app/controllers/spree/api/payments_controller.rb in spree_api-2.4.7 vs app/controllers/spree/api/payments_controller.rb in spree_api-2.4.8
- old
+ new
@@ -24,10 +24,10 @@
end
end
def update
authorize! params[:action], @payment
- if ! @payment.pending?
+ if !@payment.editable?
render 'update_forbidden', status: 403
elsif @payment.update_attributes(payment_params)
respond_with(@payment, default_template: :show)
else
invalid_resource!(@payment)