[FEATURE] Enregistrer la date de dernière connexion aux orgas & cdc seulement sur les memberships actifs (PIX-16990)

 #11641

Author: pix-service-auto-merge

api/src/shared/domain/models/Membership.js

@@ -6,12 +6,13 @@ const roles = {
 };
 
 class Membership {
-  constructor({ id, organizationRole = roles.MEMBER, updatedByUserId, organization, user } = {}) {
+  constructor({ id, organizationRole = roles.MEMBER, updatedByUserId, organization, user, disabledAt } = {}) {
     this.id = id;
     this.organizationRole = organizationRole;
     this.updatedByUserId = updatedByUserId;
     this.organization = organization;
     this.user = user;
+    this.disabledAt = disabledAt;
   }
 
   get isAdmin() {

api/src/team/application/certification-center-membership/certification-center-membership.controller.js

@@ -72,11 +72,11 @@ const updateReferer = async function (request, h) {
 
 const updateLastAccessedAt = async function (request, h, dependencies = { requestResponseUtils }) {
   const userId = dependencies.requestResponseUtils.extractUserIdFromRequest(request);
-  const certificationCenterId = request.params.certificationCenterId;
+  const certificationCenterMembershipId = request.params.certificationCenterMembershipId;
 
   await usecases.updateCertificationCenterMembershipLastAccessedAt({
     userId,
-    certificationCenterId,
+    certificationCenterMembershipId,
   });
 
   return h.response().code(204);

api/src/team/application/certification-center-membership/certification-center-membership.route.js

@@ -93,18 +93,12 @@ export const certificationCenterMembershipRoute = [
     },
   },
   {
-    method: 'PATCH',
-    path: '/api/certification-centers/{certificationCenterId}/certification-center-memberships/me',
+    method: 'POST',
+    path: '/api/certification-center-memberships/{certificationCenterMembershipId}/access',
     config: {
-      pre: [
-        {
-          method: (request, h) => securityPreHandlers.checkUserIsMemberOfCertificationCenter(request, h),
-          assign: 'isMemberOfCertificationCenter',
-        },
-      ],
       validate: {
         params: Joi.object({
-          certificationCenterId: identifiersType.certificationCenterId,
+          certificationCenterMembershipId: identifiersType.certificationCenterMembershipId,
         }),
       },
       handler: (request, h) => certificationCenterMembershipController.updateLastAccessedAt(request, h),

api/src/team/application/membership/membership.controller.js

@@ -61,11 +61,11 @@ const findPaginatedFilteredMemberships = async function (request) {
 
 async function updateLastAccessedAt(request, h, dependencies = { requestResponseUtils }) {
   const userId = dependencies.requestResponseUtils.extractUserIdFromRequest(request);
-  const organizationId = request.params.organizationId;
+  const membershipId = request.params.membershipId;
 
   await usecases.updateMembershipLastAccessedAt({
     userId,
-    organizationId,
+    membershipId,
   });
 
   return h.response().code(204);

api/src/team/application/membership/membership.route.js

@@ -121,18 +121,12 @@ export const membershipRoutes = [
     },
   },
   {
-    method: 'PATCH',
-    path: '/api/organizations/{organizationId}/me',
+    method: 'POST',
+    path: '/api/memberships/{membershipId}/access',
     config: {
-      pre: [
-        {
-          method: (request, h) => securityPreHandlers.checkUserBelongsToOrganization(request, h),
-          assign: 'belongsToOrganization',
-        },
-      ],
       validate: {
         params: Joi.object({
-          organizationId: identifiersType.organizationId,
+          membershipId: identifiersType.membershipId,
         }),
       },
       handler: (request, h) => membershipController.updateLastAccessedAt(request, h),

api/src/team/domain/usecases/update-certification-center-membership-last-accessed-at.usecase.js

