RubyGems - spree_api - Versions diffs - 1.2.0 → 1.2.2 - Mend

spree_api 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

data/app/controllers/spree/api/v1/addresses_controller.rb CHANGED Viewed

@@ -4,10 +4,12 @@ module Spree
       class AddressesController < Spree::Api::V1::BaseController
         def show
           @address = Address.find(params[:id])
+          authorize! :read, @address
         end
         def update
           @address = Address.find(params[:id])
+          authorize! :read, @address
           @address.update_attributes(params[:address])
           render :show, :status => 200
         end

data/app/controllers/spree/api/v1/base_controller.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Spree
         attr_accessor :current_api_user
         before_filter :set_content_type
-        before_filter :check_for_api_key
+        before_filter :check_for_api_key, :if => :requires_authentication?
         before_filter :authenticate_user
         rescue_from CanCan::AccessDenied, :with => :unauthorized
@@ -41,8 +41,13 @@ module Spree
         end
         def authenticate_user
-          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
-            render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
+          if requires_authentication? || api_key.present?
+            unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
+              render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
+            end
+          else
+            # Effectively, an anonymous user
+            @current_api_user = Spree.user_class.new
           end
         end
@@ -50,6 +55,10 @@ module Spree
           render "spree/api/v1/errors/unauthorized", :status => 401 and return
         end
+        def requires_authentication?
+          Spree::Api::Config[:requires_authentication]
+        end
         def not_found
           render "spree/api/v1/errors/not_found", :status => 404 and return
         end

data/app/controllers/spree/api/v1/countries_controller.rb CHANGED Viewed

@@ -3,7 +3,10 @@ module Spree
     module V1
       class CountriesController < Spree::Api::V1::BaseController
         def index
-          @countries = Country.includes(:states).order('name ASC')
+          @countries = Country.
+                      ransack(params[:q]).result.
+                      includes(:states).order('name ASC').
+                      page(params[:page]).per(params[:per_page])
         end
         def show

data/app/controllers/spree/api/v1/images_controller.rb CHANGED Viewed

@@ -7,20 +7,23 @@ module Spree
         end
         def create
+          authorize! :create, Image
           @image = Image.create(params[:image])
           render :show, :status => 201
         end
         def update
+          authorize! :update, Image
           @image = Image.find(params[:id])
           @image.update_attributes(params[:image])
           render :show, :status => 200
         end
         def destroy
+          authorize! :delete, Image
           @image = Image.find(params[:id])
           @image.destroy
-          render :text => nil
+          render :text => nil, :status => 204
         end
       end

data/app/controllers/spree/api/v1/line_items_controller.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Spree
           authorize! :read, order
           @line_item = order.line_items.find(params[:id])
           @line_item.destroy
-          render :text => nil, :status => 200
+          render :text => nil, :status => 204
         end
         private

data/app/controllers/spree/api/v1/orders_controller.rb CHANGED Viewed

@@ -2,31 +2,25 @@ module Spree
   module Api
     module V1
       class OrdersController < Spree::Api::V1::BaseController
-        before_filter :map_nested_attributes, :only => [:create, :update]
         before_filter :authorize_read!, :except => [:index, :search, :create]
         def index
           # should probably look at turning this into a CanCan step
           raise CanCan::AccessDenied unless current_api_user.has_spree_role?("admin")
-          @orders = Order.page(params[:page]).per(params[:per_page])
+          @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         end
         def show
         end
-        def search
-          @orders = Order.ransack(params[:q]).result.page(params[:page])
-          render :index
-        end
         def create
-          @order = Order.build_from_api(current_api_user, @nested_params)
-          next!
+          @order = Order.build_from_api(current_api_user, nested_params)
+          next!(:status => 201)
         end
         def update
           authorize! :update, Order
-          if order.update_attributes(@nested_params)
+          if order.update_attributes(nested_params)
             order.update!
             render :show
           else
@@ -35,8 +29,8 @@ module Spree
         end
         def address
-          order.build_ship_address(params[:shipping_address])
-          order.build_bill_address(params[:billing_address])
+          order.build_ship_address(params[:shipping_address]) if params[:shipping_address]
+          order.build_bill_address(params[:billing_address]) if params[:billing_address]
           next!
         end
@@ -64,17 +58,17 @@ module Spree
         private
-        def map_nested_attributes
-          @nested_params = map_nested_attributes_keys Order, params[:order]
+        def nested_params
+          map_nested_attributes_keys Order, params[:order] || {}
         end
         def order
           @order ||= Order.find_by_number!(params[:id])
         end
-        def next!
+        def next!(options={})
           if @order.valid? && @order.next
-            render :show, :status => 200
+            render :show, :status => options[:status] || 200
           else
             render :could_not_transition, :status => 422
           end

