spree_api 3.6.6 → 3.7.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23689ff6a2b514071aba3c4bd533a7901e448ca71603bbb3879d8a33df49e7c9
-  data.tar.gz: 7e0ab714a65d2e50048951e6593ca23383d2d62d888c3a58036d2b29515f7f2d
+  metadata.gz: 966dd14cce417e7119d423b7b05d052b85e0f0372f7bcb04c966f239cf8aafae
+  data.tar.gz: e6903c09540a78763157058235d32dc07405747646dc24f2b980ab7df19249d6
 SHA512:
-  metadata.gz: ceafa6234fdab1674a7d4dcbfa0b4436d6a901a0a6fb3ac4243ff7d218476683a4eaa713383e35a4fd34a3fd8d9e7d6bbe18040f8957a18718f2b879bc472c63
-  data.tar.gz: fd88d8f63f688ee351921ad8383ebc77308822e4fbf8dbddcf540b5b270be07f6715de0491eb4d720d2d2d5370091667a686eddb8cfcf89c7d040da3a3a417b2
+  metadata.gz: e8ad9bc26e1c98498461bd06975be490627cb53857cb2ca64a01a40e410e866978c7387ee46102d1a39b96f0f751bd14d2da33c3f8928617fb28e12d4b37e4cb
+  data.tar.gz: cfc7d9802acc6f4a82bf5ccc56028ed303663fe1495292d2f0a1c507a7da63adcd82dbfbaea29fcf3c334e3c17aab63a811487d33a75c29f1a020671de62d06c

data/app/assets/javascripts/spree/api/main.js

@@ -0,0 +1,36 @@
+//= require spree
+
+var SpreeAPI = {
+  oauthToken: null, // user Bearer token to authorize operations for the given user
+  orderToken: null // order token to authorize operations on current order (cart)
+}
+
+SpreeAPI.Storefront = {}
+SpreeAPI.Platform = {}
+
+// API routes
+Spree.routes.api_v2_storefront_cart_create = Spree.pathFor('api/v2/storefront/cart')
+Spree.routes.api_v2_storefront_cart_add_item = Spree.pathFor('api/v2/storefront/cart/add_item')
+Spree.routes.api_v2_storefront_cart_apply_coupon_code = Spree.pathFor('api/v2/storefront/cart/apply_coupon_code')
+
+// helpers
+SpreeAPI.handle500error = function () {
+  alert('Internal Server Error')
+}
+
+SpreeAPI.prepareHeaders = function (headers) {
+  if (typeof headers === 'undefined') {
+    headers = {}
+  }
+
+  // if signed in we need to pass the Bearer authorization token
+  // so backend will recognize that actions are authorized in scope of this user
+  if (SpreeAPI.oauthToken) {
+    headers['Authorization'] = 'Bearer ' + SpreeAPI.oauthToken
+  }
+
+  // default headers, required for POST/PATCH/DELETE requests
+  headers['Accept'] = 'application/json'
+  headers['Content-Type'] = 'application/json'
+  return headers
+}

data/app/assets/javascripts/spree/api/storefront/cart.js

@@ -0,0 +1,49 @@
+//= require spree/api/main
+
+SpreeAPI.Storefront.createCart = function (successCallback, failureCallback) {
+  fetch(Spree.routes.api_v2_storefront_cart_create, {
+    method: 'POST',
+    headers: SpreeAPI.prepareHeaders()
+  }).then(function (response) {
+    switch (response.status) {
+      case 422:
+        response.json().then(function (json) { failureCallback(json.error) })
+        break
+      case 500:
+        SpreeAPI.handle500error()
+        break
+      case 201:
+        response.json().then(function (json) {
+          SpreeAPI.orderToken = json.data.attributes.token
+          successCallback()
+        })
+        break
+    }
+  })
+}
+
+SpreeAPI.Storefront.addToCart = function (variantId, quantity, options, successCallback, failureCallback) {
+  fetch(Spree.routes.api_v2_storefront_cart_add_item, {
+    method: 'POST',
+    headers: SpreeAPI.prepareHeaders({ 'X-Spree-Order-Token': SpreeAPI.orderToken }),
+    body: JSON.stringify({
+      variant_id: variantId,
+      quantity: quantity,
+      options: options
+    })
+  }).then(function (response) {
+    switch (response.status) {
+      case 422:
+        response.json().then(function (json) { failureCallback(json.error) })
+        break
+      case 500:
+        SpreeAPI.handle500error()
+        break
+      case 200:
+        response.json().then(function (json) {
+          successCallback(json.data)
+        })
+        break
+    }
+  })
+}

