From 3fd7e6b6c022556044a6af39eed10b1164037c0d Mon Sep 17 00:00:00 2001 From: Xavier J Date: Fri, 27 Nov 2015 15:09:16 +0100 Subject: [PATCH] Gestionnaire can't access to a archived file with direct URL --- app/controllers/backoffice/dossiers_controller.rb | 2 +- spec/controllers/backoffice/dossiers_controller_spec.rb | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/app/controllers/backoffice/dossiers_controller.rb b/app/controllers/backoffice/dossiers_controller.rb index d5a78267c..fac75a934 100644 --- a/app/controllers/backoffice/dossiers_controller.rb +++ b/app/controllers/backoffice/dossiers_controller.rb @@ -67,7 +67,7 @@ class Backoffice::DossiersController < ApplicationController end def initialize_instance_params dossier_id - @dossier = Dossier.find(dossier_id) + @dossier = Dossier.where(archived: false).find(dossier_id) @entreprise = @dossier.entreprise.decorate @etablissement = @dossier.etablissement @pieces_justificatives = @dossier.pieces_justificatives diff --git a/spec/controllers/backoffice/dossiers_controller_spec.rb b/spec/controllers/backoffice/dossiers_controller_spec.rb index 1075f03cf..27ba30c10 100644 --- a/spec/controllers/backoffice/dossiers_controller_spec.rb +++ b/spec/controllers/backoffice/dossiers_controller_spec.rb @@ -2,6 +2,8 @@ require 'rails_helper' describe Backoffice::DossiersController, type: :controller do let(:dossier) { create(:dossier, :with_entreprise, :with_user) } + let(:dossier_archived) { create(:dossier, :with_entreprise, :with_user, archived: true) } + let(:dossier_id) { dossier.id } let(:bad_dossier_id) { Dossier.count + 10 } let(:gestionnaire) { create(:gestionnaire, administrateur: create(:administrateur)) } @@ -17,6 +19,11 @@ describe Backoffice::DossiersController, type: :controller do expect(response).to have_http_status(200) end + it 'dossier is archived' do + get :show, id: dossier_archived + expect(response).to redirect_to('/backoffice') + end + it 'dossier id doesnt exist' do get :show, id: bad_dossier_id expect(response).to redirect_to('/backoffice')