orders_controller.rb

/api/app/controllers/spree/api/orders_controller.rb

http://github.com/spree/spree
Ruby | 106 lines | 88 code | 14 blank | 4 comment | 8 complexity | 75d65adbdcdc92a93d1df6f3f08a4b88 MD5 | raw file
Possible License(s): BSD-3-Clause

module Spree
  module Api
    class OrdersController < Spree::Api::BaseController

      # Dynamically defines our stores checkout steps to ensure we check authorization on each step.
      Order.checkout_steps.keys.each do |step|
        define_method step do
          find_order
          authorize! :update, @order, params[:token]
        end
      end

      def cancel
        find_order
        authorize! :update, @order, params[:token]
        @order.cancel!
        render :show
      end

      def create
        authorize! :create, Order
        @order = Order.build_from_api(current_api_user, order_params)
        respond_with(@order, default_template: :show, status: 201)
      end

      def empty
        find_order
        @order.empty!
        @order.update!
        render text: nil, status: 200
      end

      def index
        authorize! :index, Order
        @orders = Order.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
        respond_with(@orders)
      end

      def show
        find_order
        method = "before_#{@order.state}"
        send(method) if respond_to?(method, true)
        respond_with(@order)
      end

      def update
        find_order
        # Parsing line items through as an update_attributes call in the API will result in
        # many line items for the same variant_id being created. We must be smarter about this,
        # hence the use of the update_line_items method, defined within order_decorator.rb.
        order_params.delete("line_items_attributes")
        if @order.update_attributes(order_params)
          line_item_attributes = params[:order][:line_items].map do |id, attributes|
            [id, attributes.slice(*permitted_line_item_attributes)]
          end
          line_item_attributes = Hash[line_item_attributes].delete_if { |k,v| v.empty? }
          @order.update_line_items(line_item_attributes)
          @order.line_items.reload
          @order.update!
          respond_with(@order, default_template: :show)
        else
          invalid_resource!(@order)
        end
      end

      def apply_coupon_code
        find_order
        @order.coupon_code = params[:coupon_code]
        @handler = PromotionHandler::Coupon.new(@order).apply
        status = @handler.successful? ? 200 : 422
        render "spree/api/promotions/handler", :status => status
      end

      private

        def order_params
          if params[:order]
            params[:order][:line_items_attributes] = params[:order][:line_items]
            params[:order][:ship_address_attributes] = params[:order][:ship_address] if params[:order][:ship_address]
            params[:order][:bill_address_attributes] = params[:order][:bill_address] if params[:order][:bill_address]
            params.require(:order).permit(permitted_order_attributes)
          else
            {}
          end
        end

        def next!(options={})
          if @order.valid? && @order.next
            render :show, status: options[:status] || 200
          else
            render :could_not_transition, status: 422
          end
        end

        def find_order
          @order = Spree::Order.find_by!(number: params[:id])
          authorize! :update, @order, params[:order_token]
        end

        def before_delivery
          @order.create_proposed_shipments
        end

    end
  end
end