Merge branch 'develop' of github.com:sgmap/tps into develop

app/controllers/concerns/dossier_concern.rb

@@ -1,5 +0,0 @@
-module DossierConcern
-  def current_dossier
-    Dossier.find(params[:dossier_id])
-  end
-end

app/controllers/dossiers_controller.rb

@@ -1,3 +0,0 @@
-class DossiersController < ApplicationController
-
-end

app/controllers/france_connect/particulier_controller.rb

@@ -1,4 +1,5 @@
 class FranceConnect::ParticulierController < ApplicationController
+
   def login
     client = FranceConnectParticulierClient.new
 
@@ -94,6 +95,10 @@ class FranceConnect::ParticulierController < ApplicationController
   private
 
   def connect_france_connect_particulier user
+    sign_out :user if user_signed_in?
+    sign_out :gestionnaire if gestionnaire_signed_in?
+    sign_out :administrateur if administrateur_signed_in?
+
     sign_in user
 
     user.loged_in_with_france_connect = 'particulier'

app/controllers/users/carte_controller.rb

@@ -1,7 +1,8 @@
 class Users::CarteController < UsersController
-  include DossierConcern
 
-  before_action :authorized_routes?, only: [:show]
+  before_action only: [:show] do
+    authorized_routes? self.class
+  end
 
   def show
     @dossier = current_user_dossier
@@ -76,6 +77,13 @@ class Users::CarteController < UsersController
     render json: {cadastres: cadastres}
   end
 
+  def self.route_authorization
+    {
+        states: [:draft, :initiated, :replied, :updated],
+        api_carto: true
+    }
+  end
+
   private
 
   def generate_qp coordinates

app/controllers/users/description_controller.rb

@@ -1,5 +1,7 @@
 class Users::DescriptionController < UsersController
-  before_action :authorized_routes?, only: [:show]
+  before_action only: [:show] do
+    authorized_routes? self.class
+  end
 
   def show
     @dossier = current_user_dossier
@@ -62,6 +64,12 @@ class Users::DescriptionController < UsersController
     redirect_to url_for(controller: :recapitulatif, action: :show, dossier_id: @dossier.id)
   end
 
+  def self.route_authorization
+    {
+        states: [:draft, :initiated, :replied, :updated]
+    }
+  end
+
   private
 
   def create_params

app/controllers/users/dossiers_controller.rb

@@ -5,7 +5,9 @@ class Users::DossiersController < UsersController
   before_action :authenticate_user!
   before_action :check_siret, only: :create
 
-  before_action :authorized_routes?, only: [:show]
+  before_action only: [:show] do
+    authorized_routes? self.class
+  end
 
   def index
     order = 'DESC'
@@ -94,6 +96,12 @@ class Users::DossiersController < UsersController
     redirect_to users_dossiers_path
   end
 
+  def self.route_authorization
+    {
+        states: [:draft]
+    }
+  end
+
   private
 
   def dossiers_to_display

app/controllers/users/recapitulatif_controller.rb

@@ -1,5 +1,7 @@
 class Users::RecapitulatifController < UsersController
-  before_action :authorized_routes?, only: [:show]
+  before_action only: [:show] do
+    authorized_routes? self.class
+  end
 
   def show
     create_dossier_facade
@@ -25,6 +27,12 @@ class Users::RecapitulatifController < UsersController
     render 'show'
   end
 
+  def self.route_authorization
+    {
+        states: [:initiated, :replied, :updated, :validated, :submitted, :closed]
+    }
+  end
+
   private
 
   def create_dossier_facade

app/controllers/users_controller.rb

@@ -7,13 +7,10 @@ class UsersController < ApplicationController
     current_user.dossiers.find(dossier_id)
   end
 
-  def authorized_routes?
-    sub_path = "/users/dossiers/#{current_user_dossier.id}"
-
+  def authorized_routes? controller
     redirect_to_root_path 'Le status de votre dossier n\'autorise pas cette URL' unless UserRoutesAuthorizationService.authorized_route?(
-        (request.env['PATH_INFO']).gsub(sub_path, ''),
-        current_user_dossier.state,
-        current_user_dossier.procedure.use_api_carto)
+        controller,
+        current_user_dossier)
   rescue ActiveRecord::RecordNotFound
     redirect_to_root_path 'Vous n’avez pas accès à ce dossier.'
   end

app/services/user_routes_authorization_service.rb

@@ -1,48 +1,9 @@
 class UserRoutesAuthorizationService
 
-  def self.authorized_paths
-    {
-        root: '',
-        carte: '/carte',
-        description: '/description',
-        recapitulatif: '/recapitulatif'
-    }
-  end
+  def self.authorized_route? controller, dossier
+    auth = controller.route_authorization
 
-  def self.authorized_states
-    Dossier.states
-  end
-
-  def self.authorized_routes
-    {
-        root: {
-            authorized_states: [:draft],
-            api_carto: false
-        },
-        carte: {
-            authorized_states: [:draft, :initiated, :replied, :updated],
-            api_carto: true
-        },
-        description: {
-            authorized_states: [:draft, :initiated, :replied, :updated],
-            api_carto: false
-        },
-        recapitulatif: {
-            authorized_states: [:initiated, :replied, :updated, :validated, :submitted, :closed],
-            api_carto: false
-        }
-    }
-  end
-
-  def self.authorized_route? path, state, api_carto=false
-    return raise 'Not a valid path' unless authorized_paths.has_value? path
-    return raise 'Not a valid state' unless authorized_states.has_value? state
-
-    path_key = authorized_paths.key(path)
-
-    first = authorized_routes[path_key][:authorized_states].include? state.to_sym
-    seconde = authorized_routes[path_key][:api_carto] ? api_carto : true
-
-    first && seconde
+    auth[:states].include?(dossier.state.to_sym) &&
+        (auth[:api_carto].nil? ? true : auth[:api_carto] == dossier.procedure.use_api_carto)
   end
 end