@@ -1,18 +1,27 @@
+import { ForbiddenError } from '../../../shared/application/http-errors.js';
+
 /**
  * @param {Object} params
  * @param {string} params.userId
- * @param {string} params.certificationCenterId
+ * @param {string} params.certificationCenterMembershipId
  * @param {CertificationCenterMembershipRepository} params.certificationCenterMembershipRepository
  */
 const updateCertificationCenterMembershipLastAccessedAt = async function ({
   userId,
-  certificationCenterId,
+  certificationCenterMembershipId,
   certificationCenterMembershipRepository,
 }) {
+  const certificationCenterMembership = await certificationCenterMembershipRepository.findById(
+    certificationCenterMembershipId,
+  );
+  if (certificationCenterMembership.user.id !== userId || certificationCenterMembership.disabledAt) {
+    throw new ForbiddenError();
+  }
+
   return certificationCenterMembershipRepository.updateLastAccessedAt({
     lastAccessedAt: new Date(),
     userId,
-    certificationCenterId,
+    certificationCenterMembershipId,
   });
 };
 

api/src/team/domain/usecases/update-membership-last-accessed-at.usecase.js

@@ -1,13 +1,19 @@
+import { ForbiddenError } from '../../../shared/application/http-errors.js';
+
 /**
  * @param {Object} params
  * @param {string} params.userId
- * @param {string} params.organizationId
+ * @param {string} params.membershipId
  * @param {MembershipRepository} params.membershipRepository
  */
-const updateMembershipLastAccessedAt = async function ({ userId, organizationId, membershipRepository }) {
+const updateMembershipLastAccessedAt = async function ({ userId, membershipId, membershipRepository }) {
+  const membership = await membershipRepository.get(membershipId);
+  if (membership.user.id !== userId || membership.disabledAt) {
+    throw new ForbiddenError();
+  }
+
   return membershipRepository.updateLastAccessedAt({
-    userId,
-    organizationId,
+    membershipId,
     lastAccessedAt: new Date(),
   });
 };

api/src/team/infrastructure/repositories/certification-center-membership.repository.js

@@ -45,6 +45,7 @@ function _toDomain(certificationCenterMembershipDTO) {
     updatedAt: certificationCenterMembershipDTO.updatedAt,
     role: certificationCenterMembershipDTO.role,
     lastAccessedAt: certificationCenterMembershipDTO.lastAccessedAt,
+    disabledAt: certificationCenterMembershipDTO.disabledAt,
   });
 }
 
@@ -288,11 +289,11 @@ const update = async function (certificationCenterMembership) {
   await knex(CERTIFICATION_CENTER_MEMBERSHIP_TABLE_NAME).update(data).where({ id: certificationCenterMembership.id });
 };
 
-const updateLastAccessedAt = async function ({ lastAccessedAt, userId, certificationCenterId }) {
+const updateLastAccessedAt = async function ({ lastAccessedAt, certificationCenterMembershipId }) {
   const knexConnection = DomainTransaction.getConnection();
 
   await knexConnection(CERTIFICATION_CENTER_MEMBERSHIP_TABLE_NAME)
-    .where({ userId, certificationCenterId })
+    .where({ id: certificationCenterMembershipId })
     .update({ lastAccessedAt, updatedAt: lastAccessedAt });
 };
 

api/src/team/infrastructure/repositories/membership.repository.js

@@ -177,12 +177,10 @@ export const disableMembershipsByUserId = async function ({ userId, updatedByUse
     .update({ disabledAt: new Date(), updatedAt: new Date(), updatedByUserId });
 };
 
-export const updateLastAccessedAt = async function ({ userId, organizationId, lastAccessedAt }) {
+export const updateLastAccessedAt = async function ({ membershipId, lastAccessedAt }) {
   const knexConnection = DomainTransaction.getConnection();
 
-  await knexConnection(MEMBERSHIPS_TABLE)
-    .where({ userId, organizationId })
-    .update({ lastAccessedAt, updatedAt: new Date() });
+  await knexConnection(MEMBERSHIPS_TABLE).where({ id: membershipId }).update({ lastAccessedAt, updatedAt: new Date() });
 };
 
 const toDomain = (membershipData, userData = null, organizationData = null, organizationTags = null) => {

api/tests/team/acceptance/application/certification-center-membership/certification-center-membership.route.test.js

