JSONAPI PATCH Basket returns err 500 - Invalid JSON in body
Forum rules
Always add your Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Always add your Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
JSONAPI PATCH Basket returns err 500 - Invalid JSON in body
Hello,
I tried to patch a basket with the JSONAPI as described in https://aimeos.org/docs/Developers/Clie ... age_basket and it was not working (returning error 500 - Invalid JSON in body).
I needed to add some small changes to make it work.
I share it with you.
Can you confirm that what I made is correct?
had to be changed to :
and
to pass the test in ai-client-jsonapi/client/jsonapi/src/Client/JsonApi/Basket/Standard.php (L136)
At that point the new customerid was still not returned in the response.
in ai-client-jsonapi/client/jsonapi/src/Client/JsonApi/Basket/Standard.php (L142)
had to be added to return the basket with the new customerid.
Is this correct?
Note : I don't know how to update the status.
Thank you a lot,
sbn
I tried to patch a basket with the JSONAPI as described in https://aimeos.org/docs/Developers/Clie ... age_basket and it was not working (returning error 500 - Invalid JSON in body).
I needed to add some small changes to make it work.
I share it with you.
Can you confirm that what I made is correct?
Code: Select all
var data = {data: [{
attributes: {
"order.base.customerid": response[0]['id'], // from customer response (optional)
"order.base.status": 1, // optional
"order.base.comment": "test" // (optional)
}
}]};
var url = response.links.self.href; // from basket response
if(response['meta']['csrf']) { // add CSRF token if available and therefore required
var csrf = {};
csrf[response['meta']['csrf']['name']] = response['meta']['csrf']['value'];
url += (url.indexOf('?') === -1 ? '?' : '&') + $.param(csrf);
}
$.ajax({
url: url, // returned from OPTIONS request
method: "PATCH",
dataType: "json",
data: data
}).done( function( result ) {
console.log( result.data );
});
Code: Select all
var data = {data: {
attributes: {
"order.base.customerid": response[0]['id'], // from customer response (optional)
"order.base.status": 1, // optional
"order.base.comment": "test" // (optional)
}
}};
and
Code: Select all
data: JSON.stringify(data)
to pass the test in ai-client-jsonapi/client/jsonapi/src/Client/JsonApi/Basket/Standard.php (L136)
Code: Select all
if( ( $payload = json_decode( $body ) ) === null || !isset( $payload->data->attributes ) )
in ai-client-jsonapi/client/jsonapi/src/Client/JsonApi/Basket/Standard.php (L142)
Code: Select all
if( isset( $payload->data->attributes->{'order.base.customerid'} ) ) {
$basket->setCustomerId( $payload->data->attributes->{'order.base.customerid'} );
}
Is this correct?
Note : I don't know how to update the status.
Thank you a lot,
sbn
Re: JSONAPI PATCH Basket returns err 500 - Invalid JSON in b
Actually, this change doesn't work as expected at the end... The first basket reponse after the PATCH request returns a response with a correct new customerid but the next POST request to save the basket overwrites the customerid with the current session's one... so the final order is not linked to the expected new customerid but to the current admin account logged.
I guess it comes from this line in the store() basket function :
$basket->setCustomerId( (string) $context->getUserId() );
What would be the best and the safest way to authorize an admin account to add an order to another customer id than himself?
Thank you a lot,
sbn
I guess it comes from this line in the store() basket function :
$basket->setCustomerId( (string) $context->getUserId() );
What would be the best and the safest way to authorize an admin account to add an order to another customer id than himself?
Thank you a lot,
sbn
Re: JSONAPI PATCH Basket returns err 500 - Invalid JSON in b
Setting the customer ID in the frontend controller is explicitely done to prevent attackers from creating orders for others - especially using the JSON REST API. I guest, you want to enable editors to add orders for customers in the admin backend. Using the JSON REST API is OK up to the order step but storing the order has to be done in the JQAdm class where Aimeos has full control over what happens.
If you are implementing the feature described, we would love to add it to the core if you create a pull request
If you are implementing the feature described, we would love to add it to the core if you create a pull request
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, give us a star
If you like Aimeos, give us a star