RubyGems - enju_purchase_request - Versions diffs - 0.1.1 → 0.2.0.beta.2 - Mend

enju_purchase_request 0.1.1 → 0.2.0.beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2fc1305c5c75d6ff4de30d9b5cc02cabe80595d8
-  data.tar.gz: 4b02362108242aef5a2b9c89f5385a7e19a1243d
+  metadata.gz: c9dbb79d1677349e2baac147f142a61dba3aa49f
+  data.tar.gz: 2976b93d9b6e8821334b243f553dd6d80518359a
 SHA512:
-  metadata.gz: 0cc6e411c383bdf18939112eeb7826b6d1c179f62298e4f9c1e8e5a892aa80d24feb9c338b32c51a6f3343ff93ce9dc9c140dd5b6d17794e9a32e4efcd5c6e3a
-  data.tar.gz: b57ee7d68df3cc461cc02b784330f267634f592eafbb5af58b2fce548925b444a987340d40610fec1df6977bd4c64f6ae785c95315f6f0cc442a4e29cefdfd31
+  metadata.gz: b03871bcea0ed5ad39b569e4fdc764e511d55a2163ca2bc541ef5dde25facdac100a50a058ddc70bafaaacfc81293a72fd52096c009840d22ad05b30b526e513
+  data.tar.gz: f4bbfed5aa655e9175eaa42cc1b876b3807ec0e9461f62246e1515f4eac6e3463e604d3d18de35663c72fd5944f7d54f4cbd1b2b58fc163c017638b0b6d27eb1

data/README.rdoc CHANGED Viewed

@@ -1,7 +1,7 @@
 = EnjuPurchaseRequest
-{<img src="https://travis-ci.org/next-l/enju_purchase_request.svg?branch=1.1" alt="Build Status" />}[https://travis-ci.org/next-l/enju_purchase_request]
-{<img src="https://coveralls.io/repos/next-l/enju_purchase_request/badge.svg?branch=1.1&service=github" alt="Coverage Status" />}[https://coveralls.io/github/next-l/enju_purchase_request?branch=1.1]
-{<img src="https://hakiri.io/github/next-l/enju_purchase_request/1.1.svg" alt="security" />}[https://hakiri.io/github/next-l/enju_purchase_request/1.1]
+{<img src="https://travis-ci.org/next-l/enju_purchase_request.svg?branch=1.2" alt="Build Status" />}[https://travis-ci.org/next-l/enju_purchase_request]
+{<img src="https://coveralls.io/repos/next-l/enju_purchase_request/badge.svg?branch=1.2&service=github" alt="Coverage Status" />}[https://coveralls.io/github/next-l/enju_purchase_request?branch=1.2]
+{<img src="https://hakiri.io/github/next-l/enju_purchase_request/1.2.svg" alt="security" />}[https://hakiri.io/github/next-l/enju_purchase_request/1.2]
 This project rocks and uses MIT-LICENSE.

data/app/controllers/concerns/enju_purchase_request/controller.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module EnjuPurchaseRequest
+  module Controller
+    private
+    def get_order_list
+      if params[:order_list_id]
+        @order_list = OrderList.find(params[:order_list_id])
+        authorize @order_list, :show?
+      end
+    end
+    def get_purchase_request
+      if params[:purchase_request_id]
+        @purchase_request = PurchaseRequest.find(params[:purchase_request_id])
+        authorize @purchase_request,  :show?
+      end
+    end
+  end
+end

data/app/controllers/order_lists_controller.rb CHANGED Viewed

@@ -1,7 +1,8 @@
 class OrderListsController < ApplicationController
-  load_and_authorize_resource
-  before_filter :prepare_options, only: [:new, :edit]
-  before_filter :get_bookstore, only: :index
+  before_action :set_order_list, only: [:show, :edit, :update, :destroy]
+  before_action :check_policy, only: [:index, :new, :create]
+  before_action :prepare_options, only: [:new, :edit]
+  before_action :get_bookstore, only: :index
   # GET /order_lists
   # GET /order_lists.json
@@ -97,6 +98,15 @@ class OrderListsController < ApplicationController
   end
   private
+  def set_order_list
+    @order_list = OrderList.find(params[:id])
+    authorize @order_list
+  end
+  def check_policy
+    authorize OrderList
+  end
   def order_list_params
     params.require(:order_list).permit(
       :user_id, :bookstore_id, :title, :note, :ordered_at, :edit_mode

