diff --git a/app/controllers/locations_controller.rb b/app/controllers/locations_controller.rb index f978a3b10..453c0934f 100644 --- a/app/controllers/locations_controller.rb +++ b/app/controllers/locations_controller.rb @@ -1,22 +1,29 @@ class LocationsController < ApplicationController include Pagy::Backend + include Modules::SearchFilter + before_action :authenticate_user! - before_action :authenticate_scope! before_action :find_location, except: %i[create index] before_action :find_scheme - before_action :authenticate_action!, only: %i[create update index new_deactivation deactivate_confirm deactivate postcode local_authority name units type_of_unit mobility_standards availability check_answers] before_action :scheme_and_location_present, except: %i[create index] - include Modules::SearchFilter + before_action :authorize_user, except: %i[index create] def index + authorize @scheme + @pagy, @locations = pagy(filtered_collection(@scheme.locations, search_term)) @total_count = @scheme.locations.size @searched = search_term.presence end def create - @location = @scheme.locations.create! + @location = @scheme.locations.new + + authorize @location + + @location.save! + redirect_to scheme_location_postcode_path(@scheme, @location, route: params[:route]) end @@ -205,6 +212,10 @@ class LocationsController < ApplicationController private + def authorize_user + authorize(@location || Location) + end + def scheme_and_location_present render_not_found and return unless @location && @scheme end @@ -221,20 +232,6 @@ private @location = params[:location_id].present? ? Location.find_by(id: params[:location_id]) : Location.find_by(id: params[:id]) end - def authenticate_scope! - head :unauthorized and return unless current_user.data_coordinator? || current_user.support? - end - - def authenticate_action! - unless user_allowed_action? - render_not_found - end - end - - def user_allowed_action? - current_user.support? || current_user.organisation == @scheme&.owning_organisation || current_user.organisation.parent_organisations.exists?(@scheme&.owning_organisation_id) - end - def location_params required_params = params.require(:location).permit(:postcode, :location_admin_district, :location_code, :name, :units, :type_of_unit, :mobility_type, "startdate(1i)", "startdate(2i)", "startdate(3i)").merge(scheme_id: @scheme.id) required_params[:postcode] = PostcodeService.clean(required_params[:postcode]) if required_params[:postcode] diff --git a/app/controllers/schemes_controller.rb b/app/controllers/schemes_controller.rb index ad7884819..784ad5f62 100644 --- a/app/controllers/schemes_controller.rb +++ b/app/controllers/schemes_controller.rb @@ -3,9 +3,11 @@ class SchemesController < ApplicationController include Modules::SearchFilter before_action :authenticate_user! - before_action :find_resource, except: %i[index] - before_action :authenticate_scope! + before_action :find_resource, except: %i[index create new] before_action :redirect_if_scheme_confirmed, only: %i[primary_client_group confirm_secondary_client_group secondary_client_group support details] + before_action :authorize_user + + rescue_from ActiveRecord::RecordNotFound, with: :render_not_found def index redirect_to schemes_organisation_path(current_user.organisation) unless current_user.support? @@ -18,6 +20,9 @@ class SchemesController < ApplicationController def show @scheme = Scheme.find_by(id: params[:id]) + + authorize @scheme + render_not_found and return unless @scheme end @@ -89,6 +94,8 @@ class SchemesController < ApplicationController def create @scheme = Scheme.new(scheme_params) + authorize @scheme + validation_errors scheme_params if @scheme.errors.empty? && @scheme.save @@ -109,6 +116,8 @@ class SchemesController < ApplicationController def update render_not_found and return unless @scheme + authorize @scheme + check_answers = params[:scheme][:check_answers] page = params[:scheme][:page] scheme_previously_confirmed = @scheme.confirmed? @@ -182,6 +191,10 @@ class SchemesController < ApplicationController private + def authorize_user + authorize(@scheme || Scheme) + end + def validation_errors(scheme_params) scheme_params.each_key do |key| if scheme_params[key].to_s.empty? @@ -260,14 +273,10 @@ private def find_resource @scheme = Scheme.find_by(id: params[:id]) || Scheme.find_by(id: params[:scheme_id]) - end - def authenticate_scope! - head :unauthorized and return unless current_user.data_coordinator? || current_user.support? + raise ActiveRecord::RecordNotFound unless @scheme - if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name deactivate].include?(action_name) && !user_allowed_action? - render_not_found and return - end + @scheme end def user_allowed_action? diff --git a/app/helpers/check_answers_helper.rb b/app/helpers/check_answers_helper.rb index a29ab98d0..fed6e4e77 100644 --- a/app/helpers/check_answers_helper.rb +++ b/app/helpers/check_answers_helper.rb @@ -12,7 +12,10 @@ module CheckAnswersHelper end def can_change_scheme_answer?(attribute_name, scheme) + return false unless current_user.support? || current_user.data_coordinator? + editable_attributes = current_user.support? ? ["Name", "Confidential information", "Housing stock owned by"] : ["Name", "Confidential information"] + !scheme.confirmed? || editable_attributes.include?(attribute_name) end diff --git a/app/helpers/navigation_items_helper.rb b/app/helpers/navigation_items_helper.rb index 1de73f06a..8f8c2d295 100644 --- a/app/helpers/navigation_items_helper.rb +++ b/app/helpers/navigation_items_helper.rb @@ -10,20 +10,11 @@ module NavigationItemsHelper NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)), NavigationItem.new("Schemes", "/schemes", supported_housing_schemes_current?(path)), ].compact - elsif current_user.data_coordinator? && current_user.organisation.holds_own_stock? - [ - NavigationItem.new("Lettings logs", lettings_logs_path, lettings_logs_current?(path)), - NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)), - NavigationItem.new("Schemes", "/schemes", subnav_supported_housing_schemes_path?(path)), - NavigationItem.new("Users", users_organisation_path(current_user.organisation), subnav_users_path?(path)), - NavigationItem.new("About your organisation", "/organisations/#{current_user.organisation.id}", subnav_details_path?(path)), - NavigationItem.new("Stock owners", stock_owners_organisation_path(current_user.organisation), stock_owners_path?(path)), - NavigationItem.new("Managing agents", managing_agents_organisation_path(current_user.organisation), managing_agents_path?(path)), - ].compact else [ NavigationItem.new("Lettings logs", lettings_logs_path, lettings_logs_current?(path)), NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)), + (NavigationItem.new("Schemes", "/schemes", subnav_supported_housing_schemes_path?(path)) if current_user.organisation.holds_own_stock?), NavigationItem.new("Users", users_organisation_path(current_user.organisation), subnav_users_path?(path)), NavigationItem.new("About your organisation", "/organisations/#{current_user.organisation.id}", subnav_details_path?(path)), NavigationItem.new("Stock owners", stock_owners_organisation_path(current_user.organisation), stock_owners_path?(path)), diff --git a/app/policies/location_policy.rb b/app/policies/location_policy.rb new file mode 100644 index 000000000..f10f96ef5 --- /dev/null +++ b/app/policies/location_policy.rb @@ -0,0 +1,74 @@ +class LocationPolicy + attr_reader :user, :location + + def initialize(user, location) + @user = user + @location = location + end + + def index? + true + end + + def create? + return true if user.support? + + if location == Location + user.data_coordinator? + else + user.data_coordinator? && user.organisation == scheme&.owning_organisation + end + end + + def update? + return true if user.support? + + user.data_coordinator? && scheme&.owning_organisation == user.organisation + end + + %w[ + update_postcode? + update_local_authority? + update_name? + update_units? + update_type_of_unit? + update_mobility_standards? + update_availability? + new_deactivation? + deactivate_confirm? + deactivate? + new_reactivation? + reactivate? + postcode? + local_authority? + name? + units? + type_of_unit? + mobility_standards? + availability? + confirm? + ].each do |method_name| + define_method method_name do + return true if user.support? + + user.data_coordinator? && scheme&.owning_organisation == user.organisation + end + end + + %w[ + show? + check_answers? + ].each do |method_name| + define_method method_name do + return true if user.support? + + user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation + end + end + +private + + def scheme + location.scheme + end +end diff --git a/app/policies/scheme_policy.rb b/app/policies/scheme_policy.rb new file mode 100644 index 000000000..58a4efb11 --- /dev/null +++ b/app/policies/scheme_policy.rb @@ -0,0 +1,61 @@ +class SchemePolicy + attr_reader :user, :scheme + + def initialize(user, scheme) + @user = user + @scheme = scheme + end + + def index? + return true if user.support? + + if scheme == Scheme + true + else + user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation + end + end + + def new? + user.data_coordinator? || user.support? + end + + def create? + user.data_coordinator? || user.support? + end + + def update? + return true if user.support? + + user.data_coordinator? && (scheme&.owning_organisation == user.organisation) + end + + %w[ + show? + check_answers? + ].each do |method_name| + define_method method_name do + return true if user.support? + + user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation + end + end + + %w[ + edit_name? + primary_client_group? + confirm_secondary_client_group? + secondary_client_group? + new_deactivation? + deactivate? + details? + support? + deactivate_confirm? + ].each do |method_name| + define_method method_name do + return true if user.support? + + user.data_coordinator? && scheme&.owning_organisation == user.organisation + end + end +end diff --git a/app/views/locations/check_answers.html.erb b/app/views/locations/check_answers.html.erb index b460ca464..fdc9796a5 100644 --- a/app/views/locations/check_answers.html.erb +++ b/app/views/locations/check_answers.html.erb @@ -15,19 +15,24 @@ <%= render partial: "organisations/headings", locals: { main: "Check your answers", sub: "Add a location to #{@scheme.service_name}" } %>
