spree_api 2.3.1 → 2.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d63d55d5121200876df8441e8498fdd5abd71033
-  data.tar.gz: a7374c7a17909ed7c20d2608b09ccfedc2b1680c
+  metadata.gz: 1c3d7994fdc3ab159cb6c5c25c3df0328bdb7d09
+  data.tar.gz: 8ed983dd2706eacfa4081f2cb2509685f1e4e565
 SHA512:
-  metadata.gz: e55d6044251f2e29f9435f8fd4fb87ac1b5c490dbfaef5626c35b35c23a1f9876e69d7e04df7ce07c7c4986fa795a0bfc20122b8fc7597c0e929abac64ca754d
-  data.tar.gz: c4a666c49960624a58447d866cde2befd6212b5adcae341ba7fe8f26eb06a45a2881c9e9118f87a5d6199e762b4357b1156be5f57021cb09fc3bab1730f7f95e
+  metadata.gz: fd18911bd56574872239ba21ed83030ec250bfaf3d339b05be20d7195bf4a03f27f3fa915b947e09284d01514445e81ae07ef5ef765e5cce971ee8ac69452175
+  data.tar.gz: b82a4694d499d371a463583ae30a7b414576cfca8b0430610b2c4191f42f823341c70cdf4f291a4fe856e46c18778d5a71ac69b7eff0058dd6247b4b9f0eaba8

data/CHANGELOG.md

@@ -1,4 +1,4 @@
-## Spree 2.3.0 (unreleased) ##
+## Spree 2.3.2 (unreleased) ##
 
 *   Support existing credit card feature on checkout.
 

data/app/controllers/spree/api/base_controller.rb

@@ -14,11 +14,14 @@ module Spree
       before_filter :load_user
       before_filter :authorize_for_order, :if => Proc.new { order_token.present? }
       before_filter :authenticate_user
+      before_filter :load_user_roles
+
       after_filter  :set_jsonp_format
 
-      rescue_from Exception, :with => :error_during_processing
-      rescue_from CanCan::AccessDenied, :with => :unauthorized
-      rescue_from ActiveRecord::RecordNotFound, :with => :not_found
+      rescue_from Exception, with: :error_during_processing
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found
+      rescue_from CanCan::AccessDenied, with: :unauthorized
+      rescue_from Spree::Core::GatewayError, with: :gateway_error
 
       helper Spree::Api::ApiHelpers
 
@@ -42,7 +45,7 @@ module Spree
 
       # users should be able to set price when importing orders via api
       def permitted_line_item_attributes
-        if current_api_user.has_spree_role?("admin")
+        if @current_user_roles.include?("admin")
           super << [:price, :variant_id, :sku]
         else
           super
@@ -78,8 +81,16 @@ module Spree
         end
       end
 
+      def load_user_roles
+        @current_user_roles = if @current_api_user
+          @current_api_user.spree_roles.pluck(:name)
+        else
+          []
+        end
+      end
+
       def unauthorized
-        render "spree/api/errors/unauthorized", :status => 401 and return
+        render "spree/api/errors/unauthorized", status: 401 and return
       end
 
       def error_during_processing(exception)
@@ -90,12 +101,17 @@ module Spree
           :status => 422 and return
       end
 
+      def gateway_error(exception)
+        @order.errors.add(:base, exception.message)
+        invalid_resource!(@order)
+      end
+
       def requires_authentication?
         Spree::Api::Config[:requires_authentication]
       end
 
       def not_found
-        render "spree/api/errors/not_found", :status => 404 and return
+        render "spree/api/errors/not_found", status: 404 and return
       end
 
       def current_ability
@@ -130,22 +146,27 @@ module Spree
       end
 
       def product_scope
-        variants_associations = [{ option_values: :option_type }, :default_price, :prices, :images]
-        if current_api_user.has_spree_role?("admin")
-          scope = Product.with_deleted.accessible_by(current_ability, :read)
-            .includes(:properties, :option_types, variants: variants_associations, master: variants_associations)
+        if @current_user_roles.include?("admin")
+          scope = Product.with_deleted.accessible_by(current_ability, :read).includes(*product_includes)
 
