spree_api 2.1.5 → 2.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/spree/api/addresses_controller.rb +0 -4
- data/app/controllers/spree/api/base_controller.rb +26 -14
- data/app/controllers/spree/api/checkouts_controller.rb +1 -6
- data/app/controllers/spree/api/line_items_controller.rb +0 -4
- data/app/controllers/spree/api/orders_controller.rb +0 -4
- data/app/controllers/spree/api/products_controller.rb +2 -3
- data/app/helpers/spree/api/api_helpers.rb +3 -1
- data/app/views/spree/api/products/show.v1.rabl +1 -1
- data/lib/spree/api/testing_support/helpers.rb +1 -2
- data/spec/controllers/spree/api/base_controller_spec.rb +18 -0
- data/spec/controllers/spree/api/checkouts_controller_spec.rb +10 -0
- data/spec/controllers/spree/api/line_items_controller_spec.rb +20 -4
- data/spec/controllers/spree/api/orders_controller_spec.rb +1 -1
- data/spec/controllers/spree/api/products_controller_spec.rb +27 -0
- data/spec/controllers/spree/api/users_controller_spec.rb +3 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 02fd5d06ef9c3f4ff35f710a66e4d1b187d08abd
|
4
|
+
data.tar.gz: f3623943eb622ff032d8ee517767233fe97dd5c1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 78ba1c0714fab0a471d20015f35c6cc828306b4b4a9588f8688e0c938cc56be97ee42d887db371f8bf345926c3a05049170fe5b6bcfae14f41c51a975bd70268
|
7
|
+
data.tar.gz: a9b071acd933a1767c3b5686e02e15221fa8578d229c74fb6063ce6c901f16b8102e1552199b5ebd5c575ff732d61eb906e0656d134e0e98ee16da0bd6c52e68
|
@@ -9,6 +9,8 @@ module Spree
|
|
9
9
|
include Spree::Core::ControllerHelpers::StrongParameters
|
10
10
|
include ::ActionController::Head
|
11
11
|
include ::ActionController::ConditionalGet
|
12
|
+
include ::ActionController::Redirecting
|
13
|
+
include Spree::Core::Engine.routes.url_helpers
|
12
14
|
|
13
15
|
self.responder = Spree::Api::Responders::AppResponder
|
14
16
|
|
@@ -17,7 +19,8 @@ module Spree
|
|
17
19
|
attr_accessor :current_api_user
|
18
20
|
|
19
21
|
before_filter :set_content_type
|
20
|
-
before_filter :
|
22
|
+
before_filter :load_user
|
23
|
+
before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
|
21
24
|
before_filter :authenticate_user
|
22
25
|
after_filter :set_jsonp_format
|
23
26
|
|
@@ -59,28 +62,23 @@ module Spree
|
|
59
62
|
def set_content_type
|
60
63
|
content_type = case params[:format]
|
61
64
|
when "json"
|
62
|
-
"application/json"
|
65
|
+
"application/json; charset=utf-8"
|
63
66
|
when "xml"
|
64
|
-
"text/xml"
|
67
|
+
"text/xml; charset=utf-8"
|
65
68
|
end
|
66
69
|
headers["Content-Type"] = content_type
|
67
70
|
end
|
68
71
|
|
69
|
-
def
|
70
|
-
|
71
|
-
return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
|
72
|
-
|
73
|
-
if api_key.blank?
|
74
|
-
render "spree/api/errors/must_specify_api_key", :status => 401 and return
|
75
|
-
end
|
72
|
+
def load_user
|
73
|
+
@current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
|
76
74
|
end
|
77
75
|
|
78
76
|
def authenticate_user
|
79
77
|
unless @current_api_user
|
80
|
-
if requires_authentication?
|
81
|
-
|
82
|
-
|
83
|
-
|
78
|
+
if requires_authentication? && api_key.blank? && order_token.blank?
|
79
|
+
render "spree/api/errors/must_specify_api_key", :status => 401 and return
|
80
|
+
elsif order_token.blank? && (requires_authentication? || api_key.present?)
