spree_api 2.1.3 → 2.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 40032b519232965869e9496c081b35073f3befff
-  data.tar.gz: 27e40bed61616ece0b4b48f569296a878d855549
+  metadata.gz: da64860eaa54da1c5ba845f1fd54be3ec32e8448
+  data.tar.gz: 57c74349900a703c6cd975f8122f737f94445eb4
 SHA512:
-  metadata.gz: 328477374d05ceee8eaa930ffe6cce7cf379c61cf7398a1655c3e2c82d8647a40984862e7f436ad3456742cdbca0f43cd5f02b9dadb52a197e602b9f1d30748f
-  data.tar.gz: e82687169737c1f7c6de712fc5bd9076bc894caa961d474972021b1748e5d07e9dcfb5c2d476abbfed69f9ec73a082dd9fd7c93194e92d57b0f1ada388ed2a73
+  metadata.gz: 12207992e0a6c2e32c9abdee96f73c730d7458c7cf1deb093ad4c9afb8375fd32d25722c21810e439a5a5e8fdfbe0823d4860599e615e391f525d2bd1ff33041
+  data.tar.gz: 70ddcff216eb03cabeb859c3a20f606241885424c54ce8c4608999e34cb5db9db0b14ce768181f4e8224005ac4d05b52f03811dd2f7e4479bd3f35853cd3c581

data/CHANGELOG.md

@@ -1,18 +1,29 @@
-## Spree 2.1.3 ##
+## Spree 2.1.4 (unreleased) ##
 
-*   ApiHelpers attributes can now be extended without overriding instance
-    methods. By using the same approach in PermittedAttributes. e.g.
+* Cached products/show template, which can lead to drastically (65x) faster loading times on product requests.
 
-        Spree::Api::ApiHelpers.order_attributes.push :locked_at
-    
-    Washington Luiz
+    Ryan Bigg
 
-*   Admin users can set the order channel when importing orders. By sing the
-    channel attribute on Order model
+* The parts that make up an order's response from /api/orders/:num are cached, which can lead to a 5x improvement of speed for this API endpoint. 00e92054caba9689c0f8ed913240668039b6e8de
 
-    Washington Luiz
+    Ryan Bigg
 
-*   An order's shipments are now destroyed (to be recreated) when an order is assigned a new line item through the API. #3914
+* Cached variant objects which can lead to slightly faster loading times (4x) for each variant.
 
-    Washington Luiz
+    Ryan Bigg
 
+* Added a route to allow for /api/variants/:id requests
+
+    Ryan Bigg
+
+* Taxons can now be gathered without their children with the `?without_children=1` query parameter. #4112
+
+    Ryan Bigg
+
+* Orders on the `/api/orders/mine` endpoint can now be paginated and searched. #4099
+
+    Richard Nuno
+
+* Order token can now be passed as a header: `X-Spree-Order-Token`. #4148
+
+    Lucjan Suski (methyl)

data/app/controllers/spree/api/addresses_controller.rb

@@ -4,13 +4,13 @@ module Spree
       before_filter :find_order
 
       def show
-        authorize! :read, @order, params[:order_token]
+        authorize! :read, @order, order_token
         find_address
         respond_with(@address)
       end
 
       def update
-        authorize! :update, @order, params[:order_token]
+        authorize! :update, @order, order_token
         find_address
 
         if @address.update_attributes(address_params)
@@ -38,6 +38,10 @@ module Spree
             raise CanCan::AccessDenied
           end
         end
+
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end

data/app/controllers/spree/api/checkouts_controller.rb

@@ -16,7 +16,7 @@ module Spree
       end
 
       def next
-        authorize! :update, @order, params[:order_token]
+        authorize! :update, @order, order_token
         @order.next!
         respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
       rescue StateMachine::InvalidTransition
@@ -24,7 +24,7 @@ module Spree
       end
 
       def advance
-        authorize! :update, @order, params[:order_token]
+        authorize! :update, @order, order_token
         while @order.next; end
         respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
       end
@@ -34,7 +34,7 @@ module Spree
       end
 
       def update
-        authorize! :update, @order, params[:order_token]
+        authorize! :update, @order, order_token
         order_params = object_params
         line_items = order_params.delete('line_items_attributes')
         if @order.update_attributes(order_params)
@@ -131,6 +131,10 @@ module Spree
           end
           false
         end
+
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end

data/app/controllers/spree/api/line_items_controller.rb

@@ -33,12 +33,16 @@ module Spree
 
         def order
           @order ||= Spree::Order.find_by!(number: params[:order_id])
-          authorize! :update, @order, params[:order_token]
+          authorize! :update, @order, order_token
         end
 
         def line_item_params
           params.require(:line_item).permit(:quantity, :variant_id)
         end
+
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end

data/app/controllers/spree/api/orders_controller.rb

@@ -60,13 +60,22 @@ module Spree
           invalid_resource!(@order)
         end
       end
+      
+      def mine
+        if current_api_user.persisted?
+          @orders = current_api_user.orders.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        else
+          render "spree/api/errors/unauthorized", status: :unauthorized
+        end
+      end
 
       private
         def deal_with_line_items
-          line_item_attributes = params[:order][:line_items].map do |id, attributes|
-            [id, attributes.slice(*permitted_line_item_attributes)]
+          line_item_attributes = params[:order][:line_items]
+          line_item_attributes.each_key do |key|
+            # need to call .to_hash to make sure Rails 4's strong parameters don't bite
+            line_item_attributes[key] = line_item_attributes[key].slice(*permitted_line_item_attributes).to_hash
           end
-          line_item_attributes = Hash[line_item_attributes].delete_if { |k,v| v.empty? }
           @order.update_line_items(line_item_attributes)
         end
 
