diff --git a/.circleci/config.yml b/.circleci/config.yml
index db32ad5ee..871c3d959 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -56,7 +56,7 @@ jobs:
bundle exec rspec --color --require spec_helper -- ${TESTFILES}
- run:
name: Run rubocop
- command: bundle exec rubocop
+ command: bundle exec rubocop -R
- run:
name: Run haml-lint
command: bundle exec haml-lint app/views/
diff --git a/.rubocop.yml b/.rubocop.yml
index ede1689a7..58fe127a4 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -570,7 +570,7 @@ Rails/Output:
Enabled: false
Rails/OutputSafety:
- Enabled: false
+ Enabled: true
Rails/PluralizationGrammar:
Enabled: false
diff --git a/app/controllers/admin/gestionnaires_controller.rb b/app/controllers/admin/gestionnaires_controller.rb
index 1964edfe2..b9057b8ee 100644
--- a/app/controllers/admin/gestionnaires_controller.rb
+++ b/app/controllers/admin/gestionnaires_controller.rb
@@ -48,7 +48,7 @@ class Admin::GestionnairesController < AdminController
flash.notice = 'Accompagnateur ajouté'
GestionnaireMailer.new_gestionnaire(@gestionnaire.email, @gestionnaire.password).deliver_now!
else
- flash.alert = @gestionnaire.errors.full_messages.join('
').html_safe
+ flash.alert = @gestionnaire.errors.full_messages
end
end
diff --git a/app/controllers/admin/procedures_controller.rb b/app/controllers/admin/procedures_controller.rb
index 563ae2a54..9e6dca90a 100644
--- a/app/controllers/admin/procedures_controller.rb
+++ b/app/controllers/admin/procedures_controller.rb
@@ -6,7 +6,7 @@ class Admin::ProceduresController < AdminController
def index
@procedures = smart_listing_create :procedures,
- current_administrateur.procedures.published.not_archived.order(created_at: :desc),
+ current_administrateur.procedures.publiees.order(created_at: :desc),
partial: "admin/procedures/list",
array: true
@@ -15,7 +15,7 @@ class Admin::ProceduresController < AdminController
def archived
@procedures = smart_listing_create :procedures,
- current_administrateur.procedures.archived.order(created_at: :desc),
+ current_administrateur.procedures.archivees.order(created_at: :desc),
partial: "admin/procedures/list",
array: true
@@ -26,7 +26,7 @@ class Admin::ProceduresController < AdminController
def draft
@procedures = smart_listing_create :procedures,
- current_administrateur.procedures.not_published.not_archived.order(created_at: :desc),
+ current_administrateur.procedures.brouillons.order(created_at: :desc),
partial: "admin/procedures/list",
array: true
@@ -53,7 +53,7 @@ class Admin::ProceduresController < AdminController
def destroy
procedure = Procedure.find(params[:id])
- return render json: {}, status: 401 if procedure.published? || procedure.archived?
+ return render json: {}, status: 401 if procedure.publiee_ou_archivee?
procedure.destroy
@@ -71,7 +71,7 @@ class Admin::ProceduresController < AdminController
@procedure.module_api_carto = ModuleAPICarto.new(create_module_api_carto_params) if @procedure.valid?
unless @procedure.save
- flash.now.alert = @procedure.errors.full_messages.join('
').html_safe
+ flash.now.alert = @procedure.errors.full_messages
return render 'new'
end
@@ -83,7 +83,7 @@ class Admin::ProceduresController < AdminController
@procedure = current_administrateur.procedures.find(params[:id])
unless @procedure.update_attributes(procedure_params)
- flash.now.alert = @procedure.errors.full_messages.join('
').html_safe
+ flash.now.alert = @procedure.errors.full_messages
return render 'edit'
end
@@ -124,7 +124,7 @@ class Admin::ProceduresController < AdminController
render js: "window.location = '#{admin_procedures_path}'"
rescue ActiveRecord::RecordNotFound
- flash.alert = 'Procédure inéxistante'
+ flash.alert = 'Procédure inexistante'
redirect_to admin_procedures_path
end
@@ -154,7 +154,7 @@ class Admin::ProceduresController < AdminController
redirect_to admin_procedures_path
rescue ActiveRecord::RecordNotFound
- flash.alert = 'Procédure inéxistante'
+ flash.alert = 'Procédure inexistante'
redirect_to admin_procedures_path
end
@@ -166,12 +166,12 @@ class Admin::ProceduresController < AdminController
flash.notice = 'Procédure clonée'
redirect_to edit_admin_procedure_path(id: new_procedure.id)
else
- flash.now.alert = procedure.errors.full_messages.join('
').html_safe
+ flash.now.alert = procedure.errors.full_messages
render 'index'
end
rescue ActiveRecord::RecordNotFound
- flash.alert = 'Procédure inéxistante'
+ flash.alert = 'Procédure inexistante'
redirect_to admin_procedures_path
end
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 48598e2c4..d0b05532f 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -11,7 +11,7 @@ class AdminController < ApplicationController
@procedure = current_administrateur.procedures.find(id)
rescue ActiveRecord::RecordNotFound
- flash.alert = 'Procédure inéxistante'
+ flash.alert = 'Procédure inexistante'
redirect_to admin_procedures_path, status: 404
end
diff --git a/app/controllers/administrations_controller.rb b/app/controllers/administrations_controller.rb
index 8a36c6fc5..2a8e22c16 100644
--- a/app/controllers/administrations_controller.rb
+++ b/app/controllers/administrations_controller.rb
@@ -20,7 +20,7 @@ class AdministrationsController < ApplicationController
flash.notice = "Administrateur créé"
NewAdminMailer.new_admin_email(admin).deliver_now!
else
- flash.alert = admin.errors.full_messages.join('
').html_safe
+ flash.alert = admin.errors.full_messages
end
redirect_to administrations_path
diff --git a/app/controllers/commentaires_controller.rb b/app/controllers/commentaires_controller.rb
index fbbca630e..7dd8ac1d0 100644
--- a/app/controllers/commentaires_controller.rb
+++ b/app/controllers/commentaires_controller.rb
@@ -32,7 +32,7 @@ class CommentairesController < ApplicationController
if pj.errors.empty?
