From 530b93feae1936291a6930f2309422f1bf98669d Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 14 May 2021 10:37:07 +0200 Subject: [PATCH 01/21] Fix API docs for request body of addresses --- api/openapi/solidus-api.oas.yml | 71 +++++++++++++++++++++++++++++---- 1 file changed, 64 insertions(+), 7 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 4b6d2f4db08..bbd5779f364 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -1203,7 +1203,36 @@ paths: - api-key: [] - order-token: [] requestBody: - $ref: '#/components/requestBodies/address-input' + content: + application/json: + schema: + type: object + properties: + address: + $ref: '#/components/schemas/address-input' + examples: + Example with state_id: + value: + address: + name: Jane Doe + address1: 2191 Calico Drive + city: Phoenix + country_id: 22 + state_id: 31 + zipcode: '85022' + phone: 509-644-9988 + company: Acme Inc. + Example with state_name: + value: + address: + name: Jane Doe + address1: 2191 Calico Drive + city: Phoenix + country_id: 22 + state_name: AZ + zipcode: '85022' + phone: 509-644-9988 + company: Acme Inc. '/checkouts/{checkout_id}/payments': get: responses: @@ -1496,6 +1525,7 @@ paths: - name: id in: path required: true + description: The id of the checkout's address that we want to retrieve schema: type: string put: @@ -1595,11 +1625,13 @@ paths: - name: order_number in: path required: true + description: The order number schema: type: string - name: id in: path required: true + description: The id of the order's address that we want to retrieve schema: type: string patch: @@ -1625,7 +1657,36 @@ paths: - api-key: [] - order-token: [] requestBody: - $ref: '#/components/requestBodies/address-input' + content: + application/json: + schema: + type: object + properties: + address: + $ref: '#/components/schemas/address-input' + examples: + Example with state_id: + value: + address: + name: Jane Doe + address1: 2191 Calico Drive + city: Phoenix + country_id: 22 + state_id: 31 + zipcode: '85022' + phone: 509-644-9988 + company: Acme Inc. + Example with state_name: + value: + address: + name: Jane Doe + address1: 2191 Calico Drive + city: Phoenix + country_id: 22 + state_name: AZ + zipcode: '85022' + phone: 509-644-9988 + company: Acme Inc. '/orders/{order_number}/payments': get: responses: @@ -5044,11 +5105,6 @@ components: application/json: schema: $ref: '#/components/schemas/property-input' - address-input: - content: - application/json: - schema: - $ref: '#/components/schemas/address-input' order-input: content: application/json: @@ -6128,6 +6184,7 @@ components: type: string abbr: type: string + description: '' line-item-input: type: object title: Line item input From e6e4ab80da607598bc9be55c02726f3db6248998 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 14 May 2021 12:59:05 +0200 Subject: [PATCH 02/21] Fix API docs for request body of payments --- api/openapi/solidus-api.oas.yml | 114 ++++++++++++++++++++++++++------ 1 file changed, 93 insertions(+), 21 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index bbd5779f364..14908c69285 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -1254,7 +1254,7 @@ paths: '404': $ref: '#/components/responses/not-found' summary: List checkout payments - description: Lists a checkout's payments. + description: 'Lists a checkout''s payments. The list of payments is only visible by the checkout''s owner and by users authorized to see the order, eg. users with admin role. ' operationId: list-checkout-payments tags: - Payments @@ -1285,7 +1285,7 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create checkout payment - description: Creates a new payment for a checkout. + description: Creates a new payment for a checkout. Only the checkout's owner and users that can create a payment (eg. users with admin role) are allowed to perform this action. operationId: create-checkout-payment tags: - Payments @@ -1293,7 +1293,30 @@ paths: - api-key: [] - order-token: [] requestBody: - $ref: '#/components/requestBodies/payment-input' + content: + application/json: + schema: + type: object + properties: + payment: + $ref: '#/components/schemas/payment-input' + examples: + Example without a payment source: + value: + payment: + amount: '42.42' + payment_method_id: 1 + Example with a payment source: + value: + payment: + amount: '42.42' + payment_method_id: 1 + source_attributes: + gateway_payment_profile_id: super-secret-token-2131m3n13bv3hv1vasda + description: |- + This requests only accepts available Payment Methods in the `payment_method_id` field. + + The Payment Methods available to users for creating a new payment are the ones with both attributes `available_to_users` and `active` set to `true`. '/checkouts/{checkout_id}/payments/{id}': get: responses: @@ -1325,6 +1348,7 @@ paths: - name: id in: path required: true + description: The payment id schema: type: string patch: @@ -1337,12 +1361,21 @@ paths: $ref: '#/components/schemas/payment' '401': $ref: '#/components/responses/invalid-api-key' + '403': + description: 'Forbidden ' + content: + application/json: + schema: + type: object + properties: + error: + type: string '404': $ref: '#/components/responses/not-found' '422': $ref: '#/components/responses/unprocessable-entity' summary: Update checkout payment - description: Updates a checkout's payment. + description: 'Updates a checkout''s payment. Please note that this action can be done by users with the admin permissions on Payments (eg. users with the admin role). Only pending payment can be updated. ' operationId: update-checkout-payment tags: - Payments @@ -1355,12 +1388,13 @@ paths: schema: type: object properties: - amount: - type: number - payment_method_id: - type: integer - payment_method: - $ref: '#/components/schemas/payment-method' + payment: + $ref: '#/components/schemas/payment-input' + examples: + Example: + value: + payment: + amount: '12.10' '/checkouts/{checkout_id}/return_authorizations': get: responses: @@ -1725,6 +1759,7 @@ paths: - name: order_number in: path required: true + description: The order number schema: type: string post: @@ -1742,7 +1777,7 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create order payment - description: Creates a payment for an order. + description: Creates a new payment for a checkout. Only the order's owner and users that can create a payment (eg. users with admin role) are allowed to perform this action. operationId: create-order-payment tags: - Payments @@ -1750,7 +1785,30 @@ paths: - api-key: [] - order-token: [] requestBody: - $ref: '#/components/requestBodies/payment-input' + content: + application/json: + schema: + type: object + properties: + payment: + $ref: '#/components/schemas/payment-input' + examples: + Example without a payment source: + value: + payment: + amount: '42.42' + payment_method_id: 1 + Example with a payment source: + value: + payment: + amount: '42.42' + payment_method_id: 1 + source_attributes: + gateway_payment_profile_id: super-secret-token-2131m3n13bv3hv1vasda + description: |- + This requests only accepts available Payment Methods in the `payment_method_id` field. + + The Payment Methods available to users for creating a new payment are the ones with both attributes `available_to_users` and `active` set to `true`. '/orders/{order_number}/payments/{id}': get: responses: @@ -1792,12 +1850,21 @@ paths: $ref: '#/components/schemas/payment' '401': $ref: '#/components/responses/invalid-api-key' + '403': + description: Forbidden + content: + application/json: + schema: + type: object + properties: + error: + type: string '404': $ref: '#/components/responses/not-found' '422': $ref: '#/components/responses/unprocessable-entity' summary: Update order payment - description: Updates an order's payment. + description: 'Updates a checkout''s payment. Please note that this action can be done by users with the admin permissions on Payments (eg. users with the admin role). Only pending payment can be updated. ' operationId: update-order-payment tags: - Payments @@ -1805,7 +1872,18 @@ paths: - api-key: [] - order-token: [] requestBody: - $ref: '#/components/requestBodies/payment-input' + content: + application/json: + schema: + type: object + properties: + payment: + $ref: '#/components/schemas/payment-input' + examples: + Example: + value: + payment: + amount: '12.10' '/orders/{order_number}/return_authorizations': get: responses: @@ -5075,11 +5153,6 @@ components: application/json: schema: $ref: '#/components/schemas/line-item-input' - payment-input: - content: - application/json: - schema: - $ref: '#/components/schemas/payment-input' zone-input: content: application/json: @@ -6279,10 +6352,9 @@ components: type: string payment_method_id: type: integer - payment_method: - type: string source_attributes: type: object + description: This field is required for Payment Method that has source_required? returning true. properties: number: type: string From ff1cfe5b52d94bb8af344af565722d3b585699ff Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 14 May 2021 15:23:11 +0200 Subject: [PATCH 03/21] Fix API docs for request body of products --- api/openapi/solidus-api.oas.yml | 61 ++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 14908c69285..e1def37c61e 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -60,7 +60,37 @@ paths: security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/product-input' + content: + application/json: + schema: + type: object + properties: + product: + $ref: '#/components/schemas/product-input' + examples: + Example: + value: + product: + name: The Majestic Product + price: '19.99' + shipping_category_id: 8 + product_properties_attributes: + - property_name: fabric + value: cotton + option_types: + - size + - color + taxon_ids: '2,4' + variants: + - price: 19.99 + cost_price: 17 + sku: SKU-3 + track_inventory: true + options: + - name: size + value: small + - name: color + value: black /orders/mine: get: responses: @@ -344,7 +374,19 @@ paths: security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/product-input' + content: + application/json: + schema: + type: object + properties: + product: + $ref: '#/components/schemas/product-input' + examples: + Example: + value: + product: + name: The Majestic Product + price: '22.22' '/products/{product_id}/images': get: responses: @@ -5168,11 +5210,6 @@ components: application/json: schema: $ref: '#/components/schemas/stock-location-input' - product-input: - content: - application/json: - schema: - $ref: '#/components/schemas/product-input' property-input: content: application/json: @@ -6443,13 +6480,11 @@ components: tax_category_id: type: integer taxon_ids: - type: array - items: - type: integer + type: string + description: 'Comma separated list of taxon ids. Eg. "1,2"' option_type_ids: - type: array - items: - type: integer + description: 'Comma separated list of option type ids ids. Eg. "1,2"' + type: string cost_currency: type: string cost_price: From 718a510d45eb848368f0b9676b64374a95bd4fe5 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Mon, 17 May 2021 13:20:48 +0200 Subject: [PATCH 04/21] Fix API docs for request body of variants --- api/openapi/solidus-api.oas.yml | 164 +++++++++++++++--- .../spree/api/variants_controller_spec.rb | 14 ++ 2 files changed, 155 insertions(+), 23 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index e1def37c61e..a74c460e5d0 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -498,7 +498,38 @@ paths: security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/variant-input' + content: + application/json: + schema: + type: object + properties: + variant: + $ref: '#/components/schemas/variant-input' + examples: + Example with Option Value Ids: + value: + variant: + price: '11.22' + cost_price: '9' + position: 1 + track_inventory: true + sku: AWSOME-1122 + cost_currency: USD + option_value_ids: + - 1 + - 2 + Example with Option Value Text: + value: + variant: + price: '11.22' + cost_price: '9' + position: 1 + track_inventory: true + sku: AWSOME-1122 + cost_currency: USD + options: + name: Color + value: White '/products/{product_id}/images/{id}': get: responses: @@ -648,7 +679,38 @@ paths: security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/variant-input' + content: + application/json: + schema: + type: object + properties: + variant: + $ref: '#/components/schemas/variant-input' + examples: + Example with Option Value Ids: + value: + variant: + price: '11.22' + cost_price: '9' + position: 1 + track_inventory: true + sku: AWSOME-1122 + cost_currency: USD + option_value_ids: + - 1 + - 2 + Example with Option Value Text: + value: + variant: + price: '11.22' + cost_price: '9' + position: 1 + track_inventory: true + sku: AWSOME-1122 + cost_currency: USD + options: + name: Color + value: White /states: get: responses: @@ -731,14 +793,49 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create variant - description: Creates a variant. + description: 'Creates a variant. Only users with `can :create, Variant` permissions can perform this action.' operationId: create-variant tags: - Variants security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/variant-input' + content: + application/json: + schema: + type: object + properties: + product_id: + type: integer + variant: + $ref: '#/components/schemas/variant-input' + examples: + Example with Option Value Ids: + value: + product_id: 1 + variant: + price: '11.22' + cost_price: '9' + position: 1 + track_inventory: true + sku: AWSOME-1122 + cost_currency: USD + option_value_ids: + - 1 + - 2 + Example with Option Value Text: + value: + product_id: 1 + variant: + price: '11.22' + cost_price: '9' + position: 1 + track_inventory: true + sku: AWSOME-1122 + cost_currency: USD + options: + name: Color + value: White '/variants/{id}': get: responses: @@ -808,7 +905,38 @@ paths: security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/variant-input' + content: + application/json: + schema: + type: object + properties: + variant: + $ref: '#/components/schemas/variant-input' + examples: + Example with Option Value Ids: + value: + variant: + price: '11.22' + cost_price: '9' + position: 1 + track_inventory: true + sku: AWSOME-1122 + cost_currency: USD + option_value_ids: + - 1 + - 2 + Example with Option Value Text: + value: + variant: + price: '11.22' + cost_price: '9' + position: 1 + track_inventory: true + sku: AWSOME-1122 + cost_currency: USD + options: + name: Color + value: White '/variants/{variant_id}/images': get: responses: @@ -5225,11 +5353,6 @@ components: application/json: schema: $ref: '#/components/schemas/image-input' - variant-input: - content: - application/json: - schema: - $ref: '#/components/schemas/variant-input' user-input: content: application/json: @@ -6521,28 +6644,16 @@ components: type: object title: Variant input properties: - name: - type: string - presentation: + price: type: string cost_price: type: string - lock_version: - type: string position: type: integer track_inventory: type: boolean product_id: type: integer - product: - type: integer - option_values_attributes: - type: array - items: - $ref: '#/components/schemas/option-value-input' - price: - type: string weight: type: string height: @@ -6559,13 +6670,20 @@ components: type: array items: type: integer + option_values_attributes: + type: array + items: + $ref: '#/components/schemas/option-value-input' options: type: object + description: '`Name` will be the name/presentation of the option type and `Value` will be the name/presentation of the option value. They will be created if not exist.' properties: name: type: string value: type: string + required: + - price property-input: type: object title: Property input diff --git a/api/spec/requests/spree/api/variants_controller_spec.rb b/api/spec/requests/spree/api/variants_controller_spec.rb index 44b03e4ec47..e4ad3778e42 100644 --- a/api/spec/requests/spree/api/variants_controller_spec.rb +++ b/api/spec/requests/spree/api/variants_controller_spec.rb @@ -320,6 +320,20 @@ module Spree end.to change { Spree::OptionValuesVariant.count }.by(2) end + it "create new variants with options" do + expect do + post spree.api_product_variants_path(product), params: { + variant: { + sku: "12345", + options: [{ + name: 'Color', + value: 'White' + }] + } + } + end.to change { Spree::OptionValuesVariant.count }.by(1) + end + it "can update a variant" do put spree.api_variant_path(variant), params: { variant: { sku: "12345" } } expect(response.status).to eq(200) From defc7d8d90834d3cbcdf411d7c90321b629e9a0e Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 20 May 2021 12:51:11 +0200 Subject: [PATCH 05/21] Fix API docs for request body of line items --- api/openapi/solidus-api.oas.yml | 289 +++++++++++++++++++------------- 1 file changed, 170 insertions(+), 119 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index a74c460e5d0..6c1bfd83cc0 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -3855,7 +3855,7 @@ paths: - $ref: '#/components/parameters/per_page' security: - api-key: [] - '/checkouts/{checkout_id}/line_items/{id}': + '/orders/{order_number}/coupon_codes/{id}': delete: responses: '204': @@ -3863,34 +3863,35 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/line-item' + $ref: '#/components/schemas/coupon-code-handler' '401': $ref: '#/components/responses/invalid-api-key' '404': $ref: '#/components/responses/not-found' '422': $ref: '#/components/responses/delete-restriction' - summary: Delete checkout line item - description: Deletes a checkout's line item. - operationId: delete-checkout-line-item + summary: Delete order coupon code + description: Deletes an order's coupon code. + operationId: delete-order-coupon-code tags: - - Line items + - Coupon codes security: - api-key: [] - order-token: [] parameters: - - name: checkout_id + - name: order_number in: path required: true - description: The order number schema: type: string - name: id in: path required: true + description: This is the coupon code schema: type: string - patch: + '/orders/{order_number}/line_items': + post: responses: '200': description: '' @@ -3904,9 +3905,12 @@ paths: $ref: '#/components/responses/not-found' '422': $ref: '#/components/responses/unprocessable-entity' - summary: Update checkout line item - description: Updates a checkout's line item. - operationId: update-checkout-line-item + summary: Create order line item + description: |- + Create a line item in an order not yet completed. + + To perform this operation the request should be made as the order owner or with the order token in case of unauthenitcated checkouts (es. guest checkout). + operationId: create-order-line-item tags: - Line items security: @@ -3918,47 +3922,21 @@ paths: schema: type: object properties: - line_items_attributes: - allOf: - - properties: - id: - type: integer - type: object - '/orders/{order_number}/coupon_codes/{id}': - delete: - responses: - '204': - description: '' - content: - application/json: - schema: - $ref: '#/components/schemas/coupon-code-handler' - '401': - $ref: '#/components/responses/invalid-api-key' - '404': - $ref: '#/components/responses/not-found' - '422': - $ref: '#/components/responses/delete-restriction' - summary: Delete order coupon code - description: Deletes an order's coupon code. - operationId: delete-order-coupon-code - tags: - - Coupon codes - security: - - api-key: [] - - order-token: [] + line_item: + $ref: '#/components/schemas/line-item-input' + examples: + Example: + value: + line_item: + quantity: 1 + variant_id: 22 + description: '' parameters: - name: order_number in: path required: true schema: type: string - - name: id - in: path - required: true - description: This is the coupon code - schema: - type: string '/orders/{order_number}/line_items/{id}': delete: responses: @@ -3988,11 +3966,13 @@ paths: required: true schema: type: string + description: The order number - name: id in: path required: true schema: type: string + description: The id of the line item to update patch: responses: '200': @@ -4008,7 +3988,10 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update order line item - description: Updates an order's line item. + description: |- + Update line item's information in an order not yet completed. + + To perform this operation the request should be made as the order owner or with the order token in case of unauthenitcated checkouts (es. guest checkout). operationId: update-order-line-item tags: - Line items @@ -4016,7 +3999,18 @@ paths: - api-key: [] - order-token: [] requestBody: - $ref: '#/components/requestBodies/line-item-input' + content: + application/json: + schema: + type: object + properties: + line_item: + $ref: '#/components/schemas/line-item-input' + examples: + example-1: + value: + line_item: + quantity: 1 '/stock_items/{id}': delete: responses: @@ -4469,6 +4463,131 @@ paths: description: The order number schema: type: string + '/checkouts/{checkout_id}/line_items': + post: + responses: + '200': + description: '' + content: + application/json: + schema: + $ref: '#/components/schemas/line-item' + '401': + $ref: '#/components/responses/invalid-api-key' + '404': + $ref: '#/components/responses/not-found' + '422': + $ref: '#/components/responses/unprocessable-entity' + summary: Create checkout line item + description: |- + Create a line item in an checkout not yet completed. + + To perform this operation the request should be made as the order owner or with the order token in case of unauthenitcated checkouts (es. guest checkout). + + It is not possible to add a line item to a completed order. + operationId: create-checkout-line-item + tags: + - Line items + security: + - api-key: [] + - order-token: [] + requestBody: + content: + application/json: + schema: + type: object + properties: + line_item: + $ref: '#/components/schemas/line-item-input' + examples: + Example: + value: + line_item: + quantity: 1 + variant_id: 22 + parameters: + - name: checkout_id + in: path + required: true + description: The order number + schema: + type: string + '/checkouts/{checkout_id}/line_items/{id}': + delete: + responses: + '204': + description: '' + content: + application/json: + schema: + $ref: '#/components/schemas/line-item' + '401': + $ref: '#/components/responses/invalid-api-key' + '404': + $ref: '#/components/responses/not-found' + '422': + $ref: '#/components/responses/delete-restriction' + summary: Delete checkout line item + description: Deletes a checkout's line item. + operationId: delete-checkout-line-item + tags: + - Line items + security: + - api-key: [] + - order-token: [] + parameters: + - name: checkout_id + in: path + required: true + description: The order number + schema: + type: string + - name: id + in: path + required: true + schema: + type: string + description: The id of the line item to update + patch: + responses: + '200': + description: '' + content: + application/json: + schema: + $ref: '#/components/schemas/line-item' + '401': + $ref: '#/components/responses/invalid-api-key' + '404': + $ref: '#/components/responses/not-found' + '422': + $ref: '#/components/responses/unprocessable-entity' + summary: Update checkout line item + description: |- + Update line item's information in an checkout not yet completed. + + To perform this operation the request should be made as the order owner or with the order token in case of unauthenitcated checkouts (es. guest checkout). + + It is not possible to add a line item to a completed order. + operationId: update-checkout-line-item + tags: + - Line items + security: + - api-key: [] + - order-token: [] + requestBody: + content: + application/json: + schema: + type: object + properties: + line_item: + $ref: '#/components/schemas/line-item-input' + examples: + Example: + value: + line_item: + quantity: 2 /classifications: put: responses: @@ -4921,38 +5040,6 @@ paths: required: true schema: type: string - '/checkouts/{checkout_id}/line_items': - post: - responses: - '200': - description: '' - content: - application/json: - schema: - $ref: '#/components/schemas/line-item' - '401': - $ref: '#/components/responses/invalid-api-key' - '404': - $ref: '#/components/responses/not-found' - '422': - $ref: '#/components/responses/unprocessable-entity' - summary: Create checkout line item - description: Creates a new line item for a checkout. - operationId: create-checkout-line-item - tags: - - Line items - security: - - api-key: [] - - order-token: [] - requestBody: - $ref: '#/components/requestBodies/line-item-input' - parameters: - - name: checkout_id - in: path - required: true - description: The order number - schema: - type: string '/orders/{order_number}/coupon_codes': post: responses: @@ -4984,37 +5071,6 @@ paths: required: true schema: type: string - '/orders/{order_number}/line_items': - post: - responses: - '200': - description: '' - content: - application/json: - schema: - $ref: '#/components/schemas/line-item' - '401': - $ref: '#/components/responses/invalid-api-key' - '404': - $ref: '#/components/responses/not-found' - '422': - $ref: '#/components/responses/unprocessable-entity' - summary: Create order line item - description: Creates a line item for an order. - operationId: create-order-line-item - tags: - - Line items - security: - - api-key: [] - - order-token: [] - requestBody: - $ref: '#/components/requestBodies/line-item-input' - parameters: - - name: order_number - in: path - required: true - schema: - type: string /shipments: post: responses: @@ -5318,11 +5374,6 @@ components: application/json: schema: $ref: '#/components/schemas/taxon-input' - line-item-input: - content: - application/json: - schema: - $ref: '#/components/schemas/line-item-input' zone-input: content: application/json: @@ -6424,13 +6475,13 @@ components: properties: quantity: type: integer - description: 'Passing `0`, the line item will be removed.' + description: 'Passing `0`, the line item will be removed. When omitted creating a line item, quantity will be `1`.' options: type: object description: 'This field can be used to pass custom line item attributes. When used, it will force a new price calculation, unless `price` is one of the options.' id: type: integer - description: Required for existing line items only. + description: 'Required when updating existing line items, only when not already present in the Path Parameters.' variant_id: type: integer description: Required for new line items only. From 49701a51c4662f755fa6a4a785813555b5397895 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 20 May 2021 14:25:36 +0200 Subject: [PATCH 06/21] Fix API docs for request body of orders --- api/openapi/solidus-api.oas.yml | 131 ++++++++++++++++++++++---------- 1 file changed, 89 insertions(+), 42 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 