demarches-normaliennes/app/models/administrateur.rb

class Administrateur < ApplicationRecord
  include ActiveRecord::SecureToken

  has_and_belongs_to_many :instructeurs
  has_many :administrateurs_procedures
  has_many :procedures, through: :administrateurs_procedures
  has_many :services

  has_one :user, dependent: :nullify

  default_scope { eager_load(:user) }

  scope :inactive, -> { joins(:user).where(users: { last_sign_in_at: nil }) }
  scope :with_publiees_ou_closes, -> { joins(:procedures).where(procedures: { aasm_state: [:publiee, :close, :depubliee] }) }

  def self.by_email(email)
    Administrateur.find_by(users: { email: email })
  end

  def email
    user&.email
  end

  # validate :password_complexity, if: Proc.new { |a| Devise.password_length.include?(a.password.try(:size)) }

  def password_complexity
    if password.present? && ZxcvbnService.new(password).score < PASSWORD_COMPLEXITY_FOR_ADMIN
      errors.add(:password, :not_strong)
    end
  end

  def self.find_inactive_by_token(reset_password_token)
    self.inactive.with_reset_password_token(reset_password_token)
  end

  def self.find_inactive_by_id(id)
    self.inactive.find(id)
  end

  def renew_api_token
    api_token = Administrateur.generate_unique_secure_token
    encrypted_token = BCrypt::Password.create(api_token)
    update(encrypted_token: encrypted_token)
    api_token
  end

  def valid_api_token?(api_token)
    BCrypt::Password.new(encrypted_token) == api_token
  rescue BCrypt::Errors::InvalidHash
    false
  end

  def registration_state
    if user.active?
      'Actif'
    elsif user.reset_password_period_valid?
      'En attente'
    else
      'Expiré'
    end
  end

  def invitation_expired?
    !user.active? && !user.reset_password_period_valid?
  end

  def owns?(procedure)
    procedure.administrateurs.include?(self)
  end

  def instructeur
    user.instructeur
  end

  def can_be_deleted?
    procedures.all? { |p| p.administrateurs.count > 1 }
  end

  def delete_and_transfer_services
    if !can_be_deleted?
      fail "Impossible de supprimer cet administrateur car il a des démarches où il est le seul administrateur"
    end

    procedures.with_discarded.each do |procedure|
      next_administrateur = procedure.administrateurs.where.not(id: self.id).first
      procedure.service.update(administrateur: next_administrateur)
    end

    services.each do |service|
      # We can't destroy a service if it has procedures, even if those procedures are archived
      service.destroy unless service.procedures.with_discarded.any?
    end

    destroy
  end

  # required to display feature flags field in manager
  def features
  end
end
Enable some Rails cops 2018-03-06 13:44:29 +01:00			`class Administrateur < ApplicationRecord`
Api Token: store token in an encrypted form 2018-08-24 16:45:43 +02:00			`include ActiveRecord::SecureToken`
[Fix #1479] Sanitize Administrateur email before validation 2018-02-28 14:30:59 +01:00
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`has_and_belongs_to_many :instructeurs`
[Ref #1626] Add the administrateurs_procedures table and associations 2018-03-23 11:39:36 +01:00			`has_many :administrateurs_procedures`
Check demarche ownership on multiple administrateurs 2019-02-26 16:18:04 +01:00			`has_many :procedures, through: :administrateurs_procedures`
Service: create model 2018-04-17 16:11:49 +02:00			`has_many :services`
add api_token for admin 2015-12-14 17:28:36 +01:00
Fix admin deletion by an administration 2019-08-19 10:47:37 +02:00			`has_one :user, dependent: :nullify`
Link user and administrateur 2019-08-09 09:45:11 +02:00
admin: always eager load the user relationship Now that `Administrateur.email` is merely an alias to `administrateur.user.email`, and we changed every occurence of `administrateurs.pluck(:email)` to `administrateurs.map(&:email)`, the new version using `map` may cause N+1 queries if the users have not been preloaded. It makes sense to always preload the user when fetching an Administrateur: - Administrateur and User have a strongly coupled relationship - It avoids N+1 queries everywhere in the app Of course fetching an administrateur without needing its user will now do an unecessary fetch of the associated user. But it seems better than leaving a risk of N+1 queries in many places. 2020-02-03 13:44:12 +01:00			`default_scope { eager_load(:user) }`

User: inactive user have never signed_in 2019-10-07 15:39:35 +02:00			`scope :inactive, -> { joins(:user).where(users: { last_sign_in_at: nil }) }`
Cleanup demarche archivee state 2019-12-18 13:28:29 +01:00			`scope :with_publiees_ou_closes, -> { joins(:procedures).where(procedures: { aasm_state: [:publiee, :close, :depubliee] }) }`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00
admin: replace calls to `Administrateur.find_by(email: ...)` 2020-01-30 17:08:09 +01:00			`def self.by_email(email)`
admin: always eager load the user relationship Now that `Administrateur.email` is merely an alias to `administrateur.user.email`, and we changed every occurence of `administrateurs.pluck(:email)` to `administrateurs.map(&:email)`, the new version using `map` may cause N+1 queries if the users have not been preloaded. It makes sense to always preload the user when fetching an Administrateur: - Administrateur and User have a strongly coupled relationship - It avoids N+1 queries everywhere in the app Of course fetching an administrateur without needing its user will now do an unecessary fetch of the associated user. But it seems better than leaving a risk of N+1 queries in many places. 2020-02-03 13:44:12 +01:00			`Administrateur.find_by(users: { email: email })`
admin: replace calls to `Administrateur.find_by(email: ...)` 2020-01-30 17:08:09 +01:00			`end`
admin: alias `Administrateur.email` 2020-02-03 11:07:53 +01:00
			`def email`
Fix admin/new manager page 2020-03-24 14:45:53 +01:00			`user&.email`
admin: alias `Administrateur.email` 2020-02-03 11:07:53 +01:00			`end`

temporary remove password complexity check 2019-08-09 10:41:10 +02:00			`# validate :password_complexity, if: Proc.new { \|a\| Devise.password_length.include?(a.password.try(:size)) }`
[Fix #1285] Password strength is ensured when saving an administrateur 2018-01-25 10:50:06 +01:00
			`def password_complexity`
#3928 Zxcvbn service to compute password complexity 2019-06-20 00:30:49 +02:00			`if password.present? && ZxcvbnService.new(password).score < PASSWORD_COMPLEXITY_FOR_ADMIN`
			`errors.add(:password, :not_strong)`
[Fix #1285] Password strength is ensured when saving an administrateur 2018-01-25 10:50:06 +01:00			`end`
			`end`

Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`def self.find_inactive_by_token(reset_password_token)`
			`self.inactive.with_reset_password_token(reset_password_token)`
			`end`

			`def self.find_inactive_by_id(id)`
			`self.inactive.find(id)`
			`end`

add api_token for admin 2015-12-14 17:28:36 +01:00			`def renew_api_token`
Api Token: store token in an encrypted form 2018-08-24 16:45:43 +02:00			`api_token = Administrateur.generate_unique_secure_token`
			`encrypted_token = BCrypt::Password.create(api_token)`
Administrateur: do not save api_token in clear text anymore 2018-09-26 17:22:36 +02:00			`update(encrypted_token: encrypted_token)`
Api Token: store token in an encrypted form 2018-08-24 16:45:43 +02:00			`api_token`
add api_token for admin 2015-12-14 17:28:36 +01:00			`end`

ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`def valid_api_token?(api_token)`
			`BCrypt::Password.new(encrypted_token) == api_token`
			`rescue BCrypt::Errors::InvalidHash`
			`false`
			`end`

Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`def registration_state`
Code use user.active? 2019-11-05 10:05:59 +01:00			`if user.active?`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`'Actif'`
fix_manager_reset_password 2019-08-19 09:48:55 +02:00			`elsif user.reset_password_period_valid?`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`'En attente'`
			`else`
			`'Expiré'`
			`end`
			`end`

			`def invitation_expired?`
Code use user.active? 2019-11-05 10:05:59 +01:00			`!user.active? && !user.reset_password_period_valid?`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`end`

procedure AASM callbacks 2018-05-17 15:39:37 +02:00			`def owns?(procedure)`
Check demarche ownership on multiple administrateurs 2019-02-26 16:18:04 +01:00			`procedure.administrateurs.include?(self)`
procedure AASM callbacks 2018-05-17 15:39:37 +02:00			`end`
Spec Factory: an administrateur always has a gestionnaire 2019-01-07 15:11:55 +01:00
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`def instructeur`
instructeurs: replace calls to `Instructeur.find_by(email: …)` 2019-10-15 17:44:59 +02:00			`user.instructeur`
Spec Factory: an administrateur always has a gestionnaire 2019-01-07 15:11:55 +01:00			`end`
ajout d'un bouton de suppression des admin dans le manager 2019-07-22 15:33:58 +02:00
			`def can_be_deleted?`
remove useless condition to admin that can be deleted administrateur can be deleted only if he/she has a procedure where he/she is the only admin 2020-02-03 16:33:47 +01:00			`procedures.all? { \|p\| p.administrateurs.count > 1 }`
ajout d'un bouton de suppression des admin dans le manager 2019-07-22 15:33:58 +02:00			`end`
Revert "Revert "4127 fix superadmin supprime compte usager"" This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc. 2020-01-30 10:48:28 +01:00
			`def delete_and_transfer_services`
			`if !can_be_deleted?`
fix typo 2020-02-03 17:46:24 +01:00			`fail "Impossible de supprimer cet administrateur car il a des démarches où il est le seul administrateur"`
Revert "Revert "4127 fix superadmin supprime compte usager"" This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc. 2020-01-30 10:48:28 +01:00			`end`

fix admin deletion of empty service with archived procedures 2020-04-10 17:41:51 +02:00			`procedures.with_discarded.each do \|procedure\|`
Revert "Revert "4127 fix superadmin supprime compte usager"" This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc. 2020-01-30 10:48:28 +01:00			`next_administrateur = procedure.administrateurs.where.not(id: self.id).first`
			`procedure.service.update(administrateur: next_administrateur)`
			`end`
remove orphan services when destroying admin 2020-03-16 17:07:39 +01:00
			`services.each do \|service\|`
fix admin deletion of empty service with archived procedures 2020-04-10 17:41:51 +02:00			`# We can't destroy a service if it has procedures, even if those procedures are archived`
			`service.destroy unless service.procedures.with_discarded.any?`
remove orphan services when destroying admin 2020-03-16 17:07:39 +01:00			`end`

Revert "Revert "4127 fix superadmin supprime compte usager"" This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc. 2020-01-30 10:48:28 +01:00			`destroy`
			`end`
Remove non-existant columns from manager dashboards 2020-03-26 16:17:07 +01:00
			`# required to display feature flags field in manager`
			`def features`
			`end`
Add Administrateurs role and his connexion is ok. 2015-10-23 16:19:55 +02:00			`end`