           unless params[:show_deleted]
             scope = scope.not_deleted
           end
         else
-          scope = Product.accessible_by(current_ability, :read).active
-            .includes(:properties, :option_types, variants: variants_associations, master: variants_associations)
+          scope = Product.accessible_by(current_ability, :read).active.includes(*product_includes)
         end
 
         scope
       end
 
+      def variants_associations
+        [{ option_values: :option_type }, :default_price, :images]
+      end
+
+      def product_includes
+        [ :option_types, variants: variants_associations, master: variants_associations ]
+      end
+
       def order_id
         params[:order_id] || params[:checkout_id] || params[:order_number]
       end

data/app/controllers/spree/api/credit_cards_controller.rb

@@ -0,0 +1,25 @@
+module Spree
+  module Api
+    class CreditCardsController < Spree::Api::BaseController
+      before_filter :user
+
+      def index
+        @credit_cards = user
+          .credit_cards
+          .accessible_by(current_ability, :read)
+          .with_payment_profile
+          .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@credit_cards)
+      end
+
+      private
+
+        def user
+          if params[:user_id].present?
+            @user ||= Spree::user_class.accessible_by(current_ability, :read).find(params[:user_id])
+          end
+        end
+
+    end
+  end
+end

data/app/controllers/spree/api/inventory_units_controller.rb

@@ -5,6 +5,7 @@ module Spree
 
       def show
         @inventory_unit = inventory_unit
+        respond_with(@inventory_unit)
       end
 
       def update

data/app/controllers/spree/api/line_items_controller.rb

@@ -6,7 +6,6 @@ module Spree
         @line_item = order.contents.add(variant, params[:line_item][:quantity] || 1)
 
         if @line_item.errors.empty?
-          @order.ensure_updated_shipments
           respond_with(@line_item, status: 201, default_template: :show)
         else
           invalid_resource!(@line_item)
@@ -27,7 +26,6 @@ module Spree
         @line_item = find_line_item
         variant = Spree::Variant.find(@line_item.variant_id)
         @order.contents.remove(variant, @line_item.quantity)
-        @order.ensure_updated_shipments
         respond_with(@line_item, status: 204)
       end
 

data/app/controllers/spree/api/orders_controller.rb

@@ -1,6 +1,8 @@
 module Spree
   module Api
     class OrdersController < Spree::Api::BaseController
+      wrap_parameters false
+
       skip_before_filter :check_for_user_or_api_key, only: :apply_coupon_code
       skip_before_filter :authenticate_user, only: :apply_coupon_code
 
@@ -17,12 +19,24 @@ module Spree
       def cancel
         authorize! :update, @order, params[:token]
         @order.cancel!
-        render :show
+        respond_with(@order, :default_template => :show)
       end
 
       def create
         authorize! :create, Order
-        @order = Spree::Core::Importer::Order.import(current_api_user, order_params)
+        order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
+          Spree.user_class.find(order_params[:user_id])
+        else
+          current_api_user
+        end
+
+        import_params = if @current_user_roles.include?("admin")
+          params[:order].present? ? params[:order].permit! : {}
+        else
+          order_params
+        end
+
+        @order = Spree::Core::Importer::Order.import(order_user, import_params)
         respond_with(@order, default_template: :show, status: 201)
       end
 
@@ -40,8 +54,6 @@ module Spree
 
       def show
         authorize! :show, @order, order_token
-        method = "before_#{@order.state}"
-        send(method) if respond_to?(method, true)
         respond_with(@order)
       end
 
@@ -62,7 +74,7 @@ module Spree
 
       def mine
         if current_api_user.persisted?
-          @orders = current_api_user.orders.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         else
           render "spree/api/errors/unauthorized", status: :unauthorized
         end
@@ -80,50 +92,25 @@ module Spree
       private
         def order_params
           if params[:order]
-            params[:order][:payments_attributes] = params[:order][:payments] if params[:order][:payments]
-            params[:order][:shipments_attributes] = params[:order][:shipments] if params[:order][:shipments]
-            params[:order][:line_items_attributes] = params[:order][:line_items] if params[:order][:line_items]
-            params[:order][:ship_address_attributes] = params[:order][:ship_address] if params[:order][:ship_address]
-            params[:order][:bill_address_attributes] = params[:order][:bill_address] if params[:order][:bill_address]
-
+            normalize_params
             params.require(:order).permit(permitted_order_attributes)
           else
             {}
           end
         end
 
