RubyGems - solidus_api - Versions diffs - 1.0.6 → 1.0.7 - Mend

solidus_api 1.0.6 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of solidus_api might be problematic. Click here for more details.

Files changed (8) hide show

checksums.yaml +4 -4
data/app/controllers/spree/api/orders_controller.rb +14 -11
data/app/controllers/spree/api/payments_controller.rb +1 -0
data/spec/controllers/spree/api/checkouts_controller_spec.rb +13 -0
data/spec/controllers/spree/api/orders_controller_spec.rb +83 -73
data/spec/controllers/spree/api/payments_controller_spec.rb +11 -0
data/spec/spec_helper.rb +1 -0
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3d8748a7cb17f2da88ee82038992cbe3b5b1e613
-  data.tar.gz: 862809a543c246df6135095e777ba6f711b7bc14
+  metadata.gz: c108e552ec6ec720a0b101802d36eaf5d9aa4761
+  data.tar.gz: e376f6d8e98c28a0f193b012a3f9e62476adb5d4
 SHA512:
-  metadata.gz: 20d3aefbd9bcf0fc0f079558bcf65855f5a6cf46d14f31291d3779562ad08ec573d3a9105876c5647cf97fa3f405280eabea5282f78cbae08b7b26c4441343e1
-  data.tar.gz: ab295708931c7d4404377e942d8906cef0d2ab01befda544499d65eefab6a765fe8e609efb5968de822ab92d7b096bf90ab646c9f00785af7decd1be84dd0296
+  metadata.gz: 3deada5b7463920279f00169107d3afd9279ab8f019928b7a109731f803b515327b4486e73d84e4e7d53746999741bb8e4a48328b1aaf019fa239c6f4feb7b87
+  data.tar.gz: 3907075dabb2ed39ce27230ddea643aa16a8c40b48252b4d545f7d8df9f75b08dcaadf54e7ab2e48a5d85e7fa645ab9d70872e5c944ad3e51b98e65e67b0a7da

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -28,20 +28,23 @@ module Spree
       def create
         authorize! :create, Order
-        order_user = if order_params[:user_id]
-          Spree.user_class.find(order_params[:user_id])
-        else
-          current_api_user
-        end
+        if can?(:admin, Order)
+          order_user = if order_params[:user_id]
+            Spree.user_class.find(order_params[:user_id])
+          else
+            current_api_user
+          end
-        import_params = if can?(:admin, Spree::Order)
-          params[:order].present? ? params[:order].permit! : {}
+          @order = Spree::Core::Importer::Order.import(order_user, order_params)
+          respond_with(@order, default_template: :show, status: 201)
         else
-          order_params
+          @order = Spree::Order.create!(user: current_api_user, store: current_store)
+          if @order.contents.update_cart(order_params)
+            respond_with(@order, default_template: :show, status: 201)
+          else
+            invalid_resource!(@order)
+          end
         end
-        @order = Spree::Core::Importer::Order.import(order_user, import_params)
-        respond_with(@order, default_template: :show, status: 201)
       end
       def empty

data/app/controllers/spree/api/payments_controller.rb CHANGED Viewed

@@ -17,6 +17,7 @@ module Spree
       end
       def create
+        @order.validate_payments_attributes(payment_params)
         @payment = @order.payments.build(payment_params)
         if @payment.save
           respond_with(@payment, status: 201, default_template: :show)

data/spec/controllers/spree/api/checkouts_controller_spec.rb CHANGED Viewed

@@ -164,6 +164,19 @@ module Spree
         expect(response.status).to eq(200)
       end
+      context "with disallowed payment method" do
+        it "returns not found" do
+          order.update_column(:state, "payment")
+          allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
+          @payment_method.update!(display_on: "back_end")
+          expect {
+            api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
+          }.not_to change { Spree::Payment.count }
+          expect(response.status).to eq(404)
+        end
+      end
       it "returns errors when source is required and missing" do
         order.update_column(:state, "payment")
         api_put :update, :id => order.to_param, :order_token => order.guest_token,

