solidus_api 1.3.1 → 1.3.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of solidus_api might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0151d8d011e044c1ee66aae7811efaed558e67c5
4
- data.tar.gz: ee702076de1136d7822c6b4e9bcbd0057609b0cb
3
+ metadata.gz: d04f6cc4456a153fc293ddd59af262eb561d73b8
4
+ data.tar.gz: b526820b388b52a98e5157fe951ea6ef4b513054
5
5
  SHA512:
6
- metadata.gz: 481a2dc7a2f32d95a63f9af041c388784d1875e57b17862b0f82cfbd38bf6e87dc4ab3ac48ac237233623709f952703a87264fdd31d5f7ff4986feb647686f45
7
- data.tar.gz: 33f6020e751514c6662eb484f84d80d29296b13194101b7f9a823fddd8e02fd37538369055f5f9a05abe4f347665f92adef9c565cbeb3d7d9caad7953a97cf19
6
+ metadata.gz: a23afc17baf4b4d8c7a91c26190e687e864d07b42a40114bba65e4203464efbff6c6a4bcda307d5de80bef96fab26d4f63f4d3d9713661cb5e3acddcdf190ff0
7
+ data.tar.gz: 12c43e774fb74191066715d16327609888c87220119581f2bc53358b412a95c317fa277d4d4fe02b0a6aefbcd91093d5b1edba2ef2063d330d5b1a86ea0832eb
@@ -27,8 +27,18 @@ module Spree
27
27
 
28
28
  def create
29
29
  authorize! :create, Order
30
- @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
31
- respond_with(@order, default_template: :show, status: 201)
30
+
31
+ if can?(:admin, Order)
32
+ @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
33
+ respond_with(@order, default_template: :show, status: 201)
34
+ else
35
+ @order = Spree::Order.create!(user: current_api_user, store: current_store)
36
+ if OrderUpdateAttributes.new(@order, order_params).apply
37
+ respond_with(@order, default_template: :show, status: 201)
38
+ else
39
+ invalid_resource!(@order)
40
+ end
41
+ end
32
42
  end
33
43
 
34
44
  def empty
@@ -16,6 +16,7 @@ module Spree
16
16
  end
17
17
 
18
18
  def create
19
+ @order.validate_payments_attributes(payment_params)
19
20
  @payment = PaymentCreate.new(@order, payment_params).build
20
21
  if @payment.save
21
22
  respond_with(@payment, status: 201, default_template: :show)
@@ -163,6 +163,19 @@ module Spree
163
163
  expect(response.status).to eq(200)
164
164
  end
165
165
 
166
+ context "with disallowed payment method" do
167
+ it "returns not found" do
168
+ order.update_column(:state, "payment")
169
+ allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
170
+ @payment_method.update!(display_on: "back_end")
171
+ expect {
172
+ api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
173
+ }.not_to change { Spree::Payment.count }
174
+ expect(response.status).to eq(404)
175
+ end
176
+ end
177
+
178
+
166
179
  it "returns errors when source is required and missing" do
167
180
  order.update_column(:state, "payment")
168
181
  api_put :update, id: order.to_param, order_token: order.guest_token,
@@ -31,46 +31,62 @@ module Spree
31
31
 
32
32
  describe "POST create" do
33
33
  let(:target_user) { create :user }
34
- let(:date_override) { 3.days.ago }
34
+ let(:date_override) { Time.parse('2015-01-01') }
35
+ let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
35
36
 
36
- before do
37
- allow_any_instance_of(Spree::Ability).to receive(:can?).
38
- and_return(true)
39
-
40
- allow_any_instance_of(Spree::Ability).to receive(:can?).
41
- with(:admin, Spree::Order).
42
- and_return(can_admin)
43
-
44
- allow(Spree.user_class).to receive(:find).
45
- with(target_user.id).
46
- and_return(target_user)
47
- end
48
-
49
- subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
37
+ subject { api_post :create, order: attributes }
50
38
 
