baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Do not allow adding stock owners as data providers

pull/1729/head
Kat 3 years ago
parent
d2c161872e
commit
493ae7d7c2
3 changed files with 34 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      app/controllers/organisation_relationships_controller.rb
  2. 12
      app/policies/organisation_relationship_policy.rb
  3. 21
      spec/requests/organisation_relationships_controller_spec.rb

1
app/controllers/organisation_relationships_controller.rb
Unescape View File

@ -41,6 +41,7 @@ class OrganisationRelationshipsController < ApplicationController
def create_stock_owner def create_stock_owner
@organisation_relationship = organisation.parent_organisation_relationships.new(organisation_relationship_params) @organisation_relationship = organisation.parent_organisation_relationships.new(organisation_relationship_params)
authorize @organisation_relationship
if @organisation_relationship.save(context: :stock_owner) if @organisation_relationship.save(context: :stock_owner)
flash[:notice] = "#{@organisation_relationship.parent_organisation.name} is now one of #{current_user.data_coordinator? ? 'your' : "this organisation's"} stock owners" flash[:notice] = "#{@organisation_relationship.parent_organisation.name} is now one of #{current_user.data_coordinator? ? 'your' : "this organisation's"} stock owners"
redirect_to stock_owners_organisation_path redirect_to stock_owners_organisation_path

12
app/policies/organisation_relationship_policy.rb
Unescape View File

@ -0,0 +1,12 @@
class OrganisationRelationshipPolicy
attr_reader :user, :organisation_relationship
def initialize(user, organisation_relationship)
@user = user
@organisation_relationship = organisation_relationship
end
def create_stock_owner?
return true unless user.data_provider?
end
end

21
spec/requests/organisation_relationships_controller_spec.rb
Unescape View File

@ -296,6 +296,27 @@ RSpec.describe OrganisationRelationshipsController, type: :request do
end end
end end
context "when directly adding a stock owner" do
let!(:stock_owner) { FactoryBot.create(:organisation) }
let(:params) do
{
"organisation_relationship": {
"parent_organisation_id": stock_owner.id,
},
}
end
let(:request) { post "/organisations/#{organisation.id}/stock-owners", headers:, params: }
it "returns 401 from users page" do
request
expect(response).to have_http_status(:unauthorized)
end
it "does not create a new organisation relationship" do
expect { request }.not_to change(OrganisationRelationship, :count)
end
end
context "when accessing the managing agents tab" do context "when accessing the managing agents tab" do
context "with an organisation that the user belongs to" do context "with an organisation that the user belongs to" do
let!(:managing_agent) { FactoryBot.create(:organisation) } let!(:managing_agent) { FactoryBot.create(:organisation) }

Write Preview
Loading…
Cancel
Save