solidus_api 2.10.1 → 2.11.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/app/controllers/spree/api/addresses_controller.rb +1 -1
- data/app/controllers/spree/api/base_controller.rb +11 -3
- data/app/controllers/spree/api/checkouts_controller.rb +18 -15
- data/app/controllers/spree/api/countries_controller.rb +2 -2
- data/app/controllers/spree/api/credit_cards_controller.rb +2 -2
- data/app/controllers/spree/api/customer_returns_controller.rb +67 -0
- data/app/controllers/spree/api/images_controller.rb +4 -4
- data/app/controllers/spree/api/inventory_units_controller.rb +1 -1
- data/app/controllers/spree/api/option_types_controller.rb +3 -3
- data/app/controllers/spree/api/option_values_controller.rb +2 -2
- data/app/controllers/spree/api/orders_controller.rb +8 -2
- data/app/controllers/spree/api/payments_controller.rb +1 -1
- data/app/controllers/spree/api/product_properties_controller.rb +9 -14
- data/app/controllers/spree/api/promotions_controller.rb +3 -12
- data/app/controllers/spree/api/properties_controller.rb +3 -3
- data/app/controllers/spree/api/resource_controller.rb +2 -2
- data/app/controllers/spree/api/return_authorizations_controller.rb +3 -3
- data/app/controllers/spree/api/shipments_controller.rb +1 -1
- data/app/controllers/spree/api/states_controller.rb +3 -3
- data/app/controllers/spree/api/stock_items_controller.rb +2 -2
- data/app/controllers/spree/api/stock_locations_controller.rb +3 -3
- data/app/controllers/spree/api/stock_movements_controller.rb +3 -3
- data/app/controllers/spree/api/stores_controller.rb +3 -3
- data/app/controllers/spree/api/taxonomies_controller.rb +2 -2
- data/app/controllers/spree/api/taxons_controller.rb +4 -4
- data/app/controllers/spree/api/users_controller.rb +13 -0
- data/app/controllers/spree/api/variants_controller.rb +3 -3
- data/app/controllers/spree/api/zones_controller.rb +2 -2
- data/app/helpers/spree/api/api_helpers.rb +18 -5
- data/app/views/spree/api/customer_returns/index.json.jbuilder +6 -0
- data/app/views/spree/api/customer_returns/new.json.jbuilder +4 -0
- data/app/views/spree/api/customer_returns/show.json.jbuilder +3 -0
- data/app/views/spree/api/errors/could_not_transition.json.jbuilder +4 -0
- data/app/views/spree/api/orders/could_not_transition.json.jbuilder +5 -0
- data/config/locales/en.yml +2 -0
- data/config/routes.rb +6 -3
- data/lib/spree/api/testing_support/helpers.rb +11 -2
- data/openapi/authentication.md +9 -1
- data/openapi/checkout-flow.md +17 -4
- data/openapi/main.hub.yml +1 -1
- data/openapi/solidus-api.oas.yml +6753 -0
- data/solidus_api.gemspec +19 -19
- metadata +17 -117
- data/openapi/api.oas2.yml +0 -6105
- data/script/rails +0 -10
- data/spec/controllers/spree/api/base_controller_spec.rb +0 -118
- data/spec/controllers/spree/api/resource_controller_spec.rb +0 -190
- data/spec/features/checkout_spec.rb +0 -192
- data/spec/fixtures/thinking-cat.jpg +0 -0
- data/spec/lib/spree_api_responders_spec.rb +0 -10
- data/spec/models/spree/legacy_user_spec.rb +0 -103
- data/spec/requests/api/address_books_spec.rb +0 -240
- data/spec/requests/jbuilder_cache_spec.rb +0 -34
- data/spec/requests/ransackable_attributes_spec.rb +0 -79
- data/spec/requests/spree/api/addresses_controller_spec.rb +0 -57
- data/spec/requests/spree/api/checkouts_controller_spec.rb +0 -456
- data/spec/requests/spree/api/classifications_controller_spec.rb +0 -50
- data/spec/requests/spree/api/config_controller_spec.rb +0 -26
- data/spec/requests/spree/api/countries_controller_spec.rb +0 -48
- data/spec/requests/spree/api/coupon_codes_controller_spec.rb +0 -105
- data/spec/requests/spree/api/credit_cards_controller_spec.rb +0 -105
- data/spec/requests/spree/api/images_controller_spec.rb +0 -99
- data/spec/requests/spree/api/inventory_units_controller_spec.rb +0 -55
- data/spec/requests/spree/api/line_items_controller_spec.rb +0 -213
- data/spec/requests/spree/api/option_types_controller_spec.rb +0 -116
- data/spec/requests/spree/api/option_values_controller_spec.rb +0 -138
- data/spec/requests/spree/api/orders_controller_spec.rb +0 -931
- data/spec/requests/spree/api/payments_controller_spec.rb +0 -259
- data/spec/requests/spree/api/product_properties_controller_spec.rb +0 -114
- data/spec/requests/spree/api/products_controller_spec.rb +0 -422
- data/spec/requests/spree/api/promotion_application_spec.rb +0 -50
- data/spec/requests/spree/api/promotions_controller_spec.rb +0 -67
- data/spec/requests/spree/api/properties_controller_spec.rb +0 -102
- data/spec/requests/spree/api/return_authorizations_controller_spec.rb +0 -180
- data/spec/requests/spree/api/shipments_controller_spec.rb +0 -532
- data/spec/requests/spree/api/states_controller_spec.rb +0 -69
- data/spec/requests/spree/api/stock_items_controller_spec.rb +0 -311
- data/spec/requests/spree/api/stock_locations_controller_spec.rb +0 -170
- data/spec/requests/spree/api/stock_movements_controller_spec.rb +0 -81
- data/spec/requests/spree/api/store_credit_events_controller_spec.rb +0 -59
- data/spec/requests/spree/api/stores_controller_spec.rb +0 -134
- data/spec/requests/spree/api/taxonomies_controller_spec.rb +0 -114
- data/spec/requests/spree/api/taxons_controller_spec.rb +0 -217
- data/spec/requests/spree/api/unauthenticated_products_controller_spec.rb +0 -27
- data/spec/requests/spree/api/users_controller_spec.rb +0 -151
- data/spec/requests/spree/api/variants_controller_spec.rb +0 -340
- data/spec/requests/spree/api/zones_controller_spec.rb +0 -89
- data/spec/shared_examples/protect_product_actions.rb +0 -18
- data/spec/spec_helper.rb +0 -73
- data/spec/support/be_paginated_matcher.rb +0 -9
- data/spec/support/controller_hacks.rb +0 -43
- data/spec/support/database_cleaner.rb +0 -16
- data/spec/support/have_attributes_matcher.rb +0 -11
- data/spec/test_views/spree/api/widgets/_widget.json.jbuilder +0 -3
- data/spec/test_views/spree/api/widgets/index.json.jbuilder +0 -9
- data/spec/test_views/spree/api/widgets/new.json.jbuilder +0 -3
- data/spec/test_views/spree/api/widgets/show.json.jbuilder +0 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 19be3dde15aa7ef97b0ade87c65b18aeb71627e8065fa3099ad76a40268ef861
|
4
|
+
data.tar.gz: 5c8436a444740c8260ee482f4bf4a548c8068ea30c386e3e0add5560120c4ff5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6cbedb51d0d5090b15f28cb02a591b48a27f205a2ee19f6c5b429e7756f770a20dd428a5b40ab35a9473cba23757f7734d10c9c67837b07311e5044678103449
|
7
|
+
data.tar.gz: 393dea9adc6c5335620f74c932d899979117a9275cc59dee56a1dcf9667272d955398b69a186069402625f398d2332e962d7bc7b97462e0e9dc6f67ab0d5803f
|
data/README.md
CHANGED
@@ -20,9 +20,9 @@ If you want to contribute, you can use [Stoplight Studio][studio]. Simply
|
|
20
20
|
follow these steps:
