RubyGems - spree_api - Versions diffs - 2.3.13 → 2.4.0.rc1 - Mend

spree_api 2.3.13 → 2.4.0.rc1

Files changed (77) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a66783ac8d7fc4ed56b7b502f4b06deac327c166
-  data.tar.gz: e3e18787faa84ccb9f866ebd3edc1fe60ed25680
+  metadata.gz: b3b9e15c2abfeee93d14700e5055bf2ea86fc4cd
+  data.tar.gz: 31c34775578e450511df02be8ac85f2413fd0459
 SHA512:
-  metadata.gz: 618499c336b0c81307853586db653855fa7657a23a0c18a88ce621419e2402bcf7f4eaa890466cdc2cefac1ddb11d7a5aa0c41094a7614064f54554f2b70caed
-  data.tar.gz: a22ce4bbbbbd21d6f2bb43745e357a3e3391f73b5e22c96508bf32d6fd8265ab3263d3a936eb6eeab6155efb324f24129b01e02e9e406f0954de45eb5772445f
+  metadata.gz: 180ab55ad82be69d4925ea1b56053cb3c2217de4ae5852dc4aecff6c235f544032bd08714c6d257984afbf36a47d28ac54dcc52be185eb800b3d741ea7cd06a3
+  data.tar.gz: 1bbc3ac9ec9e5b918c1aafb8de8438f474f64ec98ffee720ccd9846943b1a2920f7ca16e748fd4e5b8bd94b51c84227401dcb5efd9a8d9588122a4a359dd107b

data/CHANGELOG.md CHANGED Viewed

@@ -1,43 +1 @@
-## Spree 2.3.2 (unreleased) ##
-*   Support existing credit card feature on checkout.
-    Checkouts_controller#update now uses the same Order::Checkout#update_from_params
-    from spree frontend which help us to remove a lot of duplicated logic. As a
-    result of that `payment_source` params must be sent now outsite the `order` key.
-    Before you'd send a request like this:
-        ```ruby
-        api_put :update, :id => order.to_param, :order_token => order.guest_token,
-          :order => {
-            :payments_attributes => [{ :payment_method_id => @payment_method.id.to_s }],
-            :payment_source => { @payment_method.id.to_s => { name: "Spree" } }
-          }
-        ```
-    Now it should look like this:
-        ```ruby
-        api_put :update, :id => order.to_param, :order_token => order.guest_token,
-          :order => {
-            :payments_attributes => [{ :payment_method_id => @payment_method.id.to_s }]
-          },
-          :payment_source => {
-            @payment_method.id.to_s => { name: "Spree" }
-          }
-        ```
-    Josh Hepworth and Washington
-*   api/orders/show now display credit cards as source under payment
-    Washington Luiz
-*   refactor the api to use a general importer in core gem.
-    Peter Berkenbosch
-* Shipment manifests viewed within the context of an order no longer return variant info. The line items for the order already contains this information. #4498
-    * Ryan Bigg
+## Spree 2.4.0 (unreleased) ##

data/Gemfile CHANGED Viewed

@@ -1,5 +1,5 @@
 eval(File.read(File.dirname(__FILE__) + '/../common_spree_dependencies.rb'))
-gem 'spree_core', :path => "../core"
+gem 'spree_core', :path => '../core'
 gemspec

data/app/controllers/spree/api/addresses_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class AddressesController < Spree::Api::BaseController
-      before_filter :find_order
+      before_action :find_order
       def show
         authorize! :read, @order, order_token

