diff --git a/Gemfile.lock b/Gemfile.lock index 3e4377dca..300874dd8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -394,6 +394,7 @@ GEM zeitwerk (2.5.1) PLATFORMS + x86_64-darwin-19 x86_64-darwin-20 x86_64-linux diff --git a/app/controllers/users/account_controller.rb b/app/controllers/users/account_controller.rb new file mode 100644 index 000000000..ccbc9cc31 --- /dev/null +++ b/app/controllers/users/account_controller.rb @@ -0,0 +1,25 @@ +class Users::AccountController < ApplicationController + def check_logged_in + if current_user.nil? + redirect_to(new_user_session_path) + end + end + + def index + check_logged_in + end + + def personal_details + check_logged_in + end + + def update + if current_user.update(user_params) + redirect_to(users_account_path) + end + end + + def user_params + params.require(:user).permit(:email, :name, :password) + end +end diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb new file mode 100644 index 000000000..985099900 --- /dev/null +++ b/app/controllers/users/registrations_controller.rb @@ -0,0 +1,7 @@ +class Users::RegistrationsController < Devise::RegistrationsController +protected + + def after_update_path_for(_resource) + users_account_path + end +end diff --git a/app/helpers/account_helper.rb b/app/helpers/account_helper.rb new file mode 100644 index 000000000..2a48e2066 --- /dev/null +++ b/app/helpers/account_helper.rb @@ -0,0 +1,9 @@ +module AccountHelper + def resource_name + :user + end + + def resource + @resource = current_user + end +end diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 38d95b85a..e94eb88ca 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -1,43 +1,26 @@ -

Edit <%= resource_name.to_s.humanize %>

- -<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> - <%= render "devise/shared/error_messages", resource: resource %> - -
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> -
- - <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> -
Currently waiting confirmation for: <%= resource.unconfirmed_email %>
- <% end %> - -
- <%= f.label :password %> (leave blank if you don't want to change it)
- <%= f.password_field :password, autocomplete: "new-password" %> - <% if @minimum_password_length %> -
- <%= @minimum_password_length %> characters minimum - <% end %> -
- -
- <%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "new-password" %> -
- -
- <%= f.label :current_password %> (we need your current password to confirm your changes)
- <%= f.password_field :current_password, autocomplete: "current-password" %> -
+<% content_for :before_content do %> + <%= link_to 'Back', :back, class: "govuk-back-link" %> +<% end %> -
- <%= f.submit "Update" %> +<%= form_for(resource, as: resource_name, url: user_registration_path(), html: { method: :patch }) do |f| %> +
+
+

Change your password

+ +
+ <%= f.label :current_password, class: "govuk-label" %> + <%= f.password_field :current_password, autocomplete: "current-password", class: "govuk-input" %> +
+ +
+ <%= f.label :password, class: "govuk-label" %> +
+ Your password must be at least 8 characters and hard to guess. +
+ <%= f.password_field :password, autocomplete: "new-password", class: "govuk-input" %> +
+ + <%= f.submit "Update", class: "govuk-button" %> +
<% end %> - -

Cancel my account

- -

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

- -<%= link_to "Back", :back %> diff --git a/app/views/users/account/index.html.erb b/app/views/users/account/index.html.erb new file mode 100644 index 000000000..7cc3c5d6f --- /dev/null +++ b/app/views/users/account/index.html.erb @@ -0,0 +1,73 @@ +
+
+

+ Your account +

+

+ Personal details +

+
+
+
+ Name +
+
+ <%= current_user.name %> +
+
+ + Change + name + +
+
+
+
+ Email address +
+
+ <%= current_user.email %> +
+
+ + Change + email address + +
+
+
+
+ Password +
+
+ •••••••• +
+
+ <%= link_to "Change", edit_user_registration_path, id: "change-password" %> +
+
+
+
+ Organisation +
+
+ <%= current_user.organisation %> +
+
+ +
+
+
+
+ Role +
+
+ <%= current_user.role %> +
+
+ +
+
+
+
+
diff --git a/app/views/users/account/personal_details.html.erb b/app/views/users/account/personal_details.html.erb new file mode 100644 index 000000000..f6bc779be --- /dev/null +++ b/app/views/users/account/personal_details.html.erb @@ -0,0 +1,23 @@ +<% content_for :before_content do %> + <%= link_to 'Back', :back, class: "govuk-back-link" %> +<% end %> + +<%= form_for(resource, as: resource_name, url: account_update_path(), html: { method: :patch }) do |f| %> +
+
+

