spree_api 2.2.0 → 2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4e802b7e59fd0ecbd4af2cdaae70e049780d4f2f
-  data.tar.gz: 296836af524b2aff916ac7f7d5fa6a4211997194
+  metadata.gz: 2b9a1e586735e3cc1e1cee5cd20399b9921dc7b2
+  data.tar.gz: cb20dc4dc54932929151ce653e94964cc367a89f
 SHA512:
-  metadata.gz: fce325a070ade67fa025cbbc9026736ab956537adfa2fb8bf3858cb1fc2eab7c827f1ea543db9d9f5a35864d718fe94ef37cb92f37cfef96faf460bc641584e7
-  data.tar.gz: 7d346032e759b80968da1deb2081c73d266f97853a388461b90febddcfa510baa7b6ed366d11eac6866fe4dcaa8de126a6e788ce11bdfd673b1b76c4b12b895d
+  metadata.gz: bdc2ad8bdf4143851a2a16ecbad2dfe6bacde972a4f6e42bfa59907edf62e55ae4f5077bd58a37d84a8cedb29187aaa22f90aeef221b18bc8b873ed82b4b363a
+  data.tar.gz: 8ab5f9384fe52caffe246354ba6b16b62343d5b495d19feee302d89b9fdecbb499b6fb139efe1f0386f1a29dea8549947737ef632c89ce0c8b323a10c63cfe3d

data/CHANGELOG.md

@@ -1,51 +1,4 @@
-## Spree 2.2.0 (unreleased) ##
+## Spree 2.2.1 (unreleased) ##
 
-*   Api requires authentication by default now
-    
+* refactor the api to use a general importer in core gem.
     Peter Berkenbosch
-
-*   Improve products_controller #create and #update for better support to create
-    and update variants, option types and option values.
-    See #4172 and #4240
-
-    Bruno Buccolo / Washington Luiz / John Dyer
-
-*   ApiHelpers attributes can now be extended without overriding instance
-    methods. By using the same approach in PermittedAttributes. e.g.
-
-        Spree::Api::ApiHelpers.order_attributes.push :locked_at
-    
-    Washington Luiz
-
-*   Admin users can set the order channel when importing orders. By sing the
-    channel attribute on Order model
-
-    Washington Luiz
-
-*   Cached products/show template, which can lead to drastically (65x) faster loading times on product requests. 806319709c4ce9a3d0026e00ec2d07372f51cdb8
-
-    Ryan Bigg
-
-*   The parts that make up an order's response from /api/orders/:num are cached, which can lead to a 5x improvement of speed for this API endpoint. 80ffb1e739606ac02ac86336ac13a51583bcc225
-
-    Ryan Bigg
-
-* Cached variant objects which can lead to slightly faster loading times (4x) for each variant.
-
-    Ryan Bigg
-
-* Added a route to allow for /api/variants/:id requests
-
-    Ryan Bigg
-
-* Products response now contains a master variant separately from all the other variants. Previously all variants were grouped together.
-
-    Ryan Bigg
-
-* Added API endpoint to retrieve a user's orders: /api/orders/mine. #4022
-
-    Richard Nuno
-
-* Order token can now be passed as a header: `X-Spree-Order-Token`. #4148
-
-    Lucjan Suski

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2007-2013, Spree Commerce, Inc. and other contributors
+Copyright (c) 2007-2014, Spree Commerce, Inc. and other contributors
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,

data/app/controllers/spree/api/addresses_controller.rb

@@ -41,10 +41,6 @@ module Spree
           end
         end
 
-        def order_token
-          request.headers["X-Spree-Order-Token"] || params[:order_token]
-        end
-
         def load_and_authorize_address(permission)
           find_address
           if @order

data/app/controllers/spree/api/base_controller.rb

@@ -2,18 +2,16 @@ require_dependency 'spree/api/controller_setup'
 
 module Spree
   module Api
-    class BaseController < ActionController::Metal
-      include ActionController::StrongParameters
+    class BaseController < ActionController::Base
       include Spree::Api::ControllerSetup
       include Spree::Core::ControllerHelpers::SSL
       include Spree::Core::ControllerHelpers::StrongParameters
-      include ::ActionController::Head
-      include ::ActionController::ConditionalGet
 
       attr_accessor :current_api_user
 
       before_filter :set_content_type
-      before_filter :check_for_user_or_api_key, :if => :requires_authentication?
+      before_filter :load_user
+      before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
       before_filter :authenticate_user
       after_filter  :set_jsonp_format
 
