# frozen_string_literal: true module SolidusPaypalCommercePlatform class OrdersController < ::Spree::Api::BaseController before_action :load_order, except: :create skip_before_action :authenticate_user include ::Spree::Core::ControllerHelpers::Auth def create authorize! :create, ::Spree::Order @order = ::Spree::Order.create!( user: try_spree_current_user, store: current_store, currency: current_pricing_options.currency ) if @order.contents.update_cart order_params # Overriding any existing orders cookies.signed[:guest_token] = @order.guest_token render json: @order, status: :ok else render json: @order.errors.full_messages, status: :unprocessable_entity end end def update_address authorize! :update, @order, order_token paypal_address = SolidusPaypalCommercePlatform::PaypalAddress.new(@order) if paypal_address.update(paypal_address_params).valid? @order.ensure_updated_shipments @order.contents.advance render json: {}, status: :ok else render json: paypal_address.errors.full_messages, status: :unprocessable_entity end end def verify_total authorize! :show, @order, order_token if total_is_correct?(params[:paypal_total]) render json: {}, status: :ok else respond_with(@order, default_template: 'spree/api/orders/expected_total_mismatch', status: 400) end end private def total_is_correct?(paypal_total) @order.total == BigDecimal(paypal_total) end def paypal_address_params params.require(:address).permit( updated_address: [ :address_line_1, :address_line_2, :admin_area_1, :admin_area_2, :postal_code, :country_code, ], recipient: [ :email_address, { name: [ :given_name, :surname, ] } ] ) end def order_params params.require(:order).permit(permitted_order_attributes) end def load_order @order = ::Spree::Order.find_by!(number: params[:order_id]) end end end