Merge pull request #72 from etalab/features/user-dashboard

Introduce user dashboard with 3 tabs

Author: skelz0r

app/assets/stylesheets/dsfr-extensions.css

@@ -32,6 +32,9 @@
   color: var(--text-default-warning);
 }
 
+.fr-text-grey {
+  color: var(--grey-625-425);
+}
 .fr-bg-alt-blue-france {
   background-color: var(--background-action-low-blue-france);
 }

app/controllers/authorization_request_forms_controller.rb

@@ -27,8 +27,10 @@ def create
   def show
     authorize @authorization_request
 
-    if @authorization_request_form.multiple_steps?
+    if @authorization_request_form.multiple_steps? && @authorization_request.applicant == current_user
       redirect_to_current_build_step
+    elsif @authorization_request_form.multiple_steps?
+      render 'multiple_steps_as_single_page'
     else
       render view_path
     end
@@ -158,7 +160,7 @@ def authorization_request_params
   end
 
   def extract_authorization_request
-    @authorization_request = authorization_request_class.find(params[:id])
+    @authorization_request = authorization_request_class.find(params[:id]).decorate
   end
 
   def authorization_request_class

app/controllers/dashboard_controller.rb

@@ -1,3 +1,20 @@
 class DashboardController < AuthenticatedUserController
-  def index; end
+  layout 'dashboard'
+
+  def index
+    redirect_to dashboard_show_path(id: 'moi')
+  end
+
+  def show
+    case params[:id]
+    when 'moi'
+      @authorization_requests = policy_scope(AuthorizationRequest).where(applicant: current_user)
+    when 'organisation'
+      @authorization_requests = policy_scope(AuthorizationRequest)
+    when 'mentions'
+      @authorization_requests = AuthorizationRequestsMentionsQuery.new(current_user).perform
+    else
+      redirect_to dashboard_show_path(id: 'moi')
+    end
+  end
 end

app/decorators/application_decorator.rb

@@ -1,4 +1,8 @@
 class ApplicationDecorator < Draper::Decorator
+  delegate :t, to: I18n
+
+  delegate :model_name, to: :object
+
   # Define methods for all decorated objects.
   # Helpers are accessed through `helpers` (aka `h`). For example:
   #

app/decorators/authorization_request_decorator.rb

@@ -0,0 +1,21 @@
+class AuthorizationRequestDecorator < ApplicationDecorator
+  delegate_all
+
+  def only_in_contacts?(user)
+    user != object.applicant &&
+      object.contact_types_for(user).present?
+  end
+
+  def humanized_contact_types_for(user)
+    object.contact_types_for(user).map do |contact_type|
+      lookup_i18n_key("#{contact_type}.title").downcase
+    end
+  end
+
+  private
+
+  def lookup_i18n_key(subkey)
+    t("authorization_request_forms.#{object.model_name.element}.#{subkey}", default: nil) ||
+      t("authorization_request_forms.default.#{subkey}")
+  end
+end

app/form_builders/authorization_request_form_builder.rb

@@ -40,7 +40,7 @@ def info_for(block)
   def contacts_infos(contacts = nil)
     return if @template.namespace?(:instruction)
 
-    contacts ||= @object.class.contact_types
+    contacts ||= @object.contact_types
 
     dsfr_accordion(
       I18n.t('authorization_request_forms.default.contacts.info.title'),

app/form_builders/dsfr_form_builder.rb

@@ -193,7 +193,7 @@ def hint_for(attribute)
   end
 
   def label_value(attribute)
-    @object.class.human_attribute_name(attribute)
+    (@object.try(:object) || @object).class.human_attribute_name(attribute)
   end
 
   def enhance_input_options(opts)

app/helpers/authorization_requests_helpers.rb

@@ -24,7 +24,7 @@ def authorization_request_model_path(authorization_request)
       '#'
     elsif authorization_request.new_record?
       authorization_request_forms_path(form_uid: authorization_request.form.uid)
-    elsif authorization_request.form.multiple_steps?
+    elsif authorization_request.form.multiple_steps? && defined?(wizard_path)
       wizard_path
     else
       authorization_request_form_path(form_uid: authorization_request.form.uid, id: authorization_request.id)

app/interactors/create_authorization.rb

@@ -0,0 +1,20 @@
+class CreateAuthorization < ApplicationInteractor
+  def call
+    context.authorization = authorization_request.authorizations.create!(
+      authorization_params
+    )
+  end
+
+  private
+
+  def authorization_request
+    context.authorization_request
+  end
+
+  def authorization_params
+    {
+      data: authorization_request.data,
+      applicant: authorization_request.applicant,
+    }
+  end
+end

app/lib/seeds.rb

@@ -3,8 +3,9 @@ def perform
     create_entities
 
     create_authorization_request(:api_entreprise)
-    create_authorization_request(:api_entreprise, :submitted, attributes: { intitule: 'Marché publics', description: very_long_description })
-    create_authorization_request(:api_particulier, :refused, attributes: { intitule: 'Vente de données personnelles' })
+    create_authorization_request(:api_entreprise, :submitted, attributes: { intitule: 'Marché publics', description: very_long_description, applicant: another_demandeur })
+    create_authorization_request(:api_entreprise, :validated, attributes: { intitule: 'Marché publics', contact_technique_email: demandeur.email, applicant: foreign_demandeur })
+    create_authorization_request(:api_particulier, :refused, attributes: { intitule: 'Vente de données personnelles', applicant: another_demandeur })
     create_authorization_request(:api_particulier, :changes_requested, attributes: { intitule: 'Tarification cantine' })
     create_authorization_request(:portail_hubee_demarche_certdc)
 
@@ -19,25 +20,44 @@ def perform
   def flushdb
     raise 'Not in production!' if production?
 
-    load_all_models!
+    ActiveRecord::Base.connection.tables.each do |table|
+      next if table == 'schema_migrations'
 
-    ActiveRecord::Base.connection.transaction do
-      ApplicationRecord.descendants.each(&:delete_all)
+      ActiveRecord::Base.connection.execute("TRUNCATE TABLE #{table} CASCADE;")
     end
   end
 
   private
 
   def create_entities
     clamart_organization.users << demandeur
+    clamart_organization.users << another_demandeur
+
     dinum_organization.users << api_entreprise_instructor
+    dinum_organization.users << foreign_demandeur
   end
 
   def demandeur
     @demandeur ||= User.create!(
       email: 'user@yopmail.com',
       external_id: '1',
-      current_organization: clamart_organization
+      current_organization: clamart_organization,
+    )
+  end
+
+  def another_demandeur
+    @another_demandeur ||= User.create!(
+      email: 'user10@yopmail.com',
+      external_id: '10',
+      current_organization: clamart_organization,
+    )
+  end
+
+  def foreign_demandeur
+    @foreign_demandeur ||= User.create!(
+      email: 'user11@yopmail.com',
+      external_id: '11',
+      current_organization: dinum_organization,
     )
   end
 
@@ -72,12 +92,14 @@ def create_authorization_request(kind, status = :draft, attributes: {}, traits:
     traits << kind
     traits << status
 
+    applicant = attributes.delete(:applicant) || demandeur
+
     authorization_request = FactoryBot.create(
       :authorization_request,
       *traits,
       {
-        applicant: demandeur,
-        organization: clamart_organization,
+        applicant:,
+        organization: applicant.current_organization,
       }.merge(attributes)
     )
 
@@ -109,6 +131,12 @@ def create_events_for(authorization_request, status)
   # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
 
   def create_event(authorization_request, status, attributes = {})
+    attributes[:user] = if %i[create submit].include?(status)
+                          authorization_request.applicant
+                        else
+                          api_entreprise_instructor
+                        end
+
     FactoryBot.create(
       :authorization_request_event,
       status,

app/models/authorization.rb

@@ -0,0 +1,12 @@
+class Authorization < ApplicationRecord
+  validates :data, presence: true
+
+  belongs_to :applicant,
+    class_name: 'User',
+    inverse_of: :authorizations_as_applicant
+
+  belongs_to :authorization_request
+
+  has_one :organization,
+    through: :authorization_request
+end

app/models/authorization_request.rb

@@ -32,6 +32,17 @@ class AuthorizationRequest < ApplicationRecord
     inverse_of: :authorization_request,
     dependent: :destroy
 
+  has_many :authorizations,
+    class_name: 'Authorization',
+    inverse_of: :authorization_request,
+    dependent: :nullify
+
+  has_one :latest_authorization,
+    -> { order(created_at: :desc).limit(1) },
+    class_name: 'Authorization',
+    inverse_of: :authorization_request,
+    dependent: :nullify
+
   def events
     @events ||= AuthorizationRequestEventsQuery.new(self).perform
   end
@@ -165,6 +176,16 @@ def finished?
     %w[validated refused].include?(state)
   end
 
+  def contact_types_for(user)
+    contact_type_key_values = data.select do |key, value|
+      key =~ /^contact_.*_email$/ && value == user.email
+    end
+
+    contact_type_key_values.keys.map do |key|
+      key.match(/^(.*)_email$/)[1]
+    end
+  end
+
   def applicant_belongs_to_organization
     return if organization.blank? || applicant.blank?
     return unless applicant.organizations.exclude?(organization)

app/models/authorization_request_event.rb

@@ -18,17 +18,18 @@ class AuthorizationRequestEvent < ApplicationRecord
 
   validate :entity_type_is_authorized
 
-  # rubocop:disable Metrics/CyclomaticComplexity
+  # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity
   def entity_type_is_authorized
     return if name.blank? || entity_type.blank?
 
     return if name == 'refuse' && entity_type == 'DenialOfAuthorization'
     return if name == 'request_changes' && entity_type == 'InstructorModificationRequest'
-    return if entity_type == 'AuthorizationRequest'
+    return if name == 'approve' && entity_type == 'Authorization'
+    return if %w[approve refuse request_changes].exclude?(name) && entity_type == 'AuthorizationRequest'
 
     errors.add(:entity_type, :invalid)
   end
-  # rubocop:enable Metrics/CyclomaticComplexity
+  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity
 
   def authorization_request
     entity.authorization_request

app/models/concerns/authorization_core/contacts.rb

@@ -31,7 +31,10 @@ def self.contact(kind, validation_condition: nil)
           contact_types << kind
         end
       end
-
     end
   end
+
+  def contact_types
+    self.class.contact_types
+  end
 end

app/models/user.rb

@@ -13,6 +13,11 @@ class User < ApplicationRecord
     class_name: 'AuthorizationRequest',
     inverse_of: :applicant
 
+  has_many :authorizations_as_applicant,
+    dependent: :restrict_with_exception,
+    class_name: 'Authorization',
+    inverse_of: :applicant
+
   def full_name
     "#{family_name} #{given_name}"
   end

app/organizers/approve_authorization_request.rb

@@ -1,10 +1,12 @@
 class ApproveAuthorizationRequest < ApplicationOrganizer
   before do
     context.state_machine_event = :approve
+    context.event_entity = :authorization
   end
 
   organize TriggerAuthorizationRequestEvent,
     ExecuteAuthorizationRequestBridge,
+    CreateAuthorization,
     CreateAuthorizationRequestEventModel,
     DeliverAuthorizationRequestNotification
 end

app/policies/application_policy.rb

@@ -37,6 +37,8 @@ def destroy?
   delegate :current_organization, to: :user
 
   class Scope
+    delegate :current_organization, to: :user
+
     def initialize(user, scope)
       @user = user
       @scope = scope

app/policies/authorization_request_policy.rb

@@ -5,25 +5,34 @@ def new?
   end
 
   def show?
-    same_user?
+    same_current_organization? ||
+      current_user_is_contact?
   end
 
   def update?
-    same_user? &&
+    same_user_and_organization? &&
       record.in_draft?
   end
 
   def submit?
-    same_user? &&
+    same_user_and_organization? &&
       record.persisted? &&
       record.in_draft?
   end
 
   private
 
-  def same_user?
+  def same_current_organization?
+    record.organization == current_organization
+  end
+
+  def same_user_and_organization?
     record.applicant == user &&
-      record.organization == current_organization
+      same_current_organization?
+  end
+
+  def current_user_is_contact?
+    record.contact_types_for(user).any?
   end
 
   def unicity_constraint_violated?
@@ -35,4 +44,10 @@ def unicity_constraint_violated?
   def another_authorization_request_with_same_type_exists?
     current_organization.authorization_requests.where(type: record.to_s).any?
   end
+
+  class Scope < Scope
+    def resolve
+      scope.where(organization: current_organization)
+    end
+  end
 end