data/app/controllers/spree/api/v1/payments_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Spree
         before_filter :find_payment, :only => [:show, :authorize, :purchase, :capture, :void, :credit]
         def index
-          @payments = @order.payments
+          @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         end
         def new
@@ -29,6 +29,10 @@ module Spree
           perform_payment_action(:authorize)
         end
+        def capture
+          perform_payment_action(:capture)
+        end
         def purchase
           perform_payment_action(:purchase)
         end

data/app/controllers/spree/api/v1/product_properties_controller.rb ADDED Viewed

@@ -0,0 +1,64 @@
+module Spree
+  module Api
+    module V1
+      class ProductPropertiesController < Spree::Api::V1::BaseController
+        before_filter :find_product
+        before_filter :product_property, :only => [:show, :update, :destroy]
+        def index
+          @product_properties = @product.product_properties.
+                                ransack(params[:q]).result
+                                .page(params[:page]).per(params[:per_page])
+        end
+        def show
+        end
+        def new
+        end
+        def create
+          authorize! :create, ProductProperty
+          @product_property = @product.product_properties.new(params[:product_property])
+          if @product_property.save
+            render :show, :status => 201
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+        def update
+          authorize! :update, ProductProperty
+          if @product_property  && @product_property.update_attributes(params[:product_property])
+            render :show, :status => 200
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+        def destroy
+          authorize! :delete, ProductProperty
+          if(@product_property)
+            @product_property.destroy
+            render :text => nil, :status => 204
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+        private
+          def find_product
+            @product = super(params[:product_id])
+          end
+          def product_property
+            if @product
+              @product_property ||= @product.product_properties.find_by_id(params[:id])
+              @product_property ||= @product.product_properties.joins(:property).where('spree_properties.name' => params[:id]).readonly(false).first
+            end
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/products_controller.rb CHANGED Viewed

@@ -3,12 +3,7 @@ module Spree
     module V1
       class ProductsController < Spree::Api::V1::BaseController
         def index
-          @products = product_scope.page(params[:page])
-        end
-        def search
-          @products = product_scope.ransack(params[:q]).result.page(params[:page])
-          render :index
+          @products = product_scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         end
         def show
@@ -44,7 +39,7 @@ module Spree
           @product = find_product(params[:id])
           @product.update_attribute(:deleted_at, Time.now)
           @product.variants_including_master.update_all(:deleted_at => Time.now)
-          render :text => nil, :status => 200
+          render :text => nil, :status => 204
         end
       end
     end

data/app/controllers/spree/api/v1/return_authorizations_controller.rb ADDED Viewed

