From aa84a4c33519cb9a3868db08cecc87db10c07c7c Mon Sep 17 00:00:00 2001
From: Colin Darie <colin@darie.eu>
Date: Thu, 23 Nov 2023 16:21:44 +0100
Subject: [PATCH] fix(entreprise): don't leak identity of non diffusable
 etablissement

---
 app/helpers/dossier_helper.rb       | 14 ++++++++------
 spec/helpers/dossier_helper_spec.rb |  6 ++++++
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/app/helpers/dossier_helper.rb b/app/helpers/dossier_helper.rb
index 6dfeb1f40..a32545e15 100644
--- a/app/helpers/dossier_helper.rb
+++ b/app/helpers/dossier_helper.rb
@@ -109,13 +109,15 @@ module DossierHelper
 
   def demandeur_dossier(dossier)
     if dossier.procedure.for_individual?
-      "#{dossier&.individual&.nom} #{dossier&.individual&.prenom}"
+      return "#{dossier&.individual&.nom} #{dossier&.individual&.prenom}"
+    end
+
+    return "" if dossier.etablissement.blank?
+
+    if dossier.etablissement.diffusable_commercialement == false
+      "SIRET #{pretty_siret(dossier.etablissement.siret)}"
     else
-      if dossier.etablissement.present?
-        raison_sociale_or_name(dossier.etablissement)
-      else
-        ""
-      end
+      raison_sociale_or_name(dossier.etablissement)
     end
   end
 
diff --git a/spec/helpers/dossier_helper_spec.rb b/spec/helpers/dossier_helper_spec.rb
index d85eca805..a43df8f12 100644
--- a/spec/helpers/dossier_helper_spec.rb
+++ b/spec/helpers/dossier_helper_spec.rb
@@ -69,6 +69,12 @@ RSpec.describe DossierHelper, type: :helper do
       context "when the company has name information" do
         it { is_expected.to eq raison_sociale_or_name(etablissement) }
       end
+
+      context "when the company is not diffusable" do
+        let(:etablissement) { build(:etablissement, :non_diffusable, siret: "12345678901234") }
+
+        it { is_expected.to include("123 456 789 01234") }
+      end
     end
   end