fix(backend): fix unit test for security

SocialGouv · Nov 4, 2024 · e3bcaa9 · e3bcaa9
1 parent 1e091fc
commit e3bcaa9
Show file tree

Hide file tree

Showing 10 changed files with 60 additions and 15 deletions.
diff --git a/_scripts/db/dumps/domifa_test.postgres.custom.gz b/_scripts/db/dumps/domifa_test.postgres.custom.gz
diff --git a/_scripts/db/dumps/domifa_test.postgres.restore-data-only.sql b/_scripts/db/dumps/domifa_test.postgres.restore-data-only.sql
@@ -187,7 +187,6 @@ cc452c79-3669-4dc6-85fa-564631a3d48b	2024-06-10 23:41:59.530897+02	2024-10-29 23
 --
 
 COPY public.public_stats_cache (uuid, "createdAt", "updatedAt", version, key, stats) FROM stdin;
-127f1519-0037-4715-96b6-2c9e9235474e	2024-10-30 22:33:21.504391+01	2024-10-30 22:33:21.504391+01	1	public-stats	{"actifs": 11, "usersCount": 10, "usagersCount": 20, "courrierInCount": 5, "structuresCount": 5, "courrierOutCount": 2, "usagersCountByMonth": [{"name": "oct.", "value": 0}, {"name": "nov.", "value": 0}, {"name": "déc.", "value": 0}, {"name": "janv.", "value": 0}, {"name": "févr.", "value": 0}, {"name": "mars", "value": 0}, {"name": "avr.", "value": 0}, {"name": "mai", "value": 0}, {"name": "juin", "value": 0}, {"name": "juil.", "value": 0}, {"name": "août", "value": 0}, {"name": "sept.", "value": 0}], "structuresCountByRegion": [{"count": 2, "region": "52"}, {"count": 1, "region": "03"}, {"count": 1, "region": "11"}, {"count": 1, "region": "75"}], "interactionsCountByMonth": [{"name": "oct.", "value": 0}, {"name": "nov.", "value": 0}, {"name": "déc.", "value": 0}, {"name": "janv.", "value": 0}, {"name": "févr.", "value": 0}, {"name": "mars", "value": 0}, {"name": "avr.", "value": 0}, {"name": "mai", "value": 0}, {"name": "juin", "value": 0}, {"name": "juil.", "value": 0}, {"name": "août", "value": 0}, {"name": "sept.", "value": 0}], "structuresCountByTypeMap": {"asso": 2, "ccas": 1, "cias": 2}}
 \.
 
 

diff --git a/_scripts/db/dumps/domifa_test.postgres.truncate-restore-data-only.sql b/_scripts/db/dumps/domifa_test.postgres.truncate-restore-data-only.sql
@@ -227,7 +227,6 @@ cc452c79-3669-4dc6-85fa-564631a3d48b	2024-06-10 23:41:59.530897+02	2024-10-29 23
 --
 
 COPY public.public_stats_cache (uuid, "createdAt", "updatedAt", version, key, stats) FROM stdin;
-127f1519-0037-4715-96b6-2c9e9235474e	2024-10-30 22:33:21.504391+01	2024-10-30 22:33:21.504391+01	1	public-stats	{"actifs": 11, "usersCount": 10, "usagersCount": 20, "courrierInCount": 5, "structuresCount": 5, "courrierOutCount": 2, "usagersCountByMonth": [{"name": "oct.", "value": 0}, {"name": "nov.", "value": 0}, {"name": "déc.", "value": 0}, {"name": "janv.", "value": 0}, {"name": "févr.", "value": 0}, {"name": "mars", "value": 0}, {"name": "avr.", "value": 0}, {"name": "mai", "value": 0}, {"name": "juin", "value": 0}, {"name": "juil.", "value": 0}, {"name": "août", "value": 0}, {"name": "sept.", "value": 0}], "structuresCountByRegion": [{"count": 2, "region": "52"}, {"count": 1, "region": "03"}, {"count": 1, "region": "11"}, {"count": 1, "region": "75"}], "interactionsCountByMonth": [{"name": "oct.", "value": 0}, {"name": "nov.", "value": 0}, {"name": "déc.", "value": 0}, {"name": "janv.", "value": 0}, {"name": "févr.", "value": 0}, {"name": "mars", "value": 0}, {"name": "avr.", "value": 0}, {"name": "mai", "value": 0}, {"name": "juin", "value": 0}, {"name": "juil.", "value": 0}, {"name": "août", "value": 0}, {"name": "sept.", "value": 0}], "structuresCountByTypeMap": {"asso": 2, "ccas": 1, "cias": 2}}
 \.
 
 

diff --git a/packages/backend/src/auth/guards/usager-doc-access.guard.ts b/packages/backend/src/auth/guards/usager-doc-access.guard.ts
@@ -17,11 +17,7 @@ export class UsagerDocAccessGuard implements CanActivate {
     const request = context.switchToHttp().getRequest();
     const user = request?.user as UserStructureAuthenticated;
 
-    if (
-      user?.role === "facteur" ||
-      !isUUID(request.params.docUuid) ||
-      !isNumber(user?.structureId)
-    ) {
+    if (!isUUID(request.params.docUuid) || !isNumber(user?.structureId)) {
       appLogger.error("[UsagerDocAccessGuard] invalid docUuid or structureId", {
         sentry: true,
         context: {
@@ -34,6 +30,10 @@ export class UsagerDocAccessGuard implements CanActivate {
       throw new HttpException("USAGER_DOC_NOT_FOUND", HttpStatus.BAD_REQUEST);
     }
 
+    if (user?.role === "facteur") {
+      throw new HttpException("CANNOT_GET_DOC", HttpStatus.UNAUTHORIZED);
+    }
+
     const docUuid = request.params.docUuid;
 
     try {

diff --git a/...s/backend/src/usagers/controllers/security-tests/usager-docs.controller.security-tests.ts b/...s/backend/src/usagers/controllers/security-tests/usager-docs.controller.security-tests.ts
@@ -43,13 +43,14 @@ export const UsagerDocsControllerSecurityTests: AppTestHttpClientSecurityTestDef
           context.user,
           {
             roles: ["simple", "responsable", "admin"],
+            validStructureIds: [1],
             validExpectedResponseStatus: HttpStatus.OK, // filesystem document does not exists in tests
           }
         ),
       }),
     },
     {
-      label: `${CONTROLLER}.patchDocument`,
+      label: `${CONTROLLER}.patchDocument (wrong payload)`,
       query: async (context: AppTestContext) => ({
         response: await AppTestHttpClient.patch(
           "/docs/7/542a0da1-ea1c-48ab-8026-67a4248b1c47",
@@ -66,12 +67,16 @@ export const UsagerDocsControllerSecurityTests: AppTestHttpClientSecurityTestDef
           {
             roles: ["simple", "responsable", "admin"],
             validExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            invalidStructureIdExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+
+            allowSuperAdminDomifa: false,
+            validStructureIds: [1],
           }
         ),
       }),
     },
     {
-      label: `${CONTROLLER}.patchDocument`,
+      label: `${CONTROLLER}.patchDocument (Good payload)`,
       query: async (context: AppTestContext) => ({
         response: await AppTestHttpClient.patch(
           "/docs/7/542a0da1-ea1c-48ab-8026-67a4248b1c47",
@@ -87,16 +92,19 @@ export const UsagerDocsControllerSecurityTests: AppTestHttpClientSecurityTestDef
           context.user,
           {
             roles: ["simple", "responsable", "admin"],
-            validExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            validExpectedResponseStatus: HttpStatus.OK,
+            invalidStructureIdExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            allowSuperAdminDomifa: false,
+            validStructureIds: [1],
           }
         ),
       }),
     },
     {
-      label: `${CONTROLLER}.patchDocument`,
+      label: `${CONTROLLER}.patchDocument (wrong id)`,
       query: async (context: AppTestContext) => ({
         response: await AppTestHttpClient.patch(
-          "/docs/7/542a0da1-ea1c-48ab-8026-67a4248b1c47",
+          "/docs/xxxxxxx/542a0da1-ea1c-48ab-8026-67a4248b1c47",
           {
             context,
             body: {
@@ -106,10 +114,13 @@ export const UsagerDocsControllerSecurityTests: AppTestHttpClientSecurityTestDef
           }
         ),
         expectedStatus: expectedResponseStatusBuilder.allowStructureOnly(
-          { ...context.user, structureRole: "facteur" },
+          context.user,
           {
+            allowSuperAdminDomifa: false,
             roles: ["simple", "responsable", "admin"],
             validExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            invalidStructureIdExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            validStructureIds: [1],
           }
         ),
       }),

diff --git a/...src/app/modules/structure-stats/components/structure-stats/structure-stats.component.html b/...src/app/modules/structure-stats/components/structure-stats/structure-stats.component.html
@@ -4,6 +4,9 @@
       class="px-0 py-2 mx-0 d-md-flex justify-content-between align-items-center"
     >
       <h1>Rapport d'activité et statistiques</h1>
+      <div class="d-print-block">
+        {{ me?.structure.nom }}
+      </div>
       <div class="px-0 mx-0 d-block d-md-flex align-items-center">
         <button
           (click)="export()"

diff --git a/...d/src/app/modules/structure-stats/components/structure-stats/structure-stats.component.ts b/...d/src/app/modules/structure-stats/components/structure-stats/structure-stats.component.ts
@@ -63,7 +63,7 @@ export class StuctureStatsComponent
 
   public fromDate: NgbDate;
   public toDate: NgbDate | null = null;
-  private me!: UserStructure | null;
+  public me!: UserStructure | null;
 
   private readonly subscription = new Subscription();
   public readonly ENTRETIEN_SITUATION_PRO = ENTRETIEN_SITUATION_PRO;

diff --git a/...d/src/app/modules/usager-shared/components/edit-usager-doc/edit-usager-doc.component.html b/...d/src/app/modules/usager-shared/components/edit-usager-doc/edit-usager-doc.component.html
@@ -71,7 +71,7 @@
         </div>
       </fieldset>
 
-      <div class="alert alert-info">
+      <div class="alert alert-info" *ngIf="usager.options.portailUsagerEnabled">
         Attention: le domicilié pourra télécharger le document depuis un
         ordinateur ou un téléphone
       </div>

diff --git a/packages/frontend/src/assets/files/news.json b/packages/frontend/src/assets/files/news.json
@@ -1,4 +1,24 @@
 [
+  {
+    "date": "2024-11-04",
+    "description": "Du nouveau dans les documents 📂",
+    "content": [
+      {
+        "type": "new",
+        "categorie": "Modification des noms de documents",
+        "message": [
+          "Vous pouvez modifier les titres des documents de la structure ainsi que les pièces jointes des domiciliés sans avoir besoin de télécharger de nouveau le document."
+        ]
+      },
+      {
+        "type": "new",
+        "categorie": "Partage des pièces jointes sur le portail domicilié",
+        "message": [
+          "Il est désormais possible de modifier le niveau de confidentialité de chacun des documents de les rendre accessible aux domiciliés depuis leur portail."
+        ]
+      }
+    ]
+  },
   {
     "date": "2024-10-22",
     "description": "Nouveautés et améliorations diverses sur DomiFa",

diff --git a/packages/portail-usagers/src/assets/files/news.json b/packages/portail-usagers/src/assets/files/news.json
@@ -1,4 +1,17 @@
 [
+  {
+    "date": "2024-11-04",
+    "description": "Une nouvelle section documents",
+    "content": [
+      {
+        "type": "new",
+        "categorie": "Ajout d'un espace de documents avec l'accès de vos pièces jointes partagées par votre structure de domiciliation",
+        "message": [
+          "Vous pouvez accéder aux documents partagés par votre structure. Il ne s'agit pas d'un espace de stockage, vous ne pouvez pas enregistrez de documents sur votre compte Mon DomiFa."
+        ]
+      }
+    ]
+  },
   {
     "date": "2024-10-22",
     "description": "Plus d'informations sur votre portail",
-Original file line number
+Diff line change
@@ Expand Up @@
     --
     COPY public.public_stats_cache (uuid, "createdAt", "updatedAt", version, key, stats) FROM stdin;
-f1519-0037-4715-96b6-2c9e9235474e	2024-10-30 22:33:21.504391+01	2024-10-30 22:33:21.504391+01	1	public-stats	{"actifs": 11, "usersCount": 10, "usagersCount": 20, "courrierInCount": 5, "structuresCount": 5, "courrierOutCount": 2, "usagersCountByMonth": [{"name": "oct.", "value": 0}, {"name": "nov.", "value": 0}, {"name": "déc.", "value": 0}, {"name": "janv.", "value": 0}, {"name": "févr.", "value": 0}, {"name": "mars", "value": 0}, {"name": "avr.", "value": 0}, {"name": "mai", "value": 0}, {"name": "juin", "value": 0}, {"name": "juil.", "value": 0}, {"name": "août", "value": 0}, {"name": "sept.", "value": 0}], "structuresCountByRegion": [{"count": 2, "region": "52"}, {"count": 1, "region": "03"}, {"count": 1, "region": "11"}, {"count": 1, "region": "75"}], "interactionsCountByMonth": [{"name": "oct.", "value": 0}, {"name": "nov.", "value": 0}, {"name": "déc.", "value": 0}, {"name": "janv.", "value": 0}, {"name": "févr.", "value": 0}, {"name": "mars", "value": 0}, {"name": "avr.", "value": 0}, {"name": "mai", "value": 0}, {"name": "juin", "value": 0}, {"name": "juil.", "value": 0}, {"name": "août", "value": 0}, {"name": "sept.", "value": 0}], "structuresCountByTypeMap": {"asso": 2, "ccas": 1, "cias": 2}}
     \.
@@ Expand Down @@