API v1 financial_transactions endpoints (#627)

app/controllers/api/v1/financial_transactions_controller.rb

@@ -0,0 +1,24 @@
+class Api::V1::FinancialTransactionsController < Api::V1::BaseController
+  include Concerns::CollectionScope
+
+  before_action ->{ doorkeeper_authorize! 'finance:read', 'finance:write' }
+
+  def index
+    render_collection search_scope
+  end
+
+  def show
+    render json: scope.find(params.require(:id))
+  end
+
+  private
+
+  def scope
+    FinancialTransaction.includes(:user)
+  end
+
+  def ransack_auth_object
+    :finance
+  end
+
+end

app/controllers/api/v1/user/financial_transactions_controller.rb

@@ -0,0 +1,21 @@
+class Api::V1::User::FinancialTransactionsController < Api::V1::BaseController
+  include Concerns::CollectionScope
+
+  before_action ->{ doorkeeper_authorize! 'finance:user' }
+  before_action :require_ordergroup
+
+  def index
+    render_collection search_scope
+  end
+
+  def show
+    render json: scope.find(params.require(:id))
+  end
+
+  private
+
+  def scope
+    current_ordergroup.financial_transactions.includes(:user)
+  end
+
+end

app/controllers/concerns/collection_scope.rb

@@ -0,0 +1,58 @@
+module Concerns::CollectionScope
+  extend ActiveSupport::Concern
+
+  private
+
+  def scope
+    raise NotImplementedError, 'Please override #scope when you use Concerns::CollectionScope'
+  end
+
+  def default_per_page
+    20
+  end
+
+  def max_per_page
+    250
+  end
+
+  def per_page
+    # allow max_per_page and default_per_page to be nil as well
+    if params[:per_page]
+      [params[:per_page].to_i, max_per_page].compact.min
+    else
+      default_per_page
+    end
+  end
+
+  def search_scope
+    s = scope
+    s = s.ransack(params[:q], auth_object: ransack_auth_object).result(distinct: true) if params[:q]
+    s = s.page(params[:page].to_i).per(per_page) if per_page && per_page >= 0
+    s
+  end
+
+  def render_collection(scope)
+    render json: scope, meta: collection_meta(scope)
+  end
+
+  def collection_meta(scope, extra = {})
+    return unless scope.respond_to?(:total_count) && per_page
+
+    {
+      page: params[:page].to_i,
+      per_page: per_page,
+      total_pages: (scope.total_count / [1, per_page].max).ceil,
+      total_count: scope.total_count
+    }.merge(extra)
+  end
+
+  # By default, there are no special ransack search scope authentications.
+  # Controllers can override this to return something else and customize a model's
+  # +ransackable_attributes+ and +ransackable_associations+ to allow searching on more
+  # parameters in one controller than another (e.g. to protect searches that are scoped
+  # to a user, while still allowing all search parameters for another endpoint).
+  def ransack_auth_object
+    nil
+  end
+
+end

app/models/financial_transaction.rb

@@ -22,6 +22,17 @@ class FinancialTransaction < ApplicationRecord
     initialize_financial_transaction_type
   end
 
+  # @todo remove alias (and rename created_on to created_at below) after #575
+  ransack_alias :created_at, :created_on
+
+  def self.ransackable_attributes(auth_object = nil)
+    %w(id amount note created_on user_id)
+  end
+
+  def self.ransackable_associations(auth_object = nil)
+    %w() # none, and certainly not user until we've secured that more
+  end
+
   # Use this save method instead of simple save and after callback
   def add_transaction!
     ordergroup.add_financial_transaction! amount, note, user, financial_transaction_type
@@ -43,6 +54,11 @@ class FinancialTransaction < ApplicationRecord
     reverts.present? || reverted_by.present?
   end
 
+  # @todo rename in model, see #575
+  def created_at
+    created_on
+  end
+
   protected
 
   def initialize_financial_transaction_type

app/serializers/financial_transaction_serializer.rb

@@ -0,0 +1,13 @@
+class FinancialTransactionSerializer < ActiveModel::Serializer
+  include ApplicationHelper
+
+  attributes :id, :user_id, :user_name, :amount, :note, :created_at
+
+  def user_name
+    show_user object.user
+  end
+
+  def amount
+    object.amount.to_f
+  end
+end