solidus_api 4.4.2 → 4.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ccb7042536c398b4ec1ac42d06e05569e5fbc21ca387fc76cb07079d373de638
-  data.tar.gz: ac80c694f158a1e752fc12fb37252a188c4e723d985ab7f2c56f8f3d306c491b
+  metadata.gz: 02fa04a0a42a08f0aa111f59cb54b4c59d1ec85c74c64f05cd8184a5f775e68c
+  data.tar.gz: 23b8fbe5fe925aa58516dc63043e69c87efcfddd328bef17a8cc2d40ea667df5
 SHA512:
-  metadata.gz: 80b96625d96147c50f662a84fbb87d922b93f910d9027219c42000bdd0e0a2427d6c0a39d70e7d9619e5adbfc4a813d79cb9fb9e43ec1ee394fd901fbb736bdb
-  data.tar.gz: e169ef6eafb44a080369c95ae10d399decf22f9fab5a2cb05dc4592d8d0d87176fc35e2ab29916d7e7366fa437975ee58ac85c7ea481a4c1a4dfca8e55d39be6
+  metadata.gz: 97604c7ce5f8b09dd31ceced075920c24022717b961e0e561ef3923aacd1d7b4eed9b30fc954043de21ce71e6968e28c3257915a32020b2ed2f9a1f83156c609
+  data.tar.gz: 0ad44cb0da38bbc43bf8d443d818e65e189e642650bdd57d41e004d1243beed32f48102959e69ba4c0f36436b42c6b5e7b865361067503330d80062b4018ed10

data/app/controllers/spree/api/base_controller.rb

@@ -18,6 +18,9 @@ module Spree
       class_attribute :admin_line_item_attributes
       self.admin_line_item_attributes = [:price, :variant_id, :sku]
 
+      class_attribute :admin_metadata_attributes
+      self.admin_metadata_attributes = [{ admin_metadata: {} }]
+
       attr_accessor :current_api_user
 
       before_action :load_user
@@ -35,15 +38,29 @@ module Spree
 
       private
 
+      Spree::Api::Config.metadata_permit_parameters.each do |resource|
+        define_method("permitted_#{resource.to_s.underscore}_attributes") do
+          if can?(:admin, "Spree::#{resource}".constantize)
+            super() + admin_metadata_attributes
+          else
+            super()
+          end
+        end
+      end
+
       # users should be able to set price when importing orders via api
       def permitted_line_item_attributes
         if can?(:admin, Spree::LineItem)
-          super + admin_line_item_attributes
+          super + admin_line_item_attributes + admin_metadata_attributes
         else
           super
         end
       end
 
+      def permitted_user_attributes
+        can?(:admin, Spree.user_class) ? super + admin_metadata_attributes : super
+      end
+
       def load_user
         @current_api_user ||= Spree.user_class.find_by(spree_api_key: api_key.to_s)
       end

data/app/controllers/spree/api/line_items_controller.rb

@@ -15,8 +15,10 @@ module Spree
           @line_item = @order.contents.add(
             variant,
             params[:line_item][:quantity] || 1,
-            options: line_item_params[:options].to_h
+            options: line_item_params[:options].to_h,
+            **extract_metadata
           )
+
           respond_with(@line_item, status: 201, default_template: :show)
         rescue ActiveRecord::RecordInvalid => error
           invalid_resource!(error.record)
@@ -56,10 +58,21 @@ module Spree
         { line_items_attributes: {
             id: params[:id],
             quantity: params[:line_item][:quantity],
-            options: line_item_params[:options] || {}
+            options: line_item_params[:options] || {},
+            **extract_metadata
         } }
       end
 
+      def extract_metadata
+        metadata = { customer_metadata: line_item_params[:customer_metadata] }
+
+        if @current_user_roles&.include?("admin")
+          metadata[:admin_metadata] = line_item_params[:admin_metadata]
+        end
+
+        metadata
+      end
+
       def line_item_params
         params.require(:line_item).permit(permitted_line_item_attributes)
       end

data/app/controllers/spree/api/orders_controller.rb

@@ -112,12 +112,19 @@ module Spree
       def order_params
         if params[:order]
           normalize_params
+          prevent_customer_metadata_update
           params.require(:order).permit(permitted_order_attributes)
         else
           {}
         end
       end
 
