spree_api 4.4.0 → 4.5.0

data/app/controllers/spree/api/v1/option_values_controller.rb

@@ -1,62 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class OptionValuesController < Spree::Api::BaseController
-        def index
-          @option_values = if params[:ids]
-                             scope.where(id: params[:ids])
-                           else
-                             scope.ransack(params[:q]).result.distinct
-                           end
-          respond_with(@option_values)
-        end
-
-        def show
-          @option_value = scope.find(params[:id])
-          respond_with(@option_value)
-        end
-
-        def new; end
-
-        def create
-          authorize! :create, Spree::OptionValue
-          @option_value = scope.new(option_value_params)
-          if @option_value.save
-            render :show, status: 201
-          else
-            invalid_resource!(@option_value)
-          end
-        end
-
-        def update
-          @option_value = scope.accessible_by(current_ability, :update).find(params[:id])
-          if @option_value.update(option_value_params)
-            render :show
-          else
-            invalid_resource!(@option_value)
-          end
-        end
-
-        def destroy
-          @option_value = scope.accessible_by(current_ability, :destroy).find(params[:id])
-          @option_value.destroy
-          render plain: nil, status: 204
-        end
-
-        private
-
-        def scope
-          @scope ||= if params[:option_type_id]
-                       Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability, :show)
-                     else
-                       Spree::OptionValue.accessible_by(current_ability, :show).load
-                     end
-        end
-
-        def option_value_params
-          params.require(:option_value).permit(permitted_option_value_attributes)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/orders_controller.rb

@@ -1,160 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class OrdersController < Spree::Api::BaseController
-        skip_before_action :authenticate_user, only: :apply_coupon_code
-
-        before_action :find_order, except: [:create, :mine, :current, :index, :update, :remove_coupon_code]
-
-        # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
-        Order.checkout_steps.keys.each do |step|
-          define_method step do
-            find_order
-            authorize! :update, @order, params[:token]
-          end
-        end
-
-        def cancel
-          authorize! :update, @order, params[:token]
-          @order.canceled_by(current_api_user)
-          respond_with(@order, default_template: :show)
-        end
-
-        def approve
-          authorize! :approve, @order, params[:token]
-          @order.approved_by(current_api_user)
-          respond_with(@order, default_template: :show)
-        end
-
-        def create
-          authorize! :create, Spree::Order
-          if can?(:admin, Spree::Order)
-            order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
-                           Spree.user_class.find(order_params[:user_id])
-                         else
-                           current_api_user
-                         end
-
-            import_params = if @current_user_roles.include?('admin')
-                              params[:order].present? ? params[:order].permit! : {}
-                            else
-                              order_params
-                            end
-
-            @order = Spree::Core::Importer::Order.import(order_user, import_params)
-
-            respond_with(@order, default_template: :show, status: 201)
-          else
-            @order = Spree::Order.create!(user: current_api_user, store: current_store)
-            if Cart::Update.call(order: @order, params: order_params).success?
-              respond_with(@order, default_template: :show, status: 201)
-            else
-              invalid_resource!(@order)
-            end
-          end
-        end
-
-        def empty
-          authorize! :update, @order, order_token
-          cart_empty_service.call(order: @order)
-          render plain: nil, status: 204
-        end
-
-        def index
-          authorize! :index, Order
-          @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-          respond_with(@orders)
-        end
-
-        def show
-          authorize! :show, @order, order_token
-          respond_with(@order)
-        end
-
-        def update
-          find_order(true)
-          authorize! :update, @order, order_token
-
-          if Cart::Update.call(order: @order, params: order_params).success?
-            user_id = params[:order][:user_id]
-            if current_api_user.has_spree_role?('admin') && user_id
-              @order.associate_user!(Spree.user_class.find(user_id))
-            end
-            respond_with(@order, default_template: :show)
-          else
-            invalid_resource!(@order)
-          end
-        end
-
-        def current
-          @order = find_current_order
-          if @order
-            respond_with(@order, default_template: :show, locals: { root_object: @order })
-          else
-            head :no_content
-          end
-        end
-
-        def mine
-          if current_api_user.persisted?
-            @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-          else
-            render 'spree/api/errors/unauthorized', status: :unauthorized
-          end
-        end
-
-        def apply_coupon_code
-          find_order
-          authorize! :update, @order, order_token
-          @order.coupon_code = params[:coupon_code]
-          @handler = PromotionHandler::Coupon.new(@order).apply
-          status = @handler.successful? ? 200 : 422
-          render 'spree/api/v1/promotions/handler', status: status
-        end
-
-        def remove_coupon_code
-          find_order(true)
-          authorize! :update, @order, order_token
-          @handler = Spree::PromotionHandler::Coupon.new(@order).remove(params[:coupon_code])
-          status = @handler.successful? ? 200 : 404
-          render 'spree/api/v1/promotions/handler', status: status
-        end
-
-        private
-
-        def order_params
-          if params[:order]
-            normalize_params
-            params.require(:order).permit(permitted_order_attributes)
-          else
-            {}
-          end
-        end
-
-        def normalize_params
-          params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
-          params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
-          params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
-          params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address]
-          params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address]
-        end
-
-        def find_order(lock = false)
-          @order = Spree::Order.lock(lock).find_by!(number: params[:id])
-        end
-
-        def find_current_order
-          current_api_user ? current_api_user.orders.incomplete.order(:created_at).last : nil
-        end
-
-        def order_id
-          super || params[:id]
-        end
-
-        def cart_empty_service
-          Spree::Dependencies.cart_empty_service.constantize
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/payments_controller.rb

