require "rails_helper" RSpec.describe CollectionResourcesController, type: :request do include CollectionTimeHelper let(:page) { Capybara::Node::Simple.new(response.body) } let(:storage_service) { instance_double(Storage::S3Service, get_file_metadata: nil, delete_file: nil) } before do allow(Storage::S3Service).to receive(:new).and_return(storage_service) allow(storage_service).to receive(:configuration).and_return(OpenStruct.new(bucket_name: "core-test-collection-resources")) end describe "GET #index" do context "when user is not signed in" do it "redirects to the sign in page" do get collection_resources_path expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not found" do get collection_resources_path expect(response).to have_http_status(:not_found) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not found" do get collection_resources_path expect(response).to have_http_status(:not_found) end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } before do Timecop.travel(Time.zone.local(current_collection_start_year, 1, 8)) allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(storage_service).to receive(:file_exists?).and_return(true) sign_in user end after do Timecop.return end it "displays collection resources" do get collection_resources_path expect(page).to have_content("Lettings #{next_collection_start_year} to #{next_collection_end_year}") expect(page).to have_content("Lettings #{current_collection_start_year} to #{current_collection_end_year}") expect(page).to have_content("Sales #{next_collection_start_year} to #{next_collection_end_year}") expect(page).to have_content("Sales #{current_collection_start_year} to #{current_collection_end_year}") end it "displays mandatory files" do get collection_resources_path expect(page).to have_content("Paper form") expect(page).to have_content("Bulk upload template") expect(page).to have_content("Bulk upload specification") end it "allows uploading new resources" do get collection_resources_path expect(page).to have_link("Add new sales #{next_collection_start_year} to #{next_collection_end_year} resource", href: new_collection_resource_path(year: next_collection_start_year, log_type: "sales")) expect(page).to have_link("Add new lettings #{next_collection_start_year} to #{next_collection_end_year} resource", href: new_collection_resource_path(year: next_collection_start_year, log_type: "lettings")) expect(page).to have_link("Add new sales #{current_collection_start_year} to #{current_collection_end_year} resource", href: new_collection_resource_path(year: current_collection_start_year, log_type: "sales")) expect(page).to have_link("Add new lettings #{current_collection_start_year} to #{current_collection_end_year} resource", href: new_collection_resource_path(year: current_collection_start_year, log_type: "lettings")) end context "when files are on S3" do before do allow(storage_service).to receive(:file_exists?).and_return(true) get collection_resources_path end it "displays file names with download links" do expect(page).to have_link(href: download_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "paper_form")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_template")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_specification")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "paper_form")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "bulk_upload_template")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "bulk_upload_specification")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "paper_form")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_template")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_specification")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "paper_form")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "bulk_upload_template")) expect(page).to have_link(href: download_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "bulk_upload_specification")) end it "displays change links" do expect(page).to have_selector(:link_or_button, "Change", count: 12) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "paper_form")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_template")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_specification")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "paper_form")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "bulk_upload_template")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "bulk_upload_specification")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "paper_form")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_template")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_specification")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "paper_form")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "bulk_upload_template")) expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "bulk_upload_specification")) end context "when the collection year has not started yet" do before do Timecop.travel(Time.zone.local(current_collection_start_year, 3, 1)) get collection_resources_path end after do Timecop.return end it "displays next year banner" do expect(page).to have_content("The #{next_collection_start_year} to #{next_collection_end_year} collection resources are not yet available to users.") expect(page).to have_link("Release the #{next_collection_start_year} to #{next_collection_end_year} collection resources to users", href: confirm_mandatory_collection_resources_release_path(year: next_collection_start_year)) end end context "when there are additional resources" do let!