RubyGems - spree_api - Versions diffs - 4.2.3.1 → 4.3.0.rc2 - Mend

spree_api 4.2.3.1 → 4.3.0.rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (92) hide show

data/app/controllers/spree/api/v2/platform/option_values_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class OptionValuesController < ResourceController
+          private
+          def model_class
+            Spree::OptionValue
+          end
+          def scope_includes
+            [:option_type]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/products_controller.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ProductsController < ResourceController
+          include ::Spree::Api::V2::ProductListIncludes
+          private
+          def model_class
+            Spree::Product
+          end
+          def scope_includes
+            product_list_includes
+          end
+          def allowed_sort_attributes
+            super << :available_on
+          end
+          def sorted_collection
+            collection_sorter.new(collection, current_currency, params, allowed_sort_attributes).call
+          end
+          def collection_sorter
+            Spree::Api::Dependencies.platform_products_sorter.constantize
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/resource_controller.rb ADDED Viewed

@@ -0,0 +1,112 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ResourceController < ::Spree::Api::V2::ResourceController
+          READ_ACTIONS = %i[show index]
+          WRITE_ACTIONS = %i[create update destroy]
+          # doorkeeper scopes usage: https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+          before_action -> { doorkeeper_authorize! :read, :admin }, only: READ_ACTIONS
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS
+          # optional authorization if using a user token instead of app token
+          before_action :authorize_spree_user, only: WRITE_ACTIONS
+          # index and show acrtions are defined in Spree::Api::V2::ResourceController
+          def create
+            resource = model_class.new(permitted_resource_params)
+            if resource.save
+              render_serialized_payload(201) { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          def update
+            if resource.update(permitted_resource_params)
+              render_serialized_payload { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          def destroy
+            if resource.destroy
+              head 204
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          protected
+          def resource_serializer
+            "Spree::Api::V2::Platform::#{model_class.to_s.demodulize}Serializer".constantize
+          end
+          def collection_serializer
+            resource_serializer
+          end
+          # overwiting to utilize ransack gem for filtering
+          # https://github.com/activerecord-hackery/ransack#search-matchers
+          def collection
+            @collection ||= scope.ransack(params[:filter]).result
+          end
+          # overwriting to skip cancancan check if API is consumed by an application
+          def scope
+            return super if spree_current_user.present?
+            super(skip_cancancan: true)
+          end
+          # We're overwriting this method because the original one calls `dookreeper_authorize`
+          # which breaks our application authorizations defined on top of this controller
+          def spree_current_user
+            return nil unless doorkeeper_token
+            return nil if doorkeeper_token.resource_owner_id.nil?
+            return @spree_current_user if @spree_current_user
+            @spree_current_user ||= Spree.user_class.find_by(id: doorkeeper_token.resource_owner_id)
+          end
+          def access_denied(exception)
+            access_denied_401(exception)
+          end
+          # if using a user oAuth token we need to check CanCanCan abilities
+          # defined in https://github.com/spree/spree/blob/master/core/app/models/spree/ability.rb
+          def authorize_spree_user
+            return if spree_current_user.nil?
+            if action_name == 'create'
+              spree_authorize! :create, model_class
+            else
+              spree_authorize! action_name, resource
+            end
+          end
+          def model_param_name
+            model_class.to_s.demodulize.underscore
+          end
+          def spree_permitted_attributes
+            Spree::PermittedAttributes.try("#{model_param_name}_attributes") || {}
+          end
+          def permitted_resource_params
+            params.require(model_param_name).permit(spree_permitted_attributes)
+          end
+          def allowed_sort_attributes
+            (super << spree_permitted_attributes).uniq.compact
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/taxons_controller.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class TaxonsController < ResourceController
+          private
+          def model_class
+            Spree::Taxon
+          end
+          def scope_includes
+            node_includes = %i[icon parent taxonomy]
+            {
+              parent: node_includes,
+              children: node_includes,
+              taxonomy: [root: node_includes],
+              icon: [attachment_attachment: :blob]
+            }
+          end
+          def serializer_params
+            super.merge(include_products: action_name == 'show')
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/users_controller.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class UsersController < ResourceController
+          private
+          def model_class
+            Spree.user_class
+          end
+          def resource_serializer
+            Spree::Api::V2::Platform::UserSerializer
+          end
+          def scope_includes
+            [:ship_address, :bill_address]
+          end
+          # we need to define this here as developers can configure their own `user_class`
+          def model_param_name
+            'user'
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/resource_controller.rb CHANGED Viewed

