spree_api 4.3.0 → 4.4.0.rc1

data/app/controllers/spree/api/v2/platform/variants_controller.rb

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class VariantsController < ResourceController
+          private
+
+          def model_class
+            Spree::Variant
+          end
+
+          def spree_permitted_attributes
+            super + [:option_value_ids, :price, :currency]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/webhooks/events_controller.rb

@@ -0,0 +1,21 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        module Webhooks
+          class EventsController < ResourceController
+            private
+
+            def model_class
+              Spree::Webhooks::Event
+            end
+
+            def scope_includes
+              %i[subscriber]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/webhooks/subscribers_controller.rb

@@ -0,0 +1,21 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        module Webhooks
+          class SubscribersController < ResourceController
+            private
+
+            def model_class
+              Spree::Webhooks::Subscriber
+            end
+
+            def spree_permitted_attributes
+              super + [{ subscriptions: [] }]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/wished_items_controller.rb

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class WishedItemsController < ResourceController
+          private
+
+          def scope_includes
+            [:variant]
+          end
+
+          def model_class
+            Spree::WishedItem
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/wishlists_controller.rb

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class WishlistsController < ResourceController
+          private
+
+          def model_class
+            Spree::Wishlist
+          end
+
+          def scope_includes
+            [:wished_items]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/zones_controller.rb

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ZonesController < ResourceController
+          private
+
+          def model_class
+            Spree::Zone
+          end
+
+          def scope_includes
+            [:zone_members]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/resource_controller.rb

@@ -24,11 +24,11 @@ module Spree
         end
 
         def allowed_sort_attributes
-          default_sort_atributes
+          default_sort_attributes
         end
 
-        def default_sort_atributes
-          [:id, :name, :number, :position, :updated_at, :created_at]
+        def default_sort_attributes
+          [:id, :name, :slug, :number, :position, :updated_at, :created_at, :deleted_at]
         end
 
         def scope(skip_cancancan: false)

data/app/controllers/spree/api/v2/storefront/account/addresses_controller.rb

@@ -59,11 +59,11 @@ module Spree
             end
 
             def create_service
-              Spree::Api::Dependencies.storefront_account_create_address_service.constantize
+              Spree::Api::Dependencies.storefront_address_create_service.constantize
             end
 
             def update_service
-              Spree::Api::Dependencies.storefront_account_update_address_service.constantize
+              Spree::Api::Dependencies.storefront_address_update_service.constantize
             end
 
             def address_params

data/app/controllers/spree/api/v2/storefront/account/credit_cards_controller.rb

@@ -23,7 +23,10 @@ module Spree
             end
 
             def scope
-              super.where(user: spree_current_user, payment_method: current_store.payment_methods.available_on_front_end)
+              super.not_expired.not_removed.where(
+                user: spree_current_user,
+                payment_method: current_store.payment_methods.available_on_front_end
+              )
             end
 
             def collection_serializer

data/app/controllers/spree/api/v2/storefront/cart_controller.rb

@@ -3,7 +3,11 @@ module Spree
     module V2
       module Storefront
         class CartController < ::Spree::Api::V2::BaseController
-          include Spree::Api::V2::Storefront::OrderConcern
+          include OrderConcern
+          include CouponCodesHelper
+          include Spree::Api::V2::Storefront::MetadataControllerConcern
+
+          before_action :ensure_valid_metadata, only: %i[create add_item]
           before_action :ensure_order, except: %i[create associate]
           before_action :load_variant, only: :add_item
           before_action :require_spree_current_user, only: :associate
@@ -12,14 +16,16 @@ module Spree
           def create
             spree_authorize! :create, Spree::Order
 
-            order_params = {
+            create_cart_params = {
               user: spree_current_user,
               store: current_store,
-              currency: current_currency
+              currency: current_currency,
+              public_metadata: add_item_params[:public_metadata],
+              private_metadata: add_item_params[:private_metadata],
             }
 
             order   = spree_current_order if spree_current_order.present?
-            order ||= create_service.call(order_params).value
+            order ||= create_service.call(create_cart_params).value
 
             render_serialized_payload(201) { serialize_resource(order) }
           end
@@ -31,8 +37,10 @@ module Spree
             result = add_item_service.call(
               order: spree_current_order,
               variant: @variant,
-              quantity: params[:quantity],
-              options: params[:options]
+              quantity: add_item_params[:quantity],
+              public_metadata: add_item_params[:public_metadata],
+              private_metadata: add_item_params[:private_metadata],
+              options: add_item_params[:options]
             )
 
             render_order(result)
@@ -107,7 +115,7 @@ module Spree
 
             coupon_codes = select_coupon_codes
 
-            return render_error_payload(Spree.t('v2.cart.no_coupon_code', scope: 'api')) if coupon_codes.empty?
+            return render_error_payload(I18n.t('spree.api.v2.cart.no_coupon_code')) if coupon_codes.empty?
 
