goca-spree-api 3.1.14.rails.5.0

data/app/controllers/spree/api/v1/return_authorizations_controller.rb

@@ -0,0 +1,71 @@
+module Spree
+  module Api
+    module V1
+      class ReturnAuthorizationsController < Spree::Api::BaseController
+
+        def create
+          authorize! :create, ReturnAuthorization
+          @return_authorization = order.return_authorizations.build(return_authorization_params)
+          if @return_authorization.save
+            respond_with(@return_authorization, status: 201, default_template: :show)
+          else
+            invalid_resource!(@return_authorization)
+          end
+        end
+
+        def destroy
+          @return_authorization = order.return_authorizations.accessible_by(current_ability, :destroy).find(params[:id])
+          @return_authorization.destroy
+          respond_with(@return_authorization, status: 204)
+        end
+
+        def index
+          authorize! :admin, ReturnAuthorization
+          @return_authorizations = order.return_authorizations.accessible_by(current_ability, :read).
+                                   ransack(params[:q]).result.
+                                   page(params[:page]).per(params[:per_page])
+          respond_with(@return_authorizations)
+        end
+
+        def new
+          authorize! :admin, ReturnAuthorization
+        end
+
+        def show
+          authorize! :admin, ReturnAuthorization
+          @return_authorization = order.return_authorizations.accessible_by(current_ability, :read).find(params[:id])
+          respond_with(@return_authorization)
+        end
+
+        def update
+          @return_authorization = order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
+          if @return_authorization.update_attributes(return_authorization_params)
+            respond_with(@return_authorization, default_template: :show)
+          else
+            invalid_resource!(@return_authorization)
+          end
+        end
+
+        def cancel
+          @return_authorization = order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
+          if @return_authorization.cancel
+            respond_with @return_authorization, default_template: :show
+          else
+            invalid_resource!(@return_authorization)
+          end
+        end
+
+        private
+
+        def order
+          @order ||= Spree::Order.find_by!(number: order_id)
+          authorize! :read, @order
+        end
+
+        def return_authorization_params
+          params.require(:return_authorization).permit(permitted_return_authorization_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/shipments_controller.rb

@@ -0,0 +1,163 @@
+module Spree
+  module Api
+    module V1
+      class ShipmentsController < Spree::Api::BaseController
+
+        before_action :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
+        before_action :load_transfer_params, only: [:transfer_to_location, :transfer_to_shipment]
+
+        def mine
+          if current_api_user.persisted?
+            @shipments = Spree::Shipment
+              .reverse_chronological
+              .joins(:order)
+              .where(spree_orders: {user_id: current_api_user.id})
+              .includes(mine_includes)
+              .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          else
+            render "spree/api/errors/unauthorized", status: :unauthorized
+          end
+        end
+
+        def create
+          @order = Spree::Order.find_by!(number: params.fetch(:shipment).fetch(:order_id))
+          authorize! :read, @order
+          authorize! :create, Shipment
+          quantity = params[:quantity].to_i
+          @shipment = @order.shipments.create(stock_location_id: params.fetch(:stock_location_id))
+          @order.contents.add(variant, quantity, {shipment: @shipment})
+
+          @shipment.save!
+
+          respond_with(@shipment.reload, default_template: :show)
+        end
+
+        def update
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).friendly.find(params[:id])
+          @shipment.update_attributes_and_order(shipment_params)
+
+          respond_with(@shipment.reload, default_template: :show)
+        end
+
+        def ready
+          unless @shipment.ready?
+            if @shipment.can_ready?
+              @shipment.ready!
+            else
+              render 'spree/api/v1/shipments/cannot_ready_shipment', status: 422 and return
+            end
+          end
+          respond_with(@shipment, default_template: :show)
+        end
+
+        def ship
+          unless @shipment.shipped?
+            @shipment.ship!
+          end
+          respond_with(@shipment, default_template: :show)
+        end
+
+        def add
+          quantity = params[:quantity].to_i
+
+          @shipment.order.contents.add(variant, quantity, {shipment: @shipment})
+
+          respond_with(@shipment, default_template: :show)
+        end
+
+        def remove
+          quantity = params[:quantity].to_i
+
+          @shipment.order.contents.remove(variant, quantity, {shipment: @shipment})
+          @shipment.reload if @shipment.persisted?
+          respond_with(@shipment, default_template: :show)
+        end
+
+        def transfer_to_location
+          @stock_location = Spree::StockLocation.find(params[:stock_location_id])
+
+          unless @quantity > 0
+            unprocessable_entity('ArgumentError')
+            return
+          end
+
+          @original_shipment.transfer_to_location(@variant, @quantity, @stock_location)
+          render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
+        end
+
+        def transfer_to_shipment
+          @target_shipment  = Spree::Shipment.friendly.find(params[:target_shipment_number])
+
+          if @quantity < 0 || @target_shipment == @original_shipment
+            unprocessable_entity('ArgumentError')
+            return
+          end
+
+          @original_shipment.transfer_to_shipment(@variant, @quantity, @target_shipment)
+          render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
+        end
+
+        private
+
+        def load_transfer_params
+          @original_shipment         = Spree::Shipment.friendly.find(params[:original_shipment_number])
+          @variant                   = Spree::Variant.find(params[:variant_id])
+          @quantity                  = params[:quantity].to_i
+          authorize! :read, @original_shipment
+          authorize! :create, Shipment
+        end
+
+        def find_and_update_shipment
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).friendly.find(params[:id])
+          @shipment.update_attributes(shipment_params)
+          @shipment.reload
+        end
+
+        def shipment_params
+          if params[:shipment] && !params[:shipment].empty?
+            params.require(:shipment).permit(permitted_shipment_attributes)
+          else
+            {}
+          end
+        end
+
+        def variant
+          @variant ||= Spree::Variant.unscoped.find(params.fetch(:variant_id))
+        end
+
+        def mine_includes
+          {
+            order: {
+              bill_address: {
+                state: {},
+                country: {},
+              },
+              ship_address: {
+                state: {},
+                country: {},
+              },
+              adjustments: {},
+              payments: {
+                order: {},
+                payment_method: {},
+              },
+            },
+            inventory_units: {
+              line_item: {
+                product: {},
+                variant: {},
+              },
+              variant: {
+                product: {},
+                default_price: {},
+                option_values: {
+                  option_type: {},
+                },
+              },
+            },
+          }
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/states_controller.rb