data/app/controllers/orders_controller.rb CHANGED Viewed

@@ -1,7 +1,8 @@
 class OrdersController < ApplicationController
-  load_and_authorize_resource
-  before_filter :get_order_list
-  before_filter :get_purchase_request
+  before_action :set_order, only: [:show, :edit, :update, :destroy]
+  before_action :check_policy, only: [:index, :new, :create]
+  before_action :get_order_list
+  before_action :get_purchase_request
   # GET /orders
   # GET /orders.json
@@ -128,6 +129,15 @@ class OrdersController < ApplicationController
   end
   private
+  def set_order
+    @order = Order.find(params[:id])
+    authorize @order
+  end
+  def check_policy
+    authorize Order
+  end
   def order_params
     params.require(:order).permit(:order_list_id, :purchase_request_id)
   end

data/app/controllers/purchase_requests_controller.rb CHANGED Viewed

@@ -1,11 +1,10 @@
 class PurchaseRequestsController < ApplicationController
-  load_and_authorize_resource except: :index
-  authorize_resource only: :index
-  before_filter :get_user
-  before_filter :get_order_list
-  before_filter :store_page, only: :index
-  after_filter :solr_commit, only: [:create, :update, :destroy]
-  after_filter :convert_charset, only: :index
+  before_action :store_page, only: :index
+  before_action :set_purchase_request, only: [:show, :edit, :update, :destroy]
+  before_action :check_policy, only: [:index, :new, :create]
+  before_action :get_user
+  before_action :get_order_list
+  after_action :convert_charset, only: :index
   # GET /purchase_requests
   # GET /purchase_requests.json
@@ -23,9 +22,6 @@ class PurchaseRequestsController < ApplicationController
     user = @user
     unless current_user.has_role?('Librarian')
-      if @order_list
-        access_denied; return
-      end
       if user and user != current_user
         access_denied; return
       end
@@ -145,6 +141,15 @@ class PurchaseRequestsController < ApplicationController
   end
   private
+  def set_purchase_request
+    @purchase_request = PurchaseRequest.find(params[:id])
+    authorize @purchase_request
+  end
+  def check_policy
+    authorize PurchaseRequest
+  end
   def purchase_request_params
     params.fetch(:purchase_request, {}).permit(
       :title, :author, :publisher, :isbn, :price, :url, :note, :pub_date

data/app/models/concerns/enju_purchase_request/enju_user.rb ADDED Viewed

@@ -0,0 +1,10 @@
+module EnjuPurchaseRequest
+  module EnjuUser
+    extend ActiveSupport::Concern
+    included do
+      has_many :purchase_requests
+      has_many :order_lists
+    end
+  end
+end

data/app/models/order.rb CHANGED Viewed

@@ -26,8 +26,7 @@ end
 #  order_list_id       :integer          not null
 #  purchase_request_id :integer          not null
 #  position            :integer
-#  state               :string(255)
-#  created_at          :datetime         not null
-#  updated_at          :datetime         not null
+#  state               :string
+#  created_at          :datetime
+#  updated_at          :datetime
 #

data/app/models/order_list.rb CHANGED Viewed

@@ -61,6 +61,6 @@ end
 #  note         :text
 #  ordered_at   :datetime
 #  deleted_at   :datetime
-#  created_at   :datetime         not null
-#  updated_at   :datetime         not null
+#  created_at   :datetime
+#  updated_at   :datetime
 #

data/app/models/order_list_transition.rb CHANGED Viewed

@@ -10,10 +10,11 @@ end
 # Table name: order_list_transitions
 #
 #  id            :integer          not null, primary key
-#  to_state      :string(255)
-#  metadata      :text             default("{}")
+#  to_state      :string
+#  metadata      :text             default({})
 #  sort_key      :integer
 #  order_list_id :integer
-#  created_at    :datetime         not null
-#  updated_at    :datetime         not null
+#  created_at    :datetime
+#  updated_at    :datetime
+#  most_recent   :boolean
 #

