RubyGems - spree_api - Versions diffs - 2.3.13 → 2.4.0.rc1 - Mend

spree_api 2.3.13 → 2.4.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a66783ac8d7fc4ed56b7b502f4b06deac327c166
-  data.tar.gz: e3e18787faa84ccb9f866ebd3edc1fe60ed25680
+  metadata.gz: b3b9e15c2abfeee93d14700e5055bf2ea86fc4cd
+  data.tar.gz: 31c34775578e450511df02be8ac85f2413fd0459
 SHA512:
-  metadata.gz: 618499c336b0c81307853586db653855fa7657a23a0c18a88ce621419e2402bcf7f4eaa890466cdc2cefac1ddb11d7a5aa0c41094a7614064f54554f2b70caed
-  data.tar.gz: a22ce4bbbbbd21d6f2bb43745e357a3e3391f73b5e22c96508bf32d6fd8265ab3263d3a936eb6eeab6155efb324f24129b01e02e9e406f0954de45eb5772445f
+  metadata.gz: 180ab55ad82be69d4925ea1b56053cb3c2217de4ae5852dc4aecff6c235f544032bd08714c6d257984afbf36a47d28ac54dcc52be185eb800b3d741ea7cd06a3
+  data.tar.gz: 1bbc3ac9ec9e5b918c1aafb8de8438f474f64ec98ffee720ccd9846943b1a2920f7ca16e748fd4e5b8bd94b51c84227401dcb5efd9a8d9588122a4a359dd107b

data/CHANGELOG.md CHANGED Viewed

@@ -1,43 +1 @@
-## Spree 2.3.2 (unreleased) ##
-*   Support existing credit card feature on checkout.
-    Checkouts_controller#update now uses the same Order::Checkout#update_from_params
-    from spree frontend which help us to remove a lot of duplicated logic. As a
-    result of that `payment_source` params must be sent now outsite the `order` key.
-    Before you'd send a request like this:
-        ```ruby
-        api_put :update, :id => order.to_param, :order_token => order.guest_token,
-          :order => {
-            :payments_attributes => [{ :payment_method_id => @payment_method.id.to_s }],
-            :payment_source => { @payment_method.id.to_s => { name: "Spree" } }
-          }
-        ```
-    Now it should look like this:
-        ```ruby
-        api_put :update, :id => order.to_param, :order_token => order.guest_token,
-          :order => {
-            :payments_attributes => [{ :payment_method_id => @payment_method.id.to_s }]
-          },
-          :payment_source => {
-            @payment_method.id.to_s => { name: "Spree" }
-          }
-        ```
-    Josh Hepworth and Washington
-*   api/orders/show now display credit cards as source under payment
-    Washington Luiz
-*   refactor the api to use a general importer in core gem.
-    Peter Berkenbosch
-* Shipment manifests viewed within the context of an order no longer return variant info. The line items for the order already contains this information. #4498
-    * Ryan Bigg
+## Spree 2.4.0 (unreleased) ##

data/Gemfile CHANGED Viewed

@@ -1,5 +1,5 @@
 eval(File.read(File.dirname(__FILE__) + '/../common_spree_dependencies.rb'))
-gem 'spree_core', :path => "../core"
+gem 'spree_core', :path => '../core'
 gemspec

data/app/controllers/spree/api/addresses_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class AddressesController < Spree::Api::BaseController
-      before_filter :find_order
+      before_action :find_order
       def show
         authorize! :read, @order, order_token

