app/controllers/spree/api/payments_controller.rb in spree_api-2.0.5 vs app/controllers/spree/api/payments_controller.rb in spree_api-2.0.6

@@ -2,11 +2,11 @@
   module Api
     class PaymentsController < Spree::Api::BaseController
       respond_to :json
 
       before_filter :find_order
-      before_filter :find_payment, :only => [:show, :authorize, :purchase, :capture, :void, :credit]
+      before_filter :find_payment, only: [:update, :show, :authorize, :purchase, :capture, :void, :credit]
 
       def index
         @payments = @order.payments.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
         respond_with(@payments)
       end
@@ -23,10 +23,21 @@
         else
           invalid_resource!(@payment)
         end
       end
 
+      def update
+        authorize! params[:action], @payment
+        if !@payment.pending?
+          render 'update_forbidden', status: 403
+        elsif @payment.update_attributes(params[:payment])
+          respond_with(@payment, default_template: :show)
+        else
+          invalid_resource!(@payment)
+        end
+      end
+
       def show
         respond_with(@payment)
       end
 
       def authorize
@@ -45,10 +56,10 @@
         perform_payment_action(:void_transaction)
       end
 
       def credit
         if params[:amount].to_f > @payment.credit_allowed
-          render "spree/api/payments/credit_over_limit", :status => 422
+          render 'credit_over_limit', status: 422
         else
           perform_payment_action(:credit, params[:amount])
         end
       end