spree_api 3.2.9 → 3.3.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1170089dba60e1b3232d333faffdbb97a4ecee23
-  data.tar.gz: c7f09b516fdc211250dcf26eb4008a2a39a27e7f
+  metadata.gz: 26fb8c0927a1d6b2423649295a3dd8ea7aeb798f
+  data.tar.gz: 914d854628f209659d0693b408b5aedc24bf6a5c
 SHA512:
-  metadata.gz: 4abd3f9eed2ae14dddae04d0d1eda3a16111f607c41623b617d74093ec1e9e08c5c8aea76f289dc84343aee66c9bd8e706dbb628d7238444971938aee8daaca9
-  data.tar.gz: 29b658bad34c4fc7d0853b89525e8e94bd4733c186438d4fb3eb0c948b5a1622709710cb892cb92d18b62ea287b2a6b6750e88d558517ad005ee6a20181652cf
+  metadata.gz: 254a9e9ba85214262fa672d11d259df4dfbdb141d25a94747d0984d77e926618070ba9662a549e8a6ccd83c902fd696ababfbc7f56db9ac762e7615055d88c16
+  data.tar.gz: 76cee411a30b7d769e76a74e9ad3146610005e34fc413cb032d98b24122a2ac16f8a5158d4b77f127d32d1668a93698f39c4656463c79b1292478450efc3ca68

data/app/controllers/spree/api/base_controller.rb

@@ -23,15 +23,6 @@ module Spree
 
       helper Spree::Api::ApiHelpers
 
-      def map_nested_attributes_keys(klass, attributes)
-        nested_keys = klass.nested_attributes_options.keys
-        attributes.to_h.inject({}) do |h, (k,v)|
-          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
-          h[key] = v
-          h
-        end.with_indifferent_access
-      end
-
       # users should be able to set price when importing orders via api
       def permitted_line_item_attributes
         if @current_user_roles.include?("admin")
@@ -64,15 +55,23 @@ module Spree
         return if @current_api_user
 
         if requires_authentication? && api_key.blank? && order_token.blank?
-          render "spree/api/errors/must_specify_api_key", status: 401 and return
+          must_specify_api_key and return
         elsif order_token.blank? && (requires_authentication? || api_key.present?)
-          render "spree/api/errors/invalid_api_key", status: 401 and return
+          invalid_api_key and return
         else
           # An anonymous user
           @current_api_user = Spree.user_class.new
         end
       end
 
+      def invalid_api_key
+        render "spree/api/errors/invalid_api_key", status: 401
+      end
+
+      def must_specify_api_key
+        render "spree/api/errors/must_specify_api_key", status: 401
+      end
+
       def load_user_roles
         @current_user_roles = @current_api_user ? @current_api_user.spree_roles.pluck(:name) : []
       end
@@ -124,7 +123,7 @@ module Spree
       end
 
       def find_product(id)
-        product_scope.friendly.find(id.to_s)
+        product_scope.friendly.distinct(false).find(id.to_s)
       rescue ActiveRecord::RecordNotFound
         product_scope.find(id)
       end

data/app/controllers/spree/api/v1/checkouts_controller.rb

@@ -51,10 +51,6 @@ module Spree
           params[:order][:user_id] if params[:order]
         end
 
-        def nested_params
-          map_nested_attributes_keys Order, params[:order] || {}
-        end
-
         # Should be overriden if you have areas of your checkout that don't match
         # up to a step within checkout_steps, such as a registration step
         def skip_state_validation?
@@ -73,7 +69,7 @@ module Spree
         end
 
         def raise_insufficient_quantity
-          respond_with(@order, default_template: 'spree/api/v1/orders/insufficient_quantity')
+          respond_with(@order, default_template: 'spree/api/v1/orders/insufficient_quantity', status: 422)
         end
 
         def state_callback(before_or_after = :before)
@@ -82,12 +78,13 @@ module Spree
         end
 
         def after_update_attributes
-          if nested_params && nested_params[:coupon_code].present?
-            handler = PromotionHandler::Coupon.new(@order).apply
+          if params[:order] && params[:order][:coupon_code].present?
+            handler = PromotionHandler::Coupon.new(@order)
+            handler.apply
 
             if handler.error.present?
               @coupon_message = handler.error
-              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_apply_coupon')
+              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_apply_coupon', status: 422)
               return true
             end
           end

data/app/controllers/spree/api/v1/customer_returns_controller.rb

@@ -0,0 +1,24 @@
+module Spree
+  module Api
+    module V1
+      class CustomerReturnsController < Spree::Api::BaseController
+        def index
+          collection(Spree::CustomerReturn)
+          respond_with(@collection)
+        end
+
+        private
+
+        def collection(resource)
+          return @collection if @collection.present?
+          params[:q] ||= {}
+
+          @collection = resource.all
+          # @search needs to be defined as this is passed to search_form_for
+          @search = @collection.ransack(params[:q])
+          @collection = @search.result.order(created_at: :desc).page(params[:page]).per(params[:per_page])
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/orders_controller.rb