@@ -1,82 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class PaymentsController < Spree::Api::BaseController
-        before_action :find_order
-        before_action :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void]
-
-        def index
-          @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
-          respond_with(@payments)
-        end
-
-        def new
-          @payment_methods = Spree::PaymentMethod.available
-          respond_with(@payment_methods)
-        end
-
-        def create
-          @order.validate_payments_attributes([payment_params])
-          @payment = @order.payments.build(payment_params)
-          if @payment.save
-            respond_with(@payment, status: 201, default_template: :show)
-          else
-            invalid_resource!(@payment)
-          end
-        end
-
-        def update
-          authorize! params[:action], @payment
-          if !@payment.editable?
-            render 'update_forbidden', status: 403
-          elsif @payment.update(payment_params)
-            respond_with(@payment, default_template: :show)
-          else
-            invalid_resource!(@payment)
-          end
-        end
-
-        def show
-          respond_with(@payment)
-        end
-
-        def authorize
-          perform_payment_action(:authorize)
-        end
-
-        def capture
-          perform_payment_action(:capture)
-        end
-
-        def purchase
-          perform_payment_action(:purchase)
-        end
-
-        def void
-          perform_payment_action(:void_transaction)
-        end
-
-        private
-
-        def find_order
-          @order = Spree::Order.find_by!(number: order_id)
-          authorize! :show, @order, order_token
-        end
-
-        def find_payment
-          @payment = @order.payments.find_by!(number: params[:id])
-        end
-
-        def perform_payment_action(action, *args)
-          authorize! action, Payment
-          @payment.send("#{action}!", *args)
-          respond_with(@payment, default_template: :show)
-        end
-
-        def payment_params
-          params.require(:payment).permit(permitted_payment_attributes)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/product_properties_controller.rb

@@ -1,73 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class ProductPropertiesController < Spree::Api::BaseController
-        before_action :find_product, :authorize_product!
-        before_action :product_property, only: [:show, :update, :destroy]
-
-        def index
-          @product_properties = @product.product_properties.accessible_by(current_ability).
-                                ransack(params[:q]).result.
-                                page(params[:page]).per(params[:per_page])
-          respond_with(@product_properties)
-        end
-
-        def show
-          respond_with(@product_property)
-        end
-
-        def new; end
-
-        def create
-          authorize! :create, ProductProperty
-          @product_property = @product.product_properties.new(product_property_params)
-          if @product_property.save
-            respond_with(@product_property, status: 201, default_template: :show)
-          else
-            invalid_resource!(@product_property)
-          end
-        end
-
-        def update
-          authorize! :update, @product_property
-
-          if @product_property.update(product_property_params)
-            respond_with(@product_property, status: 200, default_template: :show)
-          else
-            invalid_resource!(@product_property)
-          end
-        end
-
-        def destroy
-          authorize! :destroy, @product_property
-          @product_property.destroy
-          respond_with(@product_property, status: 204)
-        end
-
-        private
-
-        def find_product
-          super(params[:product_id])
-        end
-
-        def authorize_product!
-          authorize! :show, @product
-        end
-
-        def product_property
-          if @product
-            @product_property ||= @product.product_properties.find_by(id: params[:id])
-            @product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first
-            raise ActiveRecord::RecordNotFound unless @product_property
-
-            authorize! :show, @product_property
-          end
-        end
-
-        def product_property_params
-          params.require(:product_property).permit(permitted_product_properties_attributes)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/products_controller.rb

