spree_api 2.4.10 → 3.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE +1 -2
  3. data/app/controllers/spree/api/base_controller.rb +9 -3
  4. data/app/controllers/spree/api/checkouts_controller.rb +4 -4
  5. data/app/controllers/spree/api/countries_controller.rb +3 -3
  6. data/app/controllers/spree/api/images_controller.rb +2 -2
  7. data/app/controllers/spree/api/inventory_units_controller.rb +1 -1
  8. data/app/controllers/spree/api/option_values_controller.rb +1 -1
  9. data/app/controllers/spree/api/orders_controller.rb +6 -14
  10. data/app/controllers/spree/api/payments_controller.rb +5 -5
  11. data/app/controllers/spree/api/product_properties_controller.rb +1 -1
  12. data/app/controllers/spree/api/products_controller.rb +5 -5
  13. data/app/controllers/spree/api/properties_controller.rb +2 -2
  14. data/app/controllers/spree/api/return_authorizations_controller.rb +4 -4
  15. data/app/controllers/spree/api/shipments_controller.rb +4 -4
  16. data/app/controllers/spree/api/states_controller.rb +2 -2
  17. data/app/controllers/spree/api/stock_items_controller.rb +4 -4
  18. data/app/controllers/spree/api/stock_locations_controller.rb +5 -5
  19. data/app/controllers/spree/api/stock_movements_controller.rb +3 -3
  20. data/app/controllers/spree/api/stores_controller.rb +5 -5
  21. data/app/controllers/spree/api/taxonomies_controller.rb +4 -4
  22. data/app/controllers/spree/api/taxons_controller.rb +3 -3
  23. data/app/controllers/spree/api/users_controller.rb +3 -3
  24. data/app/controllers/spree/api/variants_controller.rb +3 -3
  25. data/app/controllers/spree/api/zones_controller.rb +7 -4
  26. data/app/helpers/spree/api/api_helpers.rb +1 -1
  27. data/app/views/spree/api/config/money.v1.rabl +0 -4
  28. data/app/views/spree/api/orders/payment.v1.rabl +1 -1
  29. data/app/views/spree/api/orders/show.v1.rabl +5 -1
  30. data/app/views/spree/api/products/show.v1.rabl +1 -0
  31. data/app/views/spree/api/taxonomies/show.v1.rabl +2 -2
  32. data/app/views/spree/api/variants/big.v1.rabl +6 -0
  33. data/app/views/spree/api/variants/small.v1.rabl +0 -1
  34. data/config/routes.rb +5 -1
  35. data/lib/spree/api/responders/rabl_template.rb +3 -4
  36. data/lib/spree/api/testing_support/helpers.rb +1 -1
  37. data/spec/controllers/spree/api/base_controller_spec.rb +16 -2
  38. data/spec/controllers/spree/api/config_controller_spec.rb +1 -5
  39. data/spec/controllers/spree/api/line_items_controller_spec.rb +3 -4
  40. data/spec/controllers/spree/api/orders_controller_spec.rb +1 -28
  41. data/spec/controllers/spree/api/payments_controller_spec.rb +21 -26
  42. data/spec/controllers/spree/api/product_properties_controller_spec.rb +1 -1
  43. data/spec/controllers/spree/api/products_controller_spec.rb +54 -7
  44. data/spec/controllers/spree/api/return_authorizations_controller_spec.rb +2 -2
  45. data/spec/controllers/spree/api/stock_items_controller_spec.rb +4 -2
  46. data/spec/controllers/spree/api/stock_movements_controller_spec.rb +0 -6
  47. data/spec/controllers/spree/api/users_controller_spec.rb +17 -17
  48. data/spec/controllers/spree/api/variants_controller_spec.rb +2 -5
  49. data/spec/controllers/spree/api/zones_controller_spec.rb +26 -0
  50. data/spec/spec_helper.rb +3 -4
  51. data/spec/support/controller_hacks.rb +7 -5
  52. data/spree_api.gemspec +2 -1
  53. metadata +9 -10
  54. data/spec/requests/ransackable_attributes_spec.rb +0 -79
@@ -4,7 +4,7 @@ module Spree
4
4
  before_action :stock_location, except: [:update, :destroy]
5
5
 
