spree_api 1.2.0 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
- data/app/controllers/spree/api/v1/addresses_controller.rb +2 -0
- data/app/controllers/spree/api/v1/base_controller.rb +12 -3
- data/app/controllers/spree/api/v1/countries_controller.rb +4 -1
- data/app/controllers/spree/api/v1/images_controller.rb +4 -1
- data/app/controllers/spree/api/v1/line_items_controller.rb +1 -1
- data/app/controllers/spree/api/v1/orders_controller.rb +10 -16
- data/app/controllers/spree/api/v1/payments_controller.rb +5 -1
- data/app/controllers/spree/api/v1/product_properties_controller.rb +64 -0
- data/app/controllers/spree/api/v1/products_controller.rb +2 -7
- data/app/controllers/spree/api/v1/return_authorizations_controller.rb +53 -0
- data/app/controllers/spree/api/v1/shipments_controller.rb +3 -0
- data/app/controllers/spree/api/v1/taxonomies_controller.rb +5 -2
- data/app/controllers/spree/api/v1/taxons_controller.rb +1 -1
- data/app/controllers/spree/api/v1/variants_controller.rb +21 -3
- data/app/controllers/spree/api/v1/zones_controller.rb +2 -2
- data/app/helpers/spree/api/api_helpers.rb +8 -0
- data/app/models/spree/api_configuration.rb +5 -0
- data/app/models/spree/order_decorator.rb +1 -0
- data/app/views/spree/api/v1/countries/index.rabl +7 -2
- data/app/views/spree/api/v1/countries/show.rabl +2 -2
- data/app/views/spree/api/v1/orders/index.rabl +1 -1
- data/app/views/spree/api/v1/orders/show.rabl +4 -1
- data/app/views/spree/api/v1/payments/index.rabl +7 -2
- data/app/views/spree/api/v1/product_properties/index.rabl +7 -0
- data/app/views/spree/api/v1/product_properties/new.rabl +2 -0
- data/app/views/spree/api/v1/product_properties/show.rabl +2 -0
- data/app/views/spree/api/v1/products/index.rabl +2 -1
- data/app/views/spree/api/v1/return_authorizations/index.rabl +7 -0
- data/app/views/spree/api/v1/return_authorizations/new.rabl +3 -0
- data/app/views/spree/api/v1/return_authorizations/show.rabl +2 -0
- data/app/views/spree/api/v1/taxonomies/index.rabl +7 -2
- data/app/views/spree/api/v1/variants/index.rabl +10 -3
- data/app/views/spree/api/v1/zones/index.rabl +7 -2
- data/config/routes.rb +3 -8
- data/lib/spree/api/engine.rb +4 -0
- data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +29 -7
- data/spec/controllers/spree/api/v1/base_controller_spec.rb +1 -0
- data/spec/controllers/spree/api/v1/countries_controller_spec.rb +25 -1
- data/spec/controllers/spree/api/v1/images_controller_spec.rb +42 -21
- data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/v1/orders_controller_spec.rb +51 -1
- data/spec/controllers/spree/api/v1/payments_controller_spec.rb +44 -3
- data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +117 -0
- data/spec/controllers/spree/api/v1/products_controller_spec.rb +33 -17
- data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +155 -0
- data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +18 -3
- data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +22 -3
- data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +8 -3
- data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
- data/spec/controllers/spree/api/v1/variants_controller_spec.rb +68 -4
- data/spec/controllers/spree/api/v1/zones_controller_spec.rb +46 -11
- data/spec/shared_examples/protect_product_actions.rb +17 -0
- data/spec/spec_helper.rb +5 -0
- data/spree_api.gemspec +0 -1
- metadata +28 -22
|
@@ -4,10 +4,12 @@ module Spree
|
|
|
4
4
|
class AddressesController < Spree::Api::V1::BaseController
|
|
5
5
|
def show
|
|
6
6
|
@address = Address.find(params[:id])
|
|
7
|
+
authorize! :read, @address
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
def update
|
|
10
11
|
@address = Address.find(params[:id])
|
|
12
|
+
authorize! :read, @address
|
|
11
13
|
@address.update_attributes(params[:address])
|
|
12
14
|
render :show, :status => 200
|
|
13
15
|
end
|
|
@@ -7,7 +7,7 @@ module Spree
|
|
|
7
7
|
attr_accessor :current_api_user
|
|
8
8
|
|
|
9
9
|
before_filter :set_content_type
|
|
10
|
-
before_filter :check_for_api_key
|
|
10
|
+
before_filter :check_for_api_key, :if => :requires_authentication?
