# frozen_string_literal: true describe Experts::AvisController, type: :controller do context 'with an expert signed in' do render_views let(:now) { Time.zone.parse('01/02/2345') } let(:instructeur) { create(:instructeur) } let!(:instructeur_with_instant_avis_notification) { create(:instructeur) } let(:another_instructeur) { create(:instructeur) } let(:claimant) { create(:expert) } let(:expert) { create(:expert) } let(:types_de_champ_public) { [] } let(:procedure) { create(:procedure, :published, instructeurs: [instructeur, another_instructeur, instructeur_with_instant_avis_notification], types_de_champ_public:) } let(:procedure_id) { procedure.id } let(:another_procedure) { create(:procedure, :published, instructeurs: [instructeur]) } let(:dossier) { create(:dossier, :en_construction, procedure:) } let(:experts_procedure) { create(:experts_procedure, expert:, procedure:) } let!(:avis_without_answer) { create(:avis, dossier:, claimant:, experts_procedure:) } let!(:avis_with_answer) { create(:avis, dossier:, claimant:, experts_procedure:, answer: 'yop') } let!(:revoked_procedure) { create(:procedure, :published, instructeurs: [instructeur]) } let!(:revoked_dossier) { create(:dossier, :en_construction, procedure: revoked_procedure) } let!(:revoked_experts_procedure) { create(:experts_procedure, expert: expert, procedure: revoked_procedure) } let!(:revoked_avis) do create(:avis, dossier: revoked_dossier, claimant:, experts_procedure: revoked_experts_procedure, introduction: 'revoked', revoked_at: Time.zone.now) end before do sign_in(expert.user) end describe '#index' do context 'nominal' do before { get :index } it do expect(response).to have_http_status(:success) expect(assigns(:avis_by_procedure).keys).to match_array(procedure) expect(assigns(:avis_by_procedure).values.flatten).to match_array([avis_without_answer, avis_with_answer]) end end context 'avis on termine dossier' do let(:another_experts_procedure) { create(:experts_procedure, expert:, procedure: another_procedure) } let(:dossier_termine) { create(:dossier, :accepte, procedure: another_procedure) } let(:another_avis_without_answer) { create(:avis, claimant:, dossier: dossier_termine, experts_procedure: another_experts_procedure) } let(:another_avis_with_answer) { create(:avis, claimant:, dossier: dossier_termine, experts_procedure: another_experts_procedure, answer: 'yop') } before do another_experts_procedure dossier_termine another_avis_without_answer another_avis_with_answer get :index end it do expect(response).to have_http_status(:success) expect(assigns(:avis_by_procedure).keys).to match_array([procedure, another_procedure]) end end end describe '#procedure' do context 'without filter' do let!(:oldest_avis_without_answer) { create(:avis, dossier: dossier, claimant: claimant, experts_procedure: experts_procedure, created_at: 2.years.ago) } before { get :procedure, params: { procedure_id: procedure_to_show.id } } context 'with legitimates avis' do let(:procedure_to_show) { procedure } it do expect(response).to have_http_status(:success) expect(assigns(:avis_a_donner)).to match([avis_without_answer, oldest_avis_without_answer]) expect(assigns(:avis_donnes)).to match([avis_with_answer]) expect(assigns(:statut)).to eq('a-donner') end end context 'with a revoked avis' do let(:procedure_to_show) { revoked_procedure } it { expect(response).to redirect_to expert_all_avis_path } end end context 'with a statut equal to donnes' do before { get :procedure, params: { statut: 'donnes', procedure_id: } } it { expect(assigns(:statut)).to eq('donnes') } end context 'with different procedure' do subject { get :procedure, params: { statut: 'donnes', procedure_id: } } it 'fails' do sign_in(create(:expert).user) subject expect(response).to redirect_to(expert_all_avis_path) expect(flash.alert).to eq("Vous n’avez pas accès à cette démarche.") end end end describe '#bilans_bdf' do let(:avis) { avis_without_answer } before { get :bilans_bdf, params: { id: avis, procedure_id: } } it { expect(response).to redirect_to(expert_avis_path(avis_without_answer)) } context 'with a revoked avis' do let(:avis) { revoked_avis } it { expect(response).to redirect_to(root_path) } end end describe '#telecharger_pjs' do let(:avis) { avis_with_answer } subject { get :telecharger_pjs, params: { id: avis.id, procedure_id: } } context 'with a valid avis' do it do service = instance_double(PiecesJustificativesService) expect(PiecesJustificativesService).to receive(:new).with(user_profile: expert, export_template: nil).and_return(service) expect(service).to receive(:generate_dossiers_export).with(Dossier.where(id: dossier)).and_return([]) expect(service).to receive(:liste_documents).with(Dossier.where(id: dossier)).and_return([]) is_expected.to have_http_status(:success) end end context 'with a revoked avis' do let(:avis) { revoked_avis } it { is_expected.to redirect_to(root_path) } end context 'with a another avis' do let(:avis) { create(:avis) } it { is_expected.to redirect_to(expert_all_avis_path) } end end describe '#show' do subject { get :show, params: { id: avis_with_answer.id, procedure_id: } } context 'with a valid avis' do before { subject } it do expect(response).to have_http_status(:success) expect(assigns(:avis)).to eq(avis_with_answer) expect(assigns(:dossier)).to eq(dossier) end end context 'with a revoked avis' do it "refuse l'accès au dossier" do avis_with_answer.update!(revoked_at: Time.zone.now) subject expect(flash.alert).to eq("Vous n’avez plus accès à ce dossier.") expect(response).to redirect_to(root_path) end end context 'with an avis that does not belongs to current_expert' do it "refuse l'accès au dossier" do sign_in(create(:expert).user) subject expect(response).to redirect_to(expert_all_avis_path) expect(flash.alert).to eq("Vous n’avez pas accès à cet avis.") end end end describe '#instruction' do subject { get :instruction, params: { id: avis_to_instruct.id, procedure_id: } } context 'with valid avis' do let(:avis_to_instruct) { avis_without_answer } before { subject } it do expect(response).to have_http_status(:success) expect(assigns(:avis)).to eq(avis_without_answer) expect(assigns(:dossier)).to eq(dossier) end end context 'with an avis that does not belongs to current_expert' do let(:avis_to_instruct) { avis_without_answer } it "refuse l'accès au dossier" do sign_in(create(:expert).user) subject expect(response).to redirect_to(expert_all_avis_path) expect(flash.alert).to eq("Vous n’avez pas accès à cet avis.") end end context 'with a revoked avis' do let(:avis_to_instruct) { revoked_avis } before { subject } it { expect(response).to redirect_to root_path } end end context 'with destroyed claimant' do render_views it 'does not raise' do avis_with_merged_instructeur = create(:avis, dossier: dossier, claimant: another_instructeur, experts_procedure: experts_procedure) another_instructeur.user.destroy sign_in(expert.user) get :instruction, params: { id: avis_with_merged_instructeur.id, procedure_id: } expect(response).to have_http_status(200) end end describe '#messagerie' do let(:avis) { avis_without_answer } subject { get :messagerie, params: { id: avis.id, procedure_id: } } context 'with valid avis' do before { subject } it do expect(response).to have_http_status(:success) expect(assigns(:avis)).to eq(avis_without_answer) expect(assigns(:dossier)).to eq(dossier) end end context 'with an avis that does not belongs to current_expert' do it "refuse l'accès au dossier" do sign_in(create(:expert).user) subject expect(response).to redirect_to(expert_all_avis_path) expect(flash.alert).to eq("Vous n’avez pas accès à cet avis.") end end context 'with a revoked avis' do let(:avis) { revoked_avis } it { is_expected.to redirect_to(root_path) } end end describe '#update' do before { Timecop.freeze(now) } after { Timecop.return } let(:avis) { avis_without_answer } subject do post :update, params: { id: avis.id, procedure_id:, avis: { answer: 'answer' } } avis.reload end context 'on a revoked avis' do let(:avis) { revoked_avis } it { expect(subject).to redirect_to(root_path) } end context 'without attachment' do it 'should be ok' do expect(subject).to redirect_to(instruction_expert_avis_path(avis.procedure, avis)) expect(avis.answer).to eq('answer') expect(avis.piece_justificative_file).to_not be_attached expect(dossier.reload.last_avis_updated_at).to eq(now) expect(flash.notice).to eq('Votre réponse est enregistrée.') end end context 'without attachment with an instructeur wants to be notified' do before do allow(DossierMailer).to receive(:notify_new_avis_to_instructeur).and_return(double(deliver_later: nil)) AssignTo.find_by(instructeur: instructeur_with_instant_avis_notification).update!