data/app/controllers/spree/api/base_controller.rb CHANGED Viewed

@@ -10,11 +10,15 @@ module Spree
       attr_accessor :current_api_user
-      before_filter :set_content_type
-      before_filter :load_user
-      before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
-      before_filter :authenticate_user
-      before_filter :load_user_roles
+      class_attribute :error_notifier
+      before_action :set_content_type
+      before_action :load_user
+      before_action :authorize_for_order, if: Proc.new { order_token.present? }
+      before_action :authenticate_user
+      before_action :load_user_roles
+      after_filter  :set_jsonp_format
       rescue_from Exception, with: :error_during_processing
       rescue_from ActiveRecord::RecordNotFound, with: :not_found
@@ -25,6 +29,13 @@ module Spree
       ssl_allowed
+      def set_jsonp_format
+        if params[:callback] && request.get?
+          self.response_body = "#{params[:callback]}(#{response.body})"
+          headers["Content-Type"] = 'application/javascript'
+        end
+      end
       def map_nested_attributes_keys(klass, attributes)
         nested_keys = klass.nested_attributes_options.keys
         attributes.inject({}) do |h, (k,v)|
@@ -37,7 +48,7 @@ module Spree
       # users should be able to set price when importing orders via api
       def permitted_line_item_attributes
         if @current_user_roles.include?("admin")
-          super + [:price, :variant_id, :sku]
+          super << [:price, :variant_id, :sku]
         else
           super
         end
@@ -56,7 +67,7 @@ module Spree
       end
       def load_user
-        @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
+        @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
       end
       def authenticate_user
@@ -88,8 +99,10 @@ module Spree
         Rails.logger.error exception.message
         Rails.logger.error exception.backtrace.join("\n")
-        render text: { exception: exception.message }.to_json,
-          status: 422 and return
+        error_notifier.call(exception, self) if error_notifier
+        render :text => { :exception => exception.message }.to_json,
+          :status => 422 and return
       end
       def gateway_error(exception)

data/app/controllers/spree/api/checkouts_controller.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 module Spree
   module Api
     class CheckoutsController < Spree::Api::BaseController
-      before_filter :associate_user, only: :update
+      before_action :associate_user, only: :update
       include Spree::Core::ControllerHelpers::Auth
       include Spree::Core::ControllerHelpers::Order
       # This before_filter comes from Spree::Core::ControllerHelpers::Order
-      skip_before_filter :set_current_order
+      skip_before_action :set_current_order
       def next
         load_order(true)

data/app/controllers/spree/api/countries_controller.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 module Spree
   module Api
     class CountriesController < Spree::Api::BaseController
-      skip_before_filter :check_for_user_or_api_key
-      skip_before_filter :authenticate_user
+      skip_before_action :check_for_user_or_api_key
+      skip_before_action :authenticate_user
       def index
         @countries = Country.accessible_by(current_ability, :read).ransack(params[:q]).result.

data/app/controllers/spree/api/credit_cards_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class CreditCardsController < Spree::Api::BaseController
-      before_filter :user
+      before_action :user
       def index
         @credit_cards = user

data/app/controllers/spree/api/images_controller.rb CHANGED Viewed

@@ -2,6 +2,11 @@ module Spree
   module Api
     class ImagesController < Spree::Api::BaseController
+      def index
+        @images = scope.images.accessible_by(current_ability, :read)
+        respond_with(@images)
+      end
       def show
         @image = Image.accessible_by(current_ability, :read).find(params[:id])
         respond_with(@image)

data/app/controllers/spree/api/inventory_units_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class InventoryUnitsController < Spree::Api::BaseController
-      before_filter :prepare_event, :only => :update
+      before_action :prepare_event, only: :update
       def show
         @inventory_unit = inventory_unit

data/app/controllers/spree/api/line_items_controller.rb CHANGED Viewed

@@ -37,15 +37,15 @@ module Spree
         def find_line_item
           id = params[:id].to_i
-          order.line_items.detect {|line_item| line_item.id == id} or
-            raise ActiveRecord::RecordNotFound
+          order.line_items.detect { |line_item| line_item.id == id } or
+              raise ActiveRecord::RecordNotFound
         end
         def line_items_attributes
-          { line_items_attributes: {
-            id: params[:id],
-            quantity: params[:line_item][:quantity]
-          } }
+          {line_items_attributes: {
+              id: params[:id],
+              quantity: params[:line_item][:quantity]
+          }}
         end
         def line_item_params
@@ -53,4 +53,4 @@ module Spree
         end
     end
   end
-end
+end

data/app/controllers/spree/api/option_types_controller.rb CHANGED Viewed

@@ -3,9 +3,9 @@ module Spree
     class OptionTypesController < Spree::Api::BaseController
       def index
         if params[:ids]
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).where(:id => params[:ids].split(','))
         else
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).load.ransack(params[:q]).result
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).load.ransack(params[:q]).result
         end
         respond_with(@option_types)
       end

