spree_api 2.2.1 → 2.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2b9a1e586735e3cc1e1cee5cd20399b9921dc7b2
-  data.tar.gz: cb20dc4dc54932929151ce653e94964cc367a89f
+  metadata.gz: 898408b377a8e9d880bf8eb6ba24b5e732df26fc
+  data.tar.gz: 24fbb8abc05caf4c6a2f7a07c309690d44d0e3a2
 SHA512:
-  metadata.gz: bdc2ad8bdf4143851a2a16ecbad2dfe6bacde972a4f6e42bfa59907edf62e55ae4f5077bd58a37d84a8cedb29187aaa22f90aeef221b18bc8b873ed82b4b363a
-  data.tar.gz: 8ab5f9384fe52caffe246354ba6b16b62343d5b495d19feee302d89b9fdecbb499b6fb139efe1f0386f1a29dea8549947737ef632c89ce0c8b323a10c63cfe3d
+  metadata.gz: 348fa6f5b63439eeaacda5659931402eefe300c0eac4d9922d0b2800ada8baf81a40c6015c757cb331c47c8aaac8b2c5d84ffba38a0a26aee87ccb8e5a4444e6
+  data.tar.gz: cdaf932f2f3a76ab20e43d6b99bd49a9c2d41b58b525a72732187c7250296aa5f9835b78f1a49f665d33a903d4aa4f7d1ac4b8462dcceff39de2c4e243dd7895

data/CHANGELOG.md

@@ -1,4 +1,9 @@
-## Spree 2.2.1 (unreleased) ##
+## Spree 2.2.2 (unreleased) ##
 
 * refactor the api to use a general importer in core gem.
-    Peter Berkenbosch
+    
+  * Peter Berkenbosch
+
+* Allow for linking of users to orders by admins
+
+  * Ryan Bigg

data/app/controllers/spree/api/addresses_controller.rb

@@ -24,7 +24,7 @@ module Spree
         end
 
         def find_order
-          @order = Spree::Order.find_by!(number: params[:order_id]) if params[:order_id]
+          @order = Spree::Order.find_by!(number: order_id) if order_id
         end
 
         def find_address

data/app/controllers/spree/api/base_controller.rb

@@ -145,8 +145,12 @@ module Spree
         scope
       end
 
+      def order_id
+        params[:order_id] || params[:checkout_id] || params[:order_number]
+      end
+
       def authorize_for_order
-        @order = Spree::Order.find_by(number: params[:order_id] || params[:order_number] || params[:id])
+        @order = Spree::Order.find_by(number: order_id)
         authorize! :read, @order, order_token
       end
     end

data/app/controllers/spree/api/checkouts_controller.rb

@@ -130,6 +130,10 @@ module Spree
           end
           false
         end
+
+        def order_id
+          super || params[:id]
+        end
     end
   end
 end

data/app/controllers/spree/api/line_items_controller.rb

@@ -35,7 +35,7 @@ module Spree
       private
 
         def order
-          @order ||= Spree::Order.includes(:line_items).find_by!(number: params[:order_id])
+          @order ||= Spree::Order.includes(:line_items).find_by!(number: order_id)
           authorize! :update, @order, order_token
         end
 

data/app/controllers/spree/api/orders_controller.rb

@@ -28,6 +28,7 @@ module Spree
 
       def empty
         find_order
+        authorize! :update, @order, order_token
         @order.empty!
         @order.update!
         render text: nil, status: 200
@@ -41,6 +42,7 @@ module Spree
 
       def show
         find_order
+        authorize! :show, @order, order_token
         method = "before_#{@order.state}"
         send(method) if respond_to?(method, true)
         respond_with(@order)
@@ -48,6 +50,7 @@ module Spree
 
       def update
         find_order(true)
+        authorize! :update, @order, order_token
         # Parsing line items through as an update_attributes call in the API will result in
         # many line items for the same variant_id being created. We must be smarter about this,
         # hence the use of the update_line_items method, defined within order_decorator.rb.
@@ -74,6 +77,7 @@ module Spree
 
       def apply_coupon_code
         find_order
+        authorize! :update, @order, order_token
         @order.coupon_code = params[:coupon_code]
         @handler = PromotionHandler::Coupon.new(@order).apply
         status = @handler.successful? ? 200 : 422
@@ -138,13 +142,15 @@ module Spree
 
         def find_order(lock = false)
           @order = Spree::Order.lock(lock).find_by!(number: params[:id])
-          authorize! :update, @order, order_token
         end
 
         def before_delivery
           @order.create_proposed_shipments
         end
 
+        def order_id
+          super || params[:id]
+        end
     end
   end
 end

