spree_api 2.2.8 → 2.2.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c6cef400669415cd05a55d98c9e2f493c539508a
4
- data.tar.gz: 305debfccf5da3c252cf172d8308d59dd68e2b28
3
+ metadata.gz: 4054c45aa7f1dd4b9117a0c93e50dd091b9127c5
4
+ data.tar.gz: 9cede9c151509a65bdec3a800ff420f203df7b48
5
5
  SHA512:
6
- metadata.gz: 607e520fd39c93373e13356e6cd4dc7e929267b5df722101b55a0968d19f6adb6ff4b85bad85d47bbd25b5b6e40398c09d097b1e5089c42736b506944fcfff24
7
- data.tar.gz: d948a5dad4cf07bea7371b72e9b2e2deabfea227ce7ac8a19be2ed75b8fa40d9824cb685220ed161c68bc49a01d7e819e2e75756c45227a5418803156358097b
6
+ metadata.gz: bce419abf3f9a6073307b79a5630c1fcee32a794677824eaa9fa4a1f1f212ac18f5677e50fe9386a6b3aaec113983b176e66f13a86bc7d1a2637137859754daa
7
+ data.tar.gz: 6a13db2891ded39d5051ea07d7fcc2c3d045f12c5a07aba191d84dabc23fce875fbcd1342bfb9f09de1fb4d5d9d97cfda8a8ed166c610a2e327ead4851a829d9
@@ -53,11 +53,28 @@ module Spree
53
53
  end
54
54
 
55
55
  private
56
-
57
56
  def object_params
58
- # For payment step, filter order parameters to produce the expected nested attributes for a single payment and its source, discarding attributes for payment methods other than the one selected
59
- # respond_to check is necessary due to issue described in #2910
60
- object_params = nested_params
57
+ modify_payment_attributes params[:order] || {}
58
+
59
+ protected_params = if params[:order]
60
+ params.require(:order).permit(permitted_checkout_attributes)
61
+ else
62
+ {}
63
+ end
64
+
65
+ map_nested_attributes_keys Order, protected_params
66
+ end
67
+
68
+ def user_id
69
+ params[:order][:user_id] if params[:order]
70
+ end
71
+
72
+ # For payment step, filter order parameters to produce the expected
73
+ # nested attributes for a single payment and its source, discarding
74
+ # attributes for payment methods other than the one selected
75
+ #
76
+ # respond_to check is necessary due to issue described in #2910
77
+ def modify_payment_attributes(object_params)
61
78
  if @order.has_checkout_step?('payment') && @order.payment?
62
79
  if object_params[:payments_attributes].is_a?(Hash)
63
80
  object_params[:payments_attributes] = [object_params[:payments_attributes]]
@@ -69,11 +86,6 @@ module Spree
69
86
  object_params[:payments_attributes].first[:amount] = @order.total.to_s
70
87
  end
71
88
  end
72
- object_params
73
- end
74
-
75
- def user_id
76
- params[:order][:user_id] if params[:order]
77
89
  end
78
90
 
79
91
  def nested_params
@@ -111,7 +111,7 @@ module Spree
111
111
 
112
112
  def permitted_order_attributes
113
113
  if current_api_user.has_spree_role? "admin"
114
- super << admin_order_attributes
114
+ super + admin_order_attributes
115
115
  else
116
116
  super
117
117
  end
@@ -119,7 +119,7 @@ module Spree
119
119
 
120
120
  def permitted_shipment_attributes
121
121
  if current_api_user.has_spree_role? "admin"
122
- super << admin_shipment_attributes
122
+ super + admin_shipment_attributes
123
123
  else
124
124
  super
125
125
  end
@@ -55,12 +55,28 @@ module Spree
55
55
  order
56
56
  end
57
57
 
58
-
59
58
  before(:each) do
60
59
  Order.any_instance.stub(:confirmation_required? => true)
61
60
  Order.any_instance.stub(:payment_required? => true)
62
61
  end
63
62
 
63
+ it 'should not allow users to change the price of line items' do
64
+ line_item = order.line_items.first
65
+ price_was = line_item.price
66
+ api_put(
67
+ :update,
68
+ id: order.to_param,
69
+ order_token: order.token,
70
+ order: {
71
+ line_items: {0 => {id: line_item.id, price: '0.1', quantity: '3'}}
72
+ }
73
+ )
74
+ response.status.should == 200
75
+ line_item.reload
76
+ expect(line_item.price).to eq price_was
77
+ expect(line_item.price).to_not eq 0.1
78
+ end
79
+
64
80
  it "should transition a recently created order from cart to address" do
65
81
  order.state.should eq "cart"
66
82
  order.email.should_not be_nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spree_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.8
4
+ version: 2.2.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Bigg
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-05 00:00:00.000000000 Z
11
+ date: 2014-12-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: spree_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.2.8
19
+ version: 2.2.9
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.2.8
26
+ version: 2.2.9
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rabl
29
29
  requirement: !ruby/object:Gem::Requirement