RubyGems - spree_api - Versions diffs - 1.3.1 → 1.3.2 - Mend

spree_api 1.3.1 → 1.3.2

Files changed (27) hide show

data/LICENSE CHANGED Viewed

@@ -1,22 +1,27 @@
-Copyright (c) 2012 Ryan Bigg
+Copyright (c) 2007-2013, Spree Commerce, Inc. and other contributors
+All rights reserved.
-MIT License
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/app/controllers/spree/api/base_controller.rb CHANGED Viewed

@@ -53,7 +53,7 @@ module Spree
       def authenticate_user
         if requires_authentication? || api_key.present?
-          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
+          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
             render "spree/api/errors/invalid_api_key", :status => 401 and return
           end
         else

data/app/controllers/spree/api/checkouts_controller.rb ADDED Viewed

@@ -0,0 +1,90 @@
+module Spree
+  module Api
+    class CheckoutsController < Spree::Api::BaseController
+      before_filter :load_order, :only => :update
+      before_filter :associate_user, :only => :update
+      include Spree::Core::ControllerHelpers::Auth
+      include Spree::Core::ControllerHelpers::Order
+      respond_to :json
+      def create
+        @order = Order.build_from_api(current_api_user, nested_params)
+        next!(:status => 201)
+      end
+      def update
+        if @order.update_attributes(object_params)
+          state_callback(:after) if @order.next
+          respond_with(@order, :default_template => 'spree/api/orders/show')
+        else
+          respond_with(@order, :default_template => 'spree/api/orders/could_not_transition', :status => 422)
+        end
+      end
+      private
+        def object_params
+          # For payment step, filter order parameters to produce the expected nested attributes for a single payment and its source, discarding attributes for payment methods other than the one selected
+          if @order.payment?
+            if params[:payment_source].present? && source_params = params.delete(:payment_source)[params[:order][:payments_attributes].first[:payment_method_id].underscore]
+              params[:order][:payments_attributes].first[:source_attributes] = source_params
+            end
+            if params[:order].present? && params[:order][:payments_attributes]
+              params[:order][:payments_attributes].first[:amount] = @order.total
+            end
+          end
+          params[:order]
+        end
+        def nested_params
+          map_nested_attributes_keys Order, params[:order] || {}
+        end
+        # Should be overriden if you have areas of your checkout that don't match
+        # up to a step within checkout_steps, such as a registration step
+        def skip_state_validation?
+          false
+        end
+        def load_order
+          @order = Spree::Order.find_by_number!(params[:id])
+          raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
+          @order.state = params[:state] if params[:state]
+          state_callback(:before)
+        end
+        def raise_insufficient_quantity
+          respond_with(@order, :default_template => 'spree/api/orders/insufficient_quantity')
+        end
+        def state_callback(before_or_after = :before)
+          method_name = :"#{before_or_after}_#{@order.state}"
+          send(method_name) if respond_to?(method_name, true)
+        end
+        def before_address
+          @order.bill_address ||= Address.default
+          @order.ship_address ||= Address.default
+        end
+        def before_delivery
+          return if params[:order].present?
+          @order.shipping_method ||= (@order.rate_hash.first && @order.rate_hash.first[:shipping_method])
+        end
+        def before_payment
+          @order.payments.destroy_all if request.put?
+        end
+        def next!(options={})
+          if @order.valid? && @order.next
+            render 'spree/api/orders/show', :status => options[:status] || 200
+          else
+            render 'spree/api/orders/could_not_transition', :status => 422
+          end
+        end
+    end
+  end
+end

