From 2a4d9f70f5e9c0916506de0d47e73341e6079608 Mon Sep 17 00:00:00 2001
From: Bernardo Anderson <bern.anderson@proton.me>
Date: Tue, 7 Oct 2025 12:41:16 -0500
Subject: [PATCH] CP-11289 - Rubocop fixes

---
 app/models/completed_document.rb               |  4 ++--
 app/services/document_security_service.rb      |  6 +++---
 config/initializers/secure_attachment.rb       |  2 +-
 lib/submissions/generate_result_attachments.rb | 10 ++++++++--
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/app/models/completed_document.rb b/app/models/completed_document.rb
index 798cf382..40b1270a 100644
--- a/app/models/completed_document.rb
+++ b/app/models/completed_document.rb
@@ -22,10 +22,10 @@ class CompletedDocument < ApplicationRecord
 
   has_one :completed_submitter, primary_key: :submitter_id, inverse_of: :completed_documents, dependent: :destroy
 
-  enum storage_location: {
+  enum :storage_location, {
     legacy: 'legacy',        # Fallback for development/testing
     secured: 'secured'       # Default secured storage (shared with ATS)
-  }, _suffix: true
+  }, suffix: true
 
   # Check if document uses secured storage (default for new documents)
   def uses_secured_storage?
diff --git a/app/services/document_security_service.rb b/app/services/document_security_service.rb
index 70b8b9bf..c6406d17 100644
--- a/app/services/document_security_service.rb
+++ b/app/services/document_security_service.rb
@@ -27,8 +27,8 @@ class DocumentSecurityService
 
     def cloudfront_configured?
       cloudfront_base_url.present? &&
-      cloudfront_key_pair_id.present? &&
-      cloudfront_private_key.present?
+        cloudfront_key_pair_id.present? &&
+        cloudfront_private_key.present?
     end
 
     def cloudfront_signer
@@ -55,7 +55,7 @@ class DocumentSecurityService
     end
 
     def cloudfront_private_key
-      @cloudfront_private_key ||= ENV['SECURE_ATTACHMENT_PRIVATE_KEY']
+      @cloudfront_private_key ||= ENV.fetch('SECURE_ATTACHMENT_PRIVATE_KEY', nil)
     end
   end
 end
diff --git a/config/initializers/secure_attachment.rb b/config/initializers/secure_attachment.rb
index d8a02745..15793bbc 100644
--- a/config/initializers/secure_attachment.rb
+++ b/config/initializers/secure_attachment.rb
@@ -10,7 +10,7 @@ if key_secret.present?
     client = Aws::SecretsManager::Client.new
     response = client.get_secret_value(secret_id: key_secret)
     ENV['SECURE_ATTACHMENT_PRIVATE_KEY'] = response.secret_string
-    Rails.logger.info("Successfully loaded CloudFront private key from Secrets Manager")
+    Rails.logger.info('Successfully loaded CloudFront private key from Secrets Manager')
   rescue StandardError => e
     Rails.logger.error("Failed to load CloudFront private key: #{e.message}")
   end
diff --git a/lib/submissions/generate_result_attachments.rb b/lib/submissions/generate_result_attachments.rb
index c8e653c6..b817ca03 100644
--- a/lib/submissions/generate_result_attachments.rb
+++ b/lib/submissions/generate_result_attachments.rb
@@ -847,10 +847,16 @@ module Submissions
 
     def determine_storage_service
       # Use secured storage by default unless explicitly disabled
-      return Rails.application.config.active_storage.service if Rails.env.development? && ENV['DOCUSEAL_DISABLE_SECURED_STORAGE'].present?
+      if Rails.env.development? && ENV['DOCUSEAL_DISABLE_SECURED_STORAGE'].present?
+        return Rails.application.config.active_storage.service
+      end
 
       # Use secured storage if compliance configuration is present
-      Rails.configuration.x.compliance_storage.present? ? 'aws_s3_secured' : Rails.application.config.active_storage.service
+      if Rails.configuration.x.compliance_storage.present?
+        'aws_s3_secured'
+      else
+        Rails.application.config.active_storage.service
+      end
     end
 
     def create_secured_blob(io, filename, service_name)