baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Submit social housing lettings and sales data (CORE)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2998 Commits
233 Branches
250 Tags
74 MiB
Tree: a92c401a4d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a92c401a4d'
${ noResults }
submit-social-housing-letti.../spec/policies/user_policy_spec.rb

222 lines
7.0 KiB
Raw Normal View History Unescape

CLDC-1783 Add telephone number question to the user form (#1706) * Add telephone number question to the user form * Extract user policy
1 year ago
require "rails_helper"
# rubocop:disable RSpec/RepeatedExample
RSpec.describe UserPolicy do
subject(:policy) { described_class }
let(:data_provider) { FactoryBot.create(:user, :data_provider) }
let(:data_coordinator) { FactoryBot.create(:user, :data_coordinator) }
let(:support) { FactoryBot.create(:user, :support) }
permissions :edit_names? do
it "allows changing their own name" do
expect(policy).to permit(data_provider, data_provider)
end
it "as a coordinator it allows changing other user's name" do
expect(policy).to permit(data_coordinator, data_provider)
end
it "as a support user it allows changing other user's name" do
expect(policy).to permit(support, data_provider)
end
end
permissions :edit_emails? do
it "allows changing their own email" do
expect(policy).to permit(data_provider, data_provider)
end
it "as a coordinator it allows changing other user's email" do
expect(policy).to permit(data_coordinator, data_provider)
end
it "as a support user it allows changing other user's email" do
expect(policy).to permit(support, data_provider)
end
end
permissions :edit_password? do
it "as a provider it allows changing their own password" do
expect(policy).to permit(data_provider, data_provider)
end
it "as a coordinator it allows changing their own password" do
expect(policy).to permit(data_coordinator, data_coordinator)
end
it "as a support user it allows changing their own password" do
expect(policy).to permit(support, support)
end
it "as a coordinator it does not allow changing other user's password" do
expect(policy).not_to permit(data_coordinator, data_provider)
end
it "as a support user it does not allow changing other user's password" do
expect(policy).not_to permit(support, data_provider)
end
end
permissions :edit_roles? do
it "as a provider it does not allow changing roles" do
expect(policy).not_to permit(data_provider, data_provider)
end
it "as a coordinator allows changing other user's roles" do
expect(policy).to permit(data_coordinator, data_provider)
end
it "as a support user allows changing other user's roles" do
expect(policy).to permit(support, data_provider)
end
end
permissions :edit_dpo? do
it "as a provider it does not allow changing dpo" do
expect(policy).not_to permit(data_provider, data_provider)
end
it "as a coordinator allows changing other user's dpo" do
expect(policy).to permit(data_coordinator, data_provider)
end
it "as a support user allows changing other user's dpo" do
expect(policy).to permit(support, data_provider)
end
end
permissions :edit_key_contact? do
it "as a provider it does not allow changing key_contact" do
expect(policy).not_to permit(data_provider, data_provider)
end
it "as a coordinator allows changing other user's key_contact" do
expect(policy).to permit(data_coordinator, data_provider)
end
it "as a support user allows changing other user's key_contact" do
expect(policy).to permit(support, data_provider)
end
end
CLDC-2479 Allow deleting users (#2288) * Add delete confirmation page * Add status to the user * Allow deleting user * Refactor sign_in user in tests * Add delete user button and update policy * Update user policy * Do not display deleted users as an answer option * Update user table and details * Do not show deleted users * Disable delete user on production * Update test
7 months ago
permissions :delete? do
context "with active user" do
let(:user) { create(:user, last_sign_in_at: Time.zone.yesterday) }
it "does not allow deleting a user as a provider" do
expect(user.status).to eq(:active)
expect(policy).not_to permit(data_provider, user)
end
it "does not allow allows deleting a user as a coordinator" do
expect(policy).not_to permit(data_coordinator, user)
end
it "does not allow deleting a user as a support user" do
expect(policy).not_to permit(support, user)
end
end
context "with unconfirmed user" do
let(:user) { create(:user) }
before do
user.confirmed_at = nil
user.save!(validate: false)
end
it "does not allow deleting a user as a provider" do
expect(user.status).to eq(:unconfirmed)
expect(policy).not_to permit(data_provider, user)
end
it "does not allow allows deleting a user as a coordinator" do
expect(policy).not_to permit(data_coordinator, user)
end
