From 28ec80db237202d696051b10c8f5182d6c7c0d67 Mon Sep 17 00:00:00 2001 From: Kat Date: Mon, 19 Aug 2024 10:40:32 +0100 Subject: [PATCH] Redirect to log-reassignment page when updating organisation --- app/controllers/users_controller.rb | 31 ++++++++++-- config/routes.rb | 1 + spec/requests/users_controller_spec.rb | 66 ++++++++++++++++++++++++++ 3 files changed, 94 insertions(+), 4 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index c5c5241f9..78822b94d 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -61,7 +61,7 @@ class UsersController < ApplicationController def update validate_attributes - if @user.errors.empty? && @user.update(user_params) + if @user.errors.empty? && @user.update(user_params_without_org) if @user == current_user bypass_sign_in @user flash[:notice] = I18n.t("devise.passwords.updated") if user_params.key?("password") @@ -69,7 +69,11 @@ class UsersController < ApplicationController flash[:notice] = I18n.t("devise.email.updated", email: @user.unconfirmed_email) end - redirect_to account_path + if updating_organisation? + redirect_to user_log_reassignment_path(@user, organisation_id: user_params[:organisation_id]) + else + redirect_to account_path + end else user_name = @user.name&.possessive || @user.email.possessive if user_params[:active] == "false" @@ -82,7 +86,12 @@ class UsersController < ApplicationController elsif user_params.key?("email") flash[:notice] = I18n.t("devise.email.updated", email: @user.unconfirmed_email) end - redirect_to user_path(@user) + + if updating_organisation? + redirect_to user_log_reassignment_path(@user, organisation_id: user_params[:organisation_id]) + else + redirect_to user_path(@user) + end end elsif user_params.key?("password") format_error_messages @@ -157,6 +166,10 @@ private elsif !user_params[:phone].nil? && !valid_phone_number?(user_params[:phone]) @user.errors.add :phone end + + if user_params.key?(:organisation_id) && user_params[:organisation_id].blank? + @user.errors.add :organisation, :blank + end end def valid_phone_number?(number) @@ -191,8 +204,10 @@ private def user_params if @user == current_user - if current_user.data_coordinator? || current_user.support? + if current_user.data_coordinator? params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :role, :is_dpo, :is_key_contact, :initial_confirmation_sent) + elsif current_user.support? + params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :role, :is_dpo, :is_key_contact, :initial_confirmation_sent, :organisation_id) else params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :initial_confirmation_sent) end @@ -203,6 +218,10 @@ private end end + def user_params_without_org + user_params.except(:organisation_id) + end + def created_user_redirect_path if current_user.support? users_path @@ -234,4 +253,8 @@ private def session_filters filter_manager.session_filters end + + def updating_organisation? + user_params["organisation_id"].present? && @user.organisation_id != user_params["organisation_id"].to_i + end end diff --git a/config/routes.rb b/config/routes.rb index 4817bebb9..483303476 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -124,6 +124,7 @@ Rails.application.routes.draw do resources :users do get "edit-dpo", to: "users#dpo" get "edit-key-contact", to: "users#key_contact" + get "log-reassignment", to: "users#log_reassignment" collection do get :search diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 4096b747b..d8a17c3f9 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -1850,6 +1850,39 @@ RSpec.describe UsersController, type: :request do expect(page).to have_selector(".govuk-error-summary__title") end end + + context "when updating organisation" do + let(:new_organisation) { create(:organisation) } + + before do + patch "/users/#{user.id}", headers:, params: + end + + context "and organisation id is nil" do + let(:params) { { id: user.id, user: { organisation_id: "" } } } + + it "does not update the organisation" do + expect(response).to have_http_status(:unprocessable_entity) + expect(page).to have_selector(".govuk-error-summary__title") + end + end + + context "and organisation id is not nil" do + let(:params) { { id: user.id, user: { organisation_id: new_organisation.id, name: "new_name" } } } + + it "does not update the organisation" do + expect(user.reload.organisation).not_to eq(new_organisation) + end + + it "redirects to log reassignment page" do + expect(response).to redirect_to("/users/#{user.id}/log-reassignment?organisation_id=#{new_organisation.id}") + end + + it "updated other fields" do + expect(user.reload.name).to eq("new_name") + end + end + end end context "when the current user does not match the user ID" do @@ -1987,6 +2020,39 @@ RSpec.describe UsersController, type: :request do patch "/users/#{other_user.id}", headers:, params: end end + + context "when updating organisation" do + let(:new_organisation) { create(:organisation) } + + before do + patch "/users/#{other_user.id}", headers:, params: + end + + context "and organisation id is nil" do + let(:params) { { id: other_user.id, user: { organisation_id: "" } } } + + it "does not update the organisation" do + expect(response).to have_http_status(:unprocessable_entity) + expect(page).to have_selector(".govuk-error-summary__title") + end + end + + context "and organisation id is not nil" do + let(:params) { { id: other_user.id, user: { organisation_id: new_organisation.id, name: "new_name" } } } + + it "does not update the organisation" do + expect(user.reload.organisation).not_to eq(new_organisation) + end + + it "redirects to log reassignment page" do + expect(response).to redirect_to("/users/#{other_user.id}/log-reassignment?organisation_id=#{new_organisation.id}") + end + + it "updated other fields" do + expect(other_user.reload.name).to eq("new_name") + end + end + end end end end