spree_api 2.0.9 → 2.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +1 -1
- data/app/controllers/spree/api/base_controller.rb +15 -2
- data/app/controllers/spree/api/checkouts_controller.rb +1 -2
- data/app/controllers/spree/api/line_items_controller.rb +3 -3
- data/app/controllers/spree/api/products_controller.rb +1 -2
- data/app/helpers/spree/api/api_helpers.rb +1 -1
- data/spec/controllers/spree/api/checkouts_controller_spec.rb +10 -0
- data/spec/controllers/spree/api/line_items_controller_spec.rb +7 -4
- data/spec/controllers/spree/api/users_controller_spec.rb +3 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aa047ba09ae648902132c95077e64faad8eb1f63
|
|
4
|
+
data.tar.gz: e2fcbef05544ad3fd2f65f79fca38f175365800e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 936aed8b8100f9f0e754109c74851a632abd2614e3c9a5951edf06aa782e7b00424bbebcb5665f45992a6295b66337dce4c64cc889e657d82656c2ac0a61ac21
|
|
7
|
+
data.tar.gz: f4af5a1402eebf511cb0911d26ff65877708f721682cc1e01452e7fb20cbe81ecb0f4e34741dfafa1c3ca35abe2ffc7f8281abcb27d69b59921c27d3faa989f4
|
data/CHANGELOG.md
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
## Spree 2.0.
|
|
1
|
+
## Spree 2.0.10 (unreleased) ##
|
|
@@ -6,6 +6,8 @@ module Spree
|
|
|
6
6
|
include Spree::Api::ControllerSetup
|
|
7
7
|
include Spree::Core::ControllerHelpers::SSL
|
|
8
8
|
include ::ActionController::Head
|
|
9
|
+
include ::ActionController::Redirecting
|
|
10
|
+
include Spree::Core::Engine.routes.url_helpers
|
|
9
11
|
|
|
10
12
|
self.responder = Spree::Api::Responders::AppResponder
|
|
11
13
|
|
|
@@ -15,6 +17,7 @@ module Spree
|
|
|
15
17
|
|
|
16
18
|
before_filter :set_content_type
|
|
17
19
|
before_filter :check_for_user_or_api_key, :if => :requires_authentication?
|
|
20
|
+
before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
|
|
18
21
|
before_filter :authenticate_user
|
|
19
22
|
after_filter :set_jsonp_format
|
|
20
23
|
|
|
@@ -58,14 +61,14 @@ module Spree
|
|
|
58
61
|
# User is already authenticated with Spree, make request this way instead.
|
|
59
62
|
return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
|
|
60
63
|
|
|
61
|
-
if api_key.blank?
|
|
64
|
+
if api_key.blank? && order_token.blank?
|
|
62
65
|
render "spree/api/errors/must_specify_api_key", :status => 401 and return
|
|
63
66
|
end
|
|
64
67
|
end
|
|
65
68
|
|
|
66
69
|
def authenticate_user
|
|
67
70
|
unless @current_api_user
|
|
68
|
-
if requires_authentication? || api_key.present?
|
|
71
|
+
if order_token.blank? && (requires_authentication? || api_key.present?)
|
|
69
72
|
unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
|
|
70
73
|
render "spree/api/errors/invalid_api_key", :status => 401 and return
|
|
71
74
|
end
|
|
@@ -107,6 +110,10 @@ module Spree
|
|
|
107
110
|
end
|
|
108
111
|
helper_method :api_key
|
|
109
112
|
|
|
113
|
+
def order_token
|
|
114
|
+
request.headers["X-Spree-Order-Token"] || params[:order_token]
|
|
115
|
+
end
|
|
116
|
+
|
|
110
117
|
def find_product(id)
|
|
111
118
|
begin
|
|
112
119
|
product_scope.find_by_permalink!(id.to_s)
|
|
@@ -128,6 +135,12 @@ module Spree
|
|
|
128
135
|
scope.includes(:master)
|
|
129
136
|
end
|
|
130
137
|
|
|
138
|
+
def authorize_for_order
|
|
139
|
+
@order = Spree::Order.find_by_number(params[:order_id] || params[:id])
|
|
140
|
+
unless @order.token == order_token
|
|
141
|
+
unauthorized
|
|
142
|
+
end
|
|
143
|
+
end
|
|
131
144
|
end
|
|
132
145
|
end
|
|
133
146
|
end
|
|
@@ -4,7 +4,7 @@ module Spree
|
|
|
4
4
|
respond_to :json
|
|
5
5
|
|
|
6
6
|
def create
|
|
7
|
-
authorize! :
|
|
7
|
+
authorize! :update, order, order_token
|
|
8
8
|
@line_item = order.line_items.build(params[:line_item], :as => :api)
|
|
9
9
|
if @line_item.save
|
|
10
10
|
@order.ensure_updated_shipments
|
|
@@ -15,7 +15,7 @@ module Spree
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def update
|
|
18
|
-
authorize! :
|
|
18
|
+
authorize! :update, order, order_token
|
|
19
19
|
@line_item = order.line_items.find(params[:id])
|
|
20
20
|
if @line_item.update_attributes(params[:line_item], :as => :api)
|
|
21
21
|
@order.ensure_updated_shipments
|
|
@@ -26,7 +26,7 @@ module Spree
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
def destroy
|
|
29
|
-
authorize! :
|
|
29
|
+
authorize! :update, order, order_token
|
|
30
30
|
@line_item = order.line_items.find(params[:id])
|
|
31
31
|
@line_item.destroy
|
|
32
32
|
respond_with(@line_item, :status => 204)
|
|
@@ -95,8 +95,7 @@ module Spree
|
|
|
95
95
|
def destroy
|
|
96
96
|
authorize! :delete, Product
|
|
97
97
|
@product = find_product(params[:id])
|
|
98
|
-
@product.
