solidus_api 2.10.5 → 2.11.0

data/app/controllers/spree/api/return_authorizations_controller.rb

@@ -29,7 +29,7 @@ module Spree
 
         @return_authorizations = @order.
           return_authorizations.
-          accessible_by(current_ability, :read).
+          accessible_by(current_ability).
           ransack(params[:q]).
           result
 
@@ -44,7 +44,7 @@ module Spree
 
       def show
         authorize! :admin, ReturnAuthorization
-        @return_authorization = @order.return_authorizations.accessible_by(current_ability, :read).find(params[:id])
+        @return_authorization = @order.return_authorizations.accessible_by(current_ability, :show).find(params[:id])
         respond_with(@return_authorization)
       end
 
@@ -70,7 +70,7 @@ module Spree
 
       def load_order
         @order ||= Spree::Order.find_by!(number: order_id)
-        authorize! :read, @order
+        authorize! :show, @order
       end
 
       def return_authorization_params

data/app/controllers/spree/api/shipments_controller.rb

@@ -132,7 +132,7 @@ module Spree
 
       def find_order_on_create
         @order = Spree::Order.find_by!(number: params[:shipment][:order_id])
-        authorize! :read, @order
+        authorize! :show, @order
       end
 
       def find_shipment

data/app/controllers/spree/api/states_controller.rb

@@ -25,10 +25,10 @@ module Spree
 
       def scope
         if params[:country_id]
-          @country = Spree::Country.accessible_by(current_ability, :read).find(params[:country_id])
-          @country.states.accessible_by(current_ability, :read)
+          @country = Spree::Country.accessible_by(current_ability, :show).find(params[:country_id])
+          @country.states.accessible_by(current_ability)
         else
-          Spree::State.accessible_by(current_ability, :read)
+          Spree::State.accessible_by(current_ability)
         end
       end
     end

data/app/controllers/spree/api/stock_items_controller.rb

@@ -58,12 +58,12 @@ module Spree
       private
 
       def load_stock_location
-        @stock_location ||= Spree::StockLocation.accessible_by(current_ability).find(params.fetch(:stock_location_id))
+        @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :show).find(params.fetch(:stock_location_id))
       end
 
       def scope
         includes = { variant: [{ option_values: :option_type }, :product] }
-        @stock_location.stock_items.accessible_by(current_ability, :read).includes(includes)
+        @stock_location.stock_items.accessible_by(current_ability).includes(includes)
       end
 
       def stock_item_params

data/app/controllers/spree/api/stock_locations_controller.rb

@@ -4,10 +4,10 @@ module Spree
   module Api
     class StockLocationsController < Spree::Api::BaseController
       def index
-        authorize! :read, StockLocation
+        authorize! :index, StockLocation
 
         @stock_locations = StockLocation.
-          accessible_by(current_ability, :read).
+          accessible_by(current_ability).
           order('name ASC').
           ransack(params[:q]).
           result
@@ -49,7 +49,7 @@ module Spree
       private
 
       def stock_location
-        @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :read).find(params[:id])
+        @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :show).find(params[:id])
       end
 
       def stock_location_params

data/app/controllers/spree/api/stock_movements_controller.rb

@@ -6,7 +6,7 @@ module Spree
       before_action :stock_location, except: [:update, :destroy]
 
       def index
-        authorize! :read, StockMovement
+        authorize! :index, StockMovement
         @stock_movements = paginate(scope.ransack(params[:q]).result)
         respond_with(@stock_movements)
       end
@@ -29,11 +29,11 @@ module Spree
       private
 
       def stock_location
-        @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
+        @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :show).find(params[:stock_location_id])
       end
 
       def scope
-        @stock_location.stock_movements.accessible_by(current_ability, :read)
+        @stock_location.stock_movements.accessible_by(current_ability)
       end
 
       def stock_movement_params

data/app/controllers/spree/api/stores_controller.rb

@@ -6,8 +6,8 @@ module Spree
       before_action :get_store, except: [:index, :create]
 
       def index
-        authorize! :read, Store
-        @stores = Spree::Store.accessible_by(current_ability, :read).all
+        authorize! :index, Store
+        @stores = Spree::Store.accessible_by(current_ability).all
         respond_with(@stores)
       end
 