-        def permitted_order_attributes
-          if current_api_user.has_spree_role? "admin"
-            super << admin_order_attributes
-          else
-            super
-          end
-        end
-
-        def permitted_shipment_attributes
-          if current_api_user.has_spree_role? "admin"
-            super << admin_shipment_attributes
-          else
-            super
-          end
-        end
-
-        def admin_shipment_attributes
-          [:shipping_method, :stock_location, :inventory_units => [:variant_id, :sku]]
-        end
-
-        def admin_order_attributes
-          [:import, :number, :completed_at, :locked_at, :channel]
+        def normalize_params
+          params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
+          params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
+          params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
+          params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address]
+          params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address]
         end
 
         def find_order(lock = false)
           @order = Spree::Order.lock(lock).find_by!(number: params[:id])
         end
 
-        def before_delivery
-          @order.create_proposed_shipments
-        end
-
         def order_id
           super || params[:id]
         end

data/app/controllers/spree/api/payments_controller.rb

@@ -11,7 +11,7 @@ module Spree
       end
 
       def new
-        @payment_methods = Spree::PaymentMethod.where(environment: Rails.env)
+        @payment_methods = Spree::PaymentMethod.available
         respond_with(@payment_method)
       end
 
@@ -76,14 +76,8 @@ module Spree
 
         def perform_payment_action(action, *args)
           authorize! action, Payment
-
-          begin
-            @payment.send("#{action}!", *args)
-            respond_with(@payment, :default_template => :show)
-          rescue Spree::Core::GatewayError => e
-            @error = e.message
-            render 'spree/api/errors/gateway_error', status: 422
-          end
+          @payment.send("#{action}!", *args)
+          respond_with(@payment, default_template: :show)
         end
 
         def payment_params

data/app/controllers/spree/api/products_controller.rb

@@ -12,6 +12,7 @@ module Spree
         @products = @products.distinct.page(params[:page]).per(params[:per_page])
         expires_in 15.minutes, :public => true
         headers['Surrogate-Control'] = "max-age=#{15.minutes}"
+        respond_with(@products)
       end
 
       def show
@@ -19,6 +20,7 @@ module Spree
         expires_in 15.minutes, :public => true
         headers['Surrogate-Control'] = "max-age=#{15.minutes}"
         headers['Surrogate-Key'] = "product_id=1"
+        respond_with(@product)
       end
 
       # Takes besides the products attributes either an array of variants or

data/app/controllers/spree/api/shipments_controller.rb

@@ -8,12 +8,10 @@ module Spree
         @order = Spree::Order.find_by!(number: params[:shipment][:order_id])
         authorize! :read, @order
         authorize! :create, Shipment
-        variant = Spree::Variant.find(params[:variant_id])
         quantity = params[:quantity].to_i
         @shipment = @order.shipments.create(stock_location_id: params[:stock_location_id])
         @order.contents.add(variant, quantity, nil, @shipment)
 
-        @shipment.refresh_rates
         @shipment.save!
 
         respond_with(@shipment.reload, default_template: :show)
@@ -45,7 +43,6 @@ module Spree
       end
 
       def add
-        variant = Spree::Variant.find(params[:variant_id])
         quantity = params[:quantity].to_i
 
         @shipment.order.contents.add(variant, quantity, nil, @shipment)
@@ -54,7 +51,6 @@ module Spree
       end
 
       def remove
-        variant = Spree::Variant.find(params[:variant_id])
         quantity = params[:quantity].to_i
 
         @shipment.order.contents.remove(variant, quantity, @shipment)
@@ -77,6 +73,10 @@ module Spree
           {}
         end
       end
+
+      def variant
+        @variant ||= Spree::Variant.unscoped.find(params.fetch(:variant_id))
+      end
     end
   end
 end

data/app/controllers/spree/api/users_controller.rb

@@ -46,8 +46,11 @@ module Spree
       end
 
       def user_params
-        params.require(:user).permit(permitted_user_attributes)
+        params.require(:user).permit(PermittedAttributes.user_attributes |
+                                       [bill_address_attributes: PermittedAttributes.address_attributes,
+                                        ship_address_attributes: PermittedAttributes.address_attributes])
       end
+
     end
   end
 end

