spree_api 2.1.5 → 2.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8ec8d2a00aea7321fefad11982a2d8189dac5966
-  data.tar.gz: a623fd16b63b39761f6b84aead9790e95c163f74
+  metadata.gz: 02fd5d06ef9c3f4ff35f710a66e4d1b187d08abd
+  data.tar.gz: f3623943eb622ff032d8ee517767233fe97dd5c1
 SHA512:
-  metadata.gz: 07a0829cf7e00aaab18ef8d21f69f5e546b3f35b224008a38ef61d6b9517ad317184f9187a621b047192b41fb88726fbc48b1930ba2bbd923c89d39e9aaf80fc
-  data.tar.gz: 03e458073acca0d80cd9f34712d4b9aeb5b4ab077e285e4456ab3e07f9d692984f099ab3a7fd83fee881f688ac159fe2619cef88320ed8eb703616f3937f3d44
+  metadata.gz: 78ba1c0714fab0a471d20015f35c6cc828306b4b4a9588f8688e0c938cc56be97ee42d887db371f8bf345926c3a05049170fe5b6bcfae14f41c51a975bd70268
+  data.tar.gz: a9b071acd933a1767c3b5686e02e15221fa8578d229c74fb6063ce6c901f16b8102e1552199b5ebd5c575ff732d61eb906e0656d134e0e98ee16da0bd6c52e68

data/app/controllers/spree/api/addresses_controller.rb

@@ -38,10 +38,6 @@ module Spree
             raise CanCan::AccessDenied
           end
         end
-
-        def order_token
-          request.headers["X-Spree-Order-Token"] || params[:order_token]
-        end
     end
   end
 end

data/app/controllers/spree/api/base_controller.rb

@@ -9,6 +9,8 @@ module Spree
       include Spree::Core::ControllerHelpers::StrongParameters
       include ::ActionController::Head
       include ::ActionController::ConditionalGet
+      include ::ActionController::Redirecting
+      include Spree::Core::Engine.routes.url_helpers
 
       self.responder = Spree::Api::Responders::AppResponder
 
@@ -17,7 +19,8 @@ module Spree
       attr_accessor :current_api_user
 
       before_filter :set_content_type
-      before_filter :check_for_user_or_api_key, :if => :requires_authentication?
+      before_filter :load_user
+      before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
       before_filter :authenticate_user
       after_filter  :set_jsonp_format
 
@@ -59,28 +62,23 @@ module Spree
       def set_content_type
         content_type = case params[:format]
         when "json"
-          "application/json"
+          "application/json; charset=utf-8"
         when "xml"
-          "text/xml"
+          "text/xml; charset=utf-8"
         end
         headers["Content-Type"] = content_type
       end
 
-      def check_for_user_or_api_key
-        # User is already authenticated with Spree, make request this way instead.
-        return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
-
-        if api_key.blank?
-          render "spree/api/errors/must_specify_api_key", :status => 401 and return
-        end
+      def load_user
+        @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
       end
 
       def authenticate_user
         unless @current_api_user
-          if requires_authentication? || api_key.present?
-            unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
-              render "spree/api/errors/invalid_api_key", :status => 401 and return
-            end
+          if requires_authentication? && api_key.blank? && order_token.blank?
+            render "spree/api/errors/must_specify_api_key", :status => 401 and return
+          elsif order_token.blank? && (requires_authentication? || api_key.present?)
+            render "spree/api/errors/invalid_api_key", :status => 401 and return
           else
             # An anonymous user
             @current_api_user = Spree.user_class.new
@@ -112,6 +110,11 @@ module Spree
         Spree::Ability.new(current_api_user)
       end
 
+      def current_currency
+        Spree::Config[:currency]
+      end
+      helper_method :current_currency
+
       def invalid_resource!(resource)
         @resource = resource
         render "spree/api/errors/invalid_resource", :status => 422
@@ -122,6 +125,10 @@ module Spree
       end
       helper_method :api_key
 