data/app/controllers/spree/api/inventory_units_controller.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module Spree
+  module Api
+    class InventoryUnitsController < Spree::Api::BaseController
+      before_filter :prepare_event, :only => :update
+      def show
+        @inventory_unit = inventory_unit
+      end
+      def update
+        authorize! :update, Order
+        inventory_unit.transaction do
+          if inventory_unit.update_attributes(params[:inventory_unit])
+            fire
+            render :show, :status => 200
+          else
+            invalid_resource!(inventory_unit)
+          end
+        end
+      end
+      private
+      def inventory_unit
+        @inventory_unit ||= InventoryUnit.find(params[:id])
+      end
+      def prepare_event
+        return unless @event = params[:fire]
+        can_event = "can_#{@event}?"
+        unless inventory_unit.respond_to?(can_event) &&
+               inventory_unit.send(can_event)
+          render :text => { :exception => "cannot transition to #{@event}" }.to_json,
+                  :status => 200
+          false
+        end
+      end
+      def fire
+        inventory_unit.send("#{@event}!") if @event
+      end
+    end
+  end
+end

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -31,23 +31,6 @@ module Spree
         end
       end
-      def address
-        order.build_ship_address(params[:shipping_address]) if params[:shipping_address]
-        order.build_bill_address(params[:billing_address]) if params[:billing_address]
-        next!
-      end
-      def delivery
-        begin
-          ShippingMethod.find(params[:shipping_method_id])
-        rescue ActiveRecord::RecordNotFound
-          render :invalid_shipping_method, :status => 422
-        else
-          order.update_attribute(:shipping_method_id, params[:shipping_method_id])
-          next!
-        end
-      end
       def cancel
         order.cancel!
         render :show

data/app/controllers/spree/api/product_properties_controller.rb CHANGED Viewed

@@ -7,8 +7,9 @@ module Spree
       before_filter :product_property, :only => [:show, :update, :destroy]
       def index
-        @product_properties = @product.product_properties.ransack(params[:q]).result
-          .page(params[:page]).per(params[:per_page])
+        @product_properties = @product.product_properties.
+                              ransack(params[:q]).result.
+                              page(params[:page]).per(params[:per_page])
         respond_with(@product_properties)
       end

data/app/controllers/spree/api/return_authorizations_controller.rb CHANGED Viewed

@@ -6,8 +6,9 @@ module Spree
       before_filter :authorize_admin!
       def index
-        @return_authorizations = order.return_authorizations.ransack(params[:q]).result
-          .page(params[:page]).per(params[:per_page])
+        @return_authorizations = order.return_authorizations.
+                                 ransack(params[:q]).result.
+                                 page(params[:page]).per(params[:per_page])
         respond_with(@return_authorizations)
       end

data/app/controllers/spree/api/taxonomies_controller.rb CHANGED Viewed

@@ -4,8 +4,9 @@ module Spree
       respond_to :json
       def index
-        @taxonomies = Taxonomy.order('name').includes(:root => :children).ransack(params[:q]).result
-          .page(params[:page]).per(params[:per_page])
+        @taxonomies = Taxonomy.order('name').includes(:root => :children).
+                      ransack(params[:q]).result.
+                      page(params[:page]).per(params[:per_page])
         respond_with(@taxonomies)
       end

data/app/controllers/spree/api/users_controller.rb ADDED Viewed

@@ -0,0 +1,51 @@
+module Spree
+  module Api
+    class UsersController < Spree::Api::BaseController
+      respond_to :json
+      def index
+        @users = Spree.user_class.accessible_by(current_ability,:read).ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@users)
+      end
+      def show
+        authorize! :show, user
+        respond_with(user)
+      end
+      def new
+      end
+      def create
+        authorize! :create, Spree.user_class
+        @user = Spree.user_class.new(params[:user])
+        if @user.save
+          respond_with(@user, :status => 201, :default_template => :show)
+        else
+          invalid_resource!(@user)
+        end
+      end
+      def update
+        authorize! :update, user
+        if user.update_attributes(params[:user])
+          respond_with(user, :status => 200, :default_template => :show)
+        else
+          invalid_resource!(user)
+        end
+      end
+      def destroy
+        authorize! :destroy, user
+        user.destroy
+        respond_with(user, :status => 204)
+      end
+      private
+      def user
+        @user ||= Spree.user_class.find(params[:id])
+      end
+    end
+  end
+end

