From cb752d18575c0a3f644e4090f1e734dcad1d1eba Mon Sep 17 00:00:00 2001 From: Paul Chavard Date: Wed, 26 Apr 2023 16:54:50 +0200 Subject: [PATCH] fix(dossier): do not bypass depositaire check on modifier path --- app/controllers/users/dossiers_controller.rb | 36 ++++++++++--------- app/models/procedure_revision.rb | 2 +- app/views/commencer/show.html.haml | 6 ++-- .../users/dossiers/etablissement.html.haml | 2 +- app/views/users/dossiers/index.html.haml | 2 +- .../users/dossiers_controller_spec.rb | 8 ++--- .../users/dossiers/index.html.haml_spec.rb | 2 +- 7 files changed, 31 insertions(+), 27 deletions(-) diff --git a/app/controllers/users/dossiers_controller.rb b/app/controllers/users/dossiers_controller.rb index c6672ccce..003c54727 100644 --- a/app/controllers/users/dossiers_controller.rb +++ b/app/controllers/users/dossiers_controller.rb @@ -10,7 +10,9 @@ module Users before_action :ensure_ownership!, except: ACTIONS_ALLOWED_TO_ANY_USER + ACTIONS_ALLOWED_TO_OWNER_OR_INVITE before_action :ensure_ownership_or_invitation!, only: ACTIONS_ALLOWED_TO_OWNER_OR_INVITE - before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update_brouillon, :submit_brouillon, :modifier, :update] + before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update_siret, :brouillon, :update_brouillon, :submit_brouillon, :modifier, :update] + before_action :ensure_dossier_can_be_filled, only: [:brouillon, :modifier, :update_brouillon, :submit_brouillon, :update] + before_action :ensure_dossier_can_be_viewed, only: [:show] before_action :forbid_invite_submission!, only: [:submit_brouillon] before_action :forbid_closed_submission!, only: [:submit_brouillon] before_action :show_demarche_en_test_banner @@ -33,11 +35,6 @@ module Users end def show - if dossier.brouillon? - redirect_to brouillon_dossier_path(dossier) - return - end - @dossier = dossier respond_to do |format| format.pdf do @@ -150,15 +147,6 @@ module Users session.delete(:prefill_params) @dossier = dossier_with_champs @dossier.valid?(context: :prefilling) - - # TODO: remove when the champs are unifed - if !@dossier.autorisation_donnees - if dossier.procedure.for_individual - redirect_to identite_dossier_path(@dossier) - else - redirect_to siret_dossier_path(@dossier) - end - end end def submit_brouillon @@ -383,7 +371,23 @@ module Users def ensure_dossier_can_be_updated if !dossier.can_be_updated_by_user? flash.alert = t('users.dossiers.no_longer_editable') - redirect_to dossiers_path + redirect_to dossier_path(dossier) + end + end + + def ensure_dossier_can_be_filled + if !dossier.autorisation_donnees + if dossier.procedure.for_individual + redirect_to identite_dossier_path(dossier) + else + redirect_to siret_dossier_path(dossier) + end + end + end + + def ensure_dossier_can_be_viewed + if dossier.brouillon? + redirect_to brouillon_dossier_path(dossier) end end diff --git a/app/models/procedure_revision.rb b/app/models/procedure_revision.rb index 5e192e166..e10fbe28f 100644 --- a/app/models/procedure_revision.rb +++ b/app/models/procedure_revision.rb @@ -163,7 +163,7 @@ class ProcedureRevision < ApplicationRecord def dossier_for_preview(user) dossier = Dossier - .create_with(groupe_instructeur: procedure.defaut_groupe_instructeur_for_new_dossier) + .create_with(groupe_instructeur: procedure.defaut_groupe_instructeur_for_new_dossier, autorisation_donnees: true) .find_or_initialize_by(revision: self, user: user, for_procedure_preview: true, state: Dossier.states.fetch(:brouillon)) if dossier.new_record? diff --git a/app/views/commencer/show.html.haml b/app/views/commencer/show.html.haml index ae3487dd5..211c113bc 100644 --- a/app/views/commencer/show.html.haml +++ b/app/views/commencer/show.html.haml @@ -19,7 +19,7 @@ - if @prefilled_dossier %h2.huge-title= t('views.commencer.show.prefilled_draft') %p= t('views.commencer.show.prefilled_draft_detail_html', time_ago: time_ago_in_words(@prefilled_dossier.created_at), procedure: @procedure.libelle) - = link_to t('views.commencer.show.go_to_prefilled_file'), brouillon_dossier_path(@prefilled_dossier), class: 'fr-btn fr-btn--lg fr-my-2w' + = link_to t('views.commencer.show.go_to_prefilled_file'), url_for_dossier(@prefilled_dossier), class: 'fr-btn fr-btn--lg fr-my-2w' - elsif dossiers.empty? = link_to t('views.commencer.show.start_procedure'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-my-2w' @@ -29,7 +29,7 @@ %h2.huge-title= t('views.commencer.show.already_draft') %p = t('views.commencer.show.already_draft_detail_html', time_ago: time_ago_in_words(dossier.created_at), procedure: dossier.procedure.libelle) - = link_to