RubyGems - spree_api - Versions diffs - 4.4.0 → 4.5.0 - Mend

spree_api 4.4.0 → 4.5.0

Files changed (176) hide show

data/app/controllers/spree/api/base_controller.rb DELETED Viewed

@@ -1,171 +0,0 @@
-require_dependency 'spree/api/controller_setup'
-module Spree
-  module Api
-    class BaseController < ActionController::API
-      include Spree::Api::ControllerSetup
-      include Spree::Core::ControllerHelpers::Store
-      include Spree::Core::ControllerHelpers::StrongParameters
-      include Spree::Core::ControllerHelpers::Locale
-      include Spree::Core::ControllerHelpers::Currency
-      attr_accessor :current_api_user
-      before_action :set_content_type
-      before_action :load_user
-      before_action :authorize_for_order, if: proc { order_token.present? }
-      before_action :authenticate_user
-      before_action :load_user_roles
-      rescue_from ActionController::ParameterMissing, with: :error_during_processing
-      rescue_from ActiveRecord::RecordInvalid, with: :error_during_processing
-      rescue_from ActiveRecord::RecordNotFound, with: :not_found
-      rescue_from CanCan::AccessDenied, with: :unauthorized
-      rescue_from Spree::Core::GatewayError, with: :gateway_error
-      helper Spree::Api::ApiHelpers
-      # users should be able to set price when importing orders via api
-      def permitted_line_item_attributes
-        if @current_user_roles.include?('admin')
-          super + [:price, :variant_id, :sku]
-        else
-          super
-        end
-      end
-      def content_type
-        case params[:format]
-        when 'json'
-          'application/json; charset=utf-8'
-        when 'xml'
-          'text/xml; charset=utf-8'
-        end
-      end
-      private
-      def set_content_type
-        headers['Content-Type'] = content_type
-      end
-      def load_user
-        @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
-      end
-      def authenticate_user
-        return if @current_api_user
-        if requires_authentication? && api_key.blank? && order_token.blank?
-          must_specify_api_key and return
-        elsif order_token.blank? && (requires_authentication? || api_key.present?)
-          invalid_api_key and return
-        else
-          # An anonymous user
-          @current_api_user = Spree.user_class.new
-        end
-      end
-      def invalid_api_key
-        render 'spree/api/errors/invalid_api_key', status: 401
-      end
-      def must_specify_api_key
-        render 'spree/api/errors/must_specify_api_key', status: 401
-      end
-      def load_user_roles
-        @current_user_roles = @current_api_user ? @current_api_user.spree_roles.pluck(:name) : []
-      end
-      def unauthorized
-        render 'spree/api/errors/unauthorized', status: 401 and return
-      end
-      def error_during_processing(exception)
-        message = if exception.respond_to?(:original_message)
-                    exception.original_message
-                  else
-                    exception.message
-                  end
-        Rails.logger.error message
-        Rails.logger.error exception.backtrace.join("\n")
-        unprocessable_entity(message)
-      end
-      def unprocessable_entity(message)
-        render plain: { exception: message }.to_json, status: 422
-      end
-      def gateway_error(exception)
-        @order.errors.add(:base, exception.message)
-        invalid_resource!(@order)
-      end
-      def requires_authentication?
-        Spree::Api::Config[:requires_authentication]
-      end
-      def not_found
-        render 'spree/api/errors/not_found', status: 404 and return
-      end
-      def current_ability
-        Spree::Dependencies.ability_class.constantize.new(current_api_user)
-      end
-      def invalid_resource!(resource)
-        @resource = resource
-        render 'spree/api/errors/invalid_resource', status: 422
-      end
-      def api_key
-        request.headers['X-Spree-Token'] || params[:token]
-      end
-      helper_method :api_key
-      def order_token
-        request.headers['X-Spree-Order-Token'] || params[:order_token]
-      end
-      def find_product(id)
-        @product = product_scope.friendly.distinct(false).find(id.to_s)
-      rescue ActiveRecord::RecordNotFound
-        @product = product_scope.find_by(id: id)
-        not_found unless @product
-      end
-      def product_scope
-        if @current_user_roles.include?('admin')
-          scope = Product.with_deleted.accessible_by(current_ability, :show).includes(*product_includes)
-          scope = scope.not_deleted unless params[:show_deleted]
-          scope = scope.not_discontinued unless params[:show_discontinued]
-        else
-          scope = Product.accessible_by(current_ability, :show).active.includes(*product_includes)
-        end
-        scope
-      end
-      def variants_associations
-        [{ option_values: :option_type }, :default_price, :images]
-      end
-      def product_includes
-        [:option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations]
-      end
-      def order_id
-        params[:order_id] || params[:checkout_id] || params[:order_number]
-      end
-      def authorize_for_order
-        @order = Spree::Order.find_by(number: order_id)
-        authorize! :show, @order, order_token
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/addresses_controller.rb DELETED Viewed

