solidus_api 2.3.0 → 2.3.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of solidus_api might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/orders_controller.rb +12 -2
  3. data/app/controllers/spree/api/payments_controller.rb +1 -0
  4. data/spec/requests/spree/api/checkouts_controller_spec.rb +13 -0
  5. data/spec/requests/spree/api/orders_controller_spec.rb +53 -6
  6. data/spec/requests/spree/api/payments_controller_spec.rb +11 -0
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 500bb7f02aa317d42deaba78dc56dc27d93177ce
4
- data.tar.gz: ae08fe9d542bb9800d3b48a1b905063d28acda8f
3
+ metadata.gz: 62e84e7fac19cf7c464a975f5ce5e32b445f6c0d
4
+ data.tar.gz: 7058e689b5789d92b852345a668b7725a05cb26c
5
5
  SHA512:
6
- metadata.gz: 9d40be3951137734289f72ab330f9f50edb6c44e30c93fb781fc7f6596a371eb28a354d4e038a6ce0eecf55235caf9d46c84ed376783e0a0141b92a92852bbb3
7
- data.tar.gz: 936bce88ab0f52923f399e5892f7e645901e133edf766e51996946e50b1fbba8e50eb964ba3309767a70634334dcae89ad33656bbf61a4b94fa9afae5350eadf
6
+ metadata.gz: '08ecdd913e61cf55169cd386e35046a1d977b4590470f57ba7710c7d50c0d1f606c163d7e7805985fb1351beae2a582587df71a674697e107037f228a2456d70'
7
+ data.tar.gz: 22a48ebbaafc4f9c0eabfc4bc7227fe18e73e5db0fe56bacdcc5c9910fe5602d207086c19d0cf1721dfbd0a1ea9fe1df24eaa175b5054cfa8164367b2fb16d0c
data/app/controllers/spree/api/orders_controller.rb CHANGED
@@ -27,8 +27,18 @@ module Spree
27
27
 
28
28
  def create
29
29
  authorize! :create, Order
30
- @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
31
- respond_with(@order, default_template: :show, status: 201)
30
+
31
+ if can?(:admin, Order)
32
+ @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
33
+ respond_with(@order, default_template: :show, status: 201)
34
+ else
35
+ @order = Spree::Order.create!(user: current_api_user, store: current_store)
36
+ if OrderUpdateAttributes.new(@order, order_params).apply
37
+ respond_with(@order, default_template: :show, status: 201)
38
+ else
39
+ invalid_resource!(@order)
40
+ end
41
+ end
32
42
  end
33
43
 
34
44
  def empty
data/app/controllers/spree/api/payments_controller.rb CHANGED
@@ -16,6 +16,7 @@ module Spree
16
16
  end
17
17
 
18
18
  def create
19
+ @order.validate_payments_attributes(payment_params)
19
20
  @payment = PaymentCreate.new(@order, payment_params).build
20
21
  if @payment.save
21
22
  respond_with(@payment, status: 201, default_template: :show)
data/spec/requests/spree/api/checkouts_controller_spec.rb CHANGED
@@ -154,6 +154,19 @@ module Spree
154
154
  expect(response.status).to eq(200)
155
155
  end
156
156
 
157
+ context "with disallowed payment method" do
158
+ it "returns not found" do
159
+ order.update_column(:state, "payment")
160
+ allow_any_instance_of(Spree::PaymentMethod::BogusCreditCard).to receive(:source_required?).and_return(false)
161
+ @payment_method.update!(available_to_users: false)
162
+ expect {
163
+ put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] } }
164
+ }.not_to change { Spree::Payment.count }
165
+ expect(response.status).to eq(404)
166
+ end
167
+ end
168
+
169
+
157
170
  it "returns errors when source is required and missing" do
158
171
  order.update_column(:state, "payment")
159
172
  put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] } }
data/spec/requests/spree/api/orders_controller_spec.rb CHANGED
@@ -31,9 +31,10 @@ module Spree
31
31
  describe "POST create" do
32
32
  let(:target_user) { create :user }
33
33
  let(:date_override) { Time.parse('2015-01-01') }
34
+ let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
34
35
 
35
36
  subject do
36
- post spree.api_orders_path, params: { order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
37
+ post spree.api_orders_path, params: { order: attributes }
37
38
  response
38
39
  end
39
40
 