data/app/controllers/spree/api/payments_controller.rb

@@ -66,7 +66,7 @@ module Spree
       private
 
         def find_order
-          @order = Spree::Order.find_by(number: params[:order_id])
+          @order = Spree::Order.find_by(number: order_id)
           authorize! :read, @order
         end
 

data/app/controllers/spree/api/return_authorizations_controller.rb

@@ -76,7 +76,7 @@ module Spree
       private
 
       def order
-        @order ||= Spree::Order.find_by!(number: params[:order_id])
+        @order ||= Spree::Order.find_by!(number: order_id)
         authorize! :read, @order
       end
 

data/app/controllers/spree/api/shipments_controller.rb

@@ -6,6 +6,11 @@ module Spree
       before_filter :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
 
       def create
+        # TODO Can remove conditional here once deprecated #find_order is removed.
+        unless @order.present?
+          @order = Spree::Order.find_by!(number: params[:shipment][:order_id])
+          authorize! :read, @order
+        end
         authorize! :create, Shipment
         variant = Spree::Variant.find(params[:variant_id])
         quantity = params[:quantity].to_i
@@ -19,7 +24,11 @@ module Spree
       end
 
       def update
-        @shipment = @order.shipments.accessible_by(current_ability, :update).find_by!(number: params[:id])
+        if @order.present?
+          @shipment = @order.shipments.accessible_by(current_ability, :update).find_by!(number: params[:id])
+        else
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
+        end
 
         unlock = params[:shipment].delete(:unlock)
 
@@ -59,7 +68,7 @@ module Spree
         variant = Spree::Variant.find(params[:variant_id])
         quantity = params[:quantity].to_i
 
-        @order.contents.add(variant, quantity, nil, @shipment)
+        @shipment.order.contents.add(variant, quantity, nil, @shipment)
 
         respond_with(@shipment, default_template: :show)
       end
@@ -68,7 +77,7 @@ module Spree
         variant = Spree::Variant.find(params[:variant_id])
         quantity = params[:quantity].to_i
 
-        @order.contents.remove(variant, quantity, @shipment)
+        @shipment.order.contents.remove(variant, quantity, @shipment)
         @shipment.reload if @shipment.persisted?
         respond_with(@shipment, default_template: :show)
       end
@@ -76,12 +85,19 @@ module Spree
       private
 
       def find_order
-        @order = Spree::Order.find_by!(number: params[:order_id])
-        authorize! :read, @order
+        if params[:order_id].present?
+          ActiveSupport::Deprecation.warn "Spree::Api::ShipmentsController#find_order is deprecated and will be removed from Spree 2.3.x, access shipments directly without being nested to orders route instead.", caller
+          @order = Spree::Order.find_by!(number: params[:order_id])
+          authorize! :read, @order
+        end
       end
 
       def find_and_update_shipment
-        @shipment = @order.shipments.accessible_by(current_ability, :update).find_by!(number: params[:id])
+        if @order.present?
+          @shipment = @order.shipments.accessible_by(current_ability, :update).find_by!(number: params[:id])
+        else
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
+        end
         @shipment.update_attributes(shipment_params)
         @shipment.reload
       end

data/app/helpers/spree/api/api_helpers.rb

@@ -48,7 +48,7 @@ module Spree
       @@product_attributes = [
         :id, :name, :description, :price, :display_price, :available_on,
         :slug, :meta_description, :meta_keywords, :shipping_category_id,
-        :taxon_ids
+        :taxon_ids, :total_on_hand
       ]
 
       @@product_property_attributes = [
@@ -112,7 +112,7 @@ module Spree
       @@address_attributes = [
         :id, :firstname, :lastname, :full_name, :address1, :address2, :city,
         :zipcode, :phone, :company, :alternative_phone, :country_id, :state_id,
-        :state_name
+        :state_name, :state_text
       ]
 
       @@country_attributes = [:id, :iso_name, :iso, :iso3, :name, :numcode]
@@ -126,7 +126,7 @@ module Spree
       ]
 
       @@creditcard_attributes = [
-        :id, :month, :year, :cc_type, :last_digits, :first_name, :last_name,
+        :id, :month, :year, :cc_type, :last_digits, :name,
         :gateway_customer_profile_id, :gateway_payment_profile_id
       ]
 

data/app/views/spree/api/orders/order.v1.rabl

@@ -4,5 +4,6 @@ node(:display_item_total) { |o| o.display_item_total.to_s }
 node(:total_quantity) { |o| o.line_items.sum(:quantity) }
 node(:display_total) { |o| o.display_total.to_s }
 node(:display_ship_total) { |o| o.display_ship_total }
+node(:display_tax_total) { |o| o.display_tax_total }
 node(:token) { |o| o.token }
 node(:checkout_steps) { |o| o.checkout_steps }

data/config/routes.rb

@@ -15,33 +15,7 @@ Spree::Core::Engine.add_routes do
       resources :product_properties
     end
 
