demarches-normaliennes/app/controllers/concerns/create_avis_concern.rb
Martin cb890343ff feat(targeted_user_link): add targeted user link to wrap expert invitation in order to avoid access issue when the expert is connected with another account
feat(user.merge): ensure to merge user.targeted_user_link

Update app/models/targeted_user_link.rb

Co-authored-by: LeSim <mail@simon.lehericey.net>

Update app/models/targeted_user_link.rb

Co-authored-by: LeSim <mail@simon.lehericey.net>

Update app/models/targeted_user_link.rb

Co-authored-by: LeSim <mail@simon.lehericey.net>

feat(db/create_targeted_user_links): ensure not null with fk
2022-05-31 14:50:31 +02:00

77 lines
3 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

module CreateAvisConcern
extend ActiveSupport::Concern
private
def create_avis_from_params(dossier, instructeur_or_expert, confidentiel = false)
confidentiel ||= create_avis_params[:confidentiel]
# Because of a limitation of the email_field rails helper,
# the :emails parameter is a 1-element array.
# Hence the call to first
# https://github.com/rails/rails/issues/17225
expert_emails = create_avis_params[:emails].presence || [].to_json
expert_emails = JSON.parse(expert_emails).map(&:strip).map(&:downcase)
allowed_dossiers = [dossier]
if create_avis_params[:invite_linked_dossiers].present?
allowed_dossiers += dossier.linked_dossiers_for(instructeur_or_expert)
end
if (instructeur_or_expert.is_a?(Instructeur)) && !instructeur_or_expert.follows.exists?(dossier: dossier)
instructeur_or_expert.follow(dossier)
end
create_results = Avis.create(
expert_emails.flat_map do |email|
user = User.create_or_promote_to_expert(email, SecureRandom.hex)
experts_procedure = user.valid? ? ExpertsProcedure.find_or_create_by(procedure: dossier.procedure, expert: user.expert) : nil
allowed_dossiers.map do |dossier|
{
email: email,
introduction: create_avis_params[:introduction],
introduction_file: create_avis_params[:introduction_file],
claimant: instructeur_or_expert,
dossier: dossier,
confidentiel: confidentiel,
experts_procedure: experts_procedure
}
end
end
)
dossier.avis.reload # unload non-persisted avis from dossier
persisted, failed = create_results.partition(&:persisted?)
if persisted.any?
dossier.update!(last_avis_updated_at: Time.zone.now)
sent_emails_addresses = []
persisted.each do |avis|
avis.dossier.demander_un_avis!(avis)
if avis.dossier == dossier
targeted_link = TargetedUserLink.create!(target_context: 'avis', target_model_type: Avis.name, target_model_id: avis.id, user: avis.expert.user)
AvisMailer.avis_invitation(avis, targeted_link).deliver_later
sent_emails_addresses << avis.expert.email
# the email format is already verified, we update value to nil
avis.update_column(:email, nil)
end
end
flash.notice = "Une demande davis a été envoyée à #{sent_emails_addresses.uniq.join(", ")}"
end
if failed.any?
flash.now.alert = failed
.filter { |avis| avis.errors.present? }
.map { |avis| "#{avis.email} : #{avis.errors.full_messages_for(:email).join(', ')}" }
# When an error occurs, return the avis back to the controller
# to give the user a chance to correct and resubmit
Avis.new(create_avis_params.merge(emails: [failed.map(&:email).uniq.join(", ")]))
else
nil
end
end
def create_avis_params
params.require(:avis).permit(:introduction_file, :introduction, :confidentiel, :invite_linked_dossiers, :emails)
end
end