baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update permissions and scheme/location views

pull/1637/head
Kat 3 years ago
parent
a50fff656c
commit
5379893cd6
8 changed files with 91 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      app/controllers/locations_controller.rb
  2. 6
      app/controllers/schemes_controller.rb
  3. 4
      app/helpers/locations_helper.rb
  4. 4
      app/views/locations/index.html.erb
  5. 4
      app/views/locations/show.html.erb
  6. 2
      app/views/schemes/show.html.erb
  7. 54
      spec/requests/locations_controller_spec.rb
  8. 21
      spec/requests/schemes_controller_spec.rb

6
app/controllers/locations_controller.rb
Unescape View File

@ -225,11 +225,15 @@ private
end end
def authenticate_action! def authenticate_action!
if %w[create update index new_deactivation deactivate_confirm deactivate postcode local_authority name units type_of_unit mobility_standards availability check_answers].include?(action_name) && !((current_user.organisation == @scheme&.owning_organisation) || current_user.support?) if %w[create update index new_deactivation deactivate_confirm deactivate postcode local_authority name units type_of_unit mobility_standards availability check_answers].include?(action_name) && !user_allowed_action?
render_not_found and return render_not_found and return
end end
end end
def user_allowed_action?
(current_user.organisation == @scheme&.owning_organisation) || (current_user.organisation.parent_organisations.any? { |org| org == @scheme&.owning_organisation }) || current_user.support?
end
def location_params def location_params
required_params = params.require(:location).permit(:postcode, :location_admin_district, :location_code, :name, :units, :type_of_unit, :mobility_type, "startdate(1i)", "startdate(2i)", "startdate(3i)").merge(scheme_id: @scheme.id) required_params = params.require(:location).permit(:postcode, :location_admin_district, :location_code, :name, :units, :type_of_unit, :mobility_type, "startdate(1i)", "startdate(2i)", "startdate(3i)").merge(scheme_id: @scheme.id)
required_params[:postcode] = PostcodeService.clean(required_params[:postcode]) if required_params[:postcode] required_params[:postcode] = PostcodeService.clean(required_params[:postcode]) if required_params[:postcode]

6
app/controllers/schemes_controller.rb
Unescape View File

@ -265,11 +265,15 @@ private
def authenticate_scope! def authenticate_scope!
head :unauthorized and return unless current_user.data_coordinator? || current_user.support? head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name deactivate].include?(action_name) && !((current_user.organisation == @scheme&.owning_organisation) || current_user.support?) if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name deactivate].include?(action_name) && !user_allowed_action?
render_not_found and return render_not_found and return
end end
end end
def user_allowed_action?
(current_user.organisation == @scheme&.owning_organisation) || (current_user.organisation.parent_organisations.any? { |org| org == @scheme&.owning_organisation }) || current_user.support?
end
def redirect_if_scheme_confirmed def redirect_if_scheme_confirmed
redirect_to @scheme if @scheme.confirmed? redirect_to @scheme if @scheme.confirmed?
end end

4
app/helpers/locations_helper.rb
Unescape View File

@ -84,6 +84,10 @@ module LocationsHelper
end end
end end
def user_can_edit_scheme?(user, scheme)
user.support? || user.organisation == scheme.owning_organisation
end
private private
ActivePeriod = Struct.new(:from, :to) ActivePeriod = Struct.new(:from, :to)

4
app/views/locations/index.html.erb
Unescape View File

@ -64,7 +64,9 @@
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>
<% if user_can_edit_scheme?(current_user, @scheme) %>
<%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %> <%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
<% end %>
</div> </div>
</div> </div>
@ -118,7 +120,9 @@
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>
<% if user_can_edit_scheme?(current_user, @scheme) %>
<%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %> <%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
<% end %>
<% end %> <% end %>

4
app/views/locations/show.html.erb
Unescape View File

@ -16,12 +16,12 @@
<%= summary_list.row do |row| %> <%= summary_list.row do |row| %>
<% row.key { attr[:name] } %> <% row.key { attr[:name] } %>
<% row.value { attr[:attribute].eql?("status") ? status_tag(attr[:value]) : details_html(attr) } %> <% row.value { attr[:attribute].eql?("status") ? status_tag(attr[:value]) : details_html(attr) } %>
<% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" %> <% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" && current_user.organisation == @scheme.owning_organisation %>
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>
</div> </div>
</div> </div>
<% if FeatureToggle.location_toggle_enabled? %> <% if FeatureToggle.location_toggle_enabled? && user_can_edit_scheme?(current_user, @scheme) %>
<%= toggle_location_link(@location) %> <%= toggle_location_link(@location) %>
<% end %> <% end %>

2
app/views/schemes/show.html.erb
Unescape View File

@ -22,7 +22,7 @@
<%= summary_list.row do |row| %> <%= summary_list.row do |row| %>
<% row.key { attr[:name] } %> <% row.key { attr[:name] } %>
<% row.value { details_html(attr) } %> <% row.value { details_html(attr) } %>
<% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] %> <% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] && user_can_edit_scheme?(current_user, @scheme) %>
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>

