spree_api 1.3.5 → 2.0.0.rc1

checksums.yaml

@@ -1,7 +1,15 @@
 ---
-SHA1:
-  metadata.gz: f36fa5b9ac229e7e973c1c724fda3cf3e9cd50ad
-  data.tar.gz: 78a1596cc6c1ed5014fc22c65319c431cb6a08de
-SHA512:
-  metadata.gz: ab336cf7a3b2b2c56070dd047fd1844c3abf8051431c8171d078534289f8274e323a9c6f85eae06132bf6427effc5fa67762b4c071660da4e7d02b552a2fc916
-  data.tar.gz: ec3c418cb4b1b6351d8cc879d27acab755e8c45f62900150203c8a6d7d8854507cc3199c63c210c47ee400553354556050c4aca371db63b3087f9f52a3d4aca7
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    OWE5YWU1MDZmMjkwNjViNmI0NWNhYmYxMzRhYzgxNjU2NmJmMzkzYw==
+  data.tar.gz: !binary |-
+    ODliMjc0ZjAyMDhhZjkyYTUwMGU5MGM1MDMzYjA3Yjk2OGJjNTE1NQ==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    MzkzYzE5N2M3MDgyODdhNDcyMzdjMmRmMDkyYzZhZTczYjFhMTZmZjE2NDBm
+    MWQ4NDIzODE3NzBmMDAyZjE4NzQ0NTY4YmU4MzdkNGJkNTAyMWM2YjIzYWEy
+    NmNhYzU0MmE0NzYyNDk2NGZkMjBiZjQwYTQxMGMxYzEyOGNkYjk=
+  data.tar.gz: !binary |-
+    ZjNhMGJiNzg0ZDIwYzgxMzcxYTkwZDdjMTQwYmU0NDMzYWVhMzNlYzE4NWQx
+    ZGMwODE3ZTA2NTRjMWM0Yjc1NDIzMjNkMTI0ZDEwYWFlNDg2YjA5MjM3NTE0
+    ZDU0MDA1M2IyODVkMGQyNmJmY2YyYWIwNjViMWVkMTA4NWYxNmY=

data/Rakefile

@@ -4,7 +4,7 @@ require 'rake/testtask'
 require 'rake/packagetask'
 require 'rubygems/package_task'
 require 'rspec/core/rake_task'
-require 'spree/core/testing_support/common_rake'
+require 'spree/testing_support/common_rake'
 require 'rails/all'
 
 Bundler::GemHelper.install_tasks

data/app/controllers/spree/api/addresses_controller.rb

@@ -1,7 +1,6 @@
 module Spree
   module Api
     class AddressesController < Spree::Api::BaseController
-      respond_to :json
 
       def show
         @address = Address.find(params[:id])

data/app/controllers/spree/api/base_controller.rb

@@ -1,15 +1,20 @@
+require_dependency 'spree/api/controller_setup'
+
 module Spree
   module Api
     class BaseController < ActionController::Metal
       include Spree::Api::ControllerSetup
+      include Spree::Core::ControllerHelpers::SSL
       include ::ActionController::Head
 
       self.responder = Spree::Api::Responders::AppResponder
 
+      respond_to :json
+
       attr_accessor :current_api_user
 
       before_filter :set_content_type
-      before_filter :check_for_api_key, :if => :requires_authentication?
+      before_filter :check_for_user_or_api_key, :if => :requires_authentication?
       before_filter :authenticate_user
       after_filter  :set_jsonp_format
 
@@ -49,18 +54,25 @@ module Spree
         headers["Content-Type"] = content_type
       end
 
