RubyGems - spree_api - Versions diffs - 2.1.12 → 2.2.0 - Mend

spree_api 2.1.12 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6a08ed7200c466d0fd9ec9f30a023e25762b0818
-  data.tar.gz: 7e46adff6873f64f2cbfeeb272ea0b9a1cd72ed5
+  metadata.gz: 4e802b7e59fd0ecbd4af2cdaae70e049780d4f2f
+  data.tar.gz: 296836af524b2aff916ac7f7d5fa6a4211997194
 SHA512:
-  metadata.gz: e2b70fb725a233dca2913251d058a3ff0ede0ba0f6490eaba055e439a96764db21eaa0a4b2206ad4538cebce2a61fa9215b76cde3d3b50e9463992559e3f713e
-  data.tar.gz: d822c1904e28486d7d6e79e6e4d485a32457bfb03daf035ba039bdaa6c80343a2368bc3ac0c638e2f7eb1e3e3676b12860eaac33823faabef618b75a5a74c701
+  metadata.gz: fce325a070ade67fa025cbbc9026736ab956537adfa2fb8bf3858cb1fc2eab7c827f1ea543db9d9f5a35864d718fe94ef37cb92f37cfef96faf460bc641584e7
+  data.tar.gz: 7d346032e759b80968da1deb2081c73d266f97853a388461b90febddcfa510baa7b6ed366d11eac6866fe4dcaa8de126a6e788ce11bdfd673b1b76c4b12b895d

data/CHANGELOG.md CHANGED Viewed

@@ -1 +1,51 @@
-## Spree 2.1.5 (unreleased) ##
+## Spree 2.2.0 (unreleased) ##
+*   Api requires authentication by default now
+    Peter Berkenbosch
+*   Improve products_controller #create and #update for better support to create
+    and update variants, option types and option values.
+    See #4172 and #4240
+    Bruno Buccolo / Washington Luiz / John Dyer
+*   ApiHelpers attributes can now be extended without overriding instance
+    methods. By using the same approach in PermittedAttributes. e.g.
+        Spree::Api::ApiHelpers.order_attributes.push :locked_at
+    Washington Luiz
+*   Admin users can set the order channel when importing orders. By sing the
+    channel attribute on Order model
+    Washington Luiz
+*   Cached products/show template, which can lead to drastically (65x) faster loading times on product requests. 806319709c4ce9a3d0026e00ec2d07372f51cdb8
+    Ryan Bigg
+*   The parts that make up an order's response from /api/orders/:num are cached, which can lead to a 5x improvement of speed for this API endpoint. 80ffb1e739606ac02ac86336ac13a51583bcc225
+    Ryan Bigg
+* Cached variant objects which can lead to slightly faster loading times (4x) for each variant.
+    Ryan Bigg
+* Added a route to allow for /api/variants/:id requests
+    Ryan Bigg
+* Products response now contains a master variant separately from all the other variants. Previously all variants were grouped together.
+    Ryan Bigg
+* Added API endpoint to retrieve a user's orders: /api/orders/mine. #4022
+    Richard Nuno
+* Order token can now be passed as a header: `X-Spree-Order-Token`. #4148
+    Lucjan Suski

data/app/controllers/spree/api/addresses_controller.rb CHANGED Viewed

@@ -4,14 +4,12 @@ module Spree
       before_filter :find_order
       def show
-        authorize! :read, @order, order_token
-        find_address
+        load_and_authorize_address(:read)
         respond_with(@address)
       end
       def update
-        authorize! :update, @order, order_token
-        find_address
+        load_and_authorize_address(:update)
         if @address.update_attributes(address_params)
           respond_with(@address, :default_template => :show)
@@ -26,16 +24,33 @@ module Spree
         end
         def find_order
-          @order = Spree::Order.find_by!(number: params[:order_id])
+          @order = Spree::Order.find_by!(number: params[:order_id]) if params[:order_id]
         end
         def find_address
-          @address = if @order.bill_address_id == params[:id].to_i
-            @order.bill_address
-          elsif @order.ship_address_id == params[:id].to_i
-            @order.ship_address
+          if @order
+            @address = if @order.bill_address_id == params[:id].to_i
+              @order.bill_address
+            elsif @order.ship_address_id == params[:id].to_i
+              @order.ship_address
+            else
+              raise CanCan::AccessDenied
+            end
           else
-            raise CanCan::AccessDenied
+            @address = Spree::Address.find(params[:id])
+          end
+        end
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
+        def load_and_authorize_address(permission)
+          find_address
+          if @order
+            authorize! permission, @order, order_token
+          else
+            authorize! permission, @address
           end
         end
     end

