spree_api 2.4.10 → 3.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 632c3f3af60db8e2033c1fadf69ab81d11aae659
-  data.tar.gz: e80451f21adb1335d2be39bf4ffe33fece0c62ee
+  metadata.gz: 918a64814abd45ead2005fbface150d6703b4038
+  data.tar.gz: b51dc9c832ad061af1e1b7d54095df7ad9648471
 SHA512:
-  metadata.gz: 75341ff16ac40cdb8eb1e2c44e34f27ba3a934bb3ed9a216d99540ae3519d168c52d63d6ba71d25e89cf0bd3f0d91aa9fd46791604b9f94d1cc1e00df1593750
-  data.tar.gz: 2922b722b993fef6bf874d4092a3864794185e8caa90b910e539ae7f3744eacddcba049891dbb0621c37c79c3f7da2ccebea69d69a15832267560172a20f4d64
+  metadata.gz: c2bcc152d0e4d1db8f0c60c706d53c35192c5875ddef8d4c5dbb24ee1b35fbe6a4a0b0943d4addb35f71c2d46df492705ff61f1c60fe943f3e20681b4dcfa4b5
+  data.tar.gz: e2385d91a7c65706135ea244d3920fa0ede5a6f60204a5f9e1072a2468f756ef6f4ca841e959a040aa222afd57029a27bd01f06d1a6a0969b3c92dd76a7508aa

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2007-2014, Spree Commerce, Inc. and other contributors
+Copyright (c) 2007-2015, Spree Commerce, Inc. and other contributors
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -24,4 +24,3 @@ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-

data/app/controllers/spree/api/base_controller.rb

@@ -4,7 +4,6 @@ module Spree
   module Api
     class BaseController < ActionController::Base
       include Spree::Api::ControllerSetup
-      include Spree::Core::ControllerHelpers::SSL
       include Spree::Core::ControllerHelpers::Store
       include Spree::Core::ControllerHelpers::StrongParameters
 
@@ -18,6 +17,8 @@ module Spree
       before_action :authenticate_user
       before_action :load_user_roles
 
+      after_filter  :set_jsonp_format
+
       rescue_from Exception, with: :error_during_processing
       rescue_from ActiveRecord::RecordNotFound, with: :not_found
       rescue_from CanCan::AccessDenied, with: :unauthorized
@@ -25,7 +26,12 @@ module Spree
 
       helper Spree::Api::ApiHelpers
 
-      ssl_allowed
+      def set_jsonp_format
+        if params[:callback] && request.get?
+          self.response_body = "#{params[:callback]}(#{response.body})"
+          headers["Content-Type"] = 'application/javascript'
+        end
+      end
 
       def map_nested_attributes_keys(klass, attributes)
         nested_keys = klass.nested_attributes_options.keys
@@ -58,7 +64,7 @@ module Spree
       end
 
       def load_user
-        @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
+        @current_api_user = (try_spree_current_user || Spree.user_class.find_by(spree_api_key: api_key.to_s))
       end
 
       def authenticate_user

data/app/controllers/spree/api/checkouts_controller.rb

@@ -13,7 +13,7 @@ module Spree
         authorize! :update, @order, order_token
         @order.next!
         respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
-      rescue StateMachine::InvalidTransition
+      rescue StateMachines::InvalidTransition
         respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
       end
 
@@ -35,7 +35,7 @@ module Spree
 
           return if after_update_attributes
 
-          if @order.completed? || @order.next
+          if @order.next || @order.completed?  
             state_callback(:after)
             respond_with(@order, default_template: 'spree/api/orders/show')
           else
@@ -52,7 +52,7 @@ module Spree
         end
 
         def nested_params
-          map_nested_attributes_keys Spree::Order, params[:order] || {}
+          map_nested_attributes_keys Order, params[:order] || {}
         end
 