-
- <%= govuk_summary_list do |summary_list| %> - <% display_location_attributes_for_check_answers(@location).each do |attr| %> - <%= summary_list.row do |row| %> - <% row.key { attr[:name] } %> - <% row.value { details_html(attr) } %> - <% row.action(text: action_text_helper(attr, @location), href: location_edit_path(@location, attr[:attribute])) %> - <% end %> - <% end %> +
+ <%= govuk_summary_list do |summary_list| %> + <% display_location_attributes_for_check_answers(@location).each do |attr| %> + <%= summary_list.row do |row| %> + <% row.key { attr[:name] } %> + <% row.value { details_html(attr) } %> + <% if LocationPolicy.new(current_user, @location).update? %> + <% row.action(text: action_text_helper(attr, @location), href: location_edit_path(@location, attr[:attribute])) %> + <% end %> <% end %> -
-
-
- <%= govuk_button_to "Save and return to locations", scheme_location_confirm_path(@scheme, @location, route: params[:route]), method: :patch %> - <%= govuk_button_link_to "Cancel", scheme_locations_path(@scheme), secondary: true %> + <% end %> + <% end %> +
+ +<% if LocationPolicy.new(current_user, @location).create? %> +
+ <%= govuk_button_to "Save and return to locations", scheme_location_confirm_path(@scheme, @location, route: params[:route]), method: :patch %> + <%= govuk_button_link_to "Cancel", scheme_locations_path(@scheme), secondary: true %> +
+<% end %> diff --git a/app/views/locations/index.html.erb b/app/views/locations/index.html.erb index fafe16a92..85ae27fed 100644 --- a/app/views/locations/index.html.erb +++ b/app/views/locations/index.html.erb @@ -60,16 +60,16 @@ <% row.cell(text: location.name) %> <% row.cell(text: location.id) %> <% row.cell(text: status_tag(location.status)) %> - <% end %> + <% end %> <% end %> <% end %> <% end %> - <% if user_can_edit_scheme?(current_user, @scheme) %> + + <% if LocationPolicy.new(current_user, @scheme.locations.new).create? %> <%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %> <% end %> - <% else %> <%= govuk_table do |table| %> <%= table.caption(classes: %w[govuk-!-font-size-19 govuk-!-font-weight-regular]) do |caption| %> diff --git a/app/views/locations/show.html.erb b/app/views/locations/show.html.erb index 005d68422..d949a8c63 100644 --- a/app/views/locations/show.html.erb +++ b/app/views/locations/show.html.erb @@ -10,18 +10,23 @@ <%= render partial: "organisations/headings", locals: { main: @location.postcode, sub: @location.name } %>
-
- <%= govuk_summary_list do |summary_list| %> - <% display_location_attributes(@location).each do |attr| %> - <%= summary_list.row do |row| %> - <% row.key { attr[:name] } %> - <% row.value { attr[:attribute].eql?("status") ? status_tag(attr[:value]) : details_html(attr) } %> - <% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" && user_can_edit_scheme?(current_user, @scheme) %> - <% end %> - <% end %> +
+ <%= govuk_summary_list do |summary_list| %> + <% display_location_attributes(@location).each do |attr| %> + <%= summary_list.row do |row| %> + <% row.key { attr[:name] } %> + <% row.value { attr[:attribute].eql?("status") ? status_tag(attr[:value]) : details_html(attr) } %> + <% if LocationPolicy.new(current_user, @location).update? %> + <% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" %> + <% end %> <% end %> -
+ <% end %> + <% end %> +
-<% if FeatureToggle.location_toggle_enabled? && user_can_edit_scheme?(current_user, @scheme) %> + +<% if FeatureToggle.location_toggle_enabled? %> + <% if LocationPolicy.new(current_user, @location).deactivate? %> <%= toggle_location_link(@location) %> + <% end %> <% end %> diff --git a/app/views/organisations/schemes.html.erb b/app/views/organisations/schemes.html.erb index 8e9690fe5..6dac0f3a7 100644 --- a/app/views/organisations/schemes.html.erb +++ b/app/views/organisations/schemes.html.erb @@ -12,7 +12,9 @@

Supported housing schemes

<% end %> -<%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %> +<% if SchemePolicy.new(current_user, nil).create? %> + <%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %> +<% end %> <%= govuk_details( classes: "govuk-!-width-two-thirds", diff --git a/app/views/schemes/_scheme_summary_list_row.html.erb b/app/views/schemes/_scheme_summary_list_row.html.erb index df8939df1..309dcfe15 100644 --- a/app/views/schemes/_scheme_summary_list_row.html.erb +++ b/app/views/schemes/_scheme_summary_list_row.html.erb @@ -14,9 +14,10 @@ <%= details_html(attribute) %> <% end %> + <% if can_change_scheme_answer?(attribute[:name], scheme) %> -
- Change -
+
+ Change +
<% end %> diff --git a/app/views/schemes/check_answers.html.erb b/app/views/schemes/check_answers.html.erb index 9dbb68bfd..7924768f0 100644 --- a/app/views/schemes/check_answers.html.erb +++ b/app/views/schemes/check_answers.html.erb @@ -12,17 +12,21 @@ <% next if current_user.data_coordinator? && attr[:name] == ("owned by") %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: @scheme.confirmed? ? scheme_edit_name_path(@scheme) : scheme_details_path(@scheme, check_answers: true) } %> <% end %> + <% @scheme.check_primary_client_attributes.each do |attr| %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_primary_client_group_path(@scheme, check_answers: true) } %> <% end %> + <% @scheme.check_secondary_client_confirmation_attributes.each do |attr| %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_confirm_secondary_client_group_path(@scheme, check_answers: true) } %> <% end %> + <% if @scheme.has_other_client_group == "Yes" %> <% @scheme.check_secondary_client_attributes.each do |attr| %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_secondary_client_group_path(@scheme, check_answers: true) } %> <% end %> <% end %> + <% @scheme.check_support_attributes.each do |attr| %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_support_path(@scheme, check_answers: true) } %> <% end %> @@ -32,5 +36,8 @@ <%= f.hidden_field :page, value: "check-answers" %> <%= f.hidden_field :confirmed, value: "true" %> <% button_label = @scheme.confirmed? ? "Save" : "Create scheme" %> - <%= f.govuk_submit button_label %> + + <% if SchemePolicy.new(current_user, @scheme).create? %> + <%= f.govuk_submit button_label %> + <% end %> <% end %> diff --git a/app/views/schemes/index.html.erb b/app/views/schemes/index.html.erb index 8e787a33d..fa900ca8d 100644 --- a/app/views/schemes/index.html.erb +++ b/app/views/schemes/index.html.erb @@ -5,7 +5,9 @@ <%= render partial: "organisations/headings", locals: current_user.support? ? { main: "Supported housing schemes", sub: nil } : { main: "Supported housing schemes", sub: current_user.organisation.name } %> -<%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %> +<% if SchemePolicy.new(current_user, nil).create? %> + <%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %> +<% end %> <%= render SearchComponent.new(current_user:, search_label: "Search by scheme name, code, postcode or location name", value: @searched) %> diff --git a/app/views/schemes/show.html.erb b/app/views/schemes/show.html.erb index 96137b2bb..0005582e8 100644 --- a/app/views/schemes/show.html.erb +++ b/app/views/schemes/show.html.erb @@ -22,7 +22,9 @@ <%= summary_list.row do |row| %> <% row.key { attr[:name] } %> <% row.value { details_html(attr) } %> - <% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] && user_can_edit_scheme?(current_user, @scheme) %> + <% if SchemePolicy.new(current_user, @scheme).update? %> + <% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] %> + <% end %> <% end %> <% end %> <% end %> @@ -32,6 +34,8 @@ <% end %> -<% if FeatureToggle.scheme_toggle_enabled? && user_can_edit_scheme?(current_user, @scheme) %> - <%= toggle_scheme_link(@scheme) %> +<% if FeatureToggle.scheme_toggle_enabled? %> + <% if SchemePolicy.new(current_user, @scheme).deactivate? %> + <%= toggle_scheme_link(@scheme) %> + <% end %> <% end %> diff --git a/spec/helpers/navigation_items_helper_spec.rb b/spec/helpers/navigation_items_helper_spec.rb index 912c2936b..1d753c31e 100644 --- a/spec/helpers/navigation_items_helper_spec.rb +++ b/spec/helpers/navigation_items_helper_spec.rb @@ -1,196 +1,301 @@ require "rails_helper" RSpec.describe NavigationItemsHelper do - let(:current_user) { FactoryBot.create(:user, :data_coordinator) } + let(:current_user) { create(:user, :data_coordinator) } let(:users_path) { "/organisations/#{current_user.organisation.id}/users" } let(:organisation_path) { "/organisations/#{current_user.organisation.id}" } - describe "#primary items" do - context "when the sales log feature flag is enabled" do - context "when the user is a data coordinator" do - context "when the user is on the lettings logs page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", true), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", users_path, false), - NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end + describe "#primary_items" do + context "when the user is a data coordinator" do + context "when the user is on the lettings logs page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", true), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", users_path, false), + NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), + ] + end - it "returns navigation items with the users item set as current" do - expect(primary_items("/lettings-logs", current_user)).to eq(expected_navigation_items) - end + it "returns navigation items with the users item set as current" do + expect(primary_items("/lettings-logs", current_user)).to eq(expected_navigation_items) end + end - context "when the user is on the sales logs page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", true), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", users_path, false), - NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end + context "when the user is on the sales logs page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", true), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", users_path, false), + NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), + ] + end - it "returns navigation items with the users item set as current" do - expect(primary_items("/sales-logs", current_user)).to eq(expected_navigation_items) - end + it "returns navigation items with the users item set as current" do + expect(primary_items("/sales-logs", current_user)).to eq(expected_navigation_items) end + end - context "when