spree_api 2.0.9 → 2.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +1 -1
- data/app/controllers/spree/api/base_controller.rb +15 -2
- data/app/controllers/spree/api/checkouts_controller.rb +1 -2
- data/app/controllers/spree/api/line_items_controller.rb +3 -3
- data/app/controllers/spree/api/products_controller.rb +1 -2
- data/app/helpers/spree/api/api_helpers.rb +1 -1
- data/spec/controllers/spree/api/checkouts_controller_spec.rb +10 -0
- data/spec/controllers/spree/api/line_items_controller_spec.rb +7 -4
- data/spec/controllers/spree/api/users_controller_spec.rb +3 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aa047ba09ae648902132c95077e64faad8eb1f63
|
|
4
|
+
data.tar.gz: e2fcbef05544ad3fd2f65f79fca38f175365800e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 936aed8b8100f9f0e754109c74851a632abd2614e3c9a5951edf06aa782e7b00424bbebcb5665f45992a6295b66337dce4c64cc889e657d82656c2ac0a61ac21
|
|
7
|
+
data.tar.gz: f4af5a1402eebf511cb0911d26ff65877708f721682cc1e01452e7fb20cbe81ecb0f4e34741dfafa1c3ca35abe2ffc7f8281abcb27d69b59921c27d3faa989f4
|
data/CHANGELOG.md
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
## Spree 2.0.
|
|
1
|
+
## Spree 2.0.10 (unreleased) ##
|
|
@@ -6,6 +6,8 @@ module Spree
|
|
|
6
6
|
include Spree::Api::ControllerSetup
|
|
7
7
|
include Spree::Core::ControllerHelpers::SSL
|
|
8
8
|
include ::ActionController::Head
|
|
9
|
+
include ::ActionController::Redirecting
|
|
10
|
+
include Spree::Core::Engine.routes.url_helpers
|
|
9
11
|
|
|
10
12
|
self.responder = Spree::Api::Responders::AppResponder
|
|
11
13
|
|
|
@@ -15,6 +17,7 @@ module Spree
|
|
|
15
17
|
|
|
16
18
|
before_filter :set_content_type
|
|
17
19
|
before_filter :check_for_user_or_api_key, :if => :requires_authentication?
|
|
20
|
+
before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
|
|
18
21
|
before_filter :authenticate_user
|
|
19
22
|
after_filter :set_jsonp_format
|
|
20
23
|
|
|
@@ -58,14 +61,14 @@ module Spree
|
|
|
58
61
|
# User is already authenticated with Spree, make request this way instead.
|
|
59
62
|
return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
|
|
60
63
|
|
|
61
|
-
if api_key.blank?
|
|
64
|
+
if api_key.blank? && order_token.blank?
|
|
62
65
|
render "spree/api/errors/must_specify_api_key", :status => 401 and return
|
|
63
66
|
end
|
|
64
67
|
end
|
|
65
68
|
|
|
66
69
|
def authenticate_user
|
|
67
70
|
unless @current_api_user
|
|
68
|
-
if requires_authentication? || api_key.present?
|
|
71
|
+
if order_token.blank? && (requires_authentication? || api_key.present?)
|
|
69
72
|
unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
|
|
70
73
|
render "spree/api/errors/invalid_api_key", :status => 401 and return
|
|
71
74
|
end
|
|
@@ -107,6 +110,10 @@ module Spree
|
|
|
107
110
|
end
|
|
108
111
|
helper_method :api_key
|
|
109
112
|
|
|
113
|
+
def order_token
|
|
114
|
+
request.headers["X-Spree-Order-Token"] || params[:order_token]
|
|
115
|
+
end
|
|
116
|
+
|
|
110
117
|
def find_product(id)
|
|
111
118
|
begin
|
|
112
119
|
product_scope.find_by_permalink!(id.to_s)
|
|
@@ -128,6 +135,12 @@ module Spree
|
|
|
128
135
|
scope.includes(:master)
|
|
129
136
|
end
|
|
130
137
|
|
|
138
|
+
def authorize_for_order
|
|
139
|
+
@order = Spree::Order.find_by_number(params[:order_id] || params[:id])
|
|
140
|
+
unless @order.token == order_token
|
|
141
|
+
unauthorized
|
|
142
|
+
end
|
|
143
|
+
end
|
|
131
144
|
end
|
|
132
145
|
end
|
|
133
146
|
end
|
|
@@ -4,7 +4,7 @@ module Spree
|
|
|
4
4
|
respond_to :json
|
|
5
5
|
|
|
6
6
|
def create
|
|
7
|
-
authorize! :
|
|
7
|
+
authorize! :update, order, order_token
|
|
8
8
|
@line_item = order.line_items.build(params[:line_item], :as => :api)
|
|
9
9
|
if @line_item.save
|
|
10
10
|
@order.ensure_updated_shipments
|
|
@@ -15,7 +15,7 @@ module Spree
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def update
|
|
18
|
-
authorize! :
|
|
18
|
+
authorize! :update, order, order_token
|
|
19
19
|
@line_item = order.line_items.find(params[:id])
|
|
20
20
|
if @line_item.update_attributes(params[:line_item], :as => :api)
|
|
21
21
|
@order.ensure_updated_shipments
|
|
@@ -26,7 +26,7 @@ module Spree
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
def destroy
|
|
29
|
-
authorize! :
|
|
29
|
+
authorize! :update, order, order_token
|
|
30
30
|
@line_item = order.line_items.find(params[:id])
|
|
31
31
|
@line_item.destroy
|
|
32
32
|
respond_with(@line_item, :status => 204)
|
|
@@ -95,8 +95,7 @@ module Spree
|
|
|
95
95
|
def destroy
|
|
96
96
|
authorize! :delete, Product
|
|
97
97
|
@product = find_product(params[:id])
|
|
98
|
-
@product.
