spree_api_v1 4.5.0

data/app/controllers/spree/api/v1/payments_controller.rb

@@ -0,0 +1,82 @@
+module Spree
+  module Api
+    module V1
+      class PaymentsController < Spree::Api::V1::BaseController
+        before_action :find_order
+        before_action :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void]
+
+        def index
+          @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          respond_with(@payments)
+        end
+
+        def new
+          @payment_methods = Spree::PaymentMethod.available
+          respond_with(@payment_methods)
+        end
+
+        def create
+          @order.validate_payments_attributes([payment_params])
+          @payment = @order.payments.build(payment_params)
+          if @payment.save
+            respond_with(@payment, status: 201, default_template: :show)
+          else
+            invalid_resource!(@payment)
+          end
+        end
+
+        def update
+          authorize! params[:action], @payment
+          if !@payment.editable?
+            render 'update_forbidden', status: 403
+          elsif @payment.update(payment_params)
+            respond_with(@payment, default_template: :show)
+          else
+            invalid_resource!(@payment)
+          end
+        end
+
+        def show
+          respond_with(@payment)
+        end
+
+        def authorize
+          perform_payment_action(:authorize)
+        end
+
+        def capture
+          perform_payment_action(:capture)
+        end
+
+        def purchase
+          perform_payment_action(:purchase)
+        end
+
+        def void
+          perform_payment_action(:void_transaction)
+        end
+
+        private
+
+        def find_order
+          @order = Spree::Order.find_by!(number: order_id)
+          authorize! :show, @order, order_token
+        end
+
+        def find_payment
+          @payment = @order.payments.find_by!(number: params[:id])
+        end
+
+        def perform_payment_action(action, *args)
+          authorize! action, Payment
+          @payment.send("#{action}!", *args)
+          respond_with(@payment, default_template: :show)
+        end
+
+        def payment_params
+          params.require(:payment).permit(permitted_payment_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/product_properties_controller.rb

@@ -0,0 +1,73 @@
+module Spree
+  module Api
+    module V1
+      class ProductPropertiesController < Spree::Api::V1::BaseController
+        before_action :find_product, :authorize_product!
+        before_action :product_property, only: [:show, :update, :destroy]
+
+        def index
+          @product_properties = @product.product_properties.accessible_by(current_ability).
+                                ransack(params[:q]).result.
+                                page(params[:page]).per(params[:per_page])
+          respond_with(@product_properties)
+        end
+
+        def show
+          respond_with(@product_property)
+        end
+
+        def new; end
+
+        def create
+          authorize! :create, ProductProperty
+          @product_property = @product.product_properties.new(product_property_params)
+          if @product_property.save
+            respond_with(@product_property, status: 201, default_template: :show)
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+
+        def update
+          authorize! :update, @product_property
+
+          if @product_property.update(product_property_params)
+            respond_with(@product_property, status: 200, default_template: :show)
+          else
+            invalid_resource!(@product_property)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, @product_property
+          @product_property.destroy
+          respond_with(@product_property, status: 204)
+        end
+
+        private
+
+        def find_product
+          super(params[:product_id])
+        end
+
+        def authorize_product!
+          authorize! :show, @product
+        end
+
+        def product_property
+          if @product
+            @product_property ||= @product.product_properties.find_by(id: params[:id])
+            @product_property ||= @product.product_properties.includes(:property).where(spree_properties: { name: params[:id] }).first
+            raise ActiveRecord::RecordNotFound unless @product_property
+
+            authorize! :show, @product_property
+          end
+        end
+
+        def product_property_params
+          params.require(:product_property).permit(permitted_product_properties_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/products_controller.rb

