# frozen_string_literal: true
module SolidusPaypalCommercePlatform
class OrdersController < ::Spree::Api::BaseController
skip_before_action :authenticate_user
include ::Spree::Core::ControllerHelpers::Auth
def create
authorize! :create, ::Spree::Order
@order = ::Spree::Order.create!(
user: current_api_user,
store: current_store,
currency: current_pricing_options.currency
)
if @order.contents.update_cart order_params
# Overriding any existing orders
cookies.signed[:guest_token] = @order.guest_token
render json: @order, status: :ok
else
render json: @order.errors.full_messages, status: :unprocessable_entity
end
end
def update_address
load_order
authorize! :update, @order, order_token
paypal_address = SolidusPaypalCommercePlatform::PaypalAddress.new(@order)
if paypal_address.update(paypal_address_params).valid?
@order.ensure_updated_shipments
@order.contents.advance
render json: {}, status: :ok
else
render json: paypal_address.errors.full_messages, status: :unprocessable_entity
end
end
def verify_total
load_order
authorize! :show, @order, order_token
if total_is_correct?(params[:paypal_total])
render json: {}, status: :ok
else
respond_with(@order, default_template: 'spree/api/orders/expected_total_mismatch', status: 400)
end
end
private
def total_is_correct?(paypal_total)
@order.total == BigDecimal(paypal_total)
end
def paypal_address_params
params.require(:address).permit(
updated_address: [
:address_line_1,
:address_line_2,
:admin_area_1,
:admin_area_2,
:postal_code,
:country_code,
],
recipient: [
:email_address,
{
name: [
:given_name,
:surname,
]
}
]
)
end
def order_params
params.require(:order).permit(permitted_order_attributes)
end
def load_order
@order = ::Spree::Order.find_by!(number: params[:order_id])
end
end
end