data/spec/controllers/spree/api/orders_controller_spec.rb CHANGED Viewed

@@ -29,49 +29,49 @@ module Spree
     describe "POST create" do
       let(:target_user) { create :user }
-      let(:date_override) { 3.days.ago }
+      let(:date_override) { Time.parse('2015-01-01') }
+      let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
-      before do
-        allow_any_instance_of(Spree::Ability).to receive(:can?).
-          and_return(true)
-        allow_any_instance_of(Spree::Ability).to receive(:can?).
-          with(:admin, Spree::Order).
-          and_return(can_admin)
-        allow(Spree.user_class).to receive(:find).
-          with(target_user.id).
-          and_return(target_user)
-      end
-      subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
+      subject { api_post :create, order: attributes }
       context "when the current user cannot administrate the order" do
-        let(:can_admin) { false }
+        stub_authorization! do |_|
+          can :create, Spree::Order
+        end
         it "does not include unpermitted params, or allow overriding the user", focus: true do
-          expect(Spree::Core::Importer::Order).to receive(:import).
-            once.
-            with(current_api_user, { "email" => target_user.email }).
-            and_call_original
           subject
+          expect(response).to be_success
+          order = Spree::Order.last
+          expect(order.user).to eq current_api_user
+          expect(order.email).to eq target_user.email
         end
         it { is_expected.to be_success }
-      end
-      context "when the current user can administrate the order" do
-        let(:can_admin) { true }
+        context 'creating payment' do
+          let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
-        it "it permits all params and allows overriding the user" do
-          expect(Spree::Core::Importer::Order).to receive(:import).
-            once.
-            with(target_user, { "user_id" => target_user.id, "created_at" => date_override, "email" => target_user.email}).
-            and_call_original
-          subject
-        end
+          context "with allowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
+            it { is_expected.to be_success }
+            it "creates a payment" do
+              expect {
+                subject
+              }.to change { Spree::Payment.count }.by(1)
+            end
+          end
-        it { is_expected.to be_success }
+          context "with disallowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
+            it { is_expected.to be_not_found }
+            it "creates no payments" do
+              expect {
+                subject
+              }.not_to change { Spree::Payment.count }
+            end
+          end
+        end
       end
     end
@@ -81,41 +81,65 @@ module Spree
       let(:can_admin) { false }
       subject { api_put :update, id: order.to_param, order: order_params }
-      before do
-        allow_any_instance_of(Spree::Ability).to receive(:can?).
-          and_return(true)
+      context "when the user cannot administer the order" do
+        stub_authorization! do |_|
+          can [:update], Spree::Order
+        end
-        allow(Spree::Order).to receive(:find_by!).
-          with(number: order.number).
-          and_return(order)
+        it "updates the user's email" do
+          expect {
+            subject
+          }.to change { order.reload.email }.to("foo@foobar.com")
+        end
-        allow(Spree.user_class).to receive(:find).
-          with(user.id).
-          and_return(user)
+        it { is_expected.to be_success }
-        allow_any_instance_of(Spree::Ability).to receive(:can?).
-          with(:admin, Spree::Order).
-          and_return(can_admin)
-      end
+        it "does not associate users" do
+          expect {
+            subject
+          }.not_to change { order.reload.user }
+        end
-      it "updates the cart contents" do
-        expect(order.contents).to receive(:update_cart).
-          once.
-          with({"email" => "foo@foobar.com"})
-        subject
-      end
+        it "does not change forbidden attributes" do
+          expect {
+            subject
+          }.to_not change{ order.reload.number }
+        end
+        context 'creating payment' do
+          let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
+          context "with allowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
+            it { is_expected.to be_success }
+            it "creates a payment" do
+              expect {
+                subject
+              }.to change { Spree::Payment.count }.by(1)
+            end
+          end
-      it { is_expected.to be_success }
+          context "with disallowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
+            it { is_expected.to be_not_found }
+            it "creates no payments" do
+              expect {
+                subject
+              }.not_to change { Spree::Payment.count }
+            end
+          end
+        end
+      end
       context "when the user can administer the order" do
-        let(:can_admin) { true }
+        stub_authorization! do |_|
+          can [:admin, :update], Spree::Order
+        end
         it "will associate users" do
-          expect(order).to receive(:associate_user!).
-            once.
-            with(user)
-          subject
+          expect {
+            subject
+          }.to change { order.reload.user }.to(user)
         end
         it "updates the otherwise forbidden attributes" do
@@ -123,17 +147,6 @@ module Spree
             to("anothernumber")
         end
       end
-      context "when the user cannot administer the order" do
-        it "does not associate users" do
-          expect(order).to_not receive(:associate_user!)
-          subject
-        end
-        it "does not change forbidden attributes" do
-          expect{subject}.to_not change{order.reload.number}
-        end
-      end
     end
     it "cannot view all orders" do
@@ -355,16 +368,13 @@ module Spree
     # Regression test for #3404
     it "can specify additional parameters for a line item" do
-      expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
-      allow(order).to receive(:associate_user!)
-      allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
-      expect(line_item).to receive(:update_attributes!).with("special" => true)
+      expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
       allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
       api_post :create, :order => {
         :line_items => {
           "0" => {
-            :variant_id => variant.to_param, :quantity => 5, :special => true
+            variant_id: variant.to_param, quantity: 5, special: "foo"
           }
         }
       }

data/spec/controllers/spree/api/payments_controller_spec.rb CHANGED Viewed

@@ -43,6 +43,17 @@ module Spree
             expect(response.status).to eq(201)
             expect(json_response).to have_attributes(attributes)
           end
+          context "disallowed payment method" do
+            it "does not create a new payment" do
+              PaymentMethod.first.update!(display_on: "back_end")
+              expect {
+                api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
+              }.not_to change { Spree::Payment.count }
+              expect(response.status).to eq(404)
+            end
+          end
         end
         context "payment source is required" do

data/spec/spec_helper.rb CHANGED Viewed

@@ -31,6 +31,7 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
 require 'spree/testing_support/factories'
 require 'spree/testing_support/preferences'
 require 'spree/testing_support/mail'
+require 'spree/testing_support/authorization_helpers'
 require 'spree/api/testing_support/caching'
 require 'spree/api/testing_support/helpers'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_api
 version: !ruby/object:Gem::Version
-  version: 1.0.6
+  version: 1.0.7
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-03-23 00:00:00.000000000 Z
+date: 2017-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.6
+        version: 1.0.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.6
+        version: 1.0.7
 - !ruby/object:Gem::Dependency
   name: rabl
   requirement: !ruby/object:Gem::Requirement
@@ -278,7 +278,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.6.11
 signing_key:
 specification_version: 4
 summary: REST API for the Solidus e-commerce framework.