@@ -0,0 +1,37 @@
+module Spree
+  module Api
+    module V1
+      class StatesController < Spree::Api::BaseController
+        skip_before_action :authenticate_user
+
+        def index
+          @states = scope.ransack(params[:q]).result.includes(:country)
+
+          if params[:page] || params[:per_page]
+            @states = @states.page(params[:page]).per(params[:per_page])
+          end
+
+          state = @states.last
+          if stale?(state)
+            respond_with(@states)
+          end
+        end
+
+        def show
+          @state = scope.find(params[:id])
+          respond_with(@state)
+        end
+
+        private
+          def scope
+            if params[:country_id]
+              @country = Country.accessible_by(current_ability, :read).find(params[:country_id])
+              return @country.states.accessible_by(current_ability, :read).order('name ASC')
+            else
+              return State.accessible_by(current_ability, :read).order('name ASC')
+            end
+          end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/stock_items_controller.rb

@@ -0,0 +1,77 @@
+module Spree
+  module Api
+    module V1
+      class StockItemsController < Spree::Api::BaseController
+        before_action :stock_location, except: [:update, :destroy]
+
+        def index
+          @stock_items = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@stock_items)
+        end
+
+        def show
+          @stock_item = scope.find(params[:id])
+          respond_with(@stock_item)
+        end
+
+        def create
+          authorize! :create, StockItem
+
+          count_on_hand = 0
+          if params[:stock_item].has_key?(:count_on_hand)
+            count_on_hand = params[:stock_item][:count_on_hand].to_i
+          end
+
+          @stock_item = scope.new(stock_item_params)
+          if @stock_item.save
+            @stock_item.adjust_count_on_hand(count_on_hand)
+            respond_with(@stock_item, status: 201, default_template: :show)
+          else
+            invalid_resource!(@stock_item)
+          end
+        end
+
+        def update
+          @stock_item = StockItem.accessible_by(current_ability, :update).find(params[:id])
+
+          count_on_hand = 0
+          if params[:stock_item].has_key?(:count_on_hand)
+            count_on_hand = params[:stock_item][:count_on_hand].to_i
+            params[:stock_item].delete(:count_on_hand)
+          end
+
+          updated = params[:stock_item][:force] ? @stock_item.set_count_on_hand(count_on_hand)
+                                                : @stock_item.adjust_count_on_hand(count_on_hand)
+
+          if updated
+            respond_with(@stock_item, status: 200, default_template: :show)
+          else
+            invalid_resource!(@stock_item)
+          end
+        end
+
+        def destroy
+          @stock_item = StockItem.accessible_by(current_ability, :destroy).find(params[:id])
+          @stock_item.destroy
+          respond_with(@stock_item, status: 204)
+        end
+
+        private
+
+        def stock_location
+          render 'spree/api/v1/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
+          @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
+        end
+
+        def scope
+          includes = {:variant => [{ :option_values => :option_type }, :product] }
+          @stock_location.stock_items.accessible_by(current_ability, :read).includes(includes)
+        end
+
+        def stock_item_params
+          params.require(:stock_item).permit(permitted_stock_item_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/stock_locations_controller.rb

