spree_api 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/app/controllers/spree/api/v1/addresses_controller.rb +2 -0
- data/app/controllers/spree/api/v1/base_controller.rb +11 -0
- data/app/controllers/spree/api/v1/images_controller.rb +3 -0
- data/app/controllers/spree/api/v1/shipments_controller.rb +3 -0
- data/app/views/spree/api/v1/orders/show.rabl +4 -1
- data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +29 -7
- data/spec/controllers/spree/api/v1/images_controller_spec.rb +41 -31
- data/spec/controllers/spree/api/v1/orders_controller_spec.rb +7 -0
- data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +16 -2
- data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +3 -3
- metadata +16 -16
|
@@ -4,10 +4,12 @@ module Spree
|
|
|
4
4
|
class AddressesController < Spree::Api::V1::BaseController
|
|
5
5
|
def show
|
|
6
6
|
@address = Address.find(params[:id])
|
|
7
|
+
authorize! :read, @address
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
def update
|
|
10
11
|
@address = Address.find(params[:id])
|
|
12
|
+
authorize! :read, @address
|
|
11
13
|
@address.update_attributes(params[:address])
|
|
12
14
|
render :show, :status => 200
|
|
13
15
|
end
|
|
@@ -6,6 +6,7 @@ module Spree
|
|
|
6
6
|
|
|
7
7
|
attr_accessor :current_api_user
|
|
8
8
|
|
|
9
|
+
before_filter :set_content_type
|
|
9
10
|
before_filter :check_for_api_key
|
|
10
11
|
before_filter :authenticate_user
|
|
11
12
|
|
|
@@ -25,6 +26,16 @@ module Spree
|
|
|
25
26
|
|
|
26
27
|
private
|
|
27
28
|
|
|
29
|
+
def set_content_type
|
|
30
|
+
content_type = case params[:format]
|
|
31
|
+
when "json"
|
|
32
|
+
"application/json"
|
|
33
|
+
when "xml"
|
|
34
|
+
"text/xml"
|
|
35
|
+
end
|
|
36
|
+
headers["Content-Type"] = content_type
|
|
37
|
+
end
|
|
38
|
+
|
|
28
39
|
def check_for_api_key
|
|
29
40
|
render "spree/api/v1/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
|
|
30
41
|
end
|
|
@@ -7,17 +7,20 @@ module Spree
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def create
|
|
10
|
+
authorize! :create, Image
|
|
10
11
|
@image = Image.create(params[:image])
|
|
11
12
|
render :show, :status => 201
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
def update
|
|
16
|
+
authorize! :update, Image
|
|
15
17
|
@image = Image.find(params[:id])
|
|
16
18
|
@image.update_attributes(params[:image])
|
|
17
19
|
render :show, :status => 200
|
|
18
20
|
end
|
|
19
21
|
|
|
20
22
|
def destroy
|
|
23
|
+
authorize! :delete, Image
|
|
21
24
|
@image = Image.find(params[:id])
|
|
22
25
|
@image.destroy
|
|
23
26
|
render :text => nil
|
|
@@ -6,6 +6,7 @@ module Spree
|
|
|
6
6
|
before_filter :find_and_update_shipment, :only => [:ship, :ready]
|
|
7
7
|
|
|
8
8
|
def ready
|
|
9
|
+
authorize! :read, Shipment
|
|
9
10
|
unless @shipment.ready?
|
|
10
11
|
@shipment.ready!
|
|
11
12
|
end
|
|
@@ -13,6 +14,7 @@ module Spree
|
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
def ship
|
|
17
|
+
authorize! :read, Shipment
|
|
16
18
|
unless @shipment.shipped?
|
|
17
19
|
@shipment.ship!
|
|
18
20
|
end
|
|
@@ -23,6 +25,7 @@ module Spree
|
|
|
23
25
|
|
|
24
26
|
def find_order
|
|
25
27
|
@order = Spree::Order.find_by_number!(params[:order_id])
|
|
28
|
+
authorize! :read, @order
|
|
26
29
|
end
|
|
27
30
|
|
|
28
31
|
def find_and_update_shipment
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
object @order
|
|
2
2
|
attributes *order_attributes
|
|
3
|
-
|
|
3
|
+
|
|
4
|
+
if lookup_context.find_all("spree/api/v1/orders/#{@order.state}").present?
