ProcedureController: use new token validation

app/controllers/api/v1/procedures_controller.rb

@@ -1,4 +1,6 @@
 class API::V1::ProceduresController < APIController
+  before_action :fetch_procedure_and_check_token
+
   resource_description do
     description AUTHENTICATION_TOKEN_DESCRIPTION
   end
@@ -9,11 +11,20 @@ class API::V1::ProceduresController < APIController
   error code: 404, desc: "Démarche inconnue"
 
   def show
-    procedure = administrateur.procedures.find(params[:id]).decorate
+    render json: { procedure: ProcedureSerializer.new(@procedure.decorate).as_json }
+  end
+
+  private
+
+  def fetch_procedure_and_check_token
+    @procedure = Procedure.includes(:administrateur).find(params[:id])
+
+    if !valid_token_for_administrateur?(@procedure.administrateur)
+      render json: {}, status: :unauthorized
+    end
 
-    render json: { procedure: ProcedureSerializer.new(procedure).as_json }
   rescue ActiveRecord::RecordNotFound => e
     Rails.logger.error(e.message)
-    render json: {}, status: 404
+    render json: {}, status: :not_found
   end
 end

spec/controllers/api/v1/procedures_controller_spec.rb

@@ -13,10 +13,10 @@ describe API::V1::ProceduresController, type: :controller do
       it { is_expected.to have_http_status(404) }
     end
 
-    context 'when procedure does not belong to administrateur' do
+    context 'when procedure belongs to administrateur without token' do
       let(:procedure_id) { create(:procedure).id }
 
-      it { is_expected.to have_http_status(404) }
+      it { is_expected.to have_http_status(401) }
     end
 
     context 'when procedure exist' do