[WHIT-3020] Fix and backfill preview-token propagation for response forms and cropped images

app/controllers/admin/edition_images_controller.rb

@@ -47,6 +47,8 @@ def update
       new_image_data.to_replace_id = image_data.id
       new_image_data.assign_attributes(image_data_params)
       new_image_data.file.download! image_data.file.url
+      # so that auth_bypass_id is discoverable by AssetManagerStorage
+      new_image_data.images << image
       new_image_data.save!
       image.image_data = new_image_data
     end

app/services/edition_auth_bypass_updater.rb

@@ -15,6 +15,7 @@ def call
     update_file_attachments(@edition)
     update_image_attachments(@edition)
     update_consultation_attachments(@edition)
+    update_call_for_evidence_attachments(@edition)
   end
 
 private
@@ -65,4 +66,24 @@ def update_consultation_attachments(edition)
       end
     end
   end
+
+  def update_call_for_evidence_attachments(edition)
+    return unless edition.is_a?(CallForEvidence)
+
+    if edition.call_for_evidence_participation&.call_for_evidence_response_form.present?
+      response_form = edition.call_for_evidence_participation.call_for_evidence_response_form
+      response_form_data_id = response_form.call_for_evidence_response_form_data.id
+      new_attributes = { "auth_bypass_ids" => [edition.auth_bypass_id] }
+
+      AssetManagerUpdateAssetJob.perform_async_in_queue("asset_manager_updater", "CallForEvidenceResponseFormData", response_form_data_id, new_attributes)
+    end
+
+    if edition.outcome.present?
+      edition.outcome.attachments.files.each do |file_attachment|
+        new_attributes = { "auth_bypass_ids" => [edition.auth_bypass_id] }
+        attachment_data_id = file_attachment.attachment_data.id
+        AssetManagerUpdateAssetJob.perform_async_in_queue("asset_manager_updater", "AttachmentData", attachment_data_id, new_attributes)
+      end
+    end
+  end
 end

db/data_migration/20260612120000_backfill_auth_bypass_ids_on_draft_edition_assets.rb

@@ -0,0 +1,49 @@
+image_count = 0
+
+Image
+  .joins(:edition)
+  .where(editions: { state: Edition::PRE_PUBLICATION_STATES })
+  .where.not(editions: { auth_bypass_id: nil })
+  .find_each do |image|
+    AssetManagerUpdateAssetJob.perform_async_in_queue(
+      "bulk_republishing",
+      "ImageData",
+      image.image_data_id,
+      { "auth_bypass_ids" => [image.edition.auth_bypass_id] },
+    )
+    image_count += 1
+  end
+
+cfe_count = 0
+
+CallForEvidence
+  .where(state: Edition::PRE_PUBLICATION_STATES)
+  .where.not(auth_bypass_id: nil)
+  .find_each do |edition|
+    new_attributes = { "auth_bypass_ids" => [edition.auth_bypass_id] }
+
+    response_form = edition.call_for_evidence_participation&.call_for_evidence_response_form
+    if response_form&.call_for_evidence_response_form_data.present?
+      AssetManagerUpdateAssetJob.perform_async_in_queue(
+        "bulk_republishing",
+        "CallForEvidenceResponseFormData",
+        response_form.call_for_evidence_response_form_data.id,
+        new_attributes,
+      )
+      cfe_count += 1
+    end
+
+    next if edition.outcome.blank?
+
+    edition.outcome.attachments.files.each do |file_attachment|
+      AssetManagerUpdateAssetJob.perform_async_in_queue(
+        "bulk_republishing",
+        "AttachmentData",
+        file_attachment.attachment_data.id,
+        new_attributes,
+      )
+      cfe_count += 1
+    end
+  end
+
+puts "Enqueued auth bypass propagation for #{image_count} image assets and #{cfe_count} call for evidence assets"

test/functional/admin/edition_images_controller_test.rb

@@ -698,6 +698,36 @@ class Admin::EditionImagesControllerTest < ActionController::TestCase
     post :create, params: { edition_id: edition.id, usage: "govspeak_embed", image_kind: "default", images: [{ image_data_attributes: { file: } }] }
   end
 
+  test "POST :create passes the edition's auth_bypass_id to the new image assets" do
+    login_authorised_user
+    edition = create(:draft_fatality_notice)
+    file = upload_fixture("images/960x640_jpeg.jpg")
+
+    AssetManagerCreateAssetJob
+      .expects(:perform_async)
+      .with(anything, anything, anything, anything, anything, [edition.auth_bypass_id]).times(7)
+
+    post :create, params: { edition_id: edition.id, usage: "govspeak_embed", image_kind: "default", images: [{ image_data_attributes: { file: } }] }
+  end
+
+  test "POST :update passes the edition's auth_bypass_id to the cropped image assets" do
+    login_authorised_user
+    image = build(:image)
+    edition = create(:draft_fatality_notice, images: [image])
+
+    AssetManagerCreateAssetJob
+      .expects(:perform_async)
+      .with(anything, anything, anything, anything, anything, [edition.auth_bypass_id]).times(7)
+
+    post :update, params: {
+      edition_id: edition.id,
+      id: image.id,
+      usage: "govspeak_embed",
+      image_kind: "default",
+      image: { image_data: { image_kind: "default", crop_data: { x: 0, y: 0, width: 960, height: 640 } } },
+    }
+  end
+
   test "POST :create shows success message when all image assets are uploaded" do
     login_authorised_user
     edition = create(:draft_fatality_notice)

test/unit/app/services/editon_auth_bypass_updater_test.rb

@@ -165,5 +165,54 @@ class EditionAuthBypassUpdaterTest < ActiveSupport::TestCase
 
       service.call
     end
+
+    test "updates a call for evidence response form asset with auth_bypass_id" do
+      edition = create(:call_for_evidence)
+      participation = create(:call_for_evidence_participation, call_for_evidence: edition)
+      call_for_evidence_response_form = create(:call_for_evidence_response_form, call_for_evidence_participation: participation)
+
+      edition.reload
+      SecureRandom.stubs(uuid: uid)
+      expected_attributes = { "auth_bypass_ids" => [uid] }
+
+      service = EditionAuthBypassUpdater.new(
+        edition:,
+        current_user: user,
+        updater:,
+      )
+
+      AssetManagerUpdateAssetJob.expects(:perform_async_in_queue).with(
+        "asset_manager_updater",
+        "CallForEvidenceResponseFormData",
+        call_for_evidence_response_form.call_for_evidence_response_form_data.id,
+        expected_attributes,
+      )
+
+      service.call
+    end
+
+    test "updates a call for evidence outcome's attachments with auth_bypass_id" do
+      edition = create(:draft_call_for_evidence)
+      outcome = create(:call_for_evidence_outcome, call_for_evidence: edition)
+      file_attachment = create(:file_attachment, attachable: outcome)
+
+      SecureRandom.stubs(uuid: uid)
+      expected_attributes = { "auth_bypass_ids" => [uid] }
+
+      service = EditionAuthBypassUpdater.new(
+        edition:,
+        current_user: user,
+        updater:,
+      )
+
+      AssetManagerUpdateAssetJob.expects(:perform_async_in_queue).with(
+        "asset_manager_updater",
+        "AttachmentData",
+        file_attachment.attachment_data.id,
+        expected_attributes,
+      )
+
+      service.call
+    end
   end
 end