Merge pull request #230 from SocialGouv/main

release 2024-05-31
SocialGouv · May 31, 2024 · e8f251d · e8f251d
2 parents 88411bd + 9323e54
commit e8f251d
Show file tree

Hide file tree

Showing 93 changed files with 1,484 additions and 1,285 deletions.
diff --git a/.env.dev.example.env b/.env.dev.example.env
@@ -53,4 +53,4 @@ API_INSEE_CLIENT_ID=""
 API_INSEE_URL="https://api.insee.fr"
 API_INSEE_URI="/entreprises/sirene/V3.11"
 
-ANTIVIRUS_URL="http://clamav-rest.clamav.svc/api/v1/scan"
+ANTIVIRUS_URL="https://antivirus.fabrique.social.gouv.fr/vao/api/v1/scan"
diff --git a/.kontinuous/env/dev/templates/backend.configmap.yaml b/.kontinuous/env/dev/templates/backend.configmap.yaml
@@ -5,7 +5,7 @@ metadata:
 data:
   API_INSEE_URL: "https://api.insee.fr"
   API_INSEE_URI: "/entreprises/sirene/V3.11"
-  ANTIVIRUS_URL: "http://clamav-rest.clamav.svc/api/v1/scan"
+  ANTIVIRUS_URL: "https://antivirus.fabrique.social.gouv.fr/vao/api/v1/scan"
   BACKEND_URL: "https://api-{{ .Values.global.host }}"
   FRONTEND_USAGERS_URL: "https://{{ .Values.global.host }}"
   FRONTEND_BO_URL: "https://bo-{{ .Values.global.host }}"

diff --git a/.kontinuous/env/preprod/templates/backend.configmap.yaml b/.kontinuous/env/preprod/templates/backend.configmap.yaml
@@ -5,12 +5,12 @@ metadata:
 data:
   API_INSEE_URL: "https://api.insee.fr"
   API_INSEE_URI: "/entreprises/sirene/V3.11"
-  ANTIVIRUS_URL: "http://clamav-rest.clamav.svc/api/v1/scan"
+  ANTIVIRUS_URL: "https://antivirus.fabrique.social.gouv.fr/vao/api/v1/scan"
   BACKEND_URL: "https://api-{{ .Values.global.host }}"
   FRONTEND_USAGERS_URL: "https://{{ .Values.global.host }}"
   FRONTEND_BO_URL: "https://bo-{{ .Values.global.host }}"
   SENDER_EMAIL: "[email protected]"
   SENTRY_DSN: "https://[email protected]/102"
   SENTRY_ENABLED: "true"
   SENTRY_ENVIRONMENT: staging
-  TMP_DIRECTORY: "/tmp"
+  TMP_DIRECTORY: "/tmp"
diff --git a/.kontinuous/env/prod/templates/backend.configmap.yaml b/.kontinuous/env/prod/templates/backend.configmap.yaml
@@ -4,7 +4,7 @@ metadata:
   name: backend
   namespace: vao
 data:
-  ANTIVIRUS_URL: "http://clamav-rest.clamav.svc/api/v1/scan"
+  ANTIVIRUS_URL: "https://antivirus.fabrique.social.gouv.fr/vao/api/v1/scan"
   API_INSEE_URL: "https://api.insee.fr"
   API_INSEE_URI: "/entreprises/sirene/V3.11"
   BACKEND_URL: "https://api-vao.social.gouv.fr"

diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml
@@ -157,7 +157,7 @@ jobs:
       ~needs: [build-migrations, init-db]
       retry: 3
       checkout: true
-      image: "{{ .Values.global.registry }}/{{ .Values.global.imageRepository }}/{{ .Values.global.projectName }}/migrations:{{ .Values.global.imageTag }}"
+      image: "{{ .Values.global.registry }}/{{ .Values.global.projectName }}/{{ .Values.global.imageRepository }}/migrations:{{ .Values.global.imageTag }}"
       env:
         - name: PG_VAO_SUPERUSER
           valueFrom:

diff --git a/.talismanrc b/.talismanrc
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -121,3 +121,12 @@ services:
     ports:
       - "1080:1080"
       - "1025:1025"
+
+  pghero:
+    image: ankane/pghero
+    environment:
+      - DATABASE_URL=postgres://${PG_VAO_SUPERUSER}:${PG_VAO_SUPERPASSWORD}@postgres:5432/vao
+    ports:
+      - "8080:8080"
+    depends_on:
+      - postgres
diff --git a/packages/backend/src/controllers/bo-authentication/email/login.js b/packages/backend/src/controllers/bo-authentication/email/login.js
@@ -55,6 +55,8 @@ module.exports = async function login(req, res, next) {
     );
   }
 
+  user.serviceCompetent = (user.territoireCode === "FRA") ? 'NAT' : (/^[0-9]+$/.test(user.territoireCode)) ? 'DEP' : 'REG';
+
   try {
     const accessToken = jwt.sign(buildAccessToken(user), config.tokenSecret, {
       algorithm: "ES512",

diff --git a/packages/backend/src/controllers/bo-user/create.js b/packages/backend/src/controllers/bo-user/create.js
@@ -7,6 +7,8 @@ const ValidationAppError = require("../../utils/validation-error");
 const MailUtils = require("../../utils/mail");
 const Send = require("../../services/mail").mailService.send;
 const { buildEmailToken } = require("../../utils/bo-token");
+const serviceCompetence = require("./service-competence");
+const verifyCompetence = require("./service-competence");
 
 const BOUserSchema = require("../../schemas/bo-user");
 const config = require("../../config");
@@ -25,30 +27,36 @@ module.exports = async function create(req, res, next) {
   } catch (error) {
     return next(new ValidationAppError(error));
   }
-
-  try {
-    await BoUser.create(user);
-
+  const serviceCompetentUserConnected = await serviceCompetence(req.decoded.territoireCode);
+  const serviceCompetentUtilisateurCreate = await serviceCompetence(user.territoireCode);
+  if (verifyCompetence(serviceCompetentUserConnected,serviceCompetentUtilisateurCreate))
+  {
     try {
-      const email = user.email;
-      const token = jwt.sign(buildEmailToken(email), config.tokenSecret, {
-        algorithm: "ES512",
-        expiresIn: config.validationToken.expiresIn / 1000,
-      });
-
-      await Send(
-        MailUtils.bo.authentication.sendValidationMail({
-          email,
-          token,
-        }),
-      );
+      await BoUser.create(user);
+
+      try {
+        const email = user.email;
+        const token = jwt.sign(buildEmailToken(email), config.tokenSecret, {
+          algorithm: "ES512",
+          expiresIn: config.validationToken.expiresIn / 1000,
+        });
+
+        await Send(
+          MailUtils.bo.authentication.sendValidationMail({
+            email,
+            token,
+          }),
+        );
+      } catch (error) {
+        log.w(error.name, error.message);
+      }
+
+      return res.status(200).json({ message: "Utilisateur créé" });
     } catch (error) {
-      log.w(error.name, error.message);
+      log.w("DONE with error");
+      return next(error);
     }
-
-    return res.status(200).json({ message: "Utilisateur créé" });
-  } catch (error) {
-    log.w("DONE with error");
-    return next(error);
   }
+  else
+    return res.status(403).json({ message: "Permission refusée. Privilèges insuffisants" });
 };
diff --git a/packages/backend/src/controllers/bo-user/index.js b/packages/backend/src/controllers/bo-user/index.js
@@ -3,3 +3,5 @@ module.exports.getOne = require("./get-one");
 module.exports.getMe = require("./get-me");
 module.exports.create = require("./create");
 module.exports.update = require("./update");
+module.exports.serviceCompetence = require("./service-competence");
+module.exports.verifyCompetence = require("./service-competence");
diff --git a/packages/backend/src/controllers/bo-user/list.js b/packages/backend/src/controllers/bo-user/list.js
@@ -1,7 +1,8 @@
 const BoUser = require("../../services/BoUser");
-// const Session = require("../../services/Session");
+const { object, number, string } = require("yup");
 
 const logger = require("../../utils/logger");
+const ValidationAppError = require("../../utils/validation-error");
 
 const log = logger(module.filename);
 
@@ -11,16 +12,43 @@ module.exports = async function list(req, res, next) {
   const { id: adminId } = decoded ?? {};
   log.d("userId", { adminId });
 
+  let params;
   try {
-    const { limit, offset, sortBy, sortDirection, search } = req.query;
+    const search = req.query.search ? JSON.parse(req.query.search) : {};
     log.d({ search });
-    const result = await BoUser.read({
-      limit,
-      offset,
-      search: JSON.parse(search ?? "{}"),
-      sortBy,
-      sortDirection,
-    });
+    params = await object({
+      limit: number().nullable(),
+      offset: number().nullable(),
+      search: object().json().nullable(),
+      sortBy: string()
+        .oneOf([
+          "id",
+          "email",
+          "hasPwd",
+          "isBlocked",
+          "nom",
+          "prenom",
+          "validated",
+          "territoire",
+          "territoireCode",
+          "territoireParent",
+          "roles",
+        ])
+        .nullable(),
+      sortDirection: string().oneOf(["ASC", "DESC"]).nullable(),
+    }).validate(
+      { ...req.query, search },
+      {
+        abortEarly: false,
+      },
+    );
+  } catch (error) {
+    return next(new ValidationAppError(error));
+  }
+
+  try {
+    log.d(params);
+    const result = await BoUser.read(params);
     log.d(result);
     return res.status(200).json(result);
   } catch (error) {

diff --git a/packages/backend/src/controllers/bo-user/service-competence.js b/packages/backend/src/controllers/bo-user/service-competence.js
@@ -0,0 +1,22 @@
+const logger = require("../../utils/logger");
+const { competence } = require("../../helpers/bo-competence")
+
+const log = logger(module.filename);
+
+module.exports = async function serviceCompetence(territoireCode) {
+  try {
+    log.i("IN"),territoireCode;
+    log.i("DONE");
+    return (territoireCode === "FRA") ? 'NAT' : (/^[0-9]+$/.test(territoireCode)) ? 'DEP' : 'REG';
+  } catch (error) {
+    log.w("DONE with error");
+    return error;
+  }
+};
+
+module.exports = async function verifyCompetence(serviceCompetentUserConnected,serviceCompetentUtilisateurCreateOrUpdate) {
+    return (serviceCompetentUserConnected === competence.NATIONALE || (serviceCompetentUtilisateurCreateOrUpdate != competence.NATIONALE && serviceCompetentUserConnected === competence.REGIONALE) || (serviceCompetentUtilisateurCreateOrUpdate === competence.DEPARTEMENTALE && serviceCompetentUserConnected === competence.DEPARTEMENTALE))
+  };
+
+
+
diff --git a/packages/backend/src/controllers/bo-user/update.js b/packages/backend/src/controllers/bo-user/update.js
@@ -4,6 +4,8 @@ const logger = require("../../utils/logger");
 const ValidationAppError = require("../../utils/validation-error");
 
 const BOUserSchema = require("../../schemas/bo-user");
+const serviceCompetence = require("./service-competence");
+const verifyCompetence = require("./service-competence");
 
 const log = logger(module.filename);
 
@@ -20,12 +22,19 @@ module.exports = async function update(req, res, next) {
     log.w(error);
     return next(new ValidationAppError(error));
   }
+  const serviceCompetentUserConnected = await serviceCompetence(req.decoded.territoireCode);
+  const serviceCompetentUtilisateurUpdate = await serviceCompetence(user.territoireCode);
 