data/app/models/purchase_request.rb CHANGED Viewed

@@ -14,7 +14,7 @@ class PurchaseRequest < ActiveRecord::Base
   after_destroy :index!
   before_save :set_date_of_publication
-  normalize_attributes :url, :pub_date
+  strip_attributes only: [:url, :pub_date]
   searchable do
     text :title, :author, :publisher, :url
@@ -74,17 +74,16 @@ end
 #  title               :text             not null
 #  author              :text
 #  publisher           :text
-#  isbn                :string(255)
+#  isbn                :string
 #  date_of_publication :datetime
 #  price               :integer
-#  url                 :string(255)
+#  url                 :string
 #  note                :text
 #  accepted_at         :datetime
 #  denied_at           :datetime
-#  created_at          :datetime         not null
-#  updated_at          :datetime         not null
+#  created_at          :datetime
+#  updated_at          :datetime
 #  deleted_at          :datetime
-#  state               :string(255)
-#  pub_date            :string(255)
+#  state               :string
+#  pub_date            :string
 #

data/app/policies/bookstore_policy.rb ADDED Viewed

@@ -0,0 +1,23 @@
+class BookstorePolicy < ApplicationPolicy
+  def index?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def show?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def create?
+    true if user.try(:has_role?, 'Administrator')
+  end
+  def update?
+    true if user.try(:has_role?, 'Administrator')
+  end
+  def destroy?
+    if user.try(:has_role?, 'Administrator')
+      true if record.items.empty? and record.order_lists.empty?
+    end
+  end
+end

data/app/policies/order_list_policy.rb ADDED Viewed

@@ -0,0 +1,21 @@
+class OrderListPolicy < ApplicationPolicy
+  def index?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def show?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def create?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def update?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def destroy?
+    true if user.try(:has_role?, 'Librarian')
+  end
+end

data/app/policies/order_policy.rb ADDED Viewed

@@ -0,0 +1,21 @@
+class OrderPolicy < ApplicationPolicy
+  def index?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def show?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def create?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def update?
+    true if user.try(:has_role?, 'Librarian')
+  end
+  def destroy?
+    true if user.try(:has_role?, 'Librarian')
+  end
+end

data/app/policies/purchase_request_policy.rb ADDED Viewed

@@ -0,0 +1,25 @@
+class PurchaseRequestPolicy < ApplicationPolicy
+  def index?
+    true if user.try(:has_role?, 'User')
+  end
+  def show?
+    if user.try(:has_role?, 'Librarian')
+      true
+    elsif user.try(:has_role?, 'User')
+      true if record.user == user
+    end
+  end
+  def create?
+    true if user.try(:has_role?, 'User')
+  end
+  def update?
+    show?
+  end
+  def destroy?
+    show?
+  end
+end

data/app/views/orders/index.html.erb CHANGED Viewed

@@ -16,9 +16,11 @@
     <td><%= link_to order.purchase_request.title, purchase_request_path(order.purchase_request) -%></td>
     <td><%= l(order.updated_at) -%></td>
     <td>
-      <%- if can? :delete, order -%>
-        <%= link_to t('page.show'), order_path(order) -%>
+      <%= link_to t('page.show'), order_path(order) -%>
+      <%- if policy(order).update? -%>
         <%= link_to t('page.edit'), edit_order_path(order) -%>
+      <%- end -%>
+      <%- if policy(order).destroy? -%>
         <%= link_to t('page.destroy'), order_path(order), data: {confirm: t('page.are_you_sure')}, method: :delete -%>
       <%- end -%>
     </td>
@@ -33,7 +35,7 @@
 <div id="submenu" class="ui-corner-all ui-widget-content">
   <ul>
-    <%- if can? :create, Order -%>
+    <%- if policy(Order).create? -%>
       <li><%= link_to t('page.new', model: t('activerecord.models.order')), new_order_path -%></li>
     <%- end -%>
   </ul>

