RubyGems - spree_api - Versions diffs - 4.2.6 → 4.3.0.rc1 - Mend

spree_api 4.2.6 → 4.3.0.rc1

Files changed (90) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99470f82b93143767d99332cf2edd995bb6229dbaba6bcacecd567f49501056a
-  data.tar.gz: eab273963b4ac7899187a00552a2f74f196f06c123dae46bc366b1f0e88602c7
+  metadata.gz: 381bcae626a5cfcc30444d47853c1bc26063befbc5c18db328276d8c1998c309
+  data.tar.gz: 01fc310be446eff60debb73a6da32a1b4e548dcd2ec7e7fca562ef7fada5a248
 SHA512:
-  metadata.gz: dcb98d7947e278b82155da0cdbddf92aaf77d2af5fad89594664808979749b9f26505f93b435e033fe47a05bdf3350dd16716cf2bdb956bf5fc0f7b7ab67ad84
-  data.tar.gz: df25e5d92e8108defe866a06ee88ec973ce8bd936305488f4ce51ea567004ff7073eab6ce73887cd50c6d3b39d8fff5fd8da8c6523d149bc59df8d096dd6e6bf
+  metadata.gz: 03c6087202462b6ff19e3cc1b081a175e3db9273ce486b321c27aa44e4ae82a57c9b73b24894f788c1335584e0cfcf7b94733844f3875d8f4ff67be59ba04acb
+  data.tar.gz: 24ae9980e17d37c7963cdbd7fb1e9ab6a02ef099e7763b83bf8276d9ea8e296ee49e4a3b4c42587a3b02010151f450478c0c376f6c835f8db4e6536fbc33d0fa

data/Rakefile CHANGED Viewed

@@ -3,7 +3,6 @@ require 'rake'
 require 'rake/testtask'
 require 'rspec/core/rake_task'
 require 'spree/testing_support/common_rake'
-require 'rails/all'
 RSpec::Core::RakeTask.new
@@ -14,3 +13,17 @@ task :test_app do
   ENV['LIB_NAME'] = 'spree/api'
   Rake::Task['common:test_app'].invoke
 end
+namespace :rswag do
+  namespace :specs do
+    desc 'Generate Swagger JSON files from integration specs'
+    RSpec::Core::RakeTask.new('swaggerize') do |t|
+      t.pattern = ENV.fetch(
+        'PATTERN',
+        'spec/integration/**/*_spec.rb'
+      )
+      t.rspec_opts = ['--format Rswag::Specs::SwaggerFormatter', '--order defined']
+    end
+  end
+end

data/app/controllers/concerns/spree/api/v2/product_list_includes.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Spree
+  module Api
+    module V2
+      module ProductListIncludes
+        def product_list_includes
+          variant_includes = {
+            prices: [],
+            option_values: :option_type,
+            images: []
+          }
+          {
+            product_properties: [],
+            option_types: [],
+            variant_images: [],
+            master: variant_includes,
+            variants: variant_includes
+          }
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/classifications_controller.rb CHANGED Viewed

@@ -9,9 +9,10 @@ module Spree
             product_id: params[:product_id],
             taxon_id: params[:taxon_id]
           )
-          # Because position we get back is 0-indexed.
-          # acts_as_list is 1-indexed.
-          classification.insert_at(params[:position].to_i + 1)
+          Spree::Dependencies.classification_reposition_service.constantize.call(
+            classification: classification,
+            position: params[:position]
+          )
           head :ok
         end
       end

data/app/controllers/spree/api/v1/orders_controller.rb CHANGED Viewed

@@ -56,7 +56,7 @@ module Spree
         def empty
           authorize! :update, @order, order_token
-          @order.empty!
+          cart_empty_service.call(order: @order)
           render plain: nil, status: 204
         end
@@ -150,6 +150,10 @@ module Spree
         def order_id
           super || params[:id]
         end
+        def cart_empty_service
+          Spree::Dependencies.cart_empty_service.constantize
+        end
       end
     end
   end

data/app/controllers/spree/api/v1/products_controller.rb CHANGED Viewed

@@ -64,7 +64,7 @@ module Spree
           params[:product][:available_on] ||= Time.current
           set_up_shipping_category
-          options = { variants_attrs: variants_params, options_attrs: option_types_params }
+          options = { store: current_store, variants_attrs: variants_params, options_attrs: option_types_params }
           @product = Core::Importer::Product.new(nil, product_params, options).create
           if @product.persisted?
@@ -77,7 +77,7 @@ module Spree
         def update
           authorize! :update, @product
-          options = { variants_attrs: variants_params, options_attrs: option_types_params }
+          options = { store: current_store, variants_attrs: variants_params, options_attrs: option_types_params }
           @product = Core::Importer::Product.new(@product, product_params, options).update
           if @product.errors.empty?

data/app/controllers/spree/api/v1/taxonomies_controller.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Spree
         def create
           authorize! :create, Taxonomy
-          @taxonomy = Taxonomy.new(taxonomy_params)
+          @taxonomy = current_store.taxonomies.new(taxonomy_params)
           if @taxonomy.save
             respond_with(@taxonomy, status: 201, default_template: :show)
           else

data/app/controllers/spree/api/v2/base_controller.rb CHANGED Viewed

@@ -7,8 +7,10 @@ module Spree
         include Spree::Core::ControllerHelpers::Store
         include Spree::Core::ControllerHelpers::Locale
         include Spree::Core::ControllerHelpers::Currency
         rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
         rescue_from CanCan::AccessDenied, with: :access_denied
+        rescue_from Doorkeeper::Errors::DoorkeeperError, with: :access_denied_401
         rescue_from Spree::Core::GatewayError, with: :gateway_error
         rescue_from ActionController::ParameterMissing, with: :error_during_processing
         if defined?(JSONAPI::Serializer::UnsupportedIncludeError)
@@ -39,7 +41,7 @@ module Spree
         end
         def paginated_collection
-          collection_paginator.new(sorted_collection, params).call
+          @paginated_collection ||= collection_paginator.new(sorted_collection, params).call
         end
         def collection_paginator
@@ -51,10 +53,22 @@ module Spree
         end
         def render_error_payload(error, status = 422)
-          if error.is_a?(Struct)
-            render json: { error: error.to_s, errors: error.to_h }, status: status, content_type: content_type
-          elsif error.is_a?(String)
-            render json: { error: error }, status: status, content_type: content_type
+          json = if error.is_a?(ActiveModel::Errors)
+                   { error: error.full_messages.to_sentence, errors: error.messages }
+                 elsif error.is_a?(Struct)
+                   { error: error.to_s, errors: error.to_h }
+                 else
+                   { error: error }
+                 end
+          render json: json, status: status, content_type: content_type
+        end
+        def render_result(result)
+          if result.success?
+            render_serialized_payload { serialize_resource(result.value) }
+          else
+            render_error_payload(result.error)
           end
         end
@@ -114,7 +128,12 @@ module Spree
         end
         def serializer_params
-          { currency: current_currency, store: current_store, user: spree_current_user }
+          {
+            currency: current_currency,
+            locale: current_locale,
+            store: current_store,
+            user: spree_current_user
+          }
         end
         def record_not_found
@@ -125,6 +144,10 @@ module Spree
           render_error_payload(exception.message, 403)
         end
+        def access_denied_401(exception)
+          render_error_payload(exception.message, 401)
+        end
         def gateway_error(exception)
           render_error_payload(exception.message)
         end

data/app/controllers/spree/api/v2/platform/addresses_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class AddressesController < ResourceController
+          private
+          def model_class
+            Spree::Address
+          end
+          def scope_includes
+            [:country, :state, :user]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/classifications_controller.rb ADDED Viewed

