spree_api 2.2.14 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3bd604d7be8b5ce2ad7e836ea4b0780fb341ba8f
-  data.tar.gz: ae0288be52192b331e5c5fdb5d3669b6b4d52b9b
+  metadata.gz: f9382ec4d33c38fa47416c8870483987c4091d5b
+  data.tar.gz: 1ebe36b2b47efa8dea70bb402595b9ac4cee46a0
 SHA512:
-  metadata.gz: b7f5a27d73d130a2b44e2ba927dfa79b110ef821404e4494bfd9ce1703ce286dc605a1853552e5e906f2aca9f1fe2fa20531cbef4148722122a26182550ce9fd
-  data.tar.gz: cb40f75ca437a68f9f4d1d51d9f29910c903668fe16fde77f4ea1f46011140b1d40dec24072cbe04611f8edd8d707447c05d7bb08ed8f5b84cf281f687eddd52
+  metadata.gz: d4f4adc24185720919817b204e649d5d295f86ddfd9368becaf875780c868676dfaa1c9d8a6a70714d906679922829a32cf80ea2fcf43ec32509fecd0b4fae00
+  data.tar.gz: d8265a70d2d7dd78ddaf0aa7c006e32d3ee2d393b5b6beb4f08cec387c291c45fcc49a44102da52c5cc601598a061b76e39ada2e6f0cec052b62e1717134f3b7

data/CHANGELOG.md

@@ -1 +1,43 @@
-## Spree 2.2.5 (unreleased) ##
+## Spree 2.3.0 (unreleased) ##
+
+*   Support existing credit card feature on checkout.
+
+    Checkouts_controller#update now uses the same Order::Checkout#update_from_params
+    from spree frontend which help us to remove a lot of duplicated logic. As a
+    result of that `payment_source` params must be sent now outsite the `order` key.
+
+    Before you'd send a request like this:
+
+        ```ruby
+        api_put :update, :id => order.to_param, :order_token => order.guest_token,
+          :order => {
+            :payments_attributes => [{ :payment_method_id => @payment_method.id.to_s }],
+            :payment_source => { @payment_method.id.to_s => { name: "Spree" } }
+          }
+        ```
+
+    Now it should look like this:
+
+        ```ruby
+        api_put :update, :id => order.to_param, :order_token => order.guest_token,
+          :order => {
+            :payments_attributes => [{ :payment_method_id => @payment_method.id.to_s }]
+          },
+          :payment_source => {
+            @payment_method.id.to_s => { name: "Spree" }
+          }
+        ```
+
+    Josh Hepworth and Washington
+
+*   api/orders/show now display credit cards as source under payment
+
+    Washington Luiz
+
+*   refactor the api to use a general importer in core gem.
+
+    Peter Berkenbosch
+
+* Shipment manifests viewed within the context of an order no longer return variant info. The line items for the order already contains this information. #4498
+
+    * Ryan Bigg

data/app/controllers/spree/api/base_controller.rb

@@ -5,6 +5,7 @@ module Spree
     class BaseController < ActionController::Base
       include Spree::Api::ControllerSetup
       include Spree::Core::ControllerHelpers::SSL
+      include Spree::Core::ControllerHelpers::Store
       include Spree::Core::ControllerHelpers::StrongParameters
 
       attr_accessor :current_api_user
@@ -42,7 +43,7 @@ module Spree
       # users should be able to set price when importing orders via api
       def permitted_line_item_attributes
         if current_api_user.has_spree_role?("admin")
-          super + [:price, :variant_id, :sku]
+          super << [:price, :variant_id, :sku]
         else
           super
         end
@@ -61,7 +62,7 @@ module Spree
       end
 
       def load_user
-        @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
+        @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
       end
 
       def authenticate_user
@@ -129,27 +130,22 @@ module Spree
       end
 
       def product_scope
+        variants_associations = [{ option_values: :option_type }, :default_price, :prices, :images]
         if current_api_user.has_spree_role?("admin")
-          scope = Product.with_deleted.accessible_by(current_ability, :read).includes(*product_includes)
+          scope = Product.with_deleted.accessible_by(current_ability, :read)
+            .includes(:properties, :option_types, variants: variants_associations, master: variants_associations)
 
           unless params[:show_deleted]
             scope = scope.not_deleted
           end
         else
-          scope = Product.accessible_by(current_ability, :read).active.includes(*product_includes)
+          scope = Product.accessible_by(current_ability, :read).active
+            .includes(:properties, :option_types, variants: variants_associations, master: variants_associations)
         end
 
         scope
       end
 
-      def variants_associations
-        [{ option_values: :option_type }, :default_price, :images]
-      end
-
-      def product_includes
-        [ :option_types, variants: variants_associations, master: variants_associations ]
-      end
-
       def order_id
         params[:order_id] || params[:checkout_id] || params[:order_number]
       end

data/app/controllers/spree/api/checkouts_controller.rb

@@ -8,12 +8,6 @@ module Spree
       # This before_filter comes from Spree::Core::ControllerHelpers::Order
       skip_before_filter :set_current_order
 