|
|
11
11
|
before_filter :authenticate_user
|
|
12
12
|
|
|
13
13
|
rescue_from CanCan::AccessDenied, :with => :unauthorized
|
|
@@ -41,8 +41,13 @@ module Spree
|
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def authenticate_user
|
|
44
|
-
|
|
45
|
-
|
|
44
|
+
if requires_authentication? || api_key.present?
|
|
45
|
+
unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
|
|
46
|
+
render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
|
|
47
|
+
end
|
|
48
|
+
else
|
|
49
|
+
# Effectively, an anonymous user
|
|
50
|
+
@current_api_user = Spree.user_class.new
|
|
46
51
|
end
|
|
47
52
|
end
|
|
48
53
|
|
|
@@ -50,6 +55,10 @@ module Spree
|
|
|
50
55
|
render "spree/api/v1/errors/unauthorized", :status => 401 and return
|
|
51
56
|
end
|
|
52
57
|
|
|
58
|
+
def requires_authentication?
|
|
59
|
+
Spree::Api::Config[:requires_authentication]
|
|
60
|
+
end
|
|
61
|
+
|
|
53
62
|
def not_found
|
|
54
63
|
render "spree/api/v1/errors/not_found", :status => 404 and return
|
|
55
64
|
end
|
|
@@ -3,7 +3,10 @@ module Spree
|
|
|
3
3
|
module V1
|
|
4
4
|
class CountriesController < Spree::Api::V1::BaseController
|
|
5
5
|
def index
|
|
6
|
-
@countries = Country.
|
|
6
|
+
@countries = Country.
|
|
7
|
+
ransack(params[:q]).result.
|
|
8
|
+
includes(:states).order('name ASC').
|
|
9
|
+
page(params[:page]).per(params[:per_page])
|
|
7
10
|
end
|
|
8
11
|
|
|
9
12
|
def show
|
|
@@ -7,20 +7,23 @@ module Spree
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def create
|
|
10
|
+
authorize! :create, Image
|
|
10
11
|
@image = Image.create(params[:image])
|
|
11
12
|
render :show, :status => 201
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
def update
|
|
16
|
+
authorize! :update, Image
|
|
15
17
|
@image = Image.find(params[:id])
|
|
16
18
|
@image.update_attributes(params[:image])
|
|
17
19
|
render :show, :status => 200
|
|
18
20
|
end
|
|
19
21
|
|
|
20
22
|
def destroy
|
|
23
|
+
authorize! :delete, Image
|
|
21
24
|
@image = Image.find(params[:id])
|
|
22
25
|
@image.destroy
|
|
23
|
-
render :text => nil
|
|
26
|
+
render :text => nil, :status => 204
|
|
24
27
|
end
|
|
25
28
|
|
|
26
29
|
end
|
|
@@ -2,31 +2,25 @@ module Spree
|
|
|
2
2
|
module Api
|
|
3
3
|
module V1
|
|
4
4
|
class OrdersController < Spree::Api::V1::BaseController
|
|
5
|
-
before_filter :map_nested_attributes, :only => [:create, :update]
|
|
6
5
|
before_filter :authorize_read!, :except => [:index, :search, :create]
|
|
7
6
|
|
|
8
7
|
def index
|
|
9
8
|
# should probably look at turning this into a CanCan step
|
|
10
9
|
raise CanCan::AccessDenied unless current_api_user.has_spree_role?("admin")
|
|
11
|
-
@orders = Order.page(params[:page]).per(params[:per_page])
|
|
10
|
+
@orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
|
12
11
|
end
|
|
13
12
|
|
|
14
13
|
def show
|
|
15
14
|
end
|
|
16
15
|
|
|
17
|
-
def search
|
|
18
|
-
@orders = Order.ransack(params[:q]).result.page(params[:page])
|
|
19
|
-
render :index
|
|
20
|
-
end
|
|
21
|
-
|
|
22
16
|
def create
|
|
23
|
-
@order = Order.build_from_api(current_api_user,
|
|
24
|
-
next!
|
|
17
|
+
@order = Order.build_from_api(current_api_user, nested_params)
|
|
18
|
+
next!(:status => 201)
|
|
25
19
|
end
|
|
26
20
|
|
|
27
21
|
def update
|
|
28
22
|
authorize! :update, Order
|
|
29
|
-
if order.update_attributes(
|
|
23
|
+
if order.update_attributes(nested_params)
|
|
30
24
|
order.update!
|
|
31
25
|
render :show
|
|
32
26
|
else
|
|
@@ -35,8 +29,8 @@ module Spree
|
|
|
35
29
|
end
|
|
36
30
|
|
|
37
31
|
def address
|
|
38
|
-
order.build_ship_address(params[:shipping_address])
|
|
39
|
-
order.build_bill_address(params[:billing_address])
|
|
32
|
+
order.build_ship_address(params[:shipping_address]) if params[:shipping_address]
|
|
33
|
+
order.build_bill_address(params[:billing_address]) if params[:billing_address]
|
|
40
34
|
next!
|
|
41
35
|
end
|
|
42
36
|
|
|
@@ -64,17 +58,17 @@ module Spree
|
|
|
64
58
|
|
|
65
59
|
private
|
|
66
60
|
|
|
67
|
-
def
|
|
68
|
-
|
|
61
|
+
def nested_params
|
|
62
|
+
map_nested_attributes_keys Order, params[:order] || {}
|
|
69
63
|
end
|
|
70
64
|
|
|
71
65
|
def order
|
|
72
66
|
@order ||= Order.find_by_number!(params[:id])
|
|
73
67
|
end
|
|
74
68
|
|
|
75
|
-
def next!
|
|
69
|
+
def next!(options={})
|
|
76
70
|
if @order.valid? && @order.next
|
|
77
|
-
render :show, :status => 200
|
|
71
|
+
render :show, :status => options[:status] || 200
|
|
78
72
|
else
|
|
79
73
|
render :could_not_transition, :status => 422
|
|
80
74
|
end
|
|
@@ -6,7 +6,7 @@ module Spree
|
|
|
6
6
|
before_filter :find_payment, :only => [:show, :authorize, :purchase, :capture, :void, :credit]
|
|
7
7
|
|
|
8
8
|
def index
|
|
9
|
-
@payments = @order.payments
|
|
9
|
+
@payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def new
|
|
@@ -29,6 +29,10 @@ module Spree
|
|
|
29
29
|
perform_payment_action(:authorize)
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
def capture
|
|
33
|
+
perform_payment_action(:capture)
|
|
34
|
+
end
|
|
35
|
+
|
|
32
36
|
def purchase
|
|
33
37
|
perform_payment_action(:purchase)
|
|
34
38
|
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
module Spree
|
|
2
|
+
module Api
|
|
3
|
+
module V1
|
|
4
|
+
class ProductPropertiesController < Spree::Api::V1::BaseController
|
|
5
|
+
before_filter :find_product
|
|
6
|
+
before_filter :product_property, :only => [:show, :update, :destroy]
|
|
7
|
+
|
|
8
|
+
def index
|
|
9
|
+
@product_properties = @product.product_properties.
|
|
10
|
+
ransack(params[:q]).result
|
|
11
|
+
.page(params[:page]).per(params[:per_page])
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def show
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def new
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def create
|
|
21
|
+
authorize! :create, ProductProperty
|
|
22
|
+
@product_property = @product.product_properties.new(params[:product_property])
|
|
23
|
+
if @product_property.save
|
|
24
|
+
render :show, :status => 201
|
|
25
|
+
else
|
|
26
|
+
invalid_resource!(@product_property)
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def update
|
|
31
|
+
authorize! :update, ProductProperty
|
|
32
|
+
if @product_property && @product_property.update_attributes(params[:product_property])
|
|
33
|
+
render :show, :status => 200
|
|
34
|
+
else
|
|
35
|
+
invalid_resource!(@product_property)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def destroy
|
|
40
|
+
authorize! :delete, ProductProperty
|
|
41
|
+
if(@product_property)
|
|
42
|
+
@product_property.destroy
|
|
43
|
+
render :text => nil, :status => 204
|
|
44
|
+
else
|
|
45
|
+
invalid_resource!(@product_property)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
private
|
|
51
|
+
def find_product
|
|
52
|
+
@product = super(params[:product_id])
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def product_property
|
|
56
|
+
if @product
|
|
57
|
+
@product_property ||= @product.product_properties.find_by_id(params[:id])
|
|
58
|
+
@product_property ||= @product.product_properties.joins(:property).where('spree_properties.name' => params[:id]).readonly(false).first
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
@@ -3,12 +3,7 @@ module Spree
|
|
|
3
3
|
module V1
|
|
4
4
|
class ProductsController < Spree::Api::V1::BaseController
|
|
5
5
|
def index
|
|
6
|
-
@products = product_scope.page(params[:page])
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
def search
|
|
10
|
-
@products = product_scope.ransack(params[:q]).result.page(params[:page])
|
|
11
|
-
render :index
|
|
6
|
+
@products = product_scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
|
12
7
|
end
|
|
13
8
|
|
|
14
9
|
def show
|
|
@@ -44,7 +39,7 @@ module Spree
|
|
|
44
39
|
@product = find_product(params[:id])
|
|
45
40
|
@product.update_attribute(:deleted_at, Time.now)
|
|
46
41
|
@product.variants_including_master.update_all(:deleted_at => Time.now)
|
|
47
|
-
render :text => nil, :status =>
|
|
42
|
+
render :text => nil, :status => 204
|
|
48
43
|
end
|
|
49
44
|
end
|
|
50
45
|
end
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
module Spree
|
|
2
|
+
module Api
|
|
3
|
+
module V1
|
|
4
|
+
class ReturnAuthorizationsController < Spree::Api::V1::BaseController
|
|
5
|
+
before_filter :authorize_admin!
|
|
6
|
+
|
|
7
|
+
def index
|
|
8
|
+
@return_authorizations = order.return_authorizations.
|
|
9
|
+
ransack(params[:q]).result.
|
|
10
|
+
page(params[:page]).per(params[:per_page])
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def show
|
|
14
|
+
@return_authorization = order.return_authorizations.find(params[:id])
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def create
|
|
18
|
+
@return_authorization = order.return_authorizations.build(params[:return_authorization], :as => :api)
|
|
19
|
+
if @return_authorization.save
|
|
20
|
+
render :show, :status => 201
|
|
21
|
+
else
|
|
22
|
+
invalid_resource!(@return_authorization)
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def update
|
|
27
|
+
@return_authorization = order.return_authorizations.find(params[:id])
|
|
28
|
+
if @return_authorization.update_attributes(params[:return_authorization])
|
|
29
|
+
render :show
|
|
30
|
+
else
|
|
31
|
+
invalid_resource!(@return_authorization)
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def destroy
|
|
36
|
+
@return_authorization = order.return_authorizations.find(params[:id])
|
|
37
|
+
@return_authorization.destroy
|
|
38
|
+
render :text => nil, :status => 204
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
private
|
|
42
|
+
|
|
43
|
+
def order
|
|
44
|
+
@order ||= Order.find_by_number!(params[:order_id])
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def authorize_admin!
|
|
48
|
+
authorize! :manage, Spree::ReturnAuthorization
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -6,6 +6,7 @@ module Spree
|
|
|
6
6
|
before_filter :find_and_update_shipment, :only => [:ship, :ready]
|
|
7
7
|
|
|
8
8
|
def ready
|
|
9
|
+
authorize! :read, Shipment
|
|
9
10
|
unless @shipment.ready?
|
|
10
11
|
@shipment.ready!
