etalab · skelz0r · Jul 31, 2024 · Jul 31, 2024 · Jul 31, 2024
diff --git a/app/controllers/api_particulier/reporters_controller.rb b/app/controllers/api_particulier/reporters_controller.rb
@@ -1,20 +1,33 @@
 class APIParticulier::ReportersController < APIParticulier::AuthenticatedUsersController
-  def show
-    if reporters_config.exclude?(reporter_group) || reporters_config[reporter_group].exclude?(current_user.email)
-      redirect_to_root
-      return
-    end
+  before_action :check_if_reporter_or_admin
+
+  helper_method :groups_for_reporter
 
-    @datapasses_for_group_url = MetabaseEmbedService.new(487, { group: params[:id] }).url
+  def index
+    @datapasses_for_group_url = MetabaseEmbedService.new(487, { groups: groups_for_reporter.join('|') }).url
   end
 
   private
 
-  def reporter_group
-    params[:id].to_sym
+  def check_if_reporter_or_admin
+    return if current_user.admin? || reporter_emails.include?(current_user.email)
+
+    redirect_to root_path
+  end
+
+  def groups_for_reporter
+    if current_user.admin?
+      reporters_config.keys
+    else
+      reporters_config.select { |_, emails| emails.include?(current_user.email) }.keys
+    end
+  end
+
+  def reporter_emails
+    reporters_config.values.flatten.uniq
   end
 
   def reporters_config
-    Rails.application.credentials.api_particulier_reporters
+    @reporters_config ||= Rails.application.credentials.api_particulier_reporters
   end
 end
diff --git a/app/interactors/datapass_webhook/api_particulier/notify_reporters.rb b/app/interactors/datapass_webhook/api_particulier/notify_reporters.rb
@@ -1,18 +1,21 @@
 class DatapassWebhook::APIParticulier::NotifyReporters < ApplicationInteractor
   def call
     return if %w[submit approve].exclude?(context.event)
+    return if groups_to_notify.empty?
 
-    reporters_config.each_key do |group_name|
-      next unless scopes.any? { |scope| scope.start_with?("#{group_name}_") }
-
-      APIParticulier::ReportersMailer.with(group: group_name).send(context.event).deliver_later
-    end
+    APIParticulier::ReportersMailer.with(groups: groups_to_notify).send(context.event).deliver_later
   end
 
   private
 
-  def reporters_config
-    Rails.application.credentials.api_particulier_reporters
+  def groups_to_notify
+    reporters_groups_config.select do |group_name|
+      scopes.any? { |scope| scope.start_with?(group_name.to_s) }
+    end
+  end
+
+  def reporters_groups_config
+    Rails.application.credentials.api_particulier_reporters.keys
   end
 
   def scopes

diff --git a/app/mailers/api_particulier/reporters_mailer.rb b/app/mailers/api_particulier/reporters_mailer.rb
@@ -6,19 +6,23 @@ class APIParticulier::ReportersMailer < APIParticulierMailer
     approve
   ].each do |event|
     define_method(event) do
-      group = params[:group]
+      groups = params[:groups].map(&:to_sym)
 
-      return if reporters_config[group].blank?
+      return if reporter_emails(groups).empty?
 
       mail(
-        bcc: reporters_config[group],
-        subject: t('.subject', group:)
+        bcc: reporter_emails(groups),
+        subject: t('.subject')
       )
     end
   end
 
   private
 
+  def reporter_emails(groups)
+    reporters_config.values_at(*groups).flatten
+  end
+
   def reporters_config
     Rails.application.credentials.api_particulier_reporters
   end

diff --git a/app/views/api_particulier/reporters/index.html.erb b/app/views/api_particulier/reporters/index.html.erb
@@ -0,0 +1,17 @@
+<h1>
+  Habilitations
+</h1>
+
+<p>
+  La liste des habilitations ci-dessous concernent les groupes de données suivants :
+
+  <ul>
+    <% groups_for_reporter.each do |group| %>
+      <li>
+        <%= t("groups_for_reporter.#{group}") %>
+      </li>
+    <% end %>
+  </ul>
+</p>
+
+<%= render partial: 'shared/metabase', locals: { metabase_url: @datapasses_for_group_url } %>
diff --git a/app/views/api_particulier/reporters/show.html.erb b/app/views/api_particulier/reporters/show.html.erb
diff --git a/app/views/api_particulier/reporters_mailer/approve.text.erb b/app/views/api_particulier/reporters_mailer/approve.text.erb
@@ -1,8 +1,8 @@
 Bonjour,
 
-Une nouvelle demande vient d'être validée pour l'ensemble de données associé au groupe '<%= params[:group] %>'.
+Une nouvelle demande vient d'être validée pour un ensemble de données associé au groupe auquel vous êtes bonné.
 
-Vous pouvez consulter la liste des demandes relatives aux données associé au groupe '<%= params[:group] %>' sur le lien suivant : <%= api_particulier_dashboard_reporter_url(id: params[:group]) %>
+Vous pouvez consulter la liste des demandes relatives aux données associé aux groupes où vous êtes abonnés sur le lien suivant : <%= api_particulier_dashboard_reporter_url %>
 
 Cordialement,
 L'équipe API Particulier
diff --git a/app/views/api_particulier/reporters_mailer/submit.text.erb b/app/views/api_particulier/reporters_mailer/submit.text.erb
@@ -1,8 +1,8 @@
 Bonjour,
 
-Une nouvelle demande vient d'être déposée pour l'ensemble de données associé au groupe '<%= params[:group] %>'.
+Une nouvelle demande vient d'être déposée pour un ensemble de données associé à un groupe auquel vous êtes abonné.
 
-Vous pouvez consulter la liste des demandes relatives aux données associé au groupe '<%= params[:group] %>' sur le lien suivant : <%= api_particulier_dashboard_reporter_url(id: params[:group]) %>
+Vous pouvez consulter la liste des demandes relatives aux données associé aux groupes où vous êtes abonnés sur le lien suivant : <%= api_particulier_dashboard_reporter_url %>
 
