RubyGems - spree_api - Versions diffs - 1.3.1 → 1.3.2 - Mend

spree_api 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

data/LICENSE CHANGED Viewed

@@ -1,22 +1,27 @@
-Copyright (c) 2012 Ryan Bigg
+Copyright (c) 2007-2013, Spree Commerce, Inc. and other contributors
+All rights reserved.
-MIT License
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/app/controllers/spree/api/base_controller.rb CHANGED Viewed

@@ -53,7 +53,7 @@ module Spree
       def authenticate_user
         if requires_authentication? || api_key.present?
-          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
+          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
             render "spree/api/errors/invalid_api_key", :status => 401 and return
           end
         else

data/app/controllers/spree/api/checkouts_controller.rb ADDED Viewed

@@ -0,0 +1,90 @@
+module Spree
+  module Api
+    class CheckoutsController < Spree::Api::BaseController
+      before_filter :load_order, :only => :update
+      before_filter :associate_user, :only => :update
+      include Spree::Core::ControllerHelpers::Auth
+      include Spree::Core::ControllerHelpers::Order
+      respond_to :json
+      def create
+        @order = Order.build_from_api(current_api_user, nested_params)
+        next!(:status => 201)
+      end
+      def update
+        if @order.update_attributes(object_params)
+          state_callback(:after) if @order.next
+          respond_with(@order, :default_template => 'spree/api/orders/show')
+        else
+          respond_with(@order, :default_template => 'spree/api/orders/could_not_transition', :status => 422)
+        end
+      end
+      private
+        def object_params
+          # For payment step, filter order parameters to produce the expected nested attributes for a single payment and its source, discarding attributes for payment methods other than the one selected
+          if @order.payment?
+            if params[:payment_source].present? && source_params = params.delete(:payment_source)[params[:order][:payments_attributes].first[:payment_method_id].underscore]
+              params[:order][:payments_attributes].first[:source_attributes] = source_params
+            end
+            if params[:order].present? && params[:order][:payments_attributes]
+              params[:order][:payments_attributes].first[:amount] = @order.total
+            end
+          end
+          params[:order]
+        end
+        def nested_params
+          map_nested_attributes_keys Order, params[:order] || {}
+        end
+        # Should be overriden if you have areas of your checkout that don't match
+        # up to a step within checkout_steps, such as a registration step
+        def skip_state_validation?
+          false
+        end
+        def load_order
+          @order = Spree::Order.find_by_number!(params[:id])
+          raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
+          @order.state = params[:state] if params[:state]
+          state_callback(:before)
+        end
+        def raise_insufficient_quantity
+          respond_with(@order, :default_template => 'spree/api/orders/insufficient_quantity')
+        end
+        def state_callback(before_or_after = :before)
+          method_name = :"#{before_or_after}_#{@order.state}"
+          send(method_name) if respond_to?(method_name, true)
+        end
+        def before_address
+          @order.bill_address ||= Address.default
+          @order.ship_address ||= Address.default
+        end
+        def before_delivery
+          return if params[:order].present?
+          @order.shipping_method ||= (@order.rate_hash.first && @order.rate_hash.first[:shipping_method])
+        end
+        def before_payment
+          @order.payments.destroy_all if request.put?
+        end
+        def next!(options={})
+          if @order.valid? && @order.next
+            render 'spree/api/orders/show', :status => options[:status] || 200
+          else
+            render 'spree/api/orders/could_not_transition', :status => 422
+          end
+        end
+    end
+  end
+end

data/app/controllers/spree/api/inventory_units_controller.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module Spree
+  module Api
+    class InventoryUnitsController < Spree::Api::BaseController
+      before_filter :prepare_event, :only => :update
+      def show
+        @inventory_unit = inventory_unit
+      end
+      def update
+        authorize! :update, Order
+        inventory_unit.transaction do
+          if inventory_unit.update_attributes(params[:inventory_unit])
+            fire
+            render :show, :status => 200
+          else
+            invalid_resource!(inventory_unit)
+          end
+        end
+      end
+      private
+      def inventory_unit
+        @inventory_unit ||= InventoryUnit.find(params[:id])
+      end
+      def prepare_event
+        return unless @event = params[:fire]
+        can_event = "can_#{@event}?"
+        unless inventory_unit.respond_to?(can_event) &&
+               inventory_unit.send(can_event)
+          render :text => { :exception => "cannot transition to #{@event}" }.to_json,
+                  :status => 200
+          false
+        end
+      end
+      def fire
+        inventory_unit.send("#{@event}!") if @event
+      end
+    end
+  end
+end

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -31,23 +31,6 @@ module Spree
         end
       end
-      def address
-        order.build_ship_address(params[:shipping_address]) if params[:shipping_address]
-        order.build_bill_address(params[:billing_address]) if params[:billing_address]
-        next!
-      end
-      def delivery
-        begin
-          ShippingMethod.find(params[:shipping_method_id])
-        rescue ActiveRecord::RecordNotFound
-          render :invalid_shipping_method, :status => 422
-        else
-          order.update_attribute(:shipping_method_id, params[:shipping_method_id])
-          next!
-        end
-      end
       def cancel
         order.cancel!
         render :show

data/app/controllers/spree/api/product_properties_controller.rb CHANGED Viewed

@@ -7,8 +7,9 @@ module Spree
       before_filter :product_property, :only => [:show, :update, :destroy]
       def index
-        @product_properties = @product.product_properties.ransack(params[:q]).result
-          .page(params[:page]).per(params[:per_page])
+        @product_properties = @product.product_properties.
+                              ransack(params[:q]).result.
+                              page(params[:page]).per(params[:per_page])
         respond_with(@product_properties)
       end

data/app/controllers/spree/api/return_authorizations_controller.rb CHANGED Viewed

@@ -6,8 +6,9 @@ module Spree
       before_filter :authorize_admin!
       def index
-        @return_authorizations = order.return_authorizations.ransack(params[:q]).result
-          .page(params[:page]).per(params[:per_page])
+        @return_authorizations = order.return_authorizations.
+                                 ransack(params[:q]).result.
+                                 page(params[:page]).per(params[:per_page])
         respond_with(@return_authorizations)
       end

data/app/controllers/spree/api/taxonomies_controller.rb CHANGED Viewed

@@ -4,8 +4,9 @@ module Spree
       respond_to :json
       def index
-        @taxonomies = Taxonomy.order('name').includes(:root => :children).ransack(params[:q]).result
-          .page(params[:page]).per(params[:per_page])
+        @taxonomies = Taxonomy.order('name').includes(:root => :children).
+                      ransack(params[:q]).result.
+                      page(params[:page]).per(params[:per_page])
         respond_with(@taxonomies)
       end

data/app/controllers/spree/api/users_controller.rb ADDED Viewed

@@ -0,0 +1,51 @@
+module Spree
+  module Api
+    class UsersController < Spree::Api::BaseController
+      respond_to :json
+      def index
+        @users = Spree.user_class.accessible_by(current_ability,:read).ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@users)
+      end
+      def show
+        authorize! :show, user
+        respond_with(user)
+      end
+      def new
+      end
+      def create
+        authorize! :create, Spree.user_class
+        @user = Spree.user_class.new(params[:user])
+        if @user.save
+          respond_with(@user, :status => 201, :default_template => :show)
+        else
+          invalid_resource!(@user)
+        end
+      end
+      def update
+        authorize! :update, user
+        if user.update_attributes(params[:user])
+          respond_with(user, :status => 200, :default_template => :show)
+        else
+          invalid_resource!(user)
+        end
+      end
+      def destroy
+        authorize! :destroy, user
+        user.destroy
+        respond_with(user, :status => 204)
+      end
+      private
+      def user
+        @user ||= Spree.user_class.find(params[:id])
+      end
+    end
+  end
+end