(:collection_resource) { create(:collection_resource, :additional, year: 2025, short_display_name: "additional resource", download_filename: "additional.pdf") } it "displays change links for additional resources" do get collection_resources_path expect(page).to have_link("Change", href: collection_resource_edit_path(collection_resource)) end end end context "when files are not on S3" do before do allow(storage_service).to receive(:file_exists?).and_return(false) get collection_resources_path end it "displays No file uploaded" do expect(page).to have_content("No file uploaded") end it "displays upload links" do expect(page).to have_selector(:link_or_button, "Upload", count: 12) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "paper_form")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_template")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_specification")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "paper_form")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "bulk_upload_template")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "bulk_upload_specification")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "paper_form")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_template")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "lettings", resource_type: "bulk_upload_specification")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "paper_form")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "bulk_upload_template")) expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: next_collection_start_year, log_type: "sales", resource_type: "bulk_upload_specification")) end context "when the collection year has not started yet" do before do Timecop.travel(Time.zone.local(current_collection_start_year, 3, 1)) get collection_resources_path end after do Timecop.return end it "displays next year banner" do expect(page).to have_content("The #{next_collection_start_year} to #{next_collection_end_year} collection resources are not yet available to users.") expect(page).to have_content("Once you have uploaded all the required #{next_collection_start_year} to #{next_collection_end_year} collection resources, you will be able to release them to users.") end end end context "when there are additional resources" do let!(:collection_resource) { create(:collection_resource, :additional, year: 2025, short_display_name: "additional resource", download_filename: "additional.pdf") } before do # rubocop:disable RSpec/AnyInstance allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025]) # rubocop:enable RSpec/AnyInstance create(:collection_resource, :additional, year: 2026, short_display_name: "additional resource 2") end it "displays additional resources for editable years" do get collection_resources_path expect(page).to have_content("additional resource") expect(page).not_to have_content("additional resource 2") expect(page).to have_link("additional.pdf", href: collection_resource_download_path(collection_resource)) expect(page).to have_link("Delete", href: collection_resource_delete_confirmation_path(collection_resource)) end end end end describe "GET #download_mandatory_collection_resource" do before do # rubocop:disable RSpec/AnyInstance allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025, 2026]) allow_any_instance_of(CollectionResourcesHelper).to receive(:displayed_collection_resource_years).and_return([2025]) # rubocop:enable RSpec/AnyInstance allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } context "when the file exists on S3" do before do allow(storage_service).to receive(:get_file).and_return("file") get download_mandatory_collection_resource_path(log_type: "lettings", year: 2025, resource_type: "paper_form") end it "downloads the file" do expect(response.body).to eq("file") end end context "when the file does not exist on S3" do before do allow(storage_service).to receive(:get_file).and_return(nil) get download_mandatory_collection_resource_path(log_type: "lettings", year: 2024, resource_type: "paper_form") end it "returns page not found" do expect(response).to have_http_status(:not_found) end end context "when resource isn't a mandatory resources" do before do get download_mandatory_collection_resource_path(log_type: "lettings", year: 2024, resource_type: "invalid_resource") end it "returns page not found" do expect(response).to have_http_status(:not_found) end end context "when year not in displayed_collection_resource_years" do before do get download_mandatory_collection_resource_path(log_type: "lettings", year: 2026, resource_type: "paper_form") end it "returns page not found" do expect(response).to have_http_status(:not_found) end end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } context "when year is in editable_collection_resource_years but not in displayed_collection_resource_years" do before do allow(storage_service).to receive(:get_file).and_return("file") get download_mandatory_collection_resource_path(log_type: "lettings", year: 2026, resource_type: "paper_form") end it "downloads the file" do expect(response.status).to eq(200) expect(response.body).to eq("file") end end end end describe "GET #edit_mandatory_collection_resource" do context "when user is not signed in" do it "redirects to the sign in page" do get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template") expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template") expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template") expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } before do allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8)) allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end context "and the file exists on S3" do before do allow(storage_service).to receive(:file_exists?).and_return(true) end it "displays update collection resources page content" do get edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "bulk_upload_template") expect(page).to have_content("Sales #{current_collection_start_year} to #{current_collection_end_year}") expect(page).to have_content("Change the bulk upload template") expect(page).to have_content("This file will be available for all users to download.") expect(page).to have_content("Upload file") expect(page).to have_button("Save changes") expect(page).to have_link("Back", href: collection_resources_path) expect(page).to have_link("Cancel", href: collection_resources_path) end end context "and the file does not exist on S3" do before do allow(storage_service).to receive(:file_exists?).and_return(false) end it "displays upload collection resources page content" do get edit_mandatory_collection_resource_path(year: current_collection_start_year, log_type: "sales", resource_type: "bulk_upload_template") expect(page).to have_content("Sales #{current_collection_start_year} to #{current_collection_end_year}") expect(page).to have_content("Upload the bulk upload template") expect(page).to have_content("This file will be available for all users to download.") expect(page).to have_content("Upload file") expect(page).to have_button("Upload") expect(page).to have_link("Back", href: collection_resources_path) expect(page).to have_link("Cancel", href: collection_resources_path) end end end end describe "PATCH #update_mandatory_collection_resource" do let(:some_file) { File.open(file_fixture("blank_bulk_upload_sales.csv")) } let(:params) { { collection_resource: { year: 2024, log_type: "sales", resource_type: "bulk_upload_template", file: some_file } } } let(:collection_resource_service) { instance_double(CollectionResourcesService) } before do allow(CollectionResourcesService).to receive(:new).and_return(collection_resource_service) end context "when user is not signed in" do it "redirects to the sign in page" do patch update_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template", file: some_file) expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do patch update_mandatory_collection_resource_path, params: params expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do patch update_mandatory_collection_resource_path, params: params expect(response).to have_http_status(:unauthorized) end end end describe "GET #confirm_mandatory_collection_resources_release" do context "when user is not signed in" do it "redirects to the sign in page" do get confirm_mandatory_collection_resources_release_path(year: 2025) expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do get confirm_mandatory_collection_resources_release_path(year: 2025) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do get confirm_mandatory_collection_resources_release_path(year: 2025) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } before do # rubocop:disable RSpec/AnyInstance allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025]) # rubocop:enable RSpec/AnyInstance allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end it "displays correct page content" do get confirm_mandatory_collection_resources_release_path(year: 2025) expect(page).to have_content("Are you sure you want to release the 2025 to 2026 collection resources?") expect(page).to have_content("The files uploaded will immediately become available for users to download.") expect(page).to have_content("You will not be able to undo this action.") expect(page).to have_button("Release the resources") expect(page).to have_link("Cancel", href: collection_resources_path) expect(page).to have_link("Back", href: collection_resources_path) end end end describe "PATCH #release_mandatory_collection_resources_path" do let(:some_file) { File.open(file_fixture("blank_bulk_upload_sales.csv")) } let(:collection_resource_service) { instance_double(CollectionResourcesService) } before do allow(CollectionResourcesService).to receive(:new).and_return(collection_resource_service) end context "when user is not signed in" do it "redirects to the sign in page" do patch release_mandatory_collection_resources_path(year: 2024) expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do patch release_mandatory_collection_resources_path(year: 2024) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do patch release_mandatory_collection_resources_path(year: 2024) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } before do # rubocop:disable RSpec/AnyInstance allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025]) # rubocop:enable RSpec/AnyInstance allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end it "saves resources as released to users" do expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true).count).to eq(0) patch release_mandatory_collection_resources_path(year: 2025) expect(CollectionResource.all.count).to eq(6) expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "sales", resource_type: "paper_form").count).to eq(1) expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "sales", resource_type: "bulk_upload_template").count).to