|
|
11
12
|
end
|
|
@@ -13,6 +14,7 @@ module Spree
|
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
def ship
|
|
17
|
+
authorize! :read, Shipment
|
|
16
18
|
unless @shipment.shipped?
|
|
17
19
|
@shipment.ship!
|
|
18
20
|
end
|
|
@@ -23,6 +25,7 @@ module Spree
|
|
|
23
25
|
|
|
24
26
|
def find_order
|
|
25
27
|
@order = Spree::Order.find_by_number!(params[:order_id])
|
|
28
|
+
authorize! :read, @order
|
|
26
29
|
end
|
|
27
30
|
|
|
28
31
|
def find_and_update_shipment
|
|
@@ -3,7 +3,10 @@ module Spree
|
|
|
3
3
|
module V1
|
|
4
4
|
class TaxonomiesController < Spree::Api::V1::BaseController
|
|
5
5
|
def index
|
|
6
|
-
@taxonomies = Taxonomy.
|
|
6
|
+
@taxonomies = Taxonomy.
|
|
7
|
+
order('name').includes(:root => :children).
|
|
8
|
+
ransack(params[:q]).result.
|
|
9
|
+
page(params[:page]).per(params[:per_page])
|
|
7
10
|
end
|
|
8
11
|
|
|
9
12
|
def show
|
|
@@ -32,7 +35,7 @@ module Spree
|
|
|
32
35
|
def destroy
|
|
33
36
|
authorize! :delete, Taxonomy
|
|
34
37
|
taxonomy.destroy
|
|
35
|
-
render :text => nil, :status =>
|
|
38
|
+
render :text => nil, :status => 204
|
|
36
39
|
end
|
|
37
40
|
|
|
38
41
|
private
|
|
@@ -5,7 +5,9 @@ module Spree
|
|
|
5
5
|
before_filter :product
|
|
6
6
|
|
|
7
7
|
def index
|
|
8
|
-
@variants = scope.
|
|
8
|
+
@variants = scope.
|
|
9
|
+
includes(:option_values).ransack(params[:q]).result.
|
|
10
|
+
page(params[:page]).per(params[:per_page])
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
def show
|
|
@@ -39,7 +41,7 @@ module Spree
|
|
|
39
41
|
authorize! :delete, Variant
|
|
40
42
|
@variant = scope.find(params[:id])
|
|
41
43
|
@variant.destroy
|
|
42
|
-
render :text => nil, :status =>
|
|
44
|
+
render :text => nil, :status => 204
|
|
43
45
|
end
|
|
44
46
|
|
|
45
47
|
private
|
|
@@ -48,7 +50,23 @@ module Spree
|
|
|
48
50
|
end
|
|
49
51
|
|
|
50
52
|
def scope
|
|
51
|
-
|
|
53
|
+
if @product
|
|
54
|
+
unless current_api_user.has_spree_role?("admin") || params[:show_deleted]
|
|
55
|
+
variants = @product.variants_including_master
|
|
56
|
+
else
|
|
57
|
+
variants = @product.variants_including_master_and_deleted
|
|
58
|
+
end
|
|
59
|
+
else
|
|
60
|
+
variants = Variant.scoped
|
|
61
|
+
if current_api_user.has_spree_role?("admin")
|
|
62
|
+
unless params[:show_deleted]
|
|
63
|
+
variants = Variant.active
|
|
64
|
+
end
|
|
65
|
+
else
|
|
66
|
+
variants = variants.active
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
variants
|
|
52
70
|
end
|
|
53
71
|
end
|
|
54
72
|
end
|
|
@@ -3,7 +3,7 @@ module Spree
|
|
|
3
3
|
module V1
|
|
4
4
|
class ZonesController < Spree::Api::V1::BaseController
|
|
5
5
|
def index
|
|
6
|
-
@zones = Zone.order('name ASC')
|
|
6
|
+
@zones = Zone.order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def show
|
|
@@ -32,7 +32,7 @@ module Spree
|
|
|
32
32
|
def destroy
|
|
33
33
|
authorize! :delete, Zone
|
|
34
34
|
zone.destroy
|
|
35
|
-
render :text => nil, :status =>
|
|
35
|
+
render :text => nil, :status => 204
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
private
|