data/app/helpers/spree/api/api_helpers.rb CHANGED Viewed

@@ -76,6 +76,10 @@ module Spree
       def country_attributes
         [:id, :iso_name, :iso, :iso3, :name, :numcode]
       end
+      def user_attributes
+        [:id, :email, :created_at, :updated_at]
+      end
     end
   end
 end

data/app/models/spree/order_decorator.rb CHANGED Viewed

@@ -2,8 +2,10 @@ Spree::Order.class_eval do
   def self.build_from_api(user, params)
     order = create
     params[:line_items_attributes] ||= []
-    params[:line_items_attributes].each do |line_item|
-      order.add_variant(Spree::Variant.find(line_item[:variant_id]), line_item[:quantity])
+    unless params[:line_items_attributes].empty?
+      params[:line_items_attributes].each_key do |k|
+        order.add_variant(Spree::Variant.find(params[:line_items_attributes][k][:variant_id]), params[:line_items_attributes][k][:quantity])
+      end
     end
     order.user = user

data/app/views/spree/api/images/show.v1.rabl CHANGED Viewed

@@ -1,3 +1,4 @@
 object @image
 attributes *image_attributes
 attributes :viewable_type, :viewable_id
+node(:attachment_url) { |i| i.attachment.to_s }

data/app/views/spree/api/{v1/inventory_units → inventory_units}/show.rabl RENAMED Viewed

File without changes

data/app/views/spree/api/users/index.v1.rabl ADDED Viewed

@@ -0,0 +1,7 @@
+object false
+child(@users => :users) do
+  extends "spree/api/users/show"
+end
+node(:count) { @users.count }
+node(:current_page) { params[:page] || 1 }
+node(:pages) { @users.num_pages }

data/app/views/spree/api/users/new.v1.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object false
+node(:attributes) { [*user_attributes] }
+node(:required_attributes) { required_fields_for(Spree.user_class) }

data/app/views/spree/api/users/show.v1.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @user
+attributes *user_attributes

data/config/routes.rb CHANGED Viewed

@@ -15,6 +15,7 @@ Spree::Core::Engine.routes.prepend do
     end
     resources :images
+    resources :checkouts
     resources :variants, :only => [:index] do
     end
@@ -53,5 +54,6 @@ Spree::Core::Engine.routes.prepend do
       resources :taxons
     end
     resources :inventory_units, :only => [:show, :update]
+    resources :users
   end
 end

data/lib/spree/api/responders/rabl_template.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Spree
       module RablTemplate
         def to_format
           if template
-            render template.to_sym, :status => options[:status] || 200
+            render template, :status => options[:status] || 200
           else
             super
           end