6c1bfd83cc0..3a485fa2418 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -146,6 +146,7 @@ paths: required: true schema: type: string + description: The order number patch: responses: '200': @@ -161,7 +162,10 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update order - description: Updates an order. + description: |- + Updates an order. + + To perform this operation the request should be made as the order's owner or with the order token in case of unauthenitcated checkouts (es. guest checkout). operationId: update-order tags: - Orders @@ -169,7 +173,42 @@ paths: - api-key: [] - order-token: [] requestBody: - $ref: '#/components/requestBodies/order-input' + content: + application/json: + schema: + type: object + properties: + order: + $ref: '#/components/schemas/order-input' + examples: + Updating Billing Address: + value: + order: + use_billing: true + ship_address_attributes: + name: Jane Doe + address1: 2191 Calico Drive + city: Phoenix + country_id: 22 + state_id: 31 + zipcode: '85022' + phone: 509-644-9988 + company: Acme Inc. + Select a Shipment's Shipping Rate: + value: + order: + shipments_attributes: + - id: 2 + selected_shipping_rate_id: 23 + Updating Payment: + value: + order: + payments_attributes: + - amount: '42.42' + payment_method_id: 1 + source_attributes: + gateway_payment_profile_id: super-secret-token-2131m3n13bv3hv1vasda + description: '' /orders/current: get: responses: @@ -1803,7 +1842,21 @@ paths: security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/order-input' + content: + application/json: + schema: + type: object + properties: + order: + $ref: '#/components/schemas/order-input' + examples: + Example: + value: + order: + email: string + line_items_attributes: + - quantity: 1 + variant_id: 22 '/orders/{order_number}/addresses/{id}': get: responses: @@ -4079,7 +4132,9 @@ paths: $ref: '#/components/responses/unprocessable-entity' summary: Update checkout description: |- - Updates a checkout. + Updates a checkout and moves the order to the next checkout step. A request with an empty body is legit and only tries to move the order to the next step. + + To perform this operation the request should be made as the order owner or with the order token in case of unauthenitcated checkouts (es. guest checkout). **Note:** In addition to the order update, this action always attempts to perform an order state machine transition which results in a `422` response if it cannot be transitioned. operationId: update-checkout @@ -4092,13 +4147,17 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/checkout-input' + type: object + properties: + order: + $ref: '#/components/schemas/order-input' parameters: - name: id in: path required: true schema: type: string + description: The order number '/credit_cards/{id}': patch: responses: @@ -5394,11 +5453,6 @@ components: application/json: schema: $ref: '#/components/schemas/property-input' - order-input: - content: - application/json: - schema: - $ref: '#/components/schemas/order-input' image-input: content: application/json: @@ -6505,30 +6559,6 @@ components: type: string presentation: type: string - checkout-input: - type: object - title: Checkout input - properties: - coupon_code: - type: string - email: - type: string - special_instructions: - type: string - use_billing: - type: boolean - bill_address_attributes: - $ref: '#/components/schemas/address-input' - ship_address_attributes: - $ref: '#/components/schemas/address-input' - payments_attributes: - type: array - items: - $ref: '#/components/schemas/payment-input' - shipments_attributes: - type: array - items: - $ref: '#/components/schemas/shipment-input' credit-card-update-input: type: object title: Credit card update input @@ -6611,14 +6641,31 @@ components: type: integer order-input: title: Order input - allOf: - - $ref: '#/components/schemas/checkout-input' - - type: object - properties: - line_items_attributes: - type: array - items: - $ref: '#/components/schemas/line-item-input' + properties: + coupon_code: + type: string + email: + type: string + special_instructions: + type: string + use_billing: + type: boolean + bill_address_attributes: + $ref: '#/components/schemas/address-input' + ship_address_attributes: + $ref: '#/components/schemas/address-input' + payments_attributes: + type: array + items: + $ref: '#/components/schemas/payment-input' + shipments_attributes: + type: array + items: + $ref: '#/components/schemas/shipment-input' + line_items_attributes: + type: array + items: + $ref: '#/components/schemas/line-item-input' product-input: type: object title: Product input From 9082e28fc5e814e80c0d65708a40e348c8b2f802 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 20 May 2021 14:28:18 +0200 Subject: [PATCH 07/21] Remove deprecated coupon code property from order's input Starting with Solidus 3.0, we no longer accept the coupon_code attribute to be passed along with the other order's attributes. There's a separate endpoint for applying a coupon code via API: POST /orders/{order_number}/coupon_codes --- api/openapi/solidus-api.oas.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 3a485fa2418..c7974228f75 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -6642,8 +6642,6 @@ components: order-input: title: Order input properties: - coupon_code: - type: string email: type: string special_instructions: From c955115c0bac10deeee1eb2c441ff5775c1a5984 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 21 May 2021 11:14:51 +0200 Subject: [PATCH 08/21] Fix API docs for request body of coupon codes --- api/openapi/solidus-api.oas.yml | 44 +++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index c7974228f75..c58f1e76ae2 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -3922,9 +3922,16 @@ paths: '404': $ref: '#/components/responses/not-found' '422': - $ref: '#/components/responses/delete-restriction' + description: Unprocessable Entity (WebDAV) + content: + application/json: + schema: + $ref: '#/components/schemas/coupon-code-handler' summary: Delete order coupon code - description: Deletes an order's coupon code. + description: |- + Deletes an order's coupon code. + + To perform this operation the request should be made as the order's owner or with the order token in case of unauthenitcated checkouts (es. guest checkout). operationId: delete-order-coupon-code tags: - Coupon codes @@ -3937,6 +3944,7 @@ paths: required: true schema: type: string + description: The order number - name: id in: path required: true @@ -5113,9 +5121,16 @@ paths: '404': $ref: '#/components/responses/not-found' '422': - $ref: '#/components/responses/unprocessable-entity' + description: '' + content: + application/json: + schema: + $ref: '#/components/schemas/coupon-code-handler' summary: Create order coupon code - description: Creates a coupon code for an order. + description: |- + Creates a coupon code for an order. + + To perform this operation the request should be made as the order's owner or with the order token in case of unauthenitcated checkouts (es. guest checkout). operationId: create-order-coupon-code tags: - Coupon codes @@ -5123,13 +5138,21 @@ paths: - api-key: [] - order-token: [] requestBody: - $ref: '#/components/requestBodies/coupon-code-input' + content: + application/json: + schema: + $ref: '#/components/schemas/coupon-code-input' + examples: + Example: + value: + coupon_code: off-20 parameters: - name: order_number in: path required: true schema: type: string + description: The order number /shipments: post: responses: @@ -5496,11 +5519,6 @@ components: properties: expected_total: type: string - coupon-code-input: - content: - application/json: - schema: - $ref: '#/components/schemas/coupon-code-input' add-shipment-itemBody: content: application/json: @@ -6437,12 +6455,18 @@ components: properties: success: type: string + description: Message returned if the coupon has been applied. error: type: string + description: Message returned if there are errors applying the coupon. successful: type: boolean status_code: type: string + description: |- + When applying a coupon code, it can be: `coupon_code_applied`, `coupon_code_unknown_error`, `coupon_code_max_usage`, `coupon_code_not_eligible`, `coupon_code_already_applied`, `coupon_code_expired` or `coupon_code_not_found`. + + When removing a coupon code, it can be: `coupon_code_removed`, `coupon_code_not_present`, `coupon_code_not_found`. address-book: type: array title: Address book From b0d975252dcfd59181b50a536aadb41ade2ae98c Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 21 May 2021 11:43:19 +0200 Subject: [PATCH 09/21] Fix API docs for request body of shipments --- api/openapi/solidus-api.oas.yml | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index c58f1e76ae2..e3d4bdd17c4 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -4215,7 +4215,10 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update