Corriger les warnings relevés par brakeman plutôt que de les ignorer (#…

…4245)

* Remove one warning from brakeman.ignore

* Remove another warning from brakeman.ignore

* Fix brakeman remaining warnings

* Update brakeman

* Merci Rails, c'est vraiment sympa

* Supprimer brakeman.ignore dont la présence peut tromper

* Fix API specs

Gemfile.lock

@@ -132,7 +132,8 @@ GEM
     bootstrap4-kaminari-views (1.0.1)
       kaminari (>= 0.13)
       rails (>= 3.1)
-    brakeman (5.3.1)
+    brakeman (6.1.2)
+      racc
     builder (3.2.4)
     bullet (7.0.7)
       activesupport (>= 3.0.0)

app/controllers/admin/absences_controller.rb

@@ -10,7 +10,7 @@ def index
       .where(agent_id: filter_params[:agent_id])
       .includes(:agent)
       .by_starts_at
-      .page(filter_params[:page])
+      .page(page_number)
 
     @absences = params[:current_tab] == "expired" ? absences.expired : absences.not_expired
     @display_tabs = absences.expired.any? || params[:current_tab] == "expired"

app/controllers/admin/agents_controller.rb

@@ -11,7 +11,7 @@ def index
 
     @agents.where("(invitation_sent_at IS NULL AND invitation_accepted_at is NULL) OR (invitation_sent_at IS NOT NULL AND invitation_accepted_at IS NULL)")
     @agents = index_params[:term].present? ? @agents.search_by_text(index_params[:term]) : @agents.order_by_last_name
-    @agents = @agents.page(params[:page])
+    @agents = @agents.page(page_number)
   end
 
   def new

app/controllers/admin/invitations_controller.rb

@@ -4,7 +4,7 @@ def index
       .joins(:organisations).where(organisations: { id: current_organisation.id })
       .invitation_not_accepted.where.not(invitation_sent_at: nil)
       .created_by_invite
-      .page(params[:page])
+      .page(page_number)
     @invited_agents = index_params[:search].present? ? @invited_agents.search_by_text(index_params[:search]) : @invited_agents.order(invitation_sent_at: :desc)
   end
 

app/controllers/admin/lieux_controller.rb

@@ -6,7 +6,7 @@ def index
       .where(organisation: current_organisation)
       .not_single_use
       .ordered_by_name
-      .page(params[:page])
+      .page(page_number)
     @lieux_policy = Agent::LieuPolicy.new(current_agent, Lieu.new(organisation: current_organisation))
   end
 

app/controllers/admin/motifs_controller.rb

@@ -8,7 +8,7 @@ def index
     @unfiltered_motifs = policy_scope(current_organisation.motifs, policy_scope_class: Agent::MotifPolicy::Scope).active
     @motifs = params[:search].present? ? @unfiltered_motifs.search_by_text(params[:search]) : @unfiltered_motifs.ordered_by_name
     @motifs = filtered(@motifs, params)
-    @motifs = @motifs.includes(:organisation).includes(:service).page(params[:page])
+    @motifs = @motifs.includes(:organisation).includes(:service).page(page_number)
 
     @sectors_attributed_to_organisation_count = Sector.attributed_to_organisation(current_organisation).count
     @sectorisation_level_agent_counts_by_service = SectorAttribution.level_agent_grouped_by_service(current_organisation)

app/controllers/admin/plage_ouvertures_controller.rb

@@ -16,7 +16,7 @@ def index
       .order(updated_at: :desc)
     @plage_ouvertures = all_plage_ouvertures
       .where(expired_cached: filter_params[:current_tab] == "expired")
-    @plage_ouvertures = @plage_ouvertures.page(filter_params[:page]) unless params[:view_mode] == "calendar"
+    @plage_ouvertures = @plage_ouvertures.page(page_number) unless params[:view_mode] == "calendar"
     @plage_ouvertures = @plage_ouvertures.search_by_text(params[:search]) if params[:search].present?
     @display_tabs = all_plage_ouvertures.where(expired_cached: true).any? || params[:current_tab] == "expired"
   end

app/controllers/admin/rdvs_collectifs_controller.rb

@@ -5,7 +5,7 @@ def index
     @motifs = Agent::MotifPolicy::Scope.apply(current_agent, Motif).available_motifs_for_organisation_and_agent(current_organisation, current_agent).collectif
 
     @rdvs = policy_scope(Rdv).where(organisation: current_organisation).collectif
-    @rdvs = @rdvs.order(starts_at: :asc).page(params[:page])
+    @rdvs = @rdvs.order(starts_at: :asc).page(page_number)
 
     @form = Admin::RdvCollectifSearchForm.new(params.permit(:motif_id, :organisation_id, :from_date, :with_remaining_seats))
 

app/controllers/admin/rdvs_controller.rb

@@ -19,7 +19,7 @@ def index
 
     order = { starts_at: :asc }
     @rdvs = policy_scope(Rdv).search_for(@scoped_organisations, parsed_params)
-      .order(order).page(params[:page]).per(10)
+      .order(order).page(page_number).per(10)
 
