lineitems can be modified even after an order state is set to completed

[tommiller1]

Hello,

Like the title says, I am able to add/update/remove lineitems for orders that are in the completed state. Is this intentional? How do I prevent this from happening?

I am updating orders through the spree api btw.

Regards.

[damianlegawiec]

Hi @tommiller1 , this is intentional to allow store owners modify order contents later.

[tommiller1]

Ok but atm even normal users can update orders after they have been completed. I am logging in with the users spree_api_key to update the orders. There should be a privilege check to prohibit the normal users from modifying the orders imo.

[priyank-gupta]

@tommiller1 I see your point here. The ability described for Order doesn't have completed? check while updating order. https://github.com/spree/spree/blob/master/core/app/models/spree/ability.rb#L47.

Can you do a pull request for this ? Thanks!!!

[tommiller1]

Hi, I added a pull request but it seems some of the feature specs rely on an order being editable even when its in the completed state, I am not familiar enough with spree to make any decisions regarding this. Is there any way I can just modify the update ability in my own project without modifying spree?

[Ashishb1990]

There are many issue in spree when you will submit address form it will not go for next , you can add item and quantity both will multiply wrong

[bbonislawski]

It's already fixed afaik.