refinerycms-api 1.0.0.beta

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fea548db2f08cdcac03566e7f651fbdd8251c017
+  data.tar.gz: ea1815014f6903f77300cf2e726655a4aa4152c9
+SHA512:
+  metadata.gz: 636256ea9c45a20c3bb6c43f42e93f9db932135bb32ba1026c5724fe778e0494b003f0d7f97f8abf48055345a74dbb04ebb7c987a5c106afe947bcad007128a8
+  data.tar.gz: f3cf461aa73fa93a41c023913ce9c103ed7b7b811908a356b5e9d6375ed3a858d0496b5fe5ba9713b10530243d67a5520fd21435346d552b3e63356d39d23cd5

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.DS_Store
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.gems
+
+spec/dummy

data/.rbenv-gemsets

@@ -0,0 +1 @@
+.gems

data/.ruby-version

@@ -0,0 +1 @@
+2.2.1

data/.travis.yml

@@ -0,0 +1,12 @@
+language: ruby
+cache: bundler
+bundler_args: --without development
+before_script: "bin/rake refinery:testing:dummy_app"
+env:
+  - DB=postgresql
+  - DB=mysql
+rvm:
+  - 2.3.0
+  - 2.2
+  - 2.1
+sudo: false

data/Gemfile

@@ -0,0 +1,57 @@
+source "https://rubygems.org"
+
+gem "refinerycms-authentication-devise", '~> 1.0.4'
+gem "refinerycms-blog", github: 'refinery/refinerycms-blog', branch: 'bugfix/decoupling'
+gem "refinerycms-inquiries", github: 'refinery/refinerycms-inquiries', branch: 'master'
+
+gemspec
+
+git "https://github.com/refinery/refinerycms", branch: "master" do
+  gem "refinerycms"
+
+  group :test do
+    gem "refinerycms-testing"
+  end
+end
+
+
+
+# Database Configuration
+unless ENV["TRAVIS"]
+  gem "activerecord-jdbcsqlite3-adapter", :platform => :jruby
+  gem "sqlite3", :platform => :ruby
+end
+
+if !ENV["TRAVIS"] || ENV["DB"] == "mysql"
+  gem "activerecord-jdbcmysql-adapter", :platform => :jruby
+  gem "jdbc-mysql", "= 5.1.13", :platform => :jruby
+  gem "mysql2", :platform => :ruby
+end
+
+if !ENV["TRAVIS"] || ENV["DB"] == "postgresql"
+  gem "activerecord-jdbcpostgresql-adapter", :platform => :jruby
+  gem "pg", :platform => :ruby
+end
+
+gem "jruby-openssl", :platform => :jruby
+
+# Refinery/rails should pull in the proper versions of these
+group :assets do
+  gem "sass-rails"
+  gem "coffee-rails"
+  gem "uglifier"
+end
+
+group :development do
+  gem 'quiet_assets'
+end
+
+group :test do
+  gem "launchy"
+  gem 'rspec-activemodel-mocks', '~> 1.0.2'
+end
+
+# Load local gems according to Refinery developer preference.
+if File.exist? local_gemfile = File.expand_path("../.gemfile", __FILE__)
+  eval File.read(local_gemfile)
+end

data/LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2007-2015, Spree Commerce, Inc. and other contributors
+Copyright (c) 2016, Brice Sanchez and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/Rakefile

@@ -0,0 +1,21 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+ENGINE_PATH = File.dirname(__FILE__)
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+
+if File.exists?(APP_RAKEFILE)
+  load 'rails/tasks/engine.rake'
+end
+
+require "refinerycms-testing"
+Refinery::Testing::Railtie.load_dummy_tasks(ENGINE_PATH)
+
+load File.expand_path('../tasks/rspec.rake', __FILE__)
+load File.expand_path('../tasks/refinery_api.rake', __FILE__)
+
+task :default => :spec

data/app/controllers/refinery/api/base_controller.rb

@@ -0,0 +1,174 @@
+require_dependency 'refinery/api/controller_setup'
+
+module Refinery
+  module Api
+    class BaseController < ActionController::Base
+      include Refinery::Api::ControllerSetup
+      include Refinery::Api::ControllerHelpers::StrongParameters
+
+      attr_accessor :current_api_user
+
+      before_action :set_content_type
+      before_action :load_user
+      before_action :authorize_for_order, if: Proc.new { order_token.present? }
+      before_action :authenticate_user
+      before_action :load_user_roles
+
+      rescue_from ActionController::ParameterMissing, with: :error_during_processing
+      rescue_from ActiveRecord::RecordInvalid, with: :error_during_processing
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found
+      rescue_from CanCan::AccessDenied, with: :unauthorized
+      rescue_from Refinery::Api::GatewayError, with: :gateway_error
+
+      helper Refinery::Api::ApiHelpers
+
+      def map_nested_attributes_keys(klass, attributes)
+        nested_keys = klass.nested_attributes_options.keys
+        attributes.inject({}) do |h, (k,v)|
+          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
+          h[key] = v
+          h
+        end.with_indifferent_access
+      end
+
+      # users should be able to set price when importing orders via api
+      def permitted_line_item_attributes
+        if @current_user_roles.include?("admin")
+          super + [:price, :variant_id, :sku]
+        else
+          super
+        end
+      end
+
+      def content_type
+        case params[:format]
+        when "json"
+          "application/json; charset=utf-8"
+        when "xml"
+          "text/xml; charset=utf-8"
+        end
+      end
+
+      protected
+
+      def authorisation_manager
+        @authorisation_manager ||= ::Refinery::Core::AuthorisationManager.new
+      end
+      # We ❤ you, too ️
+      alias_method :authorization_manager, :authorisation_manager
+
+      private
+
+      def set_content_type
+        headers["Content-Type"] = content_type
+      end
+
+      def load_user
+        @current_api_user = Refinery::Api.user_class.find_by(refinery_api_key: api_key.to_s)
+      end
+
+      def authenticate_user
+        return if @current_api_user
+
+        if requires_authentication? && api_key.blank? && order_token.blank?
+          render "refinery/api/errors/must_specify_api_key", status: 401 and return
+        elsif order_token.blank? && (requires_authentication? || api_key.present?)
+          render "refinery/api/errors/invalid_api_key", status: 401 and return
+        else
+          # An anonymous user
+          @current_api_user = Refinery::Api.user_class.new
+        end
+      end
+
+      def load_user_roles
+        @current_user_roles = @current_api_user ? @current_api_user.roles.pluck(:title) : []
+      end
+
+      def unauthorized
+        render "refinery/api/errors/unauthorized", status: 401 and return
+      end
+
+      def error_during_processing(exception)
+        Rails.logger.error exception.message
+        Rails.logger.error exception.backtrace.join("\n")
+
+        unprocessable_entity(exception.message)
+      end
+
+      def unprocessable_entity(message)
+        render text: { exception: message }.to_json, status: 422
+      end
+
+      def gateway_error(exception)
+        @order.errors.add(:base, exception.message)
+        invalid_resource!(@order)
+      end
+
+      def requires_authentication?
+        Refinery::Api.requires_authentication
+      end
+
+      def not_found
+        render "refinery/api/errors/not_found", status: 404 and return
+      end
+
+      def current_ability
+        Refinery::Ability.new(current_api_user)
+      end
+
+      def invalid_resource!(resource)
+        @resource = resource
+        render "refinery/api/errors/invalid_resource", status: 422
+      end
+
+      def api_key
+        request.headers["X-Refinery-Token"] || params[:token]
+      end
+      helper_method :api_key
+
+      def order_token
+        request.headers["X-Refinery-Order-Token"] || params[:order_token]
+      end
+
+      def find_product(id)
+        product_scope.friendly.find(id.to_s)
+      rescue ActiveRecord::RecordNotFound
+        product_scope.find(id)
+      end
+
+      def product_scope
+        if @current_user_roles.include?("admin")
+          scope = Product.with_deleted.accessible_by(current_ability, :read).includes(*product_includes)
+
+          unless params[:show_deleted]
+            scope = scope.not_deleted
+          end
+          unless params[:show_discontinued]
+            scope = scope.not_discontinued
+          end
+        else
+          scope = Product.accessible_by(current_ability, :read).active.includes(*product_includes)
+        end
+
+        scope
+      end
+
+      def variants_associations
+        [{ option_values: :option_type }, :default_price, :images]
+      end
+
+      def product_includes
+        [:option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations]
+      end
+
+      def order_id
+        params[:order_id] || params[:checkout_id] || params[:order_number]
+      end
+
+      def authorize_for_order
+        @order = Refinery::Order.find_by(number: order_id)
+        authorize! :read, @order, order_token
+      end
+    end
+  end
+end

