spree_api 2.4.10 → 3.0.0.rc1

data/app/controllers/spree/api/stock_movements_controller.rb

@@ -4,7 +4,7 @@ module Spree
       before_action :stock_location, except: [:update, :destroy]
 
       def index
-        authorize! :read, Spree::StockMovement
+        authorize! :read, StockMovement
         @stock_movements = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         respond_with(@stock_movements)
       end
@@ -15,7 +15,7 @@ module Spree
       end
 
       def create
-        authorize! :create, Spree::StockMovement
+        authorize! :create, StockMovement
         @stock_movement = scope.new(stock_movement_params)
         if @stock_movement.save
           respond_with(@stock_movement, status: 201, default_template: :show)
@@ -28,7 +28,7 @@ module Spree
 
       def stock_location
         render 'spree/api/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
-        @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
+        @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
       end
 
       def scope

data/app/controllers/spree/api/stores_controller.rb

@@ -5,14 +5,14 @@ module Spree
       before_filter :get_store, except: [:index, :create]
 
       def index
-        authorize! :read, Spree::Store
-        @stores = Spree::Store.accessible_by(current_ability, :read).all
+        authorize! :read, Store
+        @stores = Store.accessible_by(current_ability, :read).all
         respond_with(@stores)
       end
 
       def create
-        authorize! :create, Spree::Store
-        @store = Spree::Store.new(store_params)
+        authorize! :create, Store
+        @store = Store.new(store_params)
         @store.code = params[:store][:code]
         if @store.save
           respond_with(@store, status: 201, default_template: :show)
@@ -44,7 +44,7 @@ module Spree
       private
 
       def get_store
-        @store = Spree::Store.find(params[:id])
+        @store = Store.find(params[:id])
       end
 
       def store_params

data/app/controllers/spree/api/taxonomies_controller.rb

@@ -16,8 +16,8 @@ module Spree
       end
 
       def create
-        authorize! :create, Spree::Taxonomy
-        @taxonomy = Spree::Taxonomy.new(taxonomy_params)
+        authorize! :create, Taxonomy
+        @taxonomy = Taxonomy.new(taxonomy_params)
         if @taxonomy.save
           respond_with(@taxonomy, :status => 201, :default_template => :show)
         else
@@ -43,13 +43,13 @@ module Spree
       private
 
       def taxonomies
-        @taxonomies = Spree::Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
+        @taxonomies = Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
                       ransack(params[:q]).result.
                       page(params[:page]).per(params[:per_page])
       end
 
       def taxonomy
-        @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :read).find(params[:id])
+        @taxonomy ||= Taxonomy.accessible_by(current_ability, :read).find(params[:id])
       end
 
       def taxonomy_params

data/app/controllers/spree/api/taxons_controller.rb

@@ -6,9 +6,9 @@ module Spree
           @taxons = taxonomy.root.children
         else
           if params[:ids]
-            @taxons = Spree::Taxon.accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+            @taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
           else
-            @taxons = Spree::Taxon.accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
+            @taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
           end
         end
 
@@ -26,7 +26,7 @@ module Spree
       end
 
       def create
-        authorize! :create, Spree::Taxon
+        authorize! :create, Taxon
         @taxon = Spree::Taxon.new(taxon_params)
         @taxon.taxonomy_id = params[:taxonomy_id]
         taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])

data/app/controllers/spree/api/users_controller.rb

@@ -46,9 +46,9 @@ module Spree
       end
 
       def user_params
-        params.require(:user).permit(PermittedAttributes.user_attributes |
-                                       [bill_address_attributes: PermittedAttributes.address_attributes,
-                                        ship_address_attributes: PermittedAttributes.address_attributes])
+        params.require(:user).permit(permitted_user_attributes |
+                                       [bill_address_attributes: permitted_address_attributes,
+                                        ship_address_attributes: permitted_address_attributes])
       end
 
     end

data/app/controllers/spree/api/variants_controller.rb

@@ -4,7 +4,7 @@ module Spree
       before_action :product
 
       def create
-        authorize! :create, Spree::Variant
+        authorize! :create, Variant
         @variant = scope.new(variant_params)
         if @variant.save
           respond_with(@variant, status: 201, default_template: :show)
@@ -55,10 +55,10 @@ module Spree
           if @product
             variants = @product.variants_including_master
           else
-            variants = Spree::Variant
+            variants = Variant
           end
 