-      def check_for_api_key
-        render "spree/api/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
+      def check_for_user_or_api_key
+        # User is already authenticated with Spree, make request this way instead.
+        return true if @current_api_user = try_spree_current_user || !Spree::Api::Config[:requires_authentication]
+
+        if api_key.blank?
+          render "spree/api/errors/must_specify_api_key", :status => 401 and return
+        end
       end
 
       def authenticate_user
-        if requires_authentication? || api_key.present?
-          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
-            render "spree/api/errors/invalid_api_key", :status => 401 and return
+        unless @current_api_user
+          if requires_authentication? || api_key.present?
+            unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
+              render "spree/api/errors/invalid_api_key", :status => 401 and return
+            end
+          else
+            # An anonymous user
+            @current_api_user = Spree.user_class.new
           end
-        else
-          # Effectively, an anonymous user
-          @current_api_user = Spree.user_class.new
         end
       end
 

data/app/controllers/spree/api/checkouts_controller.rb

@@ -1,17 +1,11 @@
 module Spree
   module Api
     class CheckoutsController < Spree::Api::BaseController
-      before_filter :load_order, :only => :update
+      before_filter :load_order, :only => [:update, :next]
       before_filter :associate_user, :only => :update
 
-      # Spree::Core::ControllerHelpers::Auth overrides 
-      # Spree::Api::BaseController's unauthorized method...
-      # Which is not a good thing.
-      # Here's a small hack to shuffle around the method.
-      alias_method :real_unauthorized, :unauthorized
       include Spree::Core::ControllerHelpers::Auth
       include Spree::Core::ControllerHelpers::Order
-      alias_method :unauthorized, :real_unauthorized
 
       respond_to :json
 
@@ -21,22 +15,28 @@ module Spree
       end
 
       def update
-        authorize! :update, @order, params[:order_token]
-        respond_with(@order, :default_template => 'spree/api/orders/show') and return if @order.state == "complete"
-
-        if object_params && object_params[:user_id].present?
-          @order.update_attribute(:user_id, object_params[:user_id])
-          object_params.delete(:user_id)
-        end
-
-        if @order.update_attributes(object_params) && @order.next
-          state_callback(:after)
+        user_id = object_params.delete(:user_id)
+        if @order.update_attributes(object_params)
+          # TODO: Replace with better code when we switch to strong_parameters
+          # Also remove above user_id stripping
+          if current_api_user.has_spree_role?("admin") && user_id.present?
+            @order.associate_user!(Spree.user_class.find(user_id))
+          end
+          return if after_update_attributes
+          state_callback(:after) if @order.next
           respond_with(@order, :default_template => 'spree/api/orders/show')
         else
-          respond_with(@order, :default_template => 'spree/api/orders/could_not_transition', :status => 422)
+          invalid_resource!(@order)
         end
       end
 
+      def next
+        @order.next!
+        respond_with(@order, :default_template => 'spree/api/orders/show', :status => 200)
+        rescue StateMachine::InvalidTransition
+          respond_with(@order, :default_template => 'spree/api/orders/could_not_transition', :status => 422)
+      end
+
       private
 
         def object_params
@@ -50,7 +50,7 @@ module Spree
               params[:order][:payments_attributes].first[:amount] = @order.total
             end
           end
-          params[:order]
+          params[:order] || {}
         end
 
         def nested_params
@@ -70,6 +70,14 @@ module Spree
           state_callback(:before)
         end
 
+        def current_currency
+          Spree::Config[:currency]
+        end
+
+        def ip_address
+          ''
+        end
+
         def raise_insufficient_quantity
           respond_with(@order, :default_template => 'spree/api/orders/insufficient_quantity')
         end
@@ -86,7 +94,7 @@ module Spree
 
         def before_delivery
           return if params[:order].present?
-          @order.shipping_method ||= (@order.rate_hash.first && @order.rate_hash.first[:shipping_method])
+          @order.create_proposed_shipments
         end
 
         def before_payment
@@ -100,6 +108,18 @@ module Spree
             render 'spree/api/orders/could_not_transition', :status => 422
           end
         end
+
+        def after_update_attributes
+          if object_params && object_params[:coupon_code].present?
+            coupon_result = Spree::Promo::CouponApplicator.new(@order).apply
+            if !coupon_result[:coupon_applied?]
+              @coupon_message = coupon_result[:error]
+              respond_with(@order, :default_template => 'spree/api/orders/could_not_apply_coupon')
+              return true
+            end
+          end
+          false
+        end
     end
   end
 end

data/app/controllers/spree/api/countries_controller.rb

@@ -1,7 +1,6 @@
 module Spree
   module Api
     class CountriesController < Spree::Api::BaseController
-      respond_to :json
 
       def index
         @countries = Country.ransack(params[:q]).result.

