solidus_api 1.0.0.pre

data/app/controllers/spree/api/properties_controller.rb

@@ -0,0 +1,71 @@
+module Spree
+  module Api
+    class PropertiesController < Spree::Api::BaseController
+
+      before_action :find_property, only: [:show, :update, :destroy]
+
+      def index
+        @properties = Spree::Property.accessible_by(current_ability, :read)
+
+        if params[:ids]
+          ids = params[:ids].split(",").flatten
+          @properties = @properties.where(:id => ids)
+        else
+          @properties = @properties.ransack(params[:q]).result
+        end
+
+        @properties = @properties.page(params[:page]).per(params[:per_page])
+        respond_with(@properties)
+      end
+
+      def show
+        respond_with(@property)
+      end
+
+      def new
+      end
+
+      def create
+        authorize! :create, Property
+        @property = Spree::Property.new(property_params)
+        if @property.save
+          respond_with(@property, status: 201, default_template: :show)
+        else
+          invalid_resource!(@property)
+        end
+      end
+
+      def update
+        if @property
+          authorize! :update, @property
+          @property.update_attributes(property_params)
+          respond_with(@property, status: 200, default_template: :show)
+        else
+          invalid_resource!(@property)
+        end
+      end
+
+      def destroy
+        if @property
+          authorize! :destroy, @property
+          @property.destroy
+          respond_with(@property, status: 204)
+        else
+          invalid_resource!(@property)
+        end
+      end
+
+      private
+
+        def find_property
+          @property = Spree::Property.accessible_by(current_ability, :read).find(params[:id])
+        rescue ActiveRecord::RecordNotFound
+          @property = Spree::Property.accessible_by(current_ability, :read).find_by!(name: params[:id])
+        end
+
+        def property_params
+          params.require(:property).permit(permitted_property_attributes)
+        end
+    end
+  end
+end

data/app/controllers/spree/api/return_authorizations_controller.rb

@@ -0,0 +1,71 @@
+module Spree
+  module Api
+    class ReturnAuthorizationsController < Spree::Api::BaseController
+      before_filter :load_order
+      around_filter :lock_order, only: [:create, :update, :destroy, :add, :receive, :cancel]
+
+      def create
+        authorize! :create, ReturnAuthorization
+        @return_authorization = @order.return_authorizations.build(return_authorization_params)
+        if @return_authorization.save
+          respond_with(@return_authorization, status: 201, default_template: :show)
+        else
+          invalid_resource!(@return_authorization)
+        end
+      end
+
+      def destroy
+        @return_authorization = @order.return_authorizations.accessible_by(current_ability, :destroy).find(params[:id])
+        @return_authorization.destroy
+        respond_with(@return_authorization, status: 204)
+      end
+
+      def index
+        authorize! :admin, ReturnAuthorization
+        @return_authorizations = @order.return_authorizations.accessible_by(current_ability, :read).
+                                 ransack(params[:q]).result.
+                                 page(params[:page]).per(params[:per_page])
+        respond_with(@return_authorizations)
+      end
+
+      def new
+        authorize! :admin, ReturnAuthorization
+      end
+
+      def show
+        authorize! :admin, ReturnAuthorization
+        @return_authorization = @order.return_authorizations.accessible_by(current_ability, :read).find(params[:id])
+        respond_with(@return_authorization)
+      end
+
+      def update
+        @return_authorization = @order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
+        if @return_authorization.update_attributes(return_authorization_params)
+          respond_with(@return_authorization, default_template: :show)
+        else
+          invalid_resource!(@return_authorization)
+        end
+      end
+
+      def cancel
+        @return_authorization = @order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
+        if @return_authorization.cancel
+          respond_with @return_authorization, default_template: :show
+        else
+          invalid_resource!(@return_authorization)
+        end
+      end
+
+      private
+
+      def load_order
+        @order ||= Spree::Order.find_by!(number: order_id)
+        authorize! :read, @order
+      end
+
+      def return_authorization_params
+        params.require(:return_authorization).permit(permitted_return_authorization_attributes)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/shipments_controller.rb

@@ -0,0 +1,172 @@
+module Spree
+  module Api
+    class ShipmentsController < Spree::Api::BaseController
+      before_filter :find_order_on_create, only: :create
+      before_filter :find_shipment, only: [:update, :ship, :ready, :add, :remove]
+      before_action :load_transfer_params, only: [:transfer_to_location, :transfer_to_shipment]
+      around_filter :lock_order, except: [:mine]
+      before_filter :update_shipment, only: [:ship, :ready, :add, :remove]
+
+      def mine
+        if current_api_user
+          @shipments = Spree::Shipment
+            .reverse_chronological
+            .joins(:order)
+            .where(spree_orders: {user_id: current_api_user.id})
+            .includes(mine_includes)
+            .ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        else
+          render "spree/api/errors/unauthorized", status: :unauthorized
+        end
+      end
+
+      def create
+        # TODO Can remove conditional here once deprecated #find_order is removed.
+        unless @order.present?
+          @order = Spree::Order.find_by!(number: params[:shipment][:order_id])
+          authorize! :read, @order
+        end
+        authorize! :create, Shipment
+        quantity = params[:quantity].to_i
+        @shipment = @order.shipments.create(stock_location_id: params.fetch(:stock_location_id))
+        @order.contents.add(variant, quantity, {shipment: @shipment})
+
+        @shipment.save!
+
+        respond_with(@shipment.reload, default_template: :show)
+      end
+
+      def update
+        @shipment.update_attributes_and_order(shipment_params)
+
+        respond_with(@shipment.reload, default_template: :show)
+      end
+
+      def ready
+        unless @shipment.ready?
+          if @shipment.can_ready?
+            @shipment.ready!
+          else
+            render 'spree/api/shipments/cannot_ready_shipment', status: 422 and return
+          end
+        end
+        respond_with(@shipment, default_template: :show)
+      end
+
+      def ship
+        authorize! :ship, @shipment
+        unless @shipment.shipped?
+          @shipment.suppress_mailer = (params[:send_mailer] == 'false')
+          @shipment.ship!
+        end
+        respond_with(@shipment, default_template: :show)
+      end
+
+      def add
+        quantity = params[:quantity].to_i
+
+        @shipment.order.contents.add(variant, quantity, {shipment: @shipment})
+
+        respond_with(@shipment, default_template: :show)
+      end
+
+      def remove
+        quantity = params[:quantity].to_i
+
+        @shipment.order.contents.remove(variant, quantity, {shipment: @shipment})
+        @shipment.reload if @shipment.persisted?
+        respond_with(@shipment, default_template: :show)
+      end
+
+      def transfer_to_location
+        @stock_location = Spree::StockLocation.find(params[:stock_location_id])
+        @original_shipment.transfer_to_location(@variant, @quantity, @stock_location)
+        render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
+      end
+
+      def transfer_to_shipment
+        @target_shipment  = Spree::Shipment.find_by!(number: params[:target_shipment_number])
+        @original_shipment.transfer_to_shipment(@variant, @quantity, @target_shipment)
+        render json: {success: true, message: Spree.t(:shipment_transfer_success)}, status: 201
+      end
+
+      private
+
+      def load_transfer_params
+        @original_shipment         = Spree::Shipment.where(number: params[:original_shipment_number]).first
+        @order                     = @original_shipment.order
+        @variant                   = Spree::Variant.find(params[:variant_id])
+        @quantity                  = params[:quantity].to_i
+        authorize! :read, @original_shipment
+        authorize! :create, Shipment
+      end
+
+      def find_order_on_create
+        # TODO Can remove conditional here once deprecated #find_order is removed.
+        unless @order.present?
+          @order = Spree::Order.find_by!(number: params[:shipment][:order_id])
+          authorize! :read, @order
+        end
+      end
+
+      def find_shipment
+        if @order.present?
+          @shipment = @order.shipments.accessible_by(current_ability, :update).find_by!(number: params[:id])
+        else
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
+          @order = @shipment.order
+        end
+      end
+
+      def update_shipment
+        @shipment.update_attributes(shipment_params)
+        @shipment.reload
+      end
+
+      def shipment_params
+        if params[:shipment] && !params[:shipment].empty?
+          params.require(:shipment).permit(permitted_shipment_attributes)
+        else
+          {}
+        end
+      end
+
+      def variant
+        @variant ||= Spree::Variant.unscoped.find(params.fetch(:variant_id))
+      end
+
+      def mine_includes
+        {
+          order: {
+            bill_address: {
+              state: {},
+              country: {},
+            },
+            ship_address: {
+              state: {},
+              country: {},
+            },
+            adjustments: {},
+            payments: {
+              order: {},
+              payment_method: {},
+            },
+          },
+          inventory_units: {
+            line_item: {
+              product: {},
+              variant: {},
+            },
+            variant: {
+              product: {},
+              default_price: {},
+              option_values: {
+                option_type: {},
+              },
+            },
+          },
+        }
+      end
+    end
+  end
+end

