diff --git a/app/controllers/api/enterprises_controller.rb b/app/controllers/api/enterprises_controller.rb index 092edd08b7..82ae80d31e 100644 --- a/app/controllers/api/enterprises_controller.rb +++ b/app/controllers/api/enterprises_controller.rb @@ -5,12 +5,7 @@ module Api before_filter :override_sells, only: [:create, :update] before_filter :override_visible, only: [:create, :update] respond_to :json - skip_authorization_check only: [:shopfront, :managed] - - def managed - @enterprises = Enterprise.ransack(params[:q]).result.managed_by(current_api_user) - render params[:template] || :bulk_index - end + skip_authorization_check only: [:shopfront] def create authorize! :create, Enterprise diff --git a/app/controllers/api/order_cycles_controller.rb b/app/controllers/api/order_cycles_controller.rb deleted file mode 100644 index 3522c690f2..0000000000 --- a/app/controllers/api/order_cycles_controller.rb +++ /dev/null @@ -1,25 +0,0 @@ -module Api - class OrderCyclesController < Spree::Api::BaseController - respond_to :json - def managed - authorize! :admin, OrderCycle - authorize! :read, OrderCycle - @order_cycles = OrderCycle.ransack(params[:q]).result.managed_by(current_api_user) - render params[:template] || :bulk_index - end - - def accessible - @order_cycles = if params[:as] == "distributor" - OrderCycle.ransack(params[:q]).result. - involving_managed_distributors_of(current_api_user).order('updated_at DESC') - elsif params[:as] == "producer" - OrderCycle.ransack(params[:q]).result. - involving_managed_producers_of(current_api_user).order('updated_at DESC') - else - OrderCycle.ransack(params[:q]).result.accessible_by(current_api_user) - end - - render params[:template] || :bulk_index - end - end -end diff --git a/app/helpers/injection_helper.rb b/app/helpers/injection_helper.rb index aa85939fbe..4eeab21f0c 100644 --- a/app/helpers/injection_helper.rb +++ b/app/helpers/injection_helper.rb @@ -111,8 +111,12 @@ module InjectionHelper inject_json_ams "savedCreditCards", data, Api::CreditCardSerializer end - def inject_json(name, partial, opts = {}) - render partial: "json/injection", locals: { name: name, partial: partial }.merge(opts) + def inject_current_user + inject_json_ams "user", spree_current_user, Api::UserSerializer + end + + def inject_rails_flash + inject_json_ams "railsFlash", OpenStruct.new(flash.to_hash), Api::RailsFlashSerializer end def inject_json_ams(name, data, serializer, opts = {}) diff --git a/app/serializers/api/rails_flash_serializer.rb b/app/serializers/api/rails_flash_serializer.rb new file mode 100644 index 0000000000..ea7912b1e7 --- /dev/null +++ b/app/serializers/api/rails_flash_serializer.rb @@ -0,0 +1,7 @@ +module Api + class RailsFlashSerializer < ActiveModel::Serializer + attributes :info, :success, :error, :notice + + delegate :info, :success, :error, :notice, to: :object + end +end diff --git a/app/serializers/api/user_serializer.rb b/app/serializers/api/user_serializer.rb new file mode 100644 index 0000000000..3d9e64e956 --- /dev/null +++ b/app/serializers/api/user_serializer.rb @@ -0,0 +1,5 @@ +module Api + class UserSerializer < ActiveModel::Serializer + attributes :id, :email + end +end diff --git a/app/views/admin/json/_enterprises.rabl b/app/views/admin/json/_enterprises.rabl deleted file mode 100644 index 29e1dc7bf6..0000000000 --- a/app/views/admin/json/_enterprises.rabl +++ /dev/null @@ -1,3 +0,0 @@ -collection @enterprises - -attributes :id, :name diff --git a/app/views/api/enterprises/bulk_index.v1.rabl b/app/views/api/enterprises/bulk_index.v1.rabl deleted file mode 100644 index 66286c5fed..0000000000 --- a/app/views/api/enterprises/bulk_index.v1.rabl +++ /dev/null @@ -1,2 +0,0 @@ -collection @enterprises -extends "api/enterprises/bulk_show" diff --git a/app/views/api/order_cycles/bulk_index.v1.rabl b/app/views/api/order_cycles/bulk_index.v1.rabl deleted file mode 100644 index 22923d69c0..0000000000 --- a/app/views/api/order_cycles/bulk_index.v1.rabl +++ /dev/null @@ -1,2 +0,0 @@ -collection @order_cycles -extends "api/order_cycles/bulk_show" diff --git a/app/views/api/order_cycles/bulk_show.v1.rabl b/app/views/api/order_cycles/bulk_show.v1.rabl deleted file mode 100644 index e9bf675e6d..0000000000 --- a/app/views/api/order_cycles/bulk_show.v1.rabl +++ /dev/null @@ -1,11 +0,0 @@ -object @order_cycle - -attributes :id, :name -node( :first_order ) { |order| order.orders_open_at.strftime("%F") } -node( :last_order ) { |order| (order.orders_close_at + 1.day).strftime("%F") } -node( :suppliers ) do |oc| - partial 'api/enterprises/bulk_index', object: oc.suppliers -end -node( :distributors ) do |oc| - partial 'api/enterprises/bulk_index', object: oc.distributors -end diff --git a/app/views/json/_current_order.rabl b/app/views/json/_current_order.rabl deleted file mode 100644 index c8d6771644..0000000000 --- a/app/views/json/_current_order.rabl +++ /dev/null @@ -1,12 +0,0 @@ -object current_order -attributes :id, :item_total - -if current_order - child line_items: :line_items do - attributes :id, :variant_id, :quantity, :price - end - - node :cart_count do - cart_count - end -end diff --git a/app/views/json/_current_user.rabl b/app/views/json/_current_user.rabl deleted file mode 100644 index b07ae07b66..0000000000 --- a/app/views/json/_current_user.rabl +++ /dev/null @@ -1,2 +0,0 @@ -object spree_current_user -attributes :email, :id diff --git a/app/views/json/_enterprises.rabl b/app/views/json/_enterprises.rabl deleted file mode 100644 index e76ab187f8..0000000000 --- a/app/views/json/_enterprises.rabl +++ /dev/null @@ -1,7 +0,0 @@ -# TODO: This should be moved into the controller -# RABL is tricky to pass variables into: so we do this as a workaround for now -# I noticed some vague comments on Rabl github about this, but haven't looked into -collection Enterprise.visible -extends 'json/partials/enterprise' -extends 'json/partials/producer' -extends 'json/partials/hub' diff --git a/app/views/json/_flash.rabl b/app/views/json/_flash.rabl deleted file mode 100644 index 5a90e00f02..0000000000 --- a/app/views/json/_flash.rabl +++ /dev/null @@ -1,2 +0,0 @@ -object OpenStruct.new(flash.to_hash) -attributes :info, :success, :error, :notice diff --git a/app/views/json/_groups.rabl b/app/views/json/_groups.rabl deleted file mode 100644 index e6eeda8ffb..0000000000 --- a/app/views/json/_groups.rabl +++ /dev/null @@ -1,18 +0,0 @@ -collection @groups -attributes :id, :permalink, :name, :position, :description, :long_description, :email, :website, :facebook, :instagram, :linkedin, :twitter - -child enterprises: :enterprises do - attributes :id -end - -node :logo do |group| - group.logo(:medium) if group.logo? -end - -node :promo_image do |group| - group.promo_image(:large) if group.promo_image? -end - -node :state do |group| - group.state.andand.abbr -end diff --git a/app/views/json/_hubs.rabl b/app/views/json/_hubs.rabl deleted file mode 100644 index 66cbdee277..0000000000 --- a/app/views/json/_hubs.rabl +++ /dev/null @@ -1,3 +0,0 @@ -collection Enterprise.is_distributor.visible -extends 'json/partials/enterprise' -extends 'json/partials/hub' diff --git a/app/views/json/_injection.html.haml b/app/views/json/_injection.html.haml deleted file mode 100644 index ca58b4a943..0000000000 --- a/app/views/json/_injection.html.haml +++ /dev/null @@ -1,2 +0,0 @@ -:javascript - angular.module('Darkswarm').value("#{name.to_s}", #{render partial: "json/#{partial.to_s}"}) diff --git a/app/views/json/_producer.rabl b/app/views/json/_producer.rabl deleted file mode 100644 index b3f19267be..0000000000 --- a/app/views/json/_producer.rabl +++ /dev/null @@ -1,14 +0,0 @@ -attributes :id, :name, :description, :long_description, :website, :instagram, :facebook, :linkedin, :twitter - -node :promo_image do |producer| - producer.promo_image(:large) -end -node :logo do |producer| - producer.logo(:medium) -end - -node :path do |producer| - main_app.producer_path(producer) -end - -node :hash, &:to_param diff --git a/app/views/json/_producers.rabl b/app/views/json/_producers.rabl deleted file mode 100644 index cad5b29062..0000000000 --- a/app/views/json/_producers.rabl +++ /dev/null @@ -1,3 +0,0 @@ -collection Enterprise.is_primary_producer.visible -extends 'json/partials/enterprise' -extends 'json/partials/producer' diff --git a/app/views/json/_taxon.rabl b/app/views/json/_taxon.rabl deleted file mode 100644 index 265ace60d7..0000000000 --- a/app/views/json/_taxon.rabl +++ /dev/null @@ -1,5 +0,0 @@ -attributes :name, :id, :permalink - -node :icon do |taxon| - taxon.icon(:original) -end diff --git a/app/views/json/partials/_address.rabl b/app/views/json/partials/_address.rabl deleted file mode 100644 index 8f77f83d99..0000000000 --- a/app/views/json/partials/_address.rabl +++ /dev/null @@ -1,4 +0,0 @@ -attributes :city, :zipcode, :phone -node :state_name do |address| - address.state.abbr -end diff --git a/app/views/json/partials/_enterprise.rabl