shipment - description: Updates a shipment. + description: |- + Updates a shipment. + + Please note that this request can be only performed by users with the `update` permission on the shipment. operationId: update-shipment tags: - Shipments @@ -4225,7 +4228,15 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/shipment-input' + type: object + properties: + shipment: + $ref: '#/components/schemas/shipment-input' + examples: + Example: + value: + shipment: + tracking: tracking-identifier-provided-by-shipping-provider parameters: - name: number in: path @@ -5167,7 +5178,10 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create shipment - description: Creates a shipment. + description: |- + Creates a shipment. + + Please note that this request can be only performed by users with the `create` permission on the shipment. operationId: create-shipment tags: - Shipments @@ -5185,6 +5199,12 @@ paths: type: integer quantity: type: integer + examples: + Example: + value: + stock_location_id: 1 + variant_id: 23 + quantity: 1 /shipments/transfer_to_location: post: responses: From 16bea191f4f3d5168d60ca62247aa348a435676b Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 21 May 2021 11:51:55 +0200 Subject: [PATCH 10/21] Fix API docs for request body of zones --- api/openapi/solidus-api.oas.yml | 52 +++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 12 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index e3d4bdd17c4..17e399ffcc8 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -3776,14 +3776,32 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create zone - description: Creates a zone. + description: |- + Creates a zone. + + Only users with the `create` permission on `Spree::Zone` can perform this action. operationId: create-zone tags: - Zones security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/zone-input' + content: + application/json: + schema: + type: object + properties: + zone: + $ref: '#/components/schemas/zone-input' + examples: + Example: + value: + zone: + name: North Pole + description: The coldest one. + zone_members_attributes: + - zoneable_type: 'Spree::Country' + zoneable_id: 1 '/zones/{id}': get: responses: @@ -3810,6 +3828,7 @@ paths: required: true schema: type: string + description: The ID of the zone we want to update delete: responses: '204': @@ -3846,14 +3865,28 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update zone - description: Updates a zone. + description: |- + Updates a zone. + + Only users with the `update` permission on the zone can perform this action. operationId: update-zone tags: - Zones security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/zone-input' + content: + application/json: + schema: + type: object + properties: + zone: + $ref: '#/components/schemas/zone-input' + examples: + Example: + value: + zone: + description: Brrr. The coldest one. '/promotions/{id}': get: responses: @@ -5202,9 +5235,9 @@ paths: examples: Example: value: - stock_location_id: 1 - variant_id: 23 - quantity: 1 + stock_location_id: 0 + variant_id: 0 + quantity: 0 /shipments/transfer_to_location: post: responses: @@ -5476,11 +5509,6 @@ components: application/json: schema: $ref: '#/components/schemas/taxon-input' - zone-input: - content: - application/json: - schema: - $ref: '#/components/schemas/zone-input' product-property-input: content: application/json: From 76ba37ae4531b613743400bc2a36000375d810a4 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 21 May 2021 12:31:29 +0200 Subject: [PATCH 11/21] Fix API docs for request body of product properties --- api/openapi/solidus-api.oas.yml | 42 ++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 17e399ffcc8..073c31fe909 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -2687,14 +2687,29 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create product property - description: Creates a product property. + description: |- + Creates a product property. + + Only users with the `create` permission on `Spree::ProductProperty` can perform this action. operationId: create-product-property tags: - Product properties security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/product-property-input' + content: + application/json: + schema: + type: object + properties: + product_property: + $ref: '#/components/schemas/product-property-input' + examples: + Example: + value: + product_property: + property_name: Fit + value: Loose '/products/{product_id}/product_properties/{id}': get: responses: @@ -2762,14 +2777,28 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update product property - description: Updates a product's property. + description: |- + Updates a product's property. + + Only users with the `update` permission on the product property can perform this action. operationId: update-product-property tags: - Product properties security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/product-property-input' + content: + application/json: + schema: + type: object + properties: + product_property: + $ref: '#/components/schemas/product-property-input' + examples: + Example: + value: + product_property: + value: Regular /properties: get: responses: @@ -5509,11 +5538,6 @@ components: application/json: schema: $ref: '#/components/schemas/taxon-input' - product-property-input: - content: - application/json: - schema: - $ref: '#/components/schemas/product-property-input' stock-location-input: content: application/json: From da32fea044bf9968f98f718a895781eba960c646 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 21 May 2021 12:39:05 +0200 Subject: [PATCH 12/21] Fix API docs for request body of stock locations --- api/openapi/solidus-api.oas.yml | 43 ++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 9 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 073c31fe909..e871a5fc46c 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -3010,14 +3010,29 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create stock location - description: Creates a stock location. + description: |- + Creates a stock location. + + Only users with the `create` permission on `Spree::StockLocation` can perform this action. operationId: create-stock-location tags: - Stock locations security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/stock-location-input' + content: + application/json: + schema: + type: object + properties: + stock_location: + $ref: '#/components/schemas/stock-location-input' + examples: + Example: + value: + stock_location: + name: North Pole + active: true '/stock_locations/{id}': get: responses: @@ -3043,6 +3058,7 @@ paths: required: true schema: type: string + description: The id of the stock location delete: responses: '204': @@ -3079,14 +3095,28 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update stock location - description: Updates a stock location. + description: |- + Updates a stock location. + + Only users with the `update` permission on the stock location can perform this action. operationId: update-stock-location tags: - Stock locations security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/stock-location-input' + content: + application/json: + schema: + type: object + properties: + stock_location: + $ref: '#/components/schemas/stock-location-input' + examples: + Example: + value: + stock_location: + active: false '/stock_locations/{stock_location_id}/stock_items': get: responses: @@ -5538,11 +5568,6 @@ components: application/json: schema: $ref: '#/components/schemas/taxon-input' - stock-location-input: - content: - application/json: - schema: - $ref: '#/components/schemas/stock-location-input' property-input: content: application/json: From fe324019570fac0eed8ecabc1321570dfe172b34 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 21 May 2021 13:56:39 +0200 Subject: [PATCH 13/21] Fix API docs for request body of taxons --- api/openapi/solidus-api.oas.yml | 45 +++++++++++++++---- .../spree/api/taxons_controller_spec.rb | 4 +- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index e871a5fc46c..6d352eea25c 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -3621,6 +3621,7 @@ paths: required: true schema: type: string + description: The id of the taxonomy for which the new taxon will be added post: responses: '200': @@ -3636,14 +3637,29 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create taxonomy taxon - description: Creates a taxon for a taxonomy. + description: |- + Creates a taxon for a taxonomy. + + Only users with the `create` permission on `Spree::Taxon` can perform this action. operationId: create-taxonomy-taxon tags: - Taxons security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/taxon-input' + content: + application/json: + schema: + type: object + properties: + taxon: + $ref: '#/components/schemas/taxon-input' + examples: + Example: + value: + taxon: + name: Colors + parent_id: 22 '/taxonomies/{taxonomy_id}/taxons/{id}': get: responses: @@ -3669,11 +3685,13 @@ paths: required: true schema: type: string + description: The id of the taxon's taxonomy - name: id in: path required: true schema: type: string + description: The id of the taxon delete: responses: '204': @@ -3710,14 +3728,28 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update taxonomy taxon - description: Updates a taxonomy's taxon. + description: |- + Updates a taxonomy's taxon. + + Only users with the `update` permission on the taxon can perform this action. operationId: update-taxonomy-taxon tags: - Taxons security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/taxon-input' + content: + application/json: + schema: + type: object + properties: + taxon: + $ref: '#/components/schemas/taxon-input' + examples: + Example: + value: + taxon: + name: Colours /taxons: get: responses: @@ -5563,11 +5595,6 @@ components: message: type: string requestBodies: - taxon-input: - content: - application/json: - schema: - $ref: '#/components/schemas/taxon-input' property-input: content: application/json: diff --git a/api/spec/requests/spree/api/taxons_controller_spec.rb b/api/spec/requests/spree/api/taxons_controller_spec.rb index de1612c1e33..ac3ca7a571d 100644 --- a/api/spec/requests/spree/api/taxons_controller_spec.rb +++ b/api/spec/requests/spree/api/taxons_controller_spec.rb @@ -120,12 +120,12 @@ module Spree assert_unauthorized! end - it "cannot update a taxon" do + it "cannot update a taxon if not an admin" do put spree.api_taxonomy_taxon_path(taxonomy, taxon.id), params: { taxon: { name: "I hacked your store!" } } assert_unauthorized! end - it "cannot delete a taxon" do + it "cannot delete a taxon if not an admin" do delete spree.api_taxonomy_taxon_path(taxonomy, taxon.id) assert_unauthorized! end From a11c6261dc6e2a3927b0a4ca9e49c1190e7945a2 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Fri, 21 May 2021 14:08:26 +0200 Subject: [PATCH 14/21] Fix API docs for request body of taxonomies --- api/openapi/solidus-api.oas.yml | 46 +++++++++++++++---- .../spree/api/taxonomies_controller_spec.rb | 13 ++++-- 2 files changed, 47 insertions(+), 12 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 6d352eea25c..2e290e1f86d 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -3508,14 +3508,30 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create taxonomy - description: Creates a taxonomy. + description: |- + Creates a taxonomy. + + Only users with the `create` permission on `Spree::Taxonomy` can perform this action. + + Creating a taxonomy, its root taxon with the same name will be automatically created. The root taxon's information will be available in the response. operationId: create-taxonomy tags: - Taxonomies security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/taxonomy-input' + content: + application/json: + schema: + type: object + properties: + taxonomy: + $ref: '#/components/schemas/taxonomy-input' + examples: + Example: + value: + taxonomy: + name: Colors '/taxonomies/{id}': get: responses: @@ -3541,6 +3557,7 @@ paths: required: true schema: type: string + description: The id of the taxonomy delete: responses: '204': @@ -3577,14 +3594,28 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update taxonomy - description: Updates a taxonomy. + description: |- + Updates a taxonomy. + + Only users with the `update` permission on the taxonomy can perform this action. operationId: update-taxonomy tags: - Taxonomies security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/taxonomy-input' + content: + application/json: + schema: + type: object + properties: + taxonomy: + $ref: '#/components/schemas/taxonomy-input' + examples: + Example: + value: + taxonomy: + name: Colours '/taxonomies/{taxonomy_id}/taxons': get: responses: @@ -5630,11 +5661,6 @@ components: application/json: schema: $ref: '#/components/schemas/stock-item-input' - taxonomy-input: - content: - application/json: - schema: - $ref: '#/components/schemas/taxonomy-input' complete-checkoutBody: content: application/json: @@ -7004,6 +7030,8 @@ components: properties: name: type: string + required: + - name taxon-input: type: object title: Taxon input diff --git a/api/spec/requests/spree/api/taxonomies_controller_spec.rb b/api/spec/requests/spree/api/taxonomies_controller_spec.rb index b06ccc44866..cb51501386b 100644 --- a/api/spec/requests/spree/api/taxonomies_controller_spec.rb +++ b/api/spec/requests/spree/api/taxonomies_controller_spec.rb @@ -71,12 +71,12 @@ module Spree assert_unauthorized! end - it "cannot update a taxonomy" do + it "cannot update a taxonomy if not an admin" do put spree.api_taxonomy_path(taxonomy.id), params: { taxonomy: { name: "I hacked your store!" } } assert_unauthorized! end - it "cannot delete a taxonomy" do + it "cannot delete a taxonomy if not an admin" do delete spree.api_taxonomy_path(taxonomy.id) assert_unauthorized! end @@ -85,7 +85,7 @@ module Spree context "as an admin" do sign_in_as_admin! - it "can create" do + it "can create a taxonomy" do post spree.api_taxonomies_path, params: { taxonomy: { name: "Colors" } } expect(json_response).to have_attributes(attributes) expect(response.status).to eq(201) @@ -97,6 +97,13 @@ module Spree expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.") end + it "can update a taxonomy" do + put spree.api_taxonomy_path(taxonomy), params: { taxonomy: { name: "Colours" } } + expect(json_response).to have_attributes(attributes) + expect(response.status).to eq(200) + expect(taxonomy.reload.name).to eql 'Colours' + end + it "can destroy" do delete spree.api_taxonomy_path(taxonomy.id) expect(response.status).to eq(204) From f27cf6c080747ecacee8f21ec183b820532184f7 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 27 May 2021 11:34:16 +0200 Subject: [PATCH 15/21] Fix API docs for request body of properties --- api/openapi/solidus-api.oas.yml | 32 +++++++++++++------ .../spree/api/properties_controller_spec.rb | 4 +-- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 2e290e1f86d..0b8c7ca3447 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -2840,14 +2840,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create property - description: Creates a property. + description: |- + Creates a property. + + Only users with the `create` permission on `Spree::Propery` can perform this action. operationId: create-property tags: - Properties security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/property-input' + content: + application/json: + schema: + type: object + properties: + property: + $ref: '#/components/schemas/property-input' '/properties/{id}': get: responses: @@ -2874,6 +2883,7 @@ paths: required: true schema: type: string + description: 'The id of the Spree::Property' delete: responses: '204': @@ -2910,14 +2920,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update property - description: Updates a property. + description: |- + Updates a property. + + Only users with the `update` permission on the property can perform this action. operationId: update-property tags: - Properties security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/property-input' + content: + application/json: + schema: + type: object + properties: + property: + $ref: '#/components/schemas/property-input' '/inventory_units/{id}': get: responses: @@ -5626,11 +5645,6 @@ components: message: type: string requestBodies: - property-input: - content: - application/json: - schema: - $ref: '#/components/schemas/property-input' image-input: content: application/json: diff --git a/api/spec/requests/spree/api/properties_controller_spec.rb b/api/spec/requests/spree/api/properties_controller_spec.rb index 2af67f4ad1c..4c3029f08c9 100644 --- a/api/spec/requests/spree/api/properties_controller_spec.rb +++ b/api/spec/requests/spree/api/properties_controller_spec.rb @@ -65,12 +65,12 @@ module Spree assert_unauthorized! end - it "cannot update a property" do + it "cannot update a property if not admin" do put spree.api_property_path(property_1.name), params: { property: { presentation: "my value 456" } } assert_unauthorized! end - it "cannot delete a property" do + it "cannot delete a property if not admin" do delete spree.api_property_path(property_1.name) assert_unauthorized! expect { property_1.reload }.not_to raise_error From a41e5c9f0b192dfbee02a8d0ed05d3ca1a5dae16 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 27 May 2021 11:46:31 +0200 Subject: [PATCH 16/21] Fix API docs for request body of images --- api/openapi/solidus-api.oas.yml | 61 ++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 0b8c7ca3447..eead140347a 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -472,14 +472,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create product image - description: Creates an image for a product. + description: |- + Creates an image for a product. + + Only users with the `create` permission on `Spree::Image` can perform this action. operationId: create-product-image