@@ -118,12 +127,16 @@ module Spree
 
         def find_order
           @order = Spree::Order.find_by!(number: params[:id])
-          authorize! :update, @order, params[:order_token]
+          authorize! :update, @order, order_token
         end
 
         def before_delivery
           @order.create_proposed_shipments
         end
+
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end

data/app/controllers/spree/api/products_controller.rb

@@ -18,15 +18,61 @@ module Spree
         respond_with(@product)
       end
 
-      def new
-      end
-
+      # Takes besides the products attributes either an array of variants or
+      # an array of option types.
+      #
+      # By submitting an array of variants the option types will be created
+      # using the *name* key in options hash. e.g
+      #
+      #   product: {
+      #     ...
+      #     variants: {
+      #       price: 19.99,
+      #       sku: "hey_you",
+      #       options: [
+      #         { name: "size", value: "small" },
+      #         { name: "color", value: "black" }
+      #       ]
+      #     }
+      #   }
+      #
+      # Or just pass in the option types hash:
+      #
+      #   product: {
+      #     ...
+      #     option_types: ['size', 'color']
+      #   }
+      # 
+      # By passing the shipping category name you can fetch or create that
+      # shipping category on the fly. e.g.
+      #
+      #   product: {
+      #     ...
+      #     shipping_category: "Free Shipping Items"
+      #   }
+      #
       def create
         authorize! :create, Product
         params[:product][:available_on] ||= Time.now
+        set_up_shipping_category
+        
         begin
           @product = Product.new(product_params)
           if @product.save
+            variants_params.each do |variant_attribute|
+              # make sure the product is assigned before the options=
+              @product.variants.create({ product: @product }.merge(variant_attribute))
+            end
+
+            option_types_params.each do |name|
+              option_type = OptionType.where(name: name).first_or_initialize do |option_type|
+                option_type.presentation = name
+                option_type.save!
+              end
+
+              @product.option_types << option_type unless @product.option_types.include?(option_type)
+            end
+
             respond_with(@product, :status => 201, :default_template => :show)
           else
             invalid_resource!(@product)
@@ -40,6 +86,7 @@ module Spree
       def update
         @product = find_product(params[:id])
         authorize! :update, @product
+      
         if @product.update_attributes(product_params)
           respond_with(@product, :status => 200, :default_template => :show)
         else
@@ -57,7 +104,34 @@ module Spree
 
       private
         def product_params
-          params.require(:product).permit(permitted_product_attributes)
+          product_params = params.require(:product).permit(permitted_product_attributes)
+          if product_params[:taxon_ids].present?
+            product_params[:taxon_ids] = product_params[:taxon_ids].split(',')
+          end
+          product_params
+        end
+
+        def variants_params
+          variants_key = if params[:product].has_key? :variants
+            :variants
+          else
+            :variants_attributes
+          end
+
+          params.require(:product).permit(
+            variants_key => permitted_variant_attributes,
+          ).delete(variants_key) || []
+        end
+
+        def option_types_params
+          params[:product].fetch(:option_types, [])
+        end
+
+        def set_up_shipping_category
+          if shipping_category = params[:product].delete(:shipping_category)
+            id = ShippingCategory.find_or_create_by(name: shipping_category).id
+            params[:product][:shipping_category_id] = id
+          end
         end
     end
   end

data/app/controllers/spree/api/properties_controller.rb

@@ -5,9 +5,15 @@ module Spree
       before_filter :find_property, only: [:show, :update, :destroy]
 
       def index
-        @properties = Spree::Property.accessible_by(current_ability, :read).
-                      ransack(params[:q]).result.
-                      page(params[:page]).per(params[:per_page])
+        @properties = Spree::Property.accessible_by(current_ability, :read)
+
+        if params[:ids]
+          @properties = @properties.where(:id => params[:ids].split(","))
+        else
+          @properties = @properties.ransack(params[:q]).result
+        end
+
+        @properties = @properties.page(params[:page]).per(params[:per_page])
         respond_with(@properties)
       end
 

data/app/helpers/spree/api/api_helpers.rb

@@ -21,10 +21,8 @@ module Spree
         :country_attributes,
         :state_attributes,
         :adjustment_attributes,
-        :taxon_attributes,
         :inventory_unit_attributes,
         :return_authorization_attributes,
-        :adjustment_attributes,
         :creditcard_attributes,
         :user_attributes,
         :property_attributes,
@@ -73,7 +71,7 @@ module Spree
       @@order_attributes = [
         :id, :number, :item_total, :total, :ship_total, :state, :adjustment_total,
         :user_id, :created_at, :updated_at, :completed_at, :payment_total,
-        :shipment_state, :payment_state, :email, :special_instructions, :channel
+        :shipment_state, :payment_state, :email, :special_instructions, :channel, :tax_total
       ]
 
