rb +0 -11
  96. data/spec/test_views/spree/api/widgets/_widget.json.jbuilder +0 -3
  97. data/spec/test_views/spree/api/widgets/index.json.jbuilder +0 -9
  98. data/spec/test_views/spree/api/widgets/new.json.jbuilder +0 -3
  99. data/spec/test_views/spree/api/widgets/show.json.jbuilder +0 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b7afcbef6dfdc19f02d26c7b3e410f072dc0d6be5a5b7d476b64b3725b1b24b7
4
- data.tar.gz: ac898e6b9d5df7e526a5cd9af63a240aed5e2ab46c7ac75ca583b0fb7eb599b1
3
+ metadata.gz: 0073a2dd8fda3f900d1eacc4221b4ef2e0b418adb5a08818dfadd32aa8c55020
4
+ data.tar.gz: 1f453e33e88e7f80a4c0b618cb4336a54cf8dff3044d9b526e6bb6d312f46e07
5
5
  SHA512:
6
- metadata.gz: ce175516b04998e778b53e3d1ae47fc1a04c2ef4146a68000bc8745d5e267e423054d0e96fb1b02a03fa26ac186210012b84b54fa7592d15df7cf4fcf8e8d39a
7
- data.tar.gz: 197562fcd0ea03c6593c21bfb8cb6f8d2424c6ddc3b12cbbc5b83a501976fe724c448a341de063a630daa3cb0f1309687503f5f35ee27536ad4d0a715392c3ea
6
+ metadata.gz: 4783fe7f6037f082e38fd384732c895e7c591781d0770a45f107248b7380a40a6675cd1935455aaeef230ed7c0c4eb61e55f506eaaabbdb3a846de1a71989b0a
7
+ data.tar.gz: e722663fa5ac036dc85edd355d8faa09a73b36c4dd3a3e17fa145a7f31f815349d71315355def89cfd724d5610497ce0bef6824d73cf1d554abe8f1b36e1659e
data/README.md CHANGED
@@ -20,9 +20,9 @@ If you want to contribute, you can use [Stoplight Studio][studio]. Simply
20
20
  follow these steps:
21
21
 
22
22
  1. Create a new Stoplight Studio project
23
- 2. Copy-paste the content of `openapi/api.oas2.yml` into your project
23
+ 2. Copy-paste the content of `openapi/solidus-api.oas.yml` into your project
24
24
  3. Edit the endpoints and models as needed
25
- 4. Copy-paste the result back into `openapi/api.oas2.yml`
25
+ 4. Copy-paste the result back into `openapi/solidus-api.oas.yml`
26
26
  5. Open a PR!
27
27
 
28
28
  **Note: Only use embedded models in Stoplight Studio, as Stoplight Docs is
@@ -6,7 +6,7 @@ module Spree
6
6
  before_action :find_order
7
7
 
8
8
  def show
9
- authorize! :read, @order, order_token
9
+ authorize! :show, @order, order_token
10
10
  find_address
11
11
  respond_with(@address)
12
12
  end
@@ -10,6 +10,7 @@ module Spree
10
10
  protect_from_forgery unless: -> { request.format.json? }
11
11
 
12
12
  include CanCan::ControllerAdditions
13
+ include Spree::Core::ControllerHelpers::CurrentHost
13
14
  include Spree::Core::ControllerHelpers::Store
14
15
  include Spree::Core::ControllerHelpers::Pricing
15
16
  include Spree::Core::ControllerHelpers::StrongParameters
@@ -28,6 +29,7 @@ module Spree
28
29
  rescue_from ActiveRecord::RecordNotFound, with: :not_found
29
30
  rescue_from CanCan::AccessDenied, with: :unauthorized
30
31
  rescue_from Spree::Core::GatewayError, with: :gateway_error
32
+ rescue_from StateMachines::InvalidTransition, with: :invalid_transition
31
33
 
32
34
  helper Spree::Api::ApiHelpers
33
35
 
@@ -133,13 +135,13 @@ module Spree
133
135
 
134
136
  def product_scope
135
137
  if can?(:admin, Spree::Product)
136
- scope = Spree::Product.with_deleted.accessible_by(current_ability, :read).includes(*product_includes)
138
+ scope = Spree::Product.with_discarded.accessible_by(current_ability).includes(*product_includes)
137
139
 
138
140
  unless params[:show_deleted]
139
141
  scope = scope.not_deleted
140
142
  end
141
143
  else
142
- scope = Spree::Product.accessible_by(current_ability, :read).available.includes(*product_includes)
144
+ scope = Spree::Product.accessible_by(current_ability).available.includes(*product_includes)
143
145
  end
144
146
 
