module Spree
module Api
class PaymentsController < Spree::Api::BaseController
before_filter :find_order
before_filter :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void, :credit]
def index
@payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
respond_with(@payments)
end
def new
@payment_methods = Spree::PaymentMethod.available
respond_with(@payment_method)
end
def create
@payment = @order.payments.build(payment_params)
if @payment.save
respond_with(@payment, status: 201, default_template: :show)
else
invalid_resource!(@payment)
end
end
def update
authorize! params[:action], @payment
if ! @payment.pending?
render 'update_forbidden', status: 403
elsif @payment.update_attributes(payment_params)
respond_with(@payment, default_template: :show)
else
invalid_resource!(@payment)
end
end
def show
respond_with(@payment)
end
def authorize
perform_payment_action(:authorize)
end
def capture
perform_payment_action(:capture)
end
def purchase
perform_payment_action(:purchase)
end
def void
perform_payment_action(:void_transaction)
end
def credit
if params[:amount].to_f > @payment.credit_allowed
render 'credit_over_limit', status: 422
else
perform_payment_action(:credit, params[:amount])
end
end
private
def find_order
@order = Spree::Order.find_by(number: order_id)
authorize! :read, @order
end
def find_payment
@payment = @order.payments.find(params[:id])
end
def perform_payment_action(action, *args)
authorize! action, Payment
begin
@payment.send("#{action}!", *args)
respond_with(@payment, :default_template => :show)
rescue Spree::Core::GatewayError => e
@error = e.message
render 'spree/api/errors/gateway_error', status: 422
end
end
def payment_params
params.require(:payment).permit(permitted_payment_attributes)
end
end
end
end