From 8b79d41b81a1706bd4ad2487491d79e6913deeec Mon Sep 17 00:00:00 2001
From: Steve Roberts <steve@commoncode.io>
Date: Wed, 10 Jun 2020 16:29:07 +1000
Subject: [PATCH] Update orders swagger spec and fix api_key access to orders
 endpoint

---
 app/controllers/api/orders_controller.rb |  2 +-
 swagger.yaml                             | 53 +++++++++++++++++++++++-
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/orders_controller.rb b/app/controllers/api/orders_controller.rb
index c011db44ec..7339af3c61 100644
--- a/app/controllers/api/orders_controller.rb
+++ b/app/controllers/api/orders_controller.rb
@@ -8,7 +8,7 @@ module Api
     def index
       authorize! :admin, Spree::Order
 
-      search_results = SearchOrders.new(params, spree_current_user)
+      search_results = SearchOrders.new(params, current_api_user)
 
       render json: {
         orders: serialized_orders(search_results.orders),
diff --git a/swagger.yaml b/swagger.yaml
index 838f09f2d4..0aed7ded9e 100644
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -342,9 +342,60 @@ paths:
 
   /orders:
     get:
-      description: Gets all Orders.
+      description: Gets all Orders. Use combinations of parameters to filter your query. For example /api/orders?q[completed_at_gt]=2020_02_02&q[completed_at_lt]=2020_02_10 returns orders between 2nd and 10th February 2020.
       tags:
         - orders
+      parameters:
+        - in: query
+          name: q[distributor_id_eq]
+          schema:
+            type: string
+          style: deepObject
+          description: Query orders for a specific distributor id. 
+          required: false
+        - in: query
+          name: q[completed_at_gt]
+          schema:
+            type: string
+          style: deepObject
+          description: Query orders completed after a date. 
+          required: false
+        - in: query
+          name: q[completed_at_lt]
+          schema:
+            type: string
+          style: deepObject
+          description: Query orders completed before a date. 
+          required: false
+        - in: query
+          name: q[state_eq]
+          schema:
+            type: string
+          style: deepObject
+          description: Query orders by order state, eg 'cart', 'complete'. 
+          required: false
+        - in: query
+          name: q[payment_state_eq]
+          schema:
+            type: string
+          style: deepObject
+          description: Query orders by order payment_state, eg 'balance_due', 'paid', 'failed'. 
+          required: false
+        - in: query
+          name: q[email_cont]
+          schema:
+            type: string
+          style: deepObject
+          description: Query orders where the order email contains a string. 
+          required: false
+        - in: query
+          name: q[order_cycle_id_eq]
+          schema:
+            type: string
+          style: deepObject
+          description: Query orders for a specific order_cycle id. 
+          required: false
+
       responses:
         '200':
           description: successful operation