RubyGems - solidus_api - Versions diffs - 1.3.1 → 1.3.2 - Mend

solidus_api 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of solidus_api might be problematic. Click here for more details.

Files changed (8) hide show

checksums.yaml +4 -4
data/app/controllers/spree/api/orders_controller.rb +12 -2
data/app/controllers/spree/api/payments_controller.rb +1 -0
data/spec/controllers/spree/api/checkouts_controller_spec.rb +13 -0
data/spec/controllers/spree/api/orders_controller_spec.rb +93 -67
data/spec/controllers/spree/api/payments_controller_spec.rb +11 -0
data/spec/spec_helper.rb +1 -0
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0151d8d011e044c1ee66aae7811efaed558e67c5
-  data.tar.gz: ee702076de1136d7822c6b4e9bcbd0057609b0cb
+  metadata.gz: d04f6cc4456a153fc293ddd59af262eb561d73b8
+  data.tar.gz: b526820b388b52a98e5157fe951ea6ef4b513054
 SHA512:
-  metadata.gz: 481a2dc7a2f32d95a63f9af041c388784d1875e57b17862b0f82cfbd38bf6e87dc4ab3ac48ac237233623709f952703a87264fdd31d5f7ff4986feb647686f45
-  data.tar.gz: 33f6020e751514c6662eb484f84d80d29296b13194101b7f9a823fddd8e02fd37538369055f5f9a05abe4f347665f92adef9c565cbeb3d7d9caad7953a97cf19
+  metadata.gz: a23afc17baf4b4d8c7a91c26190e687e864d07b42a40114bba65e4203464efbff6c6a4bcda307d5de80bef96fab26d4f63f4d3d9713661cb5e3acddcdf190ff0
+  data.tar.gz: 12c43e774fb74191066715d16327609888c87220119581f2bc53358b412a95c317fa277d4d4fe02b0a6aefbcd91093d5b1edba2ef2063d330d5b1a86ea0832eb

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -27,8 +27,18 @@ module Spree
       def create
         authorize! :create, Order
-        @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
-        respond_with(@order, default_template: :show, status: 201)
+        if can?(:admin, Order)
+          @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
+          respond_with(@order, default_template: :show, status: 201)
+        else
+          @order = Spree::Order.create!(user: current_api_user, store: current_store)
+          if OrderUpdateAttributes.new(@order, order_params).apply
+            respond_with(@order, default_template: :show, status: 201)
+          else
+            invalid_resource!(@order)
+          end
+        end
       end
       def empty

data/app/controllers/spree/api/payments_controller.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module Spree
       end
       def create
+        @order.validate_payments_attributes(payment_params)
         @payment = PaymentCreate.new(@order, payment_params).build
         if @payment.save
           respond_with(@payment, status: 201, default_template: :show)

data/spec/controllers/spree/api/checkouts_controller_spec.rb CHANGED Viewed

@@ -163,6 +163,19 @@ module Spree
         expect(response.status).to eq(200)
       end
+      context "with disallowed payment method" do
+        it "returns not found" do
+          order.update_column(:state, "payment")
+          allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
+          @payment_method.update!(display_on: "back_end")
+          expect {
+            api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
+          }.not_to change { Spree::Payment.count }
+          expect(response.status).to eq(404)
+        end
+      end
       it "returns errors when source is required and missing" do
         order.update_column(:state, "payment")
         api_put :update, id: order.to_param, order_token: order.guest_token,

