fix(dossier): do not bypass depositaire check on modifier path

2023-04-26 16:54:50 +02:00 · 2023-04-26 16:54:50 +02:00 · cb752d1857
commit cb752d1857
parent 2ad8ccc310
7 changed files with 31 additions and 27 deletions
--- a/app/controllers/users/dossiers_controller.rb
+++ b/app/controllers/users/dossiers_controller.rb
@ -10,7 +10,9 @@ module Users

    before_action :ensure_ownership!, except: ACTIONS_ALLOWED_TO_ANY_USER + ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
    before_action :ensure_ownership_or_invitation!, only: ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
-    before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update_brouillon, :submit_brouillon, :modifier, :update]
+    before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update_siret, :brouillon, :update_brouillon, :submit_brouillon, :modifier, :update]
+    before_action :ensure_dossier_can_be_filled, only: [:brouillon, :modifier, :update_brouillon, :submit_brouillon, :update]
+    before_action :ensure_dossier_can_be_viewed, only: [:show]
    before_action :forbid_invite_submission!, only: [:submit_brouillon]
    before_action :forbid_closed_submission!, only: [:submit_brouillon]
    before_action :show_demarche_en_test_banner
@ -33,11 +35,6 @@ module Users
    end

    def show
-      if dossier.brouillon?
-        redirect_to brouillon_dossier_path(dossier)
-        return
-      end
-
      @dossier = dossier
      respond_to do |format|
        format.pdf do
@ -150,15 +147,6 @@ module Users
      session.delete(:prefill_params)
      @dossier = dossier_with_champs
      @dossier.valid?(context: :prefilling)
-
-      # TODO: remove when the champs are unifed
-      if !@dossier.autorisation_donnees
-        if dossier.procedure.for_individual
-          redirect_to identite_dossier_path(@dossier)
-        else
-          redirect_to siret_dossier_path(@dossier)
-        end
-      end
    end

    def submit_brouillon
@ -383,7 +371,23 @@ module Users
    def ensure_dossier_can_be_updated
      if !dossier.can_be_updated_by_user?
        flash.alert = t('users.dossiers.no_longer_editable')
-        redirect_to dossiers_path
+        redirect_to dossier_path(dossier)
+      end
+    end
+
+    def ensure_dossier_can_be_filled
+      if !dossier.autorisation_donnees
+        if dossier.procedure.for_individual
+          redirect_to identite_dossier_path(dossier)
+        else
+          redirect_to siret_dossier_path(dossier)
+        end
+      end
+    end
+
+    def ensure_dossier_can_be_viewed
+      if dossier.brouillon?
+        redirect_to brouillon_dossier_path(dossier)
      end
    end