Error 403 when admin would edit a procedure with at least one dossier

app/controllers/admin/pieces_justificatives_controller.rb

@@ -23,11 +23,4 @@ class Admin::PiecesJustificativesController < AdminController
       .require(:procedure)
       .permit(types_de_piece_justificative_attributes: [:libelle, :description, :id])
   end
-
-
-  def retrieve_procedure
-    @procedure = current_administrateur.procedures.find(params[:procedure_id])
-  rescue ActiveRecord::RecordNotFound
-    render json: { message: 'Procedure not found' }, status: 404
-  end
 end

app/controllers/admin/procedures_controller.rb

@@ -1,5 +1,7 @@
 class Admin::ProceduresController < AdminController
 
+  before_action :retrieve_procedure, only: :edit
+
   def index
     @procedures = current_administrateur.procedures.where(archived: false)
                       .paginate(:page => params[:page]).decorate

app/controllers/admin/types_de_champ_controller.rb

@@ -1,5 +1,4 @@
 class Admin::TypesDeChampController < AdminController
-
   before_action :retrieve_procedure
 
   def destroy
@@ -38,12 +37,4 @@ class Admin::TypesDeChampController < AdminController
       render json: {}, status: 400
     end
   end
-
-  private
-
-  def retrieve_procedure
-    @procedure = Procedure.find(params[:procedure_id])
-  rescue ActiveRecord::RecordNotFound
-    render json: { message: 'Procedure not found' }, status: 404
-  end
 end

app/controllers/admin_controller.rb

@@ -4,4 +4,17 @@ class AdminController < ApplicationController
   def index
     redirect_to (admin_procedures_path)
   end
+
+  def retrieve_procedure
+    id = params[:procedure_id] || params[:id ]
+
+    @procedure = current_administrateur.procedures.find(id)
+
+    unless @procedure.dossiers.count == 0
+      render json: {message: 'Procedure locked'}, status: 403
+    end
+
+  rescue ActiveRecord::RecordNotFound
+    render json: {message: 'Procedure not found'}, status: 404
+  end
 end

app/views/administrateurs/_login_banner.html.haml

@@ -1,6 +1,6 @@
 %div{ style: "decorate:none; display: flex;box-shadow:none; float:right; display: flex" }
   %div{ style: "vertical-align: middle; margin-right: 10px; margin-top: auto; margin-bottom: auto;" }
-    mps-test@apientreprise.fr
+    = current_administrateur.email
   .dropdown#admin_menu
     %button.btn.btn-default.dropdown-toggle#dropdownMenuAdmin{ type: :button, 'data-toggle' => 'dropdown', 'aria-haspopup' => true, 'aria-expanded' => false}
       %i.fa.fa-cog

spec/controllers/admin/pieces_justificatives_controller_spec.rb

@@ -9,11 +9,19 @@ describe Admin::PiecesJustificativesController, type: :controller  do
   describe 'GET #show' do
     let(:procedure) { create(:procedure, administrateur: admin) }
     let(:procedure_id) { procedure.id }
+
     subject { get :show, procedure_id: procedure_id }
+
     context 'when procedure is not found' do
       let(:procedure_id) { 9_999_999 }
       it { expect(subject.status).to eq(404) }
     end
+
+    context 'when procedure have at least a file' do
+      let!(:dossier) { create(:dossier, :with_user, procedure: procedure) }
+      it { expect(subject.status).to eq(403) }
+    end
+
     context 'when procedure does not belong to admin' do
       let(:admin_2) { create(:administrateur) }
       let(:procedure) { create(:procedure, administrateur: admin_2) }

spec/controllers/admin/procedures_controller_spec.rb

@@ -66,10 +66,15 @@ describe Admin::ProceduresController, type: :controller do
         it { expect(subject).to have_http_status(:success) }
       end
 
+      context 'when procedure have at least a file' do
+        let!(:dossier) { create(:dossier, :with_user, procedure: procedure) }
+        it { expect(subject.status).to eq(403) }
+      end
+
       context "when procedure doesn't exist" do
         let(:procedure_id) { bad_procedure_id }
 
-        it { expect(subject).to redirect_to admin_procedures_path }
+        it { expect(subject).to have_http_status(404) }
       end
     end
   end

spec/controllers/admin/types_de_champ_controller_spec.rb

@@ -2,12 +2,36 @@ require 'spec_helper'
 
 describe Admin::TypesDeChampController, type: :controller do
   let(:admin) { create(:administrateur) }
+  let(:procedure) { create(:procedure, administrateur: admin) }
+
   before do
     sign_in admin
   end
 
