solidus_api 2.9.6 → 2.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9041e899f4cd40c0426851ecab468e5b0e6799979026651d90ed71c68e9a33d2
-  data.tar.gz: 6b6195d91d485815fc3e609c661efa408146b7ab49296c8db33987e568916ee4
+  metadata.gz: 0073a2dd8fda3f900d1eacc4221b4ef2e0b418adb5a08818dfadd32aa8c55020
+  data.tar.gz: 1f453e33e88e7f80a4c0b618cb4336a54cf8dff3044d9b526e6bb6d312f46e07
 SHA512:
-  metadata.gz: 72241153b2007035f40f1869e76a276597580d11fe4d8b24bd37529a03520f799edfd9530a18677df79aeaafffa8f929d1f2bae1b9a320871b781b705c21a2f5
-  data.tar.gz: dcb64f63cb2edd713a03bb3c971ed9de693d4e1af34bb3cb5746ed73b2294660ddb3805382587f10675f2ec71642ebb79f979373b21b7f03af8157bde6250067
+  metadata.gz: 4783fe7f6037f082e38fd384732c895e7c591781d0770a45f107248b7380a40a6675cd1935455aaeef230ed7c0c4eb61e55f506eaaabbdb3a846de1a71989b0a
+  data.tar.gz: e722663fa5ac036dc85edd355d8faa09a73b36c4dd3a3e17fa145a7f31f815349d71315355def89cfd724d5610497ce0bef6824d73cf1d554abe8f1b36e1659e

data/README.md

@@ -1,6 +1,7 @@
-# solidus\_api
+# solidus_api
 
-API contains the controllers and rabl views implementing the REST API of Solidus.
+API contains the controllers and Jbuilder views implementing the REST API of
+Solidus.
 
 ## Testing
 
@@ -9,3 +10,35 @@ Run the API tests:
 ```bash
 bundle exec rspec
 ```
+
+## Documentation
+
+The API documentation is in the [openapi][docs-dir] directory. It follows the
+OpenAPI specification and it is hosted on [Stoplight Docs][live-docs].
+
+If you want to contribute, you can use [Stoplight Studio][studio]. Simply
+follow these steps:
+
+1. Create a new Stoplight Studio project
+2. Copy-paste the content of `openapi/solidus-api.oas.yml` into your project
+3. Edit the endpoints and models as needed
+4. Copy-paste the result back into `openapi/solidus-api.oas.yml`
+5. Open a PR!
+
+**Note: Only use embedded models in Stoplight Studio, as Stoplight Docs is
+not compatible with externally-defined models!**
+
+CircleCI automatically syncs our Git repo with Stoplight Docs when a PR is
+merged, and automatically publishes a new version on Docs when a new Solidus
+version is released.
+
+## Related projects
+
+- [solidus-sdk](https://gitlab.com/deseretbook/packages/solidus-sdk): created
+  by Joel Saupe at [Deseret Book](https://deseretbook.com/), this is a JS SDK
+  that allows you to use the Solidus API. It even supports plug-ins, so you can
+  easily extend it with the endpoints provided by your Solidus extensions!
+
+[docs-dir]: https://github.com/solidusio/solidus/tree/master/api/openapi
+[live-docs]: https://solidus.docs.stoplight.io
+[studio]: https://stoplight.io/p/studio

data/app/controllers/spree/api/addresses_controller.rb

@@ -6,7 +6,7 @@ module Spree
       before_action :find_order
 
       def show
-        authorize! :read, @order, order_token
+        authorize! :show, @order, order_token
         find_address
         respond_with(@address)
       end
@@ -15,7 +15,7 @@ module Spree
         authorize! :update, @order, order_token
         find_address
 