@@ -1,46 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class AddressesController < Spree::Api::BaseController
-        before_action :find_order
-        def show
-          authorize! :show, @order, order_token
-          @address = find_address
-          respond_with(@address)
-        end
-        def update
-          authorize! :update, @order, order_token
-          @address = find_address
-          if @address.update(address_params)
-            respond_with(@address, default_template: :show)
-          else
-            invalid_resource!(@address)
-          end
-        end
-        private
-        def address_params
-          params.require(:address).permit(permitted_address_attributes)
-        end
-        def find_order
-          @order = Spree::Order.find_by!(number: order_id)
-        end
-        def find_address
-          if @order.bill_address_id == params[:id].to_i
-            @order.bill_address
-          elsif @order.ship_address_id == params[:id].to_i
-            @order.ship_address
-          else
-            raise CanCan::AccessDenied
-          end
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/checkouts_controller.rb DELETED Viewed

@@ -1,106 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class CheckoutsController < Spree::Api::BaseController
-        before_action :load_order_with_lock, only: [:next, :advance, :update]
-        def next
-          authorize! :update, @order, order_token
-          @order.next!
-          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
-        rescue StateMachines::InvalidTransition
-          respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
-        end
-        def advance
-          authorize! :update, @order, order_token
-          while @order.next; end
-          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
-        end
-        def update
-          authorize! :update, @order, order_token
-          if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
-            if current_api_user.has_spree_role?('admin') && user_id.present?
-              @order.associate_user!(Spree.user_class.find(user_id))
-            end
-            log_state_changes if params[:state]
-            return if after_update_attributes
-            if @order.completed? || @order.next
-              state_callback(:after)
-              respond_with(@order, default_template: 'spree/api/v1/orders/show')
-            else
-              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
-            end
-          else
-            invalid_resource!(@order)
-          end
-        end
-        private
-        def user_id
-          params[:order][:user_id] if params[:order]
-        end
-        # Should be overridden if you have areas of your checkout that don't match
-        # up to a step within checkout_steps, such as a registration step
-        def skip_state_validation?
-          false
-        end
-        def load_order(lock = false)
-          @order = Spree::Order.lock(lock).find_by!(number: params[:id])
-          raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
-          @order.state = params[:state] if params[:state]
-          state_callback(:before)
-        end
-        def load_order_with_lock
-          load_order(true)
-        end
-        def raise_insufficient_quantity
-          respond_with(@order, default_template: 'spree/api/v1/orders/insufficient_quantity', status: 422)
-        end
-        def state_callback(before_or_after = :before)
-          method_name = :"#{before_or_after}_#{@order.state}"
-          send(method_name) if respond_to?(method_name, true)
-        end
-        def after_update_attributes
-          if params[:order] && params[:order][:coupon_code].present?
-            handler = PromotionHandler::Coupon.new(@order)
-            handler.apply
-            if handler.error.present?
-              @coupon_message = handler.error
-              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_apply_coupon', status: 422)
-              return true
-            end
-          end
-          false
-        end
-        def log_state_changes
-          if @order.previous_changes[:state]
-            @order.log_state_changes(
-              state_name: 'order',
-              old_state: @order.previous_changes[:state].first,
-              new_state: @order.previous_changes[:state].last
-            )
-          end
-        end
-        def order_id
-          super || params[:id]
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/classifications_controller.rb DELETED Viewed

