solidus_api 2.4.0 → 2.4.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of solidus_api might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/orders_controller.rb +12 -2
  3. data/app/controllers/spree/api/payments_controller.rb +1 -0
  4. data/spec/requests/spree/api/checkouts_controller_spec.rb +13 -0
  5. data/spec/requests/spree/api/orders_controller_spec.rb +53 -6
  6. data/spec/requests/spree/api/payments_controller_spec.rb +11 -0
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6d6344a0123440329634e154cf27c39cc4218eee
4
- data.tar.gz: 42d3e1ca9ac07de7d55b1edda512afe105b0c16f
3
+ metadata.gz: f899819ca8c80a16dfff63f6a1962ca3b15bf183
4
+ data.tar.gz: 1915b0f971cfe62665ae38a0041c3e7f616c1ea1
5
5
  SHA512:
6
- metadata.gz: a286ef560a8062e2d42fb1c4894bf3084de201fe3dec215cdd04e1fedbd0d02a46dee08a19bc982bb9e849605e61ce6a74d09eca8afb2bcb288d9ba9ea97e653
7
- data.tar.gz: c630887d9faf1bb3b91d0cd739dd951bed04cdfca3883a083f6425578208268cc1f1a37cead50cebbe237b997d52185e655fea470bc9b76221b0c76cfaed7d41
6
+ metadata.gz: cbd8bc797312ea8fd959aae1adb351d88fb45073eb4d2663aaf70680e5db80a59a24150d8feeb52dc04175d48569e569095cfeede298c1fd8253ed96e8274ffd
7
+ data.tar.gz: 90cb62a1facba4ab608e575fcc655254c8cc99fe166d9b11ea9f86c5df55b5a846338f8f6257d13444a6fcc4dc29a8f1dfb4f91ce433892b311fe7f10b1386c3
data/app/controllers/spree/api/orders_controller.rb CHANGED
@@ -27,8 +27,18 @@ module Spree
27
27
 
28
28
  def create
29
29
  authorize! :create, Order
30
- @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
31
- respond_with(@order, default_template: :show, status: 201)
30
+
31
+ if can?(:admin, Order)
32
+ @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
33
+ respond_with(@order, default_template: :show, status: 201)
34
+ else
35
+ @order = Spree::Order.create!(user: current_api_user, store: current_store)
36
+ if OrderUpdateAttributes.new(@order, order_params).apply
37
+ respond_with(@order, default_template: :show, status: 201)
38
+ else
39
+ invalid_resource!(@order)
40
+ end
41
+ end
32
42
  end
33
43
 
34
44
  def empty
data/app/controllers/spree/api/payments_controller.rb CHANGED
@@ -16,6 +16,7 @@ module Spree
16
16
  end
17
17
 
18
18
  def create
19
+ @order.validate_payments_attributes(payment_params)
19
20
  @payment = PaymentCreate.new(@order, payment_params).build
20
21
  if @payment.save
21
22
  respond_with(@payment, status: 201, default_template: :show)
data/spec/requests/spree/api/checkouts_controller_spec.rb CHANGED
@@ -154,6 +154,19 @@ module Spree
154
154
  expect(response.status).to eq(200)
155
155
  end
156
156
 
157
+ context "with disallowed payment method" do
158
+ it "returns not found" do
159
+ order.update_column(:state, "payment")
160
+ allow_any_instance_of(Spree::PaymentMethod::BogusCreditCard).to receive(:source_required?).and_return(false)
161
+ @payment_method.update!(available_to_users: false)
162
+ expect {
163
+ put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] } }
164
+ }.not_to change { Spree::Payment.count }
165
+ expect(response.status).to eq(404)
166
+ end
167
+ end
168
+
169
+
157
170
  it "returns errors when source is required and missing" do
158
171
  order.update_column(:state, "payment")
159
172
  put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] } }
data/spec/requests/spree/api/orders_controller_spec.rb CHANGED
@@ -31,9 +31,10 @@ module Spree
31
31
  describe "POST create" do
32
32
  let(:target_user) { create :user }
33
33
  let(:date_override) { Time.parse('2015-01-01') }
34
+ let(:attributes) { { user_id: target_user.id, created_at: date_override, email: target_user.email } }
34
35
 
35
36
  subject do
36
- post spree.api_orders_path, params: { order: { user_id: target_user.id, created_at: date_override, email: target_user.email } }
37
+ post spree.api_orders_path, params: { order: attributes }
37
38
  response
38
39
  end
39
40
 
