From 9137f68a573f659006be7abb6c95a71340aba4e2 Mon Sep 17 00:00:00 2001 From: Rob Harrington Date: Wed, 25 Jan 2017 16:09:24 +1100 Subject: [PATCH] Adding logic to SearchController#customer_addresses for case when customer is not found --- .../spree/admin/search_controller_decorator.rb | 4 ++-- spec/controllers/spree/admin/search_controller_spec.rb | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/controllers/spree/admin/search_controller_decorator.rb b/app/controllers/spree/admin/search_controller_decorator.rb index aead4756e3..44cdce7aba 100644 --- a/app/controllers/spree/admin/search_controller_decorator.rb +++ b/app/controllers/spree/admin/search_controller_decorator.rb @@ -37,8 +37,8 @@ Spree::Admin::SearchController.class_eval do alias_method_chain :users, :ams def customer_addresses - customer = Customer.of(spree_current_user.enterprises).find(params[:customer_id]) - redirect_to :unauthorised unless customer.present? + customer = Customer.of(spree_current_user.enterprises).find_by_id(params[:customer_id]) + return redirect_to :unauthorized unless customer.present? finder = OpenFoodNetwork::AddressFinder.new(customer, customer.email) bill_address = Api::AddressSerializer.new(finder.bill_address).serializable_hash diff --git a/spec/controllers/spree/admin/search_controller_spec.rb b/spec/controllers/spree/admin/search_controller_spec.rb index c376d561ee..c0688e3349 100644 --- a/spec/controllers/spree/admin/search_controller_spec.rb +++ b/spec/controllers/spree/admin/search_controller_spec.rb @@ -100,6 +100,15 @@ describe Spree::Admin::SearchController, type: :controller do expect(response).to redirect_to spree.unauthorized_path end end + + context "when no customer with a matching id exists" do + before { params.merge!({customer_id: 1}) } + + it "redirects to unauthorised" do + spree_get :customer_addresses, params + expect(response).to redirect_to spree.unauthorized_path + end + end end end end