data/app/controllers/spree/api/inventory_units_controller.rb

@@ -34,7 +34,7 @@ module Spree
         unless inventory_unit.respond_to?(can_event) &&
                inventory_unit.send(can_event)
           render :text => { :exception => "cannot transition to #{@event}" }.to_json,
-                  :status => 200
+                 :status => 200
           false
         end
       end

data/app/controllers/spree/api/option_types_controller.rb

@@ -0,0 +1,46 @@
+module Spree
+  module Api
+    class OptionTypesController < Spree::Api::BaseController
+      def index
+        if params[:ids]
+          @option_types = Spree::OptionType.where(:id => params[:ids].split(','))
+        else
+          @option_types = Spree::OptionType.scoped.ransack(params[:q]).result
+        end
+        respond_with(@option_types)
+      end
+
+      def show
+      	@option_type = Spree::OptionType.find(params[:id])
+      	respond_with(@option_type)
+      end
+
+      def create
+      	authorize! :create, Spree::OptionType
+      	@option_type = Spree::OptionType.new(params[:option_type])
+        if @option_type.save
+          render :show, :status => 201
+        else
+          invalid_resource!(@option_type)
+        end
+      end
+
+      def update
+        authorize! :update, Spree::OptionType
+        @option_type = Spree::OptionType.find(params[:id])
+        if @option_type.update_attributes(params[:option_type])
+          render :show
+        else
+          invalid_resource!(@option_type)
+        end
+      end
+
+      def destroy
+        authorize! :destroy, Spree::OptionType
+        @option_type = Spree::OptionType.find(params[:id])
+        @option_type.destroy
+        render :text => nil, :status => 204
+      end
+    end
+  end
+end

data/app/controllers/spree/api/option_values_controller.rb

@@ -0,0 +1,56 @@
+module Spree
+  module Api
+    class OptionValuesController < Spree::Api::BaseController
+      def index
+        if params[:ids]
+          @option_values = scope.where(:id => params[:ids])
+        else
+          @option_values = scope.ransack(params[:q]).result
+        end
+        respond_with(@option_values)
+      end
+
+      def show
+      	@option_value = scope.find(params[:id])
+      	respond_with(@option_value)
+      end
+
+      def create
+      	authorize! :create, Spree::OptionValue
+      	@option_value = scope.new(params[:option_value])
+        if @option_value.save
+          render :show, :status => 201
+        else
+          invalid_resource!(@option_value)
+        end
+      end
+
+      def update
+        authorize! :update, Spree::OptionValue
+        @option_value = scope.find(params[:id])
+        if @option_value.update_attributes(params[:option_value])
+          render :show
+        else
+          invalid_resource!(@option_value)
+        end
+      end
+
+      def destroy
+        authorize! :destroy, Spree::OptionValue
+        @option_value = scope.find(params[:id])
+        @option_value.destroy
+        render :text => nil, :status => 204
+      end
+
+      private
+
+        def scope
+          if params[:option_type_id]
+            @scope ||= Spree::OptionType.find(params[:option_type_id]).option_values
+          else
+            @scope ||= Spree::OptionValue.scoped
+          end
+        end
+    end
+  end
+end

data/app/controllers/spree/api/orders_controller.rb

@@ -17,17 +17,12 @@ module Spree
       end
 
       def create
-        nested_params[:line_items_attributes] = sanitize_line_items(nested_params[:line_items_attributes])
         @order = Order.build_from_api(current_api_user, nested_params)
         respond_with(order, :default_template => :show, :status => 201)
       end
 
       def update
         authorize! :update, Order
-        # Parsing line items through as an update_attributes call in the API will result in
-        # many line items for the same variant_id being created. We must be smarter about this,
-        # hence the use of the update_line_items method, defined within order_decorator.rb.
-        nested_params[:line_items_attributes] = sanitize_line_items(nested_params[:line_items_attributes])
         if order.update_attributes(nested_params)
           order.update!
           respond_with(order, :default_template => :show)
@@ -50,22 +45,7 @@ module Spree
       private
 
