Merge pull request #4624 from betagouv/instructor_cannot_change_its_mail

Suppression de la possibilité pour instructeur de changer son propre email

app/controllers/users/profil_controller.rb

@@ -1,5 +1,9 @@
 module Users
   class ProfilController < UserController
+    before_action :redirect_if_instructeur,
+      only: :update_email,
+      if: -> { instructeur_signed_in? }
+
     def show
     end
 
@@ -10,14 +14,14 @@ module Users
     end
 
     def update_email
-      if @current_user.update(update_email_params)
+      if current_user.update(update_email_params)
         flash.notice = t('devise.registrations.update_needs_confirmation')
-      elsif @current_user.errors&.details&.dig(:email)&.any? { |e| e[:error] == :taken }
+      elsif current_user.errors&.details&.dig(:email)&.any? { |e| e[:error] == :taken }
-        UserMailer.account_already_taken(@current_user, requested_email).deliver_later
+        UserMailer.account_already_taken(current_user, requested_email).deliver_later
         # avoid leaking information about whether an account with this email exists or not
         flash.notice = t('devise.registrations.update_needs_confirmation')
       else
-        flash.alert = @current_user.errors.full_messages
+        flash.alert = current_user.errors.full_messages
       end
 
       redirect_to profil_path
@@ -32,5 +36,9 @@ module Users
     def requested_email
       update_email_params[:email]
     end
+
+    def redirect_if_instructeur
+      redirect_to profil_path
+    end
   end
 end

app/views/users/profil/show.html.haml

@@ -18,6 +18,7 @@
         %p
           Pour finaliser votre changement d’adresse, vérifiez vos emails et cliquez sur le lien de confirmation.
 
+    - if !instructeur_signed_in?
       = form_for @current_user, url: update_email_path, method: :patch, html: { class: 'form' } do |f|
         = f.email_field :email, value: nil, placeholder: 'Nouvelle adresse email', required: true
         = f.submit "Changer mon adresse", class: 'button primary'

spec/controllers/users/profil_controller_spec.rb

@@ -52,8 +52,6 @@ describe Users::ProfilController, type: :controller do
     end
 
     context 'when the mail is incorrect' do
-      let!(:user2) { create(:user) }
-
       before do
         patch :update_email, params: { user: { email: 'incorrect' } }
         user.reload
@@ -62,5 +60,18 @@ describe Users::ProfilController, type: :controller do
       it { expect(response).to redirect_to(profil_path) }
       it { expect(flash.alert).to eq(['Email invalide']) }
     end
+
+    context 'when the user has an instructeur role' do
+      let(:instructeur_email) { 'instructeur_email@a.com' }
+      let!(:user) { create(:instructeur, email: instructeur_email).user }
+
+      before do
+        patch :update_email, params: { user: { email: 'loulou@lou.com' } }
+        user.reload
+      end
+
+      it { expect(user.unconfirmed_email).to be_nil }
+      it { expect(response).to redirect_to(profil_path) }
+    end
   end
 end