app/controllers/spree/api/orders_controller.rb in spree_api-2.3.1 vs app/controllers/spree/api/orders_controller.rb in spree_api-2.3.2
- old
+ new
@@ -1,8 +1,10 @@
module Spree
module Api
class OrdersController < Spree::Api::BaseController
+ wrap_parameters false
+
skip_before_filter :check_for_user_or_api_key, only: :apply_coupon_code
skip_before_filter :authenticate_user, only: :apply_coupon_code
before_filter :find_order, except: [:create, :mine, :index, :update]
@@ -15,16 +17,28 @@
end
def cancel
authorize! :update, @order, params[:token]
@order.cancel!
- render :show
+ respond_with(@order, :default_template => :show)
end
def create
authorize! :create, Order
- @order = Spree::Core::Importer::Order.import(current_api_user, order_params)
+ order_user = if @current_user_roles.include?('admin') && order_params[:user_id]
+ Spree.user_class.find(order_params[:user_id])
+ else
+ current_api_user
+ end
+
+ import_params = if @current_user_roles.include?("admin")
+ params[:order].present? ? params[:order].permit! : {}
+ else
+ order_params
+ end
+
+ @order = Spree::Core::Importer::Order.import(order_user, import_params)
respond_with(@order, default_template: :show, status: 201)
end
def empty
authorize! :update, @order, order_token
@@ -38,12 +52,10 @@
respond_with(@orders)
end
def show
authorize! :show, @order, order_token
- method = "before_#{@order.state}"
- send(method) if respond_to?(method, true)
respond_with(@order)
end
def update
find_order(true)
@@ -60,11 +72,11 @@
end
end
def mine
if current_api_user.persisted?
- @orders = current_api_user.orders.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+ @orders = current_api_user.orders.reverse_chronological.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
else
render "spree/api/errors/unauthorized", status: :unauthorized
end
end
@@ -78,51 +90,26 @@
end
private
def order_params
if params[:order]
- params[:order][:payments_attributes] = params[:order][:payments] if params[:order][:payments]
- params[:order][:shipments_attributes] = params[:order][:shipments] if params[:order][:shipments]
- params[:order][:line_items_attributes] = params[:order][:line_items] if params[:order][:line_items]
- params[:order][:ship_address_attributes] = params[:order][:ship_address] if params[:order][:ship_address]
- params[:order][:bill_address_attributes] = params[:order][:bill_address] if params[:order][:bill_address]
-
+ normalize_params
params.require(:order).permit(permitted_order_attributes)
else
{}
end
end
- def permitted_order_attributes
- if current_api_user.has_spree_role? "admin"
- super << admin_order_attributes
- else
- super
- end
+ def normalize_params
+ params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
+ params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
+ params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
+ params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address]
+ params[:order][:bill_address_attributes] = params[:order].delete(:bill_address) if params[:order][:bill_address]
end
- def permitted_shipment_attributes
- if current_api_user.has_spree_role? "admin"
- super << admin_shipment_attributes
- else
- super
- end
- end
-
- def admin_shipment_attributes
- [:shipping_method, :stock_location, :inventory_units => [:variant_id, :sku]]
- end
-
- def admin_order_attributes
- [:import, :number, :completed_at, :locked_at, :channel]
- end
-
def find_order(lock = false)
@order = Spree::Order.lock(lock).find_by!(number: params[:id])
- end
-
- def before_delivery
- @order.create_proposed_shipments
end
def order_id
super || params[:id]
end