+      def prevent_customer_metadata_update
+        return unless @order&.completed? && cannot?(:admin, Spree::Order)
+
+        params[:order].delete(:customer_metadata) if params[:order]
+      end
+
       def normalize_params
         if params[:order][:payments]
           payments_params = params[:order].delete(:payments)

data/app/helpers/spree/api/api_helpers.rb

@@ -43,6 +43,16 @@ module Spree
         end
       end
 
+      Spree::Api::Config.metadata_api_parameters.each do |method_name, resource|
+        define_method("#{method_name}_attributes") do
+          authorized_attributes(resource, "#{method_name}_attributes")
+        end
+      end
+
+      def authorized_attributes(resource, config_attribute)
+        can?(:admin, resource) ? Spree::Api::Config.public_send(config_attribute) + [:admin_metadata] : Spree::Api::Config.public_send(config_attribute)
+      end
+
       def required_fields_for(model)
         required_fields = model._validators.select do |_field, validations|
           validations.any? { |validation| validation.is_a?(ActiveModel::Validations::PresenceValidator) }

data/lib/spree/api_configuration.rb

@@ -7,13 +7,13 @@ module Spree
     preference :product_attributes, :array, default: [
       :id, :name, :description, :available_on,
       :slug, :meta_description, :meta_keywords, :shipping_category_id,
-      :taxon_ids, :total_on_hand, :meta_title
+      :taxon_ids, :total_on_hand, :meta_title, :primary_taxon_id
     ]
 
     preference :product_property_attributes, :array, default: [:id, :product_id, :property_id, :value, :property_name]
 
     preference :variant_attributes, :array, default: [
-      :id, :name, :sku, :weight, :height, :width, :depth, :is_master,
+      :id, :name, :sku, :gtin, :condition, :weight, :height, :width, :depth, :is_master,
       :slug, :description, :track_inventory
     ]
 
@@ -36,22 +36,44 @@ module Spree
       :covered_by_store_credit, :display_total_applicable_store_credit,
       :order_total_after_store_credit, :display_order_total_after_store_credit,
       :total_applicable_store_credit, :display_total_available_store_credit,
-      :display_store_credit_remaining_after_capture, :canceler_id
+      :display_store_credit_remaining_after_capture, :canceler_id, :customer_metadata
     ]
 
-    preference :line_item_attributes, :array, default: [:id, :quantity, :price, :variant_id]
+    preference :line_item_attributes, :array, default: [:id, :quantity, :price, :variant_id, :customer_metadata]
+
+    # Spree::Api::Config.metadata_api_parameters contains the models
+    # to which the admin_metadata attribute is added
+    preference :metadata_api_parameters, :array, default: [
+      [:order, 'Spree::Order'],
+      [:customer_return, 'Spree::CustomerReturn'],
+      [:payment, 'Spree::Payment'],
+      [:return_authorization, 'Spree::ReturnAuthorization'],
+      [:shipment, 'Spree::Shipment'],
+      [:user, 'Spree.user_class'],
+      [:line_item, 'Spree::LineItem']
+    ]
+
+    # Spree::Api::Config.metadata_permit_parameters contains the models
+    # to which the admin_metadata attribute is permitted
+    preference :metadata_permit_parameters, :array, default: [
+      :Order,
+      :CustomerReturn,
+      :Payment,
+      :ReturnAuthorization,
+      :Shipment
+    ]
 
     preference :option_type_attributes, :array, default: [:id, :name, :presentation, :position]
 
     preference :payment_attributes, :array, default: [
       :id, :source_type, :source_id, :amount, :display_amount,
       :payment_method_id, :state, :avs_response, :created_at,
-      :updated_at
+      :updated_at, :customer_metadata
     ]
 
     preference :payment_method_attributes, :array, default: [:id, :name, :description]
 