         # Should be overriden if you have areas of your checkout that don't match
@@ -79,7 +79,7 @@ module Spree
 
         def after_update_attributes
           if nested_params && nested_params[:coupon_code].present?
-            handler = Spree::PromotionHandler::Coupon.new(@order).apply
+            handler = PromotionHandler::Coupon.new(@order).apply
 
             if handler.error.present?
               @coupon_message = handler.error

data/app/controllers/spree/api/countries_controller.rb

@@ -5,17 +5,17 @@ module Spree
       skip_before_action :authenticate_user
 
       def index
-        @countries = Spree::Country.accessible_by(current_ability, :read).ransack(params[:q]).result.
+        @countries = Country.accessible_by(current_ability, :read).ransack(params[:q]).result.
                      includes(:states).order('name ASC').
                      page(params[:page]).per(params[:per_page])
-        country = Spree::Country.order("updated_at ASC").last
+        country = Country.order("updated_at ASC").last
         if stale?(country)
           respond_with(@countries)
         end
       end
 
       def show
-        @country = Spree::Country.accessible_by(current_ability, :read).find(params[:id])
+        @country = Country.accessible_by(current_ability, :read).find(params[:id])
         respond_with(@country)
       end
     end

data/app/controllers/spree/api/images_controller.rb

@@ -8,12 +8,12 @@ module Spree
       end
 
       def show
-        @image = Spree::Image.accessible_by(current_ability, :read).find(params[:id])
+        @image = Image.accessible_by(current_ability, :read).find(params[:id])
         respond_with(@image)
       end
 
       def create
-        authorize! :create, Spree::Image
+        authorize! :create, Image
         @image = scope.images.create(image_params)
         respond_with(@image, :status => 201, :default_template => :show)
       end

data/app/controllers/spree/api/inventory_units_controller.rb

@@ -24,7 +24,7 @@ module Spree
       private
 
       def inventory_unit
-        @inventory_unit ||= Spree::InventoryUnit.accessible_by(current_ability, :read).find(params[:id])
+        @inventory_unit ||= InventoryUnit.accessible_by(current_ability, :read).find(params[:id])
       end
 
       def prepare_event

data/app/controllers/spree/api/option_values_controller.rb

@@ -5,7 +5,7 @@ module Spree
         if params[:ids]
           @option_values = scope.where(:id => params[:ids])
         else
-          @option_values = scope.ransack(params[:q]).result
+          @option_values = scope.ransack(params[:q]).result.distinct
         end
         respond_with(@option_values)
       end

data/app/controllers/spree/api/orders_controller.rb

@@ -7,7 +7,7 @@ module Spree
       before_action :find_order, except: [:create, :mine, :current, :index, :update]
 
       # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
-      Spree::Order.checkout_steps.keys.each do |step|
+      Order.checkout_steps.keys.each do |step|
         define_method step do
           find_order
           authorize! :update, @order, params[:token]
@@ -21,7 +21,7 @@ module Spree
       end
 
       def create
-        authorize! :create, Spree::Order
+        authorize! :create, Order
         order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
           Spree.user_class.find(order_params[:user_id])
         else
@@ -46,7 +46,7 @@ module Spree
 
       def index
         authorize! :index, Order
-        @orders = Spree::Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         respond_with(@orders)
       end
 
@@ -59,15 +59,7 @@ module Spree
         find_order(true)
         authorize! :update, @order, order_token
 
-        result = if request.patch?
-          # This will update the order without a checkout reset.
-          @order.update_attributes(order_params)
-        else
-          # This will reset checkout back to address and delete all shipments.
-          @order.contents.update_cart(order_params)
-        end
-
-        if result
+        if @order.contents.update_cart(order_params)
           user_id = params[:order][:user_id]
           if current_api_user.has_spree_role?('admin') && user_id
             @order.associate_user!(Spree.user_class.find(user_id))
@@ -99,7 +91,7 @@ module Spree
         find_order
         authorize! :update, @order, order_token
         @order.coupon_code = params[:coupon_code]
-        @handler = Spree::PromotionHandler::Coupon.new(@order).apply
+        @handler = PromotionHandler::Coupon.new(@order).apply
         status = @handler.successful? ? 200 : 422
         render "spree/api/promotions/handler", :status => status
       end
@@ -123,7 +115,7 @@ module Spree
         end
 
         def find_order(lock = false)
-          @order = Spree::Order.lock(lock).find_by!(number: params[:id])
+          @order = Spree::Order.lock(lock).friendly.find(params[:id])
         end
 
         def find_current_order

data/app/controllers/spree/api/payments_controller.rb

@@ -12,7 +12,7 @@ module Spree
 
       def new
         @payment_methods = Spree::PaymentMethod.available
-        respond_with(@payment_method)
+        respond_with(@payment_methods)
       end
 
       def create
@@ -26,7 +26,7 @@ module Spree
 
       def update
         authorize! params[:action], @payment
-        if !@payment.editable?
+        if ! @payment.pending?
           render 'update_forbidden', status: 403
         elsif @payment.update_attributes(payment_params)
           respond_with(@payment, default_template: :show)
@@ -58,16 +58,16 @@ module Spree
       private
 
