RubyGems - goca-spree-api - Versions diffs - 3.1.14.rails.5.0 - Mend

goca-spree-api 3.1.14.rails.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

data/app/controllers/spree/api/v1/option_types_controller.rb ADDED Viewed

@@ -0,0 +1,51 @@
+module Spree
+  module Api
+    module V1
+      class OptionTypesController < Spree::Api::BaseController
+        def index
+          if params[:ids]
+            @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+          else
+            @option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability, :read).load.ransack(params[:q]).result
+          end
+          respond_with(@option_types)
+        end
+        def show
+          @option_type = Spree::OptionType.accessible_by(current_ability, :read).find(params[:id])
+          respond_with(@option_type)
+        end
+        def create
+          authorize! :create, Spree::OptionType
+          @option_type = Spree::OptionType.new(option_type_params)
+          if @option_type.save
+            render :show, :status => 201
+          else
+            invalid_resource!(@option_type)
+          end
+        end
+        def update
+          @option_type = Spree::OptionType.accessible_by(current_ability, :update).find(params[:id])
+          if @option_type.update_attributes(option_type_params)
+            render :show
+          else
+            invalid_resource!(@option_type)
+          end
+        end
+        def destroy
+          @option_type = Spree::OptionType.accessible_by(current_ability, :destroy).find(params[:id])
+          @option_type.destroy
+          render :text => nil, :status => 204
+        end
+        private
+          def option_type_params
+            params.require(:option_type).permit(permitted_option_type_attributes)
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/option_values_controller.rb ADDED Viewed

@@ -0,0 +1,60 @@
+module Spree
+  module Api
+    module V1
+      class OptionValuesController < Spree::Api::BaseController
+        def index
+          if params[:ids]
+            @option_values = scope.where(:id => params[:ids])
+          else
+            @option_values = scope.ransack(params[:q]).result.distinct
+          end
+          respond_with(@option_values)
+        end
+        def show
+          @option_value = scope.find(params[:id])
+          respond_with(@option_value)
+        end
+        def create
+          authorize! :create, Spree::OptionValue
+          @option_value = scope.new(option_value_params)
+          if @option_value.save
+            render :show, :status => 201
+          else
+            invalid_resource!(@option_value)
+          end
+        end
+        def update
+          @option_value = scope.accessible_by(current_ability, :update).find(params[:id])
+          if @option_value.update_attributes(option_value_params)
+            render :show
+          else
+            invalid_resource!(@option_value)
+          end
+        end
+        def destroy
+          @option_value = scope.accessible_by(current_ability, :destroy).find(params[:id])
+          @option_value.destroy
+          render :text => nil, :status => 204
+        end
+        private
+          def scope
+            if params[:option_type_id]
+              @scope ||= Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability, :read)
+            else
+              @scope ||= Spree::OptionValue.accessible_by(current_ability, :read).load
+            end
+          end
+          def option_value_params
+            params.require(:option_value).permit(permitted_option_value_attributes)
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/orders_controller.rb ADDED Viewed

@@ -0,0 +1,148 @@
+module Spree
+  module Api
+    module V1
+      class OrdersController < Spree::Api::BaseController
+        skip_before_action :authenticate_user, only: :apply_coupon_code
+        before_action :find_order, except: [:create, :mine, :current, :index, :update]
+        # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
+        Order.checkout_steps.keys.each do |step|
+          define_method step do
+            find_order
+            authorize! :update, @order, params[:token]
+          end
+        end
+        def cancel
+          authorize! :update, @order, params[:token]
+          @order.canceled_by(current_api_user)
+          respond_with(@order, default_template: :show)
+        end
+        def approve
+          authorize! :approve, @order, params[:token]
+          @order.approved_by(current_api_user)
+          respond_with(@order, default_template: :show)
+        end
+        def create
+          authorize! :create, Spree::Order
+          if can?(:admin, Spree::Order)
+            order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
+              Spree.user_class.find(order_params[:user_id])
+            else
+              current_api_user
+            end
+            import_params = if @current_user_roles.include?("admin")
+              params[:order].present? ? params[:order].permit! : {}
+            else
+              order_params
+            end
+            @order = Spree::Core::Importer::Order.import(order_user, import_params)
+            respond_with(@order, default_template: :show, status: 201)
+          else
+            @order = Spree::Order.create!(user: current_api_user, store: current_store)
+            if @order.contents.update_cart(order_params)
+              respond_with(@order, default_template: :show, status: 201)
+            else
+              invalid_resource!(@order)
+            end
+          end
+        end
+        def empty
+          authorize! :update, @order, order_token
+          @order.empty!
+          render text: nil, status: 204
+        end
+        def index
+          authorize! :index, Order
+          @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@orders)
+        end
+        def show
+          authorize! :show, @order, order_token
+          respond_with(@order)
+        end
+        def update
+          find_order(true)
+          authorize! :update, @order, order_token
+          if @order.contents.update_cart(order_params)
+            user_id = params[:order][:user_id]
+            if current_api_user.has_spree_role?('admin') && user_id
+              @order.associate_user!(Spree.user_class.find(user_id))
+            end
+            respond_with(@order, default_template: :show)
+          else
+            invalid_resource!(@order)
+          end
+        end
+        def current
+          @order = find_current_order
+          if @order
+            respond_with(@order, default_template: :show, locals: { root_object: @order })
+          else
+            head :no_content
+          end
+        end
+        def mine
+          if current_api_user.persisted?
+            @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          else
+            render "spree/api/errors/unauthorized", status: :unauthorized
+          end
+        end
+        def apply_coupon_code
+          find_order
+          authorize! :update, @order, order_token
+          @order.coupon_code = params[:coupon_code]
+          @handler = PromotionHandler::Coupon.new(@order).apply
+          status = @handler.successful? ? 200 : 422
+          render "spree/api/v1/promotions/handler", status: status
+        end
+        private
+          def order_params
+            if params[:order]
+              normalize_params
+              params.require(:order).permit(permitted_order_attributes)
+            else
+              {}
+            end
+          end
+          def normalize_params
+            params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
+            params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
+            params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
+            params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address]
+            params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address]
+          end
+          def find_order(lock = false)
+            @order = Spree::Order.lock(lock).friendly.find(params[:id])
+          end
+          def find_current_order
+            current_api_user ? current_api_user.orders.incomplete.order(:created_at).last : nil
+          end
+          def order_id
+            super || params[:id]
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/payments_controller.rb ADDED Viewed