@@ -1,131 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class ProductsController < Spree::Api::BaseController
-        before_action :find_product, only: [:update, :show, :destroy]
-
-        def index
-          @products = if params[:ids]
-                        product_scope.where(id: params[:ids].split(',').flatten)
-                      else
-                        product_scope.ransack(params[:q]).result
-                      end
-
-          @products = @products.distinct.page(params[:page]).per(params[:per_page])
-          expires_in 15.minutes, public: true
-          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
-          respond_with(@products)
-        end
-
-        def show
-          expires_in 15.minutes, public: true
-          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
-          headers['Surrogate-Key'] = 'product_id=1'
-          respond_with(@product)
-        end
-
-        # Takes besides the products attributes either an array of variants or
-        # an array of option types.
-        #
-        # By submitting an array of variants the option types will be created
-        # using the *name* key in options hash. e.g
-        #
-        #   product: {
-        #     ...
-        #     variants: {
-        #       price: 19.99,
-        #       sku: "hey_you",
-        #       options: [
-        #         { name: "size", value: "small" },
-        #         { name: "color", value: "black" }
-        #       ]
-        #     }
-        #   }
-        #
-        # Or just pass in the option types hash:
-        #
-        #   product: {
-        #     ...
-        #     option_types: ['size', 'color']
-        #   }
-        #
-        # By passing the shipping category name you can fetch or create that
-        # shipping category on the fly. e.g.
-        #
-        #   product: {
-        #     ...
-        #     shipping_category: "Free Shipping Items"
-        #   }
-        #
-        def new; end
-
-        def create
-          authorize! :create, Product
-          params[:product][:available_on] ||= Time.current
-          set_up_shipping_category
-
-          options = { store: current_store, variants_attrs: variants_params, options_attrs: option_types_params }
-          @product = Core::Importer::Product.new(nil, product_params, options).create
-
-          if @product.persisted?
-            respond_with(@product, status: 201, default_template: :show)
-          else
-            invalid_resource!(@product)
-          end
-        end
-
-        def update
-          authorize! :update, @product
-
-          options = { store: current_store, variants_attrs: variants_params, options_attrs: option_types_params }
-          @product = Core::Importer::Product.new(@product, product_params, options).update
-
-          if @product.errors.empty?
-            respond_with(@product.reload, status: 200, default_template: :show)
-          else
-            invalid_resource!(@product)
-          end
-        end
-
-        def destroy
-          authorize! :destroy, @product
-          @product.destroy
-          respond_with(@product, status: 204)
-        end
-
-        private
-
-        def product_params
-          params.require(:product).permit(permitted_product_attributes)
-        end
-
-        def variants_params
-          variants_key = if params[:product].key? :variants
-                           :variants
-                         else
-                           :variants_attributes
-                         end
-
-          params.require(:product).permit(
-            variants_key => [permitted_variant_attributes, :id]
-          ).delete(variants_key) || []
-        end
-
-        def option_types_params
-          params[:product].fetch(:option_types, [])
-        end
-
-        def find_product
-          super(params[:id])
-        end
-
-        def set_up_shipping_category
-          if shipping_category = params[:product].delete(:shipping_category)
-            id = ShippingCategory.find_or_create_by(name: shipping_category).id
-            params[:product][:shipping_category_id] = id
-          end
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/promotions_controller.rb

@@ -1,30 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class PromotionsController < Spree::Api::BaseController
-        before_action :requires_admin
-        before_action :load_promotion
-
-        def show
-          if @promotion
-            respond_with(@promotion, default_template: :show)
-          else
-            raise ActiveRecord::RecordNotFound
-          end
-        end
-
-        private
-
-        def requires_admin
-          return if @current_user_roles.include?('admin')
-
-          unauthorized and return
-        end
-
-        def load_promotion
-          @promotion = Spree::Promotion.find_by(id: params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/properties_controller.rb

@@ -1,70 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class PropertiesController < Spree::Api::BaseController
-        before_action :find_property, only: [:show, :update, :destroy]
-
-        def index
-          @properties = Spree::Property.accessible_by(current_ability)
-
-          @properties = if params[:ids]
-                          @properties.where(id: params[:ids].split(',').flatten)
-                        else
-                          @properties.ransack(params[:q]).result
-                        end
-
-          @properties = @properties.page(params[:page]).per(params[:per_page])
-          respond_with(@properties)
-        end
-
-        def show
-          respond_with(@property)
-        end
-
-        def new; end
-
-        def create
-          authorize! :create, Property
-          @property = Spree::Property.new(property_params)
-          if @property.save
-            respond_with(@property, status: 201, default_template: :show)
-          else
-            invalid_resource!(@property)
-          end
-        end
-
-        def update
-          if @property
-            authorize! :update, @property
-            @property.update(property_params)
-            respond_with(@property, status: 200, default_template: :show)
-          else
-            invalid_resource!(@property)
-          end
-        end
-
-        def destroy
-          if @property
-            authorize! :destroy, @property
-            @property.destroy
-            respond_with(@property, status: 204)
-          else
-            invalid_resource!(@property)
-          end
-        end
-
-        private
-
-        def find_property
-          @property = Spree::Property.accessible_by(current_ability, :show).find(params[:id])
-        rescue ActiveRecord::RecordNotFound
-          @property = Spree::Property.accessible_by(current_ability, :show).find_by!(name: params[:id])
-        end
-
-        def property_params
-          params.require(:property).permit(permitted_property_attributes)
-        end
-      end
-    end
-  end
-end

data/app/controllers/spree/api/v1/reimbursements_controller.rb

@@ -1,25 +0,0 @@
-module Spree
-  module Api
-    module V1
-      class ReimbursementsController < Spree::Api::BaseController
-        def index
-          collection(Spree::Reimbursement)
-          respond_with(@collection)
-        end
-
-        private
-
-        def collection(resource)
-          return @collection if @collection.present?
-
-          params[:q] ||= {}
-
-          @collection = resource.all
-          # @search needs to be defined as this is passed to search_form_for
-          @search = @collection.ransack(params[:q])
-          @collection = @search.result.order(created_at: :desc).page(params[:page]).per(params[:per_page])
-        end
-      end
-    end
-  end
-end