etalab · skelz0r · Dec 10, 2024 · Dec 7, 2024 · Dec 7, 2024 · Dec 7, 2024
diff --git a/app/controllers/editor/authorization_requests_controller.rb b/app/controllers/editor/authorization_requests_controller.rb
@@ -0,0 +1,10 @@
+class Editor::AuthorizationRequestsController < EditorController
+  def index
+    @authorization_requests = current_editor
+      .authorization_requests(api: namespace)
+      .includes(:active_token)
+      .where(
+        status: 'validated'
+      ).page(params[:page])
+  end
+end
diff --git a/app/controllers/editor_controller.rb b/app/controllers/editor_controller.rb
@@ -0,0 +1,24 @@
+class EditorController < ApplicationController
+  include AuthenticatedUserManagement
+
+  before_action :user_is_editor?
+  helper_method :current_editor
+
+  layout 'editor'
+
+  protected
+
+  def current_editor
+    @current_editor ||= current_user.editor
+  end
+
+  private
+
+  def user_is_editor?
+    redirect_to_root unless current_user.editor?
+  end
+
+  def namespace
+    request.host.split('.').first
+  end
+end
diff --git a/app/helpers/external_url_helper.rb b/app/helpers/external_url_helper.rb
@@ -22,6 +22,21 @@ def datapass_base_url
     end
   end
 
+  def datapass_v2_public_authorization_request_url(authorization_request)
+    "#{datapass_v2_base_url(authorization_request.api)}/public/demandes/#{authorization_request.public_id}"
+  end
+
+  def datapass_v2_base_url(api)
+    case Rails.env
+    when 'staging'
+      "https://staging.api-#{api}.v2.datapass.api.gouv.fr"
+    when 'sandbox'
+      "https://sandbox.api-#{api}.v2.datapass.api.gouv.fr"
+    else
+      "https://api-#{api}.v2.datapass.api.gouv.fr"
+    end
+  end
+
   private
 
   def highlight_section(prolong_token_wizard)

diff --git a/app/mailers/api_particulier/reporters_mailer.rb b/app/mailers/api_particulier/reporters_mailer.rb
@@ -1,4 +1,6 @@
 class APIParticulier::ReportersMailer < APIParticulierMailer
+  include ExternalUrlHelper
+
   skip_before_action :attach_logos
 
   helper_method :datapass_v2_public_authorization_request_url
@@ -25,21 +27,6 @@ class APIParticulier::ReportersMailer < APIParticulierMailer
 
   private
 
-  def datapass_v2_public_authorization_request_url(authorization_request)
-    "#{datapass_v2_base_url(authorization_request.api)}/public/demandes/#{authorization_request.public_id}"
-  end
-
-  def datapass_v2_base_url(api)
-    case Rails.env
-    when 'staging'
-      "https://staging.api-#{api}.v2.datapass.api.gouv.fr"
-    when 'sandbox'
-      "https://sandbox.api-#{api}.v2.datapass.api.gouv.fr"
-    else
-      "https://api-#{api}.v2.datapass.api.gouv.fr"
-    end
-  end
-
   def reporter_emails(groups)
     reporters_config.values_at(*groups).flatten
   end

diff --git a/app/views/editor/authorization_requests/index.html.erb b/app/views/editor/authorization_requests/index.html.erb
@@ -0,0 +1,48 @@
+<div class="fr-table fr-table--bordered fr-table--layout-fixed">
+  <table>
+    <caption>
+      Habilitations
+    </caption>
+    <thead>
+      <tr>
+        <%
+          [
+            'DataPass ID',
+            'Intitule',
+            'Jeton principal',
+            'Organization',
+          ].each do |attr|
+        %>
+          <th scope="col">
+            <%= attr %>
+          </th>
+        <% end %>
+      </tr>
+    </thead>
+
+    <tbody>
+      <% @authorization_requests.each do |authorization_request| %>
+        <tr id="<%= dom_id(authorization_request) %>" class="authorization-request">
+          <td class="authorization_request-external_id">
+            <%= link_to("DataPass ##{authorization_request.external_id}", "#{datapass_v2_base_url(authorization_request.api)}/public/demandes/#{authorization_request.public_id}", target: '_blank')%>
+          </td>
+          <td class="authorization_request-intitule">
+            <%= authorization_request.intitule %>
+          </td>
+          <td class="authorization_request-token">
+            <% if authorization_request.token %>
+              <%= render partial: 'shared/tokens/detail_short', locals: { token: authorization_request.token.decorate } %>
+            <% end %>
+          </td>
+          <td class="authorization_request-siret">
+            <a href="https://annuaire-entreprises.data.gouv.fr/etablissement/<%= authorization_request.siret %>" target="_blank">
+              <%= authorization_request.siret %>
+            </a>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+</div>
+
+<%= paginate @authorization_requests %>
diff --git a/app/views/layouts/editor.html.erb b/app/views/layouts/editor.html.erb
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="fr" data-fr-scheme="light">
+  <head>
+    <title>Espace éditeur - <%= t("api_#{namespace}.name") %></title>
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+
+    <%= render partial: 'shared/favicons' %>
+
+    <%= csrf_meta_tags %>
+    <%= csp_meta_tag %>
+
+    <%= stylesheet_link_tag 'admin', media: 'all', 'data-turbo-track': 'reload' %>
+    <%= javascript_include_tag 'admin', 'data-turbo-track': 'reload' %>
+    <%= javascript_include_tag "turbo", type: "module" %>
+    <%= render partial: 'shared/common_head_scripts' %>
+  </head>
+
+  <body>
+    <%= render partial: 'shared/editor/header' %>
+
+    <div class="fr-container fr-mb-5w fr-mt-5w">
+      <turbo-frame id="alerts">
+        <%= render partial: 'shared/alerts' %>
+      </turbo-frame>
+
+      <%= yield %>
+    </div>
+
+    <%= render partial: 'shared/modal' %>
+  </body>
+</html>
diff --git a/app/views/shared/api_entreprise/header/_menu.html.erb b/app/views/shared/api_entreprise/header/_menu.html.erb
@@ -37,6 +37,16 @@
             </li>
           <% end %>
 
+          <% if user_signed_in? && current_user.editor? %>
+            <li class="fr-nav__item">
+              <a class="fr-nav__link center" href="<%= editor_path %>" target="_self">
+                <strong>Espace éditeurs</strong>
+                <br />
+                Gestion clients
+              </a>
+            </li>
+          <% end %>
+
           <li class="ask-access-link fr-nav__item">
             <a class="fr-nav__link center" href="https://api.gouv.fr/les-api/api-entreprise/demande-acces" target="_blank">
               <%= t('.ask_access').html_safe %>

diff --git a/app/views/shared/editor/_header.html.erb b/app/views/shared/editor/_header.html.erb
@@ -0,0 +1,53 @@
+<header class="fr-header">
+  <div class="fr-header__body">
+    <div class="fr-container">
+      <div class="fr-header__body-row">
+        <div class="fr-header__brand fr-enlarge-link">
+          <div class="fr-header__brand-top">
+            <div class="fr-header__logo">
+              <p class="fr-logo">
+              République
+              <br>Française
+              </p>
+            </div>
+            <div class="fr-header__navbar">
+              <!-- <button class="fr&#45;btn&#45;&#45;search fr&#45;btn" data&#45;fr&#45;opened="false" aria&#45;controls="modal&#45;866" title="Rechercher"> -->
+              <!--   Rechercher -->
+              <!-- </button> -->
+              <button class="fr-btn--menu fr-btn" data-fr-opened="false" aria-controls="modal-header-menu" aria-haspopup="menu" title="Menu" id="fr-btn-menu-mobile-1">
+                Menu
+              </button>
+            </div>
+          </div>
+
+          <div class="fr-header__service">
+            <a href="/" title="Accueil - Admin API Entreculier">
+              <p class="fr-header__service-title">
+                Espace éditeur - <%= t("api_#{namespace}.name") %>
+              </p>
+              <p class="fr-header__service-tagline">
+                pour le compte de <strong><%= current_editor.name %></strong>
+              </p>
+            </a>
+          </div>
+        </div>
+        <div class="fr-header__tools">
+          <div class="fr-header__tools-links">
+            <ul class="fr-links-group">
+              <li>
+                <a class="fr-link fr-icon-user-fill" href="<%= editor_path %>">
+                  <%= current_user.full_name %>
+                </a>
+              </li>
+              <li>
+                <a class="fr-link fr-icon-logout-box-r-fill" id="logout_button" href="<%= logout_path %>" target="_self">
+                  Se déconnecter
+                </a>
+              </li>
+            </ul>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</header>
diff --git a/config/routes.rb b/config/routes.rb
@@ -14,6 +14,12 @@
     end
   end
 
