Merge pull request #2075 from betagouv/fix_2072_user_cannot_modify_a_dossier_in_instruction
[fix #2072] DossierController: check the user can update the dossier
This commit is contained in:
LeSim
GitHub
commit
6e1bff0d5d
3 changed files with 34 additions and 0 deletions
|
|
@ -2,6 +2,7 @@ module NewUser
|
||||||
class DossiersController < UserController
|
class DossiersController < UserController
|
||||||
before_action :ensure_ownership!, except: [:index, :modifier, :update]
|
before_action :ensure_ownership!, except: [:index, :modifier, :update]
|
||||||
before_action :ensure_ownership_or_invitation!, only: [:modifier, :update]
|
before_action :ensure_ownership_or_invitation!, only: [:modifier, :update]
|
||||||
|
before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update]
|
||||||
before_action :forbid_invite_submission!, only: [:update]
|
before_action :forbid_invite_submission!, only: [:update]
|
||||||
|
|
||||||
def attestation
|
def attestation
|
||||||
|
|
@ -109,6 +110,13 @@ module NewUser
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def ensure_dossier_can_be_updated
|
||||||
|
if !dossier.can_be_updated_by_the_user?
|
||||||
|
flash.alert = 'Votre dossier ne peut plus être modifié'
|
||||||
|
redirect_to users_dossiers_path
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def page
|
def page
|
||||||
[params[:page].to_i, 1].max
|
[params[:page].to_i, 1].max
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -171,6 +171,10 @@ class Dossier < ApplicationRecord
|
||||||
!(procedure.archivee? && brouillon?)
|
!(procedure.archivee? && brouillon?)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def can_be_updated_by_the_user?
|
||||||
|
brouillon? || en_construction?
|
||||||
|
end
|
||||||
|
|
||||||
def text_summary
|
def text_summary
|
||||||
if brouillon?
|
if brouillon?
|
||||||
parts = [
|
parts = [
|
||||||
|
|
|
||||||
|
|
@ -145,6 +145,17 @@ describe NewUser::DossiersController, type: :controller do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when the identite cannot be updated by the user' do
|
||||||
|
let(:dossier) { create(:dossier, :for_individual, :en_instruction, user: user, procedure: procedure) }
|
||||||
|
let(:individual_params) { { gender: 'M', nom: 'Mouse', prenom: 'Mickey' } }
|
||||||
|
let(:dossier_params) { { autorisation_donnees: true } }
|
||||||
|
|
||||||
|
it 'redirects to user_dossiers_path' do
|
||||||
|
expect(response).to redirect_to(users_dossiers_path)
|
||||||
|
expect(flash.alert).to eq('Votre dossier ne peut plus être modifié')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'with incorrect individual and dossier params' do
|
context 'with incorrect individual and dossier params' do
|
||||||
let(:individual_params) { { gender: '', nom: '', prenom: '' } }
|
let(:individual_params) { { gender: '', nom: '', prenom: '' } }
|
||||||
let(:dossier_params) { { autorisation_donnees: nil } }
|
let(:dossier_params) { { autorisation_donnees: nil } }
|
||||||
|
|
@ -211,6 +222,17 @@ describe NewUser::DossiersController, type: :controller do
|
||||||
|
|
||||||
subject { patch :update, params: payload }
|
subject { patch :update, params: payload }
|
||||||
|
|
||||||
|
context 'when the dossier cannot be updated by the user' do
|
||||||
|
let!(:dossier) { create(:dossier, :en_instruction, user: user) }
|
||||||
|
|
||||||
|
it 'redirects to user_dossiers_path' do
|
||||||
|
subject
|
||||||
|
|
||||||
|
expect(response).to redirect_to(users_dossiers_path)
|
||||||
|
expect(flash.alert).to eq('Votre dossier ne peut plus être modifié')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
it 'updates the champs' do
|
it 'updates the champs' do
|
||||||
subject
|
subject
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue