Validate that the user belongs to either the managing or owning organisation

4 years ago · 0ae80bcf84
5 changed files with 96 additions and 1 deletions
--- a/app/controllers/form_controller.rb
+++ b/app/controllers/form_controller.rb
@ -10,7 +10,7 @@ class FormController < ApplicationController
      responses_for_page = responses_for_page(@page)
      mandatory_questions_with_no_response = mandatory_questions_with_no_response(responses_for_page)

-      if mandatory_questions_with_no_response.empty? && @log.update(responses_for_page)
+      if mandatory_questions_with_no_response.empty? && (@log.user_organisation_chosen?(current_user) || current_user.support?) && @log.update(responses_for_page)
        session[:errors] = session[:fields] = nil
        redirect_to(successful_redirect_path)
      else
--- a/app/models/log.rb
+++ b/app/models/log.rb
@ -49,6 +49,16 @@ class Log < ApplicationRecord
    form.end_date > Time.zone.today
  end
  
+  def user_organisation_chosen?(user)
+    unless [user, managing_organisation, owning_organisation].any?(&:blank?) || user.organisation == managing_organisation || user.organisation == owning_organisation
+      errors.add :created_by, I18n.t("validations.setup.created_by.invalid")
+      errors.add :owning_organisation_id, I18n.t("validations.setup.owning_organisation.invalid")
+      errors.add :managing_organisation_id, I18n.t("validations.setup.managing_organisation.invalid")
+      return false
+    end
+    true
+  end
+
 private

  def update_status!
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -157,6 +157,12 @@ en:
          deactivated: "%{name} was deactivated on %{date} and was not available on the day you entered"
          reactivating_soon: "The scheme %{name} is not available until %{date}. Select another scheme or edit the tenancy start date"
          activating_soon: "%{name} is not available until %{date}. Enter a tenancy start date after %{date}"
+      owning_organisation:
+        invalid: "Please select owning organisation or managing organisation that you belong to"
+      managing_organisation:
+        invalid: "Please select owning organisation or managing organisation that you belong to"
+      created_by:
+        invalid: "Please select owning organisation or managing organisation that you belong to"

    property:
      mrcdate:
--- a/spec/models/lettings_log_spec.rb
+++ b/spec/models/lettings_log_spec.rb
@ -2527,4 +2527,51 @@ RSpec.describe LettingsLog do
      end
    end
  end
+
+  describe "non support validation" do
+    it "validates if neither managing nor owning organisation is the same as current user organisation" do
+      lettings_log = FactoryBot.build(:lettings_log, owning_organisation:, managing_organisation: owning_organisation)
+
+      lettings_log.user_organisation_chosen?(created_by_user)
+      expect(lettings_log.errors[:created_by]).to include(I18n.t("validations.setup.created_by.invalid"))
+      expect(lettings_log.errors[:owning_organisation_id]).to include(I18n.t("validations.setup.owning_organisation.invalid"))
+      expect(lettings_log.errors[:managing_organisation_id]).to include(I18n.t("validations.setup.managing_organisation.invalid"))
+    end
+
+    it "doesn not validate if either managing or owning organisation is the same as current user organisation" do
+      lettings_log = FactoryBot.build(:lettings_log, owning_organisation: created_by_user.organisation, managing_organisation: owning_organisation)
+
+      lettings_log.user_organisation_chosen?(created_by_user)
+      expect(lettings_log.errors[:created_by]).to be_empty
+      expect(lettings_log.errors[:owning_organisation_id]).to be_empty
+      expect(lettings_log.errors[:managing_organisation_id]).to be_empty
+    end
+
+    it "does not validate if current user is missing" do
+      lettings_log = FactoryBot.build(:lettings_log, created_by: nil, owning_organisation:, managing_organisation: owning_organisation)
+
+      lettings_log.user_organisation_chosen?(nil)
+      expect(lettings_log.errors[:created_by]).to be_empty
+      expect(lettings_log.errors[:owning_organisation_id]).to be_empty
+      expect(lettings_log.errors[:managing_organisation_id]).to be_empty
+    end
+
+    it "does not validate if managing organisation is missing" do
+      lettings_log = FactoryBot.build(:lettings_log, owning_organisation:, managing_organisation: nil)
+
+      lettings_log.user_organisation_chosen?(created_by_user)
+      expect(lettings_log.errors[:created_by]).to be_empty
+      expect(lettings_log.errors[:owning_organisation_id]).to be_empty
+      expect(lettings_log.errors[:managing_organisation_id]).to be_empty
+    end
+
+    it "does not validate if owning organisation is missing" do
+      lettings_log = FactoryBot.build(:lettings_log, owning_organisation: nil, managing_organisation: owning_organisation)
+
+      lettings_log.user_organisation_chosen?(created_by_user)
+      expect(lettings_log.errors[:created_by]).to be_empty
+      expect(lettings_log.errors[:owning_organisation_id]).to be_empty
+      expect(lettings_log.errors[:managing_organisation_id]).to be_empty
+    end
+  end
 end
--- a/spec/requests/form_controller_spec.rb
+++ b/spec/requests/form_controller_spec.rb
@ -298,6 +298,38 @@ RSpec.describe FormController, type: :request do
          end
        end

+        context "with invalid organisation answers" do
+          let(:page) { Capybara::Node::Simple.new(response.body) }
+          let(:managing_organisation) { create(:organisation) }
+          let(:managing_organisation_too) { create(:organisation) }
+          let(:housing_provider) { create(:organisation) }
+          let(:params) do
+            {
+              id: lettings_log.id,
+              lettings_log: {
+                page: "managing_organisation",
+                managing_organisation_id: other_organisation.id,
+              },
+            }
+          end
+
+          before do
+            organisation.housing_providers << housing_provider
+            organisation.managing_agents << managing_organisation
+            organisation.managing_agents << managing_organisation_too
+            organisation.reload
+            lettings_log.update!(owning_organisation: housing_provider, created_by: user, managing_organisation: organisation)
+            lettings_log.reload
+          end
+
+          it "re-renders the same page with errors if validation fails" do
+            post "/lettings-logs/#{lettings_log.id}/form", params: params
+            expect(response).to redirect_to("/lettings-logs/#{lettings_log.id}/managing-organisation")
+            follow_redirect!
+            expect(page).to have_content("There is a problem")
+          end
+        end
+
        context "with valid answers" do
          let(:answer) { 20 }
          let(:params) do