solidus_api 2.2.1 → 2.2.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of solidus_api might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/orders_controller.rb +12 -2
  3. data/app/controllers/spree/api/payments_controller.rb +1 -0
  4. data/spec/controllers/spree/api/checkouts_controller_spec.rb +13 -0
  5. data/spec/controllers/spree/api/orders_controller_spec.rb +52 -5
  6. data/spec/controllers/spree/api/payments_controller_spec.rb +11 -0
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6c27f1cbd12fbfc2f1588265d427fda10aac79dc
4
- data.tar.gz: 33689199fb8f385a903645829f0b2805448dc2b9
3
+ metadata.gz: 9bf090ca7d6dce9405c4514004a088dffe253498
4
+ data.tar.gz: 59d40cff4dc3259b807d908b0cb3b8f23c74561d
5
5
  SHA512:
6
- metadata.gz: 9430517a04af0a859a55e627496791184b50177b0f7b4a93138e81ec448b87b21e646b0f297186fd5d548ec52f79ea6ceee724f1bbb8aad5304deec061804567
7
- data.tar.gz: 84d6992a692b32f60c2776019869088db6d78ab1a694ea5469cd4a87c931a2db6166241a322bbe5cb955266a48416b27885a33b5dd30da389766bdb7c82da374
6
+ metadata.gz: 1d6706de3c8ca25c4b136b531198faa318011731298ce37826f0ad9ee9c0ed869f579666c73966ae3b69c95fce7e163cddcdea33970ae06ddc89c869db83f02f
7
+ data.tar.gz: 6caefd25b36f1e933ec25597c565243fafc00c821100e4481a384fd12351783bfff379cd2e067c7c0f6d2f8a02f33247e4be10dd5d4aba9cf09f2894c29d1bb0
data/app/controllers/spree/api/orders_controller.rb CHANGED
@@ -27,8 +27,18 @@ module Spree
27
27
 
28
28
  def create
29
29
  authorize! :create, Order
30
- @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
31
- respond_with(@order, default_template: :show, status: 201)
30
+
31
+ if can?(:admin, Order)
32
+ @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
33
+ respond_with(@order, default_template: :show, status: 201)
34
+ else
35
+ @order = Spree::Order.create!(user: current_api_user, store: current_store)
36
+ if OrderUpdateAttributes.new(@order, order_params).apply
37
+ respond_with(@order, default_template: :show, status: 201)
38
+ else
39
+ invalid_resource!(@order)
40
+ end
41
+ end
32
42
  end
33
43
 
34
44
  def empty
data/app/controllers/spree/api/payments_controller.rb CHANGED
@@ -16,6 +16,7 @@ module Spree
16
16
  end
17
17
 
18
18
  def create
19
+ @order.validate_payments_attributes(payment_params)
19
20
  @payment = PaymentCreate.new(@order, payment_params).build
20
21
  if @payment.save
21
22
  respond_with(@payment, status: 201, default_template: :show)
data/spec/controllers/spree/api/checkouts_controller_spec.rb CHANGED
@@ -163,6 +163,19 @@ module Spree
163
163
  expect(response.status).to eq(200)
164
164
  end
165
165
 
166
+ context "with disallowed payment method" do
167
+ it "returns not found" do
168
+ order.update_column(:state, "payment")
169
+ allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
170
+ @payment_method.update!(available_to_users: false)
171
+ expect {
172
+ api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
173
+ }.not_to change { Spree::Payment.count }
174
+ expect(response.status).to eq(404)
175
+ end
176
+ end
177
+
178
+
166
179
  it "returns errors when source is required and missing" do
167
180
  order.update_column(:state, "payment")
168
181
  api_put :update, id: order.to_param, order_token: order.guest_token,
data/spec/controllers/spree/api/orders_controller_spec.rb CHANGED
@@ -32,8 +32,9 @@ module Spree
32
32
  describe "POST create" do
33
33
  let(:target_user) { create :user }
34
34
  let(:date_override) { Time.parse('2015-01-01') }
35
+ let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
35
36
 
36
- subject { api_post :create, order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
37
+ subject { api_post :create, order: attributes }
37
38
 
38
39
  context "when the current user cannot administrate the order" do
39
40
  stub_authorization! do |_|
@@ -42,12 +43,37 @@ module Spree
42
43
 
43
44
  it "does not include unpermitted params, or allow overriding the user", focus: true do
44
45
  subject
46
+ expect(response).to be_success
45
47
  order = Spree::Order.last
46
48
  expect(order.user).to eq current_api_user
47
49
  expect(order.email).to eq target_user.email
48
50
  end
49
51
 
50
52
  it { is_expected.to be_success }
53
+
54
+ context 'creating payment' do
55
+ let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
56
+
57
+ context "with allowed payment method" do
58
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
59
+ it { is_expected.to be_success }
60
+ it "creates a payment" do
61
+ expect {
62
+ subject
63
+ }.to change { Spree::Payment.count }.by(1)
64
+ end
65
+ end
66
+
67
+ context "with disallowed payment method" do
68
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", available_to_users: false) }
69
+ it { is_expected.to be_not_found }
70
+ it "creates no payments" do
71
+ expect {
72
+ subject
73
+ }.not_to change { Spree::Payment.count }
74
+ end
75
+ end
76
+ end
51
77
  end
52
78
 
53
79
  context "when the current user can administrate the order" do
@@ -97,6 +123,30 @@ module Spree
97
123
  subject
98
124
  }.to_not change{ order.reload.number }
99
125
  end
126
+
127
+ context 'creating payment' do
128
+ let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
129
+
130
+ context "with allowed payment method" do
131
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
132
+ it { is_expected.to be_success }
133
+ it "creates a payment" do
134
+ expect {
135
+ subject
136
+ }.to change { Spree::Payment.count }.by(1)
137
+ end
138
+ end
139
+
140
+ context "with disallowed payment method" do
141
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", available_to_users: false) }
142
+ it { is_expected.to be_not_found }
143
+ it "creates no payments" do
144
+ expect {
145
+ subject
146
+ }.not_to change { Spree::Payment.count }
147
+ end
148
+ end
149
+ end
100
150
  end
101
151
 
102
152
  context "when the user can administer the order" do
@@ -333,10 +383,7 @@ module Spree
333
383
 
334
384
  # Regression test for https://github.com/spree/spree/issues/3404
335
385
  it "can specify additional parameters for a line item" do
336
- expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
337
- allow(order).to receive(:associate_user!)
338
- allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
339
- expect(line_item).to receive(:update_attributes!).with(hash_including("special" => "foo"))
386
+ expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
340
387
 
341
388
  allow(controller).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
342
389
  api_post :create, order: {
data/spec/controllers/spree/api/payments_controller_spec.rb CHANGED
@@ -45,6 +45,17 @@ module Spree
45
45
  expect(response.status).to eq(201)
46
46
  expect(json_response).to have_attributes(attributes)
47
47
  end
48
+
49
+ context "disallowed payment method" do
50
+ it "does not create a new payment" do
51
+ PaymentMethod.first.update!(available_to_users: false)
52
+
53
+ expect {
54
+ api_post :create, payment: { payment_method_id: PaymentMethod.first.id, amount: 50 }
55
+ }.not_to change { Spree::Payment.count }
56
+ expect(response.status).to eq(404)
57
+ end
58
+ end
48
59
  end
49
60
 
50
61
  context "payment source is required" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-05-09 00:00:00.000000000 Z
11
+ date: 2017-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.2.1
19
+ version: 2.2.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.2.1
26
+ version: 2.2.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rabl
29
29
  requirement: !ruby/object:Gem::Requirement