Prevent access to bulk upload pages when DPC not signed

app/controllers/bulk_upload_lettings_logs_controller.rb

@@ -1,5 +1,6 @@
 class BulkUploadLettingsLogsController < ApplicationController
   before_action :authenticate_user!
+  before_action :validate_data_protection_agrement_signed!
 
   def start
     if in_crossover_period?
@@ -23,6 +24,12 @@ class BulkUploadLettingsLogsController < ApplicationController
 
 private
 
+  def validate_data_protection_agrement_signed!
+    unless @current_user.organisation.data_protection_confirmed?
+      redirect_to lettings_logs_path
+    end
+  end
+
   def current_year
     FormHandler.instance.current_collection_start_year
   end

app/controllers/bulk_upload_sales_logs_controller.rb

@@ -1,5 +1,6 @@
 class BulkUploadSalesLogsController < ApplicationController
   before_action :authenticate_user!
+  before_action :validate_data_protection_agrement_signed!
 
   def start
     if in_crossover_period?
@@ -23,6 +24,12 @@ class BulkUploadSalesLogsController < ApplicationController
 
 private
 
+  def validate_data_protection_agrement_signed!
+    unless @current_user.organisation.data_protection_confirmed?
+      redirect_to sales_logs_path
+    end
+  end
+
   def current_year
     FormHandler.instance.forms["current_sales"].start_date.year
   end

spec/requests/bulk_upload_lettings_logs_controller_spec.rb

@@ -1,7 +1,7 @@
 require "rails_helper"
 
 RSpec.describe BulkUploadLettingsLogsController, type: :request do
-  let(:user) { FactoryBot.create(:user) }
+  let(:user) { create(:user) }
   let(:organisation) { user.organisation }
 
   before do
@@ -9,6 +9,17 @@ RSpec.describe BulkUploadLettingsLogsController, type: :request do
   end
 
   describe "GET /lettings-logs/bulk-upload-logs/start" do
+    context "when data protection confirmation not signed" do
+      let(:organisation) { create(:organisation, :without_dpc) }
+      let(:user) { create(:user, organisation:) }
+
+      it "redirects to lettings index page" do
+        get "/lettings-logs/bulk-upload-logs/start", params: {}
+
+        expect(response).to redirect_to("/lettings-logs")
+      end
+    end
+
     context "when not in crossover period" do
       let(:expected_year) { 2022 }
 

spec/requests/bulk_upload_sales_logs_controller_spec.rb

@@ -1,7 +1,7 @@
 require "rails_helper"
 
 RSpec.describe BulkUploadSalesLogsController, type: :request do
-  let(:user) { FactoryBot.create(:user) }
+  let(:user) { create(:user) }
   let(:organisation) { user.organisation }
 
   before do
@@ -9,6 +9,17 @@ RSpec.describe BulkUploadSalesLogsController, type: :request do
   end
 
   describe "GET /sales-logs/bulk-upload-logs/start" do
+    context "when data protection confirmation not signed" do
+      let(:organisation) { create(:organisation, :without_dpc) }
+      let(:user) { create(:user, organisation:) }
+
+      it "redirects to sales index page" do
+        get "/sales-logs/bulk-upload-logs/start", params: {}
+
+        expect(response).to redirect_to("/sales-logs")
+      end
+    end
+
     context "when not in crossover period" do
       let(:expected_year) { FormHandler.instance.forms["current_sales"].start_date.year }