@@ -32,7 +32,7 @@ module Spree
       end
 
       def show
-        authorize! :read, @store
+        authorize! :show, @store
         respond_with(@store)
       end
 

data/app/controllers/spree/api/taxonomies_controller.rb

@@ -50,7 +50,7 @@ module Spree
 
       def taxonomies
         @taxonomies = Taxonomy.
-          accessible_by(current_ability, :read).
+          accessible_by(current_ability).
           order('name').
           includes(root: :children).
           ransack(params[:q]).
@@ -58,7 +58,7 @@ module Spree
       end
 
       def taxonomy
-        @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :read).
+        @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :show).
           includes(root: :children).
           find(params[:id])
       end

data/app/controllers/spree/api/taxons_controller.rb

@@ -7,9 +7,9 @@ module Spree
         if taxonomy
           @taxons = taxonomy.root.children
         elsif params[:ids]
-          @taxons = Spree::Taxon.accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+          @taxons = Spree::Taxon.accessible_by(current_ability).where(id: params[:ids].split(','))
         else
-          @taxons = Spree::Taxon.accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
+          @taxons = Spree::Taxon.accessible_by(current_ability).order(:taxonomy_id, :lft).ransack(params[:q]).result
         end
 
         unless params[:without_children]
@@ -96,12 +96,12 @@ module Spree
 
       def taxonomy
         if params[:taxonomy_id].present?
-          @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :read).find(params[:taxonomy_id])
+          @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :show).find(params[:taxonomy_id])
         end
       end
 
       def taxon
-        @taxon ||= taxonomy.taxons.accessible_by(current_ability, :read).find(params[:id])
+        @taxon ||= taxonomy.taxons.accessible_by(current_ability, :show).find(params[:id])
       end
 
       def taxon_params

data/app/controllers/spree/api/users_controller.rb

@@ -1,6 +1,19 @@
 # frozen_string_literal: true
 
 class Spree::Api::UsersController < Spree::Api::ResourceController
+  def index
+    user_scope = model_class.accessible_by(current_ability, :show)
+    if params[:ids]
+      ids = params[:ids].split(",").flatten
+      @users = user_scope.where(id: ids)
+    else
+      @users = user_scope.ransack(params[:q]).result
+    end
+
+    @users = paginate(@users.distinct)
+    respond_with(@users)
+  end
+
   private
 
   attr_reader :user

data/app/controllers/spree/api/variants_controller.rb

@@ -53,7 +53,7 @@ module Spree
       private
 
       def product
-        @product ||= Spree::Product.accessible_by(current_ability, :read).friendly.find(params[:product_id]) if params[:product_id]
+        @product ||= Spree::Product.accessible_by(current_ability, :show).friendly.find(params[:product_id]) if params[:product_id]
       end
 
       def scope
@@ -64,12 +64,12 @@ module Spree
         end
 
         if current_ability.can?(:manage, Variant) && params[:show_deleted]
-          variants = variants.with_deleted
+          variants = variants.with_discarded
         end
 
         in_stock_only = ActiveRecord::Type::Boolean.new.cast(params[:in_stock_only])
         suppliable_only = ActiveRecord::Type::Boolean.new.cast(params[:suppliable_only])
-        variants = variants.accessible_by(current_ability, :read)
+        variants = variants.accessible_by(current_ability)
         if in_stock_only || cannot?(:view_out_of_stock, Spree::Variant)
           variants = variants.in_stock
         elsif suppliable_only

data/app/controllers/spree/api/zones_controller.rb

@@ -21,7 +21,7 @@ module Spree
 
       def index
         @zones = Spree::Zone.
-          accessible_by(current_ability, :read).
+          accessible_by(current_ability).
           order('name ASC').
           ransack(params[:q]).
           result
@@ -55,7 +55,7 @@ module Spree
       end
 
