spree_api 1.0.7 → 1.1.0.rc1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,6 @@
+eval(File.read(File.dirname(__FILE__) + '/../common_spree_dependencies.rb'))
+
+gem 'spree_core', :path => "../core"
+gem 'spree_auth', :path => "../auth"
+
+gemspec

data/LICENSE

@@ -1,26 +1,22 @@
-Copyright (c) 2007-2012, Spree Commerce, Inc. and other contributors
-All rights reserved.
+Copyright (c) 2012 Ryan Bigg
 
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
+MIT License
 
-    * Redistributions of source code must retain the above copyright notice,
-      this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright notice,
-      this list of conditions and the following disclaimer in the documentation
-      and/or other materials provided with the distribution.
-    * Neither the name Spree nor the names of its contributors may be used to
-      endorse or promote products derived from this software without specific
-      prior written permission.
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,17 +1,29 @@
-API
-===
+# Api
 
-Manage orders,shipments etc. with a simple REST API
+TODO: Write a gem description
 
-See [RESTful API guide](http://spreecommerce.com/documentation/rest.html) for more details.
+## Installation
 
-Testing
--------
+Add this line to your application's Gemfile:
 
-Create the test site
+    gem 'api'
 
-    bundle exec rake test_app
+And then execute:
 
-Run the tests
+    $ bundle
 
-    bundle exec rake spec
+Or install it yourself as:
+
+    $ gem install api
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,30 @@
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+require 'rake/packagetask'
+require 'rubygems/package_task'
+require 'rspec/core/rake_task'
+require 'spree/core/testing_support/common_rake'
+require 'rails/all'
+
+Bundler::GemHelper.install_tasks
+RSpec::Core::RakeTask.new
+
+spec = eval(File.read('spree_api.gemspec'))
+Gem::PackageTask.new(spec) do |p|
+  p.gem_spec = spec
+end
+
+desc "Release to gemcutter"
+task :release do
+  version = File.read(File.expand_path("../../SPREE_VERSION", __FILE__)).strip
+  cmd = "cd pkg && gem push spree_api-#{version}.gem"; puts cmd; system cmd
+end
+
+task :default => :spec
+
+desc "Generates a dummy app for testing"
+task :test_app do
+  ENV['LIB_NAME'] = 'spree/api'
+  Rake::Task['common:test_app'].invoke
+end

data/app/controllers/spree/api/v1/base_controller.rb

@@ -0,0 +1,71 @@
+module Spree
+  module Api
+    module V1
+      class BaseController < ActionController::Metal
+        include Spree::Api::ControllerSetup
+
+        attr_accessor :current_api_user
+
+        before_filter :check_for_api_key
+        before_filter :authenticate_user
+
+        rescue_from CanCan::AccessDenied, :with => :unauthorized
+        rescue_from ActiveRecord::RecordNotFound, :with => :not_found
+
+        helper Spree::Api::ApiHelpers
+
+        private
+
+        def check_for_api_key
+          render "spree/api/v1/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
+        end
+
+        def authenticate_user
+          unless @current_api_user = User.find_by_api_key(api_key)
+            render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
+          end
+        end
+
+        def unauthorized
+          render "spree/api/v1/errors/unauthorized", :status => 401 and return
+        end
+
+        def not_found
+          render "spree/api/v1/errors/not_found", :status => 404 and return
+        end
+
+        def current_ability
+          Spree::Ability.new(current_api_user)
+        end
+
+        def invalid_resource!(resource)
+          render "spree/api/v1/errors/invalid_resource", :resource => resource, :status => 422
+        end
+
+        def api_key
+          request.headers["X-Spree-Token"] || params[:token]
+        end
+        helper_method :api_key
+
+        def find_product(id)
+          begin
+            product_scope.find_by_permalink!(id)
+          rescue ActiveRecord::RecordNotFound
+            product_scope.find(id)
+          end
+        end
+
+        def product_scope
+          if current_api_user.has_role?("admin")
+            scope = Product
+          else
+            scope = Product.active
+          end
+          scope.includes(:master)
+        end
+
+      end
+    end
+  end
+end
+

data/app/controllers/spree/api/v1/images_controller.rb

@@ -0,0 +1,46 @@
+module Spree
+  module Api
+    module V1
+      class ImagesController < Spree::Api::V1::BaseController
+        def create
+          @image = product_or_variant.images.create!(params[:image])
+          render :show, :status => 201
+        end
+
+        def update
+          image.update_attributes(params[:image])
+          render :show, :status => 200
+        end
+
+        def destroy
+          image.destroy
+          render :text => nil
+        end
+
+        private
+
+        def image
+          @image = product_or_variant.images.find(params[:id])
+        end
+
+        def product_or_variant
+          return @product_or_variant if @product_or_variant
+          if params[:product_id]
+            @product_or_variant = product
+          else
+            @product_or_variant = variant
+          end
+        end
+
+        def variant
+          Variant.find(params[:variant_id])
+        end
+
+        def product
+          find_product(params[:product_id]).master
+        end
+
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/line_items_controller.rb

