dup_spree_api 1.3.0.rc1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1 @@
+--colour

data/Gemfile

@@ -0,0 +1,5 @@
+eval(File.read(File.dirname(__FILE__) + '/../common_spree_dependencies.rb'))
+
+gem 'spree_core', :path => "../core"
+
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Ryan Bigg
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,30 @@
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+require 'rake/packagetask'
+require 'rubygems/package_task'
+require 'rspec/core/rake_task'
+require 'spree/core/testing_support/common_rake'
+require 'rails/all'
+
+Bundler::GemHelper.install_tasks
+RSpec::Core::RakeTask.new
+
+spec = eval(File.read('spree_api.gemspec'))
+Gem::PackageTask.new(spec) do |p|
+  p.gem_spec = spec
+end
+
+desc "Release to gemcutter"
+task :release do
+  version = File.read(File.expand_path("../../SPREE_VERSION", __FILE__)).strip
+  cmd = "cd pkg && gem push spree_api-#{version}.gem"; puts cmd; system cmd
+end
+
+task :default => :spec
+
+desc "Generates a dummy app for testing"
+task :test_app do
+  ENV['LIB_NAME'] = 'spree/api'
+  Rake::Task['common:test_app'].invoke
+end

data/app/controllers/spree/api/addresses_controller.rb

@@ -0,0 +1,20 @@
+module Spree
+  module Api
+    class AddressesController < Spree::Api::BaseController
+      respond_to :json
+
+      def show
+        @address = Address.find(params[:id])
+        authorize! :read, @address
+        respond_with(@address)
+      end
+
+      def update
+        @address = Address.find(params[:id])
+        authorize! :read, @address
+        @address.update_attributes(params[:address])
+        respond_with(@address, :default_template => :show)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/base_controller.rb

@@ -0,0 +1,114 @@
+module Spree
+  module Api
+    class BaseController < ActionController::Metal
+      include Spree::Api::ControllerSetup
+      include ::ActionController::Head
+
+      self.responder = Spree::Api::Responders::AppResponder
+
+      attr_accessor :current_api_user
+
+      before_filter :set_content_type
+      before_filter :check_for_api_key, :if => :requires_authentication?
+      before_filter :authenticate_user
+      after_filter  :set_jsonp_format
+
+      rescue_from CanCan::AccessDenied, :with => :unauthorized
+      rescue_from ActiveRecord::RecordNotFound, :with => :not_found
+
+      helper Spree::Api::ApiHelpers
+
+      def set_jsonp_format
+        if params[:callback] && request.get?
+          self.response_body = "#{params[:callback]}(#{self.response_body})"
+          headers["Content-Type"] = 'application/javascript'
+        end
+      end
+
+      def map_nested_attributes_keys(klass, attributes)
+        nested_keys = klass.nested_attributes_options.keys
+        attributes.inject({}) do |h, (k,v)|
+          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
+          h[key] = v
+          h
+        end.with_indifferent_access
+      end
+
+      private
+
+      def set_content_type
+        content_type = case params[:format]
+        when "json"
+          "application/json"
+        when "xml"
+          "text/xml"
+        end
+        headers["Content-Type"] = content_type
+      end
+
+      def check_for_api_key
+        render "spree/api/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
+      end
+
+      def authenticate_user
+        if requires_authentication? || api_key.present?
+          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
+            render "spree/api/errors/invalid_api_key", :status => 401 and return
+          end
+        else
+          # Effectively, an anonymous user
+          @current_api_user = Spree.user_class.new
+        end
+      end
+
+      def unauthorized
+        render "spree/api/errors/unauthorized", :status => 401 and return
+      end
+
+      def requires_authentication?
+        Spree::Api::Config[:requires_authentication]
+      end
+
+      def not_found
+        render "spree/api/errors/not_found", :status => 404 and return
+      end
+
+      def current_ability
+        Spree::Ability.new(current_api_user)
+      end
+
+      def invalid_resource!(resource)
+        @resource = resource
+        render "spree/api/errors/invalid_resource", :status => 422
+      end
+
+      def api_key
+        request.headers["X-Spree-Token"] || params[:token]
+      end
+      helper_method :api_key
+
+      def find_product(id)
+        begin
+          product_scope.find_by_permalink!(id.to_s)
+        rescue ActiveRecord::RecordNotFound
+          product_scope.find(id)
+        end
+      end
+
+      def product_scope
+        if current_api_user.has_spree_role?("admin")
+          scope = Product
+          unless params[:show_deleted]
+            scope = scope.not_deleted
+          end
+        else
+          scope = Product.active
+        end
+
+        scope.includes(:master)
+      end
+
+    end
+  end
+end
+

data/app/controllers/spree/api/countries_controller.rb

@@ -0,0 +1,18 @@
+module Spree
+  module Api
+    class CountriesController < Spree::Api::BaseController
+      respond_to :json
+
+      def index
+        @countries = Country.ransack(params[:q]).result.includes(:states).order('name ASC')
+          .page(params[:page]).per(params[:per_page])
+        respond_with(@countries)
+      end
+
+      def show
+        @country = Country.find(params[:id])
+        respond_with(@country)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/images_controller.rb

