spree_api 2.4.10 → 3.0.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (54) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE +1 -2
  3. data/app/controllers/spree/api/base_controller.rb +9 -3
  4. data/app/controllers/spree/api/checkouts_controller.rb +4 -4
  5. data/app/controllers/spree/api/countries_controller.rb +3 -3
  6. data/app/controllers/spree/api/images_controller.rb +2 -2
  7. data/app/controllers/spree/api/inventory_units_controller.rb +1 -1
  8. data/app/controllers/spree/api/option_values_controller.rb +1 -1
  9. data/app/controllers/spree/api/orders_controller.rb +6 -14
  10. data/app/controllers/spree/api/payments_controller.rb +5 -5
  11. data/app/controllers/spree/api/product_properties_controller.rb +1 -1
  12. data/app/controllers/spree/api/products_controller.rb +5 -5
  13. data/app/controllers/spree/api/properties_controller.rb +2 -2
  14. data/app/controllers/spree/api/return_authorizations_controller.rb +4 -4
  15. data/app/controllers/spree/api/shipments_controller.rb +4 -4
  16. data/app/controllers/spree/api/states_controller.rb +2 -2
  17. data/app/controllers/spree/api/stock_items_controller.rb +4 -4
  18. data/app/controllers/spree/api/stock_locations_controller.rb +5 -5
  19. data/app/controllers/spree/api/stock_movements_controller.rb +3 -3
  20. data/app/controllers/spree/api/stores_controller.rb +5 -5
  21. data/app/controllers/spree/api/taxonomies_controller.rb +4 -4
  22. data/app/controllers/spree/api/taxons_controller.rb +3 -3
  23. data/app/controllers/spree/api/users_controller.rb +3 -3
  24. data/app/controllers/spree/api/variants_controller.rb +3 -3
  25. data/app/controllers/spree/api/zones_controller.rb +7 -4
  26. data/app/helpers/spree/api/api_helpers.rb +1 -1
  27. data/app/views/spree/api/config/money.v1.rabl +0 -4
  28. data/app/views/spree/api/orders/payment.v1.rabl +1 -1
  29. data/app/views/spree/api/orders/show.v1.rabl +5 -1
  30. data/app/views/spree/api/products/show.v1.rabl +1 -0
  31. data/app/views/spree/api/taxonomies/show.v1.rabl +2 -2
  32. data/app/views/spree/api/variants/big.v1.rabl +6 -0
  33. data/app/views/spree/api/variants/small.v1.rabl +0 -1
  34. data/config/routes.rb +5 -1
  35. data/lib/spree/api/responders/rabl_template.rb +3 -4
  36. data/lib/spree/api/testing_support/helpers.rb +1 -1
  37. data/spec/controllers/spree/api/base_controller_spec.rb +16 -2
  38. data/spec/controllers/spree/api/config_controller_spec.rb +1 -5
  39. data/spec/controllers/spree/api/line_items_controller_spec.rb +3 -4
  40. data/spec/controllers/spree/api/orders_controller_spec.rb +1 -28
  41. data/spec/controllers/spree/api/payments_controller_spec.rb +21 -26
  42. data/spec/controllers/spree/api/product_properties_controller_spec.rb +1 -1
  43. data/spec/controllers/spree/api/products_controller_spec.rb +54 -7
  44. data/spec/controllers/spree/api/return_authorizations_controller_spec.rb +2 -2
  45. data/spec/controllers/spree/api/stock_items_controller_spec.rb +4 -2
  46. data/spec/controllers/spree/api/stock_movements_controller_spec.rb +0 -6
  47. data/spec/controllers/spree/api/users_controller_spec.rb +17 -17
  48. data/spec/controllers/spree/api/variants_controller_spec.rb +2 -5
  49. data/spec/controllers/spree/api/zones_controller_spec.rb +26 -0
  50. data/spec/spec_helper.rb +3 -4
  51. data/spec/support/controller_hacks.rb +7 -5
  52. data/spree_api.gemspec +2 -1
  53. metadata +9 -10
  54. data/spec/requests/ransackable_attributes_spec.rb +0 -79
@@ -4,7 +4,7 @@ module Spree
4
4
  before_action :stock_location, except: [:update, :destroy]
5
5
 