data/app/controllers/spree/api/states_controller.rb

@@ -0,0 +1,35 @@
+module Spree
+  module Api
+    class StatesController < Spree::Api::BaseController
+      skip_before_action :set_expiry
+      skip_before_action :check_for_user_or_api_key
+      skip_before_action :authenticate_user
+
+      def index
+        @states = scope.ransack(params[:q]).result.
+                    includes(:country).order('name ASC')
+
+        if params[:page] || params[:per_page]
+          @states = @states.page(params[:page]).per(params[:per_page])
+        end
+
+        respond_with(@states)
+      end
+
+      def show
+        @state = scope.find(params[:id])
+        respond_with(@state)
+      end
+
+      private
+        def scope
+          if params[:country_id]
+            @country = Country.accessible_by(current_ability, :read).find(params[:country_id])
+            return @country.states.accessible_by(current_ability, :read)
+          else
+            return State.accessible_by(current_ability, :read)
+          end
+        end
+    end
+  end
+end

data/app/controllers/spree/api/stock_items_controller.rb

@@ -0,0 +1,84 @@
+module Spree
+  module Api
+    class StockItemsController < Spree::Api::BaseController
+      before_filter :load_stock_location, only: [:index, :show, :create]
+
+      def index
+        @stock_items = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@stock_items)
+      end
+
+      def show
+        @stock_item = scope.find(params[:id])
+        respond_with(@stock_item)
+      end
+
+      def create
+        authorize! :create, StockItem
+
+        @stock_item = scope.new(stock_item_params)
+
+        Spree::StockItem.transaction do
+          if @stock_item.save
+            adjust_stock_item_count_on_hand(count_on_hand_adjustment)
+            respond_with(@stock_item, status: 201, default_template: :show)
+          else
+            invalid_resource!(@stock_item)
+          end
+        end
+      end
+
+      def update
+        @stock_item = StockItem.accessible_by(current_ability, :update).find(params[:id])
+        @stock_location = @stock_item.stock_location
+
+        adjustment = count_on_hand_adjustment
+        params[:stock_item].delete(:count_on_hand)
+        adjustment -= @stock_item.count_on_hand if params[:stock_item][:force]
+
+        Spree::StockItem.transaction do
+          if @stock_item.update_attributes(stock_item_params)
+            adjust_stock_item_count_on_hand(adjustment)
+            respond_with(@stock_item, status: 200, default_template: :show)
+          else
+            invalid_resource!(@stock_item)
+          end
+        end
+      end
+
+      def destroy
+        @stock_item = StockItem.accessible_by(current_ability, :destroy).find(params[:id])
+        @stock_item.destroy
+        respond_with(@stock_item, status: 204)
+      end
+
+      private
+
+      def load_stock_location
+        render 'spree/api/shared/stock_location_required', status: 422 and return unless params[:stock_location_id]
+        @stock_location ||= StockLocation.accessible_by(current_ability, action_name.to_sym).find(params[:stock_location_id])
+      end
+
+      def scope
+        includes = {:variant => [{ :option_values => :option_type }, :product] }
+        @stock_location.stock_items.accessible_by(current_ability, :read).includes(includes)
+      end
+
+      def stock_item_params
+        params.require(:stock_item).permit(permitted_stock_item_attributes)
+      end
+
+      def count_on_hand_adjustment
+        params[:stock_item][:count_on_hand].to_i
+      end
+
+      def adjust_stock_item_count_on_hand(count_on_hand_adjustment)
+        if @stock_item.count_on_hand + count_on_hand_adjustment < 0
+          raise StockLocation::InvalidMovementError.new(Spree.t(:stock_not_below_zero))
+        end
+        @stock_movement = @stock_location.move(@stock_item.variant, count_on_hand_adjustment, current_api_user)
+        @stock_item = @stock_movement.stock_item
+      end
+    end
+  end
+end

