spree_api 0.30.0.beta1

data/LICENSE

@@ -0,0 +1,26 @@
+Copyright (c) 2007-2010, Rails Dog LLC and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,5 @@
+Spree API
+=========
+Manage orders,shipments etc. with a simple REST API
+
+See [RESTful API guide](http://spreecommerce.com/documentation/rest.html) for more details.

data/app/controllers/api/base_controller.rb

@@ -0,0 +1,97 @@
+class Api::BaseController < Spree::BaseController
+
+  def self.resource_controller_for_api
+    resource_controller
+    skip_before_filter :verify_authenticity_token, :if => lambda { admin_token_passed_in_headers }
+
+    index.response do |wants|
+      wants.json { render :json => collection.to_json(collection_serialization_options) }
+    end
+
+    show.response do |wants|
+      wants.json { render :json => object.to_json(object_serialization_options) }
+    end
+
+    create do
+      wants.json { redirect_to object_url, :status => 201 }
+      failure.wants.json { render :json => object_errors.to_json, :status => 422 }
+    end
+
+    update do
+      wants.json { render :nothing => true }
+      failure.wants.json { render :json => object_errors.to_json, :status => 422 }
+    end
+
+    define_method :admin_token_passed_in_headers do
+      token = request.headers['X-SpreeAPIKey']
+      return false unless token
+      @current_user = User.find_by_api_key(token)
+      @current_user.has_role? 'admin'
+    end
+
+    define_method :end_of_association_chain do
+      (parent? ? parent_association : model).scoped(:include  => eager_load_associations)
+    end
+
+    define_method :collection do
+      @collection ||= search.all(:limit => 100)
+    end
+  end
+
+  def access_denied
+    render :text => 'access_denied', :status => 401
+  end
+
+  # Generic action to handle firing of state events on an object
+  def event
+    valid_events = model.state_machine.events.map(&:name)
+    valid_events_for_object = object.state_transitions.map(&:event)
+
+    if params[:e].blank?
+      errors = t('api.errors.missing_event')
+    elsif valid_events_for_object.include?(params[:e].to_sym)
+      object.send("#{params[:e]}!")
+      errors = nil
+    elsif valid_events.include?(params[:e].to_sym)
+      errors = t('api.errors.invalid_event_for_object', :events => valid_events_for_object.join(','))
+    else
+      errors = t('api.errors.invalid_event', :events => valid_events.join(','))
+    end
+
+    respond_to do |wants|
+      wants.json do
+        if errors.blank?
+          render :nothing => true
+        else
+          render :json => errors.to_json, :status => 422
+        end
+      end
+    end
+  end
+
+  protected
+
+    def search
+      return @search unless @search.nil?
+      @search = end_of_association_chain.searchlogic(params[:search])
+      @search.order ||= "descend_by_created_at"
+      @search
+    end
+
+    def collection_serialization_options
+      {}
+    end
+
+    def object_serialization_options
+      {}
+    end
+
+    def eager_load_associations
+      nil
+    end
+
+    def object_errors
+      {:errors => object.errors.full_messages}
+    end
+
+end

data/app/controllers/api/countries_controller.rb

@@ -0,0 +1,4 @@
+class Api::CountriesController < Api::BaseController
+  resource_controller_for_api
+  actions :index, :show
+end

data/app/controllers/api/inventory_units_controller.rb

@@ -0,0 +1,12 @@
+class Api::InventoryUnitsController < Api::BaseController
+  resource_controller_for_api
+  actions :index, :show, :update, :create
+  belongs_to :shipment, :order
+
+  private
+
+    def eager_load_associations
+      [:variant]
+    end
+      
+end

data/app/controllers/api/line_items_controller.rb

@@ -0,0 +1,16 @@
+class Api::LineItemsController < Api::BaseController
+  resource_controller_for_api
+  actions :index, :show, :update, :create
+  belongs_to :order
+
+  private
+
+    def collection_serialization_options
+      { :include => [:variant], :methods => [:description] }
+    end
+    
+    def object_serialization_options
+      collection_serialization_options
+    end
+
+end

data/app/controllers/api/orders_controller.rb

@@ -0,0 +1,17 @@
+class Api::OrdersController < Api::BaseController
+  resource_controller_for_api
+  actions :index, :show
+
+  private
+
+    def object_serialization_options
+      { :include => {
+          :bill_address => {:include => [:country, :state]},
+          :ship_address => {:include => [:country, :state]},
+          :shipments => {:include => [:shipping_method, :address]},
+          :line_items => {:include => [:variant]}
+          }
+      }
+    end
+
+end