6
6
  def index
7
- authorize! :read, Spree::StockMovement
7
+ authorize! :read, StockMovement
8
8
  @stock_movements = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
9
9
  respond_with(@stock_movements)
10
10
  end
@@ -15,7 +15,7 @@ module Spree
15
15
  end
16
16
 
17
17
  def create
18
- authorize! :create, Spree::StockMovement
18
+ authorize! :create, StockMovement
19
19
  @stock_movement = scope.new(stock_movement_params)
20
20
  if @stock_movement.save
21
21
  respond_with(@stock_movement, status: 201, default_template: :show)
@@ -28,7 +28,7 @@ module Spree
28
28
 
29
29
  def stock_location
30
30
  render 'spree/api/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
31
- @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
31
+ @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
32
32
  end
33
33
 
34
34
  def scope
@@ -5,14 +5,14 @@ module Spree
5
5
  before_filter :get_store, except: [:index, :create]
6
6
 
7
7
  def index
8
- authorize! :read, Spree::Store
9
- @stores = Spree::Store.accessible_by(current_ability, :read).all
8
+ authorize! :read, Store
9
+ @stores = Store.accessible_by(current_ability, :read).all
10
10
  respond_with(@stores)
11
11
  end
12
12
 
13
13
  def create
14
- authorize! :create, Spree::Store
15
- @store = Spree::Store.new(store_params)
14
+ authorize! :create, Store
15
+ @store = Store.new(store_params)
16
16
  @store.code = params[:store][:code]
17
17
  if @store.save
18
18
  respond_with(@store, status: 201, default_template: :show)
@@ -44,7 +44,7 @@ module Spree
44
44
  private
45
45
 
46
46
  def get_store
47
- @store = Spree::Store.find(params[:id])
47
+ @store = Store.find(params[:id])
48
48
  end
49
49
 
50
50
  def store_params
@@ -16,8 +16,8 @@ module Spree
16
16
  end
17
17
 
18
18
  def create
19
- authorize! :create, Spree::Taxonomy
20
- @taxonomy = Spree::Taxonomy.new(taxonomy_params)
19
+ authorize! :create, Taxonomy
20
+ @taxonomy = Taxonomy.new(taxonomy_params)
21
21
  if @taxonomy.save
22
22
  respond_with(@taxonomy, :status => 201, :default_template => :show)
23
23
  else
@@ -43,13 +43,13 @@ module Spree
43
43
  private
44
44
 
45
45
  def taxonomies
46
- @taxonomies = Spree::Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
46
+ @taxonomies = Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
47
47
  ransack(params[:q]).result.
48
48
  page(params[:page]).per(params[:per_page])
49
49
  end
50
50
 
51
51
  def taxonomy
52
- @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :read).find(params[:id])
52
+ @taxonomy ||= Taxonomy.accessible_by(current_ability, :read).find(params[:id])
53
53
  end
54
54
 
55
55
  def taxonomy_params
@@ -6,9 +6,9 @@ module Spree
6
6
  @taxons = taxonomy.root.children
7
7
  else
8
8
  if params[:ids]
9
- @taxons = Spree::Taxon.accessible_by(current_ability, :read).where(id: params[:ids].split(','))
9
+ @taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
10
10
  else
11
- @taxons = Spree::Taxon.accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
11
+ @taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
12
12
  end
13
13
  end
14
14
 
@@ -26,7 +26,7 @@ module Spree
26
26
  end
27
27
 
28
28
  def create
29
- authorize! :create, Spree::Taxon
29
+ authorize! :create, Taxon
30
30
  @taxon = Spree::Taxon.new(taxon_params)
31
31
  @taxon.taxonomy_id = params[:taxonomy_id]
32
32
  taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])
@@ -46,9 +46,9 @@ module Spree
46
46
  end
47
47
 
48
48
  def user_params
49
- params.require(:user).permit(PermittedAttributes.user_attributes |
50
- [bill_address_attributes: PermittedAttributes.address_attributes,
51
- ship_address_attributes: PermittedAttributes.address_attributes])
49
+ params.require(:user).permit(permitted_user_attributes |
50
+ [bill_address_attributes: permitted_address_attributes,
51
+ ship_address_attributes: permitted_address_attributes])
52
52
  end
53
53
 