@@ -0,0 +1,43 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ClassificationsController < ResourceController
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS << :reposition
+          def reposition
+            spree_authorize! :update, resource if spree_current_user.present?
+            result = classification_reposition_service.call(
+              classification: resource,
+              position: permitted_resource_params[:position]
+            )
+            if result.success?
+              render_serialized_payload { serialize_resource(result.value) }
+            else
+              render_error_payload(result.error)
+            end
+          end
+          private
+          def model_class
+            Spree::Classification
+          end
+          def scope_includes
+            [
+              taxon: [],
+              product: [:variants_including_master, :variant_images, :master, variants: [:prices]]
+            ]
+          end
+          def classification_reposition_service
+            Spree::Dependencies.classification_reposition_service.constantize
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/cms_pages_controller.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class CmsPagesController < ResourceController
+          private
+          def model_class
+            Spree::CmsPage
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/cms_sections_controller.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class CmsSectionsController < ResourceController
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS << :reposition
+          def reposition
+            spree_authorize! :update, @moved_section if spree_current_user.present?
+            @moved_section = scope.find(params[:section_id])
+            new_index = params[:new_position_idx].to_i + 1
+            if @moved_section && new_index
+              @moved_section.set_list_position(new_index)
+            else
+              head :bad_request
+            end
+            if @moved_section.save
+              head :no_content
+            end
+          end
+          private
+          def model_class
+            Spree::CmsSection
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/countries_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class CountriesController < ResourceController
+          private
+          def model_class
+            Spree::Country
+          end
+          def scope_includes
+            [:states, :zones]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/menu_items_controller.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class MenuItemsController < ResourceController
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS << :reposition
+          def reposition
+            spree_authorize! :update, @moved_item if spree_current_user.present?
+            @moved_item = scope.find(params[:moved_item_id])
+            @new_parent = scope.find(params[:new_parent_id])
+            new_index = params[:new_position_idx].to_i
+            if @moved_item && @new_parent && new_index
+              @moved_item.move_to_child_with_index(@new_parent, new_index)
+            else
+              head :bad_request
+            end
+            if @moved_item.save
+              head :no_content
+            end
+          end
+          private
+          def model_class
+            Spree::MenuItem
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/menus_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class MenusController < ResourceController
+          private
+          def model_class
+            Spree::Menu
+          end
+          def scope_includes
+            [:menu_items]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/option_types_controller.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class OptionTypesController < ResourceController
+          private
+          def model_class
+            Spree::OptionType
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/option_values_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class OptionValuesController < ResourceController
+          private
+          def model_class
+            Spree::OptionValue
+          end
+          def scope_includes
+            [:option_type]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/products_controller.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ProductsController < ResourceController
+          include ::Spree::Api::V2::ProductListIncludes
+          private
+          def model_class
+            Spree::Product
+          end
+          def scope_includes
+            product_list_includes
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/resource_controller.rb ADDED Viewed

