RubyGems - spree_api - Versions diffs - 4.4.0 → 4.5.0 - Mend

spree_api 4.4.0 → 4.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (176) hide show

data/app/controllers/spree/api/base_controller.rb DELETED Viewed

@@ -1,171 +0,0 @@
-require_dependency 'spree/api/controller_setup'
-module Spree
-  module Api
-    class BaseController < ActionController::API
-      include Spree::Api::ControllerSetup
-      include Spree::Core::ControllerHelpers::Store
-      include Spree::Core::ControllerHelpers::StrongParameters
-      include Spree::Core::ControllerHelpers::Locale
-      include Spree::Core::ControllerHelpers::Currency
-      attr_accessor :current_api_user
-      before_action :set_content_type
-      before_action :load_user
-      before_action :authorize_for_order, if: proc { order_token.present? }
-      before_action :authenticate_user
-      before_action :load_user_roles
-      rescue_from ActionController::ParameterMissing, with: :error_during_processing
-      rescue_from ActiveRecord::RecordInvalid, with: :error_during_processing
-      rescue_from ActiveRecord::RecordNotFound, with: :not_found
-      rescue_from CanCan::AccessDenied, with: :unauthorized
-      rescue_from Spree::Core::GatewayError, with: :gateway_error
-      helper Spree::Api::ApiHelpers
-      # users should be able to set price when importing orders via api
-      def permitted_line_item_attributes
-        if @current_user_roles.include?('admin')
-          super + [:price, :variant_id, :sku]
-        else
-          super
-        end
-      end
-      def content_type
-        case params[:format]
-        when 'json'
-          'application/json; charset=utf-8'
-        when 'xml'
-          'text/xml; charset=utf-8'
-        end
-      end
-      private
-      def set_content_type
-        headers['Content-Type'] = content_type
-      end
-      def load_user
-        @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
-      end
-      def authenticate_user
-        return if @current_api_user
-        if requires_authentication? && api_key.blank? && order_token.blank?
-          must_specify_api_key and return
-        elsif order_token.blank? && (requires_authentication? || api_key.present?)
-          invalid_api_key and return
-        else
-          # An anonymous user
-          @current_api_user = Spree.user_class.new
-        end
-      end
-      def invalid_api_key
-        render 'spree/api/errors/invalid_api_key', status: 401
-      end
-      def must_specify_api_key
-        render 'spree/api/errors/must_specify_api_key', status: 401
-      end
-      def load_user_roles
-        @current_user_roles = @current_api_user ? @current_api_user.spree_roles.pluck(:name) : []
-      end
-      def unauthorized
-        render 'spree/api/errors/unauthorized', status: 401 and return
-      end
-      def error_during_processing(exception)
-        message = if exception.respond_to?(:original_message)
-                    exception.original_message
-                  else
-                    exception.message
-                  end
-        Rails.logger.error message
-        Rails.logger.error exception.backtrace.join("\n")
-        unprocessable_entity(message)
-      end
-      def unprocessable_entity(message)
-        render plain: { exception: message }.to_json, status: 422
-      end
-      def gateway_error(exception)
-        @order.errors.add(:base, exception.message)
-        invalid_resource!(@order)
-      end
-      def requires_authentication?
-        Spree::Api::Config[:requires_authentication]
-      end
-      def not_found
-        render 'spree/api/errors/not_found', status: 404 and return
-      end
-      def current_ability
-        Spree::Dependencies.ability_class.constantize.new(current_api_user)
-      end
-      def invalid_resource!(resource)
-        @resource = resource
-        render 'spree/api/errors/invalid_resource', status: 422
-      end
-      def api_key
-        request.headers['X-Spree-Token'] || params[:token]
-      end
-      helper_method :api_key
-      def order_token
-        request.headers['X-Spree-Order-Token'] || params[:order_token]
-      end
-      def find_product(id)
-        @product = product_scope.friendly.distinct(false).find(id.to_s)
-      rescue ActiveRecord::RecordNotFound
-        @product = product_scope.find_by(id: id)
-        not_found unless @product
-      end
-      def product_scope
-        if @current_user_roles.include?('admin')
-          scope = Product.with_deleted.accessible_by(current_ability, :show).includes(*product_includes)
-          scope = scope.not_deleted unless params[:show_deleted]
-          scope = scope.not_discontinued unless params[:show_discontinued]
-        else
-          scope = Product.accessible_by(current_ability, :show).active.includes(*product_includes)
-        end
-        scope
-      end
-      def variants_associations
-        [{ option_values: :option_type }, :default_price, :images]
-      end
-      def product_includes
-        [:option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations]
-      end
-      def order_id
-        params[:order_id] || params[:checkout_id] || params[:order_number]
-      end
-      def authorize_for_order
-        @order = Spree::Order.find_by(number: order_id)
-        authorize! :show, @order, order_token
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/addresses_controller.rb DELETED Viewed

