From 158b4802ab0d27e4fcf5f7ba16d2e523c64c2e30 Mon Sep 17 00:00:00 2001
From: Christophe Robillard <christophe.robillard@beta.gouv.fr>
Date: Wed, 29 Apr 2020 10:23:35 +0200
Subject: [PATCH] store attestation sociale and display

---
 app/controllers/users/dossiers_controller.rb      |  2 ++
 app/lib/api_entreprise/api.rb                     |  2 +-
 app/models/etablissement.rb                       | 15 +++++++++++++++
 app/models/procedure.rb                           |  6 +++++-
 .../dossiers/_identite_entreprise.html.haml       |  4 ++++
 .../controllers/users/dossiers_controller_spec.rb |  9 +++++++++
 spec/features/users/dossier_creation_spec.rb      |  1 +
 .../attestation_sociale_adapter_spec.rb           |  5 +++--
 spec/services/api_entreprise_service_spec.rb      |  4 ++++
 9 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/app/controllers/users/dossiers_controller.rb b/app/controllers/users/dossiers_controller.rb
index 88ea0db37..8419516bd 100644
--- a/app/controllers/users/dossiers_controller.rb
+++ b/app/controllers/users/dossiers_controller.rb
@@ -112,7 +112,9 @@ module Users
         return render_siret_error(t('errors.messages.siret_unknown'))
       end
 
+      attestation_sociale_url = etablissement_attributes.delete(:entreprise_attestation_sociale_url)
       etablissement = @dossier.build_etablissement(etablissement_attributes)
+      etablissement.upload_attestation_sociale(attestation_sociale_url) if attestation_sociale_url.present?
       etablissement.save!
       current_user.update!(siret: sanitized_siret)
       @dossier.update!(autorisation_donnees: true)
diff --git a/app/lib/api_entreprise/api.rb b/app/lib/api_entreprise/api.rb
index d71fc0ff2..d4e43a057 100644
--- a/app/lib/api_entreprise/api.rb
+++ b/app/lib/api_entreprise/api.rb
@@ -86,6 +86,6 @@ class ApiEntreprise::API
 
   def self.token_for_procedure(procedure_id)
     procedure = Procedure.find(procedure_id)
-    procedure.api_entreprise_token.presence || Rails.application.secrets.api_entreprise[:key]
+    procedure.api_entreprise_token
   end
 end
diff --git a/app/models/etablissement.rb b/app/models/etablissement.rb
index 5b57331a2..7826468d8 100644
--- a/app/models/etablissement.rb
+++ b/app/models/etablissement.rb
@@ -4,6 +4,8 @@ class Etablissement < ApplicationRecord
   has_one :champ, class_name: 'Champs::SiretChamp'
   has_many :exercices, dependent: :destroy
 
+  has_one_attached :entreprise_attestation_sociale
+
   accepts_nested_attributes_for :exercices
 
   validates :siret, presence: true
@@ -114,6 +116,19 @@ class Etablissement < ApplicationRecord
     )
   end
 
+  def upload_attestation_sociale(url)
+    filename = File.basename(URI.parse(url).path)
+    response = Typhoeus.get(url)
+
+    if response.success?
+      entreprise_attestation_sociale.attach(
+        io: StringIO.new(response.body),
+        filename: filename,
+        metadata: { virus_scan_result: ActiveStorage::VirusScanner::SAFE }
+      )
+    end
+  end
+
   private
 
   def dossier_id_for_export
diff --git a/app/models/procedure.rb b/app/models/procedure.rb
index 493aa4858..7620187b4 100644
--- a/app/models/procedure.rb
+++ b/app/models/procedure.rb
@@ -552,7 +552,11 @@ class Procedure < ApplicationRecord
   end
 
   def api_entreprise_role?(role)
-    api_entreprise_roles&.include?(role)
+    api_entreprise_roles.include?(role)
+  end
+
+  def api_entreprise_token
+    self[:api_entreprise_token].presence || Rails.application.secrets.api_entreprise[:key]
   end
 
   private
diff --git a/app/views/shared/dossiers/_identite_entreprise.html.haml b/app/views/shared/dossiers/_identite_entreprise.html.haml
index a10cfdaf5..3d51392d2 100644
--- a/app/views/shared/dossiers/_identite_entreprise.html.haml
+++ b/app/views/shared/dossiers/_identite_entreprise.html.haml
@@ -67,6 +67,10 @@
           - elsif etablissement.exercices.present?
             = t('activemodel.models.exercices_summary', count: etablissement.exercices.count)
 
+      - if etablissement.entreprise_attestation_sociale.attached?
+        %tr
+          %th.libelle Attestation sociale
+          %td= link_to "Consulter l'attestation", url_for(etablissement.entreprise_attestation_sociale)
       - if etablissement.association?
         %tr
           %th.libelle Numéro RNA :
diff --git a/spec/controllers/users/dossiers_controller_spec.rb b/spec/controllers/users/dossiers_controller_spec.rb
index 8f56f1f38..4f72d030c 100644
--- a/spec/controllers/users/dossiers_controller_spec.rb
+++ b/spec/controllers/users/dossiers_controller_spec.rb
@@ -221,6 +221,9 @@ describe Users::DossiersController, type: :controller do
     let(:api_association_status) { 200 }
     let(:api_association_body) { File.read('spec/fixtures/files/api_entreprise/associations.json') }
 
+    let(:api_entreprise_attestation_sociale_status) { 200 }
+    let(:api_entreprise_attestation_sociale_body) { File.read('spec/fixtures/files/api_entreprise/attestation_sociale.json') }
+
     def stub_api_entreprise_requests
       stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/etablissements\/#{siret}?.*token=/)
         .to_return(status: api_etablissement_status, body: api_etablissement_body)
@@ -234,11 +237,16 @@ describe Users::DossiersController, type: :controller do
         .to_return(body: api_entreprise_effectifs_mensuels_body, status: api_entreprise_effectifs_mensuels_status)
       stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/effectifs_annuels_acoss_covid\/#{siren}?.*token=/)
         .to_return(body: api_entreprise_effectifs_annuels_body, status: api_entreprise_effectifs_annuels_status)
+      stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/attestations_sociales_acoss\/#{siren}?.*token=/)
+        .to_return(body: api_entreprise_attestation_sociale_body, status: api_entreprise_attestation_sociale_status)
+      stub_request(:get, "https://storage.entreprise.api.gouv.fr/siade/1569156881-f749d75e2bfd443316e2e02d59015f-attestation_vigilance_acoss.pdf")
+        .to_return(body: "body attestation", status: 200)
     end
 
     before do
       sign_in(user)
       stub_api_entreprise_requests
+      allow_any_instance_of(Procedure).to receive(:api_entreprise_roles).and_return(["entreprises", "attestations_sociales"])
     end
     before { Timecop.freeze(Time.zone.local(2020, 3, 14)) }
     after { Timecop.return }
@@ -334,6 +342,7 @@ describe Users::DossiersController, type: :controller do
           expect(dossier.etablissement.association?).to be(true)
           expect(dossier.etablissement.entreprise_effectif_mensuel).to be_present
           expect(dossier.etablissement.entreprise_effectif_annuel).to be_present
+          expect(dossier.etablissement.entreprise_attestation_sociale).to be_attached
         end
       end
     end
diff --git a/spec/features/users/dossier_creation_spec.rb b/spec/features/users/dossier_creation_spec.rb
index 4dec03889..4c00469f0 100644
--- a/spec/features/users/dossier_creation_spec.rb
+++ b/spec/features/users/dossier_creation_spec.rb
@@ -78,6 +78,7 @@ feature 'Creating a new dossier:' do
           .to_return(status: 404, body: '')
         stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/effectifs_annuels_acoss_covid\/#{siren}?.*token=/)
           .to_return(status: 404, body: '')
+        allow_any_instance_of(Procedure).to receive(:api_entreprise_roles).and_return([])
       end
       before { Timecop.freeze(Time.zone.local(2020, 3, 14)) }
       after { Timecop.return }
diff --git a/spec/lib/api_entreprise/attestation_sociale_adapter_spec.rb b/spec/lib/api_entreprise/attestation_sociale_adapter_spec.rb
index 0e3d7b965..6f757e9bc 100644
--- a/spec/lib/api_entreprise/attestation_sociale_adapter_spec.rb
+++ b/spec/lib/api_entreprise/attestation_sociale_adapter_spec.rb
@@ -1,12 +1,13 @@
 describe ApiEntreprise::AttestationSocialeAdapter do
   let(:siren) { '418166096' }
-  let(:procedure_id) { 22 }
-  let(:adapter) { described_class.new(siren, procedure_id) }
+  let(:procedure) { create(:procedure) }
+  let(:adapter) { described_class.new(siren, procedure.id) }
   subject { adapter.to_params }
 
   before do
     stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/attestations_sociales_acoss\/#{siren}?.*token=/)
       .to_return(body: body, status: status)
+    allow_any_instance_of(Procedure).to receive(:api_entreprise_roles).and_return(["attestations_sociales"])
   end
 
   context "when the SIREN is valid" do
diff --git a/spec/services/api_entreprise_service_spec.rb b/spec/services/api_entreprise_service_spec.rb
index 9a7024005..55fbd3467 100644
--- a/spec/services/api_entreprise_service_spec.rb
+++ b/spec/services/api_entreprise_service_spec.rb
@@ -53,6 +53,10 @@ describe ApiEntrepriseService do
     let(:procedure) { create(:procedure, api_entreprise_token: 'un-jeton') }
     let(:result) { ApiEntrepriseService.get_etablissement_params_for_siret(siret, procedure.id) }
 
+    before do
+      allow_any_instance_of(Procedure).to receive(:api_entreprise_roles).and_return(["attestations_sociales"])
+    end
+
     context 'when service is up' do
       it 'should fetch etablissement params' do
         expect(result[:entreprise_siren]).to eq(siren)