spree_api_v1 4.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (158) hide show
  1. checksums.yaml +7 -0
  2. data/.circleci/config.yml +189 -0
  3. data/.gitignore +23 -0
  4. data/.rspec +3 -0
  5. data/.rubocop.yml +24 -0
  6. data/CHANGELOG.md +3 -0
  7. data/CODE_OF_CONDUCT.md +22 -0
  8. data/Gemfile +59 -0
  9. data/LICENSE +26 -0
  10. data/README.md +62 -0
  11. data/Rakefile +15 -0
  12. data/app/controllers/spree/api/v1/addresses_controller.rb +46 -0
  13. data/app/controllers/spree/api/v1/base_controller.rb +174 -0
  14. data/app/controllers/spree/api/v1/checkouts_controller.rb +106 -0
  15. data/app/controllers/spree/api/v1/classifications_controller.rb +21 -0
  16. data/app/controllers/spree/api/v1/countries_controller.rb +22 -0
  17. data/app/controllers/spree/api/v1/credit_cards_controller.rb +26 -0
  18. data/app/controllers/spree/api/v1/customer_returns_controller.rb +25 -0
  19. data/app/controllers/spree/api/v1/images_controller.rb +58 -0
  20. data/app/controllers/spree/api/v1/inventory_units_controller.rb +54 -0
  21. data/app/controllers/spree/api/v1/line_items_controller.rb +70 -0
  22. data/app/controllers/spree/api/v1/option_types_controller.rb +60 -0
  23. data/app/controllers/spree/api/v1/option_values_controller.rb +62 -0
  24. data/app/controllers/spree/api/v1/orders_controller.rb +160 -0
  25. data/app/controllers/spree/api/v1/payments_controller.rb +82 -0
  26. data/app/controllers/spree/api/v1/product_properties_controller.rb +73 -0
  27. data/app/controllers/spree/api/v1/products_controller.rb +131 -0
  28. data/app/controllers/spree/api/v1/promotions_controller.rb +30 -0
  29. data/app/controllers/spree/api/v1/properties_controller.rb +70 -0
  30. data/app/controllers/spree/api/v1/reimbursements_controller.rb +25 -0
  31. data/app/controllers/spree/api/v1/return_authorizations_controller.rb +70 -0
  32. data/app/controllers/spree/api/v1/shipments_controller.rb +196 -0
  33. data/app/controllers/spree/api/v1/states_controller.rb +36 -0
  34. data/app/controllers/spree/api/v1/stock_items_controller.rb +82 -0
  35. data/app/controllers/spree/api/v1/stock_locations_controller.rb +53 -0
  36. data/app/controllers/spree/api/v1/stock_movements_controller.rb +45 -0
  37. data/app/controllers/spree/api/v1/stores_controller.rb +56 -0
  38. data/app/controllers/spree/api/v1/taxonomies_controller.rb +67 -0
  39. data/app/controllers/spree/api/v1/taxons_controller.rb +100 -0
  40. data/app/controllers/spree/api/v1/users_controller.rb +97 -0
  41. data/app/controllers/spree/api/v1/variants_controller.rb +81 -0
  42. data/app/controllers/spree/api/v1/zones_controller.rb +55 -0
  43. data/app/helpers/spree/api/api_helpers.rb +190 -0
  44. data/app/models/spree/api_v1_configuration.rb +5 -0
  45. data/app/views/spree/api/errors/gateway_error.rabl +2 -0
  46. data/app/views/spree/api/errors/invalid_api_key.rabl +2 -0
  47. data/app/views/spree/api/errors/invalid_resource.rabl +3 -0
  48. data/app/views/spree/api/errors/must_specify_api_key.rabl +2 -0
  49. data/app/views/spree/api/errors/not_found.rabl +2 -0
  50. data/app/views/spree/api/errors/unauthorized.rabl +2 -0
  51. data/app/views/spree/api/v1/addresses/show.rabl +10 -0
  52. data/app/views/spree/api/v1/adjustments/show.rabl +4 -0
  53. data/app/views/spree/api/v1/countries/index.rabl +7 -0
  54. data/app/views/spree/api/v1/countries/show.rabl +5 -0
  55. data/app/views/spree/api/v1/credit_cards/index.rabl +7 -0
  56. data/app/views/spree/api/v1/credit_cards/show.rabl +3 -0
  57. data/app/views/spree/api/v1/customer_returns/index.rabl +7 -0
  58. data/app/views/spree/api/v1/images/index.rabl +4 -0
  59. data/app/views/spree/api/v1/images/new.rabl +3 -0
  60. data/app/views/spree/api/v1/images/show.rabl +6 -0
  61. data/app/views/spree/api/v1/inventory_units/show.rabl +2 -0
  62. data/app/views/spree/api/v1/line_items/new.rabl +3 -0
  63. data/app/views/spree/api/v1/line_items/show.rabl +14 -0
  64. data/app/views/spree/api/v1/option_types/index.rabl +3 -0
  65. data/app/views/spree/api/v1/option_types/new.rabl +3 -0
  66. data/app/views/spree/api/v1/option_types/show.rabl +5 -0
  67. data/app/views/spree/api/v1/option_values/index.rabl +3 -0
  68. data/app/views/spree/api/v1/option_values/new.rabl +3 -0
  69. data/app/views/spree/api/v1/option_values/show.rabl +2 -0
  70. data/app/views/spree/api/v1/orders/address.rabl +0 -0
  71. data/app/views/spree/api/v1/orders/canceled.rabl +0 -0
  72. data/app/views/spree/api/v1/orders/cart.rabl +0 -0
  73. data/app/views/spree/api/v1/orders/complete.rabl +0 -0
  74. data/app/views/spree/api/v1/orders/could_not_apply_coupon.rabl +2 -0
  75. data/app/views/spree/api/v1/orders/could_not_transition.rabl +3 -0
  76. data/app/views/spree/api/v1/orders/index.rabl +7 -0
  77. data/app/views/spree/api/v1/orders/insufficient_quantity.rabl +2 -0
  78. data/app/views/spree/api/v1/orders/invalid_shipping_method.rabl +2 -0
  79. data/app/views/spree/api/v1/orders/mine.rabl +9 -0
  80. data/app/views/spree/api/v1/orders/order.rabl +10 -0
  81. data/app/views/spree/api/v1/orders/payment.rabl +3 -0
  82. data/app/views/spree/api/v1/orders/show.rabl +51 -0
  83. data/app/views/spree/api/v1/payments/credit_over_limit.rabl +2 -0
  84. data/app/views/spree/api/v1/payments/index.rabl +7 -0
  85. data/app/views/spree/api/v1/payments/new.rabl +5 -0
  86. data/app/views/spree/api/v1/payments/show.rabl +2 -0
  87. data/app/views/spree/api/v1/payments/update_forbidden.rabl +2 -0
  88. data/app/views/spree/api/v1/product_properties/index.rabl +7 -0
  89. data/app/views/spree/api/v1/product_properties/new.rabl +2 -0
  90. data/app/views/spree/api/v1/product_properties/show.rabl +2 -0
  91. data/app/views/spree/api/v1/products/index.rabl +9 -0
  92. data/app/views/spree/api/v1/products/new.rabl +3 -0
  93. data/app/views/spree/api/v1/products/product.rabl +1 -0
  94. data/app/views/spree/api/v1/products/show.rabl +36 -0
  95. data/app/views/spree/api/v1/promotions/handler.rabl +5 -0
  96. data/app/views/spree/api/v1/promotions/show.rabl +2 -0
  97. data/app/views/spree/api/v1/properties/index.rabl +7 -0
  98. data/app/views/spree/api/v1/properties/new.rabl +2 -0
  99. data/app/views/spree/api/v1/properties/show.rabl +2 -0
  100. data/app/views/spree/api/v1/reimbursements/index.rabl +7 -0
  101. data/app/views/spree/api/v1/return_authorizations/index.rabl +7 -0
  102. data/app/views/spree/api/v1/return_authorizations/new.rabl +3 -0
  103. data/app/views/spree/api/v1/return_authorizations/show.rabl +2 -0
  104. data/app/views/spree/api/v1/shared/stock_location_required.rabl +2 -0
  105. data/app/views/spree/api/v1/shipments/big.rabl +48 -0