the user is on the users page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", users_path, true), - NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end + context "when the user is on the users page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", users_path, true), + NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), + ] + end - it "returns navigation items with the users item set as current" do - expect(primary_items(users_path, current_user)).to eq(expected_navigation_items) - end + it "returns navigation items with the users item set as current" do + expect(primary_items(users_path, current_user)).to eq(expected_navigation_items) end + end - context "when the user is on their organisation details page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", users_path, false), - NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, true), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end + context "when the user is on their organisation details page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", users_path, false), + NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, true), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), + ] + end - it "returns navigation items with the users item set as current" do - expect(primary_items("#{organisation_path}/details", current_user)).to eq(expected_navigation_items) - end + it "returns navigation items with the users item set as current" do + expect(primary_items("#{organisation_path}/details", current_user)).to eq(expected_navigation_items) end + end - context "when the user is on the account page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), - NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end + context "when the user is on the account page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), + NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), + ] + end - it "returns navigation items with the users item set as current" do - expect(primary_items("/account", current_user)).to eq(expected_navigation_items) - end + it "returns navigation items with the users item set as current" do + expect(primary_items("/account", current_user)).to eq(expected_navigation_items) end + end - context "when the user is on the individual user's page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", true), - NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end + context "when the user is on the individual user's page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", true), + NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), + ] + end - it "returns navigation items with the users item set as current" do - expect(primary_items("/users/1", current_user)).to eq(expected_navigation_items) - end + it "returns navigation items with the users item set as current" do + expect(primary_items("/users/1", current_user)).to eq(expected_navigation_items) end + end - context "when the user is on the individual scheme's page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", true), - NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), - NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end + context "when the user is on the individual scheme's page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", true), + NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), + NavigationItemsHelper::NavigationItem.new("About your organisation", organisation_path, false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), + ] + end - it "returns navigation items with Schemes item set as current" do - expect(primary_items("/schemes/1", current_user)).to eq(expected_navigation_items) - end + it "returns navigation items with Schemes item set as current" do + expect(primary_items("/schemes/1", current_user)).to eq(expected_navigation_items) end end + end - context "when the user is a support user" do - let(:current_user) { FactoryBot.create(:user, :support) } + context "when a data provider" do + let(:current_user) { create(:user, :data_provider) } - context "when the user is on the lettings logs page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), - NavigationItemsHelper::NavigationItem.new("Users", "/users", false), - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", true), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - ] - end + it "includes schemes" do + expect(primary_items("/", current_user)).to include(NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false)) + end + end - it "returns navigation items with the users item set as current" do - expect(primary_items("/lettings-logs", current_user)).to eq(expected_navigation_items) - end + context "when the user is a support user" do + let(:current_user) { create(:user, :support) } + + context "when the user is on the lettings logs page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Users", "/users", false), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", true), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + ] end - context "when the user is on the sales logs page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), - NavigationItemsHelper::NavigationItem.new("Users", "/users", false), - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", true), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - ] - end + it "returns navigation items with the users item set as current" do + expect(primary_items("/lettings-logs", current_user)).to eq(expected_navigation_items) + end + end - it "returns navigation items with the users item set as current" do - expect(primary_items("/sales-logs", current_user)).to eq(expected_navigation_items) - end + context "when the user is on the sales logs page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Users", "/users", false), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", true), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + ] end - context "when the user is on the users page" do - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), - NavigationItemsHelper::NavigationItem.new("Users", "/users", true), - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - ] - end + it "returns navigation items with the users item set as current" do + expect(primary_items("/sales-logs", current_user)).to eq(expected_navigation_items) + end + end - it "returns navigation items with the users item set as current" do - expect(primary_items("/users", current_user)).to eq(expected_navigation_items) - end + context "when the user is on the users page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Users", "/users", true), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + ] + end + + it "returns navigation items with the users item set as current" do + expect(primary_items("/users", current_user)).to eq(expected_navigation_items) + end + end + + context "when the user is on the account page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Users", "/users", false), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + ] + end + + it "returns navigation items with the users item set as current" do + expect(primary_items("/account", current_user)).to eq(expected_navigation_items) + end + end + + context "when the user is on the Schemes page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Users", "/users", false), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", true), + ] + end + + it "returns navigation items with the users item set as current" do + expect(primary_items("/schemes", current_user)).to eq(expected_navigation_items) + end + end + + context "when the user is on the individual user's page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Users", "/users", true), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), + ] + end + + it "returns navigation items with the users item set as current" do + expect(primary_items("/users/1", current_user)).to eq(expected_navigation_items) + end + end + + context "when the user is on the individual scheme's page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Users", "/users", false), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", true), + ] + end + + let(:expected_scheme_items) do + [ + NavigationItemsHelper::NavigationItem.new("Scheme", "/schemes/1", true), + NavigationItemsHelper::NavigationItem.new("Locations", "/schemes/1/locations", false), + ] end - context "when the user is on the account page" do + it "returns navigation items with Schemes item set as current" do + expect(primary_items("/schemes/1", current_user)).to eq(expected_navigation_items) + expect(scheme_items("/schemes/1", 1, "Locations")).to eq(expected_scheme_items) + end + end + + context "when the user is on the scheme locations page" do + let(:expected_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Users", "/users", false), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", true), + ] + end + + let(:expected_scheme_items) do + [ + NavigationItemsHelper::NavigationItem.new("Scheme", "/schemes/1", false), + NavigationItemsHelper::NavigationItem.new("Locations", "/schemes/1/locations", true), + ] + end + + it "returns navigation items with Schemes item set as current" do + expect(primary_items("/schemes/1/locations", current_user)).to eq(expected_navigation_items) + expect(scheme_items("/schemes/1/locations", 1, "Locations")).to eq(expected_scheme_items) + end + end + + context "when the user is on the specific organisation's page" do + context "when the user is on organisation logs page" do + let(:required_sub_path) { "lettings-logs" } let(:expected_navigation_items) do [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", true), NavigationItemsHelper::NavigationItem.new("Users", "/users", false), NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), @@ -198,210 +303,111 @@ RSpec.describe NavigationItemsHelper do ] end - it "returns navigation items with the users item set as current" do - expect(primary_items("/account", current_user)).to eq(expected_navigation_items) - end - end - - context "when the user is on the Schemes page" do - let(:expected_navigation_items) do + let(:expected_secondary_navigation_items) do [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), - NavigationItemsHelper::NavigationItem.new("Users", "/users", false), - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", true), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/organisations/#{current_user.organisation.id}/lettings-logs", true), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/organisations/#{current_user.organisation.id}/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/organisations/#{current_user.organisation.id}/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), + NavigationItemsHelper::NavigationItem.new("About this organisation", "/organisations/#{current_user.organisation.id}", false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), ] end - it "returns navigation items with the users item set as current" do - expect(primary_items("/schemes", current_user)).to eq(expected_navigation_items) + it "returns navigation items with the logs item set as current" do + expect(primary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user)).to eq(expected_navigation_items) + expect(secondary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user.organisation.id)).to eq(expected_secondary_navigation_items) end end - context "when the user is on the individual user's page" do + context "when the user is on organisation users page" do + let(:required_sub_path) { "users" } let(:expected_navigation_items) do [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), - NavigationItemsHelper::NavigationItem.new("Users", "/users", true), + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", true), + NavigationItemsHelper::NavigationItem.new("Users", "/users", false), NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), ] end - it "returns navigation items with the users item set as current" do - expect(primary_items("/users/1", current_user)).to eq(expected_navigation_items) + let(:expected_secondary_navigation_items) do + [ + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/organisations/#{current_user.organisation.id}/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/organisations/#{current_user.organisation.id}/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/organisations/#{current_user.organisation.id}/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", true), + NavigationItemsHelper::NavigationItem.new("About this organisation", "/organisations/#{current_user.organisation.id}", false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), + ] + end + + it "returns navigation items with the logs item set as current" do + expect(primary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user)).to eq(expected_navigation_items) + expect(secondary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user.organisation.id)).to eq(expected_secondary_navigation_items) end end - context "when the user is on the individual scheme's page" do + context "when the user is on organisation schemes page" do + let(:required_sub_path) { "schemes" } let(:expected_navigation_items) do [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", true), NavigationItemsHelper::NavigationItem.new("Users", "/users", false), NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", true), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), ] end - let(:expected_scheme_items) do + let(:expected_secondary_navigation_items) do [ - NavigationItemsHelper::NavigationItem.new("Scheme", "/schemes/1", true), - NavigationItemsHelper::NavigationItem.new("Locations", "/schemes/1/locations", false), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/organisations/#{current_user.organisation.id}/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/organisations/#{current_user.organisation.id}/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/organisations/#{current_user.organisation.id}/schemes", true), + NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), + NavigationItemsHelper::NavigationItem.new("About this organisation", "/organisations/#{current_user.organisation.id}", false), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), ] end - it "returns navigation items with Schemes item set as current" do - expect(primary_items("/schemes/1", current_user)).to eq(expected_navigation_items) - expect(scheme_items("/schemes/1", 1, "Locations")).to eq(expected_scheme_items) + it "returns navigation items with the schemes item set as current" do + expect(primary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user)).to eq(expected_navigation_items) + expect(secondary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user.organisation.id)).to eq(expected_secondary_navigation_items) end end - context "when the user is on the scheme locations page" do + context "when the user is on organisation details page" do + let(:required_sub_path) { "details" } let(:expected_navigation_items) do [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", false), + NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", true), NavigationItemsHelper::NavigationItem.new("Users", "/users", false), NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", true), + NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), ] end - let(:expected_scheme_items) do + let(:expected_secondary_navigation_items) do [ - NavigationItemsHelper::NavigationItem.new("Scheme", "/schemes/1", false), - NavigationItemsHelper::NavigationItem.new("Locations", "/schemes/1/locations", true), + NavigationItemsHelper::NavigationItem.new("Lettings logs", "/organisations/#{current_user.organisation.id}/lettings-logs", false), + NavigationItemsHelper::NavigationItem.new("Sales logs", "/organisations/#{current_user.organisation.id}/sales-logs", false), + NavigationItemsHelper::NavigationItem.new("Schemes", "/organisations/#{current_user.organisation.id}/schemes", false), + NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), + NavigationItemsHelper::NavigationItem.new("About this organisation", "/organisations/#{current_user.organisation.id}", true), + NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), + NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), ] end - it "returns navigation items with Schemes item set as current" do - expect(primary_items("/schemes/1/locations", current_user)).to eq(expected_navigation_items) - expect(scheme_items("/schemes/1/locations", 1, "Locations")).to eq(expected_scheme_items) - end - end - - context "when the user is on the specific organisation's page" do - context "when the user is on organisation logs page" do - let(:required_sub_path) { "lettings-logs" } - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", true), - NavigationItemsHelper::NavigationItem.new("Users", "/users", false), - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - ] - end - - let(:expected_secondary_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/organisations/#{current_user.organisation.id}/lettings-logs", true), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/organisations/#{current_user.organisation.id}/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/organisations/#{current_user.organisation.id}/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), - NavigationItemsHelper::NavigationItem.new("About this organisation", "/organisations/#{current_user.organisation.id}", false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end - - it "returns navigation items with the logs item set as current" do - expect(primary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user)).to eq(expected_navigation_items) - expect(secondary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user.organisation.id)).to eq(expected_secondary_navigation_items) - end - end - - context "when the user is on organisation users page" do - let(:required_sub_path) { "users" } - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", true), - NavigationItemsHelper::NavigationItem.new("Users", "/users", false), - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - ] - end - - let(:expected_secondary_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/organisations/#{current_user.organisation.id}/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/organisations/#{current_user.organisation.id}/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/organisations/#{current_user.organisation.id}/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", true), - NavigationItemsHelper::NavigationItem.new("About this organisation", "/organisations/#{current_user.organisation.id}", false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end - - it "returns navigation items with the logs item set as current" do - expect(primary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user)).to eq(expected_navigation_items) - expect(secondary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user.organisation.id)).to eq(expected_secondary_navigation_items) - end - end - - context "when the user is on organisation schemes page" do - let(:required_sub_path) { "schemes" } - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", true), - NavigationItemsHelper::NavigationItem.new("Users", "/users", false), - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - ] - end - - let(:expected_secondary_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/organisations/#{current_user.organisation.id}/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/organisations/#{current_user.organisation.id}/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/organisations/#{current_user.organisation.id}/schemes", true), - NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), - NavigationItemsHelper::NavigationItem.new("About this organisation", "/organisations/#{current_user.organisation.id}", false), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end - - it "returns navigation items with the schemes item set as current" do - expect(primary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user)).to eq(expected_navigation_items) - expect(secondary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user.organisation.id)).to eq(expected_secondary_navigation_items) - end - end - - context "when the user is on organisation details page" do - let(:required_sub_path) { "details" } - let(:expected_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Organisations", "/organisations", true), - NavigationItemsHelper::NavigationItem.new("Users", "/users", false), - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false), - ] - end - - let(:expected_secondary_navigation_items) do - [ - NavigationItemsHelper::NavigationItem.new("Lettings logs", "/organisations/#{current_user.organisation.id}/lettings-logs", false), - NavigationItemsHelper::NavigationItem.new("Sales