From 01b966ff663e726b0a1b96bb90d8657a4b5edc5f Mon Sep 17 00:00:00 2001 From: Paul Chavard Date: Tue, 26 Feb 2019 16:18:04 +0100 Subject: [PATCH] Check demarche ownership on multiple administrateurs --- app/controllers/admin/procedures_controller.rb | 15 +++++++-------- app/controllers/api/v1/dossiers_controller.rb | 2 +- app/controllers/api/v1/procedures_controller.rb | 2 +- app/controllers/api_controller.rb | 6 ++++-- app/controllers/new_user/dossiers_controller.rb | 2 +- app/controllers/stats_controller.rb | 2 +- app/models/administrateur.rb | 5 ++--- app/models/dossier.rb | 2 +- app/models/procedure.rb | 16 +++++++++------- .../admin/procedures/new_from_existing.html.haml | 2 +- .../dubious_procedures.html.haml | 5 ++++- app/views/root/landing.html.haml | 2 +- 12 files changed, 33 insertions(+), 28 deletions(-) diff --git a/app/controllers/admin/procedures_controller.rb b/app/controllers/admin/procedures_controller.rb index 6c70a29c2..23972fc57 100644 --- a/app/controllers/admin/procedures_controller.rb +++ b/app/controllers/admin/procedures_controller.rb @@ -69,7 +69,7 @@ class Admin::ProceduresController < AdminController def create @procedure = Procedure.new(procedure_params.merge(administrateurs: [current_administrateur])) @path = @procedure.path - @availability = Procedure.path_availability(current_administrateur, @procedure.path) + @availability = Procedure.path_availability([current_administrateur], @procedure.path) if !@procedure.save flash.now.alert = @procedure.errors.full_messages @@ -195,7 +195,7 @@ class Admin::ProceduresController < AdminController .pluck('procedures.id') @grouped_procedures = Procedure - .includes(:administrateur, :service) + .includes(:administrateurs, :service) .where(id: significant_procedure_ids) .group_by(&:organisation_name) .sort_by { |_, procedures| procedures.first.created_at } @@ -217,11 +217,10 @@ class Admin::ProceduresController < AdminController json_path_list = Procedure .find_with_path(params[:request]) .order(:id) - .pluck(:path, :administrateur_id) - .map do |path, administrateur_id| + .map do |procedure| { - label: path, - mine: administrateur_id == current_administrateur.id + label: procedure.path, + mine: current_administrateur.owns?(procedure) } end.to_json @@ -236,7 +235,7 @@ class Admin::ProceduresController < AdminController procedure = current_administrateur.procedures.find(procedure_id) @availability = procedure.path_availability(path) else - @availability = Procedure.path_availability(current_administrateur, path) + @availability = Procedure.path_availability([current_administrateur], path) end end @@ -273,7 +272,7 @@ class Admin::ProceduresController < AdminController if @procedure&.locked? params.require(:procedure).permit(*editable_params) else - params.require(:procedure).permit(*editable_params, :duree_conservation_dossiers_dans_ds, :duree_conservation_dossiers_hors_ds, :for_individual, :individual_with_siret, :ask_birthday, :path).merge(administrateur_id: current_administrateur.id) + params.require(:procedure).permit(*editable_params, :duree_conservation_dossiers_dans_ds, :duree_conservation_dossiers_hors_ds, :for_individual, :individual_with_siret, :ask_birthday, :path) end end end diff --git a/app/controllers/api/v1/dossiers_controller.rb b/app/controllers/api/v1/dossiers_controller.rb index 68cc51c41..869796119 100644 --- a/app/controllers/api/v1/dossiers_controller.rb +++ b/app/controllers/api/v1/dossiers_controller.rb @@ -38,7 +38,7 @@ class API::V1::DossiersController < APIController def fetch_procedure_and_check_token @procedure = Procedure.for_api.find(params[:procedure_id]) - if !valid_token_for_administrateur?(@procedure.administrateur) + if !valid_token_for_administrateur?