diff --git a/app/controllers/users/carte_controller.rb b/app/controllers/users/carte_controller.rb index ff6d3f85a..9254a07b2 100644 --- a/app/controllers/users/carte_controller.rb +++ b/app/controllers/users/carte_controller.rb @@ -1,7 +1,9 @@ class Users::CarteController < UsersController include DossierConcern - before_action :authorized_routes?, only: [:show] + before_action only: [:show] do + authorized_routes? self.class + end def show @dossier = current_user_dossier @@ -76,6 +78,13 @@ class Users::CarteController < UsersController render json: {cadastres: cadastres} end + def self.route_authorization + { + states: [:draft, :initiated, :replied, :updated], + api_carto: true + } + end + private def generate_qp coordinates diff --git a/app/controllers/users/description_controller.rb b/app/controllers/users/description_controller.rb index 31df59c8e..7739f2ccd 100644 --- a/app/controllers/users/description_controller.rb +++ b/app/controllers/users/description_controller.rb @@ -1,5 +1,7 @@ class Users::DescriptionController < UsersController - before_action :authorized_routes?, only: [:show] + before_action only: [:show] do + authorized_routes? self.class + end def show @dossier = current_user_dossier @@ -62,6 +64,12 @@ class Users::DescriptionController < UsersController redirect_to url_for(controller: :recapitulatif, action: :show, dossier_id: @dossier.id) end + def self.route_authorization + { + states: [:draft, :initiated, :replied, :updated] + } + end + private def create_params diff --git a/app/controllers/users/dossiers_controller.rb b/app/controllers/users/dossiers_controller.rb index 900c43942..ed972fa33 100644 --- a/app/controllers/users/dossiers_controller.rb +++ b/app/controllers/users/dossiers_controller.rb @@ -5,7 +5,9 @@ class Users::DossiersController < UsersController before_action :authenticate_user! before_action :check_siret, only: :create - before_action :authorized_routes?, only: [:show] + before_action only: [:show] do + authorized_routes? self.class + end def index order = 'DESC' @@ -94,6 +96,12 @@ class Users::DossiersController < UsersController redirect_to users_dossiers_path end + def self.route_authorization + { + states: [:draft] + } + end + private def dossiers_to_display diff --git a/app/controllers/users/recapitulatif_controller.rb b/app/controllers/users/recapitulatif_controller.rb index a71983a53..594f30e3d 100644 --- a/app/controllers/users/recapitulatif_controller.rb +++ b/app/controllers/users/recapitulatif_controller.rb @@ -1,5 +1,7 @@ class Users::RecapitulatifController < UsersController - before_action :authorized_routes?, only: [:show] + before_action only: [:show] do + authorized_routes? self.class + end def show create_dossier_facade @@ -25,6 +27,12 @@ class Users::RecapitulatifController < UsersController render 'show' end + def self.route_authorization + { + states: [:initiated, :replied, :updated, :validated, :submitted, :closed] + } + end + private def create_dossier_facade diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index bffff2429..7f7c84d92 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -7,13 +7,10 @@ class UsersController < ApplicationController current_user.dossiers.find(dossier_id) end - def authorized_routes? - sub_path = "/users/dossiers/#{current_user_dossier.id}" - + def authorized_routes? controller redirect_to_root_path 'Le status de votre dossier n\'autorise pas cette URL' unless UserRoutesAuthorizationService.authorized_route?( - (request.env['PATH_INFO']).gsub(sub_path, ''), - current_user_dossier.state, - current_user_dossier.procedure.use_api_carto) + controller, + current_user_dossier) rescue ActiveRecord::RecordNotFound redirect_to_root_path 'Vous n’avez pas accès à ce dossier.' end diff --git a/app/services/user_routes_authorization_service.rb b/app/services/user_routes_authorization_service.rb index 9e6a98e7c..ef58f28e9 100644 --- a/app/services/user_routes_authorization_service.rb +++ b/app/services/user_routes_authorization_service.rb @@ -1,48 +1,9 @@ class UserRoutesAuthorizationService - def self.authorized_paths - { - root: '', - carte: '/carte', - description: '/description', - recapitulatif: '/recapitulatif' - } - end + def self.authorized_route? controller, dossier + auth = controller.route_authorization - def self.authorized_states - Dossier.states - end - - def self.authorized_routes - { - root: { - authorized_states: [:draft], - api_carto: false - }, - carte: { - authorized_states: [:draft, :initiated, :replied, :updated], - api_carto: true - }, - description: { - authorized_states: [:draft, :initiated, :replied, :updated], - api_carto: false - }, - recapitulatif: { - authorized_states: [:initiated, :replied, :updated, :validated, :submitted, :closed], - api_carto: false - } - } - end - - def self.authorized_route? path, state, api_carto=false - return raise 'Not a valid path' unless authorized_paths.has_value? path - return raise 'Not a valid state' unless authorized_states.has_value? state - - path_key = authorized_paths.key(path) - - first = authorized_routes[path_key][:authorized_states].include? state.to_sym - seconde = authorized_routes[path_key][:api_carto] ? api_carto : true - - first && seconde + auth[:states].include?