-          if current_ability.can?(:manage, Spree::Variant) && params[:show_deleted]
+          if current_ability.can?(:manage, Variant) && params[:show_deleted]
             variants = variants.with_deleted
           end
 

data/app/controllers/spree/api/zones_controller.rb

@@ -3,8 +3,8 @@ module Spree
     class ZonesController < Spree::Api::BaseController
 
       def create
-        authorize! :create, Spree::Zone
-        @zone = Spree::Zone.new(map_nested_attributes_keys(Spree::Zone, params[:zone]))
+        authorize! :create, Zone
+        @zone = Zone.new(map_nested_attributes_keys(Spree::Zone, zone_params))
         if @zone.save
           respond_with(@zone, :status => 201, :default_template => :show)
         else
@@ -19,7 +19,7 @@ module Spree
       end
 
       def index
-        @zones = Spree::Zone.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        @zones = Zone.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         respond_with(@zones)
       end
 
@@ -29,7 +29,7 @@ module Spree
 
       def update
         authorize! :update, zone
-        if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, params[:zone]))
+        if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, zone_params))
           respond_with(zone, :status => 200, :default_template => :show)
         else
           invalid_resource!(zone)
@@ -37,6 +37,9 @@ module Spree
       end
 
       private
+      def zone_params
+        params.require(:zone).permit!
+      end
 
       def zone
         @zone ||= Spree::Zone.accessible_by(current_ability, :read).find(params[:id])

data/app/helpers/spree/api/api_helpers.rb

@@ -85,7 +85,7 @@ module Spree
 
       @@payment_attributes = [
         :id, :source_type, :source_id, :amount, :display_amount,
-        :payment_method_id, :state, :avs_response, :created_at,
+        :payment_method_id, :response_code, :state, :avs_response, :created_at,
         :updated_at
       ]
 

data/app/views/spree/api/config/money.v1.rabl

@@ -1,6 +1,2 @@
 object false
 node(:symbol) { ::Money.new(1, Spree::Config[:currency]).symbol }
-node(:symbol_position) { Spree::Config[:currency_symbol_position] }
-node(:no_cents) { Spree::Config[:hide_cents] }
-node(:decimal_mark) { Spree::Config[:currency_decimal_mark] }
-node(:thousands_separator) { Spree::Config[:currency_thousands_separator] }

data/app/views/spree/api/orders/payment.v1.rabl

@@ -1,3 +1,3 @@
 child :available_payment_methods => :payment_methods do
-  attributes :id, :name, :environment, :method_type
+  attributes :id, :name, :method_type
 end

data/app/views/spree/api/orders/show.v1.rabl

@@ -21,7 +21,7 @@ child :payments => :payments do
   attributes *payment_attributes
 
   child :payment_method => :payment_method do
-    attributes :id, :name, :environment
+    attributes :id, :name
   end
 
   child :source => :source do
@@ -46,3 +46,7 @@ end
 node :permissions do
   { can_update: current_ability.can?(:update, root_object) }
 end
+
+child :valid_credit_cards => :credit_cards do
+  extends "spree/api/credit_cards/show"
+end

data/app/views/spree/api/products/show.v1.rabl

@@ -5,6 +5,7 @@ attributes *product_attributes
 
 node(:display_price) { |p| p.display_price.to_s }
 node(:has_variants) { |p| p.has_variants? }
+node(:taxon_ids) { |p| p.taxon_ids }
 
 child :master => :master do
   extends "spree/api/variants/small"

