From 491495384a31bfaa308247d4e0f6772897e22973 Mon Sep 17 00:00:00 2001 From: Jack S Date: Fri, 9 Jun 2023 14:10:27 +0100 Subject: [PATCH] start adapting to data protection confirmation --- app/controllers/organisations_controller.rb | 34 ++++----- app/helpers/data_sharing_agreement_helper.rb | 10 +-- app/models/data_sharing_agreement.rb | 4 -- app/models/organisation.rb | 3 +- .../logs/_create_for_org_actions.html.erb | 2 +- .../data_sharing_agreement.html.erb | 18 ++--- app/views/organisations/show.html.erb | 2 +- db/seeds.rb | 29 ++------ .../create_log_actions_component_spec.rb | 8 +-- ...sharing_agreement_banner_component_spec.rb | 20 +++--- .../factories/data_protection_confirmation.rb | 2 +- spec/factories/organisation.rb | 6 +- .../requests/organisations_controller_spec.rb | 71 +++++++++++-------- spec/shared/shared_log_examples.rb | 8 +-- .../_create_for_org_actions.html.erb_spec.rb | 6 +- .../data_sharing_agreement.html.erb_spec.rb | 42 ++++++----- .../views/organisations/show.html.erb_spec.rb | 20 +++--- 17 files changed, 136 insertions(+), 149 deletions(-) delete mode 100644 app/models/data_sharing_agreement.rb diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index 6fea6ec75..e5607e395 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -165,35 +165,27 @@ class OrganisationsController < ApplicationController def confirm_data_sharing_agreement return render_not_found unless FeatureToggle.new_data_protection_confirmation? return render_not_found unless current_user.is_dpo? - return render_not_found if @organisation.latest_data_protection_confirmation&.confirmed? + return render_not_found if @organisation.data_protection_confirmation&.confirmed? - - if @organisation.latest_data_protection_confirmation - @organisation.latest_data_protection_confirmation.update!( + if @organisation.data_protection_confirmation + @organisation.data_protection_confirmation.update!( confirmed: true, data_protection_officer: current_user, # When it was signed created_at: Time.zone.now, - ) - dpo.confirmed = true - dpo.data_protection_officer = current_user - dpo.save! - - data_protection_confirmation = DataProtectionConfirmation.new( - organisation: current_user.organisation, - confirmed: true, - data_protection_officer: current_user, - ) - - if data_protection_confirmation.save - flash[:notice] = "You have accepted the Data Sharing Agreement" - flash[:notification_banner_body] = "Your organisation can now submit logs." - - redirect_to details_organisation_path(@organisation) else - render :data_sharing_agreement + DataProtectionConfirmation.create!( + organisation: current_user.organisation, + confirmed: true, + data_protection_officer: current_user, + ) end + + flash[:notice] = "You have accepted the Data Sharing Agreement" + flash[:notification_banner_body] = "Your organisation can now submit logs." + + redirect_to details_organisation_path(@organisation) end private diff --git a/app/helpers/data_sharing_agreement_helper.rb b/app/helpers/data_sharing_agreement_helper.rb index e3750a5fa..ee6603feb 100644 --- a/app/helpers/data_sharing_agreement_helper.rb +++ b/app/helpers/data_sharing_agreement_helper.rb @@ -21,9 +21,9 @@ module DataSharingAgreementHelper end end - def name_for_data_sharing_agreement(data_sharing_agreement, user) - if data_sharing_agreement.present? - data_sharing_agreement.dpo_name + def name_for_data_sharing_agreement(data_protection_confirmation, user) + if data_protection_confirmation&.confirmed? + data_protection_confirmation.data_protection_officer.name elsif user.is_dpo? user.name else @@ -68,7 +68,7 @@ module DataSharingAgreementHelper private def data_sharing_agreement_first_line(organisation:, user:) - return "Not accepted" if organisation.data_protection_confirmation&.confirmed? + return "Not accepted" unless organisation.data_protection_confirmation&.confirmed? if user.support? "Accepted #{organisation.data_protection_confirmation.created_at.strftime('%d/%m/%Y')}" @@ -79,7 +79,7 @@ private def data_sharing_agreement_second_line(organisation:, user:) if organisation.data_protection_confirmation&.confirmed? - organisation.data_sharing_agreement.data_protection_officer.name if user.support? + organisation.data_protection_confirmation.data_protection_officer.name if user.support? else "Data protection officer must sign" unless user.is_dpo? end diff --git a/app/models/data_sharing_agreement.rb b/app/models/data_sharing_agreement.rb deleted file mode 100644 index b791afc98..000000000 --- a/app/models/data_sharing_agreement.rb +++ /dev/null @@ -1,4 +0,0 @@ -class DataSharingAgreement < ApplicationRecord - belongs_to :organisation - belongs_to :data_protection_officer, class_name: "User", optional: true -end diff --git a/app/models/organisation.rb b/app/models/organisation.rb index b11c07028..b39c5b176 100644 --- a/app/models/organisation.rb +++ b/app/models/organisation.rb @@ -88,7 +88,7 @@ class Organisation < ApplicationRecord end def data_protection_confirmed? - !!data_protection_confirmations.order(created_at: :desc).first&.confirmed + !!data_protection_confirmation&.confirmed? end def data_protection_agreement_string @@ -112,6 +112,7 @@ class Organisation < ApplicationRecord { name: "Owns housing stock", value: holds_own_stock ? "Yes" : "No", editable: false }, ].compact + # TODO: test unless FeatureToggle.new_data_protection_confirmation? attrs << { name: "Data protection agreement", value: data_protection_agreement_string, editable: false } end diff --git a/app/views/logs/_create_for_org_actions.html.erb b/app/views/logs/_create_for_org_actions.html.erb index 83cd1f27e..087429c16 100644 --- a/app/views/logs/_create_for_org_actions.html.erb +++ b/app/views/logs/_create_for_org_actions.html.erb @@ -1,5 +1,5 @@
- <% if !FeatureToggle.new_data_protection_confirmation? || @organisation.data_protection_confirmation.&confirmed? %> + <% if !FeatureToggle.new_data_protection_confirmation? || @organisation.data_protection_confirmation&.confirmed? %> <% if current_page?(controller: 'organisations', action: 'lettings_logs') %> <%= govuk_button_to "Create a new lettings log for this organisation", lettings_logs_path(lettings_log: { owning_organisation_id: @organisation.id }, method: :post) %> <% end %> diff --git a/app/views/organisations/data_sharing_agreement.html.erb b/app/views/organisations/data_sharing_agreement.html.erb index 3c861f6c9..b7ceaf243 100644 --- a/app/views/organisations/data_sharing_agreement.html.erb +++ b/app/views/organisations/data_sharing_agreement.html.erb @@ -3,11 +3,11 @@

