Browse Source

CLDC-1732 Provider and read only schemes (#1642)

# Context

- https://digital.dclg.gov.uk/jira/browse/CLDC-1732
- data providers are given read-only able access to schemes and locations 

# Changes

- introduce `pundit` policies to schemes and locations. the old scope mechanism has been removed
- apply policies at view level so hide write access based functionality from data providers
pull/1655/head
Phil Lee 2 years ago committed by GitHub
parent
commit
3e0d10f176
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 33
      app/controllers/locations_controller.rb
  2. 25
      app/controllers/schemes_controller.rb
  3. 3
      app/helpers/check_answers_helper.rb
  4. 11
      app/helpers/navigation_items_helper.rb
  5. 74
      app/policies/location_policy.rb
  6. 61
      app/policies/scheme_policy.rb
  7. 9
      app/views/locations/check_answers.html.erb
  8. 4
      app/views/locations/index.html.erb
  9. 9
      app/views/locations/show.html.erb
  10. 4
      app/views/organisations/schemes.html.erb
  11. 1
      app/views/schemes/_scheme_summary_list_row.html.erb
  12. 7
      app/views/schemes/check_answers.html.erb
  13. 4
      app/views/schemes/index.html.erb
  14. 8
      app/views/schemes/show.html.erb
  15. 16
      spec/helpers/navigation_items_helper_spec.rb
  16. 362
      spec/requests/locations_controller_spec.rb
  17. 294
      spec/requests/schemes_controller_spec.rb
  18. 69
      spec/views/locations/check_answers.html.erb_spec.rb
  19. 43
      spec/views/locations/index.html.erb_spec.rb
  20. 68
      spec/views/locations/show.html.erb_spec.rb
  21. 19
      spec/views/organisations/schemes.html.erb_spec.rb
  22. 29
      spec/views/schemes/check_answers.html.erb_spec.rb
  23. 18
      spec/views/schemes/index.html.erb_spec.rb
  24. 29
      spec/views/schemes/show.html.erb_spec.rb

33
app/controllers/locations_controller.rb

@ -1,22 +1,29 @@
class LocationsController < ApplicationController class LocationsController < ApplicationController
include Pagy::Backend include Pagy::Backend
include Modules::SearchFilter
before_action :authenticate_user! before_action :authenticate_user!
before_action :authenticate_scope!
before_action :find_location, except: %i[create index] before_action :find_location, except: %i[create index]
before_action :find_scheme before_action :find_scheme
before_action :authenticate_action!, only: %i[create update index new_deactivation deactivate_confirm deactivate postcode local_authority name units type_of_unit mobility_standards availability check_answers]
before_action :scheme_and_location_present, except: %i[create index] before_action :scheme_and_location_present, except: %i[create index]
include Modules::SearchFilter before_action :authorize_user, except: %i[index create]
def index def index
authorize @scheme
@pagy, @locations = pagy(filtered_collection(@scheme.locations, search_term)) @pagy, @locations = pagy(filtered_collection(@scheme.locations, search_term))
@total_count = @scheme.locations.size @total_count = @scheme.locations.size
@searched = search_term.presence @searched = search_term.presence
end end
def create def create
@location = @scheme.locations.create! @location = @scheme.locations.new
authorize @location
@location.save!
redirect_to scheme_location_postcode_path(@scheme, @location, route: params[:route]) redirect_to scheme_location_postcode_path(@scheme, @location, route: params[:route])
end end
@ -205,6 +212,10 @@ class LocationsController < ApplicationController
private private
def authorize_user
authorize(@location || Location)
end
def scheme_and_location_present def scheme_and_location_present
render_not_found and return unless @location && @scheme render_not_found and return unless @location && @scheme
end end
@ -221,20 +232,6 @@ private
@location = params[:location_id].present? ? Location.find_by(id: params[:location_id]) : Location.find_by(id: params[:id]) @location = params[:location_id].present? ? Location.find_by(id: params[:location_id]) : Location.find_by(id: params[:id])
end end
def authenticate_scope!
head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
end
def authenticate_action!
unless user_allowed_action?
render_not_found
end
end
def user_allowed_action?
current_user.support? || current_user.organisation == @scheme&.owning_organisation || current_user.organisation.parent_organisations.exists?(@scheme&.owning_organisation_id)
end
def location_params def location_params
required_params = params.require(:location).permit(:postcode, :location_admin_district, :location_code, :name, :units, :type_of_unit, :mobility_type, "startdate(1i)", "startdate(2i)", "startdate(3i)").merge(scheme_id: @scheme.id) required_params = params.require(:location).permit(:postcode, :location_admin_district, :location_code, :name, :units, :type_of_unit, :mobility_type, "startdate(1i)", "startdate(2i)", "startdate(3i)").merge(scheme_id: @scheme.id)
required_params[:postcode] = PostcodeService.clean(required_params[:postcode]) if required_params[:postcode] required_params[:postcode] = PostcodeService.clean(required_params[:postcode]) if required_params[:postcode]

25
app/controllers/schemes_controller.rb

@ -3,9 +3,11 @@ class SchemesController < ApplicationController
include Modules::SearchFilter include Modules::SearchFilter
before_action :authenticate_user! before_action :authenticate_user!
before_action :find_resource, except: %i[index] before_action :find_resource, except: %i[index create new]
before_action :authenticate_scope!
before_action :redirect_if_scheme_confirmed, only: %i[primary_client_group confirm_secondary_client_group secondary_client_group support details] before_action :redirect_if_scheme_confirmed, only: %i[primary_client_group confirm_secondary_client_group secondary_client_group support details]
before_action :authorize_user
rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
def index def index
redirect_to schemes_organisation_path(current_user.organisation) unless current_user.support? redirect_to schemes_organisation_path(current_user.organisation) unless current_user.support?
@ -18,6 +20,9 @@ class SchemesController < ApplicationController
def show def show
@scheme = Scheme.find_by(id: params[:id]) @scheme = Scheme.find_by(id: params[:id])
authorize @scheme
render_not_found and return unless @scheme render_not_found and return unless @scheme
end end
@ -89,6 +94,8 @@ class SchemesController < ApplicationController
def create def create
@scheme = Scheme.new(scheme_params) @scheme = Scheme.new(scheme_params)
authorize @scheme
validation_errors scheme_params validation_errors scheme_params
if @scheme.errors.empty? && @scheme.save if @scheme.errors.empty? && @scheme.save
@ -109,6 +116,8 @@ class SchemesController < ApplicationController
def update def update
render_not_found and return unless @scheme render_not_found and return unless @scheme
authorize @scheme
check_answers = params[:scheme][:check_answers] check_answers = params[:scheme][:check_answers]
page = params[:scheme][:page] page = params[:scheme][:page]
scheme_previously_confirmed = @scheme.confirmed? scheme_previously_confirmed = @scheme.confirmed?
@ -182,6 +191,10 @@ class SchemesController < ApplicationController
private private
def authorize_user
authorize(@scheme || Scheme)
end
def validation_errors(scheme_params) def validation_errors(scheme_params)
scheme_params.each_key do |key| scheme_params.each_key do |key|
if scheme_params[key].to_s.empty? if scheme_params[key].to_s.empty?
@ -260,14 +273,10 @@ private
def find_resource def find_resource
@scheme = Scheme.find_by(id: params[:id]) || Scheme.find_by(id: params[:scheme_id]) @scheme = Scheme.find_by(id: params[:id]) || Scheme.find_by(id: params[:scheme_id])
end
def authenticate_scope! raise ActiveRecord::RecordNotFound unless @scheme
head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name deactivate].include?(action_name) && !user_allowed_action? @scheme
render_not_found and return
end
end end
def user_allowed_action? def user_allowed_action?

