solidus_api 1.0.7 → 1.1.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c108e552ec6ec720a0b101802d36eaf5d9aa4761
-  data.tar.gz: e376f6d8e98c28a0f193b012a3f9e62476adb5d4
+  metadata.gz: 75a42cb0d36debac691c8f4f6cd0bf1fb2df5e63
+  data.tar.gz: 14ba98e1a06d1c1ba6e4c6c36455997a5c9d3d32
 SHA512:
-  metadata.gz: 3deada5b7463920279f00169107d3afd9279ab8f019928b7a109731f803b515327b4486e73d84e4e7d53746999741bb8e4a48328b1aaf019fa239c6f4feb7b87
-  data.tar.gz: 3907075dabb2ed39ce27230ddea643aa16a8c40b48252b4d545f7d8df9f75b08dcaadf54e7ab2e48a5d85e7fa645ab9d70872e5c944ad3e51b98e65e67b0a7da
+  metadata.gz: 138f2b8e9e0b57c26eb0303ef2c53a39e65fe6544bf3eb3ee1183d8018fd9c59fed68d63a70c61163246f0a1028f19b6d63645fbb9fa52e587d18013cd911394
+  data.tar.gz: 85ef69fd76f30f4514ffa7df05f3dd5bf49314d5b26339c7ad20f84a50288830a2cc5601db4220812375875d676e79b48de9e257af11aa29a2f27cbe7aba9615

data/app/controllers/spree/api/address_books_controller.rb

@@ -0,0 +1,38 @@
+module Spree
+  module Api
+    class AddressBooksController < Spree::Api::BaseController
+      # Note: the AddressBook is the resource to think about here, not individual addresses
+
+      def show
+        render_address_book
+      end
+
+      def update
+        address_params = address_book_params
+        default_flag = address_params.delete(:default)
+        address = current_api_user.save_in_address_book(address_params, default_flag)
+        if address.valid?
+          render_address_book
+        else
+          invalid_resource!(address)
+        end
+      end
+
+      def destroy
+        current_api_user.remove_from_address_book(params[:address_id])
+        render_address_book
+      end
+
+      private
+
+      def render_address_book
+        @user_addresses = current_api_user.user_addresses
+        render :show, status: :ok
+      end
+
+      def address_book_params
+        params.require(:address_book).permit(permitted_address_book_attributes)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/addresses_controller.rb

@@ -13,31 +13,35 @@ module Spree
         authorize! :update, @order, order_token
         find_address
 
-        if @address.update_attributes(address_params)
+        if @order.update_attributes({"#{@order_source}_attributes" => address_params})
+          @address = @order.send(@order_source)
           respond_with(@address, :default_template => :show)
         else
+          @address = @order.send(@order_source)
           invalid_resource!(@address)
         end
       end
 
       private
-        def address_params
-          params.require(:address).permit(permitted_address_attributes)
-        end
+      def address_params
+        params.require(:address).permit(permitted_address_attributes)
+      end
 
-        def find_order
-          @order = Spree::Order.find_by!(number: order_id)
-        end
+      def find_order
+        @order = Spree::Order.find_by!(number: order_id)
+      end
 
-        def find_address
-          @address = if @order.bill_address_id == params[:id].to_i
-            @order.bill_address
-          elsif @order.ship_address_id == params[:id].to_i
-            @order.ship_address
-          else
-            raise CanCan::AccessDenied
-          end
+      def find_address
+        @address = if @order.bill_address_id == params[:id].to_i
+          @order_source = :bill_address
+          @order.bill_address
+        elsif @order.ship_address_id == params[:id].to_i
+          @order_source = :ship_address
+          @order.ship_address
+        else
+          raise CanCan::AccessDenied
         end
+      end
     end
   end
 end

data/app/controllers/spree/api/base_controller.rb

@@ -3,9 +3,6 @@ require 'spree/api/responders'
 module Spree
   module Api
     class BaseController < ActionController::Base
-      prepend_view_path Rails.root + "app/views"
-      append_view_path File.expand_path("../../../app/views", File.dirname(__FILE__))
-
       self.responder = Spree::Api::Responders::AppResponder
       respond_to :json
 
@@ -20,7 +17,6 @@ module Spree
 
       class_attribute :error_notifier
 
-      before_action :set_content_type
       before_action :load_user
       before_action :authorize_for_order, if: Proc.new { order_token.present? }
       before_action :authenticate_user
@@ -33,15 +29,6 @@ module Spree
 
       helper Spree::Api::ApiHelpers
 
-      def map_nested_attributes_keys(klass, attributes)
-        nested_keys = klass.nested_attributes_options.keys
-        attributes.inject({}) do |h, (k,v)|
-          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
-          h[key] = v
-          h
-        end.with_indifferent_access
-      end
-
       private
 
       # users should be able to set price when importing orders via api
@@ -53,16 +40,6 @@ module Spree
         end
       end
 
