spree_api 5.4.0.beta4 → 5.4.0.beta5

data/app/controllers/spree/api/v3/store/customers_controller.rb

@@ -0,0 +1,102 @@
+module Spree
+  module Api
+    module V3
+      module Store
+        class CustomersController < Store::BaseController
+          rate_limit to: Spree::Api::Config[:rate_limit_register], within: Spree::Api::Config[:rate_limit_window].seconds, store: Rails.cache, only: :create, with: RATE_LIMIT_RESPONSE
+
+          skip_before_action :authenticate_user, only: [:create]
+          prepend_before_action :require_authentication!, only: [:show, :update]
+
+          # POST /api/v3/store/customers
+          def create
+            user = Spree.user_class.new(create_params)
+
+            if user.save
+              token = generate_jwt(user)
+              render json: {
+                token: token,
+                user: user_serializer.new(user, params: serializer_params).to_h
+              }, status: :created
+            else
+              render_errors(user.errors)
+            end
+          end
+
+          # GET /api/v3/store/customer
+          def show
+            render json: serialize_resource(current_user)
+          end
+
+          # PATCH /api/v3/store/customer
+          def update
+            if sensitive_update? && !valid_current_password?
+              return render_error(
+                code: ErrorHandler::ERROR_CODES[:current_password_invalid],
+                message: Spree.t(:current_password_invalid, scope: :api),
+                status: :unprocessable_content
+              )
+            end
+
+            update_params = permitted_params.except(:current_password)
+
+            if current_user.update(update_params)
+              render json: serialize_resource(current_user)
+            else
+              render_errors(current_user.errors)
+            end
+          end
+
+          protected
+
+          def serializer_class
+            Spree.api.customer_serializer
+          end
+
+          def serializer_params
+            {
+              store: current_store,
+              locale: current_locale,
+              currency: current_currency,
+              user: current_user,
+              includes: []
+            }
+          end
+
+          def create_params
+            params.permit(:email, :password, :password_confirmation, :first_name, :last_name,
+                          :phone, :accepts_email_marketing, metadata: {})
+          end
+
+          def permitted_params
+            params.permit(:email, :password, :password_confirmation, :first_name, :last_name,
+                          :accepts_email_marketing, :phone, :current_password, metadata: {})
+          end
+
+          private
+
+          def sensitive_update?
+            (params[:email].present? && params[:email] != current_user.email) ||
+              params[:password].present?
+          end
+
+          def valid_current_password?
+            return false if params[:current_password].blank?
+
+            if current_user.respond_to?(:valid_password?)
+              current_user.valid_password?(params[:current_password])
+            elsif current_user.respond_to?(:authenticate)
+              current_user.authenticate(params[:current_password]).present?
+            else
+              false
+            end
+          end
+
+          def user_serializer
+            Spree.api.customer_serializer
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v3/store/locales_controller.rb

@@ -3,10 +3,14 @@ module Spree
     module V3
       module Store
         class LocalesController < Store::BaseController
+          include Spree::Api::V3::HttpCaching
+
           # GET /api/v3/store/locales
           def index
             locales = current_store.supported_locales_list
 
+            return unless cache_collection(locales)
+
             render json: {
               data: locales.map { |code| Spree.api.locale_serializer.new(OpenStruct.new(code: code, name: locale_name(code))).to_h }
             }

data/app/controllers/spree/api/v3/store/markets/countries_controller.rb

@@ -4,12 +4,16 @@ module Spree
       module Store
         module Markets
           class CountriesController < Store::BaseController
+            include Spree::Api::V3::HttpCaching
+
             before_action :load_market
 
             # GET /api/v3/store/markets/:market_id/countries
             def index
               countries = @market.countries.order(:name)
 
+              return unless cache_collection(countries)
+
               render json: {
                 data: countries.map { |country| serialize_country(country) }
               }
@@ -19,6 +23,8 @@ module Spree
             def show
               country = @market.countries.find_by!(iso: params[:id].upcase)
 
+              return unless cache_resource(country)
+
               render json: serialize_country(country)
             end
 

data/app/controllers/spree/api/v3/store/markets_controller.rb

@@ -3,10 +3,14 @@ module Spree
     module V3
       module Store
         class MarketsController < Store::BaseController
+          include Spree::Api::V3::HttpCaching
+
           # GET /api/v3/store/markets
           def index
             markets = current_store.markets.includes(:countries).order(:position)
 
