Use versioncake for versioning of API resources

Fixes #2209

* Unversion zones controller so it can be used with Versioncake for testing purposes
* Zones controller using versioncake for versioning
* Move other controllers so they make use of Versioncake
* Rename all views to make use of Versioncake
* No v2 of api yet

api/app/controllers/spree/api/addresses_controller.rb

@@ -0,0 +1,17 @@
+module Spree
+  module Api
+    class AddressesController < Spree::Api::BaseController
+      def show
+        @address = Address.find(params[:id])
+        authorize! :read, @address
+      end
+
+      def update
+        @address = Address.find(params[:id])
+        authorize! :read, @address
+        @address.update_attributes(params[:address])
+        render :show, :status => 200
+      end
+    end
+  end
+end

api/app/controllers/spree/api/base_controller.rb

@@ -0,0 +1,111 @@
+module Spree
+  module Api
+    class BaseController < ActionController::Metal
+      include Spree::Api::ControllerSetup
+
+      attr_accessor :current_api_user
+
+      before_filter :set_content_type
+      before_filter :check_for_api_key, :if => :requires_authentication?
+      before_filter :authenticate_user
+      after_filter  :set_jsonp_format
+
+      rescue_from CanCan::AccessDenied, :with => :unauthorized
+      rescue_from ActiveRecord::RecordNotFound, :with => :not_found
+
+      helper Spree::Api::ApiHelpers
+
+      def set_jsonp_format
+        if params[:callback] && request.get?
+          self.response_body = "#{params[:callback]}(#{self.response_body})"
+          headers["Content-Type"] = 'application/javascript'
+        end
+      end
+
+      def map_nested_attributes_keys(klass, attributes)
+        nested_keys = klass.nested_attributes_options.keys
+        attributes.inject({}) do |h, (k,v)|
+          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
+          h[key] = v
+          h
+        end.with_indifferent_access
+      end
+
+      private
+
+      def set_content_type
+        content_type = case params[:format]
+        when "json"
+          "application/json"
+        when "xml"
+          "text/xml"
+        end
+        headers["Content-Type"] = content_type
+      end
+
+      def check_for_api_key
+        render "spree/api/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
+      end
+
+      def authenticate_user
+        if requires_authentication? || api_key.present?
+          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key)
+            render "spree/api/errors/invalid_api_key", :status => 401 and return
+          end
+        else
+          # Effectively, an anonymous user
+          @current_api_user = Spree.user_class.new
+        end
+      end
+
+      def unauthorized
+        render "spree/api/errors/unauthorized", :status => 401 and return
+      end
+
+      def requires_authentication?
+        Spree::Api::Config[:requires_authentication]
+      end
+
+      def not_found
+        render "spree/api/errors/not_found", :status => 404 and return
+      end
+
+      def current_ability
+        Spree::Ability.new(current_api_user)
+      end
+
+      def invalid_resource!(resource)
+        @resource = resource
+        render "spree/api/errors/invalid_resource", :status => 422
+      end
+
+      def api_key
+        request.headers["X-Spree-Token"] || params[:token]
+      end
+      helper_method :api_key
+
+      def find_product(id)
+        begin
+          product_scope.find_by_permalink!(id.to_s)
+        rescue ActiveRecord::RecordNotFound
+          product_scope.find(id)
+        end
+      end
+
+      def product_scope
+        if current_api_user.has_spree_role?("admin")
+          scope = Product
+          unless params[:show_deleted]
+            scope = scope.not_deleted
+          end
+        else
+          scope = Product.active
+        end
+
+        scope.includes(:master)
+      end
+
+    end
+  end
+end
+

api/app/controllers/spree/api/countries_controller.rb

@@ -0,0 +1,14 @@
+module Spree
+  module Api
+    class CountriesController < Spree::Api::BaseController
+      def index
+        @countries = Country.ransack(params[:q]).result.includes(:states).order('name ASC')
+          .page(params[:page]).per(params[:per_page])
+      end
+
+      def show
+        @country = Country.find(params[:id])
+      end
+    end
+  end
+end

api/app/controllers/spree/api/images_controller.rb

@@ -0,0 +1,29 @@
+module Spree
+  module Api
+    class ImagesController < Spree::Api::BaseController
+      def show
+        @image = Image.find(params[:id])
+      end
+
+      def create
+        authorize! :create, Image
+        @image = Image.create(params[:image])
+        render :show, :status => 201
+      end
+
+      def update
+        authorize! :update, Image
+        @image = Image.find(params[:id])
+        @image.update_attributes(params[:image])
+        render :show, :status => 200
+      end
+
+      def destroy
+        authorize! :delete, Image
+        @image = Image.find(params[:id])
+        @image.destroy
+        render :text => nil, :status => 204
+      end
+    end
+  end
+end

