RubyGems - spree_api - Versions diffs - 3.0.10 → 3.1.0.rc1 - Mend

spree_api 3.0.10 → 3.1.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 04fc31f7217d5cc17609c6c56fe26b8cf1a388a8
-  data.tar.gz: 60dec0893bfa0a8931848250d3a0cc8c29174370
+  metadata.gz: 619c0d865d3f6eb5fdbd68c17860e2e7a260452f
+  data.tar.gz: 15a80886dd571611fede3f469fd5bec77424eb5d
 SHA512:
-  metadata.gz: 92672928882abad9f58df26a51156774bb39ee6f2d45f028ad416df711fa9bf4b19a52fe8ac8ea1d6d8982c98ed8b7a381f6424b942dcdb86406a40f39ae34ab
-  data.tar.gz: 2ded41e4383416864502cbbdd047966a397c2988f64ea0cd9e2dac1718baffe591ad11a5cf554b3f90105a67b87238f7beabcececb40549078382a999ffe0dc3
+  metadata.gz: bc0caf79058b10c7b724e0b5f8870b0dd4b93db16b1f48bfe4a1db7dc353eb9bdfb5c49d5bb5328e0dc50e1931cb233b3db1687be25af259956c1accb7831540
+  data.tar.gz: ae5ba6a9dce7d870b644f07967aa548b778f72fe7f2117e37a697506de91a97039c5dd8e4b1e3f009d38d2ea56acb183688b880b49f6d127fc0a5bbcc7a8caba

data/app/controllers/spree/api/base_controller.rb CHANGED Viewed

@@ -9,15 +9,14 @@ module Spree
       attr_accessor :current_api_user
-      class_attribute :error_notifier
       before_action :set_content_type
       before_action :load_user
       before_action :authorize_for_order, if: Proc.new { order_token.present? }
       before_action :authenticate_user
       before_action :load_user_roles
-      rescue_from Exception, with: :error_during_processing
+      rescue_from ActionController::ParameterMissing, with: :error_during_processing
+      rescue_from ActiveRecord::RecordInvalid, with: :error_during_processing
       rescue_from ActiveRecord::RecordNotFound, with: :not_found
       rescue_from CanCan::AccessDenied, with: :unauthorized
       rescue_from Spree::Core::GatewayError, with: :gateway_error
@@ -62,24 +61,20 @@ module Spree
       end
       def authenticate_user
-        unless @current_api_user
-          if requires_authentication? && api_key.blank? && order_token.blank?
-            render "spree/api/errors/must_specify_api_key", :status => 401 and return
-          elsif order_token.blank? && (requires_authentication? || api_key.present?)
-            render "spree/api/errors/invalid_api_key", :status => 401 and return
-          else
-            # An anonymous user
-            @current_api_user = Spree.user_class.new
-          end
+        return if @current_api_user
+        if requires_authentication? && api_key.blank? && order_token.blank?
+          render "spree/api/errors/must_specify_api_key", status: 401 and return
+        elsif order_token.blank? && (requires_authentication? || api_key.present?)
+          render "spree/api/errors/invalid_api_key", status: 401 and return
+        else
+          # An anonymous user
+          @current_api_user = Spree.user_class.new
         end
       end
       def load_user_roles
-        @current_user_roles = if @current_api_user
-          @current_api_user.spree_roles.pluck(:name)
-        else
-          []
-        end
+        @current_user_roles = @current_api_user ? @current_api_user.spree_roles.pluck(:name) : []
       end
       def unauthorized
@@ -90,10 +85,11 @@ module Spree
         Rails.logger.error exception.message
         Rails.logger.error exception.backtrace.join("\n")
-        error_notifier.call(exception, self) if error_notifier
+        unprocessable_entity(exception.message)
+      end
-        render text: { exception: exception.message }.to_json,
-          status: 422 and return
+      def unprocessable_entity(message)
+        render text: { exception: message }.to_json, status: 422
       end
       def gateway_error(exception)
@@ -115,7 +111,7 @@ module Spree
       def invalid_resource!(resource)
         @resource = resource
-        render "spree/api/errors/invalid_resource", :status => 422
+        render "spree/api/errors/invalid_resource", status: 422
       end
       def api_key
@@ -140,6 +136,9 @@ module Spree
           unless params[:show_deleted]
             scope = scope.not_deleted
           end
+          unless params[:show_discontinued]
+            scope = scope.not_discontinued
+          end
         else
           scope = Product.accessible_by(current_ability, :read).active.includes(*product_includes)
         end
@@ -152,7 +151,7 @@ module Spree
       end
       def product_includes
-        [ :option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations ]
+        [:option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations]
       end
       def order_id