data/app/controllers/spree/api/stock_locations_controller.rb

@@ -0,0 +1,50 @@
+module Spree
+  module Api
+    class StockLocationsController < Spree::Api::BaseController
+      def index
+        authorize! :read, StockLocation
+        @stock_locations = StockLocation.accessible_by(current_ability, :read).order('name ASC').ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@stock_locations)
+      end
+
+      def show
+        respond_with(stock_location)
+      end
+
+      def create
+        authorize! :create, StockLocation
+        @stock_location = StockLocation.new(stock_location_params)
+        if @stock_location.save
+          respond_with(@stock_location, status: 201, default_template: :show)
+        else
+          invalid_resource!(@stock_location)
+        end
+      end
+
+      def update
+        authorize! :update, stock_location
+        if stock_location.update_attributes(stock_location_params)
+          respond_with(stock_location, status: 200, default_template: :show)
+        else
+          invalid_resource!(stock_location)
+        end
+      end
+
+      def destroy
+        authorize! :destroy, stock_location
+        stock_location.destroy
+        respond_with(stock_location, :status => 204)
+      end
+
+      private
+
+      def stock_location
+        @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:id])
+      end
+
+      def stock_location_params
+        params.require(:stock_location).permit(permitted_stock_location_attributes)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/stock_movements_controller.rb

@@ -0,0 +1,42 @@
+module Spree
+  module Api
+    class StockMovementsController < Spree::Api::BaseController
+      before_action :stock_location, except: [:update, :destroy]
+
+      def index
+        authorize! :read, StockMovement
+        @stock_movements = scope.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+        respond_with(@stock_movements)
+      end
+
+      def show
+        @stock_movement = scope.find(params[:id])
+        respond_with(@stock_movement)
+      end
+
+      def create
+        authorize! :create, StockMovement
+        @stock_movement = scope.new(stock_movement_params)
+        if @stock_movement.save
+          respond_with(@stock_movement, status: 201, default_template: :show)
+        else
+          invalid_resource!(@stock_movement)
+        end
+      end
+
+      private
+
+      def stock_location
+        @stock_location ||= StockLocation.accessible_by(current_ability, :read).find(params[:stock_location_id])
+      end
+
+      def scope
+        @stock_location.stock_movements.accessible_by(current_ability, :read)
+      end
+
+      def stock_movement_params
+        params.require(:stock_movement).permit(permitted_stock_movement_attributes)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/stock_transfers_controller.rb

@@ -0,0 +1,19 @@
+module Spree
+  module Api
+    class StockTransfersController < Spree::Api::BaseController
+      def receive
+        authorize! :update, TransferItem
+        @stock_transfer = Spree::StockTransfer.accessible_by(current_ability, :update).find_by!(number: params[:id])
+        variant = Spree::Variant.accessible_by(current_ability, :show).find(params[:variant_id])
+        @transfer_item = @stock_transfer.transfer_items.find_by(variant: variant)
+        if @transfer_item.nil?
+          render "spree/api/errors/variant_not_in_stock_transfer", status: 422
+        elsif @transfer_item.update_attributes(received_quantity: @transfer_item.received_quantity + 1)
+          render 'spree/api/stock_transfers/receive', status: 200
+        else
+          invalid_resource!(@transfer_item)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/store_credit_events_controller.rb

@@ -0,0 +1,9 @@
+class Spree::Api::StoreCreditEventsController < Spree::Api::BaseController
+  def mine
+    if current_api_user
+      @store_credit_events = current_api_user.store_credit_events.exposed_events.page(params[:page]).per(params[:per_page]).reverse_chronological
+    else
+      render "spree/api/errors/unauthorized", status: :unauthorized
+    end
+  end
+end

data/app/controllers/spree/api/stores_controller.rb

@@ -0,0 +1,55 @@
+module Spree
+  module Api
+    class StoresController < Spree::Api::BaseController
+
+      before_filter :get_store, except: [:index, :create]
+
+      def index
+        authorize! :read, Store
+        @stores = Store.accessible_by(current_ability, :read).all
+        respond_with(@stores)
+      end
+
+      def create
+        authorize! :create, Store
+        @store = Store.new(store_params)
+        @store.code = params[:store][:code]
+        if @store.save
+          respond_with(@store, status: 201, default_template: :show)
+        else
+          invalid_resource!(@store)
+        end
+      end
+
+      def update
+        authorize! :update, @store
+        if @store.update_attributes(store_params)
+          respond_with(@store, status: 200, default_template: :show)
+        else
+          invalid_resource!(@store)
+        end
+      end
+
+      def show
+        authorize! :read, @store
+        respond_with(@store)
+      end
+
+      def destroy
+        authorize! :destroy, @store
+        @store.destroy
+        respond_with(@store, status: 204)
+      end
+
+      private
+
+      def get_store
+        @store = Store.find(params[:id])
+      end
+
+      def store_params
+        params.require(:store).permit(permitted_store_attributes)
+      end
+    end
+  end
+end

data/app/controllers/spree/api/taxonomies_controller.rb

@@ -0,0 +1,64 @@
+module Spree
+  module Api
+    class TaxonomiesController < Spree::Api::BaseController
+
+      def index
+        respond_with(taxonomies)
+      end
+
+      def show
+        respond_with(taxonomy)
+      end
+
+      # Because JSTree wants parameters in a *slightly* different format
+      def jstree
+        show
+      end
+
+      def create
+        authorize! :create, Taxonomy
+        @taxonomy = Taxonomy.new(taxonomy_params)
+        if @taxonomy.save
+          respond_with(@taxonomy, :status => 201, :default_template => :show)
+        else
+          invalid_resource!(@taxonomy)
+        end
+      end
+
+      def update
+        authorize! :update, taxonomy
+        if taxonomy.update_attributes(taxonomy_params)
+          respond_with(taxonomy, :status => 200, :default_template => :show)
+        else
+          invalid_resource!(taxonomy)
+        end
+      end
+
+      def destroy
+        authorize! :destroy, taxonomy
+        taxonomy.destroy
+        respond_with(taxonomy, :status => 204)
+      end
+
+      private
+
+      def taxonomies
+        @taxonomies = Taxonomy.accessible_by(current_ability, :read).order('name').includes(:root => :children).
+                      ransack(params[:q]).result.
+                      page(params[:page]).per(params[:per_page])
+      end
+
+      def taxonomy
+        @taxonomy ||= Taxonomy.accessible_by(current_ability, :read).find(params[:id])
+      end
+
+      def taxonomy_params
+        if params[:taxonomy] && !params[:taxonomy].empty?
+          params.require(:taxonomy).permit(permitted_taxonomy_attributes)
+        else
+          {}
+        end
+      end
+    end
+  end
+end