RubyGems - spree_api_v1 - Versions diffs - 4.5.0 - Mend

spree_api_v1 4.5.0

Files changed (158) hide show

checksums.yaml +7 -0
data/.circleci/config.yml +189 -0
data/.gitignore +23 -0
data/.rspec +3 -0
data/.rubocop.yml +24 -0
data/CHANGELOG.md +3 -0
data/CODE_OF_CONDUCT.md +22 -0
data/Gemfile +59 -0
data/LICENSE +26 -0
data/README.md +62 -0
data/Rakefile +15 -0
data/app/controllers/spree/api/v1/addresses_controller.rb +46 -0
data/app/controllers/spree/api/v1/base_controller.rb +174 -0
data/app/controllers/spree/api/v1/checkouts_controller.rb +106 -0
data/app/controllers/spree/api/v1/classifications_controller.rb +21 -0
data/app/controllers/spree/api/v1/countries_controller.rb +22 -0
data/app/controllers/spree/api/v1/credit_cards_controller.rb +26 -0
data/app/controllers/spree/api/v1/customer_returns_controller.rb +25 -0
data/app/controllers/spree/api/v1/images_controller.rb +58 -0
data/app/controllers/spree/api/v1/inventory_units_controller.rb +54 -0
data/app/controllers/spree/api/v1/line_items_controller.rb +70 -0
data/app/controllers/spree/api/v1/option_types_controller.rb +60 -0
data/app/controllers/spree/api/v1/option_values_controller.rb +62 -0
data/app/controllers/spree/api/v1/orders_controller.rb +160 -0
data/app/controllers/spree/api/v1/payments_controller.rb +82 -0
data/app/controllers/spree/api/v1/product_properties_controller.rb +73 -0
data/app/controllers/spree/api/v1/products_controller.rb +131 -0
data/app/controllers/spree/api/v1/promotions_controller.rb +30 -0
data/app/controllers/spree/api/v1/properties_controller.rb +70 -0
data/app/controllers/spree/api/v1/reimbursements_controller.rb +25 -0
data/app/controllers/spree/api/v1/return_authorizations_controller.rb +70 -0
data/app/controllers/spree/api/v1/shipments_controller.rb +196 -0
data/app/controllers/spree/api/v1/states_controller.rb +36 -0
data/app/controllers/spree/api/v1/stock_items_controller.rb +82 -0
data/app/controllers/spree/api/v1/stock_locations_controller.rb +53 -0
data/app/controllers/spree/api/v1/stock_movements_controller.rb +45 -0
data/app/controllers/spree/api/v1/stores_controller.rb +56 -0
data/app/controllers/spree/api/v1/taxonomies_controller.rb +67 -0
data/app/controllers/spree/api/v1/taxons_controller.rb +100 -0
data/app/controllers/spree/api/v1/users_controller.rb +97 -0
data/app/controllers/spree/api/v1/variants_controller.rb +81 -0
data/app/controllers/spree/api/v1/zones_controller.rb +55 -0
data/app/helpers/spree/api/api_helpers.rb +190 -0
data/app/models/spree/api_v1_configuration.rb +5 -0
data/app/views/spree/api/errors/gateway_error.rabl +2 -0
data/app/views/spree/api/errors/invalid_api_key.rabl +2 -0
data/app/views/spree/api/errors/invalid_resource.rabl +3 -0
data/app/views/spree/api/errors/must_specify_api_key.rabl +2 -0
data/app/views/spree/api/errors/not_found.rabl +2 -0
data/app/views/spree/api/errors/unauthorized.rabl +2 -0
data/app/views/spree/api/v1/addresses/show.rabl +10 -0
data/app/views/spree/api/v1/adjustments/show.rabl +4 -0
data/app/views/spree/api/v1/countries/index.rabl +7 -0
data/app/views/spree/api/v1/countries/show.rabl +5 -0
data/app/views/spree/api/v1/credit_cards/index.rabl +7 -0
data/app/views/spree/api/v1/credit_cards/show.rabl +3 -0
data/app/views/spree/api/v1/customer_returns/index.rabl +7 -0
data/app/views/spree/api/v1/images/index.rabl +4 -0
data/app/views/spree/api/v1/images/new.rabl +3 -0
data/app/views/spree/api/v1/images/show.rabl +6 -0
data/app/views/spree/api/v1/inventory_units/show.rabl +2 -0
data/app/views/spree/api/v1/line_items/new.rabl +3 -0
data/app/views/spree/api/v1/line_items/show.rabl +14 -0
data/app/views/spree/api/v1/option_types/index.rabl +3 -0
data/app/views/spree/api/v1/option_types/new.rabl +3 -0
data/app/views/spree/api/v1/option_types/show.rabl +5 -0
data/app/views/spree/api/v1/option_values/index.rabl +3 -0
data/app/views/spree/api/v1/option_values/new.rabl +3 -0
data/app/views/spree/api/v1/option_values/show.rabl +2 -0
data/app/views/spree/api/v1/orders/address.rabl +0 -0