|
81
|
+
render "spree/api/errors/invalid_api_key", :status => 401 and return
|
84
82
|
else
|
85
83
|
# An anonymous user
|
86
84
|
@current_api_user = Spree.user_class.new
|
@@ -112,6 +110,11 @@ module Spree
|
|
112
110
|
Spree::Ability.new(current_api_user)
|
113
111
|
end
|
114
112
|
|
113
|
+
def current_currency
|
114
|
+
Spree::Config[:currency]
|
115
|
+
end
|
116
|
+
helper_method :current_currency
|
117
|
+
|
115
118
|
def invalid_resource!(resource)
|
116
119
|
@resource = resource
|
117
120
|
render "spree/api/errors/invalid_resource", :status => 422
|
@@ -122,6 +125,10 @@ module Spree
|
|
122
125
|
end
|
123
126
|
helper_method :api_key
|
124
127
|
|
128
|
+
def order_token
|
129
|
+
request.headers["X-Spree-Order-Token"] || params[:order_token]
|
130
|
+
end
|
131
|
+
|
125
132
|
def find_product(id)
|
126
133
|
begin
|
127
134
|
product_scope.find_by_permalink!(id.to_s)
|
@@ -146,6 +153,11 @@ module Spree
|
|
146
153
|
|
147
154
|
scope
|
148
155
|
end
|
156
|
+
|
157
|
+
def authorize_for_order
|
158
|
+
@order = Spree::Order.find_by(number: params[:order_id] || params[:id])
|
159
|
+
authorize! :read, @order, order_token
|
160
|
+
end
|
149
161
|
end
|
150
162
|
end
|
151
163
|
end
|
@@ -31,8 +31,7 @@ module Spree
|
|
31
31
|
end
|
32
32
|
|
33
33
|
def show
|
34
|
-
|
35
|
-
respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
|
34
|
+
redirect_to(api_order_path(params[:id]), status: 301)
|
36
35
|
end
|
37
36
|
|
38
37
|
def update
|
@@ -134,10 +133,6 @@ module Spree
|
|
134
133
|
end
|
135
134
|
false
|
136
135
|
end
|
137
|
-
|
138
|
-
def order_token
|
139
|
-
request.headers["X-Spree-Order-Token"] || params[:order_token]
|
140
|
-
end
|
141
136
|
end
|
142
137
|
end
|
143
138
|
end
|
@@ -9,7 +9,7 @@ module Spree
|
|
9
9
|
@products = product_scope.ransack(params[:q]).result
|
10
10
|
end
|
11
11
|
|
12
|
-
@products = @products.page(params[:page]).per(params[:per_page])
|
12
|
+
@products = @products.distinct.page(params[:page]).per(params[:per_page])
|
13
13
|
end
|
14
14
|
|
15
15
|
def show
|
@@ -116,8 +116,7 @@ module Spree
|
|
116
116
|
def destroy
|
117
117
|
@product = find_product(params[:id])
|
118
118
|
authorize! :destroy, @product
|
119
|
-
@product.
|
120
|
-
@product.variants_including_master.update_all(:deleted_at => Time.now)
|
119
|
+
@product.destroy
|
121
120
|
respond_with(@product, :status => 204)
|
122
121
|
end
|
123
122
|
|
@@ -71,7 +71,9 @@ module Spree
|
|
71
71
|
@@order_attributes = [
|
72
72
|
:id, :number, :item_total, :total, :ship_total, :state, :adjustment_total,
|
73
73
|
:user_id, :created_at, :updated_at, :completed_at, :payment_total,
|
74
|
-
:shipment_state, :payment_state, :email, :special_instructions, :channel,
|
74
|
+
:shipment_state, :payment_state, :email, :special_instructions, :channel,
|
75
|
+
:included_tax_total, :additional_tax_total, :display_included_tax_total,
|
76
|
+
:display_additional_tax_total, :tax_total, :currency
|
75
77
|
]
|
76
78
|
|
77
79
|
@@line_item_attributes = [:id, :quantity, :price, :variant_id]
|
@@ -17,8 +17,7 @@ module Spree
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def stub_authentication!
|
20
|
-
|
21
|
-
Spree::LegacyUser.stub :find_by_spree_api_key => current_api_user
|
20
|
+
Spree::LegacyUser.stub(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
|
22
21
|
end
|
23
22
|
|
24
23
|
# This method can be overriden (with a let block) inside a context
|
@@ -21,6 +21,24 @@ describe Spree::Api::BaseController do
|
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
+
context "when validating based on an order token" do
|
25
|
+
let!(:order) { create :order }
|
26
|
+
|
27
|
+
context "with a correct order token" do
|
28
|
+
it "succeeds" do
|
29
|
+
api_get :index, order_token: order.token, order_id: order.number
|
30
|
+
response.status.should == 200
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
context "with an incorrect order token" do
|
35
|
+
it "returns unauthorized" do
|
36
|
+
api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
|
37
|
+
response.status.should == 401
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
24
42
|
context "cannot make a request to the API" do
|
25
43
|
it "without an API key" do
|
26
44
|
api_get :index
|
@@ -22,6 +22,16 @@ module Spree
|
|
22
22
|
Spree::Config[:track_inventory_levels] = true
|
23
23
|
end
|
24
24
|
|
25
|
+
context "GET 'show'" do
|
26
|
+
let(:order) { create(:order) }
|
27
|
+
|
28
|
+
it "redirects to Orders#show" do
|
29
|
+
api_get :show, :id => order.number
|
30
|
+
response.status.should == 301
|
31
|
+
response.should redirect_to("/api/orders/#{order.number}")
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
25
35
|
context "POST 'create'" do
|
26
36
|
it "creates a new order when no parameters are passed" do
|
27
37
|
api_post :create
|
@@ -10,11 +10,8 @@ module Spree
|
|
10
10
|
let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
|
11
11
|
let(:resource_scoping) { { :order_id => order.to_param } }
|
12
12
|
|
13
|
-
before do
|
14
|
-
stub_authentication!
