Permit params in checkout controller before we adapt them to bypass issues with permitting added attributes like source CreditCard

2026-01-24 20:36:49 +00:00 · 2020-03-09 11:38:45 +00:00
parent 5ae2e6865c
commit 1d9a6edefb
1 changed files with 23 additions and 18 deletions
--- a/app/controllers/checkout_controller.rb
+++ b/app/controllers/checkout_controller.rb
@@ -42,8 +42,8 @@ class CheckoutController < Spree::StoreController
  end

  def update
-    params_adapter = Checkout::FormDataAdapter.new(params, @order, spree_current_user)
-    return update_failed unless @order.update_attributes(order_params(params_adapter.params))
+    params_adapter = Checkout::FormDataAdapter.new(permitted_params, @order, spree_current_user)
+    return update_failed unless @order.update_attributes(params_adapter.params[:order])

    fire_event('spree.checkout.update')

@@ -238,23 +238,28 @@ class CheckoutController < Spree::StoreController
    end
  end

-  def order_params(params)
-    return params[:order] if params[:order].empty?
-
-    params.require(:order).permit(
-      :email, :special_instructions,
-      payments_attributes:
-        [
-          :payment_method_id, :amount,
-          source_attributes: [
-            :gateway_payment_profile_id, :cc_type, :last_digits,
-            :month, :year, :first_name, :last_name,
-            :number, :verification_value,
-            :save_requested_by_customer
-          ]
+  def permitted_params
+    params.permit(
+      order: [
+        :email, :special_instructions,
+        :existing_card_id, :shipping_method_id,
+        payments_attributes: [
+          :payment_method_id,
+          source_attributes: payment_source_attributes
        ],
-      bill_address_attributes: permitted_address_attributes,
-      ship_address_attributes: permitted_address_attributes
+        ship_address_attributes: permitted_address_attributes,
+        bill_address_attributes: permitted_address_attributes
+      ],
+      payment_source: payment_source_attributes
    )
  end
+
+  def payment_source_attributes
+    [
+      :gateway_payment_profile_id, :cc_type, :last_digits,
+      :month, :year, :first_name, :last_name,
+      :number, :verification_value,
+      :save_requested_by_customer
+    ]
+  end
 end