Merge pull request #9952 from demarches-simplifiees/better_api_token_edition

Admin: permet d'éditer la liste des démarches accessibles par un jeton d'api
2024-11-05 14:37:51 +00:00 · 2024-11-05 14:37:51 +00:00 · e95e86faae
commit e95e86faae
parent 1e18b66012 775e423914
4 changed files with 157 additions and 56 deletions
--- a/spec/controllers/administrateurs/api_tokens_controller_spec.rb
+++ b/spec/controllers/administrateurs/api_tokens_controller_spec.rb
@ -98,9 +98,10 @@ describe Administrateurs::APITokensController, type: :controller do

  describe 'update' do
    let(:token) { APIToken.generate(admin).first }
-    let(:params) { { name:, networks: } }
+    let(:params) { { name:, networks:, procedure_to_add: } }
    let(:name) { 'new name' }
    let(:networks) { '118.218.200.200' }
+    let(:procedure_to_add) { nil }

    subject { patch :update, params: params.merge(id: token.id) }

@ -119,9 +120,8 @@ describe Administrateurs::APITokensController, type: :controller do
      before { subject; token.reload }

      it 'does not update a token' do
-        expect(token.name).not_to eq('new name')
-        expect(assigns(:invalid_network)).to be true
-        expect(response).to render_template(:edit)
+        expect(token.authorized_networks).to be_blank
+        expect(assigns(:invalid_network_message)).to eq('vous devez entrer des adresses ipv4 ou ipv6 valides')
      end
    end

@ -135,10 +135,34 @@ describe Administrateurs::APITokensController, type: :controller do
      let(:networks) { '' }

      it 'does not update a token' do
-        expect(token.name).not_to eq('new name')
-        expect(flash[:alert]).to eq("Vous ne pouvez pas supprimer les restrictions d'accès à l'API d'un jeton permanent.")
-        expect(response).to render_template(:edit)
+        expect(token.authorized_networks).to eq([IPAddr.new('118.218.200.200')])
+        expect(assigns(:invalid_network_message)).to eq("Vous ne pouvez pas supprimer les restrictions d'accès à l'API d'un jeton permanent.")
      end
    end
+
+    context 'with a legitime procedure to add' do
+      let(:params) { { procedure_to_add: procedure.id } }
+
+      before { subject; token.reload }
+
+      it { expect(token.allowed_procedure_ids).to eq([procedure.id]) }
+    end
+
+    context 'with a procedure to add not owned by the admin' do
+      let(:another_procedure) { create(:procedure, administrateurs: [create(:administrateur)]) }
+      let(:params) { { procedure_to_add: another_procedure.id } }
+
+      before { subject; token.reload }
+
+      it { expect(token.allowed_procedure_ids).to eq([]) }
+    end
+
+    context 'with an empty procedure to add' do
+      let(:params) { { procedure_to_add: '' } }
+
+      before { subject; token.reload }
+
+      it { expect(token.allowed_procedure_ids).to eq([]) }
+    end
  end
 end