spree_api 3.0.10 → 3.1.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 04fc31f7217d5cc17609c6c56fe26b8cf1a388a8
-  data.tar.gz: 60dec0893bfa0a8931848250d3a0cc8c29174370
+  metadata.gz: 619c0d865d3f6eb5fdbd68c17860e2e7a260452f
+  data.tar.gz: 15a80886dd571611fede3f469fd5bec77424eb5d
 SHA512:
-  metadata.gz: 92672928882abad9f58df26a51156774bb39ee6f2d45f028ad416df711fa9bf4b19a52fe8ac8ea1d6d8982c98ed8b7a381f6424b942dcdb86406a40f39ae34ab
-  data.tar.gz: 2ded41e4383416864502cbbdd047966a397c2988f64ea0cd9e2dac1718baffe591ad11a5cf554b3f90105a67b87238f7beabcececb40549078382a999ffe0dc3
+  metadata.gz: bc0caf79058b10c7b724e0b5f8870b0dd4b93db16b1f48bfe4a1db7dc353eb9bdfb5c49d5bb5328e0dc50e1931cb233b3db1687be25af259956c1accb7831540
+  data.tar.gz: ae5ba6a9dce7d870b644f07967aa548b778f72fe7f2117e37a697506de91a97039c5dd8e4b1e3f009d38d2ea56acb183688b880b49f6d127fc0a5bbcc7a8caba

data/app/controllers/spree/api/base_controller.rb

@@ -9,15 +9,14 @@ module Spree
 
       attr_accessor :current_api_user
 
-      class_attribute :error_notifier
-
       before_action :set_content_type
       before_action :load_user
       before_action :authorize_for_order, if: Proc.new { order_token.present? }
       before_action :authenticate_user
       before_action :load_user_roles
 
-      rescue_from Exception, with: :error_during_processing
+      rescue_from ActionController::ParameterMissing, with: :error_during_processing
+      rescue_from ActiveRecord::RecordInvalid, with: :error_during_processing
       rescue_from ActiveRecord::RecordNotFound, with: :not_found
       rescue_from CanCan::AccessDenied, with: :unauthorized
       rescue_from Spree::Core::GatewayError, with: :gateway_error
@@ -62,24 +61,20 @@ module Spree
       end
 
       def authenticate_user
-        unless @current_api_user
-          if requires_authentication? && api_key.blank? && order_token.blank?
-            render "spree/api/errors/must_specify_api_key", :status => 401 and return
-          elsif order_token.blank? && (requires_authentication? || api_key.present?)
-            render "spree/api/errors/invalid_api_key", :status => 401 and return
-          else
-            # An anonymous user
-            @current_api_user = Spree.user_class.new
-          end
+        return if @current_api_user
+
+        if requires_authentication? && api_key.blank? && order_token.blank?
+          render "spree/api/errors/must_specify_api_key", status: 401 and return
+        elsif order_token.blank? && (requires_authentication? || api_key.present?)
+          render "spree/api/errors/invalid_api_key", status: 401 and return
+        else
+          # An anonymous user
+          @current_api_user = Spree.user_class.new
         end
       end
 
       def load_user_roles
-        @current_user_roles = if @current_api_user
-          @current_api_user.spree_roles.pluck(:name)
-        else
-          []
-        end
+        @current_user_roles = @current_api_user ? @current_api_user.spree_roles.pluck(:name) : []
       end
 
       def unauthorized
@@ -90,10 +85,11 @@ module Spree
         Rails.logger.error exception.message
         Rails.logger.error exception.backtrace.join("\n")
 
-        error_notifier.call(exception, self) if error_notifier
+        unprocessable_entity(exception.message)
+      end
 
