fix(pj_template): private proxy template url so their links are non expirable

Closes #7920
This commit is contained in:
Colin Darie 2022-12-01 17:57:53 +01:00
parent 6f5cd5a2ad
commit b9d6397a9b
No known key found for this signature in database
GPG key ID: 4FB865FDBCA4BCC4
8 changed files with 52 additions and 5 deletions

View file

@ -5,12 +5,19 @@ class Dsfr::DownloadComponent < ApplicationComponent
attr_reader :html_class
attr_reader :name
def initialize(attachment:, name: nil)
def initialize(attachment:, name: nil, url: nil)
@attachment = attachment
@name = name || attachment.filename.to_s
@url = url
end
def title
t(".title", filename: attachment.filename.to_s)
end
def url
return @url if @url.present?
helpers.url_for(@attachment.blob)
end
end

View file

@ -1,6 +1,6 @@
.fr-download
%p
= link_to url_for(attachment.blob), download: "", class: "fr-download__link", title: title do
= link_to url, download: "", class: "fr-download__link", title: title do
= name
%span.fr-download__detail
= helpers.download_details(attachment)

View file

@ -4,4 +4,4 @@
= render Attachment::MultipleComponent.new(champ: @champ, attached_file: @champ.piece_justificative_file, form_object_name: @form.object_name, user_can_destroy:, user_can_download:, max:) do |c|
- if @champ.type_de_champ.piece_justificative_template&.attached?
- c.with_template do
= render partial: "shared/piece_justificative_template", locals: { attachment: @champ.type_de_champ.piece_justificative_template }
= render partial: "shared/piece_justificative_template", locals: { champ: @champ }

View file

@ -1,5 +1,5 @@
- user_can_destroy = !@champ.mandatory? || @champ.dossier.brouillon?
- if @champ.type_de_champ.piece_justificative_template&.attached?
= render partial: "shared/piece_justificative_template", locals: { attachment: @champ.type_de_champ.piece_justificative_template }
= render partial: "shared/piece_justificative_template", locals: { champ: @champ }
= render Attachment::EditComponent.new(champ: @form.object, attached_file: @champ.piece_justificative_file, attachment: @champ.piece_justificative_file[0], form_object_name: @form.object_name, user_can_destroy:)

View file

@ -17,6 +17,10 @@ class Champs::PieceJustificativeController < ApplicationController
end
end
def template
redirect_to @champ.type_de_champ.piece_justificative_template.blob
end
private
def set_champ

View file

@ -1,4 +1,4 @@
= render Dsfr::DownloadComponent.new(attachment: attachment, name: "Modèle à télécharger") do |c|
= render Dsfr::DownloadComponent.new(attachment: champ.type_de_champ.piece_justificative_template, url: champs_piece_justificative_template_path(champ), name: "Modèle à télécharger") do |c|
- if administrateur_signed_in?
- c.with_right do
%span.fr-ml-2w.fr-text--xs.fr-text-mention--grey.visible-on-previous-hover

View file

@ -168,6 +168,7 @@ Rails.application.routes.draw do
get ':champ_id/piece_justificative', to: 'piece_justificative#show', as: :piece_justificative
put ':champ_id/piece_justificative', to: 'piece_justificative#update', as: :attach_piece_justificative
get ':champ_id/piece_justificative/template', to: 'piece_justificative#template', as: :piece_justificative_template
end
resources :attachments, only: [:show, :destroy]

View file

@ -66,4 +66,39 @@ describe Champs::PieceJustificativeController, type: :controller do
end
end
end
describe '#template' do
before { Timecop.freeze }
after { Timecop.return }
subject do
get :template, params: {
champ_id: champ.id
}
end
context "user signed in" do
before { sign_in user }
it 'redirects to the template' do
subject
expect(response).to redirect_to(champ.type_de_champ.piece_justificative_template.blob)
end
end
context "another user signed in" do
before { sign_in create(:user) }
it "should not share template url" do
expect { subject }.to raise_error(ActiveRecord::RecordNotFound)
end
end
context "user anonymous" do
it 'does not redirect to the template' do
subject
expect(response).to redirect_to(new_user_session_path)
end
end
end
end