|
|
99
|
-
@product.variants_including_master.update_all(:deleted_at => Time.now)
|
|
98
|
+
@product.destroy
|
|
100
99
|
respond_with(@product, :status => 204)
|
|
101
100
|
end
|
|
102
101
|
|
|
@@ -32,7 +32,7 @@ module Spree
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def order_attributes
|
|
35
|
-
[:id, :number, :item_total, :total, :ship_total, :state, :adjustment_total, :user_id, :created_at, :updated_at, :completed_at, :payment_total, :shipment_state, :payment_state, :email, :special_instructions, :token, :channel]
|
|
35
|
+
[:id, :number, :item_total, :total, :ship_total, :state, :adjustment_total, :user_id, :created_at, :updated_at, :completed_at, :payment_total, :shipment_state, :payment_state, :email, :special_instructions, :token, :channel, :currency]
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def line_item_attributes
|
|
@@ -22,6 +22,16 @@ module Spree
|
|
|
22
22
|
Spree::Config[:track_inventory_levels] = true
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
context "GET 'show'" do
|
|
26
|
+
let(:order) { create(:order) }
|
|
27
|
+
|
|
28
|
+
it "redirects to Orders#show" do
|
|
29
|
+
api_get :show, :id => order.number
|
|
30
|
+
response.status.should == 301
|
|
31
|
+
response.should redirect_to("/api/orders/#{order.number}")
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
25
35
|
context "POST 'create'" do
|
|
26
36
|
it "creates a new order when no parameters are passed" do
|
|
27
37
|
api_post :create
|
|
@@ -10,11 +10,8 @@ module Spree
|
|
|
10
10
|
let(:attributes) { [:id, :quantity, :price, :variant] }
|
|
11
11
|
let(:resource_scoping) { { :order_id => order.to_param } }
|
|
12
12
|
|
|
13
|
-
before do
|
|
14
|
-
stub_authentication!
|
|
15
|
-
end
|
|
16
|
-
|
|
17
13
|
it "can learn how to create a new line item" do
|
|
14
|
+
controller.stub :try_spree_current_user => current_api_user
|
|
18
15
|
api_get :new
|
|
19
16
|
json_response["attributes"].should == ["quantity", "price", "variant_id"]
|
|
20
17
|
required_attributes = json_response["required_attributes"]
|
|
@@ -23,6 +20,7 @@ module Spree
|
|
|
23
20
|
|
|
24
21
|
context "as the order owner" do
|
|
25
22
|
before do
|
|
23
|
+
controller.stub :try_spree_current_user => current_api_user
|
|
26
24
|
Order.any_instance.stub :user => current_api_user
|
|
27
25
|
end
|
|
28
26
|
|
|
@@ -68,6 +66,11 @@ module Spree
|
|
|
68
66
|
end
|
|
69
67
|
|
|
70
68
|
context "as just another user" do
|
|
69
|
+
before do
|
|
70
|
+
user = create(:user)
|
|
71
|
+
controller.stub :try_spree_current_user => user
|
|
72
|
+
end
|
|
73
|
+
|
|
71
74
|
it "cannot add a new line item to the order" do
|
|
72
75
|
api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
|
|
73
76
|
assert_unauthorized!
|
|
@@ -11,7 +11,9 @@ module Spree
|
|
|
11
11
|
before { stub_authentication! }
|
|
12
12
|
|
|
13
13
|
context "as a normal user" do
|
|
14
|
-
before
|
|
14
|
+
before do
|
|
15
|
+
controller.stub :current_api_user => user
|
|
16
|
+
end
|
|
15
17
|
|
|
16
18
|
it "can get own details" do
|
|
17
19
|
api_get :show, :id => user.id
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spree_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Bigg
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: spree_core
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 2.0.
|
|
19
|
+
version: 2.0.10
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 2.0.
|
|
26
|
+
version: 2.0.10
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rabl
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -246,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
246
246
|
version: '0'
|
|
247
247
|
requirements: []
|
|
248
248
|
rubyforge_project:
|
|
249
|
-
rubygems_version: 2.2.
|
|
249
|
+
rubygems_version: 2.2.2
|
|
250
250
|
signing_key:
|
|
251
251
|
specification_version: 4
|
|
252
252
|
summary: Spree's API
|