Create API v1 with customers endpoint

[mkllnk]

What? Why?

Step 2 of #8787

Rebased version of #8326. We are setting the scene for the new OFN API V1 and add the customers endpoint as first example.

What should we test?

• Visit /api-docs to see what kind of requests need testing.
• You should be able to try the API in that UI.
• The endpoint supports full CRUD: create, read, update, delete
• You should be able to access the endpoints in your browser while logged in with the right permissions.
• You should be able to access the endpoints via curl in the command line if you provide your API key.
  Examples:

  curl -X GET "http://localhost:3000/api/v1/customers?token=97...ad2"\
   -H "accept: application/json"
  
  curl -X GET "http://localhost:3000/api/v1/customers"\
   -H "accept: application/json"\
   -H "X-Api-Token: 97...ad2"
  

• You should not be able to access customer data without authorisation.
• Pagination links should work.
• The enterprise relationship link doesn't work yet because we don't have that endpoint yet.
• Not all attributes are show yet. There's another issue and PR for that in the pipe.
• Users can see their own customer records and the records of the enterprises they manage.
• All records are returned without a given enterprise id.
• Only customer records of one enterprise are shown if the enterprise id is given.

Release notes

Changelog Category: User facing changes

The title of the pull request will be included in the release notes.

Dependencies

We are waiting for:

• Split name column in customers table #8577
• Split name column in customers table #8763

Documentation updates

Let's not publish this yet but we can upload the new swagger file to Swaggerhub at some point. In the meantime, staging servers will have documentation at /api-docs.

[jibees]

Nice and though one! 💪

Reading the initial issue (#8788), I'm a bit concerned about the needed attributes (see my comment below), but also about the feature toggle mentioned in the acceptance criteria: "8- Feature exists behind a feature toggle"

[jibees]

Reading the initial issue: #8788, I was wondering if there were some necessary attributes missing?

[mkllnk]

This is not closing #8788. This is only step two of #8787. I will create another PR for the missing attributes and the feature toggle.

[jibees]

oh yes, I didn't see that step2 ! Thanks !

[apricot12]

Went through this. Looks good to my eye 🚀

[filipefurtad0]

Hey @mkllnk ,

After staging, the server displays the

Checked the docs, and tested the following endpoints:

• customers

curl -X GET "https://staging.openfoodnetwork.org.uk/api/v1/customers?token=0_____________________________5" -H "accept: application/json"

• creating a customer

Whhoaa. Awesome. We can now create customers via the console 👀 🎉 🚀

However, it did not really seemed to work correctly for first, last and code:

the request:
curl -X POST "https://staging.openfoodnetwork.org.uk/api/v1/customers?token=0_____________________________5" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"enterprise_id\":1819,\"first_name\":\"Alice\",\"last_name\":\"Springs\",\"code\":\"BUYER1\",\"email\":\"alice@example.com\"}"

Created this customer:

Is there an obvious reason for this, that I might be missing? I'll need to stop here and continue testing later.

[filipefurtad0]

I'm not really done with testing all the test cases above (thanks for adding them Maikel) nor eventual regression testing. I'm not sure on the risk of regressions this PR introduces.

From the discussion above, it seems the feature toggle is not yet implemented here. I also could not find any reference to Flipper in the code, or anything on how to activate/deactivate this feature.

On the other hand, we should merge asap to unblock work on this funded feature. So, moving to ready to go, feel free to merge.

[Matt-Yorkley]

This needs the other params like :first_name, :last_name, right?

[Matt-Yorkley]

(That's why they didn't show up in the test @filipefurtad0 did above...)

[mkllnk]

Yes, that's in the next PR which adds all the specified attributes.

[Matt-Yorkley]

This seems like a weird case...

We could just avoid it entirely by forcing the value to always be positive at the point we're doing the pagination, eg:

params[:per_page].to_i.clamp(1..)

What do you think?

[mkllnk]

Tempting. Much simpler. But I think that we should give people direct feedback about invalid parameters. It may have been a typo and we don't want to let our sever work if not needed. And someone may have intended to get page 10 and then got page 1 instead, may not notice.