spree_api 2.1.11 → 2.1.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/spree/api/checkouts_controller.rb +21 -9
  3. data/app/controllers/spree/api/orders_controller.rb +2 -2
  4. data/spec/controllers/spree/api/checkouts_controller_spec.rb +17 -1
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 167e764eaf9ea388016831a3d5eb54f5757e473e
4
- data.tar.gz: 270eafd69e6df06636b2d449dfac6706228391be
3
+ metadata.gz: 6a08ed7200c466d0fd9ec9f30a023e25762b0818
4
+ data.tar.gz: 7e46adff6873f64f2cbfeeb272ea0b9a1cd72ed5
5
5
  SHA512:
6
- metadata.gz: d3c8d518f36d300c218e2504e59a2c20c9df23e075df05b3fb28050ae4df971d2acdb70a23a6ba2584d94b5e26adf85f1ac73fb38ed9700ac1b2a90db744ee41
7
- data.tar.gz: eb668f1902f81379358fd8a53f6d0b17e23f890f255949602a36f120ddeef4c242d1f1bee7461854c166fb0e614632614bc6098f13db21877e02d040b85d7934
6
+ metadata.gz: e2b70fb725a233dca2913251d058a3ff0ede0ba0f6490eaba055e439a96764db21eaa0a4b2206ad4538cebce2a61fa9215b76cde3d3b50e9463992559e3f713e
7
+ data.tar.gz: d822c1904e28486d7d6e79e6e4d485a32457bfb03daf035ba039bdaa6c80343a2368bc3ac0c638e2f7eb1e3e3676b12860eaac33823faabef618b75a5a74c701
data/app/controllers/spree/api/checkouts_controller.rb CHANGED
@@ -53,11 +53,28 @@ module Spree
53
53
  end
54
54
 
55
55
  private
56
-
57
56
  def object_params
58
- # For payment step, filter order parameters to produce the expected nested attributes for a single payment and its source, discarding attributes for payment methods other than the one selected
59
- # respond_to check is necessary due to issue described in #2910
60
- object_params = nested_params
57
+ modify_payment_attributes params[:order] || {}
58
+
59
+ protected_params = if params[:order]
60
+ params.require(:order).permit(permitted_checkout_attributes)
61
+ else
62
+ {}
63
+ end
64
+
65
+ map_nested_attributes_keys Order, protected_params
66
+ end
67
+
68
+ def user_id
69
+ params[:order][:user_id] if params[:order]
70
+ end
71
+
72
+ # For payment step, filter order parameters to produce the expected
73
+ # nested attributes for a single payment and its source, discarding
74
+ # attributes for payment methods other than the one selected
75
+ #
76
+ # respond_to check is necessary due to issue described in #2910
77
+ def modify_payment_attributes(object_params)
61
78
  if @order.has_checkout_step?('payment') && @order.payment?
62
79
  if object_params[:payments_attributes].is_a?(Hash)
63
80
  object_params[:payments_attributes] = [object_params[:payments_attributes]]
@@ -69,11 +86,6 @@ module Spree
69
86
  object_params[:payments_attributes].first[:amount] = @order.total.to_s
70
87
  end
71
88
  end
72
- object_params
73
- end
74
-
75
- def user_id
76
- params[:order][:user_id] if params[:order]
77
89
  end
78
90
 
79
91
  def nested_params
data/app/controllers/spree/api/orders_controller.rb CHANGED
@@ -134,7 +134,7 @@ module Spree
134
134
 
135
135
  def permitted_order_attributes
136
136
  if current_api_user.has_spree_role? "admin"
137
- super << admin_order_attributes
137
+ super + admin_order_attributes
138
138
  else
139
139
  super
140
140
  end
@@ -142,7 +142,7 @@ module Spree
142
142
 
143
143
  def permitted_shipment_attributes
144
144
  if current_api_user.has_spree_role? "admin"
145
- super << admin_shipment_attributes
145
+ super + admin_shipment_attributes
146
146
  else
147
147
  super
148
148
  end
data/spec/controllers/spree/api/checkouts_controller_spec.rb CHANGED
@@ -56,12 +56,28 @@ module Spree
56
56
  order
57
57
  end
58
58
 
59
-
60
59
  before(:each) do
61
60
  Order.any_instance.stub(:confirmation_required? => true)
62
61
  Order.any_instance.stub(:payment_required? => true)
63
62
  end
64
63
 
64
+ it 'should not allow users to change the price of line items' do
65
+ line_item = order.line_items.first
66
+ price_was = line_item.price
67
+ api_put(
68
+ :update,
69
+ id: order.to_param,
70
+ order_token: order.token,
71
+ order: {
72
+ line_items: {0 => {id: line_item.id, price: '0.1', quantity: '3'}}
73
+ }
74
+ )
75
+ response.status.should == 200
76
+ line_item.reload
77
+ expect(line_item.price).to eq price_was
78
+ expect(line_item.price).to_not eq 0.1
79
+ end
80
+
65
81
  it "should transition a recently created order from cart to address" do
66
82
  order.state.should eq "cart"
67
83
  order.email.should_not be_nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spree_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.11
4
+ version: 2.1.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Bigg
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-05 00:00:00.000000000 Z
11
+ date: 2014-12-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: spree_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.1.11
19
+ version: 2.1.12
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.1.11
26
+ version: 2.1.12
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rabl
29
29
  requirement: !ruby/object:Gem::Requirement