 Cordialement,
 L'équipe API Particulier
diff --git a/config/credentials/test.yml.enc b/config/credentials/test.yml.enc
@@ -1 +1 @@
-tonkgh6Sc7Corqbt4DpG61lEEgMpniBzoq74Bp8yuSI+1sUZ9ceu7UdZyWvlKQfG2LpU6GSHsmKv5N9x4unJk+BS0A0AVEv81kxH8KLnUVMfwMp4uBceghzDzJTOYOGXNtxQgFxB9CwRJmHrCQMcwZ2wGWFPwDxRbTtJ7gUQWTD5Zdqf2jL0VREKtxQ7B5Ols6Y/Eacf/tQ3V6GjKXON6MkFIPs2YdMrnhau8mjJtGy3virbbSDlgJL03jMB40ipUFFd3dp0yuGI70LebIMCNMTZ43Wtypt+5EnsfkYdl17EkzLENyhu22of+3lNJwbx4fQJe1c+X4QmRDDhzRtjuTMohiEqXLsroucPw7Ae/4q3FMS/kCxPe5uGSLrUDvTWgmaQ8yuJkIgX42m7a+Gl7sVl/hn7hal5+APkNuWW7CWJNrnz3jgVwkYsWNQlqu9kDdWUc8yMWNqyux4BXyr2Aum718j0NDYtUdVjUKhEOWThMQ35VY8DjvilQO1L43dbMl9xkc++jV9a2m9snyvGMrbaxkgE0KS6GevSEFzfQ8FU3/GyKiZKyg2nNcrAyS7yoCdCHzvHsU9wxo99cjhth1nfvM40gWwwQyVGvVT7r7l47qBsSDV1IDQP6IHe7whlDGXPjApfvnmC2k/dUeZh2QXzS01Zj3RCjnbYRZ4zoGaMukn8r4VNjbPhgvZu6dhOwSTBi/s680lDaQZonUTjFB6RCl0q6T+RabIkNnFuk0/ZImdcCiwfweOfQtAlCVXoKjo2KnF3DeYI/cdE2Z88SivDGlkWm1j08xJuHmhTOg3NtiNbxDLtwKV0sMJILKcefWbSpDfW7+hwsa8QsMVQWDeci/O4OVei27wi7chblIF+pHsyjT1uSPrxHh+nSom+CWbJsIHZE8pGNpDRnkHSas54C+ocilSmhvPAYH7FYLHiaJc/nM0gE1uy//RfbMEhy08PQMnVZoKQuQfkwLjMvACW6fqgsS5MR/NKiCev9ZCB/fQrS+Agn0UAEfysiMGul9PenuPdhH1FQTM/M5F2gevaU/g52Z76srKXprYv6tJjrXRiS1expQI3oIO9kEhYC1kbMyAF1VXg/ix51dMKfaxKnv4Kv9a/n2TYsGuBxkeJ6llAr2qcJfWdszn9OyEP7070uIl9QopkPU73fqHqwSNKfguQpvbYuGjTCObQAZcgmnK6QIw2+BxOheV+5RWa14iXJsDgtljyxHzP4j3zFhw/Sy1H01k/22myTdO1jOh3JhR+/Qtn9tQegltqdtmJRsI5vtGlwVSp95hTg8CfNzwbKunqt3ytNUUkb8nbMuFRRY5KIhYnLpqgMYZ/SFDtuvSmgHRWgaRTGwqUiBkxLGGhPwNw0vPPxLaAHmQ1vq2cD8lzDEdgz3LbPDWYEPcxDSc2LaOpmPNQz7qnOHRz095OhZ4aY0bHkoq6TurdSNTtEv45nQBIot7zuc+hXy4ZiIpeBaP+Q3NgxAPou844iL4TZLlmnmqPGXUhLXWadjhwtaMslKgUbTaOUKP8jg1yGDW305P1c9bqVoyyEaWPtmpbkC4W4zaU6ERoALIsQSOuKo+9TEv6VYV8Wjv7HSzdLLDviR/9GWbbeN2sltpuv9TbZUWsHQImrfPfkE/lK645l/Zb5wXvVrEN8hkjZKDFbdSCEco5--DCJ+0i2AHh2fGr4H--yfGDk4WRVS8L0U0MIgM+sA==
+CFqT2EVexP3o0TVck2NdcO1YWxtOEn45kJF5tHtPA8eIQdgo/Q/PSGDkkpmDgfLv/muvXCNkWeXVYedYOOetwY383vdoQljApfoXwyHMyJNrqLgpmhq+rZJ8a7rP0Ht8kgGQMQSE58EplT07PV/4h1MTU7GKTPdYYy6eCchow5IWDrVwRd2efJSOl8DoAIBP5eLVgF5YXLXhITfKK8AhKDbz/0u/CVOR+7B/pzxAJiF2Wei1DVZiszetgTrxFqh08y8gR7gnmRqgLTBXofOey/D9dPXQqq4rCSONiAdJbAo4gcpb6ana+O5mfaI3ap8Lm5Q0ygNvTBfon961lxZzoAy4SD/zXmx8HcSEOGxeaZrTyfWD4Q0yhXlU2LsZpv6OkB1x2AesVpbSH8Xe3lX6O1UdrDy0ZidfkQc8d1lULBy4e1eCcUyVjRB8s+xxCiQ8zzFnLj9QcHFE8e6GMol0EBbeUpkpiFbh9MraL2KPldDrofLAWhptn1ZcfvfgB8YZG3ZO0RxlRNZtgVvYErRWipVIRnaLHEqr6oaeimW+o03sYl/8pHzvwyldMT2kYH7ipHKPnd0AeAVE7Xt3Z/d5BlGsIcILQlHgrYRMvFYPLRuidgMubcGDup8iZOMVxgcLCsQV8o6QsUkSnxc/ORLP60Ar75WUUCL0LuYqfnNE64PQ9i/rD8xfiBDmD1w63mIKGJdCXb2S0Yya6cSxBmlhAdrB6twa/F1ss3Zj1yOmnJD5o3LaVsKhfumlSxMQYMq3Dv4QFn1ksAKBj042bUcRQB0PoaA3RDXLiZDzXy+oY99sNAULqip5dri7U48mE9IvadHEyrONOeCRgA7xOKKwpYkhuf0XmZ1hUq3I94XeIqfk5dQ/aZ8gotyEgJKvq0wrOpCbbSWDaKSEr8Oh/iFL1npkfJmqagpczjF567Pa8QUY8pQUGhAk3i4cFl/K6wXcrc6s2I5xuIx6jN3mR2fY16Uaac92B58G8kZfpoUjWsQ7SwpBXD5b5yEKPFAZYzIfLnhk/X2mBl9K1ayOJ/+sFanKtpHzYwHZZiCDv7wevcV9MIHjIbnWspUQxGbnwBhFh4FBIkX7N0a/MPO3iqXusUjhPxjqdrzenEnyS1Dy+lALmadAIHwltE3ZUGIHs1lICN4j/Y9SpVR6Pea50N0Ycs6jFo8YeN6WrKyAr0xA2m1TX8TsyllCUHYZ9dTtSOcOAfnAc9fyzcrSvwSFBnhXofmKS/Sal7aTh4tsZ/hipzrJFEMmvJLjMAkwWTCUMNVEyjZOAydOUTHBzC8TpdssiQfp+ZNvMB4veMKHrf7G7NzQ00JVfm/saHLEAdC4UJ23L8WTJvV83cXMN8GfB0NilYv+/JAutBQDOwT69ZCVFEIL1qVkwtsA/f44sznxr72mxmGcAzVR25S6XrgxoPMjd3HJVf7Z+grz01r1JB0gZFjAqvaaOirzFTsOKiRUl913zstlkFVDRChCLQO/JJ9Se5Qy+7wvDpq99YskbYA5HDTzy1jTBs1sLahYUgmCdKNC2VafQzMvoAtYjRnmYJd+HLywI57cK/9uNqtzcLACNIGs9ZUKM7mueJ9g7IoeN/3fKeH1xtJDFMozq5waZLFV8ke2Lc61UuDNFotVAoqxk+8FcZ+yhWqUj/fL8j31UuMzUIRNxeGnyX4ZdASf7yPrRIm0KUwaQZv1bjxQn5QbFJ3KC7jLw2nesQd+IdcW3y9H0jcfW1qvyKSMPaqdx+VyEmjWuLmbkNbuPodMjIwiYNWJPuaDL+a7GtfKdLTRZPgt1pdXHAFjpGRgVZL3SKOxTtjn--Q+qYENQI6t0r6nvC--1F5p5ywRjRasi7rrULgm1A==
diff --git a/config/locales/reporter_groups.fr.yml b/config/locales/reporter_groups.fr.yml
@@ -0,0 +1,8 @@
+fr:
+  groups_for_reporter:
+    cnaf: API Quotient Familial (CNAF & MSA)
+    men: API statut étudiant scolarisé et boursier (Ministère de l'éducation nationale)
+    pole_emploi: API Statut demandeur d'emploi et paiements (France travail)
+    cnous: Statut étudiant (CNOUS)
+    mesri: API Statut étudiant (Ministère de l'enseignement supérieur)
+    complementaire_sante_solidaire: API Complémentaire santé solidaire (Sécurité sociale)
diff --git a/config/routes/api_particulier.rb b/config/routes/api_particulier.rb
@@ -73,6 +73,6 @@
     get '/donnees_personnelles', to: 'pages#donnees_personnelles', as: :donnees_personnelles
     get '/accessibilite', to: 'pages#accessibility', as: :accessibilite
 
