refacto destroy action and add spec for unauthorized user

This commit is contained in:
Lisa Durand 2023-03-09 11:39:45 +01:00
parent efcb783c8c
commit 6ba47b731b
4 changed files with 34 additions and 4 deletions

View file

@ -20,11 +20,14 @@ module Users
def destroy
transfer = DossierTransfer.find(params[:id])
authorized = (transfer.email == current_user.email || transfer.dossiers.exists?(dossiers: { user: current_user }))
authorized_email = (transfer.email == current_user.email || transfer.dossiers.where(dossiers: { user: current_user }).present?)
return if !authorized_email
transfer.destroy_and_nullify
if authorized
transfer.destroy_and_nullify
flash.notice = t("users.dossiers.transferer.destroy")
else
flash.alert = t("users.dossiers.transferer.unauthorized_destroy")
end
redirect_to dossiers_path
end

View file

@ -9,3 +9,5 @@ en:
email_label: Email of the recipient account
submit: Send transfer request
notice_sent: The transfer request has been sent successfully
destroy: The transfer request has been deleted successfully
unauthorized_destroy: You don't have the authorization to delete this transfer request

View file

@ -9,3 +9,5 @@ fr:
email_label: Email du compte destinataire
submit: Envoyer la demande de transfert
notice_sent: L'invitation au transfert a été envoyée avec succès
destroy: La demande de transfert a été supprimée avec succès
unauthorized_destroy: Vous n'avez pas l'autorisation pour supprimer cette demande de transfert

View file

@ -18,6 +18,8 @@ describe Users::TransfersController, type: :controller do
it "deletes dossier transfert" do
subject
expect { dossier_transfert.reload }.to raise_error(ActiveRecord::RecordNotFound)
expect { (flash.notice).to eq('La demande de transfert a été supprimée avec succès') }
expect { (subject).to redirect_to dossiers_path }
end
end
@ -37,6 +39,27 @@ describe Users::TransfersController, type: :controller do
expect { dossier_transfert.reload }.to raise_error(ActiveRecord::RecordNotFound)
end
end
context "as transfer unauthorized" do
let(:dossier_transfert) { DossierTransfer.initiate(recipient_user.email, [dossier]) }
let(:random_user) { create(:user) }
subject { delete :destroy, params: { id: dossier_transfert.id } }
before do
sign_in(random_user)
end
it { expect { subject }.not_to raise_error }
it "does not delete dossier transfert" do
subject
expect { dossier_transfert.reload.to eq(dossier_transfert) }
expect { (flash.alert).to eq("Vous n'avez pas l'autorisation pour supprimer cette demande de transfert") }
expect { (subject).to redirect_to dossiers_path }
end
end
end
describe "POST create" do