spree_api 1.1.6 → 1.2.0.rc1

data/Gemfile

@@ -1,6 +1,5 @@
 eval(File.read(File.dirname(__FILE__) + '/../common_spree_dependencies.rb'))
 
 gem 'spree_core', :path => "../core"
-gem 'spree_auth', :path => "../auth"
 
 gemspec

data/app/controllers/spree/api/v1/addresses_controller.rb

@@ -4,12 +4,10 @@ module Spree
       class AddressesController < Spree::Api::V1::BaseController
         def show
           @address = Address.find(params[:id])
-          authorize! :read, @address
         end
 
         def update
           @address = Address.find(params[:id])
-          authorize! :read, @address
           @address.update_attributes(params[:address])
           render :show, :status => 200
         end

data/app/controllers/spree/api/v1/base_controller.rb

@@ -6,7 +6,6 @@ module Spree
 
         attr_accessor :current_api_user
 
-        before_filter :set_content_type
         before_filter :check_for_api_key
         before_filter :authenticate_user
 
@@ -26,22 +25,12 @@ module Spree
 
         private
 
-        def set_content_type
-          content_type = case params[:format]
-          when "json"
-            "application/json"
-          when "xml"
-            "text/xml"
-          end
-          headers["Content-Type"] = content_type
-        end
-
         def check_for_api_key
           render "spree/api/v1/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
         end
 
         def authenticate_user
-          unless @current_api_user = User.find_by_api_key(api_key.to_s)
+          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
             render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
           end
         end
@@ -77,7 +66,7 @@ module Spree
         end
 
         def product_scope
-          if current_api_user.has_role?("admin")
+          if current_api_user.has_spree_role?("admin")
             scope = Product
             unless params[:show_deleted]
               scope = scope.not_deleted

data/app/controllers/spree/api/v1/images_controller.rb

@@ -7,20 +7,17 @@ module Spree
         end
 
         def create
-          authorize! :create, Image
           @image = Image.create(params[:image])
           render :show, :status => 201
         end
 
         def update
-          authorize! :update, Image
           @image = Image.find(params[:id])
           @image.update_attributes(params[:image])
           render :show, :status => 200
         end
 
         def destroy
-          authorize! :delete, Image
           @image = Image.find(params[:id])
           @image.destroy
           render :text => nil

data/app/controllers/spree/api/v1/orders_controller.rb

@@ -7,7 +7,7 @@ module Spree
 
         def index
           # should probably look at turning this into a CanCan step
-          raise CanCan::AccessDenied unless current_api_user.has_role?("admin")
+          raise CanCan::AccessDenied unless current_api_user.has_spree_role?("admin")
           @orders = Order.page(params[:page]).per(params[:per_page])
         end
 
@@ -57,7 +57,6 @@ module Spree
         end
 
         def empty
-          authorize! :read, order
           order.line_items.destroy_all
           order.update!
           render :text => nil, :status => 200

data/app/controllers/spree/api/v1/shipments_controller.rb

@@ -6,7 +6,6 @@ module Spree
         before_filter :find_and_update_shipment, :only => [:ship, :ready]
 
         def ready
-          authorize! :read, Shipment
           unless @shipment.ready?
             @shipment.ready!
           end
@@ -14,7 +13,6 @@ module Spree
         end
 
         def ship
-          authorize! :read, Shipment
           unless @shipment.shipped?
             @shipment.ship!
           end
@@ -25,7 +23,6 @@ module Spree
 
         def find_order
           @order = Spree::Order.find_by_number!(params[:order_id])
-          authorize! :read, @order
         end
 
         def find_and_update_shipment

data/app/helpers/spree/api/api_helpers.rb

@@ -12,7 +12,7 @@ module Spree
       end
 
       def product_attributes
-        [:id, :name, :description, :price, :available_on, :permalink, 
+        [:id, :name, :description, :price, :available_on, :permalink,
           :count_on_hand, :meta_description, :meta_keywords, :taxon_ids]
       end
 
@@ -33,7 +33,7 @@ module Spree
       end
 
       def order_attributes
-        [:id, :number, :item_total, :total, :state, :adjustment_total, :credit_total, :user_id, :created_at, :updated_at, :completed_at, :payment_total, :shipment_state, :payment_state, :email, :special_instructions]
+        [:id, :number, :item_total, :total, :state, :adjustment_total, :user_id, :created_at, :updated_at, :completed_at, :payment_total, :shipment_state, :payment_state, :email, :special_instructions]
       end
 
       def line_item_attributes

data/app/models/spree/user_decorator.rb

@@ -1,11 +1,13 @@
-Spree::User.class_eval do
-  def generate_api_key!
-    self.api_key = SecureRandom.hex(24)
-    save!
-  end
+if Spree.user_class
+  Spree.user_class.class_eval do
+    def generate_spree_api_key!
+      self.spree_api_key = SecureRandom.hex(24)
+      save!
+    end
 
