available quantity not checked on PUT item to cart

[DennisdeBest]

Hello,

When I try to add a product with a bigger quantity than is available (POST ​/carts​/{token}​/items) I get the following response :

{"code":500,"message":"Not enough stock for product variant: my_product"}

That is great but when I update the quantity of the product, PUT /carts/{token}/items/{identifier} it always passes even if the quantity is much higher than the available stock.

Looking into vendor/sylius/shop-api-plugin/src/Controller/Cart/ChangeItemQuantityAction.php I can see tht it is the validate function fron the DefaultCommandProvider that is called. There are no constraints passed to this function. What could we do to check the inventory when the quantity gets changed ?

[mamazu]

Hello, I have checked the error out. Neither endpoints have any validation on those properties. This is the reason you are getting a 500 error from this endpoint. (Which is not optimal in the first place.) But the reason the add fails is that it uses the OrderModifier that we created in the ShopApiPlugin (here)

https://github.com/Sylius/ShopApiPlugin/blob/6b0981c4d03394add65e7ef806a36e449120235e/src/Modifier/OrderModifier.php#L57

This checks that the cart has sufficient stock and asserts otherwise. However, the logic in the ChangeItemQuantityHandler just calls the Sylius core method (that does not check the stock) and is done with it.

https://github.com/Sylius/ShopApiPlugin/blob/6b0981c4d03394add65e7ef806a36e449120235e/src/Handler/Cart/ChangeItemQuantityHandler.php#L55

So the easy solution would be to add validation on both cases (one validator and then just add the constraint everywhere). Otherwise we could also try to unify the logic with the cart modification so that it can be used in both instances.