data/app/views/purchase_requests/_index.html.erb CHANGED Viewed

@@ -34,10 +34,10 @@
       </td>
       <td><%= purchase_request.price -%></td>
       <td>
-        <%- if can? :update, purchase_request %>
+        <%- if policy(purchase_request).update? %>
           <%= link_to t('page.edit'), edit_purchase_request_path(purchase_request) -%>
-        <%- end -%>
-        <%- if can? :delete, purchase_request %>
+        <% end %>
+        <%- if policy(purchase_request).destroy? %>
           <%= link_to t('page.destroy'), purchase_request, data: {confirm: t('page.are_you_sure')}, method: :delete -%>
         <%- end -%>
       </td>
@@ -69,14 +69,14 @@
   </ul>
 <p>
   <%- if @user -%>
-    <%= link_to (image_tag 'icons/feed.png', size: '16x16', alt: t('page.feed'), class: 'icon'), purchase_requests_path(user_id: @user.username, format: :rss, locale: @locale.to_s) -%>
+    <%= link_to image_tag('icons/feed.png', size: '16x16', class: 'enju_icon', alt: t('page.feed')), purchase_requests_path(user_id: @user.username, format: :rss, locale: @locale.to_s) -%>
     (<%= link_to 'RSS', purchase_requests_path(user_id: @user.username, format: :rss, locale: @locale.to_s) -%>)
-    <%= link_to (image_tag 'icons/page_white_excel.png', size: '16x16', alt: 'TSV', class: 'icon'), purchase_requests_path(user_id: @user.username, format: :txt) -%>
+    <%= link_to image_tag('icons/page_white_excel.png', size: '16x16', class: 'enju_icon', alt: 'TSV'), purchase_requests_path(user_id: @user.username, format: :txt) -%>
     (<%= link_to 'TSV', purchase_requests_path(user_id: @user.username, format: :txt) -%>)
   <%- else -%>
-    <%= link_to (image_tag 'icons/feed.png', size: '16x16', alt: t('page.feed'), class: 'icon'), purchase_requests_path(format: :rss, locale: @locale.to_s) -%>
+    <%= link_to image_tag('icons/feed.png', size: '16x16', class: 'enju_icon', alt: t('page.feed')), purchase_requests_path(format: :rss, locale: @locale.to_s) -%>
     (<%= link_to 'RSS', purchase_requests_path(format: :rss, locale: @locale.to_s) -%>)
-    <%= link_to (image_tag 'icons/page_white_excel.png', size: '16x16', alt: 'TSV', class: 'icon'), purchase_requests_path(format: :txt) -%>
+    <%= link_to image_tag('icons/page_white_excel.png', size: '16x16', class: 'enju_icon', alt: 'TSV'), purchase_requests_path(format: :txt) -%>
     (<%= link_to 'TSV', purchase_requests_path(format: :txt) -%>)
   <%- end -%>
 </p>

data/app/views/purchase_requests/_index_order_list.html.erb CHANGED Viewed

@@ -39,8 +39,10 @@
       </td>
       <td><%= purchase_request.price -%></td>
       <td>
-        <%= link_to t('page.edit'), edit_purchase_request_path(purchase_request) -%>
-        <%- if can? :delete, purchase_request -%>
+        <%- if policy(purchase_request).update? -%>
+          <%= link_to t('page.edit'), edit_purchase_request_path(purchase_request) -%>
+        <% end %>
+        <%- if policy(purchase_request).destroy? -%>
           <%- if params[:mode] == "add" -%>
             <%= link_to t('page.add'), new_purchase_request_path(order_list_id: @order_list, purchase_request_id: purchase_request.id, mode: 'add') -%>
           <%- else -%>
@@ -67,9 +69,9 @@
   </ul>
   <% if @order_list.ordered? %>
     <p>
-      <%= link_to (image_tag 'icons/feed.png', size: '16x16', alt: t('page.feed'), class: 'icon'), purchase_requests_path(order_list_id: @order_list.id, format: :rss) -%>
+      <%= link_to image_tag('icons/feed.png', size: '16x16', class: 'enju_icon', alt: t('page.feed')), purchase_requests_path(order_list_id: @order_list.id, format: :rss) -%>
       (<%= link_to 'RSS', purchase_requests_path(order_list_id: @order_list.id, format: :rss) -%>)
-      <%= link_to (image_tag 'icons/page_white_excel.png', size: '16x16', alt: 'TSV', class: 'icon'), purchase_requests_path(order_list_id: @order_list.id, format: :txt) -%>
+      <%= link_to image_tag('icons/page_white_excel.png', size: '16x16', class: 'enju_icon', alt: 'TSV'), purchase_requests_path(order_list_id: @order_list.id, format: :txt) -%>
       (<%= link_to 'TSV', purchase_requests_path(order_list_id: @order_list.id, format: :txt) -%>)
     </p>
   <% end %>

data/app/views/purchase_requests/show.html.erb CHANGED Viewed

@@ -81,7 +81,7 @@
 <div id="submenu" class="ui-corner-all ui-widget-content">
   <ul>
-    <% if can? :update, Order %>
+    <% if policy(Order).create? %>
       <%- if @purchase_request.order_list -%>
         <li><%= link_to t('purchase_request.remove_from_order_list'), order_path(@purchase_request.order, order_list_id: @purchase_request.order_list.id), method: :delete, data: {confirm: t('page.are_you_sure')} -%></li>
       <%- else -%>

data/db/migrate/20160703190738_add_most_recent_to_order_list_transitions.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class AddMostRecentToOrderListTransitions < ActiveRecord::Migration
+  def up
+    add_column :order_list_transitions, :most_recent, :boolean, null: true
+  end
+  def down
+    remove_column :order_list_transitions, :most_recent
+  end
+end

data/lib/enju_purchase_request/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module EnjuPurchaseRequest
-  VERSION = "0.1.1"
+  VERSION = "0.2.0.beta.2"
 end

data/lib/enju_purchase_request.rb CHANGED Viewed

@@ -1,30 +1,5 @@
 require "enju_purchase_request/engine"
 require "enju_purchase_request/bookmark_url"
-require "enju_purchase_request/user"
 module EnjuPurchaseRequest
-  def self.included(base)
-    base.extend(ClassMethods)
-  end
-  module ClassMethods
-    def enju_purchase_request
-      include EnjuPurchaseRequest::InstanceMethods
-    end
-  end
-  module InstanceMethods
-    private
-    def get_order_list
-      @order_list = OrderList.find(params[:order_list_id]) if params[:order_list_id]
-    end
-    def get_purchase_request
-      @purchase_request = PurchaseRequest.find(params[:purchase_request_id]) if params[:purchase_request_id]
-    end
-  end
 end
-ActionController::Base.send(:include, EnjuPurchaseRequest)
-ActiveRecord::Base.send :include, EnjuPurchaseRequest::PurchaseRequestUser

data/lib/tasks/enju_purchase_request_tasks.rake CHANGED Viewed

@@ -2,3 +2,11 @@
 # task :enju_purchase_request do
 #   # Task goes here
 # end
+namespace :enju_purchase_request do
+  desc "upgrade enju_purchase_request"
+  task :upgrade => :environment do
+    Rake::Task['statesman:backfill_most_recent'].invoke('OrderList')
+    puts 'enju_purchase_request: The upgrade completed successfully.'
+  end
+end