-      def create
-        authorize! :create, Order
-        @order = Spree::Core::Importer::Order.import(current_api_user, nested_params)
-        respond_with(@order, default_template: 'spree/api/orders/show', status: 201)
-      end
-
       def next
         load_order(true)
         authorize! :update, @order, order_token
@@ -30,20 +24,15 @@ module Spree
         respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
       end
 
-      def show
-        redirect_to(api_order_path(params[:id]), status: 301)
-      end
-
       def update
         load_order(true)
         authorize! :update, @order, order_token
-        order_params = object_params
-        line_items = order_params.delete('line_items_attributes')
-        if @order.update_attributes(order_params)
-          @order.update_line_items(line_items)
+
+        if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
           if current_api_user.has_spree_role?('admin') && user_id.present?
             @order.associate_user!(Spree.user_class.find(user_id))
           end
+
           return if after_update_attributes
           state_callback(:after) if @order.next
           respond_with(@order, default_template: 'spree/api/orders/show')
@@ -53,41 +42,10 @@ module Spree
       end
 
       private
-        def object_params
-          modify_payment_attributes params[:order] || {}
-
-          protected_params = if params[:order]
-                               params.require(:order).permit(permitted_checkout_attributes)
-                             else
-                               {}
-                             end
-
-          map_nested_attributes_keys Order, protected_params
-        end
-
         def user_id
           params[:order][:user_id] if params[:order]
         end
 
-        # For payment step, filter order parameters to produce the expected
-        # nested attributes for a single payment and its source, discarding
-        # attributes for payment methods other than the one selected
-        #
-        # respond_to check is necessary due to issue described in #2910
-        def modify_payment_attributes(object_params)
-          if @order.has_checkout_step?('payment') && @order.payment?
-            if object_params[:payments_attributes].is_a?(Hash)
-              object_params[:payments_attributes] = [object_params[:payments_attributes]]
-            end
-            if object_params[:payment_source].present? && source_params = object_params.delete(:payment_source)[object_params[:payments_attributes].first[:payment_method_id].to_s]
-              object_params[:payments_attributes].first[:source_attributes] = source_params
-            end
-            if object_params[:payments_attributes]
-              object_params[:payments_attributes].first[:amount] = @order.total.to_s
-            end
-          end
-        end
-
         def nested_params
           map_nested_attributes_keys Order, params[:order] || {}
         end
@@ -105,10 +63,6 @@ module Spree
           state_callback(:before)
         end
 
-        def ip_address
-          ''
-        end
-
         def raise_insufficient_quantity
           respond_with(@order, default_template: 'spree/api/orders/insufficient_quantity')
         end
@@ -118,16 +72,8 @@ module Spree
           send(method_name) if respond_to?(method_name, true)
         end
 
-        def next!(options={})
-          if @order.valid? && @order.next
-            render 'spree/api/orders/show', status: options[:status] || 200
-          else
-            render 'spree/api/orders/could_not_transition', status: 422
-          end
-        end
-
         def after_update_attributes
-          if object_params && object_params[:coupon_code].present?
+          if nested_params && nested_params[:coupon_code].present?
             handler = PromotionHandler::Coupon.new(@order).apply
 
             if handler.error.present?

data/app/controllers/spree/api/inventory_units_controller.rb

@@ -5,7 +5,6 @@ module Spree
 
       def show
         @inventory_unit = inventory_unit
-        respond_with(@inventory_unit)
       end
 
       def update

data/app/controllers/spree/api/line_items_controller.rb

@@ -1,11 +1,12 @@
 module Spree
   module Api
     class LineItemsController < Spree::Api::BaseController
-
       def create
         variant = Spree::Variant.find(params[:line_item][:variant_id])
         @line_item = order.contents.add(variant, params[:line_item][:quantity] || 1)
+
         if @line_item.errors.empty?
+          @order.ensure_updated_shipments
           respond_with(@line_item, status: 201, default_template: :show)
         else
           invalid_resource!(@line_item)
@@ -15,7 +16,6 @@ module Spree
       def update
         @line_item = find_line_item
         if @order.contents.update_cart(line_items_attributes)
-          @order.ensure_updated_shipments
           @line_item.reload
           respond_with(@line_item, default_template: :show)
         else
@@ -27,11 +27,11 @@ module Spree
         @line_item = find_line_item
         variant = Spree::Variant.find(@line_item.variant_id)
         @order.contents.remove(variant, @line_item.quantity)
+        @order.ensure_updated_shipments
         respond_with(@line_item, status: 204)
       end
 