data/app/controllers/spree/api/v1/addresses_controller.rb ADDED Viewed

@@ -0,0 +1,46 @@
+module Spree
+  module Api
+    module V1
+      class AddressesController < Spree::Api::BaseController
+        before_action :find_order
+        def show
+          authorize! :read, @order, order_token
+          @address = find_address
+          respond_with(@address)
+        end
+        def update
+          authorize! :update, @order, order_token
+          @address = find_address
+          if @address.update_attributes(address_params)
+            respond_with(@address, :default_template => :show)
+          else
+            invalid_resource!(@address)
+          end
+        end
+        private
+        def address_params
+          params.require(:address).permit(permitted_address_attributes)
+        end
+        def find_order
+          @order = Spree::Order.find_by!(number: order_id)
+        end
+        def find_address
+          if @order.bill_address_id == params[:id].to_i
+            @order.bill_address
+          elsif @order.ship_address_id == params[:id].to_i
+            @order.ship_address
+          else
+            raise CanCan::AccessDenied
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/checkouts_controller.rb ADDED Viewed

@@ -0,0 +1,103 @@
+module Spree
+  module Api
+    module V1
+      class CheckoutsController < Spree::Api::BaseController
+        before_action :associate_user, only: :update
+        before_action :load_order_with_lock, only: [:next, :advance, :update]
+        include Spree::Core::ControllerHelpers::Auth
+        include Spree::Core::ControllerHelpers::Order
+        # This before_action comes from Spree::Core::ControllerHelpers::Order
+        skip_before_action :set_current_order
+        def next
+          authorize! :update, @order, order_token
+          @order.next!
+          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
+        rescue StateMachines::InvalidTransition
+          respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
+        end
+        def advance
+          authorize! :update, @order, order_token
+          while @order.next; end
+          respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
+        end
+        def update
+          authorize! :update, @order, order_token
+          if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
+            if current_api_user.has_spree_role?('admin') && user_id.present?
+              @order.associate_user!(Spree.user_class.find(user_id))
+            end
+            return if after_update_attributes
+            if @order.completed? || @order.next
+              state_callback(:after)
+              respond_with(@order, default_template: 'spree/api/v1/orders/show')
+            else
+              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
+            end
+          else
+            invalid_resource!(@order)
+          end
+        end
+        private
+        def user_id
+          params[:order][:user_id] if params[:order]
+        end
+        def nested_params
+          map_nested_attributes_keys Order, params[:order] || {}
+        end
+        # Should be overriden if you have areas of your checkout that don't match
+        # up to a step within checkout_steps, such as a registration step
+        def skip_state_validation?
+          false
+        end
+        def load_order(lock = false)
+          @order = Spree::Order.lock(lock).find_by!(number: params[:id])
+          raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
+          @order.state = params[:state] if params[:state]
+          state_callback(:before)
+        end
+        def load_order_with_lock
+          load_order(true)
+        end
+        def raise_insufficient_quantity
+          respond_with(@order, default_template: 'spree/api/v1/orders/insufficient_quantity')
+        end
+        def state_callback(before_or_after = :before)
+          method_name = :"#{before_or_after}_#{@order.state}"
+          send(method_name) if respond_to?(method_name, true)
+        end
+        def after_update_attributes
+          if nested_params && nested_params[:coupon_code].present?
+            handler = PromotionHandler::Coupon.new(@order).apply
+            if handler.error.present?
+              @coupon_message = handler.error
+              respond_with(@order, default_template: 'spree/api/v1/orders/could_not_apply_coupon')
+              return true
+            end
+          end
+          false
+        end
+        def order_id
+          super || params[:id]
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/classifications_controller.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module Spree
+  module Api
+    module V1
+      class ClassificationsController < Spree::Api::BaseController
+        def update
+          authorize! :update, Product
+          authorize! :update, Taxon
+          classification = Spree::Classification.find_by(
+            product_id: params[:product_id],
+            taxon_id: params[:taxon_id]
+          )
+          # Because position we get back is 0-indexed.
+          # acts_as_list is 1-indexed.
+          classification.insert_at(params[:position].to_i + 1)
+          render nothing: true
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/countries_controller.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module Spree
+  module Api
+    module V1
+      class CountriesController < Spree::Api::BaseController
+        skip_before_action :authenticate_user
+        def index
+          @countries = Country.accessible_by(current_ability, :read).ransack(params[:q]).result.
+                       order('name ASC').
+                       page(params[:page]).per(params[:per_page])
+          country = Country.order("updated_at ASC").last
+          if stale?(country)
+            respond_with(@countries)
+          end
+        end
+        def show
+          @country = Country.accessible_by(current_ability, :read).find(params[:id])
+          respond_with(@country)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/credit_cards_controller.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module Spree
+  module Api
+    module V1
+      class CreditCardsController < Spree::Api::BaseController
+        before_action :user
+        def index
+          @credit_cards = user
+            .credit_cards
+            .accessible_by(current_ability, :read)
+            .with_payment_profile
+            .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@credit_cards)
+        end
+        private
+          def user
+            if params[:user_id].present?
+              @user ||= Spree::user_class.accessible_by(current_ability, :read).find(params[:user_id])
+            end
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/images_controller.rb ADDED Viewed

