RubyGems - spree_api - Versions diffs - 4.2.7 → 4.3.0.rc1 - Mend

spree_api 4.2.7 → 4.3.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ebb01666d648a0e2ddca7b1dec811507fd8be8004532980a8b0647ed55b58fa4
-  data.tar.gz: dc4ec944e5a8695940f6c6aafa8f03819b54d2d981e3ea52b3ec4378ed777438
+  metadata.gz: 381bcae626a5cfcc30444d47853c1bc26063befbc5c18db328276d8c1998c309
+  data.tar.gz: 01fc310be446eff60debb73a6da32a1b4e548dcd2ec7e7fca562ef7fada5a248
 SHA512:
-  metadata.gz: c0fe029befd0b9af98ab276d140427581086676d26106486e2d7459ab013f49aff89bc739827314809513994c20fd51405a7c094cb43bdb59f86b36dbabc0313
-  data.tar.gz: 0651c7281b4df1da230e998c326179cf8c42b74fb5707aa4185879adf452972c883ad98b47163d60c0d436937e2307b9d8d8c835303376983c3b31a9bda9415a
+  metadata.gz: 03c6087202462b6ff19e3cc1b081a175e3db9273ce486b321c27aa44e4ae82a57c9b73b24894f788c1335584e0cfcf7b94733844f3875d8f4ff67be59ba04acb
+  data.tar.gz: 24ae9980e17d37c7963cdbd7fb1e9ab6a02ef099e7763b83bf8276d9ea8e296ee49e4a3b4c42587a3b02010151f450478c0c376f6c835f8db4e6536fbc33d0fa

data/Rakefile CHANGED Viewed

@@ -3,7 +3,6 @@ require 'rake'
 require 'rake/testtask'
 require 'rspec/core/rake_task'
 require 'spree/testing_support/common_rake'
-require 'rails/all'
 RSpec::Core::RakeTask.new
@@ -14,3 +13,17 @@ task :test_app do
   ENV['LIB_NAME'] = 'spree/api'
   Rake::Task['common:test_app'].invoke
 end
+namespace :rswag do
+  namespace :specs do
+    desc 'Generate Swagger JSON files from integration specs'
+    RSpec::Core::RakeTask.new('swaggerize') do |t|
+      t.pattern = ENV.fetch(
+        'PATTERN',
+        'spec/integration/**/*_spec.rb'
+      )
+      t.rspec_opts = ['--format Rswag::Specs::SwaggerFormatter', '--order defined']
+    end
+  end
+end

data/app/controllers/concerns/spree/api/v2/product_list_includes.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Spree
+  module Api
+    module V2
+      module ProductListIncludes
+        def product_list_includes
+          variant_includes = {
+            prices: [],
+            option_values: :option_type,
+            images: []
+          }
+          {
+            product_properties: [],
+            option_types: [],
+            variant_images: [],
+            master: variant_includes,
+            variants: variant_includes
+          }
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/classifications_controller.rb CHANGED Viewed

@@ -9,9 +9,10 @@ module Spree
             product_id: params[:product_id],
             taxon_id: params[:taxon_id]
           )
-          # Because position we get back is 0-indexed.
-          # acts_as_list is 1-indexed.
-          classification.insert_at(params[:position].to_i + 1)
+          Spree::Dependencies.classification_reposition_service.constantize.call(
+            classification: classification,
+            position: params[:position]
+          )
           head :ok
         end
       end

data/app/controllers/spree/api/v1/orders_controller.rb CHANGED Viewed

@@ -56,7 +56,7 @@ module Spree
         def empty
           authorize! :update, @order, order_token
-          @order.empty!
+          cart_empty_service.call(order: @order)
           render plain: nil, status: 204
         end
@@ -150,6 +150,10 @@ module Spree
         def order_id
           super || params[:id]
         end
+        def cart_empty_service
+          Spree::Dependencies.cart_empty_service.constantize
+        end
       end
     end
   end