       @@line_item_attributes = [:id, :quantity, :price, :variant_id]
@@ -93,7 +91,7 @@ module Spree
       @@taxonomy_attributes = [:id, :name]
 
       @@taxon_attributes = [
-        :id, :name, :pretty_name, :permalink, :position, :parent_id,
+        :id, :name, :pretty_name, :permalink, :parent_id,
         :taxonomy_id
       ]
 

data/app/models/spree/order_decorator.rb

@@ -167,8 +167,12 @@ Spree::Order.class_eval do
 
   def update_line_items(line_item_params)
     return if line_item_params.blank?
-    line_item_params.each do |id, attributes|
-      self.line_items.find(id).update_attributes!(attributes)
+    line_item_params.each_value do |attributes|
+      if attributes[:id].present?
+        self.line_items.find(attributes[:id]).update_attributes!(attributes)
+      else
+        self.line_items.create!(attributes)
+      end
     end
     self.ensure_updated_shipments
   end

data/app/views/spree/api/addresses/show.v1.rabl

@@ -1,4 +1,5 @@
 object @address
+cache @address
 attributes *address_attributes
 
 child(:country) do |address|

data/app/views/spree/api/adjustments/show.v1.rabl

@@ -1,3 +1,4 @@
 object @adjustment
+cache @adjustment
 attributes *adjustment_attributes
 node(:display_amount) { |a| a.display_amount.to_s }

data/app/views/spree/api/credit_cards/show.v1.rabl

@@ -1,2 +1,3 @@
 object @credit_card
+cache @credit_card
 attributes *creditcard_attributes

data/app/views/spree/api/line_items/show.v1.rabl

@@ -1,4 +1,5 @@
 object @line_item
+cache @line_item
 attributes *line_item_attributes
 node(:single_display_amount) { |li| li.single_display_amount.to_s }
 node(:display_amount) { |li| li.display_amount.to_s }

data/app/views/spree/api/orders/mine.v1.rabl

@@ -0,0 +1,9 @@
+object false
+
+child(@orders => :orders) do
+  extends "spree/api/orders/show"
+end
+
+node(:count) { @orders.count }
+node(:current_page) { params[:page] || 1 }
+node(:pages) { @orders.num_pages }

data/app/views/spree/api/orders/order.v1.rabl

@@ -1,6 +1,9 @@
+cache @order
 attributes *order_attributes
 node(:display_item_total) { |o| o.display_item_total.to_s }
 node(:total_quantity) { |o| o.line_items.sum(:quantity) }
+node(:display_tax_total) { |o| o.display_tax_total }
 node(:display_total) { |o| o.display_total.to_s }
+node(:display_ship_total) { |o| o.display_ship_total }
 node(:token) { |o| o.token }
-node(:checkout_steps) { |o| o.checkout_steps }
+node(:checkout_steps) { |o| o.checkout_steps }

data/app/views/spree/api/orders/show.v1.rabl

@@ -1,8 +1,8 @@
 object @order
 extends "spree/api/orders/order"
 
-if lookup_context.find_all("spree/api/orders/#{@order.state}").present?
-  extends "spree/api/orders/#{@order.state}"
+if lookup_context.find_all("spree/api/orders/#{root_object.state}").present?
+  extends "spree/api/orders/#{root_object.state}"
 end
 
 child :billing_address => :bill_address do

data/app/views/spree/api/products/show.v1.rabl

@@ -1,11 +1,12 @@
 object @product
+cache @product
 attributes *product_attributes
 node(:display_price) { |p| p.display_price.to_s }
 child :variants_including_master => :variants do
   attributes *variant_attributes
 
   child :option_values => :option_values do
-    attributes *option_value_attributes
+    extends "spree/api/option_values/show"
   end
   
   child :images => :images do
@@ -14,11 +15,7 @@ child :variants_including_master => :variants do
 end
 
 child :option_types => :option_types do
-  attributes *option_type_attributes
-
-  child :option_values => :option_values do
-    attributes *option_value_attributes
-  end
+  extends "spree/api/option_types/show"
 end
 
 child :product_properties => :product_properties do

data/app/views/spree/api/shipments/show.v1.rabl

@@ -1,4 +1,5 @@
 object @shipment
+cache @shipment
 attributes *shipment_attributes
 node(:order_id) { |shipment| shipment.order.number }
 node(:stock_location_name) { |shipment| shipment.stock_location.name }

data/app/views/spree/api/taxons/index.v1.rabl

@@ -4,7 +4,9 @@ node(:total_count) { @taxons.total_count }
 node(:current_page) { params[:page] ? params[:page].to_i : 1 }
 node(:per_page) { params[:per_page] || Kaminari.config.default_per_page }
 node(:pages) { @taxons.num_pages }
-child(@taxons) do
+child @taxons => :taxons do
   attributes *taxon_attributes
-  extends "spree/api/taxons/taxons"
+  unless params[:without_children]
+    extends "spree/api/taxons/taxons"
+  end
 end

