RubyGems - spree_api - Versions diffs - 4.2.4 → 4.3.0.rc3 - Mend

spree_api 4.2.4 → 4.3.0.rc3

Files changed (99) hide show

data/app/controllers/spree/api/v2/platform/option_values_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class OptionValuesController < ResourceController
+          private
+          def model_class
+            Spree::OptionValue
+          end
+          def scope_includes
+            [:option_type]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/products_controller.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ProductsController < ResourceController
+          include ::Spree::Api::V2::ProductListIncludes
+          private
+          def model_class
+            Spree::Product
+          end
+          def scope_includes
+            product_list_includes
+          end
+          def allowed_sort_attributes
+            super << :available_on
+          end
+          def sorted_collection
+            collection_sorter.new(collection, current_currency, params, allowed_sort_attributes).call
+          end
+          def collection_sorter
+            Spree::Api::Dependencies.platform_products_sorter.constantize
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/resource_controller.rb ADDED Viewed

@@ -0,0 +1,115 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ResourceController < ::Spree::Api::V2::ResourceController
+          READ_ACTIONS = %i[show index]
+          WRITE_ACTIONS = %i[create update destroy]
+          # doorkeeper scopes usage: https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+          before_action -> { doorkeeper_authorize! :read, :admin }, only: READ_ACTIONS
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS
+          # optional authorization if using a user token instead of app token
+          before_action :authorize_spree_user, only: WRITE_ACTIONS
+          # index and show acrtions are defined in Spree::Api::V2::ResourceController
+          def create
+            resource = model_class.new(permitted_resource_params)
+            ensure_current_store(resource)
+            if resource.save
+              render_serialized_payload(201) { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          def update
+            if resource.update(permitted_resource_params)
+              ensure_current_store(resource)
+              render_serialized_payload { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          def destroy
+            if resource.destroy
+              head 204
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          protected
+          def resource_serializer
+            "Spree::Api::V2::Platform::#{model_class.to_s.demodulize}Serializer".constantize
+          end
+          def collection_serializer
+            resource_serializer
+          end
+          # overwiting to utilize ransack gem for filtering
+          # https://github.com/activerecord-hackery/ransack#search-matchers
+          def collection
+            @collection ||= scope.ransack(params[:filter]).result
+          end
+          # overwriting to skip cancancan check if API is consumed by an application
+          def scope
+            return super if spree_current_user.present?
+            super(skip_cancancan: true)
+          end
+          # We're overwriting this method because the original one calls `dookreeper_authorize`
+          # which breaks our application authorizations defined on top of this controller
+          def spree_current_user
+            return nil unless doorkeeper_token
+            return nil if doorkeeper_token.resource_owner_id.nil?
+            return @spree_current_user if @spree_current_user
+            @spree_current_user ||= Spree.user_class.find_by(id: doorkeeper_token.resource_owner_id)
+          end
+          def access_denied(exception)
+            access_denied_401(exception)
+          end
+          # if using a user oAuth token we need to check CanCanCan abilities
+          # defined in https://github.com/spree/spree/blob/master/core/app/models/spree/ability.rb
+          def authorize_spree_user
+            return if spree_current_user.nil?
+            if action_name == 'create'
+              spree_authorize! :create, model_class
+            else
+              spree_authorize! action_name, resource
+            end
+          end
+          def model_param_name
+            model_class.to_s.demodulize.underscore
+          end
+          def spree_permitted_attributes
+            Spree::PermittedAttributes.try("#{model_param_name}_attributes") || {}
+          end
+          def permitted_resource_params
+            params.require(model_param_name).permit(spree_permitted_attributes)
+          end
+          def allowed_sort_attributes
+            (super << spree_permitted_attributes).uniq.compact
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/taxons_controller.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class TaxonsController < ResourceController
+          private
+          def model_class
+            Spree::Taxon
+          end
+          def scope_includes
+            node_includes = %i[icon parent taxonomy]
+            {
+              parent: node_includes,
+              children: node_includes,
+              taxonomy: [root: node_includes],
+              icon: [attachment_attachment: :blob]
+            }
+          end
+          def serializer_params
+            super.merge(include_products: action_name == 'show')
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/users_controller.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class UsersController < ResourceController
+          private
+          def model_class
+            Spree.user_class
+          end
+          def resource_serializer
+            Spree::Api::V2::Platform::UserSerializer
+          end
+          def scope_includes
+            [:ship_address, :bill_address]
+          end
+          # we need to define this here as developers can configure their own `user_class`
+          def model_param_name
+            'user'
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/resource_controller.rb CHANGED Viewed

