From f4d2f1ddf53d1d5a4c2053e04026dd6fbd0ee115 Mon Sep 17 00:00:00 2001 From: Martin Date: Thu, 7 Mar 2024 08:39:32 +0100 Subject: [PATCH] fix(export.pdf): expert should not have access to messagerie when it was disabled --- app/controllers/api/v2/dossiers_controller.rb | 2 +- app/controllers/instructeurs/dossiers_controller.rb | 2 +- app/controllers/users/dossiers_controller.rb | 2 +- app/services/pieces_justificatives_service.rb | 7 +++++-- app/views/dossiers/show.pdf.prawn | 2 +- spec/controllers/instructeurs/dossiers_controller_spec.rb | 2 +- spec/controllers/users/dossiers_controller_spec.rb | 2 +- 7 files changed, 11 insertions(+), 8 deletions(-) diff --git a/app/controllers/api/v2/dossiers_controller.rb b/app/controllers/api/v2/dossiers_controller.rb index 2e808dd7b..0612aaf53 100644 --- a/app/controllers/api/v2/dossiers_controller.rb +++ b/app/controllers/api/v2/dossiers_controller.rb @@ -2,7 +2,7 @@ class API::V2::DossiersController < API::V2::BaseController before_action :ensure_dossier_present def pdf - @acls = PiecesJustificativesService.new(user_profile: Administrateur.new).acl_for_dossier_export + @acls = PiecesJustificativesService.new(user_profile: Administrateur.new).acl_for_dossier_export(dossier.procedure) render(template: 'dossiers/show', formats: [:pdf]) end diff --git a/app/controllers/instructeurs/dossiers_controller.rb b/app/controllers/instructeurs/dossiers_controller.rb index 44db9f2de..37013e1b0 100644 --- a/app/controllers/instructeurs/dossiers_controller.rb +++ b/app/controllers/instructeurs/dossiers_controller.rb @@ -51,7 +51,7 @@ module Instructeurs @is_dossier_in_batch_operation = dossier.batch_operation.present? respond_to do |format| format.pdf do - @acls = PiecesJustificativesService.new(user_profile: current_instructeur).acl_for_dossier_export + @acls = PiecesJustificativesService.new(user_profile: current_instructeur).acl_for_dossier_export(dossier.procedure) render(template: 'dossiers/show', formats: [:pdf]) end format.all diff --git a/app/controllers/users/dossiers_controller.rb b/app/controllers/users/dossiers_controller.rb index ea7bd5ad0..e7e47374d 100644 --- a/app/controllers/users/dossiers_controller.rb +++ b/app/controllers/users/dossiers_controller.rb @@ -92,7 +92,7 @@ module Users respond_to do |format| format.pdf do @dossier = dossier_with_champs(pj_template: false) - @acls = pj_service.acl_for_dossier_export + @acls = pj_service.acl_for_dossier_export(@dossier.procedure) render(template: 'dossiers/show', formats: [:pdf]) end format.all do diff --git a/app/services/pieces_justificatives_service.rb b/app/services/pieces_justificatives_service.rb index d4f10fba6..07980bedb 100644 --- a/app/services/pieces_justificatives_service.rb +++ b/app/services/pieces_justificatives_service.rb @@ -46,7 +46,7 @@ class PiecesJustificativesService pdf = ApplicationController .render(template: 'dossiers/show', formats: [:pdf], assigns: { - acls: acl_for_dossier_export, + acls: acl_for_dossier_export(procedure), dossier: dossier }) @@ -81,22 +81,25 @@ class PiecesJustificativesService end end - def acl_for_dossier_export + def acl_for_dossier_export(procedure) case @user_profile when Expert { + include_messagerie: procedure.allow_expert_messaging, include_infos_administration: false, include_avis_for_expert: true, only_for_expert: @user_profile } when Instructeur, Administrateur { + include_messagerie: true, include_infos_administration: true, include_avis_for_expert: true, only_for_export: false } when User { + include_messagerie: true, include_infos_administration: false, include_avis_for_expert: false, # should be true, expert can use the messagerie, why not provide avis ? only_for_expert: false diff --git a/app/views/dossiers/show.pdf.prawn b/app/views/dossiers/show.pdf.prawn index eaf32db3b..7cb8b5856 100644 --- a/app/views/dossiers/show.pdf.prawn +++ b/app/views/dossiers/show.pdf.prawn @@ -374,7 +374,7 @@ prawn_document(page_size: "A4") do |pdf| end end - if @dossier.commentaires.present? + if @acls[:include_messagerie] && @dossier.commentaires.present? add_title(pdf, 'Messagerie') @dossier.commentaires.each do |commentaire| add_message(pdf, commentaire) diff --git a/spec/controllers/instructeurs/dossiers_controller_spec.rb b/spec/controllers/instructeurs/dossiers_controller_spec.rb index 017496238..08900e03e 100644 --- a/spec/controllers/instructeurs/dossiers_controller_spec.rb +++ b/spec/controllers/instructeurs/dossiers_controller_spec.rb @@ -910,7 +910,7 @@ describe Instructeurs::DossiersController, type: :controller do subject end - it { expect(assigns(:acls)).to eq(PiecesJustificativesService.new(user_profile: instructeur).acl_for_dossier_export) } + it { expect(assigns(:acls)).to eq(PiecesJustificativesService.new(user_profile: instructeur).acl_for_dossier_export(dossier.procedure)) } it { expect(assigns(:is_dossier_in_batch_operation)).to eq(false) } it { expect(response).to render_template 'dossiers/show' } diff --git a/spec/controllers/users/dossiers_controller_spec.rb b/spec/controllers/users/dossiers_controller_spec.rb index 88d0865ba..044d90155 100644 --- a/spec/controllers/users/dossiers_controller_spec.rb +++ b/spec/controllers/users/dossiers_controller_spec.rb @@ -1114,7 +1114,7 @@ describe Users::DossiersController, type: :controller do end context 'when the dossier has been submitted' do - it { expect(assigns(:acls)).to eq(PiecesJustificativesService.new(user_profile: user).acl_for_dossier_export) } + it { expect(assigns(:acls)).to eq(PiecesJustificativesService.new(user_profile: user).acl_for_dossier_export(dossier.procedure)) } it { expect(response).to render_template('dossiers/show') } end end