- <%= org_name_for_data_sharing_agreement(@data_sharing_agreement, current_user) %> and Department for Levelling Up, Housing and Communities + <%= org_name_for_data_sharing_agreement(@data_protection_confirmation, current_user) %> and Department for Levelling Up, Housing and Communities

- <% if @data_sharing_agreement&.confirmed? %> - This agreement is made the <%= @data_sharing_agreement.created_at.day.ordinalize %> day of <%= @data_sharing_agreement.created_at.strftime("%B") %> <%= @data_sharing_agreement.created_at.year %> + <% if @data_protection_confirmation&.confirmed? %> + This agreement is made the <%= @data_protection_confirmation.created_at.day.ordinalize %> day of <%= @data_protection_confirmation.created_at.strftime("%B") %> <%= @data_protection_confirmation.created_at.year %> <% elsif current_user.is_dpo? %> This agreement is made the <%= Time.zone.now.day.ordinalize %> day of <%= Time.zone.now.strftime("%B") %> <%= Time.zone.now.year %> <% else %> @@ -15,8 +15,8 @@ <% end %>

between

- <% if @data_sharing_agreement %> -

1) <%= @data_sharing_agreement.organisation_name %> of <%= @data_sharing_agreement.organisation_address %> (“CORE Data Provider”)

+ <% if @data_protection_confirmation&.confirmed? %> +

1) <%= @data_protection_confirmation.organisation.name %> of <%= @data_protection_confirmation.organisation.address_row %> (“CORE Data Provider”)

<% else %>

1) <%= @organisation.name %> of <%= @organisation.address_row %> (“CORE Data Provider”)

<% end %> @@ -106,7 +106,7 @@

12. Authorised representatives

12.1. CORE data providers and DLUHC will each appoint an Authorised Representative to be the primary point of contact in all day-to-day matters relating to this Agreement:

- <%= section_12_2(data_sharing_agreement: @data_sharing_agreement, user: current_user, organisation: @organisation) %> + <%= section_12_2(data_protection_confirmation: @data_protection_confirmation, user: current_user, organisation: @organisation) %>

12.3. For DLUHC: Name: Rachel Worledge, Postal Address: South-west section, 4th Floor, Fry Building, 2 Marsham Street, London, SW1P 4DF, @@ -123,9 +123,9 @@

16. Statutory compliance

16.1. The Parties shall comply with all relevant legislation, regulations, orders, statutory instruments and any amendments or re-enactments thereof from the commencement of this agreement.