data/app/views/spree/api/variants/big_variant.v1.rabl

@@ -0,0 +1,19 @@
+object @variant
+cache @variant
+attributes *variant_attributes
+extends "spree/api/variants/variant"
+child(:images => :images) do
+  attributes *image_attributes
+  code(:urls) do |v|
+    v.attachment.styles.keys.inject({}) { |urls, style| urls[style] = v.attachment.url(style); urls  }
+  end
+end
+
+child(:stock_items) do
+  attributes :id, :count_on_hand, :stock_location_id, :backorderable
+  attribute :available? => :available
+
+  glue(:stock_location) do
+    attribute :name => :stock_location_name
+  end
+end

data/app/views/spree/api/variants/index.v1.rabl

@@ -5,21 +5,5 @@ node(:current_page) { params[:page] ? params[:page].to_i : 1 }
 node(:pages) { @variants.num_pages }
 
 child(@variants => :variants) do
-  attributes *variant_attributes
-  child(:option_values => :option_values) { attributes *option_value_attributes }
-  child(:images => :images) do
-    attributes *image_attributes
-    code(:urls) do |v|
-      v.attachment.styles.keys.inject({}) { |urls, style| urls[style] = v.attachment.url(style); urls  }
-    end
-  end
-
-  child(:stock_items) do
-    attributes :id, :count_on_hand, :stock_location_id, :backorderable
-    attribute :available? => :available
-
-    glue(:stock_location) do
-      attribute :name => :stock_location_name
-    end
-  end
+  extends "spree/api/variants/big_variant"
 end

data/app/views/spree/api/variants/show.v1.rabl

@@ -1,4 +1,5 @@
 object @variant
+cache @variant
 extends "spree/api/variants/variant"
 child(:option_values => :option_values) { attributes *option_value_attributes }
 child(:images => :images) { extends "spree/api/images/show" }

data/config/routes.rb

@@ -22,12 +22,14 @@ Spree::Core::Engine.add_routes do
       end
     end
 
-    resources :variants, :only => [:index]
+    resources :variants, :only => [:index, :show]
 
     resources :option_types do
       resources :option_values
     end
 
+    get '/orders/mine', :to => 'orders#mine', :as => 'my_orders'
+
     resources :orders do
       resources :addresses, :only => [:show, :update]
 

data/spec/controllers/spree/api/checkouts_controller_spec.rb

@@ -38,7 +38,7 @@ module Spree
     end
 
     context "PUT 'update'" do
-      let(:order) do 
+      let(:order) do
         order = create(:order_with_line_items)
         # Order should be in a pristine state
         # Without doing this, the order may transition from 'cart' straight to 'delivery'
@@ -52,27 +52,25 @@ module Spree
         Order.any_instance.stub(:payment_required? => true)
       end
 
-      it "will return an error if the recently created order cannot transition from cart to address" do
+      it "should transition a recently created order from cart to address" do
         order.state.should eq "cart"
-        order.update_column(:email, nil) # email is necessary to transition from cart to address
-
+        order.email.should_not be_nil
         api_put :update, :id => order.to_param, :order_token => order.token
-
-        # Order has not transitioned
-        json_response['state'].should == 'cart'
+        order.reload.state.should eq "address"
       end
 
-      it "should transition a recently created order from cart to address" do
+      it "should transition a recently created order from cart to address with order token in header" do
         order.state.should eq "cart"
         order.email.should_not be_nil
-        api_put :update, :id => order.to_param, :order_token => order.token
+        request.headers["X-Spree-Order-Token"] = order.token
+        api_put :update, :id => order.to_param
         order.reload.state.should eq "address"
       end
 
       it "can take line_items_attributes as a parameter" do
         line_item = order.line_items.first
         api_put :update, :id => order.to_param, :order_token => order.token,
-                         :order => { :line_items_attributes => { line_item.id => { :quantity => 1 } } }
+                         :order => { :line_items_attributes => { 0 => { :id => line_item.id, :quantity => 1 } } }
         response.status.should == 200
         order.reload.state.should eq "address"
       end
@@ -80,7 +78,7 @@ module Spree
       it "can take line_items as a parameter" do
         line_item = order.line_items.first
         api_put :update, :id => order.to_param, :order_token => order.token,
-                         :order => { :line_items => { line_item.id => { :quantity => 1 } } }
+                         :order => { :line_items => { 0 => { :id => line_item.id, :quantity => 1 } } }
         response.status.should == 200
         order.reload.state.should eq "address"
       end
@@ -251,7 +249,10 @@ module Spree
       end
 
       it "cannot transition if order email is blank" do
-        order.update_column(:email, nil)
+        order.update_columns(
+          state: 'address',
+          email: nil
+        )
 
         api_put :next, :id => order.to_param, :order_token => order.token
         response.status.should == 422

data/spec/controllers/spree/api/line_items_controller_spec.rb

@@ -28,6 +28,14 @@ module Spree
         json_response.should have_attributes(attributes)
         json_response["variant"]["name"].should_not be_blank
       end
+
+      it "can add a new line item to an existing order with token in header" do
+        request.headers["X-Spree-Order-Token"] = order.token
+        api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+        response.status.should == 201
+        json_response.should have_attributes(attributes)
+        json_response["variant"]["name"].should_not be_blank
+      end
     end
 
     context "as the order owner" do

data/spec/controllers/spree/api/orders_controller_spec.rb

@@ -6,6 +6,7 @@ module Spree
 
     let!(:order) { create(:order) }
     let(:variant) { create(:variant) }
+    let(:line_item) { create(:line_item) }
 
     let(:attributes) { [:number, :item_total, :display_total, :total,
                         :state, :adjustment_total,
@@ -41,6 +42,40 @@ module Spree
       assert_unauthorized!
     end
 
