spree_api 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. data/app/controllers/spree/api/v1/addresses_controller.rb +2 -0
  2. data/app/controllers/spree/api/v1/base_controller.rb +12 -3
  3. data/app/controllers/spree/api/v1/countries_controller.rb +4 -1
  4. data/app/controllers/spree/api/v1/images_controller.rb +4 -1
  5. data/app/controllers/spree/api/v1/line_items_controller.rb +1 -1
  6. data/app/controllers/spree/api/v1/orders_controller.rb +10 -16
  7. data/app/controllers/spree/api/v1/payments_controller.rb +5 -1
  8. data/app/controllers/spree/api/v1/product_properties_controller.rb +64 -0
  9. data/app/controllers/spree/api/v1/products_controller.rb +2 -7
  10. data/app/controllers/spree/api/v1/return_authorizations_controller.rb +53 -0
  11. data/app/controllers/spree/api/v1/shipments_controller.rb +3 -0
  12. data/app/controllers/spree/api/v1/taxonomies_controller.rb +5 -2
  13. data/app/controllers/spree/api/v1/taxons_controller.rb +1 -1
  14. data/app/controllers/spree/api/v1/variants_controller.rb +21 -3
  15. data/app/controllers/spree/api/v1/zones_controller.rb +2 -2
  16. data/app/helpers/spree/api/api_helpers.rb +8 -0
  17. data/app/models/spree/api_configuration.rb +5 -0
  18. data/app/models/spree/order_decorator.rb +1 -0
  19. data/app/views/spree/api/v1/countries/index.rabl +7 -2
  20. data/app/views/spree/api/v1/countries/show.rabl +2 -2
  21. data/app/views/spree/api/v1/orders/index.rabl +1 -1
  22. data/app/views/spree/api/v1/orders/show.rabl +4 -1
  23. data/app/views/spree/api/v1/payments/index.rabl +7 -2
  24. data/app/views/spree/api/v1/product_properties/index.rabl +7 -0
  25. data/app/views/spree/api/v1/product_properties/new.rabl +2 -0
  26. data/app/views/spree/api/v1/product_properties/show.rabl +2 -0
  27. data/app/views/spree/api/v1/products/index.rabl +2 -1
  28. data/app/views/spree/api/v1/return_authorizations/index.rabl +7 -0
  29. data/app/views/spree/api/v1/return_authorizations/new.rabl +3 -0
  30. data/app/views/spree/api/v1/return_authorizations/show.rabl +2 -0
  31. data/app/views/spree/api/v1/taxonomies/index.rabl +7 -2
  32. data/app/views/spree/api/v1/variants/index.rabl +10 -3
  33. data/app/views/spree/api/v1/zones/index.rabl +7 -2
  34. data/config/routes.rb +3 -8
  35. data/lib/spree/api/engine.rb +4 -0
  36. data/spec/controllers/spree/api/v1/addresses_controller_spec.rb +29 -7
  37. data/spec/controllers/spree/api/v1/base_controller_spec.rb +1 -0
  38. data/spec/controllers/spree/api/v1/countries_controller_spec.rb +25 -1
  39. data/spec/controllers/spree/api/v1/images_controller_spec.rb +42 -21
  40. data/spec/controllers/spree/api/v1/line_items_controller_spec.rb +1 -1
  41. data/spec/controllers/spree/api/v1/orders_controller_spec.rb +51 -1
  42. data/spec/controllers/spree/api/v1/payments_controller_spec.rb +44 -3
  43. data/spec/controllers/spree/api/v1/product_properties_controller_spec.rb +117 -0
  44. data/spec/controllers/spree/api/v1/products_controller_spec.rb +33 -17
  45. data/spec/controllers/spree/api/v1/return_authorizations_controller_spec.rb +155 -0
  46. data/spec/controllers/spree/api/v1/shipments_controller_spec.rb +18 -3
  47. data/spec/controllers/spree/api/v1/taxonomies_controller_spec.rb +22 -3
  48. data/spec/controllers/spree/api/v1/taxons_controller_spec.rb +8 -3
  49. data/spec/controllers/spree/api/v1/unauthenticated_products_controller_spec.rb +26 -0
  50. data/spec/controllers/spree/api/v1/variants_controller_spec.rb +68 -4
  51. data/spec/controllers/spree/api/v1/zones_controller_spec.rb +46 -11
  52. data/spec/shared_examples/protect_product_actions.rb +17 -0
  53. data/spec/spec_helper.rb +5 -0
  54. data/spree_api.gemspec +0 -1
  55. metadata +28 -22
@@ -4,10 +4,12 @@ module Spree
4
4
  class AddressesController < Spree::Api::V1::BaseController
5
5
  def show
6
6
  @address = Address.find(params[:id])
7
+ authorize! :read, @address
7
8
  end
8
9
 