Change your personal details

+ +
+ <%= f.label :name, class: "govuk-label" %> + <%= f.text_field :name, autocomplete: "name", class: "govuk-input" %> +
+ +
+ <%= f.label :email, class: "govuk-label" %> + <%= f.email_field :email, autocomplete: "email", class: "govuk-input" %> +
+ + <%= f.submit "Save changes", class: "govuk-button" %> +
+
+<% end %> diff --git a/config/routes.rb b/config/routes.rb index 72030fe1e..6c4fd7946 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,14 +1,19 @@ Rails.application.routes.draw do devise_for :admin_users, ActiveAdmin::Devise.config - devise_for :users, controllers: { passwords: "users/passwords" } + devise_for :users, controllers: { passwords: "users/passwords" }, skip: [:registrations] devise_scope :user do get "confirmations/reset", to: "users/passwords#reset_confirmation" + get "users/edit" => "devise/registrations#edit", :as => "edit_user_registration" + patch "users" => "users/registrations#update", :as => "user_registration" + patch "details" => "users/account#update", :as => "account_update" end # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html ActiveAdmin.routes(self) root to: "test#index" get "about", to: "about#index" + get "/users/account", to: "users/account#index" + get "/users/account/personal_details", to: "users/account#personal_details" form_handler = FormHandler.instance form = form_handler.get_form("2021_2022") diff --git a/db/migrate/20211125114400_add_name_email_role_org_to_users.rb b/db/migrate/20211125114400_add_name_email_role_org_to_users.rb new file mode 100644 index 000000000..90a88c484 --- /dev/null +++ b/db/migrate/20211125114400_add_name_email_role_org_to_users.rb @@ -0,0 +1,7 @@ +class AddNameEmailRoleOrgToUsers < ActiveRecord::Migration[6.1] + def change + add_column :users, :name, :string + add_column :users, :role, :string + add_column :users, :organisation, :string + end +end diff --git a/db/schema.rb b/db/schema.rb index 9a8314372..1f7ec27d6 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2021_11_24_174732) do +ActiveRecord::Schema.define(version: 2021_11_25_114400) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -177,6 +177,9 @@ ActiveRecord::Schema.define(version: 2021_11_24_174732) do t.datetime "remember_created_at" t.datetime "created_at", precision: 6, null: false t.datetime "updated_at", precision: 6, null: false + t.string "name" + t.string "role" + t.string "organisation" t.index ["email"], name: "index_users_on_email", unique: true t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true end diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb index 9ea79708c..68d5866c6 100644 --- a/spec/features/user_spec.rb +++ b/spec/features/user_spec.rb @@ -57,4 +57,55 @@ RSpec.describe "User Features" do expect(page).to have_css '.govuk-notification-banner.govuk-notification-banner--success' end end + + context "If a not logged in user tries to access pages that need permissions" do + it "redirects to log in page" do + visit("/users/account") + expect(page).to have_content("Sign in to your account to submit CORE data") + end + end + + context "Your Account " do + before(:each) do + visit("/case_logs") + fill_in("user_email", with: user.email) + fill_in("user_password", with: "pAssword1") + click_button("Sign in") + end + + it "main page is present and accessible" do + visit("/users/account") + expect(page).to have_content("Your account") + end + + it "personal details page is present and accessible" do + visit("/users/account/personal_details") + expect(page).to have_content("Change your personal details") + end + + it "edit password page present and accessible" do + visit("users/edit") + expect(page).to have_content("Change your password") + end + + it "can navigate to change your password page from main account page" do + visit("/users/account") + click_link("change-password") + expect(page).to have_content("Change your password") + fill_in("user_current_password", with: "pAssword1") + fill_in("user_password", with: "Password123!") + click_button("Update") + expect(page).to have_current_path("/users/account") + end + + it "allow user to change name" do + visit("/users/account") + click_link("change-name") + expect(page).to have_content("Change your personal details") + fill_in("user_name", with: "Test New") + click_button("Save changes") + expect(page).to have_current_path("/users/account") + expect(page).to have_content("Test New") + end + end end