Merge pull request #8539 from mfo/fix-targeted-user-link-inscoped-by-type

correctif(invitations): peuvent reférencer le mauvais usager
This commit is contained in:
mfo 2023-01-31 16:40:20 +01:00 committed by GitHub
commit 3e085d94d2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 2 deletions

View file

@ -28,7 +28,7 @@ class Avis < ApplicationRecord
has_one :expert, through: :experts_procedure
has_one :procedure, through: :experts_procedure
has_many :targeted_user_links, dependent: :destroy, inverse_of: :target_model, foreign_key: 'target_model_id'
has_many :targeted_user_links, as: :target_model, dependent: :destroy, inverse_of: :target_model
FILE_MAX_SIZE = 20.megabytes
validates :piece_justificative_file,

View file

@ -16,7 +16,7 @@ class Invite < ApplicationRecord
belongs_to :dossier, optional: false
belongs_to :user, optional: true
has_one :targeted_user_link, dependent: :destroy, inverse_of: :target_model, foreign_key: 'target_model_id'
has_one :targeted_user_link, as: :target_model, dependent: :destroy, inverse_of: :target_model
before_validation -> { sanitize_email(:email) }

View file

@ -51,6 +51,15 @@ RSpec.describe InviteMailer, type: :mailer do
.from(0).to(1)
end
context 'when an avis exists with same id' do
it 'associate the TargetedUserLink to the good model [does not search by id only]' do
avis = create(:avis, id: invite.id)
link_on_avis_with_same_id = create(:targeted_user_link, target_model: avis, target_context: TargetedUserLink.target_contexts[:avis])
deliver
expect(invite.targeted_user_link).not_to eq(link_on_avis_with_same_id)
end
end
context 'when it fails' do
it 'creates only one target_user_link' do
send_mail_values = [:raise, true]

View file

@ -61,6 +61,7 @@ describe 'Invitations' do
invitation_email = open_email(user.email)
targeted_user_link = TargetedUserLink.last
expect(targeted_user_link.user.email).to eq(user.email)
expect(invitation_email).to have_link(targeted_user_link_url(targeted_user_link))
invitation_email.click_on targeted_user_link_url(targeted_user_link)
expect(page).to have_current_path("/users/sign_in")