data/app/controllers/spree/api/base_controller.rb CHANGED Viewed

@@ -10,11 +10,15 @@ module Spree
       attr_accessor :current_api_user
-      before_filter :set_content_type
-      before_filter :load_user
-      before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
-      before_filter :authenticate_user
-      before_filter :load_user_roles
+      class_attribute :error_notifier
+      before_action :set_content_type
+      before_action :load_user
+      before_action :authorize_for_order, if: Proc.new { order_token.present? }
+      before_action :authenticate_user
+      before_action :load_user_roles
+      after_filter  :set_jsonp_format
       rescue_from Exception, with: :error_during_processing
       rescue_from ActiveRecord::RecordNotFound, with: :not_found
@@ -25,6 +29,13 @@ module Spree
       ssl_allowed
+      def set_jsonp_format
+        if params[:callback] && request.get?
+          self.response_body = "#{params[:callback]}(#{response.body})"
+          headers["Content-Type"] = 'application/javascript'
+        end
+      end
       def map_nested_attributes_keys(klass, attributes)
         nested_keys = klass.nested_attributes_options.keys
         attributes.inject({}) do |h, (k,v)|
@@ -37,7 +48,7 @@ module Spree
       # users should be able to set price when importing orders via api
       def permitted_line_item_attributes
         if @current_user_roles.include?("admin")
-          super + [:price, :variant_id, :sku]
+          super << [:price, :variant_id, :sku]
         else
           super
         end
@@ -56,7 +67,7 @@ module Spree
       end
       def load_user
-        @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
+        @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
       end
       def authenticate_user
@@ -88,8 +99,10 @@ module Spree
         Rails.logger.error exception.message
         Rails.logger.error exception.backtrace.join("\n")
-        render text: { exception: exception.message }.to_json,
-          status: 422 and return
+        error_notifier.call(exception, self) if error_notifier
+        render :text => { :exception => exception.message }.to_json,
+          :status => 422 and return
       end
       def gateway_error(exception)

data/app/controllers/spree/api/checkouts_controller.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 module Spree
   module Api
     class CheckoutsController < Spree::Api::BaseController
-      before_filter :associate_user, only: :update
+      before_action :associate_user, only: :update
       include Spree::Core::ControllerHelpers::Auth
       include Spree::Core::ControllerHelpers::Order
       # This before_filter comes from Spree::Core::ControllerHelpers::Order
-      skip_before_filter :set_current_order
+      skip_before_action :set_current_order
       def next
         load_order(true)

data/app/controllers/spree/api/countries_controller.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 module Spree
   module Api
     class CountriesController < Spree::Api::BaseController
-      skip_before_filter :check_for_user_or_api_key
-      skip_before_filter :authenticate_user
+      skip_before_action :check_for_user_or_api_key
+      skip_before_action :authenticate_user
       def index
         @countries = Country.accessible_by(current_ability, :read).ransack(params[:q]).result.

data/app/controllers/spree/api/credit_cards_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class CreditCardsController < Spree::Api::BaseController
-      before_filter :user
+      before_action :user
       def index
         @credit_cards = user

data/app/controllers/spree/api/images_controller.rb CHANGED Viewed

@@ -2,6 +2,11 @@ module Spree
   module Api
     class ImagesController < Spree::Api::BaseController
+      def index
+        @images = scope.images.accessible_by(current_ability, :read)
+        respond_with(@images)
+      end
       def show
         @image = Image.accessible_by(current_ability, :read).find(params[:id])
         respond_with(@image)

data/app/controllers/spree/api/inventory_units_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class InventoryUnitsController < Spree::Api::BaseController
-      before_filter :prepare_event, :only => :update
+      before_action :prepare_event, only: :update
       def show
         @inventory_unit = inventory_unit

data/app/controllers/spree/api/line_items_controller.rb CHANGED Viewed

@@ -37,15 +37,15 @@ module Spree
         def find_line_item
           id = params[:id].to_i
-          order.line_items.detect {|line_item| line_item.id == id} or
-            raise ActiveRecord::RecordNotFound
+          order.line_items.detect { |line_item| line_item.id == id } or
+              raise ActiveRecord::RecordNotFound
         end
         def line_items_attributes
-          { line_items_attributes: {
-            id: params[:id],
-            quantity: params[:line_item][:quantity]
-          } }
+          {line_items_attributes: {
+              id: params[:id],
+              quantity: params[:line_item][:quantity]
+          }}
         end
         def line_item_params
@@ -53,4 +53,4 @@ module Spree
         end
     end
   end
-end
+end

data/app/controllers/spree/api/option_types_controller.rb CHANGED Viewed

@@ -3,9 +3,9 @@ module Spree
     class OptionTypesController < Spree::Api::BaseController
       def index
         if params[:ids]
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).where(:id => params[:ids].split(','))
         else
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).load.ransack(params[:q]).result
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).load.ransack(params[:q]).result
         end
         respond_with(@option_types)
       end