       def nested_params
-        @nested_params ||= map_nested_attributes_keys(Order, params[:order] || {})
-      end
-
-      def sanitize_line_items(line_item_attributes)
-        return {} if line_item_attributes.blank?
-        line_item_attributes = line_item_attributes.map do |id, attributes|
-          attributes ||= id
-
-          # Faux Strong-Parameters code to strip price if user isn't an admin
-          if current_api_user.has_spree_role?("admin")
-            [id, attributes.slice(*Spree::LineItem.attr_accessible[:api])]
-          else
-            [id, attributes.slice(*Spree::LineItem.attr_accessible[:default])]
-          end
-        end
-        line_item_attributes = Hash[line_item_attributes].delete_if { |k,v| v.empty? }
+        map_nested_attributes_keys Order, params[:order] || {}
       end
 
       def order

data/app/controllers/spree/api/product_properties_controller.rb

@@ -47,7 +47,6 @@ module Spree
         else
           invalid_resource!(@product_property)
         end
-
       end
 
       private

data/app/controllers/spree/api/products_controller.rb

@@ -4,7 +4,14 @@ module Spree
       respond_to :json
 
       def index
-        @products = product_scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        if params[:ids]
+          @products = product_scope.where(:id => params[:ids])
+        else
+          @products = product_scope.ransack(params[:q]).result
+        end
+
+        @products = @products.page(params[:page]).per(params[:per_page])
+
         respond_with(@products)
       end
 
@@ -19,33 +26,11 @@ module Spree
       def create
         authorize! :create, Product
         params[:product][:available_on] ||= Time.now
-
-        variants_attributes = params[:product].delete(:variants_attributes) || []
-        option_type_attributes = params[:product].delete(:option_types) || []
-
         @product = Product.new(params[:product])
-        begin
-          if @product.save
-            variants_attributes.each do |variant_attribute|
-              variant = @product.variants.new
-              variant.update_attributes(variant_attribute)
-            end
-
-            option_type_attributes.each do |name|
-              option_type = OptionType.where(name: name).first_or_initialize do |option_type|
-                option_type.presentation = name
-                option_type.save!
-              end
-
-              @product.option_types << option_type unless @product.option_types.include?(option_type)
-            end
-
-            respond_with(@product, :status => 201, :default_template => :show)
-          else
-            invalid_resource!(@product)
-          end
-        rescue ActiveRecord::RecordNotUnique
-          retry
+        if @product.save
+          respond_with(@product, :status => 201, :default_template => :show)
+        else
+          invalid_resource!(@product)
         end
       end
 

data/app/controllers/spree/api/properties_controller.rb

@@ -0,0 +1,61 @@
+module Spree
+  module Api
+    class PropertiesController < Spree::Api::BaseController
+      respond_to :json
+
+      before_filter :find_property, :only => [:show, :update, :destroy]
+
+      def index
+        @properties = Spree::Property.
+                      ransack(params[:q]).result.
+                      page(params[:page]).per(params[:per_page])
+        respond_with(@properties)
+      end
+
+      def show
+        respond_with(@property)
+      end
+
+      def new
+      end
+
+      def create
+        authorize! :create, Property
+        @property = Spree::Property.new(params[:property])
+        if @property.save
+          respond_with(@property, :status => 201, :default_template => :show)
+        else
+          invalid_resource!(@property)
+        end
+      end
+
+      def update
+        authorize! :update, Property
+        if @property && @property.update_attributes(params[:property])
+          respond_with(@property, :status => 200, :default_template => :show)
+        else
+          invalid_resource!(@property)
+        end
+      end
+
+      def destroy
+        authorize! :delete, Property
+        if(@property)
+          @property.destroy
+          respond_with(@property, :status => 204)
+        else
+          invalid_resource!(@property)
+        end
+      end
+
+      private
+
+      def find_property
+        @property = Spree::Property.find(params[:id])
+      rescue ActiveRecord::RecordNotFound
+        @property = Spree::Property.find_by_name!(params[:id])
+      end
+
+    end
+  end
+end