data/app/helpers/spree/api/api_helpers.rb CHANGED Viewed

@@ -76,6 +76,10 @@ module Spree
       def country_attributes
         [:id, :iso_name, :iso, :iso3, :name, :numcode]
       end
+      def user_attributes
+        [:id, :email, :created_at, :updated_at]
+      end
     end
   end
 end

data/app/models/spree/order_decorator.rb CHANGED Viewed

@@ -2,8 +2,10 @@ Spree::Order.class_eval do
   def self.build_from_api(user, params)
     order = create
     params[:line_items_attributes] ||= []
-    params[:line_items_attributes].each do |line_item|
-      order.add_variant(Spree::Variant.find(line_item[:variant_id]), line_item[:quantity])
+    unless params[:line_items_attributes].empty?
+      params[:line_items_attributes].each_key do |k|
+        order.add_variant(Spree::Variant.find(params[:line_items_attributes][k][:variant_id]), params[:line_items_attributes][k][:quantity])
+      end
     end
     order.user = user

data/app/views/spree/api/images/show.v1.rabl CHANGED Viewed

@@ -1,3 +1,4 @@
 object @image
 attributes *image_attributes
 attributes :viewable_type, :viewable_id
+node(:attachment_url) { |i| i.attachment.to_s }

data/app/views/spree/api/{v1/inventory_units → inventory_units}/show.rabl RENAMED Viewed

File without changes

data/app/views/spree/api/users/index.v1.rabl ADDED Viewed

@@ -0,0 +1,7 @@
+object false
+child(@users => :users) do
+  extends "spree/api/users/show"
+end
+node(:count) { @users.count }
+node(:current_page) { params[:page] || 1 }
+node(:pages) { @users.num_pages }

data/app/views/spree/api/users/new.v1.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object false
+node(:attributes) { [*user_attributes] }
+node(:required_attributes) { required_fields_for(Spree.user_class) }

data/app/views/spree/api/users/show.v1.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @user
+attributes *user_attributes

data/config/routes.rb CHANGED Viewed

@@ -15,6 +15,7 @@ Spree::Core::Engine.routes.prepend do
     end
     resources :images
+    resources :checkouts
     resources :variants, :only => [:index] do
     end
@@ -53,5 +54,6 @@ Spree::Core::Engine.routes.prepend do
       resources :taxons
     end
     resources :inventory_units, :only => [:show, :update]
+    resources :users
   end
 end

data/lib/spree/api/responders/rabl_template.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Spree
       module RablTemplate
         def to_format
           if template
-            render template.to_sym, :status => options[:status] || 200
+            render template, :status => options[:status] || 200
           else
             super
           end