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -1,12 +1,10 @@
 module Spree
   module Api
     class OrdersController < Spree::Api::BaseController
-      wrap_parameters false
+      skip_before_action :check_for_user_or_api_key, only: :apply_coupon_code
+      skip_before_action :authenticate_user, only: :apply_coupon_code
-      skip_before_filter :check_for_user_or_api_key, only: :apply_coupon_code
-      skip_before_filter :authenticate_user, only: :apply_coupon_code
-      before_filter :find_order, except: [:create, :mine, :index, :update]
+      before_action :find_order, except: [:create, :mine, :current, :index, :update]
       # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
       Order.checkout_steps.keys.each do |step|
@@ -43,7 +41,7 @@ module Spree
       def empty
         authorize! :update, @order, order_token
         @order.empty!
-        render text: nil, status: 200
+        render text: nil, status: 204
       end
       def index
@@ -72,6 +70,15 @@ module Spree
         end
       end
+      def current
+        @order = find_current_order
+        if @order
+          respond_with(@order, default_template: :show, locals: { root_object: @order })
+        else
+          head :no_content
+        end
+      end
       def mine
         if current_api_user.persisted?
           @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
@@ -111,6 +118,10 @@ module Spree
           @order = Spree::Order.lock(lock).find_by!(number: params[:id])
         end
+        def find_current_order
+          current_api_user ? current_api_user.orders.incomplete.order(:created_at).last : nil
+        end
         def order_id
           super || params[:id]
         end

data/app/controllers/spree/api/payments_controller.rb CHANGED Viewed

@@ -2,8 +2,8 @@ module Spree
   module Api
     class PaymentsController < Spree::Api::BaseController
-      before_filter :find_order
-      before_filter :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void, :credit]
+      before_action :find_order
+      before_action :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void]
       def index
         @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
@@ -26,7 +26,7 @@ module Spree
       def update
         authorize! params[:action], @payment
-        if !@payment.editable?
+        if ! @payment.pending?
           render 'update_forbidden', status: 403
         elsif @payment.update_attributes(payment_params)
           respond_with(@payment, default_template: :show)
@@ -55,14 +55,6 @@ module Spree
         perform_payment_action(:void_transaction)
       end
-      def credit
-        if params[:amount].to_f > @payment.credit_allowed
-          render 'credit_over_limit', status: 422
-        else
-          perform_payment_action(:credit, params[:amount])
-        end
-      end
       private
         def find_order

data/app/controllers/spree/api/product_properties_controller.rb CHANGED Viewed

@@ -2,8 +2,8 @@ module Spree
   module Api
     class ProductPropertiesController < Spree::Api::BaseController
-      before_filter :find_product
-      before_filter :product_property, only: [:show, :update, :destroy]
+      before_action :find_product
+      before_action :product_property, only: [:show, :update, :destroy]
       def index
         @product_properties = @product.product_properties.accessible_by(current_ability, :read).

data/app/controllers/spree/api/promotions_controller.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module Spree
+  module Api
+    class PromotionsController < Spree::Api::BaseController
+      before_filter :requires_admin
+      before_filter :load_promotion
+      def show
+        if @promotion
+          respond_with(@promotion, default_template: :show)
+        else
+          raise ActiveRecord::RecordNotFound
+        end
+      end
+      private
+        def requires_admin
+          return if @current_user_roles.include?("admin")
+          unauthorized and return
+        end
+        def load_promotion
+          @promotion = Spree::Promotion.find_by_id(params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
+        end
+    end
+  end
+end

data/app/controllers/spree/api/properties_controller.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Spree
   module Api
     class PropertiesController < Spree::Api::BaseController
-      before_filter :find_property, only: [:show, :update, :destroy]
+      before_action :find_property, only: [:show, :update, :destroy]
       def index
         @properties = Spree::Property.accessible_by(current_ability, :read)

data/app/controllers/spree/api/return_authorizations_controller.rb CHANGED Viewed