data/app/views/spree/api/v1/orders/canceled.rabl +0 -0
data/app/views/spree/api/v1/orders/cart.rabl +0 -0
data/app/views/spree/api/v1/orders/complete.rabl +0 -0
data/app/views/spree/api/v1/orders/could_not_apply_coupon.rabl +2 -0
data/app/views/spree/api/v1/orders/could_not_transition.rabl +3 -0
data/app/views/spree/api/v1/orders/index.rabl +7 -0
data/app/views/spree/api/v1/orders/insufficient_quantity.rabl +2 -0
data/app/views/spree/api/v1/orders/invalid_shipping_method.rabl +2 -0
data/app/views/spree/api/v1/orders/mine.rabl +9 -0
data/app/views/spree/api/v1/orders/order.rabl +10 -0
data/app/views/spree/api/v1/orders/payment.rabl +3 -0
data/app/views/spree/api/v1/orders/show.rabl +51 -0
data/app/views/spree/api/v1/payments/credit_over_limit.rabl +2 -0
data/app/views/spree/api/v1/payments/index.rabl +7 -0
data/app/views/spree/api/v1/payments/new.rabl +5 -0
data/app/views/spree/api/v1/payments/show.rabl +2 -0
data/app/views/spree/api/v1/payments/update_forbidden.rabl +2 -0
data/app/views/spree/api/v1/product_properties/index.rabl +7 -0
data/app/views/spree/api/v1/product_properties/new.rabl +2 -0
data/app/views/spree/api/v1/product_properties/show.rabl +2 -0
data/app/views/spree/api/v1/products/index.rabl +9 -0
data/app/views/spree/api/v1/products/new.rabl +3 -0
data/app/views/spree/api/v1/products/product.rabl +1 -0
data/app/views/spree/api/v1/products/show.rabl +36 -0
data/app/views/spree/api/v1/promotions/handler.rabl +5 -0
data/app/views/spree/api/v1/promotions/show.rabl +2 -0
data/app/views/spree/api/v1/properties/index.rabl +7 -0
data/app/views/spree/api/v1/properties/new.rabl +2 -0
data/app/views/spree/api/v1/properties/show.rabl +2 -0
data/app/views/spree/api/v1/reimbursements/index.rabl +7 -0
data/app/views/spree/api/v1/return_authorizations/index.rabl +7 -0
data/app/views/spree/api/v1/return_authorizations/new.rabl +3 -0
data/app/views/spree/api/v1/return_authorizations/show.rabl +2 -0
data/app/views/spree/api/v1/shared/stock_location_required.rabl +2 -0
data/app/views/spree/api/v1/shipments/big.rabl +48 -0
data/app/views/spree/api/v1/shipments/cannot_ready_shipment.rabl +2 -0
data/app/views/spree/api/v1/shipments/mine.rabl +9 -0
data/app/views/spree/api/v1/shipments/show.rabl +32 -0
data/app/views/spree/api/v1/shipments/small.rabl +37 -0
data/app/views/spree/api/v1/shipping_rates/show.rabl +2 -0
data/app/views/spree/api/v1/states/index.rabl +12 -0
data/app/views/spree/api/v1/states/show.rabl +2 -0
data/app/views/spree/api/v1/stock_items/index.rabl +7 -0
data/app/views/spree/api/v1/stock_items/show.rabl +5 -0
data/app/views/spree/api/v1/stock_locations/index.rabl +7 -0
data/app/views/spree/api/v1/stock_locations/show.rabl +8 -0
data/app/views/spree/api/v1/stock_movements/index.rabl +7 -0
data/app/views/spree/api/v1/stock_movements/show.rabl +5 -0
data/app/views/spree/api/v1/stores/index.rabl +4 -0
data/app/views/spree/api/v1/stores/show.rabl +2 -0
data/app/views/spree/api/v1/tags/index.rabl +9 -0
data/app/views/spree/api/v1/taxonomies/index.rabl +7 -0
data/app/views/spree/api/v1/taxonomies/jstree.rabl +7 -0
data/app/views/spree/api/v1/taxonomies/nested.rabl +11 -0
data/app/views/spree/api/v1/taxonomies/new.rabl +3 -0
data/app/views/spree/api/v1/taxonomies/show.rabl +15 -0
data/app/views/spree/api/v1/taxons/index.rabl +10 -0
data/app/views/spree/api/v1/taxons/jstree.rabl +7 -0
data/app/views/spree/api/v1/taxons/new.rabl +3 -0
data/app/views/spree/api/v1/taxons/show.rabl +6 -0
data/app/views/spree/api/v1/taxons/taxons.rabl +5 -0
data/app/views/spree/api/v1/users/index.rabl +7 -0
data/app/views/spree/api/v1/users/new.rabl +3 -0
data/app/views/spree/api/v1/users/show.rabl +11 -0
data/app/views/spree/api/v1/variants/big.rabl +14 -0
data/app/views/spree/api/v1/variants/index.rabl +9 -0
data/app/views/spree/api/v1/variants/new.rabl +2 -0
data/app/views/spree/api/v1/variants/show.rabl +3 -0
data/app/views/spree/api/v1/variants/small.rabl +18 -0
data/app/views/spree/api/v1/zones/index.rabl +7 -0
data/app/views/spree/api/v1/zones/show.rabl +6 -0
