Merge pull request #7758 from betagouv/fix-demarche-templates-permanent-urls

feat: précise aux administrateurs que les liens PJ + notice ne sont pas partageables
2022-09-28 17:07:44 +02:00 · 2022-09-28 17:07:44 +02:00 · dac5bfad21
commit dac5bfad21
parent a80a7303fc da22c29688
9 changed files with 80 additions and 30 deletions
--- a/app/assets/stylesheets/pj.scss
+++ b/app/assets/stylesheets/pj.scss
@ -1,13 +0,0 @@
-.pj {
-  th {
-    vertical-align: middle;
-  }
-
-  .dropdown-items a {
-    flex-direction: column;
-  }
-
-  .filename {
-    font-weight: bold;
-  }
-}
--- a/app/assets/stylesheets/utils.scss
+++ b/app/assets/stylesheets/utils.scss
@ -74,6 +74,14 @@
  display: none;
 }

+.visible-on-previous-hover {
+  visibility: hidden;
+}
+
+:hover + .visible-on-previous-hover {
+  visibility: visible;
+}
+
 // sizing
 .width-100 {
  width: 100%;
--- a/app/components/attachment/edit_component/edit_component.html.haml
+++ b/app/components/attachment/edit_component/edit_component.html.haml
@ -4,6 +4,10 @@
      Veuillez télécharger, remplir et joindre
      = link_to('le modèle suivant', url_for(template), target: '_blank', rel: 'noopener')

+      - if helpers.administrateur_signed_in?
+        %em.fr-text-mention--grey.fr-text--xs.visible-on-previous-hover
+          = t('shared.ephemeral_link')
+
  - if persisted?
    .attachment-actions{ id: dom_id(attachment, :actions) }
      .attachment-action
--- a/app/views/shared/dossiers/_edit.html.haml
+++ b/app/views/shared/dossiers/_edit.html.haml
@ -26,6 +26,11 @@
                class: "fr-btn fr-btn--secondary mt-2",
                title: t("views.shared.dossiers.edit.notice_title"), **external_link_attributes

+            - if administrateur_signed_in?
+              %em.ml-1.fr-text-mention--grey.visible-on-previous-hover
+                %span.fr-icon-feedback-line{ "aria-hidden": "true" }
+                  = t('shared.ephemeral_link')
+
    - if dossier.show_groupe_instructeur_selector?
      %span{ data: { controller: 'autosave' } }
        = f.label :groupe_instructeur_id do
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -500,6 +500,7 @@ en:
          connection_done: "The accounts for FranceConnect and %{application_name} are now merged."
          merger_token_expired: "Le delay to merge your FranceConnect and %{application_name} accounts is expired. Please retry."
  shared:
+    ephemeral_link: This link is ephemeral and should not be shared.
    procedures:
      stats:
        usual_processing_time: "Usual processing time"
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@ -551,6 +551,7 @@ fr:
        connection_done: "Les comptes FranceConnect et %{application_name} sont à présent fusionnés"
        merger_token_expired: "Le délai pour fusionner les comptes FranceConnect et %{application_name} est expirée. Veuillez recommencer la procédure pour vous fusionner les comptes."
  shared:
+    ephemeral_link: Ce lien est éphémère et ne devrait pas être partagé.
    procedures:
      stats:
        usual_processing_time: "Temps de traitement usuel"
--- a/spec/views/shared/attachment/_update.html.haml_spec.rb
+++ b/spec/views/shared/attachment/_update.html.haml_spec.rb
@ -2,10 +2,11 @@ describe 'shared/attachment/_update.html.haml', type: :view do
  let(:champ) { build(:champ_piece_justificative, dossier: create(:dossier)) }
  let(:attached_file) { champ.piece_justificative_file }
  let(:user_can_destroy) { false }
+  let(:template) { nil }

  subject do
    form_for(champ.dossier) do |form|
-      view.render Attachment::EditComponent.new(form: form, attached_file: attached_file, user_can_destroy: true, direct_upload: true)
+      view.render Attachment::EditComponent.new(form: form, attached_file: attached_file, user_can_destroy: true, direct_upload: true, template:)
    end
  end

@ -64,4 +65,26 @@ describe 'shared/attachment/_update.html.haml', type: :view do
      is_expected.not_to have_link('Supprimer')
    end
  end
+
+  context 'when champ has a template' do
+    let(:profil) { :user }
+    let(:template) { champ.type_de_champ.piece_justificative_template }
+
+    before do
+      allow_any_instance_of(ActionView::Base).to receive(:administrateur_signed_in?).and_return(profil == :administrateur)
+    end
+
+    it 'renders a link to template' do
+      expect(subject).to have_link('le modèle suivant')
+      expect(subject).not_to have_text("éphémère")
+    end
+
+    context 'as an administrator' do
+      let(:profil) { :administrateur }
+      it 'warn about ephemeral template url' do
+        expect(subject).to have_link('le modèle suivant')
+        expect(subject).to have_text("éphémère")
+      end
+    end
+  end
 end
--- a/spec/views/shared/dossiers/_edit.html.haml_spec.rb
+++ b/spec/views/shared/dossiers/_edit.html.haml_spec.rb
@ -1,6 +1,7 @@
 describe 'shared/dossiers/edit.html.haml', type: :view do
  before do
    allow(controller).to receive(:current_user).and_return(dossier.user)
+    allow(view).to receive(:administrateur_signed_in?).and_return(false)
  end

  subject { render 'shared/dossiers/edit.html.haml', dossier: dossier, apercu: false }
@ -118,7 +119,9 @@ describe 'shared/dossiers/edit.html.haml', type: :view do
    end

    context 'when dossier is brouillon' do
-      before { dossier.champs << champ }
+      before do
+        dossier.champs << champ
+      end

      it 'can delete a piece justificative' do
        expect(subject).to have_text('Supprimer')
--- a/spec/views/users/dossiers/brouillon.html.haml_spec.rb
+++ b/spec/views/users/dossiers/brouillon.html.haml_spec.rb
@ -2,32 +2,50 @@ describe 'users/dossiers/brouillon.html.haml', type: :view do
  let(:procedure) { create(:procedure, :with_type_de_champ, :with_notice, :with_service) }
  let(:dossier) { create(:dossier, state: Dossier.states.fetch(:brouillon), procedure: procedure) }
  let(:footer) { view.content_for(:footer) }
+  let(:profile) { :user }

  before do
    sign_in dossier.user
    assign(:dossier, dossier)
+    # allow(view) doesn't work because method is called inside partial
+    ActionView::Base.any_instance.stub(:administrateur_signed_in?).and_return(profile == :administrateur)
  end

  subject! { render }

-  it 'affiche le libellé de la démarche' do
-    expect(rendered).to have_text(dossier.procedure.libelle)
+  context "as an user" do
+    it 'affiche le libellé de la démarche' do
+      expect(rendered).to have_text(dossier.procedure.libelle)
+    end
+
+    it 'affiche un lien vers la notice' do
+      expect(response).to have_css("a[href*='/rails/active_storage/blobs/']", text: "Guide de la démarche")
+      expect(rendered).not_to have_text("Ce lien est éphémère")
+    end
+
+    it 'affiche les boutons de validation' do
+      expect(rendered).to have_selector('.send-dossier-actions-bar')
+    end
+
+    it 'prépare le footer' do
+      expect(footer).to have_selector('footer')
+    end
+
+    context 'quand la démarche ne comporte pas de notice' do
+      let(:procedure) { create(:procedure) }
+      it { is_expected.not_to have_link("Guide de la démarche") }
+    end
  end

-  it 'affiche un lien vers la notice' do
-    expect(response).to have_css("a[href*='/rails/active_storage/blobs/']", text: "Guide de la démarche")
-  end
+  context "as an administrateur" do
+    let(:profile) { :administrateur }

-  it 'affiche les boutons de validation' do
-    expect(rendered).to have_selector('.send-dossier-actions-bar')
-  end
+    before do
+      create(:administrateur, user: dossier.user)
+    end

-  it 'prépare le footer' do
-    expect(footer).to have_selector('footer')
-  end
-
-  context 'quand la démarche ne comporte pas de notice' do
-    let(:procedure) { create(:procedure) }
-    it { is_expected.not_to have_link("Guide de la démarche") }
+    it 'affiche un avertissement à propos de la notice' do
+      expect(rendered).to have_text("Ce lien est éphémère")
+    end
  end
 end