  106. data/app/views/spree/api/v1/shipments/cannot_ready_shipment.rabl +2 -0
  107. data/app/views/spree/api/v1/shipments/mine.rabl +9 -0
  108. data/app/views/spree/api/v1/shipments/show.rabl +32 -0
  109. data/app/views/spree/api/v1/shipments/small.rabl +37 -0
  110. data/app/views/spree/api/v1/shipping_rates/show.rabl +2 -0
  111. data/app/views/spree/api/v1/states/index.rabl +12 -0
  112. data/app/views/spree/api/v1/states/show.rabl +2 -0
  113. data/app/views/spree/api/v1/stock_items/index.rabl +7 -0
  114. data/app/views/spree/api/v1/stock_items/show.rabl +5 -0
  115. data/app/views/spree/api/v1/stock_locations/index.rabl +7 -0
  116. data/app/views/spree/api/v1/stock_locations/show.rabl +8 -0
  117. data/app/views/spree/api/v1/stock_movements/index.rabl +7 -0
  118. data/app/views/spree/api/v1/stock_movements/show.rabl +5 -0
  119. data/app/views/spree/api/v1/stores/index.rabl +4 -0
  120. data/app/views/spree/api/v1/stores/show.rabl +2 -0
  121. data/app/views/spree/api/v1/tags/index.rabl +9 -0
  122. data/app/views/spree/api/v1/taxonomies/index.rabl +7 -0
  123. data/app/views/spree/api/v1/taxonomies/jstree.rabl +7 -0
  124. data/app/views/spree/api/v1/taxonomies/nested.rabl +11 -0
  125. data/app/views/spree/api/v1/taxonomies/new.rabl +3 -0
  126. data/app/views/spree/api/v1/taxonomies/show.rabl +15 -0
  127. data/app/views/spree/api/v1/taxons/index.rabl +10 -0
  128. data/app/views/spree/api/v1/taxons/jstree.rabl +7 -0
  129. data/app/views/spree/api/v1/taxons/new.rabl +3 -0
  130. data/app/views/spree/api/v1/taxons/show.rabl +6 -0
  131. data/app/views/spree/api/v1/taxons/taxons.rabl +5 -0
  132. data/app/views/spree/api/v1/users/index.rabl +7 -0
  133. data/app/views/spree/api/v1/users/new.rabl +3 -0
  134. data/app/views/spree/api/v1/users/show.rabl +11 -0
  135. data/app/views/spree/api/v1/variants/big.rabl +14 -0
  136. data/app/views/spree/api/v1/variants/index.rabl +9 -0
  137. data/app/views/spree/api/v1/variants/new.rabl +2 -0
  138. data/app/views/spree/api/v1/variants/show.rabl +3 -0
  139. data/app/views/spree/api/v1/variants/small.rabl +18 -0
  140. data/app/views/spree/api/v1/zones/index.rabl +7 -0
  141. data/app/views/spree/api/v1/zones/show.rabl +6 -0
  142. data/config/initializers/rabl.rb +9 -0
  143. data/config/routes.rb +123 -0
  144. data/lib/spree/api_v1/controller_setup.rb +19 -0
  145. data/lib/spree/api_v1/engine.rb +27 -0
  146. data/lib/spree/api_v1/factories.rb +6 -0
  147. data/lib/spree/api_v1/responders/rabl_template.rb +28 -0
  148. data/lib/spree/api_v1/responders.rb +11 -0
  149. data/lib/spree/api_v1/testing_support/helpers.rb +44 -0
  150. data/lib/spree/api_v1/testing_support/setup.rb +16 -0
  151. data/lib/spree/api_v1/version.rb +9 -0
  152. data/lib/spree/api_v1.rb +9 -0
  153. data/lib/spree_api_v1.rb +3 -0
  154. data/script/rails +9 -0
  155. data/spec/fixtures/files/icon_256x256.jpg +0 -0
  156. data/spec/fixtures/thinking-cat.jpg +0 -0
  157. data/spree_api_v1.gemspec +26 -0
  158. metadata +261 -0
@@ -0,0 +1,106 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class CheckoutsController < Spree::Api::V1::BaseController
5
+ before_action :load_order_with_lock, only: [:next, :advance, :update]
6
+
7
+ def next
8
+ authorize! :update, @order, order_token
9
+ @order.next!