data/config/initializers/rabl.rb +9 -0
data/config/routes.rb +123 -0
data/lib/spree/api_v1/controller_setup.rb +19 -0
data/lib/spree/api_v1/engine.rb +27 -0
data/lib/spree/api_v1/factories.rb +6 -0
data/lib/spree/api_v1/responders/rabl_template.rb +28 -0
data/lib/spree/api_v1/responders.rb +11 -0
data/lib/spree/api_v1/testing_support/helpers.rb +44 -0
data/lib/spree/api_v1/testing_support/setup.rb +16 -0
data/lib/spree/api_v1/version.rb +9 -0
data/lib/spree/api_v1.rb +9 -0
data/lib/spree_api_v1.rb +3 -0
data/script/rails +9 -0
data/spec/fixtures/files/icon_256x256.jpg +0 -0
data/spec/fixtures/thinking-cat.jpg +0 -0
data/spree_api_v1.gemspec +26 -0
metadata +261 -0

data/app/controllers/spree/api/v1/states_controller.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module Spree
+  module Api
+    module V1
+      class StatesController < Spree::Api::V1::BaseController
+        skip_before_action :authenticate_user
+        def index
+          @states = scope.ransack(params[:q]).result.includes(:country)
+          if params[:page] || params[:per_page]
+            @states = @states.page(params[:page]).per(params[:per_page])
+          end
+          state = @states.last
+          respond_with(@states) if stale?(state)
+        end
+        def show
+          @state = scope.find(params[:id])
+          respond_with(@state)
+        end
+        private
+        def scope
+          if params[:country_id]
+            @country = Country.accessible_by(current_ability, :show).find(params[:country_id])
+            @country.states.accessible_by(current_ability).order('name ASC')
+          else
+            State.accessible_by(current_ability).order('name ASC')
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/stock_items_controller.rb ADDED Viewed

@@ -0,0 +1,82 @@
+module Spree
+  module Api
+    module V1
+      class StockItemsController < Spree::Api::V1::BaseController
+        before_action :stock_location, except: [:update, :destroy]
+        def index
+          @stock_items = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@stock_items)
+        end
+        def show
+          @stock_item = scope.find(params[:id])
+          respond_with(@stock_item)
+        end
+        def create
+          authorize! :create, StockItem
+          count_on_hand = 0
+          if params[:stock_item].key?(:count_on_hand)
+            count_on_hand = params[:stock_item][:count_on_hand].to_i
+          end
+          @stock_item = scope.new(stock_item_params)
+          if @stock_item.save
+            @stock_item.adjust_count_on_hand(count_on_hand)
+            respond_with(@stock_item, status: 201, default_template: :show)
+          else
+            invalid_resource!(@stock_item)
+          end
+        end
+        def update
+          @stock_item = StockItem.accessible_by(current_ability, :update).find(params[:id])
+          if params[:stock_item].key?(:backorderable)
+            @stock_item.backorderable = params[:stock_item][:backorderable]
+            @stock_item.save
+          end
+          count_on_hand = 0
+          if params[:stock_item].key?(:count_on_hand)
+            count_on_hand = params[:stock_item][:count_on_hand].to_i
+            params[:stock_item].delete(:count_on_hand)
+          end
+          updated = params[:stock_item][:force] ? @stock_item.set_count_on_hand(count_on_hand)
+          : @stock_item.adjust_count_on_hand(count_on_hand)
+          if updated
+            respond_with(@stock_item, status: 200, default_template: :show)
+          else
+            invalid_resource!(@stock_item)
+          end
+        end
+        def destroy
+          @stock_item = StockItem.accessible_by(current_ability, :destroy).find(params[:id])
+          @stock_item.destroy
+          respond_with(@stock_item, status: 204)
+        end
+        private
+        def stock_location
+          render 'spree/api/v1/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
+          @stock_location ||= StockLocation.accessible_by(current_ability, :show).find(params[:stock_location_id])
+        end
+        def scope
+          includes = { variant: [{ option_values: :option_type }, :product] }
+          @stock_location.stock_items.accessible_by(current_ability, :show).includes(includes)
+        end
+        def stock_item_params
+          params.require(:stock_item).permit(permitted_stock_item_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/stock_locations_controller.rb ADDED Viewed

@@ -0,0 +1,53 @@
+module Spree
+  module Api
+    module V1
+      class StockLocationsController < Spree::Api::V1::BaseController
+        def index
+          authorize! :index, StockLocation
+          @stock_locations = StockLocation.accessible_by(current_ability).order('name ASC').
+                             ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@stock_locations)
+        end
+        def show
+          respond_with(stock_location)
+        end
+        def create
+          authorize! :create, StockLocation
+          @stock_location = StockLocation.new(stock_location_params)
+          if @stock_location.save
+            respond_with(@stock_location, status: 201, default_template: :show)
+          else
+            invalid_resource!(@stock_location)
+          end
+        end
+        def update
+          authorize! :update, stock_location
+          if stock_location.update(stock_location_params)
+            respond_with(stock_location, status: 200, default_template: :show)
+          else
+            invalid_resource!(stock_location)
+          end
+        end
+        def destroy
+          authorize! :destroy, stock_location
+          stock_location.destroy
+          respond_with(stock_location, status: 204)
+        end
+        private
+        def stock_location
+          @stock_location ||= StockLocation.accessible_by(current_ability, :show).find(params[:id])
+        end
+        def stock_location_params
+          params.require(:stock_location).permit(permitted_stock_location_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/stock_movements_controller.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module Spree
+  module Api
+    module V1
+      class StockMovementsController < Spree::Api::V1::BaseController
+        before_action :stock_location, except: [:update, :destroy]
+        def index
+          authorize! :index, StockMovement
+          @stock_movements = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@stock_movements)
+        end
+        def show
+          @stock_movement = scope.find(params[:id])
+          respond_with(@stock_movement)
+        end
+        def create
+          authorize! :create, StockMovement
+          @stock_movement = scope.new(stock_movement_params)
+          if @stock_movement.save
+            respond_with(@stock_movement, status: 201, default_template: :show)
+          else
+            invalid_resource!(@stock_movement)
+          end
+        end
+        private
+        def stock_location
+          render 'spree/api/v1/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
+          @stock_location ||= StockLocation.accessible_by(current_ability, :show).find(params[:stock_location_id])
+        end
+        def scope
+          @stock_location.stock_movements.accessible_by(current_ability, :show)
+        end
+        def stock_movement_params
+          params.require(:stock_movement).permit(permitted_stock_movement_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/stores_controller.rb ADDED Viewed

@@ -0,0 +1,56 @@
+module Spree
+  module Api
+    module V1
+      class StoresController < Spree::Api::V1::BaseController
+        before_action :get_store, except: [:index, :create]
+        def index
+          authorize! :index, Store
+          @stores = Store.accessible_by(current_ability).all
+          respond_with(@stores)
+        end
+        def create
+          authorize! :create, Store