data/app/views/spree/api/credit_cards/index.v1.rabl

@@ -0,0 +1,7 @@
+object false
+child(@credit_cards => :credit_cards) do
+  extends "spree/api/credit_cards/show"
+end
+node(:count) { @credit_cards.count }
+node(:current_page) { params[:page] || 1 }
+node(:pages) { @credit_cards.total_pages }

data/app/views/spree/api/errors/gateway_error.v1.rabl

@@ -1,2 +1,2 @@
 object false
-node(:error) { I18n.t(:gateway_error, :scope => "spree.api", :text => @error) }
+node(:error) { I18n.t(:gateway_error, scope: "spree.api", text: @error) }

data/app/views/spree/api/orders/show.v1.rabl

@@ -26,6 +26,11 @@ child :payments => :payments do
 
   child :source => :source do
     attributes *payment_source_attributes
+    if @current_user_roles.include?('admin')
+      attributes *payment_source_attributes.concat([:gateway_customer_profile_id, :gateway_payment_profile_id])
+    else
+      attributes *payment_source_attributes
+    end
   end
 end
 
@@ -40,4 +45,4 @@ end
 # Necessary for backend's order interface
 node :permissions do
   { can_update: current_ability.can?(:update, root_object) }
-end
+end

data/config/routes.rb

@@ -92,7 +92,11 @@ Spree::Core::Engine.add_routes do
     resources :taxons, only: [:index]
 
     resources :inventory_units, only: [:show, :update]
-    resources :users
+
+    resources :users do
+      resources :credit_cards, only: [:index]
+    end
+
     resources :properties
     resources :stock_locations do
       resources :stock_movements

data/lib/spree/api/testing_support/setup.rb

@@ -5,6 +5,7 @@ module Spree
         def sign_in_as_admin!
           let!(:current_api_user) do
             user = stub_model(Spree::LegacyUser)
+            user.stub_chain(:spree_roles, :pluck).and_return(["admin"])
             user.stub(:has_spree_role?).with("admin").and_return(true)
             user
           end

data/spec/controllers/spree/api/base_controller_spec.rb

@@ -10,8 +10,9 @@ describe Spree::Api::BaseController do
 
   context "signed in as a user using an authentication extension" do
     before do
-      controller.stub :try_spree_current_user => double(:email => "spree@example.com")
-      Spree::Api::Config[:requires_authentication] = true
+      user = double(:email => "spree@example.com")
+      user.stub_chain :spree_roles, pluck: []
+      controller.stub :try_spree_current_user => user
     end
 
     it "can make a request" do
@@ -66,12 +67,13 @@ describe Spree::Api::BaseController do
 
   it 'handles exceptions' do
     subject.should_receive(:authenticate_user).and_return(true)
+    subject.should_receive(:load_user_roles).and_return(true)
     subject.should_receive(:index).and_raise(Exception.new("no joy"))
     get :index, :token => "fake_key"
     json_response.should == { "exception" => "no joy" }
   end
 
-  it "maps symantec keys to nested_attributes keys" do
+  it "maps semantic keys to nested_attributes keys" do
     klass = double(:nested_attributes_options => { :line_items => {},
                                                   :bill_address => {} })
     attributes = { 'line_items' => { :id => 1 },
@@ -82,4 +84,8 @@ describe Spree::Api::BaseController do
     mapped.has_key?('line_items_attributes').should be_true
     mapped.has_key?('name').should be_true
   end
+
+  it "lets a subclass override the product associations that are eager-loaded" do
+    controller.respond_to?(:product_includes, true).should be
+  end
 end

data/spec/controllers/spree/api/checkouts_controller_spec.rb

@@ -186,6 +186,17 @@ module Spree
         cc_errors.should include("Verification Value can't be blank")
       end
 
