Commit graph

82 commits

Author SHA1 Message Date
Paul Chavard
8ee13f1719 feat(api_token): add allowed_procedure_ids and write_access 2023-03-15 19:09:49 +01:00
Paul Chavard
294a5135ce feat(public/api): add dossier state api 2023-02-28 16:35:25 +01:00
Paul Chavard
ade9811d10 Revert "Merge pull request #8635 from tchak/graphql-with-traces"
This reverts commit 76520ec77d, reversing
changes made to 2c729ff396.
2023-02-16 10:07:07 +01:00
Paul Chavard
74c6d45b74 feat(graphql): add tracing support for managers 2023-02-15 18:18:45 +01:00
Paul Chavard
f22cc8812b secu(graphql): log full queries and variables 2023-02-08 15:10:27 +01:00
Damien Le Thiec
962016e32e
Schema graph_ql (#8406)
* First draft schema graph_ql

* Add tests for json schema procedures
2023-01-23 11:31:06 +01:00
Sébastien Carceles
68ddae7382
feat(demarche): prefilling stats (#8436)
* force json content type for POST / PATCH / PUT

* add specs about stats dossiers funnel

* new endpoint to render stats about a procedure
2023-01-20 13:28:02 +00:00
Martin
ffd6a10618 clean(api/v2/base_controller): remove potential confusion 2023-01-19 18:09:38 +01:00
Sébastien Carceles
177dec2bdb
feat(dossier): add dossier id to prefill response (#8382) 2023-01-06 13:46:27 +00:00
Sébastien Carceles
20136b7ac8
feat(demarche): create and prefill a dossier with POST request (#8233)
* add base controller for public api

* add dossiers controller with basic checks

* create the dossier

* ensure content-type is json

* prefill dossier with given values

* mark a dossier as prefilled

When a dossier is prefilled, it's allowed not to have a user.

Plus, we add a secure token to the dossier, which we will need later to set a
user after sign in / sign up.

* set user as owner of an orphan prefilled dossier

When a visitor comes from the dossier_url answered by the public api,
the dossier is orphan:
- when the user is already authenticated: they become the owner
- when the user is not authenticated: they can sign in / sign up / france_connect
and then they become the owner

So here is the procedure:
- allow to sign in / sign up / france connect when user is unauthenticated
- set dossier ownership when the dossier is orphan
- check dossier ownership when the dossier is not
- redirect to brouillon path when user is signed in and owner

* mark the dossier as prefilled when it's prefilled
(even with a GET request, because it will be useful later on, for
exmample in order to cleanup the unused prefilled dossiers)

* system spec: prefilling dossier with post request
2023-01-03 14:46:10 +01:00
Paul Chavard
4d4c378724 feat(api_geo): add api_geo service 2022-12-21 14:03:02 +01:00
Paul Chavard
52c8fc7e8d feat(api_token): api v2 use new token 2022-12-07 18:19:37 +01:00
Paul Chavard
ee30a95847 fix(graphql): check if tokens are revoked 2022-11-25 16:27:11 +01:00
Paul Chavard
e3da500614 fix(graphql): variables should be a plain hash 2022-11-24 18:21:33 +01:00
Paul Chavard
5487ce0458 feat(graphql): implement stored queries 2022-11-02 11:26:57 +01:00
Paul Chavard
2ed26e8699 fix(graphql): properly handle variables json parse errors 2022-10-31 11:32:30 +01:00
Paul Chavard
473a772032 feat(graphql): on api exceptions log query and variables 2022-10-28 12:18:21 +02:00
simon lehericey
122c8107a5 fix(web_graphql): fix graphql web playground authorization 2022-10-03 18:08:03 +02:00
Paul Chavard
df47f4a7ab feat(graphql): new tokens should carry administrateur_id 2022-09-29 11:58:58 +02:00
Paul Chavard
c2812a7633 fix(api): hide deleted dossiers 2022-03-31 12:17:24 +02:00
Paul Chavard
758e7d68e6 fix(graphql): fix and improuve query parsing for logs 2021-11-24 13:23:05 +03:00
Pierre de La Morinerie
859a147c49 api: return error cause on parse error
Currently, when a query can't be parsed, the error is:
- logged to Sentry (which is useless to us),
- returned as a generic 'Internal Server Error' (which is useless to the
  user who made the query).