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -1,12 +1,10 @@
 module Spree
   module Api
     class OrdersController < Spree::Api::BaseController
-      wrap_parameters false
+      skip_before_action :check_for_user_or_api_key, only: :apply_coupon_code
+      skip_before_action :authenticate_user, only: :apply_coupon_code
-      skip_before_filter :check_for_user_or_api_key, only: :apply_coupon_code
-      skip_before_filter :authenticate_user, only: :apply_coupon_code
-      before_filter :find_order, except: [:create, :mine, :index, :update]
+      before_action :find_order, except: [:create, :mine, :current, :index, :update]
       # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
       Order.checkout_steps.keys.each do |step|
@@ -43,7 +41,7 @@ module Spree
       def empty
         authorize! :update, @order, order_token
         @order.empty!
-        render text: nil, status: 200
+        render text: nil, status: 204
       end
       def index
@@ -72,6 +70,15 @@ module Spree
         end
       end
+      def current
+        @order = find_current_order
+        if @order
+          respond_with(@order, default_template: :show, locals: { root_object: @order })
+        else
+          head :no_content
+        end
+      end
       def mine
         if current_api_user.persisted?
           @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
@@ -111,6 +118,10 @@ module Spree
           @order = Spree::Order.lock(lock).find_by!(number: params[:id])
         end
+        def find_current_order
+          current_api_user ? current_api_user.orders.incomplete.order(:created_at).last : nil
+        end
         def order_id
           super || params[:id]
         end

data/app/controllers/spree/api/payments_controller.rb CHANGED Viewed

@@ -2,8 +2,8 @@ module Spree
   module Api
     class PaymentsController < Spree::Api::BaseController
-      before_filter :find_order
-      before_filter :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void, :credit]
+      before_action :find_order
+      before_action :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void]
       def index
         @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
@@ -26,7 +26,7 @@ module Spree
       def update
         authorize! params[:action], @payment
-        if !@payment.editable?
+        if ! @payment.pending?
           render 'update_forbidden', status: 403
         elsif @payment.update_attributes(payment_params)
           respond_with(@payment, default_template: :show)
@@ -55,14 +55,6 @@ module Spree
         perform_payment_action(:void_transaction)
       end
-      def credit
-        if params[:amount].to_f > @payment.credit_allowed
-          render 'credit_over_limit', status: 422
-        else
-          perform_payment_action(:credit, params[:amount])
-        end
-      end
       private
         def find_order

data/app/controllers/spree/api/product_properties_controller.rb CHANGED Viewed

@@ -2,8 +2,8 @@ module Spree
   module Api
     class ProductPropertiesController < Spree::Api::BaseController
-      before_filter :find_product
-      before_filter :product_property, only: [:show, :update, :destroy]
+      before_action :find_product
+      before_action :product_property, only: [:show, :update, :destroy]
       def index
         @product_properties = @product.product_properties.accessible_by(current_ability, :read).

data/app/controllers/spree/api/promotions_controller.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module Spree
+  module Api
+    class PromotionsController < Spree::Api::BaseController
+      before_filter :requires_admin
+      before_filter :load_promotion
+      def show
+        if @promotion
+          respond_with(@promotion, default_template: :show)
+        else
+          raise ActiveRecord::RecordNotFound
+        end
+      end
+      private
+        def requires_admin
+          return if @current_user_roles.include?("admin")
+          unauthorized and return
+        end
+        def load_promotion
+          @promotion = Spree::Promotion.find_by_id(params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
+        end
+    end
+  end
+end

data/app/controllers/spree/api/properties_controller.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Spree
   module Api
     class PropertiesController < Spree::Api::BaseController
-      before_filter :find_property, only: [:show, :update, :destroy]
+      before_action :find_property, only: [:show, :update, :destroy]
       def index
         @properties = Spree::Property.accessible_by(current_ability, :read)

data/app/controllers/spree/api/return_authorizations_controller.rb CHANGED Viewed

