DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

[Fix #577] Restrict comment creation to Users/Gestionnaires allowed on dossier

Browse source
This commit is contained in:
Mathieu Magnin 2017-07-10 17:11:55 +02:00
parent 2985623bec
commit c3fa1e01b9
3 changed files with 135 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/commentaires_controller.rb
View file

@ -13,14 +13,16 @@ class CommentairesController < ApplicationController
def create def create
@commentaire = Commentaire.new @commentaire = Commentaire.new
@commentaire.dossier = Dossier.find(params['dossier_id'])
@commentaire.champ = @commentaire.dossier.champs.find(params[:champ_id]) if params[:champ_id] @commentaire.champ = @commentaire.dossier.champs.find(params[:champ_id]) if params[:champ_id]
dossier_id = params['dossier_id']
if is_gestionnaire? if is_gestionnaire?
@commentaire.email = current_gestionnaire.email @commentaire.email = current_gestionnaire.email
@commentaire.dossier = current_gestionnaire.dossiers.find_by(id: dossier_id) || current_gestionnaire.avis.find_by!(dossier_id: dossier_id).dossier
@commentaire.dossier.next_step! 'gestionnaire', 'comment' @commentaire.dossier.next_step! 'gestionnaire', 'comment'
else else
@commentaire.email = current_user.email @commentaire.email = current_user.email
@commentaire.dossier = current_user.dossiers.find_by(id: dossier_id) || current_user.invites.find_by!(dossier_id: dossier_id).dossier
@commentaire.dossier.next_step! 'user', 'comment' if current_user.email == @commentaire.dossier.user.email @commentaire.dossier.next_step! 'user', 'comment' if current_user.email == @commentaire.dossier.user.email
end end

200
spec/controllers/backoffice/commentaires_controller_spec.rb
View file

@ -1,7 +1,7 @@
require 'spec_helper' require 'spec_helper'
describe Backoffice::CommentairesController, type: :controller do describe Backoffice::CommentairesController, type: :controller do
let(:dossier) { create(:dossier) } let(:dossier) { create(:dossier, :replied) }
let(:dossier_id) { dossier.id } let(:dossier_id) { dossier.id }
let(:email_commentaire) { 'test@test.com' } let(:email_commentaire) { 'test@test.com' }
let(:texte_commentaire) { 'Commentaire de test' } let(:texte_commentaire) { 'Commentaire de test' }
@ -16,116 +16,136 @@ describe Backoffice::CommentairesController, type: :controller do
sign_in gestionnaire sign_in gestionnaire
end end
context "création correct d'un commentaire" do context "when gestionnaire has no access to dossier" do
subject { post :create, params: {dossier_id: dossier_id, email_commentaire: email_commentaire, texte_commentaire: texte_commentaire} } subject { post :create, params: { dossier_id: dossier_id, texte_commentaire: texte_commentaire } }
it 'depuis la page admin' do it { expect { subject }.to raise_error(ActiveRecord::RecordNotFound) }
expect(subject).to redirect_to("/backoffice/dossiers/#{dossier_id}") it { expect { subject rescue nil }.to change(Commentaire, :count).by(0) }
end
context "when gestionnaire is invited for avis on dossier" do
subject { post :create, params: { dossier_id: dossier_id, texte_commentaire: texte_commentaire } }
before { Avis.create(dossier: dossier, gestionnaire: gestionnaire, claimant: create(:gestionnaire)) }
it { expect{ subject }.to change(Commentaire, :count).by(1) }
end
context "when gestionnaire has access to dossier" do
before do
gestionnaire.procedures << dossier.procedure
end end
it 'gestionnaire is automatically affect to follow the dossier' do context "création correct d'un commentaire" do
expect { subject }.to change(Follow, :count).by(1) subject { post :create, params: {dossier_id: dossier_id, email_commentaire: email_commentaire, texte_commentaire: texte_commentaire} }
end
context 'when gestionnaire already follow dossier' do it 'depuis la page admin' do
before do expect(subject).to redirect_to("/backoffice/dossiers/#{dossier_id}")
create :follow, gestionnaire_id: gestionnaire.id, dossier_id: dossier_id
end end
it 'gestionnaire is automatically affect to follow the dossier' do it 'gestionnaire is automatically affect to follow the dossier' do
expect { subject }.to change(Follow, :count).by(0) expect { subject }.to change(Follow, :count).by(1)
end
end
it 'Internal notification is not create' do
expect { subject }.to change(Notification, :count).by (0)
end
end
context 'when document is upload whith a commentaire', vcr: {cassette_name: 'controllers_backoffice_commentaires_controller_doc_upload_with_comment'} do
let(:document_upload) { Rack::Test::UploadedFile.new("./spec/support/files/piece_justificative_0.pdf", 'application/pdf') }
subject do
post :create, params: {dossier_id: dossier_id, email_commentaire: email_commentaire, texte_commentaire: texte_commentaire, piece_justificative: {content: document_upload}}
end
it 'create a new piece justificative' do
expect { subject }.to change(PieceJustificative, :count).by(1)
end
it 'clamav check the pj' do
expect(ClamavService).to receive(:safe_file?)
subject
end
it 'Internal notification is not create' do
expect { subject }.to change(Notification, :count).by (0)
end
describe 'piece justificative created' do
let(:pj) { PieceJustificative.last }
before do
subject
end end
it 'not have a type de pj' do context 'when gestionnaire already follow dossier' do
expect(pj.type_de_piece_justificative).to be_nil
end
it 'content not be nil' do
expect(pj.content).not_to be_nil
end
end
describe 'commentaire created' do
let(:commentaire) { Commentaire.last }
before do
subject
end
it 'have a piece justificative reference' do
expect(commentaire.piece_justificative).not_to be_nil
expect(commentaire.piece_justificative).to eq PieceJustificative.last
end
end
end
describe 'change dossier state after post a comment' do
context 'gestionnaire is connected' do
context 'when dossier is at state updated' do
before do before do
sign_in create(:gestionnaire) create :follow, gestionnaire_id: gestionnaire.id, dossier_id: dossier_id
dossier.updated!
post :create, params: {dossier_id: dossier_id, texte_commentaire: texte_commentaire}
dossier.reload
end end
subject { dossier.state } it 'gestionnaire is automatically affect to follow the dossier' do
expect { subject }.to change(Follow, :count).by(0)
end
end
it { is_expected.to eq('replied') } it 'Internal notification is not create' do
expect { subject }.to change(Notification, :count).by (0)
end
end
it 'Notification email is send' do context 'when document is upload whith a commentaire', vcr: {cassette_name: 'controllers_backoffice_commentaires_controller_doc_upload_with_comment'} do
expect(NotificationMailer).to receive(:new_answer).and_return(NotificationMailer) let(:document_upload) { Rack::Test::UploadedFile.new("./spec/support/files/piece_justificative_0.pdf", 'application/pdf') }
expect(NotificationMailer).to receive(:deliver_now!)
post :create, params: {dossier_id: dossier_id, texte_commentaire: texte_commentaire} subject do
post :create, params: {dossier_id: dossier_id, email_commentaire: email_commentaire, texte_commentaire: texte_commentaire, piece_justificative: {content: document_upload}}
end
it 'create a new piece justificative' do
expect { subject }.to change(PieceJustificative, :count).by(1)
end
it 'clamav check the pj' do
expect(ClamavService).to receive(:safe_file?)
subject
end
it 'Internal notification is created' do
expect { subject }.to change(Notification, :count).by (1)
end
describe 'piece justificative created' do
let(:pj) { PieceJustificative.last }
before do
subject
end
it 'not have a type de pj' do
expect(pj.type_de_piece_justificative).to be_nil
end
it 'content not be nil' do
expect(pj.content).not_to be_nil
end
end
describe 'commentaire created' do
let(:commentaire) { Commentaire.last }
before do
subject
end
it 'have a piece justificative reference' do
expect(commentaire.piece_justificative).not_to be_nil
expect(commentaire.piece_justificative).to eq PieceJustificative.last
end end
end end
end end
end
describe 'comment cannot be saved' do describe 'change dossier state after post a comment' do
before do context 'gestionnaire is connected' do
allow_any_instance_of(Commentaire).to receive(:save).and_return(false) context 'when dossier is at state updated' do
before do
sign_in gestionnaire
dossier.updated!
post :create, params: {dossier_id: dossier_id, texte_commentaire: texte_commentaire}
dossier.reload
end
subject { dossier.state }
it { is_expected.to eq('replied') }
it 'Notification email is send' do
expect(NotificationMailer).to receive(:new_answer).and_return(NotificationMailer)
expect(NotificationMailer).to receive(:deliver_now!)
post :create, params: {dossier_id: dossier_id, texte_commentaire: texte_commentaire}
end
end
end
end end
it 'Notification email is not sent' do
expect(NotificationMailer).not_to receive(:new_answer)
expect(NotificationMailer).not_to receive(:deliver_now!)
post :create, params: {dossier_id: dossier_id, texte_commentaire: texte_commentaire} describe 'comment cannot be saved' do
before do
allow_any_instance_of(Commentaire).to receive(:save).and_return(false)
end
it 'Notification email is not sent' do
expect(NotificationMailer).not_to receive(:new_answer)
expect(NotificationMailer).not_to receive(:deliver_now!)
post :create, params: {dossier_id: dossier_id, texte_commentaire: texte_commentaire}
end
end end
end end
end end

22
spec/controllers/users/commentaires_controller_spec.rb
View file

@ -11,6 +11,28 @@ describe Users::CommentairesController, type: :controller do
end end
describe '#POST create' do describe '#POST create' do
context "when user has no access to dossier" do
before do
sign_in create(:user)
end
subject { post :create, params: { dossier_id: dossier_id, texte_commentaire: texte_commentaire } }
it { expect { subject }.to raise_error(ActiveRecord::RecordNotFound) }
it { expect { subject rescue nil }.to change(Commentaire, :count).by(0) }
end
context "when user is invited on dossier" do
let(:user) { create(:user) }
subject { post :create, params: { dossier_id: dossier_id, texte_commentaire: texte_commentaire } }
before do
sign_in user
InviteUser.create(dossier: dossier, user: user, email: user.email, email_sender: "test@test.com")
end
it { expect{ subject }.to change(Commentaire, :count).by(1) }
end
context 'création correct d\'un commentaire' do context 'création correct d\'un commentaire' do
subject do subject do
sign_in dossier.user sign_in dossier.user