51
39
  context "when the current user cannot administrate the order" do
52
- let(:can_admin) { false }
40
+ stub_authorization! do |_|
41
+ can :create, Spree::Order
42
+ end
53
43
 
54
44
  it "does not include unpermitted params, or allow overriding the user", focus: true do
55
- expect(Spree::Core::Importer::Order).to receive(:import).
56
- once.
57
- with(current_api_user, { "email" => target_user.email }).
58
- and_call_original
59
45
  subject
46
+ expect(response).to be_success
47
+ order = Spree::Order.last
48
+ expect(order.user).to eq current_api_user
49
+ expect(order.email).to eq target_user.email
60
50
  end
61
51
 
62
52
  it { is_expected.to be_success }
53
+
54
+ context 'creating payment' do
55
+ let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
56
+
57
+ context "with allowed payment method" do
58
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
59
+ it { is_expected.to be_success }
60
+ it "creates a payment" do
61
+ expect {
62
+ subject
63
+ }.to change { Spree::Payment.count }.by(1)
64
+ end
65
+ end
66
+
67
+ context "with disallowed payment method" do
68
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
69
+ it { is_expected.to be_not_found }
70
+ it "creates no payments" do
71
+ expect {
72
+ subject
73
+ }.not_to change { Spree::Payment.count }
74
+ end
75
+ end
76
+ end
63
77
  end
64
78
 
65
79
  context "when the current user can administrate the order" do
66
- let(:can_admin) { true }
80
+ stub_authorization! do |_|
81
+ can [:admin, :create], Spree::Order
82
+ end
67
83
 
68
84
  it "it permits all params and allows overriding the user" do
69
- expect(Spree::Core::Importer::Order).to receive(:import).
70
- once.
71
- with(target_user, { "user_id" => target_user.id, "created_at" => date_override, "email" => target_user.email }).
72
- and_call_original
73
85
  subject
86
+ order = Spree::Order.last
87
+ expect(order.user).to eq target_user
88
+ expect(order.email).to eq target_user.email
89
+ expect(order.created_at).to eq date_override
74
90
  end
75
91
 
76
92
  it { is_expected.to be_success }
@@ -83,41 +99,65 @@ module Spree
83
99
  let(:can_admin) { false }
84
100
  subject { api_put :update, id: order.to_param, order: order_params }
85
101
 
86
- before do
87
- allow_any_instance_of(Spree::Ability).to receive(:can?).
88
- and_return(true)
102
+ context "when the user cannot administer the order" do
103
+ stub_authorization! do |_|
104
+ can [:update], Spree::Order
105
+ end
89
106
 
90
- allow(Spree::Order).to receive(:find_by!).
91
- with(number: order.number).
92
- and_return(order)
107
+ it "updates the user's email" do
108
+ expect {
109
+ subject
110
+ }.to change { order.reload.email }.to("foo@foobar.com")
111
+ end
93
112
 
94
- allow(Spree.user_class).to receive(:find).
95
- with(user.id).
96
- and_return(user)
113
+ it { is_expected.to be_success }
97
114
 
98
- allow_any_instance_of(Spree::Ability).to receive(:can?).
99
- with(:admin, Spree::Order).
100
- and_return(can_admin)
101
- end
115
+ it "does not associate users" do
116
+ expect {
117
+ subject
118
+ }.not_to change { order.reload.user }
119
+ end
102
120
 
103
- it "updates the cart contents" do
104
- expect(order.contents).to receive(:update_cart).
105
- once.
106
- with({ "email" => "foo@foobar.com" })
107
- subject
108
- end
121
+ it "does not change forbidden attributes" do
122
+ expect {
123
+ subject
124
+ }.to_not change{ order.reload.number }
125
+ end
126
+
127
+ context 'creating payment' do
128
+ let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
129
+
130
+ context "with allowed payment method" do
131
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
132
+ it { is_expected.to be_success }
133
+ it "creates a payment" do
134
+ expect {
135
+ subject
136
+ }.to change { Spree::Payment.count }.by(1)
137
+ end
138
+ end
109
139
 