@@ -1,46 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class AddressesController < Spree::Api::BaseController
-        before_action :find_order
-        def show
-          authorize! :show, @order, order_token
-          @address = find_address
-          respond_with(@address)
-        end
-        def update
-          authorize! :update, @order, order_token
-          @address = find_address
-          if @address.update(address_params)
-            respond_with(@address, default_template: :show)
-          else
-            invalid_resource!(@address)
-          end
-        end
-        private
-        def address_params
-          params.require(:address).permit(permitted_address_attributes)
-        end
-        def find_order
-          @order = Spree::Order.find_by!(number: order_id)
-        end
-        def find_address
-          if @order.bill_address_id == params[:id].to_i
-            @order.bill_address
-          elsif @order.ship_address_id == params[:id].to_i
-            @order.ship_address
-          else
-            raise CanCan::AccessDenied
-          end
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/checkouts_controller.rb DELETED Viewed

@@ -1,106 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class CheckoutsController < Spree::Api::BaseController
-        before_action :load_order_with_lock, only: [:next, :advance, :update]
-        def next
-          authorize! :update, @order, order_token
-          @order.next!
-          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
-        rescue StateMachines::InvalidTransition
-          respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
-        end
-        def advance
-          authorize! :update, @order, order_token
-          while @order.next; end
-          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
-        end
-        def update
-          authorize! :update, @order, order_token
-          if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
-            if current_api_user.has_spree_role?('admin') && user_id.present?
-              @order.associate_user!(Spree.user_class.find(user_id))
-            end
-            log_state_changes if params[:state]
-            return if after_update_attributes
-            if @order.completed? || @order.next
-              state_callback(:after)
-              respond_with(@order, default_template: 'spree/api/v1/orders/show')
-            else
-              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
-            end
-          else
-            invalid_resource!(@order)
-          end
-        end
-        private
-        def user_id
-          params[:order][:user_id] if params[:order]
-        end
-        # Should be overridden if you have areas of your checkout that don't match
-        # up to a step within checkout_steps, such as a registration step
-        def skip_state_validation?
-          false
-        end
-        def load_order(lock = false)
-          @order = Spree::Order.lock(lock).find_by!(number: params[:id])
-          raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
-          @order.state = params[:state] if params[:state]
-          state_callback(:before)
-        end
-        def load_order_with_lock
-          load_order(true)
-        end
-        def raise_insufficient_quantity
-          respond_with(@order, default_template: 'spree/api/v1/orders/insufficient_quantity', status: 422)
-        end
-        def state_callback(before_or_after = :before)
-          method_name = :"#{before_or_after}_#{@order.state}"
-          send(method_name) if respond_to?(method_name, true)
-        end
-        def after_update_attributes
-          if params[:order] && params[:order][:coupon_code].present?
-            handler = PromotionHandler::Coupon.new(@order)
-            handler.apply
-            if handler.error.present?
-              @coupon_message = handler.error
-              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_apply_coupon', status: 422)
-              return true
-            end
-          end
-          false
-        end
-        def log_state_changes
-          if @order.previous_changes[:state]
-            @order.log_state_changes(
-              state_name: 'order',
-              old_state: @order.previous_changes[:state].first,
-              new_state: @order.previous_changes[:state].last
-            )
-          end
-        end
-        def order_id
-          super || params[:id]
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/classifications_controller.rb DELETED Viewed

