harpiya_api 4.3.0.alpha

data/app/controllers/harpiya/api/v1/zones_controller.rb

@@ -0,0 +1,55 @@
+module Harpiya
+  module Api
+    module V1
+      class ZonesController < Harpiya::Api::BaseController
+        def create
+          authorize! :create, Zone
+          @zone = Harpiya::Zone.new(zone_params)
+          if @zone.save
+            respond_with(@zone, status: 201, default_template: :show)
+          else
+            invalid_resource!(@zone)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, zone
+          zone.destroy
+          respond_with(zone, status: 204)
+        end
+
+        def index
+          @zones = Zone.accessible_by(current_ability).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@zones)
+        end
+
+        def show
+          respond_with(zone)
+        end
+
+        def update
+          authorize! :update, zone
+          if zone.update(zone_params)
+            respond_with(zone, status: 200, default_template: :show)
+          else
+            invalid_resource!(zone)
+          end
+        end
+
+        private
+
+        def zone_params
+          attrs = params.require(:zone).permit!
+          if attrs[:zone_members]
+            attrs[:zone_members_attributes] = attrs.delete(:zone_members)
+          end
+          attrs
+        end
+
+        def zone
+          @zone ||= Harpiya::Zone.accessible_by(current_ability, :show).find(params[:id])
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/base_controller.rb

@@ -0,0 +1,167 @@
+module Harpiya
+  module Api
+    module V2
+      class BaseController < ActionController::API
+        include CanCan::ControllerAdditions
+        include Harpiya::Core::ControllerHelpers::StrongParameters
+        include Harpiya::Core::ControllerHelpers::Store
+        include Harpiya::Core::ControllerHelpers::Locale
+        include Harpiya::Core::ControllerHelpers::Currency
+
+        rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
+        rescue_from CanCan::AccessDenied, with: :access_denied
+        rescue_from Doorkeeper::Errors::DoorkeeperError, with: :access_denied_401
+        rescue_from Harpiya::Core::GatewayError, with: :gateway_error
+        rescue_from ActionController::ParameterMissing, with: :error_during_processing
+        if defined?(JSONAPI::Serializer::UnsupportedIncludeError)
+          rescue_from JSONAPI::Serializer::UnsupportedIncludeError, with: :error_during_processing
+        end
+        rescue_from ArgumentError, with: :error_during_processing
+
+        def content_type
+          Harpiya::Api::Config[:api_v2_content_type]
+        end
+
+        protected
+
+        def serialize_collection(collection)
+          collection_serializer.new(
+            collection,
+            collection_options(collection).merge(params: serializer_params)
+          ).serializable_hash
+        end
+
+        def serialize_resource(resource)
+          resource_serializer.new(
+            resource,
+            params: serializer_params,
+            include: resource_includes,
+            fields: sparse_fields
+          ).serializable_hash
+        end
+
+        def paginated_collection
+          @paginated_collection ||= collection_paginator.new(sorted_collection, params).call
+        end
+
+        def collection_paginator
+          Harpiya::Api::Dependencies.storefront_collection_paginator.constantize
+        end
+
+        def render_serialized_payload(status = 200)
+          render json: yield, status: status, content_type: content_type
+        end
+
+        def render_error_payload(error, status = 422)
+          json = if error.is_a?(ActiveModel::Errors)
+                   { error: error.full_messages.to_sentence, errors: error.messages }
+                 elsif error.is_a?(Struct)
+                   { error: error.to_s, errors: error.to_h }
+                 else
+                   { error: error }
+                 end
+
+          render json: json, status: status, content_type: content_type
+        end
+
+        def render_result(result)
+          if result.success?
+            render_serialized_payload { serialize_resource(result.value) }
+          else
+            render_error_payload(result.error)
+          end
+        end
+
+        def harpiya_current_user
+          return nil unless doorkeeper_token
+          return @harpiya_current_user if @harpiya_current_user
+
+          doorkeeper_authorize!
+
+          @harpiya_current_user ||= Harpiya.user_class.find_by(id: doorkeeper_token.resource_owner_id)
+        end
+
+        def harpiya_authorize!(action, subject, *args)
+          authorize!(action, subject, *args)
+        end
+
+        def require_harpiya_current_user
+          raise CanCan::AccessDenied if harpiya_current_user.nil?
+        end
+
+        # Needs to be overriden so that we use Harpiya's Ability rather than anyone else's.
+        def current_ability
+          @current_ability ||= Harpiya::Dependencies.ability_class.constantize.new(harpiya_current_user)
+        end
+
+        def request_includes
+          # if API user want's to receive only the bare-minimum
+          # the API will return only the main resource without any included
+          if params[:include]&.blank?
+            []
+          elsif params[:include].present?
+            params[:include].split(',')
+          end
+        end
+
+        def resource_includes
+          (request_includes || default_resource_includes).map(&:intern)
+        end
+
+        # overwrite this method in your controllers to set JSON API default include value
+        # https://jsonapi.org/format/#fetching-includes
+        # eg.:
+        # %w[images variants]
+        # ['variant.images', 'line_items']
+        def default_resource_includes
+          []
+        end
+
+        def sparse_fields
+          return unless params[:fields]&.respond_to?(:each)
+
+          fields = {}
+          params[:fields].
+            select { |_, v| v.is_a?(String) }.
+            each { |type, values| fields[type.intern] = values.split(',').map(&:intern) }
+          fields.presence
+        end
+
+        def serializer_params
+          {
+            currency: current_currency,
+            locale: current_locale,
+            store: current_store,
+            user: harpiya_current_user
+          }
+        end
+
+        def record_not_found
+          render_error_payload(I18n.t(:resource_not_found, scope: 'harpiya.api'), 404)
+        end
+
+        def access_denied(exception)
+          render_error_payload(exception.message, 403)
+        end
+
+        def access_denied_401(exception)
+          render_error_payload(exception.message, 401)
+        end
+
+        def gateway_error(exception)
+          render_error_payload(exception.message)
+        end
+
+        def error_during_processing(exception)
+          result = error_handler.call(exception: exception, opts: { user: harpiya_current_user })
+
+          render_error_payload(result.value[:message], 400)
+        end
+
+        def error_handler
+          Harpiya::Api::Dependencies.error_handler.constantize
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/platform/addresses_controller.rb

@@ -0,0 +1,19 @@
+module Harpiya
+  module Api
+    module V2
+      module Platform
+        class AddressesController < ResourceController
+          private
+
+          def model_class
+            Harpiya::Address
+          end
+
+          def scope_includes
+            [:country, :state, :user]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/platform/countries_controller.rb

@@ -0,0 +1,19 @@
+module Harpiya
+  module Api
+    module V2
+      module Platform
+        class CountriesController < ResourceController
+          private
+
+          def model_class
+            Harpiya::Country
+          end
+
+          def scope_includes
+            [:states, :zones]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/platform/menu_items_controller.rb

@@ -0,0 +1,35 @@
+module Harpiya
+  module Api
+    module V2
+      module Platform
+        class MenuItemsController < ResourceController
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS << :reposition
+
+          def reposition
+            harpiya_authorize! :update, @moved_item if harpiya_current_user.present?
+
+            @moved_item = scope.find(params[:moved_item_id])
+            @new_parent = scope.find(params[:new_parent_id])
+            new_index = params[:new_position_idx].to_i
+
+            if @moved_item && @new_parent && new_index
+              @moved_item.move_to_child_with_index(@new_parent, new_index)
+            else
+              head :bad_request
+            end
+
+            if @moved_item.save
+              head :no_content
+            end
+          end
+
+          private
+
+          def model_class
+            Harpiya::MenuItem
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/platform/menus_controller.rb

@@ -0,0 +1,19 @@
+module Harpiya
+  module Api
+    module V2
+      module Platform
+        class MenusController < ResourceController
+          private
+
+          def model_class
+            Harpiya::Menu
+          end
+
+          def scope_includes
+            [:menu_items]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/platform/option_types_controller.rb

@@ -0,0 +1,15 @@
+module Harpiya
+  module Api
+    module V2
+      module Platform
+        class OptionTypesController < ResourceController
+          private
+
+          def model_class
+            Harpiya::OptionType
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/platform/option_values_controller.rb

@@ -0,0 +1,19 @@
+module Harpiya
+  module Api
+    module V2
+      module Platform
+        class OptionValuesController < ResourceController
+          private
+
+          def model_class
+            Harpiya::OptionValue
+          end
+
+          def scope_includes
+            [:option_type]
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/platform/products_controller.rb

@@ -0,0 +1,27 @@
+module Harpiya
+  module Api
+    module V2
+      module Platform
+        class ProductsController < ResourceController
+          private
+
+          def model_class
+            Harpiya::Product
+          end
+
+          def scope_includes
+            {
+              master: :default_price,
+              variants: [],
+              variant_images: [],
+              taxons: [],
+              product_properties: :property,
+              option_types: :option_values,
+              variants_including_master: %i[default_price option_values]
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v2/platform/resource_controller.rb

@@ -0,0 +1,102 @@
+module Harpiya
+  module Api
+    module V2
+      module Platform
+        class ResourceController < ::Harpiya::Api::V2::ResourceController
+          READ_ACTIONS = %i[show index]
+          WRITE_ACTIONS = %i[create update destroy]
+
+          # doorkeeper scopes usage: https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+          before_action -> { doorkeeper_authorize! :read, :admin }, only: READ_ACTIONS
+          before_action -> { doorkeeper_authorize! :write, :admin }, only: WRITE_ACTIONS
+
+          # optional authorization if using a user token instead of app token
+          before_action :authorize_harpiya_user, only: WRITE_ACTIONS
+
+          # index and show acrtions are defined in Harpiya::Api::V2::ResourceController
+
+          def create
+            resource = model_class.new(permitted_resource_params)
+
+            if resource.save
+              render_serialized_payload(201) { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+
+          def update
+            if resource.update(permitted_resource_params)
+              render_serialized_payload { serialize_resource(resource) }
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+
+          def destroy
+            if resource.destroy
+              head 204
+            else
+              render_error_payload(resource.errors)
+            end
+          end
+
+          protected
+
+          def resource_serializer
+            "Harpiya::Api::V2::Platform::#{model_class.to_s.demodulize}Serializer".constantize
+          end
+
+          def collection_serializer
+            resource_serializer
+          end
+
+          # overwiting to utilize ransack gem for filtering
+          # https://github.com/activerecord-hackery/ransack#search-matchers
+          def collection
+            @collection ||= scope.ransack(params[:filter]).result
+          end
+
+          # overwriting to skip cancancan check if API is consumed by an application
+          def scope
+            return super if harpiya_current_user.present?
+
+            model_class.includes(scope_includes)
+          end
+
+          # We're overwriting this method because the original one calls `dookreeper_authorize`
+          # which breaks our application authorizations defined on top of this controller
+          def harpiya_current_user
+            return nil unless doorkeeper_token
+            return nil if doorkeeper_token.resource_owner_id.nil?
+            return @harpiya_current_user if @harpiya_current_user
+
+            @harpiya_current_user ||= Harpiya.user_class.find_by(id: doorkeeper_token.resource_owner_id)
+          end
+
+          def access_denied(exception)
+            access_denied_401(exception)
+          end
+
+          # if using a user oAuth token we need to check CanCanCan abilities
+          # defined in https://github.com/harpiya/harpiya/blob/master/core/app/models/harpiya/ability.rb
+          def authorize_harpiya_user
+            return if harpiya_current_user.nil?
+
+            if action_name == 'create'
+              harpiya_authorize! :create, model_class
+            else
+              harpiya_authorize! action_name, resource
+            end
+          end
+
+          def permitted_resource_params
+            model_param_name = model_class.to_s.demodulize.underscore
+
+            params.require(model_param_name).permit(Harpiya::PermittedAttributes.send("#{model_param_name}_attributes"))
+          end
+        end
+      end
+    end
+  end
+end