@@ -3,9 +3,14 @@ module Spree
     module V2
       class ResourceController < ::Spree::Api::V2::BaseController
         include Spree::Api::V2::CollectionOptionsHelpers
+        include Spree::Api::V2::Caching
         def index
-          render_serialized_payload { serialize_collection(paginated_collection) }
+          render_serialized_payload do
+            Rails.cache.fetch(collection_cache_key(paginated_collection), collection_cache_opts) do
+              serialize_collection(paginated_collection)
+            end
+          end
         end
         def show
@@ -15,7 +20,7 @@ module Spree
         protected
         def sorted_collection
-          collection_sorter.new(collection, params, allowed_sort_attributes).call
+          @sorted_collection ||= collection_sorter.new(collection, params, allowed_sort_attributes).call
         end
         def allowed_sort_attributes
@@ -23,11 +28,14 @@ module Spree
         end
         def default_sort_atributes
-          [:id, :updated_at, :created_at]
+          [:id, :name, :number, :position, :updated_at, :created_at]
         end
-        def scope
-          model_class.accessible_by(current_ability, :show).includes(scope_includes)
+        def scope(skip_cancancan: false)
+          base_scope = model_class.for_store(current_store)
+          base_scope = base_scope.accessible_by(current_ability, :show) unless skip_cancancan
+          base_scope = base_scope.includes(scope_includes) if scope_includes.any? && action_name == 'index'
+          base_scope
         end
         def scope_includes
@@ -36,7 +44,7 @@ module Spree
         def resource
           @resource ||= if defined?(resource_finder)
-                          resource_finder.new(scope: scope, params: params).execute
+                          resource_finder.new(scope: scope, params: finder_params).execute
                         else
                           scope.find(params[:id])
                         end
@@ -44,12 +52,21 @@ module Spree
         def collection
           @collection ||= if defined?(collection_finder)
-                            collection_finder.new(scope: scope, params: params).execute
+                            collection_finder.new(scope: scope, params: finder_params).execute
                           else
                             scope
                           end
         end
+        def finder_params
+          params.merge(
+            store: current_store,
+            locale: current_locale,
+            currency: current_currency,
+            user: spree_current_user
+          )
+        end
         def collection_sorter
           Spree::Api::Dependencies.storefront_collection_sorter.constantize
         end

data/app/controllers/spree/api/v2/storefront/account/addresses_controller.rb CHANGED Viewed

@@ -33,11 +33,11 @@ module Spree
             private
             def collection
-              collection_finder.new(scope: scope, params: params).execute
+              collection_finder.new(scope: scope, params: finder_params).execute
             end
             def scope
-              super.not_deleted
+              super.where(user: spree_current_user).not_deleted
             end
             def model_class
@@ -56,10 +56,6 @@ module Spree
               Spree::Api::Dependencies.storefront_address_serializer.constantize
             end
-            def serialize_collection(collection)
-              collection_serializer.new(collection).serializable_hash
-            end
             def create_service
               Spree::Api::Dependencies.storefront_account_create_address_service.constantize
             end
@@ -71,14 +67,6 @@ module Spree
             def address_params
               params.require(:address).permit(permitted_address_attributes)
             end
-            def render_result(result)
-              if result.success?
-                render_serialized_payload { serialize_resource(result.value) }
-              else
-                render_error_payload(result.error)
-              end
-            end
           end
         end
       end

data/app/controllers/spree/api/v2/storefront/account/credit_cards_controller.rb CHANGED Viewed

@@ -6,14 +6,24 @@ module Spree
           class CreditCardsController < ::Spree::Api::V2::ResourceController
             before_action :require_spree_current_user
+            def destroy
+              spree_authorize! :destroy, resource, resource
+              destroy_service.call(card: resource)
+            end
             private
+            def resource
+              params[:id].eql?('default') ? scope.default.first! : scope.find(params[:id])
+            end
             def model_class
               Spree::CreditCard
             end
             def scope
-              super.where(user: spree_current_user)
+              super.where(user: spree_current_user, payment_method: current_store.payment_methods.available_on_front_end)
             end
             def collection_serializer
@@ -28,16 +38,8 @@ module Spree
               Spree::Api::Dependencies.storefront_credit_card_serializer.constantize
             end
-            def resource_finder
-              Spree::Api::Dependencies.storefront_credit_card_finder.constantize
-            end
-            def serialize_collection(collection)
-              collection_serializer.new(
-                collection,
-                include: resource_includes,
-                fields: sparse_fields
-              ).serializable_hash
+            def destroy_service
+              Spree::Api::Dependencies.storefront_credit_cards_destroy_service.constantize
             end
           end
         end

data/app/controllers/spree/api/v2/storefront/account/orders_controller.rb CHANGED Viewed

@@ -9,11 +9,11 @@ module Spree
             private
             def collection
-              collection_finder.new(user: spree_current_user).execute
+              collection_finder.new(user: spree_current_user, store: current_store).execute
             end
             def resource
-              resource = resource_finder.new(user: spree_current_user, number: params[:id]).execute.take
+              resource = resource_finder.new(user: spree_current_user, number: params[:id], store: current_store).execute.take
               raise ActiveRecord::RecordNotFound if resource.nil?
               resource
@@ -38,6 +38,10 @@ module Spree
             def resource_finder
               Spree::Api::Dependencies.storefront_completed_order_finder.constantize
             end
+            def model_class
+              Spree::Order
+            end
           end
         end
       end

data/app/controllers/spree/api/v2/storefront/account_controller.rb CHANGED Viewed

@@ -3,7 +3,18 @@ module Spree
     module V2
       module Storefront
         class AccountController < ::Spree::Api::V2::ResourceController
-          before_action :require_spree_current_user
+          before_action :require_spree_current_user, except: :create
+          def create
+            result = create_service.call(user_params: user_create_params)
+            render_result(result)
+          end
+          def update
+            spree_authorize! :update, spree_current_user
+            result = update_service.call(user: spree_current_user, user_params: user_update_params)
+            render_result(result)
+          end
           private
@@ -14,6 +25,26 @@ module Spree
           def resource_serializer
             Spree::Api::Dependencies.storefront_user_serializer.constantize
           end
+          def model_class
+            Spree.user_class
+          end
+          def create_service
+            Spree::Api::Dependencies.storefront_account_create_service.constantize
+          end
+          def update_service
+            Spree::Api::Dependencies.storefront_account_update_service.constantize
+          end
+          def user_create_params
+            user_update_params.except(:bill_address_id, :ship_address_id)
+          end
+          def user_update_params
+            params.require(:user).permit(permitted_user_attributes)
+          end
         end
       end
     end