Merge pull request #25 from sgmap/see_only_its_own_files

Search: see only its own files
2017-02-21 10:10:28 +01:00 · 2017-02-21 10:10:28 +01:00 · 50e046981f
commit 50e046981f
parent ab0d8deef1 b6fc30fd62
2 changed files with 46 additions and 8 deletions
--- a/app/controllers/backoffice/dossiers_controller.rb
+++ b/app/controllers/backoffice/dossiers_controller.rb
@ -56,7 +56,10 @@ class Backoffice::DossiersController < Backoffice::DossiersListController
    @search_terms = params[:q]

    # exact id match?
-    @dossiers = Dossier.where(id: @search_terms.to_i) if @search_terms.to_i < 2147483647
+    if @search_terms.to_i != 0
+      @dossiers = current_gestionnaire.dossiers.where(id: @search_terms.to_i)
+    end
+
    @dossiers = Dossier.none if @dossiers.nil?

    # full text search
--- a/spec/controllers/backoffice/dossiers_controller_spec.rb
+++ b/spec/controllers/backoffice/dossiers_controller_spec.rb
@ -5,16 +5,24 @@ describe Backoffice::DossiersController, type: :controller do
    @request.env['HTTP_REFERER'] = TPS::Application::URL
  end
  let(:procedure) { create :procedure }
+  let(:procedure2) { create :procedure }

  let(:dossier) { create(:dossier, :with_entreprise, procedure: procedure, state: :initiated) }
+  let(:dossier2) { create(:dossier, :with_entreprise, procedure: procedure2, state: :initiated) }
  let(:dossier_archived) { create(:dossier, :with_entreprise, archived: true) }

  let(:dossier_id) { dossier.id }
  let(:bad_dossier_id) { Dossier.count + 10 }
+
  let(:gestionnaire) { create(:gestionnaire, administrateurs: [create(:administrateur)]) }
+  let!(:gestionnaire2) { create(:gestionnaire, administrateurs: [create(:administrateur)]) }

  before do
    create :assign_to, procedure: procedure, gestionnaire: gestionnaire
+    create :assign_to, procedure: procedure2, gestionnaire: gestionnaire2
+
+    procedure.dossiers << dossier
+    procedure2.dossiers << dossier2
  end

  describe 'GET #index' do
@ -166,15 +174,42 @@ describe Backoffice::DossiersController, type: :controller do
  end

  describe 'POST #search' do
-    before do
-      sign_in gestionnaire
-    end
+    describe 'by id' do
+      context 'when I am logged as a gestionnaire' do
+        before do
+          sign_in gestionnaire
+        end

-    it 'returns http success' do
-      post :search, params: {search_terms: 'test'}
-      expect(response).to have_http_status(200)
-    end
+        context 'when I own the dossier' do
+          before :each do
+            post :search, params: { q: dossier_id }
+          end

+          it 'returns http success' do
+            expect(response).to have_http_status(200)
+          end
+
+          it 'returns the expected dossier' do
+            expect(assigns(:dossiers).count).to eq(1)
+            expect(assigns(:dossiers).first.id).to eq(dossier_id)
+          end
+        end
+
+        context 'when I do not own the dossier' do
+          before :each do
+            post :search, params: { q: dossier2_id }
+          end
+
+          it 'returns http success' do
+            expect(response).to have_http_status(200)
+          end
+
+          it 'returns nothing' do
+            expect(assigns(:dossiers).count).to eq(0)
+          end
+        end
+      end
+    end
  end

  describe 'POST #valid' do