-        if @order.update_attributes({ "#{@order_source}_attributes" => address_params })
+        if @order.update({ "#{@order_source}_attributes" => address_params })
           @address = @order.send(@order_source)
           respond_with(@address, default_template: :show)
         else

data/app/controllers/spree/api/base_controller.rb

@@ -10,6 +10,7 @@ module Spree
       protect_from_forgery unless: -> { request.format.json? }
 
       include CanCan::ControllerAdditions
+      include Spree::Core::ControllerHelpers::CurrentHost
       include Spree::Core::ControllerHelpers::Store
       include Spree::Core::ControllerHelpers::Pricing
       include Spree::Core::ControllerHelpers::StrongParameters
@@ -28,6 +29,7 @@ module Spree
       rescue_from ActiveRecord::RecordNotFound, with: :not_found
       rescue_from CanCan::AccessDenied, with: :unauthorized
       rescue_from Spree::Core::GatewayError, with: :gateway_error
+      rescue_from StateMachines::InvalidTransition, with: :invalid_transition
 
       helper Spree::Api::ApiHelpers
 
@@ -49,9 +51,9 @@ module Spree
       def authenticate_user
         unless @current_api_user
           if requires_authentication? && api_key.blank? && order_token.blank?
-            render "spree/api/errors/must_specify_api_key", status: 401
+            render "spree/api/errors/must_specify_api_key", status: :unauthorized
           elsif order_token.blank? && (requires_authentication? || api_key.present?)
-            render "spree/api/errors/invalid_api_key", status: 401
+            render "spree/api/errors/invalid_api_key", status: :unauthorized
           end
         end
       end
@@ -65,7 +67,7 @@ module Spree
       end
 
       def unauthorized
-        render "spree/api/errors/unauthorized", status: 401
+        render "spree/api/errors/unauthorized", status: :unauthorized
       end
 
       def gateway_error(exception)
@@ -78,7 +80,7 @@ module Spree
           exception: exception.message,
           error: exception.message,
           missing_param: exception.param
-        }, status: 422
+        }, status: :unprocessable_entity
       end
 
       def requires_authentication?
@@ -86,7 +88,7 @@ module Spree
       end
 
       def not_found
-        render "spree/api/errors/not_found", status: 404
+        render "spree/api/errors/not_found", status: :not_found
       end
 
       def current_ability
@@ -96,7 +98,7 @@ module Spree
       def invalid_resource!(resource)
         Rails.logger.error "invalid_resouce_errors=#{resource.errors.full_messages}"
         @resource = resource
-        render "spree/api/errors/invalid_resource", status: 422
+        render "spree/api/errors/invalid_resource", status: :unprocessable_entity
       end
 
       def api_key
@@ -112,7 +114,7 @@ module Spree
 
       def spree_token
         token = request.headers["X-Spree-Token"]
-        return unless token.present?
+        return if token.blank?
 
         Spree::Deprecation.warn(
           'The custom X-Spree-Token request header is deprecated and will be removed in the next release.' \
@@ -133,13 +135,13 @@ module Spree
 
       def product_scope
         if can?(:admin, Spree::Product)
-          scope = Spree::Product.with_deleted.accessible_by(current_ability, :read).includes(*product_includes)
+          scope = Spree::Product.with_discarded.accessible_by(current_ability).includes(*product_includes)
 
           unless params[:show_deleted]
             scope = scope.not_deleted
           end
         else
-          scope = Spree::Product.accessible_by(current_ability, :read).available.includes(*product_includes)
+          scope = Spree::Product.accessible_by(current_ability).available.includes(*product_includes)
         end
 
         scope
@@ -159,13 +161,13 @@ module Spree
 
       def authorize_for_order
         @order = Spree::Order.find_by(number: order_id)
-        authorize! :read, @order, order_token
+        authorize! :show, @order, order_token
       end
 
       def lock_order
         OrderMutex.with_lock!(@order) { yield }
-      rescue Spree::OrderMutex::LockFailed => e
-        render plain: e.message, status: 409
+      rescue Spree::OrderMutex::LockFailed => error
+        render plain: error.message, status: :conflict
       end
 
       def insufficient_stock_error(exception)
@@ -175,7 +177,7 @@ module Spree
             errors: [I18n.t(:quantity_is_not_available, scope: "spree.api.order")],
             type: 'insufficient_stock'
           },
-          status: 422
+          status: :unprocessable_entity
         )
       end
 