-        render text: { exception: exception.message }.to_json,
-          status: 422 and return
+      def unprocessable_entity(message)
+        render text: { exception: message }.to_json, status: 422
       end
 
       def gateway_error(exception)
@@ -115,7 +111,7 @@ module Spree
 
       def invalid_resource!(resource)
         @resource = resource
-        render "spree/api/errors/invalid_resource", :status => 422
+        render "spree/api/errors/invalid_resource", status: 422
       end
 
       def api_key
@@ -140,6 +136,9 @@ module Spree
           unless params[:show_deleted]
             scope = scope.not_deleted
           end
+          unless params[:show_discontinued]
+            scope = scope.not_discontinued
+          end
         else
           scope = Product.accessible_by(current_ability, :read).active.includes(*product_includes)
         end
@@ -152,7 +151,7 @@ module Spree
       end
 
       def product_includes
-        [ :option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations ]
+        [:option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations]
       end
 
       def order_id

data/app/controllers/spree/api/v1/addresses_controller.rb

@@ -0,0 +1,46 @@
+module Spree
+  module Api
+    module V1
+      class AddressesController < Spree::Api::BaseController
+        before_action :find_order
+
+        def show
+          authorize! :read, @order, order_token
+          @address = find_address
+          respond_with(@address)
+        end
+
+        def update
+          authorize! :update, @order, order_token
+          @address = find_address
+
+          if @address.update_attributes(address_params)
+            respond_with(@address, :default_template => :show)
+          else
+            invalid_resource!(@address)
+          end
+        end
+
+        private
+
+        def address_params
+          params.require(:address).permit(permitted_address_attributes)
+        end
+
+        def find_order
+          @order = Spree::Order.find_by!(number: order_id)
+        end
+
+        def find_address
+          if @order.bill_address_id == params[:id].to_i
+            @order.bill_address
+          elsif @order.ship_address_id == params[:id].to_i
+            @order.ship_address
+          else
+            raise CanCan::AccessDenied
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/checkouts_controller.rb

@@ -0,0 +1,103 @@
+module Spree
+  module Api
+    module V1
+      class CheckoutsController < Spree::Api::BaseController
+        before_action :associate_user, only: :update
+        before_action :load_order_with_lock, only: [:next, :advance, :update]
+
+        include Spree::Core::ControllerHelpers::Auth
+        include Spree::Core::ControllerHelpers::Order
+        # This before_action comes from Spree::Core::ControllerHelpers::Order
+        skip_before_action :set_current_order
+
+        def next
+          authorize! :update, @order, order_token
+          @order.next!
+          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
+        rescue StateMachines::InvalidTransition
+          respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
+        end
+
+        def advance
+          authorize! :update, @order, order_token
+          while @order.next; end
+          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
+        end
+
+        def update
+          authorize! :update, @order, order_token
+
+          if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
+            if current_api_user.has_spree_role?('admin') && user_id.present?
+              @order.associate_user!(Spree.user_class.find(user_id))
+            end
+
+            return if after_update_attributes
+
+            if @order.completed? || @order.next
+              state_callback(:after)
+              respond_with(@order, default_template: 'spree/api/v1/orders/show')
+            else
+              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
+            end
+          else
+            invalid_resource!(@order)
+          end
+        end
+
+        private
+
+        def user_id
+          params[:order][:user_id] if params[:order]
+        end
+
+        def nested_params
+          map_nested_attributes_keys Order, params[:order] || {}
+        end
+
+        # Should be overriden if you have areas of your checkout that don't match
+        # up to a step within checkout_steps, such as a registration step
+        def skip_state_validation?
+          false
+        end
+
+        def load_order(lock = false)
+          @order = Spree::Order.lock(lock).find_by!(number: params[:id])
+          raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
+          @order.state = params[:state] if params[:state]
+          state_callback(:before)
+        end
+
+        def load_order_with_lock
+          load_order(true)
+        end
+
+        def raise_insufficient_quantity
+          respond_with(@order, default_template: 'spree/api/v1/orders/insufficient_quantity')
+        end
+
+        def state_callback(before_or_after = :before)
+          method_name = :"#{before_or_after}_#{@order.state}"
+          send(method_name) if respond_to?(method_name, true)
+        end
+
+        def after_update_attributes
+          if nested_params && nested_params[:coupon_code].present?
+            handler = PromotionHandler::Coupon.new(@order).apply
+
+            if handler.error.present?
+              @coupon_message = handler.error
+              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_apply_coupon')
+              return true
+            end
+          end
+          false
+        end
+
+        def order_id
+          super || params[:id]
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/classifications_controller.rb