@commentaire.piece_justificative = pj
else
- flash.alert = pj.errors.full_messages.join("
").html_safe
+ flash.alert = pj.errors.full_messages
end
end
diff --git a/app/controllers/demo_controller.rb b/app/controllers/demo_controller.rb
index 4773628e3..6bc8b5b35 100644
--- a/app/controllers/demo_controller.rb
+++ b/app/controllers/demo_controller.rb
@@ -6,7 +6,7 @@ class DemoController < ApplicationController
return redirect_to root_path if Rails.env.production?
smart_listing_create :procedures,
- Procedure.published.not_archived.order("id DESC"),
+ Procedure.publiees.order("id DESC"),
partial: "demo/list",
array: true
end
diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index 18bcf43ad..9c5271b18 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -18,7 +18,7 @@ class InvitesController < ApplicationController
flash.notice = "Invitation envoyée (#{invite.email})"
else
- flash.alert = invite.errors.full_messages.join('
').html_safe
+ flash.alert = invite.errors.full_messages
end
if gestionnaire_signed_in?
diff --git a/app/controllers/stats_controller.rb b/app/controllers/stats_controller.rb
index 5eec020c7..619e43121 100644
--- a/app/controllers/stats_controller.rb
+++ b/app/controllers/stats_controller.rb
@@ -4,7 +4,7 @@ class StatsController < ApplicationController
MEAN_NUMBER_OF_CHAMPS_IN_A_FORM = 24.0
def index
- procedures = Procedure.published
+ procedures = Procedure.publiee_ou_archivee
dossiers = Dossier.where.not(:state => :draft)
@procedures_count = procedures.count
diff --git a/app/controllers/users/description_controller.rb b/app/controllers/users/description_controller.rb
index 24ed37896..0771c13ea 100644
--- a/app/controllers/users/description_controller.rb
+++ b/app/controllers/users/description_controller.rb
@@ -69,16 +69,16 @@ class Users::DescriptionController < UsersController
unless params[:cerfa_pdf].nil?
cerfa = Cerfa.new(content: params[:cerfa_pdf], dossier: @dossier, user: current_user)
unless cerfa.save
- flash.alert = cerfa.errors.full_messages.join('
').html_safe
+ flash.alert = cerfa.errors.full_messages
end
end
end
if !((errors_upload = PiecesJustificativesService.upload!(@dossier, current_user, params)).empty?)
if flash.alert.nil?
- flash.alert = errors_upload.join('
').html_safe
+ flash.alert = errors_upload
else
- flash.alert = (flash.alert + '
' + errors_upload.join('
').html_safe).html_safe
+ flash.alert = [flash.alert] + errors_upload
end
else
@@ -100,7 +100,7 @@ class Users::DescriptionController < UsersController
private
def redirect_to_description_with_errors(dossier, errors)
- flash.alert = errors.join('
')
+ flash.alert = errors
redirect_to users_dossier_description_path(dossier_id: dossier.id)
end
diff --git a/app/controllers/users/dossiers_controller.rb b/app/controllers/users/dossiers_controller.rb
index ec7147da2..b19157fbf 100644
--- a/app/controllers/users/dossiers_controller.rb
+++ b/app/controllers/users/dossiers_controller.rb
@@ -47,7 +47,7 @@ class Users::DossiersController < UsersController
end
end
- if procedure.archived?
+ if procedure.archivee?
@dossier = Dossier.new(procedure: procedure)
@@ -60,7 +60,7 @@ class Users::DossiersController < UsersController
end
def new
- procedure = Procedure.not_archived.published.find(params[:procedure_id])
+ procedure = Procedure.publiees.find(params[:procedure_id])
dossier = Dossier.create(procedure: procedure, user: current_user, state: 'draft')
siret = params[:siret] || current_user.siret
@@ -133,7 +133,7 @@ class Users::DossiersController < UsersController
if checked_autorisation_donnees?
unless Dossier.find(@facade.dossier.id).update_attributes update_params_with_formatted_birthdate
- flash.alert = @facade.dossier.errors.full_messages.join('
').html_safe
+ flash.alert = @facade.dossier.errors.full_messages
return redirect_to users_dossier_path(id: @facade.dossier.id)
end
diff --git a/app/decorators/champ_decorator.rb b/app/decorators/champ_decorator.rb
index a56f24947..8af930c2d 100644
--- a/app/decorators/champ_decorator.rb
+++ b/app/decorators/champ_decorator.rb
@@ -14,6 +14,6 @@ class ChampDecorator < Draper::Decorator
end
def description_with_links
- description.gsub(URI.regexp, '\0').html_safe if description
+ description.gsub(URI.regexp, '\0') if description
end
end
diff --git a/app/models/dossier.rb b/app/models/dossier.rb
index 1749e20cb..61b7768c6 100644
--- a/app/models/dossier.rb
+++ b/app/models/dossier.rb
@@ -285,7 +285,7 @@ class Dossier < ActiveRecord::Base
end
def can_be_initiated?
- !(procedure.archived? && draft?)
+ !(procedure.archivee? && draft?)
end
def text_summary
diff --git a/app/models/gestionnaire.rb b/app/models/gestionnaire.rb
index dddc94685..cbaa3a6de 100644
--- a/app/models/gestionnaire.rb
+++ b/app/models/gestionnaire.rb
@@ -108,7 +108,7 @@ class Gestionnaire < ActiveRecord::Base
start_date = DateTime.now.beginning_of_week
active_procedure_overviews = procedures
- .published
+ .publiees
.map { |procedure| procedure.procedure_overview(start_date) }
.select(&:had_some_activities?)