@@ -55,28 +53,23 @@ module Spree
       def set_content_type
         content_type = case params[:format]
         when "json"
-          "application/json"
+          "application/json; charset=utf-8"
         when "xml"
-          "text/xml"
+          "text/xml; charset=utf-8"
         end
         headers["Content-Type"] = content_type
       end
 
-      def check_for_user_or_api_key
-        # User is already authenticated with Spree, make request this way instead.
-        return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
-
-        if api_key.blank?
-          render "spree/api/errors/must_specify_api_key", :status => 401 and return
-        end
+      def load_user
+        @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
       end
 
       def authenticate_user
         unless @current_api_user
-          if requires_authentication? || api_key.present?
-            unless @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
-              render "spree/api/errors/invalid_api_key", :status => 401 and return
-            end
+          if requires_authentication? && api_key.blank? && order_token.blank?
+            render "spree/api/errors/must_specify_api_key", :status => 401 and return
+          elsif order_token.blank? && (requires_authentication? || api_key.present?)
+            render "spree/api/errors/invalid_api_key", :status => 401 and return
           else
             # An anonymous user
             @current_api_user = Spree.user_class.new
@@ -123,6 +116,10 @@ module Spree
       end
       helper_method :api_key
 
+      def order_token
+        request.headers["X-Spree-Order-Token"] || params[:order_token]
+      end
+
       def find_product(id)
         begin
           product_scope.friendly.find(id.to_s)
@@ -147,6 +144,11 @@ module Spree
 
         scope
       end
+
+      def authorize_for_order
+        @order = Spree::Order.find_by(number: params[:order_id] || params[:order_number] || params[:id])
+        authorize! :read, @order, order_token
+      end
     end
   end
 end

data/app/controllers/spree/api/checkouts_controller.rb

@@ -10,7 +10,7 @@ module Spree
 
       def create
         authorize! :create, Order
-        @order = Order.build_from_api(current_api_user, nested_params)
+        @order = Spree::Core::Importer::Order.import(current_api_user, nested_params)
         respond_with(@order, default_template: 'spree/api/orders/show', status: 201)
       end
 
@@ -31,8 +31,7 @@ module Spree
       end
 
       def show
-        load_order
-        respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
+        redirect_to(api_order_path(params[:id]), status: 301)
       end
 
       def update
@@ -131,10 +130,6 @@ module Spree
           end
           false
         end
-
-        def order_token
-          request.headers["X-Spree-Order-Token"] || params[:order_token]
-        end
     end
   end
 end

data/app/controllers/spree/api/images_controller.rb

@@ -9,18 +9,18 @@ module Spree
 
       def create
         authorize! :create, Image
-        @image = Image.create(image_params)
+        @image = scope.images.create(image_params)
         respond_with(@image, :status => 201, :default_template => :show)
       end
 
       def update
-        @image = Image.accessible_by(current_ability, :update).find(params[:id])
+        @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
         @image.update_attributes(image_params)
         respond_with(@image, :default_template => :show)
       end
 
       def destroy
-        @image = Image.accessible_by(current_ability, :destroy).find(params[:id])
+        @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
         @image.destroy
         respond_with(@image, :status => 204)
       end
@@ -29,6 +29,14 @@ module Spree
         def image_params
           params.require(:image).permit(permitted_image_attributes)
         end
+
+        def scope
+          if params[:product_id]
+            scope = Spree::Product.friendly.find(params[:product_id])
+          elsif params[:variant_id]
+            scope = Spree::Variant.find(params[:variant_id])
+          end
+        end
     end
   end
 end

data/app/controllers/spree/api/line_items_controller.rb

@@ -14,7 +14,7 @@ module Spree
       end
 
       def update
-        @line_item = order.line_items.find(params[:id])
+        @line_item = find_line_item
         if @order.contents.update_cart(line_items_attributes)
           @order.ensure_updated_shipments
           @line_item.reload
@@ -25,7 +25,7 @@ module Spree
       end
 
       def destroy
-        @line_item = order.line_items.find(params[:id])
+        @line_item = find_line_item
         variant = Spree::Variant.find(@line_item.variant_id)
         @order.contents.remove(variant, @line_item.quantity)
         @order.ensure_updated_shipments
@@ -35,10 +35,16 @@ module Spree
       private
 
         def order
-          @order ||= Spree::Order.find_by!(number: params[:order_id])
+          @order ||= Spree::Order.includes(:line_items).find_by!(number: params[:order_id])
           authorize! :update, @order, order_token
         end
 