data/app/controllers/spree/api/v1/products_controller.rb CHANGED Viewed

@@ -64,7 +64,7 @@ module Spree
           params[:product][:available_on] ||= Time.current
           set_up_shipping_category
-          options = { variants_attrs: variants_params, options_attrs: option_types_params }
+          options = { store: current_store, variants_attrs: variants_params, options_attrs: option_types_params }
           @product = Core::Importer::Product.new(nil, product_params, options).create
           if @product.persisted?
@@ -77,7 +77,7 @@ module Spree
         def update
           authorize! :update, @product
-          options = { variants_attrs: variants_params, options_attrs: option_types_params }
+          options = { store: current_store, variants_attrs: variants_params, options_attrs: option_types_params }
           @product = Core::Importer::Product.new(@product, product_params, options).update
           if @product.errors.empty?

data/app/controllers/spree/api/v1/taxonomies_controller.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Spree
         def create
           authorize! :create, Taxonomy
-          @taxonomy = Taxonomy.new(taxonomy_params)
+          @taxonomy = current_store.taxonomies.new(taxonomy_params)
           if @taxonomy.save
             respond_with(@taxonomy, status: 201, default_template: :show)
           else

data/app/controllers/spree/api/v2/base_controller.rb CHANGED Viewed

@@ -7,8 +7,10 @@ module Spree
         include Spree::Core::ControllerHelpers::Store
         include Spree::Core::ControllerHelpers::Locale
         include Spree::Core::ControllerHelpers::Currency
         rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
         rescue_from CanCan::AccessDenied, with: :access_denied
+        rescue_from Doorkeeper::Errors::DoorkeeperError, with: :access_denied_401
         rescue_from Spree::Core::GatewayError, with: :gateway_error
         rescue_from ActionController::ParameterMissing, with: :error_during_processing
         if defined?(JSONAPI::Serializer::UnsupportedIncludeError)
@@ -39,7 +41,7 @@ module Spree
         end
         def paginated_collection
-          collection_paginator.new(sorted_collection, params).call
+          @paginated_collection ||= collection_paginator.new(sorted_collection, params).call
         end
         def collection_paginator
@@ -51,10 +53,22 @@ module Spree
         end
         def render_error_payload(error, status = 422)
-          if error.is_a?(Struct)
-            render json: { error: error.to_s, errors: error.to_h }, status: status, content_type: content_type
-          elsif error.is_a?(String)
-            render json: { error: error }, status: status, content_type: content_type
+          json = if error.is_a?(ActiveModel::Errors)
+                   { error: error.full_messages.to_sentence, errors: error.messages }
+                 elsif error.is_a?(Struct)
+                   { error: error.to_s, errors: error.to_h }
+                 else
+                   { error: error }
+                 end
+          render json: json, status: status, content_type: content_type
+        end
+        def render_result(result)
+          if result.success?
+            render_serialized_payload { serialize_resource(result.value) }
+          else
+            render_error_payload(result.error)
           end
         end
@@ -114,7 +128,12 @@ module Spree
         end
         def serializer_params
-          { currency: current_currency, store: current_store, user: spree_current_user }
+          {
+            currency: current_currency,
+            locale: current_locale,
+            store: current_store,
+            user: spree_current_user
+          }
         end
         def record_not_found
@@ -125,6 +144,10 @@ module Spree
           render_error_payload(exception.message, 403)
         end
+        def access_denied_401(exception)
+          render_error_payload(exception.message, 401)
+        end
         def gateway_error(exception)
           render_error_payload(exception.message)
         end

data/app/controllers/spree/api/v2/platform/addresses_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class AddressesController < ResourceController
+          private
+          def model_class
+            Spree::Address
+          end
+          def scope_includes
+            [:country, :state, :user]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/classifications_controller.rb ADDED Viewed