@@ -0,0 +1,20 @@
+module Spree
+  module Api
+    module V1
+      class ClassificationsController < Spree::Api::BaseController
+        def update
+          authorize! :update, Product
+          authorize! :update, Taxon
+          classification = Spree::Classification.find_by(
+            product_id: params[:product_id],
+            taxon_id: params[:taxon_id]
+          )
+          # Because position we get back is 0-indexed.
+          # acts_as_list is 1-indexed.
+          classification.insert_at(params[:position].to_i + 1)
+          render nothing: true
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/countries_controller.rb

@@ -0,0 +1,24 @@
+module Spree
+  module Api
+    module V1
+      class CountriesController < Spree::Api::BaseController
+        skip_before_action :authenticate_user
+
+        def index
+          @countries = Country.accessible_by(current_ability, :read).ransack(params[:q]).result.
+                       order('name ASC').
+                       page(params[:page]).per(params[:per_page])
+          country = Country.order("updated_at ASC").last
+          if stale?(country)
+            respond_with(@countries)
+          end
+        end
+
+        def show
+          @country = Country.accessible_by(current_ability, :read).find(params[:id])
+          respond_with(@country)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/credit_cards_controller.rb

@@ -0,0 +1,27 @@
+module Spree
+  module Api
+    module V1
+      class CreditCardsController < Spree::Api::BaseController
+        before_action :user
+
+        def index
+          @credit_cards = user
+            .credit_cards
+            .accessible_by(current_ability, :read)
+            .with_payment_profile
+            .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@credit_cards)
+        end
+
+        private
+
+          def user
+            if params[:user_id].present?
+              @user ||= Spree::user_class.accessible_by(current_ability, :read).find(params[:user_id])
+            end
+          end
+
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/images_controller.rb

@@ -0,0 +1,56 @@
+module Spree
+  module Api
+    module V1
+      class ImagesController < Spree::Api::BaseController
+        def index
+          @images = scope.images.accessible_by(current_ability, :read)
+          respond_with(@images)
+        end
+
+        def show
+          @image = Image.accessible_by(current_ability, :read).find(params[:id])
+          respond_with(@image)
+        end
+
+        def create
+          authorize! :create, Image
+          @image = scope.images.new(image_params)
+          if @image.save
+            respond_with(@image, status: 201, default_template: :show)
+          else
+            invalid_resource!(@image)
+          end
+        end
+
+        def update
+          @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
+          if @image.update_attributes(image_params)
+            respond_with(@image, default_template: :show)
+          else
+            invalid_resource!(@image)
+          end
+        end
+
+        def destroy
+          @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
+          @image.destroy
+          respond_with(@image, status: 204)
+        end
+
+        private
+
+        def image_params
+          params.require(:image).permit(permitted_image_attributes)
+        end
+
+        def scope
+          if params[:product_id]
+            Spree::Product.friendly.find(params[:product_id])
+          elsif params[:variant_id]
+            Spree::Variant.find(params[:variant_id])
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/inventory_units_controller.rb

@@ -0,0 +1,54 @@
+module Spree
+  module Api
+    module V1
+      class InventoryUnitsController < Spree::Api::BaseController
+        before_action :prepare_event, only: :update
+
+        def show
+          @inventory_unit = inventory_unit
+          respond_with(@inventory_unit)
+        end
+
+        def update
+          authorize! :update, inventory_unit.order
+
+          inventory_unit.transaction do
+            if inventory_unit.update_attributes(inventory_unit_params)
+              fire
+              render :show, :status => 200
+            else
+              invalid_resource!(inventory_unit)
+            end
+          end
+        end
+
+        private
+
+        def inventory_unit
+          @inventory_unit ||= InventoryUnit.accessible_by(current_ability, :read).find(params[:id])
+        end
+
+        def prepare_event
+          return unless @event = params[:fire]
+
+          can_event = "can_#{@event}?"
+
+          unless inventory_unit.respond_to?(can_event) &&
+                 inventory_unit.send(can_event)
+            render :text => { :exception => "cannot transition to #{@event}" }.to_json,
+                   :status => 200
+            false
+          end
+        end
+
+        def fire
+          inventory_unit.send("#{@event}!") if @event
+        end
+        
+        def inventory_unit_params
+          params.require(:inventory_unit).permit(permitted_inventory_unit_attributes)
+        end
+      end
+    end
+  end
+end