data/spec/controllers/spree/api/checkouts_controller_spec.rb ADDED Viewed

@@ -0,0 +1,102 @@
+require 'spec_helper'
+module Spree
+  describe Api::CheckoutsController do
+    render_views
+    before(:each) do
+      stub_authentication!
+      Spree::Config[:track_inventory_levels] = false
+      country_zone = create(:zone, :name => 'CountryZone')
+      @state = create(:state)
+      @country = @state.country
+      country_zone.members.create(:zoneable => @country)
+      @shipping_method = create(:shipping_method, :zone => country_zone)
+      @payment_method = create(:payment_method)
+    end
+    after do
+      Spree::Config[:track_inventory_levels] = true
+    end
+    context "POST 'create'" do
+      it "creates a new order when no parameters are passed" do
+        api_post :create
+        json_response['number'].should be_present
+        response.status.should == 201
+      end
+    end
+    context "PUT 'update'" do
+      let(:order) { create(:order) }
+      before(:each) do
+        Order.any_instance.stub(:confirmation_required? => true)
+        Order.any_instance.stub(:payment_required? => true)
+      end
+      it "will return an error if the order cannot transition" do
+        order.update_column(:state, "address")
+        api_put :update, :id => order.to_param
+        json_response['error'].should =~ /could not be transitioned/
+        response.status.should == 422
+      end
+      it "can update addresses and transition from address to delivery" do
+        order.update_column(:state, "address")
+        shipping_address = billing_address = {
+          :firstname  => 'John',
+          :lastname   => 'Doe',
+          :address1   => '7735 Old Georgetown Road',
+          :city       => 'Bethesda',
+          :phone      => '3014445002',
+          :zipcode    => '20814',
+          :state_id   => @state.id,
+          :country_id => @country.id
+        }
+        api_put :update,
+                :id => order.to_param,
+                :order => { :bill_address_attributes => billing_address, :ship_address_attributes => shipping_address }
+        json_response['state'].should == 'delivery'
+        json_response['bill_address']['firstname'].should == 'John'
+        json_response['ship_address']['firstname'].should == 'John'
+        response.status.should == 200
+      end
+      it "can update shipping method and transition from delivery to payment" do
+        order.update_column(:state, "delivery")
+        api_put :update, :id => order.to_param, :order => { :shipping_method_id => @shipping_method.id }
+        json_response['shipments'][0]['shipping_method']['name'].should == @shipping_method.name
+        json_response['state'].should == 'payment'
+        response.status.should == 200
+      end
+      it "can update payment method and transition from payment to confirm" do
+        order.update_column(:state, "payment")
+        api_put :update, :id => order.to_param, :order => { :payments_attributes => [{ :payment_method_id => @payment_method.id }] }
+        json_response['state'].should == 'confirm'
+        json_response['payments'][0]['payment_method']['name'].should == @payment_method.name
+        response.status.should == 200
+      end
+      it "can transition from confirm to complete" do
+        order.update_column(:state, "confirm")
+        Spree::Order.any_instance.stub(:payment_required? => false)
+        api_put :update, :id => order.to_param
+        json_response['state'].should == 'complete'
+        response.status.should == 200
+      end
+      it "returns the order if the order is already complete" do
+        order.update_column(:state, "complete")
+        api_put :update, :id => order.to_param
+        json_response['number'].should == order.number
+        response.status.should == 200
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/{v1/inventory_units_controller_spec.rb → inventory_units_controller_spec.rb} RENAMED Viewed

@@ -1,7 +1,7 @@
 require 'spec_helper'
 module Spree
-  describe Api::V1::InventoryUnitsController do
+  describe Api::InventoryUnitsController do
     render_views
     before do
@@ -41,6 +41,5 @@ module Spree
         json_response['exception'].should match /cannot transition to bad/
       end
     end
   end
 end

data/spec/controllers/spree/api/orders_controller_spec.rb CHANGED Viewed

@@ -53,14 +53,9 @@ module Spree
       assert_unauthorized!
     end
-    it "cannot change delivery information on an order that doesn't belong to them" do
-      api_put :delivery, :id => order.to_param
-      assert_unauthorized!
-    end
     it "can create an order" do
       variant = create(:variant)
-      api_post :create, :order => { :line_items => [{ :variant_id => variant.to_param, :quantity => 5 }] }
+      api_post :create, :order => { :line_items => { "0" => { :variant_id => variant.to_param, :quantity => 5 } } }
       response.status.should == 201
       order = Order.last
       order.line_items.count.should == 1
@@ -97,52 +92,6 @@ module Spree
       let!(:shipping_method) { create(:shipping_method) }
       let!(:payment_method) { create(:payment_method) }
-      it "can add address information to an order" do
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
-        response.status.should == 200
-        order.reload
-        order.shipping_address.reload
-        order.billing_address.reload
-        # We can assume the rest of the parameters are set if these two are
-        order.shipping_address.firstname.should == shipping_address[:firstname]
-        order.billing_address.firstname.should == billing_address[:firstname]
-        order.state.should == "delivery"
-        json_response["shipping_methods"].should_not be_empty
-      end
-      it "can add just shipping address information to an order" do
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address
-        response.status.should == 200
-        order.reload
-        order.shipping_address.reload
-        order.shipping_address.firstname.should == shipping_address[:firstname]
-        order.bill_address.should be_nil
-      end
-      it "cannot use an address that has no valid shipping methods" do
-        shipping_method.destroy
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
-        response.status.should == 422
-        json_response["errors"]["base"].should == ["No shipping methods available for selected location, please change your address and try again."]
-      end
-      it "can not add invalid ship address information to an order" do
-        shipping_address[:firstname] = ""
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
-        response.status.should == 422
-        json_response["errors"]["ship_address.firstname"].should_not be_blank
-      end
-      it "can not add invalid ship address information to an order" do
-        billing_address[:firstname] = ""
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
-        response.status.should == 422
-        json_response["errors"]["bill_address.firstname"].should_not be_blank
-      end
       it "can add line items" do
         api_put :update, :id => order.to_param, :order => { :line_items => [{:variant_id => create(:variant).id, :quantity => 2}] }
@@ -155,28 +104,6 @@ module Spree
           order.line_items << create(:line_item)
         end
-        context "for delivery" do
-          before do
-            order.update_attribute(:state, "delivery")
-          end
-          it "can select a shipping method for an order" do
-            order.shipping_method.should be_nil
-            api_put :delivery, :id => order.to_param, :shipping_method_id => shipping_method.id
-            response.status.should == 200
-            order.reload
-            order.state.should == "payment"
-            order.shipping_method.should == shipping_method
-          end
-          it "cannot select an invalid shipping method for an order" do
-            order.shipping_method.should be_nil
-            api_put :delivery, :id => order.to_param, :shipping_method_id => '1234567890'
-            response.status.should == 422
-            json_response["errors"].should include("Invalid shipping method specified.")
-          end
-        end
         it "can empty an order" do
           api_put :empty, :id => order.to_param
           response.status.should == 200

data/spec/controllers/spree/api/product_properties_controller_spec.rb CHANGED Viewed

@@ -6,8 +6,8 @@ module Spree
     render_views
     let!(:product) { create(:product) }
-    let!(:property_1) {product.product_properties.create(:property_name => "My Property 1", :value => "my value 1")}
-    let!(:property_2) {product.product_properties.create(:property_name => "My Property 2", :value => "my value 2")}
+    let!(:property_1) {product.product_properties.create(:property_name => "My Property 1", :value => "my value 1", :position => 0)}
+    let!(:property_2) {product.product_properties.create(:property_name => "My Property 2", :value => "my value 2", :position => 1)}
     let(:attributes) { [:id, :product_id, :property_id, :value, :property_name] }
     let(:resource_scoping) { { :product_id => product.to_param } }

data/spec/controllers/spree/api/users_controller_spec.rb ADDED Viewed

@@ -0,0 +1,126 @@
+require 'spec_helper'
+module Spree
+  describe Api::UsersController do
+    render_views
+    let(:user) { create(:user) }
+    let(:stranger) { create(:user, :email => 'stranger@example.com') }
+    let(:attributes) { [:id, :email, :created_at, :updated_at] }
+    before { stub_authentication! }
+    context "as a normal user" do
+      before { Spree::LegacyUser.stub :find_by_spree_api_key => user }
+      it "can get own details" do
+        api_get :show, :id => user.id
+        json_response['email'].should eq user.email
+      end
+      it "cannot get other users details" do
+        api_get :show, :id => stranger.id
+        assert_unauthorized!
+      end
+      it "can learn how to create a new user" do
+        api_get :new
+        json_response["attributes"].should == attributes.map(&:to_s)
+      end
+      it "can create a new user" do
+        api_post :create, :user => { :email => 'new@example.com', :password => 'spree123', :password_confirmation => 'spree123' }
+        json_response['email'].should eq 'new@example.com'
+      end
+      # there's no validations on LegacyUser?
+      xit "cannot create a new user with invalid attributes" do
+        api_post :create, :user => {}
+        response.status.should == 422
+        json_response["error"].should == "Invalid resource. Please fix errors and try again."
+        errors = json_response["errors"]
+      end
+      it "can update own details" do
+        api_put :update, :id => user.id, :user => { :email => "mine@example.com" }
+        json_response['email'].should eq 'mine@example.com'
+      end
+      it "cannot update other users details" do
+        api_put :update, :id => stranger.id, :user => { :email => "mine@example.com" }
+        assert_unauthorized!
+      end
+      it "can delete itself" do
+        api_delete :destroy, :id => user.id
+        response.status.should == 204
+      end
+      it "cannot delete other user" do
+        api_delete :destroy, :id => stranger.id
+        assert_unauthorized!
+      end
+      it "should only get own details on index" do
+        2.times { create(:user) }
+        api_get :index
+        Spree.user_class.count.should eq 3
+        json_response['count'].should eq 1
+        json_response['users'].size.should eq 1
+      end
+    end
+    context "as an admin" do
+      sign_in_as_admin!
+      it "gets all users" do
+        Spree::LegacyUser.stub :find_by_spree_api_key => current_api_user
+        2.times { create(:user) }
+        api_get :index
+        Spree.user_class.count.should eq 2
+        json_response['count'].should eq 2
+        json_response['users'].size.should eq 2
+      end
+      it 'can control the page size through a parameter' do
+        2.times { create(:user) }
+        api_get :index, :per_page => 1
+        json_response['count'].should == 1
+        json_response['current_page'].should == 1
+        json_response['pages'].should == 2
+      end
+      it 'can query the results through a paramter' do
+        expected_result = create(:user, :email => 'brian@spreecommerce.com')
+        api_get :index, :q => { :email_cont => 'brian' }
+        json_response['count'].should == 1
+        json_response['users'].first['email'].should eq expected_result.email
+      end
+      it "can create" do
+        api_post :create, :user => { :email => "new@example.com", :password => 'spree123', :password_confirmation => 'spree123' }
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+      end
+      it "can destroy user without orders" do
+        user.orders.destroy_all
+        api_delete :destroy, :id => user.id
+        response.status.should == 204
+      end
+      it "cannot destroy user with orders" do
+        create(:completed_order_with_totals, :user => user)
+        api_delete :destroy, :id => user.id
+        json_response["exception"].should eq "Spree::LegacyUser::DestroyWithOrdersError"
+        response.status.should == 422
+      end
+    end
+  end
+end

data/spec/models/spree/order_spec.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Spree
     it 'can build an order from API parameters' do
       product = Spree::Product.create!(:name => 'Test', :sku => 'TEST-1', :price => 33.22)
       variant_id = product.master.id
-      order = Order.build_from_api(user, { :line_items_attributes => [{ :variant_id => variant_id, :quantity => 5 }]})
+      order = Order.build_from_api(user, { :line_items_attributes => { "0" => { :variant_id => variant_id, :quantity => 5 }}})
       order.user.should == user
       line_item = order.line_items.first