As witness of which the parties have set their hands on the day and year first above written - signed for and on behalf of the Data Protection Officer for <%= org_name_for_data_sharing_agreement(@data_sharing_agreement, current_user) %>, by:

+ signed for and on behalf of the Data Protection Officer for <%= org_name_for_data_sharing_agreement(@data_protection_confirmation, current_user) %>, by:

    -
  • Name: <%= name_for_data_sharing_agreement(@data_sharing_agreement, current_user) %>
    • +
  • Name: <%= name_for_data_sharing_agreement(@data_protection_confirmation, current_user) %>
  • Title: Data Protection Officer

SIGNED for and on behalf of the deputy director of the data, analytics & statistics in the Department for Levelling Up, Housing and Communities, by:

@@ -134,7 +134,7 @@
  • Title: Deputy Director
    • - <% if current_user.is_dpo? && !(@organisation.data_sharing_agreement&.confirmed?) %> + <% if current_user.is_dpo? && !(@organisation.data_protection_confirmation&.confirmed?) %>
    <%= govuk_button_to("Accept this agreement", data_sharing_agreement_organisation_path(@organisation), method: :post) %> <%= govuk_button_link_to("Cancel", details_organisation_path(@organisation), secondary: true) %> diff --git a/app/views/organisations/show.html.erb b/app/views/organisations/show.html.erb index 3f2d153a1..f1afb275c 100644 --- a/app/views/organisations/show.html.erb +++ b/app/views/organisations/show.html.erb @@ -33,7 +33,7 @@ <% end %> <% end %> <% end %> - <% if FeatureToggle.new_data_sharing_agreement? %> + <% if FeatureToggle.new_data_protection_confirmation? %> <%= data_sharing_agreement_row(organisation: @organisation, user: current_user, summary_list:) %> <% end %> <% end %> diff --git a/db/seeds.rb b/db/seeds.rb index 10352bcf2..77b84f968 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -7,25 +7,11 @@ # Character.create(name: 'Luke', movie: movies.first) # rubocop:disable Rails/Output - -def create_dpo(org) - User.find_or_create_by!( - name: "#{org.name} User", - email: "#{org.name}@example.com", - organisation: standalone_owns_stock, - role: "data_provider", - is_dpo: true, - ) do |user| - user.password = "password" - user.confirmed_at = Time.zone.now - end -end - -def create_dsa(org) +def create_dsa(user) DataProtectionConfirmation.find_or_create_by!( - organisation: org, + organisation: user.organisation, confirmed: true, - data_protection_officer: create_dpo(org), + data_protection_officer: user, ) end @@ -40,7 +26,6 @@ unless Rails.env.test? managing_agents_label: "None", provider_type: "LA", ) - create_dsa(stock_owner1) stock_owner2 = Organisation.find_or_create_by!( name: "Stock Owner 2", address_line1: "2 Marsham Street", @@ -51,7 +36,6 @@ unless Rails.env.test? managing_agents_label: "None", provider_type: "LA", ) - create_dsa(stock_owner2) managing_agent1 = Organisation.find_or_create_by!( name: "Managing Agent 1", address_line1: "2 Marsham Street", @@ -62,7 +46,6 @@ unless Rails.env.test? managing_agents_label: "None", provider_type: "LA", ) - create_dsa(managing_agent1) managing_agent2 = Organisation.find_or_create_by!( name: "Managing Agent 2", address_line1: "2 Marsham Street", @@ -73,7 +56,6 @@ unless Rails.env.test? managing_agents_label: "None", provider_type: "LA", ) - create_dsa(managing_agent2) org = Organisation.find_or_create_by!( name: "DLUHC", @@ -92,7 +74,6 @@ unless Rails.env.test? Rails.logger.info info end end - create_dsa(org) standalone_owns_stock = Organisation.find_or_create_by!( name: "Standalone Owns Stock 1 Ltd", @@ -113,6 +94,7 @@ unless Rails.env.test? ) do |user| user.password = "password" user.confirmed_at = Time.zone.now + create_dsa(user) end User.find_or_create_by!( @@ -123,6 +105,7 @@ unless Rails.env.test? ) do |user| user.password = "password" user.confirmed_at = Time.zone.now + create_dsa(user) end standalone_no_stock = Organisation.find_or_create_by!( @@ -204,6 +187,8 @@ unless Rails.env.test? user.confirmed_at = Time.zone.now end + create_dsa(support_user) + pp "Seeded 3 dummy users" end diff --git a/spec/components/create_log_actions_component_spec.rb b/spec/components/create_log_actions_component_spec.rb index 03d7fe937..3ae7851eb 100644 --- a/spec/components/create_log_actions_component_spec.rb +++ b/spec/components/create_log_actions_component_spec.rb @@ -22,7 +22,7 @@ RSpec.describe CreateLogActionsComponent, type: :component do context "when flag disabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(false) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(false) end it "renders actions" do @@ -67,7 +67,7 @@ RSpec.describe