@@ -0,0 +1,52 @@
+module Spree
+  module Api
+    module V1
+      class StockLocationsController < Spree::Api::BaseController
+        def index
+          authorize! :read, StockLocation
+          @stock_locations = StockLocation.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@stock_locations)
+        end
+
+        def show
+          respond_with(stock_location)
+        end
+
+        def create
+          authorize! :create, StockLocation
+          @stock_location = StockLocation.new(stock_location_params)
+          if @stock_location.save
+            respond_with(@stock_location, status: 201, default_template: :show)
+          else
+            invalid_resource!(@stock_location)
+          end
+        end
+
+        def update
+          authorize! :update, stock_location
+          if stock_location.update_attributes(stock_location_params)
+            respond_with(stock_location, status: 200, default_template: :show)
+          else
+            invalid_resource!(stock_location)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, stock_location
+          stock_location.destroy
+          respond_with(stock_location, :status => 204)
+        end
+
+        private
+
+        def stock_location
+          @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:id])
+        end
+
+        def stock_location_params
+          params.require(:stock_location).permit(permitted_stock_location_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/stock_movements_controller.rb

@@ -0,0 +1,45 @@
+module Spree
+  module Api
+    module V1
+      class StockMovementsController < Spree::Api::BaseController
+        before_action :stock_location, except: [:update, :destroy]
+
+        def index
+          authorize! :read, StockMovement
+          @stock_movements = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@stock_movements)
+        end
+
+        def show
+          @stock_movement = scope.find(params[:id])
+          respond_with(@stock_movement)
+        end
+
+        def create
+          authorize! :create, StockMovement
+          @stock_movement = scope.new(stock_movement_params)
+          if @stock_movement.save
+            respond_with(@stock_movement, status: 201, default_template: :show)
+          else
+            invalid_resource!(@stock_movement)
+          end
+        end
+
+        private
+
+        def stock_location
+          render 'spree/api/v1/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
+          @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
+        end
+
+        def scope
+          @stock_location.stock_movements.accessible_by(current_ability, :read)
+        end
+
+        def stock_movement_params
+          params.require(:stock_movement).permit(permitted_stock_movement_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/stores_controller.rb

@@ -0,0 +1,57 @@
+module Spree
+  module Api
+    module V1
+      class StoresController < Spree::Api::BaseController
+
+        before_action :get_store, except: [:index, :create]
+
+        def index
+          authorize! :read, Store
+          @stores = Store.accessible_by(current_ability, :read).all
+          respond_with(@stores)
+        end
+
+        def create
+          authorize! :create, Store
+          @store = Store.new(store_params)
+          @store.code = params[:store][:code]
+          if @store.save
+            respond_with(@store, status: 201, default_template: :show)
+          else
+            invalid_resource!(@store)
+          end
+        end
+
+        def update
+          authorize! :update, @store
+          if @store.update_attributes(store_params)
+            respond_with(@store, status: 200, default_template: :show)
+          else
+            invalid_resource!(@store)
+          end
+        end
+
+        def show
+          authorize! :read, @store
+          respond_with(@store)
+        end
+
+        def destroy
+          authorize! :destroy, @store
+          @store.destroy
+          respond_with(@store, status: 204)
+        end
+
+        private
+
+        def get_store
+          @store = Store.find(params[:id])
+        end
+
+        def store_params
+          params.require(:store).permit(permitted_store_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/taxonomies_controller.rb

