RubyGems - spree_api - Versions diffs - 2.1.12 → 2.2.0 - Mend

spree_api 2.1.12 → 2.2.0

Files changed (42) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6a08ed7200c466d0fd9ec9f30a023e25762b0818
-  data.tar.gz: 7e46adff6873f64f2cbfeeb272ea0b9a1cd72ed5
+  metadata.gz: 4e802b7e59fd0ecbd4af2cdaae70e049780d4f2f
+  data.tar.gz: 296836af524b2aff916ac7f7d5fa6a4211997194
 SHA512:
-  metadata.gz: e2b70fb725a233dca2913251d058a3ff0ede0ba0f6490eaba055e439a96764db21eaa0a4b2206ad4538cebce2a61fa9215b76cde3d3b50e9463992559e3f713e
-  data.tar.gz: d822c1904e28486d7d6e79e6e4d485a32457bfb03daf035ba039bdaa6c80343a2368bc3ac0c638e2f7eb1e3e3676b12860eaac33823faabef618b75a5a74c701
+  metadata.gz: fce325a070ade67fa025cbbc9026736ab956537adfa2fb8bf3858cb1fc2eab7c827f1ea543db9d9f5a35864d718fe94ef37cb92f37cfef96faf460bc641584e7
+  data.tar.gz: 7d346032e759b80968da1deb2081c73d266f97853a388461b90febddcfa510baa7b6ed366d11eac6866fe4dcaa8de126a6e788ce11bdfd673b1b76c4b12b895d

data/CHANGELOG.md CHANGED Viewed

@@ -1 +1,51 @@
-## Spree 2.1.5 (unreleased) ##
+## Spree 2.2.0 (unreleased) ##
+*   Api requires authentication by default now
+    Peter Berkenbosch
+*   Improve products_controller #create and #update for better support to create
+    and update variants, option types and option values.
+    See #4172 and #4240
+    Bruno Buccolo / Washington Luiz / John Dyer
+*   ApiHelpers attributes can now be extended without overriding instance
+    methods. By using the same approach in PermittedAttributes. e.g.
+        Spree::Api::ApiHelpers.order_attributes.push :locked_at
+    Washington Luiz
+*   Admin users can set the order channel when importing orders. By sing the
+    channel attribute on Order model
+    Washington Luiz
+*   Cached products/show template, which can lead to drastically (65x) faster loading times on product requests. 806319709c4ce9a3d0026e00ec2d07372f51cdb8
+    Ryan Bigg
+*   The parts that make up an order's response from /api/orders/:num are cached, which can lead to a 5x improvement of speed for this API endpoint. 80ffb1e739606ac02ac86336ac13a51583bcc225
+    Ryan Bigg
+* Cached variant objects which can lead to slightly faster loading times (4x) for each variant.
+    Ryan Bigg
+* Added a route to allow for /api/variants/:id requests
+    Ryan Bigg
+* Products response now contains a master variant separately from all the other variants. Previously all variants were grouped together.
+    Ryan Bigg
+* Added API endpoint to retrieve a user's orders: /api/orders/mine. #4022
+    Richard Nuno
+* Order token can now be passed as a header: `X-Spree-Order-Token`. #4148
+    Lucjan Suski

data/app/controllers/spree/api/addresses_controller.rb CHANGED Viewed

@@ -4,14 +4,12 @@ module Spree
       before_filter :find_order
       def show
-        authorize! :read, @order, order_token
-        find_address
+        load_and_authorize_address(:read)
         respond_with(@address)
       end
       def update
-        authorize! :update, @order, order_token
-        find_address
+        load_and_authorize_address(:update)
         if @address.update_attributes(address_params)
           respond_with(@address, :default_template => :show)
@@ -26,16 +24,33 @@ module Spree
         end
         def find_order
-          @order = Spree::Order.find_by!(number: params[:order_id])
+          @order = Spree::Order.find_by!(number: params[:order_id]) if params[:order_id]
         end
         def find_address
-          @address = if @order.bill_address_id == params[:id].to_i
-            @order.bill_address
-          elsif @order.ship_address_id == params[:id].to_i
-            @order.ship_address
+          if @order
+            @address = if @order.bill_address_id == params[:id].to_i
+              @order.bill_address
+            elsif @order.ship_address_id == params[:id].to_i
+              @order.ship_address
+            else
+              raise CanCan::AccessDenied
+            end
           else
-            raise CanCan::AccessDenied
+            @address = Spree::Address.find(params[:id])
+          end
+        end
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
+        def load_and_authorize_address(permission)
+          find_address
+          if @order
+            authorize! permission, @order, order_token
+          else
+            authorize! permission, @address
           end
         end
     end

