From 67a714064298941b6f061554f479c1f28d18b781 Mon Sep 17 00:00:00 2001 From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com> Date: Tue, 28 Apr 2020 13:48:07 +0200 Subject: [PATCH 1/3] Memoize distributor and order_cycle in Api::OrderCyclesController --- app/controllers/api/order_cycles_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/order_cycles_controller.rb b/app/controllers/api/order_cycles_controller.rb index 0ac5223ea1..d4ce2cdc7b 100644 --- a/app/controllers/api/order_cycles_controller.rb +++ b/app/controllers/api/order_cycles_controller.rb @@ -70,11 +70,11 @@ module Api end def distributor - Enterprise.find_by_id(params[:distributor]) + @distributor ||= Enterprise.find_by_id(params[:distributor]) end def order_cycle - OrderCycle.find_by_id(params[:id]) + @order_cycle ||= OrderCycle.find_by_id(params[:id]) end def customer From eb7de1829869b11bd64a5ca0cb5d90230f1a0f62 Mon Sep 17 00:00:00 2001 From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com> Date: Tue, 28 Apr 2020 13:51:25 +0200 Subject: [PATCH 2/3] Return early (before hitting the DB) in complex product list rendering if we already know the order cycle is closed --- app/controllers/api/order_cycles_controller.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/order_cycles_controller.rb b/app/controllers/api/order_cycles_controller.rb index d4ce2cdc7b..b06f302169 100644 --- a/app/controllers/api/order_cycles_controller.rb +++ b/app/controllers/api/order_cycles_controller.rb @@ -6,6 +6,8 @@ module Api skip_authorization_check def products + render_no_products unless order_cycle.open? + products = ProductsRenderer.new( distributor, order_cycle, @@ -15,7 +17,7 @@ module Api render json: products rescue ProductsRenderer::NoProducts - render status: :not_found, json: '' + render_no_products end def taxons @@ -35,6 +37,10 @@ module Api private + def render_no_products + render status: :not_found, json: '' + end + def product_properties Spree::Property. joins(:products). From e4985a9d51d70f5bb9301fe95c9b4d2a8ccf2533 Mon Sep 17 00:00:00 2001 From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com> Date: Wed, 22 Apr 2020 12:38:13 +0200 Subject: [PATCH 3/3] Avoid needlessly fetching the current user records (for authentication and API key checks) These endpoints are absolutely public, and don't need the current user at any point. --- app/controllers/api/order_cycles_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/api/order_cycles_controller.rb b/app/controllers/api/order_cycles_controller.rb index b06f302169..5404db76c4 100644 --- a/app/controllers/api/order_cycles_controller.rb +++ b/app/controllers/api/order_cycles_controller.rb @@ -4,6 +4,7 @@ module Api respond_to :json skip_authorization_check + skip_before_filter :authenticate_user, :ensure_api_key, only: [:taxons, :properties] def products render_no_products unless order_cycle.open?