CreateLogActionsComponent, type: :component do context "when flag enabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(true) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(true) end context "when support user" do @@ -115,10 +115,10 @@ RSpec.describe CreateLogActionsComponent, type: :component do context "when not support user" do context "without data sharing agreement" do - let(:user) { create(:user, organisation: create(:organisation, :without_dsa)) } + let(:user) { create(:user, organisation: create(:organisation, :without_dpc)) } it "does not render actions" do - expect(component.display_actions?).to eq(false) + expect(component).not_to be_display_actions end end diff --git a/spec/components/data_sharing_agreement_banner_component_spec.rb b/spec/components/data_sharing_agreement_banner_component_spec.rb index 0827f0855..19b9f4f60 100644 --- a/spec/components/data_sharing_agreement_banner_component_spec.rb +++ b/spec/components/data_sharing_agreement_banner_component_spec.rb @@ -8,7 +8,7 @@ RSpec.describe DataSharingAgreementBannerComponent, type: :component do context "when flag disabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(false) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(false) end it "does not display banner" do @@ -18,7 +18,7 @@ RSpec.describe DataSharingAgreementBannerComponent, type: :component do context "when flag enabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(true) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(true) end context "when user is dpo" do @@ -36,7 +36,7 @@ RSpec.describe DataSharingAgreementBannerComponent, type: :component do let(:organisation) { nil } before do - allow(DataSharingAgreement).to receive(:exists?).and_call_original + allow(DataProtectionConfirmation).to receive(:exists?).and_call_original end context "when data sharing agreement present" do @@ -46,12 +46,12 @@ RSpec.describe DataSharingAgreementBannerComponent, type: :component do it "verifies DSA exists for organisation" do render - expect(DataSharingAgreement).to have_received(:exists?).with(organisation: user.organisation) + expect(DataProtectionConfirmation).to have_received(:exists?).with(organisation: user.organisation, confirmed: true) end end context "when data sharing agreement not present" do - let(:user) { create(:user, organisation: create(:organisation, :without_dsa)) } + let(:user) { create(:user, organisation: create(:organisation, :without_dpc)) } it "displays the banner" do expect(component.display_banner?).to eq(true) @@ -64,7 +64,7 @@ RSpec.describe DataSharingAgreementBannerComponent, type: :component do it "verifies DSA exists for organisation" do render - expect(DataSharingAgreement).to have_received(:exists?).with(organisation: user.organisation) + expect(DataProtectionConfirmation).to have_received(:exists?).with(organisation: user.organisation, confirmed: true) end end end @@ -83,7 +83,7 @@ RSpec.describe DataSharingAgreementBannerComponent, type: :component do context "when org present" do before do - allow(DataSharingAgreement).to receive(:exists?).and_call_original + allow(DataProtectionConfirmation).to receive(:exists?).and_call_original end context "when data sharing agreement present" do @@ -93,12 +93,12 @@ RSpec.describe DataSharingAgreementBannerComponent, type: :component do it "verifies DSA exists for organisation" do render - expect(DataSharingAgreement).to have_received(:exists?).with(organisation:) + expect(DataProtectionConfirmation).to have_received(:exists?).with(organisation:, confirmed: true) end end context "when data sharing agreement not present" do - let(:organisation) { create(:organisation, :without_dsa) } + let(:organisation) { create(:organisation, :without_dpc) } it "displays the banner" do expect(component.display_banner?).to eq(true) @@ -111,7 +111,7 @@ RSpec.describe DataSharingAgreementBannerComponent, type: :component do it "verifies DSA exists for organisation" do render - expect(DataSharingAgreement).to have_received(:exists?).with(organisation:) + expect(DataProtectionConfirmation).to have_received(:exists?).with(organisation:, confirmed: true) end end end diff --git a/spec/factories/data_protection_confirmation.rb b/spec/factories/data_protection_confirmation.rb index 704294d9e..3646ea735 100644 --- a/spec/factories/data_protection_confirmation.rb +++ b/spec/factories/data_protection_confirmation.rb @@ -1,6 +1,6 @@ FactoryBot.define do factory :data_protection_confirmation do - organisation { association :organisation, data_sharing_agreement: instance } + organisation { association :organisation, data_protection_confirmation: instance } data_protection_officer { association :user, :data_protection_officer, organisation: (instance.organisation || organisation) } confirmed { true } diff --git a/spec/factories/organisation.rb b/spec/factories/organisation.rb index 20964c06c..c65533b3d 100644 --- a/spec/factories/organisation.rb +++ b/spec/factories/organisation.rb @@ -17,7 +17,7 @@ FactoryBot.define do after(:create) do |org, evaluator| if evaluator.with_dsa create( - :data_sharing_agreement, + :data_protection_confirmation, organisation: org, data_protection_officer: org.users.any? ? org.users.first : create(:user, :data_protection_officer, organisation: org), ) @@ -36,12 +36,12 @@ FactoryBot.define do holds_own_stock { false } end - trait :without_dsa do + trait :without_dpc do transient do with_dsa { false } end - data_sharing_agreement { nil } + data_protection_confirmation { nil } end end diff --git a/spec/requests/organisations_controller_spec.rb b/spec/requests/organisations_controller_spec.rb index 0bbe64829..466e7522e 100644 --- a/spec/requests/organisations_controller_spec.rb +++ b/spec/requests/organisations_controller_spec.rb @@ -285,7 +285,7 @@ RSpec.describe OrganisationsController, type: :request do end it "shows the pagination count" do - expect(page).to have_content("3 total users") + expect(page).to have_content("#{user.organisation.users.count} total users") end end @@ -1424,7 +1424,7 @@ RSpec.describe OrganisationsController, type: :request do it "only includes users from that organisation" do get "/organisations/#{other_organisation.id}/users", headers:, params: {} csv = CSV.parse(response.body) - expect(csv.count).to eq(3) + expect(csv.count).to eq(other_organisation.users.count + 1) end end end @@ -1446,7 +1446,7 @@ RSpec.describe OrganisationsController, type: :request do context "when flag not enabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(false) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(false) end it "returns not found" do @@ -1457,7 +1457,7 @@ RSpec.describe OrganisationsController, type: :request do context "when flag enabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(true) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(true) end it "returns ok" do @@ -1469,7 +1469,7 @@ RSpec.describe OrganisationsController, type: :request do end describe "POST #data_sharing_agreement" do - let(:organisation) { create(:organisation, :without_dsa) } + let(:organisation) { create(:organisation, :without_dpc) } context "when not signed in" do it "redirects to sign in" do @@ -1486,7 +1486,7 @@ RSpec.describe OrganisationsController, type: :request do context "when flag not enabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(false) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(false) end it "returns not found" do @@ -1497,7 +1497,7 @@ RSpec.describe OrganisationsController, type: :request do context "when flag enabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(true) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(true) end context "when user not dpo" do @@ -1510,39 +1510,48 @@ RSpec.describe OrganisationsController, type: :request do end context "when user is dpo" do - let(:user) { create(:user, is_dpo: true, organisation:) } + context "when the organisation has a non-confirmed confirmation" do + let(:user) { create(:user, is_dpo: false) } - it "returns redirects to details page" do - post "/organisations/#{organisation.id}/data-sharing-agreement", headers: headers - - expect(response).to redirect_to("/organisations/#{organisation.id}/details") - expect(flash[:notice]).to eq("You have accepted the Data Sharing Agreement") - expect(flash[:notification_banner_body]).to eq("Your organisation can now submit logs.") + it "returns not found" do + post "/organisations/#{organisation.id}/data-sharing-agreement", headers: headers + expect(response).to have_http_status(:not_found) + end end - it "creates a data sharing agreement" do - expect(organisation.reload.data_sharing_agreement).to be_nil + context "when the organisation does not have a confirmation" do + let(:user) { create(:user, is_dpo: true, organisation:) } - post("/organisations/#{organisation.id}/data-sharing-agreement", headers:) + it "returns redirects to details page" do + post "/organisations/#{organisation.id}/data-sharing-agreement", headers: headers - data_sharing_agreement = organisation.reload.data_sharing_agreement + expect(response).to redirect_to("/organisations/#{organisation.id}/details") + expect(flash[:notice]).to eq("You have accepted the Data Sharing Agreement") + expect(flash[:notification_banner_body]).to eq("Your