145
147
  scope
@@ -159,7 +161,7 @@ module Spree
159
161
 
160
162
  def authorize_for_order
161
163
  @order = Spree::Order.find_by(number: order_id)
162
- authorize! :read, @order, order_token
164
+ authorize! :show, @order, order_token
163
165
  end
164
166
 
165
167
  def lock_order
@@ -188,6 +190,12 @@ module Spree
188
190
  def default_per_page
189
191
  Kaminari.config.default_per_page
190
192
  end
193
+
194
+ def invalid_transition(error)
195
+ logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
196
+
197
+ render "spree/api/errors/could_not_transition", locals: { resource: error.object }, status: :unprocessable_entity
198
+ end
191
199
  end
192
200
  end
193
201
  end
@@ -20,12 +20,8 @@ module Spree
20
20
  respond_with(@order, default_template: 'spree/api/orders/expected_total_mismatch', status: 400)
21
21
  return
22
22
  end
23
- authorize! :update, @order, order_token
24
23
  @order.next!
25
24
  respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
26
- rescue StateMachines::InvalidTransition => error
27
- logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
28
- respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
29
25
  end
30
26
 
31
27
  def advance
@@ -42,9 +38,6 @@ module Spree
42
38
  @order.complete!
43
39
  respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
44
40
  end
45
- rescue StateMachines::InvalidTransition => error
46
- logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
47
- respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
48
41
  end
49
42
 
50
43
  def update
@@ -57,12 +50,9 @@ module Spree
57
50
 
58
51
  return if after_update_attributes
59
52
 
60
- if @order.completed? || @order.next
53
+ if @order.completed? || @order.next!
61
54
  state_callback(:after)
62
55
  respond_with(@order, default_template: 'spree/api/orders/show')
63
- else
64
- logger.error("failed_to_transition_errors=#{@order.errors.full_messages}")
65
- respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
66
56
  end
67
57
  else
68
58
  invalid_resource!(@order)
@@ -7,7 +7,7 @@ module Spree
7
7
 
8
8
  def index
9
9
  @countries = Spree::Country.
10
- accessible_by(current_ability, :read).
10
+ accessible_by(current_ability).
11
11
  ransack(params[:q]).
12
12
  result.
13
13
  order('name ASC')
@@ -21,7 +21,7 @@ module Spree
21
21
  end
22
22
 
23
23
  def show
24
- @country = Spree::Country.accessible_by(current_ability, :read).find(params[:id])
24
+ @country = Spree::Country.accessible_by(current_ability, :show).find(params[:id])
25
25
  respond_with(@country)
26
26
  end
27
27
  end
@@ -9,7 +9,7 @@ module Spree
9
9
  def index
10
10
  @credit_cards = user
11
11
  .credit_cards
12
- .accessible_by(current_ability, :read)
12
+ .accessible_by(current_ability)
13
13
  .with_payment_profile
14
14
  .ransack(params[:q]).result
15
15
 
@@ -29,7 +29,7 @@ module Spree
29
29
 
30
30
  def user
31
31
  if params[:user_id].present?
32
- @user ||= Spree.user_class.accessible_by(current_ability, :read).find(params[:user_id])
32
+ @user ||= Spree.user_class.accessible_by(current_ability, :show).find(params[:user_id])
33
33
  end
34
34
  end
35
35
 
@@ -0,0 +1,67 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Spree
4
+ module Api
5
+ class CustomerReturnsController < Spree::Api::BaseController
6
+ before_action :load_order
7
+ around_action :lock_order, only: [:create, :update, :destroy, :cancel]
8
+
9
+ rescue_from Spree::Order::InsufficientStock, with: :insufficient_stock_error
10
+
11
+ def create
12
+ authorize! :create, CustomerReturn
13
+ @customer_return = CustomerReturn.create(customer_return_params)
14
+ if @customer_return.save
15
+ respond_with(@customer_return, status: 201, default_template: :show)
16
+ else
17
+ invalid_resource!(@customer_return)
18
+ end
19
+ end
20
+
21
+ def index
22
+ authorize! :index, CustomerReturn
23
+
24
+ @customer_returns = @order.
25
+ customer_returns.
26
+ accessible_by(current_ability).
27
+ ransack(params[:q]).
28
+ result
29
+
30
+ @customer_returns = paginate(@customer_returns)
31
+
32
+ respond_with(@customer_returns)
33
+ end
34
+
35
+ def new
36
+ authorize! :new, CustomerReturn
37
+ end
38
+
39
+ def show
40
+ authorize! :show, CustomerReturn
41
+ @customer_return = @order.customer_returns.accessible_by(current_ability, :show).find(params[:id])
42
+ respond_with(@customer_return)
43
+ end
44
+
45
+ def update
46
+ authorize! :update, CustomerReturn
47
+ @customer_return = @order.customer_returns.accessible_by(current_ability, :update).find(params[:id])
48
+ if @customer_return.update(customer_return_params)
49
+ respond_with(@customer_return.reload, default_template: :show)
50
+ else
51
+ invalid_resource!(@customer_return)
52
+ end
53
+ end
54
+
55
+ private
56
+
57
+ def load_order
58
+ @order ||= Spree::Order.find_by!(number: order_id)
59
+ authorize! :show, @order
60
+ end
61
+
62
+ def customer_return_params
63
+ params.require(:customer_return).permit(permitted_customer_return_attributes)
64
+ end
65
+ end
66
+ end
67
+ end
@@ -4,12 +4,12 @@ module Spree
4
4
  module Api
5
5
  class ImagesController < Spree::Api::BaseController
6
6
  def index
7
- @images = scope.images.accessible_by(current_ability, :read)
7
+ @images = scope.images.accessible_by(current_ability)
8
8
  respond_with(@images)
9
9
  end
10
10
 
11
11
  def show
12
- @image = Spree::Image.accessible_by(current_ability, :read).find(params[:id])
12
+ @image = scope.images.accessible_by(current_ability, :show).find(params[:id])
13
13
  respond_with(@image)
14
14
  end
15
15
 
@@ -20,13 +20,13 @@ module Spree
20
20
  end
21
21
 
22
22
  def update
23
- @image = Spree::Image.accessible_by(current_ability, :update).find(params[:id])
23
+ @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
24
24
  @image.update(image_params)
25
25
  respond_with(@image, default_template: :show)
26
26
  end
27
27
 
28
28
  def destroy
29
- @image = Spree::Image.accessible_by(current_ability, :destroy).find(params[:id])
29
+ @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
30
30
  @image.destroy
31
31
  respond_with(@image, status: 204)
32
32
  end
@@ -26,7 +26,7 @@ module Spree
26
26
  private
27
27
 
28
28
  def inventory_unit
29
- @inventory_unit ||= Spree::InventoryUnit.accessible_by(current_ability, :read).find(params[:id])
29
+ @inventory_unit ||= Spree::InventoryUnit.accessible_by(current_ability, :show).find(params[:id])
30
30
  end
31
31
 
32
32
  def prepare_event
@@ -5,15 +5,15 @@ module Spree
5
5
  class OptionTypesController < Spree::Api::BaseController
6
6
  def index
7
7
  if params[:ids]
8
- @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
8
+ @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability).where(id: params[:ids].split(','))
9
9
  else
10
- @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).load.ransack(params[:q]).result
10
+ @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability).load.ransack(params[:q]).result
11
11
  end
12
12
  respond_with(@option_types)
13
13
  end
14
14
 
15
15
  def show
16
- @option_type = Spree::OptionType.accessible_by(current_ability, :read).find(params[:id])
16
+ @option_type = Spree::OptionType.accessible_by(current_ability, :show).find(params[:id])
17
17
  respond_with(@option_type)
18
18
  end
19
19
 
@@ -46,9 +46,9 @@ module Spree
46
46
 
47
47
  def scope
48
48
  if params[:option_type_id]
49
- @scope ||= Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability, :read)
49
+ @scope ||= Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability)
50
50
  else
51
- @scope ||= Spree::OptionValue.accessible_by(current_ability, :read).load
51
+ @scope ||= Spree::OptionValue.accessible_by(current_ability).load
52
52
  end
53
53
  end
54
54
 
@@ -53,7 +53,7 @@ module Spree
53
53
  end
54
54
 
55
55
  def index
56
- authorize! :index, Order
56
+ authorize! :admin, Order
57
57
  orders_includes = [
58
58
  { user: :store_credits },
59
59
  :line_items,
@@ -62,7 +62,7 @@ module Spree
62
62
 
63
63
  def find_order
64
64
  @order = Spree::Order.find_by(number: order_id)
65
- authorize! :read, @order, order_token
65
+ authorize! :show, @order, order_token
66
66
  end
67
67
 