data/spec/controllers/order_lists_controller_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper'
+require 'rails_helper'
 require 'sunspot/rails/spec_helper'
 describe OrderListsController do
@@ -35,14 +35,14 @@ describe OrderListsController do
       it "assigns empty as @order_lists" do
         get :index
-        assigns(:order_lists).should be_empty
+        assigns(:order_lists).should be_nil
       end
     end
     describe "When not logged in" do
       it "assigns empty as @order_lists" do
         get :index
-        assigns(:order_lists).should be_empty
+        assigns(:order_lists).should be_nil
       end
     end
   end
@@ -101,7 +101,8 @@ describe OrderListsController do
       it "assigns the requested order_list as @order_list" do
         get :new
-        assigns(:order_list).should_not be_valid
+        assigns(:order_list).should be_nil
+        response.should be_success
       end
     end
@@ -112,7 +113,8 @@ describe OrderListsController do
       it "assigns the requested order_list as @order_list" do
         get :new
-        assigns(:order_list).should_not be_valid
+        assigns(:order_list).should be_nil
+        response.should be_success
       end
     end
@@ -123,7 +125,7 @@ describe OrderListsController do
       it "should not assign the requested order_list as @order_list" do
         get :new
-        assigns(:order_list).should_not be_valid
+        assigns(:order_list).should be_nil
         response.should be_forbidden
       end
     end
@@ -131,7 +133,7 @@ describe OrderListsController do
     describe "When not logged in" do
       it "should not assign the requested order_list as @order_list" do
         get :new
-        assigns(:order_list).should_not be_valid
+        assigns(:order_list).should be_nil
         response.should redirect_to(new_user_session_url)
       end
     end
@@ -257,7 +259,7 @@ describe OrderListsController do
       describe "with valid params" do
         it "assigns a newly created order_list as @order_list" do
           post :create, :order_list => @attrs
-          assigns(:order_list).should be_valid
+          assigns(:order_list).should be_nil
         end
         it "should be forbidden" do
@@ -269,7 +271,7 @@ describe OrderListsController do
       describe "with invalid params" do
         it "assigns a newly created but unsaved order_list as @order_list" do
           post :create, :order_list => @invalid_attrs
-          assigns(:order_list).should_not be_valid
+          assigns(:order_list).should be_nil
         end
         it "should be forbidden" do
@@ -283,7 +285,7 @@ describe OrderListsController do
       describe "with valid params" do
         it "assigns a newly created order_list as @order_list" do
           post :create, :order_list => @attrs
-          assigns(:order_list).should be_valid
+          assigns(:order_list).should be_nil
         end
         it "should be forbidden" do
@@ -295,7 +297,7 @@ describe OrderListsController do
       describe "with invalid params" do
         it "assigns a newly created but unsaved order_list as @order_list" do
           post :create, :order_list => @invalid_attrs
-          assigns(:order_list).should_not be_valid
+          assigns(:order_list).should be_nil
         end
         it "should be forbidden" do

data/spec/controllers/orders_controller_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper'
+require 'rails_helper'
 require 'sunspot/rails/spec_helper'
 describe OrdersController do
@@ -39,7 +39,7 @@ describe OrdersController do
       it "should be forbidden" do
         get :index
-        assigns(:orders).should be_empty
+        assigns(:orders).should be_nil
         response.should be_forbidden
       end
     end
@@ -47,7 +47,7 @@ describe OrdersController do
     describe "When not logged in" do
       it "assigns all orders as @orders" do
         get :index
-        assigns(:orders).should be_empty
+        assigns(:orders).should be_nil
         response.should redirect_to(new_user_session_url)
       end
     end
@@ -143,7 +143,7 @@ describe OrdersController do
       it "should not assign the requested order as @order" do
         get :new, :order_list_id => 1, :purchase_request_id => 1
-        assigns(:order).should_not be_valid
+        assigns(:order).should be_nil
         response.should be_forbidden
       end
     end
@@ -151,7 +151,7 @@ describe OrdersController do
     describe "When not logged in" do
       it "should not assign the requested order as @order" do
         get :new, :order_list_id => 1, :purchase_request_id => 1
-        assigns(:order).should_not be_valid
+        assigns(:order).should be_nil
         response.should redirect_to(new_user_session_url)
       end
     end
@@ -277,7 +277,7 @@ describe OrdersController do
       describe "with valid params" do
         it "assigns a newly created order as @order" do
           post :create, :order => @attrs
-          assigns(:order).should be_valid
+          assigns(:order).should be_nil
         end
         it "should be forbidden" do
@@ -289,7 +289,7 @@ describe OrdersController do
       describe "with invalid params" do
         it "assigns a newly created but unsaved order as @order" do
           post :create, :order => @invalid_attrs
-          assigns(:order).should_not be_valid
+          assigns(:order).should be_nil
         end
         it "should be forbidden" do
@@ -303,7 +303,7 @@ describe OrdersController do
       describe "with valid params" do
         it "assigns a newly created order as @order" do
           post :create, :order => @attrs
-          assigns(:order).should be_valid
+          assigns(:order).should be_nil
         end
         it "should be forbidden" do
@@ -315,7 +315,7 @@ describe OrdersController do
       describe "with invalid params" do
         it "assigns a newly created but unsaved order as @order" do
           post :create, :order => @invalid_attrs
-          assigns(:order).should_not be_valid
+          assigns(:order).should be_nil
         end
         it "should be forbidden" do