@@ -27,32 +27,21 @@ module Spree
         end
 
         def create
-          authorize! :create, Spree::Order
-          if can?(:admin, Spree::Order)
-
-            order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
-              Spree.user_class.find(order_params[:user_id])
-            else
-              current_api_user
-            end
-
-            import_params = if @current_user_roles.include?("admin")
-              params[:order].present? ? params[:order].permit! : {}
-            else
-              order_params
-            end
-
-            @order = Spree::Core::Importer::Order.import(order_user, import_params)
+          authorize! :create, Order
+          order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
+            Spree.user_class.find(order_params[:user_id])
+          else
+            current_api_user
+          end
 
-            respond_with(@order, default_template: :show, status: 201)
+          import_params = if @current_user_roles.include?("admin")
+            params[:order].present? ? params[:order].permit! : {}
           else
-            @order = Spree::Order.create!(user: current_api_user, store: current_store)
-            if @order.contents.update_cart(order_params)
-              respond_with(@order, default_template: :show, status: 201)
-            else
-              invalid_resource!(@order)
-            end
+            order_params
           end
+
+          @order = Spree::Core::Importer::Order.import(order_user, import_params)
+          respond_with(@order, default_template: :show, status: 201)
         end
 
         def empty
@@ -132,7 +121,7 @@ module Spree
           end
 
           def find_order(lock = false)
-            @order = Spree::Order.lock(lock).friendly.find(params[:id])
+            @order = Spree::Order.lock(lock).find_by!(number: params[:id])
           end
 
           def find_current_order

data/app/controllers/spree/api/v1/payments_controller.rb

@@ -17,7 +17,6 @@ module Spree
         end
 
         def create
-          @order.validate_payments_attributes([payment_params])
           @payment = @order.payments.build(payment_params)
           if @payment.save
             respond_with(@payment, status: 201, default_template: :show)
@@ -60,12 +59,12 @@ module Spree
         private
 
           def find_order
-            @order = Spree::Order.friendly.find(order_id)
+            @order = Spree::Order.find_by!(number: order_id)
             authorize! :read, @order, order_token
           end
 
           def find_payment
-            @payment = @order.payments.friendly.find(params[:id])
+            @payment = @order.payments.find_by!(number: params[:id])
           end
 
           def perform_payment_action(action, *args)

data/app/controllers/spree/api/v1/reimbursements_controller.rb

@@ -0,0 +1,24 @@
+module Spree
+  module Api
+    module V1
+      class ReimbursementsController < Spree::Api::BaseController
+        def index
+          collection(Spree::Reimbursement)
+          respond_with(@collection)
+        end
+
+        private
+
+        def collection(resource)
+          return @collection if @collection.present?
+          params[:q] ||= {}
+
+          @collection = resource.all
+          # @search needs to be defined as this is passed to search_form_for
+          @search = @collection.ransack(params[:q])
+          @collection = @search.result.order(created_at: :desc).page(params[:page]).per(params[:per_page])
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/shipments_controller.rb

@@ -33,7 +33,7 @@ module Spree
         end
 
         def update
-          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).friendly.find(params[:id])
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
           @shipment.update_attributes_and_order(shipment_params)
 
           respond_with(@shipment.reload, default_template: :show)
@@ -86,7 +86,7 @@ module Spree
         end
 
         def transfer_to_shipment
-          @target_shipment  = Spree::Shipment.friendly.find(params[:target_shipment_number])
+          @target_shipment = Spree::Shipment.find_by!(number: params[:target_shipment_number])
 
           if @quantity < 0 || @target_shipment == @original_shipment
             unprocessable_entity('ArgumentError')
@@ -100,7 +100,7 @@ module Spree
         private
 
         def load_transfer_params
-          @original_shipment         = Spree::Shipment.friendly.find(params[:original_shipment_number])
+          @original_shipment         = Spree::Shipment.find_by!(number: params[:original_shipment_number])
           @variant                   = Spree::Variant.find(params[:variant_id])
           @quantity                  = params[:quantity].to_i
           authorize! :read, @original_shipment
@@ -108,7 +108,7 @@ module Spree
         end
 