68
68
  def find_payment
@@ -9,7 +9,7 @@ module Spree
9
9
  def index
10
10
  @product_properties = @product.
11
11
  product_properties.
12
- accessible_by(current_ability, :read).
12
+ accessible_by(current_ability).
13
13
  ransack(params[:q]).
14
14
  result
15
15
 
@@ -36,9 +36,8 @@ module Spree
36
36
  end
37
37
 
38
38
  def update
39
- if @product_property
40
- authorize! :update, @product_property
41
- @product_property.update(product_property_params)
39
+ authorize! :update, @product_property
40
+ if @product_property.update(product_property_params)
42
41
  respond_with(@product_property, status: 200, default_template: :show)
43
42
  else
44
43
  invalid_resource!(@product_property)
@@ -46,27 +45,23 @@ module Spree
46
45
  end
47
46
 
48
47
  def destroy
49
- if @product_property
50
- authorize! :destroy, @product_property
51
- @product_property.destroy
52
- respond_with(@product_property, status: 204)
53
- else
54
- invalid_resource!(@product_property)
55
- end
48
+ authorize! :destroy, @product_property
49
+ @product_property.destroy
50
+ respond_with(@product_property, status: 204)
56
51
  end
57
52
 
58
53
  private
59
54
 
60
55
  def find_product
61
56
  @product = super(params[:product_id])
62
- authorize! :read, @product
57
+ authorize! :show, @product
63
58
  end
64
59
 
65
60
  def product_property
66
61
  if @product
67
62
  @product_property ||= @product.product_properties.find_by(id: params[:id])
68
- @product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first
69
- authorize! :read, @product_property
63
+ @product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first!
64
+ authorize! :show, @product_property
70
65
  end
71
66
  end
72
67
 
@@ -3,26 +3,17 @@
3
3
  module Spree
4
4
  module Api
5
5
  class PromotionsController < Spree::Api::BaseController
6
- before_action :requires_admin
7
6
  before_action :load_promotion
8
7
 
9
8
  def show
10
- if @promotion
11
- respond_with(@promotion, default_template: :show)
12
- else
13
- raise ActiveRecord::RecordNotFound
14
- end
9
+ authorize! :show, @promotion
10
+ respond_with(@promotion, default_template: :show)
15
11
  end
16
12
 
17
13
  private
18
14
 
19
- def requires_admin
20
- return if @current_user_roles.include?("admin")
21
- unauthorized && return
22
- end
23
-
24
15
  def load_promotion
25
- @promotion = Spree::Promotion.find_by(id: params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
16
+ @promotion = Spree::Promotion.with_coupon_code(params[:id]) || Spree::Promotion.find(params[:id])
26
17
  end
27
18
  end
28
19
  end
@@ -6,7 +6,7 @@ module Spree
6
6
  before_action :find_property, only: [:show, :update, :destroy]
7
7
 
8
8
  def index
9
- @properties = Spree::Property.accessible_by(current_ability, :read)
9
+ @properties = Spree::Property.accessible_by(current_ability)
10
10
 
11
11
  if params[:ids]
12
12
  ids = params[:ids].split(",").flatten
@@ -59,9 +59,9 @@ module Spree
59
59
  private
60
60
 
61
61
  def find_property
62
- @property = Spree::Property.accessible_by(current_ability, :read).find(params[:id])
62
+ @property = Spree::Property.accessible_by(current_ability, :show).find(params[:id])
63
63
  rescue ActiveRecord::RecordNotFound
64
- @property = Spree::Property.accessible_by(current_ability, :read).find_by!(name: params[:id])
64
+ @property = Spree::Property.accessible_by(current_ability, :show).find_by!(name: params[:id])
65
65
  end
66
66
 
67
67
  def property_params
@@ -4,7 +4,7 @@ class Spree::Api::ResourceController < Spree::Api::BaseController
4
4
  before_action :load_resource, only: [:show, :update, :destroy]
5
5
 
6
6
  def index
7
- collection_scope = model_class.accessible_by(current_ability, :read)
7
+ collection_scope = model_class.accessible_by(current_ability)
8
8
  if params[:ids]
9
9
  ids = params[:ids].split(",").flatten
10
10
  collection_scope = collection_scope.where(id: ids)
@@ -65,7 +65,7 @@ class Spree::Api::ResourceController < Spree::Api::BaseController
65
65
  protected
66
66
 
67
67
  def load_resource
68
- @object = model_class.accessible_by(current_ability, :read).find(params[:id])
68
+ @object = model_class.accessible_by(current_ability, :show).find(params[:id])
69
69
  instance_variable_set("@#{object_name}", @object)
70
70
  end
71
71