diff --git a/app/controllers/administrateurs/administrateur_controller.rb b/app/controllers/administrateurs/administrateur_controller.rb index f9d3ffdef..9f182bc6c 100644 --- a/app/controllers/administrateurs/administrateur_controller.rb +++ b/app/controllers/administrateurs/administrateur_controller.rb @@ -6,12 +6,24 @@ module Administrateurs id = params[:procedure_id] || params[:id] @procedure = current_administrateur.procedures.find(id) - rescue ActiveRecord::RecordNotFound flash.alert = 'Démarche inexistante' redirect_to admin_procedures_path, status: 404 end + def retrieve_procedure_administration + id = params[:procedure_id] || params[:id] + + @procedure_administration = current_administrateur.administrateurs_procedures.find_by(procedure_id: id) + end + + def ensure_not_super_admin! + procedure_administration = retrieve_procedure_administration + if procedure_administration.manager? + redirect_back fallback_location: root_url, alert: "Interdit aux super admins", status: 403 + end + end + def procedure_locked? if @procedure.locked? flash.alert = 'Démarche verrouillée' diff --git a/app/controllers/administrateurs/archives_controller.rb b/app/controllers/administrateurs/archives_controller.rb index 762bc6dca..a7e3db280 100644 --- a/app/controllers/administrateurs/archives_controller.rb +++ b/app/controllers/administrateurs/archives_controller.rb @@ -1,6 +1,9 @@ module Administrateurs class ArchivesController < AdministrateurController - before_action :retrieve_procedure, only: [:index, :create] + before_action :retrieve_procedure + before_action :retrieve_procedure_administration + before_action :ensure_not_super_admin! + helper_method :create_archive_url def index diff --git a/app/models/assign_to.rb b/app/models/assign_to.rb index 675e416e4..d457f766e 100644 --- a/app/models/assign_to.rb +++ b/app/models/assign_to.rb @@ -6,7 +6,7 @@ # daily_email_notifications_enabled :boolean default(FALSE), not null # instant_email_dossier_notifications_enabled :boolean default(FALSE), not null # instant_email_message_notifications_enabled :boolean default(FALSE), not null -# manager :boolean default(TRUE) +# manager :boolean default(FALSE) # weekly_email_notifications_enabled :boolean default(TRUE), not null # created_at :datetime # updated_at :datetime diff --git a/db/migrate/20220712141913_add_manager_to_assign_tos.rb b/db/migrate/20220712141913_add_manager_to_assign_tos.rb index 09d5a1906..06d644572 100644 --- a/db/migrate/20220712141913_add_manager_to_assign_tos.rb +++ b/db/migrate/20220712141913_add_manager_to_assign_tos.rb @@ -1,6 +1,10 @@ class AddManagerToAssignTos < ActiveRecord::Migration[6.1] - def change + def up add_column :assign_tos, :manager, :boolean - change_column_default :assign_tos, :manager, default: false + change_column_default :assign_tos, :manager, false + end + + def down + remove_column :assign_tos, :manager end end diff --git a/db/schema.rb b/db/schema.rb index 372c927c7..7157e7fe5 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -112,7 +112,7 @@ ActiveRecord::Schema.define(version: 2022_07_28_084804) do t.boolean "instant_email_dossier_notifications_enabled", default: false, null: false t.boolean "instant_email_message_notifications_enabled", default: false, null: false t.integer "instructeur_id" - t.boolean "manager", default: true + t.boolean "manager", default: false t.datetime "updated_at" t.boolean "weekly_email_notifications_enabled", default: true, null: false t.index ["groupe_instructeur_id", "instructeur_id"], name: "unique_couple_groupe_instructeur_instructeur", unique: true diff --git a/spec/controllers/administrateurs/archives_controller_spec.rb b/spec/controllers/administrateurs/archives_controller_spec.rb index fd0fe767e..659393f27 100644 --- a/spec/controllers/administrateurs/archives_controller_spec.rb +++ b/spec/controllers/administrateurs/archives_controller_spec.rb @@ -1,6 +1,7 @@ describe Administrateurs::ArchivesController, type: :controller do let(:admin) { create(:administrateur) } - let(:procedure) { create :procedure, administrateur: admin, groupe_instructeurs: [groupe_instructeur1, groupe_instructeur2] } + let(:procedure) { create :procedure, groupe_instructeurs: [groupe_instructeur1, groupe_instructeur2] } + let(:administrateur_procedure) { create(:administrateurs_procedure, procedure: procedure, administrateur: admin, manager: manager) } let(:groupe_instructeur1) { create(:groupe_instructeur) } let(:groupe_instructeur2) { create(:groupe_instructeur) } @@ -10,8 +11,11 @@ describe Administrateurs::ArchivesController, type: :controller do context 'when logged out' do it { is_expected.to have_http_status(302) } end - context 'when logged in' do + + context 'when logged in as administrateur_procedure.manager=false' do + let(:manager) { false } before do + administrateur_procedure sign_in(admin.user) end @@ -22,15 +26,30 @@ describe Administrateurs::ArchivesController, type: :controller do subject end end + context 'when logged in as administrateur_procedure.manager=true' do + let(:manager) { true } + + before do + administrateur_procedure + sign_in(admin.user) + end + + it { is_expected.to have_http_status(403) } + end end + describe 'GET #create' do subject { post :create, params: { procedure_id: procedure.id, month: '22-06', type: 'monthly' } } context 'when logged out' do it { is_expected.to have_http_status(302) } end - context 'when logged in' do + + context 'when logged in in as administrateur_procedure.manager=false' do + let(:manager) { false } + before do + administrateur_procedure sign_in(admin.user) end @@ -39,5 +58,19 @@ describe Administrateurs::ArchivesController, type: :controller do expect { subject }.to have_enqueued_job(ArchiveCreationJob).with(procedure, an_instance_of(Archive), admin) end end + + context 'when logged in in as administrateur_procedure.manager=true' do + let(:manager) { true } + + before do + administrateur_procedure + sign_in(admin.user) + end + + it { is_expected.to have_http_status(403) } + it 'does not enqueue the creation job' do + expect { subject }.not_to have_enqueued_job(ArchiveCreationJob) + end + end end end