spree_api 2.4.10 → 3.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE +1 -2
- data/app/controllers/spree/api/base_controller.rb +9 -3
- data/app/controllers/spree/api/checkouts_controller.rb +4 -4
- data/app/controllers/spree/api/countries_controller.rb +3 -3
- data/app/controllers/spree/api/images_controller.rb +2 -2
- data/app/controllers/spree/api/inventory_units_controller.rb +1 -1
- data/app/controllers/spree/api/option_values_controller.rb +1 -1
- data/app/controllers/spree/api/orders_controller.rb +6 -14
- data/app/controllers/spree/api/payments_controller.rb +5 -5
- data/app/controllers/spree/api/product_properties_controller.rb +1 -1
- data/app/controllers/spree/api/products_controller.rb +5 -5
- data/app/controllers/spree/api/properties_controller.rb +2 -2
- data/app/controllers/spree/api/return_authorizations_controller.rb +4 -4
- data/app/controllers/spree/api/shipments_controller.rb +4 -4
- data/app/controllers/spree/api/states_controller.rb +2 -2
- data/app/controllers/spree/api/stock_items_controller.rb +4 -4
- data/app/controllers/spree/api/stock_locations_controller.rb +5 -5
- data/app/controllers/spree/api/stock_movements_controller.rb +3 -3
- data/app/controllers/spree/api/stores_controller.rb +5 -5
- data/app/controllers/spree/api/taxonomies_controller.rb +4 -4
- data/app/controllers/spree/api/taxons_controller.rb +3 -3
- data/app/controllers/spree/api/users_controller.rb +3 -3
- data/app/controllers/spree/api/variants_controller.rb +3 -3
- data/app/controllers/spree/api/zones_controller.rb +7 -4
- data/app/helpers/spree/api/api_helpers.rb +1 -1
- data/app/views/spree/api/config/money.v1.rabl +0 -4
- data/app/views/spree/api/orders/payment.v1.rabl +1 -1
- data/app/views/spree/api/orders/show.v1.rabl +5 -1
- data/app/views/spree/api/products/show.v1.rabl +1 -0
- data/app/views/spree/api/taxonomies/show.v1.rabl +2 -2
- data/app/views/spree/api/variants/big.v1.rabl +6 -0
- data/app/views/spree/api/variants/small.v1.rabl +0 -1
- data/config/routes.rb +5 -1
- data/lib/spree/api/responders/rabl_template.rb +3 -4
- data/lib/spree/api/testing_support/helpers.rb +1 -1
- data/spec/controllers/spree/api/base_controller_spec.rb +16 -2
- data/spec/controllers/spree/api/config_controller_spec.rb +1 -5
- data/spec/controllers/spree/api/line_items_controller_spec.rb +3 -4
- data/spec/controllers/spree/api/orders_controller_spec.rb +1 -28
- data/spec/controllers/spree/api/payments_controller_spec.rb +21 -26
- data/spec/controllers/spree/api/product_properties_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/products_controller_spec.rb +54 -7
- data/spec/controllers/spree/api/return_authorizations_controller_spec.rb +2 -2
- data/spec/controllers/spree/api/stock_items_controller_spec.rb +4 -2
- data/spec/controllers/spree/api/stock_movements_controller_spec.rb +0 -6
- data/spec/controllers/spree/api/users_controller_spec.rb +17 -17
- data/spec/controllers/spree/api/variants_controller_spec.rb +2 -5
- data/spec/controllers/spree/api/zones_controller_spec.rb +26 -0
- data/spec/spec_helper.rb +3 -4
- data/spec/support/controller_hacks.rb +7 -5
- data/spree_api.gemspec +2 -1
- metadata +9 -10
- data/spec/requests/ransackable_attributes_spec.rb +0 -79
@@ -4,7 +4,7 @@ module Spree
|
|
4
4
|
before_action :stock_location, except: [:update, :destroy]
|
5
5
|
|
6
6
|
def index
|
7
|
-
authorize! :read,
|
7
|
+
authorize! :read, StockMovement
|
8
8
|
@stock_movements = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
9
9
|
respond_with(@stock_movements)
|
10
10
|
end
|
@@ -15,7 +15,7 @@ module Spree
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def create
|
18
|
-
authorize! :create,
|
18
|
+
authorize! :create, StockMovement
|
19
19
|
