diff --git a/app/controllers/locations_controller.rb b/app/controllers/locations_controller.rb index 93a6abe87..f2920771e 100644 --- a/app/controllers/locations_controller.rb +++ b/app/controllers/locations_controller.rb @@ -21,6 +21,7 @@ class LocationsController < ApplicationController end def postcode + render_not_found and return unless @location && @scheme if params[:location].present? @location.postcode = PostcodeService.clean(params[:location][:postcode]) @location.location_admin_district = nil @@ -41,6 +42,7 @@ class LocationsController < ApplicationController end def local_authority + render_not_found and return unless @location && @scheme if params[:location].present? @location.location_admin_district = params[:location][:location_admin_district] @location.location_code = Location.local_authorities.key(params[:location][:location_admin_district]) @@ -58,6 +60,7 @@ class LocationsController < ApplicationController end def name + render_not_found and return unless @location && @scheme if params[:location].present? @location.name = params[:location][:name] if @location.valid?(:name) @@ -77,6 +80,7 @@ class LocationsController < ApplicationController end def units + render_not_found and return unless @location && @scheme if params[:location].present? @location.units = params[:location][:units] if @location.valid?(:units) @@ -93,6 +97,7 @@ class LocationsController < ApplicationController end def type_of_unit + render_not_found and return unless @location && @scheme if params[:location].present? @location.type_of_unit = params[:location][:type_of_unit] if @location.valid?(:type_of_unit) @@ -109,6 +114,7 @@ class LocationsController < ApplicationController end def mobility_standards + render_not_found and return unless @location && @scheme if params[:location].present? @location.mobility_type = params[:location][:mobility_type] if @location.valid?(:mobility_type) @@ -125,6 +131,7 @@ class LocationsController < ApplicationController end def availability + render_not_found and return unless @location && @scheme if params[:location].present? day = params[:location]["startdate(3i)"] month = params[:location]["startdate(2i)"] @@ -152,6 +159,7 @@ class LocationsController < ApplicationController end def check_answers + render_not_found and return unless @location && @scheme if params[:location].present? @location.confirmed = true @location.save! @@ -234,7 +242,7 @@ private end def authenticate_action! - if %w[new update index new_deactivation deactivate_confirm deactivate].include?(action_name) && !((current_user.organisation == @scheme&.owning_organisation) || current_user.support?) + if %w[new update index new_deactivation deactivate_confirm deactivate postcode local_authority name units type_of_unit mobility_standards availability].include?(action_name) && !((current_user.organisation == @scheme&.owning_organisation) || current_user.support?) render_not_found and return end end diff --git a/spec/requests/locations_controller_spec.rb b/spec/requests/locations_controller_spec.rb index 7d3b86e39..6c28a5223 100644 --- a/spec/requests/locations_controller_spec.rb +++ b/spec/requests/locations_controller_spec.rb @@ -72,80 +72,6 @@ RSpec.describe LocationsController, type: :request do end end - describe "#edit" do - context "when not signed in" do - it "redirects to the sign in page" do - get "/schemes/1/locations/1/edit" - expect(response).to redirect_to("/account/sign-in") - end - end - - context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } - - before do - sign_in user - get "/schemes/1/locations/1/edit" - end - - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) - end - end - - context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } - - before do - sign_in user - get "/schemes/#{scheme.id}/locations/#{location.id}/edit" - end - - it "returns a template for a new location" do - expect(response).to have_http_status(:ok) - expect(page).to have_content("Add a location to this scheme") - end - - context "when trying to edit a location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } - - it "displays the new page with an error message" do - get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/edit" - expect(response).to have_http_status(:not_found) - end - end - - context "when the requested location does not exist" do - let(:location) { OpenStruct.new(id: (Location.maximum(:id) || 0) + 1) } - - it "returns not found" do - expect(response).to have_http_status(:not_found) - end - end - end - - context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } - - before do - allow(user).to receive(:need_two_factor_authentication?).and_return(false) - sign_in user - get "/schemes/#{scheme.id}/locations/#{location.id}/edit" - end - - it "returns a template for a new location" do - expect(response).to have_http_status(:ok) - expect(page).to have_content("Add a location to this scheme") - end - end - end - describe "#index" do context "when not signed in" do it "redirects to the sign in page" do @@ -389,10 +315,10 @@ RSpec.describe LocationsController, type: :request do end end - describe "#edit-name" do + describe "#postcode" do context "when not signed in" do it "redirects to the sign in page" do - get "/schemes/1/locations/1/edit-name" + get "/schemes/1/locations/1/postcode" expect(response).to redirect_to("/account/sign-in") end end @@ -402,7 +328,7 @@ RSpec.describe LocationsController, type: :request do before do sign_in user - get "/schemes/1/locations/1/edit-name" + get "/schemes/1/locations/1/postcode" end it "returns 401 unauthorized" do @@ -418,20 +344,20 @@ RSpec.describe LocationsController, type: :request do before do sign_in user - get "/schemes/#{scheme.id}/locations/#{location.id}/edit-name" + get "/schemes/#{scheme.id}/locations/#{location.id}/postcode" end - it "returns a template for a edit-name" do + it "returns a template for a postcode" do expect(response).to have_http_status(:ok) - expect(page).to have_content("Location name for #{location.postcode}") + expect(page).to have_content("What is the postcode?") end - context "when trying to edit location name of location that belongs to another organisation" do + context "when trying to edit postcode of location that belongs to another organisation" do let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } it "displays the new page with an error message" do - get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/edit-name" + get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/postcode" expect(response).to have_http_status(:not_found) end end @@ -445,90 +371,16 @@ RSpec.describe LocationsController, type: :request do before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user - get "/schemes/#{scheme.id}/locations/#{location.id}/edit-name" + get "/schemes/#{scheme.id}/locations/#{location.id}/postcode" end - it "returns a template for a new location" do + it "returns a template for a postcode" do expect(response).to have_http_status(:ok) - expect(page).to have_content("Location name for #{location.postcode}") + expect(page).to have_content("What is the postcode?") end context "when the requested location does not exist" do - let(:location) { OpenStruct.new(id: (Location.maximum(:id) || 0) + 1) } - - it "returns not found" do - expect(response).to have_http_status(:not_found) - end - end - end - end - - describe "#edit-local-authority" do - context "when not signed in" do - it "redirects to the sign in page" do - get "/schemes/1/locations/1/edit-local-authority" - expect(response).to redirect_to("/account/sign-in") - end - end - - context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } - - before do - sign_in user - get "/schemes/1/locations/1/edit-local-authority" - end - - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) - end - end - - context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } - - before do - sign_in user - get "/schemes/#{scheme.id}/locations/#{location.id}/edit-local-authority" - end - - it "returns a template for an edit-local-authority" do - expect(response).to have_http_status(:ok) - expect(page).to have_content("What is the local authority of #{location.postcode}?") - end - - context "when trying to edit location name of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } - - it "displays the new page with an error message" do - get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/edit-local-authority" - expect(response).to have_http_status(:not_found) - end - end - end - - context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } - - before do - allow(user).to receive(:need_two_factor_authentication?).and_return(false) - sign_in user - get "/schemes/#{scheme.id}/locations/#{location.id}/edit-local-authority" - end - - it "returns a template for a new location" do - expect(response).to have_http_status(:ok) - expect(page).to have_content("What is the local authority of #{location.postcode}?") - end - - context "when the requested location does not exist" do - let(:location) { OpenStruct.new(id: (Location.maximum(:id) || 0) + 1) } + let(:location) { OpenStruct.new(id: (Location.maximum(:id) || 0) + 1, scheme:) } it "returns not found" do expect(response).to have_http_status(:not_found) @@ -611,7 +463,7 @@ RSpec.describe LocationsController, type: :request do context "with other date" do let(:params) { { location_deactivation_period: { deactivation_date_type: "other", "deactivation_date(3i)": "10", "deactivation_date(2i)": "10", "deactivation_date(1i)": "2022" } } } - context "and afected logs" do + context "and affected logs" do it "redirects to the confirmation page" do follow_redirect! expect(response).to have_http_status(:ok)