RubyGems - spree_api - Versions diffs - 5.4.3 → 5.5.0.rc2 - Mend

spree_api 5.4.3 → 5.5.0.rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

data/app/controllers/spree/api/v3/admin/orders/adjustments_controller.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        module Orders
+          class AdjustmentsController < BaseController
+            scoped_resource :orders
+            protected
+            def model_class
+              Spree::Adjustment
+            end
+            def serializer_class
+              Spree.api.admin_adjustment_serializer
+            end
+            def parent_association
+              :adjustments
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v3/admin/orders/base_controller.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        module Orders
+          class BaseController < ResourceController
+            include Spree::Api::V3::OrderLock
+            before_action :authorize_order_access!
+            protected
+            def set_parent
+              @parent = current_store.orders.find_by_prefix_id!(params[:order_id])
+              @order = @parent
+            end
+            # Read actions require only :show on the parent order; every write
+            # (create/update/destroy and custom member actions like capture,
+            # void, fulfill, split, apply gift card / store credit) requires
+            # :update, so a read-only role can't mutate an order it can view.
+            # Subclasses with custom read-only actions extend +read_actions+.
+            def authorize_order_access!
+              authorize_parent!(@parent)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v3/admin/orders/fulfillments_controller.rb ADDED Viewed

@@ -0,0 +1,104 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        module Orders
+          class FulfillmentsController < BaseController
+            scoped_resource :fulfillments
+            before_action :set_resource, only: [:show, :update, :fulfill, :cancel, :resume, :split]
+            # PATCH /api/v3/admin/orders/:order_id/fulfillments/:id
+            def update
+              with_order_lock do
+                result = Spree.shipment_update_service.call(
+                  shipment: @resource,
+                  shipment_attributes: permitted_params.to_h
+                )
+                if result.success?
+                  render json: serialize_resource(@resource.reload)
+                else
+                  render_result_error(result)
+                end
+              end
+            end
+            # PATCH /api/v3/admin/orders/:order_id/fulfillments/:id/fulfill
+            def fulfill
+              with_order_lock do
+                @resource.ship!
+                render json: serialize_resource(@resource.reload)
+              rescue StateMachines::InvalidTransition => e
+                render_service_error(e.message)
+              end
+            end
+            # PATCH /api/v3/admin/orders/:order_id/fulfillments/:id/cancel
+            def cancel
+              with_order_lock do
+                @resource.cancel!
+                render json: serialize_resource(@resource.reload)
+              rescue StateMachines::InvalidTransition => e
+                render_service_error(e.message)
+              end
+            end
+            # PATCH /api/v3/admin/orders/:order_id/fulfillments/:id/resume
+            def resume
+              with_order_lock do
+                @resource.resume!
+                render json: serialize_resource(@resource.reload)
+              rescue StateMachines::InvalidTransition => e
+                render_service_error(e.message)
+              end
+            end
+            # PATCH /api/v3/admin/orders/:order_id/fulfillments/:id/split
+            def split
+              with_order_lock do
+                variant = Spree::Variant.find_by_prefix_id!(params[:variant_id])
+                quantity = params[:quantity].to_i
+                stock_location = if params[:stock_location_id].present?
+                                   Spree::StockLocation.find_by_prefix_id!(params[:stock_location_id])
+                                 else
+                                   @resource.stock_location
+                                 end
+                fulfilment_changer = @resource.transfer_to_location(variant, quantity, stock_location)
+                if fulfilment_changer.run!
+                  fulfillments = @order.reload.shipments
+                  render json: {
+                    data: fulfillments.map { |s| serialize_resource(s) }
+                  }
+                else
+                  render_validation_error(fulfilment_changer.errors)
+                end
+              end
+            end
+            protected
+            def model_class
+              Spree::Shipment
+            end
+            def serializer_class
+              Spree.api.admin_fulfillment_serializer
+            end
+            def parent_association
+              :shipments
+            end
+            def permitted_params
+              params.permit(:tracking, :selected_shipping_rate_id, :stock_location_id, :state)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v3/admin/orders/gift_cards_controller.rb ADDED Viewed

@@ -0,0 +1,79 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        module Orders
+          class GiftCardsController < BaseController
+            scoped_resource :gift_cards
+            skip_before_action :set_resource, raise: false
+            # POST /api/v3/admin/orders/:order_id/gift_cards
+            #
+            # Body: { code: String }
+            def create
+              with_order_lock do
+                gift_card = find_gift_card!
+                return unless gift_card
+                result = @parent.apply_gift_card(gift_card)
+                if result.success?
+                  render json: serializer_class.new(gift_card).to_h, status: :created
+                else
+                  render_service_error(result.error)
+                end
+              end
+            end
+            # DELETE /api/v3/admin/orders/:order_id/gift_cards/:id
+            def destroy
+              with_order_lock do
+                result = @parent.remove_gift_card
+                if result.success?
+                  head :no_content
+                else
+                  render_service_error(result.error)
+                end
+              end
+            end
+            protected
+            def model_class
+              Spree::GiftCard
+            end
+            def serializer_class
+              Spree.api.admin_gift_card_serializer
+            end
+            private
+            def find_gift_card!
+              gift_card = current_store.gift_cards.find_by(code: params[:code]&.downcase)
+              if gift_card.nil?
+                render_error(code: ERROR_CODES[:gift_card_not_found], message: Spree.t(:gift_card_not_found), status: :not_found)
+                return
+              end
+              if gift_card.expired?
+                render_error(code: ERROR_CODES[:gift_card_expired], message: Spree.t(:gift_card_expired), status: :unprocessable_content)
+                return
+              end
+              if gift_card.redeemed?
+                render_error(code: ERROR_CODES[:gift_card_already_redeemed], message: Spree.t(:gift_card_already_redeemed), status: :unprocessable_content)
+                return
+              end
+              gift_card
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v3/admin/orders/items_controller.rb ADDED Viewed

@@ -0,0 +1,92 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        module Orders
+          class ItemsController < BaseController
+            scoped_resource :orders
+            # POST /api/v3/admin/orders/:order_id/items
+            def create
+              with_order_lock do
+                result = Spree.cart_add_item_service.call(
+                  order: @parent,
+                  variant: variant,
+                  quantity: permitted_params[:quantity] || 1,
+                  options: permitted_params[:options] || {}
+                )
+                if result.success?
+                  render json: serialize_resource(result.value), status: :created
+                else
+                  render_service_error(result.error, code: ERROR_CODES[:insufficient_stock])
+                end
+              end
+            end
+            # PATCH /api/v3/admin/orders/:order_id/items/:id
+            def update
+              with_order_lock do
+                if permitted_params[:quantity].present?
+                  result = Spree.cart_set_item_quantity_service.call(
+                    order: @parent,
+                    line_item: @resource,
+                    quantity: permitted_params[:quantity]
+                  )
+                  if result.success?
+                    render json: serialize_resource(@resource.reload)
+                  else
+                    render_service_error(result.error, code: ERROR_CODES[:invalid_quantity])
+                  end
+                else
+                  if @resource.update(permitted_params.except(:variant_id, :quantity))
+                    render json: serialize_resource(@resource)
+                  else
+                    render_errors(@resource.errors)
+                  end
+                end
+              end
+            end
+            # DELETE /api/v3/admin/orders/:order_id/items/:id
+            def destroy
+              with_order_lock do
+                Spree.cart_remove_line_item_service.call(
+                  order: @parent,
+                  line_item: @resource
+                )
+                head :no_content
+              end
+            end
+            protected
+            def model_class
+              Spree::LineItem
+            end
+            def serializer_class
+              Spree.api.admin_line_item_serializer
+            end
+            def parent_association
+              :line_items
+            end
+            def permitted_params
+              params.permit(:variant_id, :quantity, metadata: {}, options: {})
+            end
+            private
+            def variant
+              @variant ||= current_store.variants.find_by_prefix_id!(permitted_params[:variant_id])
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v3/admin/orders/payments_controller.rb ADDED Viewed

@@ -0,0 +1,90 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        module Orders
+          class PaymentsController < BaseController
+            scoped_resource :payments
+            before_action :set_resource, only: [:show, :capture, :void]
+            # POST /api/v3/admin/orders/:order_id/payments
+            #
+            # Supports off-session admin charges by passing `source_id` referencing a
+            # saved payment source (e.g. a Spree::CreditCard owned by the order's customer).
+            # The source must belong to the customer assigned to the order.
+            def create
+              with_order_lock do
+                payment_method = Spree::PaymentMethod.find_by_prefix_id!(params[:payment_method_id])
+                @resource = @parent.payments.build(
+                  amount: params[:amount] || @parent.order_total_after_store_credit,
+                  payment_method: payment_method
+                )
+                if params[:source_id].present? && payment_method.source_required?
+                  @resource.source = find_source!(payment_method, params[:source_id])
+                end
+                authorize_resource!(@resource, :create)
+                if @resource.save
+                  render json: serialize_resource(@resource), status: :created
+                else
+                  render_validation_error(@resource.errors)
+                end
+              end
+            end
+            # PATCH /api/v3/admin/orders/:order_id/payments/:id/capture
+            def capture
+              with_order_lock do
+                amount = params[:amount] ? (params[:amount].to_f * 100).round : nil
+                @resource.capture!(amount)
+                render json: serialize_resource(@resource.reload)
+              rescue Spree::Core::GatewayError => e
+                render_service_error(e.message)
+              end
+            end
+            # PATCH /api/v3/admin/orders/:order_id/payments/:id/void
+            def void
+              with_order_lock do
+                @resource.void_transaction!
+                render json: serialize_resource(@resource.reload)
+              rescue Spree::Core::GatewayError => e
+                render_service_error(e.message)
+              end
+            end
+            protected
+            def model_class
+              Spree::Payment
+            end
+            def serializer_class
+              Spree.api.admin_payment_serializer
+            end
+            def parent_association
+              :payments
+            end
+            def permitted_params
+              params.permit(:amount, :payment_method_id, :source_id)
+            end
+            # Saved-source charges require an order customer — sources are scoped
+            # to that customer to prevent attaching customer A's card to
+            # customer B's order. Refuse if no customer is assigned.
+            def find_source!(payment_method, source_id)
+              raise ActiveRecord::RecordNotFound unless @parent.user
+              @parent.user.credit_cards.find_by_prefix_id!(source_id)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v3/admin/orders/refunds_controller.rb ADDED Viewed

@@ -0,0 +1,53 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        module Orders
+          class RefundsController < BaseController
+            scoped_resource :refunds
+            # POST /api/v3/admin/orders/:order_id/refunds
+            def create
+              with_order_lock do
+                payment = @parent.payments.find_by_prefix_id!(params[:payment_id])
+                reason = Spree::RefundReason.find_by_prefix_id!(params[:refund_reason_id]) if params[:refund_reason_id].present?
+                reason ||= Spree::RefundReason.first
+                @resource = payment.refunds.build(
+                  amount: params[:amount],
+                  reason: reason,
+                  transaction_id: nil
+                )
+                authorize_resource!(@resource, :create)
+                if @resource.save
+                  render json: serialize_resource(@resource), status: :created
+                else
+                  render_validation_error(@resource.errors)
+                end
+              end
+            end
+            protected
+            def model_class
+              Spree::Refund
+            end
+            def serializer_class
+              Spree.api.admin_refund_serializer
+            end
+            def scope
+              Spree::Refund.where(payment_id: @parent.payment_ids)
+            end
+            def collection_includes
+              [:payment, :reason]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v3/admin/orders/store_credits_controller.rb ADDED Viewed

@@ -0,0 +1,59 @@
+module Spree
+  module Api
+    module V3
+      module Admin
+        module Orders
+          class StoreCreditsController < BaseController
+            scoped_resource :store_credits
+            skip_before_action :set_resource, raise: false
+            # POST /api/v3/admin/orders/:order_id/store_credits
+            #
+            # Body: { amount: Number (optional) }
+            #
+            # When `amount` is omitted, applies the customer's available store
+            # credit up to the order total.
+            def create
+              with_order_lock do
+                result = Spree.checkout_add_store_credit_service.call(
+                  order: @parent,
+                  amount: params[:amount].try(:to_f)
+                )
+                if result.success?
+                  render json: serialize_resource(result.value), status: :created
+                else
+                  render_service_error(result.error)
+                end
+              end
+            end
+            # DELETE /api/v3/admin/orders/:order_id/store_credits
+            def destroy
+              with_order_lock do
+                result = Spree.checkout_remove_store_credit_service.call(order: @parent)
+                if result.success?
+                  head :no_content
+                else
+                  render_service_error(result.error)
+                end
+              end
+            end
+            protected
+            def model_class
+              Spree::Order
+            end
+            def serializer_class
+              Spree.api.admin_order_serializer
+            end
+          end
+        end
+      end
+    end
+  end
+end