+            return unless cache_collection(markets)
+
             render json: {
               data: markets.map { |market| serialize_market(market) }
             }
@@ -16,6 +20,8 @@ module Spree
           def show
             market = current_store.markets.includes(:countries).find_by_prefix_id!(params[:id])
 
+            return unless cache_resource(market)
+
             render json: serialize_market(market)
           end
 
@@ -27,6 +33,8 @@ module Spree
 
             raise ActiveRecord::RecordNotFound unless market
 
+            return unless cache_resource(market)
+
             render json: serialize_market(market)
           end
 

data/app/controllers/spree/api/v3/store/orders_controller.rb

@@ -22,7 +22,7 @@ module Spree
           #
           def update
             with_order_lock do
-              result = Spree::Api::V3::Orders::Update.call(
+              result = Spree.order_update_service.call(
                 order: @order,
                 params: order_params
               )
@@ -118,7 +118,8 @@ module Spree
               :bill_address_id,
               ship_address: address_params,
               bill_address: address_params,
-              metadata: {}
+              metadata: {},
+              line_items: [:variant_id, :quantity, { metadata: {}, options: {} }]
             )
           end
 

data/app/controllers/spree/api/v3/store/products/filters_controller.rb

@@ -8,27 +8,28 @@ module Spree
               aggregator = Spree::Api::V3::FiltersAggregator.new(
                 scope: filters_scope,
                 currency: current_currency,
-                taxon: taxon
+                category: category
               )
               render json: aggregator.call
             end
 
             private
 
-            # Build scope from taxon and/or ransack params
+            # Build scope from category and/or ransack params
             # @return [ActiveRecord::Relation]
             def filters_scope
               scope = current_store.products.active(current_currency)
-              scope = scope.in_taxon(taxon) if taxon.present?
+              scope = scope.in_category(category) if category.present?
               scope = scope.ransack(params[:q]).result if params[:q].present?
               scope.accessible_by(current_ability, :show)
             end
 
-            # Fetches taxon from params
-            # @param [String] taxon_id
-            # @return [Spree::Taxon]
-            def taxon
-              @taxon ||= params[:taxon_id].present? ? current_store.taxons.find_by_param(params[:taxon_id]) : nil
+            # Fetches category from params
+            # @param [String] category_id
+            # @return [Spree::Category]
+            def category
+              category_id = params[:category_id]
+              @category ||= category_id.present? ? current_store.categories.find_by_param(category_id) : nil
             end
           end
         end

data/app/controllers/spree/api/v3/store/products_controller.rb

@@ -3,10 +3,12 @@ module Spree
     module V3
       module Store
         class ProductsController < ResourceController
+          include Spree::Api::V3::HttpCaching
+
           # Sort values that require special scopes (not plain Ransack column sorts).
           CUSTOM_SORT_SCOPES = {
-            'price asc' => :ascend_by_price,
-            'price desc' => :descend_by_price,
+            'price' => :ascend_by_price,
+            '-price' => :descend_by_price,
             'best_selling' => :by_best_selling
           }.freeze
 
@@ -45,14 +47,9 @@ module Spree
             ]
           end
 
-          # Disable distinct when using custom sort scopes that add computed columns
-          def collection_distinct?
-            !custom_sort_requested?
-          end
-
           # Applies sorting from the unified `sort` param.
-          # Custom values ('price asc', 'best_selling') use product-specific scopes.
-          # Standard Ransack values ('name asc', 'created_at desc') are passed to q[s].
+          # Custom values ('price', '-price', 'best_selling') use product-specific scopes.
+          # Standard Ransack values ('name', '-created_at') are handled by base ResourceController.
           def apply_collection_sort(collection)
             sort_value = sort_param
             return collection unless sort_value.present?
@@ -61,17 +58,17 @@ module Spree
             return collection unless scope_method
 
             sorted = collection.reorder(nil)
-            sort_value == 'best_selling' ? sorted.distinct(false).send(scope_method) : sorted.send(scope_method)
+            sorted.send(scope_method)
           end
 
-          # Inject sort into ransack params when it's a standard Ransack sort
+          # Skip base Ransack sort injection for custom sort scopes
           def ransack_params
             rp = super
-            sort_value = sort_param
 