data/app/controllers/spree/api/base_controller.rb CHANGED Viewed

@@ -9,18 +9,11 @@ module Spree
       include Spree::Core::ControllerHelpers::StrongParameters
       include ::ActionController::Head
       include ::ActionController::ConditionalGet
-      include ::ActionController::Redirecting
-      include Spree::Core::Engine.routes.url_helpers
-      self.responder = Spree::Api::Responders::AppResponder
-      respond_to :json
       attr_accessor :current_api_user
       before_filter :set_content_type
-      before_filter :load_user
-      before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
+      before_filter :check_for_user_or_api_key, :if => :requires_authentication?
       before_filter :authenticate_user
       after_filter  :set_jsonp_format
@@ -51,7 +44,7 @@ module Spree
       # users should be able to set price when importing orders via api
       def permitted_line_item_attributes
         if current_api_user.has_spree_role?("admin")
-          super + [:price, :variant_id, :sku]
+          super << [:price, :variant_id, :sku]
         else
           super
         end
@@ -62,23 +55,28 @@ module Spree
       def set_content_type
         content_type = case params[:format]
         when "json"
-          "application/json; charset=utf-8"
+          "application/json"
         when "xml"
-          "text/xml; charset=utf-8"
+          "text/xml"
         end
         headers["Content-Type"] = content_type
       end
-      def load_user
-        @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
+      def check_for_user_or_api_key
+        # User is already authenticated with Spree, make request this way instead.
+        return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
+        if api_key.blank?
+          render "spree/api/errors/must_specify_api_key", :status => 401 and return
+        end
       end
       def authenticate_user
         unless @current_api_user
-          if requires_authentication? && api_key.blank? && order_token.blank?
-            render "spree/api/errors/must_specify_api_key", :status => 401 and return
-          elsif order_token.blank? && (requires_authentication? || api_key.present?)
-            render "spree/api/errors/invalid_api_key", :status => 401 and return
+          if requires_authentication? || api_key.present?
+            unless @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
+              render "spree/api/errors/invalid_api_key", :status => 401 and return
+            end
           else
             # An anonymous user
             @current_api_user = Spree.user_class.new
@@ -125,13 +123,9 @@ module Spree
       end
       helper_method :api_key
-      def order_token
-        request.headers["X-Spree-Order-Token"] || params[:order_token]
-      end
       def find_product(id)
         begin
-          product_scope.find_by_permalink!(id.to_s)
+          product_scope.friendly.find(id.to_s)
         rescue ActiveRecord::RecordNotFound
           product_scope.find(id)
         end
@@ -141,23 +135,18 @@ module Spree
         variants_associations = [{ option_values: :option_type }, :default_price, :prices, :images]
         if current_api_user.has_spree_role?("admin")
           scope = Product.with_deleted.accessible_by(current_ability, :read)
-            .includes(:product_properties, :option_types, variants_including_master: variants_associations)
+            .includes(:properties, :option_types, variants: variants_associations, master: variants_associations)
           unless params[:show_deleted]
             scope = scope.not_deleted
           end
         else
           scope = Product.accessible_by(current_ability, :read).active
-            .includes(:product_properties, :option_types, variants_including_master: variants_associations)
+            .includes(:properties, :option_types, variants: variants_associations, master: variants_associations)
         end
         scope
       end
-      def authorize_for_order
-        @order = Spree::Order.find_by(number: params[:order_id] || params[:id])
-        authorize! :read, @order, order_token
-      end
     end
   end
 end