9
10
  def update
10
11
  @address = Address.find(params[:id])
12
+ authorize! :read, @address
11
13
  @address.update_attributes(params[:address])
12
14
  render :show, :status => 200
13
15
  end
@@ -7,7 +7,7 @@ module Spree
7
7
  attr_accessor :current_api_user
8
8
 
9
9
  before_filter :set_content_type
10
- before_filter :check_for_api_key
10
+ before_filter :check_for_api_key, :if => :requires_authentication?
11
11
  before_filter :authenticate_user
12
12
 
13
13
  rescue_from CanCan::AccessDenied, :with => :unauthorized
@@ -41,8 +41,13 @@ module Spree
41
41
  end
42
42
 
43
43
  def authenticate_user
44
- unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
45
- render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
44
+ if requires_authentication? || api_key.present?
45
+ unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
46
+ render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
47
+ end
48
+ else
49
+ # Effectively, an anonymous user
50
+ @current_api_user = Spree.user_class.new
46
51
  end
47
52
  end
48
53
 
@@ -50,6 +55,10 @@ module Spree
50
55
  render "spree/api/v1/errors/unauthorized", :status => 401 and return
51
56
  end
52
57
 
58
+ def requires_authentication?
59
+ Spree::Api::Config[:requires_authentication]
60
+ end
61
+
53
62
  def not_found
54
63
  render "spree/api/v1/errors/not_found", :status => 404 and return
55
64
  end
@@ -3,7 +3,10 @@ module Spree
3
3
  module V1
4
4
  class CountriesController < Spree::Api::V1::BaseController
5
5
  def index
6
- @countries = Country.includes(:states).order('name ASC')
6
+ @countries = Country.
7
+ ransack(params[:q]).result.
8
+ includes(:states).order('name ASC').
9
+ page(params[:page]).per(params[:per_page])
7
10
  end
8
11
 
9
12
  def show
@@ -7,20 +7,23 @@ module Spree
7
7
  end
8
8
 
9
9
  def create
10
+ authorize! :create, Image
10
11
  @image = Image.create(params[:image])
11
12
  render :show, :status => 201
12
13
  end
13
14
 
14
15
  def update
16
+ authorize! :update, Image
15
17
  @image = Image.find(params[:id])
16
18
  @image.update_attributes(params[:image])
17
19
  render :show, :status => 200
18
20
  end
19
21
 
20
22
  def destroy
23
+ authorize! :delete, Image
21
24
  @image = Image.find(params[:id])
22
25
  @image.destroy
23
- render :text => nil
26
+ render :text => nil, :status => 204
24
27
  end
25
28
 
26
29
  end
@@ -26,7 +26,7 @@ module Spree
26
26
  authorize! :read, order
27
27
  @line_item = order.line_items.find(params[:id])
28
28
  @line_item.destroy
29
- render :text => nil, :status => 200
29
+ render :text => nil, :status => 204
30
30
  end
31
31
 
32
32
  private
@@ -2,31 +2,25 @@ module Spree
2
2
  module Api
3
3
  module V1
4
4
  class OrdersController < Spree::Api::V1::BaseController
5
- before_filter :map_nested_attributes, :only => [:create, :update]
6
5
  before_filter :authorize_read!, :except => [:index, :search, :create]
7
6
 
8
7
  def index
9
8
  # should probably look at turning this into a CanCan step
10
9
  raise CanCan::AccessDenied unless current_api_user.has_spree_role?("admin")
11
- @orders = Order.page(params[:page]).per(params[:per_page])
10
+ @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
12
11
  end
13
12
 
14
13
  def show
15
14
  end
16
15
 
17
- def search
18
- @orders = Order.ransack(params[:q]).result.page(params[:page])
19
- render :index
20
- end
21
-
22
16
  def create
23
- @order = Order.build_from_api(current_api_user, @nested_params)
24
- next!
17
+ @order = Order.build_from_api(current_api_user, nested_params)
18
+ next!(:status => 201)
25
19
  end
26
20
 
27
21
  def update
28
22
  authorize! :update, Order
29
- if order.update_attributes(@nested_params)
23
+ if order.update_attributes(nested_params)
30
24
  order.update!
31
25
  render :show
32
26
  else
@@ -35,8 +29,8 @@ module Spree
35
29
  end
36
30
 
37
31
  def address
38
- order.build_ship_address(params[:shipping_address])
39
- order.build_bill_address(params[:billing_address])
32
+ order.build_ship_address(params[:shipping_address]) if params[:shipping_address]
33
+ order.build_bill_address(params[:billing_address]) if params[:billing_address]
40
34
  next!
41
35
  end
42
36
 