@@ -44,12 +45,37 @@ module Spree
44
45
 
45
46
  it "does not include unpermitted params, or allow overriding the user" do
46
47
  subject
48
+ expect(response).to be_success
47
49
  order = Spree::Order.last
48
50
  expect(order.user).to eq current_api_user
49
51
  expect(order.email).to eq target_user.email
50
52
  end
51
53
 
52
54
  it { is_expected.to be_success }
55
+
56
+ context 'creating payment' do
57
+ let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
58
+
59
+ context "with allowed payment method" do
60
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
61
+ it { is_expected.to be_success }
62
+ it "creates a payment" do
63
+ expect {
64
+ subject
65
+ }.to change { Spree::Payment.count }.by(1)
66
+ end
67
+ end
68
+
69
+ context "with disallowed payment method" do
70
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", available_to_users: false) }
71
+ it { is_expected.to be_not_found }
72
+ it "creates no payments" do
73
+ expect {
74
+ subject
75
+ }.not_to change { Spree::Payment.count }
76
+ end
77
+ end
78
+ end
53
79
  end
54
80
 
55
81
  context "when the current user can administrate the order" do
@@ -69,7 +95,7 @@ module Spree
69
95
  end
70
96
 
71
97
  context 'when the line items have custom attributes' do
72
- it "can create an order with line items that have custom permitted attributes" do
98
+ it "can create an order with line items that have custom permitted attributes", :pending do
73
99
  PermittedAttributes.line_item_attributes << { options: [:some_option] }
74
100
  expect_any_instance_of(Spree::LineItem).to receive(:some_option=).once.with('4')
75
101
  post spree.api_orders_path, params: { order: { line_items: { "0" => { variant_id: variant.to_param, quantity: 5, options: { some_option: 4 } } } } }
@@ -113,6 +139,30 @@ module Spree
113
139
  subject
114
140
  }.to_not change{ order.reload.number }
115
141
  end
142
+
143
+ context 'creating payment' do
144
+ let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
145
+
146
+ context "with allowed payment method" do
147
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
148
+ it { is_expected.to be_success }
149
+ it "creates a payment" do
150
+ expect {
151
+ subject
152
+ }.to change { Spree::Payment.count }.by(1)
153
+ end
154
+ end
155
+
156
+ context "with disallowed payment method" do
157
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", available_to_users: false) }
158
+ it { is_expected.to be_not_found }
159
+ it "creates no payments" do
160
+ expect {
161
+ subject
162
+ }.not_to change { Spree::Payment.count }
163
+ end
164
+ end
165
+ end
116
166
  end
117
167
 
118
168
  context "when the user can administer the order" do
@@ -344,10 +394,7 @@ module Spree
344
394
 
345
395
  # Regression test for https://github.com/spree/spree/issues/3404
346
396
  it "can specify additional parameters for a line item" do
347
- expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
348
- allow(order).to receive(:associate_user!)
349
- allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
350
- expect(line_item).to receive(:update_attributes!).with(hash_including("special" => "foo"))
397
+ expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
351
398
 
352
399
  allow_any_instance_of(Spree::Api::OrdersController).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
353
400
  post spree.api_orders_path, params: {
data/spec/requests/spree/api/payments_controller_spec.rb CHANGED
@@ -42,6 +42,17 @@ module Spree
42
42
  expect(response.status).to eq(201)
43
43
  expect(json_response).to have_attributes(attributes)
44
44
  end
45
+
46
+ context "disallowed payment method" do
47
+ it "does not create a new payment" do
48
+ PaymentMethod.first.update!(available_to_users: false)
49
+
50
+ expect {
51
+ post spree.api_order_payments_path(order), params: { payment: { payment_method_id: PaymentMethod.first.id, amount: 50 } }
52
+ }.not_to change { Spree::Payment.count }
53
+ expect(response.status).to eq(404)
54
+ end
55
+ end
45
56
  end
46
57
 
47
58
  context "payment source is required" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-31 00:00:00.000000000 Z
11
+ date: 2017-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.3.0
19
+ version: 2.3.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.3.0
26
+ version: 2.3.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rabl
29
29
  requirement: !ruby/object:Gem::Requirement