From f56980e67669868d031a7883eb9b1d3d53d91df8 Mon Sep 17 00:00:00 2001 From: Geoffroy Begouaussel Date: Wed, 13 Nov 2024 17:30:29 +0100 Subject: [PATCH] fix(api): update get-presentation-steps user access to campaign check --- .../domain/usecases/get-presentation-steps.js | 9 +++++---- .../acceptance/application/campaign-route_test.js | 10 ++++++++-- .../domain/usecases/get-presentation-steps_test.js | 13 ++++++++++++- .../domain/usecases/get-presentation-steps_test.js | 12 ++++++++++-- 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/api/src/prescription/campaign/domain/usecases/get-presentation-steps.js b/api/src/prescription/campaign/domain/usecases/get-presentation-steps.js index 92d7b16272f..e66f451ee9a 100644 --- a/api/src/prescription/campaign/domain/usecases/get-presentation-steps.js +++ b/api/src/prescription/campaign/domain/usecases/get-presentation-steps.js @@ -7,6 +7,7 @@ const getPresentationSteps = async function ({ locale, badgeRepository, campaignRepository, + campaignParticipationRepository, learningContentRepository, }) { const campaign = await campaignRepository.getByCode(campaignCode); @@ -15,11 +16,11 @@ const getPresentationSteps = async function ({ if (campaign.archivedAt) throw new ArchivedCampaignError(); if (campaign.deletedAt) throw new DeletedCampaignError(); - const hasUserAccessToResult = await campaignRepository.checkIfUserOrganizationHasAccessToCampaign( - campaign.id, + const hasUserAccessToCampaign = await campaignParticipationRepository.findOneByCampaignIdAndUserId({ + campaignId: campaign.id, userId, - ); - if (!hasUserAccessToResult) + }); + if (!hasUserAccessToCampaign) throw new UserNotAuthorizedToAccessEntityError('User does not have access to this campaign'); const campaignBadges = await badgeRepository.findByCampaignId(campaign.id); diff --git a/api/tests/prescription/campaign/acceptance/application/campaign-route_test.js b/api/tests/prescription/campaign/acceptance/application/campaign-route_test.js index 4607381aa95..2b100735f17 100644 --- a/api/tests/prescription/campaign/acceptance/application/campaign-route_test.js +++ b/api/tests/prescription/campaign/acceptance/application/campaign-route_test.js @@ -358,10 +358,9 @@ describe('Acceptance | API | Campaign Route', function () { const userId = databaseBuilder.factory.buildUser().id; const organization = databaseBuilder.factory.buildOrganization(); - databaseBuilder.factory.buildMembership({ + const organizationLearner = databaseBuilder.factory.buildOrganizationLearner({ userId, organizationId: organization.id, - organizationRole: Membership.roles.MEMBER, }); const targetProfile = databaseBuilder.factory.buildTargetProfile({ organizationId: organization.id }); @@ -381,6 +380,13 @@ describe('Acceptance | API | Campaign Route', function () { campaignId: campaign.id, skillId: learningContentObjects.competences[0].skillIds[0], }); + + databaseBuilder.factory.buildCampaignParticipation({ + userId, + campaignId: campaign.id, + organizationLearnerId: organizationLearner.id, + }); + await databaseBuilder.commit(); // when diff --git a/api/tests/prescription/campaign/integration/domain/usecases/get-presentation-steps_test.js b/api/tests/prescription/campaign/integration/domain/usecases/get-presentation-steps_test.js index 69b27237012..7756ffabae7 100644 --- a/api/tests/prescription/campaign/integration/domain/usecases/get-presentation-steps_test.js +++ b/api/tests/prescription/campaign/integration/domain/usecases/get-presentation-steps_test.js @@ -22,7 +22,18 @@ describe('Integration | Campaign | UseCase | get-presentation-steps', function ( campaign = databaseBuilder.factory.buildCampaign({ targetProfileId }); - user = databaseBuilder.factory.buildUser.withMembership({ organizationId: campaign.organizationId }); + user = databaseBuilder.factory.buildUser(); + + const organizationLearner = databaseBuilder.factory.buildOrganizationLearner({ + userId: user.id, + campaignId: campaign.id, + }); + + databaseBuilder.factory.buildCampaignParticipation({ + userId: user.id, + campaignId: campaign.id, + organizationLearnerId: organizationLearner.id, + }); badges = [ databaseBuilder.factory.buildBadge({ targetProfileId }), diff --git a/api/tests/prescription/campaign/unit/domain/usecases/get-presentation-steps_test.js b/api/tests/prescription/campaign/unit/domain/usecases/get-presentation-steps_test.js index bb833f798a6..4a51c9e6ba2 100644 --- a/api/tests/prescription/campaign/unit/domain/usecases/get-presentation-steps_test.js +++ b/api/tests/prescription/campaign/unit/domain/usecases/get-presentation-steps_test.js @@ -12,6 +12,7 @@ const { FRENCH_SPOKEN } = LOCALE; describe('Unit | Domain | Use Cases | get-presentation-steps', function () { let badgeRepository; let campaignRepository; + let campaignParticipationRepository; let learningContentRepository; const locale = FRENCH_SPOKEN; @@ -23,6 +24,9 @@ describe('Unit | Domain | Use Cases | get-presentation-steps', function () { getByCode: sinon.stub(), checkIfUserOrganizationHasAccessToCampaign: sinon.stub(), }; + campaignParticipationRepository = { + findOneByCampaignIdAndUserId: sinon.stub(), + }; learningContentRepository = { findByCampaignId: sinon.stub() }; }); @@ -75,7 +79,7 @@ describe('Unit | Domain | Use Cases | get-presentation-steps', function () { const campaignId = Symbol('campaign-id'); campaignRepository.getByCode.withArgs(campaignCode).resolves({ id: campaignId }); - campaignRepository.checkIfUserOrganizationHasAccessToCampaign.withArgs(campaignId, userId).resolves(false); + campaignParticipationRepository.findOneByCampaignIdAndUserId.withArgs({ campaignId, userId }).resolves(null); // when const error = await catchErr(getPresentationSteps)({ @@ -83,6 +87,7 @@ describe('Unit | Domain | Use Cases | get-presentation-steps', function () { campaignCode, locale, campaignRepository, + campaignParticipationRepository, badgeRepository, learningContentRepository, }); @@ -98,7 +103,9 @@ describe('Unit | Domain | Use Cases | get-presentation-steps', function () { const campaignId = Symbol('campaign-id'); campaignRepository.getByCode.withArgs(campaignCode).resolves({ id: campaignId }); - campaignRepository.checkIfUserOrganizationHasAccessToCampaign.withArgs(campaignId, userId).resolves(true); + campaignParticipationRepository.findOneByCampaignIdAndUserId + .withArgs({ campaignId, userId }) + .resolves(Symbol('a campaign participation')); // when await getPresentationSteps({ @@ -106,6 +113,7 @@ describe('Unit | Domain | Use Cases | get-presentation-steps', function () { campaignCode, locale, campaignRepository, + campaignParticipationRepository, badgeRepository, learningContentRepository, });