110
- it { is_expected.to be_success }
140
+ context "with disallowed payment method" do
141
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
142
+ it { is_expected.to be_not_found }
143
+ it "creates no payments" do
144
+ expect {
145
+ subject
146
+ }.not_to change { Spree::Payment.count }
147
+ end
148
+ end
149
+ end
150
+ end
111
151
 
112
152
  context "when the user can administer the order" do
113
- let(:can_admin) { true }
153
+ stub_authorization! do |_|
154
+ can [:admin, :update], Spree::Order
155
+ end
114
156
 
115
157
  it "will associate users" do
116
- expect(order).to receive(:associate_user!).
117
- once.
118
- with(user)
119
-
120
- subject
158
+ expect {
159
+ subject
160
+ }.to change { order.reload.user }.to(user)
121
161
  end
122
162
 
123
163
  it "updates the otherwise forbidden attributes" do
@@ -125,17 +165,6 @@ module Spree
125
165
  to("anothernumber")
126
166
  end
127
167
  end
128
-
129
- context "when the user cannot administer the order" do
130
- it "does not associate users" do
131
- expect(order).to_not receive(:associate_user!)
132
- subject
133
- end
134
-
135
- it "does not change forbidden attributes" do
136
- expect{ subject }.to_not change{ order.reload.number }
137
- end
138
- end
139
168
  end
140
169
 
141
170
  it "cannot view all orders" do
@@ -354,16 +383,13 @@ module Spree
354
383
 
355
384
  # Regression test for https://github.com/spree/spree/issues/3404
356
385
  it "can specify additional parameters for a line item" do
357
- expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
358
- allow(order).to receive(:associate_user!)
359
- allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
360
- expect(line_item).to receive(:update_attributes!).with("special" => true)
386
+ expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
361
387
 
362
388
  allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
363
389
  api_post :create, order: {
364
390
  line_items: {
365
391
  "0" => {
366
- variant_id: variant.to_param, quantity: 5, special: true
392
+ variant_id: variant.to_param, quantity: 5, special: "foo"
367
393
  }
368
394
  }
369
395
  }
@@ -45,6 +45,17 @@ module Spree
45
45
  expect(response.status).to eq(201)
46
46
  expect(json_response).to have_attributes(attributes)
47
47
  end
48
+
49
+ context "disallowed payment method" do
50
+ it "does not create a new payment" do
51
+ PaymentMethod.first.update!(display_on: "back_end")
52
+
53
+ expect {
54
+ api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
55
+ }.not_to change { Spree::Payment.count }
56
+ expect(response.status).to eq(404)
57
+ end
58
+ end
48
59
  end
49
60
 
50
61
  context "payment source is required" do
data/spec/spec_helper.rb CHANGED
@@ -30,6 +30,7 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each { |f| require f }
30
30
 
31
31
  require 'spree/testing_support/factories'
32
32
  require 'spree/testing_support/preferences'
33
+ require 'spree/testing_support/authorization_helpers'
33
34
 
34
35
  require 'spree/api/testing_support/caching'
35
36
  require 'spree/api/testing_support/helpers'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
4
+ version: 1.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-06 00:00:00.000000000 Z
11
+ date: 2017-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 1.3.1
19
+ version: 1.3.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 1.3.1
26
+ version: 1.3.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rabl
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -283,7 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
283
283
  version: '0'
284
284
  requirements: []
285
285
  rubyforge_project:
286
- rubygems_version: 2.5.1
286
+ rubygems_version: 2.6.11
287
287
  signing_key:
288
288
  specification_version: 4
289
289
  summary: REST API for the Solidus e-commerce framework.