@stock_movement = scope.new(stock_movement_params)
|
20
20
|
if @stock_movement.save
|
21
21
|
respond_with(@stock_movement, status: 201, default_template: :show)
|
@@ -28,7 +28,7 @@ module Spree
|
|
28
28
|
|
29
29
|
def stock_location
|
30
30
|
render 'spree/api/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
|
31
|
-
@stock_location ||=
|
31
|
+
@stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
|
32
32
|
end
|
33
33
|
|
34
34
|
def scope
|
@@ -5,14 +5,14 @@ module Spree
|
|
5
5
|
before_filter :get_store, except: [:index, :create]
|
6
6
|
|
7
7
|
def index
|
8
|
-
authorize! :read,
|
9
|
-
@stores =
|
8
|
+
authorize! :read, Store
|
9
|
+
@stores = Store.accessible_by(current_ability, :read).all
|
10
10
|
respond_with(@stores)
|
11
11
|
end
|
12
12
|
|
13
13
|
def create
|
14
|
-
authorize! :create,
|
15
|
-
@store =
|
14
|
+
authorize! :create, Store
|
15
|
+
@store = Store.new(store_params)
|
16
16
|
@store.code = params[:store][:code]
|
17
17
|
if @store.save
|
18
18
|
respond_with(@store, status: 201, default_template: :show)
|
@@ -44,7 +44,7 @@ module Spree
|
|
44
44
|
private
|
45
45
|
|
46
46
|
def get_store
|
47
|
-
@store =
|
47
|
+
@store = Store.find(params[:id])
|
48
48
|
end
|
49
49
|
|
50
50
|
def store_params
|
@@ -16,8 +16,8 @@ module Spree
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def create
|
19
|
-
authorize! :create,
|
20
|
-
@taxonomy =
|
19
|
+
authorize! :create, Taxonomy
|
20
|
+
@taxonomy = Taxonomy.new(taxonomy_params)
|
21
21
|
if @taxonomy.save
|
22
22
|
respond_with(@taxonomy, :status => 201, :default_template => :show)
|
23
23
|
else
|
@@ -43,13 +43,13 @@ module Spree
|
|
43
43
|
private
|
44
44
|
|
45
45
|
def taxonomies
|
46
|
-
@taxonomies =
|
46
|
+
@taxonomies = Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
|
47
47
|
ransack(params[:q]).result.
|
48
48
|
page(params[:page]).per(params[:per_page])
|
49
49
|
end
|
50
50
|
|
51
51
|
def taxonomy
|
52
|
-
@taxonomy ||=
|
52
|
+
@taxonomy ||= Taxonomy.accessible_by(current_ability, :read).find(params[:id])
|
53
53
|
end
|
54
54
|
|
55
55
|
def taxonomy_params
|
@@ -6,9 +6,9 @@ module Spree
|
|
6
6
|
@taxons = taxonomy.root.children
|
7
7
|
else
|
8
8
|
if params[:ids]
|
9
|
-
@taxons = Spree::Taxon.accessible_by(current_ability, :read).where(id: params[:ids].split(','))
|
9
|
+
@taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
|
10
10
|
else
|
11
|
-
@taxons = Spree::Taxon.accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
|
11
|
+
@taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
@@ -26,7 +26,7 @@ module Spree
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def create
|
29
|
-
authorize! :create,
|
29
|
+
authorize! :create, Taxon
|
30
30
|
@taxon = Spree::Taxon.new(taxon_params)
|
31
31
|
@taxon.taxonomy_id = params[:taxonomy_id]
|
32
32
|
taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])
|
@@ -46,9 +46,9 @@ module Spree
|
|
46
46
|
end
|
47
47
|
|
48
48
|
def user_params
|
49
|
-
params.require(:user).permit(
|
50
|
-
[bill_address_attributes:
|
51
|
-
ship_address_attributes:
|
49
|
+
params.require(:user).permit(permitted_user_attributes |
|
50
|
+
[bill_address_attributes: permitted_address_attributes,
|
51
|
+
ship_address_attributes: permitted_address_attributes])
|
52
52
|
end
|
53
53
|
|
54
54
|
end
|
@@ -4,7 +4,7 @@ module Spree
|
|
4
4
|
before_action :product
|
5
5
|
|
6
6
|
def create
|
7
|
-
authorize! :create,
|
7
|
+
authorize! :create, Variant
|
8
8
|
@variant = scope.new(variant_params)
|
9
9
|
if @variant.save
|
10
10
|
respond_with(@variant, status: 201, default_template: :show)
|
@@ -55,10 +55,10 @@ module Spree
|
|
55
55
|
if @product
|
56
56
|
variants = @product.variants_including_master
