mirror of
https://github.com/stripe/stripe-ruby.git
synced 2025-12-06 00:00:29 -05:00
11a6eec5f5
As described in #481, adding a protected field like `legal_entity` as part of an update API operation can cause some issues like a custom encoding scheme not being considered and special handling around empty values being ignored. As a an easy fix for this, let's disallow access to protected fields in the same way that we disallow them from being set directly on an instance of a given model. Helps address (but is not a complete fix for) #481.
32 lines
929 B
Ruby
32 lines
929 B
Ruby
# -*- coding: utf-8 -*-
|
|
require File.expand_path('../../test_helper', __FILE__)
|
|
|
|
module Stripe
|
|
class ApiOperationsTest < Test::Unit::TestCase
|
|
class UpdateableResource < APIResource
|
|
include Stripe::APIOperations::Save
|
|
|
|
def self.protected_fields
|
|
[:protected]
|
|
end
|
|
end
|
|
|
|
context ".update" do
|
|
should "post the correct parameters to the resource URL" do
|
|
@mock.expects(:post).once.
|
|
with("#{Stripe.api_base}/v1/updateableresources/id", nil, 'foo=bar').
|
|
returns(make_response({foo: 'bar'}))
|
|
resource = UpdateableResource::update("id", { foo: "bar" })
|
|
assert_equal('bar', resource.foo)
|
|
end
|
|
|
|
should "error on protected fields" do
|
|
e = assert_raises do
|
|
UpdateableResource::update("id", { protected: "bar" })
|
|
end
|
|
assert_equal "Cannot update protected field: protected", e.message
|
|
end
|
|
end
|
|
end
|
|
end
|