+  describe 'GET #show' do
+    let(:procedure) { create(:procedure, administrateur: admin) }
+    let(:procedure_id) { procedure.id }
+
+    subject { get :show, procedure_id: procedure_id }
+
+    context 'when procedure is not found' do
+      let(:procedure_id) { 9_999_999 }
+      it { expect(subject.status).to eq(404) }
+    end
+
+    context 'when procedure have at least a file' do
+      let!(:dossier) { create(:dossier, :with_user, procedure: procedure) }
+      it { expect(subject.status).to eq(403) }
+    end
+
+    context 'when procedure does not belong to admin' do
+      let(:admin_2) { create(:administrateur) }
+      let(:procedure) { create(:procedure, administrateur: admin_2) }
+      it { expect(subject.status).to eq(404) }
+    end
+  end
+
   describe '#update' do
-    let(:procedure) { create(:procedure) }
     let(:libelle) { 'mon libelle' }
     let(:type_champ) { 'text' }
     let(:description) { 'titi' }
@@ -47,7 +71,7 @@ describe Admin::TypesDeChampController, type: :controller do
       end
 
       context 'when type_de_champ already exist' do
-        let(:procedure) { create(:procedure, :with_type_de_champ) }
+        let(:procedure) { create(:procedure, :with_type_de_champ, administrateur: admin) }
         let(:type_de_champ) { procedure.types_de_champ.first }
         let(:types_de_champ_id) { type_de_champ.id }
         let(:libelle) { 'toto' }
@@ -77,13 +101,13 @@ describe Admin::TypesDeChampController, type: :controller do
     before do
       delete :destroy, procedure_id: procedure.id, id: type_de_champ_id, format: :js
     end
+
     context 'when type de champs does not exist' do
       let(:type_de_champ_id) { 99999999 }
-      let(:procedure) { create(:procedure) }
       it { expect(subject.status).to eq(404) }
     end
     context 'when types_de_champ exists' do
-      let(:procedure) { create(:procedure, :with_type_de_champ) }
+      let(:procedure) { create(:procedure, :with_type_de_champ, administrateur: admin) }
       let(:type_de_champ_id) { procedure.types_de_champ.first.id }
       it { expect(subject.status).to eq(200) }
       it 'destroy type de champ' do
@@ -92,7 +116,6 @@ describe Admin::TypesDeChampController, type: :controller do
       end
     end
     context 'when procedure and type de champs are not linked' do
-      let(:procedure) { create(:procedure) }
       let(:type_de_champ) { create(:type_de_champ) }
       let(:type_de_champ_id) { type_de_champ.id }
       it { expect(subject.status).to eq(404) }
@@ -101,28 +124,25 @@ describe Admin::TypesDeChampController, type: :controller do
 
   describe 'POST #move_up' do
     subject { post :move_up, procedure_id: procedure.id, index: index, format: :js }
+
     context 'when procedure have no type de champ' do
       let(:index) { 0 }
-      let(:procedure) { create(:procedure) }
       it { expect(subject.status).to eq(400) }
     end
     context 'when procedure have only one type de champ' do
       let(:index) { 1 }
-      let(:procedure) { create(:procedure) }
       let!(:type_de_champ) { create(:type_de_champ, procedure: procedure) }
       it { expect(subject.status).to eq(400) }
     end
     context 'when procedure have tow type de champs' do
       context 'when index == 0' do
         let(:index) { 0 }
-        let(:procedure) { create(:procedure) }
         let!(:type_de_champ_1) { create(:type_de_champ, procedure: procedure) }
         let!(:type_de_champ_2) { create(:type_de_champ, procedure: procedure) }
         it { expect(subject.status).to eq(400) }
       end
       context 'when index > 0' do
         let(:index) { 1 }
-        let(:procedure) { create(:procedure) }
         let!(:type_de_champ_0) { create(:type_de_champ, procedure: procedure, order_place: 0) }
         let!(:type_de_champ_1) { create(:type_de_champ, procedure: procedure, order_place: 1) }
 
@@ -141,9 +161,10 @@ describe Admin::TypesDeChampController, type: :controller do
 
   describe 'POST #move_down' do
     let(:request) { post :move_down, procedure_id: procedure.id, index: index, format: :js }
-    subject { request }
     let(:index) { 0 }
-    let(:procedure) { create(:procedure) }
+
+    subject { request }
+
     context 'when procedure have no type de champ' do
       it { expect(subject.status).to eq(400) }
     end

spec/features/admin/add_type_de_champ_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 feature 'add a new type de champs', js: true do
 
   let(:administrateur) { create(:administrateur) }
-  let(:procedure) { create(:procedure) }
+  let(:procedure) { create(:procedure, administrateur: administrateur) }
 
   before do
     login_as administrateur, scope: :administrateur

spec/features/admin/move_down_type_de_champ_spec.rb

@@ -7,7 +7,7 @@ feature 'move down button type de champs', js: true do
     login_as administrateur, scope: :administrateur
   end
 
-  let(:procedure) { create(:procedure) }
+  let(:procedure) { create(:procedure, administrateur: administrateur) }
   let!(:type_de_champ_0) { create(:type_de_champ, procedure: procedure, order_place: 0) }
   let!(:type_de_champ_1) { create(:type_de_champ, procedure: procedure, order_place: 1) }
   let!(:type_de_champ_2) { create(:type_de_champ, procedure: procedure, order_place: 2) }

spec/features/admin/move_up_type_de_champ_spec.rb

@@ -7,7 +7,7 @@ feature 'move up button type de champs', js: true do
     login_as administrateur, scope: :administrateur
   end
 
-  let(:procedure) { create(:procedure) }
+  let(:procedure) { create(:procedure, administrateur: administrateur) }
   let!(:type_de_champ_0) { create(:type_de_champ, procedure: procedure, order_place: 0) }
   let!(:type_de_champ_1) { create(:type_de_champ, procedure: procedure, order_place: 1) }
   let!(:type_de_champ_2) { create(:type_de_champ, procedure: procedure, order_place: 2) }