From 0864666d0abf78dc61ca83838ce1549df077815f Mon Sep 17 00:00:00 2001
From: Paul Chavard <pro@paul.chavard.net>
Date: Mon, 3 Apr 2023 20:00:52 +0200
Subject: [PATCH 1/2] fix(dossier): an invited user can remove (leave) a
 dossier

---
 app/controllers/users/dossiers_controller.rb  | 10 +++++++---
 app/models/user.rb                            |  6 +++---
 .../users/dossiers/_dossier_actions.html.haml |  2 +-
 config/routes.rb                              |  3 +--
 .../users/dossiers_controller_spec.rb         | 20 +++++++++++++++++--
 spec/models/user_spec.rb                      |  2 +-
 spec/system/users/list_dossiers_spec.rb       |  6 +++---
 .../_dossier_actions.html.haml_spec.rb        |  2 +-
 8 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/app/controllers/users/dossiers_controller.rb b/app/controllers/users/dossiers_controller.rb
index ec10c9dbf..390d4d2ac 100644
--- a/app/controllers/users/dossiers_controller.rb
+++ b/app/controllers/users/dossiers_controller.rb
@@ -6,7 +6,7 @@ module Users
     layout 'procedure_context', only: [:identite, :update_identite, :siret, :update_siret]
 
     ACTIONS_ALLOWED_TO_ANY_USER = [:index, :recherche, :new, :transferer_all]
-    ACTIONS_ALLOWED_TO_OWNER_OR_INVITE = [:show, :demande, :messagerie, :brouillon, :update_brouillon, :submit_brouillon, :modifier, :update, :create_commentaire, :papertrail, :restore]
+    ACTIONS_ALLOWED_TO_OWNER_OR_INVITE = [:show, :destroy, :demande, :messagerie, :brouillon, :update_brouillon, :submit_brouillon, :modifier, :update, :create_commentaire, :papertrail, :restore]
 
     before_action :ensure_ownership!, except: ACTIONS_ALLOWED_TO_ANY_USER + ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
     before_action :ensure_ownership_or_invitation!, only: ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
@@ -244,9 +244,13 @@ module Users
       end
     end
 
-    def delete_dossier
+    def destroy
       if dossier.can_be_deleted_by_user?
-        dossier.hide_and_keep_track!(current_user, :user_request)
+        if current_user.owns?(dossier)
+          dossier.hide_and_keep_track!(current_user, :user_request)
+        elsif current_user.invite?(dossier)
+          current_user.invites.where(dossier:).destroy_all
+        end
         flash.notice = t('users.dossiers.ask_deletion.soft_deleted_dossier')
         redirect_to dossiers_path
       else
diff --git a/app/models/user.rb b/app/models/user.rb
index 0163890b7..07085a2c0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -94,12 +94,12 @@ class User < ApplicationRecord
     dossier.user_id == id
   end
 
-  def invite?(dossier_id)
-    invites.pluck(:dossier_id).include?(dossier_id.to_i)
+  def invite?(dossier)
+    invites.pluck(:dossier_id).include?(dossier.id)
   end
 
   def owns_or_invite?(dossier)
-    owns?(dossier) || invite?(dossier.id)
+    owns?(dossier) || invite?(dossier)
   end
 
   def invite!
diff --git a/app/views/users/dossiers/_dossier_actions.html.haml b/app/views/users/dossiers/_dossier_actions.html.haml
index 452692b38..2afd45f93 100644
--- a/app/views/users/dossiers/_dossier_actions.html.haml
+++ b/app/views/users/dossiers/_dossier_actions.html.haml
@@ -47,7 +47,7 @@
 
     - if has_delete_action
       - menu.with_item(class: 'danger') do
-        = link_to(delete_dossier_dossier_path(dossier), role: 'menuitem', method: :patch, data: { disable: true, confirm: "En continuant, vous allez supprimer ce dossier ainsi que les informations qu’il contient. Toute suppression entraîne l’annulation de la démarche en cours.\n\nConfirmer la suppression ?" }) do
+        = link_to(dossier_path(dossier), role: 'menuitem', method: :delete, data: { disable: true, confirm: "En continuant, vous allez supprimer ce dossier ainsi que les informations qu’il contient. Toute suppression entraîne l’annulation de la démarche en cours.\n\nConfirmer la suppression ?" }) do
 
           %span.icon.delete
           .dropdown-description
diff --git a/config/routes.rb b/config/routes.rb
index e187cecd1..c8ec93921 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -306,7 +306,7 @@ Rails.application.routes.draw do
       get '/:path/france_connect', action: 'france_connect', as: :france_connect
     end
 
-    resources :dossiers, only: [:index, :show, :new] do
+    resources :dossiers, only: [:index, :show, :destroy, :new] do
       member do
         get 'identite'
         patch 'update_identite'
@@ -323,7 +323,6 @@ Rails.application.routes.draw do
         get 'demande'
         get 'messagerie'
         post 'commentaire' => 'dossiers#create_commentaire'
-        patch 'delete_dossier'
         patch 'restore', to: 'dossiers#restore'
         get 'attestation'
         get 'transferer', to: 'dossiers#transferer'
diff --git a/spec/controllers/users/dossiers_controller_spec.rb b/spec/controllers/users/dossiers_controller_spec.rb
index d428d6e9f..e395580ee 100644
--- a/spec/controllers/users/dossiers_controller_spec.rb
+++ b/spec/controllers/users/dossiers_controller_spec.rb
@@ -958,10 +958,10 @@ describe Users::DossiersController, type: :controller do
     end
   end
 
-  describe '#delete_dossier' do
+  describe '#destroy' do
     before { sign_in(user) }
 
-    subject { patch :delete_dossier, params: { id: dossier.id } }
+    subject { delete :destroy, params: { id: dossier.id } }
 
     shared_examples_for "the dossier can not be deleted" do
       it "doesn’t notify the deletion" do
@@ -1015,6 +1015,22 @@ describe Users::DossiersController, type: :controller do
 
       it_behaves_like "the dossier can not be deleted"
       it { is_expected.to redirect_to(root_path) }
+
+      context 'but user is invited' do
+        before { dossier.invites.create(user:, email: user.email, message: 'Salut', email_sender: user2.email) }
+
+        it do
+          procedure = dossier.procedure
+          dossier_id = dossier.id
+
+          expect(user.invite?(dossier)).to be_truthy
+          is_expected.to redirect_to(dossiers_path)
+          expect(Dossier.find_by(id: dossier_id)).to be_present
+          expect(Dossier.find_by(id: dossier_id).hidden_by_user_at).to be_nil
+          expect(procedure.deleted_dossiers.count).to eq(0)
+          expect(user.invite?(dossier)).to be_falsy
+        end
+      end
     end
   end
 
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index cbeee2f33..55e9ae977 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -53,7 +53,7 @@ describe User, type: :model do
     let(:dossier) { create :dossier }
     let(:user) { dossier.user }
 
-    subject { user.invite? dossier.id }
+    subject { user.invite? dossier }
 
     context 'when user is invite at the dossier' do
       before do
diff --git a/spec/system/users/list_dossiers_spec.rb b/spec/system/users/list_dossiers_spec.rb
index a0335f096..4a468dda8 100644
--- a/spec/system/users/list_dossiers_spec.rb
+++ b/spec/system/users/list_dossiers_spec.rb
@@ -62,9 +62,9 @@ describe 'user access to the list of their dossiers', js: true do
 
   describe 'deletion' do
     it 'should have links to delete dossiers' do
-      expect(page).to have_link(nil, href: delete_dossier_dossier_path(dossier_brouillon))
-      expect(page).to have_link(nil, href: delete_dossier_dossier_path(dossier_en_construction))
-      expect(page).not_to have_link(nil, href: delete_dossier_dossier_path(dossier_en_instruction))
+      expect(page).to have_link('Supprimer le dossier', href: dossier_path(dossier_brouillon))
+      expect(page).to have_link('Supprimer le dossier', href: dossier_path(dossier_en_construction))
+      expect(page).not_to have_link('Supprimer le dossier', href: dossier_path(dossier_en_instruction))
     end
 
     context 'when user clicks on delete button', js: true do
diff --git a/spec/views/users/dossiers/_dossier_actions.html.haml_spec.rb b/spec/views/users/dossiers/_dossier_actions.html.haml_spec.rb
index b3a4ebaf4..339e3b973 100644
--- a/spec/views/users/dossiers/_dossier_actions.html.haml_spec.rb
+++ b/spec/views/users/dossiers/_dossier_actions.html.haml_spec.rb
@@ -6,7 +6,7 @@ describe 'users/dossiers/dossier_actions.html.haml', type: :view do
   subject { render 'users/dossiers/dossier_actions.html.haml', dossier: dossier, current_user: user }
 
   it { is_expected.to have_link('Commencer un autre dossier', href: commencer_url(path: procedure.path)) }
-  it { is_expected.to have_link('Supprimer le dossier', href: delete_dossier_dossier_path(dossier)) }
+  it { is_expected.to have_link('Supprimer le dossier', href: dossier_path(dossier)) }
   it { is_expected.to have_link('Transférer le dossier', href: transferer_dossier_path(dossier)) }
 
   context 'when the dossier is termine' do

From e2d5834dc2f929f64f87a1edcb06a70c1ac99d85 Mon Sep 17 00:00:00 2001
From: Paul Chavard <github@paul.chavard.net>
Date: Tue, 4 Apr 2023 15:02:20 +0200
Subject: [PATCH 2/2] Update app/models/user.rb

Co-authored-by: Colin Darie <colin@darie.eu>
---
 app/models/user.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 07085a2c0..a4c87de07 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -95,7 +95,7 @@ class User < ApplicationRecord
   end
 
   def invite?(dossier)
-    invites.pluck(:dossier_id).include?(dossier.id)
+    invites.exists?(dossier:)
   end
 
   def owns_or_invite?(dossier)