|
57
57
|
else
|
58
|
-
variants =
|
58
|
+
variants = Variant
|
59
59
|
end
|
60
60
|
|
61
|
-
if current_ability.can?(:manage,
|
61
|
+
if current_ability.can?(:manage, Variant) && params[:show_deleted]
|
62
62
|
variants = variants.with_deleted
|
63
63
|
end
|
64
64
|
|
@@ -3,8 +3,8 @@ module Spree
|
|
3
3
|
class ZonesController < Spree::Api::BaseController
|
4
4
|
|
5
5
|
def create
|
6
|
-
authorize! :create,
|
7
|
-
@zone =
|
6
|
+
authorize! :create, Zone
|
7
|
+
@zone = Zone.new(map_nested_attributes_keys(Spree::Zone, zone_params))
|
8
8
|
if @zone.save
|
9
9
|
respond_with(@zone, :status => 201, :default_template => :show)
|
10
10
|
else
|
@@ -19,7 +19,7 @@ module Spree
|
|
19
19
|
end
|
20
20
|
|
21
21
|
def index
|
22
|
-
@zones =
|
22
|
+
@zones = Zone.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
23
23
|
respond_with(@zones)
|
24
24
|
end
|
25
25
|
|
@@ -29,7 +29,7 @@ module Spree
|
|
29
29
|
|
30
30
|
def update
|
31
31
|
authorize! :update, zone
|
32
|
-
if zone.update_attributes(map_nested_attributes_keys(Spree::Zone,
|
32
|
+
if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, zone_params))
|
33
33
|
respond_with(zone, :status => 200, :default_template => :show)
|
34
34
|
else
|
35
35
|
invalid_resource!(zone)
|
@@ -37,6 +37,9 @@ module Spree
|
|
37
37
|
end
|
38
38
|
|
39
39
|
private
|
40
|
+
def zone_params
|
41
|
+
params.require(:zone).permit!
|
42
|
+
end
|
40
43
|
|
41
44
|
def zone
|
42
45
|
@zone ||= Spree::Zone.accessible_by(current_ability, :read).find(params[:id])
|
@@ -85,7 +85,7 @@ module Spree
|
|
85
85
|
|
86
86
|
@@payment_attributes = [
|
87
87
|
:id, :source_type, :source_id, :amount, :display_amount,
|
88
|
-
:payment_method_id, :state, :avs_response, :created_at,
|
88
|
+
:payment_method_id, :response_code, :state, :avs_response, :created_at,
|
89
89
|
:updated_at
|
90
90
|
]
|
91
91
|
|
@@ -1,6 +1,2 @@
|
|
1
1
|
object false
|
2
2
|
node(:symbol) { ::Money.new(1, Spree::Config[:currency]).symbol }
|
3
|
-
node(:symbol_position) { Spree::Config[:currency_symbol_position] }
|
4
|
-
node(:no_cents) { Spree::Config[:hide_cents] }
|
5
|
-
node(:decimal_mark) { Spree::Config[:currency_decimal_mark] }
|
6
|
-
node(:thousands_separator) { Spree::Config[:currency_thousands_separator] }
|
@@ -21,7 +21,7 @@ child :payments => :payments do
|
|
21
21
|
attributes *payment_attributes
|
22
22
|
|
23
23
|
child :payment_method => :payment_method do
|
24
|
-
attributes :id, :name
|
24
|
+
attributes :id, :name
|
25
25
|
end
|
26
26
|
|
27
27
|
child :source => :source do
|
@@ -46,3 +46,7 @@ end
|
|
46
46
|
node :permissions do
|
47
47
|
{ can_update: current_ability.can?(:update, root_object) }
|
48
48
|
end
|
49
|
+
|
50
|
+
child :valid_credit_cards => :credit_cards do
|
51
|
+
extends "spree/api/credit_cards/show"
|
52
|
+
end
|
@@ -1,9 +1,15 @@
|
|
1
1
|
object @variant
|
2
|
+
attributes *variant_attributes
|
2
3
|
|
3
4
|
cache [I18n.locale, @current_user_roles.include?('admin'), 'big_variant', root_object]
|
4
5
|
|
5
6
|
extends "spree/api/variants/small"
|
6
7
|
|
8
|
+
node :total_on_hand do
|
9
|
+
root_object.total_on_hand
|
10
|
+
end
|
11
|
+
|
12
|
+
|
7
13
|
child(:stock_items => :stock_items) do
|
8
14
|
attributes :id, :count_on_hand, :stock_location_id, :backorderable
|
9
15
|
attribute :available? => :available
|
@@ -4,7 +4,6 @@ attributes *variant_attributes
|
|
4
4
|
|
5
5
|
node(:display_price) { |p| p.display_price.to_s }
|
6
6
|
node(:options_text) { |v| v.options_text }
|
7
|
-
node(:track_inventory) { |v| v.should_track_inventory? }
|
8
7
|
node(:in_stock) { |v| v.in_stock? }
|
9
8
|
node(:is_backorderable) { |v| v.is_backorderable? }
|
10
9
|
node(:total_on_hand) { |v| v.total_on_hand }
|
data/config/routes.rb
CHANGED
@@ -53,13 +53,16 @@ Spree::Core::Engine.add_routes do
|
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
-
resources :variants
|
56
|
+
resources :variants do
|
57
57
|
resources :images
|
58
58
|
end
|
59
59
|
|
60
60
|
resources :option_types do
|
61
61
|
resources :option_values
|
62
62
|
end
|
63
|
+
resources :option_values
|
64
|
+
|
65
|
+
resources :option_values, only: :index
|
63
66
|
|
64
67
|
get '/orders/mine', to: 'orders#mine', as: 'my_orders'
|
65
68
|
get "/orders/current", to: "orders#current", as: "current_order"
|
@@ -112,6 +115,7 @@ Spree::Core::Engine.add_routes do
|
|
112
115
|
resources :stock_items
|
113
116
|
end
|
114
117
|
|
118
|
+
resources :stock_items, only: [:index, :update, :destroy]
|
115
119
|
resources :stores
|
116
120
|
|
117
121
|
get '/config/money', to: 'config#money'
|
@@ -8,16 +8,15 @@ module Spree
|
|
8
8
|
else
|
9
9
|
super
|
10
10
|
end
|
11
|
-
|
12
11
|
rescue ActionView::MissingTemplate => e
|
13
|
-
api_behavior
|
12
|
+
api_behavior
|
14
13
|
end
|
15
14
|
|
16
15
|
def template
|
17
|
-
options[:default_template]
|
16
|
+
request.headers['X-Spree-Template'] || controller.params[:template] || options[:default_template]
|
18
17
|
end
|
19
18
|
|
20
|
-
def api_behavior
|
19
|
+
def api_behavior
|
21
20
|
if controller.params[:action] == "destroy"
|
22
21
|
# Render a blank template
|
23
22
|
super
|
@@ -22,7 +22,7 @@ module Spree
|
|
22
22
|
end
|
23
23
|
|
24
24
|
def stub_authentication!
|
25
|
-
allow(Spree
|
25
|
+
allow(Spree::LegacyUser).to receive(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
|
26
26
|
end
|
27
27
|
|
28
28
|
# This method can be overriden (with a let block) inside a context
|
@@ -17,6 +17,20 @@ describe Spree::Api::BaseController, :type => :controller do
|
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
20
|
+
context "signed in as a user using an authentication extension" do
|
21
|
+
before do
|
22
|
+
user = double(:email => "spree@example.com")
|
23
|
+
allow(user).to receive_message_chain :spree_roles, pluck: []
|
24
|
+
allow(controller).to receive_messages :try_spree_current_user => user
|
25
|
+
end
|
26
|
+
|
27
|
+
it "can make a request" do
|
28
|
+
api_get :index
|
29
|
+
expect(json_response).to eq({ "products" => [] })
|
30
|
+
expect(response.status).to eq(200)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
20
34
|
context "when validating based on an order token" do
|
21
35
|
let!(:order) { create :order }
|
22
36
|
|
@@ -109,7 +123,7 @@ describe Spree::Api::BaseController, :type => :controller do
|
|
109
123
|
before do
|
110
124
|
user = double(email: "spree@example.com")
|
111
125
|
allow(user).to receive_message_chain :spree_roles, pluck: []
|
112
|
-
allow(
|
126
|
+
allow(controller).to receive_messages try_spree_current_user: user
|
113
127
|
@routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
|
114
128
|
r.draw { get 'foo' => 'fakes#foo' }
|
115
129
|
end
|
@@ -117,7 +131,7 @@ describe Spree::Api::BaseController, :type => :controller do
|
|
117
131
|
|
118
132
|
it 'should notify notify_error_during_processing' do
|
119
133
|
expect(MockHoneybadger).to receive(:notify_or_ignore).once.with(kind_of(Exception), rack_env: kind_of(Hash))
|
120
|
-
api_get :foo
|
134
|
+
api_get :foo
|
121
135
|
expect(response.status).to eq(422)
|
122
136
|
end
|
123
137
|
end
|
@@ -12,10 +12,6 @@ module Spree
|
|
12
12
|
api_get :money
|
13
13
|
expect(response).to be_success
|
14
14
|
expect(json_response["symbol"]).to eq("$")
|
15
|
-
expect(json_response["symbol_position"]).to eq("before")
|
16
|
-
expect(json_response["no_cents"]).to eq(false)
|
17
|
-
expect(json_response["decimal_mark"]).to eq(".")