@@ -45,16 +45,6 @@ module Spree
         end
       end
-      def add
-        @return_authorization = order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
-        @return_authorization.add_variant params[:variant_id].to_i, params[:quantity].to_i
-        if @return_authorization.valid?
-          respond_with @return_authorization, default_template: :show
-        else
-          invalid_resource!(@return_authorization)
-        end
-      end
       def receive
         @return_authorization = order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
         if @return_authorization.receive

data/app/controllers/spree/api/shipments_controller.rb CHANGED Viewed

@@ -2,7 +2,21 @@ module Spree
   module Api
     class ShipmentsController < Spree::Api::BaseController
-      before_filter :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
+      before_action :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
+      before_action :load_transfer_params, only: [:transfer_to_location, :transfer_to_shipment]
+      def mine
+        if current_api_user.persisted?
+          @shipments = Spree::Shipment
+            .reverse_chronological
+            .joins(:order)
+            .where(spree_orders: {user_id: current_api_user.id})
+            .includes(mine_includes)
+            .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        else
+          render "spree/api/errors/unauthorized", status: :unauthorized
+        end
+      end
       def create
         @order = Spree::Order.find_by!(number: params.fetch(:shipment).fetch(:order_id))
@@ -10,7 +24,7 @@ module Spree
         authorize! :create, Shipment
         quantity = params[:quantity].to_i
         @shipment = @order.shipments.create(stock_location_id: params.fetch(:stock_location_id))
-        @order.contents.add(variant, quantity, nil, @shipment)
+        @order.contents.add(variant, quantity, {shipment: @shipment})
         @shipment.save!
@@ -45,7 +59,7 @@ module Spree
       def add
         quantity = params[:quantity].to_i
-        @shipment.order.contents.add(variant, quantity, nil, @shipment)
+        @shipment.order.contents.add(variant, quantity, {shipment: @shipment})
         respond_with(@shipment, default_template: :show)
       end
@@ -53,13 +67,33 @@ module Spree
       def remove
         quantity = params[:quantity].to_i
-        @shipment.order.contents.remove(variant, quantity, @shipment)
+        @shipment.order.contents.remove(variant, quantity, {shipment: @shipment})
         @shipment.reload if @shipment.persisted?
         respond_with(@shipment, default_template: :show)
       end
+      def transfer_to_location
+        @stock_location = Spree::StockLocation.find(params[:stock_location_id])
+        @original_shipment.transfer_to_location(@variant, @quantity, @stock_location)
+        render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
+      end
+      def transfer_to_shipment
+        @target_shipment  = Spree::Shipment.find_by!(number: params[:target_shipment_number])
+        @original_shipment.transfer_to_shipment(@variant, @quantity, @target_shipment)
+        render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
+      end
       private
+      def load_transfer_params
+        @original_shipment         = Spree::Shipment.where(number: params[:original_shipment_number]).first
+        @variant                   = Spree::Variant.find(params[:variant_id])
+        @quantity                  = params[:quantity].to_i
+        authorize! :read, @original_shipment
+        authorize! :create, Shipment
+      end
       def find_and_update_shipment
         @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
         @shipment.update_attributes(shipment_params)
@@ -77,6 +111,39 @@ module Spree
       def variant
         @variant ||= Spree::Variant.unscoped.find(params.fetch(:variant_id))
       end
+      def mine_includes
+        {
+          order: {
+            bill_address: {
+              state: {},
+              country: {},
+            },
+            ship_address: {
+              state: {},
+              country: {},
+            },
+            adjustments: {},
+            payments: {
+              order: {},
+              payment_method: {},
+            },
+          },
+          inventory_units: {
+            line_item: {
+              product: {},
+              variant: {},
+            },
+            variant: {
+              product: {},
+              default_price: {},
+              option_values: {
+                option_type: {},
+              },
+            },
+          },
+        }
+      end
     end
   end
 end

data/app/controllers/spree/api/states_controller.rb CHANGED Viewed

@@ -1,9 +1,9 @@
 module Spree
   module Api
     class StatesController < Spree::Api::BaseController
-      skip_before_filter :set_expiry
-      skip_before_filter :check_for_user_or_api_key
-      skip_before_filter :authenticate_user
+      skip_before_action :set_expiry
+      skip_before_action :check_for_user_or_api_key
+      skip_before_action :authenticate_user
       def index
         @states = scope.ransack(params[:q]).result.