b/app/views/json/partials/_enterprise.rabl deleted file mode 100644 index 14f88244f3..0000000000 --- a/app/views/json/partials/_enterprise.rabl +++ /dev/null @@ -1,29 +0,0 @@ -attributes :name, :id, :description, :latitude, :longitude, :long_description, :website, :instagram, :linkedin, :twitter, :facebook, :is_primary_producer, :is_distributor, :phone - -node :email_address do |enterprise| - enterprise.email_address.to_s.reverse -end - -child :address do - extends "json/partials/address" -end - -node :hash, &:to_param - -node :logo do |enterprise| - enterprise.logo(:medium) if enterprise.logo? -end - -node :promo_image do |enterprise| - enterprise.promo_image(:large) if enterprise.promo_image? -end - -node :icon do |e| - if e.is_primary_producer && e.is_distributor - image_path "map_003-producer-shop.svg" - elsif e.is_primary_producer - image_path "map_001-producer-only.svg" - else - image_path "map_005-hub.svg" - end -end diff --git a/app/views/json/partials/_hub.rabl b/app/views/json/partials/_hub.rabl deleted file mode 100644 index c765271d39..0000000000 --- a/app/views/json/partials/_hub.rabl +++ /dev/null @@ -1,23 +0,0 @@ -child distributed_taxons: :taxons do - extends "json/taxon" -end -child suppliers: :producers do - attributes :id -end -node :path do |enterprise| - main_app.enterprise_shop_path(enterprise) -end -node :pickup do |hub| - hub.shipping_methods.where(require_ship_address: false).present? -end -node :delivery do |hub| - hub.shipping_methods.where(require_ship_address: true).present? -end -if @active_distributors - node :active do |hub| - @active_distributors.include?(hub) - end -end -node :orders_close_at do |hub| - OrderCycle.first_closing_for(hub).andand.orders_close_at -end diff --git a/app/views/json/partials/_producer.rabl b/app/views/json/partials/_producer.rabl deleted file mode 100644 index f18f7e0c8d..0000000000 --- a/app/views/json/partials/_producer.rabl +++ /dev/null @@ -1,10 +0,0 @@ -child distributors: :hubs do - attributes :id -end -node :path do |producer| - main_app.producer_path(producer) -end - -child supplied_taxons: :supplied_taxons do - extends 'json/taxon' -end diff --git a/app/views/layouts/darkswarm.html.haml b/app/views/layouts/darkswarm.html.haml index 4b1a8c1312..317f40907d 100644 --- a/app/views/layouts/darkswarm.html.haml +++ b/app/views/layouts/darkswarm.html.haml @@ -45,8 +45,8 @@ = yield :scripts = inject_current_hub - = inject_json "user", "current_user" - = inject_json "railsFlash", "flash" + = inject_current_user + = inject_rails_flash = inject_taxons = inject_properties = inject_current_order diff --git a/app/views/layouts/registration.html.haml b/app/views/layouts/registration.html.haml index 0221b1ce3a..2902f6683e 100644 --- a/app/views/layouts/registration.html.haml +++ b/app/views/layouts/registration.html.haml @@ -31,7 +31,7 @@ = javascript_include_tag "darkswarm/all" = yield :scripts - = inject_json "user", "current_user" + = inject_current_user = yield :injection_data = render "layouts/i18n_script" diff --git a/spec/controllers/api/order_cycles_controller_spec.rb b/spec/controllers/api/order_cycles_controller_spec.rb deleted file mode 100644 index 64f813f5a4..0000000000 --- a/spec/controllers/api/order_cycles_controller_spec.rb +++ /dev/null @@ -1,199 +0,0 @@ -require 'spec_helper' -require 'spree/api/testing_support/helpers' - -module Api - describe OrderCyclesController, type: :controller do - include Spree::Api::TestingSupport::Helpers - include AuthenticationWorkflow - render_views - - describe "managed" do - let!(:oc1) { FactoryBot.create(:simple_order_cycle) } - let!(:oc2) { FactoryBot.create(:simple_order_cycle) } - let(:coordinator) { oc1.coordinator } - let(:attributes) { [:id, :name, :suppliers, :distributors] } - - before do - allow(controller).to receive(:spree_current_user) { current_api_user } - end - - context "as a normal user" do - sign_in_as_user! - - it "should deny me access to managed order cycles" do - spree_get :managed, format: :json - assert_unauthorized! - end - end - - context "as an enterprise user" do - sign_in_as_enterprise_user! [:coordinator] - - it "retrieves a list of variants with appropriate attributes" do - get :managed, format: :json - keys = json_response.first.keys.map(&:to_sym) - expect(attributes.all?{ |attr| keys.include? attr }).to eq(true) - end - end - - context "as an administrator" do - sign_in_as_admin! - - it "retrieves a list of variants with appropriate attributes" do - get :managed, format: :json - keys = json_response.first.keys.map(&:to_sym) - expect(attributes.all?{ |attr| keys.include? attr }).to eq(true) - end - end - end - - describe "accessible" do - context "without :as parameter" do - let(:oc_supplier) { create(:supplier_enterprise) } - let(:oc_distributor) { create(:distributor_enterprise) } - let(:other_supplier) { create(:supplier_enterprise) } - let(:oc_supplier_user) do - user = create(:user) - user.spree_roles = [] - user.enterprise_roles.create(enterprise: oc_supplier) - user.save! - user - end - let(:oc_distributor_user) do - user = create(:user) - user.spree_roles = [] - user.enterprise_roles.create(enterprise: oc_distributor) - user.save! - user - end - let(:other_supplier_user) do - user = create(:user) - user.spree_roles = [] - user.enterprise_roles.create(enterprise: other_supplier) - user.save! - user - end - let!(:order_cycle) { create(:simple_order_cycle, suppliers: [oc_supplier], distributors: [oc_distributor]) } - - context "as the user of a supplier to an order cycle" do - before do - allow(controller).to receive(:spree_current_user) { oc_supplier_user } - end - - it "gives me access" do - spree_get :accessible, template: 'bulk_index', format: :json - - expect(json_response.length).to eq(1) - expect(json_response[0]['id']).to eq(order_cycle.id) - end - end - - context "as the user of some other supplier" do - before do - allow(controller).to receive(:spree_current_user) { other_supplier_user } - end - - it "does not give me access" do - spree_get :accessible, template: 'bulk_index', format: :json - expect(json_response.length).to eq(0) - end - end - - context "as the user of a hub for the order cycle" do - before do - allow(controller).to receive(:spree_current_user) { oc_distributor_user } - end - - it "gives me access" do - spree_get :accessible, template: 'bulk_index', format: :json - - expect(json_response.length).to eq(1) - expect(json_response[0]['id']).to eq(order_cycle.id) - end - end - end - - context "when the :as parameter is set to 'distributor'" do - let(:user) { create_enterprise_user } - let(:distributor) { create(:distributor_enterprise) } - let(:producer) { create(:supplier_enterprise) } - let(:coordinator) { create(:distributor_enterprise) } - let!(:oc) { create(:simple_order_cycle, coordinator: coordinator, distributors: [distributor], suppliers: [producer]) } - - let(:params) { { format: :json, as: 'distributor' } } - - before do - allow(controller).to receive(:spree_current_user) { user } - end - - context "as the manager of a supplier in an order cycle" do - before { user.enterprise_roles.create(enterprise: producer) } - - it "does not return the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to_not include oc - end - end - - context "as the manager of a distributor in an order cycle" do - before { user.enterprise_roles.create(enterprise: distributor) } - - it "returns the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to include oc - end - end - - context "as the manager of the coordinator of an order cycle" do - before { user.enterprise_roles.create(enterprise: coordinator) } - - it "returns the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to include oc - end - end - end - - context "when the :as parameter is set to 'producer'" do - let(:user) { create_enterprise_user } - let(:distributor) { create(:distributor_enterprise) } - let(:producer) { create(:supplier_enterprise) } - let(:coordinator) { create(:distributor_enterprise) } - let!(:oc) { create(:simple_order_cycle, coordinator: coordinator, distributors: [distributor], suppliers: [producer]) } - - let(:params) { { format: :json, as: 'producer' } } - - before do - allow(controller).to receive(:spree_current_user) { user } - end - - context "as the manager of a producer in an order cycle" do - before { user.enterprise_roles.create(enterprise: producer) } - - it "returns the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to include oc - end - end - - context "as the manager of a distributor in an order cycle" do - before { user.enterprise_roles.create(enterprise: distributor) } - - it "does not return the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to_not include oc - end - end - - context "as the manager of the coordinator of an order cycle" do - before { user.enterprise_roles.create(enterprise: coordinator) } - - it "returns the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to include oc - end - end - end - end - end -end