             result_errors = coupon_codes.count > 1 ? select_errors(coupon_codes) : select_error(coupon_codes)
 
@@ -209,7 +217,7 @@ module Spree
           end
 
           def load_variant
-            @variant = current_store.variants.find(params[:variant_id])
+            @variant = current_store.variants.find(add_item_params[:variant_id])
           end
 
           def render_error_item_quantity
@@ -227,26 +235,8 @@ module Spree
             ).serializable_hash
           end
 
-          def select_coupon_codes
-            params[:coupon_code].present? ? [params[:coupon_code]] : check_coupon_codes
-          end
-
-          def check_coupon_codes
-            spree_current_order.promotions.coupons.map(&:code)
-          end
-
-          def select_error(coupon_codes)
-            result = coupon_handler.new(spree_current_order).remove(coupon_codes.first)
-            result.error
-          end
-
-          def select_errors(coupon_codes)
-            results = []
-            coupon_codes.each do |coupon_code|
-              results << coupon_handler.new(spree_current_order).remove(coupon_code)
-            end
-
-            results.select(&:error)
+          def add_item_params
+            params.permit(:quantity, :variant_id, public_metadata: {}, private_metadata: {}, options: {})
           end
         end
       end

data/app/controllers/spree/api/v2/storefront/checkout_controller.rb

@@ -44,6 +44,22 @@ module Spree
             render_order(result)
           end
 
+          def create_payment
+            result = create_payment_service.call(order: spree_current_order, params: params)
+
+            if result.success?
+              render_serialized_payload(201) { serialize_resource(spree_current_order.reload) }
+            else
+              render_error_payload(result.error)
+            end
+          end
+
+          def select_shipping_method
+            result = select_shipping_method_service.call(order: spree_current_order, params: params)
+
+            render_order(result)
+          end
+
           def add_store_credit
             spree_authorize! :update, spree_current_order, order_token
 
@@ -118,6 +134,14 @@ module Spree
             Spree::Api::Dependencies.storefront_shipment_serializer.constantize
           end
 
+          def create_payment_service
+            Spree::Api::Dependencies.storefront_payment_create_service.constantize
+          end
+
+          def select_shipping_method_service
+            Spree::Api::Dependencies.storefront_checkout_select_shipping_method_service.constantize
+          end
+
           def serialize_payment_methods(payment_methods)
             payment_methods_serializer.new(payment_methods, params: serializer_params).serializable_hash
           end

data/app/controllers/spree/api/v2/storefront/digitals_controller.rb

@@ -0,0 +1,54 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        class DigitalsController < ::Spree::Api::V2::ResourceController
+          def download
+            if attachment.present?
+              if digital_link.authorize!
+                if defined?(ActiveStorage::Service::DiskService) && ActiveStorage::Blob.service.instance_of?(ActiveStorage::Service::DiskService)
+                  # The asset is hosted on disk, use send_file.
+
+                  send_file(
+                    ActiveStorage::Blob.service.path_for(attachment.key),
+                    filename: attachment.filename.to_s,
+                    type: attachment.content_type.to_s,
+                    status: :ok
+                  ) and return
+
+                else
+                  # The asset is hosted on a 3rd party service, use an expiring url with disposition: 'attachment'.
+
+                  redirect_to attachment.url(
+                    expires_in: current_store.digital_asset_link_expire_time.seconds,
+                    disposition: 'attachment',
+                    host: current_store.formatted_url
+                  ) and return
+
+                end
+              end
+            else
+              Rails.logger.error I18n.t('spree.api.v2.digitals.missing_file')
+            end
+
+            render json: { error: I18n.t('spree.api.v2.digitals.unauthorized') }, status: 403
+          end
+
+          private
+
+          def model_class
+            Spree::Digital
+          end
+
+          def digital_link
+            @digital_link ||= DigitalLink.find_by!(token: params[:token])
+          end
+
+          def attachment
+            @attachment ||= digital_link.digital.try(:attachment) if digital_link.present?
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/storefront/wishlists_controller.rb

