From f9aee06040d64288ebbe3b5a70a4a2239480149c Mon Sep 17 00:00:00 2001
From: Simon Lehericey <simon.lehericey@gmail.com>
Date: Fri, 5 May 2017 17:38:43 +0200
Subject: [PATCH] AvisController: add redirection logic for various login cases

---
 app/controllers/backoffice/avis_controller.rb | 15 +++++
 .../backoffice/avis_controller_spec.rb        | 61 +++++++++++++++----
 2 files changed, 64 insertions(+), 12 deletions(-)

diff --git a/app/controllers/backoffice/avis_controller.rb b/app/controllers/backoffice/avis_controller.rb
index 69e481dba..ded272fae 100644
--- a/app/controllers/backoffice/avis_controller.rb
+++ b/app/controllers/backoffice/avis_controller.rb
@@ -1,6 +1,7 @@
 class Backoffice::AvisController < ApplicationController
 
   before_action :authenticate_gestionnaire!, except: [:sign_up, :create_gestionnaire]
+  before_action :redirect_if_no_sign_up_needed, only: [:sign_up]
   before_action :check_avis_exists_and_email_belongs_to_avis, only: [:sign_up, :create_gestionnaire]
 
   def create
@@ -68,6 +69,20 @@ class Backoffice::AvisController < ApplicationController
     params.require(:avis).permit(:answer)
   end
 
+  def redirect_if_no_sign_up_needed
+    avis = Avis.find(params[:id])
+
+    if current_gestionnaire.present?
+      # a gestionnaire is authenticated ... lets see if it can view the dossier
+
+      redirect_to backoffice_dossier_url(avis.dossier)
+    elsif avis.gestionnaire.present? && avis.gestionnaire.email == params[:email]
+      # the avis gestionnaire has already signed up and it sould sign in
+
+      redirect_to new_gestionnaire_session_url
+    end
+  end
+
   def check_avis_exists_and_email_belongs_to_avis
     if !Avis.avis_exists_and_email_belongs_to_avis?(params[:id], params[:email])
       redirect_to url_for(root_path)
diff --git a/spec/controllers/backoffice/avis_controller_spec.rb b/spec/controllers/backoffice/avis_controller_spec.rb
index 6823e9a00..08f1d5e82 100644
--- a/spec/controllers/backoffice/avis_controller_spec.rb
+++ b/spec/controllers/backoffice/avis_controller_spec.rb
@@ -72,23 +72,60 @@ describe Backoffice::AvisController, type: :controller do
     let!(:avis) { Avis.create(email: invited_email, dossier: dossier) }
     let(:invitations_email) { true }
 
-    before do
-      expect(Avis).to receive(:avis_exists_and_email_belongs_to_avis?)
-        .with(avis.id.to_s, invited_email)
-        .and_return(invitations_email)
-      get :sign_up, params: { id: avis.id, email: invited_email }
+    context 'when the new gestionnaire has never signed up' do
+      before do
+        expect(Avis).to receive(:avis_exists_and_email_belongs_to_avis?)
+          .with(avis.id.to_s, invited_email)
+          .and_return(invitations_email)
+        get :sign_up, params: { id: avis.id, email: invited_email }
+      end
+
+      context 'when the email belongs to the invitation' do
+        it { expect(subject.status).to eq(200) }
+        it { expect(assigns(:email)).to eq(invited_email) }
+        it { expect(assigns(:dossier)).to eq(dossier) }
+      end
+
+      context 'when the email does not belong to the invitation' do
+        let(:invitations_email) { false }
+
+        it { is_expected.to redirect_to root_path }
+      end
     end
 
-    context 'when the email belongs to the invitation' do
-      it { expect(subject.status).to eq(200) }
-      it { expect(assigns(:email)).to eq(invited_email) }
-      it { expect(assigns(:dossier)).to eq(dossier) }
+    context 'when the gestionnaire has already signed up and belongs to the invitation' do
+      let(:gestionnaire) { create(:gestionnaire, email: invited_email) }
+      let!(:avis) { Avis.create(dossier: dossier, gestionnaire: gestionnaire) }
+
+      context 'when the gestionnaire is authenticated' do
+        before do
+          sign_in gestionnaire
+          get :sign_up, params: { id: avis.id, email: invited_email }
+        end
+
+        it { is_expected.to redirect_to backoffice_dossier_url(avis.dossier) }
+      end
+
+      context 'when the gestionnaire is not authenticated' do
+        before do
+          get :sign_up, params: { id: avis.id, email: invited_email }
+        end
+
+        it { is_expected.to redirect_to new_gestionnaire_session_url }
+      end
     end
 
-    context 'when the email does not belong to the invitation' do
-      let(:invitations_email) { false }
+    context 'when the gestionnaire has already signed up / is authenticated and does not belong to the invitation' do
+      let(:gestionnaire) { create(:gestionnaire, email: 'other@gmail.com') }
+      let!(:avis) { Avis.create(email: invited_email, dossier: dossier) }
 
-      it { is_expected.to redirect_to root_path }
+      before do
+        sign_in gestionnaire
+        get :sign_up, params: { id: avis.id, email: invited_email }
+      end
+
+      # redirected to dossier but then the gestionnaire gonna be banished !
+      it { is_expected.to redirect_to backoffice_dossier_url(avis.dossier) }
     end
   end