data/app/controllers/spree/api/base_controller.rb CHANGED Viewed

@@ -9,18 +9,11 @@ module Spree
       include Spree::Core::ControllerHelpers::StrongParameters
       include ::ActionController::Head
       include ::ActionController::ConditionalGet
-      include ::ActionController::Redirecting
-      include Spree::Core::Engine.routes.url_helpers
-      self.responder = Spree::Api::Responders::AppResponder
-      respond_to :json
       attr_accessor :current_api_user
       before_filter :set_content_type
-      before_filter :load_user
-      before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
+      before_filter :check_for_user_or_api_key, :if => :requires_authentication?
       before_filter :authenticate_user
       after_filter  :set_jsonp_format
@@ -51,7 +44,7 @@ module Spree
       # users should be able to set price when importing orders via api
       def permitted_line_item_attributes
         if current_api_user.has_spree_role?("admin")
-          super + [:price, :variant_id, :sku]
+          super << [:price, :variant_id, :sku]
         else
           super
         end
@@ -62,23 +55,28 @@ module Spree
       def set_content_type
         content_type = case params[:format]
         when "json"
-          "application/json; charset=utf-8"
+          "application/json"
         when "xml"
-          "text/xml; charset=utf-8"
+          "text/xml"
         end
         headers["Content-Type"] = content_type
       end
-      def load_user
-        @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
+      def check_for_user_or_api_key
+        # User is already authenticated with Spree, make request this way instead.
+        return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
+        if api_key.blank?
+          render "spree/api/errors/must_specify_api_key", :status => 401 and return
+        end
       end
       def authenticate_user
         unless @current_api_user
-          if requires_authentication? && api_key.blank? && order_token.blank?
-            render "spree/api/errors/must_specify_api_key", :status => 401 and return
-          elsif order_token.blank? && (requires_authentication? || api_key.present?)
-            render "spree/api/errors/invalid_api_key", :status => 401 and return
+          if requires_authentication? || api_key.present?
+            unless @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
+              render "spree/api/errors/invalid_api_key", :status => 401 and return
+            end
           else
             # An anonymous user
             @current_api_user = Spree.user_class.new
@@ -125,13 +123,9 @@ module Spree
       end
       helper_method :api_key
-      def order_token
-        request.headers["X-Spree-Order-Token"] || params[:order_token]
-      end
       def find_product(id)
         begin
-          product_scope.find_by_permalink!(id.to_s)
+          product_scope.friendly.find(id.to_s)
         rescue ActiveRecord::RecordNotFound
           product_scope.find(id)
         end
@@ -141,23 +135,18 @@ module Spree
         variants_associations = [{ option_values: :option_type }, :default_price, :prices, :images]
         if current_api_user.has_spree_role?("admin")
           scope = Product.with_deleted.accessible_by(current_ability, :read)
-            .includes(:product_properties, :option_types, variants_including_master: variants_associations)
+            .includes(:properties, :option_types, variants: variants_associations, master: variants_associations)
           unless params[:show_deleted]
             scope = scope.not_deleted
           end
         else
           scope = Product.accessible_by(current_ability, :read).active
-            .includes(:product_properties, :option_types, variants_including_master: variants_associations)
+            .includes(:properties, :option_types, variants: variants_associations, master: variants_associations)
         end
         scope
       end
-      def authorize_for_order
-        @order = Spree::Order.find_by(number: params[:order_id] || params[:id])
-        authorize! :read, @order, order_token
-      end
     end
   end
 end