         def find_and_update_shipment
-          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).friendly.find(params[:id])
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
           @shipment.update_attributes(shipment_params)
           @shipment.reload
         end

data/app/controllers/spree/api/v1/zones_controller.rb

@@ -5,7 +5,7 @@ module Spree
 
         def create
           authorize! :create, Zone
-          @zone = Zone.new(map_nested_attributes_keys(Spree::Zone, zone_params))
+          @zone = Spree::Zone.new(zone_params)
           if @zone.save
             respond_with(@zone, status: 201, default_template: :show)
           else
@@ -30,7 +30,7 @@ module Spree
 
         def update
           authorize! :update, zone
-          if zone.update_attributes(map_nested_attributes_keys(Spree::Zone, zone_params))
+          if zone.update_attributes(zone_params)
             respond_with(zone, status: 200, default_template: :show)
           else
             invalid_resource!(zone)
@@ -38,8 +38,13 @@ module Spree
         end
 
         private
+
         def zone_params
-          params.require(:zone).permit!
+          attrs = params.require(:zone).permit!
+          if attrs[:zone_members]
+            attrs[:zone_members_attributes] = attrs.delete(:zone_members)
+          end
+          attrs
         end
 
         def zone

data/app/helpers/spree/api/api_helpers.rb

@@ -30,7 +30,9 @@ module Spree
         :stock_item_attributes,
         :promotion_attributes,
         :store_attributes,
-        :tag_attributes
+        :tag_attributes,
+        :customer_return_attributes,
+        :reimbursement_attributes
       ]
 
       mattr_reader *ATTRIBUTES
@@ -164,6 +166,16 @@ module Spree
 
       @@tag_attributes = [:id, :name]
 
+      @@customer_return_attributes = [
+        :id, :number, :order_id, :fully_reimbursed?, :pre_tax_total,
+        :created_at, :updated_at
+      ]
+
+      @@reimbursement_attributes = [
+        :id, :reimbursement_status, :customer_return_id, :order_id,
+        :number, :total, :created_at, :updated_at
+      ]
+
       def variant_attributes
         if @current_user_roles && @current_user_roles.include?("admin")
           @@variant_attributes + [:cost_price]

data/app/models/concerns/spree/user_api_authentication.rb

@@ -0,0 +1,19 @@
+module Spree
+  module UserApiAuthentication
+    def generate_spree_api_key!
+      self.spree_api_key = generate_spree_api_key
+      save!
+    end
+
+    def clear_spree_api_key!
+      self.spree_api_key = nil
+      save!
+    end
+
+    private
+
+    def generate_spree_api_key
+      SecureRandom.hex(24)
+    end
+  end
+end

data/app/models/concerns/spree/user_api_methods.rb

@@ -0,0 +1,7 @@
+module Spree
+  module UserApiMethods
+    extend ActiveSupport::Concern
+
+    include Spree::UserApiAuthentication
+  end
+end

data/app/views/spree/api/v1/customer_returns/index.v1.rabl

@@ -0,0 +1,7 @@
+object false
+child(@collection => :customer_returns) do
+  attributes *customer_return_attributes
+end
+node(:count) { @collection.count }
+node(:current_page) { params[:page].try(:to_i) || 1 }
+node(:pages) { @collection.total_pages }

data/app/views/spree/api/v1/line_items/show.v1.rabl

@@ -7,7 +7,6 @@ node(:total) { |li| li.total }
 child :variant do
   extends "spree/api/v1/variants/small"
   attributes :product_id
-  child(images: :images) { extends "spree/api/v1/images/show" }
 end
 
 child adjustments: :adjustments do

data/app/views/spree/api/v1/reimbursements/index.v1.rabl

@@ -0,0 +1,7 @@
+object false
+child(@collection => :reimbursements) do
+  attributes *reimbursement_attributes
+end
+node(:count) { @collection.count }
+node(:current_page) { params[:page].try(:to_i) || 1 }
+node(:pages) { @collection.total_pages }

data/config/initializers/user_class_extensions.rb

@@ -0,0 +1,7 @@
+# Ensure that Spree.user_class includes the UserApiMethods concern
+
+Spree::Core::Engine.config.to_prepare do
+  if Spree.user_class && !Spree.user_class.included_modules.include?(Spree::UserApiMethods)
+    Spree.user_class.include Spree::UserApiMethods
+  end
+end

data/config/routes.rb

@@ -3,6 +3,9 @@ Spree::Core::Engine.add_routes do
     namespace :v1 do
       resources :promotions, only: [:show]
 
+      resources :customer_returns, only: [:index]
+      resources :reimbursements, only: [:index]
+
       resources :products do
         resources :images
         resources :variants

data/spec/controllers/spree/api/base_controller_spec.rb

@@ -0,0 +1,84 @@
+require 'spec_helper'
+
+class FakesController < Spree::Api::BaseController
+end
+
+describe Spree::Api::BaseController, type: :controller do
+  render_views
+  controller(Spree::Api::BaseController) do
+    def index
+      render plain: { "products" => [] }.to_json
+    end
+  end
+
+  before do
+    @routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
+      r.draw { get 'index', to: 'spree/api/base#index' }
+    end
+  end
+
+  context "when validating based on an order token" do
+    let!(:order) { create :order }
+
+    context "with a correct order token" do
+      it "succeeds" do
+        api_get :index, order_token: order.guest_token, order_id: order.number
+        expect(response.status).to eq(200)
+      end
+
+      it "succeeds with an order_number parameter" do
+        api_get :index, order_token: order.guest_token, order_number: order.number
+        expect(response.status).to eq(200)
+      end
+    end
+
+    context "with an incorrect order token" do
+      it "returns unauthorized" do
+        api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  context "cannot make a request to the API" do
+    it "without an API key" do
+      api_get :index
+      expect(json_response).to eq({ "error" => "You must specify an API key." })
+      expect(response.status).to eq(401)
+    end
+
+    it "with an invalid API key" do
+      request.headers["X-Spree-Token"] = "fake_key"
+      get :index
+      expect(json_response).to eq({ "error" => "Invalid API key (fake_key) specified." })
+      expect(response.status).to eq(401)
+    end
+
+    it "using an invalid token param" do
+      get :index, params: { token: "fake_key" }
+      expect(json_response).to eq({ "error" => "Invalid API key (fake_key) specified." })
+    end
+  end
+
+  it 'handles parameter missing exceptions' do
+    expect(subject).to receive(:authenticate_user).and_return(true)
+    expect(subject).to receive(:load_user_roles).and_return(true)
+    expect(subject).to receive(:index).and_raise(ActionController::ParameterMissing.new('foo'))
+    get :index, params: { token: 'exception-message' }
+    expect(json_response).to eql('exception' => 'param is missing or the value is empty: foo')
+  end
+
+  it 'handles record invalid exceptions' do
+    expect(subject).to receive(:authenticate_user).and_return(true)
+    expect(subject).to receive(:load_user_roles).and_return(true)
+    resource = Spree::Product.new
+    resource.valid? # get some errors
+    expect(subject).to receive(:index).and_raise(ActiveRecord::RecordInvalid.new(resource))
+    get :index, params: { token: 'exception-message' }
+    expect(json_response).to eql('exception' => "Validation failed: Name can't be blank, Shipping Category can't be blank, Price can't be blank")
+  end
+
+  it "lets a subclass override the product associations that are eager-loaded" do
+    expect(controller.respond_to?(:product_includes, true)).to be
+  end
+end

data/spec/controllers/spree/api/v1/addresses_controller_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::V1::AddressesController, type: :controller do
+    render_views
+
+    before do
+      stub_authentication!
+      @address = create(:address)
+      @order = create(:order, bill_address: @address)
+    end
+
+    context "with their own address" do
+      before do
+        allow_any_instance_of(Order).to receive_messages user: current_api_user
+      end
+
+      it "gets an address" do
+        api_get :show, id: @address.id, order_id: @order.number
+        expect(json_response['address1']).to eq @address.address1
+      end
+
+      it "updates an address" do
+        api_put :update, id: @address.id, order_id: @order.number,
+                         address: { address1: "123 Test Lane" }
+        expect(json_response['address1']).to eq '123 Test Lane'
+      end
+
+      it "receives the errors object if address is invalid" do
+        api_put :update, id: @address.id, order_id: @order.number,
+                         address: { address1: "" }
+
+        expect(json_response['error']).not_to be_nil
+        expect(json_response['errors']).not_to be_nil
+        expect(json_response['errors']['address1'].first).to eq "can't be blank"
+      end
+    end
+
+    context "on an address that does not belong to this order" do
+      before do
+        @order.bill_address_id = nil
+        @order.ship_address = nil
+      end
+
+      it "cannot retrieve address information" do
+        api_get :show, id: @address.id, order_id: @order.number
+        assert_unauthorized!
+      end
+
+      it "cannot update address information" do
+        api_get :update, id: @address.id, order_id: @order.number
+        assert_unauthorized!
+      end
+    end
+  end
+end