|
18
|
-
expect(json_response["thousands_separator"]).to eq(",")
|
19
15
|
end
|
20
16
|
|
21
17
|
it "returns some configuration settings" do
|
@@ -24,4 +20,4 @@ module Spree
|
|
24
20
|
expect(json_response["default_country_id"]).to eq(Spree::Config[:default_country_id])
|
25
21
|
end
|
26
22
|
end
|
27
|
-
end
|
23
|
+
end
|
@@ -21,11 +21,8 @@ module Spree
|
|
21
21
|
let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
|
22
22
|
let(:resource_scoping) { { :order_id => order.to_param } }
|
23
23
|
|
24
|
-
before do
|
25
|
-
stub_authentication!
|
26
|
-
end
|
27
|
-
|
28
24
|
it "can learn how to create a new line item" do
|
25
|
+
allow(controller).to receive_messages :try_spree_current_user => current_api_user
|
29
26
|
api_get :new
|
30
27
|
expect(json_response["attributes"]).to eq(["quantity", "price", "variant_id"])
|
31
28
|
required_attributes = json_response["required_attributes"]
|
@@ -51,6 +48,7 @@ module Spree
|
|
51
48
|
|
52
49
|
context "as the order owner" do
|
53
50
|
before do
|
51
|
+
allow(controller).to receive_messages :try_spree_current_user => current_api_user
|
54
52
|
allow_any_instance_of(Order).to receive_messages :user => current_api_user
|
55
53
|
end
|
56
54
|
|
@@ -159,6 +157,7 @@ module Spree
|
|
159
157
|
context "as just another user" do
|
160
158
|
before do
|
161
159
|
user = create(:user)
|
160
|
+
allow(controller).to receive_messages :try_spree_current_user => user
|
162
161
|
end
|
163
162
|
|
164
163
|
it "cannot add a new line item to the order" do
|
@@ -28,28 +28,6 @@ module Spree
|
|
28
28
|
stub_authentication!
|
29
29
|
end
|
30
30
|
|
31
|
-
describe 'PATCH #update' do
|
32
|
-
subject { api_patch :update, id: order.to_param, order: { email: "foo@bar.com" } }
|
33
|
-
|
34
|
-
before do
|
35
|
-
allow_any_instance_of(Spree::Order).to receive_messages :user => current_api_user
|
36
|
-
end
|
37
|
-
|
38
|
-
it 'should be ok' do
|
39
|
-
expect(subject).to be_ok
|
40
|
-
end
|
41
|
-
|
42
|
-
it 'should not invoke OrderContents#update_cart' do
|
43
|
-
expect_any_instance_of(Spree::OrderContents).to_not receive(:update_cart)
|
44
|
-
subject
|
45
|
-
end
|
46
|
-
|
47
|
-
it 'should update the email' do
|
48
|
-
subject
|
49
|
-
expect(order.reload.email).to eq('foo@bar.com')
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
31
|
it "cannot view all orders" do
|
54
32
|
api_get :index
|
55
33
|
assert_unauthorized!
|
@@ -238,7 +216,7 @@ module Spree
|
|
238
216
|
allow(user).to receive_message_chain(:spree_roles, :pluck).and_return(["bar"])
|
239
217
|
allow(user).to receive(:has_spree_role?).with('bar').and_return(true)
|
240
218
|
allow(user).to receive(:has_spree_role?).with('admin').and_return(false)
|
241
|
-
allow(
|
219
|
+
allow(controller).to receive_messages try_spree_current_user: user
|
242
220
|
api_get :show, :id => order.to_param
|
243
221
|
expect(response.status).to eq(200)
|
244
222
|
end
|
@@ -251,11 +229,6 @@ module Spree
|
|
251
229
|
assert_unauthorized!
|
252
230
|
end
|
253
231
|
|
254
|
-
it "cannot add address information to an order that doesn't belong to them" do
|
255
|
-
api_put :address, :id => order.to_param
|
256
|
-
assert_unauthorized!
|
257
|
-
end
|
258
|
-
|
259
232
|
it "can create an order" do
|
260
233
|
api_post :create, :order => { :line_items => { "0" => { :variant_id => variant.to_param, :quantity => 5 } } }
|
261
234
|
expect(response.status).to eq(201)
|