@@ -0,0 +1,32 @@
+module Spree
+  module Api
+    class ImagesController < Spree::Api::BaseController
+      respond_to :json
+
+      def show
+        @image = Image.find(params[:id])
+        respond_with(@image)
+      end
+
+      def create
+        authorize! :create, Image
+        @image = Image.create(params[:image])
+        respond_with(@image, :status => 201, :default_template => :show)
+      end
+
+      def update
+        authorize! :update, Image
+        @image = Image.find(params[:id])
+        @image.update_attributes(params[:image])
+        respond_with(@image, :default_template => :show)
+      end
+
+      def destroy
+        authorize! :delete, Image
+        @image = Image.find(params[:id])
+        @image.destroy
+        respond_with(@image, :status => 204)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/line_items_controller.rb

@@ -0,0 +1,40 @@
+module Spree
+  module Api
+    class LineItemsController < Spree::Api::BaseController
+      respond_to :json
+
+      def create
+        authorize! :read, order
+        @line_item = order.line_items.build(params[:line_item], :as => :api)
+        if @line_item.save
+          respond_with(@line_item, :status => 201, :default_template => :show)
+        else
+          invalid_resource!(@line_item)
+        end
+      end
+
+      def update
+        authorize! :read, order
+        @line_item = order.line_items.find(params[:id])
+        if @line_item.update_attributes(params[:line_item])
+          respond_with(@line_item, :default_template => :show)
+        else
+          invalid_resource!(@line_item)
+        end
+      end
+
+      def destroy
+        authorize! :read, order
+        @line_item = order.line_items.find(params[:id])
+        @line_item.destroy
+        respond_with(@line_item, :status => 204)
+      end
+
+      private
+
+      def order
+        @order ||= Order.find_by_number!(params[:order_id])
+      end
+    end
+  end
+end

data/app/controllers/spree/api/orders_controller.rb

@@ -0,0 +1,85 @@
+module Spree
+  module Api
+    class OrdersController < Spree::Api::BaseController
+      respond_to :json
+
+      before_filter :authorize_read!, :except => [:index, :search, :create]
+
+      def index
+        # should probably look at turning this into a CanCan step
+        raise CanCan::AccessDenied unless current_api_user.has_spree_role?("admin")
+        @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@orders)
+      end
+
+      def show
+        respond_with(@order)
+      end
+
+      def create
+        @order = Order.build_from_api(current_api_user, nested_params)
+        next!(:status => 201)
+      end
+
+      def update
+        authorize! :update, Order
+        if order.update_attributes(nested_params)
+          order.update!
+          respond_with(order, :default_template => :show)
+        else
+          invalid_resource!(order)
+        end
+      end
+
+      def address
+        order.build_ship_address(params[:shipping_address]) if params[:shipping_address]
+        order.build_bill_address(params[:billing_address]) if params[:billing_address]
+        next!
+      end
+
+      def delivery
+        begin
+          ShippingMethod.find(params[:shipping_method_id])
+        rescue ActiveRecord::RecordNotFound
+          render :invalid_shipping_method, :status => 422
+        else
+          order.update_attribute(:shipping_method_id, params[:shipping_method_id])
+          next!
+        end
+      end
+
+      def cancel
+        order.cancel!
+        render :show
+      end
+
+      def empty
+        order.line_items.destroy_all
+        order.update!
+        render :text => nil, :status => 200
+      end
+
+      private
+
+      def nested_params
+        map_nested_attributes_keys Order, params[:order] || {}
+      end
+
+      def order
+        @order ||= Order.find_by_number!(params[:id])
+      end
+
+      def next!(options={})
+        if @order.valid? && @order.next
+          render :show, :status => options[:status] || 200
+        else
+          render :could_not_transition, :status => 422
+        end
+      end
+
+      def authorize_read!
+        authorize! :read, order
+      end
+    end
+  end
+end

data/app/controllers/spree/api/payments_controller.rb

@@ -0,0 +1,80 @@
+module Spree
+  module Api
+    class PaymentsController < Spree::Api::BaseController
+      respond_to :json
+
+      before_filter :find_order
+      before_filter :find_payment, :only => [:show, :authorize, :purchase, :capture, :void, :credit]
+
+      def index
+        @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@payments)
+      end
+
+      def new
+        @payment_methods = Spree::PaymentMethod.where(:environment => Rails.env)
+        respond_with(@payment_method)
+      end
+
+      def create
+        @payment = @order.payments.build(params[:payment])
+        if @payment.save
+          respond_with(@payment, :status => 201, :default_template => :show)
+        else
+          invalid_resource!(@payment)
+        end
+      end
+
+      def show
+        respond_with(@payment)
+      end
+
+      def authorize
+        perform_payment_action(:authorize)
+      end
+
+      def capture
+        perform_payment_action(:capture)
+      end
+
+      def purchase
+        perform_payment_action(:purchase)
+      end
+
+      def void
+        perform_payment_action(:void_transaction)
+      end
+
+      def credit
+        if params[:amount].to_f > @payment.credit_allowed
+          render "spree/api/payments/credit_over_limit", :status => 422
+        else
+          perform_payment_action(:credit, params[:amount])
+        end
+      end
+
+      private
+
+      def find_order
+        @order = Order.find_by_number(params[:order_id])
+        authorize! :read, @order
+      end
+
+      def find_payment
+        @payment = @order.payments.find(params[:id])
+      end
+
+      def perform_payment_action(action, *args)
+        authorize! action, Payment
+
+        begin
+          @payment.send("#{action}!", *args)
+          respond_with(@payment, :default_template => :show)
+        rescue Spree::Core::GatewayError => e
+          @error = e.message
+          render "spree/api/errors/gateway_error", :status => 422
+        end
+      end
+    end
+  end
+end