diff --git a/app/helpers/filters_helper.rb b/app/helpers/filters_helper.rb index 179cd47cf..59b407527 100644 --- a/app/helpers/filters_helper.rb +++ b/app/helpers/filters_helper.rb @@ -251,21 +251,29 @@ private return "All" if session_filters["assigned_to"].include?("all") return "You" if session_filters["assigned_to"].include?("you") - user = User.find(session_filters["user"]) - "#{user.name} (#{user.email})" + selected_user_option = assigned_to_filter_options(current_user).find { |x| x.id == session_filters["user"].to_i } + return unless selected_user_option + + "#{selected_user_option.name} (#{selected_user_option.hint})" end def formatted_owned_by_filter(session_filters) return "All" if params["id"].blank? && (session_filters["owning_organisation"].blank? || session_filters["owning_organisation"]&.include?("all")) - session_org_id = session_filters["owning_organisation"] - Organisation.find(session_org_id || params["id"])&.name + session_org_id = session_filters["owning_organisation"] || params["id"] + selected_owning_organisation_option = owning_organisation_filter_options(current_user).find { |org| org.id == session_org_id.to_i } + return unless selected_owning_organisation_option + + selected_owning_organisation_option&.name end def formatted_managed_by_filter(session_filters) return "All" if session_filters["managing_organisation"].blank? || session_filters["managing_organisation"].include?("all") - Organisation.find(session_filters["managing_organisation"])&.name + selected_managing_organisation_option = managing_organisation_filter_options(current_user).find { |org| org.id == session_filters["managing_organisation"].to_i } + return unless selected_managing_organisation_option + + selected_managing_organisation_option&.name end def unanswered_filter_value diff --git a/spec/requests/lettings_logs_controller_spec.rb b/spec/requests/lettings_logs_controller_spec.rb index e1a4aad96..20aa085f3 100644 --- a/spec/requests/lettings_logs_controller_spec.rb +++ b/spec/requests/lettings_logs_controller_spec.rb @@ -1441,6 +1441,33 @@ RSpec.describe LettingsLogsController, type: :request do expect(page).to have_content("Obviously not usual name") end + + it "does not display assigned to user from other org" do + user_from_different_org = create(:user, name: "User from different org") + get("/lettings-logs/csv-download?years[]=#{lettings_log.form.start_date.year}&search=#{search_term}&codes_only=false&assigned_to=specific_user&user=#{user_from_different_org.id}", headers:) + + expect(page).not_to have_content("User from different org") + end + + it "does not display non related managing orgs" do + managing_agent = create(:organisation, name: "Managing agent") + create(:organisation_relationship, child_organisation: managing_agent, parent_organisation: user.organisation) + unrelated_organisation = create(:organisation, name: "Unrelated managing org") + + get("/lettings-logs/csv-download?years[]=#{lettings_log.form.start_date.year}&search=#{search_term}&codes_only=false&managing_organisation_select=specific_org&managing_organisation=#{unrelated_organisation.id}", headers:) + + expect(page).not_to have_content("Unrelated managing org") + end + + it "does not display non related owning orgs" do + managing_agent = create(:organisation, name: "Managing agent") + create(:organisation_relationship, child_organisation: managing_agent, parent_organisation: user.organisation) + + unrelated_organisation = create(:organisation, name: "Unrelated owning org") + get("/lettings-logs/csv-download?years[]=#{lettings_log.form.start_date.year}&search=#{search_term}&codes_only=false&owning_organisation_select=specific_org&&owning_organisation=#{unrelated_organisation.id}", headers:) + + expect(page).not_to have_content("Unrelated owning org") + end end context "when there are no years selected in the filters" do