diff --git a/app/models/procedure.rb b/app/models/procedure.rb
index c76acefad..665eddb24 100644
--- a/app/models/procedure.rb
+++ b/app/models/procedure.rb
@@ -32,11 +32,11 @@ class Procedure < ActiveRecord::Base
mount_uploader :logo, ProcedureLogoUploader
default_scope { where(hidden_at: nil) }
- scope :published, -> { where.not(published_at: nil) }
- scope :not_published, -> { where(published_at: nil) }
- scope :archived, -> { where.not(archived_at: nil) }
- scope :not_archived, -> { where(archived_at: nil) }
- scope :by_libelle, -> { order(libelle: :asc) }
+ scope :brouillons, -> { where(published_at: nil).where(archived_at: nil) }
+ scope :publiees, -> { where.not(published_at: nil).where(archived_at: nil) }
+ scope :archivees, -> { where.not(archived_at: nil) }
+ scope :publiee_ou_archivee, -> { where.not(published_at: nil) }
+ scope :by_libelle, -> { order(libelle: :asc) }
validates :libelle, presence: true, allow_blank: false, allow_nil: false
validates :description, presence: true, allow_blank: false, allow_nil: false
@@ -64,7 +64,7 @@ class Procedure < ActiveRecord::Base
end
def self.active id
- not_archived.published.find(id)
+ publiees.find(id)
end
def switch_types_de_champ index_of_first_element
@@ -94,7 +94,7 @@ class Procedure < ActiveRecord::Base
end
def locked?
- published?
+ publiee_ou_archivee?
end
def clone
@@ -120,23 +120,29 @@ class Procedure < ActiveRecord::Base
return procedure if procedure.save
end
+ def brouillon?
+ published_at.nil?
+ end
+
def publish!(path)
self.update_attributes!({ published_at: Time.now, archived_at: nil })
ProcedurePath.create!(path: path, procedure: self, administrateur: self.administrateur)
end
- # FIXME: remove once the published colummn has been deleted
- def published?
- published_at.present?
+ def publiee?
+ published_at.present? && archived_at.nil?
end
def archive
self.update_attributes!(archived_at: Time.now)
end
- # FIXME: remove once the archived colummn has been deleted
- def archived?
- archived_at.present?
+ def archivee?
+ published_at.present? && archived_at.present?
+ end
+
+ def publiee_ou_archivee?
+ publiee? || archivee?
end
def total_dossier
diff --git a/app/views/admin/pieces_justificatives/show.js.erb b/app/views/admin/pieces_justificatives/show.js.erb
index 34ce0066b..d89882b53 100644
--- a/app/views/admin/pieces_justificatives/show.js.erb
+++ b/app/views/admin/pieces_justificatives/show.js.erb
@@ -1,4 +1,4 @@
<% flash.each do |type, message| %>
-$("#flash_message").html("
<%= message.html_safe %>
").children().fadeOut(5000)
+$("#flash_message").html(" <%= sanitize(message) %>
").children().fadeOut(5000)
<% end %>
$('#piece_justificative_form').html("<%= escape_javascript(render partial: 'form', locals: { procedure: @procedure } ) %>");
diff --git a/app/views/admin/procedures/_list.html.haml b/app/views/admin/procedures/_list.html.haml
index b437aa603..d838bd2f0 100644
--- a/app/views/admin/procedures/_list.html.haml
+++ b/app/views/admin/procedures/_list.html.haml
@@ -20,7 +20,7 @@
= procedure.created_at_fr
%td
= link_to('Cloner', admin_procedure_clone_path(procedure.id), 'data-method' => :put, class: 'btn-sm btn-primary clone-btn')
- - unless procedure.published? || procedure.archived?
+ - unless procedure.publiee_ou_archivee?
= link_to('X', url_for(controller: 'admin/procedures', action: :destroy, id: procedure.id), 'data-method' => :delete, class: 'btn-sm btn-danger')
= smart_listing.paginate
diff --git a/app/views/admin/procedures/_modal_publish.html.haml b/app/views/admin/procedures/_modal_publish.html.haml
index 14fb1c234..e19321570 100644
--- a/app/views/admin/procedures/_modal_publish.html.haml
+++ b/app/views/admin/procedures/_modal_publish.html.haml
@@ -6,14 +6,14 @@
%button.close{ "aria-label" => "Close", "data-dismiss" => "modal", :type => "button" }
%span{ "aria-hidden" => "true" } ×
%h4#myModalLabel.modal-title
- = @procedure.archived? ? 'Réactiver' : 'Publier'
+ = @procedure.archivee? ? 'Réactiver' : 'Publier'
la procédure
%span#publish-modal-title
.modal-body
Vous vous apprêtez à
- = @procedure.archived? ? 'republier' : 'publier'
+ = @procedure.archivee? ? 'republier' : 'publier'
votre procédure au public.
- - unless @procedure.archived?
+ - unless @procedure.archivee?
%b
Elle ne pourra plus être modifiée à l'issue de cette publication.
%br
@@ -42,7 +42,7 @@
#path_is_invalid.text-danger.center.message
= t('activerecord.errors.models.procedure_path.attributes.path.format')
.modal-footer
- = submit_tag "#{@procedure.archived? ? 'Réactiver' : 'Publier'}", class: %w(btn btn btn-success),
+ = submit_tag "#{@procedure.archivee? ? 'Réactiver' : 'Publier'}", class: %w(btn btn btn-success),
id: 'publish',
disabled: :disabled
= button_tag 'Annuler', class: %w(btn btn btn-default), id: 'cancel', data: { dismiss: 'modal' }
diff --git a/app/views/admin/procedures/show.html.haml b/app/views/admin/procedures/show.html.haml
index 91fa3dc42..5827186b6 100644
--- a/app/views/admin/procedures/show.html.haml
+++ b/app/views/admin/procedures/show.html.haml
@@ -1,6 +1,6 @@
.row.white-back
#procedure_show
- - unless @facade.procedure.published?
+ - if @facade.procedure.brouillon?
- if @facade.procedure.gestionnaires.size == 0
%a.action_button.btn.btn-success#publish-procedure{ style: 'float: right; margin-top: 10px;', disabled: 'disabled', 'data-toggle' => :tooltip, title: 'Vous ne pouvez pas publier une procédure sans qu\'aucun accompagnateur ne soit affecté à celle-ci.' }
%i.fa.fa-eraser
@@ -18,15 +18,15 @@
= render partial: '/admin/procedures/modal_transfer'
- - if @facade.procedure.archived?