3
app/helpers/check_answers_helper.rb

@ -12,7 +12,10 @@ module CheckAnswersHelper
end end
def can_change_scheme_answer?(attribute_name, scheme) def can_change_scheme_answer?(attribute_name, scheme)
return false unless current_user.support? || current_user.data_coordinator?
editable_attributes = current_user.support? ? ["Name", "Confidential information", "Housing stock owned by"] : ["Name", "Confidential information"] editable_attributes = current_user.support? ? ["Name", "Confidential information", "Housing stock owned by"] : ["Name", "Confidential information"]
!scheme.confirmed? || editable_attributes.include?(attribute_name) !scheme.confirmed? || editable_attributes.include?(attribute_name)
end end

11
app/helpers/navigation_items_helper.rb

@ -10,20 +10,11 @@ module NavigationItemsHelper
NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)), NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)),
NavigationItem.new("Schemes", "/schemes", supported_housing_schemes_current?(path)), NavigationItem.new("Schemes", "/schemes", supported_housing_schemes_current?(path)),
].compact ].compact
elsif current_user.data_coordinator? && current_user.organisation.holds_own_stock?
[
NavigationItem.new("Lettings logs", lettings_logs_path, lettings_logs_current?(path)),
NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)),
NavigationItem.new("Schemes", "/schemes", subnav_supported_housing_schemes_path?(path)),
NavigationItem.new("Users", users_organisation_path(current_user.organisation), subnav_users_path?(path)),
NavigationItem.new("About your organisation", "/organisations/#{current_user.organisation.id}", subnav_details_path?(path)),
NavigationItem.new("Stock owners", stock_owners_organisation_path(current_user.organisation), stock_owners_path?(path)),
NavigationItem.new("Managing agents", managing_agents_organisation_path(current_user.organisation), managing_agents_path?(path)),
].compact
else else
[ [
NavigationItem.new("Lettings logs", lettings_logs_path, lettings_logs_current?(path)), NavigationItem.new("Lettings logs", lettings_logs_path, lettings_logs_current?(path)),
NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)), NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)),
(NavigationItem.new("Schemes", "/schemes", subnav_supported_housing_schemes_path?(path)) if current_user.organisation.holds_own_stock?),
NavigationItem.new("Users", users_organisation_path(current_user.organisation), subnav_users_path?(path)), NavigationItem.new("Users", users_organisation_path(current_user.organisation), subnav_users_path?(path)),
NavigationItem.new("About your organisation", "/organisations/#{current_user.organisation.id}", subnav_details_path?(path)), NavigationItem.new("About your organisation", "/organisations/#{current_user.organisation.id}", subnav_details_path?(path)),
NavigationItem.new("Stock owners", stock_owners_organisation_path(current_user.organisation), stock_owners_path?(path)), NavigationItem.new("Stock owners", stock_owners_organisation_path(current_user.organisation), stock_owners_path?(path)),

74
app/policies/location_policy.rb

@ -0,0 +1,74 @@
class LocationPolicy
attr_reader :user, :location
def initialize(user, location)
@user = user
@location = location
end
def index?
true
end
def create?
return true if user.support?
if location == Location
user.data_coordinator?
else
user.data_coordinator? && user.organisation == scheme&.owning_organisation
end
end
def update?
return true if user.support?
user.data_coordinator? && scheme&.owning_organisation == user.organisation
end
%w[
update_postcode?
update_local_authority?
update_name?
update_units?
update_type_of_unit?
update_mobility_standards?
update_availability?
new_deactivation?
deactivate_confirm?
deactivate?
new_reactivation?
reactivate?
postcode?
local_authority?
name?
units?
type_of_unit?
mobility_standards?
availability?
confirm?
].each do |method_name|
define_method method_name do
return true if user.support?
user.data_coordinator? && scheme&.owning_organisation == user.organisation
end
end
%w[
show?
check_answers?
].each do |method_name|
define_method method_name do
return true if user.support?
user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
private
def scheme
location.scheme
end
end

61
app/policies/scheme_policy.rb

@ -0,0 +1,61 @@
class SchemePolicy
attr_reader :user, :scheme
def initialize(user, scheme)
@user = user
@scheme = scheme
end
def index?
return true if user.support?
if scheme == Scheme
true
else
user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
def new?
user.data_coordinator? || user.support?
end
def create?
user.data_coordinator? || user.support?
end
def update?
return true if user.support?
user.data_coordinator? && (scheme&.owning_organisation == user.organisation)
end
%w[
show?
check_answers?
].each do |method_name|
define_method method_name do
return true if user.support?
user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
%w[
edit_name?
primary_client_group?
confirm_secondary_client_group?
secondary_client_group?
new_deactivation?
deactivate?
details?
support?
deactivate_confirm?
].each do |method_name|
define_method method_name do
return true if user.support?
user.data_coordinator? && scheme&.owning_organisation == user.organisation
end
end
end

9
app/views/locations/check_answers.html.erb

@ -21,13 +21,18 @@
<%= summary_list.row do |row| %> <%= summary_list.row do |row| %>
<% row.key { attr[:name] } %> <% row.key { attr[:name] } %>
<% row.value { details_html(attr) } %> <% row.value { details_html(attr) } %>
<% if LocationPolicy.new(current_user, @location).update? %>
<% row.action(text: action_text_helper(attr, @location), href: location_edit_path(@location, attr[:attribute])) %> <% row.action(text: action_text_helper(attr, @location), href: location_edit_path(@location, attr[:attribute])) %>
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>
<% end %>
</div> </div>
</div> </div>
<div class="govuk-button-group">
<% if LocationPolicy.new(current_user, @location).create? %>
<div class="govuk-button-group">
<%= govuk_button_to "Save and return to locations", scheme_location_confirm_path(@scheme, @location, route: params[:route]), method: :patch %> <%= govuk_button_to "Save and return to locations", scheme_location_confirm_path(@scheme, @location, route: params[:route]), method: :patch %>
<%= govuk_button_link_to "Cancel", scheme_locations_path(@scheme), secondary: true %> <%= govuk_button_link_to "Cancel", scheme_locations_path(@scheme), secondary: true %>
</div> </div>
<% end %>

4
app/views/locations/index.html.erb

@ -64,12 +64,12 @@
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>
<% if user_can_edit_scheme?(current_user, @scheme) %>
<% if LocationPolicy.new(current_user, @scheme.locations.new).create? %>
<%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %> <%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
<% end %> <% end %>
</div> </div>
</div> </div>
<% else %> <% else %>
<%= govuk_table do |table| %> <%= govuk_table do |table| %>
<%= table.caption(classes: %w[govuk-!-font-size-19 govuk-!-font-weight-regular]) do |caption| %> <%= table.caption(classes: %w[govuk-!-font-size-19 govuk-!-font-weight-regular]) do |caption| %>

9
app/views/locations/show.html.erb

@ -16,12 +16,17 @@
<%= summary_list.row do |row| %> <%= summary_list.row do |row| %>
<% row.key { attr[:name] } %> <% row.key { attr[:name] } %>
<% row.value { attr[:attribute].eql?("status") ? status_tag(attr[:value]) : details_html(attr) } %> <% row.value { attr[:attribute].eql?("status") ? status_tag(attr[:value]) : details_html(attr) } %>
<% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" && user_can_edit_scheme?(current_user, @scheme) %> <% if LocationPolicy.new(current_user, @location).update? %>
<% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" %>
<% end %>
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>
</div> </div>
</div> </div>
<% if FeatureToggle.location_toggle_enabled? && user_can_edit_scheme?(current_user, @scheme) %>
<% if FeatureToggle.location_toggle_enabled? %>
<% if LocationPolicy.new(current_user, @location).deactivate? %>
<%= toggle_location_link(@location) %> <%= toggle_location_link(@location) %>
<% end %>
<% end %> <% end %>

4
app/views/organisations/schemes.html.erb

@ -12,7 +12,9 @@
<h2 class="govuk-visually-hidden">Supported housing schemes</h2> <h2 class="govuk-visually-hidden">Supported housing schemes</h2>
<% end %> <% end %>
<%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %> <% if SchemePolicy.new(current_user, nil).create? %>
<%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %>
<% end %>
<%= govuk_details( <%= govuk_details(
classes: "govuk-!-width-two-thirds", classes: "govuk-!-width-two-thirds",

1
app/views/schemes/_scheme_summary_list_row.html.erb

@ -14,6 +14,7 @@
<%= details_html(attribute) %> <%= details_html(attribute) %>
</dd> </dd>
<% end %> <% end %>
<% if can_change_scheme_answer?(attribute[:name], scheme) %> <% if can_change_scheme_answer?(attribute[:name], scheme) %>
<dd class="govuk-summary-list__actions"> <dd class="govuk-summary-list__actions">
<a class="govuk-link" href="<%= change_link %>">Change</a> <a class="govuk-link" href="<%= change_link %>">Change</a>

7
app/views/schemes/check_answers.html.erb

@ -12,17 +12,21 @@
<% next if current_user.data_coordinator? && attr[:name] == ("owned by") %> <% next if current_user.data_coordinator? && attr[:name] == ("owned by") %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: @scheme.confirmed? ? scheme_edit_name_path(@scheme) : scheme_details_path(@scheme, check_answers: true) } %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: @scheme.confirmed? ? scheme_edit_name_path(@scheme) : scheme_details_path(@scheme, check_answers: true) } %>
<% end %> <% end %>
<% @scheme.check_primary_client_attributes.each do |attr| %> <% @scheme.check_primary_client_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_primary_client_group_path(@scheme, check_answers: true) } %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_primary_client_group_path(@scheme, check_answers: true) } %>
<% end %> <% end %>
<% @scheme.check_secondary_client_confirmation_attributes.each do |attr| %> <% @scheme.check_secondary_client_confirmation_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_confirm_secondary_client_group_path(@scheme, check_answers: true) } %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_confirm_secondary_client_group_path(@scheme, check_answers: true) } %>
<% end %> <% end %>
<% if @scheme.has_other_client_group == "Yes" %> <% if @scheme.has_other_client_group == "Yes" %>
<% @scheme.check_secondary_client_attributes.each do |attr| %> <% @scheme.check_secondary_client_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_secondary_client_group_path(@scheme, check_answers: true) } %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_secondary_client_group_path(@scheme, check_answers: true) } %>
<% end %> <% end %>
<% end %> <% end %>
<% @scheme.check_support_attributes.each do |attr| %> <% @scheme.check_support_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_support_path(@scheme, check_answers: true) } %> <%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_support_path(@scheme, check_answers: true) } %>
<% end %> <% end %>
@ -32,5 +36,8 @@
<%= f.hidden_field :page, value: "check-answers" %> <%= f.hidden_field :page, value: "check-answers" %>
<%= f.hidden_field :confirmed, value: "true" %> <%= f.hidden_field :confirmed, value: "true" %>
<% button_label = @scheme.confirmed? ? "Save" : "Create scheme" %> <% button_label = @scheme.confirmed? ? "Save" : "Create scheme" %>
<% if SchemePolicy.new(current_user, @scheme).create? %>
<%= f.govuk_submit button_label %> <%= f.govuk_submit button_label %>
<% end %>
<% end %> <% end %>

4
app/views/schemes/index.html.erb

@ -5,7 +5,9 @@
<%= render partial: "organisations/headings", locals: current_user.support? ? { main: "Supported housing schemes", sub: nil } : { main: "Supported housing schemes", sub: current_user.organisation.name } %> <%= render partial: "organisations/headings", locals: current_user.support? ? { main: "Supported housing schemes", sub: nil } : { main: "Supported housing schemes", sub: current_user.organisation.name } %>
<%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %> <% if SchemePolicy.new(current_user, nil).create? %>
<%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %>
<% end %>
<%= render SearchComponent.new(current_user:, search_label: "Search by scheme name, code, postcode or location name", value: @searched) %> <%= render SearchComponent.new(current_user:, search_label: "Search by scheme name, code, postcode or location name", value: @searched) %>

8
app/views/schemes/show.html.erb

@ -22,7 +22,9 @@
<%= summary_list.row do |row| %> <%= summary_list.row do |row| %>
<% row.key { attr[:name] } %> <% row.key { attr[:name] } %>
<% row.value { details_html(attr) } %> <% row.value { details_html(attr) } %>
<% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] && user_can_edit_scheme?(current_user, @scheme) %> <% if SchemePolicy.new(current_user, @scheme).update? %>
<% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] %>
<% end %>
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>
@ -32,6 +34,8 @@
</div> </div>
<% end %> <% end %>
<% if FeatureToggle.scheme_toggle_enabled? && user_can_edit_scheme?(current_user, @scheme) %> <% if FeatureToggle.scheme_toggle_enabled? %>
<% if SchemePolicy.new(current_user, @scheme).deactivate? %>
<%= toggle_scheme_link(@scheme) %> <%= toggle_scheme_link(@scheme) %>
<% end %>
<% end %> <% end %>