-      def set_content_type
-        content_type = case params[:format]
-        when "json"
-          "application/json; charset=utf-8"
-        when "xml"
-          "text/xml; charset=utf-8"
-        end
-        headers["Content-Type"] = content_type
-      end
-
       def load_user
         @current_api_user ||= Spree.user_class.find_by(spree_api_key: api_key.to_s)
       end
@@ -70,9 +47,9 @@ module Spree
       def authenticate_user
         unless @current_api_user
           if requires_authentication? && api_key.blank? && order_token.blank?
-            render "spree/api/errors/must_specify_api_key", :status => 401 and return
+            render "spree/api/errors/must_specify_api_key", :status => 401
           elsif order_token.blank? && (requires_authentication? || api_key.present?)
-            render "spree/api/errors/invalid_api_key", :status => 401 and return
+            render "spree/api/errors/invalid_api_key", :status => 401
           end
         end
       end
@@ -86,7 +63,7 @@ module Spree
       end
 
       def unauthorized
-        render "spree/api/errors/unauthorized", status: 401 and return
+        render "spree/api/errors/unauthorized", status: 401
       end
 
       def error_during_processing(exception)
@@ -96,7 +73,7 @@ module Spree
         error_notifier.call(exception, self) if error_notifier
 
         render text: { exception: exception.message }.to_json,
-          status: 422 and return
+          status: 422
       end
 
       def gateway_error(exception)
@@ -109,7 +86,7 @@ module Spree
       end
 
       def not_found
-        render "spree/api/errors/not_found", status: 404 and return
+        render "spree/api/errors/not_found", status: 404
       end
 
       def current_ability
@@ -122,6 +99,7 @@ module Spree
       helper_method :current_currency
 
       def invalid_resource!(resource)
+        Rails.logger.error "invalid_resouce_errors=#{resource.errors.full_messages}"
         @resource = resource
         render "spree/api/errors/invalid_resource", :status => 422
       end
@@ -179,6 +157,7 @@ module Spree
       end
 
       def insufficient_stock_error(exception)
+        logger.error "insufficient_stock_error #{exception.inspect}"
         render(
           json: {
             errors: [I18n.t(:quantity_is_not_available, :scope => "spree.api.order")],

data/app/controllers/spree/api/checkouts_controller.rb

@@ -8,6 +8,9 @@ module Spree
       rescue_from Spree::Order::InsufficientStock, with: :insufficient_stock_error
 
       include Spree::Core::ControllerHelpers::Order
+      # TODO: Remove this after deprecated usage in #update is removed
+      include Spree::Core::ControllerHelpers::PaymentParameters
+
       # This before_filter comes from Spree::Core::ControllerHelpers::Order
       skip_before_action :set_current_order
 
@@ -26,7 +29,8 @@ module Spree
         authorize! :update, @order, order_token
         @order.next!
         respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
-      rescue StateMachines::InvalidTransition
+      rescue StateMachines::InvalidTransition => e
+        logger.error("invalid_transition #{e.event} from #{e.from} for #{e.object.class.name}. Error: #{e.inspect}")
         respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
       end
 
@@ -44,14 +48,22 @@ module Spree
           @order.complete!
           respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
         end
-      rescue StateMachines::InvalidTransition
+      rescue StateMachines::InvalidTransition => e
+        logger.error("invalid_transition #{e.event} from #{e.from} for #{e.object.class.name}. Error: #{e.inspect}")
         respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
       end
 
       def update
         authorize! :update, @order, order_token
 
-        if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
+        update_params = if params[:payment_source].present?
+          ActiveSupport::Deprecation.warn("Passing payment_source is deprecated. Send source parameters inside payments_attributes[:source_attributes].", caller)
+          move_payment_source_into_payments_attributes(params)
+        else
+          params
+        end
+
+        if @order.update_from_params(update_params, permitted_checkout_attributes, request.headers.env)
           if can?(:admin, @order) && user_id.present?
             @order.associate_user!(Spree.user_class.find(user_id))
           end
@@ -62,6 +74,7 @@ module Spree
             state_callback(:after)
             respond_with(@order, default_template: 'spree/api/orders/show')
           else
+            logger.error("failed_to_transition_errors=#{@order.errors.full_messages}")
             respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
           end
         else
@@ -74,10 +87,6 @@ module Spree
           params[:order][:user_id] if params[:order]
         end
 
-        def nested_params
-          map_nested_attributes_keys Order, params[:order] || {}
-        end
-
         # Should be overriden if you have areas of your checkout that don't match
         # up to a step within checkout_steps, such as a registration step
         def skip_state_validation?
@@ -99,7 +108,7 @@ module Spree
         end
 
         def after_update_attributes
-          if nested_params && nested_params[:coupon_code].present?
+          if params[:order] && params[:order][:coupon_code].present?
             handler = PromotionHandler::Coupon.new(@order).apply
 
             if handler.error.present?

data/app/controllers/spree/api/option_values_controller.rb

@@ -5,7 +5,7 @@ module Spree
         if params[:ids]
           @option_values = scope.where(:id => params[:ids])
         else
-          @option_values = scope.ransack(params[:q]).result
+          @option_values = scope.ransack(params[:q]).result.distinct
         end
         respond_with(@option_values)
       end

data/app/controllers/spree/api/orders_controller.rb

@@ -5,7 +5,7 @@ module Spree
       self.admin_shipment_attributes = [:shipping_method, :stock_location, :inventory_units => [:variant_id, :sku]]
 
       class_attribute :admin_order_attributes
-      self.admin_order_attributes = [:import, :number, :completed_at, :locked_at, :channel, :user_id]
+      self.admin_order_attributes = [:import, :number, :completed_at, :locked_at, :channel, :user_id, :created_at]
 
       skip_before_action :authenticate_user, only: :apply_coupon_code
 
@@ -28,23 +28,14 @@ module Spree
       def create
         authorize! :create, Order
 
-        if can?(:admin, Order)
-          order_user = if order_params[:user_id]
-            Spree.user_class.find(order_params[:user_id])
-          else
-            current_api_user
-          end
-
-          @order = Spree::Core::Importer::Order.import(order_user, order_params)
-          respond_with(@order, default_template: :show, status: 201)
+        order_user = if order_params[:user_id]
+          Spree.user_class.find(order_params[:user_id])
         else
-          @order = Spree::Order.create!(user: current_api_user, store: current_store)
-          if @order.contents.update_cart(order_params)
-            respond_with(@order, default_template: :show, status: 201)
-          else
-            invalid_resource!(@order)
-          end
+          current_api_user
         end
+
+        @order = Spree::Core::Importer::Order.import(order_user, order_params)
+        respond_with(@order, default_template: :show, status: 201)
       end
 
       def empty
@@ -98,8 +89,12 @@ module Spree
         authorize! :update, @order, order_token
         @order.coupon_code = params[:coupon_code]
         @handler = PromotionHandler::Coupon.new(@order).apply
-        status = @handler.successful? ? 200 : 422
-        render "spree/api/promotions/handler", :status => status
+        if @handler.successful?
+          render "spree/api/promotions/handler", status: 200
+        else
+          logger.error("apply_coupon_code_error=#{@handler.error.inspect}")
+          render "spree/api/promotions/handler", status: 422
+        end
       end
 
       private

data/app/controllers/spree/api/payments_controller.rb

@@ -17,7 +17,6 @@ module Spree
       end
 
       def create
-        @order.validate_payments_attributes(payment_params)
         @payment = @order.payments.build(payment_params)
         if @payment.save
           respond_with(@payment, status: 201, default_template: :show)

data/app/controllers/spree/api/resource_controller.rb

@@ -0,0 +1,75 @@
+class Spree::Api::ResourceController < Spree::Api::BaseController
+  before_action :load_resource, only: [:show, :update, :destroy]
+
+  def index
+    @collection = model_class.accessible_by(current_ability, :read).ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+    instance_variable_set("@#{controller_name}", @collection)
+
+    respond_with(@collection)
+  end
+
+  def show
+    respond_with(@object)
+  end
+
+  def new
+    authorize! :new, model_class
+    respond_with(model_class.new)
+  end
+
+  def create
+    authorize! :create, model_class
+
+    @object = model_class.new(permitted_resource_params)
+    instance_variable_set("@#{object_name}", @object)
+
+    if @object.save
+      respond_with(@object, status: 201, default_template: :show)
+    else
+      invalid_resource!(@object)
+    end
+  end
+
+  def update
+    authorize! :update, @object
+
+    if @object.update_attributes(permitted_resource_params)
+      respond_with(@object, status: 200, default_template: :show)
+    else
+      invalid_resource!(@object)
+    end
+  end
+
+  def destroy
+    authorize! :destroy, @object
+
+    if @object.destroy
+      respond_with(@object, status: 204)
+    else
+      invalid_resource!(@object)
+    end
+  end
+
+  protected
+
+  def load_resource
+    @object = model_class.accessible_by(current_ability, :read).find(params[:id])
+    instance_variable_set("@#{object_name}", @object)
+  end
+
+  def permitted_resource_params
+    params.require(object_name).permit(permitted_resource_attributes)
+  end
+
+  def permitted_resource_attributes
+    send("permitted_#{object_name}_attributes")
+  end
+
+  def model_class
+    "Spree::#{controller_name.classify}".constantize
+  end
+
+  def object_name
+    controller_name.singularize
+  end
+end

data/app/controllers/spree/api/shipments_controller.rb

@@ -47,6 +47,7 @@ module Spree
           if @shipment.can_ready?
             @shipment.ready!
           else
+            logger.error("cannot_ready_shipment shipment_state=#{@shipment.state}")
             render 'spree/api/shipments/cannot_ready_shipment', status: 422 and return
           end
         end

data/app/controllers/spree/api/stock_items_controller.rb

@@ -15,7 +15,6 @@ module Spree
 
       def create
         authorize! :create, StockItem
-
         @stock_item = scope.new(stock_item_params)
 
         Spree::StockItem.transaction do
@@ -55,8 +54,7 @@ module Spree
       private
 
       def load_stock_location
-        render 'spree/api/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
-        @stock_location ||= StockLocation.accessible_by(current_ability, action_name.to_sym).find(params[:stock_location_id])
+        @stock_location ||= StockLocation.accessible_by(current_ability).find(params.fetch(:stock_location_id))
       end
 
       def scope