data/app/controllers/concerns/spree/api/v2/storefront/order_concern.rb

@@ -0,0 +1,48 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        module OrderConcern
+          private
+
+          def render_order(result)
+            if result.success?
+              render_serialized_payload { serialized_current_order }
+            else
+              render_error_payload(result.error)
+            end
+          end
+
+          def ensure_order
+            raise ActiveRecord::RecordNotFound if spree_current_order.nil?
+          end
+
+          def order_token
+            request.headers['X-Spree-Order-Token'] || params[:order_token]
+          end
+
+          def spree_current_order
+            @spree_current_order ||= find_spree_current_order
+          end
+
+          def find_spree_current_order
+            Spree::Orders::FindCurrent.new.execute(
+              store: spree_current_store,
+              user: spree_current_user,
+              token: order_token,
+              currency: current_currency
+            )
+          end
+
+          def serialize_order(order)
+            dependencies[:cart_serializer].new(order.reload, include: resource_includes, fields: sparse_fields).serializable_hash
+          end
+
+          def serialized_current_order
+            serialize_order(spree_current_order)
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/errors_controller.rb

@@ -0,0 +1,9 @@
+module Spree
+  module Api
+    class ErrorsController < ActionController::Base
+      def render_404
+        render 'spree/api/errors/not_found', status: 404
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/checkouts_controller.rb

@@ -32,6 +32,8 @@ module Spree
               @order.associate_user!(Spree.user_class.find(user_id))
             end
 
+            log_state_changes if params[:state]
+
             return if after_update_attributes
 
             if @order.completed? || @order.next
@@ -91,6 +93,16 @@ module Spree
           false
         end
 
+        def log_state_changes
+          if @order.previous_changes[:state]
+            @order.log_state_changes(
+              state_name: 'order',
+              old_state: @order.previous_changes[:state].first,
+              new_state: @order.previous_changes[:state].last
+            )
+          end
+        end
+
         def order_id
           super || params[:id]
         end

data/app/controllers/spree/api/v1/customer_returns_controller.rb

@@ -11,6 +11,7 @@ module Spree
 
         def collection(resource)
           return @collection if @collection.present?
+
           params[:q] ||= {}
 
           @collection = resource.all

data/app/controllers/spree/api/v1/line_items_controller.rb

@@ -10,12 +10,11 @@ module Spree
 
         def create
           variant = Spree::Variant.find(params[:line_item][:variant_id])
-          @line_item = order.contents.add(
-            variant,
-            params[:line_item][:quantity] || 1,
-            line_item_params[:options] || {}
-          )
 
+          @line_item = Spree::Cart::AddItem.call(order: order,
+                                                 variant: variant,
+                                                 quantity: params[:line_item][:quantity],
+                                                 options: line_item_params[:options]).value
           if @line_item.errors.empty?
             respond_with(@line_item, status: 201, default_template: :show)
           else
@@ -25,7 +24,8 @@ module Spree
 
         def update
           @line_item = find_line_item
-          if @order.contents.update_cart(line_items_attributes)
+
+          if Spree::Cart::Update.call(order: @order, params: line_items_attributes).success?
             @line_item.reload
             respond_with(@line_item, default_template: :show)
           else
@@ -35,7 +35,8 @@ module Spree
 
         def destroy
           @line_item = find_line_item
-          @order.contents.remove_line_item(@line_item)
+          Spree::Cart::RemoveLineItem.new.call(order: @order, line_item: @line_item)
+
           respond_with(@line_item, status: 204)
         end
 
