DossierController: use new token validation

app/controllers/api/v1/dossiers_controller.rb

@@ -1,4 +1,6 @@
 class API::V1::DossiersController < APIController
+  before_action :fetch_procedure_and_check_token
+
   DEFAULT_PAGE_SIZE = 100
 
   resource_description do
@@ -13,8 +15,7 @@ class API::V1::DossiersController < APIController
   error code: 404, desc: "Démarche inconnue"
 
   def index
-    procedure = administrateur.procedures.find(params[:procedure_id])
-    dossiers = procedure.dossiers.state_not_brouillon.page(params[:page]).per(per_page)
+    dossiers = @procedure.dossiers.state_not_brouillon.page(params[:page]).per(per_page)
 
     render json: { dossiers: dossiers.map{ |dossier| DossiersSerializer.new(dossier) }, pagination: pagination(dossiers) }, status: 200
   rescue ActiveRecord::RecordNotFound
@@ -28,8 +29,7 @@ class API::V1::DossiersController < APIController
   error code: 404, desc: "Démarche ou dossier inconnu"
 
   def show
-    procedure = administrateur.procedures.find(params[:procedure_id])
-    dossier = procedure.dossiers.find(params[:id])
+    dossier = @procedure.dossiers.find(params[:id])
 
     respond_to do |format|
       format.json { render json: { dossier: DossierSerializer.new(dossier).as_json }, status: 200 }
@@ -49,4 +49,15 @@ class API::V1::DossiersController < APIController
   def per_page # inherited value from will_paginate
     [params[:resultats_par_page]&.to_i || DEFAULT_PAGE_SIZE, 1000].min
   end
+
+  def fetch_procedure_and_check_token
+    @procedure = Procedure.includes(:administrateur).find(params[:procedure_id])
+
+    if !valid_token_for_administrateur?(@procedure.administrateur)
+      render json: {}, status: :unauthorized
+    end
+
+  rescue ActiveRecord::RecordNotFound
+    render json: {}, status: :not_found
+  end
 end