RubyGems - solidus_api - Versions diffs - 2.0.2 → 2.0.3 - Mend

solidus_api 2.0.2 → 2.0.3

Potentially problematic release.

This version of solidus_api might be problematic. Click here for more details.

Files changed (7) hide show

checksums.yaml +4 -4
data/app/controllers/spree/api/orders_controller.rb +12 -2
data/app/controllers/spree/api/payments_controller.rb +1 -0
data/spec/controllers/spree/api/checkouts_controller_spec.rb +13 -0
data/spec/controllers/spree/api/orders_controller_spec.rb +52 -5
data/spec/controllers/spree/api/payments_controller_spec.rb +11 -0
metadata +4 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6e09e5243261387fe313f353024f268327a5db42
-  data.tar.gz: 9b90f3f2a3d9970b02fc535b780f74e3b6ec8a5c
+  metadata.gz: 78fbd4104f28d1ed8a435048a2ee5eb5028447e7
+  data.tar.gz: 75f60c3749c6be95085b9a9c0f97c46329cb6067
 SHA512:
-  metadata.gz: bbf42a1e599ef926b89e5fd6fdcd6426b827f04558e58d9e004948d78fd01dfe6ad480cda2eaedb49df4a50284193de0682a8a9b51c2e93cc371eb8f60511bd4
-  data.tar.gz: 4c9e17cdd43d161b84b95215402c9e1be146e5eace063b0c7632a977cb23cebbf3632821f7cc11283be95fa688132076d1ca7de822b4a5373b4dc2860dff0717
+  metadata.gz: c6f8c12cfcf3b7a8ea41c49d6e97b1cfe53057fdd9b848902abfd7e6e0a9bcdabc8fa64bb4724b17f522794d5405a0d6563ffb04d67044f3af4a4db675734c0f
+  data.tar.gz: 38cc8c501733db05e285e01c309f3ea5c5a0fa9050c4578d9bc42548853e26cabf4ba51a37d12d4b81106336f0edb88d0fe2366e2553c01413da1c3cbceb8bf6

data/app/controllers/spree/api/orders_controller.rb CHANGED

@@ -27,8 +27,18 @@ module Spree
       def create
         authorize! :create, Order
-        @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
-        respond_with(@order, default_template: :show, status: 201)
+        if can?(:admin, Order)
+          @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
+          respond_with(@order, default_template: :show, status: 201)
+        else
+          @order = Spree::Order.create!(user: current_api_user, store: current_store)
+          if OrderUpdateAttributes.new(@order, order_params).apply
+            respond_with(@order, default_template: :show, status: 201)
+          else
+            invalid_resource!(@order)
+          end
+        end
       end
       def empty

data/app/controllers/spree/api/payments_controller.rb CHANGED

@@ -16,6 +16,7 @@ module Spree
       end
       def create
+        @order.validate_payments_attributes(payment_params)
         @payment = PaymentCreate.new(@order, payment_params).build
         if @payment.save
           respond_with(@payment, status: 201, default_template: :show)

data/spec/controllers/spree/api/checkouts_controller_spec.rb CHANGED

@@ -163,6 +163,19 @@ module Spree
         expect(response.status).to eq(200)
       end
+      context "with disallowed payment method" do
+        it "returns not found" do
+          order.update_column(:state, "payment")
+          allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
+          @payment_method.update!(display_on: "back_end")
+          expect {
+            api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
+          }.not_to change { Spree::Payment.count }
+          expect(response.status).to eq(404)
+        end
+      end
       it "returns errors when source is required and missing" do
         order.update_column(:state, "payment")
         api_put :update, id: order.to_param, order_token: order.guest_token,

data/spec/controllers/spree/api/orders_controller_spec.rb CHANGED

@@ -32,8 +32,9 @@ module Spree
     describe "POST create" do
       let(:target_user) { create :user }
       let(:date_override) { Time.parse('2015-01-01') }
+      let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
-      subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
+      subject { api_post :create, order: attributes }
       context "when the current user cannot administrate the order" do
         stub_authorization! do |_|
@@ -42,12 +43,37 @@ module Spree
         it "does not include unpermitted params, or allow overriding the user", focus: true do
           subject
+          expect(response).to be_success
           order = Spree::Order.last
           expect(order.user).to eq current_api_user
           expect(order.email).to eq target_user.email
         end
         it { is_expected.to be_success }
+        context 'creating payment' do
+          let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
+          context "with allowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
+            it { is_expected.to be_success }
+            it "creates a payment" do
+              expect {
+                subject
+              }.to change { Spree::Payment.count }.by(1)
+            end
+          end
+          context "with disallowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
+            it { is_expected.to be_not_found }
+            it "creates no payments" do
+              expect {
+                subject
+              }.not_to change { Spree::Payment.count }
+            end
+          end
+        end
       end
       context "when the current user can administrate the order" do
@@ -97,6 +123,30 @@ module Spree
             subject
           }.to_not change{ order.reload.number }
         end
+        context 'creating payment' do
+          let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
+          context "with allowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
+            it { is_expected.to be_success }
+            it "creates a payment" do
+              expect {
+                subject
+              }.to change { Spree::Payment.count }.by(1)
+            end
+          end
+          context "with disallowed payment method" do
+            let!(:payment_method) { create(:check_payment_method, name: "forbidden", display_on: "back_end") }
+            it { is_expected.to be_not_found }
+            it "creates no payments" do
+              expect {
+                subject
+              }.not_to change { Spree::Payment.count }
+            end
+          end
+        end
       end
       context "when the user can administer the order" do
@@ -333,10 +383,7 @@ module Spree
     # Regression test for https://github.com/spree/spree/issues/3404
     it "can specify additional parameters for a line item" do
-      expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
-      allow(order).to receive(:associate_user!)
-      allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
-      expect(line_item).to receive(:update_attributes!).with(hash_including("special" => "foo"))
+      expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
       allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
       api_post :create, order: {

data/spec/controllers/spree/api/payments_controller_spec.rb CHANGED

@@ -45,6 +45,17 @@ module Spree
             expect(response.status).to eq(201)
             expect(json_response).to have_attributes(attributes)
           end
+          context "disallowed payment method" do
+            it "does not create a new payment" do
+              PaymentMethod.first.update!(display_on: "back_end")
+              expect {
+                api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
+              }.not_to change { Spree::Payment.count }
+              expect(response.status).to eq(404)
+            end
+          end
         end
         context "payment source is required" do

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_api
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.3
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-08 00:00:00.000000000 Z
+date: 2017-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: 2.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: 2.0.3
 - !ruby/object:Gem::Dependency
   name: rabl
   requirement: !ruby/object:Gem::Requirement