data/spec/controllers/spree/api/checkouts_controller_spec.rb ADDED Viewed

@@ -0,0 +1,102 @@
+require 'spec_helper'
+module Spree
+  describe Api::CheckoutsController do
+    render_views
+    before(:each) do
+      stub_authentication!
+      Spree::Config[:track_inventory_levels] = false
+      country_zone = create(:zone, :name => 'CountryZone')
+      @state = create(:state)
+      @country = @state.country
+      country_zone.members.create(:zoneable => @country)
+      @shipping_method = create(:shipping_method, :zone => country_zone)
+      @payment_method = create(:payment_method)
+    end
+    after do
+      Spree::Config[:track_inventory_levels] = true
+    end
+    context "POST 'create'" do
+      it "creates a new order when no parameters are passed" do
+        api_post :create
+        json_response['number'].should be_present
+        response.status.should == 201
+      end
+    end
+    context "PUT 'update'" do
+      let(:order) { create(:order) }
+      before(:each) do
+        Order.any_instance.stub(:confirmation_required? => true)
+        Order.any_instance.stub(:payment_required? => true)
+      end
+      it "will return an error if the order cannot transition" do
+        order.update_column(:state, "address")
+        api_put :update, :id => order.to_param
+        json_response['error'].should =~ /could not be transitioned/
+        response.status.should == 422
+      end
+      it "can update addresses and transition from address to delivery" do
+        order.update_column(:state, "address")
+        shipping_address = billing_address = {
+          :firstname  => 'John',
+          :lastname   => 'Doe',
+          :address1   => '7735 Old Georgetown Road',
+          :city       => 'Bethesda',
+          :phone      => '3014445002',
+          :zipcode    => '20814',
+          :state_id   => @state.id,
+          :country_id => @country.id
+        }
+        api_put :update,
+                :id => order.to_param,
+                :order => { :bill_address_attributes => billing_address, :ship_address_attributes => shipping_address }
+        json_response['state'].should == 'delivery'
+        json_response['bill_address']['firstname'].should == 'John'
+        json_response['ship_address']['firstname'].should == 'John'
+        response.status.should == 200
+      end
+      it "can update shipping method and transition from delivery to payment" do
+        order.update_column(:state, "delivery")
+        api_put :update, :id => order.to_param, :order => { :shipping_method_id => @shipping_method.id }
+        json_response['shipments'][0]['shipping_method']['name'].should == @shipping_method.name
+        json_response['state'].should == 'payment'
+        response.status.should == 200
+      end
+      it "can update payment method and transition from payment to confirm" do
+        order.update_column(:state, "payment")
+        api_put :update, :id => order.to_param, :order => { :payments_attributes => [{ :payment_method_id => @payment_method.id }] }
+        json_response['state'].should == 'confirm'
+        json_response['payments'][0]['payment_method']['name'].should == @payment_method.name
+        response.status.should == 200
+      end
+      it "can transition from confirm to complete" do
+        order.update_column(:state, "confirm")
+        Spree::Order.any_instance.stub(:payment_required? => false)
+        api_put :update, :id => order.to_param
+        json_response['state'].should == 'complete'
+        response.status.should == 200
+      end
+      it "returns the order if the order is already complete" do
+        order.update_column(:state, "complete")
+        api_put :update, :id => order.to_param
+        json_response['number'].should == order.number
+        response.status.should == 200
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/{v1/inventory_units_controller_spec.rb → inventory_units_controller_spec.rb} RENAMED Viewed

@@ -1,7 +1,7 @@
 require 'spec_helper'
 module Spree
-  describe Api::V1::InventoryUnitsController do
+  describe Api::InventoryUnitsController do
     render_views
     before do
@@ -41,6 +41,5 @@ module Spree
         json_response['exception'].should match /cannot transition to bad/
       end
     end
   end
 end