6
6
  def index
7
- authorize! :read, Spree::StockMovement
7
+ authorize! :read, StockMovement
8
8
  @stock_movements = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
9
9
  respond_with(@stock_movements)
10
10
  end
@@ -15,7 +15,7 @@ module Spree
15
15
  end
16
16
 
17
17
  def create
18
- authorize! :create, Spree::StockMovement
18
+ authorize! :create, StockMovement
19
19
  @stock_movement = scope.new(stock_movement_params)
20
20
  if @stock_movement.save
21
21
  respond_with(@stock_movement, status: 201, default_template: :show)
@@ -28,7 +28,7 @@ module Spree
28
28
 
29
29
  def stock_location
30
30
  render 'spree/api/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
31
- @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
31
+ @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
32
32
  end
33
33
 
34
34
  def scope
@@ -5,14 +5,14 @@ module Spree
5
5
  before_filter :get_store, except: [:index, :create]
6
6
 
7
7
  def index
8
- authorize! :read, Spree::Store
9
- @stores = Spree::Store.accessible_by(current_ability, :read).all
8
+ authorize! :read, Store
9
+ @stores = Store.accessible_by(current_ability, :read).all
10
10
  respond_with(@stores)
11
11
  end
12
12
 
13
13
  def create
14
- authorize! :create, Spree::Store
15
- @store = Spree::Store.new(store_params)
14
+ authorize! :create, Store
15
+ @store = Store.new(store_params)
16
16
  @store.code = params[:store][:code]
17
17
  if @store.save
18
18
  respond_with(@store, status: 201, default_template: :show)
@@ -44,7 +44,7 @@ module Spree
44
44
  private
45
45
 
46
46
  def get_store
47
- @store = Spree::Store.find(params[:id])
47
+ @store = Store.find(params[:id])
48
48
  end
49
49
 
50
50
  def store_params
@@ -16,8 +16,8 @@ module Spree
16
16
  end
17
17
 
18
18
  def create
19
- authorize! :create, Spree::Taxonomy
20
- @taxonomy = Spree::Taxonomy.new(taxonomy_params)
19
+ authorize! :create, Taxonomy
20
+ @taxonomy = Taxonomy.new(taxonomy_params)
21
21
  if @taxonomy.save
22
22
  respond_with(@taxonomy, :status => 201, :default_template => :show)
23
23
  else
@@ -43,13 +43,13 @@ module Spree
43
43
  private
44
44
 
45
45
  def taxonomies
46
- @taxonomies = Spree::Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
46
+ @taxonomies = Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
47
47
  ransack(params[:q]).result.
48
48
  page(params[:page]).per(params[:per_page])
49
49
  end
50
50
 
51
51
  def taxonomy
52
- @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :read).find(params[:id])
52
+ @taxonomy ||= Taxonomy.accessible_by(current_ability, :read).find(params[:id])
53
53
  end
54
54
 
55
55
  def taxonomy_params
@@ -6,9 +6,9 @@ module Spree
6
6
  @taxons = taxonomy.root.children
7
7
  else
8
8
  if params[:ids]
9
- @taxons = Spree::Taxon.accessible_by(current_ability, :read).where(id: params[:ids].split(','))
9
+ @taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
10
10
  else
11
- @taxons = Spree::Taxon.accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
11
+ @taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
12
12
  end
13
13
  end
14
14
 
@@ -26,7 +26,7 @@ module Spree
26
26
  end
27
27
 
28
28
  def create
29
- authorize! :create, Spree::Taxon
29
+ authorize! :create, Taxon
30
30
  @taxon = Spree::Taxon.new(taxon_params)
31
31
  @taxon.taxonomy_id = params[:taxonomy_id]
32
32
  taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])
@@ -46,9 +46,9 @@ module Spree
46
46
  end
47
47
 
48
48
  def user_params
49
- params.require(:user).permit(PermittedAttributes.user_attributes |
50
- [bill_address_attributes: PermittedAttributes.address_attributes,
51
- ship_address_attributes: PermittedAttributes.address_attributes])
49
+ params.require(:user).permit(permitted_user_attributes |
50
+ [bill_address_attributes: permitted_address_attributes,
51
+ ship_address_attributes: permitted_address_attributes])
52
52
  end
53
53
 