+      it "allow users to reuse a credit card" do
+        order.update_column(:state, "payment")
+        credit_card = create(:credit_card, user_id: order.user_id, payment_method_id: @payment_method.id)
+
+        api_put :update, :id => order.to_param, :order_token => order.guest_token,
+          :order => { :existing_card => credit_card.id }
+
+        expect(response.status).to eq 200
+        expect(order.credit_cards).to match_array [credit_card]
+      end
+
       it "can transition from confirm to complete" do
         order.update_column(:state, "confirm")
         Spree::Order.any_instance.stub(:payment_required? => false)

data/spec/controllers/spree/api/credit_cards_controller_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::CreditCardsController do
+    render_views
+
+    let!(:admin_user) do
+      user = Spree.user_class.new(:email => "spree@example.com", :id => 1)
+      user.generate_spree_api_key!
+      user.stub(:has_spree_role?).with('admin').and_return(true)
+      user
+    end
+
+    let!(:normal_user) do
+      user = Spree.user_class.new(:email => "spree2@example.com", :id => 2)
+      user.generate_spree_api_key!
+      user
+    end
+
+    let!(:card) { create(:credit_card, :user_id => admin_user.id, gateway_customer_profile_id: "random") }
+
+    before do
+      stub_authentication!
+    end
+
+    it "the user id doesn't exist" do
+      api_get :index, user_id: 1000
+      response.status.should == 404
+    end
+
+    context "calling user is in admin role" do
+      let(:current_api_user) do
+        user = admin_user
+        user
+      end
+
+      it "no credit cards exist for user" do
+        api_get :index, user_id: normal_user.id
+
+        response.status.should == 200
+        json_response["pages"].should == 0
+      end
+
+      it "can view all credit cards for user" do
+        api_get :index, user_id: current_api_user.id
+
+        response.status.should == 200
+        json_response["pages"].should == 1
+        json_response["current_page"].should == 1
+        json_response["credit_cards"].length.should == 1
+        json_response["credit_cards"].first["id"].should == card.id
+      end
+    end
+
+    context "calling user is not in admin role" do
+      let(:current_api_user) do
+        user = normal_user
+        user
+      end
+
+      let!(:card) { create(:credit_card, :user_id => normal_user.id, gateway_customer_profile_id: "random") }
+
+      it "can not view user" do
+        api_get :index, user_id: admin_user.id
+
+        response.status.should == 404
+      end
+
+      it "can view own credit cards" do
+        api_get :index, user_id: normal_user.id
+
+        response.status.should == 200
+        json_response["pages"].should == 1
+        json_response["current_page"].should == 1
+        json_response["credit_cards"].length.should == 1
+        json_response["credit_cards"].first["id"].should == card.id
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/orders_controller_spec.rb

@@ -42,11 +42,10 @@ module Spree
     end
 
     context "the current api user is not persisted" do
-      let(:current_api_user) { double(persisted?: false) }
+      let(:current_api_user) { Spree.user_class.new }
 
       it "returns a 401" do
         api_get :mine
-
         response.status.should == 401
       end
     end
@@ -73,6 +72,18 @@ module Spree
         response.status.should == 200
         json_response["orders"].length.should == 0
       end
+
+      it "returns orders in reverse chronological order" do
+        order2 = create(:order, line_items: [line_item], user: order.user)
+        order2.created_at.should > order.created_at
+
+        api_get :mine
+        response.status.should == 200
+        json_response["pages"].should == 1
+        json_response["orders"].length.should == 2
+        json_response["orders"][0]["number"].should == order2.number
+        json_response["orders"][1]["number"].should == order.number
+      end
     end
 
     it "can view their own order" do
@@ -120,6 +131,7 @@ module Spree
 
       it "can view an order" do
         user = mock_model(Spree::LegacyUser)
+        user.stub_chain(:spree_roles, :pluck).and_return(["bar"])
         user.stub(:has_spree_role?).with('bar').and_return(true)
         user.stub(:has_spree_role?).with('admin').and_return(false)
         controller.stub try_spree_current_user: user
@@ -195,11 +207,15 @@ module Spree
     end
 
     context "admin user imports order" do
-      before { current_api_user.stub has_spree_role?: true }
+      before do
+        current_api_user.stub has_spree_role?: true
+        current_api_user.stub_chain :spree_roles, pluck: ["admin"]
+      end
 
-      it "sets channel" do
-        api_post :create, :order => { channel: "amazon" }
-        expect(json_response['channel']).to eq "amazon"
+      it "is able to set any default unpermitted attribute" do
+        api_post :create, :order => { number: "WOW" }
+        expect(response.status).to eq 201
+        expect(json_response['number']).to eq "WOW"
       end
     end
 
@@ -414,7 +430,7 @@ module Spree
           adjustment['amount'].should == "5.0"
         end
 
-        it "lists payments source" do
+        it "lists payments source without gateway info" do
           order.payments.push payment = create(:payment)
           api_get :show, :id => order.to_param
 