eq(1) expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "sales", resource_type: "bulk_upload_specification").count).to eq(1) expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "lettings", resource_type: "paper_form").count).to eq(1) expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "lettings", resource_type: "bulk_upload_template").count).to eq(1) expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "lettings", resource_type: "bulk_upload_specification").count).to eq(1) expect(response).to redirect_to(collection_resources_path) expect(flash[:notice]).to eq("The 2025 to 2026 collection resources are now available to users.") end end end describe "GET #new_collection_resource" do context "when user is not signed in" do it "redirects to the sign in page" do get new_collection_resource_path(year: 2025, log_type: "sales") expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do get new_collection_resource_path(year: 2025, log_type: "sales") expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do get new_collection_resource_path(year: 2025, log_type: "sales") expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } before do # rubocop:disable RSpec/AnyInstance allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025, 2026]) # rubocop:enable RSpec/AnyInstance allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end it "displays new collection resource page content" do get new_collection_resource_path(year: 2025, log_type: "sales") expect(page).to have_content("Sales 2025 to 2026") expect(page).to have_content("Add a new collection resource") expect(page).to have_content("Upload file") expect(page).to have_button("Add resource") expect(page).to have_link("Back", href: collection_resources_path) expect(page).to have_link("Cancel", href: collection_resources_path) end end end describe "POST #collection_resources" do let(:some_file) { File.open(file_fixture("blank_bulk_upload_sales.csv")) } let(:params) { { collection_resource: { year: 2025, log_type: "sales", file: some_file, display_name: "some file" } } } context "when user is not signed in" do it "redirects to the sign in page" do post collection_resources_path, params: params expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do post collection_resources_path, params: params expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do post collection_resources_path, params: params expect(response).to have_http_status(:unauthorized) end end end describe "GET #download_additional_collection_resource" do let(:collection_resource) { create(:collection_resource, :additional, year: 2025, short_display_name: "additional resource") } before do # rubocop:disable RSpec/AnyInstance allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025, 2026]) allow_any_instance_of(CollectionResourcesHelper).to receive(:displayed_collection_resource_years).and_return([2025]) # rubocop:enable RSpec/AnyInstance end context "when the user is not signed in" do context "when the file exists on S3" do before do allow(storage_service).to receive(:get_file).and_return("file") get collection_resource_download_path(collection_resource) end it "downloads the file" do expect(response.body).to eq("file") end end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } context "when the file exists on S3" do before do sign_in user allow(storage_service).to receive(:get_file).and_return("file") get collection_resource_download_path(collection_resource) end it "downloads the file" do expect(response.body).to eq("file") end end context "when the file does not exist on S3" do before do sign_in user allow(storage_service).to receive(:get_file).and_return(nil) get collection_resource_download_path(collection_resource) end it "returns page not found" do expect(response).to have_http_status(:not_found) end end context "when resource id is invalid" do before do sign_in user allow(storage_service).to receive(:get_file).and_return(nil) get collection_resource_download_path(collection_resource_id: "invalid") end it "returns page not found" do expect(response).to have_http_status(:not_found) end end context "when year not in displayed_collection_resource_years" do let(:collection_resource) { create(:collection_resource, :additional, year: 2026, short_display_name: "additional resource") } before do sign_in user get collection_resource_download_path(collection_resource) end it "returns page not found" do expect(response).to have_http_status(:not_found) end end end context "when user is signed in as a support user" do let(:collection_resource) { create(:collection_resource, :additional, year: 2026, short_display_name: "additional resource") } let(:user) { create(:user, :support) } context "when year is in editable_collection_resource_years but not in displayed_collection_resource_years" do before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user allow(storage_service).to receive(:get_file).and_return("file") get collection_resource_download_path(collection_resource) end it "downloads the file" do expect(response.status).to eq(200) expect(response.body).to eq("file") end end end end describe "GET #edit_additional_collection_resource" do let(:collection_resource) { create(:collection_resource, :additional, year: 2025, log_type: "sales", short_display_name: "additional resource", download_filename: "additional.pdf") } context "when user is not signed in" do it "redirects to the sign in page" do get