Merge pull request #8766 from demarches-simplifiees/better_api_log

Better api log

app/controllers/api/v1/dossiers_controller.rb

@@ -46,18 +46,20 @@ class API::V1::DossiersController < APIController
     @procedure = Procedure.for_api.find(params[:procedure_id])
 
     administrateur = find_administrateur_for_token(@procedure)
-    if administrateur
+    if administrateur.nil?
-      Current.administrateur = administrateur
-    else
       render json: {}, status: :unauthorized
+    else
+      # allow BaseController append_info_to_payload
+      # to log info on current_user
+      @current_user = administrateur.user
+
+      order = ORDER_DIRECTIONS.fetch(params[:order], :asc)
+      @dossiers = @procedure
+        .dossiers
+        .visible_by_administration
+        .order_by_created_at(order)
+
     end
-
-    order = ORDER_DIRECTIONS.fetch(params[:order], :asc)
-    @dossiers = @procedure
-      .dossiers
-      .visible_by_administration
-      .order_by_created_at(order)
-
   rescue ActiveRecord::RecordNotFound
     render json: {}, status: :not_found
   end

app/controllers/api/v1/procedures_controller.rb

@@ -11,12 +11,13 @@ class API::V1::ProceduresController < APIController
     @procedure = Procedure.for_api.find(params[:id])
 
     administrateur = find_administrateur_for_token(@procedure)
-    if administrateur
+    if administrateur.nil?
-      Current.administrateur = administrateur
-    else
       render json: {}, status: :unauthorized
+    else
+      # allow BaseController append_info_to_payload
+      # to log info on current_user
+      @current_user = administrateur.user
     end
-
   rescue ActiveRecord::RecordNotFound
     render json: {}, status: :not_found
   end

app/controllers/api/v2/graphql_controller.rb

@@ -19,6 +19,12 @@ class API::V2::GraphqlController < API::V2::BaseController
   private
 
   def append_info_to_payload(payload)
+    # if on the graphql playground, authenticate via devise
+    # if authenticate by a v2 or v3 token
+    # @current_user is set by `api_v2_base_controller.authenticate_administrateur_from_token`
+    # else it is set on `context.authorized_demarche`
+    @current_user ||= Current.user
+
     super
 
     payload.merge!({

app/controllers/application_controller.rb

@@ -7,7 +7,6 @@ class ApplicationController < ActionController::Base
 
   MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
 
-  before_action :set_current_roles
   before_action :set_sentry_user
   before_action :redirect_if_untrusted
   before_action :reject, if: -> { ENV.fetch("MAINTENANCE_MODE", 'false') == 'true' }
@@ -150,11 +149,6 @@ class ApplicationController < ActionController::Base
 
   private
 
-  def set_current_roles
-    Current.administrateur = current_administrateur
-    Current.instructeur = current_instructeur
-  end
-
   def set_active_storage_host
     ActiveStorage::Current.host = request.base_url
   end

app/graphql/api/v2/context.rb

@@ -62,7 +62,13 @@ class API::V2::Context < GraphQL::Query::Context
     if self[:procedure_ids].present?
       self[:procedure_ids].include?(demarche.id)
     elsif self[:token].present?
-      APIToken.find_and_verify(self[:token], demarche.administrateurs).present?
+      token = APIToken.find_and_verify(self[:token], demarche.administrateurs)
+      if token.present?
+        Current.user = token.administrateur.user
+        true
+      else
+        false
+      end
     else
       false
     end

app/models/current.rb

@@ -1,3 +1,3 @@
 class Current < ActiveSupport::CurrentAttributes
-  attribute :instructeur, :administrateur, :request_id
+  attribute :user, :request_id
 end