54
54
  end
@@ -4,7 +4,7 @@ module Spree
4
4
  before_action :product
5
5
 
6
6
  def create
7
- authorize! :create, Spree::Variant
7
+ authorize! :create, Variant
8
8
  @variant = scope.new(variant_params)
9
9
  if @variant.save
10
10
  respond_with(@variant, status: 201, default_template: :show)
@@ -55,10 +55,10 @@ module Spree
55
55
  if @product
56
56
  variants = @product.variants_including_master
57
57
  else
58
- variants = Spree::Variant
58
+ variants = Variant
59
59
  end
60
60
 
61
- if current_ability.can?(:manage, Spree::Variant) && params[:show_deleted]
61
+ if current_ability.can?(:manage, Variant) && params[:show_deleted]
62
62
  variants = variants.with_deleted
63
63
  end
64
64
 
@@ -3,8 +3,8 @@ module Spree
3
3
  class ZonesController < Spree::Api::BaseController
4
4
 
5
5
  def create
6
- authorize! :create, Spree::Zone
7
- @zone = Spree::Zone.new(map_nested_attributes_keys(Spree::Zone, params[:zone]))
6
+ authorize! :create, Zone
7
+ @zone = Zone.new(map_nested_attributes_keys(Spree::Zone, zone_params))
8
8
  if @zone.save
9
9
  respond_with(@zone, :status => 201, :default_template => :show)
10
10
  else
@@ -19,7 +19,7 @@ module Spree
19
19
  end
20
20
 
21
21
  def index
22
- @zones = Spree::Zone.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
22
+ @zones = Zone.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
23
23
  respond_with(@zones)
24
24
  end
25
25
 
@@ -29,7 +29,7 @@ module Spree
29
29
 
30
30
  def update
31
31
  authorize! :update, zone
32
- if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, params[:zone]))
32
+ if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, zone_params))
33
33
  respond_with(zone, :status => 200, :default_template => :show)
34
34
  else
35
35
  invalid_resource!(zone)
@@ -37,6 +37,9 @@ module Spree
37
37
  end
38
38
 
39
39
  private
40
+ def zone_params
41
+ params.require(:zone).permit!
42
+ end
40
43
 
41
44
  def zone
42
45
  @zone ||= Spree::Zone.accessible_by(current_ability, :read).find(params[:id])
@@ -85,7 +85,7 @@ module Spree
85
85
 
86
86
  @@payment_attributes = [
87
87
  :id, :source_type, :source_id, :amount, :display_amount,
88
- :payment_method_id, :state, :avs_response, :created_at,
88
+ :payment_method_id, :response_code, :state, :avs_response, :created_at,
89
89
  :updated_at
90
90
  ]
91
91
 
@@ -1,6 +1,2 @@
1
1
  object false
2
2
  node(:symbol) { ::Money.new(1, Spree::Config[:currency]).symbol }
3
- node(:symbol_position) { Spree::Config[:currency_symbol_position] }
4
- node(:no_cents) { Spree::Config[:hide_cents] }
5
- node(:decimal_mark) { Spree::Config[:currency_decimal_mark] }
6
- node(:thousands_separator) { Spree::Config[:currency_thousands_separator] }
@@ -1,3 +1,3 @@
1
1
  child :available_payment_methods => :payment_methods do
2
- attributes :id, :name, :environment, :method_type
2
+ attributes :id, :name, :method_type
3
3
  end
@@ -21,7 +21,7 @@ child :payments => :payments do
21
21
  attributes *payment_attributes
22
22
 
23
23
  child :payment_method => :payment_method do
24
- attributes :id, :name, :environment
24
+ attributes :id, :name
25
25
  end
26
26
 
27
27
  child :source => :source do
@@ -46,3 +46,7 @@ end
46
46
  node :permissions do
47
47
  { can_update: current_ability.can?(:update, root_object) }
48
48
  end
49
+
50
+ child :valid_credit_cards => :credit_cards do
51
+ extends "spree/api/credit_cards/show"
52
+ end
@@ -5,6 +5,7 @@ attributes *product_attributes
5
5
 
6
6
  node(:display_price) { |p| p.display_price.to_s }
7
7
  node(:has_variants) { |p| p.has_variants? }
8
+ node(:taxon_ids) { |p| p.taxon_ids }
8
9
 
9
10
  child :master => :master do
10
11
  extends "spree/api/variants/small"
@@ -1,7 +1,7 @@
1
1
  object @taxonomy
2
2
 
