diff --git a/app/controllers/form_controller.rb b/app/controllers/form_controller.rb index 9fbb6fc63..d1f669811 100644 --- a/app/controllers/form_controller.rb +++ b/app/controllers/form_controller.rb @@ -1,7 +1,6 @@ class FormController < ApplicationController before_action :authenticate_user! - before_action :find_resource, only: %i[submit_form review] - before_action :find_resource_by_named_id, except: %i[submit_form review] + before_action :find_resources def submit_form if @case_log @@ -23,7 +22,7 @@ class FormController < ApplicationController def check_answers if @case_log current_url = request.env["PATH_INFO"] - subsection = @case_log.form.get_subsection(current_url.split("/")[-2]) + subsection = @form.get_subsection(current_url.split("/")[-2]) render "form/check_answers", locals: { subsection: } else render_not_found @@ -91,12 +90,16 @@ private end end - def find_resource - @case_log = current_user.case_logs.find_by(id: params[:id]) - end + def find_resources + @case_log = if params[:case_log_id] + current_user.case_logs.find_by(id: params[:case_log_id]) + else + current_user.case_logs.find_by(id: params[:id]) + end + return unless @case_log - def find_resource_by_named_id - @case_log = current_user.case_logs.find_by(id: params[:case_log_id]) + @form = @case_log.form + @form.current_user = current_user end def is_referrer_check_answers? @@ -106,17 +109,17 @@ private def successful_redirect_path if is_referrer_check_answers? - page_ids = @case_log.form.subsection_for_page(@page).pages.map(&:id) + page_ids = @form.subsection_for_page(@page).pages.map(&:id) page_index = page_ids.index(@page.id) - next_page = @case_log.form.next_page(@page, @case_log) - previous_page = @case_log.form.previous_page(page_ids, page_index, @case_log) + next_page = @form.next_page(@page, @case_log) + previous_page = @form.previous_page(page_ids, page_index, @case_log) if next_page.to_s.include?("value_check") || next_page == previous_page return "/logs/#{@case_log.id}/#{next_page.dasherize}?referrer=check_answers" else - return send("case_log_#{@case_log.form.subsection_for_page(@page).id}_check_answers_path", @case_log) + return send("case_log_#{@form.subsection_for_page(@page).id}_check_answers_path", @case_log) end end - redirect_path = @case_log.form.next_page_redirect_path(@page, @case_log) + redirect_path = @form.next_page_redirect_path(@page, @case_log) send(redirect_path, @case_log) end end diff --git a/app/models/form.rb b/app/models/form.rb index 7149612ba..3119c3512 100644 --- a/app/models/form.rb +++ b/app/models/form.rb @@ -1,6 +1,7 @@ class Form attr_reader :form_definition, :sections, :subsections, :pages, :questions, :start_date, :end_date, :type, :name + attr_accessor :current_user def initialize(form_path, name) raise "No form definition file exists for given year".freeze unless File.exist?(form_path) @@ -14,6 +15,7 @@ class Form @subsections = sections.flat_map(&:subsections) @pages = subsections.flat_map(&:pages) @questions = pages.flat_map(&:questions) + @current_user = nil end def get_subsection(id) @@ -163,8 +165,9 @@ class Form when "case_log" case_log when "user" - nil + current_user end + return false unless object_instance if value.is_a?(Hash) && value.key?("operator") operator = value["operator"] diff --git a/spec/features/form/page_routing_spec.rb b/spec/features/form/page_routing_spec.rb index 83a1078ff..55a483d0a 100644 --- a/spec/features/form/page_routing_spec.rb +++ b/spec/features/form/page_routing_spec.rb @@ -47,7 +47,52 @@ RSpec.describe "Form Page Routing" do expect(page).to have_current_path("/logs/#{id}/conditional-question/check-answers") end - context "when the answers are inferred", js: true do + context "when a page is dependent on the current user's role" do + let(:case_log) do + FactoryBot.create( + :case_log, + :in_progress, + owning_organisation: user.organisation, + managing_organisation: user.organisation, + is_previous_la_inferred: false, + ) + end + + context "when the user has the required role" do + it "routes to the page" do + visit("/logs/#{id}/property-postcode") + click_button("Save and continue") + expect(page).to have_current_path("/logs/#{id}/do-you-know-the-local-authority") + end + end + + context "when the user does not have the required role" do + let(:support_user) { FactoryBot.create(:user, :support, organisation: user.organisation) } + let(:devise_notify_mailer) { DeviseNotifyMailer.new } + let(:notify_client) { instance_double(Notifications::Client) } + let(:otp) { "999111" } + + before do + allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer) + allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client) + allow(notify_client).to receive(:send_email).and_return(true) + allow(SecureRandom).to receive(:random_number).and_return(otp) + click_link("Sign out") + visit("/account/sign-in") + sign_in support_user + fill_in("code", with: otp) + click_button("Submit") + end + + it "does not route to the page" do + visit("/logs/#{id}/property-postcode") + click_button("Save and continue") + expect(page).to have_current_path("/logs/#{id}/property-wheelchair-accessible") + end + end + end + + context "when the answers are inferred" do it "shows question if the answer could not be inferred" do visit("/logs/#{id}/property-postcode") fill_in("case-log-postcode-full-field", with: "PO5 3TE") diff --git a/spec/fixtures/forms/2021_2022.json b/spec/fixtures/forms/2021_2022.json index 02ba32d19..8aac20fd3 100644 --- a/spec/fixtures/forms/2021_2022.json +++ b/spec/fixtures/forms/2021_2022.json @@ -463,7 +463,10 @@ } }, "depends_on": [ - [{"object": "case_log", "method": "is_la_inferred", "value": false}] + [ + {"object": "case_log", "method": "is_la_inferred", "value": false}, + {"object": "user", "method": "role", "value": "data_provider"} + ] ] }, "property_wheelchair_accessible": {