(@procedure.administrateurs) render json: {}, status: :unauthorized end diff --git a/app/controllers/api/v1/procedures_controller.rb b/app/controllers/api/v1/procedures_controller.rb index dd929c7b7..311eb4fbd 100644 --- a/app/controllers/api/v1/procedures_controller.rb +++ b/app/controllers/api/v1/procedures_controller.rb @@ -10,7 +10,7 @@ class API::V1::ProceduresController < APIController def fetch_procedure_and_check_token @procedure = Procedure.for_api.find(params[:id]) - if !valid_token_for_administrateur?(@procedure.administrateur) + if !valid_token_for_administrateur?(@procedure.administrateurs) render json: {}, status: :unauthorized end diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 0259809b3..9ea03e3d5 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -3,8 +3,10 @@ class APIController < ApplicationController protected - def valid_token_for_administrateur?(administrateur) - administrateur.valid_api_token?(token) + def valid_token_for_administrateur?(administrateurs) + administrateurs.any? do |administrateur| + administrateur.valid_api_token?(token) + end end private diff --git a/app/controllers/new_user/dossiers_controller.rb b/app/controllers/new_user/dossiers_controller.rb index f6871c8f5..6bbd5c412 100644 --- a/app/controllers/new_user/dossiers_controller.rb +++ b/app/controllers/new_user/dossiers_controller.rb @@ -186,7 +186,7 @@ module NewUser end def ask_deletion - dossier = current_user.dossiers.includes(:user, procedure: :administrateur).find(params[:id]) + dossier = current_user.dossiers.includes(:user, procedure: :administrateurs).find(params[:id]) if dossier.can_be_deleted_by_user? dossier.delete_and_keep_track diff --git a/app/controllers/stats_controller.rb b/app/controllers/stats_controller.rb index c8cb4138a..b3b77264f 100644 --- a/app/controllers/stats_controller.rb +++ b/app/controllers/stats_controller.rb @@ -235,7 +235,7 @@ class StatsController < ApplicationController end def procedures_count_per_administrateur(procedures) - count_per_administrateur = procedures.group(:administrateur_id).count.values + count_per_administrateur = procedures.joins(:administrateurs).group('administrateurs.id').count.values { 'Une démarche' => count_per_administrateur.select { |count| count == 1 }.count, 'Entre deux et cinq démarches' => count_per_administrateur.select { |count| count.in?(2..5) }.count, diff --git a/app/models/administrateur.rb b/app/models/administrateur.rb index b9bd5c5e5..26f998d20 100644 --- a/app/models/administrateur.rb +++ b/app/models/administrateur.rb @@ -7,9 +7,8 @@ class Administrateur < ApplicationRecord :recoverable, :rememberable, :trackable, :validatable has_and_belongs_to_many :gestionnaires - has_many :procedures has_many :administrateurs_procedures - has_many :admin_procedures, through: :administrateurs_procedures, source: :procedure + has_many :procedures, through: :administrateurs_procedures has_many :services has_many :dossiers, -> { state_not_brouillon }, through: :procedures @@ -117,7 +116,7 @@ class Administrateur < ApplicationRecord end def owns?(procedure) - id == procedure.administrateur_id + procedure.administrateurs.include?(self) end def gestionnaire diff --git a/app/models/dossier.rb b/app/models/dossier.rb index 0b39fe4b2..c47c5c935 100644 --- a/app/models/dossier.rb +++ b/app/models/dossier.rb @@ -264,7 +264,7 @@ class Dossier < ApplicationRecord update(hidden_at: deleted_dossier.deleted_at) if en_construction? - administration_emails = followers_gestionnaires.present? ? followers_gestionnaires.pluck(:email) : [procedure.administrateur.email] + administration_emails = followers_gestionnaires.present? ? followers_gestionnaires.pluck(:email) : procedure.administrateurs.pluck(:email) administration_emails.each do |email| DossierMailer.notify_deletion_to_administration(deleted_dossier, email).deliver_later end diff --git a/app/models/procedure.rb b/app/models/procedure.rb index 4c97baefe..643f704cb 100644 --- a/app/models/procedure.rb +++ b/app/models/procedure.rb @@ -1,6 +1,8 @@ require Rails.root.join('lib', 'percentile') class Procedure < ApplicationRecord + self.ignored_columns = [:administrateur_id] + MAX_DUREE_CONSERVATION = 36 has_many :types_de_piece_justificative, -> { ordered }, dependent: :destroy @@ -12,7 +14,6 @@ class Procedure < ApplicationRecord has_one :module_api_carto, dependent: :destroy has_one :attestation_template, dependent: :destroy - belongs_to :administrateur belongs_to :parent_procedure, class_name: 'Procedure' belongs_to :service @@ -48,7 +49,7 @@ class Procedure < ApplicationRecord scope :for_api, -> { includes( - :administrateur, + :administrateurs, :types_de_champ_private, :types_de_champ, :types_de_piece_justificative, @@ -220,7 +221,6 @@ class Procedure < ApplicationRecord procedure.administrateurs = administrateurs end - procedure.administrateur = admin procedure.initiated_mail = initiated_mail&.dup procedure.received_mail = received_mail&.dup procedure.closed_mail = closed_mail&.dup @@ -341,10 +341,10 @@ class Procedure < ApplicationRecord PATH_CAN_PUBLISH = [PATH_AVAILABLE, PATH_AVAILABLE_PUBLIEE] def path_availability(path) - Procedure.path_availability(administrateur, path, id) + Procedure.path_availability(administrateurs, path, id) end - def self.path_availability(administrateur, path, exclude_id = nil) + def self.path_availability(administrateurs, path, exclude_id = nil) if exclude_id.present? procedure = where.not(id: exclude_id).find_by(path: path) else @@ -353,7 +353,7 @@ class Procedure < ApplicationRecord if procedure.blank? PATH_AVAILABLE - elsif administrateur.owns?(procedure) + elsif administrateurs.any? { |administrateur| administrateur.owns?(procedure) } if procedure.brouillon? PATH_NOT_AVAILABLE_BROUILLON else @@ -391,7 +391,9 @@ class Procedure < ApplicationRecord private def claim_path_ownership!(path) - procedure = Procedure.where(administrateur: administrateur).find_by(path: path) + procedure = Procedure.joins(:administrateurs) + .where(administrateurs: { id: administrateur_ids }) + .find_by(path: path) if procedure&.publiee? && procedure != self procedure.archive! diff --git a/app/views/admin/procedures/new_from_existing.html.haml b/app/views/admin/procedures/new_from_existing.html.haml index d30add299..a89acf5e6 100644 --- a/app/views/admin/procedures/new_from_existing.html.haml +++ b/app/views/admin/procedures/new_from_existing.html.haml @@ -27,4 +27,4 @@ %td = link_to('Cloner', admin_procedure_clone_path(procedure.id, from_new_from_existing: true), 'data-method' => :put, class: 'btn-sm btn-primary clone-btn') %td{ style: 'padding-left: 10px;' } - = link_to('Contacter', "mailto:#{procedure.administrateur.email}") + = link_to('Contacter', "mailto:#{procedure.administrateurs.pluck(:email) * ","}") diff --git a/app/views/administration_mailer/dubious_procedures.html.haml b/app/views/administration_mailer/dubious_procedures.html.haml index a88ef60e9..8ab2bd288 100644 --- a/app/views/administration_mailer/dubious_procedures.html.haml +++ b/app/views/administration_mailer/dubious_procedures.html.haml @@ -13,6 +13,9 @@ Nombre de dossier : #{procedure.dossiers.count} %br Admin : - = link_to "#{procedure.administrateur.email}", "mailto:#{procedure.administrateur.email}" + %ul + - procedure.administrateurs.each do |administrateur| + %li + = link_to "#{administrateur.email}", "mailto:#{administrateur.email}" - else Il n'y a aucune démarche douteuse aujourd'hui diff --git a/app/views/root/landing.html.haml b/app/views/root/landing.html.haml index 6fa52eb8f..5469e3a2d 100644 --- a/app/views/root/landing.html.haml +++ b/app/views/root/landing.html.haml @@ -43,7 +43,7 @@ %ul.numbers %li.number .number-value - = number_with_delimiter(Procedure.includes(:administrateur).publiees_ou_archivees.map(&:administrateur).uniq.count, :locale => :fr) + = number_with_delimiter(Procedure.includes(:administrateurs).publiees_ou_archivees.flat_map(&:administrateurs).uniq.count, :locale => :fr) .number-label< administrations %br<>