spree_api 2.1.5 → 2.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8ec8d2a00aea7321fefad11982a2d8189dac5966
4
- data.tar.gz: a623fd16b63b39761f6b84aead9790e95c163f74
3
+ metadata.gz: 02fd5d06ef9c3f4ff35f710a66e4d1b187d08abd
4
+ data.tar.gz: f3623943eb622ff032d8ee517767233fe97dd5c1
5
5
  SHA512:
6
- metadata.gz: 07a0829cf7e00aaab18ef8d21f69f5e546b3f35b224008a38ef61d6b9517ad317184f9187a621b047192b41fb88726fbc48b1930ba2bbd923c89d39e9aaf80fc
7
- data.tar.gz: 03e458073acca0d80cd9f34712d4b9aeb5b4ab077e285e4456ab3e07f9d692984f099ab3a7fd83fee881f688ac159fe2619cef88320ed8eb703616f3937f3d44
6
+ metadata.gz: 78ba1c0714fab0a471d20015f35c6cc828306b4b4a9588f8688e0c938cc56be97ee42d887db371f8bf345926c3a05049170fe5b6bcfae14f41c51a975bd70268
7
+ data.tar.gz: a9b071acd933a1767c3b5686e02e15221fa8578d229c74fb6063ce6c901f16b8102e1552199b5ebd5c575ff732d61eb906e0656d134e0e98ee16da0bd6c52e68
@@ -38,10 +38,6 @@ module Spree
38
38
  raise CanCan::AccessDenied
39
39
  end
40
40
  end
41
-
42
- def order_token
43
- request.headers["X-Spree-Order-Token"] || params[:order_token]
44
- end
45
41
  end
46
42
  end
47
43
  end
@@ -9,6 +9,8 @@ module Spree
9
9
  include Spree::Core::ControllerHelpers::StrongParameters
10
10
  include ::ActionController::Head
11
11
  include ::ActionController::ConditionalGet
12
+ include ::ActionController::Redirecting
13
+ include Spree::Core::Engine.routes.url_helpers
12
14
 
13
15
  self.responder = Spree::Api::Responders::AppResponder
14
16
 
@@ -17,7 +19,8 @@ module Spree
17
19
  attr_accessor :current_api_user
18
20
 
19
21
  before_filter :set_content_type
20
- before_filter :check_for_user_or_api_key, :if => :requires_authentication?
22
+ before_filter :load_user
23
+ before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
21
24
  before_filter :authenticate_user
22
25
  after_filter :set_jsonp_format
23
26
 
@@ -59,28 +62,23 @@ module Spree
59
62
  def set_content_type
60
63
  content_type = case params[:format]
61
64
  when "json"
62
- "application/json"
65
+ "application/json; charset=utf-8"
63
66
  when "xml"
64
- "text/xml"
67
+ "text/xml; charset=utf-8"
65
68
  end
66
69
  headers["Content-Type"] = content_type
67
70
  end
68
71
 
69
- def check_for_user_or_api_key
70
- # User is already authenticated with Spree, make request this way instead.
71
- return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
72
-
73
- if api_key.blank?
74
- render "spree/api/errors/must_specify_api_key", :status => 401 and return
75
- end
72
+ def load_user
73
+ @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
76
74
  end
77
75
 
78
76
  def authenticate_user
79
77
  unless @current_api_user
80
- if requires_authentication? || api_key.present?
81
- unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
82
- render "spree/api/errors/invalid_api_key", :status => 401 and return
83
- end
78
+ if requires_authentication? && api_key.blank? && order_token.blank?
79
+ render "spree/api/errors/must_specify_api_key", :status => 401 and return
80
+ elsif order_token.blank? && (requires_authentication? || api_key.present?)
81
+ render "spree/api/errors/invalid_api_key", :status => 401 and return
84
82
  else
85
83
  # An anonymous user
86
84
  @current_api_user = Spree.user_class.new
@@ -112,6 +110,11 @@ module Spree
112
110
  Spree::Ability.new(current_api_user)
113
111
  end
114
112
 
113
+ def current_currency
114
+ Spree::Config[:currency]
115
+ end
116
+ helper_method :current_currency
117
+
115
118
  def invalid_resource!(resource)
116
119
  @resource = resource
117
120
  render "spree/api/errors/invalid_resource", :status => 422
@@ -122,6 +125,10 @@ module Spree
122
125
  end
123
126
  helper_method :api_key
124
127
 
128
+ def order_token
129
+ request.headers["X-Spree-Order-Token"] || params[:order_token]
130
+ end
131
+
125
132
  def find_product(id)
126
133
  begin
127
134
  product_scope.find_by_permalink!(id.to_s)
@@ -146,6 +153,11 @@ module Spree
146
153
 
147
154
  scope
148
155
  end
156
+
157
+ def authorize_for_order
158
+ @order = Spree::Order.find_by(number: params[:order_id] || params[:id])
159
+ authorize! :read, @order, order_token
160
+ end
149
161
  end
150
162
  end
151
163
  end
@@ -31,8 +31,7 @@ module Spree
31
31
  end
32
32
 
33
33
  def show
34
- load_order
35
- respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
34
+ redirect_to(api_order_path(params[:id]), status: 301)
36
35
  end
37
36
 
38
37
  def update
@@ -134,10 +133,6 @@ module Spree
134
133
  end
135
134
  false
136
135
  end
137
-
138
- def order_token
139
- request.headers["X-Spree-Order-Token"] || params[:order_token]
140
- end
141
136
  end
142
137
  end
143
138
  end
@@ -41,10 +41,6 @@ module Spree
41
41
  def line_item_params
42
42
  params.require(:line_item).permit(:quantity, :variant_id)
43
43
  end
44
-
45
- def order_token
46
- request.headers["X-Spree-Order-Token"] || params[:order_token]
47
- end
48
44
  end
49
45
  end
50
46
  end
@@ -168,10 +168,6 @@ module Spree
168
168
  def before_delivery
169
169
  @order.create_proposed_shipments
170
170
  end
171
-
172
- def order_token
173
- request.headers["X-Spree-Order-Token"] || params[:order_token]
174
- end
175
171
  end
176
172
  end
177
173
  end
@@ -9,7 +9,7 @@ module Spree
9
9
  @products = product_scope.ransack(params[:q]).result
10
10
  end
11
11
 
12
- @products = @products.page(params[:page]).per(params[:per_page])
12
+ @products = @products.distinct.page(params[:page]).per(params[:per_page])
13
13
  end
14
14
 
15
15
  def show
@@ -116,8 +116,7 @@ module Spree
116
116
  def destroy
117
117
  @product = find_product(params[:id])
118
118
  authorize! :destroy, @product
119
- @product.update_attribute(:deleted_at, Time.now)
120
- @product.variants_including_master.update_all(:deleted_at => Time.now)
119
+ @product.destroy
121
120
  respond_with(@product, :status => 204)
122
121
  end
123
122
 
@@ -71,7 +71,9 @@ module Spree
71
71
  @@order_attributes = [
72
72
  :id, :number, :item_total, :total, :ship_total, :state, :adjustment_total,
73
73
  :user_id, :created_at, :updated_at, :completed_at, :payment_total,
74
- :shipment_state, :payment_state, :email, :special_instructions, :channel, :tax_total
74
+ :shipment_state, :payment_state, :email, :special_instructions, :channel,
75
+ :included_tax_total, :additional_tax_total, :display_included_tax_total,
76
+ :display_additional_tax_total, :tax_total, :currency
75
77
  ]
76
78
 
77
79
  @@line_item_attributes = [:id, :quantity, :price, :variant_id]
@@ -1,5 +1,5 @@
1
1
  object @product
2
- cache @product
2
+ cache [current_currency, root_object]
3
3
  attributes *product_attributes
4
4
  node(:display_price) { |p| p.display_price.to_s }
5
5
  child :variants_including_master => :variants do
@@ -17,8 +17,7 @@ module Spree
17
17
  end
18
18
 
19
19
  def stub_authentication!
20
- controller.stub :check_for_user_or_api_key
21
- Spree::LegacyUser.stub :find_by_spree_api_key => current_api_user
20
+ Spree::LegacyUser.stub(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
22
21
  end
23
22
 
24
23
  # This method can be overriden (with a let block) inside a context
@@ -21,6 +21,24 @@ describe Spree::Api::BaseController do
21
21
  end
22
22
  end
23
23
 
24
+ context "when validating based on an order token" do
25
+ let!(:order) { create :order }
26
+
27
+ context "with a correct order token" do
28
+ it "succeeds" do
29
+ api_get :index, order_token: order.token, order_id: order.number
30
+ response.status.should == 200
31
+ end
32
+ end
33
+
34
+ context "with an incorrect order token" do
35
+ it "returns unauthorized" do
36
+ api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
37
+ response.status.should == 401
38
+ end
39
+ end
40
+ end
41
+
24
42
  context "cannot make a request to the API" do
25
43
  it "without an API key" do
26
44
  api_get :index
@@ -22,6 +22,16 @@ module Spree
22
22
  Spree::Config[:track_inventory_levels] = true
23
23
  end
24
24
 