data/spec/controllers/spree/api/orders_controller_spec.rb CHANGED Viewed

@@ -53,14 +53,9 @@ module Spree
       assert_unauthorized!
     end
-    it "cannot change delivery information on an order that doesn't belong to them" do
-      api_put :delivery, :id => order.to_param
-      assert_unauthorized!
-    end
     it "can create an order" do
       variant = create(:variant)
-      api_post :create, :order => { :line_items => [{ :variant_id => variant.to_param, :quantity => 5 }] }
+      api_post :create, :order => { :line_items => { "0" => { :variant_id => variant.to_param, :quantity => 5 } } }
       response.status.should == 201
       order = Order.last
       order.line_items.count.should == 1
@@ -97,52 +92,6 @@ module Spree
       let!(:shipping_method) { create(:shipping_method) }
       let!(:payment_method) { create(:payment_method) }
-      it "can add address information to an order" do
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
-        response.status.should == 200
-        order.reload
-        order.shipping_address.reload
-        order.billing_address.reload
-        # We can assume the rest of the parameters are set if these two are
-        order.shipping_address.firstname.should == shipping_address[:firstname]
-        order.billing_address.firstname.should == billing_address[:firstname]
-        order.state.should == "delivery"
-        json_response["shipping_methods"].should_not be_empty
-      end
-      it "can add just shipping address information to an order" do
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address
-        response.status.should == 200
-        order.reload
-        order.shipping_address.reload
-        order.shipping_address.firstname.should == shipping_address[:firstname]
-        order.bill_address.should be_nil
-      end
-      it "cannot use an address that has no valid shipping methods" do
-        shipping_method.destroy
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
-        response.status.should == 422
-        json_response["errors"]["base"].should == ["No shipping methods available for selected location, please change your address and try again."]
-      end
-      it "can not add invalid ship address information to an order" do
-        shipping_address[:firstname] = ""
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
-        response.status.should == 422
-        json_response["errors"]["ship_address.firstname"].should_not be_blank
-      end
-      it "can not add invalid ship address information to an order" do
-        billing_address[:firstname] = ""
-        api_put :address, :id => order.to_param, :shipping_address => shipping_address, :billing_address => billing_address
-        response.status.should == 422
-        json_response["errors"]["bill_address.firstname"].should_not be_blank
-      end
       it "can add line items" do
         api_put :update, :id => order.to_param, :order => { :line_items => [{:variant_id => create(:variant).id, :quantity => 2}] }
@@ -155,28 +104,6 @@ module Spree
           order.line_items << create(:line_item)
         end
-        context "for delivery" do
-          before do
-            order.update_attribute(:state, "delivery")
-          end
-          it "can select a shipping method for an order" do
-            order.shipping_method.should be_nil
-            api_put :delivery, :id => order.to_param, :shipping_method_id => shipping_method.id
-            response.status.should == 200
-            order.reload
-            order.state.should == "payment"
-            order.shipping_method.should == shipping_method
-          end
-          it "cannot select an invalid shipping method for an order" do
-            order.shipping_method.should be_nil
-            api_put :delivery, :id => order.to_param, :shipping_method_id => '1234567890'
-            response.status.should == 422
-            json_response["errors"].should include("Invalid shipping method specified.")
-          end
-        end
         it "can empty an order" do
           api_put :empty, :id => order.to_param
           response.status.should == 200

data/spec/controllers/spree/api/product_properties_controller_spec.rb CHANGED Viewed

@@ -6,8 +6,8 @@ module Spree
     render_views
     let!(:product) { create(:product) }
-    let!(:property_1) {product.product_properties.create(:property_name => "My Property 1", :value => "my value 1")}
-    let!(:property_2) {product.product_properties.create(:property_name => "My Property 2", :value => "my value 2")}
+    let!(:property_1) {product.product_properties.create(:property_name => "My Property 1", :value => "my value 1", :position => 0)}
+    let!(:property_2) {product.product_properties.create(:property_name => "My Property 2", :value => "my value 2", :position => 1)}
     let(:attributes) { [:id, :product_id, :property_id, :value, :property_name] }
     let(:resource_scoping) { { :product_id => product.to_param } }