|
|
99
|
-
@product.variants_including_master.update_all(:deleted_at => Time.now)
|
|
98
|
+
@product.destroy
|
|
100
99
|
respond_with(@product, :status => 204)
|
|
101
100
|
end
|
|
102
101
|
|
|
@@ -32,7 +32,7 @@ module Spree
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def order_attributes
|
|
35
|
-
[:id, :number, :item_total, :total, :ship_total, :state, :adjustment_total, :user_id, :created_at, :updated_at, :completed_at, :payment_total, :shipment_state, :payment_state, :email, :special_instructions, :token, :channel]
|
|
35
|
+
[:id, :number, :item_total, :total, :ship_total, :state, :adjustment_total, :user_id, :created_at, :updated_at, :completed_at, :payment_total, :shipment_state, :payment_state, :email, :special_instructions, :token, :channel, :currency]
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def line_item_attributes
|
|
@@ -22,6 +22,16 @@ module Spree
|
|
|
22
22
|
Spree::Config[:track_inventory_levels] = true
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
context "GET 'show'" do
|
|
26
|
+
let(:order) { create(:order) }
|
|
27
|
+
|
|
28
|
+
it "redirects to Orders#show" do
|
|
29
|
+
api_get :show, :id => order.number
|
|
30
|
+
response.status.should == 301
|
|
31
|
+
response.should redirect_to("/api/orders/#{order.number}")
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
25
35
|
context "POST 'create'" do
|
|
26
36
|
it "creates a new order when no parameters are passed" do
|
|
27
37
|
api_post :create
|
|
@@ -10,11 +10,8 @@ module Spree
|
|
|
10
10
|
let(:attributes) { [:id, :quantity, :price, :variant] }
|
|
11
11
|
let(:resource_scoping) { { :order_id => order.to_param } }
|
|
12
12
|
|
|
13
|
-
before do
|
|
14
|
-
stub_authentication!
|
|
15
|
-
end
|
|
16
|
-
|
|
17
13
|
it "can learn how to create a new line item" do
|
|
14
|
+
controller.stub :try_spree_current_user => current_api_user
|
|
18
15
|
api_get :new
|
|
19
16
|
json_response["attributes"].should == ["quantity", "price", "variant_id"]
|
|
20
17
|
required_attributes = json_response["required_attributes"]
|
|
@@ -23,6 +20,7 @@ module Spree
|
|
|
23
20
|
|
|
24
21
|
context "as the order owner" do
|
|
25
22
|
before do
|
|
23
|
+
controller.stub :try_spree_current_user => current_api_user
|
|
26
24
|
Order.any_instance.stub :user => current_api_user
|
|
27
25
|
end
|
|
28
26
|
|
|
@@ -68,6 +66,11 @@ module Spree
|
|
|
68
66
|
end
|
|
69
67
|
|
|
70
68
|
context "as just another user" do
|
|
69
|
+
before do
|
|
70
|
+
user = create(:user)
|
|
71
|
+
controller.stub :try_spree_current_user => user
|
|
72
|
+
end
|
|
73
|
+
|
|
71
74
|
it "cannot add a new line item to the order" do
|
|
72
75
|
api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
|
|
73
76
|
assert_unauthorized!
|
|
@@ -11,7 +11,9 @@ module Spree
|
|
|
11
11
|
before { stub_authentication! }
|
|
12
12
|
|
|
13
13
|
context "as a normal user" do
|
|
14
|
-
before
|
|
14
|
+
before do
|
|
15
|
+
controller.stub :current_api_user => user
|
|
16
|
+
end
|
|
15
17
|
|
|
16
18
|
it "can get own details" do
|
|
17
19
|
api_get :show, :id => user.id
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spree_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Bigg
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: spree_core
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 2.0.
|
|
19
|
+
version: 2.0.10
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 2.0.
|
|
26
|
+
version: 2.0.10
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rabl
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -246,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
246
246
|
version: '0'
|
|
247
247
|
requirements: []
|
|
248
248
|
rubyforge_project:
|
|
249
|
-
rubygems_version: 2.2.
|
|
249
|
+
rubygems_version: 2.2.2
|
|
250
250
|
signing_key:
|
|
251
251
|
specification_version: 4
|
|
252
252
|
summary: Spree's API
|