3
- if params[:set] == 'nested'
4
- extends "spree/api/taxonomies/nested"
3
+ if set = params[:set]
4
+ extends "spree/api/taxonomies/#{set}"
5
5
  else
6
6
  attributes *taxonomy_attributes
7
7
 
@@ -1,9 +1,15 @@
1
1
  object @variant
2
+ attributes *variant_attributes
2
3
 
3
4
  cache [I18n.locale, @current_user_roles.include?('admin'), 'big_variant', root_object]
4
5
 
5
6
  extends "spree/api/variants/small"
6
7
 
8
+ node :total_on_hand do
9
+ root_object.total_on_hand
10
+ end
11
+
12
+
7
13
  child(:stock_items => :stock_items) do
8
14
  attributes :id, :count_on_hand, :stock_location_id, :backorderable
9
15
  attribute :available? => :available
@@ -4,7 +4,6 @@ attributes *variant_attributes
4
4
 
5
5
  node(:display_price) { |p| p.display_price.to_s }
6
6
  node(:options_text) { |v| v.options_text }
7
- node(:track_inventory) { |v| v.should_track_inventory? }
8
7
  node(:in_stock) { |v| v.in_stock? }
9
8
  node(:is_backorderable) { |v| v.is_backorderable? }
10
9
  node(:total_on_hand) { |v| v.total_on_hand }
data/config/routes.rb CHANGED
@@ -53,13 +53,16 @@ Spree::Core::Engine.add_routes do
53
53
  end
54
54
  end
55
55
 
56
- resources :variants, only: [:index, :show] do
56
+ resources :variants do
57
57
  resources :images
58
58
  end
59
59
 
60
60
  resources :option_types do
61
61
  resources :option_values
62
62
  end
63
+ resources :option_values
64
+
65
+ resources :option_values, only: :index
63
66
 
64
67
  get '/orders/mine', to: 'orders#mine', as: 'my_orders'
65
68
  get "/orders/current", to: "orders#current", as: "current_order"
@@ -112,6 +115,7 @@ Spree::Core::Engine.add_routes do
112
115
  resources :stock_items
113
116
  end
114
117
 
118
+ resources :stock_items, only: [:index, :update, :destroy]
115
119
  resources :stores
116
120
 
117
121
  get '/config/money', to: 'config#money'
@@ -8,16 +8,15 @@ module Spree
8
8
  else
9
9
  super
10
10
  end
11
-
12
11
  rescue ActionView::MissingTemplate => e
13
- api_behavior(e)
12
+ api_behavior
14
13
  end
15
14
 
16
15
  def template
17
- options[:default_template]
16
+ request.headers['X-Spree-Template'] || controller.params[:template] || options[:default_template]
18
17
  end
19
18
 
20
- def api_behavior(error)
19
+ def api_behavior
21
20
  if controller.params[:action] == "destroy"
22
21
  # Render a blank template
23
22
  super
@@ -22,7 +22,7 @@ module Spree
22
22
  end
23
23
 
24
24
  def stub_authentication!
25
- allow(Spree.user_class).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
25
+ allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
26
26
  end
27
27
 
28
28
  # This method can be overriden (with a let block) inside a context
@@ -17,6 +17,20 @@ describe Spree::Api::BaseController, :type => :controller do
17
17
  end
18
18
  end
19
19
 
20
+ context "signed in as a user using an authentication extension" do
21
+ before do
22
+ user = double(:email => "spree@example.com")
23
+ allow(user).to receive_message_chain :spree_roles, pluck: []
24
+ allow(controller).to receive_messages :try_spree_current_user => user
25
+ end
26
+
27
+ it "can make a request" do
28
+ api_get :index
29
+ expect(json_response).to eq({ "products" => [] })
30
+ expect(response.status).to eq(200)
31
+ end
32
+ end
33
+
20
34
  context "when validating based on an order token" do
21
35
  let!(:order) { create :order }
22
36
 
@@ -109,7 +123,7 @@ describe Spree::Api::BaseController, :type => :controller do
109
123
  before do
110
124
  user = double(email: "spree@example.com")
111
125
  allow(user).to receive_message_chain :spree_roles, pluck: []
112
- allow(Spree.user_class).to receive_messages find_by: user
126
+ allow(controller).to receive_messages try_spree_current_user: user
113
127
  @routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
114
128
  r.draw { get 'foo' => 'fakes#foo' }
115
129
  end
@@ -117,7 +131,7 @@ describe Spree::Api::BaseController, :type => :controller do
117
131
 