+        def find_line_item
+          id = params[:id].to_i
+          order.line_items.detect {|line_item| line_item.id == id} or
+            raise ActiveRecord::RecordNotFound
+        end
+
         def line_items_attributes
           { line_items_attributes: {
             id: params[:id],
@@ -49,10 +55,6 @@ module Spree
         def line_item_params
           params.require(:line_item).permit(:quantity, :variant_id)
         end
-
-        def order_token
-          request.headers["X-Spree-Order-Token"] || params[:order_token]
-        end
     end
   end
 end

data/app/controllers/spree/api/orders_controller.rb

@@ -22,7 +22,7 @@ module Spree
 
       def create
         authorize! :create, Order
-        @order = Order.build_from_api(current_api_user, order_params)
+        @order = Spree::Core::Importer::Order.import(current_api_user, order_params)
         respond_with(@order, default_template: :show, status: 201)
       end
 
@@ -145,10 +145,6 @@ module Spree
           @order.create_proposed_shipments
         end
 
-        def order_token
-          request.headers["X-Spree-Order-Token"] || params[:order_token]
-        end
-
     end
   end
 end

data/app/controllers/spree/api/products_controller.rb

@@ -114,8 +114,7 @@ module Spree
       def destroy
         @product = find_product(params[:id])
         authorize! :destroy, @product
-        @product.update_attribute(:deleted_at, Time.now)
-        @product.variants_including_master.update_all(:deleted_at => Time.now)
+        @product.destroy
         respond_with(@product, :status => 204)
       end
 

data/app/helpers/spree/api/api_helpers.rb

@@ -75,7 +75,7 @@ module Spree
         :user_id, :created_at, :updated_at, :completed_at, :payment_total,
         :shipment_state, :payment_state, :email, :special_instructions, :channel,
         :included_tax_total, :additional_tax_total, :display_included_tax_total,
-        :display_additional_tax_total
+        :display_additional_tax_total, :tax_total, :currency
       ]
 
       @@line_item_attributes = [:id, :quantity, :price, :variant_id]

data/app/views/spree/api/line_items/show.v1.rabl

@@ -5,11 +5,11 @@ node(:single_display_amount) { |li| li.single_display_amount.to_s }
 node(:display_amount) { |li| li.display_amount.to_s }
 node(:total) { |li| li.total }
 child :variant do
-  extends "spree/api/variants/variant"
+  extends "spree/api/variants/small"
   attributes :product_id
   child(:images => :images) { extends "spree/api/images/show" }
 end
 
 child :adjustments => :adjustments do
   extends "spree/api/adjustments/show"
-end
+end

data/app/views/spree/api/products/show.v1.rabl

@@ -1,14 +1,14 @@
 object @product
-cache [current_currency, @product]
+cache [current_currency, root_object]
 attributes *product_attributes
 node(:display_price) { |p| p.display_price.to_s }
 node(:has_variants) { |p| p.has_variants? }
 child :master => :master do
-  extends "spree/api/variants/show"
+  extends "spree/api/variants/small"
 end
 
 child :variants => :variants do
-  extends "spree/api/variants/show"
+  extends "spree/api/variants/small"
 end
 
 child :option_types => :option_types do

data/app/views/spree/api/shipments/show.v1.rabl

@@ -25,7 +25,7 @@ end
 
 child :manifest => :manifest do
   child :variant => :variant do
-    extends "spree/api/variants/show"
+    extends "spree/api/variants/small"
   end
   node(:quantity) { |m| m.quantity }
   node(:states) { |m| m.states }

data/app/views/spree/api/stock_items/show.v1.rabl

@@ -1,5 +1,5 @@
 object @stock_item
 attributes *stock_item_attributes
 child(:variant) do
-  extends "spree/api/variants/variant"
+  extends "spree/api/variants/small"
 end

data/app/views/spree/api/variants/{variant_full.v1.rabl → big.v1.rabl}

@@ -1,13 +1,9 @@
 object @variant
-cache @variant
-extends "spree/api/variants/variant"
+attributes *variant_attributes
 