@@ -0,0 +1,40 @@
+module Spree
+  module Api
+    module V1
+      class LineItemsController < Spree::Api::V1::BaseController
+        def create
+          authorize! :read, order
+          @line_item = order.line_items.build(params[:line_item], :as => :api)
+          if @line_item.save
+            render :show, :status => 201
+          else
+            invalid_resource!(@line_item)
+          end
+        end
+
+        def update
+          authorize! :read, order
+          @line_item = order.line_items.find(params[:id])
+          if @line_item.update_attributes(params[:line_item])
+            render :show
+          else
+            invalid_resource!(@line_item)
+          end
+        end
+
+        def destroy
+          authorize! :read, order
+          @line_item = order.line_items.find(params[:id])
+          @line_item.destroy
+          render :text => nil, :status => 200
+        end
+
+        private
+
+        def order
+          @order ||= Order.find_by_number!(params[:order_id])
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/orders_controller.rb

@@ -0,0 +1,53 @@
+module Spree
+  module Api
+    module V1
+      class OrdersController < Spree::Api::V1::BaseController
+        def index
+          # should probably look at turning this into a CanCan step
+          raise CanCan::AccessDenied unless current_api_user.has_role?("admin")
+          @orders = Order.page(params[:page])
+        end
+
+        def show
+          authorize! :read, order
+        end
+
+        def create
+          @order = Order.build_from_api(current_api_user, params[:order])
+          next!
+        end
+
+        def address
+          order.build_ship_address(params[:shipping_address])
+          order.build_bill_address(params[:billing_address])
+          next!
+        end
+
+        def delivery
+          begin
+            ShippingMethod.find(params[:shipping_method_id])
+          rescue ActiveRecord::RecordNotFound
+            render :invalid_shipping_method, :status => 422
+          else
+            order.update_attribute(:shipping_method_id, params[:shipping_method_id])
+            next!
+          end
+        end
+
+        private
+
+        def order
+          @order ||= Order.find_by_number!(params[:id])
+        end
+
+        def next!
+          if @order.valid? && @order.next
+            render :show, :status => 200
+          else
+            render :could_not_transition, :status => 422
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/products_controller.rb

@@ -0,0 +1,46 @@
+module Spree
+  module Api
+    module V1
+      class ProductsController < Spree::Api::V1::BaseController
+        def index
+          @products = product_scope.page(params[:page])
+        end
+
+        def show
+          @product = find_product(params[:id])
+        end
+
+        def new
+        end
+
+        def create
+          authorize! :create, Product
+          @product = Product.new(params[:product])
+          if @product.save
+            render :show, :status => 201
+          else
+            invalid_resource!(@product)
+          end
+        end
+
+        def update
+          authorize! :update, Product
+          @product = find_product(params[:id])
+          if @product.update_attributes(params[:product])
+            render :show, :status => 200
+          else
+            invalid_resource!(@product)
+          end
+        end
+
+        def destroy
+          authorize! :delete, Product
+          @product = find_product(params[:id])
+          @product.update_attribute(:deleted_at, Time.now)
+          @product.variants_including_master.update_all(:deleted_at => Time.now)
+          render :text => nil, :status => 200
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/variants_controller.rb

@@ -0,0 +1,56 @@
+module Spree
+  module Api
+    module V1
+      class VariantsController < Spree::Api::V1::BaseController
+        before_filter :product
+
+        def index
+          @variants = scope.includes(:option_values).scoped
+        end
+
+        def show
+          @variant = scope.includes(:option_values).find(params[:id])
+        end
+
+        def new
+        end
+
+        def create
+          authorize! :create, Variant
+          @variant = scope.new(params[:product])
+          if @variant.save
+            render :show, :status => 201
+          else
+            invalid_resource!(@variant)
+          end
+        end
+
+        def update
+          authorize! :update, Variant
+          @variant = scope.find(params[:id])
+          if @variant.update_attributes(params[:variant])
+            render :show, :status => 200
+          else
+            invalid_resource!(@product)
+          end
+        end
+
+        def destroy
+          authorize! :delete, Variant
+          @variant = scope.find(params[:id])
+          @variant.destroy
+          render :text => nil, :status => 200
+        end
+
+        private
+          def product
+            @product ||= Spree::Product.find_by_permalink(params[:product_id]) if params[:product_id]
+          end
+
+          def scope
+            @product ? @product.variants_including_master : Variant
+          end
+      end
+    end
+  end
+end