baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Return unauthorised status

pull/2693/head
Kat 2 years ago committed by Kat
parent
9eef28cac9
commit
466cdeb5cd
2 changed files with 50 additions and 50 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      app/controllers/collection_resources_controller.rb
  2. 80
      spec/requests/collection_resources_controller_spec.rb

20
app/controllers/collection_resources_controller.rb
Unescape View File

@ -35,7 +35,7 @@ class CollectionResourcesController < ApplicationController
end end
def edit_mandatory_collection_resource def edit_mandatory_collection_resource
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
year = params[:year].to_i year = params[:year].to_i
resource_type = params[:resource_type] resource_type = params[:resource_type]
@ -51,7 +51,7 @@ class CollectionResourcesController < ApplicationController
end end
def edit_additional_collection_resource def edit_additional_collection_resource
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
@collection_resource = CollectionResource.find_by(id: params[:collection_resource_id]) @collection_resource = CollectionResource.find_by(id: params[:collection_resource_id])
@ -62,7 +62,7 @@ class CollectionResourcesController < ApplicationController
end end
def update_mandatory_collection_resource def update_mandatory_collection_resource
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
year = resource_params[:year].to_i year = resource_params[:year].to_i
resource_type = resource_params[:resource_type] resource_type = resource_params[:resource_type]
@ -92,7 +92,7 @@ class CollectionResourcesController < ApplicationController
end end
def update_additional_collection_resource def update_additional_collection_resource
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
@collection_resource = CollectionResource.find_by(id: params[:collection_resource_id]) @collection_resource = CollectionResource.find_by(id: params[:collection_resource_id])
@ -122,7 +122,7 @@ class CollectionResourcesController < ApplicationController
end end
def confirm_mandatory_collection_resources_release def confirm_mandatory_collection_resources_release
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
@year = params[:year].to_i @year = params[:year].to_i
@ -132,7 +132,7 @@ class CollectionResourcesController < ApplicationController
end end
def release_mandatory_collection_resources def release_mandatory_collection_resources
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
year = params[:year].to_i year = params[:year].to_i
@ -145,7 +145,7 @@ class CollectionResourcesController < ApplicationController
end end
def new def new
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
year = params[:year].to_i year = params[:year].to_i
log_type = params[:log_type] log_type = params[:log_type]
@ -156,7 +156,7 @@ class CollectionResourcesController < ApplicationController
end end
def create def create
return render_not_found unless current_user.support? && editable_collection_resource_years.include?(resource_params[:year].to_i) return render_not_authorized unless current_user.support? && editable_collection_resource_years.include?(resource_params[:year].to_i)
@collection_resource = CollectionResource.new(resource_params) @collection_resource = CollectionResource.new(resource_params)
@collection_resource.download_filename ||= @collection_resource.file&.original_filename @collection_resource.download_filename ||= @collection_resource.file&.original_filename
@ -185,7 +185,7 @@ class CollectionResourcesController < ApplicationController
end end
def delete_confirmation def delete_confirmation
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
@collection_resource = CollectionResource.find_by(id: params[:collection_resource_id]) @collection_resource = CollectionResource.find_by(id: params[:collection_resource_id])
@ -195,7 +195,7 @@ class CollectionResourcesController < ApplicationController
end end
def delete def delete
return render_not_found unless current_user.support? return render_not_authorized unless current_user.support?
@collection_resource = CollectionResource.find_by(id: params[:collection_resource_id]) @collection_resource = CollectionResource.find_by(id: params[:collection_resource_id])

80
spec/requests/collection_resources_controller_spec.rb
Unescape View File

@ -277,9 +277,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template") get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template")
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -290,9 +290,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template") get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template")
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -366,9 +366,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
patch update_mandatory_collection_resource_path, params: params patch update_mandatory_collection_resource_path, params: params
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -379,9 +379,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
patch update_mandatory_collection_resource_path, params: params patch update_mandatory_collection_resource_path, params: params
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
end end
@ -401,9 +401,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get confirm_mandatory_collection_resources_release_path(year: 2025) get confirm_mandatory_collection_resources_release_path(year: 2025)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -414,9 +414,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get confirm_mandatory_collection_resources_release_path(year: 2025) get confirm_mandatory_collection_resources_release_path(year: 2025)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -466,9 +466,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
patch release_mandatory_collection_resources_path(year: 2024) patch release_mandatory_collection_resources_path(year: 2024)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -479,9 +479,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
patch release_mandatory_collection_resources_path(year: 2024) patch release_mandatory_collection_resources_path(year: 2024)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -528,9 +528,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get new_collection_resource_path(year: 2025, log_type: "sales") get new_collection_resource_path(year: 2025, log_type: "sales")
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -541,9 +541,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get new_collection_resource_path(year: 2025, log_type: "sales") get new_collection_resource_path(year: 2025, log_type: "sales")
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -589,9 +589,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
post collection_resources_path, params: params post collection_resources_path, params: params
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -602,9 +602,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
post collection_resources_path, params: params post collection_resources_path, params: params
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
end end
@ -722,9 +722,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get collection_resource_edit_path(collection_resource) get collection_resource_edit_path(collection_resource)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -735,9 +735,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get collection_resource_edit_path(collection_resource) get collection_resource_edit_path(collection_resource)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -794,9 +794,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
patch collection_resource_update_path(collection_resource), params: params patch collection_resource_update_path(collection_resource), params: params
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -807,9 +807,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
patch collection_resource_update_path(collection_resource), params: params patch collection_resource_update_path(collection_resource), params: params
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
end end
@ -831,9 +831,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get collection_resource_delete_confirmation_path(collection_resource) get collection_resource_delete_confirmation_path(collection_resource)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -844,9 +844,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
get collection_resource_delete_confirmation_path(collection_resource) get collection_resource_delete_confirmation_path(collection_resource)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -892,9 +892,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
delete collection_resource_delete_path(collection_resource) delete collection_resource_delete_path(collection_resource)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end
@ -905,9 +905,9 @@ RSpec.describe CollectionResourcesController, type: :request do
sign_in user sign_in user
end end
it "returns page not found" do it "returns page not authorised" do
delete collection_resource_delete_path(collection_resource) delete collection_resource_delete_path(collection_resource)
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:unauthorized)
end end
end end

Write Preview
Loading…
Cancel
Save