data/app/views/spree/api/taxonomies/show.v1.rabl

@@ -1,7 +1,7 @@
 object @taxonomy
 
-if params[:set] == 'nested'
-  extends "spree/api/taxonomies/nested"
+if set = params[:set]
+  extends "spree/api/taxonomies/#{set}"
 else
   attributes *taxonomy_attributes
 

data/app/views/spree/api/variants/big.v1.rabl

@@ -1,9 +1,15 @@
 object @variant
+attributes *variant_attributes
 
 cache [I18n.locale, @current_user_roles.include?('admin'), 'big_variant', root_object]
 
 extends "spree/api/variants/small"
 
+node :total_on_hand do
+  root_object.total_on_hand
+end
+
+
 child(:stock_items => :stock_items) do
   attributes :id, :count_on_hand, :stock_location_id, :backorderable
   attribute :available? => :available

data/app/views/spree/api/variants/small.v1.rabl

@@ -4,7 +4,6 @@ attributes *variant_attributes
 
 node(:display_price) { |p| p.display_price.to_s }
 node(:options_text) { |v| v.options_text }
-node(:track_inventory) { |v| v.should_track_inventory? }
 node(:in_stock) { |v| v.in_stock? }
 node(:is_backorderable) { |v| v.is_backorderable? }
 node(:total_on_hand) { |v| v.total_on_hand }

data/config/routes.rb

@@ -53,13 +53,16 @@ Spree::Core::Engine.add_routes do
       end
     end
 
-    resources :variants, only: [:index, :show] do
+    resources :variants do
       resources :images
     end
 
     resources :option_types do
       resources :option_values
     end
+    resources :option_values
+
+    resources :option_values, only: :index
 
     get '/orders/mine', to: 'orders#mine', as: 'my_orders'
     get "/orders/current", to: "orders#current", as: "current_order"
@@ -112,6 +115,7 @@ Spree::Core::Engine.add_routes do
       resources :stock_items
     end
 
+    resources :stock_items, only: [:index, :update, :destroy]
     resources :stores
 
     get '/config/money', to: 'config#money'

data/lib/spree/api/responders/rabl_template.rb

@@ -8,16 +8,15 @@ module Spree
           else
             super
           end
-
         rescue ActionView::MissingTemplate => e
-          api_behavior(e)
+          api_behavior
         end
 
         def template
-          options[:default_template]
+          request.headers['X-Spree-Template'] || controller.params[:template] || options[:default_template]
         end
 
-        def api_behavior(error)
+        def api_behavior
           if controller.params[:action] == "destroy"
             # Render a blank template
             super

data/lib/spree/api/testing_support/helpers.rb

@@ -22,7 +22,7 @@ module Spree
         end
 
         def stub_authentication!
-          allow(Spree.user_class).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
+          allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
         end
 
         # This method can be overriden (with a let block) inside a context

data/spec/controllers/spree/api/base_controller_spec.rb

@@ -17,6 +17,20 @@ describe Spree::Api::BaseController, :type => :controller do
     end
   end
 
+  context "signed in as a user using an authentication extension" do
+    before do
+      user = double(:email => "spree@example.com")
+      allow(user).to receive_message_chain :spree_roles, pluck: []
+      allow(controller).to receive_messages :try_spree_current_user => user
+    end
+
+    it "can make a request" do
+      api_get :index
+      expect(json_response).to eq({ "products" => [] })
+      expect(response.status).to eq(200)
+    end
+  end
+
   context "when validating based on an order token" do
     let!(:order) { create :order }
 
