From 8abe7af4e6d56dca74d656c65971e5aaf2558d63 Mon Sep 17 00:00:00 2001 From: Antoine Girard Date: Mon, 25 Nov 2024 15:40:32 +0100 Subject: [PATCH] Review --- .../api}/agenda/absences_controller.rb | 2 +- .../agenda/plage_ouvertures_controller.rb | 2 +- .../api}/agenda/rdvs_controller.rb | 2 +- app/controllers/admin/api/base_controller.rb | 22 ++++ .../api/internal/base_controller.rb | 39 ------- app/javascript/components/calendar.js | 8 +- app/views/admin/agent_agendas/show.html.slim | 2 +- .../api}/agenda/absences/index.json.jb | 0 .../agenda/plage_ouvertures/index.json.jb | 0 .../api}/agenda/rdvs/_rdv.json.jb | 0 .../agenda/rdvs/_rdv_without_details.json.jb | 0 .../api}/agenda/rdvs/index.json.jb | 0 .../admin/plage_ouvertures/calendar.html.slim | 2 +- config/routes.rb | 7 ++ config/routes/api.rb | 10 -- .../admin/agenda/rdvs_controller_spec.rb | 95 ---------------- .../agenda/absences_controller_spec.rb | 9 +- .../plage_ouvertures_controller_spec.rb | 9 +- .../admin/api/agenda/rdvs_controller_spec.rb | 104 ++++++++++++++++++ 19 files changed, 156 insertions(+), 157 deletions(-) rename app/controllers/{api/internal/admin => admin/api}/agenda/absences_controller.rb (79%) rename app/controllers/{api/internal/admin => admin/api}/agenda/plage_ouvertures_controller.rb (85%) rename app/controllers/{api/internal/admin => admin/api}/agenda/rdvs_controller.rb (92%) create mode 100644 app/controllers/admin/api/base_controller.rb delete mode 100644 app/controllers/api/internal/base_controller.rb rename app/views/{api/internal/admin => admin/api}/agenda/absences/index.json.jb (100%) rename app/views/{api/internal/admin => admin/api}/agenda/plage_ouvertures/index.json.jb (100%) rename app/views/{api/internal/admin => admin/api}/agenda/rdvs/_rdv.json.jb (100%) rename app/views/{api/internal/admin => admin/api}/agenda/rdvs/_rdv_without_details.json.jb (100%) rename app/views/{api/internal/admin => admin/api}/agenda/rdvs/index.json.jb (100%) delete mode 100644 spec/controllers/admin/agenda/rdvs_controller_spec.rb rename spec/controllers/admin/{ => api}/agenda/absences_controller_spec.rb (87%) rename spec/controllers/admin/{ => api}/agenda/plage_ouvertures_controller_spec.rb (88%) create mode 100644 spec/controllers/admin/api/agenda/rdvs_controller_spec.rb diff --git a/app/controllers/api/internal/admin/agenda/absences_controller.rb b/app/controllers/admin/api/agenda/absences_controller.rb similarity index 79% rename from app/controllers/api/internal/admin/agenda/absences_controller.rb rename to app/controllers/admin/api/agenda/absences_controller.rb index de77b6ba0f..77cefacbd7 100644 --- a/app/controllers/api/internal/admin/agenda/absences_controller.rb +++ b/app/controllers/admin/api/agenda/absences_controller.rb @@ -1,4 +1,4 @@ -class Api::Internal::Admin::Agenda::AbsencesController < Api::Internal::BaseController +class Admin::Api::Agenda::AbsencesController < Admin::Api::BaseController def index agent = Agent.find(params[:agent_id]) @organisation = Organisation.find(params[:organisation_id]) diff --git a/app/controllers/api/internal/admin/agenda/plage_ouvertures_controller.rb b/app/controllers/admin/api/agenda/plage_ouvertures_controller.rb similarity index 85% rename from app/controllers/api/internal/admin/agenda/plage_ouvertures_controller.rb rename to app/controllers/admin/api/agenda/plage_ouvertures_controller.rb index 19f557b942..66b2460615 100644 --- a/app/controllers/api/internal/admin/agenda/plage_ouvertures_controller.rb +++ b/app/controllers/admin/api/agenda/plage_ouvertures_controller.rb @@ -1,4 +1,4 @@ -class Api::Internal::Admin::Agenda::PlageOuverturesController < Api::Internal::BaseController +class Admin::Api::Agenda::PlageOuverturesController < Admin::Api::BaseController def index @agent = Agent.find(params[:agent_id]) @organisation = Organisation.find(params[:organisation_id]) diff --git a/app/controllers/api/internal/admin/agenda/rdvs_controller.rb b/app/controllers/admin/api/agenda/rdvs_controller.rb similarity index 92% rename from app/controllers/api/internal/admin/agenda/rdvs_controller.rb rename to app/controllers/admin/api/agenda/rdvs_controller.rb index 614d1eba50..617cceac68 100644 --- a/app/controllers/api/internal/admin/agenda/rdvs_controller.rb +++ b/app/controllers/admin/api/agenda/rdvs_controller.rb @@ -1,4 +1,4 @@ -class Api::Internal::Admin::Agenda::RdvsController < Api::Internal::BaseController +class Admin::Api::Agenda::RdvsController < Admin::Api::BaseController def index agent = Agent.find(params[:agent_id]) @organisation = Organisation.find(params[:organisation_id]) diff --git a/app/controllers/admin/api/base_controller.rb b/app/controllers/admin/api/base_controller.rb new file mode 100644 index 0000000000..c6ac892979 --- /dev/null +++ b/app/controllers/admin/api/base_controller.rb @@ -0,0 +1,22 @@ +class Admin::Api::BaseController < ApplicationController + include Admin::AuthenticatedControllerConcern + + respond_to :json + + private + + def time_range_params + start_time = params.require(:start) + end_time = params.require(:end) + Time.zone.parse(start_time)..Time.zone.parse(end_time) + end + + def date_range_params + (time_range_params.begin.to_date)..(time_range_params.end.to_date) + end + helper_method :date_range_params + + def pundit_user + AgentContext.new(current_agent) + end +end diff --git a/app/controllers/api/internal/base_controller.rb b/app/controllers/api/internal/base_controller.rb deleted file mode 100644 index 4b88f9ad48..0000000000 --- a/app/controllers/api/internal/base_controller.rb +++ /dev/null @@ -1,39 +0,0 @@ -class Api::Internal::BaseController < ApplicationController - rescue_from Pundit::NotAuthorizedError, with: :agent_not_authorized - - before_action :authenticate_agent! - before_action :set_default_format - - private - - # On override la méthode de devise pour renvoyer une erreur JSON plutôt qu'une redirection - def authenticate_agent! - unless current_agent - render json: { error: "Unauthorized" }, status: :unauthorized - end - end - - def agent_not_authorized(exception) - policy_name = exception.policy.class.to_s.underscore - render json: { error: t("#{policy_name}.#{exception.query}", scope: "pundit", default: :default) }, status: :forbidden - end - - def set_default_format - request.format = :json - end - - def time_range_params - start_time = params.require(:start) - end_time = params.require(:end) - Time.zone.parse(start_time)..Time.zone.parse(end_time) - end - - def date_range_params - (time_range_params.begin.to_date)..(time_range_params.end.to_date) - end - helper_method :date_range_params - - def pundit_user - AgentContext.new(current_agent) - end -end diff --git a/app/javascript/components/calendar.js b/app/javascript/components/calendar.js index 968a067cae..9e57654675 100644 --- a/app/javascript/components/calendar.js +++ b/app/javascript/components/calendar.js @@ -243,12 +243,8 @@ class CalendarRdvSolidarites { return now >= activeStart && now <= activeEnd; } - handleAjaxError = (error) => { - if (error.xhr.status === 401) { - window.location.reload(); - } else { - alert(`Le chargement du calendrier a échoué; un rapport d’erreur a été transmis à l’équipe.\nRechargez la page, et si ce problème persiste, contactez-nous à support@rdv-service-public.fr.`); - } + handleAjaxError = () => { + alert(`Le chargement du calendrier a échoué; un rapport d’erreur a été transmis à l’équipe.