@@ -1,21 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class ClassificationsController < Spree::Api::BaseController
-        def update
-          authorize! :update, Product
-          authorize! :update, Taxon
-          classification = Spree::Classification.find_by(
-            product_id: params[:product_id],
-            taxon_id: params[:taxon_id]
-          )
-          Spree::Dependencies.classification_reposition_service.constantize.call(
-            classification: classification,
-            position: params[:position]
-          )
-          head :ok
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/countries_controller.rb DELETED Viewed

@@ -1,22 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class CountriesController < Spree::Api::BaseController
-        skip_before_action :authenticate_user
-        def index
-          @countries = Country.accessible_by(current_ability).ransack(params[:q]).result.
-                       order('name ASC').
-                       page(params[:page]).per(params[:per_page])
-          country = Country.order('updated_at ASC').last
-          respond_with(@countries) if stale?(country)
-        end
-        def show
-          @country = Country.accessible_by(current_ability, :show).find(params[:id])
-          respond_with(@country)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/credit_cards_controller.rb DELETED Viewed

@@ -1,26 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class CreditCardsController < Spree::Api::BaseController
-        before_action :user
-        def index
-          @credit_cards = user.
-                          credit_cards.
-                          accessible_by(current_ability).
-                          with_payment_profile.
-                          ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-          respond_with(@credit_cards)
-        end
-        private
-        def user
-          if params[:user_id].present?
-            @user ||= Spree.user_class.accessible_by(current_ability, :show).find(params[:user_id])
-          end
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/customer_returns_controller.rb DELETED Viewed

@@ -1,25 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class CustomerReturnsController < Spree::Api::BaseController
-        def index
-          collection(Spree::CustomerReturn)
-          respond_with(@collection)
-        end
-        private
-        def collection(resource)
-          return @collection if @collection.present?
-          params[:q] ||= {}
-          @collection = resource.all
-          # @search needs to be defined as this is passed to search_form_for
-          @search = @collection.ransack(params[:q])
-          @collection = @search.result.order(created_at: :desc).page(params[:page]).per(params[:per_page])
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/images_controller.rb DELETED Viewed

@@ -1,58 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class ImagesController < Spree::Api::BaseController
-        def index
-          @images = scope.images.accessible_by(current_ability)
-          respond_with(@images)
-        end
-        def show
-          @image = Image.accessible_by(current_ability, :show).find(params[:id])
-          respond_with(@image)
-        end
-        def new; end
-        def create
-          authorize! :create, Image
-          @image = scope.images.new(image_params)
-          if @image.save
-            respond_with(@image, status: 201, default_template: :show)
-          else
-            invalid_resource!(@image)
-          end
-        end
-        def update
-          @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
-          if @image.update(image_params)
-            respond_with(@image, default_template: :show)
-          else
-            invalid_resource!(@image)
-          end
-        end
-        def destroy
-          @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
-          @image.destroy
-          respond_with(@image, status: 204)
-        end
-        private
-        def image_params
-          params.require(:image).permit(permitted_image_attributes)
-        end
-        def scope
-          if params[:product_id]
-            Spree::Product.friendly.find(params[:product_id])
-          elsif params[:variant_id]
-            Spree::Variant.find(params[:variant_id])
-          end
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/inventory_units_controller.rb DELETED Viewed

@@ -1,54 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class InventoryUnitsController < Spree::Api::BaseController
-        before_action :prepare_event, only: :update
-        def show
-          @inventory_unit = inventory_unit
-          respond_with(@inventory_unit)
-        end
-        def update
-          authorize! :update, inventory_unit.order
-          inventory_unit.transaction do
-            if inventory_unit.update(inventory_unit_params)
-              fire
-              render :show, status: 200
-            else
-              invalid_resource!(inventory_unit)
-            end
-          end
-        end
-        private
-        def inventory_unit
-          @inventory_unit ||= InventoryUnit.accessible_by(current_ability, :show).find(params[:id])
-        end
-        def prepare_event
-          return unless @event = params[:fire]
-          can_event = "can_#{@event}?"
-          unless inventory_unit.respond_to?(can_event) &&
-              inventory_unit.send(can_event)
-            render plain: { exception: "cannot transition to #{@event}" }.to_json,
-                   status: 200
-            false
-          end
-        end
-        def fire
-          inventory_unit.send("#{@event}!") if @event
-        end
-        def inventory_unit_params
-          params.require(:inventory_unit).permit(permitted_inventory_unit_attributes)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/line_items_controller.rb DELETED Viewed

@@ -1,70 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class LineItemsController < Spree::Api::BaseController
-        class_attribute :line_item_options
-        self.line_item_options = []
-        def new; end
-        def create
-          variant = Spree::Variant.find(params[:line_item][:variant_id])
-          @line_item = Spree::Dependencies.cart_add_item_service.constantize.call(order: order,
-                                                                                  variant: variant,
-                                                                                  quantity: params[:line_item][:quantity],
-                                                                                  options: line_item_params[:options]).value
-          if @line_item.errors.empty?
-            respond_with(@line_item, status: 201, default_template: :show)
-          else
-            invalid_resource!(@line_item)
-          end
-        end
-        def update
-          @line_item = find_line_item
-          if Spree::Dependencies.cart_update_service.constantize.call(order: @order, params: line_items_attributes).success?
-            @line_item.reload
-            respond_with(@line_item, default_template: :show)
-          else
-            invalid_resource!(@line_item)
-          end
-        end
-        def destroy
-          @line_item = find_line_item
-          Spree::Dependencies.cart_remove_line_item_service.constantize.call(order: @order, line_item: @line_item)
-          respond_with(@line_item, status: 204)
-        end
-        private
-        def order
-          @order ||= Spree::Order.includes(:line_items).find_by!(number: order_id)
-          authorize! :update, @order, order_token
-        end
-        def find_line_item
-          id = params[:id].to_i
-          order.line_items.detect { |line_item| line_item.id == id } or
-            raise ActiveRecord::RecordNotFound
-        end
-        def line_items_attributes
-          { line_items_attributes: {
-            id: params[:id],
-            quantity: params[:line_item][:quantity],
-            options: line_item_params[:options] || {}
-          } }
-        end
-        def line_item_params
-          params.require(:line_item).permit(:quantity, :variant_id, options: line_item_options)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/option_types_controller.rb DELETED Viewed

@@ -1,60 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class OptionTypesController < Spree::Api::BaseController
-        def index
-          @option_types =  if params[:ids]
-                             Spree::OptionType.
-                               includes(:option_values).
-                               accessible_by(current_ability).
-                               where(id: params[:ids].split(','))
-                           else
-                             Spree::OptionType.
-                               includes(:option_values).
-                               accessible_by(current_ability).
-                               load.ransack(params[:q]).result
-                           end
-          respond_with(@option_types)
-        end
-        def show
-          @option_type = Spree::OptionType.accessible_by(current_ability, :show).find(params[:id])
-          respond_with(@option_type)
-        end
-        def new; end
-        def create
-          authorize! :create, Spree::OptionType
-          @option_type = Spree::OptionType.new(option_type_params)
-          if @option_type.save
-            render :show, status: 201
-          else
-            invalid_resource!(@option_type)
-          end
-        end
-        def update
-          @option_type = Spree::OptionType.accessible_by(current_ability, :update).find(params[:id])
-          if @option_type.update(option_type_params)
-            render :show
-          else
-            invalid_resource!(@option_type)
-          end
-        end
-        def destroy
-          @option_type = Spree::OptionType.accessible_by(current_ability, :destroy).find(params[:id])
-          @option_type.destroy
-          render plain: nil, status: 204
-        end
-        private
-        def option_type_params
-          params.require(:option_type).permit(permitted_option_type_attributes)
-        end
-      end
-    end
-  end
-end