t('views.commencer.show.continue_file'), brouillon_dossier_path(dossier), class: 'fr-btn fr-btn--lg fr-my-2w' + = link_to t('views.commencer.show.continue_file'), url_for_dossier(dossier), class: 'fr-btn fr-btn--lg fr-my-2w' = link_to t('views.commencer.show.start_new_file'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-btn--secondary fr-my-2w' - elsif not_drafts.size == 1 @@ -37,7 +37,7 @@ %h2.huge-title= t('views.commencer.show.already_not_draft') %p = t('views.commencer.show.already_not_draft_detail_html', time_ago: time_ago_in_words(dossier.depose_at), procedure: dossier.procedure.libelle) - = link_to t('views.commencer.show.show_my_submitted_file'), dossier_path(dossier), class: 'fr-btn fr-btn--lg fr-my-2w' + = link_to t('views.commencer.show.show_my_submitted_file'), url_for_dossier(dossier), class: 'fr-btn fr-btn--lg fr-my-2w' = link_to t('views.commencer.show.start_new_file'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-btn--secondary fr-my-2w' - else diff --git a/app/views/users/dossiers/etablissement.html.haml b/app/views/users/dossiers/etablissement.html.haml index 06fd7be6c..78be5fbac 100644 --- a/app/views/users/dossiers/etablissement.html.haml +++ b/app/views/users/dossiers/etablissement.html.haml @@ -42,4 +42,4 @@ .actions = link_to 'Utiliser un autre numéro SIRET', siret_dossier_path(@dossier), class: 'fr-btn fr-btn--secondary' - = link_to 'Continuer avec ces informations', brouillon_dossier_path(@dossier), class: 'fr-btn' + = link_to 'Continuer avec ces informations', url_for_dossier(@dossier), class: 'fr-btn' diff --git a/app/views/users/dossiers/index.html.haml b/app/views/users/dossiers/index.html.haml index 6e80186d2..192cf5450 100644 --- a/app/views/users/dossiers/index.html.haml +++ b/app/views/users/dossiers/index.html.haml @@ -74,7 +74,7 @@ - c.with_body do %p = t('users.dossiers.header.callout.first_brouillon_recently_updated_text', time_ago: time_ago_in_words(@first_brouillon_recently_updated.created_at), libelle: @first_brouillon_recently_updated.procedure.libelle ) - = link_to t('users.dossiers.header.callout.first_brouillon_recently_updated_button'), modifier_dossier_path(@first_brouillon_recently_updated), class: 'fr-btn' + = link_to t('users.dossiers.header.callout.first_brouillon_recently_updated_button'), url_for_dossier(@first_brouillon_recently_updated), class: 'fr-btn' = render partial: "dossiers_list", locals: { dossiers: @user_dossiers } diff --git a/spec/controllers/users/dossiers_controller_spec.rb b/spec/controllers/users/dossiers_controller_spec.rb index 03f0c5af1..2cd90fb78 100644 --- a/spec/controllers/users/dossiers_controller_spec.rb +++ b/spec/controllers/users/dossiers_controller_spec.rb @@ -159,7 +159,7 @@ describe Users::DossiersController, type: :controller do let(:individual_params) { { gender: 'M', nom: 'Mouse', prenom: 'Mickey' } } it 'redirects to the dossiers list' do - expect(response).to redirect_to(dossiers_path) + expect(response).to redirect_to(dossier_path(dossier)) expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') end end @@ -361,7 +361,7 @@ describe Users::DossiersController, type: :controller do it 'redirects to the dossiers list' do subject - expect(response).to redirect_to(dossiers_path) + expect(response).to redirect_to(dossier_path(dossier)) expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') end end @@ -477,7 +477,7 @@ describe Users::DossiersController, type: :controller do it 'redirects to the dossiers list' do subject - expect(response).to redirect_to(dossiers_path) + expect(response).to redirect_to(dossier_path(dossier)) expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') end end @@ -561,7 +561,7 @@ describe Users::DossiersController, type: :controller do it 'redirects to the dossiers list' do subject - expect(response).to redirect_to(dossiers_path) + expect(response).to redirect_to(dossier_path(dossier)) expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') end end diff --git a/spec/views/users/dossiers/index.html.haml_spec.rb b/spec/views/users/dossiers/index.html.haml_spec.rb index 9071a35f7..9a286e80b 100644 --- a/spec/views/users/dossiers/index.html.haml_spec.rb +++ b/spec/views/users/dossiers/index.html.haml_spec.rb @@ -47,7 +47,7 @@ describe 'users/dossiers/index.html.haml', type: :view do end it 'affiche une alerte pour continuer à remplir un dossier' do expect(rendered).to have_selector('.fr-callout', count: 1) - expect(rendered).to have_link(href: modifier_dossier_path(dossier_brouillon)) + expect(rendered).to have_link(href: brouillon_dossier_path(dossier_brouillon)) end end