@@ -0,0 +1,83 @@
+module Spree
+  module Api
+    module V1
+      class PaymentsController < Spree::Api::BaseController
+        before_action :find_order
+        before_action :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void]
+        def index
+          @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@payments)
+        end
+        def new
+          @payment_methods = Spree::PaymentMethod.available
+          respond_with(@payment_methods)
+        end
+        def create
+          @order.validate_payments_attributes([payment_params])
+          @payment = @order.payments.build(payment_params)
+          if @payment.save
+            respond_with(@payment, status: 201, default_template: :show)
+          else
+            invalid_resource!(@payment)
+          end
+        end
+        def update
+          authorize! params[:action], @payment
+          if !@payment.editable?
+            render 'update_forbidden', status: 403
+          elsif @payment.update_attributes(payment_params)
+            respond_with(@payment, default_template: :show)
+          else
+            invalid_resource!(@payment)
+          end
+        end
+        def show
+          respond_with(@payment)
+        end
+        def authorize
+          perform_payment_action(:authorize)
+        end
+        def capture
+          perform_payment_action(:capture)
+        end
+        def purchase
+          perform_payment_action(:purchase)
+        end
+        def void
+          perform_payment_action(:void_transaction)
+        end
+        private
+          def find_order
+            @order = Spree::Order.friendly.find(order_id)
+            authorize! :read, @order, order_token
+          end
+          def find_payment
+            @payment = @order.payments.friendly.find(params[:id])
+          end
+          def perform_payment_action(action, *args)
+            authorize! action, Payment
+            @payment.send("#{action}!", *args)
+            respond_with(@payment, default_template: :show)
+          end
+          def payment_params
+            params.require(:payment).permit(permitted_payment_attributes)
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/product_properties_controller.rb ADDED Viewed

@@ -0,0 +1,70 @@
+module Spree
+  module Api
+    module V1
+      class ProductPropertiesController < Spree::Api::BaseController
+        before_action :find_product
+        before_action :product_property, only: [:show, :update, :destroy]
+        def index
+          @product_properties = @product.product_properties.accessible_by(current_ability, :read).
+                                ransack(params[:q]).result.
+                                page(params[:page]).per(params[:per_page])
+          respond_with(@product_properties)
+        end
+        def show
+          respond_with(@product_property)
+        end
+        def new
+        end
+        def create
+          authorize! :create, ProductProperty
+          @product_property = @product.product_properties.new(product_property_params)
+          if @product_property.save
+            respond_with(@product_property, status: 201, default_template: :show)
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+        def update
+          authorize! :update, @product_property
+          if @product_property.update_attributes(product_property_params)
+            respond_with(@product_property, status: 200, default_template: :show)
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+        def destroy
+          authorize! :destroy, @product_property
+          @product_property.destroy
+          respond_with(@product_property, status: 204)
+        end
+        private
+        def find_product
+          @product = super(params[:product_id])
+          authorize! :read, @product
+        end
+        def product_property
+          if @product
+            @product_property ||= @product.product_properties.find_by(id: params[:id])
+            @product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first
+            fail ActiveRecord::RecordNotFound unless @product_property
+            authorize! :read, @product_property
+          end
+        end
+        def product_property_params
+          params.require(:product_property).permit(permitted_product_properties_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/products_controller.rb ADDED Viewed