@@ -0,0 +1,171 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        class WishlistsController < ::Spree::Api::V2::ResourceController
+          before_action :require_spree_current_user, except: [:show]
+          before_action :ensure_valid_quantity, only: [:add_item, :set_item_quantity]
+
+          def show
+            spree_authorize! :show, resource
+            super
+          end
+
+          def create
+            spree_authorize! :create, Spree::Wishlist
+
+            @wishlist = spree_current_user.wishlists.new(wishlist_attributes)
+
+            ensure_current_store(@wishlist)
+
+            @wishlist.save
+
+            if @wishlist.persisted?
+              render_serialized_payload(201) { serialize_resource(@wishlist) }
+            else
+              render_error_payload(@wishlist.errors.full_messages.to_sentence)
+            end
+          end
+
+          def update
+            authorize! :update, resource
+
+            resource.update wishlist_attributes
+
+            if resource.errors.empty?
+              render_serialized_payload { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors.full_messages.to_sentence)
+            end
+          end
+
+          def destroy
+            authorize! :destroy, resource
+
+            if resource.destroy
+              head 204
+            else
+              render_error_payload(I18n.t('spree.api.v2.wishlist.errors.the_wishlist_could_not_be_destroyed'))
+            end
+          end
+
+          def default
+            spree_authorize! :create, Spree::Wishlist
+
+            @default_wishlist = spree_current_user.default_wishlist_for_store(current_store)
+
+            render_serialized_payload { serialize_resource(@default_wishlist) }
+          end
+
+          def add_item
+            spree_authorize! :create, Spree::WishedItem
+
+            if resource.wished_items.present? && resource.wished_items.detect { |wv| wv.variant_id.to_s == params[:variant_id].to_s }.present?
+              @wished_item = resource.wished_items.detect { |wi| wi.variant_id.to_s == params[:variant_id].to_s }
+              @wished_item.quantity = params[:quantity]
+            else
+              @wished_item = Spree::WishedItem.new(params.permit(:quantity, :variant_id))
+              @wished_item.wishlist = resource
+              @wished_item.save
+            end
+
+            resource.reload
+
+            if @wished_item.persisted?
+              render_serialized_payload { serialize_wished_item(@wished_item) }
+            else
+              render_error_payload(resource.errors.full_messages.to_sentence)
+            end
+          end
+
+          def set_item_quantity
+            spree_authorize! :update, wished_item
+
+            wished_item.update(params.permit(:quantity))
+
+            if wished_item.errors.empty?
+              render_serialized_payload { serialize_wished_item(wished_item) }
+            else
+              render_error_payload(resource.errors.full_messages.to_sentence)
+            end
+          end
+
+          def remove_item
+            spree_authorize! :destroy, wished_item
+
+            if wished_item.destroy
+              render_serialized_payload { serialize_wished_item(wished_item) }
+            else
+              render_error_payload(resource.errors.full_messages.to_sentence)
+            end
+          end
+
+          private
+
+          def scope(skip_cancancan: true)
+            if action_name == 'show'
+              super
+            else
+              super.where(user: spree_current_user)
+            end
+          end
+
+          def resource
+            @resource ||= scope.find_by(token: params[:id])
+          end
+
+          def model_class
+            Spree::Wishlist
+          end
+
+          def resource_serializer
+            ::Spree::V2::Storefront::WishlistSerializer
+          end
+
+          def collection_serializer
+            resource_serializer
+          end
+
+          def wishlist_attributes
+            params.require(:wishlist).permit(permitted_wishlist_attributes)
+          end
+
+          def wished_item_attributes
+            params.permit(permitted_wished_item_attributes)
+          end
+
+          def wished_item
+            @wished_item ||= resource.wished_items.find(params[:item_id])
+          end
+
+          def serialize_wished_item(wished_item)
+            ::Spree::V2::Storefront::WishedItemSerializer.new(
+              wished_item,
+              params: serializer_params,
+              include: resource_includes,
+              fields: sparse_fields
+            ).serializable_hash
+          end
+
+          def serializer_params
+            super.merge(is_variant_included: params[:is_variant_included])
+          end
+
+          def render_error_item_quantity
+            render json: { error: I18n.t('spree.api.v2.wishlist.wrong_quantity') }, status: 422
+          end
+
+          def ensure_valid_quantity
+            return render_error_item_quantity if params[:quantity].present? && params[:quantity].to_i <= 0
+
+            params[:quantity] = if params[:quantity].present?
+                                  params[:quantity].to_i
+                                else
+                                  1
+                                end
+          end
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/api/v2/collection_options_helpers.rb