-            if sort_value.present? && !CUSTOM_SORT_SCOPES.key?(sort_value)
-              rp = rp.respond_to?(:to_unsafe_h) ? rp.to_unsafe_h : rp.dup
-              rp['s'] = sort_value
+            # Remove Ransack sort when a custom scope handles it
+            if sort_param.present? && CUSTOM_SORT_SCOPES.key?(sort_param)
+              rp = rp.is_a?(Hash) ? rp.dup : rp.to_unsafe_h
+              rp.delete('s')
             end
 
             rp
@@ -79,10 +76,6 @@ module Spree
 
           private
 
-          def sort_param
-            params[:sort] || params.dig(:q, :s)
-          end
-
           def custom_sort_requested?
             CUSTOM_SORT_SCOPES.key?(sort_param)
           end

data/app/jobs/spree/webhook_delivery_job.rb

@@ -6,10 +6,13 @@ module Spree
 
     retry_on StandardError, wait: :polynomially_longer, attempts: 5
 
-    def perform(delivery_id, secret_key)
+    # Accept optional second argument for backward compatibility with jobs
+    # enqueued before this change was deployed.
+    def perform(delivery_id, _deprecated_secret_key = nil)
       delivery = Spree::WebhookDelivery.find_by(id: delivery_id)
       return if delivery.nil?
 
+      secret_key = delivery.webhook_endpoint.secret_key
       Spree::Webhooks::DeliverWebhook.call(delivery: delivery, secret_key: secret_key)
     end
   end

data/app/serializers/spree/api/v3/admin/address_serializer.rb

@@ -0,0 +1,24 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class AddressSerializer < V3::AddressSerializer
+          typelize label: [:string, nullable: true],
+                   user_id: [:string, nullable: true],
+                   metadata: 'Record<string, unknown> | null'
+
+          attributes :label,
+                     created_at: :iso8601, updated_at: :iso8601
+
+          attribute :user_id do |address|
+            address.user&.prefixed_id
+          end
+
+          attribute :metadata do |address|
+            address.metadata.presence
+          end
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/adjustment_serializer.rb

@@ -0,0 +1,36 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class AdjustmentSerializer < V3::BaseSerializer
+          typelize label: :string, amount: :string, display_amount: :string,
+                   state: :string, eligible: :boolean, mandatory: :boolean, included: :boolean,
+                   source_type: [:string, nullable: true],
+                   adjustable_type: :string, adjustable_id: :string,
+                   order_id: [:string, nullable: true],
+                   source_id: [:string, nullable: true]
+
+          attributes :label, :display_amount, :state, :eligible, :mandatory, :included,
+                     :source_type, :adjustable_type,
+                     created_at: :iso8601, updated_at: :iso8601
+
+          attribute :amount do |adjustment|
+            adjustment.amount.to_s
+          end
+
+          attribute :adjustable_id do |adjustment|
+            adjustment.adjustable&.prefixed_id
+          end
+
+          attribute :order_id do |adjustment|
+            adjustment.order&.prefixed_id
+          end
+
+          attribute :source_id do |adjustment|
+            adjustment.source&.prefixed_id
+          end
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/admin_user_serializer.rb

@@ -0,0 +1,15 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class AdminUserSerializer < V3::BaseSerializer
+          typelize email: :string, first_name: [:string, nullable: true],
+                   last_name: [:string, nullable: true]
+
+          attributes :email, :first_name, :last_name,
+                     created_at: :iso8601, updated_at: :iso8601
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/asset_serializer.rb

@@ -0,0 +1,10 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class AssetSerializer < V3::AssetSerializer
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/category_serializer.rb

@@ -0,0 +1,33 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        # Admin API Category Serializer
+        # Full category data including admin-only fields
+        class CategorySerializer < V3::CategorySerializer
+          typelize lft: :number, rgt: :number
+
+          # Nested set columns for tree operations
+          attributes :lft, :rgt
+
+          # Override inherited associations to use admin serializers
+          one :parent,
+              resource: Spree.api.admin_category_serializer,
+              if: proc { expand?('parent') }
+
+          many :children,
+               resource: Spree.api.admin_category_serializer,
+               if: proc { expand?('children') }
+
+          many :ancestors,
+               resource: Spree.api.admin_category_serializer,
+               if: proc { expand?('ancestors') }
+
+          many :metafields,
+               resource: Spree.api.admin_metafield_serializer,
+               if: proc { expand?('metafields') }
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/credit_card_serializer.rb

@@ -0,0 +1,22 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class CreditCardSerializer < V3::CreditCardSerializer
+          typelize user_id: [:string, nullable: true],
+                   payment_method_id: [:string, nullable: true]
+
+          attribute :user_id do |credit_card|
+            credit_card.user&.prefixed_id
+          end
+
+          attribute :payment_method_id do |credit_card|
+            credit_card.payment_method&.prefixed_id
+          end
+
+          attributes created_at: :iso8601, updated_at: :iso8601
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/customer_serializer.rb

@@ -5,14 +5,13 @@ module Spree
         # Admin API Customer Serializer
         # Full customer data including admin-only fields
         class CustomerSerializer < V3::CustomerSerializer
-          typelize phone: [:string, nullable: true], login: [:string, nullable: true],
-                   accepts_email_marketing: :boolean,
+          typelize login: [:string, nullable: true],
                    last_sign_in_at: [:string, nullable: true], current_sign_in_at: [:string, nullable: true],
                    sign_in_count: :number, failed_attempts: :number,
                    last_sign_in_ip: [:string, nullable: true], current_sign_in_ip: [:string, nullable: true]
 
           # Admin-only attributes
-          attributes :phone, :login, :accepts_email_marketing,
+          attributes :login,
                      last_sign_in_at: :iso8601, current_sign_in_at: :iso8601
 
           attribute :sign_in_count do |user|
@@ -31,11 +30,14 @@ module Spree
             user.current_sign_in_ip
           end
 
+          # Override inherited associations to use admin serializers
+          many :addresses, resource: Spree.api.admin_address_serializer, if: proc { expand?('addresses') }
+          one :bill_address, key: :default_billing_address, resource: Spree.api.admin_address_serializer, if: proc { expand?('default_billing_address') }
+          one :ship_address, key: :default_shipping_address, resource: Spree.api.admin_address_serializer, if: proc { expand?('default_shipping_address') }
+
           many :orders,
                resource: Spree.api.admin_order_serializer,
-               if: proc { params[:expand]&.include?('orders') }
-
-          # TODO: Add store_credits association when Admin API is implemented
+               if: proc { expand?('orders') }
         end
       end
     end

data/app/serializers/spree/api/v3/admin/digital_link_serializer.rb

@@ -0,0 +1,10 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class DigitalLinkSerializer < V3::DigitalLinkSerializer
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/image_serializer.rb

@@ -0,0 +1,10 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class ImageSerializer < V3::ImageSerializer
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/line_item_serializer.rb

@@ -5,11 +5,46 @@ module Spree
         # Admin API Line Item Serializer
         # Extends the store serializer with metadata visibility
         class LineItemSerializer < V3::LineItemSerializer
-          typelize metadata: 'Record<string, unknown> | null'
+          typelize metadata: 'Record<string, unknown> | null',
+                   cost_price: [:string, nullable: true],
+                   tax_category_id: [:string, nullable: true],
+                   order_id: [:string, nullable: true]
 
           attribute :metadata do |line_item|
             line_item.metadata.presence
           end
+
+          attribute :cost_price do |line_item|
+            line_item.cost_price&.to_s
+          end
+
+          attribute :tax_category_id do |line_item|
+            line_item.tax_category&.prefixed_id
+          end
+
+          attribute :order_id do |line_item|
+            line_item.order&.prefixed_id
+          end
+
+          # Override inherited associations to use admin serializers
+          many :option_values, resource: Spree.api.admin_option_value_serializer
+          many :digital_links, resource: Spree.api.admin_digital_link_serializer
+
+          one :order,
+              resource: Spree.api.admin_order_serializer,
+              if: proc { expand?('order') }
+
+          one :variant,
+              resource: Spree.api.admin_variant_serializer,
+              if: proc { expand?('variant') }
+
+          one :tax_category,
+              resource: Spree.api.admin_tax_category_serializer,
+              if: proc { expand?('tax_category') }
+
+          many :adjustments,
+               resource: Spree.api.admin_adjustment_serializer,
+               if: proc { expand?('adjustments') }
         end
       end
     end

data/app/serializers/spree/api/v3/admin/option_type_serializer.rb

@@ -0,0 +1,13 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class OptionTypeSerializer < V3::OptionTypeSerializer
+          many :option_values,
+               resource: Spree.api.admin_option_value_serializer,
+               if: proc { expand?('option_values') }
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/option_value_serializer.rb

@@ -0,0 +1,13 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class OptionValueSerializer < V3::OptionValueSerializer
+          one :option_type,
+              resource: Spree.api.admin_option_type_serializer,
+              if: proc { expand?('option_type') }
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v3/admin/order_promotion_serializer.rb

@@ -0,0 +1,10 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        class OrderPromotionSerializer < V3::OrderPromotionSerializer
+        end
+      end
+    end
+  end
+end