app/controllers/spree/api/payments_controller.rb in spree_api-2.4.7 vs app/controllers/spree/api/payments_controller.rb in spree_api-2.4.8

- old
+ new

@@ -24,10 +24,10 @@ end end def update authorize! params[:action], @payment - if ! @payment.pending? + if !@payment.editable? render 'update_forbidden', status: 403 elsif @payment.update_attributes(payment_params) respond_with(@payment, default_template: :show) else invalid_resource!(@payment)