data/app/controllers/spree/api/checkouts_controller.rb CHANGED Viewed

@@ -31,7 +31,8 @@ module Spree
       end
       def show
-        redirect_to(api_order_path(params[:id]), status: 301)
+        load_order
+        respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
       end
       def update
@@ -53,28 +54,11 @@ module Spree
       end
       private
-        def object_params
-          modify_payment_attributes params[:order] || {}
-          protected_params = if params[:order]
-                               params.require(:order).permit(permitted_checkout_attributes)
-                             else
-                               {}
-                             end
-          map_nested_attributes_keys Order, protected_params
-        end
-        def user_id
-          params[:order][:user_id] if params[:order]
-        end
-        # For payment step, filter order parameters to produce the expected
-        # nested attributes for a single payment and its source, discarding
-        # attributes for payment methods other than the one selected
-        #
-        # respond_to check is necessary due to issue described in #2910
-        def modify_payment_attributes(object_params)
+        def object_params
+          # For payment step, filter order parameters to produce the expected nested attributes for a single payment and its source, discarding attributes for payment methods other than the one selected
+          # respond_to check is necessary due to issue described in #2910
+          object_params = nested_params
           if @order.has_checkout_step?('payment') && @order.payment?
             if object_params[:payments_attributes].is_a?(Hash)
               object_params[:payments_attributes] = [object_params[:payments_attributes]]
@@ -86,6 +70,11 @@ module Spree
               object_params[:payments_attributes].first[:amount] = @order.total.to_s
             end
           end
+          object_params
+        end
+        def user_id
+          params[:order][:user_id] if params[:order]
         end
         def nested_params
@@ -105,10 +94,6 @@ module Spree
           state_callback(:before)
         end
-        def current_currency
-          Spree::Config[:currency]
-        end
         def ip_address
           ''
         end
@@ -122,6 +107,10 @@ module Spree
           send(method_name) if respond_to?(method_name, true)
         end
+        def before_payment
+          @order.payments.destroy_all if request.put?
+        end
         def next!(options={})
           if @order.valid? && @order.next
             render 'spree/api/orders/show', status: options[:status] || 200
@@ -132,15 +121,20 @@ module Spree
         def after_update_attributes
           if object_params && object_params[:coupon_code].present?
-            coupon_result = Spree::Promo::CouponApplicator.new(@order).apply
-            if !coupon_result[:coupon_applied?]
-              @coupon_message = coupon_result[:error]
+            handler = PromotionHandler::Coupon.new(@order).apply
+            if handler.error.present?
+              @coupon_message = handler.error
               respond_with(@order, default_template: 'spree/api/orders/could_not_apply_coupon')
               return true
             end
           end
           false
         end
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end

data/app/controllers/spree/api/classifications_controller.rb ADDED Viewed

@@ -0,0 +1,18 @@
+module Spree
+  module Api
+    class ClassificationsController < Spree::Api::BaseController
+      def update
+        authorize! :update, Product
+        authorize! :update, Taxon
+        classification = Spree::Classification.find_by(
+          :product_id => params[:product_id],
+          :taxon_id => params[:taxon_id]
+        )
+        # Because position we get back is 0-indexed.
+        # acts_as_list is 1-indexed.
+        classification.insert_at(params[:position].to_i + 1)
+        render :nothing => true
+      end
+    end
+  end
+end

data/app/controllers/spree/api/line_items_controller.rb CHANGED Viewed

@@ -15,8 +15,9 @@ module Spree
       def update
         @line_item = order.line_items.find(params[:id])
-        if @line_item.update_attributes(line_item_params)
+        if @order.contents.update_cart(line_items_attributes)
           @order.ensure_updated_shipments
+          @line_item.reload
           respond_with(@line_item, default_template: :show)
         else
           invalid_resource!(@line_item)
@@ -38,9 +39,20 @@ module Spree
           authorize! :update, @order, order_token
         end
+        def line_items_attributes
+          { line_items_attributes: {
+            id: params[:id],
+            quantity: params[:line_item][:quantity]
+          } }
+        end
         def line_item_params
           params.require(:line_item).permit(:quantity, :variant_id)
         end
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end

