spree_bushido_api 0.80.27

data/LICENSE

@@ -0,0 +1,26 @@
+Copyright (c) 2007-2010, Rails Dog LLC and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,16 @@
+Spree API
+=========
+Manage orders,shipments etc. with a simple REST API
+
+See [RESTful API guide](http://spreecommerce.com/documentation/rest.html) for more details.
+
+Testing
+=======
+
+Create the test site
+
+    rake test_app
+
+Run the tests
+
+    rake spec

data/app/controllers/admin/users_controller_decorator.rb

@@ -0,0 +1,19 @@
+Admin::UsersController.class_eval do
+
+  before_filter :load_roles, :only => [:edit, :new, :update, :create, :generate_api_key, :clear_api_key]
+
+  def generate_api_key
+    if @user.generate_api_key!
+      flash.notice = t('api.key_generated')
+    end
+    redirect_to edit_admin_user_path(@user)
+  end
+
+  def clear_api_key
+    if @user.clear_api_key!
+      flash.notice = t('api.key_cleared')
+    end
+    redirect_to edit_admin_user_path(@user)
+  end
+
+end

data/app/controllers/api/base_controller.rb

@@ -0,0 +1,174 @@
+class Api::BaseController < Spree::BaseController
+  before_filter :check_http_authorization
+  before_filter :load_resource
+  skip_before_filter :verify_authenticity_token, :if => lambda { admin_token_passed_in_headers }
+  authorize_resource
+  
+  respond_to :json
+
+  def index
+    respond_with(@collection) do |format|
+      format.json { render :json => @collection.to_json(collection_serialization_options) }
+    end
+  end
+
+  def show
+    respond_with(@object) do |format|
+      format.json { render :json => @object.to_json(object_serialization_options) }
+    end
+  end
+
+  def create
+    if @object.save
+      render :text => "Resource created\n", :status => 201, :location => object_url
+    else
+      respond_with(@object.errors, :status => 422)
+    end
+  end
+
+  def update
+    if @object.update_attributes(params[object_name])
+      render :nothing => true
+    else
+      respond_with(@object.errors, :status => 422)
+    end
+  end
+
+  def admin_token_passed_in_headers
+    request.headers['HTTP_AUTHORIZATION'].present?
+  end
+
+  def access_denied
+    render :text => 'access_denied', :status => 401
+  end
+
+  # Generic action to handle firing of state events on an object
+  def event
+    valid_events = model_class.state_machine.events.map(&:name)
+    valid_events_for_object = @object ? @object.state_transitions.map(&:event) : []
+
+    if params[:e].blank?
+      errors = t('api.errors.missing_event')
+    elsif valid_events_for_object.include?(params[:e].to_sym)
+      @object.send("#{params[:e]}!")
+      errors = nil
+    elsif valid_events.include?(params[:e].to_sym)
+      errors = t('api.errors.invalid_event_for_object', :events => valid_events_for_object.join(','))
+    else
+      errors = t('api.errors.invalid_event', :events => valid_events.join(','))
+    end
+
+    respond_to do |wants|
+      wants.json do
+        if errors.blank?
+          render :nothing => true
+        else
+          render :json => errors.to_json, :status => 422
+        end
+      end
+    end
+  end
+
+  protected
+    def model_class
+      controller_name.classify.constantize
+    end
+    
+    def object_name
+      controller_name.singularize
+    end
+    
+    def load_resource
+      if member_action?
+        @object ||= load_resource_instance
+        instance_variable_set("@#{object_name}", @object)
+      else
+        @collection ||= collection
+        instance_variable_set("@#{controller_name}", @collection)
+      end
+    end
+    
+    def load_resource_instance
+      if new_actions.include?(params[:action].to_sym)
+        build_resource
+      elsif params[:id]
+        find_resource
+      end
+    end
+    
+    def parent
+      nil
+    end
+
+    def find_resource
+      if parent.present?
+        parent.send(controller_name).find(params[:id])
+      else
+        model_class.includes(eager_load_associations).find(params[:id])
+      end
+    end
+    
+    def build_resource
+      if parent.present?
+        parent.send(controller_name).build(params[object_name])
+      else
+        model_class.new(params[object_name])
+      end
+    end
+    
+    def collection
+      return @search unless @search.nil?      
+      params[:search] = {} if params[:search].blank?
+      params[:search][:meta_sort] = 'created_at.desc' if params[:search][:meta_sort].blank?
+      
+      scope = parent.present? ? parent.send(controller_name) : model_class.scoped
+     
+      @search = scope.metasearch(params[:search]).relation.limit(100)
+      @search
+    end
+
+    def collection_serialization_options
+      {}
+    end
+
+    def object_serialization_options
+      {}
+    end
+
+    def eager_load_associations
+      nil
+    end
+
+    def object_errors
+      {:errors => object.errors.full_messages}
+    end
+
+    def object_url(object = nil, options = {})
+      target = object ? object : @object
+      if parent.present?
+        send "admin_#{parent[:model_name]}_#{object_name}_url", parent, target, options
+      else
+        send "admin_#{object_name}_url", target, options
+      end
+    end
+    
+    def collection_actions
+      [:index]
+    end
+
+    def member_action?
+      !collection_actions.include? params[:action].to_sym
+    end
+
+    def new_actions
+      [:new, :create]
+    end
+
+  private
+  def check_http_authorization
+    if request.headers['HTTP_AUTHORIZATION'].blank?
+      render :text => "Access Denied\n", :status => 401
+    end
+  end
+
+end

data/app/controllers/api/countries_controller.rb

@@ -0,0 +1,3 @@
+class Api::CountriesController < Api::BaseController
+  before_filter :access_denied, :except => [:index, :show]
+end

data/app/controllers/api/inventory_units_controller.rb

@@ -0,0 +1,19 @@
+class Api::InventoryUnitsController < Api::BaseController
+  private
+    def parent
+      if params[:order_id]
+        @parent = Order.find_by_param(params[:order_id])
+      elsif params[:shipment_id]
+        @parent = Shipment.find_by_param(params[:shipment_id])
+      end
+    end
+  
+    def parent_data
+      [params[:order_id], params[:shipment_id]].compact
+    end
+    
+    def eager_load_associations
+      [:variant]
+    end
+
+end

data/app/controllers/api/line_items_controller.rb

@@ -0,0 +1,22 @@
+class Api::LineItemsController < Api::BaseController
+
+  private
+    def parent
+      if params[:order_id]
+        @parent ||= Order.find_by_param(params[:order_id])
+      end
+    end
+  
+    def parent_data
+      params[:order_id]
+    end
+    
+    def collection_serialization_options
+      { :include => [:variant], :methods => [:description] }
+    end
+
+    def object_serialization_options
+      collection_serialization_options
+    end
+
+end

data/app/controllers/api/orders_controller.rb

@@ -0,0 +1,20 @@
+class Api::OrdersController < Api::BaseController
+  before_filter :access_denied, :except => [:index, :show]
+
+  private
+
+    def find_resource
+      Order.find_by_param(params[:id])
+    end
+
+    def object_serialization_options
+      { :include => {
+          :bill_address => {:include => [:country, :state]},
+          :ship_address => {:include => [:country, :state]},
+          :shipments => {:include => [:shipping_method, :address]},
+          :line_items => {:include => [:variant]}
+          }
+      }
+    end
+
+end

data/app/controllers/api/products_controller.rb

@@ -0,0 +1,14 @@
+class Api::ProductsController < Api::BaseController
+  include Spree::Search
+
+  private
+    def collection
+      params[:per_page] ||= 100
+      @searcher = Spree::Config.searcher_class.new(params)
+      @collection = @searcher.retrieve_products
+    end
+
+    def object_serialization_options
+      { :include => [:master, :variants, :taxons] }
+    end
+end

data/app/controllers/api/shipments_controller.rb

@@ -0,0 +1,37 @@
+class Api::ShipmentsController < Api::BaseController
+
+  private
+    def parent
+      if params[:order_id]
+        @parent ||= Order.find_by_param(params[:order_id])
+      end
+    end
+    
+    def collection_serialization_options
+      { :include => {:shipping_method => {}, :address => {}, :inventory_units => {:include => :variant}},
+      :except => [:shipping_method_id, :address_id] }
+    end
+
+    def object_serialization_options
+      { :include =>  {
+        :shipping_method => {},
+        :address => {:include => [:country, :state]},
+        :inventory_units => {
+          :include => {
+            :variant => {
+              :include => {
+                :product => {:only => [:name]}
+                }
+              }
+            }
+          }
+        },
+        :except => [:shipping_method_id, :address_id]
+      }
+    end
+
+    def eager_load_associations
+      [:shipping_method, :address, {:inventory_units => [:variant]}]
+    end
+
+end