       private
-
         def order
           @order ||= Spree::Order.includes(:line_items).find_by!(number: order_id)
           authorize! :update, @order, order_token

data/app/controllers/spree/api/option_types_controller.rb

@@ -3,9 +3,9 @@ module Spree
     class OptionTypesController < Spree::Api::BaseController
       def index
         if params[:ids]
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).where(:id => params[:ids].split(','))
         else
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).load.ransack(params[:q]).result
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).load.ransack(params[:q]).result
         end
         respond_with(@option_types)
       end

data/app/controllers/spree/api/orders_controller.rb

@@ -1,11 +1,11 @@
 module Spree
   module Api
     class OrdersController < Spree::Api::BaseController
-      wrap_parameters false
-
       skip_before_filter :check_for_user_or_api_key, only: :apply_coupon_code
       skip_before_filter :authenticate_user, only: :apply_coupon_code
 
+      before_filter :find_order, except: [:create, :mine, :index, :update]
+
       # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
       Order.checkout_steps.keys.each do |step|
         define_method step do
@@ -15,10 +15,9 @@ module Spree
       end
 
       def cancel
-        find_order
         authorize! :update, @order, params[:token]
         @order.cancel!
-        respond_with(@order, :default_template => :show)
+        render :show
       end
 
       def create
@@ -28,10 +27,8 @@ module Spree
       end
 
       def empty
-        find_order
         authorize! :update, @order, order_token
         @order.empty!
-        @order.update!
         render text: nil, status: 200
       end
 
@@ -42,7 +39,6 @@ module Spree
       end
 
       def show
-        find_order
         authorize! :show, @order, order_token
         method = "before_#{@order.state}"
         send(method) if respond_to?(method, true)
@@ -52,16 +48,12 @@ module Spree
       def update
         find_order(true)
         authorize! :update, @order, order_token
-        # Parsing line items through as an update_attributes call in the API will result in
-        # many line items for the same variant_id being created. We must be smarter about this,
-        # hence the use of the update_line_items method, defined within order_decorator.rb.
-        order_params.delete("line_items_attributes")
-        if @order.update_attributes(order_params)
-
-          deal_with_line_items if params[:order][:line_items]
 
-          @order.line_items.reload
-          @order.update!
+        if @order.contents.update_cart(order_params)
+          user_id = params[:order][:user_id]
+          if current_api_user.has_spree_role?('admin') && user_id
+            @order.associate_user!(Spree.user_class.find(user_id))
+          end
           respond_with(@order, default_template: :show)
         else
           invalid_resource!(@order)
@@ -70,7 +62,7 @@ module Spree
 
       def mine
         if current_api_user.persisted?
-          @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          @orders = current_api_user.orders.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         else
           render "spree/api/errors/unauthorized", status: :unauthorized
         end
@@ -86,15 +78,6 @@ module Spree
       end
 
       private
-        def deal_with_line_items
-          line_item_attributes = params[:order][:line_items]
-          line_item_attributes.each_key do |key|
-            # need to call .to_hash to make sure Rails 4's strong parameters don't bite
-            line_item_attributes[key] = line_item_attributes[key].slice(*permitted_line_item_attributes).to_hash
-          end
-          @order.update_line_items(line_item_attributes)
-        end
-
         def order_params
           if params[:order]
             params[:order][:payments_attributes] = params[:order][:payments] if params[:order][:payments]
@@ -111,7 +94,7 @@ module Spree
 
         def permitted_order_attributes
           if current_api_user.has_spree_role? "admin"
-            super + admin_order_attributes
+            super << admin_order_attributes
           else
             super
           end
@@ -119,7 +102,7 @@ module Spree
 
         def permitted_shipment_attributes
           if current_api_user.has_spree_role? "admin"
-            super + admin_shipment_attributes
+            super << admin_shipment_attributes
           else
             super
           end
@@ -133,14 +116,6 @@ module Spree
           [:import, :number, :completed_at, :locked_at, :channel]
         end
 