|
21
21
|
|
22
22
|
1. Create a new Stoplight Studio project
|
23
|
-
2. Copy-paste the content of `openapi/api.
|
23
|
+
2. Copy-paste the content of `openapi/solidus-api.oas.yml` into your project
|
24
24
|
3. Edit the endpoints and models as needed
|
25
|
-
4. Copy-paste the result back into `openapi/api.
|
25
|
+
4. Copy-paste the result back into `openapi/solidus-api.oas.yml`
|
26
26
|
5. Open a PR!
|
27
27
|
|
28
28
|
**Note: Only use embedded models in Stoplight Studio, as Stoplight Docs is
|
@@ -10,6 +10,7 @@ module Spree
|
|
10
10
|
protect_from_forgery unless: -> { request.format.json? }
|
11
11
|
|
12
12
|
include CanCan::ControllerAdditions
|
13
|
+
include Spree::Core::ControllerHelpers::CurrentHost
|
13
14
|
include Spree::Core::ControllerHelpers::Store
|
14
15
|
include Spree::Core::ControllerHelpers::Pricing
|
15
16
|
include Spree::Core::ControllerHelpers::StrongParameters
|
@@ -28,6 +29,7 @@ module Spree
|
|
28
29
|
rescue_from ActiveRecord::RecordNotFound, with: :not_found
|
29
30
|
rescue_from CanCan::AccessDenied, with: :unauthorized
|
30
31
|
rescue_from Spree::Core::GatewayError, with: :gateway_error
|
32
|
+
rescue_from StateMachines::InvalidTransition, with: :invalid_transition
|
31
33
|
|
32
34
|
helper Spree::Api::ApiHelpers
|
33
35
|
|
@@ -133,13 +135,13 @@ module Spree
|
|
133
135
|
|
134
136
|
def product_scope
|
135
137
|
if can?(:admin, Spree::Product)
|
136
|
-
scope = Spree::Product.
|
138
|
+
scope = Spree::Product.with_discarded.accessible_by(current_ability).includes(*product_includes)
|
137
139
|
|
138
140
|
unless params[:show_deleted]
|
139
141
|
scope = scope.not_deleted
|
140
142
|
end
|
141
143
|
else
|
142
|
-
scope = Spree::Product.accessible_by(current_ability
|
144
|
+
scope = Spree::Product.accessible_by(current_ability).available.includes(*product_includes)
|
143
145
|
end
|
144
146
|
|
145
147
|
scope
|
@@ -159,7 +161,7 @@ module Spree
|
|
159
161
|
|
160
162
|
def authorize_for_order
|
161
163
|
@order = Spree::Order.find_by(number: order_id)
|
162
|
-
authorize! :
|
164
|
+
authorize! :show, @order, order_token
|
163
165
|
end
|
164
166
|
|
165
167
|
def lock_order
|
@@ -188,6 +190,12 @@ module Spree
|
|
188
190
|
def default_per_page
|
189
191
|
Kaminari.config.default_per_page
|
190
192
|
end
|
193
|
+
|
194
|
+
def invalid_transition(error)
|
195
|
+
logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
|
196
|
+
|
197
|
+
render "spree/api/errors/could_not_transition", locals: { resource: error.object }, status: :unprocessable_entity
|
198
|
+
end
|
191
199
|
end
|
192
200
|
end
|
193
201
|
end
|
@@ -20,12 +20,8 @@ module Spree
|
|
20
20
|
respond_with(@order, default_template: 'spree/api/orders/expected_total_mismatch', status: 400)
|
21
21
|
return
|
22
22
|
end
|
23
|
-
authorize! :update, @order, order_token
|
24
23
|
@order.next!
|
25
24
|
respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
|
26
|
-
rescue StateMachines::InvalidTransition => error
|
27
|
-
logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
|
28
|
-
respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
|
29
25
|
end
|
30
26
|
|
31
27
|
def advance
|
@@ -42,9 +38,6 @@ module Spree
|
|
42
38
|
@order.complete!
|
43
39
|
respond_with(@order, default_template: 'spree/api/orders/show', status: 200)
|
44
40
|
end
|
45
|
-
rescue StateMachines::InvalidTransition => error
|
46
|
-
logger.error("invalid_transition #{error.event} from #{error.from} for #{error.object.class.name}. Error: #{error.inspect}")
|
47
|
-
respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
|
48
41
|
end
|
49
42
|
|
50
43
|
def update
|
@@ -57,12 +50,9 @@ module Spree
|
|
57
50
|
|
58
51
|
return if after_update_attributes
|
59
52
|
|
60
|
-
if @order.completed? || @order.next
|
53
|
+
if @order.completed? || @order.next!