@@ -0,0 +1,131 @@
+module Spree
+  module Api
+    module V1
+      class ProductsController < Spree::Api::V1::BaseController
+        before_action :find_product, only: [:update, :show, :destroy]
+
+        def index
+          @products = if params[:ids]
+                        product_scope.where(id: params[:ids].split(',').flatten)
+                      else
+                        product_scope.ransack(params[:q]).result
+                      end
+
+          @products = @products.distinct.page(params[:page]).per(params[:per_page])
+          expires_in 15.minutes, public: true
+          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
+          respond_with(@products)
+        end
+
+        def show
+          expires_in 15.minutes, public: true
+          headers['Surrogate-Control'] = "max-age=#{15.minutes}"
+          headers['Surrogate-Key'] = 'product_id=1'
+          respond_with(@product)
+        end
+
+        # Takes besides the products attributes either an array of variants or
+        # an array of option types.
+        #
+        # By submitting an array of variants the option types will be created
+        # using the *name* key in options hash. e.g
+        #
+        #   product: {
+        #     ...
+        #     variants: {
+        #       price: 19.99,
+        #       sku: "hey_you",
+        #       options: [
+        #         { name: "size", value: "small" },
+        #         { name: "color", value: "black" }
+        #       ]
+        #     }
+        #   }
+        #
+        # Or just pass in the option types hash:
+        #
+        #   product: {
+        #     ...
+        #     option_types: ['size', 'color']
+        #   }
+        #
+        # By passing the shipping category name you can fetch or create that
+        # shipping category on the fly. e.g.
+        #
+        #   product: {
+        #     ...
+        #     shipping_category: "Free Shipping Items"
+        #   }
+        #
+        def new; end
+
+        def create
+          authorize! :create, Product
+          params[:product][:available_on] ||= Time.current
+          set_up_shipping_category
+
+          options = { store: current_store, variants_attrs: variants_params, options_attrs: option_types_params }
+          @product = Core::Importer::Product.new(nil, product_params, options).create
+
+          if @product.persisted?
+            respond_with(@product, status: 201, default_template: :show)
+          else
+            invalid_resource!(@product)
+          end
+        end
+
+        def update
+          authorize! :update, @product
+
+          options = { store: current_store, variants_attrs: variants_params, options_attrs: option_types_params }
+          @product = Core::Importer::Product.new(@product, product_params, options).update
+
+          if @product.errors.empty?
+            respond_with(@product.reload, status: 200, default_template: :show)
+          else
+            invalid_resource!(@product)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, @product
+          @product.destroy
+          respond_with(@product, status: 204)
+        end
+
+        private
+
+        def product_params
+          params.require(:product).permit(permitted_product_attributes)
+        end
+
+        def variants_params
+          variants_key = if params[:product].key? :variants
+                           :variants
+                         else
+                           :variants_attributes
+                         end
+
+          params.require(:product).permit(
+            variants_key => [permitted_variant_attributes, :id]
+          ).delete(variants_key) || []
+        end
+
+        def option_types_params
+          params[:product].fetch(:option_types, [])
+        end
+
+        def find_product
+          super(params[:id])
+        end
+
+        def set_up_shipping_category
+          if shipping_category = params[:product].delete(:shipping_category)
+            id = ShippingCategory.find_or_create_by(name: shipping_category).id
+            params[:product][:shipping_category_id] = id
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/promotions_controller.rb

@@ -0,0 +1,30 @@
+module Spree
+  module Api
+    module V1
+      class PromotionsController < Spree::Api::V1::BaseController
+        before_action :requires_admin
+        before_action :load_promotion
+
+        def show
+          if @promotion
+            respond_with(@promotion, default_template: :show)
+          else
+            raise ActiveRecord::RecordNotFound
+          end
+        end
+
+        private
+
+        def requires_admin
+          return if @current_user_roles.include?('admin')
+
+          unauthorized and return
+        end
+
+        def load_promotion
+          @promotion = Spree::Promotion.find_by(id: params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/properties_controller.rb

@@ -0,0 +1,70 @@
+module Spree
+  module Api
+    module V1
+      class PropertiesController < Spree::Api::V1::BaseController
+        before_action :find_property, only: [:show, :update, :destroy]
+
+        def index
+          @properties = Spree::Property.accessible_by(current_ability)
+
+          @properties = if params[:ids]
+                          @properties.where(id: params[:ids].split(',').flatten)
+                        else
+                          @properties.ransack(params[:q]).result
+                        end
+
+          @properties = @properties.page(params[:page]).per(params[:per_page])
+          respond_with(@properties)
+        end
+
+        def show
+          respond_with(@property)
+        end
+
+        def new; end
+
+        def create
+          authorize! :create, Property
+          @property = Spree::Property.new(property_params)
+          if @property.save
+            respond_with(@property, status: 201, default_template: :show)
+          else
+            invalid_resource!(@property)
+          end
+        end
+
+        def update
+          if @property
+            authorize! :update, @property
+            @property.update(property_params)
+            respond_with(@property, status: 200, default_template: :show)
+          else
+            invalid_resource!(@property)
+          end
+        end
+
+        def destroy
+          if @property
+            authorize! :destroy, @property
+            @property.destroy
+            respond_with(@property, status: 204)
+          else
+            invalid_resource!(@property)
+          end
+        end
+
+        private
+
+        def find_property
+          @property = Spree::Property.accessible_by(current_ability, :show).find(params[:id])
+        rescue ActiveRecord::RecordNotFound
+          @property = Spree::Property.accessible_by(current_ability, :show).find_by!(name: params[:id])
+        end
+
+        def property_params
+          params.require(:property).permit(permitted_property_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/reimbursements_controller.rb