@@ -44,12 +45,37 @@ module Spree
44
45
 
45
46
  it "does not include unpermitted params, or allow overriding the user" do
46
47
  subject
48
+ expect(response).to be_success
47
49
  order = Spree::Order.last
48
50
  expect(order.user).to eq current_api_user
49
51
  expect(order.email).to eq target_user.email
50
52
  end
51
53
 
52
54
  it { is_expected.to be_success }
55
+
56
+ context 'creating payment' do
57
+ let(:attributes) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
58
+
59
+ context "with allowed payment method" do
60
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
61
+ it { is_expected.to be_success }
62
+ it "creates a payment" do
63
+ expect {
64
+ subject
65
+ }.to change { Spree::Payment.count }.by(1)
66
+ end
67
+ end
68
+
69
+ context "with disallowed payment method" do
70
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", available_to_users: false) }
71
+ it { is_expected.to be_not_found }
72
+ it "creates no payments" do
73
+ expect {
74
+ subject
75
+ }.not_to change { Spree::Payment.count }
76
+ end
77
+ end
78
+ end
53
79
  end
54
80
 
55
81
  context "when the current user can administrate the order" do
@@ -69,7 +95,7 @@ module Spree
69
95
  end
70
96
 
71
97
  context 'when the line items have custom attributes' do
72
- it "can create an order with line items that have custom permitted attributes" do
98
+ it "can create an order with line items that have custom permitted attributes", :pending do
73
99
  PermittedAttributes.line_item_attributes << { options: [:some_option] }
74
100
  expect_any_instance_of(Spree::LineItem).to receive(:some_option=).once.with('4')
75
101
  post spree.api_orders_path, params: { order: { line_items: { "0" => { variant_id: variant.to_param, quantity: 5, options: { some_option: 4 } } } } }
@@ -113,6 +139,30 @@ module Spree
113
139
  subject
114
140
  }.to_not change{ order.reload.number }
115
141
  end
142
+
143
+ context 'creating payment' do
144
+ let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
145
+
146
+ context "with allowed payment method" do
147
+ let!(:payment_method) { create(:check_payment_method, name: "allowed" ) }
148
+ it { is_expected.to be_success }
149
+ it "creates a payment" do
150
+ expect {
151
+ subject
152
+ }.to change { Spree::Payment.count }.by(1)
153
+ end
154
+ end
155
+
156
+ context "with disallowed payment method" do
157
+ let!(:payment_method) { create(:check_payment_method, name: "forbidden", available_to_users: false) }
158
+ it { is_expected.to be_not_found }
159
+ it "creates no payments" do
160
+ expect {
161
+ subject
162
+ }.not_to change { Spree::Payment.count }
163
+ end
164
+ end
165
+ end
116
166
  end
117
167
 
118
168
  context "when the user can administer the order" do
@@ -337,10 +387,7 @@ module Spree
337
387
 
338
388
  # Regression test for https://github.com/spree/spree/issues/3404
339
389
  it "can specify additional parameters for a line item" do
340
- expect(Order).to receive(:create!).and_return(order = Spree::Order.new)
341
- allow(order).to receive(:associate_user!)
342
- allow(order).to receive_message_chain(:contents, :add).and_return(line_item = double('LineItem'))
343
- expect(line_item).to receive(:update_attributes!).with(hash_including("special" => "foo"))
390
+ expect_any_instance_of(Spree::LineItem).to receive(:special=).with("foo")
344
391
 
345
392
  allow_any_instance_of(Spree::Api::OrdersController).to receive_messages(permitted_line_item_attributes: [:id, :variant_id, :quantity, :special])
346
393
  post spree.api_orders_path, params: {
data/spec/requests/spree/api/payments_controller_spec.rb CHANGED
@@ -42,6 +42,17 @@ module Spree
42
42
  expect(response.status).to eq(201)
43
43
  expect(json_response).to have_attributes(attributes)
44
44
  end
45
+
46
+ context "disallowed payment method" do
47
+ it "does not create a new payment" do
48
+ PaymentMethod.first.update!(available_to_users: false)
49
+
50
+ expect {
51
+ post spree.api_order_payments_path(order), params: { payment: { payment_method_id: PaymentMethod.first.id, amount: 50 } }
52
+ }.not_to change { Spree::Payment.count }
53
+ expect(response.status).to eq(404)
54
+ end
55
+ end
45
56
  end
46
57
 
47
58
  context "payment source is required" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.0
4
+ version: 2.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-07 00:00:00.000000000 Z
11
+ date: 2017-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: solidus_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.4.0
19
+ version: 2.4.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.4.0
26
+ version: 2.4.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: versioncake
29
29
  requirement: !ruby/object:Gem::Requirement