@@ -64,17 +58,17 @@ module Spree
64
58
 
65
59
  private
66
60
 
67
- def map_nested_attributes
68
- @nested_params = map_nested_attributes_keys Order, params[:order]
61
+ def nested_params
62
+ map_nested_attributes_keys Order, params[:order] || {}
69
63
  end
70
64
 
71
65
  def order
72
66
  @order ||= Order.find_by_number!(params[:id])
73
67
  end
74
68
 
75
- def next!
69
+ def next!(options={})
76
70
  if @order.valid? && @order.next
77
- render :show, :status => 200
71
+ render :show, :status => options[:status] || 200
78
72
  else
79
73
  render :could_not_transition, :status => 422
80
74
  end
@@ -6,7 +6,7 @@ module Spree
6
6
  before_filter :find_payment, :only => [:show, :authorize, :purchase, :capture, :void, :credit]
7
7
 
8
8
  def index
9
- @payments = @order.payments
9
+ @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
10
10
  end
11
11
 
12
12
  def new
@@ -29,6 +29,10 @@ module Spree
29
29
  perform_payment_action(:authorize)
30
30
  end
31
31
 
32
+ def capture
33
+ perform_payment_action(:capture)
34
+ end
35
+
32
36
  def purchase
33
37
  perform_payment_action(:purchase)
34
38
  end
@@ -0,0 +1,64 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class ProductPropertiesController < Spree::Api::V1::BaseController
5
+ before_filter :find_product
6
+ before_filter :product_property, :only => [:show, :update, :destroy]
7
+
8
+ def index
9
+ @product_properties = @product.product_properties.
10
+ ransack(params[:q]).result
11
+ .page(params[:page]).per(params[:per_page])
12
+ end
13
+
14
+ def show
15
+ end
16
+
17
+ def new
18
+ end
19
+
20
+ def create
21
+ authorize! :create, ProductProperty
22
+ @product_property = @product.product_properties.new(params[:product_property])
23
+ if @product_property.save
24
+ render :show, :status => 201
25
+ else
26
+ invalid_resource!(@product_property)
27
+ end
28
+ end
29
+
30
+ def update
31
+ authorize! :update, ProductProperty
32
+ if @product_property && @product_property.update_attributes(params[:product_property])
33
+ render :show, :status => 200
34
+ else
35
+ invalid_resource!(@product_property)
36
+ end
37
+ end
38
+
39
+ def destroy
40
+ authorize! :delete, ProductProperty
41
+ if(@product_property)
42
+ @product_property.destroy
43
+ render :text => nil, :status => 204
44
+ else
45
+ invalid_resource!(@product_property)
46
+ end
47
+
48
+ end
49
+
50
+ private
51
+ def find_product
52
+ @product = super(params[:product_id])
53
+ end
54
+
55
+ def product_property
56
+ if @product
57
+ @product_property ||= @product.product_properties.find_by_id(params[:id])
58
+ @product_property ||= @product.product_properties.joins(:property).where('spree_properties.name' => params[:id]).readonly(false).first
59
+ end
60
+ end
61
+ end
62
+ end
63
+ end
64
+ end
@@ -3,12 +3,7 @@ module Spree
3
3
  module V1
4
4
  class ProductsController < Spree::Api::V1::BaseController
5
5
  def index
6
- @products = product_scope.page(params[:page])
7
- end
8
-
9
- def search
10
- @products = product_scope.ransack(params[:q]).result.page(params[:page])
11
- render :index
6
+ @products = product_scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
12
7
  end
13
8
 
14
9
  def show
@@ -44,7 +39,7 @@ module Spree
44
39
  @product = find_product(params[:id])
45
40
  @product.update_attribute(:deleted_at, Time.now)
46
41
  @product.variants_including_master.update_all(:deleted_at => Time.now)
47
- render :text => nil, :status => 200
42
+ render :text => nil, :status => 204
48
43
  end
49
44
  end
50
45
  end
@@ -0,0 +1,53 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class ReturnAuthorizationsController < Spree::Api::V1::BaseController
5
+ before_filter :authorize_admin!
6
+
7
+ def index
8
+ @return_authorizations = order.return_authorizations.
9
+ ransack(params[:q]).result.
10
+ page(params[:page]).per(params[:per_page])
11
+ end
12
+
13
+ def show
14
+ @return_authorization = order.return_authorizations.find(params[:id])
15
+ end
16
+
17
+ def create
18
+ @return_authorization = order.return_authorizations.build(params[:return_authorization], :as => :api)
19
+ if @return_authorization.save
20
+ render :show, :status => 201
21
+ else
22
+ invalid_resource!(@return_authorization)
23
+ end
24
+ end
25
+
26
+ def update
27
+ @return_authorization = order.return_authorizations.find(params[:id])
28
+ if @return_authorization.update_attributes(params[:return_authorization])
29
+ render :show
30
+ else
31
+ invalid_resource!(@return_authorization)
32
+ end
33
+ end
34
+
35
+ def destroy
36
+ @return_authorization = order.return_authorizations.find(params[:id])
37
+ @return_authorization.destroy
38
+ render :text => nil, :status => 204
39
+ end
40
+
41
+ private
42
+
43
+ def order
44
+ @order ||= Order.find_by_number!(params[:order_id])
45
+ end
46
+
47
+ def authorize_admin!
48
+ authorize! :manage, Spree::ReturnAuthorization
49
+ end
50
+ end
51
+ end
52
+ end
53
+ end
@@ -6,6 +6,7 @@ module Spree
6
6
  before_filter :find_and_update_shipment, :only => [:ship, :ready]
7
7
 