-  def clear_api_key!
-    self.api_key = nil
-    save!
+    def clear_spree_api_key!
+      self.spree_api_key = nil
+      save!
+    end
   end
 end

data/app/views/spree/admin/users/_api_fields.html.erb

@@ -1,7 +1,7 @@
 <h2><%= t('access', :scope => 'spree.api') %></h2>
 
-<% if @user.api_key.present? %>
-  <p><strong><%= t('key', :scope => 'spree.api') %></strong> <%= @user.api_key %></p>
+<% if @user.spree_api_key.present? %>
+  <p><strong><%= t('key', :scope => 'spree.api') %></strong> <%= @user.spree_api_key %></p>
 
   <%= form_tag spree.clear_api_key_admin_user_path(@user), :method => :put do %>
     <%= button t('clear_key', :scope => 'spree.api') %>

data/app/views/spree/api/v1/orders/show.rabl

@@ -1,9 +1,6 @@
 object @order
 attributes *order_attributes
-
-if lookup_context.find_all("spree/api/v1/orders/#{@order.state}").present?
-  extends "spree/api/v1/orders/#{@order.state}"
-end
+extends "spree/api/v1/orders/#{@order.state}"
 
 child :billing_address => :bill_address do
   extends "spree/api/v1/addresses/show"

data/db/migrate/20100107141738_add_api_key_to_spree_users.rb

@@ -1,5 +1,7 @@
 class AddApiKeyToSpreeUsers < ActiveRecord::Migration
   def change
-    add_column :spree_users, :api_key, :string, :limit => 40
+    unless defined?(User)
+      add_column :spree_users, :api_key, :string, :limit => 40
+    end
   end
 end

data/db/migrate/20120411123334_resize_api_key_field.rb

@@ -1,5 +1,7 @@
 class ResizeApiKeyField < ActiveRecord::Migration
   def change
-    change_column :spree_users, :api_key, :string, :limit => 48
+    unless defined?(User)    
+      change_column :spree_users, :api_key, :string, :limit => 48
+    end
   end
 end

data/db/migrate/20120530054546_rename_api_key_to_spree_api_key.rb

@@ -0,0 +1,7 @@
+class RenameApiKeyToSpreeApiKey < ActiveRecord::Migration
+  def change
+    unless defined?(User)
+      rename_column :spree_users, :api_key, :spree_api_key
+    end
+  end
+end

data/lib/spree/api.rb

@@ -1,5 +1,4 @@
 require 'spree/core'
-require 'spree/auth'
 
 require 'spree/api/controller_setup'
 

data/lib/spree/api/testing_support/helpers.rb

@@ -13,13 +13,13 @@ module Spree
 
         def stub_authentication!
           controller.stub :check_for_api_key
-          Spree::User.stub :find_by_api_key => current_api_user
+          Spree::LegacyUser.stub :find_by_spree_api_key => current_api_user
         end
 
         # This method can be overriden (with a let block) inside a context
         # For instance, if you wanted to have an admin user instead.
         def current_api_user
-          @current_api_user ||= stub_model(Spree::User, :email => "spree@example.com")
+          @current_api_user ||= stub_model(Spree::LegacyUser, :email => "spree@example.com")
         end
 
         def image(filename)

data/lib/spree/api/testing_support/setup.rb

@@ -4,8 +4,8 @@ module Spree
       module Setup
         def sign_in_as_admin!
           let!(:current_api_user) do
-            user = stub_model(Spree::User)
-            user.should_receive(:has_role?).any_number_of_times.with("admin").and_return(true)
+            user = stub_model(Spree::LegacyUser)
+            user.should_receive(:has_spree_role?).any_number_of_times.with("admin").and_return(true)
             user
           end
         end

data/script/rails

@@ -6,3 +6,4 @@ ENGINE_PATH = File.expand_path('../../lib/spree/api/engine', __FILE__)
 
