Merge pull request #2643 from betagouv/new-dossier-fix-invites

[Dossier] Corrige les accès invités
This commit is contained in:
Pierre de La Morinerie 2018-09-24 17:19:29 +02:00 committed by GitHub
commit 422d200280
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 42 additions and 20 deletions

View file

@ -11,7 +11,7 @@
}
.title-container {
margin-bottom: $default-padding * 2;
margin-bottom: $default-spacer;
padding-left: 32px;
.icon.folder {
@ -31,6 +31,11 @@
color: $grey;
font-weight: bold;
}
.header-actions {
margin-bottom: $default-spacer;
text-align: right;
}
}
.button.edit-form {

View file

@ -2,8 +2,11 @@ module NewUser
class DossiersController < UserController
include DossierHelper
before_action :ensure_ownership!, except: [:index, :show, :demande, :messagerie, :brouillon, :update_brouillon, :modifier, :update, :recherche]
before_action :ensure_ownership_or_invitation!, only: [:show, :demande, :messagerie, :brouillon, :update_brouillon, :modifier, :update, :create_commentaire]
ACTIONS_ALLOWED_TO_ANY_USER = [:index, :recherche]
ACTIONS_ALLOWED_TO_OWNER_OR_INVITE = [:show, :demande, :messagerie, :brouillon, :update_brouillon, :modifier, :update, :create_commentaire]
before_action :ensure_ownership!, except: ACTIONS_ALLOWED_TO_ANY_USER + ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
before_action :ensure_ownership_or_invitation!, only: ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update_brouillon, :modifier, :update]
before_action :forbid_invite_submission!, only: [:update_brouillon]
before_action :forbid_closed_submission!, only: [:update_brouillon]
@ -122,14 +125,14 @@ module NewUser
flash.now.alert = errors
render :modifier
else
if current_user.owns?(dossier)
if Flipflop.new_dossier_details?
redirect_to demande_dossier_path(@dossier)
else
redirect_to users_dossier_recapitulatif_path(@dossier)
end
if Flipflop.new_dossier_details?
redirect_to demande_dossier_path(@dossier)
else
redirect_to users_dossiers_invite_path(@dossier.invite_for_user(current_user))
if current_user.owns?(dossier)
redirect_to users_dossier_recapitulatif_path(@dossier)
else
redirect_to users_dossiers_invite_path(@dossier.invite_for_user(current_user))
end
end
end
end

View file

@ -12,6 +12,10 @@ class Users::Dossiers::InvitesController < UsersController
def show
@facade = InviteDossierFacades.new params[:id].to_i, current_user.email
if Flipflop.new_dossier_details?
return redirect_to dossier_path(@facade.dossier)
end
if @facade.dossier.brouillon?
redirect_to brouillon_dossier_path(@facade.dossier)
else

View file

@ -0,0 +1,10 @@
%span.button.dropdown.invite-user-action
%span.icon.person
- if dossier.invites.count > 0
Voir les personnes invitées
%span.badge= dossier.invites.count
- else
Inviter une personne à modifier ce dossier
.dropdown-content.fade-in-down
= render partial: "invites/form", locals: { dossier: dossier }

View file

@ -7,6 +7,10 @@
%h1= dossier.procedure.libelle
%h2 Dossier nº #{dossier.id}
- if current_user.owns?(dossier)
.header-actions
= render partial: 'invites/dropdown', locals: { dossier: dossier }
%ul.tabs
= dynamic_tab_item('Résumé', dossier_path(dossier))
= dynamic_tab_item('Demande', [demande_dossier_path(dossier), modifier_dossier_path(dossier)])

View file

@ -4,13 +4,4 @@
.dossier-form-actions
- if current_user.owns?(dossier)
%span.button.dropdown.invite-user-action
%span.icon.person
- if dossier.invites.count > 0
Voir les personnes invitées
%span.badge= dossier.invites.count
- else
Inviter une personne à modifier ce dossier
.dropdown-content.fade-in-down
= render partial: "invites/form", locals: { dossier: dossier }
= render partial: 'invites/dropdown', locals: { dossier: dossier }

View file

@ -5,6 +5,7 @@ describe 'new_user/dossiers/demande.html.haml', type: :view do
let(:dossier) { create(:dossier, :en_construction, :with_entreprise, procedure: procedure) }
before do
sign_in dossier.user
assign(:dossier, dossier)
end

View file

@ -1,6 +1,10 @@
describe 'new_user/dossiers/show/header.html.haml', type: :view do
let(:dossier) { create(:dossier, :en_construction, procedure: create(:procedure)) }
before do
sign_in dossier.user
end
subject! { render 'new_user/dossiers/show/header.html.haml', dossier: dossier }
it 'affiche les informations du dossier' do