@@ -188,6 +190,12 @@ module Spree
       def default_per_page
         Kaminari.config.default_per_page
       end
+
+      def invalid_transition(error)
+        logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
+
+        render "spree/api/errors/could_not_transition", locals: { resource: error.object }, status: :unprocessable_entity
+      end
     end
   end
 end

data/app/controllers/spree/api/checkouts_controller.rb

@@ -20,12 +20,8 @@ module Spree
           respond_with(@order, default_template: 'spree/api/orders/expected_total_mismatch', status: 400)
           return
         end
-        authorize! :update, @order, order_token
         @order.next!
         respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
-      rescue StateMachines::InvalidTransition => e
-        logger.error("invalid_transition #{e.event} from #{e.from} for #{e.object.class.name}. Error: #{e.inspect}")
-        respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
       end
 
       def advance
@@ -42,9 +38,6 @@ module Spree
           @order.complete!
           respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
         end
-      rescue StateMachines::InvalidTransition => e
-        logger.error("invalid_transition #{e.event} from #{e.from} for #{e.object.class.name}. Error: #{e.inspect}")
-        respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
       end
 
       def update
@@ -57,12 +50,9 @@ module Spree
 
           return if after_update_attributes
 
-          if @order.completed? || @order.next
+          if @order.completed? || @order.next!
             state_callback(:after)
             respond_with(@order, default_template: 'spree/api/orders/show')
-          else
-            logger.error("failed_to_transition_errors=#{@order.errors.full_messages}")
-            respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
           end
         else
           invalid_resource!(@order)

data/app/controllers/spree/api/countries_controller.rb

@@ -7,7 +7,7 @@ module Spree
 
       def index
         @countries = Spree::Country.
-          accessible_by(current_ability, :read).
+          accessible_by(current_ability).
           ransack(params[:q]).
           result.
           order('name ASC')
@@ -21,7 +21,7 @@ module Spree
       end
 
       def show
-        @country = Spree::Country.accessible_by(current_ability, :read).find(params[:id])
+        @country = Spree::Country.accessible_by(current_ability, :show).find(params[:id])
         respond_with(@country)
       end
     end

data/app/controllers/spree/api/credit_cards_controller.rb

@@ -9,7 +9,7 @@ module Spree
       def index
         @credit_cards = user
           .credit_cards
-          .accessible_by(current_ability, :read)
+          .accessible_by(current_ability)
           .with_payment_profile
           .ransack(params[:q]).result
 
@@ -18,7 +18,7 @@ module Spree
       end
 
       def update
-        if @credit_card.update_attributes(credit_card_update_params)
+        if @credit_card.update(credit_card_update_params)
           respond_with(@credit_card, default_template: :show)
         else
           invalid_resource!(@credit_card)
@@ -29,7 +29,7 @@ module Spree
 
       def user
         if params[:user_id].present?
-          @user ||= Spree.user_class.accessible_by(current_ability, :read).find(params[:user_id])
+          @user ||= Spree.user_class.accessible_by(current_ability, :show).find(params[:user_id])
         end
       end
 

data/app/controllers/spree/api/customer_returns_controller.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Spree
+  module Api
+    class CustomerReturnsController < Spree::Api::BaseController
+      before_action :load_order
+      around_action :lock_order, only: [:create, :update, :destroy, :cancel]
+
+      rescue_from Spree::Order::InsufficientStock, with: :insufficient_stock_error
+
+      def create
+        authorize! :create, CustomerReturn
+        @customer_return = CustomerReturn.create(customer_return_params)
+        if @customer_return.save
+          respond_with(@customer_return, status: 201, default_template: :show)
+        else
+          invalid_resource!(@customer_return)
+        end
+      end
+
+      def index
+        authorize! :index, CustomerReturn
+
+        @customer_returns = @order.
+          customer_returns.
+          accessible_by(current_ability).
+          ransack(params[:q]).
+          result
+
+        @customer_returns = paginate(@customer_returns)
+
+        respond_with(@customer_returns)
+      end
+
+      def new
+        authorize! :new, CustomerReturn
+      end
+
+      def show
+        authorize! :show, CustomerReturn
+        @customer_return = @order.customer_returns.accessible_by(current_ability, :show).find(params[:id])
+        respond_with(@customer_return)
+      end
+
+      def update
+        authorize! :update, CustomerReturn
+        @customer_return = @order.customer_returns.accessible_by(current_ability, :update).find(params[:id])
+        if @customer_return.update(customer_return_params)
+          respond_with(@customer_return.reload, default_template: :show)
+        else
+          invalid_resource!(@customer_return)
+        end
+      end
+
+      private
+
+      def load_order
+        @order ||= Spree::Order.find_by!(number: order_id)
+        authorize! :show, @order
+      end
+
+      def customer_return_params
+        params.require(:customer_return).permit(permitted_customer_return_attributes)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/images_controller.rb