 require 'rails/all'
 require 'rails/engine/commands'
+

data/spec/controllers/spree/api/v1/addresses_controller_spec.rb

@@ -9,37 +9,15 @@ module Spree
       @address = create(:address)
     end
 
-    context "with their own address" do
-      before do
-        Address.any_instance.stub :user => current_api_user
-      end
-
-      it "gets an address" do
-        api_get :show, :id => @address.id
-        json_response['address']['address1'].should eq @address.address1
-      end
-
-      it "updates an address" do
-        api_put :update, :id => @address.id,
-                         :address => { :address1 => "123 Test Lane" }
-        json_response['address']['address1'].should eq '123 Test Lane'
-      end
+    it "gets an address" do
+      api_get :show, :id => @address.id
+      json_response['address']['address1'].should eq @address.address1
     end
 
-    context "on somebody else's address" do
-      before do
-        Address.any_instance.stub :user => stub_model(Spree::User)
-      end
-
-      it "cannot retreive address information" do
-        api_get :show, :id => @address.id
-        assert_unauthorized!
-      end
-
-      it "cannot update address information" do
-        api_get :update, :id => @address.id
-        assert_unauthorized!
-      end
+    it "updates an address" do
+      api_put :update, :id => @address.id,
+                       :address => { :address1 => "123 Test Lane" }
+      json_response['address']['address1'].should eq '123 Test Lane'
     end
   end
 end

data/spec/controllers/spree/api/v1/images_controller_spec.rb

@@ -13,53 +13,43 @@ module Spree
       stub_authentication!
     end
 
-    context "as an admin" do
-      sign_in_as_admin!
-
-      it "can upload a new image for a variant" do
-        lambda do
-          api_post :create,
-                   :image => { :attachment => upload_image('thinking-cat.jpg'),
-                               :viewable_type => 'Spree::Variant',
-                               :viewable_id => product.master.to_param  }
-          response.status.should == 201
-          json_response.should have_attributes(attributes)
-        end.should change(Image, :count).by(1)
-      end
-
-      context "working with an existing image" do
-        let!(:product_image) { product.master.images.create!(:attachment => image('thinking-cat.jpg')) }
-
-        it "can update image data" do
-          product_image.position.should == 1
-          api_post :update, :image => { :position => 2 }, :id => product_image.id
-          response.status.should == 200
-          json_response.should have_attributes(attributes)
-          product_image.reload.position.should == 2
-        end
+    it "can upload a new image for a product" do
+      lambda do
+        api_post :create,
+                 :image => { :attachment => upload_image("thinking-cat.jpg"),
+                             :viewable_type => 'Spree::Product',
+                             :viewable_id => product.id  }
+        response.status.should == 201
+        json_response.should have_attributes(attributes)
+      end.should change(Image, :count).by(1)
+    end
 
-        it "can delete an image" do
-          api_delete :destroy, :id => product_image.id
-          response.status.should == 200
-          lambda { product_image.reload }.should raise_error(ActiveRecord::RecordNotFound)
-        end
-      end
+    it "can upload a new image for a variant" do
+      lambda do
+        api_post :create,
+                 :image => { :attachment => upload_image("thinking-cat.jpg"),
+                             :viewable_type => 'Spree::Variant',
+                             :viewable_id => product.master.to_param  }
+        response.status.should == 201
+        json_response.should have_attributes(attributes)
+      end.should change(Image, :count).by(1)
     end
 
-    context "as a non-admin" do
-      it "cannot create an image" do
-        api_post :create
-        assert_unauthorized!
-      end
+    context "working with an existing image" do
+      let!(:product_image) { product.master.images.create!(:attachment => image("thinking-cat.jpg")) }
 
-      it "cannot update an image" do
-        api_put :update, :id => 1
-        assert_unauthorized!
+      it "can update image data" do
+        product_image.position.should == 1
+        api_post :update, :image => { :position => 2 }, :id => product_image.id
+        response.status.should == 200
+        json_response.should have_attributes(attributes)
+        product_image.reload.position.should == 2
       end
 
-      it "cannot delete an image" do
-        api_delete :destroy, :id => 1
-        assert_unauthorized!
+      it "can delete an image" do
+        api_delete :destroy, :id => product_image.id
+        response.status.should == 200
+        lambda { product_image.reload }.should raise_error(ActiveRecord::RecordNotFound)
       end
     end
   end

data/spec/controllers/spree/api/v1/orders_controller_spec.rb

@@ -6,7 +6,7 @@ module Spree
 
     let!(:order) { create(:order) }
     let(:attributes) { [:number, :item_total, :total,
-                        :state, :adjustment_total, :credit_total,
+                        :state, :adjustment_total,
                         :user_id, :created_at, :updated_at,
                         :completed_at, :payment_total, :shipment_state,
                         :payment_state, :email, :special_instructions] }
@@ -28,15 +28,8 @@ module Spree
       json_response.should have_attributes(attributes)
     end
 