         def find_order
-          @order = Spree::Order.find_by(number: order_id)
+          @order = Spree::Order.friendly.find(order_id)
           authorize! :read, @order, order_token
         end
 
         def find_payment
-          @payment = @order.payments.find(params[:id])
+          @payment = @order.payments.friendly.find(params[:id])
         end
 
         def perform_payment_action(action, *args)
-          authorize! action, Spree::Payment
+          authorize! action, Payment
           @payment.send("#{action}!", *args)
           respond_with(@payment, default_template: :show)
         end

data/app/controllers/spree/api/product_properties_controller.rb

@@ -20,7 +20,7 @@ module Spree
       end
 
       def create
-        authorize! :create, Spree::ProductProperty
+        authorize! :create, ProductProperty
         @product_property = @product.product_properties.new(product_property_params)
         if @product_property.save
           respond_with(@product_property, status: 201, default_template: :show)

data/app/controllers/spree/api/products_controller.rb

@@ -4,7 +4,7 @@ module Spree
 
       def index
         if params[:ids]
-          @products = product_scope.where(:id => params[:ids].split(","))
+          @products = product_scope.where(id: params[:ids].split(",").flatten)
         else
           @products = product_scope.ransack(params[:q]).result
         end
@@ -57,12 +57,12 @@ module Spree
       #   }
       #
       def create
-        authorize! :create, Spree::Product
+        authorize! :create, Product
         params[:product][:available_on] ||= Time.now
         set_up_shipping_category
 
         options = { variants_attrs: variants_params, options_attrs: option_types_params }
-        @product = Spree::Core::Importer::Product.new(nil, product_params, options).create
+        @product = Core::Importer::Product.new(nil, product_params, options).create
 
         if @product.persisted?
           respond_with(@product, :status => 201, :default_template => :show)
@@ -76,7 +76,7 @@ module Spree
         authorize! :update, @product
 
         options = { variants_attrs: variants_params, options_attrs: option_types_params }
-        @product = Spree::Core::Importer::Product.new(@product, product_params, options).update
+        @product = Core::Importer::Product.new(@product, product_params, options).update
 
         if @product.errors.empty?
           respond_with(@product.reload, :status => 200, :default_template => :show)
@@ -119,7 +119,7 @@ module Spree
 
         def set_up_shipping_category
           if shipping_category = params[:product].delete(:shipping_category)
-            id = Spree::ShippingCategory.find_or_create_by(name: shipping_category).id
+            id = ShippingCategory.find_or_create_by(name: shipping_category).id
             params[:product][:shipping_category_id] = id
           end
         end

data/app/controllers/spree/api/properties_controller.rb

@@ -8,7 +8,7 @@ module Spree
         @properties = Spree::Property.accessible_by(current_ability, :read)
 
         if params[:ids]
-          @properties = @properties.where(:id => params[:ids].split(","))
+          @properties = @properties.where(id: params[:ids].split(",").flatten)
         else
           @properties = @properties.ransack(params[:q]).result
         end
@@ -25,7 +25,7 @@ module Spree
       end
 
       def create
-        authorize! :create, Spree::Property
+        authorize! :create, Property
         @property = Spree::Property.new(property_params)
         if @property.save
           respond_with(@property, status: 201, default_template: :show)

data/app/controllers/spree/api/return_authorizations_controller.rb

@@ -3,7 +3,7 @@ module Spree
     class ReturnAuthorizationsController < Spree::Api::BaseController
 
       def create
-        authorize! :create, Spree::ReturnAuthorization
+        authorize! :create, ReturnAuthorization
         @return_authorization = order.return_authorizations.build(return_authorization_params)
         if @return_authorization.save
           respond_with(@return_authorization, status: 201, default_template: :show)
@@ -19,7 +19,7 @@ module Spree
       end
 
       def index
-        authorize! :admin, Spree::ReturnAuthorization
+        authorize! :admin, ReturnAuthorization
         @return_authorizations = order.return_authorizations.accessible_by(current_ability, :read).
                                  ransack(params[:q]).result.
                                  page(params[:page]).per(params[:per_page])
@@ -27,11 +27,11 @@ module Spree
       end
 
       def new
-        authorize! :admin, Spree::ReturnAuthorization
+        authorize! :admin, ReturnAuthorization
       end
 