118
132
  it 'should notify notify_error_during_processing' do
119
133
  expect(MockHoneybadger).to receive(:notify_or_ignore).once.with(kind_of(Exception), rack_env: kind_of(Hash))
120
- api_get :foo, token: 123
134
+ api_get :foo
121
135
  expect(response.status).to eq(422)
122
136
  end
123
137
  end
@@ -12,10 +12,6 @@ module Spree
12
12
  api_get :money
13
13
  expect(response).to be_success
14
14
  expect(json_response["symbol"]).to eq("$")
15
- expect(json_response["symbol_position"]).to eq("before")
16
- expect(json_response["no_cents"]).to eq(false)
17
- expect(json_response["decimal_mark"]).to eq(".")
18
- expect(json_response["thousands_separator"]).to eq(",")
19
15
  end
20
16
 
21
17
  it "returns some configuration settings" do
@@ -24,4 +20,4 @@ module Spree
24
20
  expect(json_response["default_country_id"]).to eq(Spree::Config[:default_country_id])
25
21
  end
26
22
  end
27
- end
23
+ end
@@ -21,11 +21,8 @@ module Spree
21
21
  let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
22
22
  let(:resource_scoping) { { :order_id => order.to_param } }
23
23
 
24
- before do
25
- stub_authentication!
26
- end
27
-
28
24
  it "can learn how to create a new line item" do
25
+ allow(controller).to receive_messages :try_spree_current_user => current_api_user
29
26
  api_get :new
30
27
  expect(json_response["attributes"]).to eq(["quantity", "price", "variant_id"])
31
28
  required_attributes = json_response["required_attributes"]
@@ -51,6 +48,7 @@ module Spree
51
48
 
52
49
  context "as the order owner" do
53
50
  before do
51
+ allow(controller).to receive_messages :try_spree_current_user => current_api_user
54
52
  allow_any_instance_of(Order).to receive_messages :user => current_api_user
55
53
  end
56
54
 
@@ -159,6 +157,7 @@ module Spree
159
157
  context "as just another user" do
160
158
  before do
161
159
  user = create(:user)
160
+ allow(controller).to receive_messages :try_spree_current_user => user
162
161
  end
163
162
 
164
163
  it "cannot add a new line item to the order" do
@@ -28,28 +28,6 @@ module Spree
28
28
  stub_authentication!
29
29
  end
30
30
 
31
- describe 'PATCH #update' do
32
- subject { api_patch :update, id: order.to_param, order: { email: "foo@bar.com" } }
33
-
34
- before do
35
- allow_any_instance_of(Spree::Order).to receive_messages :user => current_api_user
36
- end
37
-
38
- it 'should be ok' do
39
- expect(subject).to be_ok
40
- end
41
-
42
- it 'should not invoke OrderContents#update_cart' do
43
- expect_any_instance_of(Spree::OrderContents).to_not receive(:update_cart)
44
- subject
45
- end
46
-
47
- it 'should update the email' do
48
- subject
49
- expect(order.reload.email).to eq('foo@bar.com')
50
- end
51
- end
52
-
53
31
  it "cannot view all orders" do
54
32
  api_get :index
55
33
  assert_unauthorized!
@@ -238,7 +216,7 @@ module Spree
238
216
  allow(user).to receive_message_chain(:spree_roles, :pluck).and_return(["bar"])
239
217
  allow(user).to receive(:has_spree_role?).with('bar').and_return(true)
240
218
  allow(user).to receive(:has_spree_role?).with('admin').and_return(false)
241
- allow(Spree.user_class).to receive_messages find_by: user
219
+ allow(controller).to receive_messages try_spree_current_user: user
242
220
  api_get :show, :id => order.to_param
243
221
  expect(response.status).to eq(200)
244
222
  end
@@ -251,11 +229,6 @@ module Spree
251
229
  assert_unauthorized!
252
230
  end
253
231
 
254
- it "cannot add address information to an order that doesn't belong to them" do
255
- api_put :address, :id => order.to_param
256
- assert_unauthorized!
257
- end
258
-
259
232
  it "can create an order" do
260
233
  api_post :create, :order => { :line_items => { "0" => { :variant_id => variant.to_param, :quantity => 5 } } }
261
234
  expect(response.status).to eq(201)