@@ -424,6 +440,8 @@ module Spree
           expect(source[:last_digits]).to eq payment.source.last_digits
           expect(source[:month].to_i).to eq payment.source.month
           expect(source[:year].to_i).to eq payment.source.year
+          expect(source.has_key?(:gateway_customer_profile_id)).to be false
+          expect(source.has_key?(:gateway_payment_profile_id)).to be false
         end
 
         context "when in delivery" do
@@ -435,8 +453,9 @@ module Spree
           end
 
           before do
+            order.bill_address = FactoryGirl.create(:address)
             order.ship_address = FactoryGirl.create(:address)
-            order.state = 'delivery'
+            order.next!
             order.save
           end
 
@@ -520,6 +539,20 @@ module Spree
         after { ActionController::Base.perform_caching = false }
       end
 
+      it "lists payments source with gateway info" do
+        order.payments.push payment = create(:payment)
+        api_get :show, :id => order.to_param
+
+        source = json_response[:payments].first[:source]
+        expect(source[:name]).to eq payment.source.name
+        expect(source[:cc_type]).to eq payment.source.cc_type
+        expect(source[:last_digits]).to eq payment.source.last_digits
+        expect(source[:month].to_i).to eq payment.source.month
+        expect(source[:year].to_i).to eq payment.source.year
+        expect(source[:gateway_customer_profile_id]).to eq payment.source.gateway_customer_profile_id
+        expect(source[:gateway_payment_profile_id]).to eq payment.source.gateway_payment_profile_id
+      end
+
       context "with two orders" do
         before { create(:order) }
 
@@ -562,6 +595,13 @@ module Spree
       end
 
       context "creation" do
+        it "can create an order without any parameters" do
+          lambda { api_post :create }.should_not raise_error
+          response.status.should == 201
+          order = Order.last
+          json_response["state"].should == "cart"
+        end
+
         it "can arbitrarily set the line items price" do
           api_post :create, :order => {
             :line_items => {
@@ -570,10 +610,16 @@ module Spree
               }
             }
           }
-
           expect(response.status).to eq 201
           expect(Order.last.line_items.first.price.to_f).to eq(33.0)
         end
+
+        it "can set the user_id for the order" do
+          user = Spree.user_class.create
+          api_post :create, :order => { user_id: user.id }
+          expect(response.status).to eq 201
+          json_response["user_id"].should == user.id
+        end
       end
 
       context "updating" do

data/spec/controllers/spree/api/payments_controller_spec.rb

@@ -140,7 +140,8 @@ module Spree
 
             it "returns a 422 status" do
               response.status.should == 422
-              json_response["error"].should == "There was a problem with the payment gateway: Could not authorize card"
+              expect(json_response["error"]).to eq "Invalid resource. Please fix errors and try again."
+              expect(json_response["errors"]["base"][0]).to eq "Could not authorize card"
             end
 
             it "does not raise a stack level error" do
@@ -166,7 +167,8 @@ module Spree
             it "returns a 422 status" do
               api_put :capture, :id => payment.to_param
               response.status.should == 422
-              json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
+              expect(json_response["error"]).to eq "Invalid resource. Please fix errors and try again."
+              expect(json_response["errors"]["base"][0]).to eq "Insufficient funds"
             end
           end
         end
@@ -187,30 +189,31 @@ module Spree
             it "returns a 422 status" do
               api_put :purchase, :id => payment.to_param
               response.status.should == 422
-              json_response["error"].should == "There was a problem with the payment gateway: Insufficient funds"
+              expect(json_response["error"]).to eq "Invalid resource. Please fix errors and try again."
+              expect(json_response["errors"]["base"][0]).to eq "Insufficient funds"
             end
           end
         end
 
         context "voiding" do
           it "can void" do
-            api_put :void, :id => payment.to_param
-            response.status.should == 200
-            payment.reload.state.should == "void"
+            api_put :void, id: payment.to_param
+            expect(response.status).to eq 200
+            expect(payment.reload.state).to eq "void"
           end
 
           context "voiding fails" do
             before do
-              fake_response = double(:success? => false, :to_s => "NO REFUNDS")
+              fake_response = double(success?: false, to_s: "NO REFUNDS")
               Spree::Gateway::Bogus.any_instance.should_receive(:void).and_return(fake_response)
             end
 
