|
|
|
require "rails_helper"
|
|
|
|
|
|
|
|
RSpec.describe OrganisationsController, type: :request do
|
|
|
|
let(:organisation) { user.organisation }
|
|
|
|
let(:unauthorised_organisation) { FactoryBot.create(:organisation) }
|
|
|
|
let(:headers) { { "Accept" => "text/html" } }
|
|
|
|
let(:page) { Capybara::Node::Simple.new(response.body) }
|
|
|
|
let(:user) { FactoryBot.create(:user, :data_coordinator) }
|
|
|
|
let(:new_value) { "Test Name 35" }
|
|
|
|
let(:params) { { id: organisation.id, organisation: { name: new_value } } }
|
|
|
|
|
|
|
|
context "when user is not signed in" do
|
|
|
|
describe "#show" do
|
|
|
|
it "does not let you see organisation details from org route" do
|
|
|
|
get "/organisations/#{organisation.id}", headers: headers, params: {}
|
|
|
|
expect(response).to redirect_to("/account/sign-in")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "does not let you see organisation details from details route" do
|
|
|
|
get "/organisations/#{organisation.id}/details", headers: headers, params: {}
|
|
|
|
expect(response).to redirect_to("/account/sign-in")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "does not let you see organisation users" do
|
|
|
|
get "/organisations/#{organisation.id}/users", headers: headers, params: {}
|
|
|
|
expect(response).to redirect_to("/account/sign-in")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when user is signed in" do
|
|
|
|
describe "#show" do
|
|
|
|
context "with an organisation that the user belongs to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{organisation.id}", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "redirects to details" do
|
|
|
|
expect(response).to have_http_status(:redirect)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with an organisation that are not in scope for the user, i.e. that they do not belong to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns not found 404 from org route" do
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows the 404 view" do
|
|
|
|
expect(page).to have_content("Page not found")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with a data coordinator user" do
|
|
|
|
context "when we access the details tab" do
|
|
|
|
context "with an organisation that the user belongs to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{organisation.id}/details", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows the tab navigation" do
|
|
|
|
expected_html = "<nav class=\"app-tab-navigation\""
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows a summary list of org details" do
|
|
|
|
expected_html = "<dl class=\"govuk-summary-list\""
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
expect(response.body).to include(organisation.name)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a hidden header title" do
|
|
|
|
expected_html = "<h2 class=\"govuk-visually-hidden\"> Details"
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a change details link" do
|
|
|
|
expected_html = "data-qa=\"change-name\" href=\"/organisations/#{organisation.id}/edit\""
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with organisation that are not in scope for the user, i.e. that they do not belong to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}/details", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns not found 404 from org details route" do
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when accessing the users tab" do
|
|
|
|
context "with an organisation that the user belongs to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{organisation.id}/users", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows the tab navigation" do
|
|
|
|
expected_html = "<nav class=\"app-tab-navigation\""
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows a new user button" do
|
|
|
|
expect(page).to have_link("Invite user")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows a table of users" do
|
|
|
|
expected_html = "<table class=\"govuk-table\""
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
expect(response.body).to include(user.email)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a hidden header title" do
|
|
|
|
expected_html = "<h2 class=\"govuk-visually-hidden\"> Users"
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with an organisation that are not in scope for the user, i.e. that they do not belong to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}/users", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns not found 404 from users page" do
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "#edit" do
|
|
|
|
context "with an organisation that the user belongs to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{organisation.id}/edit", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows an edit form" do
|
|
|
|
expect(response.body).to include("Change #{organisation.name}’s details")
|
|
|
|
expect(page).to have_field("organisation-name-field")
|
|
|
|
expect(page).to have_field("organisation-phone-field")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with an organisation that the user does not belong to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}/edit", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns a 404 not found" do
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "#update" do
|
|
|
|
context "with an organisation that the user belongs to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
patch "/organisations/#{organisation.id}", headers: headers, params: params
|
|
|
|
end
|
|
|
|
|
|
|
|
it "updates the org" do
|
|
|
|
organisation.reload
|
|
|
|
expect(organisation.name).to eq(new_value)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "redirects to the organisation details page" do
|
|
|
|
expect(response).to redirect_to("/organisations/#{organisation.id}/details")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows a success banner" do
|
|
|
|
follow_redirect!
|
|
|
|
expect(page).to have_css(".govuk-notification-banner.govuk-notification-banner--success")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "tracks who updated the record" do
|
|
|
|
organisation.reload
|
|
|
|
whodunnit_actor = organisation.versions.last.actor
|
|
|
|
expect(whodunnit_actor).to be_a(User)
|
|
|
|
expect(whodunnit_actor.id).to eq(user.id)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with an organisation that the user does not belong to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
patch "/organisations/#{unauthorised_organisation.id}", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns a 404 not found" do
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with a data provider user" do
|
|
|
|
let(:user) { FactoryBot.create(:user) }
|
|
|
|
|
|
|
|
context "when accessing the details tab" do
|
|
|
|
context "with an organisation that the user belongs to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{organisation.id}/details", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows the tab navigation" do
|
|
|
|
expected_html = "<nav class=\"app-tab-navigation\""
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows a summary list of org details" do
|
|
|
|
expected_html = "<dl class=\"govuk-summary-list\""
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
expect(response.body).to include(organisation.name)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a hidden header title" do
|
|
|
|
expected_html = "<h2 class=\"govuk-visually-hidden\"> Details"
|
|
|
|
expect(response.body).to include(expected_html)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "does not have a change details link" do
|
|
|
|
expected_html = "data-qa=\"change-name\" href=\"/organisations/#{organisation.id}/edit\""
|
|
|
|
expect(response.body).not_to include(expected_html)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with an organisation that is not in scope for the user, i.e. that they do not belong to" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}/details", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns not found 404" do
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when accessing the users tab" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{organisation.id}/users", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns unauthorized 401" do
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "#edit" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
get "/organisations/#{organisation.id}/edit", headers: headers, params: {}
|
|
|
|
end
|
|
|
|
|
|
|
|
it "redirects to home" do
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "#update" do
|
|
|
|
before do
|
|
|
|
sign_in user
|
|
|
|
patch "/organisations/#{organisation.id}", headers: headers, params: params
|
|
|
|
end
|
|
|
|
|
|
|
|
it "redirects to home" do
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|