|
|
5
|
+
extends "spree/api/v1/orders/#{@order.state}"
|
|
6
|
+
end
|
|
4
7
|
|
|
5
8
|
child :billing_address => :bill_address do
|
|
6
9
|
extends "spree/api/v1/addresses/show"
|
|
@@ -9,15 +9,37 @@ module Spree
|
|
|
9
9
|
@address = create(:address)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
context "with their own address" do
|
|
13
|
+
before do
|
|
14
|
+
Address.any_instance.stub :user => current_api_user
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it "gets an address" do
|
|
18
|
+
api_get :show, :id => @address.id
|
|
19
|
+
json_response['address']['address1'].should eq @address.address1
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
it "updates an address" do
|
|
23
|
+
api_put :update, :id => @address.id,
|
|
24
|
+
:address => { :address1 => "123 Test Lane" }
|
|
25
|
+
json_response['address']['address1'].should eq '123 Test Lane'
|
|
26
|
+
end
|
|
15
27
|
end
|
|
16
28
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
29
|
+
context "on somebody else's address" do
|
|
30
|
+
before do
|
|
31
|
+
Address.any_instance.stub :user => stub_model(Spree::User)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
it "cannot retreive address information" do
|
|
35
|
+
api_get :show, :id => @address.id
|
|
36
|
+
assert_unauthorized!
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
it "cannot update address information" do
|
|
40
|
+
api_get :update, :id => @address.id
|
|
41
|
+
assert_unauthorized!
|
|
42
|
+
end
|
|
21
43
|
end
|
|
22
44
|
end
|
|
23
45
|
end
|
|
@@ -13,43 +13,53 @@ module Spree
|
|
|
13
13
|
stub_authentication!
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
16
|
+
context "as an admin" do
|
|
17
|
+
sign_in_as_admin!
|
|
18
|
+
|
|
19
|
+
it "can upload a new image for a variant" do
|
|
20
|
+
lambda do
|
|
21
|
+
api_post :create,
|
|
22
|
+
:image => { :attachment => upload_image('thinking-cat.jpg'),
|
|
23
|
+
:viewable_type => 'Spree::Variant',
|
|
24
|
+
:viewable_id => product.master.to_param }
|
|
25
|
+
response.status.should == 201
|
|
26
|
+
json_response.should have_attributes(attributes)
|
|
27
|
+
end.should change(Image, :count).by(1)
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
context "working with an existing image" do
|
|
31
|
+
let!(:product_image) { product.master.images.create!(:attachment => image('thinking-cat.jpg')) }
|
|
26
32
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
33
|
+
it "can update image data" do
|
|
34
|
+
product_image.position.should == 1
|
|
35
|
+
api_post :update, :image => { :position => 2 }, :id => product_image.id
|
|
36
|
+
response.status.should == 200
|
|
37
|
+
json_response.should have_attributes(attributes)
|
|
38
|
+
product_image.reload.position.should == 2
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
it "can delete an image" do
|
|
42
|
+
api_delete :destroy, :id => product_image.id
|
|
43
|
+
response.status.should == 200
|
|
44
|
+
lambda { product_image.reload }.should raise_error(ActiveRecord::RecordNotFound)
|
|
45
|
+
end
|
|
46
|
+
end
|
|
36
47
|
end
|
|
37
48
|
|
|
38
|
-
context "
|
|
39
|
-
|
|
49
|
+
context "as a non-admin" do
|
|
50
|
+
it "cannot create an image" do
|
|
51
|
+
api_post :create
|
|
52
|
+
assert_unauthorized!
|
|
53
|
+
end
|
|
40
54
|
|
|
41
|
-
it "
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
response.status.should == 200
|
|
45
|
-
json_response.should have_attributes(attributes)
|
|
46
|
-
product_image.reload.position.should == 2
|
|
55
|
+
it "cannot update an image" do
|
|
56
|
+
api_put :update, :id => 1
|
|
57
|
+
assert_unauthorized!
|
|
47
58
|
end
|
|
48
59
|
|
|
49
|
-
it "
|
|
50
|
-
api_delete :destroy, :id =>
|
|
51
|
-
|
|
52
|
-
lambda { product_image.reload }.should raise_error(ActiveRecord::RecordNotFound)
|
|
60
|
+
it "cannot delete an image" do
|
|
61
|
+
api_delete :destroy, :id => 1
|
|
62
|
+
assert_unauthorized!
|
|
53
63
|
end
|
|
54
64
|
end
|
|
55
65
|
end
|
|
@@ -28,6 +28,13 @@ module Spree
|
|
|
28
28
|
json_response.should have_attributes(attributes)
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
# Regression test for #1992
|
|
32
|
+
it "can view an order not in a standard state" do
|
|
33
|
+
Order.any_instance.stub :user => current_api_user
|
|
34
|
+
order.update_column(:state, 'shipped')
|
|
35
|
+
api_get :show, :id => order.to_param
|
|
36
|
+
end
|
|
37
|
+
|
|
31
38
|
it "can not view someone else's order" do
|
|
32
39
|
Order.any_instance.stub :user => stub_model(User)
|
|
33
40
|
api_get :show, :id => order.to_param
|
|
@@ -9,8 +9,22 @@ describe Spree::Api::V1::ShipmentsController do
|
|
|
9
9
|
stub_authentication!