data/app/controllers/api/states_controller.rb

@@ -0,0 +1,8 @@
+class Api::StatesController < Api::BaseController
+  before_filter :access_denied, :except => [:index, :show]
+
+  private
+  def parent
+    @parent ||= Country.find(params[:country_id])
+  end
+end

data/app/models/line_item_decorator.rb

@@ -0,0 +1,7 @@
+LineItem.class_eval do
+  def description
+    d = variant.product.name.clone
+    d << " (#{variant.options_text})" unless variant.option_values.empty?
+    d
+  end
+end

data/app/models/order_decorator.rb

@@ -0,0 +1,5 @@
+Order.class_eval do
+  def self.find_by_param(param)
+    Order.where("id = ? OR number = ?", param, param).first
+  end
+end

data/app/models/shipment_decorator.rb

@@ -0,0 +1,5 @@
+Shipment.class_eval do
+  def self.find_by_param(param)
+    Shipment.where("id = ? OR number = ?", param, param).first
+  end
+end

data/app/models/user_decorator.rb

@@ -0,0 +1,22 @@
+User.class_eval do
+
+  def clear_api_key!
+    self.update_attribute(:authentication_token, "")
+  end
+
+  def generate_api_key!
+    self.reset_authentication_token!
+  end
+
+  #def self.authenticate_with_http(username, password)
+  #  logger.debug(username)
+  #  self.authenticate_with_token(:auth_token => username)
+  #end
+
+  private
+
+  def secure_digest(*args)
+    Digest::SHA1.hexdigest(args.flatten.join('--'))
+  end
+
+end

data/app/views/admin/users/_api_fields.html.erb

@@ -0,0 +1,16 @@
+<h2><%= t('api.access') %></h2>
+
+<% if @user.authentication_token.present? %>
+  <p><strong><%= t('api.key') %></strong> <%= @user.authentication_token %></p>
+  <%= form_tag clear_api_key_admin_user_path(@user), :method => :put do %>
+    <%= button t("api.clear_key") %>
+  <% end %>
+  <%= form_tag generate_api_key_admin_user_path(@user), :method => :put do %>
+    <%= button t("api.regenerate_key") %>
+  <% end %>
+<% else %>
+  <p><%= t('api.no_key') %></p>
+  <%= form_tag generate_api_key_admin_user_path(@user), :method => :put do %>
+    <%= button t("api.generate_key") %>
+  <% end %>
+<% end %>

data/config/cucumber.yml

@@ -0,0 +1,10 @@
+<%
+rerun = File.file?('rerun.txt') ? IO.read('rerun.txt') : ""
+rerun_opts = rerun.to_s.strip.empty? ? "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} features" : "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} #{rerun}"
+std_opts = "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} --strict --tags ~@wip"
+ci_opts = "--format progress --strict"
+%>
+default: <%= std_opts %> features
+wip: --tags @wip:3 --wip features
+ci: <%= ci_opts %> features CI=true
+rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip

data/config/locales/en.yml

@@ -0,0 +1,16 @@
+---
+en:
+  api: "API"
+  api:
+    access: "API Access"
+    clear_key: "Clear API key"
+    errors:
+      invalid_event: "Invalid event name, valid names are %{events}"
+      invalid_event_for_object: "Valid event name but not allowed for this object, valid names are %{events}"
+      missing_event: "No event name supplied"
+    generate_key: "Generate API key"
+    key: "API Key"
+    regenerate_key: "Regenerate API key"
+    no_key: "No key defined"
+    key_generated: "API key generated"
+    key_cleared: "API key cleared"

data/config/routes.rb

@@ -0,0 +1,36 @@
+Rails.application.routes.draw do
+  namespace :admin do
+    resources :users do
+      member do
+        put :generate_api_key
+        put :clear_api_key
+      end
+    end
+  end
+
+  namespace :api do
+    resources :shipments, :except => [:new,:edit] do
+      put :event, :on => :member
+      resources :inventory_units, :except => [:new,:edit] do
+        put :event, :on => :member
+      end
+    end
+    resources :orders, :except => [:new,:edit] do
+      put :event, :on => :member
+      resources :shipments, :except => [:new,:edit]
+      resources :line_items, :except => [:new,:edit]
+      resources :inventory_units, :except => [:new,:edit] do
+        put :event, :on => :member
+      end
+    end
+    resources :inventory_units, :except => [:new,:edit] do
+      put :event, :on => :member
+    end
+    resources :products, :except => [:new,:edit]
+    resources :countries, :except => [:new,:edit] do
+      resources :states, :except => [:new,:edit]
+    end
+    resources :states, :except => [:new,:edit]
+  end
+
+end

