spree_api 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/app/controllers/spree/api/v1/addresses_controller.rb +2 -0
- data/app/controllers/spree/api/v1/base_controller.rb +12 -3
- data/app/controllers/spree/api/v1/countries_controller.rb +4 -1
- data/app/controllers/spree/api/v1/images_controller.rb +4 -1
- data/app/controllers/spree/api/v1/line_items_controller.rb +1 -1
- data/app/controllers/spree/api/v1/orders_controller.rb +10 -16
- data/app/controllers/spree/api/v1/payments_controller.rb +5 -1
- data/app/controllers/spree/api/v1/product_properties_controller.rb +64 -0
- data/app/controllers/spree/api/v1/products_controller.rb +2 -7
- data/app/controllers/spree/api/v1/return_authorizations_controller.rb +53 -0
- data/app/controllers/spree/api/v1/shipments_controller.rb +3 -0
- data/app/controllers/spree/api/v1/taxonomies_controller.rb +5 -2
- data/app/controllers/spree/api/v1/taxons_controller.rb +1 -1
- data/app/controllers/spree/api/v1/variants_controller.rb +21 -3
- data/app/controllers/spree/api/v1/zones_controller.rb +2 -2
- data/app/helpers/spree/api/api_helpers.rb +8 -0
- data/app/models/spree/api_configuration.rb +5 -0
- data/app/models/spree/order_decorator.rb +1 -0
- data/app/views/spree/api/v1/countries/index.rabl +7 -2
- data/app/views/spree/api/v1/countries/show.rabl +2 -2
- data/app/views/spree/api/v1/orders/index.rabl +1 -1
- data/app/views/spree/api/v1/orders/show.rabl +4 -1
- data/app/views/spree/api/v1/payments/index.rabl +7 -2
- data/app/views/spree/api/v1/product_properties/index.rabl +7 -0
- data/app/views/spree/api/v1/product_properties/new.rabl +2 -0
- data/app/views/spree/api/v1/product_properties/show.rabl +2 -0
- data/app/views/spree/api/v1/products/index.rabl +2 -1
- data/app/views/spree/api/v1/return_authorizations/index.rabl +7 -0
- data/app/views/spree/api/v1/return_authorizations/new.rabl +3 -0
- data/app/views/spree/api/v1/return_authorizations/show.rabl +2 -0
- data/app/views/spree/api/v1/taxonomies/index.rabl +7 -2
- data/app/views/spree/api/v1/variants/index.rabl +10 -3
- data/app/views/spree/api/v1/zones/index.rabl +7 -2
- data/config/routes.rb +3 -8
- data/lib/spree/api/engine.rb +4 -0
- data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +29 -7
- data/spec/controllers/spree/api/v1/base_controller_spec.rb +1 -0
- data/spec/controllers/spree/api/v1/countries_controller_spec.rb +25 -1
- data/spec/controllers/spree/api/v1/images_controller_spec.rb +42 -21
- data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/v1/orders_controller_spec.rb +51 -1
- data/spec/controllers/spree/api/v1/payments_controller_spec.rb +44 -3
- data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +117 -0
- data/spec/controllers/spree/api/v1/products_controller_spec.rb +33 -17
- data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +155 -0
- data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +18 -3
- data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +22 -3
- data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +8 -3
- data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
- data/spec/controllers/spree/api/v1/variants_controller_spec.rb +68 -4
- data/spec/controllers/spree/api/v1/zones_controller_spec.rb +46 -11
- data/spec/shared_examples/protect_product_actions.rb +17 -0
- data/spec/spec_helper.rb +5 -0
- data/spree_api.gemspec +0 -1
- metadata +28 -22
@@ -4,10 +4,12 @@ module Spree
|
|
4
4
|
class AddressesController < Spree::Api::V1::BaseController
|
5
5
|
def show
|
6
6
|
@address = Address.find(params[:id])
|
7
|
+
authorize! :read, @address
|
7
8
|
end
|
8
9
|
|
9
10
|
def update
|
10
11
|
@address = Address.find(params[:id])
|
12
|
+
authorize! :read, @address
|
11
13
|
@address.update_attributes(params[:address])
|
12
14
|
render :show, :status => 200
|
13
15
|
end
|
@@ -7,7 +7,7 @@ module Spree
|
|
7
7
|
attr_accessor :current_api_user
|
8
8
|
|
9
9
|
before_filter :set_content_type
|
10
|
-
before_filter :check_for_api_key
|
10
|
+
before_filter :check_for_api_key, :if => :requires_authentication?