@@ -1,21 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class ClassificationsController < Spree::Api::BaseController
-        def update
-          authorize! :update, Product
-          authorize! :update, Taxon
-          classification = Spree::Classification.find_by(
-            product_id: params[:product_id],
-            taxon_id: params[:taxon_id]
-          )
-          Spree::Dependencies.classification_reposition_service.constantize.call(
-            classification: classification,
-            position: params[:position]
-          )
-          head :ok
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/countries_controller.rb DELETED Viewed

@@ -1,22 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class CountriesController < Spree::Api::BaseController
-        skip_before_action :authenticate_user
-        def index
-          @countries = Country.accessible_by(current_ability).ransack(params[:q]).result.
-                       order('name ASC').
-                       page(params[:page]).per(params[:per_page])
-          country = Country.order('updated_at ASC').last
-          respond_with(@countries) if stale?(country)
-        end
-        def show
-          @country = Country.accessible_by(current_ability, :show).find(params[:id])
-          respond_with(@country)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/credit_cards_controller.rb DELETED Viewed

@@ -1,26 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class CreditCardsController < Spree::Api::BaseController
-        before_action :user
-        def index
-          @credit_cards = user.
-                          credit_cards.
-                          accessible_by(current_ability).
-                          with_payment_profile.
-                          ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-          respond_with(@credit_cards)
-        end
-        private
-        def user
-          if params[:user_id].present?
-            @user ||= Spree.user_class.accessible_by(current_ability, :show).find(params[:user_id])
-          end
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/customer_returns_controller.rb DELETED Viewed

@@ -1,25 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class CustomerReturnsController < Spree::Api::BaseController
-        def index
-          collection(Spree::CustomerReturn)
-          respond_with(@collection)
-        end
-        private
-        def collection(resource)
-          return @collection if @collection.present?
-          params[:q] ||= {}
-          @collection = resource.all
-          # @search needs to be defined as this is passed to search_form_for
-          @search = @collection.ransack(params[:q])
-          @collection = @search.result.order(created_at: :desc).page(params[:page]).per(params[:per_page])
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/images_controller.rb DELETED Viewed

@@ -1,58 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class ImagesController < Spree::Api::BaseController
-        def index
-          @images = scope.images.accessible_by(current_ability)
-          respond_with(@images)
-        end
-        def show
-          @image = Image.accessible_by(current_ability, :show).find(params[:id])
-          respond_with(@image)
-        end
-        def new; end
-        def create
-          authorize! :create, Image
-          @image = scope.images.new(image_params)
-          if @image.save
-            respond_with(@image, status: 201, default_template: :show)
-          else
-            invalid_resource!(@image)
-          end
-        end
-        def update
-          @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
-          if @image.update(image_params)
-            respond_with(@image, default_template: :show)
-          else
-            invalid_resource!(@image)
-          end
-        end
-        def destroy
-          @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
-          @image.destroy
-          respond_with(@image, status: 204)
-        end
-        private
-        def image_params
-          params.require(:image).permit(permitted_image_attributes)
-        end
-        def scope
-          if params[:product_id]
-            Spree::Product.friendly.find(params[:product_id])
-          elsif params[:variant_id]
-            Spree::Variant.find(params[:variant_id])
-          end
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/inventory_units_controller.rb DELETED Viewed

@@ -1,54 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class InventoryUnitsController < Spree::Api::BaseController
-        before_action :prepare_event, only: :update
-        def show
-          @inventory_unit = inventory_unit
-          respond_with(@inventory_unit)
-        end
-        def update
-          authorize! :update, inventory_unit.order
-          inventory_unit.transaction do
-            if inventory_unit.update(inventory_unit_params)
-              fire
-              render :show, status: 200
-            else
-              invalid_resource!(inventory_unit)
-            end
-          end
-        end
-        private
-        def inventory_unit
-          @inventory_unit ||= InventoryUnit.accessible_by(current_ability, :show).find(params[:id])
-        end
-        def prepare_event
-          return unless @event = params[:fire]
-          can_event = "can_#{@event}?"
-          unless inventory_unit.respond_to?(can_event) &&
-              inventory_unit.send(can_event)
-            render plain: { exception: "cannot transition to #{@event}" }.to_json,
-                   status: 200
-            false
-          end
-        end
-        def fire
-          inventory_unit.send("#{@event}!") if @event
-        end
-        def inventory_unit_params
-          params.require(:inventory_unit).permit(permitted_inventory_unit_attributes)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/line_items_controller.rb DELETED Viewed

@@ -1,70 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class LineItemsController < Spree::Api::BaseController
-        class_attribute :line_item_options
-        self.line_item_options = []
-        def new; end
-        def create
-          variant = Spree::Variant.find(params[:line_item][:variant_id])
-          @line_item = Spree::Dependencies.cart_add_item_service.constantize.call(order: order,
-                                                                                  variant: variant,
-                                                                                  quantity: params[:line_item][:quantity],
-                                                                                  options: line_item_params[:options]).value
-          if @line_item.errors.empty?
-            respond_with(@line_item, status: 201, default_template: :show)
-          else
-            invalid_resource!(@line_item)
-          end
-        end
-        def update
-          @line_item = find_line_item
-          if Spree::Dependencies.cart_update_service.constantize.call(order: @order, params: line_items_attributes).success?
-            @line_item.reload
-            respond_with(@line_item, default_template: :show)
-          else
-            invalid_resource!(@line_item)
-          end
-        end
-        def destroy
-          @line_item = find_line_item
-          Spree::Dependencies.cart_remove_line_item_service.constantize.call(order: @order, line_item: @line_item)
-          respond_with(@line_item, status: 204)
-        end
-        private
-        def order
-          @order ||= Spree::Order.includes(:line_items).find_by!(number: order_id)
-          authorize! :update, @order, order_token
-        end
-        def find_line_item
-          id = params[:id].to_i
-          order.line_items.detect { |line_item| line_item.id == id } or
-            raise ActiveRecord::RecordNotFound
-        end
-        def line_items_attributes
-          { line_items_attributes: {
-            id: params[:id],
-            quantity: params[:line_item][:quantity],
-            options: line_item_params[:options] || {}
-          } }
-        end
-        def line_item_params
-          params.require(:line_item).permit(:quantity, :variant_id, options: line_item_options)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/option_types_controller.rb DELETED Viewed

@@ -1,60 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class OptionTypesController < Spree::Api::BaseController
-        def index
-          @option_types =  if params[:ids]
-                             Spree::OptionType.
-                               includes(:option_values).
-                               accessible_by(current_ability).
-                               where(id: params[:ids].split(','))
-                           else
-                             Spree::OptionType.
-                               includes(:option_values).
-                               accessible_by(current_ability).
-                               load.ransack(params[:q]).result
-                           end
-          respond_with(@option_types)
-        end
-        def show
-          @option_type = Spree::OptionType.accessible_by(current_ability, :show).find(params[:id])
-          respond_with(@option_type)
-        end
-        def new; end
-        def create
-          authorize! :create, Spree::OptionType
-          @option_type = Spree::OptionType.new(option_type_params)
-          if @option_type.save
-            render :show, status: 201
-          else
-            invalid_resource!(@option_type)
-          end
-        end
-        def update
-          @option_type = Spree::OptionType.accessible_by(current_ability, :update).find(params[:id])
-          if @option_type.update(option_type_params)
-            render :show
-          else
-            invalid_resource!(@option_type)
-          end
-        end
-        def destroy
-          @option_type = Spree::OptionType.accessible_by(current_ability, :destroy).find(params[:id])
-          @option_type.destroy
-          render plain: nil, status: 204
-        end
-        private
-        def option_type_params
-          params.require(:option_type).permit(permitted_option_type_attributes)
-        end
-      end
-    end
-  end
-end