@@ -0,0 +1,25 @@
+module Spree
+  module Api
+    module V1
+      class ReimbursementsController < Spree::Api::V1::BaseController
+        def index
+          collection(Spree::Reimbursement)
+          respond_with(@collection)
+        end
+
+        private
+
+        def collection(resource)
+          return @collection if @collection.present?
+
+          params[:q] ||= {}
+
+          @collection = resource.all
+          # @search needs to be defined as this is passed to search_form_for
+          @search = @collection.ransack(params[:q])
+          @collection = @search.result.order(created_at: :desc).page(params[:page]).per(params[:per_page])
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/return_authorizations_controller.rb

@@ -0,0 +1,70 @@
+module Spree
+  module Api
+    module V1
+      class ReturnAuthorizationsController < Spree::Api::V1::BaseController
+        def create
+          authorize! :create, ReturnAuthorization
+          @return_authorization = order.return_authorizations.build(return_authorization_params)
+          if @return_authorization.save
+            respond_with(@return_authorization, status: 201, default_template: :show)
+          else
+            invalid_resource!(@return_authorization)
+          end
+        end
+
+        def destroy
+          @return_authorization = order.return_authorizations.accessible_by(current_ability, :destroy).find(params[:id])
+          @return_authorization.destroy
+          respond_with(@return_authorization, status: 204)
+        end
+
+        def index
+          authorize! :admin, ReturnAuthorization
+          @return_authorizations = order.return_authorizations.accessible_by(current_ability).
+                                   ransack(params[:q]).result.
+                                   page(params[:page]).per(params[:per_page])
+          respond_with(@return_authorizations)
+        end
+
+        def new
+          authorize! :admin, ReturnAuthorization
+        end
+
+        def show
+          authorize! :admin, ReturnAuthorization
+          @return_authorization = order.return_authorizations.accessible_by(current_ability, :show).find(params[:id])
+          respond_with(@return_authorization)
+        end
+
+        def update
+          @return_authorization = order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
+          if @return_authorization.update(return_authorization_params)
+            respond_with(@return_authorization, default_template: :show)
+          else
+            invalid_resource!(@return_authorization)
+          end
+        end
+
+        def cancel
+          @return_authorization = order.return_authorizations.accessible_by(current_ability, :update).find(params[:id])
+          if @return_authorization.cancel
+            respond_with @return_authorization, default_template: :show
+          else
+            invalid_resource!(@return_authorization)
+          end
+        end
+
+        private
+
+        def order
+          @order ||= Spree::Order.find_by!(number: order_id)
+          authorize! :show, @order
+        end
+
+        def return_authorization_params
+          params.require(:return_authorization).permit(permitted_return_authorization_attributes)
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v1/shipments_controller.rb

@@ -0,0 +1,196 @@
+module Spree
+  module Api
+    module V1
+      class ShipmentsController < Spree::Api::V1::BaseController
+        before_action :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
+        before_action :load_transfer_params, only: [:transfer_to_location, :transfer_to_shipment]
+
+        def mine
+          if current_api_user.persisted?
+            @shipments = Spree::Shipment.
+                         reverse_chronological.
+                         joins(:order).
+                         where(spree_orders: { user_id: current_api_user.id }).
+                         includes(mine_includes).
+                         ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+          else
+            render 'spree/api/errors/unauthorized', status: :unauthorized
+          end
+        end
+
+        def create
+          @order = Spree::Order.find_by!(number: params.fetch(:shipment).fetch(:order_id))
+          authorize! :show, @order
+          authorize! :create, Shipment
+          quantity = params[:quantity].to_i
+          @shipment = @order.shipments.create(stock_location_id: params.fetch(:stock_location_id))
+
+          @line_item = Spree::Dependencies.cart_add_item_service.constantize.call(order: @order,
+                                                                                  variant: variant,
+                                                                                  quantity: quantity,
+                                                                                  options: { shipment: @shipment }).value
+
+          respond_with(@shipment.reload, default_template: :show)
+        end
+
+        def update
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
+          @shipment.update_attributes_and_order(shipment_params)
+
+          respond_with(@shipment.reload, default_template: :show)
+        end
+
+        def ready
+          unless @shipment.ready?
+            if @shipment.can_ready?
+              @shipment.ready!
+            else
+              render 'spree/api/v1/shipments/cannot_ready_shipment', status: 422 and return
+            end
+          end
+          respond_with(@shipment, default_template: :show)
+        end
+
+        def ship
+          @shipment.ship! unless @shipment.shipped?
+          respond_with(@shipment, default_template: :show)
+        end
+
+        def add
+          quantity = params[:quantity].to_i
+
+          Spree::Dependencies.cart_add_item_service.constantize.call(order: @shipment.order,
+                                                                     variant: variant,
+                                                                     quantity: quantity,
+                                                                     options: { shipment: @shipment })
+
+          respond_with(@shipment, default_template: :show)
+        end
+
+        def remove
+          quantity = if params.key?(:quantity)
+                       params[:quantity].to_i
+                     else
+                       @shipment.inventory_units_for(variant).sum(:quantity)
+                     end
+
+          Spree::Dependencies.cart_remove_item_service.constantize.call(order: @shipment.order,
+                                                                        variant: variant,
+                                                                        quantity: quantity,
+                                                                        options: { shipment: @shipment })
+
+          if @shipment.inventory_units.any?
+            @shipment.reload
+          else
+            @shipment.destroy!
+          end
+
+          respond_with(@shipment, default_template: :show)
+        end
+
+        def transfer_to_location
+          @stock_location = Spree::StockLocation.find(params[:stock_location_id])
+
+          unless @quantity > 0
+            unprocessable_entity("#{Spree.t(:shipment_transfer_errors_occurred, scope: 'api')} \n #{Spree.t(:negative_quantity, scope: 'api')}")
+            return
+          end
+
+          transfer = @original_shipment.transfer_to_location(@variant, @quantity, @stock_location)
+          if transfer.valid?
+            transfer.run!
+            render json: { message: Spree.t(:shipment_transfer_success) }, status: 201
+          else
+            render json: { message: transfer.errors.full_messages.to_sentence }, status: 422
+          end
+        end
+
+        def transfer_to_shipment
+          @target_shipment = Spree::Shipment.find_by!(number: params[:target_shipment_number])
+
+          error =
+            if @quantity < 0 && @target_shipment == @original_shipment
+              "#{Spree.t(:negative_quantity, scope: 'api')}, \n#{Spree.t('wrong_shipment_target', scope: 'api')}"
+            elsif @target_shipment == @original_shipment
+              Spree.t(:wrong_shipment_target, scope: 'api')
+            elsif @quantity < 0
+              Spree.t(:negative_quantity, scope: 'api')
+            end
+
+          if error
+            unprocessable_entity("#{Spree.t(:shipment_transfer_errors_occurred, scope: 'api')} \n#{error}")
+          else
+            transfer = @original_shipment.transfer_to_shipment(@variant, @quantity, @target_shipment)
+            if transfer.valid?
+              transfer.run!
+              render json: { message: Spree.t(:shipment_transfer_success) }, status: 201
+            else
+              render json: { message: transfer.errors.full_messages }, status: 422
+            end
+          end
+        end
+
+        private
+
+        def load_transfer_params
+          @original_shipment         = Spree::Shipment.find_by!(number: params[:original_shipment_number])
+          @variant                   = Spree::Variant.find(params[:variant_id])
+          @quantity                  = params[:quantity].to_i
+          authorize! :show, @original_shipment
+          authorize! :create, Shipment
+        end
+
+        def find_and_update_shipment
+          @shipment = Spree::Shipment.accessible_by(current_ability, :update).readonly(false).find_by!(number: params[:id])
+          @shipment.update(shipment_params)
+          @shipment.reload
+        end
+
+        def shipment_params
+          if params[:shipment] && !params[:shipment].empty?
+            params.require(:shipment).permit(permitted_shipment_attributes)
+          else
+            {}
+          end
+        end
+
+        def variant
+          @variant ||= Spree::Variant.unscoped.find(params.fetch(:variant_id))
+        end
+
+        def mine_includes
+          {
+            order: {
+              bill_address: {
+                state: {},
+                country: {}
+              },
+              ship_address: {
+                state: {},
+                country: {}
+              },
+              adjustments: {},
+              payments: {
+                order: {},
+                payment_method: {}
+              }
+            },
+            inventory_units: {
+              line_item: {
+                product: {},
+                variant: {}
+              },
+              variant: {
+                product: {},
+                default_price: {},
+                option_values: {
+                  option_type: {}
+                }
+              }
+            }
+          }
+        end
+      end
+    end
+  end
+end