10
+ respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
11
+ rescue StateMachines::InvalidTransition
12
+ respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
13
+ end
14
+
15
+ def advance
16
+ authorize! :update, @order, order_token
17
+ while @order.next; end
18
+ respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
19
+ end
20
+
21
+ def update
22
+ authorize! :update, @order, order_token
23
+
24
+ if @order.update_from_params(params, permitted_checkout_attributes, request.headers.env)
25
+ if current_api_user.has_spree_role?('admin') && user_id.present?
26
+ @order.associate_user!(Spree.user_class.find(user_id))
27
+ end
28
+
29
+ log_state_changes if params[:state]
30
+
31
+ return if after_update_attributes
32
+
33
+ if @order.completed? || @order.next
34
+ state_callback(:after)
35
+ respond_with(@order, default_template: 'spree/api/v1/orders/show')
36
+ else
37
+ respond_with(@order, default_template: 'spree/api/v1/orders/could_not_transition', status: 422)
38
+ end
39
+ else
40
+ invalid_resource!(@order)
41
+ end
42
+ end
43
+
44
+ private
45
+
46
+ def user_id
47
+ params[:order][:user_id] if params[:order]
48
+ end
49
+
50
+ # Should be overridden if you have areas of your checkout that don't match
51
+ # up to a step within checkout_steps, such as a registration step
52
+ def skip_state_validation?
53
+ false
54
+ end
55
+
56
+ def load_order(lock = false)
57
+ @order = Spree::Order.lock(lock).find_by!(number: params[:id])
58
+ raise_insufficient_quantity and return if @order.insufficient_stock_lines.present?
59
+ @order.state = params[:state] if params[:state]
60
+ state_callback(:before)
61
+ end
62
+
63
+ def load_order_with_lock
64
+ load_order(true)
65
+ end
66
+
67
+ def raise_insufficient_quantity
68
+ respond_with(@order, default_template: 'spree/api/v1/orders/insufficient_quantity', status: 422)
69
+ end
70
+
71
+ def state_callback(before_or_after = :before)
72
+ method_name = :"#{before_or_after}_#{@order.state}"
73
+ send(method_name) if respond_to?(method_name, true)
74
+ end
75
+
76
+ def after_update_attributes
77
+ if params[:order] && params[:order][:coupon_code].present?
78
+ handler = PromotionHandler::Coupon.new(@order)
79
+ handler.apply
80
+
81
+ if handler.error.present?
82
+ @coupon_message = handler.error
83
+ respond_with(@order, default_template: 'spree/api/v1/orders/could_not_apply_coupon', status: 422)
84
+ return true
85
+ end
86
+ end
87
+ false
88
+ end
89
+
90
+ def log_state_changes
91
+ if @order.previous_changes[:state]
92
+ @order.log_state_changes(
93
+ state_name: 'order',
94
+ old_state: @order.previous_changes[:state].first,
95
+ new_state: @order.previous_changes[:state].last
96
+ )
97
+ end
98
+ end
99
+
100
+ def order_id
101
+ super || params[:id]
102
+ end
103
+ end
104
+ end
105
+ end
106
+ end
@@ -0,0 +1,21 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class ClassificationsController < Spree::Api::V1::BaseController
5
+ def update
6
+ authorize! :update, Product
7
+ authorize! :update, Taxon
8
+ classification = Spree::Classification.find_by(
9
+ product_id: params[:product_id],
10
+ taxon_id: params[:taxon_id]
11
+ )
12
+ Spree::Dependencies.classification_reposition_service.constantize.call(
13
+ classification: classification,
14
+ position: params[:position]
15
+ )
16
+ head :ok
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,22 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class CountriesController < Spree::Api::V1::BaseController
5
+ skip_before_action :authenticate_user
6
+
7
+ def index
8
+ @countries = Country.accessible_by(current_ability).ransack(params[:q]).result.