\nRechargez la page, et si ce problème persiste, contactez-nous à support@rdv-service-public.fr.`); } } diff --git a/app/views/admin/agent_agendas/show.html.slim b/app/views/admin/agent_agendas/show.html.slim index 22f6ef513b..a9a9a6151d 100644 --- a/app/views/admin/agent_agendas/show.html.slim +++ b/app/views/admin/agent_agendas/show.html.slim @@ -18,7 +18,7 @@ data-selected-event-id="#{@selected_event_id}" data-organisation-id="#{@organisation.id}" data-display-saturdays="#{current_agent.display_saturdays}" - data-event-sources-json="#{[api_internal_admin_agenda_rdvs_path(agent_id: @agent, organisation_id: current_organisation.id), api_internal_admin_agenda_absences_path(agent_id: @agent, organisation_id: current_organisation.id), api_internal_admin_agenda_plage_ouvertures_path(agent_id: @agent, organisation_id: current_organisation.id, in_background: true), OffDays.to_full_calendar_array].to_json}" + data-event-sources-json="#{[admin_api_agenda_absences_path(agent_id: @agent, organisation_id: current_organisation.id, format: :json), admin_api_agenda_rdvs_path(agent_id: @agent, organisation_id: current_organisation.id, format: :json), admin_api_agenda_plage_ouvertures_path(agent_id: @agent, organisation_id: current_organisation.id, in_background: true, format: :json), OffDays.to_full_calendar_array].to_json}" ] .mt-3.flex-grow-1.text-right .m-2 diff --git a/app/views/api/internal/admin/agenda/absences/index.json.jb b/app/views/admin/api/agenda/absences/index.json.jb similarity index 100% rename from app/views/api/internal/admin/agenda/absences/index.json.jb rename to app/views/admin/api/agenda/absences/index.json.jb diff --git a/app/views/api/internal/admin/agenda/plage_ouvertures/index.json.jb b/app/views/admin/api/agenda/plage_ouvertures/index.json.jb similarity index 100% rename from app/views/api/internal/admin/agenda/plage_ouvertures/index.json.jb rename to app/views/admin/api/agenda/plage_ouvertures/index.json.jb diff --git a/app/views/api/internal/admin/agenda/rdvs/_rdv.json.jb b/app/views/admin/api/agenda/rdvs/_rdv.json.jb similarity index 100% rename from app/views/api/internal/admin/agenda/rdvs/_rdv.json.jb rename to app/views/admin/api/agenda/rdvs/_rdv.json.jb diff --git a/app/views/api/internal/admin/agenda/rdvs/_rdv_without_details.json.jb b/app/views/admin/api/agenda/rdvs/_rdv_without_details.json.jb similarity index 100% rename from app/views/api/internal/admin/agenda/rdvs/_rdv_without_details.json.jb rename to app/views/admin/api/agenda/rdvs/_rdv_without_details.json.jb diff --git a/app/views/api/internal/admin/agenda/rdvs/index.json.jb b/app/views/admin/api/agenda/rdvs/index.json.jb similarity index 100% rename from app/views/api/internal/admin/agenda/rdvs/index.json.jb rename to app/views/admin/api/agenda/rdvs/index.json.jb diff --git a/app/views/admin/plage_ouvertures/calendar.html.slim b/app/views/admin/plage_ouvertures/calendar.html.slim index affdea1116..a2a6e15c63 100644 --- a/app/views/admin/plage_ouvertures/calendar.html.slim +++ b/app/views/admin/plage_ouvertures/calendar.html.slim @@ -18,5 +18,5 @@ data-agent-id="#{@agent.id}" data-organisation-id="#{@current_organisation.id}" data-display-saturdays="#{current_agent.display_saturdays}" - data-event-sources-json="#{[admin_agenda_plage_ouvertures_path(agent_id: @agent, organisation_id: current_organisation.id), OffDays.to_full_calendar_array].to_json}" + data-event-sources-json="#{[admin_api_agenda_plage_ouvertures_path(agent_id: @agent, organisation_id: current_organisation.id), OffDays.to_full_calendar_array].to_json}" ] diff --git a/config/routes.rb b/config/routes.rb index 038338c663..05ab6b322d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -121,6 +121,13 @@ authenticate :agent do namespace "admin" do + namespace :api, defaults: { format: :json } do + namespace :agenda do + resources :plage_ouvertures, only: [:index] + resources :rdvs, only: [:index] + resources :absences, only: [:index] + end + end resources :territories, only: %i[edit update show] do scope module: "territories" do resources :agent_roles, only: %i[update create destroy] diff --git a/config/routes/api.rb b/config/routes/api.rb index 0e731a3415..3b7d90adb8 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -63,16 +63,6 @@ end end - namespace :internal do - namespace :admin do - namespace :agenda do - resources :plage_ouvertures, only: [:index] - resources :rdvs, only: [:index] - resources :absences, only: [:index] - end - end - end - post "/coop-mediation-numerique/accounts", to: "coop_mediation_numerique/accounts#create" end diff --git a/spec/controllers/admin/agenda/rdvs_controller_spec.rb b/spec/controllers/admin/agenda/rdvs_controller_spec.rb deleted file mode 100644 index 81d97bf6d8..0000000000 --- a/spec/controllers/admin/agenda/rdvs_controller_spec.rb +++ /dev/null @@ -1,95 +0,0 @@ -RSpec.describe Admin::Agenda::RdvsController, type: :controller do - render_views - - # Semaine du lundi 8 avril 2024 au vendredi 12 avril 2024. - # On note que FullCalendar utilise des dates naïves (sans timezone). - let(:fullcalendar_time_range_params) do - { - start: "2024-04-08T00:00:00", - end: "2024-04-13T00:00:00", # FullCalendar utilise cette valeur pour indiquer "jusqu'au vendredi 12 inclus" - } - end - let(:aujourdhui_lundi_15h) { Time.zone.parse("2024-04-08 15:00:00") } - let(:mercredi_15h) { Time.zone.parse("2024-04-10 15:00:00") } - - let(:organisation) { create(:organisation) } - - before { sign_in current_agent } - - describe "displaying RDVs across organisations" do - let(:other_organisation) { create(:organisation) } - let(:current_agent) { create(:agent, admin_role_in_organisations: [organisation, other_organisation]) } - - it "returns rdvs of given agent across organisations" do - travel_to(aujourdhui_lundi_15h) - given_agent = create(:agent, basic_role_in_organisations: [organisation], service: current_agent.services.first) - create(:rdv, agents: [current_agent]) - rdv = create(:rdv, agents: [given_agent], organisation: organisation, starts_at: mercredi_15h) - rdv_from_other_organisation = create(:rdv, agents: [given_agent], organisation: other_organisation, starts_at: mercredi_15h) - get :index, params: fullcalendar_time_range_params.merge(agent_id: given_agent.id, organisation_id: organisation.id, format: :json) - expect(response).to be_successful - - returns_rdvs = response.parsed_body - expect(returns_rdvs.pluck("id")).to contain_exactly(rdv.id, rdv_from_other_organisation.id) - - # Les RDVs des autres orgas sont affichés en gris - expect(returns_rdvs.find { _1["id"] == rdv_from_other_organisation.id }["backgroundColor"]).to eq("#757575") - end - end - - describe "respecting the time range" do - let(:samedi_15h) { Time.zone.parse("2024-04-13 15:00:00") } - let(:mardi_en_huit_15h) { Time.zone.parse("2024-04-16 15:00:00") } - let(:vendredi_dernier_15h) { Time.zone.parse("2024-04-05 15:00:00") } - - let(:current_agent) { create(:agent, basic_role_in_organisations: [organisation]) } - - it "returns rdvs of given agent from start to end" do - travel_to(aujourdhui_lundi_15h) - create(:rdv, agents: [current_agent], organisation: organisation, starts_at: vendredi_dernier_15h) - rdv = create(:rdv, agents: [current_agent], organisation: organisation, starts_at: mercredi_15h) - create(:rdv, agents: [current_agent], organisation: organisation, starts_at: samedi_15h) - create(:rdv, agents: [current_agent], organisation: organisation, starts_at: mardi_en_huit_15h) - - get :index, params: fullcalendar_time_range_params.merge(agent_id: current_agent.id, organisation_id: organisation.id, format: :json) - expect(response.parsed_body.pluck("id")).to eq([rdv.id]) - end - end - - describe "showing RDVs without details" do - describe "showing an agent's RDVs for a service in which I am not" do - let(:current_agent) { create(:agent, basic_role_in_organisations: [organisation]) } - - it "does not show any info about the RDV and does not provide a link" do - other_service = create(:service) - given_agent = create(:agent, basic_role_in_organisations: [organisation], service: current_agent.services.first) - rdv_of_another_service = create(:rdv, agents: [given_agent], organisation: organisation, starts_at: mercredi_15h, motif: create(:motif, service: other_service)) - get :index, params: fullcalendar_time_range_params.merge(agent_id: given_agent.id, organisation_id: organisation.id, format: :json) - expect(response.parsed_body.size).to eq(1) - expect(response.parsed_body[0].keys).to eq(%w[start end title textColor backgroundColor extendedProps]) - expect(response.parsed_body[0]["title"]).to eq("Occupé⋅e (en RDV)") - expect(Time.zone.parse(response.parsed_body[0]["start"])).to eq(rdv_of_another_service.starts_at) - expect(Time.zone.parse(response.parsed_body[0]["end"])).to eq(rdv_of_another_service.ends_at) - expect(response.parsed_body[0]["extendedProps"]["unauthorizedRdvExplanation"]).to include("Vous n'avez pas accès à ce RDV") - end - end - - describe "showing an agent's RDVs for an organisation where I don't belongs" do - let(:current_agent) { create(:agent, basic_role_in_organisations: [organisation]) } - - it "does not show any info about the RDV and does not provide a link" do - other_org = create(:organisation) - given_agent = create(:agent, basic_role_in_organisations: [organisation, other_org], service: current_agent.services.first) - motif_of_other_org = create(:motif, organisation: other_org, service: current_agent.services.first) - rdv_of_another_org_same_service = create(:rdv, agents: [given_agent], organisation: other_org, starts_at: aujourdhui_lundi_15h, motif: motif_of_other_org) - get :index, params: fullcalendar_time_range_params.merge(agent_id: given_agent.id, organisation_id: organisation.id, format: :json) - expect(response.parsed_body.size).to eq(1) - expect(response.parsed_body[0].keys).to eq(%w[start end title textColor backgroundColor extendedProps]) - expect(response.parsed_body[0]["title"]).to eq("Occupé⋅e (en RDV)") - expect(Time.zone.parse(response.parsed_body[0]["start"])).to eq(rdv_of_another_org_same_service.starts_at) - expect(Time.zone.parse(response.parsed_body[0]["end"])).to eq(rdv_of_another_org_same_service.ends_at) - expect(response.parsed_body[0]["extendedProps"]["unauthorizedRdvExplanation"]).to include("Vous n'avez pas accès à ce RDV") - end - end - end -end diff --git a/spec/controllers/admin/agenda/absences_controller_spec.rb b/spec/controllers/admin/api/agenda/absences_controller_spec.rb similarity index 87% rename from spec/controllers/admin/agenda/absences_controller_spec.rb rename to spec/controllers/admin/api/agenda/absences_controller_spec.rb index a3f29459a6..1348423977 100644 --- a/spec/controllers/admin/agenda/absences_controller_spec.rb +++ b/spec/controllers/admin/api/agenda/absences_controller_spec.rb @@ -1,4 +1,4 @@ -RSpec.describe Admin::Agenda::AbsencesController, type: :controller do +RSpec.describe Admin::Api::Agenda::AbsencesController, type: :controller do describe "GET index" do context "with a signed in agent" do let(:organisation) { create(:organisation) } @@ -56,5 +56,12 @@ end end end + + context "when agent is not login" do + it "returns unauthorized" do + get :index, params: { agent_id: 1, organisation_id: 1, start: Date.new(2019, 8, 12), end: Date.new(2019, 8, 19), format: :json } + expect(response).to be_unauthorized + end + end end end diff --git a/spec/controllers/admin/agenda/plage_ouvertures_controller_spec.rb b/spec/controllers/admin/api/agenda/plage_ouvertures_controller_spec.rb similarity index 88% rename from spec/controllers/admin/agenda/plage_ouvertures_controller_spec.rb rename to spec/controllers/admin/api/agenda/plage_ouvertures_controller_spec.rb index cc5ebf50db..10bd430e35 100644 --- a/spec/controllers/admin/agenda/plage_ouvertures_controller_spec.rb +++ b/spec/controllers/admin/api/agenda/plage_ouvertures_controller_spec.rb @@ -1,4 +1,4 @@ -RSpec.describe Admin::Agenda::PlageOuverturesController, type: :controller do +RSpec.describe Admin::Api::Agenda::PlageOuverturesController, type: :controller do describe "GET index" do context "with a signed in agent" do let(:organisation) { create(:organisation) } @@ -66,5 +66,12 @@ end end end + + context "when agent is not login" do + it "returns unauthorized" do + get :index, params: { agent_id: 1, organisation_id: 1, start: Date.new(2019, 8, 12), end: Date.new(2019, 8, 19), format: :json } + expect(response).to be_unauthorized + end + end end end diff --git a/spec/controllers/admin/api/agenda/rdvs_controller_spec.rb b/spec/controllers/admin/api/agenda/rdvs_controller_spec.rb new file mode 100644 index 0000000000..42c668fe6d --- /dev/null +++ b/spec/controllers/admin/api/agenda/rdvs_controller_spec.rb @@ -0,0 +1,104 @@ +RSpec.describe Admin::Api::Agenda::RdvsController, type: :controller do + render_views + + # Semaine du lundi 8 avril 2024 au vendredi 12 avril 2024. + # On note que FullCalendar utilise des dates naïves (sans timezone). + let(:fullcalendar_time_range_params) do + { + start: "2024-04-08T00:00:00", + end: "2024-04-13T00:00:00", # FullCalendar utilise cette valeur pour indiquer "jusqu'au vendredi 12 inclus" + } + end + let(:aujourdhui_lundi_15h) { Time.zone.parse("2024-04-08 15:00:00") } + let(:mercredi_15h) { Time.zone.parse("2024-04-10 15:00:00") } + + let(:organisation) { create(:organisation) } + + context "with a signed in agent" do + before { sign_in current_agent } + + describe "displaying RDVs across organisations" do + let(:other_organisation) { create(:organisation) } + let(:current_agent) { create(:agent, admin_role_in_organisations: [organisation, other_organisation]) } + + it "returns rdvs of given agent across organisations" do + travel_to(aujourdhui_lundi_15h) + given_agent = create(:agent, basic_role_in_organisations: [organisation], service: current_agent.services.first) + create(:rdv, agents: [current_agent]) + rdv = create(:rdv, agents: [given_agent], organisation: organisation, starts_at: mercredi_15h) + rdv_from_other_organisation = create(:rdv, agents: [given_agent], organisation: other_organisation, starts_at: mercredi_15h) + get :index, params: fullcalendar_time_range_params.merge(agent_id: given_agent.id, organisation_id: organisation.id, format: :json) + expect(response).to be_successful + + returns_rdvs = response.parsed_body + expect(returns_rdvs.pluck("id")).to contain_exactly(rdv.id, rdv_from_other_organisation.id) + + # Les RDVs des autres orgas sont affichés en gris + expect(returns_rdvs.find { _1["id"] == rdv_from_other_organisation.id }["backgroundColor"]).to eq("#757575") + end + end + + describe "respecting the time range" do + let(:samedi_15h) { Time.zone.parse("2024-04-13 15:00:00") } + let(:mardi_en_huit_15h) { Time.zone.parse("2024-04-16 15:00:00") } + let(:vendredi_dernier_15h) { Time.zone.parse("2024-04-05 