-    get '/datapass/:id', to: 'reporters#show', as: :dashboard_reporter
+    get '/datapass', to: 'reporters#index', as: :dashboard_reporter
   end
 end
diff --git a/spec/features/api_particulier/reporters_spec.rb b/spec/features/api_particulier/reporters_spec.rb
@@ -4,39 +4,45 @@
 
 RSpec.describe 'API Particulier', app: :api_particulier do
   subject(:visit_dashboard) do
-    visit api_particulier_dashboard_reporter_path(id:)
+    visit api_particulier_dashboard_reporter_path
   end
 
   before do
     login_as(user)
   end
 
-  context 'with valid user and id' do
-    let(:id) { 'cnaf' }
+  context 'with valid user' do
     let(:user) { create(:user, email: '[email protected]') }
 
-    it 'renders metabase view' do
+    it 'renders metabase view and groups associated to this user' do
       visit_dashboard
 
-      expect(page).to have_current_path(api_particulier_dashboard_reporter_path(id:))
+      expect(page).to have_current_path(api_particulier_dashboard_reporter_path)
+
       expect(page.html).to include('metabase.entreprise.api.gouv.fr')
+
+      expect(page).to have_content('Quotient Familial')
+      expect(page).to have_no_content('France travail')
     end
   end
 
-  context 'with invalid user' do
-    let(:id) { 'cnaf' }
-    let(:user) { create(:user, email: '[email protected]') }
+  context 'with admin user' do
+    let(:user) { create(:user, email: '[email protected]') }
 
-    it 'redirects to root path' do
+    it 'renders metabase view and all groups' do
       visit_dashboard
 
-      expect(page).to have_current_path(root_path)
+      expect(page).to have_current_path(api_particulier_dashboard_reporter_path)
+
+      expect(page.html).to include('metabase.entreprise.api.gouv.fr')
+
+      expect(page).to have_content('Quotient Familial')
+      expect(page).to have_content('France travail')
     end
   end
 
-  context 'with invalid id' do
-    let(:id) { 'whatever' }
-    let(:user) { create(:user, email: '[email protected]') }
+  context 'with invalid user' do
+    let(:user) { create(:user, email: '[email protected]') }
 
     it 'redirects to root path' do
       visit_dashboard

diff --git a/spec/mailers/api_particulier/reporters_mailer_spec.rb b/spec/mailers/api_particulier/reporters_mailer_spec.rb
@@ -5,11 +5,13 @@
 
   describe '#submit' do
     subject(:mail) do
-      described_class.with(group: 'cnaf').submit
+      described_class.with(groups: %w[cnaf men]).submit
     end
 
-    it 'sends an email to reporters associated to this group' do
+    it 'sends an email to reporters associated to these groups' do
       expect(mail.bcc).to include('[email protected]')
+      expect(mail.bcc).to include('[email protected]')
+      expect(mail.bcc).not_to include('[email protected]')
     end
   end
 end
diff --git a/spec/mailers/previews/api_particulier/reporters_mailer_preview.rb b/spec/mailers/previews/api_particulier/reporters_mailer_preview.rb
@@ -4,13 +4,13 @@ class APIParticulier::ReportersMailerPreview < ActionMailer::Preview
     approve
   ].each do |event|
     define_method(event) do
-      APIParticulier::ReportersMailer.with(group:).send(event)
+      APIParticulier::ReportersMailer.with(groups:).send(event)
     end
   end
 
   private
 
-  def group
-    'cnaf'
+  def groups
+    %w[cnaf men]
   end
 end