collection_resource_edit_path(collection_resource) expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do get collection_resource_edit_path(collection_resource) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do get collection_resource_edit_path(collection_resource) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } before do allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8)) allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end context "and the file exists on S3" do before do allow(storage_service).to receive(:file_exists?).and_return(true) end it "displays update collection resources page content" do get collection_resource_edit_path(collection_resource) expect(page).to have_content("Sales 2025 to 2026") expect(page).to have_content("Change the additional resource") expect(page).to have_content("This file will be available for all users to download.") expect(page).to have_content("Upload file") expect(page).to have_button("Save changes") expect(page).to have_link("Back", href: collection_resources_path) expect(page).to have_link("Cancel", href: collection_resources_path) end end end end describe "PATCH #update_additional_collection_resource" do let(:some_file) { File.open(file_fixture("blank_bulk_upload_sales.csv")) } let(:params) { { collection_resource: { short_display_name: "short name", file: some_file } } } let(:collection_resource_service) { instance_double(CollectionResourcesService) } let(:collection_resource) { create(:collection_resource, :additional, year: 2025, log_type: "sales", short_display_name: "additional resource", download_filename: "additional.pdf") } before do allow(CollectionResourcesService).to receive(:new).and_return(collection_resource_service) end context "when user is not signed in" do it "redirects to the sign in page" do patch collection_resource_update_path(collection_resource), params: params expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do patch collection_resource_update_path(collection_resource), params: params expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do patch collection_resource_update_path(collection_resource), params: params expect(response).to have_http_status(:unauthorized) end end end describe "GET #collection_resource_delete_confirmation" do let(:collection_resource) { create(:collection_resource, :additional, year: 2025, log_type: "sales", short_display_name: "additional resource", download_filename: "additional.pdf") } context "when user is not signed in" do it "redirects to the sign in page" do get collection_resource_delete_confirmation_path(collection_resource) expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do get collection_resource_delete_confirmation_path(collection_resource) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do get collection_resource_delete_confirmation_path(collection_resource) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } before do allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8)) allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end context "and the file exists on S3" do it "displays delete confirmation page content" do get collection_resource_delete_confirmation_path(collection_resource) expect(page).to have_content("Sales 2025 to 2026") expect(page).to have_content("Are you sure you want to delete the additional resource?") expect(page).to have_content("This file will no longer be available for users to download.") expect(page).to have_content("You will not be able to undo this action.") expect(page).to have_button("Delete resource") expect(page).to have_link("Back", href: collection_resources_path) expect(page).to have_link("Cancel", href: collection_resources_path) end end end end describe "DELETE #collection_resource_delete" do let!(:collection_resource) { create(:collection_resource, :additional, year: 2025, log_type: "sales", short_display_name: "additional resource", download_filename: "additional.pdf") } context "when user is not signed in" do it "redirects to the sign in page" do delete collection_resource_delete_path(collection_resource) expect(response).to redirect_to(new_user_session_path) end end context "when user is signed in as a data coordinator" do let(:user) { create(:user, :data_coordinator) } before do sign_in user end it "returns page not authorised" do delete collection_resource_delete_path(collection_resource) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a data provider" do let(:user) { create(:user, :data_provider) } before do sign_in user end it "returns page not authorised" do delete collection_resource_delete_path(collection_resource) expect(response).to have_http_status(:unauthorized) end end context "when user is signed in as a support user" do let(:user) { create(:user, :support) } before do allow(storage_service).to receive(:file_exists?).and_return(true) allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8)) allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end context "and the file exists on S3" do it "displays delete confirmation page content" do expect(CollectionResource.visible.count).to eq(1) delete collection_resource_delete_path(collection_resource) expect(CollectionResource.count).to eq(1) expect(CollectionResource.visible.count).to eq(0) expect(response).to redirect_to(collection_resources_path) expect(storage_service).to have_received(:delete_file).with(collection_resource.download_filename) follow_redirect! expect(page).to have_content("The sales 2025 to 2026 additional resource has been deleted.") end end end end end