54
spec/requests/locations_controller_spec.rb
Unescape View File

@ -145,7 +145,7 @@ RSpec.describe LocationsController, type: :request do
end end
end end
it "shows locations with correct data wben the new locations layout feature toggle is enabled" do it "shows locations with correct data when the new locations layout feature toggle is enabled" do
locations.each do |location| locations.each do |location|
expect(page).to have_content(location.id) expect(page).to have_content(location.id)
expect(page).to have_content(location.postcode) expect(page).to have_content(location.postcode)
@ -154,7 +154,7 @@ RSpec.describe LocationsController, type: :request do
end end
end end
it "shows locations with correct data wben the new locations layout feature toggle is disabled" do it "shows locations with correct data when the new locations layout feature toggle is disabled" do
allow(FeatureToggle).to receive(:location_toggle_enabled?).and_return(false) allow(FeatureToggle).to receive(:location_toggle_enabled?).and_return(false)
get "/schemes/#{scheme.id}/locations" get "/schemes/#{scheme.id}/locations"
locations.each do |location| locations.each do |location|
@ -248,6 +248,30 @@ RSpec.describe LocationsController, type: :request do
expect(page).to have_title(expected_title) expect(page).to have_title(expected_title)
end end
end end
context "when coordinator attempts to see scheme belonging to a parent organisation" do
let(:parent_organisation) { FactoryBot.create(:organisation) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: parent_organisation) }
let!(:locations) { FactoryBot.create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) }
before do
create(:organisation_relationship, parent_organisation:, child_organisation: user.organisation)
get "/schemes/#{scheme.id}/locations"
end
it "shows all the locations" do
locations.each do |location|
expect(page).to have_content(location.id)
expect(page).to have_content(location.postcode)
expect(page).to have_content(location.name)
expect(page).to have_content(location.status)
end
end
it "does not allow adding new locations" do
expect(page).not_to have_button("Add a location")
end
end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
@ -261,16 +285,17 @@ RSpec.describe LocationsController, type: :request do
get "/schemes/#{scheme.id}/locations" get "/schemes/#{scheme.id}/locations"
end end
it "shows locations with correct data wben the new locations layout feature toggle is enabled" do it "shows locations with correct data when the new locations layout feature toggle is enabled" do
locations.each do |location| locations.each do |location|
expect(page).to have_content(location.id) expect(page).to have_content(location.id)
expect(page).to have_content(location.postcode) expect(page).to have_content(location.postcode)
expect(page).to have_content(location.name) expect(page).to have_content(location.name)
expect(page).to have_content(location.status) expect(page).to have_content(location.status)
end end
expect(page).to have_button("Add a location")
end end
it "shows locations with correct data wben the new locations layout feature toggle is disabled" do it "shows locations with correct data when the new locations layout feature toggle is disabled" do
allow(FeatureToggle).to receive(:location_toggle_enabled?).and_return(false) allow(FeatureToggle).to receive(:location_toggle_enabled?).and_return(false)
get "/schemes/#{scheme.id}/locations" get "/schemes/#{scheme.id}/locations"
locations.each do |location| locations.each do |location|
@ -1677,6 +1702,27 @@ RSpec.describe LocationsController, type: :request do
expect(page).not_to have_link("Deactivate this location") expect(page).not_to have_link("Deactivate this location")
end end
end end
context "and are viewing their parent organisation's location" do
let(:parent_organisation) { FactoryBot.create(:organisation) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: parent_organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:add_deactivations) {}
before do
create(:organisation_relationship, parent_organisation:, child_organisation: user.organisation)
end
it "shows the location" do
expect(page).to have_content("Location name")
expect(page).to have_content(location.name)
end
it "does not allow editing the location" do
expect(page).not_to have_link("Change")
expect(page).not_to have_link("Deactivate this location", href: "/schemes/#{scheme.id}/locations/#{location.id}/new-deactivation")
end
end
end end
end end

21
spec/requests/schemes_controller_spec.rb
Unescape View File

@ -233,9 +233,6 @@ RSpec.describe SchemesController, type: :request do
expect(page).to have_content(specific_scheme.id_to_display) expect(page).to have_content(specific_scheme.id_to_display)
expect(page).to have_content(specific_scheme.service_name) expect(page).to have_content(specific_scheme.service_name)
expect(page).to have_content(specific_scheme.sensitive) expect(page).to have_content(specific_scheme.sensitive)
expect(page).to have_content(specific_scheme.id_to_display)
expect(page).to have_content(specific_scheme.service_name)
expect(page).to have_content(specific_scheme.sensitive)
expect(page).to have_content(specific_scheme.scheme_type) expect(page).to have_content(specific_scheme.scheme_type)
expect(page).to have_content(specific_scheme.registered_under_care_act) expect(page).to have_content(specific_scheme.registered_under_care_act)
expect(page).to have_content(specific_scheme.primary_client_group) expect(page).to have_content(specific_scheme.primary_client_group)
@ -306,6 +303,24 @@ RSpec.describe SchemesController, type: :request do
end end
end end
end end
context "when coordinator attempts to see scheme belonging to a parent organisation" do
let(:parent_organisation) { FactoryBot.create(:organisation) }
let!(:specific_scheme) { FactoryBot.create(:scheme, owning_organisation: parent_organisation) }
before do
create(:organisation_relationship, parent_organisation:, child_organisation: user.organisation)
get "/schemes/#{specific_scheme.id}"
end
it "shows the scheme" do
expect(page).to have_content(specific_scheme.id_to_display)
end
it "does not allow editing the scheme" do
expect(page).not_to have_link("Change")
end
end
end end
context "when signed in as a support user" do context "when signed in as a support user" do

Write Preview
Loading…
Cancel
Save