+  get '/editeur', to: redirect('/editeur/habilitations'), as: :editor
+
+  namespace :editor, path: 'editeur' do
+    resources :authorization_requests, only: %i[index], path: 'habilitations'
+  end
+
   namespace :api do
     resources :frontal, only: :index
   end

diff --git a/spec/factories/users.rb b/spec/factories/users.rb
@@ -10,6 +10,10 @@
       email { generate(:admin_email) }
     end
 
+    trait :editor do
+      editor
+    end
+
     trait :with_full_name do
       first_name { 'Jean-Marie' }
       last_name { 'Gigot' }

diff --git a/spec/features/editor/access_spec.rb b/spec/features/editor/access_spec.rb
@@ -0,0 +1,41 @@
+RSpec.describe 'Editor: access', app: :api_entreprise do
+  subject(:visit_editor) do
+    visit editor_path
+  end
+
+  context 'without user' do
+    it 'redirects to login path' do
+      visit_editor
+
+      expect(page).to have_current_path(login_path, ignore_query: true)
+    end
+  end
+
+  context 'with user' do
+    let(:user) { create(:user) }
+
+    before do
+      login_as(user)
+    end
+
+    it 'redirects to root' do
+      visit_editor
+
+      expect(page).to have_current_path(root_path, ignore_query: true)
+    end
+  end
+
+  context 'with editor' do
+    let(:user) { create(:user, :editor) }
+
+    before do
+      login_as(user)
+    end
+
+    it 'does not redirect to root' do
+      visit_editor
+
+      expect(page).to have_current_path(editor_authorization_requests_path, ignore_query: true)
+    end
+  end
+end
diff --git a/spec/features/editor/authorization_requests_spec.rb b/spec/features/editor/authorization_requests_spec.rb
@@ -0,0 +1,36 @@
+RSpec.describe 'Editor: authorization requests', app: :api_entreprise do
+  let(:user) { create(:user, editor:) }
+  let(:editor) { create(:editor, form_uids: %w[form1 form2]) }
+
+  before do
+    login_as(user)
+  end
+
+  describe 'index' do
+    let!(:valid_authorization_requests) do
+      [
+        create(:authorization_request, :validated, :with_multiple_tokens_one_valid, api: 'entreprise', demarche: 'form1'),
+        create(:authorization_request, :validated, api: 'entreprise', demarche: 'form2')
+      ]
+    end
+
+    let!(:invalid_authorization_requests) do
+      [
+        create(:authorization_request, :validated, api: 'entreprise', demarche: 'wrong_form'),
+        create(:authorization_request, :validated, api: 'particulier', demarche: 'form1'),
+        create(:authorization_request, api: 'entreprise', demarche: 'form1')
+      ]
+    end
+
+    it 'displays authorization requests linked to editor with token status' do
+      visit editor_authorization_requests_path
+
+      expect(page).to have_css('.authorization-request', count: 2)
+
+      expect(page).to have_css('#' << dom_id(valid_authorization_requests[0]))
+      expect(page).to have_css('#' << dom_id(valid_authorization_requests[1]))
+
+      expect(page).to have_content('Nouveau jeton à utiliser')
+    end
+  end
+end