organisation can now submit logs.") + end - expect(data_sharing_agreement.organisation_address).to eq(organisation.address_row) - expect(data_sharing_agreement.organisation_name).to eq(organisation.name) - expect(data_sharing_agreement.organisation_phone_number).to eq(organisation.phone) - expect(data_sharing_agreement.data_protection_officer).to eq(user) - expect(data_sharing_agreement.dpo_name).to eq(user.name) - expect(data_sharing_agreement.dpo_email).to eq(user.email) - end + it "creates a data sharing agreement" do + expect(organisation.reload.data_protection_confirmation).to be_nil - context "when the user has already accepted the agreement" do - before do - create(:data_sharing_agreement, data_protection_officer: user, organisation: user.organisation) + post("/organisations/#{organisation.id}/data-sharing-agreement", headers:) + + data_protection_confirmation = organisation.reload.data_protection_confirmation + + expect(data_protection_confirmation.organisation.address_row).to eq(organisation.address_row) + expect(data_protection_confirmation.organisation.name).to eq(organisation.name) + expect(data_protection_confirmation.organisation.phone).to eq(organisation.phone) + expect(data_protection_confirmation.data_protection_officer).to eq(user) end - it "returns not found" do - post "/organisations/#{organisation.id}/data-sharing-agreement", headers: headers - expect(response).to have_http_status(:not_found) + context "when the user has already accepted the agreement" do + before do + create(:data_protection_confirmation, data_protection_officer: user, organisation: user.organisation) + end + + it "returns not found" do + post "/organisations/#{organisation.id}/data-sharing-agreement", headers: headers + expect(response).to have_http_status(:not_found) + end end end end diff --git a/spec/shared/shared_log_examples.rb b/spec/shared/shared_log_examples.rb index 96c5d8fc9..ccc893387 100644 --- a/spec/shared/shared_log_examples.rb +++ b/spec/shared/shared_log_examples.rb @@ -107,7 +107,7 @@ RSpec.shared_examples "shared log examples" do |log_type| describe "#verify_dsa_signed" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(false) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(false) end it "is valid if the DSA is signed" do @@ -123,7 +123,7 @@ RSpec.shared_examples "shared log examples" do |log_type| end it "is not valid if the DSA is not signed" do - log = build(log_type, owning_organisation: create(:organisation, :without_dsa)) + log = build(log_type, owning_organisation: create(:organisation, :without_dpc)) expect(log).to be_valid end @@ -131,7 +131,7 @@ RSpec.shared_examples "shared log examples" do |log_type| context "when flag enabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(true) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(true) end it "is valid if the DSA is signed" do @@ -147,7 +147,7 @@ RSpec.shared_examples "shared log examples" do |log_type| end it "is not valid if the DSA is not signed" do - log = build(log_type, owning_organisation: create(:organisation, :without_dsa)) + log = build(log_type, owning_organisation: create(:organisation, :without_dpc)) expect(log).not_to be_valid expect(log.errors[:owning_organisation]).to eq(["Your organisation must accept the Data Sharing Agreement before you can create any logs."]) diff --git a/spec/views/logs/_create_for_org_actions.html.erb_spec.rb b/spec/views/logs/_create_for_org_actions.html.erb_spec.rb index 651994dd9..f554778c2 100644 --- a/spec/views/logs/_create_for_org_actions.html.erb_spec.rb +++ b/spec/views/logs/_create_for_org_actions.html.erb_spec.rb @@ -13,7 +13,7 @@ RSpec.describe "logs/_create_for_org_actions.html.erb" do context "when flag disabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(false) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(false) end it "shows create buttons" do @@ -26,7 +26,7 @@ RSpec.describe "logs/_create_for_org_actions.html.erb" do context "when flag enabled" do before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(true) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(true) end context "with data sharing agreement" do @@ -38,7 +38,7 @@ RSpec.describe "logs/_create_for_org_actions.html.erb" do end context "without data sharing agreement" do - let(:user) { create(:user, organisation: create(:organisation, :without_dsa)) } + let(:user) { create(:user, organisation: create(:organisation, :without_dpc)) } it "does not include create log buttons" do render diff --git a/spec/views/organisations/data_sharing_agreement.html.erb_spec.rb b/spec/views/organisations/data_sharing_agreement.html.erb_spec.rb