-child(:images => :images) do
-  attributes *image_attributes
-  code(:urls) do |v|
-    v.attachment.styles.keys.inject({}) { |urls, style| urls[style] = v.attachment.url(style); urls  }
-  end
-end
+cache ['big_variant', root_object]
+
+extends "spree/api/variants/small"
 
 child(:stock_items => :stock_items) do
   attributes :id, :count_on_hand, :stock_location_id, :backorderable

data/app/views/spree/api/variants/index.v1.rabl

@@ -5,5 +5,5 @@ node(:current_page) { params[:page] ? params[:page].to_i : 1 }
 node(:pages) { @variants.num_pages }
 
 child(@variants => :variants) do
-  extends "spree/api/variants/variant_full"
+  extends "spree/api/variants/big"
 end

data/app/views/spree/api/variants/show.v1.rabl

@@ -1,4 +1,3 @@
 object @variant
-cache @variant
-extends "spree/api/variants/variant_full"
-child(:images => :images) { extends "spree/api/images/show" }
+cache ['show', root_object]
+extends "spree/api/variants/big"

data/app/views/spree/api/variants/{variant.v1.rabl → small.v1.rabl}

@@ -1,7 +1,12 @@
 attributes *variant_attributes
+cache ['small_variant', root_object]
+
 node(:display_price) { |p| p.display_price.to_s }
 node(:options_text) { |v| v.options_text }
 node(:in_stock) { |v| v.in_stock? }
+
 child :option_values => :option_values do
   attributes *option_value_attributes
 end
+
+child(:images => :images) { extends "spree/api/images/show" }

data/config/routes.rb

@@ -10,11 +10,11 @@ Spree::Core::Engine.add_routes do
 
   namespace :api, :defaults => { :format => 'json' } do
     resources :products do
+      resources :images
       resources :variants
       resources :product_properties
     end
 
-    resources :images
     resources :checkouts do
       member do
         put :next
@@ -22,7 +22,9 @@ Spree::Core::Engine.add_routes do
       end
     end
 
-    resources :variants, :only => [:index, :show]
+    resources :variants, :only => [:index, :show] do
+      resources :images
+    end
 
     resources :option_types do
       resources :option_values

data/lib/spree/api/controller_setup.rb

@@ -5,18 +5,6 @@ module Spree
     module ControllerSetup
       def self.included(klass)
         klass.class_eval do
-          include AbstractController::ViewPaths
-          include AbstractController::Callbacks
-          include AbstractController::Helpers
-
-          include ActiveSupport::Rescuable
-
-          include ActionController::Rendering
-          include ActionController::ImplicitRender
-          include ActionController::Rescue
-          include ActionController::MimeResponds
-          include ActionController::Head
-
           include CanCan::ControllerAdditions
           include Spree::Core::ControllerHelpers::Auth
 

data/lib/spree/api/responders/rabl_template.rb

@@ -16,6 +16,15 @@ module Spree
         def template
           request.headers['X-Spree-Template'] || controller.params[:template] || options[:default_template]
         end
+
+        def api_behavior(error)
+          if controller.params[:action] == "destroy"
+            # Render a blank template
+            super
+          else
+            # Do nothing and fallback to the default template
+          end
+        end
       end
     end
   end

data/lib/spree/api/testing_support/caching.rb

@@ -0,0 +1,10 @@
+RSpec.configure do |config|
+  config.before(:each, :caching => true) do 
+    ActionController::Base.perform_caching = true
+  end
+  
+  config.after(:each, :caching => true) do
+    ActionController::Base.perform_caching = false
+    Rails.cache.clear
+  end
+end

data/lib/spree/api/testing_support/helpers.rb

@@ -17,7 +17,6 @@ module Spree
         end
 
         def stub_authentication!
-          controller.stub :check_for_user_or_api_key
           Spree::LegacyUser.stub(:find_by).with(hash_including(:spree_api_key)) { current_api_user }
         end
 

data/spec/controllers/spree/api/base_controller_spec.rb

@@ -21,6 +21,29 @@ describe Spree::Api::BaseController do
     end
   end
 
+  context "when validating based on an order token" do
+    let!(:order) { create :order }
+
+    context "with a correct order token" do
+      it "succeeds" do
+        api_get :index, order_token: order.token, order_id: order.number
+        response.status.should == 200
+      end
+
+      it "succeeds with an order_number parameter" do
+        api_get :index, order_token: order.token, order_number: order.number
+        response.status.should == 200
+      end
+    end
+
+    context "with an incorrect order token" do
+      it "returns unauthorized" do
+        api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
+        response.status.should == 401
+      end
+    end
+  end
+
   context "cannot make a request to the API" do
     it "without an API key" do
       api_get :index

data/spec/controllers/spree/api/checkouts_controller_spec.rb

@@ -21,6 +21,16 @@ module Spree
       Spree::Config[:track_inventory_levels] = true
     end
 