tags: - Images security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/image-input' + content: + application/json: + schema: + type: object + properties: + image: + $ref: '#/components/schemas/image-input' '/products/{product_id}/variants': get: responses: @@ -595,11 +604,13 @@ paths: required: true schema: type: string + description: 'The id of the Spree::Product' - name: id in: path required: true schema: type: string + description: 'The id of the Spree::Image' delete: responses: '204': @@ -636,14 +647,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update product image - description: Updates a product's image. + description: |- + Updates a product's image. + + Only users with the `update` permission on the image can perform this action. operationId: update-product-image tags: - Images security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/image-input' + content: + application/json: + schema: + type: object + properties: + image: + $ref: '#/components/schemas/image-input' '/products/{product_id}/variants/{id}': get: responses: @@ -1022,14 +1042,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create variant image - description: Creates an image for a variant. + description: |- + Creates an image for a variant. + + Only users with the `create` permission on `Spree::Image` can perform this action. operationId: create-variant-image tags: - Images security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/image-input' + content: + application/json: + schema: + type: object + properties: + image: + $ref: '#/components/schemas/image-input' '/variants/{variant_id}/images/{id}': get: responses: @@ -1056,11 +1085,13 @@ paths: required: true schema: type: string + description: 'The id of the Spree::Variant' - name: id in: path required: true schema: type: string + description: 'The id of the Spree::Image' delete: responses: '204': @@ -1097,14 +1128,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update variant image - description: Updates a variant's image. + description: |- + Updates a variant's image. + + Only users with the `update` permission on the image can perform this action. operationId: update-variant-image tags: - Images security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/image-input' + content: + application/json: + schema: + type: object + properties: + image: + $ref: '#/components/schemas/image-input' '/shipments/{shipment_number}/estimated_rates': get: responses: @@ -5645,11 +5685,6 @@ components: message: type: string requestBodies: - image-input: - content: - application/json: - schema: - $ref: '#/components/schemas/image-input' user-input: content: application/json: From bf26b5f0aeb9d321f098e7a8059a13e3a75b0187 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 27 May 2021 12:00:13 +0200 Subject: [PATCH 17/21] Fix API docs for request body of users --- api/openapi/solidus-api.oas.yml | 33 ++++++++++++++----- .../spree/api/users_controller_spec.rb | 6 ++++ 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index eead140347a..23b4b5ff47d 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -1231,6 +1231,7 @@ paths: required: true schema: type: string + description: 'The ID of the Spree::User' delete: responses: '204': @@ -1267,14 +1268,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update user - description: Updates a user. + description: |- + Updates a user. + + Only users with the `update` permission on the user can perform this action. operationId: update-user tags: - Users security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/user-input' + content: + application/json: + schema: + type: object + properties: + user: + $ref: '#/components/schemas/user-input' '/users/{user_id}/address_book': get: responses: @@ -3908,14 +3918,24 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create user - description: Creates a user. + description: | + Creates a user. + + Only users with the `create` permission on `Spree::User` can perform this action. operationId: create-user tags: - Users security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/user-input' + content: + application/json: + schema: + type: object + properties: + user: + $ref: '#/components/schemas/user-input' + description: '' /zones: get: responses: @@ -5685,11 +5705,6 @@ components: message: type: string requestBodies: - user-input: - content: - application/json: - schema: - $ref: '#/components/schemas/user-input' return-authorization-input: content: application/json: diff --git a/api/spec/requests/spree/api/users_controller_spec.rb b/api/spec/requests/spree/api/users_controller_spec.rb index f3283554877..4421b8b953b 100644 --- a/api/spec/requests/spree/api/users_controller_spec.rb +++ b/api/spec/requests/spree/api/users_controller_spec.rb @@ -132,6 +132,12 @@ module Spree expect(response.status).to eq(201) end + it "can update" do + post spree.api_users_path, params: { user: { email: "existing@example.com" } } + expect(json_response).to have_attributes(attributes) + expect(response.status).to eq(201) + end + it "can destroy user without orders" do user.orders.destroy_all delete spree.api_user_path(user) From 413b3602c45143e1ec0cb66b8ebab6c0c127f9dd Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 27 May 2021 12:53:04 +0200 Subject: [PATCH 18/21] Fix API docs for request body of return authorizations --- api/openapi/solidus-api.oas.yml | 60 ++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 23b4b5ff47d..996ea484b15 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -1706,14 +1706,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create checkout return authorization - description: Creates a return authorization for a checkout. + description: |- + Creates a return authorization for a checkout. + + Only users with the `create` permission on `Spree::RetrunAuthorization` can perform this action. operationId: create-checkout-return-authorization tags: - Return authorizations security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/return-authorization-input' + content: + application/json: + schema: + type: object + properties: + return_authorization: + $ref: '#/components/schemas/return-authorization-input' '/checkouts/{checkout_id}/return_authorizations/{id}': get: responses: @@ -1745,6 +1754,7 @@ paths: required: true schema: type: string + description: 'The ID of the Spree::ReturnAuthorization' delete: responses: '204': @@ -1781,14 +1791,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update checkout return authorization - description: Updates a checkout's return authorization. + description: |- + Updates a checkout's return authorization. + + Only users with the `update` permission on the return authorization can perform this action. operationId: update-checkout-return-authorization tags: - Return authorizations security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/return-authorization-input' + content: + application/json: + schema: + type: object + properties: + return_authorization: + $ref: '#/components/schemas/return-authorization-input' '/orders/{order_id}/customer_returns/{id}': get: responses: @@ -2208,14 +2227,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create order return authorization - description: Creates a return authorization for an order. + description: |- + Creates a return authorization for an order. + + Only users with the `create` permission on `Spree::ReturnAuthorization` can perform this action. operationId: create-order-return-authorization tags: - Return authorizations security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/return-authorization-input' + content: + application/json: + schema: + type: object + properties: + return_authorization: + $ref: '#/components/schemas/return-authorization-input' '/orders/{order_number}/return_authorizations/{id}': get: responses: @@ -2242,11 +2270,13 @@ paths: required: true schema: type: string + description: The Order number - name: id in: path required: true schema: type: string + description: 'The ID of the Spree::ReturnAuthorization' delete: responses: '200': @@ -2283,14 +2313,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update order return authorization - description: Updates an order's return authorization. + description: |- + Updates an order's return authorization. + + Only users with the `update` permission on the return authorization can perform this action. operationId: update-order-return-authorization tags: - Return authorizations security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/return-authorization-input' + content: + application/json: + schema: + type: object + properties: + return_authorization: + $ref: '#/components/schemas/return-authorization-input' /config: get: responses: @@ -5705,11 +5744,6 @@ components: message: type: string requestBodies: - return-authorization-input: - content: - application/json: - schema: - $ref: '#/components/schemas/return-authorization-input' customer-return-input: content: application/json: From 43f60ef6a88b1a09a6b70e286c5377385221b134 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 27 May 2021 13:02:34 +0200 Subject: [PATCH 19/21] Fix API docs for request body of customer returns --- api/openapi/solidus-api.oas.yml | 34 +++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 996ea484b15..6af705952f3 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -1837,7 +1837,7 @@ paths: - name: id in: path required: true - description: The id of the checkout's address that we want to retrieve + description: The id of the customer return schema: type: string put: @@ -1855,12 +1855,21 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update order customer return - description: Updates an orders customer return. + description: |- + Updates an orders customer return. + + Only users with the `update` permission on the customer return can perform this action. operationId: update-order-customer-return tags: - Customer returns requestBody: - $ref: '#/components/requestBodies/customer-return-input' + content: + application/json: + schema: + type: object + properties: + customer_return: + $ref: '#/components/schemas/customer-return-input' security: - api-key: [] /orders: @@ -5630,6 +5639,7 @@ paths: schema: type: string required: true + description: The order number post: responses: '200': @@ -5645,12 +5655,21 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create order customer return - description: Creates a customer return for an order. + description: |- + Creates a customer return for an order. + + Only users with the `create` permission on `Spree::CustomerReturn` can perform this action. operationId: create-order-customer-return tags: - Customer returns requestBody: - $ref: '#/components/requestBodies/customer-return-input' + content: + application/json: + schema: + type: object + properties: + customer_return: + $ref: '#/components/schemas/customer-return-input' security: - api-key: [] tags: @@ -5744,11 +5763,6 @@ components: message: type: string requestBodies: - customer-return-input: - content: - application/json: - schema: - $ref: '#/components/schemas/customer-return-input' option-value-input: content: application/json: From 58898c57ecc19545296ad3fddc5cef962b311e05 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 27 May 2021 13:15:21 +0200 Subject: [PATCH 20/21] Fix API docs for request body of option values --- api/openapi/solidus-api.oas.yml | 62 ++++++++++++++++++++++++++------- 1 file changed, 49 insertions(+), 13 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 6af705952f3..8618657ba52 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -2531,14 +2531,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create option value - description: Creates an option value. + description: |- + Creates an option value. + + Only users with the `create` permission on `Spree::OptionValue` can perform this action. operationId: create-option-value tags: - Option values security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/option-value-input' + content: + application/json: + schema: + type: object + properties: + option_value: + $ref: '#/components/schemas/option-value-input' '/option_values/{id}': get: responses: @@ -2565,6 +2574,7 @@ paths: required: true schema: type: string + description: 'The ID of the Spree::OptionValue' delete: responses: '204': @@ -2601,14 +2611,24 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update option value - description: Updates an option value. + description: |- + Updates an option value. + + Only users with the `update` permission on the option value can perform this action. operationId: update-option-value tags: - Option values security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/option-value-input' + content: + application/json: + schema: + type: object + properties: + option_value: + $ref: '#/components/schemas/option-value-input' + description: '' '/option_types/{option_type_id}/option_values': get: responses: @@ -2637,6 +2657,7 @@ paths: required: true schema: type: string + description: 'The ID of the Spree::OptionType' post: responses: '200': @@ -2652,14 +2673,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create option type value - description: Creates an option value for a type. + description: |- + Creates an option value for a type. + + Only users with the `create` permission on `Spree::OptionValue` can perform this action. operationId: create-option-type-value tags: - Option values security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/option-value-input' + content: + application/json: + schema: + type: object + properties: + option_value: + $ref: '#/components/schemas/option-value-input' '/option_types/{option_type_id}/option_values/{id}': get: responses: @@ -2685,11 +2715,13 @@ paths: required: true schema: type: string + description: 'The ID of the Spree::OptionType' - name: id in: path required: true schema: type: string + description: The ID of the OptionValue delete: responses: '204': @@ -2726,14 +2758,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update option type value - description: Updates an option type's value. + description: |- + Updates an option type's value. + + Only users with the `update` permission on the option value can perform this action. operationId: update-option-type-value tags: - Option values security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/option-value-input' + content: + application/json: + schema: + type: object + properties: + option_value: + $ref: '#/components/schemas/option-value-input' '/products/{product_id}/product_properties': get: responses: @@ -5763,11 +5804,6 @@ components: message: type: string requestBodies: - option-value-input: - content: - application/json: - schema: - $ref: '#/components/schemas/option-value-input' stock-item-input: content: application/json: From 046d3affbc1801f9b48db7208afdc4e56b400244 Mon Sep 17 00:00:00 2001 From: Alberto Vena Date: Thu, 27 May 2021 13:22:37 +0200 Subject: [PATCH 21/21] Fix API docs for request body of stock items --- api/openapi/solidus-api.oas.yml | 47 +++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 11 deletions(-) diff --git a/api/openapi/solidus-api.oas.yml b/api/openapi/solidus-api.oas.yml index 8618657ba52..82355e2ac83 100644 --- a/api/openapi/solidus-api.oas.yml +++ b/api/openapi/solidus-api.oas.yml @@ -3326,14 +3326,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Create stock location item - description: Creates a stock item for a stock location. + description: |- + Creates a stock item for a stock location. + + Only users with the `create` permission on `Spree::StockItem` can perform this action. operationId: create-stock-location-item tags: - Stock items security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/stock-item-input' + content: + application/json: + schema: + type: object + properties: + stock_item: + $ref: '#/components/schemas/stock-item-input' '/stock_locations/{stock_location_id}/stock_items/{id}': get: responses: @@ -3359,11 +3368,13 @@ paths: required: true schema: type: string + description: 'The ID of the Spree::StockLocation' - name: id in: path required: true schema: type: string + description: 'The ID of the Spree::StockItem' delete: responses: '204': @@ -3400,14 +3411,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update stock location item - description: Updates a stock location's item. + description: |- + Updates a stock location's item. + + Only users with the `update` permission on the stock item can perform this action. operationId: update-stock-location-item tags: - Stock items security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/stock-item-input' + content: + application/json: + schema: + type: object + properties: + stock_item: + $ref: '#/components/schemas/stock-item-input' '/stock_locations/{stock_location_id}/stock_movements': get: responses: @@ -4423,6 +4443,7 @@ paths: required: true schema: type: string + description: 'The ID of the Stock::Item' patch: responses: '200': @@ -4438,14 +4459,23 @@ paths: '422': $ref: '#/components/responses/unprocessable-entity' summary: Update stock item - description: Updates a stock item. + description: |- + Updates a stock item. + + Only users with the `update` permission on the stock item can perform this action. operationId: update-stock-item tags: - Stock items security: - api-key: [] requestBody: - $ref: '#/components/requestBodies/stock-item-input' + content: + application/json: + schema: + type: object + properties: + stock_item: + $ref: '#/components/schemas/stock-item-input' '/checkouts/{id}': patch: responses: @@ -5804,11 +5834,6 @@ components: message: type: string requestBodies: - stock-item-input: - content: - application/json: - schema: - $ref: '#/components/schemas/stock-item-input' complete-checkoutBody: content: application/json: