solidus_api 2.9.5 → 2.10.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ead99f957c13a661698c4f368979a94f1068be778550779d368dd0859698894
-  data.tar.gz: 63f6e8abe0a910222163a7c3afcb9f9b55ee00b15c9b23205a35b7ca14efe067
+  metadata.gz: b7afcbef6dfdc19f02d26c7b3e410f072dc0d6be5a5b7d476b64b3725b1b24b7
+  data.tar.gz: ac898e6b9d5df7e526a5cd9af63a240aed5e2ab46c7ac75ca583b0fb7eb599b1
 SHA512:
-  metadata.gz: 3b0b734a3d20c74295e479717df705bd2212e8bbb323a4bbbb7965187c72419f458f8e2763e1a39909c629c4e395015836d80cbf33d8ba9556362a069dee0ffb
-  data.tar.gz: 6bf3a472fee1cfbcbff63977120e48a75b0b979c53b62702331bcd7bb7bf41be1b064db5dda40c8b9edb6854db7ad6e81f3882dd9c248e4f595b2eaec1d7cd89
+  metadata.gz: ce175516b04998e778b53e3d1ae47fc1a04c2ef4146a68000bc8745d5e267e423054d0e96fb1b02a03fa26ac186210012b84b54fa7592d15df7cf4fcf8e8d39a
+  data.tar.gz: 197562fcd0ea03c6593c21bfb8cb6f8d2424c6ddc3b12cbbc5b83a501976fe724c448a341de063a630daa3cb0f1309687503f5f35ee27536ad4d0a715392c3ea

data/README.md

@@ -1,6 +1,7 @@
-# solidus\_api
+# solidus_api
 
-API contains the controllers and rabl views implementing the REST API of Solidus.
+API contains the controllers and Jbuilder views implementing the REST API of
+Solidus.
 
 ## Testing
 
@@ -9,3 +10,35 @@ Run the API tests:
 ```bash
 bundle exec rspec
 ```
+
+## Documentation
+
+The API documentation is in the [openapi][docs-dir] directory. It follows the
+OpenAPI specification and it is hosted on [Stoplight Docs][live-docs].
+
+If you want to contribute, you can use [Stoplight Studio][studio]. Simply
+follow these steps:
+
+1. Create a new Stoplight Studio project
+2. Copy-paste the content of `openapi/api.oas2.yml` into your project
+3. Edit the endpoints and models as needed
+4. Copy-paste the result back into `openapi/api.oas2.yml`
+5. Open a PR!
+
+**Note: Only use embedded models in Stoplight Studio, as Stoplight Docs is
+not compatible with externally-defined models!**
+
+CircleCI automatically syncs our Git repo with Stoplight Docs when a PR is
+merged, and automatically publishes a new version on Docs when a new Solidus
+version is released.
+
+## Related projects
+
+- [solidus-sdk](https://gitlab.com/deseretbook/packages/solidus-sdk): created
+  by Joel Saupe at [Deseret Book](https://deseretbook.com/), this is a JS SDK
+  that allows you to use the Solidus API. It even supports plug-ins, so you can
+  easily extend it with the endpoints provided by your Solidus extensions!
+
+[docs-dir]: https://github.com/solidusio/solidus/tree/master/api/openapi
+[live-docs]: https://solidus.docs.stoplight.io
+[studio]: https://stoplight.io/p/studio

data/app/controllers/spree/api/addresses_controller.rb

@@ -15,7 +15,7 @@ module Spree
         authorize! :update, @order, order_token
         find_address
 
-        if @order.update_attributes({ "#{@order_source}_attributes" => address_params })
+        if @order.update({ "#{@order_source}_attributes" => address_params })
           @address = @order.send(@order_source)
           respond_with(@address, default_template: :show)
         else

data/app/controllers/spree/api/base_controller.rb

@@ -49,9 +49,9 @@ module Spree
       def authenticate_user
         unless @current_api_user
           if requires_authentication? && api_key.blank? && order_token.blank?
-            render "spree/api/errors/must_specify_api_key", status: 401
+            render "spree/api/errors/must_specify_api_key", status: :unauthorized
           elsif order_token.blank? && (requires_authentication? || api_key.present?)
-            render "spree/api/errors/invalid_api_key", status: 401
+            render "spree/api/errors/invalid_api_key", status: :unauthorized
           end
         end
       end
@@ -65,7 +65,7 @@ module Spree
       end
 
       def unauthorized
-        render "spree/api/errors/unauthorized", status: 401
+        render "spree/api/errors/unauthorized", status: :unauthorized
       end
 
       def gateway_error(exception)
@@ -78,7 +78,7 @@ module Spree
           exception: exception.message,
           error: exception.message,
           missing_param: exception.param
-        }, status: 422
+        }, status: :unprocessable_entity
       end
 
       def requires_authentication?
@@ -86,7 +86,7 @@ module Spree
       end
 
       def not_found
-        render "spree/api/errors/not_found", status: 404
+        render "spree/api/errors/not_found", status: :not_found
       end
 
       def current_ability
@@ -96,7 +96,7 @@ module Spree
       def invalid_resource!(resource)
         Rails.logger.error "invalid_resouce_errors=#{resource.errors.full_messages}"
         @resource = resource
-        render "spree/api/errors/invalid_resource", status: 422
+        render "spree/api/errors/invalid_resource", status: :unprocessable_entity
       end
 
       def api_key
@@ -112,7 +112,7 @@ module Spree
 
       def spree_token
         token = request.headers["X-Spree-Token"]
-        return unless token.present?
+        return if token.blank?
 
         Spree::Deprecation.warn(
           'The custom X-Spree-Token request header is deprecated and will be removed in the next release.' \
@@ -164,8 +164,8 @@ module Spree
 
       def lock_order
         OrderMutex.with_lock!(@order) { yield }
-      rescue Spree::OrderMutex::LockFailed => e
-        render plain: e.message, status: 409
+      rescue Spree::OrderMutex::LockFailed => error
+        render plain: error.message, status: :conflict
       end
 
       def insufficient_stock_error(exception)
@@ -175,7 +175,7 @@ module Spree
             errors: [I18n.t(:quantity_is_not_available, scope: "spree.api.order")],
             type: 'insufficient_stock'
           },
-          status: 422
+          status: :unprocessable_entity
         )
       end
 

data/app/controllers/spree/api/checkouts_controller.rb

@@ -23,8 +23,8 @@ module Spree
         authorize! :update, @order, order_token
         @order.next!
         respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
-      rescue StateMachines::InvalidTransition => e
-        logger.error("invalid_transition #{e.event} from #{e.from} for #{e.object.class.name}. Error: #{e.inspect}")
+      rescue StateMachines::InvalidTransition => error
+        logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
         respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
       end
 
@@ -42,8 +42,8 @@ module Spree
           @order.complete!
           respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
         end
-      rescue StateMachines::InvalidTransition => e
-        logger.error("invalid_transition #{e.event} from #{e.from} for #{e.object.class.name}. Error: #{e.inspect}")
+      rescue StateMachines::InvalidTransition => error
+        logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
         respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
       end
 
@@ -76,11 +76,24 @@ module Spree
       end
 
       def update_params
-        if update_params = massaged_params[:order]
-          update_params.permit(permitted_checkout_attributes)
+        state = @order.state
+        case state.to_sym
+        when :cart, :address
+          massaged_params.fetch(:order, {}).permit(
+            permitted_checkout_address_attributes
+          )
+        when :delivery
+          massaged_params.require(:order).permit(
+            permitted_checkout_delivery_attributes
+          )
+        when :payment
+          massaged_params.require(:order).permit(
+            permitted_checkout_payment_attributes
+          )
         else
-          # We current allow update requests without any parameters in them.
-          {}
+          massaged_params.fetch(:order, {}).permit(
+            permitted_checkout_confirm_attributes
+          )
         end
       end
 

data/app/controllers/spree/api/credit_cards_controller.rb

@@ -18,7 +18,7 @@ module Spree
       end
 
       def update
-        if @credit_card.update_attributes(credit_card_update_params)
+        if @credit_card.update(credit_card_update_params)
           respond_with(@credit_card, default_template: :show)
         else
           invalid_resource!(@credit_card)

data/app/controllers/spree/api/images_controller.rb

@@ -21,7 +21,7 @@ module Spree
 
       def update
         @image = Spree::Image.accessible_by(current_ability, :update).find(params[:id])
-        @image.update_attributes(image_params)
+        @image.update(image_params)
         respond_with(@image, default_template: :show)
       end
 