             it "returns a 422 status" do
-              api_put :void, :id => payment.to_param
-              response.status.should == 422
-              json_response["error"].should == "There was a problem with the payment gateway: NO REFUNDS"
-
-              payment.reload.state.should == "checkout"
+              api_put :void, id: payment.to_param
+              expect(response.status).to eq 422
+              expect(json_response["error"]).to eq "Invalid resource. Please fix errors and try again."
+              expect(json_response["errors"]["base"][0]).to eq "NO REFUNDS"
+              expect(payment.reload.state).to eq "checkout"
             end
           end
         end
@@ -236,7 +239,8 @@ module Spree
               Spree::Gateway::Bogus.any_instance.should_receive(:credit).and_return(fake_response)
               api_put :credit, :id => payment.to_param
               response.status.should == 422
-              json_response["error"].should == "There was a problem with the payment gateway: NO CREDIT FOR YOU"
+              expect(json_response["error"]).to eq "Invalid resource. Please fix errors and try again."
+              expect(json_response["errors"]["base"][0]).to eq "NO CREDIT FOR YOU"
             end
 
             it "cannot credit over credit_allowed limit" do

data/spec/controllers/spree/api/products_controller_spec.rb

@@ -6,7 +6,7 @@ module Spree
     render_views
 
     let!(:product) { create(:product) }
-    let!(:inactive_product) { create(:product, :available_on => Time.now.tomorrow, :name => "inactive") }
+    let!(:inactive_product) { create(:product, available_on: Time.now.tomorrow, name: "inactive") }
     let(:base_attributes) { Api::ApiHelpers.product_attributes }
     let(:show_attributes) { base_attributes.dup.push(:has_variants) }
     let(:new_attributes) { base_attributes }
@@ -67,6 +67,34 @@ module Spree
         json_response["per_page"].should == Kaminari.config.default_per_page
       end
 
+      context "specifying a rabl template for a custom action" do
+        before do
+          Spree::Api::ProductsController.class_eval do
+            def custom_show
+              @product = find_product(params[:id])
+              respond_with(@product)
+            end
+          end
+        end
+
+        it "uses the specified custom template through the request header" do
+          request.headers['X-Spree-Template'] = 'show'
+          api_get :custom_show, :id => product.id
+          response.should render_template('spree/api/products/show')
+        end
+
+        it "uses the specified custom template through the template URL parameter" do
+          api_get :custom_show, :id => product.id, :template => 'show'
+          response.should render_template('spree/api/products/show')
+        end
+
+        it "falls back to the default template if the specified template does not exist" do
+          request.headers['X-Spree-Template'] = 'invoice'
+          api_get :show, :id => product.id
+          response.should render_template('spree/api/products/show')
+        end
+      end
+
       context "product has more than one price" do
         before { product.master.prices.create currency: "EUR", amount: 22 }
 
@@ -360,7 +388,7 @@ module Spree
         end
 
         it "can create new variants on a product" do
-          api_put :update, :id => product.to_param, :product => { :variants => [attributes_for_variant, attributes_for_variant] }
+          api_put :update, :id => product.to_param, :product => { :variants => [attributes_for_variant, attributes_for_variant.merge(sku: "ABC-#{Kernel.rand(9999)}")] }
           expect(response.status).to eq 200
           expect(json_response['variants'].count).to eq(2) # 2 variants
 

data/spec/controllers/spree/api/shipments_controller_spec.rb

@@ -84,7 +84,16 @@ describe Spree::Api::ShipmentsController do
         api_put :remove, { variant_id: variant.to_param, quantity: 1 }
         response.status.should == 200
         json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"].should == 1
-     end
+      end
+
+      it 'removes a destroyed variant from a shipment' do
+        order.contents.add(variant, 2)
+        variant.destroy
+
+        api_put :remove, { variant_id: variant.to_param, quantity: 1 }
+        response.status.should == 200
+        json_response['manifest'].detect { |h| h['variant']['id'] == variant.id }["quantity"].should == 1
+      end
     end
 