logs", "/organisations/#{current_user.organisation.id}/sales-logs", false), - NavigationItemsHelper::NavigationItem.new("Schemes", "/organisations/#{current_user.organisation.id}/schemes", false), - NavigationItemsHelper::NavigationItem.new("Users", "/organisations/#{current_user.organisation.id}/users", false), - NavigationItemsHelper::NavigationItem.new("About this organisation", "/organisations/#{current_user.organisation.id}", true), - NavigationItemsHelper::NavigationItem.new("Stock owners", "/organisations/#{current_user.organisation.id}/stock-owners", false), - NavigationItemsHelper::NavigationItem.new("Managing agents", "/organisations/#{current_user.organisation.id}/managing-agents", false), - ] - end - - it "returns navigation items with the logs item set as current" do - expect(primary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user)).to eq(expected_navigation_items) - expect(secondary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user.organisation.id)).to eq(expected_secondary_navigation_items) - end + it "returns navigation items with the logs item set as current" do + expect(primary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user)).to eq(expected_navigation_items) + expect(secondary_items("/organisations/#{current_user.organisation.id}/#{required_sub_path}", current_user.organisation.id)).to eq(expected_secondary_navigation_items) end end end diff --git a/spec/requests/locations_controller_spec.rb b/spec/requests/locations_controller_spec.rb index ef39e15ab..04eb71f1a 100644 --- a/spec/requests/locations_controller_spec.rb +++ b/spec/requests/locations_controller_spec.rb @@ -2,8 +2,8 @@ require "rails_helper" RSpec.describe LocationsController, type: :request do let(:page) { Capybara::Node::Simple.new(response.body) } - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } let(:fake_2021_2022_form) { Form.new("spec/fixtures/forms/2021_2022.json") } before do @@ -19,22 +19,21 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } before do sign_in user get "/schemes/1/locations/create" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 404" do + expect(response).to be_not_found end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } before do sign_in user @@ -56,18 +55,18 @@ RSpec.describe LocationsController, type: :request do end context "when trying to add a new location to a scheme that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } + let(:another_scheme) { create(:scheme) } it "displays the new page with an error message" do post scheme_locations_path(another_scheme) - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -90,11 +89,11 @@ RSpec.describe LocationsController, type: :request do end context "when trying to add a new location to a scheme that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } + let(:another_scheme) { create(:scheme) } it "displays the new page with an error message" do post scheme_locations_path(another_scheme) - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end @@ -109,23 +108,23 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider user" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } before do sign_in user get "/schemes/#{scheme.id}/locations" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 200" do + expect(response).to be_successful end end context "when signed in as a data coordinator user" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:locations) { FactoryBot.create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let!(:locations) { create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) } before do sign_in user @@ -133,15 +132,15 @@ RSpec.describe LocationsController, type: :request do end context "when coordinator attempts to see scheme belonging to a different organisation" do - let!(:another_scheme) { FactoryBot.create(:scheme) } + let(:another_scheme) { create(:scheme) } before do - FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2022, 4, 1)) + create(:location, scheme:, startdate: Time.zone.local(2022, 4, 1)) end - it "returns 404 not found" do + it "returns 401" do get "/schemes/#{another_scheme.id}/locations" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end @@ -177,7 +176,7 @@ RSpec.describe LocationsController, type: :request do end context "when paginating over 20 results" do - let!(:locations) { FactoryBot.create_list(:location, 25, scheme:) } + let!(:locations) { create_list(:location, 25, scheme:) } context "when on the first page" do before do @@ -275,9 +274,9 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme) } - let!(:locations) { FactoryBot.create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme) } + let!(:locations) { create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -318,7 +317,7 @@ RSpec.describe LocationsController, type: :request do end context "when paginating over 20 results" do - let!(:locations) { FactoryBot.create_list(:location, 25, scheme:) } + let!(:locations) { create_list(:location, 25, scheme:) } context "when on the first page" do before do @@ -401,23 +400,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - get "/schemes/1/locations/1/postcode" + get "/schemes/#{scheme.id}/locations/#{location.id}/postcode" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user @@ -464,20 +464,20 @@ RSpec.describe LocationsController, type: :request do end context "when trying to edit postcode of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } + let(:another_scheme) { create(:scheme) } + let(:another_location) { create(:location, scheme: another_scheme) } it "displays the new page with an error message" do get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/postcode" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -543,23 +543,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - get "/schemes/1/locations/1/local-authority" + get "/schemes/#{scheme.id}/locations/#{location.id}/local-authority" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user @@ -590,20 +591,20 @@ RSpec.describe LocationsController, type: :request do end context "when trying to edit local authority of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } + let(:another_scheme) { create(:scheme) } + let(:another_location) { create(:location, scheme: another_scheme) } it "displays the new page with an error message" do get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/local-authority" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -653,23 +654,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - get "/schemes/1/locations/1/name" + get "/schemes/#{scheme.id}/locations/#{location.id}/name" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user @@ -699,20 +701,20 @@ RSpec.describe LocationsController, type: :request do end context "when trying to edit name of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } + let(:another_scheme) { create(:scheme) } + let(:another_location) { create(:location, scheme: another_scheme) } it "displays the new page with an error message" do get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/name" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -761,23 +763,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - get "/schemes/1/locations/1/units" + get "/schemes/#{scheme.id}/locations/#{location.id}/units" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user @@ -807,20 +810,20 @@ RSpec.describe LocationsController, type: :request do end context "when trying to edit units of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } + let(:another_scheme) { create(:scheme) } + let(:another_location) { create(:location, scheme: another_scheme) } it "displays the new page with an error message" do get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/units" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -869,23 +872,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - get "/schemes/1/locations/1/type-of-unit" + get "/schemes/#{scheme.id}/locations/#{location.id}/type-of-unit" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user @@ -915,20 +919,20 @@ RSpec.describe LocationsController, type: :request do end context "when trying to edit type_of_unit of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } + let(:another_scheme) { create(:scheme) } + let(:another_location) { create(:location, scheme: another_scheme) } it "displays the new page with an error message" do get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/type-of-unit" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -977,23 +981,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - get "/schemes/1/locations/1/mobility-standards" + get "/schemes/#{scheme.id}/locations/#{location.id}/mobility-standards" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user @@ -1023,20 +1028,20 @@ RSpec.describe LocationsController, type: :request do end context "when trying to edit mobility_standards of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } + let(:another_scheme) { create(:scheme) } + let(:another_location) { create(:location, scheme: another_scheme) } it "displays the new page with an error message" do get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/mobility-standards" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1085,23 +1090,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - get "/schemes/1/locations/1/availability" + get "/schemes/#{scheme.id}/locations/#{location.id}/availability" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user @@ -1161,20 +1167,20 @@ RSpec.describe LocationsController, type: :request do end context "when trying to edit startdate of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } + let(:another_scheme) { create(:scheme) } + let(:another_location) { create(:location, scheme: another_scheme) } it "displays the new page with an error message" do get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/availability" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1253,23 +1259,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) } before do sign_in user - get "/schemes/1/locations/1/check-answers" + get "/schemes/#{scheme.id}/locations/#{location.id}/check-answers" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 200" do + expect(response).to be_successful end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) } before do sign_in user @@ -1301,7 +1308,7 @@ RSpec.describe LocationsController, type: :request do end context "when location is not complete" do - let(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) } + let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) } it "does not confirm location" do expect(Location.last.confirmed).to eq(false) @@ -1316,20 +1323,20 @@ RSpec.describe LocationsController, type: :request do end context "when trying to edit check_answers of location that belongs to another organisation" do - let(:another_scheme) { FactoryBot.create(:scheme) } - let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } + let(:another_scheme) { create(:scheme) } + let(:another_location) { create(:location, scheme: another_scheme) } it "displays the new page with an error message" do get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/check-answers" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) } + let(:user) { create(:user, :support) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1362,7 +1369,7 @@ RSpec.describe LocationsController, type: :request do end context "when location is not complete" do - let(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) } + let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) } it "does not confirm location" do expect(Location.last.confirmed).to eq(false) @@ -1395,25 +1402,26 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) } before do sign_in user - patch "/schemes/1/locations/1/deactivate" + patch "/schemes/#{scheme.id}/locations/#{location.id}/deactivate" end it "returns 401 unauthorized" do - request expect(response).to have_http_status(:unauthorized) end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) } + let(:user) { create(:user, :data_coordinator) } + let!(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let!(:location) { create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) } let(:deactivation_date) { Time.utc(2022, 10, 10) } - let!(:lettings_log) { FactoryBot.create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation) } + let!(:lettings_log) { create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation) } let(:startdate) { Time.utc(2022, 10, 11) } let(:add_deactivations) { nil } let(:setup_locations) { nil } @@ -1487,12 +1495,12 @@ RSpec.describe LocationsController, type: :request do let(:params) { { deactivation_date:, confirm: true, deactivation_date_type: "other" } } let(:mailer) { instance_double(LocationOrSchemeDeactivationMailer) } - let(:user_a) { FactoryBot.create(:user, email: "user_a@example.com") } - let(:user_b) { FactoryBot.create(:user, email: "user_b@example.com") } + let(:user_a) { create(:user, email: "user_a@example.com") } + let(:user_b) { create(:user, email: "user_b@example.com") } before do - FactoryBot.create_list(:lettings_log, 1, :sh, location:, scheme:, startdate:, created_by: user_a) - FactoryBot.create_list(:lettings_log, 3, :sh, location:, scheme:, startdate:, created_by: user_b) + create_list(:lettings_log, 1, :sh, location:, scheme:, startdate:, created_by: user_a) + create_list(:lettings_log, 3, :sh, location:, scheme:, startdate:, created_by: user_b) Timecop.freeze(Time.utc(2022, 10, 10)) sign_in user @@ -1615,7 +1623,7 @@ RSpec.describe LocationsController, type: :request do context "when deactivation date is during a deactivated period" do let(:deactivation_date) { Time.zone.local(2022, 10, 10) } let(:params) { { location_deactivation_period: { deactivation_date_type: "other", "deactivation_date(3i)": "8", "deactivation_date(2i)": "9", "deactivation_date(1i)": "2022" } } } - let(:add_deactivations) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 5, 5), reactivation_date: Time.zone.local(2022, 10, 12), location:) } + let(:add_deactivations) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 5, 5), reactivation_date: Time.zone.local(2022, 10, 12), location:) } it "displays page with an error message" do expect(response).to have_http_status(:unprocessable_entity) @@ -1634,23 +1642,24 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - get "/schemes/1/locations/1" + get "/schemes/#{scheme.id}/locations/#{location.id}" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 200" do + expect(response).to be_successful end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } let(:add_deactivations) { location.location_deactivation_periods << location_deactivation_period } before do @@ -1675,7 +1684,7 @@ RSpec.describe LocationsController, type: :request do end context "with deactivated location" do - let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), location:) } + let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), location:) } it "renders reactivate this location" do expect(response).to have_http_status(:ok) @@ -1684,7 +1693,7 @@ RSpec.describe LocationsController, type: :request do end context "with location that's deactivating soon" do - let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), location:) } + let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), location:) } it "does not render toggle location link" do expect(response).to have_http_status(:ok) @@ -1694,7 +1703,7 @@ RSpec.describe LocationsController, type: :request do end context "with location that's reactivating soon" do - let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 4, 12), reactivation_date: Time.zone.local(2022, 10, 12), location:) } + let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 4, 12), reactivation_date: Time.zone.local(2022, 10, 12), location:) } it "does not render toggle location link" do expect(response).to have_http_status(:ok) @@ -1714,6 +1723,8 @@ RSpec.describe LocationsController, type: :request do end it "shows the location" do + get "/schemes/#{scheme.id}/locations/#{location.id}" + expect(page).to have_content("Location name") expect(page).to have_content(location.name) end @@ -1735,30 +1746,31 @@ RSpec.describe LocationsController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } before do sign_in user - patch "/schemes/1/locations/1/reactivate" + patch "/schemes/#{scheme.id}/locations/#{location.id}/reactivate" end it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let(:location) { create(:location, scheme:) } let(:deactivation_date) { Time.zone.local(2022, 4, 1) } let(:startdate) { Time.utc(2022, 10, 11) } before do Timecop.freeze(Time.utc(2022, 10, 10)) sign_in user - FactoryBot.create(:location_deactivation_period, deactivation_date:, location:) + create(:location_deactivation_period, deactivation_date:, location:) location.save! patch "/schemes/#{scheme.id}/locations/#{location.id}/reactivate", params: end diff --git a/spec/requests/schemes_controller_spec.rb b/spec/requests/schemes_controller_spec.rb index 9aeaac6ca..4c7bad55a 100644 --- a/spec/requests/schemes_controller_spec.rb +++ b/spec/requests/schemes_controller_spec.rb @@ -4,12 +4,12 @@ RSpec.describe SchemesController, type: :request do let(:organisation) { user.organisation } let(:headers) { { "Accept" => "text/html" } } let(:page) { Capybara::Node::Simple.new(response.body) } - let(:user) { FactoryBot.create(:user, :support) } - let!(:schemes) { FactoryBot.create_list(:scheme, 5) } + let(:user) { create(:user, :support) } + let!(:schemes) { create_list(:scheme, 5) } before do schemes.each do |scheme| - FactoryBot.create(:location, scheme:) + create(:location, scheme:) end end @@ -22,21 +22,20 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider user" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } before do sign_in user get "/schemes" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 200 success" do + expect(response).to redirect_to(schemes_organisation_path(user.organisation.id)) end end context "when signed in as a data coordinator user" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } + let(:user) { create(:user, :data_coordinator) } before do schemes.each do |scheme| @@ -47,8 +46,7 @@ RSpec.describe SchemesController, type: :request do end it "redirects to the organisation schemes path" do - follow_redirect! - expect(path).to match("/organisations/#{user.organisation.id}/schemes") + expect(response).to redirect_to(schemes_organisation_path(user.organisation.id)) end it "shows a list of schemes for the organisation" do @@ -136,7 +134,7 @@ RSpec.describe SchemesController, type: :request do let(:total_schemes_count) { Scheme.count } before do - FactoryBot.create_list(:scheme, 20) + create_list(:scheme, 20) end context "when on the first page" do @@ -191,11 +189,11 @@ RSpec.describe SchemesController, type: :request do end context "when searching" do - let!(:searched_scheme) { FactoryBot.create(:scheme) } + let!(:searched_scheme) { create(:scheme) } let(:search_param) { searched_scheme.id_to_display } before do - FactoryBot.create(:location, scheme: searched_scheme) + create(:location, scheme: searched_scheme) get "/schemes?search=#{search_param}" end @@ -207,7 +205,7 @@ RSpec.describe SchemesController, type: :request do end it "returns results with no location" do - scheme_without_location = FactoryBot.create(:scheme) + scheme_without_location = create(:scheme) get "/schemes?search=#{scheme_without_location.id}" expect(page).to have_content(scheme_without_location.id_to_display) schemes.each do |scheme| @@ -237,22 +235,22 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider user" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } before do sign_in user - get "/schemes/#{specific_scheme.id}" + get "/schemes/#{scheme.id}" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 200" do + expect(response).to be_successful end end context "when signed in as a data coordinator user" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:specific_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } + let(:user) { create(:user, :data_coordinator) } + let!(:specific_scheme) { create(:scheme, owning_organisation: user.organisation) } before do sign_in user @@ -272,11 +270,11 @@ RSpec.describe SchemesController, type: :request do end context "when coordinator attempts to see scheme belonging to a different organisation" do - let!(:specific_scheme) { FactoryBot.create(:scheme) } + let!(:specific_scheme) { create(:scheme) } - it "returns 404 not found" do + it "returns 401" do get "/schemes/#{specific_scheme.id}" - expect(response).to have_http_status(:not_found) + expect(response).to be_unauthorized end end @@ -288,12 +286,12 @@ RSpec.describe SchemesController, type: :request do end context "when looking at scheme details" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } + let(:user) { create(:user, :data_coordinator) } + let!