@@ -0,0 +1,43 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ClassificationsController < ResourceController
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS << :reposition
+          def reposition
+            spree_authorize! :update, resource if spree_current_user.present?
+            result = classification_reposition_service.call(
+              classification: resource,
+              position: permitted_resource_params[:position]
+            )
+            if result.success?
+              render_serialized_payload { serialize_resource(result.value) }
+            else
+              render_error_payload(result.error)
+            end
+          end
+          private
+          def model_class
+            Spree::Classification
+          end
+          def scope_includes
+            [
+              taxon: [],
+              product: [:variants_including_master, :variant_images, :master, variants: [:prices]]
+            ]
+          end
+          def classification_reposition_service
+            Spree::Dependencies.classification_reposition_service.constantize
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/cms_pages_controller.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class CmsPagesController < ResourceController
+          private
+          def model_class
+            Spree::CmsPage
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/cms_sections_controller.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class CmsSectionsController < ResourceController
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS << :reposition
+          def reposition
+            spree_authorize! :update, @moved_section if spree_current_user.present?
+            @moved_section = scope.find(params[:section_id])
+            new_index = params[:new_position_idx].to_i + 1
+            if @moved_section && new_index
+              @moved_section.set_list_position(new_index)
+            else
+              head :bad_request
+            end
+            if @moved_section.save
+              head :no_content
+            end
+          end
+          private
+          def model_class
+            Spree::CmsSection
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/countries_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class CountriesController < ResourceController
+          private
+          def model_class
+            Spree::Country
+          end
+          def scope_includes
+            [:states, :zones]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/menu_items_controller.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class MenuItemsController < ResourceController
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS << :reposition
+          def reposition
+            spree_authorize! :update, @moved_item if spree_current_user.present?
+            @moved_item = scope.find(params[:moved_item_id])
+            @new_parent = scope.find(params[:new_parent_id])
+            new_index = params[:new_position_idx].to_i
+            if @moved_item && @new_parent && new_index
+              @moved_item.move_to_child_with_index(@new_parent, new_index)
+            else
+              head :bad_request
+            end
+            if @moved_item.save
+              head :no_content
+            end
+          end
+          private
+          def model_class
+            Spree::MenuItem
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/menus_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class MenusController < ResourceController
+          private
+          def model_class
+            Spree::Menu
+          end
+          def scope_includes
+            [:menu_items]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/option_types_controller.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class OptionTypesController < ResourceController
+          private
+          def model_class
+            Spree::OptionType
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/option_values_controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class OptionValuesController < ResourceController
+          private
+          def model_class
+            Spree::OptionValue
+          end
+          def scope_includes
+            [:option_type]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/products_controller.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ProductsController < ResourceController
+          include ::Spree::Api::V2::ProductListIncludes
+          private
+          def model_class
+            Spree::Product
+          end
+          def scope_includes
+            product_list_includes
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/resource_controller.rb ADDED Viewed

@@ -0,0 +1,112 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class ResourceController < ::Spree::Api::V2::ResourceController
+          READ_ACTIONS = %i[show index]
+          WRITE_ACTIONS = %i[create update destroy]
+          # doorkeeper scopes usage: https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+          before_action -> { doorkeeper_authorize! :read, :admin }, only: READ_ACTIONS
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS
+          # optional authorization if using a user token instead of app token
+          before_action :authorize_spree_user, only: WRITE_ACTIONS
+          # index and show acrtions are defined in Spree::Api::V2::ResourceController
+          def create
+            resource = model_class.new(permitted_resource_params)
+            if resource.save
+              render_serialized_payload(201) { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          def update
+            if resource.update(permitted_resource_params)
+              render_serialized_payload { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          def destroy
+            if resource.destroy
+              head 204
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+          protected
+          def resource_serializer
+            "Spree::Api::V2::Platform::#{model_class.to_s.demodulize}Serializer".constantize
+          end
+          def collection_serializer
+            resource_serializer
+          end
+          # overwiting to utilize ransack gem for filtering
+          # https://github.com/activerecord-hackery/ransack#search-matchers
+          def collection
+            @collection ||= scope.ransack(params[:filter]).result
+          end
+          # overwriting to skip cancancan check if API is consumed by an application
+          def scope
+            return super if spree_current_user.present?
+            super(skip_cancancan: true)
+          end
+          # We're overwriting this method because the original one calls `dookreeper_authorize`
+          # which breaks our application authorizations defined on top of this controller
+          def spree_current_user
+            return nil unless doorkeeper_token
+            return nil if doorkeeper_token.resource_owner_id.nil?
+            return @spree_current_user if @spree_current_user
+            @spree_current_user ||= Spree.user_class.find_by(id: doorkeeper_token.resource_owner_id)
+          end
+          def access_denied(exception)
+            access_denied_401(exception)
+          end
+          # if using a user oAuth token we need to check CanCanCan abilities
+          # defined in https://github.com/spree/spree/blob/master/core/app/models/spree/ability.rb
+          def authorize_spree_user
+            return if spree_current_user.nil?
+            if action_name == 'create'
+              spree_authorize! :create, model_class
+            else
+              spree_authorize! action_name, resource
+            end
+          end
+          def model_param_name
+            model_class.to_s.demodulize.underscore
+          end
+          def spree_permitted_attributes
+            Spree::PermittedAttributes.try("#{model_param_name}_attributes") || {}
+          end
+          def permitted_resource_params
+            params.require(model_param_name).permit(spree_permitted_attributes)
+          end
+          def allowed_sort_attributes
+            (super << spree_permitted_attributes).uniq.compact
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/taxons_controller.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class TaxonsController < ResourceController
+          private
+          def model_class
+            Spree::Taxon
+          end
+          def scope_includes
+            node_includes = %i[icon parent taxonomy]
+            {
+              parent: node_includes,
+              children: node_includes,
+              taxonomy: [root: node_includes],
+              icon: [attachment_attachment: :blob]
+            }
+          end
+          def serializer_params
+            super.merge(include_products: action_name == 'show')
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/users_controller.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class UsersController < ResourceController
+          private
+          def model_class
+            Spree.user_class
+          end
+          def resource_serializer
+            Spree::Api::V2::Platform::UserSerializer
+          end
+          def scope_includes
+            [:ship_address, :bill_address]
+          end
+          # we need to define this here as developers can configure their own `user_class`
+          def model_param_name
+            'user'
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/resource_controller.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Spree
         protected
         def sorted_collection
-          collection_sorter.new(collection, params, allowed_sort_attributes).call
+          @sorted_collection ||= collection_sorter.new(collection, params, allowed_sort_attributes).call
         end
         def allowed_sort_attributes
@@ -23,11 +23,14 @@ module Spree
         end
         def default_sort_atributes
-          [:id, :updated_at, :created_at]
+          [:id, :name, :number, :position, :updated_at, :created_at]
         end
-        def scope
-          model_class.accessible_by(current_ability, :show).includes(scope_includes)
+        def scope(skip_cancancan: false)
+          base_scope = model_class.for_store(current_store)
+          base_scope = base_scope.accessible_by(current_ability, :show) unless skip_cancancan
+          base_scope = base_scope.includes(scope_includes) if scope_includes.any? && action_name == 'index'
+          base_scope
         end
         def scope_includes
@@ -36,7 +39,7 @@ module Spree
         def resource
           @resource ||= if defined?(resource_finder)
-                          resource_finder.new(scope: scope, params: params).execute
+                          resource_finder.new(scope: scope, params: finder_params).execute
                         else
                           scope.find(params[:id])
                         end
@@ -44,12 +47,21 @@ module Spree
         def collection
           @collection ||= if defined?(collection_finder)
-                            collection_finder.new(scope: scope, params: params).execute
+                            collection_finder.new(scope: scope, params: finder_params).execute
                           else
                             scope
                           end
         end
+        def finder_params
+          params.merge(
+            store: current_store,
+            locale: current_locale,
+            currency: current_currency,
+            user: spree_current_user
+          )
+        end
         def collection_sorter
           Spree::Api::Dependencies.storefront_collection_sorter.constantize
         end