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_api
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.2
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-01-06 00:00:00.000000000 Z
+date: 2013-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
@@ -18,7 +18,7 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.3.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.3.2
 - !ruby/object:Gem::Dependency
   name: versioncake
   requirement: !ruby/object:Gem::Requirement
@@ -89,8 +89,10 @@ files:
 - Rakefile
 - app/controllers/spree/api/addresses_controller.rb
 - app/controllers/spree/api/base_controller.rb
+- app/controllers/spree/api/checkouts_controller.rb
 - app/controllers/spree/api/countries_controller.rb
 - app/controllers/spree/api/images_controller.rb
+- app/controllers/spree/api/inventory_units_controller.rb
 - app/controllers/spree/api/line_items_controller.rb
 - app/controllers/spree/api/orders_controller.rb
 - app/controllers/spree/api/payments_controller.rb
@@ -100,8 +102,7 @@ files:
 - app/controllers/spree/api/shipments_controller.rb
 - app/controllers/spree/api/taxonomies_controller.rb
 - app/controllers/spree/api/taxons_controller.rb
-- app/controllers/spree/api/v1/base_controller.rb
-- app/controllers/spree/api/v1/inventory_units_controller.rb
+- app/controllers/spree/api/users_controller.rb
 - app/controllers/spree/api/variants_controller.rb
 - app/controllers/spree/api/zones_controller.rb
 - app/helpers/spree/api/api_helpers.rb
@@ -122,6 +123,7 @@ files:
 - app/views/spree/api/errors/not_found.v1.rabl
 - app/views/spree/api/errors/unauthorized.v1.rabl
 - app/views/spree/api/images/show.v1.rabl
+- app/views/spree/api/inventory_units/show.rabl
 - app/views/spree/api/line_items/new.v1.rabl
 - app/views/spree/api/line_items/show.v1.rabl
 - app/views/spree/api/orders/address.v1.rabl
@@ -158,7 +160,9 @@ files:
 - app/views/spree/api/taxons/new.v1.rabl
 - app/views/spree/api/taxons/show.v1.rabl
 - app/views/spree/api/taxons/taxons.v1.rabl
-- app/views/spree/api/v1/inventory_units/show.rabl
+- app/views/spree/api/users/index.v1.rabl
+- app/views/spree/api/users/new.v1.rabl
+- app/views/spree/api/users/show.v1.rabl
 - app/views/spree/api/variants/index.v1.rabl
 - app/views/spree/api/variants/new.v1.rabl
 - app/views/spree/api/variants/show.v1.rabl
@@ -183,8 +187,10 @@ files:
 - script/rails
 - spec/controllers/spree/api/addresses_controller_spec.rb
 - spec/controllers/spree/api/base_controller_spec.rb
+- spec/controllers/spree/api/checkouts_controller_spec.rb
 - spec/controllers/spree/api/countries_controller_spec.rb
 - spec/controllers/spree/api/images_controller_spec.rb
+- spec/controllers/spree/api/inventory_units_controller_spec.rb
 - spec/controllers/spree/api/line_items_controller_spec.rb
 - spec/controllers/spree/api/orders_controller_spec.rb
 - spec/controllers/spree/api/payments_controller_spec.rb
@@ -195,7 +201,7 @@ files:
 - spec/controllers/spree/api/taxonomies_controller_spec.rb
 - spec/controllers/spree/api/taxons_controller_spec.rb
 - spec/controllers/spree/api/unauthenticated_products_controller_spec.rb
-- spec/controllers/spree/api/v1/inventory_units_controller_spec.rb
+- spec/controllers/spree/api/users_controller_spec.rb
 - spec/controllers/spree/api/variants_controller_spec.rb
 - spec/controllers/spree/api/zones_controller_spec.rb
 - spec/fixtures/thinking-cat.jpg
@@ -221,7 +227,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4546587640053475121
+      hash: 2361962546786859221
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -230,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4546587640053475121
+      hash: 2361962546786859221
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.23
@@ -240,8 +246,10 @@ summary: Spree's API
 test_files:
 - spec/controllers/spree/api/addresses_controller_spec.rb
 - spec/controllers/spree/api/base_controller_spec.rb
+- spec/controllers/spree/api/checkouts_controller_spec.rb
 - spec/controllers/spree/api/countries_controller_spec.rb
 - spec/controllers/spree/api/images_controller_spec.rb
+- spec/controllers/spree/api/inventory_units_controller_spec.rb
 - spec/controllers/spree/api/line_items_controller_spec.rb
 - spec/controllers/spree/api/orders_controller_spec.rb
 - spec/controllers/spree/api/payments_controller_spec.rb
@@ -252,7 +260,7 @@ test_files:
 - spec/controllers/spree/api/taxonomies_controller_spec.rb
 - spec/controllers/spree/api/taxons_controller_spec.rb
 - spec/controllers/spree/api/unauthenticated_products_controller_spec.rb
-- spec/controllers/spree/api/v1/inventory_units_controller_spec.rb
+- spec/controllers/spree/api/users_controller_spec.rb
 - spec/controllers/spree/api/variants_controller_spec.rb
 - spec/controllers/spree/api/zones_controller_spec.rb
 - spec/fixtures/thinking-cat.jpg

data/app/controllers/spree/api/v1/base_controller.rb DELETED Viewed

@@ -1,111 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class BaseController < ActionController::Metal
-        include Spree::Api::ControllerSetup
-        attr_accessor :current_api_user
-        before_filter :set_content_type
-        before_filter :check_for_api_key, :if => :requires_authentication?
-        before_filter :authenticate_user
-        rescue_from Exception, :with => :error_during_processing
-        rescue_from CanCan::AccessDenied, :with => :unauthorized
-        rescue_from ActiveRecord::RecordNotFound, :with => :not_found
-        helper Spree::Api::ApiHelpers
-        def map_nested_attributes_keys(klass, attributes)
-          nested_keys = klass.nested_attributes_options.keys
-          attributes.inject({}) do |h, (k,v)|
-            key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
-            h[key] = v
-            h
-          end.with_indifferent_access
-        end
-        private
-        def set_content_type
-          content_type = case params[:format]
-          when "json"
-            "application/json"
-          when "xml"
-            "text/xml"
-          end
-          headers["Content-Type"] = content_type
-        end
-        def check_for_api_key
-          render "spree/api/v1/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
-        end
-        def authenticate_user
-          if requires_authentication? || api_key.present?
-            unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
-              render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
-            end
-          else
-            # Effectively, an anonymous user
-            @current_api_user = Spree.user_class.new
-          end
-        end
-        def unauthorized
-          render "spree/api/v1/errors/unauthorized", :status => 401 and return
-        end
-        def requires_authentication?
-          Spree::Api::Config[:requires_authentication]
-        end
-        def not_found
-          render "spree/api/v1/errors/not_found", :status => 404 and return
-        end
-        def error_during_processing(exception)
-          render :text => { exception: exception.message }.to_json,
-                 :status => 422 and return
-        end
-        def current_ability
-          Spree::Ability.new(current_api_user)
-        end
-        def invalid_resource!(resource)
-          @resource = resource
-          render "spree/api/v1/errors/invalid_resource", :status => 422
-        end
-        def api_key
-          request.headers["X-Spree-Token"] || params[:token]
-        end
-        helper_method :api_key
-        def find_product(id)
-          begin
-            product_scope.find_by_permalink!(id.to_s)
-          rescue ActiveRecord::RecordNotFound
-            product_scope.find(id)
-          end
-        end
-        def product_scope
-          if current_api_user.has_spree_role?("admin")
-            scope = Product
-            unless params[:show_deleted]
-              scope = scope.not_deleted
-            end
-          else
-            scope = Product.active
-          end
-          scope.includes(:master)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/inventory_units_controller.rb DELETED Viewed

@@ -1,50 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class InventoryUnitsController < Spree::Api::V1::BaseController
-        before_filter :prepare_event, :only => :update
-        def show
-          @inventory_unit = inventory_unit
-        end
-        def update
-          authorize! :update, Order
-          inventory_unit.transaction do
-            if inventory_unit.update_attributes(params[:inventory_unit])
-              fire
-              render :show, :status => 200
-            else
-              invalid_resource!(inventory_unit)
-            end
-          end
-        end
-        private
-        def inventory_unit
-          @inventory_unit ||= InventoryUnit.find(params[:id])
-        end
-        def prepare_event
-          return unless @event = params[:fire]
-          can_event = "can_#{@event}?"
-          unless inventory_unit.respond_to?(can_event) &&
-                 inventory_unit.send(can_event)
-            render :text => { exception: "cannot transition to #{@event}" }.to_json,
-                    :status => 200
-            false
-          end
-        end
-        def fire
-          inventory_unit.send("#{@event}!") if @event
-        end
-      end
-    end
-  end
-end