(dossier.state.to_sym) && + (auth[:api_carto].nil? ? true : auth[:api_carto] == dossier.procedure.use_api_carto) end end \ No newline at end of file diff --git a/spec/services/user_routes_authorization_service_spec.rb b/spec/services/user_routes_authorization_service_spec.rb index fe17fc96a..3e51d9720 100644 --- a/spec/services/user_routes_authorization_service_spec.rb +++ b/spec/services/user_routes_authorization_service_spec.rb @@ -1,222 +1,210 @@ require 'spec_helper' describe UserRoutesAuthorizationService do - describe '#authorize_route?' do - let(:api_carto) { false } + let(:module_api_carto) { create :module_api_carto, use_api_carto: use_api_carto } + let(:procedure) { create :procedure, module_api_carto: module_api_carto } + let(:dossier) { create :dossier, procedure: procedure, state: state } - subject { described_class.authorized_route? path, state, api_carto } + let(:use_api_carto) { false } - context 'when path is not recognized' do - let(:state) { 'blabla' } - let(:path) { 'blabla' } + subject { described_class.authorized_route? controller, dossier } - it { expect { subject }.to raise_error 'Not a valid path' } + describe 'Users::DossiersController' do + let(:controller) { Users::DossiersController } + + describe 'draft' do + let(:state) { 'draft' } + it { is_expected.to be_truthy } + end + + describe 'initiated' do + let(:state) { 'initiated' } + it { is_expected.to be_falsey } + end + + describe 'replied' do + let(:state) { 'replied' } + it { is_expected.to be_falsey } + end + + describe 'updated' do + let(:state) { 'updated' } + it { is_expected.to be_falsey } + end + + describe 'validated' do + let(:state) { 'validated' } + it { is_expected.to be_falsey } + end + + describe 'submitted' do + let(:state) { 'submitted' } + it { is_expected.to be_falsey } + end + + describe 'closed' do + let(:state) { 'closed' } + it { is_expected.to be_falsey } + end end - context 'when state is not recognized' do - let(:state) { 'blabla' } - let(:path) { '' } + describe 'carte' do + let(:controller) { Users::CarteController } - it { expect { subject }.to raise_error 'Not a valid state' } + context 'when use_api_carto is false' do + + describe 'draft' do + let(:state) { 'draft' } + it { is_expected.to be_falsey } + end + + describe 'initiated' do + let(:state) { 'initiated' } + it { is_expected.to be_falsey } + end + + describe 'replied' do + let(:state) { 'replied' } + it { is_expected.to be_falsey } + end + + describe 'updated' do + let(:state) { 'updated' } + it { is_expected.to be_falsey } + end + + describe 'validated' do + let(:state) { 'validated' } + it { is_expected.to be_falsey } + end + + describe 'submitted' do + let(:state) { 'submitted' } + it { is_expected.to be_falsey } + end + + describe 'closed' do + let(:state) { 'closed' } + it { is_expected.to be_falsey } + end + end + + context 'when use_api_carto is true' do + let(:use_api_carto) { true } + + describe 'draft' do + let(:state) { 'draft' } + it { is_expected.to be_truthy } + end + + describe 'initiated' do + let(:state) { 'initiated' } + it { is_expected.to be_truthy } + end + + describe 'replied' do + let(:state) { 'replied' } + it { is_expected.to be_truthy } + end + + describe 'updated' do + let(:state) { 'updated' } + it { is_expected.to be_truthy } + end + + describe 'validated' do + let(:state) { 'validated' } + it { is_expected.to be_falsey } + end + + describe 'submitted' do + let(:state) { 'submitted' } + it { is_expected.to be_falsey } + end + + describe 'closed' do + let(:state) { 'closed' } + it { is_expected.to be_falsey } + end + end end - context 'when path and state are recognized' do - describe 'root' do - let(:path) { '' } + describe 'Users::DescriptionController' do + let(:controller) { Users::DescriptionController } - describe 'draft' do - let(:state) { 'draft' } - it { is_expected.to be_truthy } - end - - describe 'initiated' do - let(:state) { 'initiated' } - it { is_expected.to be_falsey } - end - - describe 'replied' do - let(:state) { 'replied' } - it { is_expected.to be_falsey } - end - - describe 'updated' do - let(:state) { 'updated' } - it { is_expected.to be_falsey } - end - - describe 'validated' do - let(:state) { 'validated' } - it { is_expected.to be_falsey } - end - - describe 'submitted' do - let(:state) { 'submitted' } - it { is_expected.to be_falsey } - end - - describe 'closed' do - let(:state) { 'closed' } - it { is_expected.to be_falsey } - end + describe 'draft' do + let(:state) { 'draft' } + it { is_expected.to be_truthy } end - describe 'carte' do - let(:path) { '/carte' } - context 'when use_api_carto is false' do - - describe 'draft' do - let(:state) { 'draft' } - it { is_expected.to be_falsey } - end - - describe 'initiated' do - let(:state) { 'initiated' } - it { is_expected.to be_falsey } - end - - describe 'replied' do - let(:state) { 'replied' } - it { is_expected.to be_falsey } - end - - describe 'updated' do - let(:state) { 'updated' } - it { is_expected.to be_falsey } - end - - describe 'validated' do - let(:state) { 'validated' } - it { is_expected.to be_falsey } - end - - describe 'submitted' do - let(:state) { 'submitted' } - it { is_expected.to be_falsey } - end - - describe 'closed' do - let(:state) { 'closed' } - it { is_expected.to be_falsey } - end - end - - context 'when use_api_carto is true' do - let(:api_carto) { true } - - describe 'draft' do - let(:state) { 'draft' } - it { is_expected.to be_truthy } - end - - describe 'initiated' do - let(:state) { 'initiated' } - it { is_expected.to be_truthy } - end - - describe 'replied' do - let(:state) { 'replied' } - it { is_expected.to be_truthy } - end - - describe 'updated' do - let(:state) { 'updated' } - it { is_expected.to be_truthy } - end - - describe 'validated' do - let(:state) { 'validated' } - it { is_expected.to be_falsey } - end - - describe 'submitted' do - let(:state) { 'submitted' } - it { is_expected.to be_falsey } - end - - describe 'closed' do - let(:state) { 'closed' } - it { is_expected.to be_falsey } - end - end + describe 'initiated' do + let(:state) { 'initiated' } + it { is_expected.to be_truthy } end - describe 'description' do - let(:path) { '/description' } - - describe 'draft' do - let(:state) { 'draft' } - it { is_expected.to be_truthy } - end - - describe 'initiated' do - let(:state) { 'initiated' } - it { is_expected.to be_truthy } - end - - describe 'replied' do - let(:state) { 'replied' } - it { is_expected.to be_truthy } - end - - describe 'updated' do - let(:state) { 'updated' } - it { is_expected.to be_truthy } - end - - describe 'validated' do - let(:state) { 'validated' } - it { is_expected.to be_falsey } - end - - describe 'submitted' do - let(:state) { 'submitted' } - it { is_expected.to be_falsey } - end - - describe 'closed' do - let(:state) { 'closed' } - it { is_expected.to be_falsey } - end + describe 'replied' do + let(:state) { 'replied' } + it { is_expected.to be_truthy } end - describe 'recapitulatif' do - let(:path) { '/recapitulatif' } + describe 'updated' do + let(:state) { 'updated' } + it { is_expected.to be_truthy } + end - describe 'draft' do - let(:state) { 'draft' } - it { is_expected.to be_falsey } - end + describe 'validated' do + let(:state) { 'validated' } + it { is_expected.to be_falsey } + end - describe 'initiated' do - let(:state) { 'initiated' } - it { is_expected.to be_truthy } - end + describe 'submitted' do + let(:state) { 'submitted' } + it { is_expected.to be_falsey } + end - describe 'replied' do - let(:state) { 'replied' } - it { is_expected.to be_truthy } - end + describe 'closed' do + let(:state) { 'closed' } + it { is_expected.to be_falsey } + end + end - describe 'updated' do - let(:state) { 'updated' } - it { is_expected.to be_truthy } - end + describe 'recapitulatif' do + let(:controller) { Users::RecapitulatifController } - describe 'validated' do - let(:state) { 'validated' } - it { is_expected.to be_truthy } - end + describe 'draft' do + let(:state) { 'draft' } + it { is_expected.to be_falsey } + end - describe 'submitted' do - let(:state) { 'submitted' } - it { is_expected.to be_truthy } - end + describe 'initiated' do + let(:state) { 'initiated' } + it { is_expected.to be_truthy } + end - describe 'closed' do - let(:state) { 'closed' } - it { is_expected.to be_truthy } - end + describe 'replied' do + let(:state) { 'replied' } + it { is_expected.to be_truthy } + end + + describe 'updated' do + let(:state) { 'updated' } + it { is_expected.to be_truthy } + end + + describe 'validated' do + let(:state) { 'validated' } + it { is_expected.to be_truthy } + end + + describe 'submitted' do + let(:state) { 'submitted' } + it { is_expected.to be_truthy } + end + + describe 'closed' do + let(:state) { 'closed' } + it { is_expected.to be_truthy } end end end