Merge pull request #570 from sgmap/fix_only_allowed_users_can_create_invitation

When user or gestionnaire has no access to dossier, he cannot create …
This commit is contained in:
Mathieu Magnin 2017-07-11 10:59:44 +02:00 committed by GitHub
commit 2985623bec
2 changed files with 116 additions and 63 deletions

View file

@ -5,11 +5,12 @@ class InvitesController < ApplicationController
email_sender = @current_devise_profil.email
class_var = @current_devise_profil.class == User ? InviteUser : InviteGestionnaire
dossier = @current_devise_profil.dossiers.find(params[:dossier_id])
email = params[:email].downcase
user = User.find_by_email(email)
invite = class_var.create(dossier_id: params[:dossier_id], user: user, email: email, email_sender: email_sender)
invite = class_var.create(dossier: dossier, user: user, email: email, email_sender: email_sender)
if invite.valid?
InviteMailer.invite_user(invite).deliver_now! unless invite.user.nil?

View file

@ -1,102 +1,154 @@
require 'spec_helper'
describe InvitesController, type: :controller do
let(:dossier) { create(:dossier) }
let(:dossier) { create(:dossier, :replied) }
let(:email) { 'plop@octo.com' }
describe '#POST create' do
let(:invite) { Invite.last }
before do
sign_in create(:gestionnaire)
sign_in signed_in_profile
end
subject { post :create, params: {dossier_id: dossier.id, email: email} }
it { expect { subject }.to change(InviteGestionnaire, :count).by(1) }
context "when gestionnaire is signed_in" do
let(:signed_in_profile) { create(:gestionnaire) }
context 'when is a user who is loged' do
before do
sign_in create(:user)
shared_examples_for "he can not create invitation" do
it { expect { subject }.to raise_error(ActiveRecord::RecordNotFound) }
it { expect { subject rescue nil }.to change(InviteGestionnaire, :count).by(0) }
end
it { expect { subject }.to change(InviteGestionnaire, :count).by(1) }
end
context 'when email is assign to an user' do
let! (:user) { create(:user, email: email) }
before do
subject
context 'when gestionnaire has no access to dossier' do
it_behaves_like "he can not create invitation"
end
describe 'Invite information' do
let(:email) { 'PLIP@octo.com' }
let(:invite) { Invite.last }
context 'when gestionnaire is invited for avis on dossier' do
before { Avis.create(gestionnaire: signed_in_profile, claimant: create(:gestionnaire), dossier: dossier) }
it 'email is on lower case' do
expect(invite.email).to eq 'plip@octo.com'
end
it_behaves_like "he can not create invitation"
end
it { expect(invite.user).to eq user }
it { expect(flash[:notice]).to be_present }
end
context 'when email is not assign to an user' do
before do
subject
end
it { expect(invite.user).to be_nil }
it { expect(flash[:notice]).to be_present }
end
describe 'not an email' do
context 'when email is not valid' do
let(:email) { 'plip.com' }
context 'when gestionnaire has access to dossier' do
before do
subject
signed_in_profile.procedures << dossier.procedure
end
it { expect { subject }.not_to change(Invite, :count) }
it { expect(flash[:alert]).to be_present }
end
it { expect { subject }.to change(InviteGestionnaire, :count).by(1) }
context 'when email is already used' do
let!(:invite) { create(:invite, dossier: dossier) }
context 'when is a user who is loged' do
before do
sign_in create(:user)
end
before do
subject
it { expect { subject }.to change(InviteGestionnaire, :count).by(1) }
end
it { expect { subject }.not_to change(Invite, :count) }
it { expect(flash[:alert]).to be_present }
context 'when email is assign to an user' do
let! (:user) { create(:user, email: email) }
before do
subject
end
describe 'Invite information' do
let(:email) { 'PLIP@octo.com' }
let(:invite) { Invite.last }
it 'email is on lower case' do
expect(invite.email).to eq 'plip@octo.com'
end
end
it { expect(invite.user).to eq user }
it { expect(flash[:notice]).to be_present }
end
context 'when email is not assign to an user' do
before do
subject
end
it { expect(invite.user).to be_nil }
it { expect(flash[:notice]).to be_present }
end
describe 'not an email' do
context 'when email is not valid' do
let(:email) { 'plip.com' }
before do
subject
end
it { expect { subject }.not_to change(Invite, :count) }
it { expect(flash[:alert]).to be_present }
end
context 'when email is already used' do
let!(:invite) { create(:invite, dossier: dossier) }
before do
subject
end
it { expect { subject }.not_to change(Invite, :count) }
it { expect(flash[:alert]).to be_present }
end
end
describe 'send invitation email' do
context 'when user does not exist' do
it 'send email' do
expect(InviteMailer).to receive(:invite_guest).and_return(InviteMailer)
expect(InviteMailer).to receive(:deliver_now!)
subject
end
end
context 'when user exist' do
before do
create :user, email: email
end
it 'send email' do
expect(InviteMailer).to receive(:invite_user).and_return(InviteMailer)
expect(InviteMailer).to receive(:deliver_now!)
subject
end
end
end
end
end
describe 'send invitation email' do
context 'when user does not exist' do
it 'send email' do
expect(InviteMailer).to receive(:invite_guest).and_return(InviteMailer)
expect(InviteMailer).to receive(:deliver_now!)
context "when user is signed_in" do
let(:signed_in_profile) { create(:user) }
subject
end
shared_examples_for "he can not create a invite" do
it { expect { subject }.to raise_error(ActiveRecord::RecordNotFound) }
it { expect { subject rescue nil }.to change(InviteUser, :count).by(0) }
end
context 'when user exist' do
context 'when user has no access to dossier' do
it_behaves_like "he can not create a invite"
end
context 'when user is invited on dossier' do
before { Invite.create(user: signed_in_profile, email: signed_in_profile.email, dossier: dossier) }
it_behaves_like "he can not create a invite"
end
context 'when user has access to dossier' do
before do
create :user, email: email
dossier.update_attributes(user: signed_in_profile)
end
it 'send email' do
expect(InviteMailer).to receive(:invite_user).and_return(InviteMailer)
expect(InviteMailer).to receive(:deliver_now!)
subject
end
it { expect { subject }.to change(InviteUser, :count).by(1) }
end
end
end