+ - if @facade.procedure.archivee?
%a#reenable.btn.btn-small.btn-default.text-info{ "data-target" => "#publish-modal", "data-toggle" => "modal", :type => "button", style: 'float: right; margin-top: 10px;' }
%i.fa.fa-eraser
Réactiver
= render partial: '/admin/procedures/modal_publish'
- - elsif @facade.procedure.published?
- = form_tag admin_procedure_archive_path(procedure_id: @facade.procedure.id, archive: !@facade.procedure.archived?), method: :put, style: 'float: right; margin-top: 10px;' do
+ - elsif @facade.procedure.publiee?
+ = form_tag admin_procedure_archive_path(procedure_id: @facade.procedure.id, archive: !@facade.procedure.archivee?), method: :put, style: 'float: right; margin-top: 10px;' do
%button#archive.btn.btn-small.btn-default.text-info{ type: :button }
%i.fa.fa-eraser
Archiver
@@ -46,7 +46,7 @@
%div
%h3 Lien procédure
%div{ style: 'margin-left: 3%;' }
- - if @facade.procedure.published?
+ - if @facade.procedure.publiee_ou_archivee?
= link_to @facade.procedure.lien, @facade.procedure.lien, target: '_blank'
- else
%b
@@ -60,7 +60,7 @@
%h4.text-info
= @facade.procedure.libelle
- = h @facade.procedure.description.html_safe
+ = h sanitize(@facade.procedure.description)
.champs.col-xs-6.col-md-3
%h4.text-info
@@ -130,7 +130,7 @@
- else
= pie_chart @facade.dossiers_for_pie_highchart
- - if @facade.procedure.published? || @facade.procedure.archived?
+ - if @facade.procedure.publiee_ou_archivee?
%h3 Supprimer la procédure
.alert.alert-danger
%p
diff --git a/app/views/admin/procedures/transfer.js.erb b/app/views/admin/procedures/transfer.js.erb
index 02e1bbdf6..a23b011f9 100644
--- a/app/views/admin/procedures/transfer.js.erb
+++ b/app/views/admin/procedures/transfer.js.erb
@@ -2,7 +2,7 @@
transfer_errors_message(true);
<%- else %>
$("#main-container").prepend("");
- $("#flash_message").prepend(" <%= flash.notice.html_safe %>
");
+ $("#flash_message").prepend(" <%= sanitize(flash.notice) %>
");
<% flash.clear %>
transfer_errors_message(false);
diff --git a/app/views/admin/types_de_champ/show.js.erb b/app/views/admin/types_de_champ/show.js.erb
index 1e156d1bb..c76ba0c80 100644
--- a/app/views/admin/types_de_champ/show.js.erb
+++ b/app/views/admin/types_de_champ/show.js.erb
@@ -1,5 +1,5 @@
<% flash.each do |type, message| %>
-$("#flash_message").html(" <%= message.html_safe %>
").children().fadeOut(5000)
+$("#flash_message").html(" <%= sanitize(message) %>
").children().fadeOut(5000)
<% end %>
$('#liste-champ').html("<%= escape_javascript(render partial: 'admin/types_de_champ/form', locals: { procedure: @procedure, types_de_champ: @types_de_champ } ) %>");
on_change_type_de_champ_select ();
diff --git a/app/views/administrations/_list.html.haml b/app/views/administrations/_list.html.haml
index 81df10248..8129475ee 100644
--- a/app/views/administrations/_list.html.haml
+++ b/app/views/administrations/_list.html.haml
@@ -18,7 +18,7 @@
= admin.last_sign_in_at.localtime.strftime('%d/%m/%Y')
)
%td
- = admin.procedures.published.count
+ = admin.procedures.publiees.count
%td
- total_dossier = 0
- admin.procedures.each do |procedure| total_dossier += procedure.dossiers.state_not_brouillon.count end
diff --git a/app/views/backoffice/dossiers/_list.html.haml b/app/views/backoffice/dossiers/_list.html.haml
index 3316aa0c8..509684096 100644
--- a/app/views/backoffice/dossiers/_list.html.haml
+++ b/app/views/backoffice/dossiers/_list.html.haml
@@ -53,7 +53,7 @@
%td.center
- if current_gestionnaire.follow?(dossier.id)
- = link_to('Quitter'.html_safe, backoffice_dossier_follow_path(dossier_id: dossier.id), 'data-method' => :put, class: 'btn-sm btn-danger', id: "suivre_dossier_#{dossier.id}")
+ = link_to('Quitter', backoffice_dossier_follow_path(dossier_id: dossier.id), 'data-method' => :put, class: 'btn-sm btn-danger', id: "suivre_dossier_#{dossier.id}")
- else
= link_to('Suivre', backoffice_dossier_follow_path(dossier_id: dossier.id), 'data-method' => :put, class: 'btn-sm btn-primary', id: "suivre_dossier_#{dossier.id}")
%td.center{ style: "color: #{dossier.total_follow == 0 ? 'red' : ''}" }
diff --git a/app/views/backoffice/dossiers/formulaire_private.js.erb b/app/views/backoffice/dossiers/formulaire_private.js.erb
index 44b5a576a..d1096f597 100644
--- a/app/views/backoffice/dossiers/formulaire_private.js.erb
+++ b/app/views/backoffice/dossiers/formulaire_private.js.erb
@@ -1,4 +1,4 @@
<% flash.each do |type, message| %>
-$("#flash_message").html(" <%= message.html_safe %>
").children().fadeOut(5000)
+$("#flash_message").html(" <%= sanitize(message) %>
").children().fadeOut(5000)
<% end %>
<% flash.clear %>
diff --git a/app/views/dossiers/etapes/_etape1.html.haml b/app/views/dossiers/etapes/_etape1.html.haml
index 036cdce6b..877dc034c 100644
--- a/app/views/dossiers/etapes/_etape1.html.haml
+++ b/app/views/dossiers/etapes/_etape1.html.haml
@@ -16,9 +16,9 @@
= @facade.procedure.libelle
%p#description_procedure{ style: 'width: 95%;', class: (@facade.entreprise.nil? ? '' : 'mask') }
- = h @facade.procedure.description.html_safe
+ = h sanitize(@facade.procedure.description)
- unless @facade.procedure.lien_site_web.blank?