|
15
|
-
end
|
16
|
-
|
17
13
|
it "can learn how to create a new line item" do
|
14
|
+
controller.stub :try_spree_current_user => current_api_user
|
18
15
|
api_get :new
|
19
16
|
json_response["attributes"].should == ["quantity", "price", "variant_id"]
|
20
17
|
required_attributes = json_response["required_attributes"]
|
@@ -40,6 +37,7 @@ module Spree
|
|
40
37
|
|
41
38
|
context "as the order owner" do
|
42
39
|
before do
|
40
|
+
controller.stub :try_spree_current_user => current_api_user
|
43
41
|
Order.any_instance.stub :user => current_api_user
|
44
42
|
end
|
45
43
|
|
@@ -97,10 +95,28 @@ module Spree
|
|
97
95
|
api_delete :destroy, :id => line_item.id
|
98
96
|
expect(order.reload.shipments).to be_empty
|
99
97
|
end
|
98
|
+
|
99
|
+
context "order is completed" do
|
100
|
+
before do
|
101
|
+
order.stub completed?: true
|
102
|
+
Order.stub find_by!: order
|
103
|
+
end
|
104
|
+
|
105
|
+
it "doesn't destroy shipments or restart checkout flow" do
|
106
|
+
expect(order.reload.shipments).not_to be_empty
|
107
|
+
api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
|
108
|
+
expect(order.reload.shipments).not_to be_empty
|
109
|
+
end
|
110
|
+
end
|
100
111
|
end
|
101
112
|
end
|
102
113
|
|
103
114
|
context "as just another user" do
|
115
|
+
before do
|
116
|
+
user = create(:user)
|
117
|
+
controller.stub :try_spree_current_user => user
|
118
|
+
end
|
119
|
+
|
104
120
|
it "cannot add a new line item to the order" do
|
105
121
|
api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
|
106
122
|
assert_unauthorized!
|
@@ -13,7 +13,7 @@ module Spree
|
|
13
13
|
:user_id, :created_at, :updated_at,
|
14
14
|
:completed_at, :payment_total, :shipment_state,
|
15
15
|
:payment_state, :email, :special_instructions,
|
16
|
-
:total_quantity, :display_item_total] }
|
16
|
+
:total_quantity, :display_item_total, :currency] }
|
17
17
|
|
18
18
|
let(:address_params) { { :country_id => Country.first.id, :state_id => State.first.id } }
|
19
19
|
|
@@ -28,6 +28,24 @@ module Spree
|
|
28
28
|
end
|
29
29
|
|
30
30
|
context "as a normal user" do
|
31
|
+
context "with caching enabled" do
|
32
|
+
let!(:product_2) { create(:product) }
|
33
|
+
|
34
|
+
before do
|
35
|
+
ActionController::Base.perform_caching = true
|
36
|
+
end
|
37
|
+
|
38
|
+
it "returns unique products" do
|
39
|
+
api_get :index
|
40
|
+
product_ids = json_response["products"].map { |p| p["id"] }
|
41
|
+
expect(product_ids.uniq.count).to eq(product_ids.count)
|
42
|
+
end
|
43
|
+
|
44
|
+
after do
|
45
|
+
ActionController::Base.perform_caching = false
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
31
49
|
it "retrieves a list of products" do
|
32
50
|
api_get :index
|
33
51
|
json_response["products"].first.should have_attributes(attributes)
|
@@ -46,6 +64,15 @@ module Spree
|
|
46
64
|
json_response["per_page"].should == Kaminari.config.default_per_page
|
47
65
|
end
|
48
66
|
|
67
|
+
context "product has more than one price" do
|
68
|
+
before { product.master.prices.create currency: "EUR", amount: 22 }
|
69
|
+
|
70
|
+
it "returns distinct products only" do
|
71
|
+
api_get :index
|
72
|
+
expect(assigns(:products).map(&:id).uniq).to eq assigns(:products).map(&:id)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
49
76
|
it "retrieves a list of products by ids string" do
|
50
77
|
second_product = create(:product)
|
51
78
|
api_get :index, :ids => [product.id, second_product.id].join(",")
|
@@ -11,7 +11,9 @@ module Spree
|
|
11
11
|
before { stub_authentication! }
|
12
12
|
|
13
13
|
context "as a normal user" do
|
14
|
-
before
|
14
|
+
before do
|
15
|
+
controller.stub :try_spree_current_user => user
|
16
|
+
end
|
15
17
|
|
16
18
|
it "can get own details" do
|
17
19
|
api_get :show, :id => user.id
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spree_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryan Bigg
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-03-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: spree_core
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 2.1.
|
19
|
+
version: 2.1.6
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 2.1.
|
26
|
+
version: 2.1.6
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rabl
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -254,7 +254,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
254
254
|
version: '0'
|
255
255
|
requirements: []
|
256
256
|
rubyforge_project:
|
257
|
-
rubygems_version: 2.2.
|
257
|
+
rubygems_version: 2.2.2
|
258
258
|
signing_key:
|
259
259
|
specification_version: 4
|
260
260
|
summary: Spree's API
|