@@ -23,7 +23,7 @@ module Spree
         # leaving this method in public scope so it's still possible to modify
         # those params to support non-standard non-JSON API parameters
         def collection_permitted_params
-          params.permit(:format, :page, :per_page, :sort, :include, :fields, filter: {})
+          params.permit(:format, :page, :per_page, :sort, :include, fields: {}, filter: {})
         end
 
         private

data/app/jobs/spree/webhooks/subscribers/make_request_job.rb

@@ -0,0 +1,17 @@
+module Spree
+  module Webhooks
+    module Subscribers
+      class MakeRequestJob < Spree::BaseJob
+        queue_as :spree_webhooks
+
+        def perform(webhook_payload_body, event_name, subscriber)
+          Spree::Webhooks::Subscribers::HandleRequest.new(
+            event_name: event_name,
+            subscriber: subscriber,
+            webhook_payload_body: webhook_payload_body
+          ).call
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/spree/webhooks/has_webhooks.rb

@@ -0,0 +1,58 @@
+module Spree
+  module Webhooks
+    module HasWebhooks
+      extend ActiveSupport::Concern
+
+      included do
+        after_create_commit(proc { queue_webhooks_requests!(inferred_event_name(:create)) })
+        after_destroy_commit(proc { queue_webhooks_requests!(inferred_event_name(:delete)) })
+        after_update_commit(proc { queue_webhooks_requests!(inferred_event_name(:update)) })
+
+        def queue_webhooks_requests!(event_name)
+          return if disable_spree_webhooks? || webhook_payload_body.blank?
+          return if update_event?(event_name) && updating_only_timestamps?
+
+          Spree::Webhooks::Subscribers::QueueRequests.call(event_name: event_name, webhook_payload_body: webhook_payload_body)
+        end
+
+        def self.default_webhook_events
+          model_name = name.demodulize.tableize.singularize
+          %W[#{model_name}.create #{model_name}.delete #{model_name}.update]
+        end
+
+        def self.supported_webhook_events
+          events = default_webhook_events
+          events += custom_webhook_events if respond_to?(:custom_webhook_events)
+          events
+        end
+      end
+
+      private
+
+      def webhook_payload_body
+        resource_serializer.new(self).serializable_hash.to_json
+      end
+
+      def inferred_event_name(operation)
+        "#{self.class.name.demodulize.tableize.singularize}.#{operation}"
+      end
+
+      def resource_serializer
+        demodulized_class_name = self.class.to_s.demodulize
+        "Spree::Api::V2::Platform::#{demodulized_class_name}Serializer".constantize
+      end
+
+      def updating_only_timestamps?
+        (saved_changes.keys - %w[created_at updated_at deleted_at]).empty?
+      end
+
+      def update_event?(event_name)
+        event_name.end_with?('.update')
+      end
+
+      def disable_spree_webhooks?
+        ENV['DISABLE_SPREE_WEBHOOKS'] == 'true'
+      end
+    end
+  end
+end

data/app/models/spree/api/webhooks/order_decorator.rb

@@ -0,0 +1,43 @@
+module Spree
+  module Api
+    module Webhooks
+      module OrderDecorator
+        def self.prepended(base)
+          def base.custom_webhook_events
+            %w[order.canceled order.placed order.resumed order.shipped]
+          end
+
+          base.after_update_commit :queue_webhooks_requests_for_order_resumed!
+        end
+
+        def after_cancel
+          super
+          queue_webhooks_requests!('order.canceled')
+        end
+
+        def finalize!
+          super
+          queue_webhooks_requests!('order.placed')
+        end
+
+        def after_resume
+          super
+          queue_webhooks_requests!('order.resumed')
+          self.state_machine_resumed = false
+        end
+
+        private
+
+        def queue_webhooks_requests_for_order_resumed!
+          return if state_machine_resumed?
+          return unless state_previously_changed?
+          return unless state_previous_change&.last == 'resumed'
+
+          queue_webhooks_requests!('order.resumed')
+        end
+      end
+    end
+  end
+end
+
+Spree::Order.prepend(Spree::Api::Webhooks::OrderDecorator)

data/app/models/spree/api/webhooks/payment_decorator.rb

@@ -0,0 +1,26 @@
+module Spree
+  module Api
+    module Webhooks
+      module PaymentDecorator
+        def self.prepended(base)
+          def base.custom_webhook_events
+            %w[payment.paid payment.voided]
+          end
+        end
+
+        def after_void
+          super
+          queue_webhooks_requests!('payment.voided')
+        end
+
+        def after_completed
+          super
+          queue_webhooks_requests!('payment.paid')
+          order.queue_webhooks_requests!('order.paid') if order.paid?
+        end
+      end
+    end
+  end
+end
+
+Spree::Payment.prepend(Spree::Api::Webhooks::PaymentDecorator)