     # On fait cette requête en deux temps pour éviter de faire un `order` et un `include` sur le même scope,
     # parce que ça fait un sort et beaucoup de left outer joins

app/controllers/admin/referent_assignations_controller.rb

@@ -5,7 +5,7 @@ def index
     @referents = policy_scope(@user.referent_agents).distinct.order(:last_name)
     @agents = policy_scope(Agent).merge(current_organisation.agents)
     @agents = @agents.search_by_text(index_params[:search]) if index_params[:search].present?
-    @agents = @agents.page(params[:page])
+    @agents = @agents.page(page_number)
   end
 
   def create

app/controllers/admin/territories/agents_controller.rb

@@ -3,7 +3,7 @@ class Admin::Territories::AgentsController < Admin::Territories::BaseController
   before_action :authorize_agent, only: %i[edit update territory_admin update_services]
 
   def index
-    @agents = find_agents(params[:q]).page(params[:page])
+    @agents = find_agents(params[:q]).page(page_number)
   end
 
   def find_agents(search_term)

app/controllers/admin/territories/sectors_controller.rb

@@ -8,7 +8,7 @@ def index
       .includes(:attributions)
       .order_by_name
     @sectors = @sectors.where(attributions: { organisation: params[:organisation_id] }) if params[:organisation_id].present?
-    @sectors = @sectors.page(params[:page]) unless params[:view] == "map"
+    @sectors = @sectors.page(page_number) unless params[:view] == "map"
     render :index_map if params[:view] == "map"
   end
 
@@ -32,7 +32,7 @@ def create
   end
 
   def show
-    @zones = @sector.zones.order(updated_at: :desc).page(params[:page])
+    @zones = @sector.zones.order(updated_at: :desc).page(page_number)
   end
 
   def edit; end

app/controllers/admin/territories/teams_controller.rb

@@ -4,7 +4,7 @@ class Admin::Territories::TeamsController < Admin::Territories::BaseController
   respond_to :html, :json
 
   def index
-    @teams = policy_scope(Team).page(params[:page])
+    @teams = policy_scope(Team).page(page_number)
     @teams = params[:term].present? ? @teams.search_by_text(params[:term]) : @teams.order(:name)
   end
 

app/controllers/admin/users_controller.rb

@@ -27,7 +27,7 @@ def index
     @users = @users.none if agent_id.blank? && search_params.blank?
     @users = @users.merge(Agent.find(agent_id).users) if agent_id.present?
     @users = @users.search_by_text(search_params) if search_params.present?
-    @users = @users.order_by_last_name.page(params[:page])
+    @users = @users.order_by_last_name.page(page_number)
   end
 
   def search

app/controllers/api/v1/base_controller.rb

@@ -22,7 +22,7 @@ def render_record(record, **options)
   end
 
   def render_collection(objects, root: nil, blueprint_klass: nil)
-    objects = objects.page(page).per(PAGINATE_PER)
+    objects = objects.page(page_number).per(PAGINATE_PER)
     meta = {
       current_page: objects.current_page,
       next_page: objects.next_page,
@@ -37,7 +37,7 @@ def render_collection(objects, root: nil, blueprint_klass: nil)
     render json: blueprint_klass.render(objects, root: root, meta: meta)
   end
 
-  def page
-    @page ||= params[:page]&.to_i || 1
+  def page_number
+    params[:page].presence&.to_i || 1
   end
 end

app/controllers/application_controller.rb

@@ -105,4 +105,8 @@ def add_query_string_params_to_url(url, new_params)
   def allow_iframe
     response.headers.except! "X-Frame-Options"
   end
+
+  def page_number
+    params[:page].presence&.to_i || 1
+  end
 end

app/controllers/users/rdvs_controller.rb

@@ -12,7 +12,7 @@ def index
     authorize Rdv
     @rdvs = policy_scope(Rdv).includes(:motif, :participations, :users).user_with_relatives(current_user.id).for_domain(current_domain)
     @rdvs = params[:past].present? ? @rdvs.past : @rdvs.future
-    @rdvs = @rdvs.order(starts_at: :desc).page(params[:page])
+    @rdvs = @rdvs.order(starts_at: :desc).page(page_number)
   end
 
   def create

app/mailers/application_mailer.rb

@@ -18,7 +18,11 @@ def default_url_options
   end
 
   def set_default_from_with_display_name
-    mail.from %("#{domain.name}" <#{default_from}>) if mail.from.blank?
+    mail.from(rfc5322_name_and_email(domain.name, default_from)) if mail.from.blank?
+  end
+
+  def rfc5322_name_and_email(name, email)
+    %("#{name}" <#{email}>)
   end
 
   def default_from

app/models/motif.rb

@@ -105,7 +105,7 @@ def lieux
       match_data = name_with_location_type&.match(/(.*)-#{location_type}$/)
       match_data ? [match_data[1], location_type] : nil
     end.compact.first
-    where(%{REGEXP_REPLACE(LOWER(UNACCENT(motifs.name)), '#{NAME_SLUG_REGEXP.source}', '_', 'g') = ?}, slug_name)
+    where(%{REGEXP_REPLACE(LOWER(UNACCENT(motifs.name)), ?, '_', 'g') = ?}, NAME_SLUG_REGEXP.source, slug_name)
       .where(location_type: location_type)
   }
   scope :sectorisation_level_departement, -> { where(sectorisation_level: SECTORISATION_LEVEL_DEPARTEMENT) }

app/views/admin/motifs/index.html.slim

@@ -46,7 +46,7 @@
             th Actions
       tbody
         - if @motifs.any?
-          = render @motifs
+          = render partial: "admin/motifs/motif", collection: @motifs, as: :motif
           .d-flex.justify-content-center
             = paginate @motifs, theme: "twitter-bootstrap-4"
         - else

app/views/admin/plage_ouvertures/index.html.slim

@@ -51,7 +51,7 @@
             th = t(".dates")
             th = t("helpers.actions")
         tbody
-          = render @plage_ouvertures
+          = render partial: "admin/plage_ouvertures/plage_ouverture", collection: @plage_ouvertures, as: :plage_ouverture
       .d-flex.justify-content-center
         = paginate @plage_ouvertures, theme: "twitter-bootstrap-4"
   - else