data/app/controllers/api/products_controller.rb

@@ -0,0 +1,14 @@
+class Api::ProductsController < Api::BaseController
+  resource_controller_for_api
+  actions :index, :show, :create, :update
+  include Spree::Search
+
+  private
+    define_method :collection do
+      @collection = retrieve_products
+    end
+
+    def object_serialization_options
+      { :include => [:master, :variants, :taxons] }
+    end
+end

data/app/controllers/api/shipments_controller.rb

@@ -0,0 +1,35 @@
+class Api::ShipmentsController < Api::BaseController
+  resource_controller_for_api
+  actions :index, :show, :update, :create
+  belongs_to :order
+
+  private
+
+    def collection_serialization_options
+      { :include => {:shipping_method => {}, :address => {}, :inventory_units => {:include => :variant}},
+      :except => [:shipping_method_id, :address_id] }
+    end
+
+    def object_serialization_options
+      { :include =>  {
+        :shipping_method => {},
+        :address => {:include => [:country, :state]},
+        :inventory_units => {
+          :include => {
+            :variant => {
+              :include => {
+                :product => {:only => [:name]}
+                }
+              }
+            }
+          }
+        },
+        :except => [:shipping_method_id, :address_id]
+      }
+    end
+
+    def eager_load_associations
+      [:shipping_method, {:shipping_charge => :order}, :address, {:inventory_units => [:variant]}]
+    end
+
+end

data/app/controllers/api/states_controller.rb

@@ -0,0 +1,5 @@
+class Api::StatesController < Api::BaseController
+  resource_controller_for_api
+  actions :index, :show
+  belongs_to :country
+end

data/app/helpers/api/shipments_helper.rb

@@ -0,0 +1,2 @@
+module Api::ShipmentsHelper
+end

data/app/views/admin/users/_api_fields.html.erb

@@ -0,0 +1,16 @@
+<h2><%= t('api.access') %></h2>
+
+<% if @user.api_key.present? %>
+  <p><strong><%= t('api.key') %></strong> <%= @user.api_key %></p>
+  <%= form_tag clear_api_key_admin_user_path(@user), :method => :put do %>
+    <%= button t("api.clear_key") %>
+  <% end %>
+  <%= form_tag generate_api_key_admin_user_path(@user), :method => :put do %>
+    <%= button t("api.regenerate_key") %>
+  <% end %>
+<% else %>
+  <p><%= t('api.no_key') %></p>
+  <%= form_tag generate_api_key_admin_user_path(@user), :method => :put do %>
+    <%= button t("api.generate_key") %>
+  <% end %>
+<% end %>

data/config/locales/en.yml

@@ -0,0 +1,16 @@
+en:
+  api: "API"
+  api:
+    access: "API Access"
+    clear_key: "Clear API key"
+    errors:
+      invalid_event: "Invalid event name, valid names are %{events}"
+      invalid_event_for_object: "Valid event name but not allowed for this object, valid names are %{events}"
+      missing_event: "No event name supplied"
+    generate_key: "Generate API key"
+    key: "API Key"
+    regenerate_key: "Regenerate API key"
+    no_key: "No key defined"
+    key_generated: "API key generated"
+    key_cleared: "API key cleared"
+

data/config/locales/ru-RU.yml

@@ -0,0 +1,16 @@
+ru-RU:
+  api: "API"
+  api:
+    access: "API доступ"
+    clear_key: "Удалить ключ API"
+    errors:
+      invalid_event: "Недопустимое действие, допустимые действия: %{events}"
+      invalid_event_for_object: "Допустимое действие, но не разрешённое для заданного объекта, разрешённые действия: %{events}"
+      missing_event: "Действие не указано"
+    generate_key: "Сгенирировать ключ API"
+    key: "Ключ API"
+    regenerate_key: "Перегенерировать ключ API"
+    no_key: "Ключ не определён"
+    key_generated: "Ключ API сгенерирован"
+    key_cleared: "Ключ API удалён"
+      

data/config/routes.rb

@@ -0,0 +1,36 @@
+Rails.application.routes.draw do
+  namespace :admin do
+    resources :users do
+      member do
+        put :generate_api_key
+        put :clear_api_key
+      end
+    end
+  end
+
+  namespace :api do
+    resources :shipments, :except => [:new,:edit] do
+      put :event, :on => :member
+      resources :inventory_units, :except => [:new,:edit] do
+        put :event, :on => :member
+      end
+    end
+    resources :orders, :except => [:new,:edit] do
+      put :event, :on => :member
+      resources :shipments, :except => [:new,:edit]
+      resources :line_items, :except => [:new,:edit]
+      resources :inventory_units, :except => [:new,:edit] do
+        put :event, :on => :member
+      end
+    end
+    resources :inventory_units, :except => [:new,:edit] do
+      put :event, :on => :member
+    end
+    resources :products, :except => [:new,:edit]
+    resources :countries, :except => [:new,:edit] do
+      resources :states, :except => [:new,:edit]
+    end
+    resources :states, :except => [:new,:edit]
+  end
+
+end