data/spec/controllers/spree/api/orders_controller_spec.rb CHANGED Viewed

@@ -31,46 +31,62 @@ module Spree
     describe "POST create" do
       let(:target_user) { create :user }
-      let(:date_override) { 3.days.ago }
+      let(:date_override) { Time.parse('2015-01-01') }
+      let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
-      before do
-        allow_any_instance_of(Spree::Ability).to receive(:can?).
-          and_return(true)
-        allow_any_instance_of(Spree::Ability).to receive(:can?).
-          with(:admin, Spree::Order).
-          and_return(can_admin)
-        allow(Spree.user_class).to receive(:find).
-          with(target_user.id).
-          and_return(target_user)
-      end
-      subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
+      subject { api_post :create, order: attributes }
       context "when the current user cannot administrate the order" do
-        let(:can_admin) { false }
+        stub_authorization! do |_|
+          can :create, Spree::Order
+        end
         it "does not include unpermitted params, or allow overriding the user", focus: true do
-          expect(Spree::Core::Importer::Order).to receive(:import).
-            once.
-            with(current_api_user, { "email" => target_user.email }).
-            and_call_original
           subject
+          expect(response).to be_success
+          order = Spree::Order.last
+          expect(order.user).to eq current_api_user
+          expect(order.email).to eq target_user.email
         end
         it { is_expected.to be_success }
+        context 'creating payment' do
+          let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
+          context "with allowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
+            it { is_expected.to be_success }
+            it "creates a payment" do
+              expect {
+                subject
+              }.to change { Spree::Payment.count }.by(1)
+            end
+          end
+          context "with disallowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
+            it { is_expected.to be_not_found }
+            it "creates no payments" do
+              expect {
+                subject
+              }.not_to change { Spree::Payment.count }
+            end
+          end
+        end
       end
       context "when the current user can administrate the order" do
-        let(:can_admin) { true }
+        stub_authorization! do |_|
+          can [:admin, :create], Spree::Order
+        end
         it "it permits all params and allows overriding the user" do
-          expect(Spree::Core::Importer::Order).to receive(:import).
-            once.
-            with(target_user, { "user_id" => target_user.id, "created_at" => date_override, "email" => target_user.email }).
-            and_call_original
           subject
+          order = Spree::Order.last
+          expect(order.user).to eq target_user
+          expect(order.email).to eq target_user.email
+          expect(order.created_at).to eq date_override
         end
         it { is_expected.to be_success }
@@ -83,41 +99,65 @@ module Spree
       let(:can_admin) { false }
       subject { api_put :update, id: order.to_param, order: order_params }
-      before do
-        allow_any_instance_of(Spree::Ability).to receive(:can?).
-          and_return(true)
+      context "when the user cannot administer the order" do
+        stub_authorization! do |_|
+          can [:update], Spree::Order
+        end
-        allow(Spree::Order).to receive(:find_by!).
-          with(number: order.number).
-          and_return(order)
+        it "updates the user's email" do
+          expect {
+            subject
+          }.to change { order.reload.email }.to("foo@foobar.com")
+        end
-        allow(Spree.user_class).to receive(:find).
-          with(user.id).
-          and_return(user)
+        it { is_expected.to be_success }
-        allow_any_instance_of(Spree::Ability).to receive(:can?).
-          with(:admin, Spree::Order).
-          and_return(can_admin)
-      end
+        it "does not associate users" do
+          expect {
+            subject
+          }.not_to change { order.reload.user }
+        end
-      it "updates the cart contents" do
-        expect(order.contents).to receive(:update_cart).
-          once.
-          with({ "email" => "foo@foobar.com" })
-        subject
-      end
+        it "does not change forbidden attributes" do
+          expect {
+            subject
+          }.to_not change{ order.reload.number }
+        end
+        context 'creating payment' do
+          let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
+          context "with allowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
+            it { is_expected.to be_success }
+            it "creates a payment" do
+              expect {
+                subject
+              }.to change { Spree::Payment.count }.by(1)
+            end
+          end
-      it { is_expected.to be_success }
+          context "with disallowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
+            it { is_expected.to be_not_found }
+            it "creates no payments" do
+              expect {
+                subject
+              }.not_to change { Spree::Payment.count }
+            end
+          end
+        end
+      end
       context "when the user can administer the order" do
-        let(:can_admin) { true }
+        stub_authorization! do |_|
+          can [:admin, :update], Spree::Order
+        end
         it "will associate users" do
-          expect(order).to receive(:associate_user!).
-            once.
-            with(user)
-          subject
+          expect {
+            subject
+          }.to change { order.reload.user }.to(user)
         end
         it "updates the otherwise forbidden attributes" do
@@ -125,17 +165,6 @@ module Spree
             to("anothernumber")
         end
       end
-      context "when the user cannot administer the order" do
-        it "does not associate users" do
-          expect(order).to_not receive(:associate_user!)
-          subject
-        end
-        it "does not change forbidden attributes" do
-          expect{ subject }.to_not change{ order.reload.number }
-        end
-      end
     end
     it "cannot view all orders" do
@@ -354,16 +383,13 @@ module Spree
     # Regression test for https://github.com/spree/spree/issues/3404
     it "can specify additional parameters for a line item" do
-      expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
-      allow(order).to receive(:associate_user!)
-      allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
-      expect(line_item).to receive(:update_attributes!).with("special" => true)
+      expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
       allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
       api_post :create, order: {
         line_items: {
           "0" => {
-            variant_id: variant.to_param, quantity: 5, special: true
+            variant_id: variant.to_param, quantity: 5, special: "foo"
           }
         }
       }

data/spec/controllers/spree/api/payments_controller_spec.rb CHANGED Viewed

@@ -45,6 +45,17 @@ module Spree
             expect(response.status).to eq(201)
             expect(json_response).to have_attributes(attributes)
           end
+          context "disallowed payment method" do
+            it "does not create a new payment" do
+              PaymentMethod.first.update!(display_on: "back_end")
+              expect {
+                api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
+              }.not_to change { Spree::Payment.count }
+              expect(response.status).to eq(404)
+            end
+          end
         end
         context "payment source is required" do

data/spec/spec_helper.rb CHANGED Viewed

@@ -30,6 +30,7 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each { |f| require f }
 require 'spree/testing_support/factories'
 require 'spree/testing_support/preferences'
+require 'spree/testing_support/authorization_helpers'
 require 'spree/api/testing_support/caching'
 require 'spree/api/testing_support/helpers'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_api
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.2
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-07-06 00:00:00.000000000 Z
+date: 2017-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.3.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.3.2
 - !ruby/object:Gem::Dependency
   name: rabl
   requirement: !ruby/object:Gem::Requirement
@@ -283,7 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.6.11
 signing_key:
 specification_version: 4
 summary: REST API for the Solidus e-commerce framework.