@@ -4,12 +4,12 @@ module Spree
   module Api
     class ImagesController < Spree::Api::BaseController
       def index
-        @images = scope.images.accessible_by(current_ability, :read)
+        @images = scope.images.accessible_by(current_ability)
         respond_with(@images)
       end
 
       def show
-        @image = Spree::Image.accessible_by(current_ability, :read).find(params[:id])
+        @image = scope.images.accessible_by(current_ability, :show).find(params[:id])
         respond_with(@image)
       end
 
@@ -20,13 +20,13 @@ module Spree
       end
 
       def update
-        @image = Spree::Image.accessible_by(current_ability, :update).find(params[:id])
-        @image.update_attributes(image_params)
+        @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
+        @image.update(image_params)
         respond_with(@image, default_template: :show)
       end
 
       def destroy
-        @image = Spree::Image.accessible_by(current_ability, :destroy).find(params[:id])
+        @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
         @image.destroy
         respond_with(@image, status: 204)
       end

data/app/controllers/spree/api/inventory_units_controller.rb

@@ -14,7 +14,7 @@ module Spree
         authorize! :update, inventory_unit.order
 
         inventory_unit.transaction do
-          if inventory_unit.update_attributes(inventory_unit_params)
+          if inventory_unit.update(inventory_unit_params)
             fire
             render :show, status: 200
           else
@@ -26,7 +26,7 @@ module Spree
       private
 
       def inventory_unit
-        @inventory_unit ||= Spree::InventoryUnit.accessible_by(current_ability, :read).find(params[:id])
+        @inventory_unit ||= Spree::InventoryUnit.accessible_by(current_ability, :show).find(params[:id])
       end
 
       def prepare_event

data/app/controllers/spree/api/option_types_controller.rb

@@ -5,15 +5,15 @@ module Spree
     class OptionTypesController < Spree::Api::BaseController
       def index
         if params[:ids]
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability).where(id: params[:ids].split(','))
         else
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).load.ransack(params[:q]).result
+          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability).load.ransack(params[:q]).result
         end
         respond_with(@option_types)
       end
 
       def show
-        @option_type = Spree::OptionType.accessible_by(current_ability, :read).find(params[:id])
+        @option_type = Spree::OptionType.accessible_by(current_ability, :show).find(params[:id])
         respond_with(@option_type)
       end
 
@@ -29,7 +29,7 @@ module Spree
 
       def update
         @option_type = Spree::OptionType.accessible_by(current_ability, :update).find(params[:id])
-        if @option_type.update_attributes(option_type_params)
+        if @option_type.update(option_type_params)
           render :show
         else
           invalid_resource!(@option_type)

data/app/controllers/spree/api/option_values_controller.rb

@@ -29,7 +29,7 @@ module Spree
 
       def update
         @option_value = scope.accessible_by(current_ability, :update).find(params[:id])
-        if @option_value.update_attributes(option_value_params)
+        if @option_value.update(option_value_params)
           render :show
         else
           invalid_resource!(@option_value)
@@ -46,9 +46,9 @@ module Spree
 
       def scope
         if params[:option_type_id]
-          @scope ||= Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability, :read)
+          @scope ||= Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability)
         else
-          @scope ||= Spree::OptionValue.accessible_by(current_ability, :read).load
+          @scope ||= Spree::OptionValue.accessible_by(current_ability).load
         end
       end