DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Evite de cacher la whitelist trop longtemps

Browse source
This commit is contained in:
Frederic Merizen 2018-10-04 16:41:09 +02:00
parent af4a50d8a2
commit eafd0e8348
6 changed files with 171 additions and 166 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/new_gestionnaire/procedures_controller.rb
View file

@ -67,10 +67,11 @@ module NewGestionnaire
@archived_dossiers @archived_dossiers
end end
sorted_ids = DossierFieldService.sorted_ids(@dossiers, procedure_presentation, current_gestionnaire) dossier_field_service = DossierFieldService.new
sorted_ids = dossier_field_service.sorted_ids(@dossiers, procedure_presentation, current_gestionnaire)
if @current_filters.count > 0 if @current_filters.count > 0
filtered_ids = DossierFieldService.filtered_ids(@dossiers, current_filters) filtered_ids = dossier_field_service.filtered_ids(@dossiers, current_filters)
filtered_sorted_ids = sorted_ids.select { |id| filtered_ids.include?(id) } filtered_sorted_ids = sorted_ids.select { |id| filtered_ids.include?(id) }
else else
filtered_sorted_ids = sorted_ids filtered_sorted_ids = sorted_ids

2
app/models/dossier.rb
View file

@ -224,7 +224,7 @@ class Dossier < ApplicationRecord
end end
def get_value(table, column) def get_value(table, column)
DossierFieldService.get_value(self, table, column) DossierFieldService.new.get_value(self, table, column)
end end
def owner_name def owner_name

2
app/models/procedure.rb
View file

@ -293,7 +293,7 @@ class Procedure < ApplicationRecord
end end
def fields def fields
DossierFieldService.fields(self) DossierFieldService.new.fields(self)
end end
def fields_for_select def fields_for_select

10
app/models/procedure_presentation.rb
View file

@ -16,7 +16,7 @@ class ProcedurePresentation < ApplicationRecord
displayed_fields.each do |field| displayed_fields.each do |field|
table = field['table'] table = field['table']
column = field['column'] column = field['column']
if !DossierFieldService.valid_column?(procedure, table, column) if !dossier_field_service.valid_column?(procedure, table, column)
errors.add(:filters, "#{table}.#{column} nest pas une colonne permise") errors.add(:filters, "#{table}.#{column} nest pas une colonne permise")
end end
end end
@ -35,7 +35,7 @@ class ProcedurePresentation < ApplicationRecord
columns.each do |column| columns.each do |column|
table = column['table'] table = column['table']
column = column['column'] column = column['column']
if !DossierFieldService.valid_column?(procedure, table, column) if !dossier_field_service.valid_column?(procedure, table, column)
errors.add(:filters, "#{table}.#{column} nest pas une colonne permise") errors.add(:filters, "#{table}.#{column} nest pas une colonne permise")
end end
end end
@ -44,7 +44,11 @@ class ProcedurePresentation < ApplicationRecord
private private
def dossier_field_service
@dossier_field_service ||= DossierFieldService.new
end
def valid_sort_column?(procedure, table, column) def valid_sort_column?(procedure, table, column)
DossierFieldService.valid_column?(procedure, table, column) || EXTRA_SORT_COLUMNS[table]&.include?(column) dossier_field_service.valid_column?(procedure, table, column) || EXTRA_SORT_COLUMNS[table]&.include?(column)
end end
end end

12
app/services/dossier_field_service.rb
View file

@ -1,7 +1,8 @@
class DossierFieldService class DossierFieldService
@@column_whitelist = {} def initialize
@column_whitelist = {}
end
class << self
def fields(procedure) def fields(procedure)
fields = [ fields = [
field_hash('Créé le', 'self', 'created_at'), field_hash('Créé le', 'self', 'created_at'),
@ -137,14 +138,14 @@ class DossierFieldService
private private
def valid_columns_for_table(procedure, table) def valid_columns_for_table(procedure, table)
if !@@column_whitelist.key?(procedure.id) if !@column_whitelist.key?(procedure.id)
@@column_whitelist[procedure.id] = fields(procedure) @column_whitelist[procedure.id] = fields(procedure)
.group_by { |field| field['table'] } .group_by { |field| field['table'] }
.map { |table, fields| [table, Set.new(fields.map { |field| field['column'] }) ] } .map { |table, fields| [table, Set.new(fields.map { |field| field['column'] }) ] }
.to_h .to_h
end end
@@column_whitelist[procedure.id][table] || [] @column_whitelist[procedure.id][table] || []
end end
def sanitized_column(field) def sanitized_column(field)
@ -169,4 +170,3 @@ class DossierFieldService
} }
end end
end end
end