data/db/migrate/20100107141738_add_api_key_to_users.rb

@@ -0,0 +1,9 @@
+class AddApiKeyToUsers < ActiveRecord::Migration
+  def self.up
+    add_column "users", "api_key", :string, :limit => 40
+  end
+
+  def self.down
+    remove_column "users", "api_key"
+  end
+end

data/lib/spree_api.rb

@@ -0,0 +1,16 @@
+require 'spree_core'
+require 'spree_api_hooks'
+
+module SpreeApi
+  class Engine < Rails::Engine
+    def self.activate
+
+      Dir.glob(File.join(File.dirname(__FILE__), "../app/**/*_decorator*.rb")) do |c|
+        Rails.env.production? ? require(c) : load(c)
+      end
+
+    end
+    config.autoload_paths += %W(#{config.root}/lib)
+    config.to_prepare &method(:activate).to_proc
+  end
+end

data/lib/spree_api_hooks.rb

@@ -0,0 +1,3 @@
+class ApiHooks < Spree::ThemeSupport::HookListener
+  insert_after :admin_user_edit_form, :partial => "admin/users/api_fields"
+end

data/lib/tasks/install.rake

@@ -0,0 +1,23 @@
+namespace :spree_bushido_api do
+  desc "Copies all migrations and assets (NOTE: This will be obsolete with Rails 3.1)"
+  task :install do
+    Rake::Task['spree_bushido_api:install:migrations'].invoke
+    Rake::Task['spree_bushido_api:install:assets'].invoke
+  end
+
+  namespace :install do
+
+    desc "Copies all migrations (NOTE: This will be obsolete with Rails 3.1)"
+    task :migrations do
+      source = File.join(File.dirname(__FILE__), '..', '..', 'db')
+      destination = File.join(Rails.root, 'db')
+      Spree::FileUtilz.mirror_files(source, destination)
+    end
+
+    desc "Copies all assets (NOTE: This will be obsolete with Rails 3.1)"
+    task :assets do
+      # No assets
+    end
+
+  end
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification 
+name: spree_bushido_api
+version: !ruby/object:Gem::Version 
+  hash: 361
+  prerelease: 
+  segments: 
+  - 0
+  - 80
+  - 27
+  version: 0.80.27
+platform: ruby
+authors: 
+- David North
+- Akash Manohar
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-09-01 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: spree_core
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 237
+        segments: 
+        - 0
+        - 60
+        - 1
+        version: 0.60.1
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: spree_bushido_auth
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 361
+        segments: 
+        - 0
+        - 80
+        - 27
+        version: 0.80.27
+  type: :runtime
+  version_requirements: *id002
+description: Required dependancy for Spree
+email: akash@akash.im
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- LICENSE
+- README.md
+- app/controllers/admin/users_controller_decorator.rb
+- app/controllers/api/base_controller.rb
+- app/controllers/api/countries_controller.rb
+- app/controllers/api/inventory_units_controller.rb
+- app/controllers/api/line_items_controller.rb
+- app/controllers/api/orders_controller.rb
+- app/controllers/api/products_controller.rb
+- app/controllers/api/shipments_controller.rb
+- app/controllers/api/states_controller.rb
+- app/models/line_item_decorator.rb
+- app/models/order_decorator.rb
+- app/models/shipment_decorator.rb
+- app/models/user_decorator.rb
+- app/views/admin/users/_api_fields.html.erb
+- config/cucumber.yml
+- config/locales/en.yml
+- config/routes.rb
+- lib/spree_api.rb
+- lib/spree_api_hooks.rb
+- lib/tasks/install.rake
+- db/migrate/20100107141738_add_api_key_to_users.rb
+homepage: http://spreecommerce.com
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 57
+      segments: 
+      - 1
+      - 8
+      - 7
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: 
+- none
+rubyforge_project: 
+rubygems_version: 1.8.6
+signing_key: 
+specification_version: 3
+summary: Provides RESTful access for Spree.
+test_files: []
+