+          @store = Store.new(store_params)
+          @store.code = params[:store][:code]
+          if @store.save
+            respond_with(@store, status: 201, default_template: :show)
+          else
+            invalid_resource!(@store)
+          end
+        end
+        def update
+          authorize! :update, @store
+          if @store.update(store_params)
+            respond_with(@store, status: 200, default_template: :show)
+          else
+            invalid_resource!(@store)
+          end
+        end
+        def show
+          authorize! :show, @store
+          respond_with(@store)
+        end
+        def destroy
+          authorize! :destroy, @store
+          @store.destroy
+          respond_with(@store, status: 204)
+        end
+        private
+        def get_store
+          @store = Store.find(params[:id])
+        end
+        def store_params
+          params.require(:store).permit(permitted_store_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/taxonomies_controller.rb ADDED Viewed

@@ -0,0 +1,67 @@
+module Spree
+  module Api
+    module V1
+      class TaxonomiesController < Spree::Api::V1::BaseController
+        def index
+          respond_with(taxonomies)
+        end
+        def show
+          respond_with(taxonomy)
+        end
+        # Because JSTree wants parameters in a *slightly* different format
+        def jstree
+          show
+        end
+        def new; end
+        def create
+          authorize! :create, Taxonomy
+          @taxonomy = current_store.taxonomies.new(taxonomy_params)
+          if @taxonomy.save
+            respond_with(@taxonomy, status: 201, default_template: :show)
+          else
+            invalid_resource!(@taxonomy)
+          end
+        end
+        def update
+          authorize! :update, taxonomy
+          if taxonomy.update(taxonomy_params)
+            respond_with(taxonomy, status: 200, default_template: :show)
+          else
+            invalid_resource!(taxonomy)
+          end
+        end
+        def destroy
+          authorize! :destroy, taxonomy
+          taxonomy.destroy
+          respond_with(taxonomy, status: 204)
+        end
+        private
+        def taxonomies
+          @taxonomies = Taxonomy.accessible_by(current_ability).order('name').includes(root: :children).
+                        ransack(params[:q]).result.
+                        page(params[:page]).per(params[:per_page])
+        end
+        def taxonomy
+          @taxonomy ||= Taxonomy.accessible_by(current_ability, :show).find(params[:id])
+        end
+        def taxonomy_params
+          if params[:taxonomy] && !params[:taxonomy].empty?
+            params.require(:taxonomy).permit(permitted_taxonomy_attributes)
+          else
+            {}
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/taxons_controller.rb ADDED Viewed

@@ -0,0 +1,100 @@
+module Spree
+  module Api
+    module V1
+      class TaxonsController < Spree::Api::V1::BaseController
+        def index
+          @taxons = if taxonomy
+                      taxonomy.root.children
+                    elsif params[:ids]
+                      Spree::Taxon.includes(:children).accessible_by(current_ability).where(id: params[:ids].split(','))
+                    else
+                      Spree::Taxon.includes(:children).accessible_by(current_ability).order(:taxonomy_id, :lft)
+                    end
+          @taxons = @taxons.ransack(params[:q]).result
+          @taxons = @taxons.page(params[:page]).per(params[:per_page])
+          respond_with(@taxons)
+        end
+        def show
+          @taxon = taxon
+          respond_with(@taxon)
+        end
+        def jstree
+          show
+        end
+        def new; end
+        def create
+          authorize! :create, Taxon
+          @taxon = Spree::Taxon.new(taxon_params)
+          @taxon.taxonomy_id = params[:taxonomy_id]
+          taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])
+          if taxonomy.nil?