+      def order_token
+        request.headers["X-Spree-Order-Token"] || params[:order_token]
+      end
+
       def find_product(id)
         begin
           product_scope.find_by_permalink!(id.to_s)
@@ -146,6 +153,11 @@ module Spree
 
         scope
       end
+
+      def authorize_for_order
+        @order = Spree::Order.find_by(number: params[:order_id] || params[:id])
+        authorize! :read, @order, order_token
+      end
     end
   end
 end

data/app/controllers/spree/api/checkouts_controller.rb

@@ -31,8 +31,7 @@ module Spree
       end
 
       def show
-        load_order
-        respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
+        redirect_to(api_order_path(params[:id]), status: 301)
       end
 
       def update
@@ -134,10 +133,6 @@ module Spree
           end
           false
         end
-
-        def order_token
-          request.headers["X-Spree-Order-Token"] || params[:order_token]
-        end
     end
   end
 end

data/app/controllers/spree/api/line_items_controller.rb

@@ -41,10 +41,6 @@ module Spree
         def line_item_params
           params.require(:line_item).permit(:quantity, :variant_id)
         end
-
-        def order_token
-          request.headers["X-Spree-Order-Token"] || params[:order_token]
-        end
     end
   end
 end

data/app/controllers/spree/api/orders_controller.rb

@@ -168,10 +168,6 @@ module Spree
         def before_delivery
           @order.create_proposed_shipments
         end
-
-        def order_token
-          request.headers["X-Spree-Order-Token"] || params[:order_token]
-        end
     end
   end
 end

data/app/controllers/spree/api/products_controller.rb

@@ -9,7 +9,7 @@ module Spree
           @products = product_scope.ransack(params[:q]).result
         end
 
-        @products = @products.page(params[:page]).per(params[:per_page])
+        @products = @products.distinct.page(params[:page]).per(params[:per_page])
       end
 
       def show
@@ -116,8 +116,7 @@ module Spree
       def destroy
         @product = find_product(params[:id])
         authorize! :destroy, @product
-        @product.update_attribute(:deleted_at, Time.now)
-        @product.variants_including_master.update_all(:deleted_at => Time.now)
+        @product.destroy
         respond_with(@product, :status => 204)
       end
 

data/app/helpers/spree/api/api_helpers.rb

@@ -71,7 +71,9 @@ module Spree
       @@order_attributes = [
         :id, :number, :item_total, :total, :ship_total, :state, :adjustment_total,
         :user_id, :created_at, :updated_at, :completed_at, :payment_total,
-        :shipment_state, :payment_state, :email, :special_instructions, :channel, :tax_total
+        :shipment_state, :payment_state, :email, :special_instructions, :channel,
+        :included_tax_total, :additional_tax_total, :display_included_tax_total,
+        :display_additional_tax_total, :tax_total, :currency
       ]
 
       @@line_item_attributes = [:id, :quantity, :price, :variant_id]

data/app/views/spree/api/products/show.v1.rabl

@@ -1,5 +1,5 @@
 object @product
-cache @product
+cache [current_currency, root_object]
 attributes *product_attributes
 node(:display_price) { |p| p.display_price.to_s }
 child :variants_including_master => :variants do

data/lib/spree/api/testing_support/helpers.rb

@@ -17,8 +17,7 @@ module Spree
         end
 
         def stub_authentication!
-          controller.stub :check_for_user_or_api_key
-          Spree::LegacyUser.stub :find_by_spree_api_key => current_api_user
+          Spree::LegacyUser.stub(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
         end
 
         # This method can be overriden (with a let block) inside a context

data/spec/controllers/spree/api/base_controller_spec.rb

@@ -21,6 +21,24 @@ describe Spree::Api::BaseController do
     end
   end
 
+  context "when validating based on an order token" do
+    let!(:order) { create :order }
+
+    context "with a correct order token" do
+      it "succeeds" do
+        api_get :index, order_token: order.token, order_id: order.number
+        response.status.should == 200
+      end
+    end
+
+    context "with an incorrect order token" do
+      it "returns unauthorized" do
+        api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
+        response.status.should == 401
+      end
+    end
+  end
+
   context "cannot make a request to the API" do
     it "without an API key" do
       api_get :index

data/spec/controllers/spree/api/checkouts_controller_spec.rb

@@ -22,6 +22,16 @@ module Spree
       Spree::Config[:track_inventory_levels] = true
     end
 