@@ -193,15 +193,15 @@ describe('Acceptance | Team | Application | Routes | certification-center-member
         const certificationCenterId = databaseBuilder.factory.buildCertificationCenter().id;
 
         const userId = databaseBuilder.factory.buildUser().id;
-        databaseBuilder.factory.buildCertificationCenterMembership({
+        const certificationCenterMembershipId = databaseBuilder.factory.buildCertificationCenterMembership({
           certificationCenterId,
           userId,
-        });
+        }).id;
 
         await databaseBuilder.commit();
         const request = {
-          method: 'PATCH',
-          url: `/api/certification-centers/${certificationCenterId}/certification-center-memberships/me`,
+          method: 'POST',
+          url: `/api/certification-center-memberships/${certificationCenterMembershipId}/access`,
           payload: {},
           headers: generateAuthenticatedUserRequestHeaders({ userId }),
         };

api/tests/team/acceptance/application/membership/membership.route.test.js

@@ -407,25 +407,26 @@ describe('Acceptance | Team | Application | Route | membership', function () {
     });
   });
 
-  describe('PATCH /api/organizations/{id}/me', function () {
+  describe('POST /api/memberships/{id}/access', function () {
     context('when user is one of the members of the organization', function () {
       it('updates user membership lastAccessedAt', async function () {
         // given
         const organizationId = databaseBuilder.factory.buildOrganization().id;
         const organizationMemberUserId = databaseBuilder.factory.buildUser().id;
-        databaseBuilder.factory.buildMembership({
+        const membershipId = databaseBuilder.factory.buildMembership({
           userId: organizationMemberUserId,
           organizationId,
           organizationRole: Membership.roles.MEMBER,
           lastAccessedAt: null,
           updatedAt: new Date('2020-01-01'),
-        });
+          disabledAt: null,
+        }).id;
 
         await databaseBuilder.commit();
 
         const options = {
-          method: 'PATCH',
-          url: `/api/organizations/${organizationId}/me`,
+          method: 'POST',
+          url: `/api/memberships/${membershipId}/access`,
           payload: {},
           headers: generateAuthenticatedUserRequestHeaders({ userId: organizationMemberUserId }),
         };

api/tests/team/integration/application/membership/membership.controller.test.js

@@ -1,3 +1,4 @@
+import { ForbiddenError } from '../../../../../src/shared/application/http-errors.js';
 import { securityPreHandlers } from '../../../../../src/shared/application/security-pre-handlers.js';
 import { InvalidMembershipOrganizationRoleError } from '../../../../../src/shared/domain/errors.js';
 import { Membership } from '../../../../../src/shared/domain/models/index.js';
@@ -322,16 +323,15 @@ describe('Integration | Team | Application | Memberships | membership-controller
 
   describe('#updateLastAccessedAt', function () {
     context('Error case', function () {
-      describe('when user does not belong to organization', function () {
+      describe('when user does not own the membership', function () {
         it('returns an HTTP response with status code 403', async function () {
           // given
-          const organizationId = 1234;
+          const membershipId = 1234;
           const userId = 5678;
-          sinon
-            .stub(securityPreHandlers, 'checkUserBelongsToOrganization')
-            .callsFake((request, h) => h.response().code(403).takeover());
+          sinon.stub(usecases, 'updateMembershipLastAccessedAt').throws(new ForbiddenError());
+
           // when
-          const response = await httpTestServer.request('PATCH', `/api/organizations/${organizationId}/me`, {
+          const response = await httpTestServer.request('POST', `/api/memberships/${membershipId}/access`, {
             auth: { credentials: { userId } },
           });
 

api/tests/team/integration/domain/usecases/update-certification-center-membership-last-accessed-at.usecase.test.js