14
spec/services/dossier_field_service_spec.rb
View file

@ -14,7 +14,7 @@ describe DossierFieldService do
type_de_champ.champ.create(dossier: discarded_dossier, value: 'discard me') type_de_champ.champ.create(dossier: discarded_dossier, value: 'discard me')
end end
subject { described_class.filtered_ids(procedure.dossiers, [{ 'table' => 'type_de_champ', 'column' => type_de_champ.id, 'value' => 'keep' }]) } subject { described_class.new.filtered_ids(procedure.dossiers, [{ 'table' => 'type_de_champ', 'column' => type_de_champ.id, 'value' => 'keep' }]) }
it { is_expected.to contain_exactly(kept_dossier.id) } it { is_expected.to contain_exactly(kept_dossier.id) }
end end
@ -29,7 +29,7 @@ describe DossierFieldService do
type_de_champ_private.champ.create(dossier: discarded_dossier, value: 'discard me') type_de_champ_private.champ.create(dossier: discarded_dossier, value: 'discard me')
end end
subject { described_class.filtered_ids(procedure.dossiers, [{ 'table' => 'type_de_champ_private', 'column' => type_de_champ_private.id, 'value' => 'keep' }]) } subject { described_class.new.filtered_ids(procedure.dossiers, [{ 'table' => 'type_de_champ_private', 'column' => type_de_champ_private.id, 'value' => 'keep' }]) }
it { is_expected.to contain_exactly(kept_dossier.id) } it { is_expected.to contain_exactly(kept_dossier.id) }
end end
@ -39,7 +39,7 @@ describe DossierFieldService do
let!(:kept_dossier) { create(:dossier, procedure: procedure, etablissement: create(:etablissement, entreprise_date_creation: DateTime.new(2018, 6, 21))) } let!(:kept_dossier) { create(:dossier, procedure: procedure, etablissement: create(:etablissement, entreprise_date_creation: DateTime.new(2018, 6, 21))) }
let!(:discarded_dossier) { create(:dossier, procedure: procedure, etablissement: create(:etablissement, entreprise_date_creation: DateTime.new(2008, 6, 21))) } let!(:discarded_dossier) { create(:dossier, procedure: procedure, etablissement: create(:etablissement, entreprise_date_creation: DateTime.new(2008, 6, 21))) }
subject { described_class.filtered_ids(procedure.dossiers, [{ 'table' => 'etablissement', 'column' => 'entreprise_date_creation', 'value' => '21/6/2018' }]) } subject { described_class.new.filtered_ids(procedure.dossiers, [{ 'table' => 'etablissement', 'column' => 'entreprise_date_creation', 'value' => '21/6/2018' }]) }
it { is_expected.to contain_exactly(kept_dossier.id) } it { is_expected.to contain_exactly(kept_dossier.id) }
end end
@ -50,7 +50,7 @@ describe DossierFieldService do
let!(:kept_dossier) { create(:dossier, procedure: procedure, etablissement: create(:etablissement, code_postal: '75017')) } let!(:kept_dossier) { create(:dossier, procedure: procedure, etablissement: create(:etablissement, code_postal: '75017')) }
let!(:discarded_dossier) { create(:dossier, procedure: procedure, etablissement: create(:etablissement, code_postal: '25000')) } let!(:discarded_dossier) { create(:dossier, procedure: procedure, etablissement: create(:etablissement, code_postal: '25000')) }
subject { described_class.filtered_ids(procedure.dossiers, [{ 'table' => 'etablissement', 'column' => 'code_postal', 'value' => '75017' }]) } subject { described_class.new.filtered_ids(procedure.dossiers, [{ 'table' => 'etablissement', 'column' => 'code_postal', 'value' => '75017' }]) }
it { is_expected.to contain_exactly(kept_dossier.id) } it { is_expected.to contain_exactly(kept_dossier.id) }
end end
@ -60,7 +60,7 @@ describe DossierFieldService do
let!(:kept_dossier) { create(:dossier, procedure: procedure, user: create(:user, email: 'me@keepmail.com')) } let!(:kept_dossier) { create(:dossier, procedure: procedure, user: create(:user, email: 'me@keepmail.com')) }
let!(:discarded_dossier) { create(:dossier, procedure: procedure, user: create(:user, email: 'me@discard.com')) } let!(:discarded_dossier) { create(:dossier, procedure: procedure, user: create(:user, email: 'me@discard.com')) }
subject { described_class.filtered_ids(procedure.dossiers, [{ 'table' => 'user', 'column' => 'email', 'value' => 'keepmail' }]) } subject { described_class.new.filtered_ids(procedure.dossiers, [{ 'table' => 'user', 'column' => 'email', 'value' => 'keepmail' }]) }
it { is_expected.to contain_exactly(kept_dossier.id) } it { is_expected.to contain_exactly(kept_dossier.id) }
end end
@ -72,7 +72,7 @@ describe DossierFieldService do
let(:sort) { { 'table' => table, 'column' => column, 'order' => order } } let(:sort) { { 'table' => table, 'column' => column, 'order' => order } }
let(:procedure_presentation) { ProcedurePresentation.create(assign_to: assign_to, sort: sort) } let(:procedure_presentation) { ProcedurePresentation.create(assign_to: assign_to, sort: sort) }
subject { DossierFieldService.sorted_ids(procedure.dossiers, procedure_presentation, gestionnaire) } subject { described_class.new.sorted_ids(procedure.dossiers, procedure_presentation, gestionnaire) }
context 'for notifications table' do context 'for notifications table' do
let(:table) { 'notifications' } let(:table) { 'notifications' }
@ -164,7 +164,7 @@ describe DossierFieldService do
end end
describe '#get_value' do describe '#get_value' do
subject { DossierFieldService.get_value(dossier, table, column) } subject { described_class.new.get_value(dossier, table, column) }
context 'for self table' do context 'for self table' do
let(:table) { 'self' } let(:table) { 'self' }