Merge branch 'staging' of github.com:AF83/stif-boiv into staging

23 files changed, 141 insertions, 71 deletions

diff --git a/Gemfile.lock b/Gemfile.lock
index 256967c04..41ae70f56 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -261,7 +261,7 @@ GEM
     has_scope (0.7.0)
       actionpack (>= 4.1, < 5.1)
       activesupport (>= 4.1, < 5.1)
-    hashdiff (0.3.2)
+    hashdiff (0.3.4)
     highline (1.7.8)
     hike (1.2.3)
     htmlbeautifier (1.3.1)
@@ -539,7 +539,7 @@ GEM
     unicode-display_width (1.1.3)
     warden (1.2.7)
       rack (>= 1.0)
-    webmock (3.0.0)
+    webmock (3.0.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff
diff --git a/app/jobs/mailer_job.rb b/app/jobs/mailer_job.rb
index 6d3dc642d..761a29cd6 100644
--- a/app/jobs/mailer_job.rb
+++ b/app/jobs/mailer_job.rb
@@ -2,6 +2,6 @@ class MailerJob < ActiveJob::Base
   queue_as :mail
 
   def perform klass, action, params
-    klass.constantize.public_send(action, *params).deliver
+    klass.constantize.public_send(action, *params).deliver_later
   end
 end
diff --git a/app/mailers/calendar_mailer.rb b/app/mailers/calendar_mailer.rb
index 44dcaea88..cc8175a07 100644
--- a/app/mailers/calendar_mailer.rb
+++ b/app/mailers/calendar_mailer.rb
@@ -1,9 +1,11 @@
 class CalendarMailer < ApplicationMailer
   def updated calendar, user
+    @calendar = calendar
     mail to: user.email, subject: t('mailers.calendar_mailer.updated.subject')
   end
 
   def created calendar, user
+    @calendar = calendar
     mail to: user.email, subject: t('mailers.calendar_mailer.created.subject')
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 5a2e4d3ca..64d66883f 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -35,6 +35,9 @@ class User < ActiveRecord::Base
 
   @@edit_offer_permissions =
     destructive_permissions_for( %w[
+                                access_points
+                                connection_links
+                                calendars
       footnotes
       journey_patterns
       referentials
@@ -42,7 +45,7 @@ class User < ActiveRecord::Base
       routing_constraint_zones
       time_tables
       vehicle_journeys
-    ])
+    ]) << 'boiv:edit-offer'
 
   mattr_reader :edit_offer_permissions
 
diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb
index d3c715d70..074c41d8d 100644
--- a/app/policies/calendar_policy.rb
+++ b/app/policies/calendar_policy.rb
@@ -6,10 +6,10 @@ class CalendarPolicy < ApplicationPolicy
   end
 
   def create? 
-    !archived? && organisation_match? && user.has_permission?('calendars.create')
+    !archived? && user.has_permission?('calendars.create')
   end
   def destroy?
-    !archived? && organisation_match? && user.has_permission?('calendars.destroy')
+    !archived? & organisation_match? && user.has_permission?('calendars.destroy')
   end
   def update?
     !archived? && organisation_match? && user.has_permission?('calendars.update')
diff --git a/app/views/calendar_mailer/created.html.slim b/app/views/calendar_mailer/created.html.slim
index 621796d34..da15b7189 100644
--- a/app/views/calendar_mailer/created.html.slim
+++ b/app/views/calendar_mailer/created.html.slim
@@ -1,2 +1 @@
-div = t('mailers.calendar_mailer.created.body')
-
+div = t('mailers.calendar_mailer.created.body', cal_name: @calendar.name, cal_index_url: calendars_url)
diff --git a/app/views/calendar_mailer/updated.html.slim b/app/views/calendar_mailer/updated.html.slim
index 7f6deda07..f70480107 100644
--- a/app/views/calendar_mailer/updated.html.slim
+++ b/app/views/calendar_mailer/updated.html.slim
@@ -1,2 +1,2 @@
-div = t('mailers.calendar_mailer.updated.body')
+div = t('mailers.calendar_mailer.updated.body', cal_name: @calendar.name, cal_index_url: calendars_url)
 
diff --git a/app/views/calendars/index.html.slim b/app/views/calendars/index.html.slim
index 843ec1256..e3ac16505 100644
--- a/app/views/calendars/index.html.slim
+++ b/app/views/calendars/index.html.slim
@@ -1,8 +1,10 @@
 / PageHeader
-= pageheader 'map-marker',
-             t('.title'),
-             '',
-             link_to(t('actions.add'), new_calendar_path, class: 'btn btn-default') do
+
+- header_params = ['map-marker',
+                   t('.title'),
+                   '']
+- header_params << link_to(t('actions.add'), new_calendar_path, class: 'btn btn-default')  if policy(Calendar).create?
+= pageheader(*header_params) do
 
