DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

feat(demarche): create and prefill a dossier with POST request (#8233)

Browse source 
* add base controller for public api

* add dossiers controller with basic checks

* create the dossier

* ensure content-type is json

* prefill dossier with given values

* mark a dossier as prefilled

When a dossier is prefilled, it's allowed not to have a user.

Plus, we add a secure token to the dossier, which we will need later to set a
user after sign in / sign up.

* set user as owner of an orphan prefilled dossier

When a visitor comes from the dossier_url answered by the public api,
the dossier is orphan:
- when the user is already authenticated: they become the owner
- when the user is not authenticated: they can sign in / sign up / france_connect
and then they become the owner

So here is the procedure:
- allow to sign in / sign up / france connect when user is unauthenticated
- set dossier ownership when the dossier is orphan
- check dossier ownership when the dossier is not
- redirect to brouillon path when user is signed in and owner

* mark the dossier as prefilled when it's prefilled
(even with a GET request, because it will be useful later on, for
exmample in order to cleanup the unused prefilled dossiers)

* system spec: prefilling dossier with post request
This commit is contained in:
Sébastien Carceles 2023-01-03 14:46:10 +01:00 committed by GitHub
parent 3f4e7ab1f5
commit 20136b7ac8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 760 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

28
app/models/dossier.rb
View file

@ -28,6 +28,8 @@
# last_champ_updated_at :datetime
# last_commentaire_updated_at :datetime
# motivation :text
# prefill_token :string
# prefilled :boolean
# private_search_terms :text
# processed_at :datetime
# search_terms :text
@ -70,6 +72,8 @@ class Dossier < ApplicationRecord
DAYS_AFTER_EXPIRATION = 5
INTERVAL_EXPIRATION = "#{MONTHS_AFTER_EXPIRATION} month #{DAYS_AFTER_EXPIRATION} days"
has_secure_token :prefill_token
has_one :etablissement, dependent: :destroy
has_one :individual, validate: false, dependent: :destroy
has_one :attestation, dependent: :destroy
@ -218,11 +222,12 @@ class Dossier < ApplicationRecord
scope :state_termine, -> { where(state: TERMINE) }
scope :state_not_termine, -> { where.not(state: TERMINE) }
scope :archived, -> { where(archived: true) }
scope :not_archived, -> { where(archived: false) }
scope :hidden_by_user, -> { where.not(hidden_by_user_at: nil) }
scope :hidden_by_administration, -> { where.not(hidden_by_administration_at: nil) }
scope :visible_by_user, -> { where(for_procedure_preview: false).or(where(for_procedure_preview: nil)).where(hidden_by_user_at: nil) }
scope :archived, -> { where(archived: true) }
scope :not_archived, -> { where(archived: false) }
scope :prefilled, -> { where(prefilled: true) }
scope :hidden_by_user, -> { where.not(hidden_by_user_at: nil) }
scope :hidden_by_administration, -> { where.not(hidden_by_administration_at: nil) }
scope :visible_by_user, -> { where(for_procedure_preview: false).or(where(for_procedure_preview: nil)).where(hidden_by_user_at: nil) }
scope :visible_by_administration, -> {
state_not_brouillon
.where(hidden_by_administration_at: nil)
@ -435,7 +440,7 @@ class Dossier < ApplicationRecord
after_save :send_web_hook
validates :user, presence: true, if: -> { deleted_user_email_never_send.nil? }
validates :user, presence: true, if: -> { deleted_user_email_never_send.nil? }, unless: -> { prefilled }
validates :individual, presence: true, if: -> { revision.procedure.for_individual? }
validates :groupe_instructeur, presence: true, if: -> { !brouillon? }
@ -718,6 +723,17 @@ class Dossier < ApplicationRecord
end
end
def orphan?
prefilled? && user.nil?
end
def owned_by?(a_user)
return false if a_user.nil?
return false if orphan?
user == a_user
end
def log_operations?
!procedure.brouillon? && !brouillon?
end