@@ -45,16 +45,6 @@ module Spree
         end
       end
-      def add
-        @return_authorization = order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
-        @return_authorization.add_variant params[:variant_id].to_i, params[:quantity].to_i
-        if @return_authorization.valid?
-          respond_with @return_authorization, default_template: :show
-        else
-          invalid_resource!(@return_authorization)
-        end
-      end
       def receive
         @return_authorization = order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
         if @return_authorization.receive

data/app/controllers/spree/api/shipments_controller.rb CHANGED Viewed

@@ -2,7 +2,21 @@ module Spree
   module Api
     class ShipmentsController < Spree::Api::BaseController
-      before_filter :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
+      before_action :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
+      before_action :load_transfer_params, only: [:transfer_to_location, :transfer_to_shipment]
+      def mine
+        if current_api_user.persisted?
+          @shipments = Spree::Shipment
+            .reverse_chronological
+            .joins(:order)
+            .where(spree_orders: {user_id: current_api_user.id})
+            .includes(mine_includes)
+            .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        else
+          render "spree/api/errors/unauthorized", status: :unauthorized
+        end
+      end
       def create
         @order = Spree::Order.find_by!(number: params.fetch(:shipment).fetch(:order_id))
@@ -10,7 +24,7 @@ module Spree
         authorize! :create, Shipment
         quantity = params[:quantity].to_i
         @shipment = @order.shipments.create(stock_location_id: params.fetch(:stock_location_id))
-        @order.contents.add(variant, quantity, nil, @shipment)
+        @order.contents.add(variant, quantity, {shipment: @shipment})
         @shipment.save!
@@ -45,7 +59,7 @@ module Spree
       def add
         quantity = params[:quantity].to_i
-        @shipment.order.contents.add(variant, quantity, nil, @shipment)
+        @shipment.order.contents.add(variant, quantity, {shipment: @shipment})
         respond_with(@shipment, default_template: :show)
       end
@@ -53,13 +67,33 @@ module Spree
       def remove
         quantity = params[:quantity].to_i
-        @shipment.order.contents.remove(variant, quantity, @shipment)
+        @shipment.order.contents.remove(variant, quantity, {shipment: @shipment})
         @shipment.reload if @shipment.persisted?
         respond_with(@shipment, default_template: :show)
       end
+      def transfer_to_location
+        @stock_location = Spree::StockLocation.find(params[:stock_location_id])
+        @original_shipment.transfer_to_location(@variant, @quantity, @stock_location)
+        render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
+      end
+      def transfer_to_shipment
+        @target_shipment  = Spree::Shipment.find_by!(number: params[:target_shipment_number])
+        @original_shipment.transfer_to_shipment(@variant, @quantity, @target_shipment)
+        render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
+      end
       private
+      def load_transfer_params
+        @original_shipment         = Spree::Shipment.where(number: params[:original_shipment_number]).first
+        @variant                   = Spree::Variant.find(params[:variant_id])
+        @quantity                  = params[:quantity].to_i
+        authorize! :read, @original_shipment
+        authorize! :create, Shipment
+      end
       def find_and_update_shipment
         @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
         @shipment.update_attributes(shipment_params)
@@ -77,6 +111,39 @@ module Spree
       def variant
         @variant ||= Spree::Variant.unscoped.find(params.fetch(:variant_id))
       end
+      def mine_includes
+        {
+          order: {
+            bill_address: {
+              state: {},
+              country: {},
+            },
+            ship_address: {
+              state: {},
+              country: {},
+            },
+            adjustments: {},
+            payments: {
+              order: {},
+              payment_method: {},
+            },
+          },
+          inventory_units: {
+            line_item: {
+              product: {},
+              variant: {},
+            },
+            variant: {
+              product: {},
+              default_price: {},
+              option_values: {
+                option_type: {},
+              },
+            },
+          },
+        }
+      end
     end
   end
 end

data/app/controllers/spree/api/states_controller.rb CHANGED Viewed

@@ -1,9 +1,9 @@
 module Spree
   module Api
     class StatesController < Spree::Api::BaseController
-      skip_before_filter :set_expiry
-      skip_before_filter :check_for_user_or_api_key
-      skip_before_filter :authenticate_user
+      skip_before_action :set_expiry
+      skip_before_action :check_for_user_or_api_key
+      skip_before_action :authenticate_user
       def index
         @states = scope.ransack(params[:q]).result.