-    # Regression test for #1992
-    it "can view an order not in a standard state" do
-      Order.any_instance.stub :user => current_api_user
-      order.update_column(:state, 'shipped')
-      api_get :show, :id => order.to_param
-    end
-
     it "can not view someone else's order" do
-      Order.any_instance.stub :user => stub_model(User)
+      Order.any_instance.stub :user => stub_model(Spree::LegacyUser)
       api_get :show, :id => order.to_param
       assert_unauthorized!
     end

data/spec/controllers/spree/api/v1/payments_controller_spec.rb

@@ -50,7 +50,7 @@ module Spree
 
       context "when the order does not belong to the user" do
         before do
-          Order.any_instance.stub :user => stub_model(User)
+          Order.any_instance.stub :user => stub_model(LegacyUser)
         end
 
         it "cannot view payments for somebody else's order" do

data/spec/controllers/spree/api/v1/shipments_controller_spec.rb

@@ -9,22 +9,8 @@ describe Spree::Api::V1::ShipmentsController do
     stub_authentication!
   end
 
-  let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
-
-  context "as a non-admin" do
-    it "cannot make a shipment ready" do
-      api_put :ready
-      assert_unauthorized!
-    end
-
-    it "cannot make a shipment shipped" do
-      api_put :ship
-      assert_unauthorized!
-    end
-  end
-
-  context "as an admin" do
-    sign_in_as_admin!
+  context "working with a shipment" do
+    let!(:resource_scoping) { { :order_id => shipment.order.to_param, :id => shipment.to_param } }
 
     it "can make a shipment ready" do
       api_put :ready

data/spec/controllers/spree/api/v1/taxons_controller_spec.rb

@@ -4,9 +4,9 @@ module Spree
   describe Api::V1::TaxonsController do
     render_views
 
-    let(:taxonomy) { create(:taxonomy) }
-    let(:taxon) { create(:taxon, :name => "Ruby", :taxonomy => taxonomy) }
-    let(:taxon2) { create(:taxon, :name => "Rails", :taxonomy => taxonomy) }
+    let(:taxonomy) { Factory(:taxonomy) }
+    let(:taxon) { Factory(:taxon, :name => "Ruby", :taxonomy => taxonomy) }
+    let(:taxon2) { Factory(:taxon, :name => "Rails", :taxonomy => taxonomy) }
     let(:attributes) { ["id", "name", "permalink", "position", "parent_id", "taxonomy_id"] }
 
     before do

data/spec/models/spree/legacy_user_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+module Spree
+  describe LegacyUser do
+    let(:user) { LegacyUser.new }
+
+    it "can generate an API key" do
+      user.should_receive(:save!)
+      user.generate_spree_api_key!
+      user.spree_api_key.should_not be_blank
+    end
+
+    it "can clear an API key" do
+      user.should_receive(:save!)
+      user.clear_spree_api_key!
+      user.spree_api_key.should be_blank
+    end
+  end
+end

data/spec/models/spree/order_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 module Spree
   describe Order do
-    let(:user) { stub_model(User) }
+    let(:user) { stub_model(LegacyUser) }
 
     it 'can build an order from API parameters' do
       product = Spree::Product.create!(:name => 'Test', :sku => 'TEST-1', :price => 33.22)

data/spree_api.gemspec

@@ -16,7 +16,6 @@ Gem::Specification.new do |gem|
   gem.version       = version
 
   gem.add_dependency 'spree_core', version
-  gem.add_dependency 'spree_auth', version
   gem.add_dependency 'rabl', '0.6.5'
 
   gem.add_development_dependency 'rspec-rails', '2.9.0'

metadata

@@ -1,91 +1,75 @@
 --- !ruby/object:Gem::Specification
 name: spree_api
 version: !ruby/object:Gem::Version
-  prerelease: 
-  version: 1.1.6
+  version: 1.2.0.rc1
+  prerelease: 6
 platform: ruby
 authors:
 - Ryan Bigg
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-02-25 00:00:00.000000000 Z
+date: 2012-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  type: :runtime
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.1.6
   name: spree_core
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.1.6
-- !ruby/object:Gem::Dependency
+        version: 1.2.0.rc1
   type: :runtime
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.1.6
-  name: spree_auth
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.1.6
+        version: 1.2.0.rc1
 - !ruby/object:Gem::Dependency
-  type: :runtime
-  version_requirements: !ruby/object:Gem::Requirement
+  name: rabl
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.6.5
-  name: rabl
+  type: :runtime
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.6.5
 - !ruby/object:Gem::Dependency
-  type: :development
-  version_requirements: !ruby/object:Gem::Requirement
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.9.0
-  name: rspec-rails
+  type: :development
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.9.0
 - !ruby/object:Gem::Dependency
-  type: :development
-  version_requirements: !ruby/object:Gem::Requirement
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-  name: database_cleaner
+  type: :development
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -102,7 +86,6 @@ files:
 - Gemfile
 - LICENSE
 - Rakefile
-- app/controllers/spree/admin/users_controller_decorator.rb
 - app/controllers/spree/api/v1/addresses_controller.rb
 - app/controllers/spree/api/v1/base_controller.rb
 - app/controllers/spree/api/v1/countries_controller.rb
@@ -120,7 +103,6 @@ files:
 - app/models/spree/line_item_decorator.rb
 - app/models/spree/option_value_decorator.rb
 - app/models/spree/order_decorator.rb
-- app/models/spree/payment_decorator.rb
 - app/models/spree/user_decorator.rb
 - app/overrides/api_admin_user_edit_form.rb
 - app/views/spree/admin/users/_api_fields.html.erb
@@ -174,6 +156,7 @@ files:
 - config/routes.rb
 - db/migrate/20100107141738_add_api_key_to_spree_users.rb
 - db/migrate/20120411123334_resize_api_key_field.rb
+- db/migrate/20120530054546_rename_api_key_to_spree_api_key.rb
 - lib/spree/api.rb
 - lib/spree/api/controller_setup.rb
 - lib/spree/api/engine.rb
@@ -196,8 +179,8 @@ files:
 - spec/controllers/spree/api/v1/variants_controller_spec.rb
 - spec/controllers/spree/api/v1/zones_controller_spec.rb
 - spec/fixtures/thinking-cat.jpg
+- spec/models/spree/legacy_user_spec.rb
 - spec/models/spree/order_spec.rb
-- spec/models/spree/user_spec.rb
 - spec/spec_helper.rb
 - spec/support/controller_hacks.rb
 - spec/support/database_cleaner.rb
@@ -214,19 +197,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
+      version: '0'
       segments:
       - 0
-      hash: -2398953299128676409
-      version: '0'
+      hash: -4054632363792620125
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      segments:
-      - 0
-      hash: -2398953299128676409
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.23
@@ -248,8 +228,8 @@ test_files:
 - spec/controllers/spree/api/v1/variants_controller_spec.rb
 - spec/controllers/spree/api/v1/zones_controller_spec.rb
 - spec/fixtures/thinking-cat.jpg
+- spec/models/spree/legacy_user_spec.rb
 - spec/models/spree/order_spec.rb
-- spec/models/spree/user_spec.rb
 - spec/spec_helper.rb
 - spec/support/controller_hacks.rb
 - spec/support/database_cleaner.rb

data/app/controllers/spree/admin/users_controller_decorator.rb

@@ -1,17 +0,0 @@
-Spree::Admin::UsersController.class_eval do
-  before_filter :load_roles, :only => [:edit, :new, :update, :create, :generate_api_key, :clear_api_key]
-
-  def generate_api_key
-    if @user.generate_api_key!
-      flash.notice = t('key_generated', :scope => 'spree.api')
-    end
-    redirect_to edit_admin_user_path(@user)
-  end
-
-  def clear_api_key
-    if @user.clear_api_key!
-      flash.notice = t('key_cleared', :scope => 'spree.api')
-    end
-    redirect_to edit_admin_user_path(@user)
-  end
-end

data/spec/models/spree/user_spec.rb

@@ -1,19 +0,0 @@
-require 'spec_helper'
-
-module Spree
-  describe User do
-    let(:user) { User.new }
-
-    it "can generate an API key" do
-      user.should_receive(:save!)
-      user.generate_api_key!
-      user.api_key.should_not be_blank
-    end
-
-    it "can clear an API key" do
-      user.should_receive(:save!)
-      user.clear_api_key!
-      user.api_key.should be_blank
-    end
-  end
-end