@@ -0,0 +1,66 @@
+module Spree
+  module Api
+    module V1
+      class TaxonomiesController < Spree::Api::BaseController
+
+        def index
+          respond_with(taxonomies)
+        end
+
+        def show
+          respond_with(taxonomy)
+        end
+
+        # Because JSTree wants parameters in a *slightly* different format
+        def jstree
+          show
+        end
+
+        def create
+          authorize! :create, Taxonomy
+          @taxonomy = Taxonomy.new(taxonomy_params)
+          if @taxonomy.save
+            respond_with(@taxonomy, :status => 201, :default_template => :show)
+          else
+            invalid_resource!(@taxonomy)
+          end
+        end
+
+        def update
+          authorize! :update, taxonomy
+          if taxonomy.update_attributes(taxonomy_params)
+            respond_with(taxonomy, :status => 200, :default_template => :show)
+          else
+            invalid_resource!(taxonomy)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, taxonomy
+          taxonomy.destroy
+          respond_with(taxonomy, :status => 204)
+        end
+
+        private
+
+        def taxonomies
+          @taxonomies = Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
+                        ransack(params[:q]).result.
+                        page(params[:page]).per(params[:per_page])
+        end
+
+        def taxonomy
+          @taxonomy ||= Taxonomy.accessible_by(current_ability, :read).find(params[:id])
+        end
+
+        def taxonomy_params
+          if params[:taxonomy] && !params[:taxonomy].empty?
+            params.require(:taxonomy).permit(permitted_taxonomy_attributes)
+          else
+            {}
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/taxons_controller.rb

@@ -0,0 +1,95 @@
+module Spree
+  module Api
+    module V1
+      class TaxonsController < Spree::Api::BaseController
+        def index
+          if taxonomy
+            @taxons = taxonomy.root.children
+          else
+            if params[:ids]
+              @taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).where(id: params[:ids].split(','))
+            else
+              @taxons = Spree::Taxon.includes(:children).accessible_by(current_ability, :read).order(:taxonomy_id, :lft).ransack(params[:q]).result
+            end
+          end
+
+          @taxons = @taxons.page(params[:page]).per(params[:per_page])
+          respond_with(@taxons)
+        end
+
+        def show
+          @taxon = taxon
+          respond_with(@taxon)
+        end
+
+        def jstree
+          show
+        end
+
+        def create
+          authorize! :create, Taxon
+          @taxon = Spree::Taxon.new(taxon_params)
+          @taxon.taxonomy_id = params[:taxonomy_id]
+          taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])
+
+          if taxonomy.nil?
+            @taxon.errors[:taxonomy_id] = I18n.t(:invalid_taxonomy_id, scope: 'spree.api')
+            invalid_resource!(@taxon) and return
+          end
+
+          @taxon.parent_id = taxonomy.root.id unless params[:taxon][:parent_id]
+
+          if @taxon.save
+            respond_with(@taxon, status: 201, default_template: :show)
+          else
+            invalid_resource!(@taxon)
+          end
+        end
+
+        def update
+          authorize! :update, taxon
+          if taxon.update_attributes(taxon_params)
+            respond_with(taxon, status: 200, default_template: :show)
+          else
+            invalid_resource!(taxon)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, taxon
+          taxon.destroy
+          respond_with(taxon, status: 204)
+        end
+
+        def products
+          # Returns the products sorted by their position with the classification
+          # Products#index does not do the sorting.
+          taxon = Spree::Taxon.find(params[:id])
+          @products = taxon.products.ransack(params[:q]).result
+          @products = @products.page(params[:page]).per(params[:per_page] || 500)
+          render "spree/api/v1/products/index"
+        end
+
+        private
+
+          def taxonomy
+            if params[:taxonomy_id].present?
+              @taxonomy ||= Spree::Taxonomy.accessible_by(current_ability, :read).find(params[:taxonomy_id])
+            end
+          end
+
+          def taxon
+            @taxon ||= taxonomy.taxons.accessible_by(current_ability, :read).find(params[:id])
+          end
+
+          def taxon_params
+            if params[:taxon] && !params[:taxon].empty?
+              params.require(:taxon).permit(permitted_taxon_attributes)
+            else
+              {}
+            end
+          end
+      end
+    end
+  end
+end