-    resources :checkouts do
-      member do
-        put :next
-        put :advance
-      end
-    end
-
-    resources :variants, :only => [:index, :show] do
-      resources :images
-    end
-
-    resources :option_types do
-      resources :option_values
-    end
-
-    get '/orders/mine', :to => 'orders#mine', :as => 'my_orders'
-
-    resources :orders do
-      resources :addresses, :only => [:show, :update]
-
-      resources :return_authorizations do
-        member do
-          put :add
-          put :cancel
-          put :receive
-        end
-      end
+    order_routes = lambda {
       member do
         put :cancel
         put :empty
@@ -58,7 +32,7 @@ Spree::Core::Engine.add_routes do
           put :credit
         end
       end
-
+      # TODO Remove after shipment api is no longer handled through order nesting.
       resources :shipments, :only => [:create, :update] do
         member do
           put :ready
@@ -67,10 +41,50 @@ Spree::Core::Engine.add_routes do
           put :remove
         end
       end
+
+      resources :addresses, :only => [:show, :update]
+
+      resources :return_authorizations do
+        member do
+          put :add
+          put :cancel
+          put :receive
+        end
+      end
+    }
+
+    resources :checkouts do
+      member do
+        put :next
+        put :advance
+      end
+      order_routes.call
     end
 
+    resources :variants, :only => [:index, :show] do
+      resources :images
+    end
+
+    resources :option_types do
+      resources :option_values
+    end
+
+    get '/orders/mine', :to => 'orders#mine', :as => 'my_orders'
+
+    resources :orders, &order_routes
+
     resources :zones
-    resources :countries, :only => [:index, :show]
+    resources :countries, :only => [:index, :show] do
+      resources :states, :only => [:index, :show]
+    end
+    resources :shipments, :only => [:create, :update] do
+      member do
+        put :ready
+        put :ship
+        put :add
+        put :remove
+      end
+    end
     resources :states,    :only => [:index, :show]
 
     resources :taxonomies do

data/lib/spree/api/engine.rb

@@ -9,6 +9,11 @@ module Spree
       Rabl.configure do |config|
         config.include_json_root = false
         config.include_child_root = false
+
+        # Motivation here it make it call as_json when rendering. Otherwise it
+        # would fall to JSON and get errors like the one described here https://github.com/spree/spree/issues/4589
+        # where Float::INFINITY would resolve to Infinite (invalid json) istead of null
+        config.json_engine = ActiveSupport::JSON
       end
 
       config.view_versions = [1]
@@ -31,5 +36,3 @@ module Spree
     end
   end
 end
-
-

data/spec/controllers/spree/api/checkouts_controller_spec.rb

@@ -173,7 +173,8 @@ module Spree
         order.update_column(:state, "payment")
         api_put :update, :id => order.to_param, :order_token => order.token,
           :order => { :payments_attributes => [{ :payment_method_id => @payment_method.id.to_s }],
-                      :payment_source => { @payment_method.id.to_s => { } } }
+                      :payment_source => { @payment_method.id.to_s => { name: "Spree" } } }
+
         response.status.should == 422
         cc_errors = json_response['errors']['payments.Credit Card']
         cc_errors.should include("Number can't be blank")

data/spec/controllers/spree/api/orders_controller_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'spree/testing_support/bar_ability'
 
 module Spree
   describe Api::OrdersController do
@@ -116,6 +117,20 @@ module Spree
       response.status.should == 200
     end
 
+    context "with BarAbility registered" do
+      before { Spree::Ability.register_ability(::BarAbility) }
+      after { Spree::Ability.remove_ability(::BarAbility) }
+
+      it "can view an order" do
+        user = mock_model(Spree::LegacyUser)
+        user.stub(:has_spree_role?).with('bar').and_return(true)
+        user.stub(:has_spree_role?).with('admin').and_return(false)
+        controller.stub try_spree_current_user: user
+        api_get :show, :id => order.to_param
+        response.status.should == 200
+      end
+    end
+
     it "cannot cancel an order that doesn't belong to them" do
       order.update_attribute(:completed_at, Time.now)
       order.update_attribute(:shipment_state, "ready")

data/spec/controllers/spree/api/products_controller_spec.rb

@@ -7,7 +7,7 @@ module Spree
 
     let!(:product) { create(:product) }
     let!(:inactive_product) { create(:product, :available_on => Time.now.tomorrow, :name => "inactive") }
-    let(:base_attributes) { [:id, :name, :description, :price, :display_price, :available_on, :slug, :meta_description, :meta_keywords, :shipping_category_id, :taxon_ids] }
+    let(:base_attributes) { Api::ApiHelpers.product_attributes }
     let(:show_attributes) { base_attributes.dup.push(:has_variants) }
     let(:new_attributes) { base_attributes }
 