       def zone
-        @zone ||= Spree::Zone.accessible_by(current_ability, :read).find(params[:id])
+        @zone ||= Spree::Zone.accessible_by(current_ability, :show).find(params[:id])
       end
     end
   end

data/app/helpers/spree/api/api_helpers.rb

@@ -22,6 +22,7 @@ module Spree
         :state_attributes,
         :adjustment_attributes,
         :inventory_unit_attributes,
+        :customer_return_attributes,
         :return_authorization_attributes,
         :creditcard_attributes,
         :payment_source_attributes,
@@ -117,16 +118,27 @@ module Spree
         :id, :state, :variant_id, :shipment_id
       ]
 
+      @@customer_return_attributes = [
+        :id, :number, :stock_location_id, :created_at, :updated_at
+      ]
+
       @@return_authorization_attributes = [
         :id, :number, :state, :order_id, :memo, :created_at, :updated_at
       ]
 
-      @@address_attributes = [
-        :id, :firstname, :lastname, :full_name, :address1, :address2, :city,
-        :zipcode, :phone, :company, :alternative_phone, :country_id, :country_iso,
-        :state_id, :state_name, :state_text
+      @@address_base_attributes = [
+        :id, :name, :address1, :address2, :city, :zipcode, :phone, :company,
+        :alternative_phone, :country_id, :country_iso, :state_id, :state_name,
+        :state_text
       ]
 
+      @@address_attributes = if Spree::Config.use_combined_first_and_last_name_in_address
+                               @@address_base_attributes
+                             else
+                               @@address_base_attributes +
+                                 Spree::Address::LEGACY_NAME_ATTRS.map(&:to_sym)
+                             end
+
       @@country_attributes = [:id, :iso_name, :iso, :iso3, :name, :numcode]
 
       @@state_attributes = [:id, :name, :abbr, :country_id]
@@ -168,7 +180,8 @@ module Spree
 
       @@store_attributes = [
         :id, :name, :url, :meta_description, :meta_keywords, :seo_title,
-        :mail_from_address, :default_currency, :code, :default, :available_locales
+        :mail_from_address, :default_currency, :code, :default, :available_locales,
+        :bcc_email
       ]
 
       @@store_credit_history_attributes = [

data/app/views/spree/api/customer_returns/index.json.jbuilder

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+json.customer_returns(@customer_returns) do |customer_return|
+  json.(customer_return, *customer_return_attributes)
+end
+json.partial! 'spree/api/shared/pagination', pagination: @customer_returns

data/app/views/spree/api/customer_returns/new.json.jbuilder

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+json.attributes([*customer_return_attributes])
+json.required_attributes(required_fields_for(Spree::CustomerReturn))

data/app/views/spree/api/customer_returns/show.json.jbuilder

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+json.(@customer_return, *customer_return_attributes)

data/app/views/spree/api/errors/could_not_transition.json.jbuilder

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+json.error(I18n.t(:could_not_transition, scope: "spree.api", resource: resource.class.name.demodulize.underscore))
+json.errors(resource.errors.to_hash)

data/app/views/spree/api/orders/could_not_transition.json.jbuilder

@@ -1,4 +1,9 @@
 # frozen_string_literal: true
 
+Spree::Deprecation.warn(
+  'spree/api/orders/could_not_transition is deprecated.' \
+  ' Please use spree/api/errors/could_not_transition'
+)
+
 json.error(I18n.t(:could_not_transition, scope: "spree.api.order"))
 json.errors(@order.errors.to_hash)

data/config/locales/en.yml

@@ -8,6 +8,8 @@ en:
       invalid_resource: Invalid resource. Please fix errors and try again.
       invalid_taxonomy_id: Invalid taxonomy id.
       must_specify_api_key: You must specify an API key.
+      could_not_transition: The %{resource} could not be transitioned. Please fix the
+        errors and try again.
       order:
         could_not_transition: The order could not be transitioned. Please fix the
           errors and try again.

