harpiya_api 4.3.0.alpha

data/app/controllers/harpiya/api/v1/option_values_controller.rb

@@ -0,0 +1,62 @@
+module Harpiya
+  module Api
+    module V1
+      class OptionValuesController < Harpiya::Api::BaseController
+        def index
+          @option_values = if params[:ids]
+                             scope.where(id: params[:ids])
+                           else
+                             scope.ransack(params[:q]).result.distinct
+                           end
+          respond_with(@option_values)
+        end
+
+        def show
+          @option_value = scope.find(params[:id])
+          respond_with(@option_value)
+        end
+
+        def new; end
+
+        def create
+          authorize! :create, Harpiya::OptionValue
+          @option_value = scope.new(option_value_params)
+          if @option_value.save
+            render :show, status: 201
+          else
+            invalid_resource!(@option_value)
+          end
+        end
+
+        def update
+          @option_value = scope.accessible_by(current_ability, :update).find(params[:id])
+          if @option_value.update(option_value_params)
+            render :show
+          else
+            invalid_resource!(@option_value)
+          end
+        end
+
+        def destroy
+          @option_value = scope.accessible_by(current_ability, :destroy).find(params[:id])
+          @option_value.destroy
+          render plain: nil, status: 204
+        end
+
+        private
+
+        def scope
+          @scope ||= if params[:option_type_id]
+                       Harpiya::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability, :show)
+                     else
+                       Harpiya::OptionValue.accessible_by(current_ability, :show).load
+                     end
+        end
+
+        def option_value_params
+          params.require(:option_value).permit(permitted_option_value_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v1/orders_controller.rb

@@ -0,0 +1,156 @@
+module Harpiya
+  module Api
+    module V1
+      class OrdersController < Harpiya::Api::BaseController
+        skip_before_action :authenticate_user, only: :apply_coupon_code
+
+        before_action :find_order, except: [:create, :mine, :current, :index, :update, :remove_coupon_code]
+
+        # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
+        Order.checkout_steps.keys.each do |step|
+          define_method step do
+            find_order
+            authorize! :update, @order, params[:token]
+          end
+        end
+
+        def cancel
+          authorize! :update, @order, params[:token]
+          @order.canceled_by(current_api_user)
+          respond_with(@order, default_template: :show)
+        end
+
+        def approve
+          authorize! :approve, @order, params[:token]
+          @order.approved_by(current_api_user)
+          respond_with(@order, default_template: :show)
+        end
+
+        def create
+          authorize! :create, Harpiya::Order
+          if can?(:admin, Harpiya::Order)
+            order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
+                           Harpiya.user_class.find(order_params[:user_id])
+                         else
+                           current_api_user
+                         end
+
+            import_params = if @current_user_roles.include?('admin')
+                              params[:order].present? ? params[:order].permit! : {}
+                            else
+                              order_params
+                            end
+
+            @order = Harpiya::Core::Importer::Order.import(order_user, import_params)
+
+            respond_with(@order, default_template: :show, status: 201)
+          else
+            @order = Harpiya::Order.create!(user: current_api_user, store: current_store)
+            if Cart::Update.call(order: @order, params: order_params).success?
+              respond_with(@order, default_template: :show, status: 201)
+            else
+              invalid_resource!(@order)
+            end
+          end
+        end
+
+        def empty
+          authorize! :update, @order, order_token
+          @order.empty!
+          render plain: nil, status: 204
+        end
+
+        def index
+          authorize! :index, Order
+          @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@orders)
+        end
+
+        def show
+          authorize! :show, @order, order_token
+          respond_with(@order)
+        end
+
+        def update
+          find_order(true)
+          authorize! :update, @order, order_token
+
+          if Cart::Update.call(order: @order, params: order_params).success?
+            user_id = params[:order][:user_id]
+            if current_api_user.has_harpiya_role?('admin') && user_id
+              @order.associate_user!(Harpiya.user_class.find(user_id))
+            end
+            respond_with(@order, default_template: :show)
+          else
+            invalid_resource!(@order)
+          end
+        end
+
+        def current
+          @order = find_current_order
+          if @order
+            respond_with(@order, default_template: :show, locals: { root_object: @order })
+          else
+            head :no_content
+          end
+        end
+
+        def mine
+          if current_api_user.persisted?
+            @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          else
+            render 'harpiya/api/errors/unauthorized', status: :unauthorized
+          end
+        end
+
+        def apply_coupon_code
+          find_order
+          authorize! :update, @order, order_token
+          @order.coupon_code = params[:coupon_code]
+          @handler = PromotionHandler::Coupon.new(@order).apply
+          status = @handler.successful? ? 200 : 422
+          render 'harpiya/api/v1/promotions/handler', status: status
+        end
+
+        def remove_coupon_code
+          find_order(true)
+          authorize! :update, @order, order_token
+          @handler = Harpiya::PromotionHandler::Coupon.new(@order).remove(params[:coupon_code])
+          status = @handler.successful? ? 200 : 404
+          render 'harpiya/api/v1/promotions/handler', status: status
+        end
+
+        private
+
+        def order_params
+          if params[:order]
+            normalize_params
+            params.require(:order).permit(permitted_order_attributes)
+          else
+            {}
+          end
+        end
+
+        def normalize_params
+          params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
+          params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
+          params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
+          params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address]
+          params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address]
+        end
+
+        def find_order(lock = false)
+          @order = Harpiya::Order.lock(lock).find_by!(number: params[:id])
+        end
+
+        def find_current_order
+          current_api_user ? current_api_user.orders.incomplete.order(:created_at).last : nil
+        end
+
+        def order_id
+          super || params[:id]
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v1/payments_controller.rb

@@ -0,0 +1,82 @@
+module Harpiya
+  module Api
+    module V1
+      class PaymentsController < Harpiya::Api::BaseController
+        before_action :find_order
+        before_action :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void]
+
+        def index
+          @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@payments)
+        end
+
+        def new
+          @payment_methods = Harpiya::PaymentMethod.available
+          respond_with(@payment_methods)
+        end
+
+        def create
+          @order.validate_payments_attributes([payment_params])
+          @payment = @order.payments.build(payment_params)
+          if @payment.save
+            respond_with(@payment, status: 201, default_template: :show)
+          else
+            invalid_resource!(@payment)
+          end
+        end
+
+        def update
+          authorize! params[:action], @payment
+          if !@payment.editable?
+            render 'update_forbidden', status: 403
+          elsif @payment.update(payment_params)
+            respond_with(@payment, default_template: :show)
+          else
+            invalid_resource!(@payment)
+          end
+        end
+
+        def show
+          respond_with(@payment)
+        end
+
+        def authorize
+          perform_payment_action(:authorize)
+        end
+
+        def capture
+          perform_payment_action(:capture)
+        end
+
+        def purchase
+          perform_payment_action(:purchase)
+        end
+
+        def void
+          perform_payment_action(:void_transaction)
+        end
+
+        private
+
+        def find_order
+          @order = Harpiya::Order.find_by!(number: order_id)
+          authorize! :show, @order, order_token
+        end
+
+        def find_payment
+          @payment = @order.payments.find_by!(number: params[:id])
+        end
+
+        def perform_payment_action(action, *args)
+          authorize! action, Payment
+          @payment.send("#{action}!", *args)
+          respond_with(@payment, default_template: :show)
+        end
+
+        def payment_params
+          params.require(:payment).permit(permitted_payment_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v1/product_properties_controller.rb

@@ -0,0 +1,73 @@
+module Harpiya
+  module Api
+    module V1
+      class ProductPropertiesController < Harpiya::Api::BaseController
+        before_action :find_product, :authorize_product!
+        before_action :product_property, only: [:show, :update, :destroy]
+
+        def index
+          @product_properties = @product.product_properties.accessible_by(current_ability).
+                                ransack(params[:q]).result.
+                                page(params[:page]).per(params[:per_page])
+          respond_with(@product_properties)
+        end
+
+        def show
+          respond_with(@product_property)
+        end
+
+        def new; end
+
+        def create
+          authorize! :create, ProductProperty
+          @product_property = @product.product_properties.new(product_property_params)
+          if @product_property.save
+            respond_with(@product_property, status: 201, default_template: :show)
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+
+        def update
+          authorize! :update, @product_property
+
+          if @product_property.update(product_property_params)
+            respond_with(@product_property, status: 200, default_template: :show)
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, @product_property
+          @product_property.destroy
+          respond_with(@product_property, status: 204)
+        end
+
+        private
+
+        def find_product
+          super(params[:product_id])
+        end
+
+        def authorize_product!
+          authorize! :show, @product
+        end
+
+        def product_property
+          if @product
+            @product_property ||= @product.product_properties.find_by(id: params[:id])
+            @product_property ||= @product.product_properties.includes(:property).where(harpiya_properties: { name: params[:id] }).first
+            raise ActiveRecord::RecordNotFound unless @product_property
+
+            authorize! :show, @product_property
+          end
+        end
+
+        def product_property_params
+          params.require(:product_property).permit(permitted_product_properties_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v1/products_controller.rb

@@ -0,0 +1,131 @@
+module Harpiya
+  module Api
+    module V1
+      class ProductsController < Harpiya::Api::BaseController
+        before_action :find_product, only: [:update, :show, :destroy]
+
+        def index
+          @products = if params[:ids]
+                        product_scope.where(id: params[:ids].split(',').flatten)
+                      else
+                        product_scope.ransack(params[:q]).result
+                      end
+
+          @products = @products.distinct.page(params[:page]).per(params[:per_page])
+          expires_in 15.minutes, public: true
+          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
+          respond_with(@products)
+        end
+
+        def show
+          expires_in 15.minutes, public: true
+          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
+          headers['Surrogate-Key'] = 'product_id=1'
+          respond_with(@product)
+        end
+
+        # Takes besides the products attributes either an array of variants or
+        # an array of option types.
+        #
+        # By submitting an array of variants the option types will be created
+        # using the *name* key in options hash. e.g
+        #
+        #   product: {
+        #     ...
+        #     variants: {
+        #       price: 19.99,
+        #       sku: "hey_you",
+        #       options: [
+        #         { name: "size", value: "small" },
+        #         { name: "color", value: "black" }
+        #       ]
+        #     }
+        #   }
+        #
+        # Or just pass in the option types hash:
+        #
+        #   product: {
+        #     ...
+        #     option_types: ['size', 'color']
+        #   }
+        #
+        # By passing the shipping category name you can fetch or create that
+        # shipping category on the fly. e.g.
+        #
+        #   product: {
+        #     ...
+        #     shipping_category: "Free Shipping Items"
+        #   }
+        #
+        def new; end
+
+        def create
+          authorize! :create, Product
+          params[:product][:available_on] ||= Time.current
+          set_up_shipping_category
+
+          options = { variants_attrs: variants_params, options_attrs: option_types_params }
+          @product = Core::Importer::Product.new(nil, product_params, options).create
+
+          if @product.persisted?
+            respond_with(@product, status: 201, default_template: :show)
+          else
+            invalid_resource!(@product)
+          end
+        end
+
+        def update
+          authorize! :update, @product
+
+          options = { variants_attrs: variants_params, options_attrs: option_types_params }
+          @product = Core::Importer::Product.new(@product, product_params, options).update
+
+          if @product.errors.empty?
+            respond_with(@product.reload, status: 200, default_template: :show)
+          else
+            invalid_resource!(@product)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, @product
+          @product.destroy
+          respond_with(@product, status: 204)
+        end
+
+        private
+
+        def product_params
+          params.require(:product).permit(permitted_product_attributes)
+        end
+
+        def variants_params
+          variants_key = if params[:product].key? :variants
+                           :variants
+                         else
+                           :variants_attributes
+                         end
+
+          params.require(:product).permit(
+            variants_key => [permitted_variant_attributes, :id]
+          ).delete(variants_key) || []
+        end
+
+        def option_types_params
+          params[:product].fetch(:option_types, [])
+        end
+
+        def find_product
+          super(params[:id])
+        end
+
+        def set_up_shipping_category
+          if shipping_category = params[:product].delete(:shipping_category)
+            id = ShippingCategory.find_or_create_by(name: shipping_category).id
+            params[:product][:shipping_category_id] = id
+          end
+        end
+      end
+    end
+  end
+end