data/app/controllers/spree/api/stock_items_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class StockItemsController < Spree::Api::BaseController
-      before_filter :stock_location, except: [:update, :destroy]
+      before_action :stock_location, except: [:update, :destroy]
       def index
         @stock_items = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])

data/app/controllers/spree/api/stock_movements_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class StockMovementsController < Spree::Api::BaseController
-      before_filter :stock_location, except: [:update, :destroy]
+      before_action :stock_location, except: [:update, :destroy]
       def index
         authorize! :read, StockMovement

data/app/controllers/spree/api/taxons_controller.rb CHANGED Viewed

@@ -65,7 +65,7 @@ module Spree
         # Products#index does not do the sorting.
         taxon = Spree::Taxon.find(params[:id])
         @products = taxon.products.ransack(params[:q]).result
-        @products = @products.page(params[:page]).per(params[:per_page] || 500)
+        @products = @products.page(params[:page]).per(500 || params[:per_page])
         render "spree/api/products/index"
       end

data/app/controllers/spree/api/variants_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Spree
   module Api
     class VariantsController < Spree::Api::BaseController
-      before_filter :product
+      before_action :product
       def create
         authorize! :create, Variant
@@ -25,7 +25,6 @@ module Spree
       def index
         @variants = scope.includes({ option_values: :option_type }, :product, :default_price, :images, { stock_items: :stock_location })
           .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         respond_with(@variants)
       end

data/app/helpers/spree/api/api_helpers.rb CHANGED Viewed

@@ -21,13 +21,16 @@ module Spree
         :country_attributes,
         :state_attributes,
         :adjustment_attributes,
+        :inventory_unit_attributes,
+        :return_authorization_attributes,
         :creditcard_attributes,
         :payment_source_attributes,
         :user_attributes,
         :property_attributes,
         :stock_location_attributes,
         :stock_movement_attributes,
-        :stock_item_attributes
+        :stock_item_attributes,
+        :promotion_attributes
       ]
       mattr_reader *ATTRIBUTES
@@ -56,7 +59,7 @@ module Spree
       @@variant_attributes = [
         :id, :name, :sku, :price, :weight, :height, :width, :depth, :is_master,
-        :cost_price, :slug, :description, :track_inventory
+        :slug, :description, :track_inventory
       ]
       @@image_attributes = [
@@ -83,7 +86,7 @@ module Spree
       @@payment_attributes = [
         :id, :source_type, :source_id, :amount, :display_amount,
-        :payment_method_id, :state, :avs_response, :created_at,
+        :payment_method_id, :response_code, :state, :avs_response, :created_at,
         :updated_at
       ]
@@ -104,8 +107,7 @@ module Spree
       ]
       @@return_authorization_attributes = [
-        :id, :number, :state, :amount, :order_id, :reason, :created_at,
-        :updated_at
+        :id, :number, :state, :order_id, :memo, :created_at, :updated_at
       ]
       @@address_attributes = [
@@ -148,6 +150,18 @@ module Spree
         :id, :count_on_hand, :backorderable, :lock_version, :stock_location_id,
         :variant_id
       ]
+      @@promotion_attributes = [
+         :id, :name, :description, :expires_at, :starts_at, :type, :usage_limit, :match_policy, :code, :advertise, :path
+      ]
+      def variant_attributes
+        if @current_user_roles && @current_user_roles.include?("admin")
+          @@variant_attributes + [:cost_price]
+        else
+          @@variant_attributes
+        end
+      end
     end
   end
 end

data/app/views/spree/api/images/index.v1.rabl ADDED Viewed

@@ -0,0 +1,4 @@
+object false
+child(@images => :images) do
+  extends "spree/api/images/show"
+end

data/app/views/spree/api/products/show.v1.rabl CHANGED Viewed

@@ -1,8 +1,11 @@
 object @product
-cache [I18n.locale, current_currency, root_object]
+cache [I18n.locale, @current_user_roles.include?('admin'), current_currency, root_object]
 attributes *product_attributes
 node(:display_price) { |p| p.display_price.to_s }
 node(:has_variants) { |p| p.has_variants? }
 child :master => :master do
   extends "spree/api/variants/small"
 end

data/app/views/spree/api/promotions/handler.v1.rabl CHANGED Viewed

@@ -1,4 +1,5 @@
 object false
 node(:success) { @handler.success }
 node(:error) { @handler.error }
-node(:successful) { @handler.successful? }
+node(:successful) { @handler.successful? }
+node(:status_code) { @handler.status_code }