-        def next!(options={})
-          if @order.valid? && @order.next
-            render :show, status: options[:status] || 200
-          else
-            render :could_not_transition, status: 422
-          end
-        end
-
         def find_order(lock = false)
           @order = Spree::Order.lock(lock).find_by!(number: params[:id])
         end

data/app/controllers/spree/api/payments_controller.rb

@@ -11,7 +11,7 @@ module Spree
       end
 
       def new
-        @payment_methods = Spree::PaymentMethod.available
+        @payment_methods = Spree::PaymentMethod.where(environment: Rails.env)
         respond_with(@payment_method)
       end
 
@@ -67,7 +67,7 @@ module Spree
 
         def find_order
           @order = Spree::Order.find_by(number: order_id)
-          authorize! :read, @order, order_token
+          authorize! :read, @order
         end
 
         def find_payment

data/app/controllers/spree/api/products_controller.rb

@@ -12,7 +12,6 @@ module Spree
         @products = @products.distinct.page(params[:page]).per(params[:per_page])
         expires_in 15.minutes, :public => true
         headers['Surrogate-Control'] = "max-age=#{15.minutes}"
-        respond_with(@products)
       end
 
       def show
@@ -20,7 +19,6 @@ module Spree
         expires_in 15.minutes, :public => true
         headers['Surrogate-Control'] = "max-age=#{15.minutes}"
         headers['Surrogate-Key'] = "product_id=1"
-        respond_with(@product)
       end
 
       # Takes besides the products attributes either an array of variants or
@@ -61,22 +59,10 @@ module Spree
         params[:product][:available_on] ||= Time.now
         set_up_shipping_category
 
-        @product = Product.new(product_params)
-        if @product.save
-          variants_params.each do |variant_attribute|
-            # make sure the product is assigned before the options=
-            @product.variants.create({ product: @product }.merge(variant_attribute))
-          end
-
-          option_types_params.each do |name|
-            option_type = OptionType.where(name: name).first_or_initialize do |option_type|
-              option_type.presentation = name
-              option_type.save!
-            end
-
-            @product.option_types << option_type unless @product.option_types.include?(option_type)
-          end
+        options = { variants_attrs: variants_params, options_attrs: option_types_params }
+        @product = Core::Importer::Product.new(nil, product_params, options).create
 
+        if @product.persisted?
           respond_with(@product, :status => 201, :default_template => :show)
         else
           invalid_resource!(@product)
@@ -87,26 +73,10 @@ module Spree
         @product = find_product(params[:id])
         authorize! :update, @product
 
-        if @product.update_attributes(product_params)
-          variants_params.each do |variant_attribute|
-            # update the variant if the id is present in the payload
-            if variant_attribute['id'].present?
-              @product.variants.find(variant_attribute['id'].to_i).update_attributes(variant_attribute)
-            else
-              # make sure the product is assigned before the options=
-              @product.variants.create({ product: @product }.merge(variant_attribute))
-            end
-          end
-
-          option_types_params.each do |name|
-            option_type = OptionType.where(name: name).first_or_initialize do |option_type|
-              option_type.presentation = name
-              option_type.save!
-            end
-
-            @product.option_types << option_type unless @product.option_types.include?(option_type)
-          end
+        options = { variants_attrs: variants_params, options_attrs: option_types_params }
+        @product = Core::Importer::Product.new(@product, product_params, options).update
 
+        if @product.errors.empty?
           respond_with(@product.reload, :status => 200, :default_template => :show)
         else
           invalid_resource!(@product)

data/app/controllers/spree/api/shipments_controller.rb

@@ -2,34 +2,27 @@ module Spree
   module Api
     class ShipmentsController < Spree::Api::BaseController
 
-      before_filter :find_order
       before_filter :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
 
       def create
-        # TODO Can remove conditional here once deprecated #find_order is removed.
-        unless @order.present?
-          @order = Spree::Order.find_by!(number: params[:shipment][:order_id])
-          authorize! :read, @order
-        end
+        @order = Spree::Order.find_by!(number: params[:shipment][:order_id])
+        authorize! :read, @order
         authorize! :create, Shipment
         variant = Spree::Variant.find(params[:variant_id])
         quantity = params[:quantity].to_i
         @shipment = @order.shipments.create(stock_location_id: params[:stock_location_id])
         @order.contents.add(variant, quantity, nil, @shipment)
 
+        @shipment.refresh_rates
         @shipment.save!
 
         respond_with(@shipment.reload, default_template: :show)
       end
 
       def update
-        if @order.present?
-          @shipment = @order.shipments.accessible_by(current_ability, :update).find_by!(number: params[:id])
-        else
-          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
-        end
-
+        @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
         @shipment.update_attributes_and_order(shipment_params)
+
         respond_with(@shipment.reload, default_template: :show)
       end
 