       def show
-        authorize! :admin, Spree::ReturnAuthorization
+        authorize! :admin, ReturnAuthorization
         @return_authorization = order.return_authorizations.accessible_by(current_ability, :read).find(params[:id])
         respond_with(@return_authorization)
       end

data/app/controllers/spree/api/shipments_controller.rb

@@ -32,7 +32,7 @@ module Spree
       end
 
       def update
-        @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
+        @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).friendly.find(params[:id])
         @shipment.update_attributes_and_order(shipment_params)
 
         respond_with(@shipment.reload, default_template: :show)
@@ -79,7 +79,7 @@ module Spree
       end
 
       def transfer_to_shipment
-        @target_shipment  = Spree::Shipment.find_by!(number: params[:target_shipment_number])
+        @target_shipment  = Spree::Shipment.friendly.find(params[:target_shipment_number])
         @original_shipment.transfer_to_shipment(@variant, @quantity, @target_shipment)
         render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
       end
@@ -87,7 +87,7 @@ module Spree
       private
 
       def load_transfer_params
-        @original_shipment         = Spree::Shipment.where(number: params[:original_shipment_number]).first
+        @original_shipment         = Spree::Shipment.friendly.find(params[:original_shipment_number])
         @variant                   = Spree::Variant.find(params[:variant_id])
         @quantity                  = params[:quantity].to_i
         authorize! :read, @original_shipment
@@ -95,7 +95,7 @@ module Spree
       end
 
       def find_and_update_shipment
-        @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
+        @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).friendly.find(params[:id])
         @shipment.update_attributes(shipment_params)
         @shipment.reload
       end

data/app/controllers/spree/api/states_controller.rb

@@ -27,10 +27,10 @@ module Spree
       private
         def scope
           if params[:country_id]
-            @country = Spree::Country.accessible_by(current_ability, :read).find(params[:country_id])
+            @country = Country.accessible_by(current_ability, :read).find(params[:country_id])
             return @country.states.accessible_by(current_ability, :read)
           else
-            return Spree::State.accessible_by(current_ability, :read)
+            return State.accessible_by(current_ability, :read)
           end
         end
     end

data/app/controllers/spree/api/stock_items_controller.rb

@@ -14,7 +14,7 @@ module Spree
       end
 
       def create
-        authorize! :create, Spree::StockItem
+        authorize! :create, StockItem
 
         count_on_hand = 0
         if params[:stock_item].has_key?(:count_on_hand)
@@ -31,7 +31,7 @@ module Spree
       end
 
       def update
-        @stock_item = Spree::StockItem.accessible_by(current_ability, :update).find(params[:id])
+        @stock_item = StockItem.accessible_by(current_ability, :update).find(params[:id])
 
         count_on_hand = 0
         if params[:stock_item].has_key?(:count_on_hand)
@@ -50,7 +50,7 @@ module Spree
       end
 
       def destroy
-        @stock_item = Spree::StockItem.accessible_by(current_ability, :destroy).find(params[:id])
+        @stock_item = StockItem.accessible_by(current_ability, :destroy).find(params[:id])
         @stock_item.destroy
         respond_with(@stock_item, status: 204)
       end
@@ -59,7 +59,7 @@ module Spree
 
       def stock_location
         render 'spree/api/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
-        @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
+        @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
       end
 
       def scope

data/app/controllers/spree/api/stock_locations_controller.rb

@@ -2,8 +2,8 @@ module Spree
   module Api
     class StockLocationsController < Spree::Api::BaseController
       def index
-        authorize! :read, Spree::StockLocation
-        @stock_locations = Spree::StockLocation.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        authorize! :read, StockLocation
+        @stock_locations = StockLocation.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         respond_with(@stock_locations)
       end
 
@@ -12,8 +12,8 @@ module Spree
       end
 
       def create
-        authorize! :create, Spree::StockLocation
-        @stock_location = Spree::StockLocation.new(stock_location_params)
+        authorize! :create, StockLocation
+        @stock_location = StockLocation.new(stock_location_params)
         if @stock_location.save
           respond_with(@stock_location, status: 201, default_template: :show)
         else
@@ -39,7 +39,7 @@ module Spree
       private
 
       def stock_location
-        @stock_location ||= Spree::StockLocation.accessible_by(current_ability, :read).find(params[:id])
+        @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:id])
       end
 
       def stock_location_params