app/controllers/spree/api/payments_controller.rb in spree_api-2.0.13 vs app/controllers/spree/api/payments_controller.rb in spree_api-2.1.0

@@ -1,43 +1,31 @@
 module Spree
   module Api
     class PaymentsController < Spree::Api::BaseController
-      respond_to :json
 
       before_filter :find_order
-      before_filter :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void, :credit]
+      before_filter :find_payment, only: [:show, :authorize, :purchase, :capture, :void, :credit]
 
       def index
         @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         respond_with(@payments)
       end
 
       def new
-        @payment_methods = Spree::PaymentMethod.where(:environment => Rails.env)
+        @payment_methods = Spree::PaymentMethod.where(environment: Rails.env)
         respond_with(@payment_method)
       end
 
       def create
-        @payment = @order.payments.build(params[:payment])
+        @payment = @order.payments.build(payment_params)
         if @payment.save
-          respond_with(@payment, :status => 201, :default_template => :show)
+          respond_with(@payment, status: 201, default_template: :show)
         else
           invalid_resource!(@payment)
         end
       end
 
-      def update
-        authorize! params[:action], @payment
-        if !@payment.pending?
-          render 'update_forbidden', status: 403
-        elsif @payment.update_attributes(params[:payment])
-          respond_with(@payment, default_template: :show)
-        else
-          invalid_resource!(@payment)
-        end
-      end
-
       def show
         respond_with(@payment)
       end
 
       def authorize
@@ -56,36 +44,40 @@
         perform_payment_action(:void_transaction)
       end
 
       def credit
         if params[:amount].to_f > @payment.credit_allowed
-          render 'credit_over_limit', status: 422
+          render 'spree/api/payments/credit_over_limit', status: 422
         else
           perform_payment_action(:credit, params[:amount])
         end
       end
 
       private
 
-      def find_order
-        @order = Order.find_by_number(params[:order_id])
-        authorize! :read, @order
-      end
+        def find_order
+          @order = Spree::Order.find_by(number: params[:order_id])
+          authorize! :read, @order
+        end
 
-      def find_payment
-        @payment = @order.payments.find(params[:id])
-      end
+        def find_payment
+          @payment = @order.payments.find(params[:id])
+        end
 
-      def perform_payment_action(action, *args)
-        authorize! action, Payment
+        def perform_payment_action(action, *args)
+          authorize! action, Payment
 
-        begin
-          @payment.send("#{action}!", *args)
-          respond_with(@payment, :default_template => :show)
-        rescue Spree::Core::GatewayError => e
-          @error = e.message
-          render "spree/api/errors/gateway_error", :status => 422
+          begin
+            @payment.send("#{action}!", *args)
+            respond_with(@payment, :default_template => :show)
+          rescue Spree::Core::GatewayError => e
+            @error = e.message
+            render 'spree/api/errors/gateway_error', status: 422
+          end
         end
-      end
+
+        def payment_params
+          params.require(:payment).permit(permitted_payment_attributes)
+        end
     end
   end
 end