confirm adding a new admin to a procedure

For clarity and a better understanding, use a dedicated controller to allow the current admin to confirm adding an administrateur to a procedure.
2022-09-09 14:48:40 +02:00 · 2022-09-09 14:48:40 +02:00 · f154bb56e6
commit f154bb56e6
parent 4123709e72
8 changed files with 255 additions and 16 deletions
--- a/app/controllers/manager/administrateur_confirmations_controller.rb
+++ b/app/controllers/manager/administrateur_confirmations_controller.rb
@ -0,0 +1,52 @@
+module Manager
+  class AdministrateurConfirmationsController < Manager::ApplicationController
+    before_action :set_procedure
+    before_action :decrypt_params
+    before_action :ensure_not_inviter, unless: -> { Rails.env.development? }
+    before_action :ensure_not_invited, unless: -> { Rails.env.development? }
+
+    def new
+      @inviter = SuperAdmin.find(@inviter_id)
+    end
+
+    def create
+      administrateur = Administrateur.by_email(@invited_email)
+      AdministrateursProcedure.create!(procedure: @procedure, administrateur: administrateur)
+      flash[:notice] = "L’administrateur \"#{administrateur.email}\" a été ajouté à la démarche."
+      redirect_to manager_procedure_path(@procedure)
+    end
+
+    private
+
+    def ensure_not_inviter
+      redirect_unallowed if @inviter_id.to_i == current_super_admin.id
+    end
+
+    def ensure_not_invited
+      redirect_unallowed if @invited_email == current_super_admin.email
+    end
+
+    def redirect_unallowed
+      flash[:alert] = "Veuillez partager ce lien avec un autre super administrateur pour qu'il confirme votre action"
+      redirect_to manager_procedure_path(@procedure)
+    end
+
+    def decrypt_params
+      @inviter_id = decrypted_params[:inviter_id]
+      @invited_email = decrypted_params[:email]
+    rescue ActiveSupport::MessageVerifier::InvalidSignature, ArgumentError
+      flash[:error] = "Le lien que vous avez utilisé est invalide. Veuillez contacter la personne qui vous l'a envoyé."
+      redirect_to manager_procedure_path(@procedure)
+    end
+
+    def decrypted_params
+      @decrypted_params ||= ActiveSupport::MessageVerifier.new(
+        Rails.application.key_generator.generate_key(ENV["SECRET_KEY_BASE"])
+      ).verify(Base64.urlsafe_decode64(params[:q]))
+    end
+
+    def set_procedure
+      @procedure = Procedure.with_discarded.find(params[:procedure_id])
+    end
+  end
+end