index 4f5eaa125..b20cecf4d 100644 --- a/spec/views/organisations/data_sharing_agreement.html.erb_spec.rb +++ b/spec/views/organisations/data_sharing_agreement.html.erb_spec.rb @@ -5,7 +5,7 @@ RSpec.describe "organisations/data_sharing_agreement.html.erb", :aggregate_failu Timecop.freeze(Time.zone.local(2023, 1, 10)) allow(view).to receive(:current_user).and_return(user) assign(:organisation, organisation) - assign(:data_sharing_agreement, data_sharing_agreement) + assign(:data_protection_confirmation, data_protection_confirmation) end after do @@ -14,10 +14,10 @@ RSpec.describe "organisations/data_sharing_agreement.html.erb", :aggregate_failu let(:fragment) { Capybara::Node::Simple.new(rendered) } let(:organisation) { user.organisation } - let(:data_sharing_agreement) { nil } + let(:data_protection_confirmation) { nil } context "when dpo" do - let(:user) { create(:user, is_dpo: true, organisation: create(:organisation, :without_dsa)) } + let(:user) { create(:user, is_dpo: true, organisation: create(:organisation, :without_dpc)) } it "renders dynamic content" do render @@ -36,32 +36,34 @@ RSpec.describe "organisations/data_sharing_agreement.html.erb", :aggregate_failu expect(fragment).to have_content("12.2. For #{organisation.name}: Name: #{user.name}, Postal Address: #{organisation.address_row}, E-mail address: #{user.email}, Telephone number: #{organisation.phone}") end - context "when accepted" do - let(:data_sharing_agreement) do + context "when confirmed" do + let(:data_protection_confirmation) do create( - :data_sharing_agreement, + :data_protection_confirmation, organisation:, - signed_at: Time.zone.now - 1.day, + created_at: Time.zone.now - 1.day, ) end + let(:dpo) { data_protection_confirmation.data_protection_officer } + it "renders dynamic content" do render # dpo name - expect(fragment).to have_content("Name: #{data_sharing_agreement.dpo_name}") + expect(fragment).to have_content("Name: #{dpo.name}") # org details - expect(fragment).to have_content("#{data_sharing_agreement.organisation_name} of #{data_sharing_agreement.organisation_address} (“CORE Data Provider”)") + expect(fragment).to have_content("#{organisation.name} of #{organisation.address_row} (“CORE Data Provider”)") # header - expect(fragment).to have_css("h2", text: "#{data_sharing_agreement.organisation_name} and Department for Levelling Up, Housing and Communities") + expect(fragment).to have_css("h2", text: "#{organisation.name} and Department for Levelling Up, Housing and Communities") # does not show action buttons expect(fragment).not_to have_button(text: "Accept this agreement") expect(fragment).not_to have_link(text: "Cancel", href: "/organisations/#{organisation.id}/details") # sees signed_at date expect(fragment).to have_content("9th day of January 2023") # Shows DPO and org details in 12.2 - expect(fragment).to have_content("12.2. For #{data_sharing_agreement.organisation_name}: Name: #{data_sharing_agreement.dpo_name}, Postal Address: #{data_sharing_agreement.organisation_address}, E-mail address: #{data_sharing_agreement.dpo_email}, Telephone number: #{data_sharing_agreement.organisation_phone_number}") + expect(fragment).to have_content("12.2. For #{organisation.name}: Name: #{dpo.name}, Postal Address: #{organisation.address_row}, E-mail address: #{dpo.email}, Telephone number: #{organisation.phone}") end end end @@ -86,30 +88,32 @@ RSpec.describe "organisations/data_sharing_agreement.html.erb", :aggregate_failu expect(fragment).to have_content("12.2. For #{organisation.name}: Name: [DPO name], Postal Address: #{organisation.address_row}, E-mail address: [DPO email], Telephone number: #{organisation.phone}") end - context "when accepted" do - let(:data_sharing_agreement) do + context "when confirmed" do + let(:data_protection_confirmation) do create( - :data_sharing_agreement, + :data_protection_confirmation, organisation:, - signed_at: Time.zone.now - 1.day, + created_at: Time.zone.now - 1.day, ) end + let(:dpo) { data_protection_confirmation.data_protection_officer } + it "renders dynamic content" do render # sees signed_at date expect(fragment).to have_content("9th day of January 2023") # dpo name placedholder - expect(fragment).to have_content("Name: #{data_sharing_agreement.dpo_name}") + expect(fragment).to have_content("Name: #{dpo.name}") # org details - expect(fragment).to have_content("#{data_sharing_agreement.organisation_name} of #{data_sharing_agreement.organisation_address} (“CORE Data Provider”)") + expect(fragment).to have_content("#{organisation.name} of #{organisation.address_row} (“CORE Data