.center
- %a{ href: "#{@facade.procedure.lien_site_web.html_safe}", target: '_blank' }
+ %a{ href: @facade.procedure.lien_site_web, target: '_blank' }
En savoir plus ...
diff --git a/app/views/dossiers/etapes/etape_2/_individual.html.haml b/app/views/dossiers/etapes/etape_2/_individual.html.haml
index d71aa8ea9..25f133c7c 100644
--- a/app/views/dossiers/etapes/etape_2/_individual.html.haml
+++ b/app/views/dossiers/etapes/etape_2/_individual.html.haml
@@ -36,8 +36,7 @@
%p
%label{ style: 'font-weight: normal;' }
= f.check_box :autorisation_donnees
- = " ".html_safe
- Vos informations personnelles ne seront jamais utilisées dans un but lucratif ou commercial. Elles ne pourront être communiquées à de tierces personnes sans votre accord préalable. Elles pourront en revanche être communiquées aux administrations compétentes afin d'instruire votre dossier, conformément à la déclaration CNIL effectuée par le service TPS.
+ Vos informations personnelles ne seront jamais utilisées dans un but lucratif ou commercial. Elles ne pourront être communiquées à de tierces personnes sans votre accord préalable. Elles pourront en revanche être communiquées aux administrations compétentes afin d'instruire votre dossier, conformément à la déclaration CNIL effectuée par le service TPS.
= link_to 'en savoir plus', cgu_path, target: '_blank'
.row
.col-xs-5.col-xs-5
diff --git a/app/views/gestionnaire_mailer/last_week_overview.html.haml b/app/views/gestionnaire_mailer/last_week_overview.html.haml
index 892e5b257..f057fb0cf 100644
--- a/app/views/gestionnaire_mailer/last_week_overview.html.haml
+++ b/app/views/gestionnaire_mailer/last_week_overview.html.haml
@@ -23,9 +23,10 @@
dont #{procedure_overview.old_dossiers_en_construction.count} depuis plus de 7 jours
- if procedure_overview.old_dossiers_en_construction.count < 6
\:
- = procedure_overview.old_dossiers_en_construction.map do |old_dossier|
+ - old_dossiers_en_construction = procedure_overview.old_dossiers_en_construction.map do |old_dossier|
- link_to "nº #{old_dossier.id}", backoffice_dossier_url(old_dossier), style: 'color: #4393F3;'
- - end.join(', ').html_safe
+ - end.join(', ')
+ = sanitize(old_dossiers_en_construction, attributes: %w(href style))
- if procedure_overview.dossiers_en_instruction_count > 0
%tr
@@ -36,9 +37,10 @@
dont #{procedure_overview.old_dossiers_en_instruction.count} depuis plus de 7 jours
- if procedure_overview.old_dossiers_en_instruction.count < 6
\:
- = procedure_overview.old_dossiers_en_instruction.map do |old_dossier|
+ - old_dossiers_en_instruction = procedure_overview.old_dossiers_en_instruction.map do |old_dossier|
- link_to "nº #{old_dossier.id}", backoffice_dossier_url(old_dossier), style: 'color: #4393F3;'
- - end.join(', ').html_safe
+ - end.join(', ')
+ = sanitize(old_dossiers_en_instruction, attributes: %w(href style))
- if index != (@args[:procedure_overviews].count - 1)
.spacer{ style: 'border-bottom: 1px solid #CCC; margin: 25px 0 30px;' }
diff --git a/app/views/layouts/_flash_messages.html.haml b/app/views/layouts/_flash_messages.html.haml
index 1c1ec728b..9c00630b5 100644
--- a/app/views/layouts/_flash_messages.html.haml
+++ b/app/views/layouts/_flash_messages.html.haml
@@ -4,8 +4,8 @@
- if value.class == Array
.alert{ class: flash_class(key) }
- value.each do |message|
- = message
+ = sanitize(message)
%br
- else
.alert{ class: flash_class(key) }
- = value
+ = sanitize(value)
diff --git a/app/views/layouts/_ie_lt_10.html.haml b/app/views/layouts/_ie_lt_10.html.haml
index da6c5365f..7b8830871 100644
--- a/app/views/layouts/_ie_lt_10.html.haml
+++ b/app/views/layouts/_ie_lt_10.html.haml
@@ -1,8 +1,8 @@
-= "".html_safe
+
diff --git a/app/views/layouts/left_panels/_left_panel_admin_procedurescontroller_index.html.haml b/app/views/layouts/left_panels/_left_panel_admin_procedurescontroller_index.html.haml
index c4fd6ccfd..68291d6d5 100644
--- a/app/views/layouts/left_panels/_left_panel_admin_procedurescontroller_index.html.haml
+++ b/app/views/layouts/left_panels/_left_panel_admin_procedurescontroller_index.html.haml
@@ -13,19 +13,19 @@
.procedure-list-element{ class: @draft_class }
Brouillons
.badge.progress-bar-default
- = current_administrateur.procedures.not_published.not_archived.count
+ = current_administrateur.procedures.brouillons.count
%a#active-procedures{ :href => "#{url_for :admin_procedures}" }
.procedure-list-element{ class: @active_class }
Actives
.badge.progress-bar-success
- = current_administrateur.procedures.published.not_archived.count
+ = current_administrateur.procedures.publiees.count
%a#archived-procedures{ :href => "#{url_for :admin_procedures_archived}" }
.procedure-list-element{ class: @archived_class }
Archivées
.badge.progress-bar-purple
- = current_administrateur.procedures.archived.count
+ = current_administrateur.procedures.archivees.count
.split-hr-left
diff --git a/app/views/root/landing.html.haml b/app/views/root/landing.html.haml
index 8eee9d51b..1d9d97d73 100644
--- a/app/views/root/landing.html.haml
+++ b/app/views/root/landing.html.haml
@@ -80,7 +80,7 @@
%ul.numbers
%li.number
.number-value
- = number_with_delimiter(Procedure.published.count, :locale => :fr)
+ = number_with_delimiter(Procedure.publiee_ou_archivee.count, :locale => :fr)
.number-label<
procédures
%br<>
diff --git a/app/views/users/description/_show.html.haml b/app/views/users/description/_show.html.haml
index d83503308..aac70c2f8 100644
--- a/app/views/users/description/_show.html.haml
+++ b/app/views/users/description/_show.html.haml
@@ -42,5 +42,5 @@
- elsif !@dossier.draft?