data/app/controllers/refinery/api/v1/blog/posts_controller.rb

@@ -0,0 +1,78 @@
+if defined?(Refinery::Blog)
+  module Refinery
+    module Api
+      module V1
+        module Blog
+          class PostsController < Refinery::Api::BaseController
+
+            def index
+              if params[:ids]
+                @posts = Refinery::Blog::Post.
+                          accessible_by(current_ability, :read).
+                          where(id: params[:ids].split(','))
+              else
+                @posts = Refinery::Blog::Post.
+                          accessible_by(current_ability, :read).
+                          # ransack(params[:q]).result
+                          newest_first
+              end
+
+              respond_with(@posts)
+            end
+
+            def show
+              @post = post
+              respond_with(@post)
+            end
+
+            def new
+            end
+
+            def create
+              authorize! :create, ::Refinery::Blog::Post
+              @post = Refinery::Blog::Post.new(post_params)
+
+              if @post.save
+                respond_with(@post, status: 201, default_template: :show)
+              else
+                invalid_resource!(@post)
+              end
+            end
+
+            def update
+              authorize! :update, post
+              if post.update_attributes(post_params)
+                respond_with(post, status: 200, default_template: :show)
+              else
+                invalid_resource!(post)
+              end
+            end
+
+            def destroy
+              authorize! :destroy, post
+              post.destroy
+              respond_with(post, status: 204)
+            end
+
+            private
+
+            def post
+              @post ||= Refinery::Blog::Post.
+                          accessible_by(current_ability, :read).
+                          find(params[:id])
+            end
+
+            def post_params
+              if params[:post] && !params[:post].empty?
+                params.require(:post).permit(permitted_blog_post_attributes)
+              else
+                {}
+              end
+            end
+
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/refinery/api/v1/images_controller.rb

@@ -0,0 +1,76 @@
+module Refinery
+  module Api
+    module V1
+      class ImagesController < Refinery::Api::BaseController
+        def index
+          @images = Refinery::Image.
+                      includes(:translations).
+                      accessible_by(current_ability, :read)
+          respond_with(@images)
+        end
+
+        def show
+          @image = Refinery::Image.
+                    includes(:translations).
+                    accessible_by(current_ability, :read).
+                    find(params[:id])
+          respond_with(@image)
+        end
+
+        def new
+        end
+
+        def create
+          authorize! :create, Image
+          @images = []
+          begin
+            if params[:image].present? && params[:image][:image].is_a?(Array)
+              params[:image][:image].each do |image|
+                params[:image][:image_title] = params[:image][:image_title].presence || auto_title(image.original_filename)
+                @images << (@image = ::Refinery::Image.create({image: image}.merge(image_params.except(:image))))
+              end
+            else
+              @images << (@image = ::Refinery::Image.create(image_params))
+            end
+          rescue NotImplementedError
+            logger.warn($!.message)
+            @image = ::Refinery::Image.new
+          end
+
+          if @images.all?(&:valid?)
+            respond_with(@images, status: 201, default_template: :show)
+          else
+            invalid_resource!(@images)
+          end
+        end
+
+        def update
+          @image = Refinery::Image.accessible_by(current_ability, :update).find(params[:id])
+          if @image.update_attributes(image_params)
+            respond_with(@image, default_template: :show)
+          else
+            invalid_resource!(@image)
+          end
+        end
+
+        def destroy
+          @image = Refinery::Image.accessible_by(current_ability, :destroy).find(params[:id])
+          @image.destroy
+          respond_with(@image, status: 204)
+        end
+
+        protected
+
+        def auto_title(filename)
+          CGI::unescape(filename.to_s).gsub(/\.\w+$/, '').titleize
+        end
+
+        private
+
+        def image_params
+          params.require(:image).permit(permitted_image_attributes)
+        end
+      end
+    end
+  end
+end