Merge pull request #2643 from betagouv/new-dossier-fix-invites

[Dossier] Corrige les accès invités
demarches-simplifiees · Sep 24, 2018 · 422d200 · 422d200
2 parents 73ac6f2 + 2382098
commit 422d200
Show file tree

Hide file tree

Showing 8 changed files with 41 additions and 19 deletions.
diff --git a/app/assets/stylesheets/new_design/dossier_show.scss b/app/assets/stylesheets/new_design/dossier_show.scss
@@ -11,7 +11,7 @@
     }
 
     .title-container {
-      margin-bottom: $default-padding * 2;
+      margin-bottom: $default-spacer;
       padding-left: 32px;
 
       .icon.folder {
@@ -31,6 +31,11 @@
       color: $grey;
       font-weight: bold;
     }
+
+    .header-actions {
+      margin-bottom: $default-spacer;
+      text-align: right;
+    }
   }
 
   .button.edit-form {

diff --git a/app/controllers/new_user/dossiers_controller.rb b/app/controllers/new_user/dossiers_controller.rb
@@ -2,8 +2,11 @@ module NewUser
   class DossiersController < UserController
     include DossierHelper
 
-    before_action :ensure_ownership!, except: [:index, :show, :demande, :messagerie, :brouillon, :update_brouillon, :modifier, :update, :recherche]
-    before_action :ensure_ownership_or_invitation!, only: [:show, :demande, :messagerie, :brouillon, :update_brouillon, :modifier, :update, :create_commentaire]
+    ACTIONS_ALLOWED_TO_ANY_USER = [:index, :recherche]
+    ACTIONS_ALLOWED_TO_OWNER_OR_INVITE = [:show, :demande, :messagerie, :brouillon, :update_brouillon, :modifier, :update, :create_commentaire]
+
+    before_action :ensure_ownership!, except: ACTIONS_ALLOWED_TO_ANY_USER + ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
+    before_action :ensure_ownership_or_invitation!, only: ACTIONS_ALLOWED_TO_OWNER_OR_INVITE
     before_action :ensure_dossier_can_be_updated, only: [:update_identite, :update_brouillon, :modifier, :update]
     before_action :forbid_invite_submission!, only: [:update_brouillon]
     before_action :forbid_closed_submission!, only: [:update_brouillon]
@@ -122,14 +125,14 @@ def update
         flash.now.alert = errors
         render :modifier
       else
-        if current_user.owns?(dossier)
-          if Flipflop.new_dossier_details?
-            redirect_to demande_dossier_path(@dossier)
-          else
+        if Flipflop.new_dossier_details?
+          redirect_to demande_dossier_path(@dossier)
+        else
+          if current_user.owns?(dossier)
             redirect_to users_dossier_recapitulatif_path(@dossier)
+          else
+            redirect_to users_dossiers_invite_path(@dossier.invite_for_user(current_user))
           end
-        else
-          redirect_to users_dossiers_invite_path(@dossier.invite_for_user(current_user))
         end
       end
     end

diff --git a/app/controllers/users/dossiers/invites_controller.rb b/app/controllers/users/dossiers/invites_controller.rb
@@ -12,6 +12,10 @@ def authenticate_user!
   def show
     @facade = InviteDossierFacades.new params[:id].to_i, current_user.email
 
+    if Flipflop.new_dossier_details?
+      return redirect_to dossier_path(@facade.dossier)
+    end
+
     if @facade.dossier.brouillon?
       redirect_to brouillon_dossier_path(@facade.dossier)
     else

diff --git a/app/views/invites/_dropdown.html.haml b/app/views/invites/_dropdown.html.haml
@@ -0,0 +1,10 @@
+%span.button.dropdown.invite-user-action
+  %span.icon.person
+  - if dossier.invites.count > 0
+    Voir les personnes invitées
+    %span.badge= dossier.invites.count
+  - else
+    Inviter une personne à modifier ce dossier
+
+  .dropdown-content.fade-in-down
+    = render partial: "invites/form", locals: { dossier: dossier }
diff --git a/app/views/new_user/dossiers/show/_header.html.haml b/app/views/new_user/dossiers/show/_header.html.haml
@@ -7,6 +7,10 @@
       %h1= dossier.procedure.libelle
       %h2 Dossier nº #{dossier.id}
 
+    - if current_user.owns?(dossier)
+      .header-actions
+        = render partial: 'invites/dropdown', locals: { dossier: dossier }
+
     %ul.tabs
       = dynamic_tab_item('Résumé', dossier_path(dossier))
       = dynamic_tab_item('Demande', [demande_dossier_path(dossier), modifier_dossier_path(dossier)])

diff --git a/app/views/shared/dossiers/_header.html.haml b/app/views/shared/dossiers/_header.html.haml
@@ -4,13 +4,4 @@
 
 .dossier-form-actions
   - if current_user.owns?(dossier)
-    %span.button.dropdown.invite-user-action
-      %span.icon.person
-      - if dossier.invites.count > 0
-        Voir les personnes invitées
-        %span.badge= dossier.invites.count
-      - else
-        Inviter une personne à modifier ce dossier
-
-      .dropdown-content.fade-in-down
-        = render partial: "invites/form", locals: { dossier: dossier }
+    = render partial: 'invites/dropdown', locals: { dossier: dossier }
diff --git a/spec/views/new_user/dossiers/demande.html.haml_spec.rb b/spec/views/new_user/dossiers/demande.html.haml_spec.rb
@@ -5,6 +5,7 @@
   let(:dossier) { create(:dossier, :en_construction, :with_entreprise, procedure: procedure) }
 
   before do
+    sign_in dossier.user
     assign(:dossier, dossier)
   end
 

diff --git a/spec/views/new_user/dossiers/show/_header.html.haml_spec.rb b/spec/views/new_user/dossiers/show/_header.html.haml_spec.rb
@@ -1,6 +1,10 @@
 describe 'new_user/dossiers/show/header.html.haml', type: :view do
   let(:dossier) { create(:dossier, :en_construction, procedure: create(:procedure)) }
 
+  before do
+    sign_in dossier.user
+  end
+
   subject! { render 'new_user/dossiers/show/header.html.haml', dossier: dossier }
 
   it 'affiche les informations du dossier' do