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
|
|
13
|
+
|
|
14
|
+
context "as a non-admin" do
|
|
15
|
+
it "cannot make a shipment ready" do
|
|
16
|
+
api_put :ready
|
|
17
|
+
assert_unauthorized!
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
it "cannot make a shipment shipped" do
|
|
21
|
+
api_put :ship
|
|
22
|
+
assert_unauthorized!
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
context "as an admin" do
|
|
27
|
+
sign_in_as_admin!
|
|
14
28
|
|
|
15
29
|
it "can make a shipment ready" do
|
|
16
30
|
api_put :ready
|
|
@@ -4,9 +4,9 @@ module Spree
|
|
|
4
4
|
describe Api::V1::TaxonsController do
|
|
5
5
|
render_views
|
|
6
6
|
|
|
7
|
-
let(:taxonomy) {
|
|
8
|
-
let(:taxon) {
|
|
9
|
-
let(:taxon2) {
|
|
7
|
+
let(:taxonomy) { create(:taxonomy) }
|
|
8
|
+
let(:taxon) { create(:taxon, :name => "Ruby", :taxonomy => taxonomy) }
|
|
9
|
+
let(:taxon2) { create(:taxon, :name => "Rails", :taxonomy => taxonomy) }
|
|
10
10
|
let(:attributes) { ["id", "name", "permalink", "position", "parent_id", "taxonomy_id"] }
|
|
11
11
|
|
|
12
12
|
before do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spree_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,33 +9,33 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-
|
|
12
|
+
date: 2012-11-19 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: spree_core
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70343664878740 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - =
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
|
-
version: 1.1.
|
|
21
|
+
version: 1.1.4
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70343664878740
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: spree_auth
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70343664878060 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - =
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 1.1.
|
|
32
|
+
version: 1.1.4
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70343664878060
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: rabl
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70343664877300 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - =
|
|
@@ -43,10 +43,10 @@ dependencies:
|
|
|
43
43
|
version: 0.6.5
|
|
44
44
|
type: :runtime
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70343664877300
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: rspec-rails
|
|
49
|
-
requirement: &
|
|
49
|
+
requirement: &70343664876420 !ruby/object:Gem::Requirement
|
|
50
50
|
none: false
|
|
51
51
|
requirements:
|
|
52
52
|
- - =
|
|
@@ -54,10 +54,10 @@ dependencies:
|
|
|
54
54
|
version: 2.9.0
|
|
55
55
|
type: :development
|
|
56
56
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *70343664876420
|
|
58
58
|
- !ruby/object:Gem::Dependency
|
|
59
59
|
name: database_cleaner
|
|
60
|
-
requirement: &
|
|
60
|
+
requirement: &70343664875940 !ruby/object:Gem::Requirement
|
|
61
61
|
none: false
|
|
62
62
|
requirements:
|
|
63
63
|
- - ! '>='
|
|
@@ -65,7 +65,7 @@ dependencies:
|
|
|
65
65
|
version: '0'
|
|
66
66
|
type: :development
|
|
67
67
|
prerelease: false
|
|
68
|
-
version_requirements: *
|
|
68
|
+
version_requirements: *70343664875940
|
|
69
69
|
description: Spree's API
|
|
70
70
|
email:
|
|
71
71
|
- ryan@spreecommerce.com
|
|
@@ -192,7 +192,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
192
192
|
version: '0'
|
|
193
193
|
segments:
|
|
194
194
|
- 0
|
|
195
|
-
hash:
|
|
195
|
+
hash: 1679059812271794179
|
|
196
196
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
197
197
|
none: false
|
|
198
198
|
requirements:
|
|
@@ -201,7 +201,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
201
201
|
version: '0'
|
|
202
202
|
segments:
|
|
203
203
|
- 0
|
|
204
|
-
hash:
|
|
204
|
+
hash: 1679059812271794179
|
|
205
205
|
requirements: []
|
|
206
206
|
rubyforge_project:
|
|
207
207
|
rubygems_version: 1.8.10
|