fix(dossier): do not bypass depositaire check on modifier path

This commit is contained in:
Paul Chavard 2023-04-26 16:54:50 +02:00
parent 2ad8ccc310
commit cb752d1857
7 changed files with 31 additions and 27 deletions

View file

@ -10,7 +10,9 @@ module Users
before_action :ensure_ownership!, except: ACTIONS_ALLOWED_TO_ANY_USER + ACTIONS_ALLOWED_TO_OWNER_OR_INVITE before_action :ensure_ownership!, except: ACTIONS_ALLOWED_TO_ANY_USER + ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
before_action :ensure_ownership_or_invitation!, only: ACTIONS_ALLOWED_TO_OWNER_OR_INVITE before_action :ensure_ownership_or_invitation!, only: ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update_brouillon, :submit_brouillon, :modifier, :update] before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update_siret, :brouillon, :update_brouillon, :submit_brouillon, :modifier, :update]
before_action :ensure_dossier_can_be_filled, only: [:brouillon, :modifier, :update_brouillon, :submit_brouillon, :update]
before_action :ensure_dossier_can_be_viewed, only: [:show]
before_action :forbid_invite_submission!, only: [:submit_brouillon] before_action :forbid_invite_submission!, only: [:submit_brouillon]
before_action :forbid_closed_submission!, only: [:submit_brouillon] before_action :forbid_closed_submission!, only: [:submit_brouillon]
before_action :show_demarche_en_test_banner before_action :show_demarche_en_test_banner
@ -33,11 +35,6 @@ module Users
end end
def show def show
if dossier.brouillon?
redirect_to brouillon_dossier_path(dossier)
return
end
@dossier = dossier @dossier = dossier
respond_to do |format| respond_to do |format|
format.pdf do format.pdf do
@ -150,15 +147,6 @@ module Users
session.delete(:prefill_params) session.delete(:prefill_params)
@dossier = dossier_with_champs @dossier = dossier_with_champs
@dossier.valid?(context: :prefilling) @dossier.valid?(context: :prefilling)
# TODO: remove when the champs are unifed
if !@dossier.autorisation_donnees
if dossier.procedure.for_individual
redirect_to identite_dossier_path(@dossier)
else
redirect_to siret_dossier_path(@dossier)
end
end
end end
def submit_brouillon def submit_brouillon
@ -383,7 +371,23 @@ module Users
def ensure_dossier_can_be_updated def ensure_dossier_can_be_updated
if !dossier.can_be_updated_by_user? if !dossier.can_be_updated_by_user?
flash.alert = t('users.dossiers.no_longer_editable') flash.alert = t('users.dossiers.no_longer_editable')
redirect_to dossiers_path redirect_to dossier_path(dossier)
end
end
def ensure_dossier_can_be_filled
if !dossier.autorisation_donnees
if dossier.procedure.for_individual
redirect_to identite_dossier_path(dossier)
else
redirect_to siret_dossier_path(dossier)
end
end
end
def ensure_dossier_can_be_viewed
if dossier.brouillon?
redirect_to brouillon_dossier_path(dossier)
end end
end end

View file

@ -163,7 +163,7 @@ class ProcedureRevision < ApplicationRecord
def dossier_for_preview(user) def dossier_for_preview(user)
dossier = Dossier dossier = Dossier
.create_with(groupe_instructeur: procedure.defaut_groupe_instructeur_for_new_dossier) .create_with(groupe_instructeur: procedure.defaut_groupe_instructeur_for_new_dossier, autorisation_donnees: true)
.find_or_initialize_by(revision: self, user: user, for_procedure_preview: true, state: Dossier.states.fetch(:brouillon)) .find_or_initialize_by(revision: self, user: user, for_procedure_preview: true, state: Dossier.states.fetch(:brouillon))
if dossier.new_record? if dossier.new_record?

View file

@ -19,7 +19,7 @@
- if @prefilled_dossier - if @prefilled_dossier
%h2.huge-title= t('views.commencer.show.prefilled_draft') %h2.huge-title= t('views.commencer.show.prefilled_draft')
%p= t('views.commencer.show.prefilled_draft_detail_html', time_ago: time_ago_in_words(@prefilled_dossier.created_at), procedure: @procedure.libelle) %p= t('views.commencer.show.prefilled_draft_detail_html', time_ago: time_ago_in_words(@prefilled_dossier.created_at), procedure: @procedure.libelle)
= link_to t('views.commencer.show.go_to_prefilled_file'), brouillon_dossier_path(@prefilled_dossier), class: 'fr-btn fr-btn--lg fr-my-2w' = link_to t('views.commencer.show.go_to_prefilled_file'), url_for_dossier(@prefilled_dossier), class: 'fr-btn fr-btn--lg fr-my-2w'
- elsif dossiers.empty? - elsif dossiers.empty?
= link_to t('views.commencer.show.start_procedure'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-my-2w' = link_to t('views.commencer.show.start_procedure'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-my-2w'
@ -29,7 +29,7 @@
%h2.huge-title= t('views.commencer.show.already_draft') %h2.huge-title= t('views.commencer.show.already_draft')
%p %p
= t('views.commencer.show.already_draft_detail_html', time_ago: time_ago_in_words(dossier.created_at), procedure: dossier.procedure.libelle) = t('views.commencer.show.already_draft_detail_html', time_ago: time_ago_in_words(dossier.created_at), procedure: dossier.procedure.libelle)
= link_to t('views.commencer.show.continue_file'), brouillon_dossier_path(dossier), class: 'fr-btn fr-btn--lg fr-my-2w' = link_to t('views.commencer.show.continue_file'), url_for_dossier(dossier), class: 'fr-btn fr-btn--lg fr-my-2w'
= link_to t('views.commencer.show.start_new_file'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-btn--secondary fr-my-2w' = link_to t('views.commencer.show.start_new_file'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-btn--secondary fr-my-2w'
- elsif not_drafts.size == 1 - elsif not_drafts.size == 1
@ -37,7 +37,7 @@
%h2.huge-title= t('views.commencer.show.already_not_draft') %h2.huge-title= t('views.commencer.show.already_not_draft')
%p %p
= t('views.commencer.show.already_not_draft_detail_html', time_ago: time_ago_in_words(dossier.depose_at), procedure: dossier.procedure.libelle) = t('views.commencer.show.already_not_draft_detail_html', time_ago: time_ago_in_words(dossier.depose_at), procedure: dossier.procedure.libelle)
= link_to t('views.commencer.show.show_my_submitted_file'), dossier_path(dossier), class: 'fr-btn fr-btn--lg fr-my-2w' = link_to t('views.commencer.show.show_my_submitted_file'), url_for_dossier(dossier), class: 'fr-btn fr-btn--lg fr-my-2w'
= link_to t('views.commencer.show.start_new_file'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-btn--secondary fr-my-2w' = link_to t('views.commencer.show.start_new_file'), url_for_new_dossier(@revision), class: 'fr-btn fr-btn--lg fr-btn--secondary fr-my-2w'
- else - else

View file

@ -42,4 +42,4 @@
.actions .actions
= link_to 'Utiliser un autre numéro SIRET', siret_dossier_path(@dossier), class: 'fr-btn fr-btn--secondary' = link_to 'Utiliser un autre numéro SIRET', siret_dossier_path(@dossier), class: 'fr-btn fr-btn--secondary'
= link_to 'Continuer avec ces informations', brouillon_dossier_path(@dossier), class: 'fr-btn' = link_to 'Continuer avec ces informations', url_for_dossier(@dossier), class: 'fr-btn'

View file

@ -74,7 +74,7 @@
- c.with_body do - c.with_body do
%p %p
= t('users.dossiers.header.callout.first_brouillon_recently_updated_text', time_ago: time_ago_in_words(@first_brouillon_recently_updated.created_at), libelle: @first_brouillon_recently_updated.procedure.libelle ) = t('users.dossiers.header.callout.first_brouillon_recently_updated_text', time_ago: time_ago_in_words(@first_brouillon_recently_updated.created_at), libelle: @first_brouillon_recently_updated.procedure.libelle )
= link_to t('users.dossiers.header.callout.first_brouillon_recently_updated_button'), modifier_dossier_path(@first_brouillon_recently_updated), class: 'fr-btn' = link_to t('users.dossiers.header.callout.first_brouillon_recently_updated_button'), url_for_dossier(@first_brouillon_recently_updated), class: 'fr-btn'
= render partial: "dossiers_list", locals: { dossiers: @user_dossiers } = render partial: "dossiers_list", locals: { dossiers: @user_dossiers }

View file

@ -159,7 +159,7 @@ describe Users::DossiersController, type: :controller do
let(:individual_params) { { gender: 'M', nom: 'Mouse', prenom: 'Mickey' } } let(:individual_params) { { gender: 'M', nom: 'Mouse', prenom: 'Mickey' } }
it 'redirects to the dossiers list' do it 'redirects to the dossiers list' do
expect(response).to redirect_to(dossiers_path) expect(response).to redirect_to(dossier_path(dossier))
expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') expect(flash.alert).to eq('Votre dossier ne peut plus être modifié')
end end
end end
@ -361,7 +361,7 @@ describe Users::DossiersController, type: :controller do
it 'redirects to the dossiers list' do it 'redirects to the dossiers list' do
subject subject
expect(response).to redirect_to(dossiers_path) expect(response).to redirect_to(dossier_path(dossier))
expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') expect(flash.alert).to eq('Votre dossier ne peut plus être modifié')
end end
end end
@ -477,7 +477,7 @@ describe Users::DossiersController, type: :controller do
it 'redirects to the dossiers list' do it 'redirects to the dossiers list' do
subject subject
expect(response).to redirect_to(dossiers_path) expect(response).to redirect_to(dossier_path(dossier))
expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') expect(flash.alert).to eq('Votre dossier ne peut plus être modifié')
end end
end end
@ -561,7 +561,7 @@ describe Users::DossiersController, type: :controller do
it 'redirects to the dossiers list' do it 'redirects to the dossiers list' do
subject subject
expect(response).to redirect_to(dossiers_path) expect(response).to redirect_to(dossier_path(dossier))
expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') expect(flash.alert).to eq('Votre dossier ne peut plus être modifié')
end end
end end

View file

@ -47,7 +47,7 @@ describe 'users/dossiers/index.html.haml', type: :view do
end end
it 'affiche une alerte pour continuer à remplir un dossier' do it 'affiche une alerte pour continuer à remplir un dossier' do
expect(rendered).to have_selector('.fr-callout', count: 1) expect(rendered).to have_selector('.fr-callout', count: 1)
expect(rendered).to have_link(href: modifier_dossier_path(dossier_brouillon)) expect(rendered).to have_link(href: brouillon_dossier_path(dossier_brouillon))
end end
end end