etalab · JeSuisUnCaillou · Jan 13, 2025 · Jan 13, 2025 · Jan 15, 2025 · Jan 13, 2025
diff --git a/app/assets/stylesheets/components/authorization-request-events.css b/app/assets/stylesheets/components/authorization-request-events.css
@@ -3,15 +3,12 @@
 }
 
 ul.authorization-request-events li {
-  display: block;
-  position: relative;
   padding-bottom: var(--authorization-request-event-padding);
   padding-top: var(--authorization-request-event-padding);
-  border-bottom: 1px solid rgba(0,0,0,0.1);
+  border-top: 1px solid rgba(0,0,0,0.1);
 }
 
-ul.authorization-request-events li time {
-  position: absolute;
-  right: 0;
-  top: var(--authorization-request-event-padding);
-}
+
+ul.authorization-request-events li:last-of-type {
+  padding-bottom: 0;
+}
diff --git a/app/assets/stylesheets/components/authorization_row.css b/app/assets/stylesheets/components/authorization_row.css
@@ -0,0 +1,4 @@
+ul li.authorization-row {
+  display: block;
+  border-bottom: 1px solid rgba(0,0,0,0.1);
+}
diff --git a/app/controllers/instruction/authorizations_controller.rb b/app/controllers/instruction/authorizations_controller.rb
@@ -0,0 +1,13 @@
+class Instruction::AuthorizationsController < Instruction::AbstractAuthorizationRequestsController
+  def index
+    authorize [:instruction, @authorization_request], :show?
+
+    @authorizations = AuthorizationRequest.find(params[:authorization_request_id]).authorizations.order(created_at: :desc)
+  end
+
+  private
+
+  def layout_name
+    'instruction/authorization_request'
+  end
+end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -52,15 +52,23 @@ def authorization_request_reopening_badge(extra_css_class: nil)
   end
 
   def authorization_request_stage_badge(authorization_request, css_class: nil)
+    stage_badge(authorization_request.definition.stage.type, css_class: css_class)
+  end
+
+  def authorization_stage_badge(authorization, css_class: nil)
+    stage_badge(authorization.definition.stage.type, css_class: css_class)
+  end
+
+  def stage_badge(stage_type, css_class: nil)
     content_tag(
       :span,
-      t("authorization_request.stage.#{authorization_request.definition.stage.type}"),
-      class: ['fr-badge', 'fr-badge--no-icon', authorization_request_stage_badge_class(authorization_request), css_class],
+      t("authorization_request.stage.#{stage_type}"),
+      class: ['fr-badge', 'fr-badge--no-icon', stage_badge_class(stage_type), css_class],
     )
   end
 
-  def authorization_request_stage_badge_class(authorization_request)
-    case authorization_request.definition.stage.type
+  def stage_badge_class(stage_type)
+    case stage_type
     when 'sandbox'
       'fr-badge--brown-caramel'
     when 'production'

diff --git a/app/models/authorization.rb b/app/models/authorization.rb
@@ -22,6 +22,10 @@ class Authorization < ApplicationRecord
     inverse_of: :authorization,
     dependent: :destroy
 
+  has_many :authorization_request_event,
-  has_many :authorization_request_event,
+  has_many :authorization_request_events,
-  has_many :authorization_request_event,
+  has_many :authorization_request_events,
+    as: :entity,
+    dependent: :nullify
+
   scope :validated, -> { joins(:request).where(authorization_requests: { state: 'validated' }) }
 
   delegate :name, :kind, to: :request
@@ -45,7 +49,11 @@ def request_as_validated
   # rubocop:enable Metrics/AbcSize
 
   def latest?
-    request.latest_authorization == self
+    if definition.stage.exists?
+      request.latest_authorization_of_class(authorization_request_class) == self
+    else
+      request.latest_authorization == self
+    end
   end
 
   def latest
@@ -56,6 +64,18 @@ def authorization_request
     request
   end
 
+  def definition
+    authorization_request_class.constantize.definition
+  end
+
+  def approving_instructor
+    authorization_request_event
+      .where(name: 'approve')
+      .order(created_at: :desc)
+      .first
+      .try(:user)
+  end
-  def approving_instructor
-    authorization_request_event
-      .where(name: 'approve')
-      .order(created_at: :desc)
-      .first
-      .try(:user)
-  end
+  has_one :approved_authorization_request_event, -> { where(name: 'approve').order(created_at: :asc).limit(1) }, 
+    class_name: 'AuthorizationRequest'
+    
+  has_one :approving_instructor,
+    through: :approved_authorization_request_event,
+    class_name: 'User'
-  def approving_instructor
-    authorization_request_event
-      .where(name: 'approve')
-      .order(created_at: :desc)
-      .first
-      .try(:user)
-  end
+  has_one :approved_authorization_request_event, -> { where(name: 'approve').order(created_at: :asc).limit(1) }, 
+    class_name: 'AuthorizationRequest'
+    
+  has_one :approving_instructor,
+    through: :approved_authorization_request_event,
+    class_name: 'User'
+
   private
 
   def affect_snapshot_documents(request_as_validated)

diff --git a/app/models/authorization_request.rb b/app/models/authorization_request.rb
@@ -91,6 +91,10 @@ def latest_authorization
     authorizations.order(created_at: :desc).limit(1).first
   end
 
+  def latest_authorization_of_class(authorization_request_class)
+    authorizations.where(authorization_request_class: authorization_request_class).order(created_at: :desc).limit(1).first
+  end
+
   def events
     @events ||= AuthorizationRequestEventsQuery.new(self).perform
   end

diff --git a/app/models/authorization_request_event.rb b/app/models/authorization_request_event.rb
@@ -60,4 +60,10 @@ def authorization_request
   rescue NoMethodError
     entity
   end
+
+  def authorization
+    entity.authorization
+  rescue NoMethodError
+    entity
+  end
 end
diff --git a/app/policies/authorization_request_policy.rb b/app/policies/authorization_request_policy.rb
@@ -72,7 +72,8 @@ def transfer?
   end
 
   def start_next_stage?
-    record.definition.next_stage? &&
+    same_user_and_organization? &&
+      record.definition.next_stage? &&
       record.validated?
   end
 

diff --git a/app/views/authorization_request_forms/build/_header.html.erb b/app/views/authorization_request_forms/build/_header.html.erb
@@ -29,6 +29,17 @@
           <% end %>
         </div>
       </div>
+
+      <% if @authorization && policy([:instruction, @authorization_request]).show? %>
+        <div class="fr-pb-2w fr-pl-1w">
+          Cette habilitation est liée à la <%= link_to "demande N°#{@authorization_request.id}", instruction_authorization_request_authorizations_path(@authorization_request), class: 'fr-link' %>
+          <% if @authorization.approving_instructor %>
+            et a été validée par
+            <strong><%[email protected]_instructor.email%></strong>
+          <% end %>
+
+        </div>
+      <% end %>
     </div>
   </div>
 </div>
diff --git a/app/views/authorization_request_forms/shared/_header_badge.erb b/app/views/authorization_request_forms/shared/_header_badge.erb
@@ -10,10 +10,10 @@
 
     <% if @authorization.present? %>
       <li>
-        <span class="fr-badge fr-badge--no-icon"><%= t("authorization.badge", date: @authorization.created_at.strftime('%d/%m/%Y')) %></span>
+        <span class="fr-badge fr-badge--no-icon"><%= t("authorization.id_badge", id: @authorization.id) %></span>
       </li>
       <li>
-        <span class="fr-badge fr-badge--no-icon"><%= t("authorization_request.badge", id: @authorization.request.id) %></span>
+        <span class="fr-badge fr-badge--no-icon"><%= t("authorization.date_badge", date: @authorization.created_at.strftime('%d/%m/%Y')) %></span>
       </li>
     <% elsif @authorization_request.persisted? %>
       <li>

diff --git a/app/views/authorization_request_forms/summary.html.erb b/app/views/authorization_request_forms/summary.html.erb
@@ -138,7 +138,7 @@
         <div class="fr-col-12">
           <ul class="fr-btns-group fr-btns-group--inline fr-btns-group--icon-left fr-btns-group--between">
             <li class="fr-ml-auto">
-              <%= link_to t('authorization_request_forms.form.start_next_stage'), next_authorization_request_stage_path(@authorization_request), class: %w(fr-btn) %>
+              <%= link_to t('authorization_request_forms.form.start_next_stage'), next_authorization_request_stage_path(@authorization_request), class: %w(fr-btn fr-mb-0) %>
             </li>
           </ul>
         </div>

diff --git a/app/views/authorization_requests/shared/_reopening_callout.html.erb b/app/views/authorization_requests/shared/_reopening_callout.html.erb
@@ -6,5 +6,5 @@
   <p class="fr-callout__text">
     <%= t(".text.#{type}") %>
   </p>
-  <%= link_to t('.link.text', authorization_id: @authorization_request.latest_authorization.id), latest_authorization_path(@authorization_request), class:"fr-btn" %>
+  <%= link_to t('.link.text', authorization_slug: @authorization_request.latest_authorization.slug), latest_authorization_path(@authorization_request), class:"fr-btn" %>
-  <%= link_to t('.link.text', authorization_slug: @authorization_request.latest_authorization.slug), latest_authorization_path(@authorization_request), class:"fr-btn" %>
+  <%= link_to t('.link.text', authorization_created_at_date: @authorization_request.latest_authorization.created_at.to_date), latest_authorization_path(@authorization_request), class:"fr-btn" %>
-  <%= link_to t('.link.text', authorization_slug: @authorization_request.latest_authorization.slug), latest_authorization_path(@authorization_request), class:"fr-btn" %>
+  <%= link_to t('.link.text', authorization_created_at_date: @authorization_request.latest_authorization.created_at.to_date), latest_authorization_path(@authorization_request), class:"fr-btn" %>
 </div>
diff --git a/app/views/authorization_requests/shared/_title.html.erb b/app/views/authorization_requests/shared/_title.html.erb
@@ -1,4 +1,9 @@
-<% if @authorization_request.reopening? && @authorization.blank? %>
+<% if @authorization.present? %>
+  <h1 class="authorization-request-form-header__name fr-mb-2w">
+    <%= @authorization.definition.name  %>
+  </h1>
+
+<% elsif @authorization_request.reopening? %>
   <h1 class="authorization-request-form-header__name">
     <span class="fr-icon-edit-box-fill fr-icon--lg fr-text-blue-france" aria-hidden="true"></span>
     <%= t('.update') %>

diff --git a/app/views/instruction/authorization_request_events/_authorization_request_event.html.erb b/app/views/instruction/authorization_request_events/_authorization_request_event.html.erb
@@ -1,27 +1,44 @@
-<li id="<%= dom_id(authorization_request_event) %>" class="authorization-request-event">
-  <%=
-    content_tag(
-      :span,
-      '',
-      class: [
-        "fr-icon-#{t(".#{authorization_request_event.name}.icon", default: 'error-warning-line')}",
-        "fr-text-#{t(".#{authorization_request_event.name}.color", default: 'info')}",
-      ]
-    )
-  %>
+<li id="<%= dom_id(authorization_request_event) %>" class="fr-grid-row">
+  <div class="fr-mr-1w">
+    <%=
+      content_tag(
+        :span,
+        '',
+        class: [
+          "fr-icon-#{t(".#{authorization_request_event.name}.icon", default: 'error-warning-line')}",
+          "fr-text-#{t(".#{authorization_request_event.name}.color", default: 'info')}",
+        ]
+      )
+    %>
+  </div>
 
-  <%=
-    t(
-      ".#{authorization_request_event.name}.text",
-      **{
-        user_full_name: authorization_request_event.user_full_name,
-        text: authorization_request_event.text,
-        copied_from_authorization_request_id: authorization_request_event.copied_from_authorization_request_id,
-      }.compact
-    ).html_safe
-  %>
+  <div class="fr-col">
+    <%=
+      t(
+        ".#{authorization_request_event.name}.text",
+        **{
+          user_full_name: authorization_request_event.user_full_name,
+          text: authorization_request_event.text,
+          copied_from_authorization_request_id: authorization_request_event.copied_from_authorization_request_id,
+        }.compact
+      ).html_safe
+    %>
 