@@ -0,0 +1,53 @@
+module Spree
+  module Api
+    module V1
+      class ReturnAuthorizationsController < Spree::Api::V1::BaseController
+        before_filter :authorize_admin!
+        def index
+          @return_authorizations = order.return_authorizations.
+                                   ransack(params[:q]).result.
+                                   page(params[:page]).per(params[:per_page])
+        end
+        def show
+          @return_authorization = order.return_authorizations.find(params[:id])
+        end
+        def create
+          @return_authorization = order.return_authorizations.build(params[:return_authorization], :as => :api)
+          if @return_authorization.save
+            render :show, :status => 201
+          else
+            invalid_resource!(@return_authorization)
+          end
+        end
+        def update
+          @return_authorization = order.return_authorizations.find(params[:id])
+          if @return_authorization.update_attributes(params[:return_authorization])
+            render :show
+          else
+            invalid_resource!(@return_authorization)
+          end
+        end
+        def destroy
+          @return_authorization = order.return_authorizations.find(params[:id])
+          @return_authorization.destroy
+          render :text => nil, :status => 204
+        end
+        private
+        def order
+          @order ||= Order.find_by_number!(params[:order_id])
+        end
+        def authorize_admin!
+          authorize! :manage, Spree::ReturnAuthorization
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/shipments_controller.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module Spree
         before_filter :find_and_update_shipment, :only => [:ship, :ready]
         def ready
+          authorize! :read, Shipment
           unless @shipment.ready?
             @shipment.ready!
           end
@@ -13,6 +14,7 @@ module Spree
         end
         def ship
+          authorize! :read, Shipment
           unless @shipment.shipped?
             @shipment.ship!
           end
@@ -23,6 +25,7 @@ module Spree
         def find_order
           @order = Spree::Order.find_by_number!(params[:order_id])
+          authorize! :read, @order
         end
         def find_and_update_shipment

data/app/controllers/spree/api/v1/taxonomies_controller.rb CHANGED Viewed

@@ -3,7 +3,10 @@ module Spree
     module V1
       class TaxonomiesController < Spree::Api::V1::BaseController
         def index
-          @taxonomies = Taxonomy.order('name').includes(:root => :children)
+          @taxonomies = Taxonomy.
+                        order('name').includes(:root => :children).
+                        ransack(params[:q]).result.
+                        page(params[:page]).per(params[:per_page])
         end
         def show
@@ -32,7 +35,7 @@ module Spree
         def destroy
           authorize! :delete, Taxonomy
           taxonomy.destroy
-          render :text => nil, :status => 200
+          render :text => nil, :status => 204
         end
         private

data/app/controllers/spree/api/v1/taxons_controller.rb CHANGED Viewed

@@ -32,7 +32,7 @@ module Spree
         def destroy
           authorize! :delete, Taxon
           taxon.destroy
-          render :text => nil, :status => 200
+          render :text => nil, :status => 204
         end
         private

data/app/controllers/spree/api/v1/variants_controller.rb CHANGED Viewed

@@ -5,7 +5,9 @@ module Spree
         before_filter :product
         def index
-          @variants = scope.includes(:option_values).scoped
+          @variants = scope.
+                      includes(:option_values).ransack(params[:q]).result.
+                      page(params[:page]).per(params[:per_page])
         end
         def show
@@ -39,7 +41,7 @@ module Spree
           authorize! :delete, Variant
           @variant = scope.find(params[:id])
           @variant.destroy
-          render :text => nil, :status => 200
+          render :text => nil, :status => 204
         end
         private
@@ -48,7 +50,23 @@ module Spree
           end
           def scope
-            @product ? @product.variants_including_master : Variant
+            if @product
+              unless current_api_user.has_spree_role?("admin") || params[:show_deleted]
+                variants = @product.variants_including_master
+              else
+                variants = @product.variants_including_master_and_deleted
+              end
+            else
+              variants = Variant.scoped
+              if current_api_user.has_spree_role?("admin")
+                unless params[:show_deleted]
+                  variants = Variant.active
+                end
+              else
+                variants = variants.active
+              end
+            end
+            variants
           end
       end
     end

data/app/controllers/spree/api/v1/zones_controller.rb CHANGED Viewed

@@ -3,7 +3,7 @@ module Spree
     module V1
       class ZonesController < Spree::Api::V1::BaseController
         def index
-          @zones = Zone.order('name ASC')
+          @zones = Zone.order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         end
         def show
@@ -32,7 +32,7 @@ module Spree
         def destroy
           authorize! :delete, Zone
           zone.destroy
-          render :text => nil, :status => 200
+          render :text => nil, :status => 204
         end
         private