data/app/controllers/spree/api/checkouts_controller.rb CHANGED Viewed

@@ -31,7 +31,8 @@ module Spree
       end
       def show
-        redirect_to(api_order_path(params[:id]), status: 301)
+        load_order
+        respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
       end
       def update
@@ -53,28 +54,11 @@ module Spree
       end
       private
-        def object_params
-          modify_payment_attributes params[:order] || {}
-          protected_params = if params[:order]
-                               params.require(:order).permit(permitted_checkout_attributes)
-                             else
-                               {}
-                             end
-          map_nested_attributes_keys Order, protected_params
-        end
-        def user_id
-          params[:order][:user_id] if params[:order]
-        end
-        # For payment step, filter order parameters to produce the expected
-        # nested attributes for a single payment and its source, discarding
-        # attributes for payment methods other than the one selected
-        #
-        # respond_to check is necessary due to issue described in #2910
-        def modify_payment_attributes(object_params)
+        def object_params
+          # For payment step, filter order parameters to produce the expected nested attributes for a single payment and its source, discarding attributes for payment methods other than the one selected
+          # respond_to check is necessary due to issue described in #2910
+          object_params = nested_params
           if @order.has_checkout_step?('payment') && @order.payment?
             if object_params[:payments_attributes].is_a?(Hash)
               object_params[:payments_attributes] = [object_params[:payments_attributes]]
@@ -86,6 +70,11 @@ module Spree
               object_params[:payments_attributes].first[:amount] = @order.total.to_s
             end
           end
+          object_params
+        end
+        def user_id
+          params[:order][:user_id] if params[:order]
         end
         def nested_params
@@ -105,10 +94,6 @@ module Spree
           state_callback(:before)
         end
-        def current_currency
-          Spree::Config[:currency]
-        end
         def ip_address
           ''
         end
@@ -122,6 +107,10 @@ module Spree
           send(method_name) if respond_to?(method_name, true)
         end
+        def before_payment
+          @order.payments.destroy_all if request.put?
+        end
         def next!(options={})
           if @order.valid? && @order.next
             render 'spree/api/orders/show', status: options[:status] || 200
@@ -132,15 +121,20 @@ module Spree
         def after_update_attributes
           if object_params && object_params[:coupon_code].present?
-            coupon_result = Spree::Promo::CouponApplicator.new(@order).apply
-            if !coupon_result[:coupon_applied?]
-              @coupon_message = coupon_result[:error]
+            handler = PromotionHandler::Coupon.new(@order).apply
+            if handler.error.present?
+              @coupon_message = handler.error
               respond_with(@order, default_template: 'spree/api/orders/could_not_apply_coupon')
               return true
             end
           end
           false
         end
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end

data/app/controllers/spree/api/classifications_controller.rb ADDED Viewed

@@ -0,0 +1,18 @@
+module Spree
+  module Api
+    class ClassificationsController < Spree::Api::BaseController
+      def update
+        authorize! :update, Product
+        authorize! :update, Taxon
+        classification = Spree::Classification.find_by(
+          :product_id => params[:product_id],
+          :taxon_id => params[:taxon_id]
+        )
+        # Because position we get back is 0-indexed.
+        # acts_as_list is 1-indexed.
+        classification.insert_at(params[:position].to_i + 1)
+        render :nothing => true
+      end
+    end
+  end
+end

data/app/controllers/spree/api/line_items_controller.rb CHANGED Viewed

@@ -15,8 +15,9 @@ module Spree
       def update
         @line_item = order.line_items.find(params[:id])
-        if @line_item.update_attributes(line_item_params)
+        if @order.contents.update_cart(line_items_attributes)
           @order.ensure_updated_shipments
+          @line_item.reload
           respond_with(@line_item, default_template: :show)
         else
           invalid_resource!(@line_item)
@@ -38,9 +39,20 @@ module Spree
           authorize! :update, @order, order_token
         end
+        def line_items_attributes
+          { line_items_attributes: {
+            id: params[:id],
+            quantity: params[:line_item][:quantity]
+          } }
+        end
         def line_item_params
           params.require(:line_item).permit(:quantity, :variant_id)
         end
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end