8
8
  def ready
9
+ authorize! :read, Shipment
9
10
  unless @shipment.ready?
10
11
  @shipment.ready!
11
12
  end
@@ -13,6 +14,7 @@ module Spree
13
14
  end
14
15
 
15
16
  def ship
17
+ authorize! :read, Shipment
16
18
  unless @shipment.shipped?
17
19
  @shipment.ship!
18
20
  end
@@ -23,6 +25,7 @@ module Spree
23
25
 
24
26
  def find_order
25
27
  @order = Spree::Order.find_by_number!(params[:order_id])
28
+ authorize! :read, @order
26
29
  end
27
30
 
28
31
  def find_and_update_shipment
@@ -3,7 +3,10 @@ module Spree
3
3
  module V1
4
4
  class TaxonomiesController < Spree::Api::V1::BaseController
5
5
  def index
6
- @taxonomies = Taxonomy.order('name').includes(:root => :children)
6
+ @taxonomies = Taxonomy.
7
+ order('name').includes(:root => :children).
8
+ ransack(params[:q]).result.
9
+ page(params[:page]).per(params[:per_page])
7
10
  end
8
11
 
9
12
  def show
@@ -32,7 +35,7 @@ module Spree
32
35
  def destroy
33
36
  authorize! :delete, Taxonomy
34
37
  taxonomy.destroy
35
- render :text => nil, :status => 200
38
+ render :text => nil, :status => 204
36
39
  end
37
40
 
38
41
  private
@@ -32,7 +32,7 @@ module Spree
32
32
  def destroy
33
33
  authorize! :delete, Taxon
34
34
  taxon.destroy
35
- render :text => nil, :status => 200
35
+ render :text => nil, :status => 204
36
36
  end
37
37
 
38
38
  private
@@ -5,7 +5,9 @@ module Spree
5
5
  before_filter :product
6
6
 
7
7
  def index
8
- @variants = scope.includes(:option_values).scoped
8
+ @variants = scope.
9
+ includes(:option_values).ransack(params[:q]).result.
10
+ page(params[:page]).per(params[:per_page])
9
11
  end
10
12
 
11
13
  def show
@@ -39,7 +41,7 @@ module Spree
39
41
  authorize! :delete, Variant
40
42
  @variant = scope.find(params[:id])
41
43
  @variant.destroy
42
- render :text => nil, :status => 200
44
+ render :text => nil, :status => 204
43
45
  end
44
46
 
45
47
  private
@@ -48,7 +50,23 @@ module Spree
48
50
  end
49
51
 
50
52
  def scope
51
- @product ? @product.variants_including_master : Variant
53
+ if @product
54
+ unless current_api_user.has_spree_role?("admin") || params[:show_deleted]
55
+ variants = @product.variants_including_master
56
+ else
57
+ variants = @product.variants_including_master_and_deleted
58
+ end
59
+ else
60
+ variants = Variant.scoped
61
+ if current_api_user.has_spree_role?("admin")
62
+ unless params[:show_deleted]
63
+ variants = Variant.active
64
+ end
65
+ else
66
+ variants = variants.active
67
+ end
68
+ end
69
+ variants
52
70
  end
53
71
  end
54
72
  end
@@ -3,7 +3,7 @@ module Spree
3
3
  module V1
4
4
  class ZonesController < Spree::Api::V1::BaseController
5
5
  def index
6
- @zones = Zone.order('name ASC')
6
+ @zones = Zone.order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
7
7
  end
8
8
 
9
9
  def show
@@ -32,7 +32,7 @@ module Spree
32
32
  def destroy
33
33
  authorize! :delete, Zone
34
34
  zone.destroy
35
- render :text => nil, :status => 200
35
+ render :text => nil, :status => 204
36
36
  end
37
37
 
38
38
  private