9
+ order('name ASC').
10
+ page(params[:page]).per(params[:per_page])
11
+ country = Country.order('updated_at ASC').last
12
+ respond_with(@countries) if stale?(country)
13
+ end
14
+
15
+ def show
16
+ @country = Country.accessible_by(current_ability, :show).find(params[:id])
17
+ respond_with(@country)
18
+ end
19
+ end
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,26 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class CreditCardsController < Spree::Api::V1::BaseController
5
+ before_action :user
6
+
7
+ def index
8
+ @credit_cards = user.
9
+ credit_cards.
10
+ accessible_by(current_ability).
11
+ with_payment_profile.
12
+ ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
13
+ respond_with(@credit_cards)
14
+ end
15
+
16
+ private
17
+
18
+ def user
19
+ if params[:user_id].present?
20
+ @user ||= Spree.user_class.accessible_by(current_ability, :show).find(params[:user_id])
21
+ end
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,25 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class CustomerReturnsController < Spree::Api::V1::BaseController
5
+ def index
6
+ collection(Spree::CustomerReturn)
7
+ respond_with(@collection)
8
+ end
9
+
10
+ private
11
+
12
+ def collection(resource)
13
+ return @collection if @collection.present?
14
+
15
+ params[:q] ||= {}
16
+
17
+ @collection = resource.all
18
+ # @search needs to be defined as this is passed to search_form_for
19
+ @search = @collection.ransack(params[:q])
20
+ @collection = @search.result.order(created_at: :desc).page(params[:page]).per(params[:per_page])
21
+ end
22
+ end
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,58 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class ImagesController < Spree::Api::V1::BaseController
5
+ def index
6
+ @images = scope.images.accessible_by(current_ability)
7
+ respond_with(@images)
8
+ end
9
+
10
+ def show
11
+ @image = Image.accessible_by(current_ability, :show).find(params[:id])
12
+ respond_with(@image)
13
+ end
14
+
15
+ def new; end
16
+
17
+ def create
18
+ authorize! :create, Image
19
+ @image = scope.images.new(image_params)
20
+ if @image.save
21
+ respond_with(@image, status: 201, default_template: :show)
22
+ else
23
+ invalid_resource!(@image)
24
+ end
25
+ end
26
+
27
+ def update
28
+ @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
29
+ if @image.update(image_params)
30
+ respond_with(@image, default_template: :show)
31
+ else
32
+ invalid_resource!(@image)
33
+ end
34
+ end
35
+
36
+ def destroy
37
+ @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
38
+ @image.destroy
39
+ respond_with(@image, status: 204)
40
+ end
41
+
42
+ private
43
+
44
+ def image_params
45
+ params.require(:image).permit(permitted_image_attributes)
46
+ end
47
+
48
+ def scope
49
+ if params[:product_id]
50
+ Spree::Product.friendly.find(params[:product_id])
51
+ elsif params[:variant_id]
52
+ Spree::Variant.find(params[:variant_id])
53
+ end
54
+ end
55
+ end
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,54 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class InventoryUnitsController < Spree::Api::V1::BaseController
5
+ before_action :prepare_event, only: :update
6
+
7
+ def show
8
+ @inventory_unit = inventory_unit
9
+ respond_with(@inventory_unit)
10
+ end
11
+
12
+ def update
13
+ authorize! :update, inventory_unit.order
14
+
15
+ inventory_unit.transaction do
16
+ if inventory_unit.update(inventory_unit_params)
17
+ fire
18
+ render :show, status: 200
19
+ else
20
+ invalid_resource!(inventory_unit)
21
+ end
22
+ end
23
+ end
24
+
25
+ private
26
+
27
+ def inventory_unit
28
+ @inventory_unit ||= InventoryUnit.accessible_by(current_ability, :show).find(params[:id])
29
+ end
30
+
31
+ def prepare_event
32
+ return unless @event = params[:fire]
33
+
34
+ can_event = "can_#{@event}?"
