diff --git a/app/helpers/check_answers_helper.rb b/app/helpers/check_answers_helper.rb
index a29ab98d0..fed6e4e77 100644
--- a/app/helpers/check_answers_helper.rb
+++ b/app/helpers/check_answers_helper.rb
@@ -12,7 +12,10 @@ module CheckAnswersHelper
end
def can_change_scheme_answer?(attribute_name, scheme)
+ return false unless current_user.support? || current_user.data_coordinator?
+
editable_attributes = current_user.support? ? ["Name", "Confidential information", "Housing stock owned by"] : ["Name", "Confidential information"]
+
!scheme.confirmed? || editable_attributes.include?(attribute_name)
end
diff --git a/app/policies/location_policy.rb b/app/policies/location_policy.rb
index 81ba4dedc..f10f96ef5 100644
--- a/app/policies/location_policy.rb
+++ b/app/policies/location_policy.rb
@@ -62,7 +62,7 @@ class LocationPolicy
define_method method_name do
return true if user.support?
- scheme&.owning_organisation == user.organisation
+ user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
diff --git a/app/policies/scheme_policy.rb b/app/policies/scheme_policy.rb
index a78c3f190..58a4efb11 100644
--- a/app/policies/scheme_policy.rb
+++ b/app/policies/scheme_policy.rb
@@ -12,7 +12,7 @@ class SchemePolicy
if scheme == Scheme
true
else
- scheme&.owning_organisation == user.organisation
+ user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
@@ -25,7 +25,9 @@ class SchemePolicy
end
def update?
- user.data_coordinator? || user.support?
+ return true if user.support?
+
+ user.data_coordinator? && (scheme&.owning_organisation == user.organisation)
end
%w[
@@ -35,7 +37,7 @@ class SchemePolicy
define_method method_name do
return true if user.support?
- scheme&.owning_organisation == user.organisation
+ user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
diff --git a/app/views/locations/index.html.erb b/app/views/locations/index.html.erb
index 0d3a9be1b..85ae27fed 100644
--- a/app/views/locations/index.html.erb
+++ b/app/views/locations/index.html.erb
@@ -65,7 +65,7 @@
<% end %>
<% end %>
- <% if LocationPolicy.new(current_user, Location).create? %>
+ <% if LocationPolicy.new(current_user, @scheme.locations.new).create? %>
<%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
<% end %>
diff --git a/app/views/schemes/_scheme_summary_list_row.html.erb b/app/views/schemes/_scheme_summary_list_row.html.erb
index df8939df1..309dcfe15 100644
--- a/app/views/schemes/_scheme_summary_list_row.html.erb
+++ b/app/views/schemes/_scheme_summary_list_row.html.erb
@@ -14,9 +14,10 @@
<%= details_html(attribute) %>
<% end %>
+
<% if can_change_scheme_answer?(attribute[:name], scheme) %>
-
- Change
-
+
+ Change
+
<% end %>
diff --git a/app/views/schemes/check_answers.html.erb b/app/views/schemes/check_answers.html.erb
index 9dbb68bfd..7924768f0 100644
--- a/app/views/schemes/check_answers.html.erb
+++ b/app/views/schemes/check_answers.html.erb
@@ -12,17 +12,21 @@
<% next if current_user.data_coordinator? && attr[:name] == ("owned by") %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: @scheme.confirmed? ? scheme_edit_name_path(@scheme) : scheme_details_path(@scheme, check_answers: true) } %>
<% end %>
+
<% @scheme.check_primary_client_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_primary_client_group_path(@scheme, check_answers: true) } %>
<% end %>
+
<% @scheme.check_secondary_client_confirmation_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_confirm_secondary_client_group_path(@scheme, check_answers: true) } %>
<% end %>
+
<% if @scheme.has_other_client_group == "Yes" %>
<% @scheme.check_secondary_client_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_secondary_client_group_path(@scheme, check_answers: true) } %>
<% end %>
<% end %>
+
<% @scheme.check_support_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_support_path(@scheme, check_answers: true) } %>
<% end %>
@@ -32,5 +36,8 @@
<%= f.hidden_field :page, value: "check-answers" %>
<%= f.hidden_field :confirmed, value: "true" %>
<% button_label = @scheme.confirmed? ? "Save" : "Create scheme" %>
- <%= f.govuk_submit button_label %>
+
+ <% if SchemePolicy.new(current_user, @scheme).create? %>
+ <%= f.govuk_submit button_label %>
+ <% end %>
<% end %>
diff --git a/spec/requests/locations_controller_spec.rb b/spec/requests/locations_controller_spec.rb
index 11848b5dd..04eb71f1a 100644
--- a/spec/requests/locations_controller_spec.rb
+++ b/spec/requests/locations_controller_spec.rb
@@ -1723,6 +1723,8 @@ RSpec.describe LocationsController, type: :request do
end
it "shows the location" do
+ get "/schemes/#{scheme.id}/locations/#{location.id}"
+
expect(page).to have_content("Location name")
expect(page).to have_content(location.name)
end
diff --git a/spec/views/schemes/check_answers.html.erb_spec.rb b/spec/views/schemes/check_answers.html.erb_spec.rb
new file mode 100644
index 000000000..74b8ec0ad
--- /dev/null
+++ b/spec/views/schemes/check_answers.html.erb_spec.rb
@@ -0,0 +1,58 @@
+require "rails_helper"
+
+RSpec.describe "schemes/check_answers.html.erb" do
+ let(:user) { build(:user) }
+
+ let(:scheme) do
+ instance_double(
+ Scheme,
+ owning_organisation: user.organisation,
+ id: 1,
+ service_name: "some name",
+ id_to_display: "S1",
+ sensitive: false,
+ scheme_type: "some type",
+ registered_under_care_act: false,
+ arrangement_type: "some other type",
+ primary_client_group: false,
+ has_other_client_group: false,
+ secondary_client_group: false,
+ support_type: "some support type",
+ intended_stay: "some intended stay",
+ available_from: 1.week.ago,
+ scheme_deactivation_periods: [],
+ status: :active,
+ to_model: Scheme.new,
+ check_details_attributes: [],
+ check_primary_client_attributes: [
+ { name: "Primary client group", value: "foo", id: "primary_client_group" },
+ ],
+ check_secondary_client_confirmation_attributes: [],
+ check_support_attributes: [],
+ confirmed?: false,
+ errors: ActiveModel::Errors.new(Scheme.new),
+ )
+ end
+
+ context "when a data provider" do
+ it "does not render change links" do
+ assign(:scheme, scheme)
+
+ allow(view).to receive(:current_user).and_return(user)
+
+ render
+
+ expect(rendered).not_to have_content("Change")
+ end
+
+ it "does not render submit button" do
+ assign(:scheme, scheme)
+
+ allow(view).to receive(:current_user).and_return(user)
+
+ render
+
+ expect(rendered).not_to have_content("Create scheme")
+ end
+ end
+end