-    preference :shipment_attributes, :array, default: [:id, :tracking, :tracking_url, :number, :cost, :shipped_at, :state]
+    preference :shipment_attributes, :array, default: [:id, :tracking, :tracking_url, :number, :cost, :shipped_at, :state, :customer_metadata]
 
     preference :taxonomy_attributes, :array, default: [:id, :name]
 
@@ -81,11 +103,11 @@ module Spree
     ]
 
     preference :customer_return_attributes, :array, default: [
-      :id, :number, :stock_location_id, :created_at, :updated_at
+      :id, :number, :stock_location_id, :created_at, :updated_at, :customer_metadata
     ]
 
     preference :return_authorization_attributes, :array, default: [
-      :id, :number, :state, :order_id, :memo, :created_at, :updated_at
+      :id, :number, :state, :order_id, :memo, :created_at, :updated_at, :customer_metadata
     ]
 
     preference :creditcard_attributes, :array, default: [
@@ -96,7 +118,7 @@ module Spree
       :id, :month, :year, :cc_type, :last_digits, :name
     ]
 
-    preference :user_attributes, :array, default: [:id, :email, :created_at, :updated_at]
+    preference :user_attributes, :array, default: [:id, :email, :created_at, :updated_at, :customer_metadata]
 
     preference :property_attributes, :array, default: [:id, :name, :presentation]
 
@@ -132,7 +154,7 @@ module Spree
 
     preference :store_credit_history_attributes, :array, default: [
       :display_amount, :display_user_total_amount, :display_action,
-      :display_event_date, :display_remaining_amount
+      :display_event_date, :display_remaining_amount, :customer_metadata
     ]
 
     preference :variant_property_attributes, :array, default: [

data/openapi/solidus-api.oas.yml

@@ -74,6 +74,8 @@ paths:
                   product:
                     name: The Majestic Product
                     price: '19.99'
+                    gtin: 12345678
+                    condition: new
                     shipping_category_id: 8
                     product_properties_attributes:
                       - property_name: fabric
@@ -86,6 +88,8 @@ paths:
                       - price: 19.99
                         cost_price: 17
                         sku: SKU-3
+                        gtin: 12345678
+                        condition: new
                         track_inventory: true
                         options:
                           - name: size
@@ -1169,10 +1173,7 @@ paths:
         '422':
           $ref: '#/components/responses/delete-restriction'
       summary: Remove address from user address book
-      description: |-
-        Removes an address from a user's address book.
-
-        **Note:** Rather than delete a `Spree::UserAddress` record this action set its `archived` attribute to `true`.
+      description: Removes an address from a user's address book.
       operationId: remove-address-from-user-address-book
       tags:
         - Address books
@@ -1201,11 +1202,7 @@ paths:
       operationId: update-user-address-book
       tags:
         - Address books
-      description: |-
-        Updates a user's address book.
-
-        **Note:** if the passed `id` matches an existing `address` a new `Spree::Address` record will be created and the matched `address` `archived` on `Spree::UserAddress`. For a similar logic, if the passed `id` matches an existing `address` which is in `archived` state, the `Spree::UserAddress#archived` record will be restored to `false`.
-        See `user_address_book.rb` for further information.
+      description: Updates a user's address book.
       security:
         - api-key: []
       requestBody:

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: solidus_api
 version: !ruby/object:Gem::Version
-  version: 4.4.2
+  version: 4.5.0
 platform: ruby
 authors:
 - Solidus Team
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-09 00:00:00.000000000 Z
+date: 2025-02-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jbuilder
@@ -58,14 +57,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.4.2
+        version: 4.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.4.2
+        version: 4.5.0
 description: REST API for the Solidus e-commerce framework.
 email: contact@solidus.io
 executables: []
@@ -257,7 +256,6 @@ licenses:
 - BSD-3-Clause
 metadata:
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -272,8 +270,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.8.23
 requirements: []
-rubygems_version: 3.5.3
-signing_key:
+rubygems_version: 3.6.3
 specification_version: 4
 summary: REST API for the Solidus e-commerce framework.
 test_files: []