(instant_expert_avis_email_notifications_enabled: true) instructeur_with_instant_avis_notification.follow(avis_without_answer.dossier) subject end it 'The instructeur should be notified of the new avis' do expect(DossierMailer).to have_received(:notify_new_avis_to_instructeur).once.with(avis_without_answer, instructeur_with_instant_avis_notification.email) end end context 'with attachment' do let(:file) { fixture_file_upload('spec/fixtures/files/piece_justificative_0.pdf', 'application/pdf') } before do expect(ClamavService).to receive(:safe_file?).and_return(true) post :update, params: { id: avis_without_answer.id, procedure_id:, avis: { answer: 'answer', piece_justificative_file: file } } perform_enqueued_jobs avis_without_answer.reload end it 'should be ok' do expect(response).to redirect_to(instruction_expert_avis_path(avis_without_answer.procedure, avis_without_answer)) expect(avis_without_answer.answer).to eq('answer') expect(avis_without_answer.piece_justificative_file).to be_attached expect(flash.notice).to eq('Votre réponse est enregistrée.') end end context 'with an avis that does not belongs to current_expert' do before { sign_in(create(:expert).user) } it "refuse l'accès au dossier" do expect(subject).to redirect_to(expert_all_avis_path) expect(flash.alert).to eq("Vous n’avez pas accès à cet avis.") end end end describe '#create_commentaire' do let(:file) { nil } let(:scan_result) { true } let(:now) { Time.zone.parse("14/07/1789") } let(:avis) { avis_without_answer } subject { post :create_commentaire, params: { id: avis.id, procedure_id:, commentaire: { body: 'commentaire body', piece_jointe: [file] } } } before do allow(ClamavService).to receive(:safe_file?).and_return(scan_result) Timecop.freeze(now) end after { Timecop.return } it do subject expect(response).to redirect_to(messagerie_expert_avis_path(avis_without_answer.procedure, avis_without_answer)) expect(dossier.commentaires.map(&:body)).to match(['commentaire body']) expect(dossier.reload.last_commentaire_updated_at).to eq(now) end context "with a file" do let(:file) { fixture_file_upload('spec/fixtures/files/piece_justificative_0.pdf', 'application/pdf') } it do expect { subject }.to change(Commentaire, :count).by(1) expect(Commentaire.last.piece_jointe.first.filename).to eq("piece_justificative_0.pdf") end end context 'with a revoked avis' do let(:avis) { revoked_avis } it { is_expected.to redirect_to(root_path) } end end describe '#avis_new' do before do allow(Expert).to receive(:autocomplete_mails).and_return([]) get :avis_new, params: { procedure_id: procedure.id, id: avis_without_answer.id } end it { expect(Expert).to have_received(:autocomplete_mails).with(procedure) } end describe '#create_avis' do let(:previous_avis_confidentiel) { false } let(:previous_revoked_at) { nil } let!(:previous_avis) { create(:avis, dossier:, claimant:, experts_procedure:, confidentiel: previous_avis_confidentiel, revoked_at: previous_revoked_at) } let(:emails) { ["a@b.com"] } let(:introduction) { 'introduction' } let(:created_avis) { Avis.last } let!(:old_avis_count) { Avis.count } let(:invite_linked_dossiers) { nil } let(:introduction_file) { fixture_file_upload('spec/fixtures/files/piece_justificative_0.pdf', 'application/pdf') } let(:confidentiel) { false } let(:question_label) { '' } before do Timecop.freeze(now) post :create_avis, params: { id: previous_avis.id, procedure_id:, avis: { emails:, introduction:, experts_procedure:, confidentiel:, invite_linked_dossiers:, introduction_file:, question_label: } } created_avis.reload end after { Timecop.return } context 'from a revoked avis' do let(:previous_revoked_at) { Time.zone.now } it do expect(response).to redirect_to(root_path) expect(Avis.last).to eq(previous_avis) end end context 'when an invalid email' do let(:emails) { ["toto.fr"] } it do expect(response).to render_template :instruction expect(flash.alert).to eq(["toto.fr : Le champ « Email » est invalide. Saisir une adresse électronique valide, exemple : adresse@mail.com"]) expect(Avis.last).to eq(previous_avis) expect(dossier.last_avis_updated_at).to eq(nil) end end context 'with a question' do let(:question_label) { "question" } it do expect(created_avis.question_label).to eq('question') expect(response).to redirect_to(instruction_expert_avis_path(previous_avis.procedure, previous_avis)) end end context 'ask review with attachment' do let(:emails) { ["toto@totomail.com"] } it do expect(created_avis.introduction_file).to be_attached expect(created_avis.introduction_file.filename).to eq("piece_justificative_0.pdf") expect(created_avis.dossier.reload.last_avis_updated_at).to eq(now) expect(flash.notice).to eq("Une demande d’avis a été envoyée à toto@totomail.com") end end context 'with multiple emails' do let(:emails) { ["toto.fr", "titi@titimail.com"] } it do expect(response).to render_template :instruction expect(flash.alert).to eq(["toto.fr : Le champ « Email » est invalide. Saisir une adresse électronique valide, exemple : adresse@mail.com"]) expect(flash.notice).to eq("Une demande d’avis a été envoyée à titi@titimail.com") expect(Avis.count).to eq(old_avis_count + 1) end end context 'when the previous avis is public' do context 'when the user asked for a public avis' do it do expect(created_avis.confidentiel).to be(false) expect(created_avis.introduction).to eq(introduction) expect(created_avis.dossier).to eq(previous_avis.dossier) expect(created_avis.claimant).to eq(expert) expect(response).to redirect_to(instruction_expert_avis_path(previous_avis.procedure, previous_avis)) end end context 'when the user asked for a confidentiel avis' do let(:confidentiel) { true } it { expect(created_avis.confidentiel).to be(true) } end end context 'when the previous avis is confidentiel' do let(:previous_avis_confidentiel) { true } context 'when the user asked for a public avis' do let(:confidentiel) { false } it { expect(created_avis.confidentiel).to be(true) } end end context 'with linked dossiers' do let(:types_de_champ_public) { [{ type: :dossier_link }] } let(:dossier) { create(:dossier, :en_construction, :with_populated_champs, procedure:) } context 'when the expert doesn’t share linked dossiers' do let(:invite_linked_dossiers) { false } it 'sends a single avis for the main dossier, but doesn’t give access to the linked dossiers' do expect(flash.notice).to eq("Une demande d’avis a été envoyée à a@b.com") expect(Avis.count).to eq(old_avis_count + 1) expect(created_avis.dossier).to eq(dossier) end end context 'when the expert also shares the linked dossiers' do context 'and the expert can access the linked dossiers' do let(:created_avis) { create(:avis, dossier: dossier, claimant: claimant, email: "toto3@gmail.com") } let(:linked_dossier) { Dossier.find_by(id: dossier.reload.project_champs_public.filter(&:dossier_link?).filter_map(&:value)) } let(:linked_avis) { create(:avis, dossier: linked_dossier, claimant: claimant) } let(:invite_linked_dossiers) { true } it 'sends one avis for the main dossier' do expect(flash.notice).to eq("Une demande d’avis a été envoyée à a@b.com") expect(created_avis.dossier).to eq(dossier) end it 'sends another avis for the linked dossiers' do expect(Avis.count).to eq(old_avis_count + 2) expect(linked_avis.dossier).to eq(linked_dossier) end end context 'but the expert can’t access the linked dossier' do it 'sends a single avis for the main dossier, but doesn’t give access to the linked dossiers' do expect(flash.notice).to eq("Une demande d’avis a été envoyée à a@b.com") expect(Avis.count).to eq(old_avis_count + 1) expect(created_avis.dossier).to eq(dossier) end end end end context 'when creating avis for linked dossiers with different procedures' do let(:types_de_champ_public) { [{ type: :dossier_link }] } let(:another_procedure) { create(:procedure, :published) } let(:dossier) { create(:dossier, :en_construction, procedure: procedure) } let(:linked_dossier) { create(:dossier, :en_construction, procedure: another_procedure) } let(:linked_experts_procedure) { create(:experts_procedure, expert: previous_avis.expert, procedure: another_procedure) } let!(:linked_avis) { create(:avis, dossier: linked_dossier, experts_procedure: linked_experts_procedure, claimant: previous_avis.claimant) } let(:invite_linked_dossiers) { true } before do dossier_link_champ = dossier.champs.find_by(type: "Champs::DossierLinkChamp") dossier_link_champ.update!