data/app/controllers/spree/api/inventory_units_controller.rb

@@ -14,7 +14,7 @@ module Spree
         authorize! :update, inventory_unit.order
 
         inventory_unit.transaction do
-          if inventory_unit.update_attributes(inventory_unit_params)
+          if inventory_unit.update(inventory_unit_params)
             fire
             render :show, status: 200
           else

data/app/controllers/spree/api/option_types_controller.rb

@@ -29,7 +29,7 @@ module Spree
 
       def update
         @option_type = Spree::OptionType.accessible_by(current_ability, :update).find(params[:id])
-        if @option_type.update_attributes(option_type_params)
+        if @option_type.update(option_type_params)
           render :show
         else
           invalid_resource!(@option_type)

data/app/controllers/spree/api/option_values_controller.rb

@@ -29,7 +29,7 @@ module Spree
 
       def update
         @option_value = scope.accessible_by(current_ability, :update).find(params[:id])
-        if @option_value.update_attributes(option_value_params)
+        if @option_value.update(option_value_params)
           render :show
         else
           invalid_resource!(@option_value)

data/app/controllers/spree/api/orders_controller.rb

@@ -55,10 +55,9 @@ module Spree
       def index
         authorize! :index, Order
         orders_includes = [
-          :user,
-          :payments,
-          :adjustments,
-          :line_items
+          { user: :store_credits },
+          :line_items,
+          :valid_store_credit_payments
         ]
         @orders = paginate(
           Spree::Order
@@ -131,7 +130,13 @@ module Spree
       end
 
       def normalize_params
-        params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
+        if params[:order][:payments]
+          payments_params = params[:order].delete(:payments)
+          params[:order][:payments_attributes] = payments_params.map do |payment_params|
+            payment_params[:source_attributes] = payment_params.delete(:source) if payment_params[:source].present?
+            payment_params
+          end
+        end
         params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
         params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
         params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address].present?
@@ -168,7 +173,13 @@ module Spree
       end
 
       def find_order(_lock = false)
-        @order = Spree::Order.find_by!(number: params[:id])
+        @order = Spree::Order.
+          includes(line_items: [:adjustments, { variant: :images }],
+                   payments: :payment_method,
+                   shipments: {
+                     shipping_rates: { shipping_method: :zones, taxes: :tax_rate }
+                   }).
+          find_by!(number: params[:id])
       end
 
       def order_id

data/app/controllers/spree/api/payments_controller.rb

@@ -31,7 +31,7 @@ module Spree
         authorize! params[:action], @payment
         if !@payment.pending?
           render 'update_forbidden', status: 403
-        elsif @payment.update_attributes(payment_params)
+        elsif @payment.update(payment_params)
           respond_with(@payment, default_template: :show)
         else
           invalid_resource!(@payment)

data/app/controllers/spree/api/product_properties_controller.rb

@@ -38,7 +38,7 @@ module Spree
       def update
         if @product_property
           authorize! :update, @product_property
-          @product_property.update_attributes(product_property_params)
+          @product_property.update(product_property_params)
           respond_with(@product_property, status: 200, default_template: :show)
         else
           invalid_resource!(@product_property)

data/app/controllers/spree/api/properties_controller.rb

@@ -39,7 +39,7 @@ module Spree
       def update
         if @property
           authorize! :update, @property
-          @property.update_attributes(property_params)
+          @property.update(property_params)
           respond_with(@property, status: 200, default_template: :show)
         else
           invalid_resource!(@property)

data/app/controllers/spree/api/resource_controller.rb

@@ -43,7 +43,7 @@ class Spree::Api::ResourceController < Spree::Api::BaseController
   def update
     authorize! :update, @object
 
-    if @object.update_attributes(permitted_resource_params)
+    if @object.update(permitted_resource_params)
       respond_with(@object, status: 200, default_template: :show)
     else
       invalid_resource!(@object)

data/app/controllers/spree/api/return_authorizations_controller.rb

@@ -50,7 +50,7 @@ module Spree
 
       def update
         @return_authorization = @order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
-        if @return_authorization.update_attributes(return_authorization_params)
+        if @return_authorization.update(return_authorization_params)
           respond_with(@return_authorization, default_template: :show)
         else
           invalid_resource!(@return_authorization)

data/app/controllers/spree/api/shipments_controller.rb

@@ -146,7 +146,7 @@ module Spree
       end
 
       def update_shipment
-        @shipment.update_attributes(shipment_params)
+        @shipment.update(shipment_params)
         @shipment.reload
       end
 

data/app/controllers/spree/api/stock_items_controller.rb

@@ -40,7 +40,7 @@ module Spree
         adjustment -= @stock_item.count_on_hand if params[:stock_item][:force]
 
         Spree::StockItem.transaction do
-          if @stock_item.update_attributes(stock_item_params)
+          if @stock_item.update(stock_item_params)
             adjust_stock_item_count_on_hand(adjustment)
             respond_with(@stock_item, status: 200, default_template: :show)
           else

data/app/controllers/spree/api/stock_locations_controller.rb

@@ -33,7 +33,7 @@ module Spree
 
       def update
         authorize! :update, stock_location
-        if stock_location.update_attributes(stock_location_params)
+        if stock_location.update(stock_location_params)
           respond_with(stock_location, status: 200, default_template: :show)
         else
           invalid_resource!(stock_location)

data/app/controllers/spree/api/stores_controller.rb

@@ -24,7 +24,7 @@ module Spree
 
       def update
         authorize! :update, @store
-        if @store.update_attributes(store_params)
+        if @store.update(store_params)
           respond_with(@store, status: 200, default_template: :show)
         else
           invalid_resource!(@store)

data/app/controllers/spree/api/taxonomies_controller.rb

@@ -33,7 +33,7 @@ module Spree
 
       def update
         authorize! :update, taxonomy
-        if taxonomy.update_attributes(taxonomy_params)
+        if taxonomy.update(taxonomy_params)
           respond_with(taxonomy, status: 200, default_template: :show)
         else
           invalid_resource!(taxonomy)
@@ -58,7 +58,9 @@ module Spree
       end
 
       def taxonomy
-        @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :read).find(params[:id])
+        @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :read).
+          includes(root: :children).
+          find(params[:id])
       end
 
       def taxonomy_params

data/app/controllers/spree/api/taxons_controller.rb

@@ -56,7 +56,7 @@ module Spree
 
       def update
         authorize! :update, taxon
-        if taxon.update_attributes(taxon_params)
+        if taxon.update(taxon_params)
           respond_with(taxon, status: 200, default_template: :show)
         else
           invalid_resource!(taxon)

data/app/controllers/spree/api/variants_controller.rb

@@ -43,7 +43,7 @@ module Spree
 
       def update
         @variant = scope.accessible_by(current_ability, :update).find(params[:id])
-        if @variant.update_attributes(variant_params)
+        if @variant.update(variant_params)
           respond_with(@variant, status: 200, default_template: :show)
         else
           invalid_resource!(@product)

data/app/controllers/spree/api/zones_controller.rb

@@ -37,7 +37,7 @@ module Spree
 
       def update
         authorize! :update, zone
-        if zone.update_attributes(zone_params)
+        if zone.update(zone_params)
           respond_with(zone, status: 200, default_template: :show)
         else
           invalid_resource!(zone)

data/app/helpers/spree/api/api_helpers.rb

@@ -40,7 +40,7 @@ module Spree
 
       def required_fields_for(model)
         required_fields = model._validators.select do |_field, validations|
-          validations.any? { |v| v.is_a?(ActiveModel::Validations::PresenceValidator) }
+          validations.any? { |validation| validation.is_a?(ActiveModel::Validations::PresenceValidator) }
         end.map(&:first) # get fields that are invalid
         # Permalinks presence is validated, but are really automatically generated
         # Therefore we shouldn't tell API clients that they MUST send one through
@@ -177,7 +177,7 @@ module Spree
       ]
 
       def variant_attributes
-        if @current_user_roles && @current_user_roles.include?("admin")
+        if @current_user_roles&.include?("admin")
           @@variant_attributes + [:cost_price]
         else
           @@variant_attributes

data/app/views/spree/api/images/_image.json.jbuilder

@@ -2,6 +2,6 @@
 
 json.(image, *image_attributes)
 json.(image, :viewable_type, :viewable_id)
-Spree::Image.attachment_definitions[:attachment][:styles].each do |k, _v|
-  json.set! "#{k}_url", image.attachment.url(k)
+Spree::Image.attachment_definitions[:attachment][:styles].each do |key, _value|
+  json.set! "#{key}_url", image.attachment.url(key)
 end