@@ -71,20 +64,8 @@ module Spree
 
       private
 
-      def find_order
-        if params[:order_id].present?
-          ActiveSupport::Deprecation.warn "Spree::Api::ShipmentsController#find_order is deprecated and will be removed from Spree 2.3.x, access shipments directly without being nested to orders route instead.", caller
-          @order = Spree::Order.find_by!(number: params[:order_id])
-          authorize! :read, @order
-        end
-      end
-
       def find_and_update_shipment
-        if @order.present?
-          @shipment = @order.shipments.accessible_by(current_ability, :update).find_by!(number: params[:id])
-        else
-          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
-        end
+        @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
         @shipment.update_attributes(shipment_params)
         @shipment.reload
       end

data/app/controllers/spree/api/taxonomies_controller.rb

@@ -3,15 +3,11 @@ module Spree
     class TaxonomiesController < Spree::Api::BaseController
 
       def index
-        @taxonomies = Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
-                      ransack(params[:q]).result.
-                      page(params[:page]).per(params[:per_page])
-        respond_with(@taxonomies)
+        respond_with(taxonomies)
       end
 
       def show
-        @taxonomy = Taxonomy.accessible_by(current_ability, :read).find(params[:id])
-        respond_with(@taxonomy)
+        respond_with(taxonomy)
       end
 
       # Because JSTree wants parameters in a *slightly* different format
@@ -46,6 +42,12 @@ module Spree
 
       private
 
+      def taxonomies
+        @taxonomies = Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
+                      ransack(params[:q]).result.
+                      page(params[:page]).per(params[:per_page])
+      end
+
       def taxonomy
         @taxonomy ||= Taxonomy.accessible_by(current_ability, :read).find(params[:id])
       end

data/app/controllers/spree/api/taxons_controller.rb

@@ -65,7 +65,7 @@ module Spree
         # Products#index does not do the sorting.
         taxon = Spree::Taxon.find(params[:id])
         @products = taxon.products.ransack(params[:q]).result
-        @products = @products.page(params[:page]).per(params[:per_page] || 500)
+        @products = @products.page(params[:page]).per(500 || params[:per_page])
         render "spree/api/products/index"
       end
 

data/app/controllers/spree/api/variants_controller.rb

@@ -1,7 +1,6 @@
 module Spree
   module Api
     class VariantsController < Spree::Api::BaseController
-
       before_filter :product
 
       def create
@@ -20,9 +19,13 @@ module Spree
         respond_with(@variant, status: 204)
       end
 
+      # The lazyloaded associations here are pretty much attached to which nodes
+      # we render on the view so we better update it any time a node is included
+      # or removed from the views.
       def index
-        @variants = scope.includes(:option_values).ransack(params[:q]).result.
-          page(params[:page]).per(params[:per_page])
+        @variants = scope.includes({ option_values: :option_type }, :product, :default_price, :images, { stock_items: :stock_location })
+          .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+
         respond_with(@variants)
       end
 
@@ -30,7 +33,8 @@ module Spree
       end
 
       def show
-        @variant = scope.includes(:option_values).find(params[:id])
+        @variant = scope.includes({ option_values: :option_type }, :option_values, :product, :default_price, :images, { stock_items: :stock_location })
+          .find(params[:id])
         respond_with(@variant)
       end
 
@@ -44,29 +48,22 @@ module Spree
       end
 
       private
-
         def product
           @product ||= Spree::Product.accessible_by(current_ability, :read).friendly.find(params[:product_id]) if params[:product_id]
         end
 
         def scope
           if @product
-            unless current_api_user.has_spree_role?('admin') || params[:show_deleted]
-              variants = @product.variants_including_master.accessible_by(current_ability, :read)
-            else
-              variants = @product.variants_including_master.with_deleted.accessible_by(current_ability, :read)
-            end
+            variants = @product.variants_including_master
           else
-            variants = Variant.accessible_by(current_ability, :read)
-            if current_api_user.has_spree_role?('admin')
-              unless params[:show_deleted]
-                variants = Variant.accessible_by(current_ability, :read).active
-              end
-            else
-              variants = variants.active
-            end
+            variants = Variant
           end
-          variants
+
+          if current_ability.can?(:manage, Variant) && params[:show_deleted]
+            variants = variants.with_deleted
+          end
+
+          variants.accessible_by(current_ability, :read)
         end
 
         def variant_params