data/lib/generators/spree_api/install_generator.rb

@@ -0,0 +1,14 @@
+module SpreeApi
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+
+      desc "Configures an existing Rails application to use spree_api"
+
+      def copy_migrations
+        directory "db"
+      end
+
+    end
+  end
+end

data/lib/generators/templates/db/migrate/20100107141738_add_api_key_to_users.rb

@@ -0,0 +1,9 @@
+class AddApiKeyToUsers < ActiveRecord::Migration
+  def self.up
+    add_column "users", "api_key", :string, :limit => 40
+  end
+
+  def self.down
+    remove_column "users", "api_key"
+  end
+end

data/lib/spree_api.rb

@@ -0,0 +1,46 @@
+require 'spree_core'
+require 'spree_api_hooks'
+
+module SpreeApi
+  class Engine < Rails::Engine
+    def self.activate
+      lambda{
+
+        Admin::UsersController.class_eval do
+
+          def generate_api_key
+            if object.generate_api_key!
+              flash.notice = t('api.key_generated')
+            end
+            redirect_to edit_object_path
+          end
+
+        end
+
+        # RAILS3 TODO: Get the API stuff working with Devise
+        # Spree::BaseController.class_eval do
+        #   private
+        #   def current_user
+        #     return @current_user if defined?(@current_user)
+        #     if current_user_session && current_user_session.user
+        #       return @current_user = current_user_session.user
+        #     end
+        #     if token = request.headers['X-SpreeAPIKey']
+        #       @current_user = User.find_by_api_key(token)
+        #     end
+        #   end
+        # end
+
+        LineItem.class_eval do
+          def description
+            d = variant.product.name.clone
+            d << " (#{variant.options_text})" unless variant.option_values.empty?
+            d
+          end
+        end
+      }
+    end
+    config.autoload_paths += %W(#{config.root}/lib)
+    config.to_prepare &self.activate
+  end
+end

data/lib/spree_api_hooks.rb

@@ -0,0 +1,3 @@
+class ApiHooks < Spree::ThemeSupport::HookListener
+  insert_after :admin_user_edit_form, :partial => "admin/users/api_fields"
+end

data/lib/tasks/api.rake

@@ -0,0 +1,8 @@
+namespace :spree do
+  desc "Synchronize public assets, migrations, seed and sample data from the Spree gems"
+  task :sync do
+    migration_dir = File.join(File.dirname(__FILE__), '..', '..', 'db', 'migrate')
+    puts "Mirror: #{migration_dir}"
+    Spree::FileUtilz.mirror_with_backup(migration_dir, File.join(Rails.root, 'db', 'migrate'))
+  end
+end

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification 
+name: spree_api
+version: !ruby/object:Gem::Version 
+  prerelease: true
+  segments: 
+  - 0
+  - 30
+  - 0
+  - beta1
+  version: 0.30.0.beta1
+platform: ruby
+authors: 
+- David North
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-09-03 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: spree_core
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 30
+        - 0
+        - beta1
+        version: 0.30.0.beta1
+  type: :runtime
+  version_requirements: *id001
+description: Required dependancy for Spree
+email: david@railsdog.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- LICENSE
+- README.md
+- app/controllers/api/base_controller.rb
+- app/controllers/api/countries_controller.rb
+- app/controllers/api/inventory_units_controller.rb
+- app/controllers/api/line_items_controller.rb
+- app/controllers/api/orders_controller.rb
+- app/controllers/api/products_controller.rb
+- app/controllers/api/shipments_controller.rb
+- app/controllers/api/states_controller.rb
+- app/helpers/api/shipments_helper.rb
+- app/views/admin/users/_api_fields.html.erb
+- config/locales/en.yml
+- config/locales/ru-RU.yml
+- config/routes.rb
+- lib/generators/spree_api/install_generator.rb
+- lib/generators/templates/db/migrate/20100107141738_add_api_key_to_users.rb
+- lib/spree_api.rb
+- lib/spree_api_hooks.rb
+- lib/tasks/api.rake
+has_rdoc: true
+homepage: http://spreecommerce.com
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 8
+      - 7
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
+requirements: 
+- none
+rubyforge_project: spree_api
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: Provides RESTful access for Spree.
+test_files: []
+