[FEATURE] Ajouter un prehandler pour la route de récupération d'une l…

…iste d'attestations (PIX-15593) #10721
1024pix · Dec 5, 2024 · e9763c5 · e9763c5
2 parents badb4be + 08c782a
commit e9763c5
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 0 deletions.
diff --git a/api/src/prescription/organization-learner/application/organization-learners-route.js b/api/src/prescription/organization-learner/application/organization-learners-route.js
@@ -45,6 +45,12 @@ const register = async function (server) {
             method: securityPreHandlers.checkUserBelongsToOrganization,
             assign: 'checkUserBelongsToOrganization',
           },
+          {
+            method: securityPreHandlers.makeCheckOrganizationHasFeature(
+              ORGANIZATION_FEATURE.ATTESTATIONS_MANAGEMENT.key,
+            ),
+            assign: 'makeCheckOrganizationHasFeature',
+          },
         ],
         validate: {
           params: Joi.object({

diff --git a/...escription/organization-learner/acceptance/application/organization-learner-route_test.js b/...escription/organization-learner/acceptance/application/organization-learner-route_test.js
@@ -22,8 +22,12 @@ describe('Prescription | Organization Learner | Acceptance | Application | Organ
   describe('GET /api/organizations/{organizationId}/attestations/{attestationKey}', function () {
     it('should return 200 status code and right content type', async function () {
       // given
+      const attestationFeatureId = databaseBuilder.factory.buildFeature(
+        ORGANIZATION_FEATURE.ATTESTATIONS_MANAGEMENT,
+      ).id;
       const userId = databaseBuilder.factory.buildUser().id;
       const organizationId = databaseBuilder.factory.buildOrganization().id;
+      databaseBuilder.factory.buildOrganizationFeature({ organizationId, featureId: attestationFeatureId });
       databaseBuilder.factory.buildMembership({
         userId,
         organizationId,

diff --git a/...ts/prescription/organization-learner/unit/application/organization-learners-route_test.js b/...ts/prescription/organization-learner/unit/application/organization-learners-route_test.js
@@ -39,4 +39,66 @@ describe('Prescription | Unit | Router | organization-learner-router', function
       );
     });
   });
+
+  describe('GET /api/organizations/{organizationId}/attestations/{attestationKey}', function () {
+    const method = 'GET';
+
+    it('should throw 403 if organization does not have feature activated', async function () {
+      // given
+      sinon.stub(securityPreHandlers, 'checkUserBelongsToOrganization').callsFake((request, h) => h.response(true));
+      sinon.stub(securityPreHandlers, 'makeCheckOrganizationHasFeature').callsFake(
+        () => (request, h) =>
+          h
+            .response({ errors: new Error('forbidden') })
+            .code(403)
+            .takeover(),
+      );
+      sinon
+        .stub(organizationLearnersController, 'getAttestationZipForDivisions')
+        .callsFake((request, h) => h.response('ok'));
+
+      const httpTestServer = new HttpTestServer();
+      await httpTestServer.register(moduleUnderTest);
+
+      const url = '/api/organizations/1/attestations/key';
+
+      // when
+      const response = await httpTestServer.request(method, url);
+
+      // then
+      expect(response.statusCode).to.equal(403);
+      expect(organizationLearnersController.getAttestationZipForDivisions).to.not.have.been.called;
+    });
+
+    it('should call prehandlers before calling controller method', async function () {
+      // given
+      sinon
+        .stub(organizationLearnersController, 'getAttestationZipForDivisions')
+        .callsFake((request, h) => h.response('ok').code(200));
+      sinon.stub(securityPreHandlers, 'checkUserBelongsToOrganization').callsFake((request, h) => h.response(true));
+      sinon
+        .stub(securityPreHandlers, 'makeCheckOrganizationHasFeature')
+        .callsFake(() => (request, h) => h.response(true));
+
+      const httpTestServer = new HttpTestServer();
+      await httpTestServer.register(moduleUnderTest);
+
+      const url = '/api/organizations/1/attestations/key';
+
+      // when
+      const response = await httpTestServer.request(method, url);
+
+      // then
+      expect(response.statusCode).to.equal(200);
+      expect(securityPreHandlers.checkUserBelongsToOrganization).to.have.been.calledBefore(
+        organizationLearnersController.getAttestationZipForDivisions,
+      );
+      expect(securityPreHandlers.makeCheckOrganizationHasFeature).calledWithExactly(
+        ORGANIZATION_FEATURE.ATTESTATIONS_MANAGEMENT.key,
+      );
+      expect(securityPreHandlers.makeCheckOrganizationHasFeature).to.have.been.calledBefore(
+        organizationLearnersController.getAttestationZipForDivisions,
+      );
+    });
+  });
 });