@@ -0,0 +1,112 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ResourceController < ::Spree::Api::V2::ResourceController
+          READ_ACTIONS = %i[show index]
+          WRITE_ACTIONS = %i[create update destroy]
+          # doorkeeper scopes usage: https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+          before_action -> { doorkeeper_authorize! :read, :admin }, only: READ_ACTIONS
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS
+          # optional authorization if using a user token instead of app token
+          before_action :authorize_spree_user, only: WRITE_ACTIONS
+          # index and show acrtions are defined in Spree::Api::V2::ResourceController
+          def create
+            resource = model_class.new(permitted_resource_params)
+            if resource.save
+              render_serialized_payload(201) { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          def update
+            if resource.update(permitted_resource_params)
+              render_serialized_payload { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          def destroy
+            if resource.destroy
+              head 204
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          protected
+          def resource_serializer
+            "Spree::Api::V2::Platform::#{model_class.to_s.demodulize}Serializer".constantize
+          end
+          def collection_serializer
+            resource_serializer
+          end
+          # overwiting to utilize ransack gem for filtering
+          # https://github.com/activerecord-hackery/ransack#search-matchers
+          def collection
+            @collection ||= scope.ransack(params[:filter]).result
+          end
+          # overwriting to skip cancancan check if API is consumed by an application
+          def scope
+            return super if spree_current_user.present?
+            super(skip_cancancan: true)
+          end
+          # We're overwriting this method because the original one calls `dookreeper_authorize`
+          # which breaks our application authorizations defined on top of this controller
+          def spree_current_user
+            return nil unless doorkeeper_token
+            return nil if doorkeeper_token.resource_owner_id.nil?
+            return @spree_current_user if @spree_current_user
+            @spree_current_user ||= Spree.user_class.find_by(id: doorkeeper_token.resource_owner_id)
+          end
+          def access_denied(exception)
+            access_denied_401(exception)
+          end
+          # if using a user oAuth token we need to check CanCanCan abilities
+          # defined in https://github.com/spree/spree/blob/master/core/app/models/spree/ability.rb
+          def authorize_spree_user
+            return if spree_current_user.nil?
+            if action_name == 'create'
+              spree_authorize! :create, model_class
+            else
+              spree_authorize! action_name, resource
+            end
+          end
+          def model_param_name
+            model_class.to_s.demodulize.underscore
+          end
+          def spree_permitted_attributes
+            Spree::PermittedAttributes.try("#{model_param_name}_attributes") || {}
+          end
+          def permitted_resource_params
+            params.require(model_param_name).permit(spree_permitted_attributes)
+          end
+          def allowed_sort_attributes
+            (super << spree_permitted_attributes).uniq.compact
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/taxons_controller.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class TaxonsController < ResourceController
+          private
+          def model_class
+            Spree::Taxon
+          end
+          def scope_includes
+            node_includes = %i[icon parent taxonomy]
+            {
+              parent: node_includes,
+              children: node_includes,
+              taxonomy: [root: node_includes],
+              icon: [attachment_attachment: :blob]
+            }
+          end
+          def serializer_params
+            super.merge(include_products: action_name == 'show')
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/users_controller.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class UsersController < ResourceController
+          private
+          def model_class
+            Spree.user_class
+          end
+          def resource_serializer
+            Spree::Api::V2::Platform::UserSerializer
+          end
+          def scope_includes
+            [:ship_address, :bill_address]
+          end
+          # we need to define this here as developers can configure their own `user_class`
+          def model_param_name
+            'user'
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/resource_controller.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Spree
         protected
         def sorted_collection
-          collection_sorter.new(collection, params, allowed_sort_attributes).call
+          @sorted_collection ||= collection_sorter.new(collection, params, allowed_sort_attributes).call
         end
         def allowed_sort_attributes
@@ -23,11 +23,14 @@ module Spree
         end
         def default_sort_atributes
-          [:id, :updated_at, :created_at]
+          [:id, :name, :number, :position, :updated_at, :created_at]
         end
-        def scope
-          model_class.accessible_by(current_ability, :show).includes(scope_includes)
+        def scope(skip_cancancan: false)
+          base_scope = model_class.for_store(current_store)
+          base_scope = base_scope.accessible_by(current_ability, :show) unless skip_cancancan
+          base_scope = base_scope.includes(scope_includes) if scope_includes.any? && action_name == 'index'
+          base_scope
         end
         def scope_includes
@@ -36,7 +39,7 @@ module Spree
         def resource
           @resource ||= if defined?(resource_finder)
-                          resource_finder.new(scope: scope, params: params).execute
+                          resource_finder.new(scope: scope, params: finder_params).execute
                         else
                           scope.find(params[:id])
                         end
@@ -44,12 +47,21 @@ module Spree
         def collection
           @collection ||= if defined?(collection_finder)
-                            collection_finder.new(scope: scope, params: params).execute
+                            collection_finder.new(scope: scope, params: finder_params).execute
                           else
                             scope
                           end
         end
+        def finder_params
+          params.merge(
+            store: current_store,
+            locale: current_locale,
+            currency: current_currency,
+            user: spree_current_user
+          )
+        end
         def collection_sorter
           Spree::Api::Dependencies.storefront_collection_sorter.constantize
         end