data/config/routes.rb

@@ -3,9 +3,11 @@
 Spree::Core::Engine.routes.draw do
   namespace :admin do
     resources :users do
+      resource :api_key, controller: 'users/api_key', only: [:create, :destroy]
+
       member do
-        put :generate_api_key
-        put :clear_api_key
+        put :generate_api_key # Deprecated
+        put :clear_api_key # Deprecated
       end
     end
   end
@@ -38,6 +40,8 @@ Spree::Core::Engine.routes.draw do
           put :cancel
         end
       end
+
+      resources :customer_returns, except: :destroy
     end
 
     resources :checkouts, only: [:update], concerns: :order_routes do
@@ -57,7 +61,6 @@ Spree::Core::Engine.routes.draw do
     end
     resources :option_values
 
-    resources :option_values, only: :index
     get '/orders/mine', to: 'orders#mine', as: 'my_orders'
     get "/orders/current", to: "orders#current", as: "current_order"
 

data/lib/spree/api/testing_support/helpers.rb

@@ -38,7 +38,7 @@ module Spree
         end
 
         def upload_image(filename)
-          fixture_file_upload(image(filename).path, 'image/jpg')
+          Rack::Test::UploadedFile.new(File.open(image(filename).path), 'image/jpg')
         end
       end
     end

data/openapi/authentication.md

@@ -10,6 +10,14 @@ You can use your API key to access all resources in the API. The API key must be
 Authorization: Bearer API_KEY
 ```
 
+As an admin, you can find your API token in the admin section under Users > Your e-email > API Access (at `admin/users/<user_id>/edit`)
+
+Example:
+
+```
+curl --header "Authorization: Bearer 1a6a9936ad150a2ee345c65331da7a3ccc2de" http://www.my-solidus-site.com/api/stores
+```
+
 By default, API keys are only generated for admins, but you can easily customize Solidus to generate them for all users, which is useful for instance if you want users to be able to sign in and manage their profile via the API.
 
 ### Order token
@@ -22,4 +30,4 @@ The order token must be passed in the `X-Spree-Order-Token` header in the follow
 X-Spree-Order-Token: ORDER_TOKEN
 ```
 
-If you are already providing an API key, you don't need to also provide the order token (although you may do so).
+If you are already providing an API key, you don't need to also provide the order token (although you may do so).

data/openapi/checkout-flow.md

@@ -27,15 +27,28 @@ When you are ready to start the checkout flow, you can call `PUT /checkouts/:ord
 
 To enter the billing and shipping addresses, use the `PATCH /checkouts/:order_number` endpoint.
 
-Once again, call `PUT /checkouts/:order_number/next` to transition the order from the `address` to the `shipping` state.
+The `checkouts#update` endpoint always advance the order to the next state. If the above request is successful, the order should now be in the `delivery` state.
 
 ## 6. Select a shipping method
 
-You can retrieve the available shipping methods, along with their rates, via `GET /shipments/:shipment_number/estimated_rates`. This allows you to let your user choose the shipping method they prefer.
+You can retrieve the available shipping methods, along with their rates, via `GET /orders/:order_number` or `GET /orders/current`. This allows you to let your user choose the shipping method they prefer.
 
-When you want to select a shipping method, call `PUT /shipments/:shipment_number/select_shipping_method`.
+When you want to select a shipping method, call `PUT /checkouts/:order_number`:
 
-Finally, call `PUT /checkouts/:order_number/next` to transition the order from the `shipping` to the `payment` state.
+```
+  {
+    "order": {
+      "shipments_attributes": {
+        "0": {
+          "selected_shipping_rate_id": :shipping_rate_id,
+          "id": :shipment_id
+        }
+      }
+    }
+  }
+```
+
+If the above request is successful, the order should now be in the `payment` state.
 
 ## 7. Enter payment details
 

data/openapi/main.hub.yml

@@ -62,4 +62,4 @@ pages:
           route:
             path: /api-reference
           data:
-            $ref: ./api.oas2.yml
+            $ref: ./solidus-api.oas.yml