16
spec/helpers/navigation_items_helper_spec.rb

@ -1,13 +1,12 @@
require "rails_helper" require "rails_helper"
RSpec.describe NavigationItemsHelper do RSpec.describe NavigationItemsHelper do
let(:current_user) { FactoryBot.create(:user, :data_coordinator) } let(:current_user) { create(:user, :data_coordinator) }
let(:users_path) { "/organisations/#{current_user.organisation.id}/users" } let(:users_path) { "/organisations/#{current_user.organisation.id}/users" }
let(:organisation_path) { "/organisations/#{current_user.organisation.id}" } let(:organisation_path) { "/organisations/#{current_user.organisation.id}" }
describe "#primary items" do describe "#primary_items" do
context "when the sales log feature flag is enabled" do
context "when the user is a data coordinator" do context "when the user is a data coordinator" do
context "when the user is on the lettings logs page" do context "when the user is on the lettings logs page" do
let(:expected_navigation_items) do let(:expected_navigation_items) do
@ -136,8 +135,16 @@ RSpec.describe NavigationItemsHelper do
end end
end end
context "when a data provider" do
let(:current_user) { create(:user, :data_provider) }
it "includes schemes" do
expect(primary_items("/", current_user)).to include(NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false))
end
end
context "when the user is a support user" do context "when the user is a support user" do
let(:current_user) { FactoryBot.create(:user, :support) } let(:current_user) { create(:user, :support) }
context "when the user is on the lettings logs page" do context "when the user is on the lettings logs page" do
let(:expected_navigation_items) do let(:expected_navigation_items) do
@ -406,5 +413,4 @@ RSpec.describe NavigationItemsHelper do
end end
end end
end end
end
end end

