solidus_api 2.2.1 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of solidus_api might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/orders_controller.rb +12 -2
  3. data/app/controllers/spree/api/payments_controller.rb +1 -0
  4. data/spec/controllers/spree/api/checkouts_controller_spec.rb +13 -0
  5. data/spec/controllers/spree/api/orders_controller_spec.rb +52 -5
  6. data/spec/controllers/spree/api/payments_controller_spec.rb +11 -0
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6c27f1cbd12fbfc2f1588265d427fda10aac79dc
4
- data.tar.gz: 33689199fb8f385a903645829f0b2805448dc2b9
3
+ metadata.gz: 9bf090ca7d6dce9405c4514004a088dffe253498
4
+ data.tar.gz: 59d40cff4dc3259b807d908b0cb3b8f23c74561d
5
5
  SHA512:
6
- metadata.gz: 9430517a04af0a859a55e627496791184b50177b0f7b4a93138e81ec448b87b21e646b0f297186fd5d548ec52f79ea6ceee724f1bbb8aad5304deec061804567
7
- data.tar.gz: 84d6992a692b32f60c2776019869088db6d78ab1a694ea5469cd4a87c931a2db6166241a322bbe5cb955266a48416b27885a33b5dd30da389766bdb7c82da374
6
+ metadata.gz: 1d6706de3c8ca25c4b136b531198faa318011731298ce37826f0ad9ee9c0ed869f579666c73966ae3b69c95fce7e163cddcdea33970ae06ddc89c869db83f02f
7
+ data.tar.gz: 6caefd25b36f1e933ec25597c565243fafc00c821100e4481a384fd12351783bfff379cd2e067c7c0f6d2f8a02f33247e4be10dd5d4aba9cf09f2894c29d1bb0
data/app/controllers/spree/api/orders_controller.rb CHANGED
@@ -27,8 +27,18 @@ module Spree
27
27
 
28
28
  def create
29
29
  authorize! :create, Order
30
- @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
31
- respond_with(@order, default_template: :show, status: 201)
30
+
31
+ if can?(:admin, Order)
32
+ @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
33
+ respond_with(@order, default_template: :show, status: 201)
34
+ else
35
+ @order = Spree::Order.create!(user: current_api_user, store: current_store)
36
+ if OrderUpdateAttributes.new(@order, order_params).apply
37
+ respond_with(@order, default_template: :show, status: 201)
38
+ else
39
+ invalid_resource!(@order)
40
+ end
41
+ end
32
42
  end
33
43
 
34
44
  def empty
data/app/controllers/spree/api/payments_controller.rb CHANGED
@@ -16,6 +16,7 @@ module Spree
16
16
  end
17
17
 
18
18
  def create
19
+ @order.validate_payments_attributes(payment_params)
19
20
  @payment = PaymentCreate.new(@order, payment_params).build
20
21
  if @payment.save
21
22
  respond_with(@payment, status: 201, default_template: :show)
data/spec/controllers/spree/api/checkouts_controller_spec.rb CHANGED
@@ -163,6 +163,19 @@ module Spree
163
163
  expect(response.status).to eq(200)
164
164
  end
165
165
 
166
+ context "with disallowed payment method" do
167
+ it "returns not found" do
168
+ order.update_column(:state, "payment")
169
+ allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
170
+ @payment_method.update!(available_to_users: false)
171
+ expect {
172
+ api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
173
+ }.not_to change { Spree::Payment.count }
174
+ expect(response.status).to eq(404)
175
+ end
176
+ end
177
+
178
+
166
179
  it "returns errors when source is required and missing" do
167
180
  order.update_column(:state, "payment")
168
181
  api_put :update, id: order.to_param, order_token: order.guest_token,
data/spec/controllers/spree/api/orders_controller_spec.rb CHANGED
@@ -32,8 +32,9 @@ module Spree
32
32
  describe "POST create" do
33
33
  let(:target_user) { create :user }
34
34
  let(:date_override) { Time.parse('2015-01-01') }
35
+ let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
35
36
 
36
- subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
37
+ subject { api_post :create, order: attributes }
37
38
 
38
39
  context "when the current user cannot administrate the order" do
39
40
  stub_authorization! do |_|
@@ -42,12 +43,37 @@ module Spree
42
43
 
43
44
  it "does not include unpermitted params, or allow overriding the user", focus: true do
44
45
  subject
46
+ expect(response).to be_success
45
47
  order = Spree::Order.last
46
48
  expect(order.user).to eq current_api_user
47
49
  expect(order.email).to eq target_user.email
48
50
  end
49
51
 
50
52
  it { is_expected.to be_success }
53
+
54
+ context 'creating payment' do
55
+ let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
56
+
57
+ context "with allowed payment method" do
58
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
59
+ it { is_expected.to be_success }
60
+ it "creates a payment" do
61
+ expect {
62
+ subject
63
+ }.to change { Spree::Payment.count }.by(1)
64
+ end
65
+ end
66
+
67
+ context "with disallowed payment method" do
68
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", available_to_users: false) }
69
+ it { is_expected.to be_not_found }
70
+ it "creates no payments" do
71
+ expect {
72
+ subject
73
+ }.not_to change { Spree::Payment.count }
74
+ end
75
+ end
76
+ end
51
77
  end
52
78
 
53
79
  context "when the current user can administrate the order" do
@@ -97,6 +123,30 @@ module Spree
97
123
  subject
98
124
  }.to_not change{ order.reload.number }
99
125
  end
126
+
127
+ context 'creating payment' do
128
+ let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
129
+
130
+ context "with allowed payment method" do
131
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
132
+ it { is_expected.to be_success }
133
+ it "creates a payment" do
134
+ expect {
135
+ subject
136
+ }.to change { Spree::Payment.count }.by(1)
137
+ end
138
+ end
139
+
140
+ context "with disallowed payment method" do
141
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", available_to_users: false) }
142
+ it { is_expected.to be_not_found }
143
+ it "creates no payments" do
144
+ expect {
145
+ subject
146
+ }.not_to change { Spree::Payment.count }
147
+ end
148
+ end
149
+ end
100
150
  end
101
151
 
102
152
  context "when the user can administer the order" do
@@ -333,10 +383,7 @@ module Spree
333
383
 
334
384
  # Regression test for https://github.com/spree/spree/issues/3404
335
385
  it "can specify additional parameters for a line item" do
336
- expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
337
- allow(order).to receive(:associate_user!)
338
- allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
339
- expect(line_item).to receive(:update_attributes!).with(hash_including("special" => "foo"))
386
+ expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
340
387
 
341
388
  allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
342
389
  api_post :create, order: {
data/spec/controllers/spree/api/payments_controller_spec.rb CHANGED
@@ -45,6 +45,17 @@ module Spree
45
45
  expect(response.status).to eq(201)
46
46
  expect(json_response).to have_attributes(attributes)
47
47
  end
48
+
49
+ context "disallowed payment method" do
50
+ it "does not create a new payment" do
51
+ PaymentMethod.first.update!(available_to_users: false)
52
+
53
+ expect {
54
+ api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
55
+ }.not_to change { Spree::Payment.count }
56
+ expect(response.status).to eq(404)
57
+ end
58
+ end
48
59
  end
49
60
 
50
61
  context "payment source is required" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-05-09 00:00:00.000000000 Z
11
+ date: 2017-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.2.1
19
+ version: 2.2.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.2.1
26
+ version: 2.2.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rabl
29
29
  requirement: !ruby/object:Gem::Requirement