@@ -1,9 +1,76 @@
+import { ForbiddenError } from '../../../../../src/shared/application/http-errors.js';
+import { NotFoundError } from '../../../../../src/shared/domain/errors.js';
 import { CERTIFICATION_CENTER_MEMBERSHIP_ROLES } from '../../../../../src/shared/domain/models/CertificationCenterMembership.js';
 import { usecases } from '../../../../../src/team/domain/usecases/index.js';
 import { certificationCenterMembershipRepository } from '../../../../../src/team/infrastructure/repositories/certification-center-membership.repository.js';
-import { databaseBuilder, expect, knex, sinon } from '../../../../test-helper.js';
+import { catchErr, databaseBuilder, expect, knex, sinon } from '../../../../test-helper.js';
 
 describe('Integration | Team | UseCases | update-certification-center-membership-last-accessed-at', function () {
+  context('when the certification center membership does not exist', function () {
+    it('throws a NotFoundError', async function () {
+      // given
+      const certificationCenterMembershipId = 4567;
+      const userId = 1234;
+
+      const error = await catchErr(usecases.updateCertificationCenterMembershipLastAccessedAt)({
+        userId,
+        certificationCenterMembershipId,
+        certificationCenterMembershipRepository,
+      });
+
+      expect(error).to.be.instanceOf(NotFoundError);
+    });
+  });
+
+  context('when the user is not the owner of the certification center membership', function () {
+    it('throws a ForbiddenError', async function () {
+      // given
+      const certificationCenterId = databaseBuilder.factory.buildCertificationCenter().id;
+      const userId = databaseBuilder.factory.buildUser().id;
+
+      const certificationCenterMembershipId = databaseBuilder.factory.buildCertificationCenterMembership({
+        certificationCenterId,
+        userId,
+        certificationCenterRole: CERTIFICATION_CENTER_MEMBERSHIP_ROLES.MEMBER,
+      }).id;
+
+      await databaseBuilder.commit();
+
+      const error = await catchErr(usecases.updateCertificationCenterMembershipLastAccessedAt)({
+        userId: userId + 1,
+        certificationCenterMembershipId,
+        certificationCenterMembershipRepository,
+      });
+
+      expect(error).to.be.instanceOf(ForbiddenError);
+    });
+  });
+
+  context('when the certification center membership is disabled', function () {
+    it('throws a ForbiddenError', async function () {
+      // given
+      const certificationCenterId = databaseBuilder.factory.buildCertificationCenter().id;
+      const userId = databaseBuilder.factory.buildUser().id;
+
+      const certificationCenterMembershipId = databaseBuilder.factory.buildCertificationCenterMembership({
+        certificationCenterId,
+        userId,
+        certificationCenterRole: CERTIFICATION_CENTER_MEMBERSHIP_ROLES.MEMBER,
+        disabledAt: new Date(),
+      }).id;
+
+      await databaseBuilder.commit();
+
+      const error = await catchErr(usecases.updateCertificationCenterMembershipLastAccessedAt)({
+        userId,
+        certificationCenterMembershipId,
+        certificationCenterMembershipRepository,
+      });
+
+      expect(error).to.be.instanceOf(ForbiddenError);
+    });
+  });
+
   it('updates certification center membership lastAccessedAt', async function () {
     // given
     const now = new Date('2021-01-02');
@@ -12,19 +79,20 @@ describe('Integration | Team | UseCases | update-certification-center-membership
     const certificationCenterId = databaseBuilder.factory.buildCertificationCenter().id;
     const userId = databaseBuilder.factory.buildUser().id;
 
-    databaseBuilder.factory.buildCertificationCenterMembership({
+    const certificationCenterMembershipId = databaseBuilder.factory.buildCertificationCenterMembership({
       certificationCenterId,
       userId,
       certificationCenterRole: CERTIFICATION_CENTER_MEMBERSHIP_ROLES.MEMBER,
       lastAccessedAt: null,
-    });
+      disabledAt: null,
+    }).id;
 
     await databaseBuilder.commit();
 
     // when
     await usecases.updateCertificationCenterMembershipLastAccessedAt({
       userId,
-      certificationCenterId,
+      certificationCenterMembershipId,
       certificationCenterMembershipRepository,
     });