= render partial: '/layouts/modifications_terminees'
- else
- = submit_tag 'Soumettre mon dossier', id: 'suivant', name: 'submit[nouveaux]', class: 'btn btn btn-success', style: 'float: right;', disabled: @procedure.archived?, data: { disable_with: 'Soumettre votre dossier', submit: true }
- = submit_tag 'Enregistrer un brouillon', id: 'brouillon', name: 'submit[brouillon]', class: 'btn btn-xs btn-default', style: 'float: right; margin-right: 10px; margin-top: 6px;', disabled: @procedure.archived?, data: { disable_with: 'Enregistrer un brouillon', submit: true }
+ = submit_tag 'Soumettre mon dossier', id: 'suivant', name: 'submit[nouveaux]', class: 'btn btn btn-success', style: 'float: right;', disabled: @procedure.archivee?, data: { disable_with: 'Soumettre votre dossier', submit: true }
+ = submit_tag 'Enregistrer un brouillon', id: 'brouillon', name: 'submit[brouillon]', class: 'btn btn-xs btn-default', style: 'float: right; margin-right: 10px; margin-top: 6px;', disabled: @procedure.archivee?, data: { disable_with: 'Enregistrer un brouillon', submit: true }
diff --git a/app/views/users/description/champs/_render_list_champs.html.haml b/app/views/users/description/champs/_render_list_champs.html.haml
index 6bb776379..755f5f537 100644
--- a/app/views/users/description/champs/_render_list_champs.html.haml
+++ b/app/views/users/description/champs/_render_list_champs.html.haml
@@ -60,4 +60,4 @@
- unless champ.description.empty?
%div{ id: "description_champs_#{champ.id}", class: ('help-block' unless champ.type_champ == 'engagement') }
- = champ.description_with_links
+ = sanitize(champ.description_with_links, attributes: %w(href target))
diff --git a/app/views/users/registrations/new.html.haml b/app/views/users/registrations/new.html.haml
index fcaf254d6..3775c572f 100644
--- a/app/views/users/registrations/new.html.haml
+++ b/app/views/users/registrations/new.html.haml
@@ -15,7 +15,7 @@
%h1 Créez-vous un compte
= f.label :email, "Email"
- = f.text_field :email
+ = f.text_field :email, autofocus: true
= f.label :password, "Mot de passe"
= f.password_field :password, value: @user.password, placeholder: "8 caractères minimum"
diff --git a/app/views/users/sessions/_resume_procedure.html.haml b/app/views/users/sessions/_resume_procedure.html.haml
index bf385234e..f42a11ad1 100644
--- a/app/views/users/sessions/_resume_procedure.html.haml
+++ b/app/views/users/sessions/_resume_procedure.html.haml
@@ -13,7 +13,7 @@
%h2#titre-procedure.text-info
= @dossier.procedure.libelle
%p.procedure-description
- = h @dossier.procedure.description.html_safe
+ = h sanitize(@dossier.procedure.description)
- else
#logo_procedure.flag
diff --git a/app/views/users/sessions/new.html.haml b/app/views/users/sessions/new.html.haml
index ffac4fae9..2c66cc6af 100644
--- a/app/views/users/sessions/new.html.haml
+++ b/app/views/users/sessions/new.html.haml
@@ -20,14 +20,14 @@
%h2.procedure-title
= @dossier.procedure.libelle
%p.procedure-description
- = h @dossier.procedure.description.html_safe
+ = h sanitize(@dossier.procedure.description)
.column.auth-form
= form_for @user, url: user_session_path, html: { class: "form" } do |f|
%h1 Connectez-vous
= f.label :email, "Email"
- = f.text_field :email
+ = f.text_field :email, autofocus: true
= f.label :password, "Mot de passe"
= f.password_field :password, value: @user.password, placeholder: "8 caractères minimum"
diff --git a/app/views/users/siret/_pro.html.haml b/app/views/users/siret/_pro.html.haml
index 523992984..48a9b0f0f 100644
--- a/app/views/users/siret/_pro.html.haml
+++ b/app/views/users/siret/_pro.html.haml
@@ -6,7 +6,7 @@
= @procedure.libelle
%p
- = @procedure.description.html_safe
+ = sanitize(@procedure.description)
%br
= form_tag(url_for({ controller: :dossiers, action: :create }), class: 'form-inline', method: 'POST') do |f|
diff --git a/app/workers/auto_archive_procedure_worker.rb b/app/workers/auto_archive_procedure_worker.rb
index a1a46efcc..d9715b843 100644
--- a/app/workers/auto_archive_procedure_worker.rb
+++ b/app/workers/auto_archive_procedure_worker.rb
@@ -2,7 +2,7 @@ class AutoArchiveProcedureWorker
include Sidekiq::Worker
def perform(*args)
- Procedure.not_archived.where("auto_archive_on <= ?", Date.today).each do |procedure|
+ Procedure.publiees.where("auto_archive_on <= ?", Date.today).each do |procedure|
procedure.dossiers.state_en_construction.each do |dossier|
dossier.received!
end
diff --git a/db/migrate/20170711125429_remove_published_from_procedures.rb b/db/migrate/20170711125429_remove_published_from_procedures.rb
new file mode 100644
index 000000000..7312fd8dc
--- /dev/null
+++ b/db/migrate/20170711125429_remove_published_from_procedures.rb
@@ -0,0 +1,5 @@
+class RemovePublishedFromProcedures < ActiveRecord::Migration[5.0]
+ def change
+ remove_column :procedures, :published
+ end
+end
diff --git a/db/migrate/20170711125726_remove_archived_from_procedures.rb b/db/migrate/20170711125726_remove_archived_from_procedures.rb
new file mode 100644
index 000000000..0813e0811
--- /dev/null
+++ b/db/migrate/20170711125726_remove_archived_from_procedures.rb
@@ -0,0 +1,5 @@
+class RemoveArchivedFromProcedures < ActiveRecord::Migration[5.0]
+ def change
+ remove_column :procedures, :archived
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 2b3bbab8c..875a6c007 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20170627144046) do
+ActiveRecord::Schema.define(version: 20170711125726) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
@@ -373,12 +373,10 @@ ActiveRecord::Schema.define(version: 20170627144046) do
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.integer "administrateur_id"
- t.boolean "archived", default: false
t.boolean "euro_flag", default: false
t.string "logo"
t.boolean "cerfa_flag", default: false
t.string "logo_secure_token"
- t.boolean "published", default: false, null: false
t.string "lien_site_web"
t.string "lien_notice"
t.boolean "for_individual", default: false
diff --git a/spec/controllers/admin/procedures_controller_spec.rb b/spec/controllers/admin/procedures_controller_spec.rb
index d612f02e8..9846ead56 100644
--- a/spec/controllers/admin/procedures_controller_spec.rb
+++ b/spec/controllers/admin/procedures_controller_spec.rb
@@ -297,7 +297,7 @@ describe Admin::ProceduresController, type: :controller do
let(:procedure_path) { 'new_path' }
it 'publish the given procedure' do
- expect(procedure.published?).to be_truthy
+ expect(procedure.publiee?).to be_truthy
expect(procedure.path).to eq(procedure_path)
expect(response.status).to eq 200
expect(flash[:notice]).to have_content 'Procédure publiée'
@@ -308,15 +308,14 @@ describe Admin::ProceduresController, type: :controller do
let(:procedure_path) { procedure2.path }
it 'publish the given procedure' do
- expect(procedure.published?).to be_truthy
+ expect(procedure.publiee?).to be_truthy
expect(procedure.path).to eq(procedure_path)
expect(response.status).to eq 200
expect(flash[:notice]).to have_content 'Procédure publiée'
end
it 'archive previous procedure' do
- expect(procedure2.published?).to be_truthy
- expect(procedure2.archived?).to be_truthy
+ expect(procedure2.archivee?).to be_truthy
expect(procedure2.path).to be_nil
end
end
@@ -325,14 +324,14 @@ describe Admin::ProceduresController, type: :controller do
let(:procedure_path) { procedure3.path }
it 'does not publish the given procedure' do
- expect(procedure.published?).to be_falsey
+ expect(procedure.publiee?).to be_falsey
expect(procedure.path).to be_nil
expect(response.status).to eq 200
end
it 'previous procedure remains published' do
- expect(procedure2.published?).to be_truthy
- expect(procedure2.archived?).to be_falsey
+ expect(procedure2.publiee?).to be_truthy
+ expect(procedure2.archivee?).to be_falsey
expect(procedure2.path).to match(/fake_path/)
end
end
@@ -341,7 +340,7 @@ describe Admin::ProceduresController, type: :controller do
let(:procedure_path) { 'Invalid Procedure Path' }
it 'does not publish the given procedure' do
- expect(procedure.published?).to be_falsey
+ expect(procedure.publiee?).to be_falsey
expect(procedure.path).to be_nil
expect(response).to redirect_to :admin_procedures
expect(flash[:alert]).to have_content 'Lien de la procédure invalide'
@@ -362,13 +361,13 @@ describe Admin::ProceduresController, type: :controller do
it 'fails' do
expect(response).to redirect_to :admin_procedures
- expect(flash[:alert]).to have_content 'Procédure inéxistante'
+ expect(flash[:alert]).to have_content 'Procédure inexistante'
end
end
end
describe 'PUT #archive' do
- let(:procedure) { create(:procedure, administrateur: admin) }
+ let(:procedure) { create(:procedure, :published, administrateur: admin) }
context 'when admin is the owner of the procedure' do
before do
@@ -377,7 +376,7 @@ describe Admin::ProceduresController, type: :controller do
end
context 'when owner want archive procedure' do
- it { expect(procedure.archived?).to be_truthy }
+ it { expect(procedure.archivee?).to be_truthy }
it { expect(response).to redirect_to :admin_procedures }
it { expect(flash[:notice]).to have_content 'Procédure archivée' }
end
@@ -388,7 +387,7 @@ describe Admin::ProceduresController, type: :controller do
procedure.reload
end
- it { expect(procedure.archived?).to be_falsey }
+ it { expect(procedure.archivee?).to be_falsey }
it { expect(response.status).to eq 200 }
it { expect(flash[:notice]).to have_content 'Procédure publiée' }
end
@@ -406,7 +405,7 @@ describe Admin::ProceduresController, type: :controller do
end
it { expect(response).to redirect_to :admin_procedures }
- it { expect(flash[:alert]).to have_content 'Procédure inéxistante' }
+ it { expect(flash[:alert]).to have_content 'Procédure inexistante' }
end
end
@@ -437,7 +436,7 @@ describe Admin::ProceduresController, type: :controller do
end
it { expect(response).to redirect_to :admin_procedures }
- it { expect(flash[:alert]).to have_content 'Procédure inéxistante' }
+ it { expect(flash[:alert]).to have_content 'Procédure inexistante' }
end
end
diff --git a/spec/controllers/users/description_controller_spec.rb b/spec/controllers/users/description_controller_spec.rb
index 957871e48..12f0dfa6f 100644
--- a/spec/controllers/users/description_controller_spec.rb
+++ b/spec/controllers/users/description_controller_spec.rb
@@ -8,7 +8,7 @@ describe Users::DescriptionController, type: :controller, vcr: {cassette_name: '
let(:archived_at) { nil }
let(:state) { 'initiated' }
- let(:procedure) { create(:procedure, :with_two_type_de_piece_justificative, :with_type_de_champ, :with_datetime, cerfa_flag: true, archived_at: archived_at) }
+ let(:procedure) { create(:procedure, :with_two_type_de_piece_justificative, :with_type_de_champ, :with_datetime, cerfa_flag: true, published_at: Time.now, archived_at: archived_at) }
let(:dossier) { create(:dossier, procedure: procedure, user: owner_user, state: state) }
let(:dossier_id) { dossier.id }
diff --git a/spec/models/procedure_spec.rb b/spec/models/procedure_spec.rb
index e48aadfe8..07dd724e9 100644
--- a/spec/models/procedure_spec.rb
+++ b/spec/models/procedure_spec.rb
@@ -243,6 +243,48 @@ describe Procedure do
end
end
+ describe "#brouillon?" do
+ let(:procedure_brouillon) { Procedure.new() }
+ let(:procedure_publiee) { Procedure.new(published_at: Time.now) }
+ let(:procedure_archivee) { Procedure.new(published_at: Time.now, archived_at: Time.now) }
+
+ it { expect(procedure_brouillon.brouillon?).to be_truthy }
+ it { expect(procedure_publiee.brouillon?).to be_falsey }
+ it { expect(procedure_archivee.brouillon?).to be_falsey }
+ end
+
+ describe "#publiee?" do
+ let(:procedure_brouillon) { Procedure.new() }
+ let(:procedure_publiee) { Procedure.new(published_at: Time.now) }
+ let(:procedure_archivee) { Procedure.new(published_at: Time.now, archived_at: Time.now) }
+
+ it { expect(procedure_brouillon.publiee?).to be_falsey }
+ it { expect(procedure_publiee.publiee?).to be_truthy }
+ it { expect(procedure_archivee.publiee?).to be_falsey }
+ end
+
+ describe "#archivee?" do
+ let(:procedure_brouillon) { Procedure.new() }
+ let(:procedure_publiee) { Procedure.new(published_at: Time.now) }
+ let(:procedure_archivee) { Procedure.new(published_at: Time.now, archived_at: Time.now) }
+ let(:procedure_batarde) { Procedure.new(published_at: nil, archived_at: Time.now) }
+
+ it { expect(procedure_brouillon.archivee?).to be_falsey }
+ it { expect(procedure_publiee.archivee?).to be_falsey }
+ it { expect(procedure_archivee.archivee?).to be_truthy }
+ it { expect(procedure_batarde.archivee?).to be_falsey }
+ end
+
+ describe "#publiee_ou_archivee?" do
+ let(:procedure_brouillon) { Procedure.new() }
+ let(:procedure_publiee) { Procedure.new(published_at: Time.now) }
+ let(:procedure_archivee) { Procedure.new(published_at: Time.now, archived_at: Time.now) }
+
+ it { expect(procedure_brouillon.publiee_ou_archivee?).to be_falsey }
+ it { expect(procedure_publiee.publiee_ou_archivee?).to be_truthy }
+ it { expect(procedure_archivee.publiee_ou_archivee?).to be_truthy }
+ end
+
describe 'archive' do
let(:procedure) { create(:procedure, :published) }
let(:procedure_path) { ProcedurePath.find(procedure.procedure_path.id) }
@@ -253,8 +295,7 @@ describe Procedure do
procedure.reload
end
- it { expect(procedure.published?).to be_truthy }
- it { expect(procedure.archived?).to be_truthy }
+ it { expect(procedure.archivee?).to be_truthy }
it { expect(procedure.archived_at).to eq(now) }
after do
diff --git a/spec/workers/auto_archive_procedure_worker_spec.rb b/spec/workers/auto_archive_procedure_worker_spec.rb
index 8ffcffb34..9b4c57d81 100644
--- a/spec/workers/auto_archive_procedure_worker_spec.rb
+++ b/spec/workers/auto_archive_procedure_worker_spec.rb
@@ -1,10 +1,10 @@
require 'rails_helper'
RSpec.describe AutoArchiveProcedureWorker, type: :worker do
- let!(:procedure) { create(:procedure, archived_at: nil, auto_archive_on: nil )}
- let!(:procedure_hier) { create(:procedure, archived_at: nil, auto_archive_on: 1.day.ago )}
- let!(:procedure_aujourdhui) { create(:procedure, archived_at: nil, auto_archive_on: Date.today )}
- let!(:procedure_demain) { create(:procedure, archived_at: nil, auto_archive_on: 1.day.from_now )}
+ let!(:procedure) { create(:procedure, published_at: Time.now, archived_at: nil, auto_archive_on: nil )}
+ let!(:procedure_hier) { create(:procedure, published_at: Time.now, archived_at: nil, auto_archive_on: 1.day.ago )}
+ let!(:procedure_aujourdhui) { create(:procedure, published_at: Time.now, archived_at: nil, auto_archive_on: Date.today )}
+ let!(:procedure_demain) { create(:procedure, published_at: Time.now, archived_at: nil, auto_archive_on: 1.day.from_now )}
subject { AutoArchiveProcedureWorker.new.perform }
@@ -14,7 +14,7 @@ RSpec.describe AutoArchiveProcedureWorker, type: :worker do
procedure.reload
end
- it { expect(procedure.archived?).to eq false }
+ it { expect(procedure.archivee?).to eq false }
end
context "when procedures have auto_archive_on set on yesterday or today" do
@@ -49,8 +49,8 @@ RSpec.describe AutoArchiveProcedureWorker, type: :worker do
it { expect(dossier8.state).to eq 'without_continuation' }
it { expect(dossier9.state).to eq 'received' }
- it { expect(procedure_hier.archived?).to eq true }
- it { expect(procedure_aujourdhui.archived?).to eq true }
+ it { expect(procedure_hier.archivee?).to eq true }
+ it { expect(procedure_aujourdhui.archivee?).to eq true }
end
context "when procedures have auto_archive_on set on future" do
@@ -58,6 +58,6 @@ RSpec.describe AutoArchiveProcedureWorker, type: :worker do
subject
end
- it { expect(procedure_demain.archived?).to eq false }
+ it { expect(procedure_demain.archivee?).to eq false }
end
end