/api/app/controllers/spree/api/v1/orders_controller.rb
https://github.com/crystalneth/spree · Ruby · 89 lines · 74 code · 14 blank · 1 comment · 3 complexity · 55a3ffb42580e2b8d304a71d327ee230 MD5 · raw file
- module Spree
- module Api
- module V1
- class OrdersController < Spree::Api::V1::BaseController
- before_filter :map_nested_attributes, :only => [:create, :update]
- before_filter :authorize_read!, :except => [:index, :search, :create]
- def index
- # should probably look at turning this into a CanCan step
- raise CanCan::AccessDenied unless current_api_user.has_spree_role?("admin")
- @orders = Order.page(params[:page]).per(params[:per_page])
- end
- def show
- end
- def search
- @orders = Order.ransack(params[:q]).result.page(params[:page])
- render :index
- end
- def create
- @order = Order.build_from_api(current_api_user, @nested_params)
- next!
- end
- def update
- authorize! :update, Order
- if order.update_attributes(@nested_params)
- order.update!
- render :show
- else
- invalid_resource!(order)
- end
- end
- def address
- order.build_ship_address(params[:shipping_address])
- order.build_bill_address(params[:billing_address])
- next!
- end
- def delivery
- begin
- ShippingMethod.find(params[:shipping_method_id])
- rescue ActiveRecord::RecordNotFound
- render :invalid_shipping_method, :status => 422
- else
- order.update_attribute(:shipping_method_id, params[:shipping_method_id])
- next!
- end
- end
- def cancel
- order.cancel!
- render :show
- end
- def empty
- order.line_items.destroy_all
- order.update!
- render :text => nil, :status => 200
- end
- private
- def map_nested_attributes
- @nested_params = map_nested_attributes_keys Order, params[:order]
- end
- def order
- @order ||= Order.find_by_number!(params[:id])
- end
- def next!
- if @order.valid? && @order.next
- render :show, :status => 200
- else
- render :could_not_transition, :status => 422
- end
- end
- def authorize_read!
- authorize! :read, order
- end
- end
- end
- end
- end