@@ -166,6 +166,17 @@ module Spree
                                                                          :property_name])
       end
 
+      context "tracking is disabled" do
+        before { Config.track_inventory_levels = false }
+
+        it "still displays valid json with total on hand" do
+          api_get :show, :id => product.to_param
+          expect(response).to be_ok
+          expect(json_response[:total_on_hand]).to eq nil
+        end
+
+        after { Config.track_inventory_levels = true }
+      end
 
       context "finds a product by slug first then by id" do
         let!(:other_product) { create(:product, :slug => "these-are-not-the-droids-you-are-looking-for") }

data/spec/controllers/spree/api/shipments_controller_spec.rb

@@ -9,17 +9,17 @@ describe Spree::Api::ShipmentsController do
     stub_authentication!
   end
 
-  let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
+  let!(:resource_scoping) { { id: shipment.to_param, shipment: { order_id: shipment.order.to_param } } }
 
   context "as a non-admin" do
     it "cannot make a shipment ready" do
       api_put :ready
-      assert_unauthorized!
+      assert_not_found!
     end
 
     it "cannot make a shipment shipped" do
       api_put :ship
-      assert_unauthorized!
+      assert_not_found!
     end
   end
 
@@ -32,7 +32,7 @@ describe Spree::Api::ShipmentsController do
     it 'can create a new shipment' do
       params = {
         variant_id: stock_location.stock_items.first.variant.to_param,
-        order_id: order.number,
+        shipment: { order_id: order.number },
         stock_location_id: stock_location.to_param,
       }
 
@@ -70,7 +70,7 @@ describe Spree::Api::ShipmentsController do
 
     context 'for completed shipments' do
       let(:order) { create :completed_order_with_totals }
-      let!(:resource_scoping) { { :order_id => order.to_param, :id => order.shipments.first.to_param } }
+      let!(:resource_scoping) { { id: order.shipments.first.to_param, shipment: { order_id: order.to_param } } }
 
       it 'adds a variant to a shipment' do
         api_put :add, { variant_id: variant.to_param, quantity: 2 }
@@ -100,10 +100,21 @@ describe Spree::Api::ShipmentsController do
 
       it "can transition a shipment from ready to ship" do
         shipment.reload
-        api_put :ship, :order_id => shipment.order.to_param, :id => shipment.to_param, :shipment => { :tracking => "123123" }
+        api_put :ship, id: shipment.to_param, shipment: { tracking: "123123", order_id: shipment.order.to_param }
         json_response.should have_attributes(attributes)
         json_response["state"].should == "shipped"
       end
+
+      context 'DEPRECATED:' do
+        it "can transition a shipment from ready to ship" do
+          ActiveSupport::Deprecation.should_receive(:warn).once
+          shipment.reload
+          api_put :ship, order_id: shipment.order.to_param, id: shipment.to_param, shipment: { tracking: "123123" }
+          json_response.should have_attributes(attributes)
+          json_response["state"].should == "shipped"
+        end
+      end
+
     end
   end
 end

data/spec/controllers/spree/api/states_controller_spec.rb

@@ -17,6 +17,12 @@ module Spree
       json_response['states'].first['name'].should eq(state.name)
     end
 
+    it "gets all the states for a particular country" do
+      api_get :index, :country_id => state.country.id
+      json_response["states"].first.should have_attributes(attributes)
+      json_response['states'].first['name'].should eq(state.name)
+    end
+
     context "pagination" do
       before do
         State.should_receive(:accessible_by).and_return(@scope = double)

data/spec/requests/rabl_cache_spec.rb

@@ -14,7 +14,10 @@ describe "Rabl Cache", :caching => true do
     response.status.should == 200
 
     # Make sure we get a non master variant
-    variant_a = JSON.parse(response.body)['variants'].last
+    variant_a = JSON.parse(response.body)['variants'].select do |v|
+      !v['is_master']
+    end.first
+
     variant_a['is_master'].should be_false
     variant_a['stock_items'].should_not be_nil
 
@@ -26,4 +29,4 @@ describe "Rabl Cache", :caching => true do
     variant_a['id'].should == variant_b['id']
     variant_b['stock_items'].should be_nil
   end
-end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_api
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 2.2.2
 platform: ruby
 authors:
 - Ryan Bigg
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-25 00:00:00.000000000 Z
+date: 2014-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.1
+        version: 2.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.1
+        version: 2.2.2
 - !ruby/object:Gem::Dependency
   name: rabl
   requirement: !ruby/object:Gem::Requirement
@@ -254,7 +254,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.2.0
 signing_key: 
 specification_version: 4
 summary: Spree's API