baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Redirect when accessing organisation logs by non support user

pull/557/head
Kat 3 years ago
parent
415f07f461
commit
0764555586
2 changed files with 62 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      app/controllers/organisations_controller.rb
  2. 72
      spec/requests/organisations_controller_spec.rb

2
app/controllers/organisations_controller.rb
Unescape View File

@ -46,6 +46,8 @@ class OrganisationsController < ApplicationController
if current_user.support? if current_user.support?
@pagy, @case_logs = pagy(CaseLog.all.where(owning_organisation_id: @organisation.id)) @pagy, @case_logs = pagy(CaseLog.all.where(owning_organisation_id: @organisation.id))
render "logs", layout: "application" render "logs", layout: "application"
else
redirect_to(case_logs_path)
end end
end end

72
spec/requests/organisations_controller_spec.rb
Unescape View File

@ -58,10 +58,13 @@ RSpec.describe OrganisationsController, type: :request do
end end
context "with a data coordinator user" do context "with a data coordinator user" do
before do
sign_in user
end
context "when we access the details tab" do context "when we access the details tab" do
context "with an organisation that the user belongs to" do context "with an organisation that the user belongs to" do
before do before do
sign_in user
get "/organisations/#{organisation.id}/details", headers:, params: {} get "/organisations/#{organisation.id}/details", headers:, params: {}
end end
@ -89,7 +92,6 @@ RSpec.describe OrganisationsController, type: :request do
context "with organisation that are not in scope for the user, i.e. that they do not belong to" do context "with organisation that are not in scope for the user, i.e. that they do not belong to" do
before do before do
sign_in user
get "/organisations/#{unauthorised_organisation.id}/details", headers:, params: {} get "/organisations/#{unauthorised_organisation.id}/details", headers:, params: {}
end end
@ -106,7 +108,6 @@ RSpec.describe OrganisationsController, type: :request do
let!(:other_org_user) { FactoryBot.create(:user, name: "User 4") } let!(:other_org_user) { FactoryBot.create(:user, name: "User 4") }
before do before do
sign_in user
get "/organisations/#{organisation.id}/users", headers:, params: {} get "/organisations/#{organisation.id}/users", headers:, params: {}
end end
@ -144,7 +145,6 @@ RSpec.describe OrganisationsController, type: :request do
context "with an organisation that are not in scope for the user, i.e. that they do not belong to" do context "with an organisation that are not in scope for the user, i.e. that they do not belong to" do
before do before do
sign_in user
get "/organisations/#{unauthorised_organisation.id}/users", headers:, params: {} get "/organisations/#{unauthorised_organisation.id}/users", headers:, params: {}
end end
@ -157,7 +157,6 @@ RSpec.describe OrganisationsController, type: :request do
describe "#edit" do describe "#edit" do
context "with an organisation that the user belongs to" do context "with an organisation that the user belongs to" do
before do before do
sign_in user
get "/organisations/#{organisation.id}/edit", headers:, params: {} get "/organisations/#{organisation.id}/edit", headers:, params: {}
end end
@ -170,20 +169,22 @@ RSpec.describe OrganisationsController, type: :request do
context "with an organisation that the user does not belong to" do context "with an organisation that the user does not belong to" do
before do before do
sign_in user
get "/organisations/#{unauthorised_organisation.id}/edit", headers:, params: {} get "/organisations/#{unauthorised_organisation.id}/edit", headers:, params: {}
end end
it "returns a 404 not found" do it "returns a 404 not found" do
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:not_found)
end end
it "shows the 404 view" do
expect(page).to have_content("Page not found")
end
end end
end end
describe "#update" do describe "#update" do
context "with an organisation that the user belongs to" do context "with an organisation that the user belongs to" do
before do before do
sign_in user
patch "/organisations/#{organisation.id}", headers:, params: patch "/organisations/#{organisation.id}", headers:, params:
end end
@ -211,7 +212,6 @@ RSpec.describe OrganisationsController, type: :request do
context "with an organisation that the user does not belong to" do context "with an organisation that the user does not belong to" do
before do before do
sign_in user
patch "/organisations/#{unauthorised_organisation.id}", headers:, params: {} patch "/organisations/#{unauthorised_organisation.id}", headers:, params: {}
end end
@ -220,15 +220,42 @@ RSpec.describe OrganisationsController, type: :request do
end end
end end
end end
context "when viewing logs for other organisation" do
before do
get "/organisations/#{unauthorised_organisation.id}/logs", headers:, params: {}
end
it "returns not found 404 from org details route" do
expect(response).to have_http_status(:not_found)
end
it "shows the 404 view" do
expect(page).to have_content("Page not found")
end
end
context "when viewing logs for your organisation" do
before do
get "/organisations/#{organisation.id}/logs", headers:, params: {}
end
it "redirects to /logs page" do
expect(response).to redirect_to("/logs")
end
end
end end
context "with a data provider user" do context "with a data provider user" do
let(:user) { FactoryBot.create(:user) } let(:user) { FactoryBot.create(:user) }
before do
sign_in user
end
context "when accessing the details tab" do context "when accessing the details tab" do
context "with an organisation that the user belongs to" do context "with an organisation that the user belongs to" do
before do before do
sign_in user
get "/organisations/#{organisation.id}/details", headers:, params: {} get "/organisations/#{organisation.id}/details", headers:, params: {}
end end
@ -268,7 +295,6 @@ RSpec.describe OrganisationsController, type: :request do
context "when accessing the users tab" do context "when accessing the users tab" do
before do before do
sign_in user
get "/organisations/#{organisation.id}/users", headers:, params: {} get "/organisations/#{organisation.id}/users", headers:, params: {}
end end
@ -279,7 +305,6 @@ RSpec.describe OrganisationsController, type: :request do
describe "#edit" do describe "#edit" do
before do before do
sign_in user
get "/organisations/#{organisation.id}/edit", headers:, params: {} get "/organisations/#{organisation.id}/edit", headers:, params: {}
end end
@ -290,7 +315,6 @@ RSpec.describe OrganisationsController, type: :request do
describe "#update" do describe "#update" do
before do before do
sign_in user
patch "/organisations/#{organisation.id}", headers:, params: patch "/organisations/#{organisation.id}", headers:, params:
end end
@ -298,6 +322,30 @@ RSpec.describe OrganisationsController, type: :request do
expect(response).to have_http_status(:unauthorized) expect(response).to have_http_status(:unauthorized)
end end
end end
context "when viewing logs for other organisation" do
before do
get "/organisations/#{unauthorised_organisation.id}/logs", headers:, params: {}
end
it "returns not found 404 from org details route" do
expect(response).to have_http_status(:not_found)
end
it "shows the 404 view" do
expect(page).to have_content("Page not found")
end
end
context "when viewing logs for your organisation" do
before do
get "/organisations/#{organisation.id}/logs", headers:, params: {}
end
it "redirects to /logs page" do
expect(response).to redirect_to("/logs")
end
end
end end
context "with a support user" do context "with a support user" do

Write Preview
Loading…
Cancel
Save