54
54
  end
@@ -4,7 +4,7 @@ module Spree
4
4
  before_action :product
5
5
 
6
6
  def create
7
- authorize! :create, Spree::Variant
7
+ authorize! :create, Variant
8
8
  @variant = scope.new(variant_params)
9
9
  if @variant.save
10
10
  respond_with(@variant, status: 201, default_template: :show)
@@ -55,10 +55,10 @@ module Spree
55
55
  if @product
56
56
  variants = @product.variants_including_master
57
57
  else
58
- variants = Spree::Variant
58
+ variants = Variant
59
59
  end
60
60
 
61
- if current_ability.can?(:manage, Spree::Variant) && params[:show_deleted]
61
+ if current_ability.can?(:manage, Variant) && params[:show_deleted]
62
62
  variants = variants.with_deleted
63
63
  end
64
64
 
@@ -3,8 +3,8 @@ module Spree
3
3
  class ZonesController < Spree::Api::BaseController
4
4
 
5
5
  def create
6
- authorize! :create, Spree::Zone
7
- @zone = Spree::Zone.new(map_nested_attributes_keys(Spree::Zone, params[:zone]))
6
+ authorize! :create, Zone
7
+ @zone = Zone.new(map_nested_attributes_keys(Spree::Zone, zone_params))
8
8
  if @zone.save
9
9
  respond_with(@zone, :status => 201, :default_template => :show)
10
10
  else
@@ -19,7 +19,7 @@ module Spree
19
19
  end
20
20
 
21
21
  def index
22
- @zones = Spree::Zone.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
22
+ @zones = Zone.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
23
23
  respond_with(@zones)
24
24
  end
25
25
 
@@ -29,7 +29,7 @@ module Spree
29
29
 
30
30
  def update
31
31
  authorize! :update, zone
32
- if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, params[:zone]))
32
+ if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, zone_params))
33
33
  respond_with(zone, :status => 200, :default_template => :show)
34
34
  else
35
35
  invalid_resource!(zone)
@@ -37,6 +37,9 @@ module Spree
37
37
  end
38
38
 
39
39
  private
40
+ def zone_params
41
+ params.require(:zone).permit!
42
+ end
40
43
 
41
44
  def zone
42
45
  @zone ||= Spree::Zone.accessible_by(current_ability, :read).find(params[:id])
@@ -85,7 +85,7 @@ module Spree
85
85
 
86
86
  @@payment_attributes = [
87
87
  :id, :source_type, :source_id, :amount, :display_amount,
88
- :payment_method_id, :state, :avs_response, :created_at,
88
+ :payment_method_id, :response_code, :state, :avs_response, :created_at,
89
89
  :updated_at
90
90
  ]
91
91
 
@@ -1,6 +1,2 @@
1
1
  object false
2
2
  node(:symbol) { ::Money.new(1, Spree::Config[:currency]).symbol }
3
- node(:symbol_position) { Spree::Config[:currency_symbol_position] }
4
- node(:no_cents) { Spree::Config[:hide_cents] }
5
- node(:decimal_mark) { Spree::Config[:currency_decimal_mark] }
6
- node(:thousands_separator) { Spree::Config[:currency_thousands_separator] }
@@ -1,3 +1,3 @@
1
1
  child :available_payment_methods => :payment_methods do
2
- attributes :id, :name, :environment, :method_type
2
+ attributes :id, :name, :method_type
3
3
  end
@@ -21,7 +21,7 @@ child :payments => :payments do
21
21
  attributes *payment_attributes
22
22
 
23
23
  child :payment_method => :payment_method do
24
- attributes :id, :name, :environment
24
+ attributes :id, :name
25
25
  end
26
26
 
27
27
  child :source => :source do
@@ -46,3 +46,7 @@ end
46
46
  node :permissions do
47
47
  { can_update: current_ability.can?(:update, root_object) }
48
48
  end
49
+
50
+ child :valid_credit_cards => :credit_cards do
51
+ extends "spree/api/credit_cards/show"
52
+ end
@@ -5,6 +5,7 @@ attributes *product_attributes
5
5
 
6
6
  node(:display_price) { |p| p.display_price.to_s }
7
7
  node(:has_variants) { |p| p.has_variants? }
8
+ node(:taxon_ids) { |p| p.taxon_ids }
8
9
 
9
10
  child :master => :master do
10
11
  extends "spree/api/variants/small"
@@ -1,7 +1,7 @@
1
1
  object @taxonomy
2
2
 
3
- if params[:set] == 'nested'
4
- extends "spree/api/taxonomies/nested"
3
+ if set = params[:set]
4
+ extends "spree/api/taxonomies/#{set}"
5
5
  else
6
6
  attributes *taxonomy_attributes
7
7
 
@@ -1,9 +1,15 @@
1
1
  object @variant
2
+ attributes *variant_attributes
2
3
 
3
4
  cache [I18n.locale, @current_user_roles.include?('admin'), 'big_variant', root_object]
4
5
 
5
6
  extends "spree/api/variants/small"
6
7
 
8
+ node :total_on_hand do
9
+ root_object.total_on_hand
10
+ end
11
+
12
+
7
13
  child(:stock_items => :stock_items) do
8
14
  attributes :id, :count_on_hand, :stock_location_id, :backorderable
9
15
  attribute :available? => :available
@@ -4,7 +4,6 @@ attributes *variant_attributes
4
4
 
5
5
  node(:display_price) { |p| p.display_price.to_s }
6
6
  node(:options_text) { |v| v.options_text }
7
- node(:track_inventory) { |v| v.should_track_inventory? }
8
7
  node(:in_stock) { |v| v.in_stock? }
9
8
  node(:is_backorderable) { |v| v.is_backorderable? }
10
9
  node(:total_on_hand) { |v| v.total_on_hand }
data/config/routes.rb CHANGED
@@ -53,13 +53,16 @@ Spree::Core::Engine.add_routes do
53
53
  end
54
54
  end
55
55
 
56
- resources :variants, only: [:index, :show] do
56
+ resources :variants do
57
57
  resources :images
58
58
  end
59
59
 
60
60
  resources :option_types do
61
61
  resources :option_values
62
62
  end
63
+ resources :option_values
64
+
65
+ resources :option_values, only: :index
63
66
 
64
67
  get '/orders/mine', to: 'orders#mine', as: 'my_orders'
65
68
  get "/orders/current", to: "orders#current", as: "current_order"
@@ -112,6 +115,7 @@ Spree::Core::Engine.add_routes do
112
115
  resources :stock_items
113
116
  end
114
117
 
118
+ resources :stock_items, only: [:index, :update, :destroy]
115
119
  resources :stores
116
120
 
117
121
  get '/config/money', to: 'config#money'
@@ -8,16 +8,15 @@ module Spree
8
8
  else
9
9
  super
10
10
  end
11
-
12
11
  rescue ActionView::MissingTemplate => e
13
- api_behavior(e)
12
+ api_behavior
14
13
  end
15
14
 
16
15
  def template
17
- options[:default_template]
16
+ request.headers['X-Spree-Template'] || controller.params[:template] || options[:default_template]
18
17
  end
19
18
 
20
- def api_behavior(error)
19
+ def api_behavior
21
20
  if controller.params[:action] == "destroy"
22
21
  # Render a blank template
23
22
  super
@@ -22,7 +22,7 @@ module Spree
22
22
  end
23
23
 
24
24
  def stub_authentication!
25
- allow(Spree.user_class).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
25
+ allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
26
26
  end
27
27
 
28
28
  # This method can be overriden (with a let block) inside a context
@@ -17,6 +17,20 @@ describe Spree::Api::BaseController, :type => :controller do
17
17
  end
18
18
  end
19
19
 
20
+ context "signed in as a user using an authentication extension" do
21
+ before do
22
+ user = double(:email => "spree@example.com")
23
+ allow(user).to receive_message_chain :spree_roles, pluck: []
24
+ allow(controller).to receive_messages :try_spree_current_user => user
25
+ end
26
+
27
+ it "can make a request" do
28
+ api_get :index
29
+ expect(json_response).to eq({ "products" => [] })
30
+ expect(response.status).to eq(200)
31
+ end
32
+ end
33
+
20
34
  context "when validating based on an order token" do
21
35
  let!(:order) { create :order }
22
36
 
@@ -109,7 +123,7 @@ describe Spree::Api::BaseController, :type => :controller do
109
123
  before do
110
124
  user = double(email: "spree@example.com")
111
125
  allow(user).to receive_message_chain :spree_roles, pluck: []
112
- allow(Spree.user_class).to receive_messages find_by: user
126
+ allow(controller).to receive_messages try_spree_current_user: user
113
127
  @routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
114
128
  r.draw { get 'foo' => 'fakes#foo' }
115
129
  end
@@ -117,7 +131,7 @@ describe Spree::Api::BaseController, :type => :controller do
117
131
 
118
132
  it 'should notify notify_error_during_processing' do
119
133
  expect(MockHoneybadger).to receive(:notify_or_ignore).once.with(kind_of(Exception), rack_env: kind_of(Hash))
120
- api_get :foo, token: 123
134
+ api_get :foo
121
135
  expect(response.status).to eq(422)
122
136
  end
123
137
  end
@@ -12,10 +12,6 @@ module Spree
12
12
  api_get :money
13
13
  expect(response).to be_success
14
14
  expect(json_response["symbol"]).to eq("$")
15
- expect(json_response["symbol_position"]).to eq("before")
16
- expect(json_response["no_cents"]).to eq(false)
17
- expect(json_response["decimal_mark"]).to eq(".")
18
- expect(json_response["thousands_separator"]).to eq(",")
19
15
  end
20
16
 
21
17
  it "returns some configuration settings" do
@@ -24,4 +20,4 @@ module Spree
24
20
  expect(json_response["default_country_id"]).to eq(Spree::Config[:default_country_id])
25
21
  end
26
22
  end
27
- end
23
+ end
@@ -21,11 +21,8 @@ module Spree
21
21
  let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
22
22
  let(:resource_scoping) { { :order_id => order.to_param } }
23
23
 
24
- before do
25
- stub_authentication!
26
- end
27
-
28
24
  it "can learn how to create a new line item" do
25
+ allow(controller).to receive_messages :try_spree_current_user => current_api_user
29
26
  api_get :new
30
27
  expect(json_response["attributes"]).to eq(["quantity", "price", "variant_id"])
31
28
  required_attributes = json_response["required_attributes"]
@@ -51,6 +48,7 @@ module Spree
51
48
 
52
49
  context "as the order owner" do
53
50
  before do
51
+ allow(controller).to receive_messages :try_spree_current_user => current_api_user
54
52
  allow_any_instance_of(Order).to receive_messages :user => current_api_user
55
53
  end
56
54
 
@@ -159,6 +157,7 @@ module Spree
159
157
  context "as just another user" do
160
158
  before do
161
159
  user = create(:user)
160
+ allow(controller).to receive_messages :try_spree_current_user => user
162
161
  end
163
162
 
164
163
  it "cannot add a new line item to the order" do
@@ -28,28 +28,6 @@ module Spree
28
28
  stub_authentication!
29
29
  end
30
30
 
31
- describe 'PATCH #update' do
32
- subject { api_patch :update, id: order.to_param, order: { email: "foo@bar.com" } }
33
-
34
- before do
35
- allow_any_instance_of(Spree::Order).to receive_messages :user => current_api_user
36
- end
37
-
38
- it 'should be ok' do
39
- expect(subject).to be_ok
40
- end
41
-
42
- it 'should not invoke OrderContents#update_cart' do
43
- expect_any_instance_of(Spree::OrderContents).to_not receive(:update_cart)
44
- subject
45
- end
46
-
47
- it 'should update the email' do
48
- subject
49
- expect(order.reload.email).to eq('foo@bar.com')
50
- end
51
- end
52
-
53
31
  it "cannot view all orders" do
54
32
  api_get :index
55
33
  assert_unauthorized!
@@ -238,7 +216,7 @@ module Spree
238
216
  allow(user).to receive_message_chain(:spree_roles, :pluck).and_return(["bar"])
239
217
  allow(user).to receive(:has_spree_role?).with('bar').and_return(true)
240
218
  allow(user).to receive(:has_spree_role?).with('admin').and_return(false)
241
- allow(Spree.user_class).to receive_messages find_by: user
219
+ allow(controller).to receive_messages try_spree_current_user: user
242
220
  api_get :show, :id => order.to_param
243
221
  expect(response.status).to eq(200)
244
222
  end
@@ -251,11 +229,6 @@ module Spree
251
229
  assert_unauthorized!
252
230
  end
253
231
 
254
- it "cannot add address information to an order that doesn't belong to them" do
255
- api_put :address, :id => order.to_param
256
- assert_unauthorized!
257
- end
258
-
259
232
  it "can create an order" do
260
233
  api_post :create, :order => { :line_items => { "0" => { :variant_id => variant.to_param, :quantity => 5 } } }
261
234
  expect(response.status).to eq(201)