-  <%= time_tag authorization_request_event.created_at do %>
-    <%= authorization_request_event.created_at.strftime("%d/%m/%Y") %>
-  <% end %>
+    <% if authorization_request_event.name == 'approve' %>
+      <div class="fr-mt-1w">
+        <%= link_to(
+          t('.approve.view_authorization'),
+          authorization_request_authorization_path(authorization_request_event.authorization_request, authorization_request_event.authorization),
+          target: '_blank',
+          class: 'fr-link'
+        ) %>
+      </div>
+    <% end %>
+  </div>
+
+  <div>
+    <%= time_tag authorization_request_event.created_at do %>
+      <%= authorization_request_event.created_at.strftime("%d/%m/%Y") %>
+    <% end %>
+  </div>
 </li>
diff --git a/app/views/instruction/authorizations/index.html.erb b/app/views/instruction/authorizations/index.html.erb
@@ -0,0 +1,40 @@
+<h3> <%= t('.title') %> </h3>
+
+<ul class="fr-mt-2w fr-p-0">
+  <% @authorizations.each do |authorization| %>
+    <li class="authorization-row fr-mb-4w fr-pb-2w">
+      <div class="fr-grid-row fr-grid-row--middle">
+        <div class="fr-col">
+          <ul class="fr-badge-group">
+            <li>
+              <span class="fr-badge fr-badge--no-icon">
+                <%= t("authorization.id_badge", id: authorization.id) %>
+              </span>
+            </li>
+            <li>
+              <span class="fr-badge fr-badge--no-icon">
+                <%= t("authorization.date_badge", date: authorization.created_at.strftime('%d/%m/%Y')) %>
+              </span>
+            </li>
+
+            <% if authorization.definition.stage.exists? %>
+              <li>
+                <%= authorization_stage_badge(authorization) %>
+              </li>
+            <% end %>
+          </ul>
+
+          <% if authorization.approving_instructor.present? %>
+            <div>
+              Validé par <strong><%= authorization.approving_instructor.email %></strong>
+            </div>
+          <% end %>
+        </div>
+
+        <div>
+          <%= link_to t('.show_cta'), authorization_request_authorization_path(@authorization_request, authorization), class: "fr-btn" %>
+        </div>
+      </div>
+    </li>
+  <% end %>
+</ul>
diff --git a/app/views/layouts/instruction/authorization_request.html.erb b/app/views/layouts/instruction/authorization_request.html.erb
@@ -42,6 +42,10 @@
         authorization_request_events: instruction_authorization_request_events_path(@authorization_request),
         messages: instruction_authorization_request_messages_path(@authorization_request),
       }
+
+      if @authorization_request.authorizations.any?
+        tabs[:authorizations] = instruction_authorization_request_authorizations_path(@authorization_request)
+      end
     %>
 
     <div class="fr-tabs" data-controller="auto-height">

diff --git a/config/locales/fr.yml b/config/locales/fr.yml
@@ -19,7 +19,8 @@ fr:
     france_connect_eidas: niveau-eidas
 
   authorization:
-    badge: habilitation du %{date}
+    id_badge: habilitation N°%{id}
+    date_badge: du %{date}
 
   malware_scan:
     badge_class:
@@ -107,6 +108,9 @@ fr:
           authorization_request_events:
             title: Historique
             icon: time-line
+          authorizations:
+            title: Toutes les habilitations
+            icon: archive-line
           messages:
             title: Messagerie
             icon: question-answer-line
@@ -284,7 +288,7 @@ fr:
 
             Vous pouvez consulter à tout moment la dernière habilitation validée :
         link:
-          text: Consulter l'habilitation validée n°%{authorization_id}
+          text: Consulter l'habilitation validée du %{authorization_slug}
     bulk_update_modal:
       title: Une mise à jour a été effectuée sur votre demande d'habilitation
       description: |
@@ -674,17 +678,17 @@ fr:
             <strong>%{user_full_name}</strong> a soumis la demande sans effectuer de changement sur les données pré-remplies.
         initial_submit_with_changes_on_prefilled_data:
           text: |
-            <strong>%{user_full_name}</strong> a soumis la demande
-
-            <br />
+            <p class="fr-mb-2w">
+              <strong>%{user_full_name}</strong> a soumis la demande
+            </p>
 
             Les données suivantes ont été modifiées par rapport aux informations pré-remplies du formulaire :
             %{text}
         submit_with_changes:
           text: |
-            <strong>%{user_full_name}</strong> a soumis la demande.
-
-            <br />
+            <p class="fr-mb-2w">
+              <strong>%{user_full_name}</strong> a soumis la demande.
+            </p>
 
             La liste des changements depuis la dernière modération sont les suivants :
             %{text}
@@ -699,6 +703,7 @@ fr:
           text: "<strong>%{user_full_name}</strong> a approuvé la demande"
           icon: checkbox-line
           color: success
+          view_authorization: Consulter l'habilitation
         request_changes:
           text: |
             <strong>%{user_full_name}</strong> a demandé des modifications sur la demande:
@@ -792,6 +797,10 @@ fr:
 
         system_import:
           text: La demande d'habilitation a été importé depuis une autre source
+    authorizations:
+      index:
+        title: Historique des habilitations liées à cette demande
+        show_cta: Consulter l'habilitation
 
   cancel_authorization_reopenings:
     new: