API: Implement /api/v1/demandes

etalab · Jan 20, 2025 · 5c3dbe6 · 5c3dbe6
1 parent 66ff685
commit 5c3dbe6
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 3 deletions.
diff --git a/app/controllers/api/v1/authorization_requests_controller.rb b/app/controllers/api/v1/authorization_requests_controller.rb
@@ -0,0 +1,24 @@
+class API::V1::AuthorizationRequestsController < API::V1Controller
+  def index
+    authorization_requests = AuthorizationRequest
+      .where(type: valid_authorization_request_types)
+      .offset(params[:offset])
+      .limit(params.fetch(:limit, 10))
+
+    if authorization_requests.any?
+      render json: authorization_requests,
+        each_serializer: API::V1::AuthorizationRequestSerializer,
+        status: :ok
+    else
+      render_error(404, title: 'Non trouvé', detail: 'Aucune demande n\'a été trouvé')
+    end
+  end
+
+  private
+
+  def valid_authorization_request_types
+    current_user.developer_roles.map do |role|
+      "AuthorizationRequest::#{role.split(':')[0].classify}"
+    end
+  end
+end
diff --git a/app/serializers/api/v1/authorization_request_serializer.rb b/app/serializers/api/v1/authorization_request_serializer.rb
@@ -0,0 +1 @@
+class API::V1::AuthorizationRequestSerializer < WebhookAuthorizationRequestSerializer; end
diff --git a/config/openapi/v1.yaml b/config/openapi/v1.yaml
@@ -124,7 +124,7 @@ components:
 
     Utilisateur:
       type: object
-      description: Utilisateur. L'ensemble des informations, excepté l'identifiant, sont issue de MonComptePro.
+      description: Utilisateur. L'ensemble des informations, excepté l'identifiant, sont issue de ProConnect.
       properties:
         id:
           type: integer
@@ -152,7 +152,7 @@ components:
 
     Organisation:
       type: object
-      description: Organisation. Les informations renvoyées sont tiré de l'INSEE et de MonComptePro.
+      description: Organisation. Les informations renvoyées sont tiré de l'INSEE et de ProConnect.
       properties:
         id:
           type: integer
@@ -273,6 +273,13 @@ components:
               - detail
 
   responses:
+    NotFoundError:
+      description: Resource non trouvée
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/ErrorResponse'
+
     UnauthorizedError:
       description: Accès non autorisé - le jeton n'est pas valide ou absent.
       content:
@@ -297,7 +304,7 @@ components:
 paths:
   /demandes:
     get:
-      summary: Récupérer la liste des demandes d'habilitations
+      summary: Récupérer la liste des demandes d'habilitations associé aux droits développeur de l'utilisateur
       tags:
         - Demandes d'habilitations
       security:
@@ -333,6 +340,8 @@ paths:
           $ref: '#/components/responses/UnauthorizedError'
         403:
           $ref: '#/components/responses/ForbiddenError'
+        404:
+          $ref: '#/components/responses/NotFoundError'
     post:
       summary: Créer une nouvelle demande d'habilitation
       tags:

diff --git a/config/routes.rb b/config/routes.rb
@@ -95,13 +95,16 @@
   end
 
   get '/api-docs/v1.yaml', to: ->(env) { [200, { 'Content-Type' => 'application/yaml', 'Content-Disposition' => 'inline;filename="datapass-v1.yaml"' }, [File.read(Rails.root.join('config/openapi/v1.yaml'))]] }, as: :open_api_v1
+  get '/developpeurs', to: redirect('/developpeurs/documentation')
   get '/developpeurs/documentation', to: 'open_api#show'
 
   namespace :api do
     resources :frontal, only: :index
 
     namespace :v1 do
       get '/me', to: 'credentials#me'
+
+      resources :authorization_requests, path: 'demandes', only: :index
     end
   end
 

diff --git a/spec/requests/api/v1/authorization_requests_controller_spec.rb b/spec/requests/api/v1/authorization_requests_controller_spec.rb
@@ -0,0 +1,24 @@
+RSpec.describe 'API: Authorization requests', type: :request do
+  let(:user) { create(:user, :developer) }
+  let(:application) { create(:oauth_application, owner: user) }
+  let(:access_token) { create(:access_token, application:, resource_owner_id: user.id) }
+
+  describe 'index' do
+    subject(:get_index) do
+      get '/api/v1/demandes', headers: { 'Authorization' => "Bearer #{access_token.token}" }
+    end
+
+    context 'when there is at least one authorization request associated to one of the user developer role' do
+      let!(:valid_authorization_request) { create(:authorization_request, :api_entreprise) }
+      let!(:invalid_authorization_request) { create(:authorization_request, :api_particulier) }
+
+      it 'reponds OK with data' do
+        get_index
+
+        expect(response.status).to eq(200)
+        expect(response.parsed_body.count).to eq(1)
+        expect(response.parsed_body[0]['id']).to eq(valid_authorization_request.id)
+      end
+    end
+  end
+end
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		class API::V1::AuthorizationRequestSerializer < WebhookAuthorizationRequestSerializer; end