With this commit, the error is instead ignored from our logs (because it
is a user error), but the parse error details are returned to the user,
with the following format:

> {'errors': [{'message': 'Parse error on ")" (RPAREN) at [3, 23]'}]}
2021-11-19 15:15:10 +01:00
Paul Chavard
3c2515ce6d feat(graphql): add graphql_operation to rails logs 2021-11-02 12:02:00 +01:00
Paul Chavard
44eb0ada4f fix(i18n): add Kosovo to countries list
Kosovo is not part of ISO 3166 as of time of writing. https://en.wikipedia.org/wiki/ISO_3166-2:RS#cite_ref-1
2021-09-08 12:11:25 +02:00
Paul Chavard
a3cc072bbd feat(i18n): translate countries selector 2021-08-31 13:15:26 +02:00
Pierre de La Morinerie
3f3d6ae399 controllers: use template: rather than file: to render PDFs
ActionView now throws an error if a relative path is used with `file:`.
2021-03-25 13:24:53 +01:00
Paul Chavard
e0f7f1f20c Do not hide graphql controller errors in test env 2021-02-11 17:45:14 +01:00
Pierre de La Morinerie
150ddab660 zeitwerk: Api -> API 2021-02-09 13:07:30 +01:00
Paul Chavard
41c3a98d7d Update Raven references to use Sentry 2021-01-28 19:46:36 +01:00
Paul Chavard
d31f4d4e25 GraphQL: render api errors as json 2020-12-18 12:25:52 +01:00
Paul Chavard
0aa06d0197 [GraphQL] expose dossier pdf, geojson and attestation 2020-10-06 21:54:43 +02:00
Paul Chavard
775a677465 GraphQL handle parse errors 2020-09-30 14:18:37 +02:00
Paul Chavard
990c867c2e [GraphQL] Add more filters to dossiers 2019-11-07 22:07:42 +01:00
Paul Chavard
95f98fe605 API v1 correctly handle resultats_par_page 2019-11-06 12:54:07 +01:00
Paul Chavard
bf6fbbf2b6 Add graphql end point 2019-09-24 10:47:21 +02:00
Paul Chavard
1781a49932 Add order param to API 2019-06-20 15:28:16 +02:00
Paul Chavard
d5911071f8 Return dossiers on api with stable order 2019-06-04 15:34:49 +02:00
Paul Chavard
549eca44cb Enable flipflop on api requests 2019-03-12 14:02:55 +01:00
Paul Chavard
c37f649453 Update specs to use multiple administrateurs 2019-03-12 11:59:01 +01:00
Paul Chavard
01b966ff66 Check demarche ownership on multiple administrateurs 2019-03-12 11:59:01 +01:00
gregoirenovel
386fbce776 Enable the Layout/SpaceBeforeBlockBraces cop 2019-01-03 10:53:50 +01:00
Paul Chavard
80189def98 Remove n+1 calls from API queries 2018-11-08 14:45:09 +01:00
Paul Chavard
53a261f424 Don’t rely on a decorator for ProcedureSerializer#geographic_information 2018-10-22 23:28:16 +02:00
gregoirenovel
f3caa8ef7f Remove apipie (and maruku) 2018-10-09 17:23:07 +02:00
simon lehericey
16566b46c0 DossierController: private some methods 2018-09-27 10:24:56 +02:00
simon lehericey
912371fbd6 DossierController: use new token validation 2018-09-27 10:24:56 +02:00
simon lehericey
8dd4a1ca4e ProcedureController: remove useless logger call 2018-09-27 10:24:56 +02:00
simon lehericey
3c95273d6f ProcedureController: use new token validation 2018-09-27 10:24:56 +02:00
gregoirenovel
00ecae5f93 Procédure → Démarche 2018-09-05 15:46:24 +02:00
gregoirenovel
0ac160c824 Remove the now useless stats API 2018-08-29 14:54:49 +02:00