@@ -109,7 +123,7 @@ describe Spree::Api::BaseController, :type => :controller do
     before do
       user = double(email: "spree@example.com")
       allow(user).to receive_message_chain :spree_roles, pluck: []
-      allow(Spree.user_class).to receive_messages find_by: user
+      allow(controller).to receive_messages try_spree_current_user: user
       @routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
         r.draw { get 'foo' => 'fakes#foo' }
       end
@@ -117,7 +131,7 @@ describe Spree::Api::BaseController, :type => :controller do
 
     it 'should notify notify_error_during_processing' do
       expect(MockHoneybadger).to receive(:notify_or_ignore).once.with(kind_of(Exception), rack_env: kind_of(Hash))
-      api_get :foo, token: 123
+      api_get :foo
       expect(response.status).to eq(422)
     end
   end

data/spec/controllers/spree/api/config_controller_spec.rb

@@ -12,10 +12,6 @@ module Spree
       api_get :money
       expect(response).to be_success
       expect(json_response["symbol"]).to eq("$")
-      expect(json_response["symbol_position"]).to eq("before")
-      expect(json_response["no_cents"]).to eq(false)
-      expect(json_response["decimal_mark"]).to eq(".")
-      expect(json_response["thousands_separator"]).to eq(",")
     end
 
     it "returns some configuration settings" do
@@ -24,4 +20,4 @@ module Spree
       expect(json_response["default_country_id"]).to eq(Spree::Config[:default_country_id])
     end
   end
-end
+end

data/spec/controllers/spree/api/line_items_controller_spec.rb

@@ -21,11 +21,8 @@ module Spree
     let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
     let(:resource_scoping) { { :order_id => order.to_param } }
 
-    before do
-      stub_authentication!
-    end
-
     it "can learn how to create a new line item" do
+      allow(controller).to receive_messages :try_spree_current_user => current_api_user
       api_get :new
       expect(json_response["attributes"]).to eq(["quantity", "price", "variant_id"])
       required_attributes = json_response["required_attributes"]
@@ -51,6 +48,7 @@ module Spree
 
     context "as the order owner" do
       before do
+        allow(controller).to receive_messages :try_spree_current_user => current_api_user
         allow_any_instance_of(Order).to receive_messages :user => current_api_user
       end
 
@@ -159,6 +157,7 @@ module Spree
     context "as just another user" do
       before do
         user = create(:user)
+        allow(controller).to receive_messages :try_spree_current_user => user
       end
 
       it "cannot add a new line item to the order" do

data/spec/controllers/spree/api/orders_controller_spec.rb

@@ -28,28 +28,6 @@ module Spree
       stub_authentication!
     end
 
-    describe 'PATCH #update' do
-      subject { api_patch :update, id: order.to_param, order: { email: "foo@bar.com" } }
-
-      before do
-        allow_any_instance_of(Spree::Order).to receive_messages :user => current_api_user
-      end
-
-      it 'should be ok' do
-        expect(subject).to be_ok
-      end
-
-      it 'should not invoke OrderContents#update_cart' do
-        expect_any_instance_of(Spree::OrderContents).to_not receive(:update_cart)
-        subject
-      end
-
-      it 'should update the email' do
-        subject
-        expect(order.reload.email).to eq('foo@bar.com')
-      end
-    end
-
     it "cannot view all orders" do
       api_get :index
       assert_unauthorized!
@@ -238,7 +216,7 @@ module Spree
         allow(user).to receive_message_chain(:spree_roles, :pluck).and_return(["bar"])
         allow(user).to receive(:has_spree_role?).with('bar').and_return(true)
         allow(user).to receive(:has_spree_role?).with('admin').and_return(false)
-        allow(Spree.user_class).to receive_messages find_by: user
+        allow(controller).to receive_messages try_spree_current_user: user
         api_get :show, :id => order.to_param
         expect(response.status).to eq(200)
       end
@@ -251,11 +229,6 @@ module Spree
       assert_unauthorized!
     end
 
-    it "cannot add address information to an order that doesn't belong to them" do
-      api_put :address, :id => order.to_param
-      assert_unauthorized!
-    end
-
     it "can create an order" do
       api_post :create, :order => { :line_items => { "0" => { :variant_id => variant.to_param, :quantity => 5 } } }
       expect(response.status).to eq(201)