data/spec/controllers/spree/api/users_controller_spec.rb ADDED Viewed

@@ -0,0 +1,126 @@
+require 'spec_helper'
+module Spree
+  describe Api::UsersController do
+    render_views
+    let(:user) { create(:user) }
+    let(:stranger) { create(:user, :email => 'stranger@example.com') }
+    let(:attributes) { [:id, :email, :created_at, :updated_at] }
+    before { stub_authentication! }
+    context "as a normal user" do
+      before { Spree::LegacyUser.stub :find_by_spree_api_key => user }
+      it "can get own details" do
+        api_get :show, :id => user.id
+        json_response['email'].should eq user.email
+      end
+      it "cannot get other users details" do
+        api_get :show, :id => stranger.id
+        assert_unauthorized!
+      end
+      it "can learn how to create a new user" do
+        api_get :new
+        json_response["attributes"].should == attributes.map(&:to_s)
+      end
+      it "can create a new user" do
+        api_post :create, :user => { :email => 'new@example.com', :password => 'spree123', :password_confirmation => 'spree123' }
+        json_response['email'].should eq 'new@example.com'
+      end
+      # there's no validations on LegacyUser?
+      xit "cannot create a new user with invalid attributes" do
+        api_post :create, :user => {}
+        response.status.should == 422
+        json_response["error"].should == "Invalid resource. Please fix errors and try again."
+        errors = json_response["errors"]
+      end
+      it "can update own details" do
+        api_put :update, :id => user.id, :user => { :email => "mine@example.com" }
+        json_response['email'].should eq 'mine@example.com'
+      end
+      it "cannot update other users details" do
+        api_put :update, :id => stranger.id, :user => { :email => "mine@example.com" }
+        assert_unauthorized!
+      end
+      it "can delete itself" do
+        api_delete :destroy, :id => user.id
+        response.status.should == 204
+      end
+      it "cannot delete other user" do
+        api_delete :destroy, :id => stranger.id
+        assert_unauthorized!
+      end
+      it "should only get own details on index" do
+        2.times { create(:user) }
+        api_get :index
+        Spree.user_class.count.should eq 3
+        json_response['count'].should eq 1
+        json_response['users'].size.should eq 1
+      end
+    end
+    context "as an admin" do
+      sign_in_as_admin!
+      it "gets all users" do
+        Spree::LegacyUser.stub :find_by_spree_api_key => current_api_user
+        2.times { create(:user) }
+        api_get :index
+        Spree.user_class.count.should eq 2
+        json_response['count'].should eq 2
+        json_response['users'].size.should eq 2
+      end
+      it 'can control the page size through a parameter' do
+        2.times { create(:user) }
+        api_get :index, :per_page => 1
+        json_response['count'].should == 1
+        json_response['current_page'].should == 1
+        json_response['pages'].should == 2
+      end
+      it 'can query the results through a paramter' do
+        expected_result = create(:user, :email => 'brian@spreecommerce.com')
+        api_get :index, :q => { :email_cont => 'brian' }
+        json_response['count'].should == 1
+        json_response['users'].first['email'].should eq expected_result.email
+      end
+      it "can create" do
+        api_post :create, :user => { :email => "new@example.com", :password => 'spree123', :password_confirmation => 'spree123' }
+        json_response.should have_attributes(attributes)
+        response.status.should == 201
+      end
+      it "can destroy user without orders" do
+        user.orders.destroy_all
+        api_delete :destroy, :id => user.id
+        response.status.should == 204
+      end
+      it "cannot destroy user with orders" do
+        create(:completed_order_with_totals, :user => user)
+        api_delete :destroy, :id => user.id
+        json_response["exception"].should eq "Spree::LegacyUser::DestroyWithOrdersError"
+        response.status.should == 422
+      end
+    end
+  end
+end

data/spec/models/spree/order_spec.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Spree
     it 'can build an order from API parameters' do
       product = Spree::Product.create!(:name => 'Test', :sku => 'TEST-1', :price => 33.22)
       variant_id = product.master.id
-      order = Order.build_from_api(user, { :line_items_attributes => [{ :variant_id => variant_id, :quantity => 5 }]})
+      order = Order.build_from_api(user, { :line_items_attributes => { "0" => { :variant_id => variant_id, :quantity => 5 }}})
       order.user.should == user
       line_item = order.line_items.first