(value: linked_dossier.id) end it 'creates experts_procedure with correct procedure for each dossier' do expect { post :create_avis, params: { id: previous_avis.id, procedure_id: procedure.id, avis: { emails: ["expert@example.com"], introduction: "Please review", confidentiel: false, invite_linked_dossiers: true } } }.to change(Avis, :count).by(2) Avis.all.each do |avis| # Verify experts_procedures are created with correct procedures expect(avis.experts_procedure.procedure_id).to eq(avis.dossier.procedure.id) end end end end end context 'without an expert signed in' do let(:claimant) { create(:instructeur) } let(:expert) { create(:expert) } let(:experts_procedure) { create(:experts_procedure, expert: expert, procedure: procedure) } let(:dossier) { create(:dossier) } let(:avis) { create(:avis, dossier: dossier, experts_procedure: experts_procedure, claimant: claimant) } let(:procedure) { dossier.procedure } let(:procedure_id) { procedure.id } describe '#sign_up' do subject do get :sign_up, params: { id: avis.id, procedure_id:, email: avis.expert.email } end context 'when the avis is revoked' do before { avis.update(revoked_at: Time.zone.now) } it { is_expected.to redirect_to(root_path) } end context 'when the expert hasn’t signed up yet' do before { expert.user.update(last_sign_in_at: nil) } it { is_expected.to have_http_status(:success) } end context 'when the expert has already signed up' do before { expert.user.update(last_sign_in_at: Time.zone.now) } context 'and the expert belongs to the invitation' do context 'and the expert is authenticated' do before { sign_in(expert.user) } it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) } end context 'and the expert is not authenticated' do before { sign_out(expert.user) } it { is_expected.to redirect_to new_user_session_url } end end context 'and the expert does not belong to the invitation' do let(:avis) { create(:avis, email: 'another_expert@avis.com', dossier: dossier, experts_procedure: experts_procedure) } before { sign_in(expert.user) } # redirected to dossier but then the instructeur gonna be banished ! it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) } end end end describe '#update_expert' do let(:avis_id) { avis.id } let(:email) { avis.expert.email } let(:password) { SECURE_PASSWORD } subject do post :update_expert, params: { id: avis_id, procedure_id:, email:, user: { password: } } end context 'when the avis is revoked' do before { avis.update(revoked_at: Time.zone.now) } it { is_expected.to redirect_to(root_path) } end context 'when the expert hasn’t signed up yet' do before { expert.user.update(last_sign_in_at: nil) } it 'saves the expert new password' do subject expect(expert.user.reload.valid_password?(SECURE_PASSWORD)).to be true end it { is_expected.to redirect_to expert_all_avis_path } end context 'with a random avis, procedure and user' do let(:avis_id) { create(:avis).id } let(:random_user) { create(:user, password: '{Another-$3cure-p4ssWord}') } let(:email) { random_user.email } it 'doesn’t change the random user password' do expect(random_user.reload.valid_password?(password)).to be false subject expect(random_user.reload.valid_password?(password)).to be false expect(flash[:alert]).to eq("Vous n’avez pas accès à cet avis.") end end context 'with a matching avis procedure, and a random user' do let(:avis) { create(:avis) } let(:avis_id) { avis.id } let(:procedure_id) { avis.procedure.id } let(:random_user) { create(:user, password: '{Another-$3cure-p4ssWord}') } let(:email) { random_user.email } it 'doesn’t change the random user password' do expect(random_user.reload.valid_password?(password)).to be false subject expect(random_user.reload.valid_password?(password)).to be false expect(flash[:alert]).to eq("Vous n’avez pas accès à cet avis.") end end context 'when the expert has already signed up' do before { expert.user.update(last_sign_in_at: Time.zone.now) } it 'doesn’t change the expert password' do subject expect(expert.user.reload.valid_password?('{Another-$3cure-p4ssWord}')).to be false end it { is_expected.to redirect_to new_user_session_url } end end end end