 / PageContent
 .page_content
diff --git a/config/application.rb b/config/application.rb
index 02d2b4fc2..910ddd983 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -33,6 +33,8 @@ module ChouetteIhm
     config.active_record.observers = [:route_observer, :calendar_observer]
     config.active_record.raise_in_transactional_callbacks = true
 
+    config.active_job.queue_adapter = :sidekiq
+
     unless Rails.env.production?
         # Work around sprockets+teaspoon mismatch:
         Rails.application.config.assets.precompile += %w(spec_helper.js)
diff --git a/config/locales/mailers.en.yml b/config/locales/mailers.en.yml
index 72fd0d725..d4bd45129 100644
--- a/config/locales/mailers.en.yml
+++ b/config/locales/mailers.en.yml
@@ -3,7 +3,7 @@ en:
     calendar_mailer:
       created:
         subject: A new shared calendar has been created
-        body: body created
+        body: A new shared calendar% {cal_name} has been added by STIF. You can now view it in the list of shared calendars %{cal_index_url}
       created:
         subject: A shared calendar has been updated
-        body: body updated
+        body: A new shared calendar% {cal_name} has been updated by STIF. You can now view it in the list of shared calendars %{cal_index_url}
diff --git a/config/locales/mailers.fr.yml b/config/locales/mailers.fr.yml
index 8c399b6e0..a448f13d9 100644
--- a/config/locales/mailers.fr.yml
+++ b/config/locales/mailers.fr.yml
@@ -3,7 +3,7 @@ fr:
     calendar_mailer:
       created:
         subject: Un nouveau calendrier partagé à été ajouté
-        body: body created
+        body: 'Un calendrier partagé %{cal_name} a été ajouté par le STIF. Vous pouvez maintenant le consulter dans la liste des calendriers partagés : %{cal_index_url}'
       updated:
         subject: Un nouveau calendrier partagé à été mise à jour
-        body: body updated
+        body: 'Un calendrier partagé %{cal_name} a été mis à jour par le STIF. Vous pouvez maintenant le consulter dans la liste des calendriers partagés : %{cal_index_url}'
diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb
new file mode 100644
index 000000000..7032f910a
--- /dev/null
+++ b/lib/stif/permission_translator.rb
@@ -0,0 +1,7 @@
+module Stif
+  module PermissionTranslator extend self
+    def translate(sso_extra_permissions)
+      %w{sessions:create}
+    end
+  end
+end
diff --git a/spec/factories/users.rb b/spec/factories/users.rb
index d532cbafc..8f620c3a1 100644
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -1,12 +1,4 @@
-all_permissions = %w[
-      footnotes
-      journey_patterns
-      referentials
-      routes
-      routing_constraint_zones
-      time_tables
-      vehicle_journeys
-    ].product( %w{create destroy update} ).map{ |model_action| model_action.join('.') }
+require_relative '../support/permissions'
 
 FactoryGirl.define do
   factory :user do
@@ -17,7 +9,7 @@ FactoryGirl.define do
     password "secret"
     password_confirmation "secret"
     factory :allmighty_user do
-      permissions all_permissions
+      permissions Support::Permissions.all_permissions
     end
   end
 end
diff --git a/spec/features/calendars_permissions_spec.rb b/spec/features/calendars_permissions_spec.rb
index 6eb0ea08e..9b47ab2bb 100644
--- a/spec/features/calendars_permissions_spec.rb
+++ b/spec/features/calendars_permissions_spec.rb
@@ -1,15 +1,13 @@
-# -*- coding: utf-8 -*-
-require 'spec_helper'
-
-describe 'Calendars', type: :feature do
+RSpec.describe 'Calendars', type: :feature do
   login_user
 
   let(:calendar) { create :calendar, organisation_id: 1 }
 
   describe 'permissions' do
     before do
-      allow_any_instance_of(CalendarPolicy).to receive(:edit?).and_return permission
+      allow_any_instance_of(CalendarPolicy).to receive(:create?).and_return permission
       allow_any_instance_of(CalendarPolicy).to receive(:destroy?).and_return permission
+      allow_any_instance_of(CalendarPolicy).to receive(:edit?).and_return permission
       allow_any_instance_of(CalendarPolicy).to receive(:share?).and_return permission
       visit path
     end
@@ -51,5 +49,23 @@ describe 'Calendars', type: :feature do
         end
       end
     end
+
+    context 'on index view' do
+      let( :path ){ calendars_path }
+
+      context 'if present → ' do
+        let( :permission ){ true }
+        it 'index shows an edit button' do
+          expect(page).to have_css('a.btn.btn-default', text: 'Créer')
+        end
+      end
+
+      context 'if absent → ' do
+        let( :permission ){ false }
+        it 'index does not show any edit button' do
+          expect(page).not_to have_css('a.btn.btn-default', text: 'Créer')
+        end
+      end
+    end
   end
 end
diff --git a/spec/features/connection_links_spec.rb b/spec/features/connection_links_spec.rb
index 524fbb89a..0325e6e1c 100644
--- a/spec/features/connection_links_spec.rb
+++ b/spec/features/connection_links_spec.rb
@@ -1,7 +1,4 @@
-# -*- coding: utf-8 -*-
-require 'spec_helper'
-
-describe "ConnectionLinks", :type => :feature do
+RSpec.describe "ConnectionLinks", :type => :feature do
   login_user
 
   let!(:connection_links) { Array.new(2) { create(:connection_link) } }
diff --git a/spec/jobs/mailer_job_spec.rb b/spec/jobs/mailer_job_spec.rb
deleted file mode 100644
index 363b8724a..000000000
--- a/spec/jobs/mailer_job_spec.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-require 'rails_helper'
-
-RSpec.describe MailerJob, type: :job do
-  pending "add some examples to (or delete) #{__FILE__}"
-end
diff --git a/spec/lib/stif/permission_translator_spec.rb b/spec/lib/stif/permission_translator_spec.rb
new file mode 100644
index 000000000..3672c7937
--- /dev/null
+++ b/spec/lib/stif/permission_translator_spec.rb
@@ -0,0 +1,10 @@
+RSpec.describe Stif::PermissionTranslator do
+
+  context "SSO Permission boiv:read:offer →" do
+
+    it "sessions:create only" do
+      expect( described_class.translate(%w{boiv:read:offer}) ).to eq(%w{sessions:create})
+    end
+
+  end
+end
diff --git a/spec/mailers/calendar_mailer_spec.rb b/spec/mailers/calendar_mailer_spec.rb
index d41092461..49cc3cce8 100644
--- a/spec/mailers/calendar_mailer_spec.rb
+++ b/spec/mailers/calendar_mailer_spec.rb
@@ -20,7 +20,7 @@ RSpec.describe CalendarMailer, type: :mailer do
     end
 
     it 'should have correct body' do
-      key = I18n.t("mailers.calendar_mailer.#{type}.body")
+      key = I18n.t("mailers.calendar_mailer.#{type}.body", cal_name: calendar.name, cal_index_url: calendars_url)
       expect(email).to have_body_text /#{key}/
     end
   end
diff --git a/spec/mailers/previews/calendar_mailer_preview.rb b/spec/mailers/previews/calendar_mailer_preview.rb
index 572c6c667..5fa108924 100644
--- a/spec/mailers/previews/calendar_mailer_preview.rb
+++ b/spec/mailers/previews/calendar_mailer_preview.rb
@@ -1,4 +1,13 @@
 # Preview all emails at http://localhost:3000/rails/mailers/calendar_mailer
 class CalendarMailerPreview < ActionMailer::Preview
 
+  def created
+    cal = Calendar.new(name: 'test calendar', shared: true)
+    CalendarMailer.created(cal, User.take)
+  end
+
+  def updated
+    cal = Calendar.new(name: 'test calendar', shared: true)
+    CalendarMailer.updated(cal, User.take)
+  end
 end
diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb
index 57f771c54..294be8198 100644
--- a/spec/policies/calendar_policy_spec.rb
+++ b/spec/policies/calendar_policy_spec.rb
@@ -5,7 +5,7 @@ RSpec.describe CalendarPolicy, type: :policy do
 
 
   permissions :create? do
-    it_behaves_like 'permitted policy and same organisation', 'calendars.create', archived: true
+    it_behaves_like 'permitted policy', 'calendars.create', archived: true
   end
   permissions :destroy? do
     it_behaves_like 'permitted policy and same organisation', 'calendars.destroy', archived: true
@@ -14,7 +14,7 @@ RSpec.describe CalendarPolicy, type: :policy do
     it_behaves_like 'permitted policy and same organisation', 'calendars.update', archived: true
   end
   permissions :new? do
-    it_behaves_like 'permitted policy and same organisation', 'calendars.create', archived: true
+    it_behaves_like 'permitted policy', 'calendars.create', archived: true
   end
   permissions :update? do
     it_behaves_like 'permitted policy and same organisation', 'calendars.update', archived: true
diff --git a/spec/support/devise.rb b/spec/support/devise.rb
index 28703c072..46249fef2 100644
--- a/spec/support/devise.rb
+++ b/spec/support/devise.rb
@@ -3,13 +3,11 @@ module DeviseRequestHelper
 
   def login_user
     organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation))
-    @user ||= create(:user, :organisation => organisation,
-                     :permissions => ['routes.create', 'routes.update', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.update', 'journey_patterns.destroy',
-                                      'vehicle_journeys.create', 'vehicle_journeys.update', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.update', 'time_tables.destroy',
-                                      'footnotes.update', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.update', 'routing_constraint_zones.destroy',
-                                      'access_points.create', 'access_points.update', 'access_points.destroy', 'access_links.create', 'access_links.update', 'access_links.destroy',
-                                      'connection_links.create', 'connection_links.update', 'connection_links.destroy', 'route_sections.create', 'route_sections.update', 'route_sections.destroy',
-                                      'referentials.create', 'referentials.update', 'referentials.destroy'])
+    @user ||= 
+      create(:user,
+             :organisation => organisation,
+             :permissions  => Support::Permissions.all_permissions)
+
     login_as @user, :scope => :user
     # post_via_redirect user_session_path, 'user[email]' => @user.email, 'user[password]' => @user.password
   end
@@ -38,28 +36,12 @@ end
 module DeviseControllerHelper
 
   def setup_user
-    _all_actions = %w{create destroy update}
-    _all_resources = %w{ access_links
-            access_points
-            connection_links
-            footnotes
-            journey_patterns
-            referentials
-            route_sections
-            routes
-            routing_constraint_zones
-            time_tables
-            vehicle_journeys }
-    join_with =  -> (separator) do 
-      -> (ary) { ary.join(separator) }
-    end
-
     before do
       @request.env["devise.mapping"] = Devise.mappings[:user]
       organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation))
       @user = create(:user,
                      organisation: organisation,
-                     permissions: _all_resources.product( _all_actions ).map(&join_with.('.')))
+                     permissions: Support::Permissions.all_permissions)
     end
   end
 
@@ -70,8 +52,6 @@ module DeviseControllerHelper
     end
   end
 
-  private
-
 end
 
 RSpec.configure do |config|
diff --git a/spec/support/permissions.rb b/spec/support/permissions.rb
new file mode 100644
index 000000000..a13010f65
--- /dev/null
+++ b/spec/support/permissions.rb
@@ -0,0 +1,28 @@
+module Support
+  module Permissions extend self
+
+    def all_permissions
+      @__all_permissions__ ||= _destructive_permissions << 'sessions:create'
+    end
+
+    private
+
+    def _destructive_permissions
+      _permitted_resources.product( %w{create destroy update} ).map{ |model_action| model_action.join('.') }
+    end
+
+    def _permitted_resources
+      %w[
+      access_points
+      connection_links
+      footnotes
+      journey_patterns
+      referentials
+      routes
+      routing_constraint_zones
+      time_tables
+      vehicle_journeys
+      ]
+    end
+  end
+end
diff --git a/spec/support/pundit/shared_examples.rb b/spec/support/pundit/shared_examples.rb
index b91caa479..63a106759 100644
--- a/spec/support/pundit/shared_examples.rb
+++ b/spec/support/pundit/shared_examples.rb
@@ -64,7 +64,7 @@ RSpec.shared_examples 'always forbidden' do
     end
   end
 end
-j
+
 RSpec.shared_examples 'permitted policy and same organisation' do
   | permission, archived: false|
 
@@ -101,3 +101,31 @@ RSpec.shared_examples 'permitted policy and same organisation' do
     end
   end
 end
+
+RSpec.shared_examples 'permitted policy' do
+  | permission, archived: false|
+
+  context 'permission absent → ' do
+    it "denies user" do
+      expect_it.not_to permit(user_context, record)
+    end
+  end
+
+  context 'permission present → '  do
+    before do
+      add_permissions(permission, for_user: user)
+    end
+
+    it 'allows user' do
+      expect_it.to permit(user_context, record)
+    end
+
+    if archived
+      it 'removes the permission for archived referentials' do
+        user.organisation_id = referential.organisation_id
+        referential.archived_at = 42.seconds.ago
+        expect_it.not_to permit(user_context, record)
+      end
+    end
+  end
+end