|
11
11
|
before_filter :authenticate_user
|
12
12
|
|
13
13
|
rescue_from CanCan::AccessDenied, :with => :unauthorized
|
@@ -41,8 +41,13 @@ module Spree
|
|
41
41
|
end
|
42
42
|
|
43
43
|
def authenticate_user
|
44
|
-
|
45
|
-
|
44
|
+
if requires_authentication? || api_key.present?
|
45
|
+
unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
|
46
|
+
render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
|
47
|
+
end
|
48
|
+
else
|
49
|
+
# Effectively, an anonymous user
|
50
|
+
@current_api_user = Spree.user_class.new
|
46
51
|
end
|
47
52
|
end
|
48
53
|
|
@@ -50,6 +55,10 @@ module Spree
|
|
50
55
|
render "spree/api/v1/errors/unauthorized", :status => 401 and return
|
51
56
|
end
|
52
57
|
|
58
|
+
def requires_authentication?
|
59
|
+
Spree::Api::Config[:requires_authentication]
|
60
|
+
end
|
61
|
+
|
53
62
|
def not_found
|
54
63
|
render "spree/api/v1/errors/not_found", :status => 404 and return
|
55
64
|
end
|
@@ -3,7 +3,10 @@ module Spree
|
|
3
3
|
module V1
|
4
4
|
class CountriesController < Spree::Api::V1::BaseController
|
5
5
|
def index
|
6
|
-
@countries = Country.
|
6
|
+
@countries = Country.
|
7
|
+
ransack(params[:q]).result.
|
8
|
+
includes(:states).order('name ASC').
|
9
|
+
page(params[:page]).per(params[:per_page])
|
7
10
|
end
|
8
11
|
|
9
12
|
def show
|
@@ -7,20 +7,23 @@ module Spree
|
|
7
7
|
end
|
8
8
|
|
9
9
|
def create
|
10
|
+
authorize! :create, Image
|
10
11
|
@image = Image.create(params[:image])
|
11
12
|
render :show, :status => 201
|
12
13
|
end
|
13
14
|
|
14
15
|
def update
|
16
|
+
authorize! :update, Image
|
15
17
|
@image = Image.find(params[:id])
|
16
18
|
@image.update_attributes(params[:image])
|
17
19
|
render :show, :status => 200
|
18
20
|
end
|
19
21
|
|
20
22
|
def destroy
|
23
|
+
authorize! :delete, Image
|
21
24
|
@image = Image.find(params[:id])
|
22
25
|
@image.destroy
|
23
|
-
render :text => nil
|
26
|
+
render :text => nil, :status => 204
|
24
27
|
end
|
25
28
|
|
26
29
|
end
|
@@ -2,31 +2,25 @@ module Spree
|
|
2
2
|
module Api
|
3
3
|
module V1
|
4
4
|
class OrdersController < Spree::Api::V1::BaseController
|
5
|
-
before_filter :map_nested_attributes, :only => [:create, :update]
|
6
5
|
before_filter :authorize_read!, :except => [:index, :search, :create]
|
7
6
|
|
8
7
|
def index
|
9
8
|
# should probably look at turning this into a CanCan step
|
10
9
|
raise CanCan::AccessDenied unless current_api_user.has_spree_role?("admin")
|
11
|
-
@orders = Order.page(params[:page]).per(params[:per_page])
|
10
|
+
@orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
12
11
|
end
|
13
12
|
|
14
13
|
def show
|
15
14
|
end
|
16
15
|
|
17
|
-
def search
|
18
|
-
@orders = Order.ransack(params[:q]).result.page(params[:page])
|
19
|
-
render :index
|
20
|
-
end
|
21
|
-
|
22
16
|
def create
|
23
|
-
@order = Order.build_from_api(current_api_user,
|
24
|
-
next!
|
17
|
+
@order = Order.build_from_api(current_api_user, nested_params)
|
18
|
+
next!(:status => 201)
|
25
19
|
end
|
26
20
|
|
27
21
|
def update
|
28
22
|
authorize! :update, Order
|
29
|
-
if order.update_attributes(
|
23
|
+
if order.update_attributes(nested_params)
|
30
24
|
order.update!
|
31
25
|
render :show
|
32
26
|
else
|
@@ -35,8 +29,8 @@ module Spree
|
|
35
29
|
end
|
36
30
|
|
37
31
|
def address
|
38
|
-
order.build_ship_address(params[:shipping_address])
|
39
|
-
order.build_bill_address(params[:billing_address])
|
32
|
+
order.build_ship_address(params[:shipping_address]) if params[:shipping_address]
|
33
|
+
order.build_bill_address(params[:billing_address]) if params[:billing_address]
|
40
34
|
next!
|
41
35
|
end
|
42
36
|
|
@@ -64,17 +58,17 @@ module Spree
|
|
64
58
|
|
65
59
|
private
|
66
60
|
|
67
|
-
def
|
68
|
-
|
61
|
+
def nested_params
|
62
|
+
map_nested_attributes_keys Order, params[:order] || {}
|
69
63
|
end
|
70
64
|
|
71
65
|
def order
|
72
66
|
@order ||= Order.find_by_number!(params[:id])
|
73
67
|
end
|
74
68
|
|
75
|
-
def next!
|
69
|
+
def next!(options={})
|
76
70
|
if @order.valid? && @order.next
|
77
|
-
render :show, :status => 200
|
71
|
+
render :show, :status => options[:status] || 200
|
78
72
|
else
|
79
73
|
render :could_not_transition, :status => 422
|
80
74
|
end
|
@@ -6,7 +6,7 @@ module Spree
|
|
6
6
|
before_filter :find_payment, :only => [:show, :authorize, :purchase, :capture, :void, :credit]
|
7
7
|
|
8
8
|
def index
|
9
|
-
@payments = @order.payments
|
9
|
+
@payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
10
10
|
end
|
11
11
|
|
12
12
|
def new
|
@@ -29,6 +29,10 @@ module Spree
|
|
29
29
|
perform_payment_action(:authorize)
|
30
30
|
end
|
31
31
|
|
32
|
+
def capture
|
33
|
+
perform_payment_action(:capture)
|
34
|
+
end
|
35
|
+
|
32
36
|
def purchase
|
33
37
|
perform_payment_action(:purchase)
|
34
38
|
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
module Spree
|
2
|
+
module Api
|
3
|
+
module V1
|
4
|
+
class ProductPropertiesController < Spree::Api::V1::BaseController
|
5
|
+
before_filter :find_product
|
6
|
+
before_filter :product_property, :only => [:show, :update, :destroy]
|
7
|
+
|
8
|
+
def index
|
9
|
+
@product_properties = @product.product_properties.
|
10
|
+
ransack(params[:q]).result
|
11
|
+
.page(params[:page]).per(params[:per_page])
|
12
|
+
end
|
13
|
+
|
14
|
+
def show
|
15
|
+
end
|
16
|
+
|
17
|
+
def new
|
18
|
+
end
|
19
|
+
|
20
|
+
def create
|
21
|
+
authorize! :create, ProductProperty
|
22
|
+
@product_property = @product.product_properties.new(params[:product_property])
|
23
|
+
if @product_property.save
|
24
|
+
render :show, :status => 201
|
25
|
+
else
|
26
|
+
invalid_resource!(@product_property)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def update
|
31
|
+
authorize! :update, ProductProperty
|
32
|
+
if @product_property && @product_property.update_attributes(params[:product_property])
|
33
|
+
render :show, :status => 200
|
34
|
+
else
|
35
|
+
invalid_resource!(@product_property)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def destroy
|
40
|
+
authorize! :delete, ProductProperty
|
41
|
+
if(@product_property)
|
42
|
+
@product_property.destroy
|
43
|
+
render :text => nil, :status => 204
|
44
|
+
else
|
45
|
+
invalid_resource!(@product_property)
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
private
|
51
|
+
def find_product
|
52
|
+
@product = super(params[:product_id])
|
53
|
+
end
|
54
|
+
|
55
|
+
def product_property
|
56
|
+
if @product
|
57
|
+
@product_property ||= @product.product_properties.find_by_id(params[:id])
|
58
|
+
@product_property ||= @product.product_properties.joins(:property).where('spree_properties.name' => params[:id]).readonly(false).first
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
@@ -3,12 +3,7 @@ module Spree
|
|
3
3
|
module V1
|
4
4
|
class ProductsController < Spree::Api::V1::BaseController
|
5
5
|
def index
|
6
|
-
@products = product_scope.page(params[:page])
|
7
|
-
end
|
8
|
-
|
9
|
-
def search
|
10
|
-
@products = product_scope.ransack(params[:q]).result.page(params[:page])
|
11
|
-
render :index
|
6
|
+
@products = product_scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
12
7
|
end
|
13
8
|
|
14
9
|
def show
|
@@ -44,7 +39,7 @@ module Spree
|
|
44
39
|
@product = find_product(params[:id])
|
45
40
|
@product.update_attribute(:deleted_at, Time.now)
|
46
41
|
@product.variants_including_master.update_all(:deleted_at => Time.now)
|
47
|
-
render :text => nil, :status =>
|
42
|
+
render :text => nil, :status => 204
|
48
43
|
end
|
49
44
|
end
|
50
45
|
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
module Spree
|
2
|
+
module Api
|
3
|
+
module V1
|
4
|
+
class ReturnAuthorizationsController < Spree::Api::V1::BaseController
|
5
|
+
before_filter :authorize_admin!
|
6
|
+
|
7
|
+
def index
|
8
|
+
@return_authorizations = order.return_authorizations.
|
9
|
+
ransack(params[:q]).result.
|
10
|
+
page(params[:page]).per(params[:per_page])
|
11
|
+
end
|
12
|
+
|
13
|
+
def show
|
14
|
+
@return_authorization = order.return_authorizations.find(params[:id])
|
15
|
+
end
|
16
|
+
|
17
|
+
def create
|
18
|
+
@return_authorization = order.return_authorizations.build(params[:return_authorization], :as => :api)
|
19
|
+
if @return_authorization.save
|
20
|
+
render :show, :status => 201
|
21
|
+
else
|
22
|
+
invalid_resource!(@return_authorization)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def update
|
27
|
+
@return_authorization = order.return_authorizations.find(params[:id])
|
28
|
+
if @return_authorization.update_attributes(params[:return_authorization])
|
29
|
+
render :show
|
30
|
+
else
|
31
|
+
invalid_resource!(@return_authorization)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def destroy
|
36
|
+
@return_authorization = order.return_authorizations.find(params[:id])
|
37
|
+
@return_authorization.destroy
|
38
|
+
render :text => nil, :status => 204
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
43
|
+
def order
|
44
|
+
@order ||= Order.find_by_number!(params[:order_id])
|
45
|
+
end
|
46
|
+
|
47
|
+
def authorize_admin!
|
48
|
+
authorize! :manage, Spree::ReturnAuthorization
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -6,6 +6,7 @@ module Spree
|
|
6
6
|
before_filter :find_and_update_shipment, :only => [:ship, :ready]
|
7
7
|
|
8
8
|
def ready
|
9
|
+
authorize! :read, Shipment
|
9
10
|
unless @shipment.ready?
|
10
11
|
@shipment.ready!
|
11
12
|
end
|
@@ -13,6 +14,7 @@ module Spree
|
|
13
14
|
end
|
14
15
|
|
15
16
|
def ship
|
17
|
+
authorize! :read, Shipment
|
16
18
|
unless @shipment.shipped?
|
17
19
|
@shipment.ship!
|
18
20
|
end
|
@@ -23,6 +25,7 @@ module Spree
|
|
23
25
|
|
24
26
|
def find_order
|
25
27
|
@order = Spree::Order.find_by_number!(params[:order_id])
|
28
|
+
authorize! :read, @order
|
26
29
|
end
|
27
30
|
|
28
31
|
def find_and_update_shipment
|
@@ -3,7 +3,10 @@ module Spree
|
|
3
3
|
module V1
|
4
4
|
class TaxonomiesController < Spree::Api::V1::BaseController
|
5
5
|
def index
|
6
|
-
@taxonomies = Taxonomy.
|
6
|
+
@taxonomies = Taxonomy.
|
7
|
+
order('name').includes(:root => :children).
|
8
|
+
ransack(params[:q]).result.
|
9
|
+
page(params[:page]).per(params[:per_page])
|
7
10
|
end
|
8
11
|
|
9
12
|
def show
|
@@ -32,7 +35,7 @@ module Spree
|
|
32
35
|
def destroy
|
33
36
|
authorize! :delete, Taxonomy
|
34
37
|
taxonomy.destroy
|
35
|
-
render :text => nil, :status =>
|
38
|
+
render :text => nil, :status => 204
|
36
39
|
end
|
37
40
|
|
38
41
|
private
|
@@ -5,7 +5,9 @@ module Spree
|
|
5
5
|
before_filter :product
|
6
6
|
|
7
7
|
def index
|
8
|
-
@variants = scope.
|
8
|
+
@variants = scope.
|
9
|
+
includes(:option_values).ransack(params[:q]).result.
|
10
|
+
page(params[:page]).per(params[:per_page])
|
9
11
|
end
|
10
12
|
|
11
13
|
def show
|
@@ -39,7 +41,7 @@ module Spree
|
|
39
41
|
authorize! :delete, Variant
|
40
42
|
@variant = scope.find(params[:id])
|
41
43
|
@variant.destroy
|
42
|
-
render :text => nil, :status =>
|
44
|
+
render :text => nil, :status => 204
|
43
45
|
end
|
44
46
|
|
45
47
|
private
|
@@ -48,7 +50,23 @@ module Spree
|
|
48
50
|
end
|
49
51
|
|
50
52
|
def scope
|
51
|
-
|
53
|
+
if @product
|
54
|
+
unless current_api_user.has_spree_role?("admin") || params[:show_deleted]
|
55
|
+
variants = @product.variants_including_master
|
56
|
+
else
|
57
|
+
variants = @product.variants_including_master_and_deleted
|
58
|
+
end
|
59
|
+
else
|
60
|
+
variants = Variant.scoped
|
61
|
+
if current_api_user.has_spree_role?("admin")
|
62
|
+
unless params[:show_deleted]
|
63
|
+
variants = Variant.active
|
64
|
+
end
|
65
|
+
else
|
66
|
+
variants = variants.active
|
67
|
+
end
|
68
|
+
end
|
69
|
+
variants
|
52
70
|
end
|
53
71
|
end
|
54
72
|
end
|
@@ -3,7 +3,7 @@ module Spree
|
|
3
3
|
module V1
|
4
4
|
class ZonesController < Spree::Api::V1::BaseController
|
5
5
|
def index
|
6
|
-
@zones = Zone.order('name ASC')
|
6
|
+
@zones = Zone.order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
7
7
|
end
|
8
8
|
|
9
9
|
def show
|
@@ -32,7 +32,7 @@ module Spree
|
|
32
32
|
def destroy
|
33
33
|
authorize! :delete, Zone
|
34
34
|
zone.destroy
|
35
|
-
render :text => nil, :status =>
|
35
|
+
render :text => nil, :status => 204
|
36
36
|
end
|
37
37
|
|
38
38
|
private
|