-  try {
-    await BoUser.update(userId, user);
-    return res.status(200).json({ message: "Utilisateur mis à jour" });
-  } catch (error) {
-    log.w("DONE with error");
-    return next(error);
+  if (verifyCompetence(serviceCompetentUserConnected,serviceCompetentUtilisateurUpdate))
+  {
+    try {
+      await BoUser.update(userId, user);
+      return res.status(200).json({ message: "Utilisateur mis à jour" });
+    } catch (error) {
+      log.w("DONE with error");
+      return next(error);
+    }
   }
-};
+  else
+    return res.status(403).json({ message: "Permission refusée. Privilèges insuffisants" });
+};
diff --git a/packages/backend/src/controllers/demandeSejour/demandeComplements.js b/packages/backend/src/controllers/demandeSejour/demandeComplements.js
@@ -1,27 +1,27 @@
+const { number } = require("yup");
+
 const DemandeSejour = require("../../services/DemandeSejour");
 
 const logger = require("../../utils/logger");
 const { statuts } = require("../../helpers/ds-statuts");
 const MailUtils = require("../../utils/mail");
 const AppError = require("../../utils/error");
+const ValidationAppError = require("../../utils/validation-error");
 
 const Send = require("../../services/mail").mailService.send;
 
 const log = logger(module.filename);
 
 module.exports = async function post(req, res, next) {
-  const declarationId = req.params.declarationId;
+  let declarationId = req.params.declarationId;
   const { id: userId, territoireCode } = req.decoded;
   const { commentaire } = req.body;
   log.i("IN", { declarationId }, req.body);
 
-  if (!declarationId) {
-    log.w("missing parameter");
-    return next(
-      new AppError("Paramètre incorrect", {
-        statusCode: 400,
-      }),
-    );
+  try {
+    declarationId = await number().required().validate(declarationId);
+  } catch (error) {
+    return next(new ValidationAppError(error));
   }
 
   const declaration = await DemandeSejour.getOne({ "ds.id": declarationId });

diff --git a/packages/backend/src/controllers/demandeSejour/depose.js b/packages/backend/src/controllers/demandeSejour/depose.js
@@ -6,7 +6,9 @@ const Hebergement = require("../../services/Hebergement");
 const Send = require("../../services/mail").mailService.send;
 const PdfDeclaration2Mois = require("../../services/pdf/declaration2mois/generate");
 
-const DeclarationSejourSchema = require("../../schemas/declaration-sejour");
+const {
+  schema: DeclarationSejourSchema,
+} = require("../../schemas/declaration-sejour");
 
 const MailUtils = require("../../utils/mail");
 const logger = require("../../utils/logger");
@@ -90,7 +92,7 @@ module.exports = async function post(req, res, next) {
   const firstHebergementId =
     declaration.hebergement.hebergements[0].hebergementId;
 
-  const hebergement = await Hebergement.getOne({ id: firstHebergementId });
+  const hebergement = await Hebergement.getById(firstHebergementId);
   if (!hebergement) {
     log.w("DONE with error");
     return next(

diff --git a/packages/backend/src/controllers/demandeSejour/getByDepartementCodes.js b/packages/backend/src/controllers/demandeSejour/getByDepartementCodes.js
@@ -10,6 +10,7 @@ module.exports = async function getByDepartementCodes(req, res, next) {
   log.i("IN");
   const { decoded } = req;
   const { id: adminId } = decoded ?? {};
+  const territoireCode = req.decoded.territoireCode;
   log.d("userId", { adminId });
 
   try {
@@ -27,8 +28,22 @@ module.exports = async function getByDepartementCodes(req, res, next) {
         .object({
           limit: yup.number().nullable(),
           offset: yup.number().nullable(),
-          search: yup.object().json(),
-          sortBy: yup.string().nullable(),
+          search: yup.object().json().nullable(),
+          sortBy: yup
+            .string()
+            .oneOf([
+              "libelle",
+              "statut",
+              "typeOrganisme",
+              "personneMorale",
+              "personnePhysique",
+              "demandeSejourId",
+              "dateDebut",
+              "dateFin",
+              "organismeId",
+              "organisme",
+            ])
+            .nullable(),
           sortDirection: yup.string().oneOf(["ASC", "DESC"]).nullable(),
         })
         .validate(params, {
@@ -38,9 +53,9 @@ module.exports = async function getByDepartementCodes(req, res, next) {
     } catch (error) {
       return next(new ValidationAppError(error));
     }
-
     const demandesWithPagination = await DemandeSejour.getByDepartementCodes(
-      params,
+      params, 
+      territoireCode,
       req.departements.map((d) => d.value),
     );
     log.d(demandesWithPagination);