api/app/controllers/spree/api/line_items_controller.rb

@@ -0,0 +1,38 @@
+module Spree
+  module Api
+    class LineItemsController < Spree::Api::BaseController
+      def create
+        authorize! :read, order
+        @line_item = order.line_items.build(params[:line_item], :as => :api)
+        if @line_item.save
+          render :show, :status => 201
+        else
+          invalid_resource!(@line_item)
+        end
+      end
+
+      def update
+        authorize! :read, order
+        @line_item = order.line_items.find(params[:id])
+        if @line_item.update_attributes(params[:line_item])
+          render :show
+        else
+          invalid_resource!(@line_item)
+        end
+      end
+
+      def destroy
+        authorize! :read, order
+        @line_item = order.line_items.find(params[:id])
+        @line_item.destroy
+        render :text => nil, :status => 204
+      end
+
+      private
+
+      def order
+        @order ||= Order.find_by_number!(params[:order_id])
+      end
+    end
+  end
+end

api/app/controllers/spree/api/orders_controller.rb

@@ -0,0 +1,81 @@
+module Spree
+  module Api
+    class OrdersController < Spree::Api::BaseController
+      before_filter :authorize_read!, :except => [:index, :search, :create]
+
+      def index
+        # should probably look at turning this into a CanCan step
+        raise CanCan::AccessDenied unless current_api_user.has_spree_role?("admin")
+        @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+      end
+
+      def show
+      end
+
+      def create
+        @order = Order.build_from_api(current_api_user, nested_params)
+        next!(:status => 201)
+      end
+
+      def update
+        authorize! :update, Order
+        if order.update_attributes(nested_params)
+          order.update!
+          render :show
+        else
+          invalid_resource!(order)
+        end
+      end
+
+      def address
+        order.build_ship_address(params[:shipping_address]) if params[:shipping_address]
+        order.build_bill_address(params[:billing_address]) if params[:billing_address]
+        next!
+      end
+
+      def delivery
+        begin
+          ShippingMethod.find(params[:shipping_method_id])
+        rescue ActiveRecord::RecordNotFound
+          render :invalid_shipping_method, :status => 422
+        else
+          order.update_attribute(:shipping_method_id, params[:shipping_method_id])
+          next!
+        end
+      end
+
+      def cancel
+        order.cancel!
+        render :show
+      end
+
+      def empty
+        order.line_items.destroy_all
+        order.update!
+        render :text => nil, :status => 200
+      end
+
+      private
+
+      def nested_params
+        map_nested_attributes_keys Order, params[:order] || {}
+      end
+
+      def order
+        @order ||= Order.find_by_number!(params[:id])
+      end
+
+      def next!(options={})
+        if @order.valid? && @order.next
+          render :show, :status => options[:status] || 200
+        else
+          render :could_not_transition, :status => 422
+        end
+      end
+
+      def authorize_read!
+        authorize! :read, order
+      end
+    end
+  end
+end

api/app/controllers/spree/api/payments_controller.rb

@@ -0,0 +1,75 @@
+module Spree
+  module Api
+    class PaymentsController < Spree::Api::BaseController
+      before_filter :find_order
+      before_filter :find_payment, :only => [:show, :authorize, :purchase, :capture, :void, :credit]
+
+      def index
+        @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+      end
+
+      def new
+        @payment_methods = Spree::PaymentMethod.where(:environment => Rails.env)
+      end
+
+      def create
+        @payment = @order.payments.build(params[:payment])
+        if @payment.save
+          render :show, :status => 201
+        else
+          invalid_resource!(@payment)
+        end
+      end
+
+      def show
+      end
+
+      def authorize
+        perform_payment_action(:authorize)
+      end
+
+      def capture
+        perform_payment_action(:capture)
+      end
+
+      def purchase
+        perform_payment_action(:purchase)
+      end
+
+      def void
+        perform_payment_action(:void_transaction)
+      end
+
+      def credit
+        if params[:amount].to_f > @payment.credit_allowed
+          render "spree/api/payments/credit_over_limit", :status => 422
+        else
+          perform_payment_action(:credit, params[:amount])
+        end
+      end
+
+      private
+
+      def find_order
+        @order = Order.find_by_number(params[:order_id])
+        authorize! :read, @order
+      end
+
+      def find_payment
+        @payment = @order.payments.find(params[:id])
+      end
+
+      def perform_payment_action(action, *args)
+        authorize! action, Payment
+
+        begin
+          @payment.send("#{action}!", *args)
+          render :show
+        rescue Spree::Core::GatewayError => e
+          @error = e.message
+          render "spree/api/errors/gateway_error", :status => 422
+        end
+      end
+    end
+  end
+end