spree_api 2.1.6 → 2.1.7
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2bdf54d9702da778a98e961e7ecaa93c91113a4e
|
4
|
+
data.tar.gz: f1527d859f7fddb7ef7cd6537dfc43fe1572b754
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4584dce0d9b973efebf1f7baa373f92116a1f511de54c2a0a37a9cea0ad73907f863b691e9f254563af42bd168e2ac37074b90cd12d25862ad26145fa3bcf2d5
|
7
|
+
data.tar.gz: d14f69e5834c3e9bc213c583640b7375f4f6a04ec06ee0d3eb241267aadb00847c2479cd8b62e743bdea17cb23293e9424542005459e3fcd2ef08cc56156378d
|
@@ -28,6 +28,7 @@ module Spree
|
|
28
28
|
|
29
29
|
def empty
|
30
30
|
find_order
|
31
|
+
authorize! :update, @order, order_token
|
31
32
|
@order.empty!
|
32
33
|
@order.update!
|
33
34
|
render text: nil, status: 200
|
@@ -41,6 +42,7 @@ module Spree
|
|
41
42
|
|
42
43
|
def show
|
43
44
|
find_order
|
45
|
+
authorize! :show, @order, order_token
|
44
46
|
method = "before_#{@order.state}"
|
45
47
|
send(method) if respond_to?(method, true)
|
46
48
|
respond_with(@order)
|
@@ -48,6 +50,7 @@ module Spree
|
|
48
50
|
|
49
51
|
def update
|
50
52
|
find_order(true)
|
53
|
+
authorize! :update, @order, order_token
|
51
54
|
# Parsing line items through as an update_attributes call in the API will result in
|
52
55
|
# many line items for the same variant_id being created. We must be smarter about this,
|
53
56
|
# hence the use of the update_line_items method, defined within order_decorator.rb.
|
@@ -84,6 +87,7 @@ module Spree
|
|
84
87
|
# https://github.com/spree/spree/blob/2-1-stable/frontend/app/controllers/spree/orders_controller.rb#L100
|
85
88
|
def apply_coupon_code
|
86
89
|
find_order
|
90
|
+
authorize! :update, @order, order_token
|
87
91
|
@order.coupon_code = params[:coupon_code]
|
88
92
|
@order.save
|
89
93
|
|
@@ -162,7 +166,6 @@ module Spree
|
|
162
166
|
|
163
167
|
def find_order(lock = false)
|
164
168
|
@order = Spree::Order.lock(lock).find_by!(number: params[:id])
|
165
|
-
authorize! :update, @order, order_token
|
166
169
|
end
|
167
170
|
|
168
171
|
def before_delivery
|
@@ -39,6 +39,24 @@ describe Spree::Api::BaseController do
|
|
39
39
|
end
|
40
40
|
end
|
41
41
|
|
42
|
+
context "when validating based on an order token" do
|
43
|
+
let!(:order) { create :order }
|
44
|
+
|
45
|
+
context "with a correct order token" do
|
46
|
+
it "succeeds" do
|
47
|
+
api_get :index, order_token: order.token, order_id: order.number
|
48
|
+
response.status.should == 200
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
context "with an incorrect order token" do
|
53
|
+
it "returns unauthorized" do
|
54
|
+
api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
|
55
|
+
response.status.should == 401
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
42
60
|
context "cannot make a request to the API" do
|
43
61
|
it "without an API key" do
|
44
62
|
api_get :index
|
@@ -173,7 +173,8 @@ module Spree
|
|
173
173
|
order.update_column(:state, "payment")
|
174
174
|
api_put :update, :id => order.to_param, :order_token => order.token,
|
175
175
|
:order => { :payments_attributes => [{ :payment_method_id => @payment_method.id.to_s }],
|
176
|
-
:payment_source => { @payment_method.id.to_s => { } } }
|
176
|
+
:payment_source => { @payment_method.id.to_s => { first_name: "Spree" } } }
|
177
|
+
|
177
178
|
response.status.should == 422
|
178
179
|
cc_errors = json_response['errors']['payments.Credit Card']
|
179
180
|
cc_errors.should include("Number can't be blank")
|
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'spree/testing_support/bar_ability'
|
2
3
|
|
3
4
|
module Spree
|
4
5
|
describe Api::OrdersController do
|
@@ -116,6 +117,20 @@ module Spree
|
|
116
117
|
response.status.should == 200
|
117
118
|
end
|
118
119
|
|
120
|
+
context "with BarAbility registered" do
|
121
|
+
before { Spree::Ability.register_ability(::BarAbility) }
|
122
|
+
after { Spree::Ability.remove_ability(::BarAbility) }
|
123
|
+
|
124
|
+
it "can view an order" do
|
125
|
+
user = mock_model(Spree::LegacyUser)
|
126
|
+
user.stub(:has_spree_role?).with('bar').and_return(true)
|
127
|
+
user.stub(:has_spree_role?).with('admin').and_return(false)
|
128
|
+
controller.stub try_spree_current_user: user
|
129
|
+
api_get :show, :id => order.to_param
|
130
|
+
response.status.should == 200
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
119
134
|
it "cannot cancel an order that doesn't belong to them" do
|
120
135
|
order.update_attribute(:completed_at, Time.now)
|
121
136
|
order.update_attribute(:shipment_state, "ready")
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spree_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryan Bigg
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-05-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: spree_core
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 2.1.
|
19
|
+
version: 2.1.7
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 2.1.
|
26
|
+
version: 2.1.7
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rabl
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -254,7 +254,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
254
254
|
version: '0'
|
255
255
|
requirements: []
|
256
256
|
rubyforge_project:
|
257
|
-
rubygems_version: 2.2.
|
257
|
+
rubygems_version: 2.2.0
|
258
258
|
signing_key:
|
259
259
|
specification_version: 4
|
260
260
|
summary: Spree's API
|