Merge branch 'staging' into replace-ingredient-request

betagouv · Dec 19, 2024 · 5786381 · 5786381
2 parents b5a217a + 95815a6
commit 5786381
Show file tree

Hide file tree

Showing 72 changed files with 2,593 additions and 1,107 deletions.
diff --git a/api/permissions.py b/api/permissions.py
@@ -27,9 +27,12 @@ def has_object_permission(self, request, view, obj):  # obj est une déclaration
         if created_by_user:  # Pour éviter les requêtes successives si on n'a pas besoin
             return True
 
-        user_has_company_roles = (
-            obj.company in request.user.declarable_companies.all()
-            or obj.company in request.user.supervisable_companies.all()
+        declarable_companies = request.user.declarable_companies.all()
+        supervisable_companies = request.user.supervisable_companies.all()
+        companies = declarable_companies.union(supervisable_companies)
+
+        user_has_company_roles = obj.company in companies or (
+            obj.mandated_company and obj.mandated_company in companies
         )
         return user_has_company_roles
 
@@ -50,7 +53,8 @@ class IsDeclarant(permissions.BasePermission):
 
     def has_object_permission(self, request, view, obj):  # obj: Declaration
         user = request.user
-        return user.is_authenticated and obj.company.declarant_roles.filter(user=user).exists()
+        companies = [obj.company] + list(obj.company.mandated_companies.all())
+        return user.is_authenticated and any(company in user.declarable_companies.all() for company in companies)
 
 
 class IsDeclarationAuthor(permissions.BasePermission):
@@ -95,15 +99,30 @@ class CanAccessIndividualDeclaration(permissions.BasePermission):
     def has_object_permission(self, request, view, obj):  # obj: Declaration
         if not request.user.is_authenticated:
             return False
+
         is_author = IsDeclarationAuthor().has_object_permission(request, view, obj)
-        is_from_same_company = obj.company in request.user.declarable_companies.all()
         is_agent = IsInstructor().has_permission(request, view) or IsVisor().has_permission(request, view)
-        is_declarant = IsDeclarant().has_object_permission(request, view, obj)
+
+        declarable_companies = request.user.declarable_companies.all()
+        is_declarant_from_same_company = obj.company in declarable_companies or (
+            obj.mandated_company and obj.mandated_company in declarable_companies
+        )
+
+        superviseable_companies = request.user.supervisable_companies.all()
+        is_supervisor_from_same_company = obj.company in superviseable_companies or (
+            obj.mandated_company and obj.mandated_company in superviseable_companies
+        )
+
         is_draft = obj.status == Declaration.DeclarationStatus.DRAFT
         if request.method in permissions.SAFE_METHODS:
-            return is_author or is_from_same_company or (is_agent and not is_draft)
+            return (
+                is_author
+                or is_declarant_from_same_company
+                or is_supervisor_from_same_company
+                or (is_agent and not is_draft)
+            )
 
-        return ((is_author or is_from_same_company) and is_declarant) or (is_agent and not is_draft)
+        return (is_author or is_declarant_from_same_company) or (is_agent and not is_draft)
 
 
 class CanTakeAuthorship(permissions.BasePermission):
@@ -112,7 +131,9 @@ class CanTakeAuthorship(permissions.BasePermission):
     def has_object_permission(self, request, view, obj):  # obj: Declaration
         if not request.user.is_authenticated:
             return False
-        is_from_same_company = obj.company in request.user.declarable_companies.all()
+        declarable_companies = request.user.declarable_companies.all()
+        is_from_same_company = obj.company in declarable_companies
+        is_from_mandated_company = obj.mandated_company and obj.mandated_company in declarable_companies
         is_declarant = IsDeclarant().has_object_permission(request, view, obj)
 
-        return is_from_same_company and is_declarant
+        return (is_from_same_company or is_from_mandated_company) and is_declarant
diff --git a/api/serializers/__init__.py b/api/serializers/__init__.py
@@ -31,6 +31,6 @@
     DeclaredSubstanceSerializer,
     DeclaredIngredientSerializer,
 )
-from .company import CompanySerializer
+from .company import CompanySerializer, MinimalCompanySerializer
 from .solicitation import CollaborationInvitationSerializer, CompanyAccessClaimSerializer, AddNewCollaboratorSerializer
 from .snapshot import SnapshotSerializer
diff --git a/api/serializers/company.py b/api/serializers/company.py
@@ -4,6 +4,17 @@
 from data.models import Company, DeclarantRole, SupervisorRole
 
 
+class MinimalCompanySerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Company
+        fields = (
+            "id",
+            "social_name",
+            "siret",
+            "vat",
+        )
+
+
 class SimpleCompanySerializer(serializers.ModelSerializer):
     class Meta:
         model = Company
@@ -20,6 +31,12 @@ class Meta:
 
 
 class CompanySerializer(serializers.ModelSerializer):
+    id = serializers.IntegerField(read_only=True)
+    phone_number = PhoneNumberField()
+    country_label = serializers.CharField(read_only=True, source="get_country_display")
+    mandated_companies = MinimalCompanySerializer(read_only=True, many=True)
+    represented_companies = MinimalCompanySerializer(read_only=True, many=True)
+
     class Meta:
         model = Company
         fields = (
@@ -39,11 +56,13 @@ class Meta:
             "phone_number",
             "email",
             "website",
+            "mandated_companies",
+            "represented_companies",
+        )
+        read_only_fields = (
+            "mandated_companies",
+            "represented_companies",
         )
-
-    id = serializers.IntegerField(read_only=True)
-    phone_number = PhoneNumberField()
-    country_label = serializers.CharField(read_only=True, source="get_country_display")
 
     def to_internal_value(self, data):
         # permet de définir dynamiquement la bonne région pour le numéro de téléphone entré

diff --git a/api/serializers/declaration.py b/api/serializers/declaration.py
@@ -262,6 +262,7 @@ class SimpleDeclarationSerializer(serializers.ModelSerializer):
     visor = SimpleUserSerializer(read_only=True, source="visor.user")
     author = SimpleUserSerializer(read_only=True)
     company = SimpleCompanySerializer(read_only=True)
+    mandated_company = SimpleCompanySerializer(read_only=True)
 
     class Meta:
         model = Declaration
@@ -270,6 +271,7 @@ class Meta:
             "status",
             "author",
             "company",
+            "mandated_company",
             "name",
             "brand",
             "gamme",
@@ -280,6 +282,7 @@ class Meta:
             "visor",
             "response_limit_date",
             "visa_refused",
+            "has_pending_pro_responses",
             "article",
         )
         read_only_fields = fields
@@ -403,6 +406,9 @@ def __init__(self, *args, **kwargs):
     visor = SimpleUserSerializer(read_only=True, source="visor.user")
     author = serializers.PrimaryKeyRelatedField(read_only=True, allow_null=True)
     company = serializers.PrimaryKeyRelatedField(queryset=Company.objects.all(), allow_null=True)
+    mandated_company = serializers.PrimaryKeyRelatedField(
+        queryset=Company.objects.all(), allow_null=True, required=False
+    )
     unit_measurement = serializers.PrimaryKeyRelatedField(
         queryset=SubstanceUnit.objects.all(), required=False, allow_null=True
     )
@@ -435,6 +441,7 @@ class Meta:
             "status",
             "author",
             "company",
+            "mandated_company",
             "address",
             "additional_details",
             "postal_code",
@@ -500,6 +507,7 @@ def setup_eager_loading(queryset):
         queryset = queryset.select_related(
             "author",
             "company",
+            "mandated_company",
             "unit_measurement",
             "galenic_formulation",
         )
@@ -561,6 +569,7 @@ def _assign_declared_items(self, instance, validated_data):
 class DeclarationShortSerializer(serializers.ModelSerializer):
     author = SimpleUserSerializer(read_only=True)
     company = SimpleCompanySerializer(read_only=True)
+    mandated_company = SimpleCompanySerializer(read_only=True)
 
     class Meta:
         model = Declaration
@@ -569,6 +578,7 @@ class Meta:
             "status",
             "author",
             "company",
+            "mandated_company",
             "name",
             "brand",
             "gamme",

diff --git a/api/serializers/user.py b/api/serializers/user.py
@@ -6,7 +6,12 @@
 from data.models import InstructionRole, VisaRole
 from data.models.company import DeclarantRole, SupervisorRole
 
-from .company import DeclarantRoleSerializer, SimpleCompanySerializer, SupervisorRoleSerializer
+from .company import (
+    DeclarantRoleSerializer,
+    MinimalCompanySerializer,
+    SimpleCompanySerializer,
+    SupervisorRoleSerializer,
+)
 from .global_roles import InstructionRoleSerializer, VisaRoleSerializer
 
 User = get_user_model()
@@ -57,17 +62,23 @@ class Meta:
     global_roles = serializers.SerializerMethodField(read_only=True)
 
     def get_companies(self, obj):
-        from data.models import Company  # évite un import circulaire
-
         result = []
-        for company_id, roles in obj.get_roles_mapped_to_companies().items():
-            company_data_dict = SimpleCompanySerializer(Company.objects.get(id=company_id)).data
-            role_data = [ROLE_SERIALIZER_MAPPING[type(role)](role).data for role in roles]
-            # Merge les deux types de données
-            result.append(company_data_dict | {"roles": role_data})
-
+        for company, roles in obj.get_roles_mapped_to_companies().items():
+            result.append(UserSerializer._get_result_item(company, roles))
+            declarant_role = next((x for x in roles if type(x) is DeclarantRole), None)
+            if declarant_role:
+                for represented_company in company.represented_companies.all():
+                    result.append(UserSerializer._get_result_item(represented_company, [declarant_role], company))
         return result
 
+    @staticmethod
+    def _get_result_item(company, roles, represented_by=None):
+        company_data_dict = SimpleCompanySerializer(company).data
+        if represented_by:
+            company_data_dict["represented_by"] = MinimalCompanySerializer(represented_by).data
+        role_data = [ROLE_SERIALIZER_MAPPING[type(role)](role).data for role in roles]
+        return company_data_dict | {"roles": role_data}
+
     def get_global_roles(self, obj):
         return [ROLE_SERIALIZER_MAPPING[type(role)](role).data for role in obj.get_global_roles()]