     context "can transition a shipment from ready to ship" do

data/spec/controllers/spree/api/stock_items_controller_spec.rb

@@ -55,7 +55,7 @@ module Spree
       it 'cannot list of stock items' do
         api_get :index, stock_location_id: stock_location.to_param
         json_response['stock_items'].first.should have_attributes(attributes)
-        json_response['stock_items'].first['variant']['sku'].should eq 'ABC'
+        json_response['stock_items'].first['variant']['sku'].should include 'ABC'
       end
 
       it 'requires a stock_location_id to be passed as a parameter' do
@@ -139,4 +139,3 @@ module Spree
     end
   end
 end
-

data/spec/controllers/spree/api/users_controller_spec.rb

@@ -46,8 +46,33 @@ module Spree
       end
 
       it "can update own details" do
-        api_put :update, :id => user.id, :user => { :email => "mine@example.com" }
-        json_response['email'].should eq 'mine@example.com'
+        country = create(:country)
+        api_put :update, id: user.id, user: {
+          email: "mine@example.com",
+          bill_address_attributes: {
+            first_name: 'First',
+            last_name: 'Last',
+            address1: '1 Test Rd',
+            city: 'City',
+            country_id: country.id,
+            state_id: 1,
+            zipcode: '55555',
+            phone: '5555555555'
+          },
+          ship_address_attributes: {
+            first_name: 'First',
+            last_name: 'Last',
+            address1: '1 Test Rd',
+            city: 'City',
+            country_id: country.id,
+            state_id: 1,
+            zipcode: '55555',
+            phone: '5555555555'
+          }
+        }
+        expect(json_response['email']).to eq 'mine@example.com'
+        expect(json_response['bill_address']).to_not be_nil
+        expect(json_response['ship_address']).to_not be_nil
       end
 
       it "cannot update other users details" do

data/spec/controllers/spree/api/variants_controller_spec.rb

@@ -180,6 +180,5 @@ module Spree
         lambda { Spree::Variant.find(variant.id) }.should raise_error(ActiveRecord::RecordNotFound)
       end
     end
-
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_api
 version: !ruby/object:Gem::Version
-  version: 2.3.1
+  version: 2.3.2
 platform: ruby
 authors:
 - Ryan Bigg
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-01 00:00:00.000000000 Z
+date: 2014-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.3.1
+        version: 2.3.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.3.1
+        version: 2.3.2
 - !ruby/object:Gem::Dependency
   name: rabl
   requirement: !ruby/object:Gem::Requirement
@@ -70,6 +70,7 @@ files:
 - app/controllers/spree/api/classifications_controller.rb
 - app/controllers/spree/api/config_controller.rb
 - app/controllers/spree/api/countries_controller.rb
+- app/controllers/spree/api/credit_cards_controller.rb
 - app/controllers/spree/api/images_controller.rb
 - app/controllers/spree/api/inventory_units_controller.rb
 - app/controllers/spree/api/line_items_controller.rb
@@ -100,6 +101,7 @@ files:
 - app/views/spree/api/config/show.v1.rabl
 - app/views/spree/api/countries/index.v1.rabl
 - app/views/spree/api/countries/show.v1.rabl
+- app/views/spree/api/credit_cards/index.v1.rabl
 - app/views/spree/api/credit_cards/show.v1.rabl
 - app/views/spree/api/errors/gateway_error.v1.rabl
 - app/views/spree/api/errors/invalid_api_key.v1.rabl
@@ -202,6 +204,7 @@ files:
 - spec/controllers/spree/api/classifications_controller_spec.rb
 - spec/controllers/spree/api/config_controller_spec.rb
 - spec/controllers/spree/api/countries_controller_spec.rb
+- spec/controllers/spree/api/credit_cards_controller_spec.rb
 - spec/controllers/spree/api/images_controller_spec.rb
 - spec/controllers/spree/api/inventory_units_controller_spec.rb
 - spec/controllers/spree/api/line_items_controller_spec.rb
@@ -264,6 +267,7 @@ test_files:
 - spec/controllers/spree/api/classifications_controller_spec.rb
 - spec/controllers/spree/api/config_controller_spec.rb
 - spec/controllers/spree/api/countries_controller_spec.rb
+- spec/controllers/spree/api/credit_cards_controller_spec.rb
 - spec/controllers/spree/api/images_controller_spec.rb
 - spec/controllers/spree/api/inventory_units_controller_spec.rb
 - spec/controllers/spree/api/line_items_controller_spec.rb