+    context "the current api user is not persisted" do
+      let(:current_api_user) { double(persisted?: false) }
+
+      it "returns a 401" do
+        api_get :mine
+
+        response.status.should == 401
+      end
+    end
+
+    context "the current api user is authenticated" do
+      let(:current_api_user) { order.user }
+      let(:order) { create(:order, line_items: [line_item]) }
+
+      it "can view all of their own orders" do
+        api_get :mine
+
+        response.status.should == 200
+        json_response["pages"].should == 1
+        json_response["current_page"].should == 1
+        json_response["orders"].length.should == 1
+        json_response["orders"].first["number"].should == order.number
+        json_response["orders"].first["line_items"].length.should == 1
+        json_response["orders"].first["line_items"].first["id"].should == line_item.id
+      end
+
+      it "can filter the returned results" do
+        api_get :mine, q: {completed_at_not_null: 1}
+
+        response.status.should == 200
+        json_response["orders"].length.should == 0
+      end
+    end
+
     it "can view their own order" do
       Order.any_instance.stub :user => current_api_user
       api_get :show, :id => order.to_param
@@ -75,6 +110,12 @@ module Spree
       response.status.should == 200
     end
 
+    it "can view an order if the token is passed in header" do
+      request.headers["X-Spree-Order-Token"] = order.token
+      api_get :show, :id => order.to_param
+      response.status.should == 200
+    end
+
     it "cannot cancel an order that doesn't belong to them" do
       order.update_attribute(:completed_at, Time.now)
       order.update_attribute(:shipment_state, "ready")
@@ -109,7 +150,7 @@ module Spree
       line_item.should_receive(:update_attributes).with("special" => true)
 
       controller.stub(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
-      api_post :create, :order => { 
+      api_post :create, :order => {
         :line_items => {
           "0" => {
             :variant_id => variant.to_param, :quantity => 5, :special => true
@@ -179,7 +220,7 @@ module Spree
       order.stub(:associate_user!)
       order.stub_chain(:contents, :add).and_return(line_item = double('LineItem'))
       line_item.should_not_receive(:update_attributes)
-      api_post :create, :order => { 
+      api_post :create, :order => {
         :line_items => {
           "0" => {
             :variant_id => variant.to_param, :quantity => 5
@@ -237,7 +278,7 @@ module Spree
       it "updates quantities of existing line items" do
         api_put :update, :id => order.to_param, :order => {
           :line_items => {
-            line_item.id => { :quantity => 10 }
+            0 => { :id => line_item.id, :quantity => 10 }
           }
         }
 
@@ -246,10 +287,26 @@ module Spree
         json_response['line_items'].first['quantity'].should == 10
       end
 
+      it "adds an extra line item" do
+        variant2 = create(:variant)
+        api_put :update, :id => order.to_param, :order => {
+          :line_items => {
+            0 => { :id => line_item.id, :quantity => 10 },
+            1 => { :variant_id => variant2.id, :quantity => 1}
+          }
+        }
+
+        response.status.should == 200
+        json_response['line_items'].count.should == 2
+        json_response['line_items'][0]['quantity'].should == 10
+        json_response['line_items'][1]['variant_id'].should == variant2.id
+        json_response['line_items'][1]['quantity'].should == 1
+      end
+
       it "cannot change the price of an existing line item" do
         api_put :update, :id => order.to_param, :order => {
           :line_items => {
-            line_item.id => { :price => 0 }
+            0 => { :id => line_item.id, :price => 0 }
           }
         }
 
@@ -301,7 +358,7 @@ module Spree
           previous_shipments = order.shipments
           api_put :update, :id => order.to_param, :order => {
             :line_items => {
-              line_item.id => { :quantity => 10 }
+              0 => { :id => line_item.id, :quantity => 10 }
             }
           }
           expect(order.reload.shipments).to be_empty
@@ -338,6 +395,13 @@ module Spree
           json_response['line_items'].first['variant'].should have_attributes([:product_id])
         end
 
+        it "includes the tax_total in the response" do
+          api_get :show, :id => order.to_param
+
+          json_response['tax_total'].should == '0.0'
+          json_response['display_tax_total'].should == '$0.00'
+        end
+
         context "when in delivery" do
           let!(:shipping_method) do
             FactoryGirl.create(:shipping_method).tap do |shipping_method|
@@ -352,6 +416,13 @@ module Spree
             order.save
           end
 
+          it "includes the ship_total in the response" do
+            api_get :show, :id => order.to_param
+
+            json_response['ship_total'].should == '10.0'
+            json_response['display_ship_total'].should == '$10.00'
+          end
+
           it "returns available shipments for an order" do
             api_get :show, :id => order.to_param
             response.status.should == 200

data/spec/controllers/spree/api/products_controller_spec.rb

@@ -8,6 +8,11 @@ module Spree
     let!(:product) { create(:product) }
     let!(:inactive_product) { create(:product, :available_on => Time.now.tomorrow, :name => "inactive") }
     let(:attributes) { [:id, :name, :description, :price, :display_price, :available_on, :permalink, :meta_description, :meta_keywords, :shipping_category_id, :taxon_ids] }
+    let(:product_data) do
+      { name: "The Other Product",
+        price: 19.99,
+        shipping_category_id: create(:shipping_category).id }
+    end
 
     before do
       stub_authentication!
@@ -155,6 +160,9 @@ module Spree
     end
 
     context "as an admin" do
+      let(:taxon_1) { create(:taxon) }
+      let(:taxon_2) { create(:taxon) }
+
       sign_in_as_admin!
 
       it "can see all products" do
@@ -182,53 +190,197 @@ module Spree
         end
       end
 
-      it "can create a new product" do
-        api_post :create, :product => { :name => "The Other Product",
-                                        :price => 19.99,
-                                        :shipping_category_id => create(:shipping_category).id }
-        json_response.should have_attributes(attributes)
-        response.status.should == 201
-      end
+      describe "creating a product" do
+        it "can create a new product" do
+          api_post :create, :product => { :name => "The Other Product",
+                                          :price => 19.99,
+                                          :shipping_category_id => create(:shipping_category).id }
+          json_response.should have_attributes(attributes)
+          response.status.should == 201
+        end
 
-      # Regression test for #2140
-      context "with authentication_required set to false" do
-        before do
-          Spree::Api::Config.requires_authentication = false
+        it "creates with embedded variants" do
+          def attributes_for_variant
+            h = attributes_for(:variant).except(:option_values, :product)
+            h.merge({
+              options: [
+                { name: "size", value: "small" },
+                { name: "color", value: "black" }
+              ]
+            })
+          end
+
+          product_data.merge!({
+            variants: [attributes_for_variant, attributes_for_variant]
+          })
+
+          api_post :create, :product => product_data
+          expect(response.status).to eq 201
+          expect(json_response['variants'].count).to eq(3) # 1 master + 2 variants
+
+          variants = json_response['variants'].select { |v| !v['is_master'] }
+          expect(variants.last['option_values'][0]['name']).to eq('small')
+          expect(variants.last['option_values'][0]['option_type_name']).to eq('size')
+
+          expect(json_response['option_types'].count).to eq(2) # size, color
+        end
+
+        it "can create a new product with embedded product_properties" do
+          product_data.merge!({
+            product_properties_attributes: [{
+              property_name: "fabric",
+              value: "cotton"
+            }]
+          })
+
+          api_post :create, :product => product_data
+
+          expect(json_response['product_properties'][0]['property_name']).to eq('fabric')
+          expect(json_response['product_properties'][0]['value']).to eq('cotton')
         end
 
-        after do
-          Spree::Api::Config.requires_authentication = true
+        it "can create a new product with option_types" do
+          product_data.merge!({
+            option_types: ['size', 'color']
+          })
+
+          api_post :create, :product => product_data
+          expect(json_response['option_types'].count).to eq(2)
         end
 
-        it "can still create a product" do
+        it "can create a new product" do
           api_post :create, :product => { :name => "The Other Product",
                                           :price => 19.99,
-                                          :shipping_category_id => create(:shipping_category).id },
-                            :token => "fake"
+                                          :shipping_category_id => create(:shipping_category).id }
           json_response.should have_attributes(attributes)
           response.status.should == 201
         end
-      end
 
-      it "cannot create a new product with invalid attributes" do
-        api_post :create, :product => {}
-        response.status.should == 422
-        json_response["error"].should == "Invalid resource. Please fix errors and try again."
-        errors = json_response["errors"]
-        errors.delete("permalink") # Don't care about this one.
-        errors.keys.should =~ ["name", "price", "shipping_category_id"]
-      end
+        it "creates with embedded variants" do
+          def attributes_for_variant
+            h = attributes_for(:variant).except(:option_values, :product)
+            h.merge({
+              options: [
+                { name: "size", value: "small" },
+                { name: "color", value: "black" }
+              ]
+            })
+          end
+
+          product_data.merge!({
+            variants: [attributes_for_variant, attributes_for_variant]
+          })
+
+          api_post :create, :product => product_data
+          expect(response.status).to eq 201
+          expect(json_response['variants'].count).to eq(3) # 1 master + 2 variants
+
+          variants = json_response['variants'].select { |v| !v['is_master'] }
+          expect(variants.last['option_values'][0]['name']).to eq('small')
+          expect(variants.last['option_values'][0]['option_type_name']).to eq('size')
+
+          expect(json_response['option_types'].count).to eq(2) # size, color
+        end
+
+        it "can create a new product with embedded product_properties" do
+          product_data.merge!({
+            product_properties_attributes: [{
+              property_name: "fabric",
+              value: "cotton"
+            }]
+          })
+
+          api_post :create, :product => product_data
+
+          expect(json_response['product_properties'][0]['property_name']).to eq('fabric')
+          expect(json_response['product_properties'][0]['value']).to eq('cotton')
+        end
 
-      it "can update a product" do
-        api_put :update, :id => product.to_param, :product => { :name => "New and Improved Product!" }
-        response.status.should == 200
+        it "can create a new product with option_types" do
+          product_data.merge!({
+            option_types: ['size', 'color']
+          })
+
+          api_post :create, :product => product_data
+          expect(json_response['option_types'].count).to eq(2)
+        end
+
+        it "creates with shipping categories" do
+          hash = { :name => "The Other Product",
+                   :price => 19.99,
+                   :shipping_category => "Free Ships" }
+
+          api_post :create, :product => hash
+          expect(response.status).to eq 201
+
+          shipping_id = ShippingCategory.find_by_name("Free Ships").id
+          expect(json_response['shipping_category_id']).to eq shipping_id
+        end
+
+        it "puts the created product in the given taxon" do
+          product_data[:taxon_ids] = taxon_1.id.to_s
+          api_post :create, :product => product_data
+          expect(json_response["taxon_ids"]).to eq([taxon_1.id,])
+        end
+
+        # Regression test for #4123
+        it "puts the created product in the given taxons" do
+          product_data[:taxon_ids] = [taxon_1.id, taxon_2.id].join(',')
+          api_post :create, :product => product_data
+          expect(json_response["taxon_ids"]).to eq([taxon_1.id, taxon_2.id])
+        end
+
+        # Regression test for #2140
+        context "with authentication_required set to false" do
+          before do
+            Spree::Api::Config.requires_authentication = false
+          end
+
+          after do
+            Spree::Api::Config.requires_authentication = true
+          end
+
+          it "can still create a product" do
+            api_post :create, :product => product_data, :token => "fake"
+            json_response.should have_attributes(attributes)
+            response.status.should == 201
+          end
+        end
+
+        it "cannot create a new product with invalid attributes" do
+          api_post :create, :product => {}
+          response.status.should == 422
+          json_response["error"].should == "Invalid resource. Please fix errors and try again."
+          errors = json_response["errors"]
+          errors.delete("permalink") # Don't care about this one.
+          errors.keys.should =~ ["name", "price", "shipping_category_id"]
+        end
       end
 
-      it "cannot update a product with an invalid attribute" do
-        api_put :update, :id => product.to_param, :product => { :name => "" }
-        response.status.should == 422
-        json_response["error"].should == "Invalid resource. Please fix errors and try again."
-        json_response["errors"]["name"].should == ["can't be blank"]
+      context 'updating a product' do
+        it "can update a product" do
+          api_put :update, :id => product.to_param, :product => { :name => "New and Improved Product!" }
+          response.status.should == 200
+        end
+
+        it "cannot update a product with an invalid attribute" do
+          api_put :update, :id => product.to_param, :product => { :name => "" }
+          response.status.should == 422
+          json_response["error"].should == "Invalid resource. Please fix errors and try again."
+          json_response["errors"]["name"].should == ["can't be blank"]
+        end
+
+        # Regression test for #4123
+        it "puts the created product in the given taxon" do
+          api_put :update, :id => product.to_param, :product => {:taxon_ids => taxon_1.id.to_s}
+          expect(json_response["taxon_ids"]).to eq([taxon_1.id,])
+        end
+
+        # Regression test for #4123
+        it "puts the created product in the given taxons" do
+          api_put :update, :id => product.to_param, :product => {:taxon_ids => [taxon_1.id, taxon_2.id].join(',')}
+          expect(json_response["taxon_ids"]).to eq([taxon_1.id, taxon_2.id])
+        end
       end
 
       it "can delete a product" do

data/spec/controllers/spree/api/properties_controller_spec.rb

@@ -31,6 +31,19 @@ module Spree
       json_response['properties'].first['presentation'].should eq property_2.presentation
     end
 
+    it "retrieves a list of properties by id" do
+      api_get :index, :ids => [property_1.id]
+      json_response["properties"].first.should have_attributes(attributes)
+      json_response["count"].should == 1
+    end
+
+    it "retrieves a list of properties by ids string" do
+      api_get :index, :ids => [property_1.id, property_2.id].join(",")
+      json_response["properties"].first.should have_attributes(attributes)
+      json_response["properties"][1].should have_attributes(attributes)
+      json_response["count"].should == 2
+    end
+
     it "can see a single property" do
       api_get :show, :id => property_1.id
       json_response.should have_attributes(attributes)

data/spec/controllers/spree/api/taxons_controller_spec.rb

@@ -27,6 +27,14 @@ module Spree
         children.first['taxons'].count.should eq 1
       end
 