Provider”)") # header - expect(fragment).to have_css("h2", text: "#{data_sharing_agreement.organisation_name} and Department for Levelling Up, Housing and Communities") + expect(fragment).to have_css("h2", text: "#{organisation.name} and Department for Levelling Up, Housing and Communities") # does not show action buttons expect(fragment).not_to have_button(text: "Accept this agreement") expect(fragment).not_to have_link(text: "Cancel", href: "/organisations/#{organisation.id}/details") # Shows filled in details in 12.2 - expect(fragment).to have_content("12.2. For #{data_sharing_agreement.organisation_name}: Name: #{data_sharing_agreement.dpo_name}, Postal Address: #{data_sharing_agreement.organisation_address}, E-mail address: #{data_sharing_agreement.dpo_email}, Telephone number: #{data_sharing_agreement.organisation_phone_number}") + expect(fragment).to have_content("12.2. For #{organisation.name}: Name: #{dpo.name}, Postal Address: #{organisation.address_row}, E-mail address: #{dpo.email}, Telephone number: #{organisation.phone}") end end end diff --git a/spec/views/organisations/show.html.erb_spec.rb b/spec/views/organisations/show.html.erb_spec.rb index 31f52bcf8..47ec10df4 100644 --- a/spec/views/organisations/show.html.erb_spec.rb +++ b/spec/views/organisations/show.html.erb_spec.rb @@ -12,14 +12,14 @@ RSpec.describe "organisations/show.html.erb" do end let(:fragment) { Capybara::Node::Simple.new(rendered) } - let(:organisation_without_dsa) { create(:organisation, :without_dsa) } + let(:organisation_without_dpc) { create(:organisation, :without_dpc) } let(:organisation_with_dsa) { create(:organisation) } context "when flag disabled" do - let(:user) { create(:user, organisation: organisation_without_dsa) } + let(:user) { create(:user, organisation: organisation_without_dpc) } before do - allow(FeatureToggle).to receive(:new_data_sharing_agreement?).and_return(false) + allow(FeatureToggle).to receive(:new_data_protection_confirmation?).and_return(false) end it "does not include data sharing agreement row" do @@ -30,7 +30,7 @@ RSpec.describe "organisations/show.html.erb" do end context "when dpo" do - let(:user) { create(:user, is_dpo: true, organisation: organisation_without_dsa) } + let(:user) { create(:user, is_dpo: true, organisation: organisation_without_dpc) } it "includes data sharing agreement row" do render @@ -47,7 +47,7 @@ RSpec.describe "organisations/show.html.erb" do it "shows link to view data sharing agreement" do render - expect(fragment).to have_link(text: "View agreement", href: "/organisations/#{organisation_without_dsa.id}/data-sharing-agreement") + expect(fragment).to have_link(text: "View agreement", href: "/organisations/#{organisation_without_dpc.id}/data-sharing-agreement") end context "when accepted" do @@ -74,7 +74,7 @@ RSpec.describe "organisations/show.html.erb" do end context "when support user" do - let(:user) { create(:user, :support, organisation: organisation_without_dsa) } + let(:user) { create(:user, :support, organisation: organisation_without_dpc) } it "includes data sharing agreement row" do render @@ -97,7 +97,7 @@ RSpec.describe "organisations/show.html.erb" do it "shows link to view data sharing agreement" do render - expect(fragment).to have_link(text: "View agreement", href: "/organisations/#{organisation_without_dsa.id}/data-sharing-agreement") + expect(fragment).to have_link(text: "View agreement", href: "/organisations/#{organisation_without_dpc.id}/data-sharing-agreement") end context "when accepted" do @@ -118,7 +118,7 @@ RSpec.describe "organisations/show.html.erb" do it "shows show name of who signed the agreement" do render - expect(fragment).to have_content(user.organisation.data_sharing_agreement.dpo_name) + expect(fragment).to have_content(user.organisation.data_protection_confirmation.data_protection_officer.name) end it "shows link to view data sharing agreement" do @@ -130,7 +130,7 @@ RSpec.describe "organisations/show.html.erb" do end context "when not dpo" do - let(:user) { create(:user, organisation: organisation_without_dsa) } + let(:user) { create(:user, organisation: organisation_without_dpc) } it "includes data sharing agreement row" do render @@ -150,7 +150,7 @@ RSpec.describe "organisations/show.html.erb" do it "shows link to view data sharing agreement" do render - expect(fragment).to have_link(text: "View agreement", href: "/organisations/#{organisation_without_dsa.id}/data-sharing-agreement") + expect(fragment).to have_link(text: "View agreement", href: "/organisations/#{organisation_without_dpc.id}/data-sharing-agreement") end context "when accepted" do