diff --git a/app/controllers/new_user/dossiers_controller.rb b/app/controllers/new_user/dossiers_controller.rb index f710fe14f..ebac58847 100644 --- a/app/controllers/new_user/dossiers_controller.rb +++ b/app/controllers/new_user/dossiers_controller.rb @@ -73,7 +73,7 @@ module NewUser @dossier.en_construction! NotificationMailer.send_initiated_notification(@dossier).deliver_later redirect_to merci_dossier_path(@dossier) - elsif owns_dossier? + elsif current_user.owns?(dossier) redirect_to users_dossier_recapitulatif_path(@dossier) else redirect_to users_dossiers_invite_path(@dossier.invite_for_user(current_user)) @@ -142,7 +142,7 @@ module NewUser end def ensure_ownership! - if !owns_dossier? + if !current_user.owns?(dossier) forbidden! end end @@ -154,7 +154,7 @@ module NewUser end def forbid_invite_submission! - if passage_en_construction? && !owns_dossier? + if passage_en_construction? && !current_user.owns?(dossier) forbidden! end end @@ -172,10 +172,6 @@ module NewUser params.require(:dossier).permit(:autorisation_donnees) end - def owns_dossier? - dossier.user_id == current_user.id - end - def passage_en_construction? dossier.brouillon? && !draft? end diff --git a/app/models/user.rb b/app/models/user.rb index 2de403c64..57c049ade 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -38,6 +38,10 @@ class User < ApplicationRecord loged_in_with_france_connect.present? end + def owns?(dossier) + dossier.user_id == id + end + def invite?(dossier_id) invites.pluck(:dossier_id).include?(dossier_id.to_i) end diff --git a/app/views/layouts/left_panels/_left_panel_users_recapitulatifcontroller_show.html.haml b/app/views/layouts/left_panels/_left_panel_users_recapitulatifcontroller_show.html.haml index 1e5a3a253..6c3499cd4 100644 --- a/app/views/layouts/left_panels/_left_panel_users_recapitulatifcontroller_show.html.haml +++ b/app/views/layouts/left_panels/_left_panel_users_recapitulatifcontroller_show.html.haml @@ -14,7 +14,7 @@ .dossier-state= @facade.dossier.display_state .split-hr-left - - if @facade.dossier.user == current_user + - if current_user.owns?(@facade.dossier) .text-center.mt-1 = link_to ask_deletion_dossier_path(@facade.dossier), method: :post, class: "btn btn-danger", data: { confirm: delete_dossier_confirm(@facade.dossier) } do Supprimer définitivement diff --git a/app/views/shared/dossiers/_edit.html.haml b/app/views/shared/dossiers/_edit.html.haml index f9df14445..79de4e7f4 100644 --- a/app/views/shared/dossiers/_edit.html.haml +++ b/app/views/shared/dossiers/_edit.html.haml @@ -58,7 +58,7 @@ class: 'button send', data: { action: 'draft', disable_with: 'Envoi...' } - - if dossier.user == current_user + - if current_user.owns?(dossier) = f.button 'Soumettre le dossier', class: 'button send primary', data: { action: 'submit', disable_with: 'Envoi...' } diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 848909a51..a9a2e24fa 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -31,6 +31,37 @@ describe User, type: :model do end end + describe '#owns?' do + let(:owner) { create(:user) } + let(:dossier) { create(:dossier, user: owner) } + let(:invite_user) { create(:user) } + let(:invite_gestionnaire) { create(:user) } + + subject { user.owns?(dossier) } + + context 'when user is owner' do + let(:user) { owner } + + it { is_expected.to be_truthy } + end + + context 'when user was invited by user' do + before do + create(:invite, dossier: dossier, user: invite_user, type: 'InviteUser') + end + + let(:user) { invite_user } + + it { is_expected.to be_falsy } + end + + context 'when user is quidam' do + let(:user) { create(:user) } + + it { is_expected.to be_falsey } + end + end + describe '#invite?' do let(:dossier) { create :dossier } let(:user) { dossier.user }