35
+
36
+ unless inventory_unit.respond_to?(can_event) &&
37
+ inventory_unit.send(can_event)
38
+ render plain: { exception: "cannot transition to #{@event}" }.to_json,
39
+ status: 200
40
+ false
41
+ end
42
+ end
43
+
44
+ def fire
45
+ inventory_unit.send("#{@event}!") if @event
46
+ end
47
+
48
+ def inventory_unit_params
49
+ params.require(:inventory_unit).permit(permitted_inventory_unit_attributes)
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
@@ -0,0 +1,70 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class LineItemsController < Spree::Api::V1::BaseController
5
+ class_attribute :line_item_options
6
+
7
+ self.line_item_options = []
8
+
9
+ def new; end
10
+
11
+ def create
12
+ variant = Spree::Variant.find(params[:line_item][:variant_id])
13
+
14
+ @line_item = Spree::Dependencies.cart_add_item_service.constantize.call(order: order,
15
+ variant: variant,
16
+ quantity: params[:line_item][:quantity],
17
+ options: line_item_params[:options]).value
18
+ if @line_item.errors.empty?
19
+ respond_with(@line_item, status: 201, default_template: :show)
20
+ else
21
+ invalid_resource!(@line_item)
22
+ end
23
+ end
24
+
25
+ def update
26
+ @line_item = find_line_item
27
+
28
+ if Spree::Dependencies.cart_update_service.constantize.call(order: @order, params: line_items_attributes).success?
29
+ @line_item.reload
30
+ respond_with(@line_item, default_template: :show)
31
+ else
32
+ invalid_resource!(@line_item)
33
+ end
34
+ end
35
+
36
+ def destroy
37
+ @line_item = find_line_item
38
+ Spree::Dependencies.cart_remove_line_item_service.constantize.call(order: @order, line_item: @line_item)
39
+
40
+ respond_with(@line_item, status: 204)
41
+ end
42
+
43
+ private
44
+
45
+ def order
46
+ @order ||= Spree::Order.includes(:line_items).find_by!(number: order_id)
47
+ authorize! :update, @order, order_token
48
+ end
49
+
50
+ def find_line_item
51
+ id = params[:id].to_i
52
+ order.line_items.detect { |line_item| line_item.id == id } or
53
+ raise ActiveRecord::RecordNotFound
54
+ end
55
+
56
+ def line_items_attributes
57
+ { line_items_attributes: {
58
+ id: params[:id],
59
+ quantity: params[:line_item][:quantity],
60
+ options: line_item_params[:options] || {}
61
+ } }
62
+ end
63
+
64
+ def line_item_params
65
+ params.require(:line_item).permit(:quantity, :variant_id, options: line_item_options)
66
+ end
67
+ end
68
+ end
69
+ end
70
+ end
@@ -0,0 +1,60 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class OptionTypesController < Spree::Api::V1::BaseController
5
+ def index
6
+ @option_types = if params[:ids]
7
+ Spree::OptionType.
8
+ includes(:option_values).
9
+ accessible_by(current_ability).
10
+ where(id: params[:ids].split(','))
11
+ else
12
+ Spree::OptionType.
13
+ includes(:option_values).
14
+ accessible_by(current_ability).
15
+ load.ransack(params[:q]).result
16
+ end
17
+ respond_with(@option_types)
18
+ end
19
+
20
+ def show
21
+ @option_type = Spree::OptionType.accessible_by(current_ability, :show).find(params[:id])
22
+ respond_with(@option_type)
23
+ end
24
+
25
+ def new; end
26
+
27
+ def create
28
+ authorize! :create, Spree::OptionType
29
+ @option_type = Spree::OptionType.new(option_type_params)
30
+ if @option_type.save
31
+ render :show, status: 201
32
+ else
33
+ invalid_resource!(@option_type)
34
+ end
35
+ end
36
+
37
+ def update
38
+ @option_type = Spree::OptionType.accessible_by(current_ability, :update).find(params[:id])
39
+ if @option_type.update(option_type_params)
40
+ render :show
41
+ else
42
+ invalid_resource!(@option_type)
43
+ end
44
+ end
45
+
46
+ def destroy
47
+ @option_type = Spree::OptionType.accessible_by(current_ability, :destroy).find(params[:id])
48
+ @option_type.destroy
49
+ render plain: nil, status: 204
50
+ end
51
+
52
+ private
53
+
54
+ def option_type_params
55
+ params.require(:option_type).permit(permitted_option_type_attributes)
56
+ end
57
+ end
58
+ end
59
+ end
60
+ end
@@ -0,0 +1,62 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class OptionValuesController < Spree::Api::V1::BaseController
5
+ def index
6
+ @option_values = if params[:ids]
7
+ scope.where(id: params[:ids])
8
+ else
9
+ scope.ransack(params[:q]).result.distinct
10
+ end
11
+ respond_with(@option_values)
12
+ end
13
+
14
+ def show
15
+ @option_value = scope.find(params[:id])
16
+ respond_with(@option_value)
17
+ end
18
+
19
+ def new; end
20
+
21
+ def create
22
+ authorize! :create, Spree::OptionValue
23
+ @option_value = scope.new(option_value_params)
24
+ if @option_value.save
25
+ render :show, status: 201
26
+ else
27
+ invalid_resource!(@option_value)
28
+ end
29
+ end
30
+
31
+ def update
32
+ @option_value = scope.accessible_by(current_ability, :update).find(params[:id])
33
+ if @option_value.update(option_value_params)
34
+ render :show
35
+ else
36
+ invalid_resource!(@option_value)
37
+ end
38
+ end
39
+
40
+ def destroy
41
+ @option_value = scope.accessible_by(current_ability, :destroy).find(params[:id])
42
+ @option_value.destroy
43
+ render plain: nil, status: 204
44
+ end
45
+
46
+ private
47
+
48
+ def scope
49
+ @scope ||= if params[:option_type_id]
50
+ Spree::OptionType.find(params[:option_type_id]).option_values.accessible_by(current_ability, :show)
51
+ else
52
+ Spree::OptionValue.accessible_by(current_ability, :show).load
53
+ end
54
+ end
55
+
56
+ def option_value_params
57
+ params.require(:option_value).permit(permitted_option_value_attributes)
58
+ end
59
+ end
60
+ end
61
+ end
62
+ end
@@ -0,0 +1,160 @@
1
+ module Spree
2
+ module Api
3
+ module V1
4
+ class OrdersController < Spree::Api::V1::BaseController
5
+ skip_before_action :authenticate_user, only: :apply_coupon_code
6
+
7
+ before_action :find_order, except: [:create, :mine, :current, :index, :update, :remove_coupon_code]
8
+
9
+ # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
10
+ Order.checkout_steps.keys.each do |step|
11
+ define_method step do
12
+ find_order
13
+ authorize! :update, @order, params[:token]
14
+ end
15
+ end
16
+
17
+ def cancel
18
+ authorize! :update, @order, params[:token]
19
+ @order.canceled_by(current_api_user)
20
+ respond_with(@order, default_template: :show)
21
+ end
22
+
23
+ def approve
24
+ authorize! :approve, @order, params[:token]
25
+ @order.approved_by(current_api_user)
26
+ respond_with(@order, default_template: :show)
27
+ end
28
+
29
+ def create
30
+ authorize! :create, Spree::Order
31
+ if can?(:admin, Spree::Order)
32
+ order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
33
+ Spree.user_class.find(order_params[:user_id])
34
+ else
35
+ current_api_user
36
+ end
37
+
38
+ import_params = if @current_user_roles.include?('admin')
39
+ params[:order].present? ? params[:order].permit! : {}
40
+ else
41
+ order_params
42
+ end
43
+
44
+ @order = Spree::Core::Importer::Order.import(order_user, import_params)
45
+
46
+ respond_with(@order, default_template: :show, status: 201)
47
+ else
48
+ @order = Spree::Order.create!(user: current_api_user, store: current_store)
49
+ if Cart::Update.call(order: @order, params: order_params).success?