+            @taxon.errors.add(:taxonomy_id, I18n.t('spree.api.invalid_taxonomy_id'))
+            invalid_resource!(@taxon) and return
+          end
+          @taxon.parent_id = taxonomy.root_id unless params[:taxon][:parent_id]
+          if @taxon.save
+            respond_with(@taxon, status: 201, default_template: :show)
+          else
+            invalid_resource!(@taxon)
+          end
+        end
+        def update
+          authorize! :update, taxon
+          if taxon.update(taxon_params)
+            respond_with(taxon, status: 200, default_template: :show)
+          else
+            invalid_resource!(taxon)
+          end
+        end
+        def destroy
+          authorize! :destroy, taxon
+          taxon.destroy
+          respond_with(taxon, status: 204)
+        end
+        def products
+          # Returns the products sorted by their position with the classification
+          # Products#index does not do the sorting.
+          taxon = Spree::Taxon.find(params[:id])
+          @products = taxon.products.ransack(params[:q]).result
+          @products = @products.page(params[:page]).per(params[:per_page] || 500)
+          render 'spree/api/v1/products/index'
+        end
+        private
+        def taxonomy
+          if params[:taxonomy_id].present?
+            @taxonomy ||=
+              if defined?(SpreeGlobalize)
+                Spree::Taxonomy.includes(:translations, taxons: [:translations]).accessible_by(current_ability, :show).find(params[:taxonomy_id])
+              else
+                Spree::Taxonomy.accessible_by(current_ability, :show).find(params[:taxonomy_id])
+              end
+          end
+        end
+        def taxon
+          @taxon ||= taxonomy.taxons.accessible_by(current_ability, :show).find(params[:id])
+        end
+        def taxon_params
+          if params[:taxon] && !params[:taxon].empty?
+            params.require(:taxon).permit(permitted_taxon_attributes)
+          else
+            {}
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/users_controller.rb ADDED Viewed

@@ -0,0 +1,97 @@
+module Spree
+  module Api
+    module V1
+      class UsersController < Spree::Api::V1::BaseController
+        rescue_from Spree::Core::DestroyWithOrdersError, with: :error_during_processing
+        def index
+          users
+          if params[:ids]
+            load_users_by_ids
+          elsif params.dig(:q, :ship_address_firstname_start)
+            load_users_by_address
+          elsif params.dig(:q, :email_start)
+            load_users_by_email
+          end
+          prepare_index_response
+          respond_with(@users)
+        end
+        def users
+          @users ||= Spree.user_class.accessible_by(current_ability, :show)
+        end
+        def load_users_by_ids
+          @users = @users.where(id: params[:ids])
+        end
+        def load_users_by_address
+          address_params = params[:q][:ship_address_firstname_start] ||
+            params[:q][:ship_address_lastname_start] ||
+            params[:q][:bill_address_firstname_start] ||
+            params[:q][:bill_address_lastname_start]
+          @users = @users.with_email_or_address(params[:q][:email_start], address_params)
+        end
+        def load_users_by_email
+          @users = @users.with_email(params[:q][:email_start])
+        end
+        def paginate_users
+          @users = @users.page(params[:page]).per(params[:per_page])
+        end
+        def prepare_index_response
+          paginate_users
+          expires_in 15.minutes, public: true
+          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
+        end
+        def show
+          respond_with(user)
+        end
+        def new; end
+        def create
+          authorize! :create, Spree.user_class
+          @user = Spree.user_class.new(user_params)
+          if @user.save
+            respond_with(@user, status: 201, default_template: :show)
+          else
+            invalid_resource!(@user)
+          end
+        end
+        def update
+          authorize! :update, user
+          if user.update(user_params)
+            respond_with(user, status: 200, default_template: :show)
+          else
+            invalid_resource!(user)
+          end
+        end
+        def destroy
+          authorize! :destroy, user
+          user.destroy
+          respond_with(user, status: 204)
+        end
+        private