362
spec/requests/locations_controller_spec.rb

@ -2,8 +2,8 @@ require "rails_helper"
RSpec.describe LocationsController, type: :request do RSpec.describe LocationsController, type: :request do
let(:page) { Capybara::Node::Simple.new(response.body) } let(:page) { Capybara::Node::Simple.new(response.body) }
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:fake_2021_2022_form) { Form.new("spec/fixtures/forms/2021_2022.json") } let(:fake_2021_2022_form) { Form.new("spec/fixtures/forms/2021_2022.json") }
before do before do
@ -19,22 +19,21 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/create" get "/schemes/1/locations/create"
end end
it "returns 401 unauthorized" do it "returns 404" do
request expect(response).to be_not_found
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do before do
sign_in user sign_in user
@ -56,18 +55,18 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to add a new location to a scheme that belongs to another organisation" do context "when trying to add a new location to a scheme that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
post scheme_locations_path(another_scheme) post scheme_locations_path(another_scheme)
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -90,11 +89,11 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to add a new location to a scheme that belongs to another organisation" do context "when trying to add a new location to a scheme that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
post scheme_locations_path(another_scheme) post scheme_locations_path(another_scheme)
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
@ -109,23 +108,23 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider user" do context "when signed in as a data provider user" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do before do
sign_in user sign_in user
get "/schemes/#{scheme.id}/locations" get "/schemes/#{scheme.id}/locations"
end end
it "returns 401 unauthorized" do it "returns 200" do
request expect(response).to be_successful
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator user" do context "when signed in as a data coordinator user" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:locations) { FactoryBot.create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) } let!(:locations) { create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) }
before do before do
sign_in user sign_in user
@ -133,15 +132,15 @@ RSpec.describe LocationsController, type: :request do
end end
context "when coordinator attempts to see scheme belonging to a different organisation" do context "when coordinator attempts to see scheme belonging to a different organisation" do
let!(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
before do before do
FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2022, 4, 1)) create(:location, scheme:, startdate: Time.zone.local(2022, 4, 1))
end end
it "returns 404 not found" do it "returns 401" do
get "/schemes/#{another_scheme.id}/locations" get "/schemes/#{another_scheme.id}/locations"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
@ -177,7 +176,7 @@ RSpec.describe LocationsController, type: :request do
end end
context "when paginating over 20 results" do context "when paginating over 20 results" do
let!(:locations) { FactoryBot.create_list(:location, 25, scheme:) } let!(:locations) { create_list(:location, 25, scheme:) }
context "when on the first page" do context "when on the first page" do
before do before do
@ -275,9 +274,9 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme) } let(:scheme) { create(:scheme) }
let!(:locations) { FactoryBot.create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) } let!(:locations) { create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -318,7 +317,7 @@ RSpec.describe LocationsController, type: :request do
end end
context "when paginating over 20 results" do context "when paginating over 20 results" do
let!(:locations) { FactoryBot.create_list(:location, 25, scheme:) } let!(:locations) { create_list(:location, 25, scheme:) }
context "when on the first page" do context "when on the first page" do
before do before do
@ -401,23 +400,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1/postcode" get "/schemes/#{scheme.id}/locations/#{location.id}/postcode"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
@ -464,20 +464,20 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to edit postcode of location that belongs to another organisation" do context "when trying to edit postcode of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/postcode" get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/postcode"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -543,23 +543,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1/local-authority" get "/schemes/#{scheme.id}/locations/#{location.id}/local-authority"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
@ -590,20 +591,20 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to edit local authority of location that belongs to another organisation" do context "when trying to edit local authority of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/local-authority" get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/local-authority"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -653,23 +654,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1/name" get "/schemes/#{scheme.id}/locations/#{location.id}/name"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
@ -699,20 +701,20 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to edit name of location that belongs to another organisation" do context "when trying to edit name of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/name" get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/name"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -761,23 +763,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1/units" get "/schemes/#{scheme.id}/locations/#{location.id}/units"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
@ -807,20 +810,20 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to edit units of location that belongs to another organisation" do context "when trying to edit units of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/units" get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/units"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -869,23 +872,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1/type-of-unit" get "/schemes/#{scheme.id}/locations/#{location.id}/type-of-unit"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
@ -915,20 +919,20 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to edit type_of_unit of location that belongs to another organisation" do context "when trying to edit type_of_unit of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/type-of-unit" get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/type-of-unit"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -977,23 +981,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1/mobility-standards" get "/schemes/#{scheme.id}/locations/#{location.id}/mobility-standards"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
@ -1023,20 +1028,20 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to edit mobility_standards of location that belongs to another organisation" do context "when trying to edit mobility_standards of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/mobility-standards" get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/mobility-standards"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1085,23 +1090,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1/availability" get "/schemes/#{scheme.id}/locations/#{location.id}/availability"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
@ -1161,20 +1167,20 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to edit startdate of location that belongs to another organisation" do context "when trying to edit startdate of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/availability" get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/availability"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1253,23 +1259,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1/check-answers" get "/schemes/#{scheme.id}/locations/#{location.id}/check-answers"
end end
it "returns 401 unauthorized" do it "returns 200" do
request expect(response).to be_successful
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) } let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) }
before do before do
sign_in user sign_in user
@ -1301,7 +1308,7 @@ RSpec.describe LocationsController, type: :request do
end end
context "when location is not complete" do context "when location is not complete" do
let(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) } let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) }
it "does not confirm location" do it "does not confirm location" do
expect(Location.last.confirmed).to eq(false) expect(Location.last.confirmed).to eq(false)
@ -1316,20 +1323,20 @@ RSpec.describe LocationsController, type: :request do
end end
context "when trying to edit check_answers of location that belongs to another organisation" do context "when trying to edit check_answers of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) } let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/check-answers" get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/check-answers"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) } let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1362,7 +1369,7 @@ RSpec.describe LocationsController, type: :request do
end end
context "when location is not complete" do context "when location is not complete" do
let(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) } let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) }
it "does not confirm location" do it "does not confirm location" do
expect(Location.last.confirmed).to eq(false) expect(Location.last.confirmed).to eq(false)
@ -1395,25 +1402,26 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) }
before do before do
sign_in user sign_in user
patch "/schemes/1/locations/1/deactivate" patch "/schemes/#{scheme.id}/locations/#{location.id}/deactivate"
end end
it "returns 401 unauthorized" do it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized) expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let!(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) } let!(:location) { create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) }
let(:deactivation_date) { Time.utc(2022, 10, 10) } let(:deactivation_date) { Time.utc(2022, 10, 10) }
let!(:lettings_log) { FactoryBot.create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation) } let!(:lettings_log) { create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation) }
let(:startdate) { Time.utc(2022, 10, 11) } let(:startdate) { Time.utc(2022, 10, 11) }
let(:add_deactivations) { nil } let(:add_deactivations) { nil }
let(:setup_locations) { nil } let(:setup_locations) { nil }
@ -1487,12 +1495,12 @@ RSpec.describe LocationsController, type: :request do
let(:params) { { deactivation_date:, confirm: true, deactivation_date_type: "other" } } let(:params) { { deactivation_date:, confirm: true, deactivation_date_type: "other" } }
let(:mailer) { instance_double(LocationOrSchemeDeactivationMailer) } let(:mailer) { instance_double(LocationOrSchemeDeactivationMailer) }
let(:user_a) { FactoryBot.create(:user, email: "user_a@example.com") } let(:user_a) { create(:user, email: "user_a@example.com") }
let(:user_b) { FactoryBot.create(:user, email: "user_b@example.com") } let(:user_b) { create(:user, email: "user_b@example.com") }
before do before do
FactoryBot.create_list(:lettings_log, 1, :sh, location:, scheme:, startdate:, created_by: user_a) create_list(:lettings_log, 1, :sh, location:, scheme:, startdate:, created_by: user_a)
FactoryBot.create_list(:lettings_log, 3, :sh, location:, scheme:, startdate:, created_by: user_b) create_list(:lettings_log, 3, :sh, location:, scheme:, startdate:, created_by: user_b)
Timecop.freeze(Time.utc(2022, 10, 10)) Timecop.freeze(Time.utc(2022, 10, 10))
sign_in user sign_in user
@ -1615,7 +1623,7 @@ RSpec.describe LocationsController, type: :request do
context "when deactivation date is during a deactivated period" do context "when deactivation date is during a deactivated period" do
let(:deactivation_date) { Time.zone.local(2022, 10, 10) } let(:deactivation_date) { Time.zone.local(2022, 10, 10) }
let(:params) { { location_deactivation_period: { deactivation_date_type: "other", "deactivation_date(3i)": "8", "deactivation_date(2i)": "9", "deactivation_date(1i)": "2022" } } } let(:params) { { location_deactivation_period: { deactivation_date_type: "other", "deactivation_date(3i)": "8", "deactivation_date(2i)": "9", "deactivation_date(1i)": "2022" } } }
let(:add_deactivations) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 5, 5), reactivation_date: Time.zone.local(2022, 10, 12), location:) } let(:add_deactivations) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 5, 5), reactivation_date: Time.zone.local(2022, 10, 12), location:) }
it "displays page with an error message" do it "displays page with an error message" do
expect(response).to have_http_status(:unprocessable_entity) expect(response).to have_http_status(:unprocessable_entity)
@ -1634,23 +1642,24 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
get "/schemes/1/locations/1" get "/schemes/#{scheme.id}/locations/#{location.id}"
end end
it "returns 401 unauthorized" do it "returns 200" do
request expect(response).to be_successful
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
let(:add_deactivations) { location.location_deactivation_periods << location_deactivation_period } let(:add_deactivations) { location.location_deactivation_periods << location_deactivation_period }
before do before do
@ -1675,7 +1684,7 @@ RSpec.describe LocationsController, type: :request do
end end
context "with deactivated location" do context "with deactivated location" do
let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), location:) } let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), location:) }
it "renders reactivate this location" do it "renders reactivate this location" do
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
@ -1684,7 +1693,7 @@ RSpec.describe LocationsController, type: :request do
end end
context "with location that's deactivating soon" do context "with location that's deactivating soon" do
let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), location:) } let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), location:) }
it "does not render toggle location link" do it "does not render toggle location link" do
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
@ -1694,7 +1703,7 @@ RSpec.describe LocationsController, type: :request do
end end
context "with location that's reactivating soon" do context "with location that's reactivating soon" do
let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 4, 12), reactivation_date: Time.zone.local(2022, 10, 12), location:) } let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 4, 12), reactivation_date: Time.zone.local(2022, 10, 12), location:) }
it "does not render toggle location link" do it "does not render toggle location link" do
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
@ -1714,6 +1723,8 @@ RSpec.describe LocationsController, type: :request do
end end
it "shows the location" do it "shows the location" do
get "/schemes/#{scheme.id}/locations/#{location.id}"
expect(page).to have_content("Location name") expect(page).to have_content("Location name")
expect(page).to have_content(location.name) expect(page).to have_content(location.name)
end end
@ -1735,30 +1746,31 @@ RSpec.describe LocationsController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do before do
sign_in user sign_in user
patch "/schemes/1/locations/1/reactivate" patch "/schemes/#{scheme.id}/locations/#{location.id}/reactivate"
end end
it "returns 401 unauthorized" do it "returns 401 unauthorized" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) } let(:location) { create(:location, scheme:) }
let(:deactivation_date) { Time.zone.local(2022, 4, 1) } let(:deactivation_date) { Time.zone.local(2022, 4, 1) }
let(:startdate) { Time.utc(2022, 10, 11) } let(:startdate) { Time.utc(2022, 10, 11) }
before do before do
Timecop.freeze(Time.utc(2022, 10, 10)) Timecop.freeze(Time.utc(2022, 10, 10))
sign_in user sign_in user
FactoryBot.create(:location_deactivation_period, deactivation_date:, location:) create(:location_deactivation_period, deactivation_date:, location:)
location.save! location.save!
patch "/schemes/#{scheme.id}/locations/#{location.id}/reactivate", params: patch "/schemes/#{scheme.id}/locations/#{location.id}/reactivate", params:
end end

294
spec/requests/schemes_controller_spec.rb

@ -4,12 +4,12 @@ RSpec.describe SchemesController, type: :request do
let(:organisation) { user.organisation } let(:organisation) { user.organisation }
let(:headers) { { "Accept" => "text/html" } } let(:headers) { { "Accept" => "text/html" } }
let(:page) { Capybara::Node::Simple.new(response.body) } let(:page) { Capybara::Node::Simple.new(response.body) }
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:schemes) { FactoryBot.create_list(:scheme, 5) } let!(:schemes) { create_list(:scheme, 5) }
before do before do
schemes.each do |scheme| schemes.each do |scheme|
FactoryBot.create(:location, scheme:) create(:location, scheme:)
end end
end end
@ -22,21 +22,20 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider user" do context "when signed in as a data provider user" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
before do before do
sign_in user sign_in user
get "/schemes" get "/schemes"
end end
it "returns 401 unauthorized" do it "returns 200 success" do
request expect(response).to redirect_to(schemes_organisation_path(user.organisation.id))
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator user" do context "when signed in as a data coordinator user" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
before do before do
schemes.each do |scheme| schemes.each do |scheme|
@ -47,8 +46,7 @@ RSpec.describe SchemesController, type: :request do
end end
it "redirects to the organisation schemes path" do it "redirects to the organisation schemes path" do
follow_redirect! expect(response).to redirect_to(schemes_organisation_path(user.organisation.id))
expect(path).to match("/organisations/#{user.organisation.id}/schemes")
end end
it "shows a list of schemes for the organisation" do it "shows a list of schemes for the organisation" do
@ -136,7 +134,7 @@ RSpec.describe SchemesController, type: :request do
let(:total_schemes_count) { Scheme.count } let(:total_schemes_count) { Scheme.count }
before do before do
FactoryBot.create_list(:scheme, 20) create_list(:scheme, 20)
end end
context "when on the first page" do context "when on the first page" do
@ -191,11 +189,11 @@ RSpec.describe SchemesController, type: :request do
end end
context "when searching" do context "when searching" do
let!(:searched_scheme) { FactoryBot.create(:scheme) } let!(:searched_scheme) { create(:scheme) }
let(:search_param) { searched_scheme.id_to_display } let(:search_param) { searched_scheme.id_to_display }
before do before do
FactoryBot.create(:location, scheme: searched_scheme) create(:location, scheme: searched_scheme)
get "/schemes?search=#{search_param}" get "/schemes?search=#{search_param}"
end end
@ -207,7 +205,7 @@ RSpec.describe SchemesController, type: :request do
end end
it "returns results with no location" do it "returns results with no location" do
scheme_without_location = FactoryBot.create(:scheme) scheme_without_location = create(:scheme)
get "/schemes?search=#{scheme_without_location.id}" get "/schemes?search=#{scheme_without_location.id}"
expect(page).to have_content(scheme_without_location.id_to_display) expect(page).to have_content(scheme_without_location.id_to_display)
schemes.each do |scheme| schemes.each do |scheme|
@ -237,22 +235,22 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider user" do context "when signed in as a data provider user" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do before do
sign_in user sign_in user
get "/schemes/#{specific_scheme.id}" get "/schemes/#{scheme.id}"
end end
it "returns 401 unauthorized" do it "returns 200" do
request expect(response).to be_successful
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator user" do context "when signed in as a data coordinator user" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:specific_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let!(:specific_scheme) { create(:scheme, owning_organisation: user.organisation) }
before do before do
sign_in user sign_in user
@ -272,11 +270,11 @@ RSpec.describe SchemesController, type: :request do
end end
context "when coordinator attempts to see scheme belonging to a different organisation" do context "when coordinator attempts to see scheme belonging to a different organisation" do
let!(:specific_scheme) { FactoryBot.create(:scheme) } let!(:specific_scheme) { create(:scheme) }
it "returns 404 not found" do it "returns 401" do
get "/schemes/#{specific_scheme.id}" get "/schemes/#{specific_scheme.id}"
expect(response).to have_http_status(:not_found) expect(response).to be_unauthorized
end end
end end
@ -288,12 +286,12 @@ RSpec.describe SchemesController, type: :request do
end end
context "when looking at scheme details" do context "when looking at scheme details" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let!(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:add_deactivations) { scheme.scheme_deactivation_periods << scheme_deactivation_period } let(:add_deactivations) { scheme.scheme_deactivation_periods << scheme_deactivation_period }
before do before do
FactoryBot.create(:location, scheme:) create(:location, scheme:)
Timecop.freeze(Time.utc(2022, 10, 10)) Timecop.freeze(Time.utc(2022, 10, 10))
sign_in user sign_in user
add_deactivations add_deactivations
@ -315,7 +313,7 @@ RSpec.describe SchemesController, type: :request do
end end
context "with deactivated scheme" do context "with deactivated scheme" do
let(:scheme_deactivation_period) { FactoryBot.create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), scheme:) } let(:scheme_deactivation_period) { create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), scheme:) }
it "renders reactivate this scheme" do it "renders reactivate this scheme" do
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
@ -324,7 +322,7 @@ RSpec.describe SchemesController, type: :request do
end end
context "with scheme that's deactivating soon" do context "with scheme that's deactivating soon" do
let(:scheme_deactivation_period) { FactoryBot.create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), scheme:) } let(:scheme_deactivation_period) { create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), scheme:) }
it "does not render toggle scheme link" do it "does not render toggle scheme link" do
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
@ -390,21 +388,20 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
before do before do
sign_in user sign_in user
get "/schemes/new" get "/schemes/new"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
before do before do
sign_in user sign_in user
@ -418,7 +415,7 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -442,21 +439,28 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:params) do
{ scheme: { service_name: "asd",
sensitive: "1",
scheme_type: "Foyer",
registered_under_care_act: "No",
arrangement_type: "D" } }
end
before do before do
sign_in user sign_in user
post "/schemes" post "/schemes", params:
end end
it "returns 401 unauthorized" do it "returns 401" do
request
expect(response).to have_http_status(:unauthorized) expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let(:params) do let(:params) do
{ scheme: { service_name: " testy ", { scheme: { service_name: " testy ",
sensitive: "1", sensitive: "1",
@ -547,7 +551,7 @@ RSpec.describe SchemesController, type: :request do
end end
context "when the organisation id param is included" do context "when the organisation id param is included" do
let(:organisation) { FactoryBot.create(:organisation) } let(:organisation) { create(:organisation) }
let(:params) { { scheme: { owning_organisation: organisation } } } let(:params) { { scheme: { owning_organisation: organisation } } }
it "sets the owning organisation correctly" do it "sets the owning organisation correctly" do
@ -558,8 +562,8 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:organisation) { FactoryBot.create(:organisation) } let(:organisation) { create(:organisation) }
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let(:params) do let(:params) do
{ scheme: { service_name: "testy", { scheme: { service_name: "testy",
sensitive: "1", sensitive: "1",
@ -654,7 +658,7 @@ RSpec.describe SchemesController, type: :request do
end end
context "when organisation id param refers to a non-stock-owning organisation" do context "when organisation id param refers to a non-stock-owning organisation" do
let(:organisation_which_does_not_own_stock) { FactoryBot.create(:organisation, holds_own_stock: false) } let(:organisation_which_does_not_own_stock) { create(:organisation, holds_own_stock: false) }
let(:params) { { scheme: { owning_organisation_id: organisation_which_does_not_own_stock.id } } } let(:params) { { scheme: { owning_organisation_id: organisation_which_does_not_own_stock.id } } }
it "displays the new page with an error message" do it "displays the new page with an error message" do
@ -675,7 +679,7 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