|
61
54
|
state_callback(:after)
|
62
55
|
respond_with(@order, default_template: 'spree/api/orders/show')
|
63
|
-
else
|
64
|
-
logger.error("failed_to_transition_errors=#{@order.errors.full_messages}")
|
65
|
-
respond_with(@order, default_template: 'spree/api/orders/could_not_transition', status: 422)
|
66
56
|
end
|
67
57
|
else
|
68
58
|
invalid_resource!(@order)
|
@@ -76,11 +66,24 @@ module Spree
|
|
76
66
|
end
|
77
67
|
|
78
68
|
def update_params
|
79
|
-
|
80
|
-
|
69
|
+
state = @order.state
|
70
|
+
case state.to_sym
|
71
|
+
when :cart, :address
|
72
|
+
massaged_params.fetch(:order, {}).permit(
|
73
|
+
permitted_checkout_address_attributes
|
74
|
+
)
|
75
|
+
when :delivery
|
76
|
+
massaged_params.require(:order).permit(
|
77
|
+
permitted_checkout_delivery_attributes
|
78
|
+
)
|
79
|
+
when :payment
|
80
|
+
massaged_params.require(:order).permit(
|
81
|
+
permitted_checkout_payment_attributes
|
82
|
+
)
|
81
83
|
else
|
82
|
-
|
83
|
-
|
84
|
+
massaged_params.fetch(:order, {}).permit(
|
85
|
+
permitted_checkout_confirm_attributes
|
86
|
+
)
|
84
87
|
end
|
85
88
|
end
|
86
89
|
|
@@ -7,7 +7,7 @@ module Spree
|
|
7
7
|
|
8
8
|
def index
|
9
9
|
@countries = Spree::Country.
|
10
|
-
accessible_by(current_ability
|
10
|
+
accessible_by(current_ability).
|
11
11
|
ransack(params[:q]).
|
12
12
|
result.
|
13
13
|
order('name ASC')
|
@@ -21,7 +21,7 @@ module Spree
|
|
21
21
|
end
|
22
22
|
|
23
23
|
def show
|
24
|
-
@country = Spree::Country.accessible_by(current_ability, :
|
24
|
+
@country = Spree::Country.accessible_by(current_ability, :show).find(params[:id])
|
25
25
|
respond_with(@country)
|
26
26
|
end
|
27
27
|
end
|
@@ -9,7 +9,7 @@ module Spree
|
|
9
9
|
def index
|
10
10
|
@credit_cards = user
|
11
11
|
.credit_cards
|
12
|
-
.accessible_by(current_ability
|
12
|
+
.accessible_by(current_ability)
|
13
13
|
.with_payment_profile
|
14
14
|
.ransack(params[:q]).result
|
15
15
|
|
@@ -29,7 +29,7 @@ module Spree
|
|
29
29
|
|
30
30
|
def user
|
31
31
|
if params[:user_id].present?
|
32
|
-
@user ||= Spree.user_class.accessible_by(current_ability, :
|
32
|
+
@user ||= Spree.user_class.accessible_by(current_ability, :show).find(params[:user_id])
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
@@ -0,0 +1,67 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
module Api
|
5
|
+
class CustomerReturnsController < Spree::Api::BaseController
|
6
|
+
before_action :load_order
|
7
|
+
around_action :lock_order, only: [:create, :update, :destroy, :cancel]
|
8
|
+
|
9
|
+
rescue_from Spree::Order::InsufficientStock, with: :insufficient_stock_error
|
10
|
+
|
11
|
+
def create
|
12
|
+
authorize! :create, CustomerReturn
|
13
|
+
@customer_return = CustomerReturn.create(customer_return_params)
|
14
|
+
if @customer_return.save
|
15
|
+
respond_with(@customer_return, status: 201, default_template: :show)
|
16
|
+
else
|
17
|
+
invalid_resource!(@customer_return)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def index
|
22
|
+
authorize! :index, CustomerReturn
|
23
|
+
|
24
|
+
@customer_returns = @order.
|
25
|
+
customer_returns.
|
26
|
+
accessible_by(current_ability).
|
27
|
+
ransack(params[:q]).
|
28
|
+
result
|
29
|
+
|
30
|
+
@customer_returns = paginate(@customer_returns)
|
31
|
+
|
32
|
+
respond_with(@customer_returns)
|
33
|
+
end
|
34
|
+
|
35
|
+
def new
|
36
|
+
authorize! :new, CustomerReturn
|
37
|
+
end
|
38
|
+
|
39
|
+
def show
|
40
|
+
authorize! :show, CustomerReturn
|
41
|
+
@customer_return = @order.customer_returns.accessible_by(current_ability, :show).find(params[:id])
|
42
|
+
respond_with(@customer_return)
|
43
|
+
end
|
44
|
+
|
45
|
+
def update
|
46
|
+
authorize! :update, CustomerReturn
|
47
|
+
@customer_return = @order.customer_returns.accessible_by(current_ability, :update).find(params[:id])
|
48
|
+
if @customer_return.update(customer_return_params)
|
49
|
+
respond_with(@customer_return.reload, default_template: :show)
|
50
|
+
else
|
51
|
+
invalid_resource!(@customer_return)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
private
|
56
|
+
|
57
|
+
def load_order
|
58
|
+
@order ||= Spree::Order.find_by!(number: order_id)
|
59
|
+
authorize! :show, @order
|
60
|
+
end
|
61
|
+
|
62
|
+
def customer_return_params
|
63
|
+
params.require(:customer_return).permit(permitted_customer_return_attributes)
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -4,12 +4,12 @@ module Spree
|
|
4
4
|
module Api
|
5
5
|
class ImagesController < Spree::Api::BaseController
|
6
6
|
def index
|
7
|
-
@images = scope.images.accessible_by(current_ability
|
7
|
+
@images = scope.images.accessible_by(current_ability)
|
8
8
|
respond_with(@images)
|
9
9
|
end
|
10
10
|
|
11
11
|
def show
|
12
|
-
@image =
|
12
|
+
@image = scope.images.accessible_by(current_ability, :show).find(params[:id])
|
13
13
|
respond_with(@image)
|
14
14
|
end
|
15
15
|
|
@@ -20,13 +20,13 @@ module Spree
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def update
|
23
|
-
@image =
|
23
|
+
@image = scope.images.accessible_by(current_ability, :update).find(params[:id])
|
24
24
|
@image.update(image_params)
|
25
25
|
respond_with(@image, default_template: :show)
|
26
26
|
end
|
27
27
|
|
28
28
|
def destroy
|
29
|
-
@image =
|
29
|
+
@image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
|
30
30
|
@image.destroy
|
31
31
|
respond_with(@image, status: 204)
|
32
32
|
end
|
@@ -26,7 +26,7 @@ module Spree
|
|
26
26
|
private
|
27
27
|
|
28
28
|
def inventory_unit
|
29
|
-
@inventory_unit ||= Spree::InventoryUnit.accessible_by(current_ability, :
|
29
|
+
@inventory_unit ||= Spree::InventoryUnit.accessible_by(current_ability, :show).find(params[:id])
|
30
30
|
end
|
31
31
|
|
32
32
|
def prepare_event
|
@@ -5,15 +5,15 @@ module Spree
|
|
5
5
|
class OptionTypesController < Spree::Api::BaseController
|
6
6
|
def index
|
7
7
|
if params[:ids]
|
8
|
-
@option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability
|
8
|
+
@option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability).where(id: params[:ids].split(','))
|
9
9
|
else
|
10
|
-
@option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability
|
10
|
+
@option_types = Spree::OptionType.includes(:option_values).accessible_by(current_ability).load.ransack(params[:q]).result
|
11
11
|
end
|
12
12
|
respond_with(@option_types)
|
13
13
|
end
|
14
14
|
|
15
15
|
def show
|
16
|
-
@option_type = Spree::OptionType.accessible_by(current_ability, :
|
16
|
+
@option_type = Spree::OptionType.accessible_by(current_ability, :show).find(params[:id])
|
17
17
|
respond_with(@option_type)
|
18
18
|
end
|
19
19
|
|
@@ -46,9 +46,9 @@ module Spree
|
|
46
46
|
|
47
47
|
def scope
|
48
48
|
if params[:option_type_id]
|
49
|
-
@scope ||= Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability
|
49
|
+
@scope ||= Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability)
|
50
50
|
else
|
51
|
-
@scope ||= Spree::OptionValue.accessible_by(current_ability
|
51
|
+
@scope ||= Spree::OptionValue.accessible_by(current_ability).load
|
52
52
|
end
|
53
53
|
end
|
54
54
|
|
@@ -53,7 +53,7 @@ module Spree
|
|
53
53
|
end
|
54
54
|
|
55
55
|
def index
|
56
|
-
authorize! :
|
56
|
+
authorize! :admin, Order
|
57
57
|
orders_includes = [
|
58
58
|
{ user: :store_credits },
|
59
59
|
:line_items,
|
@@ -130,7 +130,13 @@ module Spree
|
|
130
130
|
end
|
131
131
|
|
132
132
|
def normalize_params
|
133
|
-
|
133
|
+
if params[:order][:payments]
|
134
|
+
payments_params = params[:order].delete(:payments)
|
135
|
+
params[:order][:payments_attributes] = payments_params.map do |payment_params|
|
136
|
+
payment_params[:source_attributes] = payment_params.delete(:source) if payment_params[:source].present?