@@ -0,0 +1,56 @@
+module Spree
+  module Api
+    module V1
+      class ImagesController < Spree::Api::BaseController
+        def index
+          @images = scope.images.accessible_by(current_ability, :read)
+          respond_with(@images)
+        end
+        def show
+          @image = Image.accessible_by(current_ability, :read).find(params[:id])
+          respond_with(@image)
+        end
+        def create
+          authorize! :create, Image
+          @image = scope.images.new(image_params)
+          if @image.save
+            respond_with(@image, status: 201, default_template: :show)
+          else
+            invalid_resource!(@image)
+          end
+        end
+        def update
+          @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
+          if @image.update_attributes(image_params)
+            respond_with(@image, default_template: :show)
+          else
+            invalid_resource!(@image)
+          end
+        end
+        def destroy
+          @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
+          @image.destroy
+          respond_with(@image, status: 204)
+        end
+        private
+        def image_params
+          params.require(:image).permit(permitted_image_attributes)
+        end
+        def scope
+          if params[:product_id]
+            Spree::Product.friendly.find(params[:product_id])
+          elsif params[:variant_id]
+            Spree::Variant.find(params[:variant_id])
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/inventory_units_controller.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module Spree
+  module Api
+    module V1
+      class InventoryUnitsController < Spree::Api::BaseController
+        before_action :prepare_event, only: :update
+        def show
+          @inventory_unit = inventory_unit
+          respond_with(@inventory_unit)
+        end
+        def update
+          authorize! :update, inventory_unit.order
+          inventory_unit.transaction do
+            if inventory_unit.update_attributes(inventory_unit_params)
+              fire
+              render :show, :status => 200
+            else
+              invalid_resource!(inventory_unit)
+            end
+          end
+        end
+        private
+        def inventory_unit
+          @inventory_unit ||= InventoryUnit.accessible_by(current_ability, :read).find(params[:id])
+        end
+        def prepare_event
+          return unless @event = params[:fire]
+          can_event = "can_#{@event}?"
+          unless inventory_unit.respond_to?(can_event) &&
+                 inventory_unit.send(can_event)
+            render :text => { :exception => "cannot transition to #{@event}" }.to_json,
+                   :status => 200
+            false
+          end
+        end
+        def fire
+          inventory_unit.send("#{@event}!") if @event
+        end
+        def inventory_unit_params
+          params.require(:inventory_unit).permit(permitted_inventory_unit_attributes)
+        end
+      end
+    end
+  end
+end