it "does not allow deleting a user as a support user" do
expect(policy).not_to permit(support, user)
end
end
context "with deactivated user" do
let(:user) { create(:user, active: false) }
before do
CLDC-3289 Avoid freezing time in tests (part 2) (#2432) * Refactor tests #1 * Refactor model form tests * Update tasklist helper tests * Update task list helper * Fix test * Udate model/forms tests * Update model/validations tests * Update a few more model specs * Update bulk request tests * Update policy tests * lint * Refactor * More fixes * Rabase fixes * Refactor * lint
4 months ago
log = build(:lettings_log, owning_organisation: user.organisation, assigned_to: user, startdate: Time.zone.today - 2.years)
CLDC-2479 Allow deleting users (#2288) * Add delete confirmation page * Add status to the user * Allow deleting user * Refactor sign_in user in tests * Add delete user button and update policy * Update user policy * Do not display deleted users as an answer option * Update user table and details * Do not show deleted users * Disable delete user on production * Update test
7 months ago
log.save!(validate: false)
end
context "and associated logs in editable collection period" do
before do
CLDC-3289 Avoid freezing time in tests (part 2) (#2432) * Refactor tests #1 * Refactor model form tests * Update tasklist helper tests * Update task list helper * Fix test * Udate model/forms tests * Update model/validations tests * Update a few more model specs * Update bulk request tests * Update policy tests * lint * Refactor * More fixes * Rabase fixes * Refactor * lint
4 months ago
create(:lettings_log, :sh, owning_organisation: user.organisation, assigned_to: user, startdate: Time.zone.yesterday)
CLDC-2479 Allow deleting users (#2288) * Add delete confirmation page * Add status to the user * Allow deleting user * Refactor sign_in user in tests * Add delete user button and update policy * Update user policy * Do not display deleted users as an answer option * Update user table and details * Do not show deleted users * Disable delete user on production * Update test
7 months ago
end
it "does not allow deleting a user as a provider" do
expect(policy).not_to permit(data_provider, user)
end
it "does not allow allows deleting a user as a coordinator" do
expect(policy).not_to permit(data_coordinator, user)
end
it "does not allow deleting a user as a support user" do
expect(policy).not_to permit(support, user)
end
end
context "and no associated logs in editable collection period" do
it "does not allow deleting a user as a provider" do
expect(policy).not_to permit(data_provider, user)
end
it "does not allow allows deleting a user as a coordinator" do
expect(policy).not_to permit(data_coordinator, user)
end
it "allows deleting a user as a support user" do
expect(policy).to permit(support, user)
end
end
context "and user is the DPO that has signed the agreement" do
let(:user) { create(:user, active: false, is_dpo: true) }
before do
user.organisation.data_protection_confirmation.update!(data_protection_officer: user)
end
it "does not allow deleting a user as a provider" do
expect(policy).not_to permit(data_provider, user)
end
it "does not allow allows deleting a user as a coordinator" do
expect(policy).not_to permit(data_coordinator, user)
end
it "does not allow deleting a user as a support user" do
expect(policy).not_to permit(support, user)
end
end
context "and user is the DPO that hasn't signed the agreement" do
CLDC-3495 Reduce persisted models in tests (#2507) * Remove legacy user from user factory * Build instead of creating in some model tests * Do not create a new DPO for orgs created within user factories * Add original setup doc * Update documentation with updated factories * Fix up DSA creations
4 months ago
let(:user) { create(:user, active: false, is_dpo: true, with_dsa: false) }
CLDC-2479 Allow deleting users (#2288) * Add delete confirmation page * Add status to the user * Allow deleting user * Refactor sign_in user in tests * Add delete user button and update policy * Update user policy * Do not display deleted users as an answer option * Update user table and details * Do not show deleted users * Disable delete user on production * Update test
7 months ago
it "does not allow deleting a user as a provider" do
expect(policy).not_to permit(data_provider, user)
end
it "does not allow allows deleting a user as a coordinator" do
expect(policy).not_to permit(data_coordinator, user)
end
it "allows deleting a user as a support user" do
expect(policy).to permit(support, user)
end
end
end
end
CLDC-1783 Add telephone number question to the user form (#1706) * Add telephone number question to the user form * Extract user policy
1 year ago
end
# rubocop:enable RSpec/RepeatedExample