data/app/controllers/spree/api/option_types_controller.rb CHANGED Viewed

@@ -3,9 +3,9 @@ module Spree
     class OptionTypesController < Spree::Api::BaseController
       def index
         if params[:ids]
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).where(:id => params[:ids].split(','))
         else
-          @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).load.ransack(params[:q]).result
+          @option_types = Spree::OptionType.accessible_by(current_ability, :read).load.ransack(params[:q]).result
         end
         respond_with(@option_types)
       end

data/app/controllers/spree/api/option_values_controller.rb CHANGED Viewed

@@ -51,7 +51,7 @@ module Spree
         end
         def option_value_params
-          params.require(:option_value).permit(permitted_option_value_attributes)
+          params.require(:option_value).permit(permitted_option_type_attributes)
         end
     end
   end

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -28,7 +28,6 @@ module Spree
       def empty
         find_order
-        authorize! :update, @order, order_token
         @order.empty!
         @order.update!
         render text: nil, status: 200
@@ -42,7 +41,6 @@ module Spree
       def show
         find_order
-        authorize! :show, @order, order_token
         method = "before_#{@order.state}"
         send(method) if respond_to?(method, true)
         respond_with(@order)
@@ -50,7 +48,6 @@ module Spree
       def update
         find_order(true)
-        authorize! :update, @order, order_token
         # Parsing line items through as an update_attributes call in the API will result in
         # many line items for the same variant_id being created. We must be smarter about this,
         # hence the use of the update_line_items method, defined within order_decorator.rb.
@@ -66,7 +63,7 @@ module Spree
           invalid_resource!(@order)
         end
       end
       def mine
         if current_api_user.persisted?
           @orders = current_api_user.orders.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
@@ -75,37 +72,12 @@ module Spree
         end
       end
-      ##
-      # Applies a promotion code to the user's most recent order
-      # This is a temporary API method until we move to next Spree release which has this logic already in this commit.
-      #
-      # https://github.com/spree/spree/commit/72a5b74c47af975fc3492580415a4cdc2dc02c0c
-      #
-      # Source references:
-      #
-      # https://github.com/spree/spree/blob/master/frontend/app/controllers/spree/store_controller.rb#L13
-      # https://github.com/spree/spree/blob/2-1-stable/frontend/app/controllers/spree/orders_controller.rb#L100
       def apply_coupon_code
         find_order
-        authorize! :update, @order, order_token
         @order.coupon_code = params[:coupon_code]
-        @order.save
-        # https://github.com/spree/spree/blob/2-1-stable/core/lib/spree/promo/coupon_applicator.rb
-        result = Spree::Promo::CouponApplicator.new(@order).apply
-        result[:coupon_applied?]  ||= false
-        # Move flash.notice fields into success if applied
-        # An error message is in result[:error]
-        if result[:coupon_applied?] && result[:notice]
-          result[:success] = result[:notice]
-        end
-        # Need to turn hash result into object for RABL
-        # https://github.com/nesquena/rabl/wiki/Rendering-hash-objects-in-rabl
-        @coupon_result = OpenStruct.new(result)
-        render status: @coupon_result.coupon_applied? ? 200 : 422
+        @handler = PromotionHandler::Coupon.new(@order).apply
+        status = @handler.successful? ? 200 : 422
+        render "spree/api/promotions/handler", :status => status
       end
       private
@@ -134,7 +106,7 @@ module Spree
         def permitted_order_attributes
           if current_api_user.has_spree_role? "admin"
-            super + admin_order_attributes
+            super << admin_order_attributes
           else
             super
           end
@@ -142,7 +114,7 @@ module Spree
         def permitted_shipment_attributes
           if current_api_user.has_spree_role? "admin"
-            super + admin_shipment_attributes
+            super << admin_shipment_attributes
           else
             super
           end
@@ -166,11 +138,17 @@ module Spree
         def find_order(lock = false)
           @order = Spree::Order.lock(lock).find_by!(number: params[:id])
+          authorize! :update, @order, order_token
         end
         def before_delivery
           @order.create_proposed_shipments
         end
+        def order_token
+          request.headers["X-Spree-Order-Token"] || params[:order_token]
+        end
     end
   end
 end