* add base controller for public api
* add dossiers controller with basic checks
* create the dossier
* ensure content-type is json
* prefill dossier with given values
* mark a dossier as prefilled
When a dossier is prefilled, it's allowed not to have a user.
Plus, we add a secure token to the dossier, which we will need later to set a
user after sign in / sign up.
* set user as owner of an orphan prefilled dossier
When a visitor comes from the dossier_url answered by the public api,
the dossier is orphan:
- when the user is already authenticated: they become the owner
- when the user is not authenticated: they can sign in / sign up / france_connect
and then they become the owner
So here is the procedure:
- allow to sign in / sign up / france connect when user is unauthenticated
- set dossier ownership when the dossier is orphan
- check dossier ownership when the dossier is not
- redirect to brouillon path when user is signed in and owner
* mark the dossier as prefilled when it's prefilled
(even with a GET request, because it will be useful later on, for
exmample in order to cleanup the unused prefilled dossiers)
* system spec: prefilling dossier with post request
Maintenant qu'on autorise un dossier pour entreprise a être créé en mode "dégradé",
(avec établissement incomplet suite à API Entreprise/INSEE down…),
on empêche de l'accepter/refuser/classer sans suite tant qu'on a pas
vérifié son SIRET.
Fix 2839832517/?project=1429550&query=is%3Aunresolved
Calling business logic in a factory is a code-smell, because it
usually requires the object to be saved into database, and may have
unintended consequences when the business logic is changed.
Also, this allows to just build a published procedure, without saving it
to the database.
- Make `champ.dossier` a requirement;
- Move the dossier_id assignation to `before_validation` (otherwise
the record is invalid, and never gets saved);
- Allow specs to only build the champ (instead of saving it to the
database), which bypasses the requirement to have a dossier.