+        def user
+          @user ||= Spree.user_class.accessible_by(current_ability, :show).find(params[:id])
+        end
+        def user_params
+          params.require(:user).permit(permitted_user_attributes |
+                                         [bill_address_attributes: permitted_address_attributes,
+                                          ship_address_attributes: permitted_address_attributes])
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/variants_controller.rb ADDED Viewed

@@ -0,0 +1,81 @@
+module Spree
+  module Api
+    module V1
+      class VariantsController < Spree::Api::V1::BaseController
+        before_action :product
+        def create
+          authorize! :create, Variant
+          @variant = scope.new(variant_params)
+          if @variant.save
+            respond_with(@variant, status: 201, default_template: :show)
+          else
+            invalid_resource!(@variant)
+          end
+        end
+        def destroy
+          @variant = scope.accessible_by(current_ability, :destroy).find(params[:id])
+          @variant.destroy
+          respond_with(@variant, status: 204)
+        end
+        # The lazyloaded associations here are pretty much attached to which nodes
+        # we render on the view so we better update it any time a node is included
+        # or removed from the views.
+        def index
+          @variants = scope.includes(*variant_includes).for_currency_and_available_price_amount.
+                      ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@variants)
+        end
+        def new; end
+        def show
+          @variant = scope.includes(*variant_includes).find(params[:id])
+          respond_with(@variant)
+        end
+        def update
+          @variant = scope.accessible_by(current_ability, :update).find(params[:id])
+          if @variant.update(variant_params)
+            respond_with(@variant, status: 200, default_template: :show)
+          else
+            invalid_resource!(@product)
+          end
+        end
+        private
+        def product
+          if params[:product_id]
+            @product ||= Spree::Product.accessible_by(current_ability, :show).
+                         friendly.find(params[:product_id])
+          end
+        end
+        def scope
+          variants = if @product
+                       @product.variants_including_master
+                     else
+                       Variant
+                     end
+          if current_ability.can?(:manage, Variant) && params[:show_deleted]
+            variants = variants.with_deleted
+          end
+          variants.eligible.accessible_by(current_ability)
+        end
+        def variant_params
+          params.require(:variant).permit(permitted_variant_attributes)
+        end
+        def variant_includes
+          [{ option_values: :option_type }, :product, :default_price, :images, { stock_items: :stock_location }]
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/zones_controller.rb ADDED Viewed

@@ -0,0 +1,55 @@
+module Spree
+  module Api
+    module V1
+      class ZonesController < Spree::Api::V1::BaseController
+        def create
+          authorize! :create, Zone
+          @zone = Spree::Zone.new(zone_params)
+          if @zone.save
+            respond_with(@zone, status: 201, default_template: :show)
+          else
+            invalid_resource!(@zone)
+          end
+        end
+        def destroy
+          authorize! :destroy, zone
+          zone.destroy
+          respond_with(zone, status: 204)
+        end
+        def index
+          @zones = Zone.accessible_by(current_ability).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@zones)
+        end
+        def show
+          respond_with(zone)
+        end
+        def update
+          authorize! :update, zone
+          if zone.update(zone_params)
+            respond_with(zone, status: 200, default_template: :show)
+          else
+            invalid_resource!(zone)
+          end
+        end
+        private
+        def zone_params
+          attrs = params.require(:zone).permit!.to_h
+          if attrs[:zone_members]
+            attrs[:zone_members_attributes] = attrs.delete(:zone_members)
+          end
+          attrs
+        end
+        def zone
+          @zone ||= Spree::Zone.accessible_by(current_ability, :show).find(params[:id])
+        end
+      end
+    end
+  end
+end