Class: Spree::Api::V3::ResourceController

Inherits:
BaseController
  • Object
show all
Includes:
ParamsNormalizer
Defined in:
app/controllers/spree/api/v3/resource_controller.rb

Constant Summary

Constants inherited from BaseController

BaseController::RATE_LIMIT_RESPONSE

Constants included from Idempotent

Idempotent::IDEMPOTENCY_HEADER, Idempotent::IDEMPOTENCY_TTL, Idempotent::MAX_KEY_LENGTH, Idempotent::MUTATING_METHODS

Constants included from ErrorHandler

ErrorHandler::ERROR_CODES

Constants included from JwtAuthentication

JwtAuthentication::JWT_AUDIENCE_ADMIN, JwtAuthentication::JWT_AUDIENCE_STORE, JwtAuthentication::JWT_ISSUER, JwtAuthentication::USER_TYPE_ADMIN, JwtAuthentication::USER_TYPE_CUSTOMER

Instance Method Summary collapse

Methods included from ApiKeyAuthentication

#authenticate_api_key!, #authenticate_secret_key!

Methods included from JwtAuthentication

#authenticate_user, #require_authentication!

Instance Method Details

#createObject

POST /api/v3/resource



35
36
37
38
39
40
41
42
43
44
 
# File 'app/controllers/spree/api/v3/resource_controller.rb', line 35

def create
  @resource = build_resource
  authorize_resource!(@resource, :create)

  if @resource.save
    render json: serialize_resource(@resource), status: :created
  else
    render_errors(@resource.errors)
  end
end

#destroyObject

DELETE /api/v3/resource/:id Domain rules like “redeemed gift cards cannot be deleted” live on the model via ‘can_be_deleted?` and apply to all callers (JWT and API key). When `can_be_deleted?` returns false we render 422 (resource state forbids the request) rather than 403, since the caller is authorized — it’s the resource’s state that’s blocking the operation. Models that prefer CanCan-gated destroy can opt in via their ability (e.g. ‘can :destroy, Spree::Order, &:can_be_deleted?`), which raises before the controller hook fires and yields 403.



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'app/controllers/spree/api/v3/resource_controller.rb', line 64

def destroy
  if @resource.respond_to?(:can_be_deleted?) && !@resource.can_be_deleted?
    message = Spree.t(:cannot_delete, scope: 'api', model: @resource.class.model_name.human)
    return render_error(
      code: ERROR_CODES[:validation_error],
      message: message,
      status: :unprocessable_content
    )
  end

  @resource.destroy!
  head :no_content
rescue ActiveRecord::RecordNotDestroyed => e
  render_validation_error(e.record.errors.presence || e.message)
end

#indexObject

GET /api/v3/resource



14
15
16
17
18
19
20
21
22
23
24
 
# File 'app/controllers/spree/api/v3/resource_controller.rb', line 14

def index
  @collection = collection

  # Apply HTTP caching for guests
  return unless cache_collection(@collection)

  render json: {
    data: serialize_collection(@collection),
    meta: collection_meta(@collection)
  }
end

#showObject

GET /api/v3/resource/:id



27
28
29
30
31
32
 
# File 'app/controllers/spree/api/v3/resource_controller.rb', line 27

def show
  # Apply HTTP caching for guests
  return unless cache_resource(@resource)

  render json: serialize_resource(@resource)
end

#updateObject

PATCH /api/v3/resource/:id



47
48
49
50
51
52
53
 
# File 'app/controllers/spree/api/v3/resource_controller.rb', line 47

def update
  if @resource.update(permitted_params)
    render json: serialize_resource(@resource)
  else
    render_errors(@resource.errors)
  end
end