15:00:00") } + + let(:current_agent) { create(:agent, basic_role_in_organisations: [organisation]) } + + it "returns rdvs of given agent from start to end" do + travel_to(aujourdhui_lundi_15h) + create(:rdv, agents: [current_agent], organisation: organisation, starts_at: vendredi_dernier_15h) + rdv = create(:rdv, agents: [current_agent], organisation: organisation, starts_at: mercredi_15h) + create(:rdv, agents: [current_agent], organisation: organisation, starts_at: samedi_15h) + create(:rdv, agents: [current_agent], organisation: organisation, starts_at: mardi_en_huit_15h) + + get :index, params: fullcalendar_time_range_params.merge(agent_id: current_agent.id, organisation_id: organisation.id, format: :json) + expect(response.parsed_body.pluck("id")).to eq([rdv.id]) + end + end + + describe "showing RDVs without details" do + describe "showing an agent's RDVs for a service in which I am not" do + let(:current_agent) { create(:agent, basic_role_in_organisations: [organisation]) } + + it "does not show any info about the RDV and does not provide a link" do + other_service = create(:service) + given_agent = create(:agent, basic_role_in_organisations: [organisation], service: current_agent.services.first) + rdv_of_another_service = create(:rdv, agents: [given_agent], organisation: organisation, starts_at: mercredi_15h, motif: create(:motif, service: other_service)) + get :index, params: fullcalendar_time_range_params.merge(agent_id: given_agent.id, organisation_id: organisation.id, format: :json) + expect(response.parsed_body.size).to eq(1) + expect(response.parsed_body[0].keys).to eq(%w[start end title textColor backgroundColor extendedProps]) + expect(response.parsed_body[0]["title"]).to eq("Occupé⋅e (en RDV)") + expect(Time.zone.parse(response.parsed_body[0]["start"])).to eq(rdv_of_another_service.starts_at) + expect(Time.zone.parse(response.parsed_body[0]["end"])).to eq(rdv_of_another_service.ends_at) + expect(response.parsed_body[0]["extendedProps"]["unauthorizedRdvExplanation"]).to include("Vous n'avez pas accès à ce RDV") + end + end + + describe "showing an agent's RDVs for an organisation where I don't belongs" do + let(:current_agent) { create(:agent, basic_role_in_organisations: [organisation]) } + + it "does not show any info about the RDV and does not provide a link" do + other_org = create(:organisation) + given_agent = create(:agent, basic_role_in_organisations: [organisation, other_org], service: current_agent.services.first) + motif_of_other_org = create(:motif, organisation: other_org, service: current_agent.services.first) + rdv_of_another_org_same_service = create(:rdv, agents: [given_agent], organisation: other_org, starts_at: aujourdhui_lundi_15h, motif: motif_of_other_org) + get :index, params: fullcalendar_time_range_params.merge(agent_id: given_agent.id, organisation_id: organisation.id, format: :json) + expect(response.parsed_body.size).to eq(1) + expect(response.parsed_body[0].keys).to eq(%w[start end title textColor backgroundColor extendedProps]) + expect(response.parsed_body[0]["title"]).to eq("Occupé⋅e (en RDV)") + expect(Time.zone.parse(response.parsed_body[0]["start"])).to eq(rdv_of_another_org_same_service.starts_at) + expect(Time.zone.parse(response.parsed_body[0]["end"])).to eq(rdv_of_another_org_same_service.ends_at) + expect(response.parsed_body[0]["extendedProps"]["unauthorizedRdvExplanation"]).to include("Vous n'avez pas accès à ce RDV") + end + end + end + end + + context "when agent is not login" do + it "returns unauthorized" do + get :index, params: { agent_id: 1, organisation_id: 1, start: "2019-08-12", end: "2019-08-19", format: :json } + expect(response).to be_unauthorized + end + end +end