fix(pj_template): private proxy template url so their links are non expirable
Closes #7920
This commit is contained in:
parent
6f5cd5a2ad
commit
b9d6397a9b
8 changed files with 52 additions and 5 deletions
|
@ -5,12 +5,19 @@ class Dsfr::DownloadComponent < ApplicationComponent
|
|||
attr_reader :html_class
|
||||
attr_reader :name
|
||||
|
||||
def initialize(attachment:, name: nil)
|
||||
def initialize(attachment:, name: nil, url: nil)
|
||||
@attachment = attachment
|
||||
@name = name || attachment.filename.to_s
|
||||
@url = url
|
||||
end
|
||||
|
||||
def title
|
||||
t(".title", filename: attachment.filename.to_s)
|
||||
end
|
||||
|
||||
def url
|
||||
return @url if @url.present?
|
||||
|
||||
helpers.url_for(@attachment.blob)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
.fr-download
|
||||
%p
|
||||
= link_to url_for(attachment.blob), download: "", class: "fr-download__link", title: title do
|
||||
= link_to url, download: "", class: "fr-download__link", title: title do
|
||||
= name
|
||||
%span.fr-download__detail
|
||||
= helpers.download_details(attachment)
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
= render Attachment::MultipleComponent.new(champ: @champ, attached_file: @champ.piece_justificative_file, form_object_name: @form.object_name, user_can_destroy:, user_can_download:, max:) do |c|
|
||||
- if @champ.type_de_champ.piece_justificative_template&.attached?
|
||||
- c.with_template do
|
||||
= render partial: "shared/piece_justificative_template", locals: { attachment: @champ.type_de_champ.piece_justificative_template }
|
||||
= render partial: "shared/piece_justificative_template", locals: { champ: @champ }
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- user_can_destroy = !@champ.mandatory? || @champ.dossier.brouillon?
|
||||
|
||||
- if @champ.type_de_champ.piece_justificative_template&.attached?
|
||||
= render partial: "shared/piece_justificative_template", locals: { attachment: @champ.type_de_champ.piece_justificative_template }
|
||||
= render partial: "shared/piece_justificative_template", locals: { champ: @champ }
|
||||
= render Attachment::EditComponent.new(champ: @form.object, attached_file: @champ.piece_justificative_file, attachment: @champ.piece_justificative_file[0], form_object_name: @form.object_name, user_can_destroy:)
|
||||
|
|
|
@ -17,6 +17,10 @@ class Champs::PieceJustificativeController < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
def template
|
||||
redirect_to @champ.type_de_champ.piece_justificative_template.blob
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def set_champ
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
= render Dsfr::DownloadComponent.new(attachment: attachment, name: "Modèle à télécharger") do |c|
|
||||
= render Dsfr::DownloadComponent.new(attachment: champ.type_de_champ.piece_justificative_template, url: champs_piece_justificative_template_path(champ), name: "Modèle à télécharger") do |c|
|
||||
- if administrateur_signed_in?
|
||||
- c.with_right do
|
||||
%span.fr-ml-2w.fr-text--xs.fr-text-mention--grey.visible-on-previous-hover
|
||||
|
|
|
@ -168,6 +168,7 @@ Rails.application.routes.draw do
|
|||
|
||||
get ':champ_id/piece_justificative', to: 'piece_justificative#show', as: :piece_justificative
|
||||
put ':champ_id/piece_justificative', to: 'piece_justificative#update', as: :attach_piece_justificative
|
||||
get ':champ_id/piece_justificative/template', to: 'piece_justificative#template', as: :piece_justificative_template
|
||||
end
|
||||
|
||||
resources :attachments, only: [:show, :destroy]
|
||||
|
|
|
@ -66,4 +66,39 @@ describe Champs::PieceJustificativeController, type: :controller do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#template' do
|
||||
before { Timecop.freeze }
|
||||
after { Timecop.return }
|
||||
|
||||
subject do
|
||||
get :template, params: {
|
||||
champ_id: champ.id
|
||||
}
|
||||
end
|
||||
|
||||
context "user signed in" do
|
||||
before { sign_in user }
|
||||
|
||||
it 'redirects to the template' do
|
||||
subject
|
||||
expect(response).to redirect_to(champ.type_de_champ.piece_justificative_template.blob)
|
||||
end
|
||||
end
|
||||
|
||||
context "another user signed in" do
|
||||
before { sign_in create(:user) }
|
||||
|
||||
it "should not share template url" do
|
||||
expect { subject }.to raise_error(ActiveRecord::RecordNotFound)
|
||||
end
|
||||
end
|
||||
|
||||
context "user anonymous" do
|
||||
it 'does not redirect to the template' do
|
||||
subject
|
||||
expect(response).to redirect_to(new_user_session_path)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue