From 99a8786dd51142d0ce3f0d47949b5b9266716666 Mon Sep 17 00:00:00 2001
From: Paul Chavard <pro@paul.chavard.net>
Date: Fri, 20 May 2022 15:27:59 +0200
Subject: [PATCH] fix(expert): expert should be allowed to delete messages

---
 app/controllers/application_controller.rb     |  6 ++
 .../instructeurs/commentaires_controller.rb   |  3 +-
 .../commentaires_controller_spec.rb           | 55 +++++++++++++------
 3 files changed, 45 insertions(+), 19 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b74d0e4e2..d64df3a4b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -124,6 +124,12 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def authenticate_instructeur_or_expert!
+    if !instructeur_signed_in? && !expert_signed_in?
+      redirect_to new_user_session_path
+    end
+  end
+
   def authenticate_administrateur!
     if !administrateur_signed_in?
       redirect_to new_user_session_path
diff --git a/app/controllers/instructeurs/commentaires_controller.rb b/app/controllers/instructeurs/commentaires_controller.rb
index cfe81f0ec..fa9d47aaa 100644
--- a/app/controllers/instructeurs/commentaires_controller.rb
+++ b/app/controllers/instructeurs/commentaires_controller.rb
@@ -1,5 +1,6 @@
 module Instructeurs
-  class CommentairesController < ProceduresController
+  class CommentairesController < ApplicationController
+    before_action :authenticate_instructeur_or_expert!
     after_action :mark_messagerie_as_read
 
     def destroy
diff --git a/spec/controllers/instructeurs/commentaires_controller_spec.rb b/spec/controllers/instructeurs/commentaires_controller_spec.rb
index 465adf50d..3f551ec76 100644
--- a/spec/controllers/instructeurs/commentaires_controller_spec.rb
+++ b/spec/controllers/instructeurs/commentaires_controller_spec.rb
@@ -1,36 +1,55 @@
 # frozen_string_literal: true
 
 describe Instructeurs::CommentairesController, type: :controller do
+  let(:expert) { create(:expert) }
   let(:instructeur) { create(:instructeur) }
   let(:procedure) { create(:procedure, :published, :for_individual, instructeurs: [instructeur]) }
   let(:dossier) { create(:dossier, :en_construction, :with_individual, procedure: procedure) }
   render_views
 
-  before { sign_in(instructeur.user) }
+  context 'as instructeur' do
+    before { sign_in(instructeur.user) }
 
-  describe 'destroy' do
-    render_views
+    describe 'destroy' do
+      context 'when it works' do
+        let(:commentaire) { create(:commentaire, instructeur: instructeur, dossier: dossier) }
+        subject { delete :destroy, params: { dossier_id: dossier.id, procedure_id: procedure.id, id: commentaire.id }, format: :turbo_stream }
 
-    context 'when it works' do
-      let(:commentaire) { create(:commentaire, instructeur: instructeur, dossier: dossier) }
-      subject { delete :destroy, params: { dossier_id: dossier.id, procedure_id: procedure.id, id: commentaire.id }, format: :turbo_stream }
+        it 'respond with OK and flash' do
+          expect(subject).to have_http_status(:ok)
+          expect(subject.body).to include('Message supprimé')
+          expect(subject.body).to include('alert-success')
+          expect(subject.body).to include('Votre message a été supprimé')
+        end
+      end
 
-      it 'respond with OK and flash' do
-        expect(subject).to have_http_status(:ok)
-        expect(subject.body).to include('Message supprimé')
-        expect(subject.body).to include('alert-success')
-        expect(subject.body).to include('Votre message a été supprimé')
+      context 'when dossier had been discarded' do
+        let(:commentaire) { create(:commentaire, instructeur: instructeur, dossier: dossier, discarded_at: 2.hours.ago) }
+        subject { delete :destroy, params: { dossier_id: dossier.id, procedure_id: procedure.id, id: commentaire.id }, format: :turbo_stream }
+
+        it 'respond with OK and flash' do
+          expect(subject).to have_http_status(:ok)
+          expect(subject.body).to include('alert-danger')
+          expect(subject.body).to include('Ce message a déjà été supprimé')
+        end
       end
     end
+  end
 
-    context 'when dossier had been discarded' do
-      let(:commentaire) { create(:commentaire, instructeur: instructeur, dossier: dossier, discarded_at: 2.hours.ago) }
-      subject { delete :destroy, params: { dossier_id: dossier.id, procedure_id: procedure.id, id: commentaire.id }, format: :turbo_stream }
+  context 'as expert' do
+    before { sign_in(expert.user) }
 
-      it 'respond with OK and flash' do
-        expect(subject).to have_http_status(:ok)
-        expect(subject.body).to include('alert-danger')
-        expect(subject.body).to include('Ce message a déjà été supprimé')
+    describe 'destroy' do
+      context 'when it works' do
+        let(:commentaire) { create(:commentaire, expert: expert, dossier: dossier) }
+        subject { delete :destroy, params: { dossier_id: dossier.id, procedure_id: procedure.id, id: commentaire.id }, format: :turbo_stream }
+
+        it 'respond with OK and flash' do
+          expect(subject).to have_http_status(:ok)
+          expect(subject.body).to include('Message supprimé')
+          expect(subject.body).to include('alert-success')
+          expect(subject.body).to include('Votre message a été supprimé')
+        end
       end
     end
   end