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_api
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.2
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-01-06 00:00:00.000000000 Z
+date: 2013-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
@@ -18,7 +18,7 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.3.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.3.2
 - !ruby/object:Gem::Dependency
   name: versioncake
   requirement: !ruby/object:Gem::Requirement
@@ -89,8 +89,10 @@ files:
 - Rakefile
 - app/controllers/spree/api/addresses_controller.rb
 - app/controllers/spree/api/base_controller.rb
+- app/controllers/spree/api/checkouts_controller.rb
 - app/controllers/spree/api/countries_controller.rb
 - app/controllers/spree/api/images_controller.rb
+- app/controllers/spree/api/inventory_units_controller.rb
 - app/controllers/spree/api/line_items_controller.rb
 - app/controllers/spree/api/orders_controller.rb
 - app/controllers/spree/api/payments_controller.rb
@@ -100,8 +102,7 @@ files:
 - app/controllers/spree/api/shipments_controller.rb
 - app/controllers/spree/api/taxonomies_controller.rb
 - app/controllers/spree/api/taxons_controller.rb
-- app/controllers/spree/api/v1/base_controller.rb
-- app/controllers/spree/api/v1/inventory_units_controller.rb
+- app/controllers/spree/api/users_controller.rb
 - app/controllers/spree/api/variants_controller.rb
 - app/controllers/spree/api/zones_controller.rb
 - app/helpers/spree/api/api_helpers.rb
@@ -122,6 +123,7 @@ files:
 - app/views/spree/api/errors/not_found.v1.rabl
 - app/views/spree/api/errors/unauthorized.v1.rabl
 - app/views/spree/api/images/show.v1.rabl
+- app/views/spree/api/inventory_units/show.rabl
 - app/views/spree/api/line_items/new.v1.rabl
 - app/views/spree/api/line_items/show.v1.rabl
 - app/views/spree/api/orders/address.v1.rabl
@@ -158,7 +160,9 @@ files:
 - app/views/spree/api/taxons/new.v1.rabl
 - app/views/spree/api/taxons/show.v1.rabl
 - app/views/spree/api/taxons/taxons.v1.rabl
-- app/views/spree/api/v1/inventory_units/show.rabl
+- app/views/spree/api/users/index.v1.rabl
+- app/views/spree/api/users/new.v1.rabl
+- app/views/spree/api/users/show.v1.rabl
 - app/views/spree/api/variants/index.v1.rabl
 - app/views/spree/api/variants/new.v1.rabl
 - app/views/spree/api/variants/show.v1.rabl
@@ -183,8 +187,10 @@ files:
 - script/rails
 - spec/controllers/spree/api/addresses_controller_spec.rb
 - spec/controllers/spree/api/base_controller_spec.rb
+- spec/controllers/spree/api/checkouts_controller_spec.rb
 - spec/controllers/spree/api/countries_controller_spec.rb
 - spec/controllers/spree/api/images_controller_spec.rb
+- spec/controllers/spree/api/inventory_units_controller_spec.rb
 - spec/controllers/spree/api/line_items_controller_spec.rb
 - spec/controllers/spree/api/orders_controller_spec.rb
 - spec/controllers/spree/api/payments_controller_spec.rb
@@ -195,7 +201,7 @@ files:
 - spec/controllers/spree/api/taxonomies_controller_spec.rb
 - spec/controllers/spree/api/taxons_controller_spec.rb
 - spec/controllers/spree/api/unauthenticated_products_controller_spec.rb
-- spec/controllers/spree/api/v1/inventory_units_controller_spec.rb
+- spec/controllers/spree/api/users_controller_spec.rb
 - spec/controllers/spree/api/variants_controller_spec.rb
 - spec/controllers/spree/api/zones_controller_spec.rb
 - spec/fixtures/thinking-cat.jpg
@@ -221,7 +227,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4546587640053475121
+      hash: 2361962546786859221
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -230,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4546587640053475121
+      hash: 2361962546786859221
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.23
@@ -240,8 +246,10 @@ summary: Spree's API
 test_files:
 - spec/controllers/spree/api/addresses_controller_spec.rb
 - spec/controllers/spree/api/base_controller_spec.rb
+- spec/controllers/spree/api/checkouts_controller_spec.rb
 - spec/controllers/spree/api/countries_controller_spec.rb
 - spec/controllers/spree/api/images_controller_spec.rb
+- spec/controllers/spree/api/inventory_units_controller_spec.rb
 - spec/controllers/spree/api/line_items_controller_spec.rb
 - spec/controllers/spree/api/orders_controller_spec.rb
 - spec/controllers/spree/api/payments_controller_spec.rb
@@ -252,7 +260,7 @@ test_files:
 - spec/controllers/spree/api/taxonomies_controller_spec.rb
 - spec/controllers/spree/api/taxons_controller_spec.rb
 - spec/controllers/spree/api/unauthenticated_products_controller_spec.rb
-- spec/controllers/spree/api/v1/inventory_units_controller_spec.rb
+- spec/controllers/spree/api/users_controller_spec.rb
 - spec/controllers/spree/api/variants_controller_spec.rb
 - spec/controllers/spree/api/zones_controller_spec.rb
 - spec/fixtures/thinking-cat.jpg

data/app/controllers/spree/api/v1/base_controller.rb DELETED Viewed

@@ -1,111 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class BaseController < ActionController::Metal
-        include Spree::Api::ControllerSetup
-        attr_accessor :current_api_user
-        before_filter :set_content_type
-        before_filter :check_for_api_key, :if => :requires_authentication?
-        before_filter :authenticate_user
-        rescue_from Exception, :with => :error_during_processing
-        rescue_from CanCan::AccessDenied, :with => :unauthorized
-        rescue_from ActiveRecord::RecordNotFound, :with => :not_found
-        helper Spree::Api::ApiHelpers
-        def map_nested_attributes_keys(klass, attributes)
-          nested_keys = klass.nested_attributes_options.keys
-          attributes.inject({}) do |h, (k,v)|
-            key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
-            h[key] = v
-            h
-          end.with_indifferent_access
-        end
-        private
-        def set_content_type
-          content_type = case params[:format]
-          when "json"
-            "application/json"
-          when "xml"
-            "text/xml"
-          end
-          headers["Content-Type"] = content_type
-        end
-        def check_for_api_key
-          render "spree/api/v1/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
-        end
-        def authenticate_user
-          if requires_authentication? || api_key.present?
-            unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
-              render "spree/api/v1/errors/invalid_api_key", :status => 401 and return
-            end
-          else
-            # Effectively, an anonymous user
-            @current_api_user = Spree.user_class.new
-          end
-        end
-        def unauthorized
-          render "spree/api/v1/errors/unauthorized", :status => 401 and return
-        end
-        def requires_authentication?
-          Spree::Api::Config[:requires_authentication]
-        end
-        def not_found
-          render "spree/api/v1/errors/not_found", :status => 404 and return
-        end
-        def error_during_processing(exception)
-          render :text => { exception: exception.message }.to_json,
-                 :status => 422 and return
-        end
-        def current_ability
-          Spree::Ability.new(current_api_user)
-        end
-        def invalid_resource!(resource)
-          @resource = resource
-          render "spree/api/v1/errors/invalid_resource", :status => 422
-        end
-        def api_key
-          request.headers["X-Spree-Token"] || params[:token]
-        end
-        helper_method :api_key
-        def find_product(id)
-          begin
-            product_scope.find_by_permalink!(id.to_s)
-          rescue ActiveRecord::RecordNotFound
-            product_scope.find(id)
-          end
-        end
-        def product_scope
-          if current_api_user.has_spree_role?("admin")
-            scope = Product
-            unless params[:show_deleted]
-              scope = scope.not_deleted
-            end
-          else
-            scope = Product.active
-          end
-          scope.includes(:master)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/inventory_units_controller.rb DELETED Viewed

@@ -1,50 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class InventoryUnitsController < Spree::Api::V1::BaseController
-        before_filter :prepare_event, :only => :update
-        def show
-          @inventory_unit = inventory_unit
-        end
-        def update
-          authorize! :update, Order
-          inventory_unit.transaction do
-            if inventory_unit.update_attributes(params[:inventory_unit])
-              fire
-              render :show, :status => 200
-            else
-              invalid_resource!(inventory_unit)
-            end
-          end
-        end
-        private
-        def inventory_unit
-          @inventory_unit ||= InventoryUnit.find(params[:id])
-        end
-        def prepare_event
-          return unless @event = params[:fire]
-          can_event = "can_#{@event}?"
-          unless inventory_unit.respond_to?(can_event) &&
-                 inventory_unit.send(can_event)
-            render :text => { exception: "cannot transition to #{@event}" }.to_json,
-                    :status => 200
-            false
-          end
-        end
-        def fire
-          inventory_unit.send("#{@event}!") if @event
-        end
-      end
-    end
-  end
-end