20136b7ac8
* add base controller for public api * add dossiers controller with basic checks * create the dossier * ensure content-type is json * prefill dossier with given values * mark a dossier as prefilled When a dossier is prefilled, it's allowed not to have a user. Plus, we add a secure token to the dossier, which we will need later to set a user after sign in / sign up. * set user as owner of an orphan prefilled dossier When a visitor comes from the dossier_url answered by the public api, the dossier is orphan: - when the user is already authenticated: they become the owner - when the user is not authenticated: they can sign in / sign up / france_connect and then they become the owner So here is the procedure: - allow to sign in / sign up / france connect when user is unauthenticated - set dossier ownership when the dossier is orphan - check dossier ownership when the dossier is not - redirect to brouillon path when user is signed in and owner * mark the dossier as prefilled when it's prefilled (even with a GET request, because it will be useful later on, for exmample in order to cleanup the unused prefilled dossiers) * system spec: prefilling dossier with post request
29 lines
744 B
Ruby
29 lines
744 B
Ruby
class API::Public::V1::BaseController < APIController
|
|
skip_forgery_protection
|
|
|
|
before_action :check_content_type_is_json
|
|
|
|
protected
|
|
|
|
def render_missing_param(param_name)
|
|
render_error("#{param_name} is missing", :bad_request)
|
|
end
|
|
|
|
def render_bad_request(error_message)
|
|
render_error(error_message, :bad_request)
|
|
end
|
|
|
|
def render_not_found(resource_name, resource_id)
|
|
render_error("#{resource_name} #{resource_id} is not found", :not_found)
|
|
end
|
|
|
|
private
|
|
|
|
def check_content_type_is_json
|
|
render_error("Content-Type should be json", :bad_request) unless request.headers['Content-Type'] == 'application/json'
|
|
end
|
|
|
|
def render_error(message, status)
|
|
render json: { error: message }, status: status
|
|
end
|
|
end
|