50
+ respond_with(@order, default_template: :show, status: 201)
51
+ else
52
+ invalid_resource!(@order)
53
+ end
54
+ end
55
+ end
56
+
57
+ def empty
58
+ authorize! :update, @order, order_token
59
+ cart_empty_service.call(order: @order)
60
+ render plain: nil, status: 204
61
+ end
62
+
63
+ def index
64
+ authorize! :index, Order
65
+ @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
66
+ respond_with(@orders)
67
+ end
68
+
69
+ def show
70
+ authorize! :show, @order, order_token
71
+ respond_with(@order)
72
+ end
73
+
74
+ def update
75
+ find_order(true)
76
+ authorize! :update, @order, order_token
77
+
78
+ if Cart::Update.call(order: @order, params: order_params).success?
79
+ user_id = params[:order][:user_id]
80
+ if current_api_user.has_spree_role?('admin') && user_id
81
+ @order.associate_user!(Spree.user_class.find(user_id))
82
+ end
83
+ respond_with(@order, default_template: :show)
84
+ else
85
+ invalid_resource!(@order)
86
+ end
87
+ end
88
+
89
+ def current
90
+ @order = find_current_order
91
+ if @order
92
+ respond_with(@order, default_template: :show, locals: { root_object: @order })
93
+ else
94
+ head :no_content
95
+ end
96
+ end
97
+
98
+ def mine
99
+ if current_api_user.persisted?
100
+ @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
101
+ else
102
+ render 'spree/api/errors/unauthorized', status: :unauthorized
103
+ end
104
+ end
105
+
106
+ def apply_coupon_code
107
+ find_order
108
+ authorize! :update, @order, order_token
109
+ @order.coupon_code = params[:coupon_code]
110
+ @handler = PromotionHandler::Coupon.new(@order).apply
111
+ status = @handler.successful? ? 200 : 422
112
+ render 'spree/api/v1/promotions/handler', status: status
113
+ end
114
+
115
+ def remove_coupon_code
116
+ find_order(true)
117
+ authorize! :update, @order, order_token
118
+ @handler = Spree::PromotionHandler::Coupon.new(@order).remove(params[:coupon_code])
119
+ status = @handler.successful? ? 200 : 404
120
+ render 'spree/api/v1/promotions/handler', status: status
121
+ end
122
+
123
+ private
124
+
125
+ def order_params
126
+ if params[:order]
127
+ normalize_params
128
+ params.require(:order).permit(permitted_order_attributes)
129
+ else
130
+ {}
131
+ end
132
+ end
133
+
134
+ def normalize_params
135
+ params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
136
+ params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
137
+ params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
138
+ params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address]
139
+ params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address]
140
+ end
141
+
142
+ def find_order(lock = false)
143
+ @order = Spree::Order.lock(lock).find_by!(number: params[:id])
144
+ end
145
+
146
+ def find_current_order
147
+ current_api_user ? current_api_user.orders.incomplete.order(:created_at).last : nil
148
+ end
149
+
150
+ def order_id
151
+ super || params[:id]
152
+ end
153
+
154
+ def cart_empty_service
155
+ Spree::Dependencies.cart_empty_service.constantize
156
+ end
157
+ end
158
+ end
159
+ end
160
+ end