app/controllers/spree/api/checkouts_controller.rb in solidus_api-2.9.5 vs app/controllers/spree/api/checkouts_controller.rb in solidus_api-2.9.6
- old
+ new
@@ -74,14 +74,27 @@
def user_id
params[:order][:user_id] if params[:order]
end
def update_params
- if update_params = massaged_params[:order]
- update_params.permit(permitted_checkout_attributes)
+ state = @order.state
+ case state.to_sym
+ when :cart, :address
+ massaged_params.fetch(:order, {}).permit(
+ permitted_checkout_address_attributes
+ )
+ when :delivery
+ massaged_params.require(:order).permit(
+ permitted_checkout_delivery_attributes
+ )
+ when :payment
+ massaged_params.require(:order).permit(
+ permitted_checkout_payment_attributes
+ )
else
- # We current allow update requests without any parameters in them.
- {}
+ massaged_params.fetch(:order, {}).permit(
+ permitted_checkout_confirm_attributes
+ )
end
end
def massaged_params
massaged_params = params.deep_dup