before do before do
sign_in user sign_in user
@ -683,14 +687,13 @@ RSpec.describe SchemesController, type: :request do
end end
it "returns 401 unauthorized" do it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized) expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let(:scheme_to_update) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } let(:scheme_to_update) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do before do
sign_in user sign_in user
@ -979,11 +982,11 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let(:scheme_to_update) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } let(:scheme_to_update) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do before do
FactoryBot.create(:location, scheme: scheme_to_update) create(:location, scheme: scheme_to_update)
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in user sign_in user
patch "/schemes/#{scheme_to_update.id}", params: patch "/schemes/#{scheme_to_update.id}", params:
@ -1220,7 +1223,7 @@ RSpec.describe SchemesController, type: :request do
end end
context "when updating details" do context "when updating details" do
let(:another_organisation) { FactoryBot.create(:organisation) } let(:another_organisation) { create(:organisation) }
let(:params) do let(:params) do
{ scheme: { service_name: "testy", { scheme: { service_name: "testy",
sensitive: "1", sensitive: "1",
@ -1266,7 +1269,7 @@ RSpec.describe SchemesController, type: :request do
end end
context "when editing scheme name details" do context "when editing scheme name details" do
let(:another_organisation) { FactoryBot.create(:organisation) } let(:another_organisation) { create(:organisation) }
let(:params) do let(:params) do
{ scheme: { service_name: "testy", { scheme: { service_name: "testy",
sensitive: "1", sensitive: "1",
@ -1299,23 +1302,23 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do before do
sign_in user sign_in user
get "/schemes/1/primary-client-group" get "/schemes/#{scheme.id}/primary-client-group"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme, confirmed: nil) }
before do before do
sign_in user sign_in user
@ -1332,16 +1335,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/primary-client-group" get "/schemes/#{another_scheme.id}/primary-client-group"
end end
it "returns 404 not_found" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:not_found)
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) } let!(:scheme) { create(:scheme, confirmed: nil) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1380,23 +1382,23 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do before do
sign_in user sign_in user
get "/schemes/1/confirm-secondary-client-group" get "/schemes/#{scheme.id}/confirm-secondary-client-group"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme, confirmed: nil) }
before do before do
sign_in user sign_in user
@ -1413,16 +1415,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/confirm-secondary-client-group" get "/schemes/#{another_scheme.id}/confirm-secondary-client-group"
end end
it "returns 404 not_found" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:not_found)
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) } let!(:scheme) { create(:scheme, confirmed: nil) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1461,23 +1462,23 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do before do
sign_in user sign_in user
get "/schemes/1/secondary-client-group" get "/schemes/#{scheme.id}/secondary-client-group"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme, confirmed: nil) }
before do before do
sign_in user sign_in user
@ -1494,16 +1495,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/secondary-client-group" get "/schemes/#{another_scheme.id}/secondary-client-group"
end end
it "returns 404 not_found" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:not_found)
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil, primary_client_group: Scheme::PRIMARY_CLIENT_GROUP[:"Homeless families with support needs"]) } let!(:scheme) { create(:scheme, confirmed: nil, primary_client_group: Scheme::PRIMARY_CLIENT_GROUP[:"Homeless families with support needs"]) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1547,23 +1547,23 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do before do
sign_in user sign_in user
get "/schemes/1/support" get "/schemes/#{scheme.id}/support"
end end
it "returns 401 unauthorized" do it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized) expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme, confirmed: nil) }
before do before do
sign_in user sign_in user
@ -1580,9 +1580,8 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/support" get "/schemes/#{another_scheme.id}/support"
end end
it "returns 404 not_found" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:not_found)
end end
end end
@ -1603,8 +1602,8 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) } let!(:scheme) { create(:scheme, confirmed: nil) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1628,23 +1627,23 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do before do
sign_in user sign_in user
get "/schemes/1/check-answers" get "/schemes/#{scheme.id}/check-answers"
end end
it "returns 401 unauthorized" do it "returns 200" do
request expect(response).to be_successful
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let!(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:another_scheme) { FactoryBot.create(:scheme) } let!(:another_scheme) { create(:scheme) }
before do before do
sign_in user sign_in user
@ -1661,16 +1660,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/check-answers" get "/schemes/#{another_scheme.id}/check-answers"
end end
it "returns 404 not_found" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:not_found)
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme) } let!(:scheme) { create(:scheme) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1694,23 +1692,23 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do before do
sign_in user sign_in user
get "/schemes/1/details" get "/schemes/#{scheme.id}/details"
end end
it "returns 401 unauthorized" do it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized) expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) } let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) } let(:another_scheme) { create(:scheme, confirmed: nil) }
before do before do
sign_in user sign_in user
@ -1727,9 +1725,8 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/details" get "/schemes/#{another_scheme.id}/details"
end end
it "returns 404 not_found" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:not_found)
end end
end end
@ -1750,8 +1747,8 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) } let!(:scheme) { create(:scheme, confirmed: nil) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1775,23 +1772,23 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do before do
sign_in user sign_in user
get "/schemes/1/edit-name" get "/schemes/#{scheme.id}/edit-name"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let!(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:another_scheme) { FactoryBot.create(:scheme) } let!(:another_scheme) { create(:scheme) }
before do before do
sign_in user sign_in user
@ -1810,16 +1807,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/edit-name" get "/schemes/#{another_scheme.id}/edit-name"
end end
it "returns 404 not_found" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:not_found)
end end
end end
end end
context "when signed in as a support user" do context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme) } let!(:scheme) { create(:scheme) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1845,25 +1841,25 @@ RSpec.describe SchemesController, type: :request do
end end
context "when signed in as a data provider" do context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) }
before do before do
sign_in user sign_in user
patch "/schemes/1/new-deactivation" patch "/schemes/#{scheme.id}/new-deactivation"
end end
it "returns 401 unauthorized" do it "returns 401" do
request expect(response).to be_unauthorized
expect(response).to have_http_status(:unauthorized)
end end
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) } let!(:scheme) { create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) }
let!(:location) { FactoryBot.create(:location, scheme:) } let!(:location) { create(:location, scheme:) }
let(:deactivation_date) { Time.utc(2022, 10, 10) } let(:deactivation_date) { Time.utc(2022, 10, 10) }
let!(:lettings_log) { FactoryBot.create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation, created_by: user) } let!(:lettings_log) { create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation, created_by: user) }
let(:startdate) { Time.utc(2022, 10, 11) } let(:startdate) { Time.utc(2022, 10, 11) }
let(:setup_schemes) { nil } let(:setup_schemes) { nil }

