Skip to content
Browse files

WIP: very primitive setup for order payments in API

  • Loading branch information...
1 parent 22567ee commit 2361d85f05c75c425121483e3d3519a18f9a0cc1 @radar radar committed with joneslee85 Apr 13, 2012
View
56 api/app/controllers/spree/api/v1/payments_controller.rb
@@ -0,0 +1,56 @@
+module Spree
+ module Api
+ module V1
+ class PaymentsController < Spree::Api::V1::BaseController
+ before_filter :find_order
+ before_filter :find_payment, :only => [:show, :authorize, :capture]
+
+ def index
+ @payments = @order.payments
+ end
+
+ def new
+ @payment_methods = Spree::PaymentMethod.where(:environment => Rails.env)
+ end
+
+ def create
+ @payment = @order.payments.build(params[:payment])
+ if @payment.save
+ render :show, :status => 201
+ else
+ invalid_resource!(@payment)
+ end
+ end
+
+ def show
+ end
+
+ def authorize
+ authorize! :authorize, Payment
+ begin
+ @payment.authorize!
+ rescue Spree::Core::GatewayError
+ #noop, will deal with it in the response
+ end
+
+ if @payment.failed?
+ render :gateway_error, :status => 422
+ else
+ render :show, :status => 200
+ end
+ end
+
+ private
+
+ def find_order
+ @order = Order.find_by_number(params[:order_id])
+ authorize! :read, @order
+ end
+
+ def find_payment
+ @payment = @order.payments.find(params[:id])
+ end
+ end
+ end
+ end
+end
View
8 api/app/helpers/spree/api/api_helpers.rb
@@ -39,6 +39,14 @@ def line_item_attributes
def option_type_attributes
[:id, :name, :presentation, :position]
end
+
+ def payment_attributes
+ [:id, :source_type, :source_id, :amount, :payment_method_id, :response_code, :state, :avs_response, :created_at, :updated_at]
+ end
+
+ def payment_method_attributes
+ [:id, :name, :description]
+ end
end
end
end
View
5 api/app/models/spree/payment_decorator.rb
@@ -0,0 +1,5 @@
+Spree::Payment.class_eval do
+ def authorize!
+ self.payment_source.authorize(self)
+ end
+end
View
2 api/app/views/spree/api/v1/payments/index.rabl
@@ -0,0 +1,2 @@
+collection @payments
+attributes *payment_attributes
View
6 api/app/views/spree/api/v1/payments/new.rabl
@@ -0,0 +1,6 @@
+object false
+node(:attributes) { [*payment_attributes] }
+child @payment_methods => :payment_methods do
+ attributes *payment_method_attributes
+end
+
View
2 api/app/views/spree/api/v1/payments/show.rabl
@@ -0,0 +1,2 @@
+object @payment
+attributes *payment_attributes
View
90 api/spec/controllers/spree/api/v1/payments_controller_spec.rb
@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+module Spree
+ describe Spree::Api::V1::PaymentsController do
+ let!(:order) { Factory(:order) }
+ let!(:payment) { Factory(:payment, :order => order) }
+ let!(:attributes) { [:id, :source_type, :source_id, :amount,
+ :payment_method_id, :response_code, :state, :avs_response,
+ :created_at, :updated_at] }
+
+ let(:resource_scoping) { { :order_id => order.to_param } }
+ before do
+ stub_authentication!
+ end
+
+ context "as a user" do
+ context "when the order belongs to the user" do
+ before do
+ Order.any_instance.stub :user => current_api_user
+ end
+
+ it "can view the payments for their order" do
+ api_get :index
+ json_response.first.should have_attributes(attributes)
+ end
+
+ it "can learn how to create a new payment" do
+ api_get :new
+ json_response["attributes"].should == attributes.map(&:to_s)
+ json_response["payment_methods"].should_not be_empty
+ json_response["payment_methods"].first.should have_attributes([:id, :name, :description])
+ end
+
+ it "can create a new payment" do
+ api_post :create, :payment => { :payment_method_id => PaymentMethod.first.id, :amount => 50 }
+ response.status.should == 201
+ json_response.should have_attributes(attributes)
+ end
+
+ it "can view a pre-existing payment's details" do
+ api_get :show, :id => payment.to_param
+ json_response.should have_attributes(attributes)
+ end
+
+ it "cannot authorize a payment" do
+ api_put :authorize, :id => payment.to_param
+ assert_unauthorized!
+ end
+ end
+
+ context "when the order does not belong to the user" do
+ before do
+ Order.any_instance.stub :user => stub_model(User)
+ end
+
+ it "cannot view payments for somebody else's order" do
+ api_get :index, :order_id => order.to_param
+ assert_unauthorized!
+ end
+ end
+ end
+
+ context "as an admin" do
+ sign_in_as_admin!
+
+ it "can view the payments on any order" do
+ api_get :index
+ response.status.should == 200
+ json_response.first.should have_attributes(attributes)
+ end
+
+ context "for a given payment" do
+
+ it "can authorize" do
+ api_put :authorize, :id => payment.to_param
+ response.status.should == 200
+ end
+
+ it "returns a 422 status when authorization fails" do
+ fake_response = stub(:success? => false, :to_s => "Could not authorize card")
+ Spree::Gateway::Bogus.any_instance.should_receive(:authorize).and_return(fake_response)
+ api_put :authorize, :id => payment.to_param
+ response.status.should == 422
+ end
+ end
+
+ end
+
+ end
+end

0 comments on commit 2361d85

Please sign in to comment.
Something went wrong with that request. Please try again.