app/controllers/spree/api/orders_controller.rb in spree_api-2.1.12 vs app/controllers/spree/api/orders_controller.rb in spree_api-2.2.0
- old
+ new
@@ -26,11 +26,10 @@
respond_with(@order, default_template: :show, status: 201)
end
def empty
find_order
- authorize! :update, @order, order_token
@order.empty!
@order.update!
render text: nil, status: 200
end
@@ -40,19 +39,17 @@
respond_with(@orders)
end
def show
find_order
- authorize! :show, @order, order_token
method = "before_#{@order.state}"
send(method) if respond_to?(method, true)
respond_with(@order)
end
def update
find_order(true)
- authorize! :update, @order, order_token
# Parsing line items through as an update_attributes call in the API will result in
# many line items for the same variant_id being created. We must be smarter about this,
# hence the use of the update_line_items method, defined within order_decorator.rb.
order_params.delete("line_items_attributes")
if @order.update_attributes(order_params)
@@ -64,50 +61,25 @@
respond_with(@order, default_template: :show)
else
invalid_resource!(@order)
end
end
-
+
def mine
if current_api_user.persisted?
@orders = current_api_user.orders.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
else
render "spree/api/errors/unauthorized", status: :unauthorized
end
end
- ##
- # Applies a promotion code to the user's most recent order
- # This is a temporary API method until we move to next Spree release which has this logic already in this commit.
- #
- # https://github.com/spree/spree/commit/72a5b74c47af975fc3492580415a4cdc2dc02c0c
- #
- # Source references:
- #
- # https://github.com/spree/spree/blob/master/frontend/app/controllers/spree/store_controller.rb#L13
- # https://github.com/spree/spree/blob/2-1-stable/frontend/app/controllers/spree/orders_controller.rb#L100
def apply_coupon_code
find_order
- authorize! :update, @order, order_token
@order.coupon_code = params[:coupon_code]
- @order.save
-
- # https://github.com/spree/spree/blob/2-1-stable/core/lib/spree/promo/coupon_applicator.rb
- result = Spree::Promo::CouponApplicator.new(@order).apply
-
- result[:coupon_applied?] ||= false
-
- # Move flash.notice fields into success if applied
- # An error message is in result[:error]
- if result[:coupon_applied?] && result[:notice]
- result[:success] = result[:notice]
- end
-
- # Need to turn hash result into object for RABL
- # https://github.com/nesquena/rabl/wiki/Rendering-hash-objects-in-rabl
- @coupon_result = OpenStruct.new(result)
- render status: @coupon_result.coupon_applied? ? 200 : 422
+ @handler = PromotionHandler::Coupon.new(@order).apply
+ status = @handler.successful? ? 200 : 422
+ render "spree/api/promotions/handler", :status => status
end
private
def deal_with_line_items
line_item_attributes = params[:order][:line_items]
@@ -132,19 +104,19 @@
end
end
def permitted_order_attributes
if current_api_user.has_spree_role? "admin"
- super + admin_order_attributes
+ super << admin_order_attributes
else
super
end
end
def permitted_shipment_attributes
if current_api_user.has_spree_role? "admin"
- super + admin_shipment_attributes
+ super << admin_shipment_attributes
else
super
end
end
@@ -164,13 +136,19 @@
end
end
def find_order(lock = false)
@order = Spree::Order.lock(lock).find_by!(number: params[:id])
+ authorize! :update, @order, order_token
end
def before_delivery
@order.create_proposed_shipments
end
+
+ def order_token
+ request.headers["X-Spree-Order-Token"] || params[:order_token]
+ end
+
end
end
end