+    context "GET 'show'" do
+      let(:order) { create(:order) }
+
+      it "redirects to Orders#show" do
+        api_get :show, :id => order.number
+        response.status.should == 301
+        response.should redirect_to("/api/orders/#{order.number}")
+      end
+    end
+
     context "POST 'create'" do
       it "creates a new order when no parameters are passed" do
         api_post :create

data/spec/controllers/spree/api/line_items_controller_spec.rb

@@ -10,11 +10,8 @@ module Spree
     let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
     let(:resource_scoping) { { :order_id => order.to_param } }
 
-    before do
-      stub_authentication!
-    end
-
     it "can learn how to create a new line item" do
+      controller.stub :try_spree_current_user => current_api_user
       api_get :new
       json_response["attributes"].should == ["quantity", "price", "variant_id"]
       required_attributes = json_response["required_attributes"]
@@ -40,6 +37,7 @@ module Spree
 
     context "as the order owner" do
       before do
+        controller.stub :try_spree_current_user => current_api_user
         Order.any_instance.stub :user => current_api_user
       end
 
@@ -97,10 +95,28 @@ module Spree
           api_delete :destroy, :id => line_item.id
           expect(order.reload.shipments).to be_empty
         end
+
+        context "order is completed" do
+          before do
+            order.stub completed?: true
+            Order.stub find_by!: order
+          end
+
+          it "doesn't destroy shipments or restart checkout flow" do
+            expect(order.reload.shipments).not_to be_empty
+            api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+            expect(order.reload.shipments).not_to be_empty
+          end
+        end
       end
     end
 
     context "as just another user" do
+      before do
+        user = create(:user)
+        controller.stub :try_spree_current_user => user
+      end
+
       it "cannot add a new line item to the order" do
         api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
         assert_unauthorized!

data/spec/controllers/spree/api/orders_controller_spec.rb

@@ -13,7 +13,7 @@ module Spree
                         :user_id, :created_at, :updated_at,
                         :completed_at, :payment_total, :shipment_state,
                         :payment_state, :email, :special_instructions,
-                        :total_quantity, :display_item_total] }
+                        :total_quantity, :display_item_total, :currency] }
 
     let(:address_params) { { :country_id => Country.first.id, :state_id => State.first.id } }
 

data/spec/controllers/spree/api/products_controller_spec.rb

@@ -28,6 +28,24 @@ module Spree
     end
 
     context "as a normal user" do
+      context "with caching enabled" do
+        let!(:product_2) { create(:product) }
+
+        before do
+          ActionController::Base.perform_caching = true
+        end
+
+        it "returns unique products" do
+          api_get :index
+          product_ids = json_response["products"].map { |p| p["id"] }
+          expect(product_ids.uniq.count).to eq(product_ids.count)
+        end
+
+        after do
+          ActionController::Base.perform_caching = false
+        end
+      end
+
       it "retrieves a list of products" do
         api_get :index
         json_response["products"].first.should have_attributes(attributes)
@@ -46,6 +64,15 @@ module Spree
         json_response["per_page"].should == Kaminari.config.default_per_page
       end
 
+      context "product has more than one price" do
+        before { product.master.prices.create currency: "EUR", amount: 22 }
+
+        it "returns distinct products only" do
+          api_get :index
+          expect(assigns(:products).map(&:id).uniq).to eq assigns(:products).map(&:id)
+        end
+      end
+
       it "retrieves a list of products by ids string" do
         second_product = create(:product)
         api_get :index, :ids => [product.id, second_product.id].join(",")

data/spec/controllers/spree/api/users_controller_spec.rb

@@ -11,7 +11,9 @@ module Spree
     before { stub_authentication! }
 
     context "as a normal user" do
-      before { Spree::LegacyUser.stub :find_by_spree_api_key => user }
+      before do
+        controller.stub :try_spree_current_user => user
+      end
 
       it "can get own details" do
         api_get :show, :id => user.id

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_api
 version: !ruby/object:Gem::Version
-  version: 2.1.5
+  version: 2.1.6
 platform: ruby
 authors:
 - Ryan Bigg
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-18 00:00:00.000000000 Z
+date: 2014-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.1.5
+        version: 2.1.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.1.5
+        version: 2.1.6
 - !ruby/object:Gem::Dependency
   name: rabl
   requirement: !ruby/object:Gem::Requirement
@@ -254,7 +254,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.0
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Spree's API