Merge pull request #8766 from demarches-simplifiees/better_api_log

Better api log
2023-03-16 10:19:10 +00:00 · 2023-03-16 10:19:10 +00:00 · bb442ccfe3
commit bb442ccfe3
parent 9ead0daf32 8b5d493f12
6 changed files with 31 additions and 22 deletions
--- a/app/controllers/api/v1/dossiers_controller.rb
+++ b/app/controllers/api/v1/dossiers_controller.rb
@ -46,18 +46,20 @@ class API::V1::DossiersController < APIController
    @procedure = Procedure.for_api.find(params[:procedure_id])

    administrateur = find_administrateur_for_token(@procedure)
-    if administrateur
-      Current.administrateur = administrateur
-    else
+    if administrateur.nil?
      render json: {}, status: :unauthorized
+    else
+      # allow BaseController append_info_to_payload
+      # to log info on current_user
+      @current_user = administrateur.user
+
+      order = ORDER_DIRECTIONS.fetch(params[:order], :asc)
+      @dossiers = @procedure
+        .dossiers
+        .visible_by_administration
+        .order_by_created_at(order)
+
    end
-
-    order = ORDER_DIRECTIONS.fetch(params[:order], :asc)
-    @dossiers = @procedure
-      .dossiers
-      .visible_by_administration
-      .order_by_created_at(order)
-
  rescue ActiveRecord::RecordNotFound
    render json: {}, status: :not_found
  end
--- a/app/controllers/api/v1/procedures_controller.rb
+++ b/app/controllers/api/v1/procedures_controller.rb
@ -11,12 +11,13 @@ class API::V1::ProceduresController < APIController
    @procedure = Procedure.for_api.find(params[:id])

    administrateur = find_administrateur_for_token(@procedure)
-    if administrateur
-      Current.administrateur = administrateur
-    else
+    if administrateur.nil?
      render json: {}, status: :unauthorized
+    else
+      # allow BaseController append_info_to_payload
+      # to log info on current_user
+      @current_user = administrateur.user
    end
-
  rescue ActiveRecord::RecordNotFound
    render json: {}, status: :not_found
  end
--- a/app/controllers/api/v2/graphql_controller.rb
+++ b/app/controllers/api/v2/graphql_controller.rb
@ -19,6 +19,12 @@ class API::V2::GraphqlController < API::V2::BaseController
  private

  def append_info_to_payload(payload)
+    # if on the graphql playground, authenticate via devise
+    # if authenticate by a v2 or v3 token
+    # @current_user is set by `api_v2_base_controller.authenticate_administrateur_from_token`
+    # else it is set on `context.authorized_demarche`
+    @current_user ||= Current.user
+
    super

    payload.merge!({
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -7,7 +7,6 @@ class ApplicationController < ActionController::Base

  MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'

-  before_action :set_current_roles
  before_action :set_sentry_user
  before_action :redirect_if_untrusted
  before_action :reject, if: -> { ENV.fetch("MAINTENANCE_MODE", 'false') == 'true' }
@ -150,11 +149,6 @@ class ApplicationController < ActionController::Base

  private

-  def set_current_roles
-    Current.administrateur = current_administrateur
-    Current.instructeur = current_instructeur
-  end
-
  def set_active_storage_host
    ActiveStorage::Current.host = request.base_url
  end
--- a/app/graphql/api/v2/context.rb
+++ b/app/graphql/api/v2/context.rb
@ -62,7 +62,13 @@ class API::V2::Context < GraphQL::Query::Context
    if self[:procedure_ids].present?
      self[:procedure_ids].include?(demarche.id)
    elsif self[:token].present?
-      APIToken.find_and_verify(self[:token], demarche.administrateurs).present?
+      token = APIToken.find_and_verify(self[:token], demarche.administrateurs)
+      if token.present?
+        Current.user = token.administrateur.user
+        true
+      else
+        false
+      end
    else
      false
    end
--- a/app/models/current.rb
+++ b/app/models/current.rb
@ -1,3 +1,3 @@
 class Current < ActiveSupport::CurrentAttributes
-  attribute :instructeur, :administrateur, :request_id
+  attribute :user, :request_id
 end