solidus_api 1.2.2 → 1.2.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of solidus_api might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 902e6280dd1a6bd4dd50604183c86cbbf6e97724
4
- data.tar.gz: c03803d905f0d533cfda9ff876603b986490c775
3
+ metadata.gz: 393d0d36bfd016ad4bd491a6e5e7f809a3bd8d33
4
+ data.tar.gz: 075176b4df3486e9c0da4b27da75e987b26a8b1f
5
5
  SHA512:
6
- metadata.gz: 77433c701d48153cfc7b42804286f6e4b04297d7e9c8ce54a24d0cfa6da01bc0f38e5a984f45f941c5329637a5f794e1a45a504f072eadc8f74022a89c8891ee
7
- data.tar.gz: ed4f95e6f786bd166466964ac4ded95c4fd7dbd9ce5bd537b480f77907a080975e024f7397ddc65a413d46f9962deb6e8545d889b262b0ca93484d7e38b36b6b
6
+ metadata.gz: 1e1fe525cdf4e7fa9f8f4f6430f79e7c3688ce94e525f3cc5a312836908b8889014a9f5e9d6082f4cb776b16a59f07e4d7f67435944f2878a08394119c044f73
7
+ data.tar.gz: b98daeb6709274fd64bef47c3b69c3251d5d91d84dff7bb973e53476d6e4c9a279ae13a58e1cccaa6cf8bf1a1edf231209ec37410653e4c03af493ea9cc94cb8
@@ -27,8 +27,19 @@ module Spree
27
27
 
28
28
  def create
29
29
  authorize! :create, Order
30
- @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
31
- respond_with(@order, default_template: :show, status: 201)
30
+
31
+ if can?(:admin, Order)
32
+ @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
33
+ respond_with(@order, default_template: :show, status: 201)
34
+ else
35
+ @order = Spree::Order.create!(user: current_api_user, store: current_store)
36
+ if OrderUpdateAttributes.new(@order, order_params).apply
37
+ @order.update!
38
+ respond_with(@order, default_template: :show, status: 201)
39
+ else
40
+ invalid_resource!(@order)
41
+ end
42
+ end
32
43
  end
33
44
 
34
45
  def empty
@@ -17,6 +17,7 @@ module Spree
17
17
  end
18
18
 
19
19
  def create
20
+ @order.validate_payments_attributes(payment_params)
20
21
  @payment = PaymentCreate.new(@order, payment_params).build
21
22
  if @payment.save
22
23
  respond_with(@payment, status: 201, default_template: :show)
@@ -163,6 +163,19 @@ module Spree
163
163
  expect(response.status).to eq(200)
164
164
  end
165
165
 
166
+ context "with disallowed payment method" do
167
+ it "returns not found" do
168
+ order.update_column(:state, "payment")
169
+ allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
170
+ @payment_method.update!(display_on: "back_end")
171
+ expect {
172
+ api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
173
+ }.not_to change { Spree::Payment.count }
174
+ expect(response.status).to eq(404)
175
+ end
176
+ end
177
+
178
+
166
179
  it "returns errors when source is required and missing" do
167
180
  order.update_column(:state, "payment")
168
181
  api_put :update, :id => order.to_param, :order_token => order.guest_token,
@@ -29,46 +29,62 @@ module Spree
29
29
 
30
30
  describe "POST create" do
31
31
  let(:target_user) { create :user }
32
- let(:date_override) { 3.days.ago }
32
+ let(:date_override) { Time.parse('2015-01-01') }
33
+ let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
33
34
 
34
- before do
35
- allow_any_instance_of(Spree::Ability).to receive(:can?).
36
- and_return(true)
37
-
38
- allow_any_instance_of(Spree::Ability).to receive(:can?).
39
- with(:admin, Spree::Order).
40
- and_return(can_admin)
41
-
42
- allow(Spree.user_class).to receive(:find).
43
- with(target_user.id).
44
- and_return(target_user)
45
- end
46
-
47
- subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
35
+ subject { api_post :create, order: attributes }
48
36
 
49
37
  context "when the current user cannot administrate the order" do
50
- let(:can_admin) { false }
38
+ stub_authorization! do |_|
39
+ can :create, Spree::Order
40
+ end
51
41
 
52
42
  it "does not include unpermitted params, or allow overriding the user", focus: true do
53
- expect(Spree::Core::Importer::Order).to receive(:import).
54
- once.
55
- with(current_api_user, { "email" => target_user.email }).
56
- and_call_original
57
43
  subject
44
+ expect(response).to be_success
45
+ order = Spree::Order.last
46
+ expect(order.user).to eq current_api_user
47
+ expect(order.email).to eq target_user.email
58
48
  end
59
49
 
60
50
  it { is_expected.to be_success }
51
+
52
+ context 'creating payment' do
53
+ let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
54
+
55
+ context "with allowed payment method" do
56
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
57
+ it { is_expected.to be_success }
58
+ it "creates a payment" do
59
+ expect {
60
+ subject
61
+ }.to change { Spree::Payment.count }.by(1)
62
+ end
63
+ end
64
+
65
+ context "with disallowed payment method" do
66
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
67
+ it { is_expected.to be_not_found }
68
+ it "creates no payments" do
69
+ expect {
70
+ subject
71
+ }.not_to change { Spree::Payment.count }
72
+ end
73
+ end
74
+ end
61
75
  end
62
76
 
63
77
  context "when the current user can administrate the order" do
64
- let(:can_admin) { true }
78
+ stub_authorization! do |_|
79
+ can [:admin, :create], Spree::Order
80
+ end
65
81
 
66
82
  it "it permits all params and allows overriding the user" do
67
- expect(Spree::Core::Importer::Order).to receive(:import).
68
- once.
69
- with(target_user, { "user_id" => target_user.id, "created_at" => date_override, "email" => target_user.email}).
70
- and_call_original
71
83
  subject
84
+ order = Spree::Order.last
85
+ expect(order.user).to eq target_user
86
+ expect(order.email).to eq target_user.email
87
+ expect(order.created_at).to eq date_override
72
88
  end
73
89
 
74
90
  it { is_expected.to be_success }
@@ -81,41 +97,65 @@ module Spree
81
97
  let(:can_admin) { false }
82
98
  subject { api_put :update, id: order.to_param, order: order_params }
83
99
 
84
- before do
85
- allow_any_instance_of(Spree::Ability).to receive(:can?).
86
- and_return(true)
100
+ context "when the user cannot administer the order" do
101
+ stub_authorization! do |_|
102
+ can [:update], Spree::Order
103
+ end
87
104
 
88
- allow(Spree::Order).to receive(:find_by!).
89
- with(number: order.number).
90
- and_return(order)
105
+ it "updates the user's email" do
106
+ expect {
107
+ subject
108
+ }.to change { order.reload.email }.to("foo@foobar.com")
109
+ end
91
110
 
92
- allow(Spree.user_class).to receive(:find).
93
- with(user.id).
94
- and_return(user)
111
+ it { is_expected.to be_success }
95
112
 
96
- allow_any_instance_of(Spree::Ability).to receive(:can?).
97
- with(:admin, Spree::Order).
98
- and_return(can_admin)
99
- end
113
+ it "does not associate users" do
114
+ expect {
115
+ subject
116
+ }.not_to change { order.reload.user }
117
+ end
100
118
 
101
- it "updates the cart contents" do
102
- expect(order.contents).to receive(:update_cart).
103
- once.
104
- with({"email" => "foo@foobar.com"})
105
- subject
106
- end
119
+ it "does not change forbidden attributes" do
120
+ expect {
121
+ subject
122
+ }.to_not change{ order.reload.number }
123
+ end
124
+
125
+ context 'creating payment' do
126
+ let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
127
+
128
+ context "with allowed payment method" do
129
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
130
+ it { is_expected.to be_success }
131
+ it "creates a payment" do
132
+ expect {
133
+ subject
134
+ }.to change { Spree::Payment.count }.by(1)
135
+ end
136
+ end
107
137
 