data/app/controllers/spree/api/stock_items_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class StockItemsController < Spree::Api::BaseController
-      before_filter :stock_location, except: [:update, :destroy]
+      before_action :stock_location, except: [:update, :destroy]
       def index
         @stock_items = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])

data/app/controllers/spree/api/stock_movements_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class StockMovementsController < Spree::Api::BaseController
-      before_filter :stock_location, except: [:update, :destroy]
+      before_action :stock_location, except: [:update, :destroy]
       def index
         authorize! :read, StockMovement

data/app/controllers/spree/api/taxons_controller.rb CHANGED Viewed

@@ -65,7 +65,7 @@ module Spree
         # Products#index does not do the sorting.
         taxon = Spree::Taxon.find(params[:id])
         @products = taxon.products.ransack(params[:q]).result
-        @products = @products.page(params[:page]).per(params[:per_page] || 500)
+        @products = @products.page(params[:page]).per(500 || params[:per_page])
         render "spree/api/products/index"
       end

data/app/controllers/spree/api/variants_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class VariantsController < Spree::Api::BaseController
-      before_filter :product
+      before_action :product
       def create
         authorize! :create, Variant
@@ -25,7 +25,6 @@ module Spree
       def index
         @variants = scope.includes({ option_values: :option_type }, :product, :default_price, :images, { stock_items: :stock_location })
           .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         respond_with(@variants)
       end

data/app/helpers/spree/api/api_helpers.rb CHANGED Viewed

@@ -21,13 +21,16 @@ module Spree
         :country_attributes,
         :state_attributes,
         :adjustment_attributes,
+        :inventory_unit_attributes,
+        :return_authorization_attributes,
         :creditcard_attributes,
         :payment_source_attributes,
         :user_attributes,
         :property_attributes,
         :stock_location_attributes,
         :stock_movement_attributes,
-        :stock_item_attributes
+        :stock_item_attributes,
+        :promotion_attributes
       ]
       mattr_reader *ATTRIBUTES
@@ -56,7 +59,7 @@ module Spree
       @@variant_attributes = [
         :id, :name, :sku, :price, :weight, :height, :width, :depth, :is_master,
-        :cost_price, :slug, :description, :track_inventory
+        :slug, :description, :track_inventory
       ]
       @@image_attributes = [
@@ -83,7 +86,7 @@ module Spree
       @@payment_attributes = [
         :id, :source_type, :source_id, :amount, :display_amount,
-        :payment_method_id, :state, :avs_response, :created_at,
+        :payment_method_id, :response_code, :state, :avs_response, :created_at,
         :updated_at
       ]
@@ -104,8 +107,7 @@ module Spree
       ]
       @@return_authorization_attributes = [
-        :id, :number, :state, :amount, :order_id, :reason, :created_at,
-        :updated_at
+        :id, :number, :state, :order_id, :memo, :created_at, :updated_at
       ]
       @@address_attributes = [
@@ -148,6 +150,18 @@ module Spree
         :id, :count_on_hand, :backorderable, :lock_version, :stock_location_id,
         :variant_id
       ]
+      @@promotion_attributes = [
+         :id, :name, :description, :expires_at, :starts_at, :type, :usage_limit, :match_policy, :code, :advertise, :path
+      ]
+      def variant_attributes
+        if @current_user_roles && @current_user_roles.include?("admin")
+          @@variant_attributes + [:cost_price]
+        else
+          @@variant_attributes
+        end
+      end
     end
   end
 end

data/app/views/spree/api/images/index.v1.rabl ADDED Viewed

@@ -0,0 +1,4 @@
+object false
+child(@images => :images) do
+  extends "spree/api/images/show"
+end

data/app/views/spree/api/products/show.v1.rabl CHANGED Viewed

@@ -1,8 +1,11 @@
 object @product
-cache [I18n.locale, current_currency, root_object]
+cache [I18n.locale, @current_user_roles.include?('admin'), current_currency, root_object]
 attributes *product_attributes
 node(:display_price) { |p| p.display_price.to_s }
 node(:has_variants) { |p| p.has_variants? }
 child :master => :master do
   extends "spree/api/variants/small"
 end

data/app/views/spree/api/promotions/handler.v1.rabl CHANGED Viewed

@@ -1,4 +1,5 @@
 object false
 node(:success) { @handler.success }
 node(:error) { @handler.error }
-node(:successful) { @handler.successful? }
+node(:successful) { @handler.successful? }
+node(:status_code) { @handler.status_code }