|
137
|
+
payment_params
|
138
|
+
end
|
139
|
+
end
|
134
140
|
params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
|
135
141
|
params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
|
136
142
|
params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address].present?
|
@@ -9,7 +9,7 @@ module Spree
|
|
9
9
|
def index
|
10
10
|
@product_properties = @product.
|
11
11
|
product_properties.
|
12
|
-
accessible_by(current_ability
|
12
|
+
accessible_by(current_ability).
|
13
13
|
ransack(params[:q]).
|
14
14
|
result
|
15
15
|
|
@@ -36,9 +36,8 @@ module Spree
|
|
36
36
|
end
|
37
37
|
|
38
38
|
def update
|
39
|
-
|
40
|
-
|
41
|
-
@product_property.update(product_property_params)
|
39
|
+
authorize! :update, @product_property
|
40
|
+
if @product_property.update(product_property_params)
|
42
41
|
respond_with(@product_property, status: 200, default_template: :show)
|
43
42
|
else
|
44
43
|
invalid_resource!(@product_property)
|
@@ -46,27 +45,23 @@ module Spree
|
|
46
45
|
end
|
47
46
|
|
48
47
|
def destroy
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
respond_with(@product_property, status: 204)
|
53
|
-
else
|
54
|
-
invalid_resource!(@product_property)
|
55
|
-
end
|
48
|
+
authorize! :destroy, @product_property
|
49
|
+
@product_property.destroy
|
50
|
+
respond_with(@product_property, status: 204)
|
56
51
|
end
|
57
52
|
|
58
53
|
private
|
59
54
|
|
60
55
|
def find_product
|
61
56
|
@product = super(params[:product_id])
|
62
|
-
authorize! :
|
57
|
+
authorize! :show, @product
|
63
58
|
end
|
64
59
|
|
65
60
|
def product_property
|
66
61
|
if @product
|
67
62
|
@product_property ||= @product.product_properties.find_by(id: params[:id])
|
68
|
-
@product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first
|
69
|
-
authorize! :
|
63
|
+
@product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first!
|
64
|
+
authorize! :show, @product_property
|
70
65
|
end
|
71
66
|
end
|
72
67
|
|
@@ -3,26 +3,17 @@
|
|
3
3
|
module Spree
|
4
4
|
module Api
|
5
5
|
class PromotionsController < Spree::Api::BaseController
|
6
|
-
before_action :requires_admin
|
7
6
|
before_action :load_promotion
|
8
7
|
|
9
8
|
def show
|
10
|
-
|
11
|
-
|
12
|
-
else
|
13
|
-
raise ActiveRecord::RecordNotFound
|
14
|
-
end
|
9
|
+
authorize! :show, @promotion
|
10
|
+
respond_with(@promotion, default_template: :show)
|
15
11
|
end
|
16
12
|
|
17
13
|
private
|
18
14
|
|
19
|
-
def requires_admin
|
20
|
-
return if @current_user_roles.include?("admin")
|
21
|
-
unauthorized && return
|
22
|
-
end
|
23
|
-
|
24
15
|
def load_promotion
|
25
|
-
@promotion = Spree::Promotion.
|
16
|
+
@promotion = Spree::Promotion.with_coupon_code(params[:id]) || Spree::Promotion.find(params[:id])
|
26
17
|
end
|
27
18
|
end
|
28
19
|
end
|