69
spec/views/locations/check_answers.html.erb_spec.rb

@ -0,0 +1,69 @@
require "rails_helper"
RSpec.describe "locations/check_answers.html.erb" do
context "when a data provider" do
let(:user) { create(:user) }
let(:scheme) do
instance_double(
Scheme,
owning_organisation: user.organisation,
id: 1,
service_name: "some name",
id_to_display: "S1",
sensitive: false,
scheme_type: "some type",
registered_under_care_act: false,
arrangement_type: "some other type",
primary_client_group: false,
has_other_client_group: false,
secondary_client_group: false,
support_type: "some support type",
intended_stay: "some intended stay",
available_from: 1.week.ago,
scheme_deactivation_periods: [],
status: :active,
)
end
let(:location) do
instance_double(
Location,
name: "some location",
postcode: "EC1N 2TD",
linked_local_authorities: [],
units: "",
type_of_unit: "",
mobility_type: "",
available_from: 1.week.ago,
location_deactivation_periods: [],
status: :active,
active?: true,
scheme:,
startdate: 1.day.ago,
)
end
it "does not see create submission button" do
assign(:scheme, scheme)
assign(:location, location)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Save and return to locations")
end
it "does not see change answer links" do
assign(:scheme, scheme)
assign(:location, location)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Change")
end
end
end

43
spec/views/locations/index.html.erb_spec.rb

@ -0,0 +1,43 @@
require "rails_helper"
RSpec.describe "locations/index.html.erb" do
context "when a data provider" do
let(:user) { create(:user) }
let(:scheme) do
instance_double(
Scheme,
owning_organisation: user.organisation,
id: 1,
service_name: "some name",
id_to_display: "S1",
sensitive: false,
scheme_type: "some type",
registered_under_care_act: false,
arrangement_type: "some other type",
primary_client_group: false,
has_other_client_group: false,
secondary_client_group: false,
support_type: "some support type",
intended_stay: "some intended stay",
available_from: 1.week.ago,
scheme_deactivation_periods: [],
status: :active,
locations: Location,
)
end
it "does not see add a location button" do
assign(:pagy, Pagy.new(count: 0, page: 1))
assign(:scheme, scheme)
assign(:locations, [])
allow(view).to receive(:current_user).and_return(user)
allow(SearchComponent).to receive(:new).and_return(inline: "")
render
expect(rendered).not_to have_content("Add a location")
end
end
end

68
spec/views/locations/show.html.erb_spec.rb

@ -0,0 +1,68 @@
require "rails_helper"
RSpec.describe "locations/show.html.erb" do
context "when a data provider" do
let(:user) { create(:user) }
let(:scheme) do
instance_double(
Scheme,
owning_organisation: user.organisation,
id: 1,
service_name: "some name",
id_to_display: "S1",
sensitive: false,
scheme_type: "some type",
registered_under_care_act: false,
arrangement_type: "some other type",
primary_client_group: false,
has_other_client_group: false,
secondary_client_group: false,
support_type: "some support type",
intended_stay: "some intended stay",
available_from: 1.week.ago,
scheme_deactivation_periods: [],
status: :active,
)
end
let(:location) do
instance_double(
Location,
name: "some location",
postcode: "EC1N 2TD",
linked_local_authorities: [],
units: "",
type_of_unit: "",
mobility_type: "",
available_from: 1.week.ago,
location_deactivation_periods: [],
status: :active,
active?: true,
scheme:,
)
end
it "does not see add a location button" do
assign(:scheme, scheme)
assign(:location, location)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Deactivate this location")
end
it "does not see change answer links" do
assign(:scheme, scheme)
assign(:location, location)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Change")
end
end
end

19
spec/views/organisations/schemes.html.erb_spec.rb

@ -0,0 +1,19 @@
require "rails_helper"
RSpec.describe "organisations/schemes.html.erb" do
context "when data provider" do
let(:user) { build(:user) }
it "does not render button to create schemes" do
assign(:organisation, user.organisation)
assign(:pagy, Pagy.new(count: 0, page: 1))
assign(:schemes, [])
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Create a new supported housing scheme")
end
end
end

29
spec/views/schemes/check_answers.html.erb_spec.rb

@ -0,0 +1,29 @@
require "rails_helper"
RSpec.describe "schemes/check_answers.html.erb" do
let(:organisation) { create(:organisation, holds_own_stock: true) }
let(:user) { build(:user, organisation:) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
context "when a data provider" do
it "does not render change links" do
assign(:scheme, scheme)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Change")
end
it "does not render submit button" do
assign(:scheme, scheme)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Create scheme")
end
end
end

18
spec/views/schemes/index.html.erb_spec.rb

@ -0,0 +1,18 @@
require "rails_helper"
RSpec.describe "schemes/index.html.erb" do
context "when data provider" do
let(:user) { build(:user) }
it "does not render button to create schemes" do
assign(:pagy, Pagy.new(count: 0, page: 1))
assign(:schemes, [])
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Create a new supported housing scheme")
end
end
end

29
spec/views/schemes/show.html.erb_spec.rb

@ -0,0 +1,29 @@
require "rails_helper"
RSpec.describe "schemes/show.html.erb" do
context "when data provider" do
let(:organisation) { create(:organisation, holds_own_stock: true) }
let(:user) { build(:user, organisation:) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
it "does not render button to deactivate schemes" do
assign(:scheme, scheme)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Deactivate this scheme")
end
it "does not see change answer links" do
assign(:scheme, scheme)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Change")
end
end
end
Loading…
Cancel
Save