@@ -3,9 +3,14 @@ module Spree
     module V2
       class ResourceController < ::Spree::Api::V2::BaseController
         include Spree::Api::V2::CollectionOptionsHelpers
+        include Spree::Api::V2::Caching
         def index
-          render_serialized_payload { serialize_collection(paginated_collection) }
+          render_serialized_payload do
+            Rails.cache.fetch(collection_cache_key(paginated_collection), collection_cache_opts) do
+              serialize_collection(paginated_collection)
+            end
+          end
         end
         def show
@@ -15,7 +20,7 @@ module Spree
         protected
         def sorted_collection
-          collection_sorter.new(collection, params, allowed_sort_attributes).call
+          @sorted_collection ||= collection_sorter.new(collection, params, allowed_sort_attributes).call
         end
         def allowed_sort_attributes
@@ -23,11 +28,14 @@ module Spree
         end
         def default_sort_atributes
-          [:id, :updated_at, :created_at]
+          [:id, :name, :number, :position, :updated_at, :created_at]
         end
-        def scope
-          model_class.accessible_by(current_ability, :show).includes(scope_includes)
+        def scope(skip_cancancan: false)
+          base_scope = model_class.for_store(current_store)
+          base_scope = base_scope.accessible_by(current_ability, :show) unless skip_cancancan
+          base_scope = base_scope.includes(scope_includes) if scope_includes.any? && action_name == 'index'
+          base_scope
         end
         def scope_includes
@@ -36,7 +44,7 @@ module Spree
         def resource
           @resource ||= if defined?(resource_finder)
-                          resource_finder.new(scope: scope, params: params).execute
+                          resource_finder.new(scope: scope, params: finder_params).execute
                         else
                           scope.find(params[:id])
                         end
@@ -44,12 +52,21 @@ module Spree
         def collection
           @collection ||= if defined?(collection_finder)
-                            collection_finder.new(scope: scope, params: params).execute
+                            collection_finder.new(scope: scope, params: finder_params).execute
                           else
                             scope
                           end
         end
+        def finder_params
+          params.merge(
+            store: current_store,
+            locale: current_locale,
+            currency: current_currency,
+            user: spree_current_user
+          )
+        end
         def collection_sorter
           Spree::Api::Dependencies.storefront_collection_sorter.constantize
         end

data/app/controllers/spree/api/v2/storefront/account/addresses_controller.rb CHANGED Viewed

@@ -33,11 +33,11 @@ module Spree
             private
             def collection
-              collection_finder.new(scope: scope, params: params).execute
+              collection_finder.new(scope: scope, params: finder_params).execute
             end
             def scope
-              super.not_deleted
+              super.where(user: spree_current_user).not_deleted
             end
             def model_class
@@ -56,10 +56,6 @@ module Spree
               Spree::Api::Dependencies.storefront_address_serializer.constantize
             end
-            def serialize_collection(collection)
-              collection_serializer.new(collection).serializable_hash
-            end
             def create_service
               Spree::Api::Dependencies.storefront_account_create_address_service.constantize
             end
@@ -71,14 +67,6 @@ module Spree
             def address_params
               params.require(:address).permit(permitted_address_attributes)
             end
-            def render_result(result)
-              if result.success?
-                render_serialized_payload { serialize_resource(result.value) }
-              else
-                render_error_payload(result.error)
-              end
-            end
           end
         end
       end

data/app/controllers/spree/api/v2/storefront/account/credit_cards_controller.rb CHANGED Viewed

@@ -6,14 +6,24 @@ module Spree
           class CreditCardsController < ::Spree::Api::V2::ResourceController
             before_action :require_spree_current_user
+            def destroy
+              spree_authorize! :destroy, resource, resource
+              destroy_service.call(card: resource)
+            end
             private
+            def resource
+              params[:id].eql?('default') ? scope.default.first! : scope.find(params[:id])
+            end
             def model_class
               Spree::CreditCard
             end
             def scope
-              super.where(user: spree_current_user)
+              super.where(user: spree_current_user, payment_method: current_store.payment_methods.available_on_front_end)
             end
             def collection_serializer
@@ -28,16 +38,8 @@ module Spree
               Spree::Api::Dependencies.storefront_credit_card_serializer.constantize
             end
-            def resource_finder
-              Spree::Api::Dependencies.storefront_credit_card_finder.constantize
-            end
-            def serialize_collection(collection)
-              collection_serializer.new(
-                collection,
-                include: resource_includes,
-                fields: sparse_fields
-              ).serializable_hash
+            def destroy_service
+              Spree::Api::Dependencies.storefront_credit_cards_destroy_service.constantize
             end
           end
         end

data/app/controllers/spree/api/v2/storefront/account/orders_controller.rb CHANGED Viewed

@@ -9,11 +9,11 @@ module Spree
             private
             def collection
-              collection_finder.new(user: spree_current_user).execute
+              collection_finder.new(user: spree_current_user, store: current_store).execute
             end
             def resource
-              resource = resource_finder.new(user: spree_current_user, number: params[:id]).execute.take
+              resource = resource_finder.new(user: spree_current_user, number: params[:id], store: current_store).execute.take
               raise ActiveRecord::RecordNotFound if resource.nil?
               resource
@@ -38,6 +38,10 @@ module Spree
             def resource_finder
               Spree::Api::Dependencies.storefront_completed_order_finder.constantize
             end
+            def model_class
+              Spree::Order
+            end
           end
         end
       end

data/app/controllers/spree/api/v2/storefront/account_controller.rb CHANGED Viewed

@@ -3,7 +3,18 @@ module Spree
     module V2
       module Storefront
         class AccountController < ::Spree::Api::V2::ResourceController
-          before_action :require_spree_current_user
+          before_action :require_spree_current_user, except: :create
+          def create
+            result = create_service.call(user_params: user_create_params)
+            render_result(result)
+          end
+          def update
+            spree_authorize! :update, spree_current_user
+            result = update_service.call(user: spree_current_user, user_params: user_update_params)
+            render_result(result)
+          end
           private
@@ -14,6 +25,26 @@ module Spree
           def resource_serializer
             Spree::Api::Dependencies.storefront_user_serializer.constantize
           end
+          def model_class
+            Spree.user_class
+          end
+          def create_service
+            Spree::Api::Dependencies.storefront_account_create_service.constantize
+          end
+          def update_service
+            Spree::Api::Dependencies.storefront_account_update_service.constantize
+          end
+          def user_create_params
+            user_update_params.except(:bill_address_id, :ship_address_id)
+          end
+          def user_update_params
+            params.require(:user).permit(permitted_user_attributes)
+          end
         end
       end
     end