data/app/controllers/spree/api/option_types_controller.rb CHANGED Viewed

@@ -3,9 +3,9 @@ module Spree
     class OptionTypesController < Spree::Api::BaseController
       def index
         if params[:ids]
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).where(:id => params[:ids].split(','))
         else
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).load.ransack(params[:q]).result
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).load.ransack(params[:q]).result
         end
         respond_with(@option_types)
       end

data/app/controllers/spree/api/option_values_controller.rb CHANGED Viewed

@@ -51,7 +51,7 @@ module Spree
         end
         def option_value_params
-          params.require(:option_value).permit(permitted_option_value_attributes)
+          params.require(:option_value).permit(permitted_option_type_attributes)
         end
     end
   end

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -28,7 +28,6 @@ module Spree
       def empty
         find_order
-        authorize! :update, @order, order_token
         @order.empty!
         @order.update!
         render text: nil, status: 200
@@ -42,7 +41,6 @@ module Spree
       def show
         find_order
-        authorize! :show, @order, order_token
         method = "before_#{@order.state}"
         send(method) if respond_to?(method, true)
         respond_with(@order)
@@ -50,7 +48,6 @@ module Spree
       def update
         find_order(true)
-        authorize! :update, @order, order_token
         # Parsing line items through as an update_attributes call in the API will result in
         # many line items for the same variant_id being created. We must be smarter about this,
         # hence the use of the update_line_items method, defined within order_decorator.rb.
@@ -66,7 +63,7 @@ module Spree
           invalid_resource!(@order)
         end
       end
       def mine
         if current_api_user.persisted?
           @orders = current_api_user.orders.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
@@ -75,37 +72,12 @@ module Spree
         end
       end
-      ##
-      # Applies a promotion code to the user's most recent order
-      # This is a temporary API method until we move to next Spree release which has this logic already in this commit.
-      #
-      # https://github.com/spree/spree/commit/72a5b74c47af975fc3492580415a4cdc2dc02c0c
-      #
-      # Source references:
-      #
-      # https://github.com/spree/spree/blob/master/frontend/app/controllers/spree/store_controller.rb#L13
-      # https://github.com/spree/spree/blob/2-1-stable/frontend/app/controllers/spree/orders_controller.rb#L100
       def apply_coupon_code
         find_order
-        authorize! :update, @order, order_token
         @order.coupon_code = params[:coupon_code]
-        @order.save
-        # https://github.com/spree/spree/blob/2-1-stable/core/lib/spree/promo/coupon_applicator.rb
-        result = Spree::Promo::CouponApplicator.new(@order).apply
-        result[:coupon_applied?]  ||= false
-        # Move flash.notice fields into success if applied
-        # An error message is in result[:error]
-        if result[:coupon_applied?] && result[:notice]
-          result[:success] = result[:notice]
-        end
-        # Need to turn hash result into object for RABL
-        # https://github.com/nesquena/rabl/wiki/Rendering-hash-objects-in-rabl
-        @coupon_result = OpenStruct.new(result)
-        render status: @coupon_result.coupon_applied? ? 200 : 422
+        @handler = PromotionHandler::Coupon.new(@order).apply
+        status = @handler.successful? ? 200 : 422
+        render "spree/api/promotions/handler", :status => status
       end
       private
@@ -134,7 +106,7 @@ module Spree
         def permitted_order_attributes
           if current_api_user.has_spree_role? "admin"
-            super + admin_order_attributes
+            super << admin_order_attributes
           else
             super
           end
@@ -142,7 +114,7 @@ module Spree
         def permitted_shipment_attributes
           if current_api_user.has_spree_role? "admin"
-            super + admin_shipment_attributes
+            super << admin_shipment_attributes
           else
             super
           end
@@ -166,11 +138,17 @@ module Spree
         def find_order(lock = false)
           @order = Spree::Order.lock(lock).find_by!(number: params[:id])
+          authorize! :update, @order, order_token
         end
         def before_delivery
           @order.create_proposed_shipments
         end
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end