25
+ context "GET 'show'" do
26
+ let(:order) { create(:order) }
27
+
28
+ it "redirects to Orders#show" do
29
+ api_get :show, :id => order.number
30
+ response.status.should == 301
31
+ response.should redirect_to("/api/orders/#{order.number}")
32
+ end
33
+ end
34
+
25
35
  context "POST 'create'" do
26
36
  it "creates a new order when no parameters are passed" do
27
37
  api_post :create
@@ -10,11 +10,8 @@ module Spree
10
10
  let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
11
11
  let(:resource_scoping) { { :order_id => order.to_param } }
12
12
 
13
- before do
14
- stub_authentication!
15
- end
16
-
17
13
  it "can learn how to create a new line item" do
14
+ controller.stub :try_spree_current_user => current_api_user
18
15
  api_get :new
19
16
  json_response["attributes"].should == ["quantity", "price", "variant_id"]
20
17
  required_attributes = json_response["required_attributes"]
@@ -40,6 +37,7 @@ module Spree
40
37
 
41
38
  context "as the order owner" do
42
39
  before do
40
+ controller.stub :try_spree_current_user => current_api_user
43
41
  Order.any_instance.stub :user => current_api_user
44
42
  end
45
43
 
@@ -97,10 +95,28 @@ module Spree
97
95
  api_delete :destroy, :id => line_item.id
98
96
  expect(order.reload.shipments).to be_empty
99
97
  end
98
+
99
+ context "order is completed" do
100
+ before do
101
+ order.stub completed?: true
102
+ Order.stub find_by!: order
103
+ end
104
+
105
+ it "doesn't destroy shipments or restart checkout flow" do
106
+ expect(order.reload.shipments).not_to be_empty
107
+ api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
108
+ expect(order.reload.shipments).not_to be_empty
109
+ end
110
+ end
100
111
  end
101
112
  end
102
113
 
103
114
  context "as just another user" do
115
+ before do
116
+ user = create(:user)
117
+ controller.stub :try_spree_current_user => user
118
+ end
119
+
104
120
  it "cannot add a new line item to the order" do
105
121
  api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
106
122
  assert_unauthorized!
@@ -13,7 +13,7 @@ module Spree
13
13
  :user_id, :created_at, :updated_at,
14
14
  :completed_at, :payment_total, :shipment_state,
15
15
  :payment_state, :email, :special_instructions,
16
- :total_quantity, :display_item_total] }
16
+ :total_quantity, :display_item_total, :currency] }
17
17
 
18
18
  let(:address_params) { { :country_id => Country.first.id, :state_id => State.first.id } }
19
19
 
@@ -28,6 +28,24 @@ module Spree
28
28
  end
29
29
 
30
30
  context "as a normal user" do
31
+ context "with caching enabled" do
32
+ let!(:product_2) { create(:product) }
33
+
34
+ before do
35
+ ActionController::Base.perform_caching = true
36
+ end
37
+
38
+ it "returns unique products" do
39
+ api_get :index
40
+ product_ids = json_response["products"].map { |p| p["id"] }
41
+ expect(product_ids.uniq.count).to eq(product_ids.count)
42
+ end
43
+
44
+ after do
45
+ ActionController::Base.perform_caching = false
46
+ end
47
+ end
48
+
31
49
  it "retrieves a list of products" do
32
50
  api_get :index
33
51
  json_response["products"].first.should have_attributes(attributes)
@@ -46,6 +64,15 @@ module Spree
46
64
  json_response["per_page"].should == Kaminari.config.default_per_page
47
65
  end
48
66
 
67
+ context "product has more than one price" do
68
+ before { product.master.prices.create currency: "EUR", amount: 22 }
69
+
70
+ it "returns distinct products only" do
71
+ api_get :index
72
+ expect(assigns(:products).map(&:id).uniq).to eq assigns(:products).map(&:id)
73
+ end
74
+ end
75
+
49
76
  it "retrieves a list of products by ids string" do
50
77
  second_product = create(:product)
51
78
  api_get :index, :ids => [product.id, second_product.id].join(",")
@@ -11,7 +11,9 @@ module Spree
11
11
  before { stub_authentication! }
12
12
 
13
13
  context "as a normal user" do
14
- before { Spree::LegacyUser.stub :find_by_spree_api_key => user }
14
+ before do
15
+ controller.stub :try_spree_current_user => user
16
+ end
15
17
 
16
18
  it "can get own details" do
17
19
  api_get :show, :id => user.id
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spree_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.5
4
+ version: 2.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Bigg
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-02-18 00:00:00.000000000 Z
11
+ date: 2014-03-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: spree_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.1.5
19
+ version: 2.1.6
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.1.5
26
+ version: 2.1.6
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rabl
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -254,7 +254,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
254
254
  version: '0'
255
255
  requirements: []
256
256
  rubyforge_project:
257
- rubygems_version: 2.2.0
257
+ rubygems_version: 2.2.2
258
258
  signing_key:
259
259
  specification_version: 4
260
260
  summary: Spree's API