@@ -54,9 +55,9 @@ module Spree
 
         def line_items_attributes
           { line_items_attributes: {
-              id: params[:id],
-              quantity: params[:line_item][:quantity],
-              options: line_item_params[:options] || {}
+            id: params[:id],
+            quantity: params[:line_item][:quantity],
+            options: line_item_params[:options] || {}
           } }
         end
 

data/app/controllers/spree/api/v1/orders_controller.rb

@@ -30,10 +30,10 @@ module Spree
           authorize! :create, Spree::Order
           if can?(:admin, Spree::Order)
             order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
-                          Spree.user_class.find(order_params[:user_id])
-                        else
-                          current_api_user
-            end
+                           Spree.user_class.find(order_params[:user_id])
+                         else
+                           current_api_user
+                         end
 
             import_params = if @current_user_roles.include?('admin')
                               params[:order].present? ? params[:order].permit! : {}
@@ -46,7 +46,7 @@ module Spree
             respond_with(@order, default_template: :show, status: 201)
           else
             @order = Spree::Order.create!(user: current_api_user, store: current_store)
-            if @order.contents.update_cart(order_params)
+            if Cart::Update.call(order: @order, params: order_params).success?
               respond_with(@order, default_template: :show, status: 201)
             else
               invalid_resource!(@order)
@@ -75,7 +75,7 @@ module Spree
           find_order(true)
           authorize! :update, @order, order_token
 
-          if @order.contents.update_cart(order_params)
+          if Cart::Update.call(order: @order, params: order_params).success?
             user_id = params[:order][:user_id]
             if current_api_user.has_spree_role?('admin') && user_id
               @order.associate_user!(Spree.user_class.find(user_id))

data/app/controllers/spree/api/v1/product_properties_controller.rb

@@ -59,6 +59,7 @@ module Spree
             @product_property ||= @product.product_properties.find_by(id: params[:id])
             @product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first
             raise ActiveRecord::RecordNotFound unless @product_property
+
             authorize! :read, @product_property
           end
         end

data/app/controllers/spree/api/v1/products_controller.rb

@@ -5,11 +5,11 @@ module Spree
         before_action :find_product, only: [:update, :show, :destroy]
 
         def index
-          if params[:ids]
-            @products = product_scope.where(id: params[:ids].split(',').flatten)
-          else
-            @products = product_scope.ransack(params[:q]).result
-          end
+          @products = if params[:ids]
+                        product_scope.where(id: params[:ids].split(',').flatten)
+                      else
+                        product_scope.ransack(params[:q]).result
+                      end
 
           @products = @products.distinct.page(params[:page]).per(params[:per_page])
           expires_in 15.minutes, public: true
@@ -104,7 +104,7 @@ module Spree
                            :variants
                          else
                            :variants_attributes
-          end
+                         end
 
           params.require(:product).permit(
             variants_key => [permitted_variant_attributes, :id]

data/app/controllers/spree/api/v1/promotions_controller.rb

@@ -17,6 +17,7 @@ module Spree
 
         def requires_admin
           return if @current_user_roles.include?('admin')
+
           unauthorized and return
         end
 

data/app/controllers/spree/api/v1/reimbursements_controller.rb

@@ -11,6 +11,7 @@ module Spree
 
         def collection(resource)
           return @collection if @collection.present?
+
           params[:q] ||= {}
 
           @collection = resource.all

data/app/controllers/spree/api/v1/shipments_controller.rb

@@ -24,7 +24,11 @@ module Spree
           authorize! :create, Shipment
           quantity = params[:quantity].to_i
           @shipment = @order.shipments.create(stock_location_id: params.fetch(:stock_location_id))
-          @order.contents.add(variant, quantity, shipment: @shipment)
+
+          @line_item = Spree::Cart::AddItem.call(order: @order,
+                                                 variant: variant,
+                                                 quantity: quantity,
+                                                 options: { shipment: @shipment }).value
 
           respond_with(@shipment.reload, default_template: :show)
         end
@@ -55,7 +59,11 @@ module Spree
         def add
           quantity = params[:quantity].to_i
 
-          @shipment.order.contents.add(variant, quantity, shipment: @shipment)
+          Spree::Cart::AddItem.call(order: @shipment.order,
+                                    variant: variant,
+                                    quantity: quantity,
+                                    options: { shipment: @shipment })
+
           respond_with(@shipment, default_template: :show)
         end
 
@@ -65,7 +73,8 @@ module Spree
                      else
                        @shipment.inventory_units_for(variant).sum(:quantity)
                      end
-          @shipment.order.contents.remove(variant, quantity, shipment: @shipment)
+
+          Spree::Cart::RemoveItem.call(order: @shipment.order, variant: variant, quantity: quantity, options: { shipment: @shipment })
 
           if @shipment.inventory_units.any?
             @shipment.reload

data/app/controllers/spree/api/v1/variants_controller.rb

@@ -48,8 +48,10 @@ module Spree
         private
 
         def product
-          @product ||= Spree::Product.accessible_by(current_ability, :read).
-                       friendly.find(params[:product_id]) if params[:product_id]
+          if params[:product_id]
+            @product ||= Spree::Product.accessible_by(current_ability, :read).
+                         friendly.find(params[:product_id])
+          end
         end
 
         def scope
@@ -63,7 +65,7 @@ module Spree
             variants = variants.with_deleted
           end
 
-          variants.accessible_by(current_ability, :read)
+          variants.eligible.accessible_by(current_ability, :read)
         end
 
         def variant_params

data/app/controllers/spree/api/v2/base_controller.rb

@@ -0,0 +1,94 @@
+module Spree
+  module Api
+    module V2
+      class BaseController < ActionController::API
+        include CanCan::ControllerAdditions
+        include Spree::Core::ControllerHelpers::StrongParameters
+        rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
+        rescue_from CanCan::AccessDenied, with: :access_denied
+
+        private
+
+        def render_serialized_payload(status = 200)
+          render json: yield, status: status
+        rescue ArgumentError => exception
+          render_error_payload(exception.message, 400)
+        end
+
+        def render_error_payload(error, status = 422)
+          if error.is_a?(Struct)
+            render json: { error: error.to_s, errors: error.to_h }, status: status
+          elsif error.is_a?(String)
+            render json: { error: error }, status: status
+          end
+        end
+
+        def spree_current_store
+          @spree_current_store ||= Spree::Store.current(request.env['SERVER_NAME'])
+        end
+
+        def spree_current_user
+          @spree_current_user ||= Spree.user_class.find_by(id: doorkeeper_token.resource_owner_id) if doorkeeper_token
+        end
+
+        def spree_authorize!(action, subject, *args)
+          authorize!(action, subject, *args)
+        end
+
+        def require_spree_current_user
+          raise CanCan::AccessDenied if spree_current_user.nil?
+        end
+
+        # Needs to be overriden so that we use Spree's Ability rather than anyone else's.
+        def current_ability
+          @current_ability ||= Spree::Ability.new(spree_current_user)
+        end
+
+        def request_includes
+          # if API user want's to receive only the bare-minimum
+          # the API will return only the main resource without any included
+          if params[:include]&.blank?
+            []
+          elsif params[:include].present?
+            params[:include].split(',')
+          end
+        end
+
+        def resource_includes
+          (request_includes || default_resource_includes).map(&:intern)
+        end
+
+        # overwrite this method in your controllers to set JSON API default include value
+        # https://jsonapi.org/format/#fetching-includes
+        # eg.:
+        # %w[images variants]
+        # ['variant.images', 'line_items']
+        def default_resource_includes
+          []
+        end
+
+        def sparse_fields
+          return unless params[:fields]&.respond_to?(:each)
+
+          fields = {}
+          params[:fields].
+            select { |_, v| v.is_a?(String) }.
+            each { |type, values| fields[type.intern] = values.split(',').map(&:intern) }
+          fields.presence
+        end
+
+        def current_currency
+          spree_current_store.default_currency || Spree::Config[:currency]
+        end
+
+        def record_not_found
+          render_error_payload(I18n.t(:resource_not_found, scope: 'spree.api'), 404)
+        end
+
+        def access_denied(exception)
+          render_error_payload(exception.message, 403)
+        end
+      end
+    end
+  end
+end