+    context "GET 'show'" do
+      let(:order) { create(:order) }
+
+      it "redirects to Orders#show" do
+        api_get :show, :id => order.number
+        response.status.should == 301
+        response.should redirect_to("/api/orders/#{order.number}")
+      end
+    end
+
     context "POST 'create'" do
       it "creates a new order when no parameters are passed" do
         api_post :create

data/spec/controllers/spree/api/images_controller_spec.rb

@@ -21,7 +21,8 @@ module Spree
           api_post :create,
                    :image => { :attachment => upload_image('thinking-cat.jpg'),
                                :viewable_type => 'Spree::Variant',
-                               :viewable_id => product.master.to_param  }
+                               :viewable_id => product.master.to_param  },
+                   :product_id => product.id
           response.status.should == 201
           json_response.should have_attributes(attributes)
         end.should change(Image, :count).by(1)
@@ -32,14 +33,14 @@ module Spree
 
         it "can update image data" do
           product_image.position.should == 1
-          api_post :update, :image => { :position => 2 }, :id => product_image.id
+          api_post :update, :image => { :position => 2 }, :id => product_image.id, :product_id => product.id
           response.status.should == 200
           json_response.should have_attributes(attributes)
           product_image.reload.position.should == 2
         end
 
         it "can delete an image" do
-          api_delete :destroy, :id => product_image.id
+          api_delete :destroy, :id => product_image.id, :product_id => product.id
           response.status.should == 204
           lambda { product_image.reload }.should raise_error(ActiveRecord::RecordNotFound)
         end
@@ -48,17 +49,17 @@ module Spree
 
     context "as a non-admin" do
       it "cannot create an image" do
-        api_post :create
+        api_post :create, :product_id => product.id
         assert_unauthorized!
       end
 
       it "cannot update an image" do
-        api_put :update, :id => 1
+        api_put :update, :id => 1, :product_id => product.id
         assert_not_found!
       end
 
       it "cannot delete an image" do
-        api_delete :destroy, :id => 1
+        api_delete :destroy, :id => 1, :product_id => product.id
         assert_not_found!
       end
     end

data/spec/controllers/spree/api/line_items_controller_spec.rb

@@ -10,11 +10,8 @@ module Spree
     let(:attributes) { [:id, :quantity, :price, :variant, :total, :display_amount, :single_display_amount] }
     let(:resource_scoping) { { :order_id => order.to_param } }
 
-    before do
-      stub_authentication!
-    end
-
     it "can learn how to create a new line item" do
+      controller.stub :try_spree_current_user => current_api_user
       api_get :new
       json_response["attributes"].should == ["quantity", "price", "variant_id"]
       required_attributes = json_response["required_attributes"]
@@ -40,6 +37,7 @@ module Spree
 
     context "as the order owner" do
       before do
+        controller.stub :try_spree_current_user => current_api_user
         Order.any_instance.stub :user => current_api_user
       end
 
@@ -102,10 +100,28 @@ module Spree
           api_delete :destroy, :id => line_item.id
           expect(order.reload.shipments).to be_empty
         end
+
+        context "order is completed" do
+          before do
+            order.stub completed?: true
+            Order.stub_chain :includes, find_by!: order
+          end
+
+          it "doesn't destroy shipments or restart checkout flow" do
+            expect(order.reload.shipments).not_to be_empty
+            api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
+            expect(order.reload.shipments).not_to be_empty
+          end
+        end
       end
     end
 
     context "as just another user" do
+      before do
+        user = create(:user)
+        controller.stub :try_spree_current_user => user
+      end
+
       it "cannot add a new line item to the order" do
         api_post :create, :line_item => { :variant_id => product.master.to_param, :quantity => 1 }
         assert_unauthorized!

data/spec/controllers/spree/api/orders_controller_spec.rb

@@ -13,7 +13,7 @@ module Spree
                         :user_id, :created_at, :updated_at,
                         :completed_at, :payment_total, :shipment_state,
                         :payment_state, :email, :special_instructions,
-                        :total_quantity, :display_item_total] }
+                        :total_quantity, :display_item_total, :currency] }
 
     let(:address_params) { { :country_id => Country.first.id, :state_id => State.first.id } }