@@ -0,0 +1,126 @@
+module Spree
+  module Api
+    module V1
+      class ProductsController < Spree::Api::BaseController
+        def index
+          if params[:ids]
+            @products = product_scope.where(id: params[:ids].split(",").flatten)
+          else
+            @products = product_scope.ransack(params[:q]).result
+          end
+          @products = @products.distinct.page(params[:page]).per(params[:per_page])
+          expires_in 15.minutes, :public => true
+          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
+          respond_with(@products)
+        end
+        def show
+          @product = find_product(params[:id])
+          expires_in 15.minutes, :public => true
+          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
+          headers['Surrogate-Key'] = "product_id=1"
+          respond_with(@product)
+        end
+        # Takes besides the products attributes either an array of variants or
+        # an array of option types.
+        #
+        # By submitting an array of variants the option types will be created
+        # using the *name* key in options hash. e.g
+        #
+        #   product: {
+        #     ...
+        #     variants: {
+        #       price: 19.99,
+        #       sku: "hey_you",
+        #       options: [
+        #         { name: "size", value: "small" },
+        #         { name: "color", value: "black" }
+        #       ]
+        #     }
+        #   }
+        #
+        # Or just pass in the option types hash:
+        #
+        #   product: {
+        #     ...
+        #     option_types: ['size', 'color']
+        #   }
+        #
+        # By passing the shipping category name you can fetch or create that
+        # shipping category on the fly. e.g.
+        #
+        #   product: {
+        #     ...
+        #     shipping_category: "Free Shipping Items"
+        #   }
+        #
+        def create
+          authorize! :create, Product
+          params[:product][:available_on] ||= Time.current
+          set_up_shipping_category
+          options = { variants_attrs: variants_params, options_attrs: option_types_params }
+          @product = Core::Importer::Product.new(nil, product_params, options).create
+          if @product.persisted?
+            respond_with(@product, :status => 201, :default_template => :show)
+          else
+            invalid_resource!(@product)
+          end
+        end
+        def update
+          @product = find_product(params[:id])
+          authorize! :update, @product
+          options = { variants_attrs: variants_params, options_attrs: option_types_params }
+          @product = Core::Importer::Product.new(@product, product_params, options).update
+          if @product.errors.empty?
+            respond_with(@product.reload, :status => 200, :default_template => :show)
+          else
+            invalid_resource!(@product)
+          end
+        end
+        def destroy
+          @product = find_product(params[:id])
+          authorize! :destroy, @product
+          @product.destroy
+          respond_with(@product, :status => 204)
+        end
+        private
+          def product_params
+            params.require(:product).permit(permitted_product_attributes)
+          end
+          def variants_params
+            variants_key = if params[:product].has_key? :variants
+              :variants
+            else
+              :variants_attributes
+            end
+            params.require(:product).permit(
+              variants_key => [permitted_variant_attributes, :id],
+            ).delete(variants_key) || []
+          end
+          def option_types_params
+            params[:product].fetch(:option_types, [])
+          end
+          def set_up_shipping_category
+            if shipping_category = params[:product].delete(:shipping_category)
+              id = ShippingCategory.find_or_create_by(name: shipping_category).id
+              params[:product][:shipping_category_id] = id
+            end
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/promotions_controller.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Spree
+  module Api
+    module V1
+      class PromotionsController < Spree::Api::BaseController
+        before_action :requires_admin
+        before_action :load_promotion
+        def show
+          if @promotion
+            respond_with(@promotion, default_template: :show)
+          else
+            raise ActiveRecord::RecordNotFound
+          end
+        end
+        private
+          def requires_admin
+            return if @current_user_roles.include?("admin")
+            unauthorized and return
+          end
+          def load_promotion
+            @promotion = Spree::Promotion.find_by_id(params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/properties_controller.rb ADDED Viewed

@@ -0,0 +1,72 @@
+module Spree
+  module Api
+    module V1
+      class PropertiesController < Spree::Api::BaseController
+        before_action :find_property, only: [:show, :update, :destroy]
+        def index
+          @properties = Spree::Property.accessible_by(current_ability, :read)
+          if params[:ids]
+            @properties = @properties.where(id: params[:ids].split(",").flatten)
+          else
+            @properties = @properties.ransack(params[:q]).result
+          end
+          @properties = @properties.page(params[:page]).per(params[:per_page])
+          respond_with(@properties)
+        end
+        def show
+          respond_with(@property)
+        end
+        def new
+        end
+        def create
+          authorize! :create, Property
+          @property = Spree::Property.new(property_params)
+          if @property.save
+            respond_with(@property, status: 201, default_template: :show)
+          else
+            invalid_resource!(@property)
+          end
+        end
+        def update
+          if @property
+            authorize! :update, @property
+            @property.update_attributes(property_params)
+            respond_with(@property, status: 200, default_template: :show)
+          else
+            invalid_resource!(@property)
+          end
+        end
+        def destroy
+          if @property
+            authorize! :destroy, @property
+            @property.destroy
+            respond_with(@property, status: 204)
+          else
+            invalid_resource!(@property)
+          end
+        end
+        private
+          def find_property
+            @property = Spree::Property.accessible_by(current_ability, :read).find(params[:id])
+          rescue ActiveRecord::RecordNotFound
+            @property = Spree::Property.accessible_by(current_ability, :read).find_by!(name: params[:id])
+          end
+          def property_params
+            params.require(:property).permit(permitted_property_attributes)
+          end
+      end
+    end
+  end
+end