diff --git a/app/controllers/collection_resources_controller.rb b/app/controllers/collection_resources_controller.rb index 7d0a18652..06988c88c 100644 --- a/app/controllers/collection_resources_controller.rb +++ b/app/controllers/collection_resources_controller.rb @@ -35,7 +35,7 @@ class CollectionResourcesController < ApplicationController end def edit_mandatory_collection_resource - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? year = params[:year].to_i resource_type = params[:resource_type] @@ -51,7 +51,7 @@ class CollectionResourcesController < ApplicationController end def edit_additional_collection_resource - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? @collection_resource = CollectionResource.find_by(id: params[:collection_resource_id]) @@ -62,7 +62,7 @@ class CollectionResourcesController < ApplicationController end def update_mandatory_collection_resource - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? year = resource_params[:year].to_i resource_type = resource_params[:resource_type] @@ -92,7 +92,7 @@ class CollectionResourcesController < ApplicationController end def update_additional_collection_resource - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? @collection_resource = CollectionResource.find_by(id: params[:collection_resource_id]) @@ -122,7 +122,7 @@ class CollectionResourcesController < ApplicationController end def confirm_mandatory_collection_resources_release - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? @year = params[:year].to_i @@ -132,7 +132,7 @@ class CollectionResourcesController < ApplicationController end def release_mandatory_collection_resources - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? year = params[:year].to_i @@ -145,7 +145,7 @@ class CollectionResourcesController < ApplicationController end def new - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? year = params[:year].to_i log_type = params[:log_type] @@ -156,7 +156,7 @@ class CollectionResourcesController < ApplicationController end def create - return render_not_found unless current_user.support? && editable_collection_resource_years.include?(resource_params[:year].to_i) + return render_not_authorized unless current_user.support? && editable_collection_resource_years.include?(resource_params[:year].to_i) @collection_resource = CollectionResource.new(resource_params) @collection_resource.download_filename ||= @collection_resource.file&.original_filename @@ -185,7 +185,7 @@ class CollectionResourcesController < ApplicationController end def delete_confirmation - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? @collection_resource = CollectionResource.find_by(id: params[:collection_resource_id]) @@ -195,7 +195,7 @@ class CollectionResourcesController < ApplicationController end def delete - return render_not_found unless current_user.support? + return render_not_authorized unless current_user.support? @collection_resource = CollectionResource.find_by(id: params[:collection_resource_id]) diff --git a/spec/requests/collection_resources_controller_spec.rb b/spec/requests/collection_resources_controller_spec.rb index 5bf1d2843..eb6f56aed 100644 --- a/spec/requests/collection_resources_controller_spec.rb +++ b/spec/requests/collection_resources_controller_spec.rb @@ -277,9 +277,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template") - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -290,9 +290,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template") - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -366,9 +366,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do patch update_mandatory_collection_resource_path, params: params - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -379,9 +379,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do patch update_mandatory_collection_resource_path, params: params - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end end @@ -401,9 +401,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get confirm_mandatory_collection_resources_release_path(year: 2025) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -414,9 +414,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get confirm_mandatory_collection_resources_release_path(year: 2025) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -466,9 +466,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do patch release_mandatory_collection_resources_path(year: 2024) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -479,9 +479,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do patch release_mandatory_collection_resources_path(year: 2024) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -528,9 +528,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get new_collection_resource_path(year: 2025, log_type: "sales") - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -541,9 +541,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get new_collection_resource_path(year: 2025, log_type: "sales") - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -589,9 +589,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do post collection_resources_path, params: params - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -602,9 +602,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do post collection_resources_path, params: params - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end end @@ -722,9 +722,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get collection_resource_edit_path(collection_resource) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -735,9 +735,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get collection_resource_edit_path(collection_resource) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -794,9 +794,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do patch collection_resource_update_path(collection_resource), params: params - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -807,9 +807,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do patch collection_resource_update_path(collection_resource), params: params - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end end @@ -831,9 +831,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get collection_resource_delete_confirmation_path(collection_resource) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -844,9 +844,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do get collection_resource_delete_confirmation_path(collection_resource) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -892,9 +892,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do delete collection_resource_delete_path(collection_resource) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end @@ -905,9 +905,9 @@ RSpec.describe CollectionResourcesController, type: :request do sign_in user end - it "returns page not found" do + it "returns page not authorised" do delete collection_resource_delete_path(collection_resource) - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(:unauthorized) end end