From 24e37842eec73c5a0a27f08e5da7587a31e2b759 Mon Sep 17 00:00:00 2001 From: gregoirenovel Date: Fri, 8 Jun 2018 15:14:22 +0200 Subject: [PATCH 1/2] Fix a typo --- spec/mailers/administration_mailer_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/mailers/administration_mailer_spec.rb b/spec/mailers/administration_mailer_spec.rb index cae8ceb43..49c39479c 100644 --- a/spec/mailers/administration_mailer_spec.rb +++ b/spec/mailers/administration_mailer_spec.rb @@ -18,7 +18,7 @@ RSpec.describe AdministrationMailer, type: :mailer do it { expect(subject.subject).not_to be_empty } end - describe '#refuse_amin' do + describe '#refuse_admin' do let(:mail) { "l33t-4dm1n@h4x0r.com" } subject { described_class.refuse_admin(mail) } From e11392981dae0758c64a55278381cb9e96d04bf2 Mon Sep 17 00:00:00 2001 From: simon lehericey Date: Fri, 8 Jun 2018 15:51:46 +0200 Subject: [PATCH 2/2] [fix #2072] DossierController: check the user can update the dossier --- .../new_user/dossiers_controller.rb | 8 +++++++ app/models/dossier.rb | 4 ++++ .../new_user/dossiers_controller_spec.rb | 22 +++++++++++++++++++ 3 files changed, 34 insertions(+) diff --git a/app/controllers/new_user/dossiers_controller.rb b/app/controllers/new_user/dossiers_controller.rb index fcca742c6..2d1875cec 100644 --- a/app/controllers/new_user/dossiers_controller.rb +++ b/app/controllers/new_user/dossiers_controller.rb @@ -2,6 +2,7 @@ module NewUser class DossiersController < UserController before_action :ensure_ownership!, except: [:index, :modifier, :update] before_action :ensure_ownership_or_invitation!, only: [:modifier, :update] + before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update] before_action :forbid_invite_submission!, only: [:update] def attestation @@ -109,6 +110,13 @@ module NewUser private + def ensure_dossier_can_be_updated + if !dossier.can_be_updated_by_the_user? + flash.alert = 'Votre dossier ne peut plus être modifié' + redirect_to users_dossiers_path + end + end + def page [params[:page].to_i, 1].max end diff --git a/app/models/dossier.rb b/app/models/dossier.rb index 3747e8f84..940116a3d 100644 --- a/app/models/dossier.rb +++ b/app/models/dossier.rb @@ -171,6 +171,10 @@ class Dossier < ApplicationRecord !(procedure.archivee? && brouillon?) end + def can_be_updated_by_the_user? + brouillon? || en_construction? + end + def text_summary if brouillon? parts = [ diff --git a/spec/controllers/new_user/dossiers_controller_spec.rb b/spec/controllers/new_user/dossiers_controller_spec.rb index 8d65338dc..887d81beb 100644 --- a/spec/controllers/new_user/dossiers_controller_spec.rb +++ b/spec/controllers/new_user/dossiers_controller_spec.rb @@ -145,6 +145,17 @@ describe NewUser::DossiersController, type: :controller do end end + context 'when the identite cannot be updated by the user' do + let(:dossier) { create(:dossier, :for_individual, :en_instruction, user: user, procedure: procedure) } + let(:individual_params) { { gender: 'M', nom: 'Mouse', prenom: 'Mickey' } } + let(:dossier_params) { { autorisation_donnees: true } } + + it 'redirects to user_dossiers_path' do + expect(response).to redirect_to(users_dossiers_path) + expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') + end + end + context 'with incorrect individual and dossier params' do let(:individual_params) { { gender: '', nom: '', prenom: '' } } let(:dossier_params) { { autorisation_donnees: nil } } @@ -211,6 +222,17 @@ describe NewUser::DossiersController, type: :controller do subject { patch :update, params: payload } + context 'when the dossier cannot be updated by the user' do + let!(:dossier) { create(:dossier, :en_instruction, user: user) } + + it 'redirects to user_dossiers_path' do + subject + + expect(response).to redirect_to(users_dossiers_path) + expect(flash.alert).to eq('Votre dossier ne peut plus être modifié') + end + end + it 'updates the champs' do subject