108
- it { is_expected.to be_success }
138
+ context "with disallowed payment method" do
139
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
140
+ it { is_expected.to be_not_found }
141
+ it "creates no payments" do
142
+ expect {
143
+ subject
144
+ }.not_to change { Spree::Payment.count }
145
+ end
146
+ end
147
+ end
148
+ end
109
149
 
110
150
  context "when the user can administer the order" do
111
- let(:can_admin) { true }
151
+ stub_authorization! do |_|
152
+ can [:admin, :update], Spree::Order
153
+ end
112
154
 
113
155
  it "will associate users" do
114
- expect(order).to receive(:associate_user!).
115
- once.
116
- with(user)
117
-
118
- subject
156
+ expect {
157
+ subject
158
+ }.to change { order.reload.user }.to(user)
119
159
  end
120
160
 
121
161
  it "updates the otherwise forbidden attributes" do
@@ -123,17 +163,6 @@ module Spree
123
163
  to("anothernumber")
124
164
  end
125
165
  end
126
-
127
- context "when the user cannot administer the order" do
128
- it "does not associate users" do
129
- expect(order).to_not receive(:associate_user!)
130
- subject
131
- end
132
-
133
- it "does not change forbidden attributes" do
134
- expect{subject}.to_not change{order.reload.number}
135
- end
136
- end
137
166
  end
138
167
 
139
168
  it "cannot view all orders" do
@@ -352,16 +381,13 @@ module Spree
352
381
 
353
382
  # Regression test for https://github.com/spree/spree/issues/3404
354
383
  it "can specify additional parameters for a line item" do
355
- expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
356
- allow(order).to receive(:associate_user!)
357
- allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
358
- expect(line_item).to receive(:update_attributes!).with("special" => true)
384
+ expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
359
385
 
360
386
  allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
361
387
  api_post :create, :order => {
362
388
  :line_items => {
363
389
  "0" => {
364
- :variant_id => variant.to_param, :quantity => 5, :special => true
390
+ variant_id: variant.to_param, quantity: 5, special: "foo"
365
391
  }
366
392
  }
367
393
  }
@@ -43,6 +43,17 @@ module Spree
43
43
  expect(response.status).to eq(201)
44
44
  expect(json_response).to have_attributes(attributes)
45
45
  end
46
+
47
+ context "disallowed payment method" do
48
+ it "does not create a new payment" do
49
+ PaymentMethod.first.update!(display_on: "back_end")
50
+
51
+ expect {
52
+ api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
53
+ }.not_to change { Spree::Payment.count }
54
+ expect(response.status).to eq(404)
55
+ end
56
+ end
46
57
  end
47
58
 
48
59
  context "payment source is required" do
data/spec/spec_helper.rb CHANGED
@@ -30,6 +30,7 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
30
30
 
31
31
  require 'spree/testing_support/factories'
32
32
  require 'spree/testing_support/preferences'
33
+ require 'spree/testing_support/authorization_helpers'
33
34
 
34
35
  require 'spree/api/testing_support/caching'
35
36
  require 'spree/api/testing_support/helpers'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.2
4
+ version: 1.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-03-07 00:00:00.000000000 Z
11
+ date: 2017-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 1.2.2
19
+ version: 1.2.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 1.2.2
26
+ version: 1.2.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rabl
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
284
  version: '0'
285
285
  requirements: []
286
286
  rubyforge_project:
287
- rubygems_version: 2.5.1
287
+ rubygems_version: 2.6.11
288
288
  signing_key:
289
289
  specification_version: 4
290
290
  summary: REST API for the Solidus e-commerce framework.