(:scheme) { create(:scheme, owning_organisation: user.organisation) } let(:add_deactivations) { scheme.scheme_deactivation_periods << scheme_deactivation_period } before do - FactoryBot.create(:location, scheme:) + create(:location, scheme:) Timecop.freeze(Time.utc(2022, 10, 10)) sign_in user add_deactivations @@ -315,7 +313,7 @@ RSpec.describe SchemesController, type: :request do end context "with deactivated scheme" do - let(:scheme_deactivation_period) { FactoryBot.create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), scheme:) } + let(:scheme_deactivation_period) { create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), scheme:) } it "renders reactivate this scheme" do expect(response).to have_http_status(:ok) @@ -324,7 +322,7 @@ RSpec.describe SchemesController, type: :request do end context "with scheme that's deactivating soon" do - let(:scheme_deactivation_period) { FactoryBot.create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), scheme:) } + let(:scheme_deactivation_period) { create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), scheme:) } it "does not render toggle scheme link" do expect(response).to have_http_status(:ok) @@ -390,21 +388,20 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } before do sign_in user get "/schemes/new" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } + let(:user) { create(:user, :data_coordinator) } before do sign_in user @@ -418,7 +415,7 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } + let(:user) { create(:user, :support) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -442,21 +439,28 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + + let(:params) do + { scheme: { service_name: "asd", + sensitive: "1", + scheme_type: "Foyer", + registered_under_care_act: "No", + arrangement_type: "D" } } + end before do sign_in user - post "/schemes" + post "/schemes", params: end - it "returns 401 unauthorized" do - request + it "returns 401" do expect(response).to have_http_status(:unauthorized) end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } + let(:user) { create(:user, :data_coordinator) } let(:params) do { scheme: { service_name: " testy ", sensitive: "1", @@ -547,7 +551,7 @@ RSpec.describe SchemesController, type: :request do end context "when the organisation id param is included" do - let(:organisation) { FactoryBot.create(:organisation) } + let(:organisation) { create(:organisation) } let(:params) { { scheme: { owning_organisation: organisation } } } it "sets the owning organisation correctly" do @@ -558,8 +562,8 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a support user" do - let(:organisation) { FactoryBot.create(:organisation) } - let(:user) { FactoryBot.create(:user, :support) } + let(:organisation) { create(:organisation) } + let(:user) { create(:user, :support) } let(:params) do { scheme: { service_name: "testy", sensitive: "1", @@ -654,7 +658,7 @@ RSpec.describe SchemesController, type: :request do end context "when organisation id param refers to a non-stock-owning organisation" do - let(:organisation_which_does_not_own_stock) { FactoryBot.create(:organisation, holds_own_stock: false) } + let(:organisation_which_does_not_own_stock) { create(:organisation, holds_own_stock: false) } let(:params) { { scheme: { owning_organisation_id: organisation_which_does_not_own_stock.id } } } it "displays the new page with an error message" do @@ -675,7 +679,7 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } before do sign_in user @@ -683,14 +687,13 @@ RSpec.describe SchemesController, type: :request do end it "returns 401 unauthorized" do - request expect(response).to have_http_status(:unauthorized) end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let(:scheme_to_update) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme_to_update) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } before do sign_in user @@ -979,11 +982,11 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let(:scheme_to_update) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } + let(:user) { create(:user, :support) } + let(:scheme_to_update) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } before do - FactoryBot.create(:location, scheme: scheme_to_update) + create(:location, scheme: scheme_to_update) allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user patch "/schemes/#{scheme_to_update.id}", params: @@ -1220,7 +1223,7 @@ RSpec.describe SchemesController, type: :request do end context "when updating details" do - let(:another_organisation) { FactoryBot.create(:organisation) } + let(:another_organisation) { create(:organisation) } let(:params) do { scheme: { service_name: "testy", sensitive: "1", @@ -1266,7 +1269,7 @@ RSpec.describe SchemesController, type: :request do end context "when editing scheme name details" do - let(:another_organisation) { FactoryBot.create(:organisation) } + let(:another_organisation) { create(:organisation) } let(:params) do { scheme: { service_name: "testy", sensitive: "1", @@ -1299,23 +1302,23 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } before do sign_in user - get "/schemes/1/primary-client-group" + get "/schemes/#{scheme.id}/primary-client-group" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } - let!(:another_scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } + let(:another_scheme) { create(:scheme, confirmed: nil) } before do sign_in user @@ -1332,16 +1335,15 @@ RSpec.describe SchemesController, type: :request do get "/schemes/#{another_scheme.id}/primary-client-group" end - it "returns 404 not_found" do - request - expect(response).to have_http_status(:not_found) + it "returns 401" do + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) } + let(:user) { create(:user, :support) } + let!(:scheme) { create(:scheme, confirmed: nil) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1380,23 +1382,23 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } before do sign_in user - get "/schemes/1/confirm-secondary-client-group" + get "/schemes/#{scheme.id}/confirm-secondary-client-group" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } - let!(:another_scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } + let(:another_scheme) { create(:scheme, confirmed: nil) } before do sign_in user @@ -1413,16 +1415,15 @@ RSpec.describe SchemesController, type: :request do get "/schemes/#{another_scheme.id}/confirm-secondary-client-group" end - it "returns 404 not_found" do - request - expect(response).to have_http_status(:not_found) + it "returns 401" do + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) } + let(:user) { create(:user, :support) } + let!(:scheme) { create(:scheme, confirmed: nil) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1461,23 +1462,23 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } before do sign_in user - get "/schemes/1/secondary-client-group" + get "/schemes/#{scheme.id}/secondary-client-group" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } - let!(:another_scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } + let(:another_scheme) { create(:scheme, confirmed: nil) } before do sign_in user @@ -1494,16 +1495,15 @@ RSpec.describe SchemesController, type: :request do get "/schemes/#{another_scheme.id}/secondary-client-group" end - it "returns 404 not_found" do - request - expect(response).to have_http_status(:not_found) + it "returns 401" do + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil, primary_client_group: Scheme::PRIMARY_CLIENT_GROUP[:"Homeless families with support needs"]) } + let(:user) { create(:user, :support) } + let!(:scheme) { create(:scheme, confirmed: nil, primary_client_group: Scheme::PRIMARY_CLIENT_GROUP[:"Homeless families with support needs"]) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1547,23 +1547,23 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } before do sign_in user - get "/schemes/1/support" + get "/schemes/#{scheme.id}/support" end it "returns 401 unauthorized" do - request expect(response).to have_http_status(:unauthorized) end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } - let!(:another_scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } + let(:another_scheme) { create(:scheme, confirmed: nil) } before do sign_in user @@ -1580,9 +1580,8 @@ RSpec.describe SchemesController, type: :request do get "/schemes/#{another_scheme.id}/support" end - it "returns 404 not_found" do - request - expect(response).to have_http_status(:not_found) + it "returns 401" do + expect(response).to be_unauthorized end end @@ -1603,8 +1602,8 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) } + let(:user) { create(:user, :support) } + let!(:scheme) { create(:scheme, confirmed: nil) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1628,23 +1627,23 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } before do sign_in user - get "/schemes/1/check-answers" + get "/schemes/#{scheme.id}/check-answers" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 200" do + expect(response).to be_successful end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:another_scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :data_coordinator) } + let!(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let!(:another_scheme) { create(:scheme) } before do sign_in user @@ -1661,16 +1660,15 @@ RSpec.describe SchemesController, type: :request do get "/schemes/#{another_scheme.id}/check-answers" end - it "returns 404 not_found" do - request - expect(response).to have_http_status(:not_found) + it "returns 401" do + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :support) } + let!(:scheme) { create(:scheme) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1694,23 +1692,23 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } before do sign_in user - get "/schemes/1/details" + get "/schemes/#{scheme.id}/details" end it "returns 401 unauthorized" do - request expect(response).to have_http_status(:unauthorized) end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } - let!(:another_scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :data_coordinator) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) } + let(:another_scheme) { create(:scheme, confirmed: nil) } before do sign_in user @@ -1727,9 +1725,8 @@ RSpec.describe SchemesController, type: :request do get "/schemes/#{another_scheme.id}/details" end - it "returns 404 not_found" do - request - expect(response).to have_http_status(:not_found) + it "returns 401" do + expect(response).to be_unauthorized end end @@ -1750,8 +1747,8 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) } + let(:user) { create(:user, :support) } + let!(:scheme) { create(:scheme, confirmed: nil) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1775,23 +1772,23 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } before do sign_in user - get "/schemes/1/edit-name" + get "/schemes/#{scheme.id}/edit-name" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } - let!(:another_scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :data_coordinator) } + let!(:scheme) { create(:scheme, owning_organisation: user.organisation) } + let!(:another_scheme) { create(:scheme) } before do sign_in user @@ -1810,16 +1807,15 @@ RSpec.describe SchemesController, type: :request do get "/schemes/#{another_scheme.id}/edit-name" end - it "returns 404 not_found" do - request - expect(response).to have_http_status(:not_found) + it "returns 401" do + expect(response).to be_unauthorized end end end context "when signed in as a support user" do - let(:user) { FactoryBot.create(:user, :support) } - let!(:scheme) { FactoryBot.create(:scheme) } + let(:user) { create(:user, :support) } + let!(:scheme) { create(:scheme) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) @@ -1845,25 +1841,25 @@ RSpec.describe SchemesController, type: :request do end context "when signed in as a data provider" do - let(:user) { FactoryBot.create(:user) } + let(:user) { create(:user) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) } before do sign_in user - patch "/schemes/1/new-deactivation" + patch "/schemes/#{scheme.id}/new-deactivation" end - it "returns 401 unauthorized" do - request - expect(response).to have_http_status(:unauthorized) + it "returns 401" do + expect(response).to be_unauthorized end end context "when signed in as a data coordinator" do - let(:user) { FactoryBot.create(:user, :data_coordinator) } - let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) } - let!(:location) { FactoryBot.create(:location, scheme:) } + let(:user) { create(:user, :data_coordinator) } + let!(:scheme) { create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) } + let!(:location) { create(:location, scheme:) } let(:deactivation_date) { Time.utc(2022, 10, 10) } - let!(:lettings_log) { FactoryBot.create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation, created_by: user) } + let!(:lettings_log) { create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation, created_by: user) } let(:startdate) { Time.utc(2022, 10, 11) } let(:setup_schemes) { nil } diff --git a/spec/views/locations/check_answers.html.erb_spec.rb b/spec/views/locations/check_answers.html.erb_spec.rb new file mode 100644 index 000000000..3a5cedc15 --- /dev/null +++ b/spec/views/locations/check_answers.html.erb_spec.rb @@ -0,0 +1,69 @@ +require "rails_helper" + +RSpec.describe "locations/check_answers.html.erb" do + context "when a data provider" do + let(:user) { create(:user) } + + let(:scheme) do + instance_double( + Scheme, + owning_organisation: user.organisation, + id: 1, + service_name: "some name", + id_to_display: "S1", + sensitive: false, + scheme_type: "some type", + registered_under_care_act: false, + arrangement_type: "some other type", + primary_client_group: false, + has_other_client_group: false, + secondary_client_group: false, + support_type: "some support type", + intended_stay: "some intended stay", + available_from: 1.week.ago, + scheme_deactivation_periods: [], + status: :active, + ) + end + + let(:location) do + instance_double( + Location, + name: "some location", + postcode: "EC1N 2TD", + linked_local_authorities: [], + units: "", + type_of_unit: "", + mobility_type: "", + available_from: 1.week.ago, + location_deactivation_periods: [], + status: :active, + active?: true, + scheme:, + startdate: 1.day.ago, + ) + end + + it "does not see create submission button" do + assign(:scheme, scheme) + assign(:location, location) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Save and return to locations") + end + + it "does not see change answer links" do + assign(:scheme, scheme) + assign(:location, location) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Change") + end + end +end diff --git a/spec/views/locations/index.html.erb_spec.rb b/spec/views/locations/index.html.erb_spec.rb new file mode 100644 index 000000000..168e1ebfd --- /dev/null +++ b/spec/views/locations/index.html.erb_spec.rb @@ -0,0 +1,43 @@ +require "rails_helper" + +RSpec.describe "locations/index.html.erb" do + context "when a data provider" do + let(:user) { create(:user) } + + let(:scheme) do + instance_double( + Scheme, + owning_organisation: user.organisation, + id: 1, + service_name: "some name", + id_to_display: "S1", + sensitive: false, + scheme_type: "some type", + registered_under_care_act: false, + arrangement_type: "some other type", + primary_client_group: false, + has_other_client_group: false, + secondary_client_group: false, + support_type: "some support type", + intended_stay: "some intended stay", + available_from: 1.week.ago, + scheme_deactivation_periods: [], + status: :active, + locations: Location, + ) + end + + it "does not see add a location button" do + assign(:pagy, Pagy.new(count: 0, page: 1)) + assign(:scheme, scheme) + assign(:locations, []) + + allow(view).to receive(:current_user).and_return(user) + allow(SearchComponent).to receive(:new).and_return(inline: "") + + render + + expect(rendered).not_to have_content("Add a location") + end + end +end diff --git a/spec/views/locations/show.html.erb_spec.rb b/spec/views/locations/show.html.erb_spec.rb new file mode 100644 index 000000000..ad8540eeb --- /dev/null +++ b/spec/views/locations/show.html.erb_spec.rb @@ -0,0 +1,68 @@ +require "rails_helper" + +RSpec.describe "locations/show.html.erb" do + context "when a data provider" do + let(:user) { create(:user) } + + let(:scheme) do + instance_double( + Scheme, + owning_organisation: user.organisation, + id: 1, + service_name: "some name", + id_to_display: "S1", + sensitive: false, + scheme_type: "some type", + registered_under_care_act: false, + arrangement_type: "some other type", + primary_client_group: false, + has_other_client_group: false, + secondary_client_group: false, + support_type: "some support type", + intended_stay: "some intended stay", + available_from: 1.week.ago, + scheme_deactivation_periods: [], + status: :active, + ) + end + + let(:location) do + instance_double( + Location, + name: "some location", + postcode: "EC1N 2TD", + linked_local_authorities: [], + units: "", + type_of_unit: "", + mobility_type: "", + available_from: 1.week.ago, + location_deactivation_periods: [], + status: :active, + active?: true, + scheme:, + ) + end + + it "does not see add a location button" do + assign(:scheme, scheme) + assign(:location, location) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Deactivate this location") + end + + it "does not see change answer links" do + assign(:scheme, scheme) + assign(:location, location) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Change") + end + end +end diff --git a/spec/views/organisations/schemes.html.erb_spec.rb b/spec/views/organisations/schemes.html.erb_spec.rb new file mode 100644 index 000000000..5c4bff422 --- /dev/null +++ b/spec/views/organisations/schemes.html.erb_spec.rb @@ -0,0 +1,19 @@ +require "rails_helper" + +RSpec.describe "organisations/schemes.html.erb" do + context "when data provider" do + let(:user) { build(:user) } + + it "does not render button to create schemes" do + assign(:organisation, user.organisation) + assign(:pagy, Pagy.new(count: 0, page: 1)) + assign(:schemes, []) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Create a new supported housing scheme") + end + end +end diff --git a/spec/views/schemes/check_answers.html.erb_spec.rb b/spec/views/schemes/check_answers.html.erb_spec.rb new file mode 100644 index 000000000..c0b0178e4 --- /dev/null +++ b/spec/views/schemes/check_answers.html.erb_spec.rb @@ -0,0 +1,29 @@ +require "rails_helper" + +RSpec.describe "schemes/check_answers.html.erb" do + let(:organisation) { create(:organisation, holds_own_stock: true) } + let(:user) { build(:user, organisation:) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + + context "when a data provider" do + it "does not render change links" do + assign(:scheme, scheme) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Change") + end + + it "does not render submit button" do + assign(:scheme, scheme) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Create scheme") + end + end +end diff --git a/spec/views/schemes/index.html.erb_spec.rb b/spec/views/schemes/index.html.erb_spec.rb new file mode 100644 index 000000000..86a8610c0 --- /dev/null +++ b/spec/views/schemes/index.html.erb_spec.rb @@ -0,0 +1,18 @@ +require "rails_helper" + +RSpec.describe "schemes/index.html.erb" do + context "when data provider" do + let(:user) { build(:user) } + + it "does not render button to create schemes" do + assign(:pagy, Pagy.new(count: 0, page: 1)) + assign(:schemes, []) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Create a new supported housing scheme") + end + end +end diff --git a/spec/views/schemes/show.html.erb_spec.rb b/spec/views/schemes/show.html.erb_spec.rb new file mode 100644 index 000000000..4a0447c11 --- /dev/null +++ b/spec/views/schemes/show.html.erb_spec.rb @@ -0,0 +1,29 @@ +require "rails_helper" + +RSpec.describe "schemes/show.html.erb" do + context "when data provider" do + let(:organisation) { create(:organisation, holds_own_stock: true) } + let(:user) { build(:user, organisation:) } + let(:scheme) { create(:scheme, owning_organisation: user.organisation) } + + it "does not render button to deactivate schemes" do + assign(:scheme, scheme) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Deactivate this scheme") + end + + it "does not see change answer links" do + assign(:scheme, scheme) + + allow(view).to receive(:current_user).and_return(user) + + render + + expect(rendered).not_to have_content("Change") + end + end +end