-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcheckout_controller.rb
74 lines (58 loc) · 2.34 KB
/
checkout_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
class Api::CheckoutController < ApplicationController
protect_from_forgery except: [:info, :purchase, :create, :products]
skip_before_action :authenticate_user!, only: [:info, :purchase, :create, :products]
skip_before_action :authenticate_admin!, only: [:info, :purchase, :create, :products]
before_action :authenticate_checkout, only: [:info, :purchase, :create, :products]
respond_to :json
def products
@products = CheckoutProduct.where(:active => true)
end
def info
@card = CheckoutCard.joins(:member, :checkout_balance).select(:id, :uuid, :first_name, :balance).find_by_uuid!(params[:uuid])
end
def purchase
card = CheckoutCard.find_by_uuid!(params[:uuid])
if( !card.active )
render :status => :unauthorized, :json => 'card not yet activated'
return
end
transaction = CheckoutTransaction.new( :items => params[:items].to_a, :checkout_card => card )
begin
transaction.save
rescue ActiveRecord::RecordNotSaved => error
render :status => :not_acceptable, :json => {
message: "alcohol allowed at #{Settings.liquor_time}"
} and return if error.message == 'not_allowed'
head :bad_request and return if error.message == 'empty_items'
render :status => :request_entity_too_large, :json => {
message: 'insufficient funds',
balance: card.checkout_balance.balance,
items: params[:items].to_a,
costs: transaction.price
} if error.message == 'insufficient_funds'
return
end
render :status => :created, :json => {
uuid: card.uuid,
first_name: card.member.first_name,
balance: card.checkout_balance.balance,
created_at: transaction.created_at
}
end
def create
head :conflict and return unless CheckoutCard.find_by_uuid(params[:uuid]).nil?
card = CheckoutCard.new( :uuid => params[:uuid], :member => Member.find_by_student_id!(params[:student]), :description => params[:description] )
if card.save
render :status => :created, :json => CheckoutCard.joins(:member, :checkout_balance).select(:id, :uuid, :first_name, :balance).find_by_uuid!(params[:uuid]).to_json
else
head :conflict
end
end
private # TODO implement for OAuth client credentials
def authenticate_checkout
if params[:token] != ENV['CHECKOUT_TOKEN']
head :forbidden
return
end
end
end