+      # Regression test for #4112
+      it "does not include children when asked not to" do
+        api_get :index, :taxonomy_id => taxonomy.id, :without_children => 1
+
+        json_response['taxons'].first['name'].should eq(taxon.name)
+        json_response['taxons'].first['taxons'].should be_nil
+      end
+
       it "paginates through taxons" do
         new_taxon = create(:taxon, :name => "Go", :taxonomy => taxonomy)
         taxonomy.root.children << new_taxon
@@ -39,21 +47,42 @@ module Spree
         expect(json_response["pages"]).to eql(2)
       end
 
-      it "gets all taxons" do
-        api_get :index
-
-        json_response['taxons'].first['name'].should eq taxonomy.root.name
-        children = json_response['taxons'].first['taxons']
-        children.count.should eq 1
-        children.first['name'].should eq taxon.name
-        children.first['taxons'].count.should eq 1
-      end
-
-      it "can search for a single taxon" do
-        api_get :index, :q => { :name_cont => "Ruby" }
-
-        json_response['taxons'].count.should == 1
-        json_response['taxons'].first['name'].should eq "Ruby"
+      describe 'searching' do
+        context 'with a name' do
+          before do
+            api_get :index, :q => { :name_cont => name }
+          end
+
+          context 'with one result' do
+            let(:name) { "Ruby" }
+
+            it "returns an array including the matching taxon" do
+              json_response['taxons'].count.should == 1
+              json_response['taxons'].first['name'].should eq "Ruby"
+            end
+          end
+
+          context 'with no results' do
+            let(:name) { "Imaginary" }
+
+            it 'returns an empty array of taxons' do
+              json_response.keys.should include('taxons')
+              json_response['taxons'].count.should == 0
+            end
+          end
+        end
+
+        context 'with no filters' do
+          it "gets all taxons" do
+            api_get :index
+
+            json_response['taxons'].first['name'].should eq taxonomy.root.name
+            children = json_response['taxons'].first['taxons']
+            children.count.should eq 1
+            children.first['name'].should eq taxon.name
+            children.first['taxons'].count.should eq 1
+          end
+        end
       end
 
       it "gets a single taxon" do
@@ -71,8 +100,6 @@ module Spree
         response["state"].should eq("closed")
       end
 
-
-
       it "can learn how to create a new taxon" do
         api_get :new, :taxonomy_id => taxonomy.id
         json_response["attributes"].should == attributes.map(&:to_s)
@@ -111,6 +138,14 @@ module Spree
         taxon.taxonomy_id.should eq taxonomy.id
       end
 
+      it "can update the position in the list" do
+        taxonomy.root.children << taxon2
+        api_put :update, :taxonomy_id => taxonomy.id, :id => taxon.id, :taxon => {:parent_id => taxon.parent_id, :child_index => 2 }
+        response.status.should == 200
+        taxonomy.reload.root.children[0].should eql taxon2
+        taxonomy.reload.root.children[1].should eql taxon
+      end
+
       it "cannot create a new taxon with invalid attributes" do
         api_post :create, :taxonomy_id => taxonomy.id, :taxon => {}
         response.status.should == 422

data/spec/spec_helper.rb

@@ -13,7 +13,13 @@ end
 
 # This file is copied to spec/ when you run 'rails generate rspec:install'
 ENV["RAILS_ENV"] ||= 'test'
-require File.expand_path("../dummy/config/environment", __FILE__)
+
+begin
+  require File.expand_path("../dummy/config/environment", __FILE__)
+rescue LoadError
+  puts "Could not load dummy application. Please ensure you have run `bundle exec rake test_app`"
+end
+
 require 'rspec/rails'
 require 'rspec/autorun'
 require 'ffaker'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_api
 version: !ruby/object:Gem::Version
-  version: 2.1.3
+  version: 2.1.4
 platform: ruby
 authors:
 - Ryan Bigg
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-20 00:00:00.000000000 Z
+date: 2014-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.1.3
+        version: 2.1.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.1.3
+        version: 2.1.4
 - !ruby/object:Gem::Dependency
   name: rabl
   requirement: !ruby/object:Gem::Requirement
@@ -42,14 +42,14 @@ dependencies:
   name: versioncake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
 description: Spree's API
@@ -59,7 +59,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - CHANGELOG.md
 - Gemfile
 - LICENSE
@@ -127,6 +127,7 @@ files:
 - app/views/spree/api/orders/delivery.v1.rabl
 - app/views/spree/api/orders/index.v1.rabl
 - app/views/spree/api/orders/invalid_shipping_method.v1.rabl
+- app/views/spree/api/orders/mine.v1.rabl
 - app/views/spree/api/orders/order.v1.rabl
 - app/views/spree/api/orders/payment.v1.rabl
 - app/views/spree/api/orders/show.v1.rabl
@@ -173,6 +174,7 @@ files:
 - app/views/spree/api/users/index.v1.rabl
 - app/views/spree/api/users/new.v1.rabl
 - app/views/spree/api/users/show.v1.rabl
+- app/views/spree/api/variants/big_variant.v1.rabl
 - app/views/spree/api/variants/index.v1.rabl
 - app/views/spree/api/variants/new.v1.rabl
 - app/views/spree/api/variants/show.v1.rabl
@@ -241,17 +243,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.0
+rubygems_version: 2.2.0
 signing_key: 
 specification_version: 4
 summary: Spree's API