Browse Source

CLDC-1732 Provider and read only schemes (#1642)

# Context

- https://digital.dclg.gov.uk/jira/browse/CLDC-1732
- data providers are given read-only able access to schemes and locations 

# Changes

- introduce `pundit` policies to schemes and locations. the old scope mechanism has been removed
- apply policies at view level so hide write access based functionality from data providers
pull/1655/head
Phil Lee 2 years ago committed by GitHub
parent
commit
3e0d10f176
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 33
      app/controllers/locations_controller.rb
  2. 25
      app/controllers/schemes_controller.rb
  3. 3
      app/helpers/check_answers_helper.rb
  4. 11
      app/helpers/navigation_items_helper.rb
  5. 74
      app/policies/location_policy.rb
  6. 61
      app/policies/scheme_policy.rb
  7. 5
      app/views/locations/check_answers.html.erb
  8. 4
      app/views/locations/index.html.erb
  9. 9
      app/views/locations/show.html.erb
  10. 2
      app/views/organisations/schemes.html.erb
  11. 1
      app/views/schemes/_scheme_summary_list_row.html.erb
  12. 7
      app/views/schemes/check_answers.html.erb
  13. 2
      app/views/schemes/index.html.erb
  14. 8
      app/views/schemes/show.html.erb
  15. 16
      spec/helpers/navigation_items_helper_spec.rb
  16. 362
      spec/requests/locations_controller_spec.rb
  17. 294
      spec/requests/schemes_controller_spec.rb
  18. 69
      spec/views/locations/check_answers.html.erb_spec.rb
  19. 43
      spec/views/locations/index.html.erb_spec.rb
  20. 68
      spec/views/locations/show.html.erb_spec.rb
  21. 19
      spec/views/organisations/schemes.html.erb_spec.rb
  22. 29
      spec/views/schemes/check_answers.html.erb_spec.rb
  23. 18
      spec/views/schemes/index.html.erb_spec.rb
  24. 29
      spec/views/schemes/show.html.erb_spec.rb

33
app/controllers/locations_controller.rb

@ -1,22 +1,29 @@
class LocationsController < ApplicationController
include Pagy::Backend
include Modules::SearchFilter
before_action :authenticate_user!
before_action :authenticate_scope!
before_action :find_location, except: %i[create index]
before_action :find_scheme
before_action :authenticate_action!, only: %i[create update index new_deactivation deactivate_confirm deactivate postcode local_authority name units type_of_unit mobility_standards availability check_answers]
before_action :scheme_and_location_present, except: %i[create index]
include Modules::SearchFilter
before_action :authorize_user, except: %i[index create]
def index
authorize @scheme
@pagy, @locations = pagy(filtered_collection(@scheme.locations, search_term))
@total_count = @scheme.locations.size
@searched = search_term.presence
end
def create
@location = @scheme.locations.create!
@location = @scheme.locations.new
authorize @location
@location.save!
redirect_to scheme_location_postcode_path(@scheme, @location, route: params[:route])
end
@ -205,6 +212,10 @@ class LocationsController < ApplicationController
private
def authorize_user
authorize(@location || Location)
end
def scheme_and_location_present
render_not_found and return unless @location && @scheme
end
@ -221,20 +232,6 @@ private
@location = params[:location_id].present? ? Location.find_by(id: params[:location_id]) : Location.find_by(id: params[:id])
end
def authenticate_scope!
head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
end
def authenticate_action!
unless user_allowed_action?
render_not_found
end
end
def user_allowed_action?
current_user.support? || current_user.organisation == @scheme&.owning_organisation || current_user.organisation.parent_organisations.exists?(@scheme&.owning_organisation_id)
end
def location_params
required_params = params.require(:location).permit(:postcode, :location_admin_district, :location_code, :name, :units, :type_of_unit, :mobility_type, "startdate(1i)", "startdate(2i)", "startdate(3i)").merge(scheme_id: @scheme.id)
required_params[:postcode] = PostcodeService.clean(required_params[:postcode]) if required_params[:postcode]

25
app/controllers/schemes_controller.rb

@ -3,9 +3,11 @@ class SchemesController < ApplicationController
include Modules::SearchFilter
before_action :authenticate_user!
before_action :find_resource, except: %i[index]
before_action :authenticate_scope!
before_action :find_resource, except: %i[index create new]
before_action :redirect_if_scheme_confirmed, only: %i[primary_client_group confirm_secondary_client_group secondary_client_group support details]
before_action :authorize_user
rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
def index
redirect_to schemes_organisation_path(current_user.organisation) unless current_user.support?
@ -18,6 +20,9 @@ class SchemesController < ApplicationController
def show
@scheme = Scheme.find_by(id: params[:id])
authorize @scheme
render_not_found and return unless @scheme
end
@ -89,6 +94,8 @@ class SchemesController < ApplicationController
def create
@scheme = Scheme.new(scheme_params)
authorize @scheme
validation_errors scheme_params
if @scheme.errors.empty? && @scheme.save
@ -109,6 +116,8 @@ class SchemesController < ApplicationController
def update
render_not_found and return unless @scheme
authorize @scheme
check_answers = params[:scheme][:check_answers]
page = params[:scheme][:page]
scheme_previously_confirmed = @scheme.confirmed?
@ -182,6 +191,10 @@ class SchemesController < ApplicationController
private
def authorize_user
authorize(@scheme || Scheme)
end
def validation_errors(scheme_params)
scheme_params.each_key do |key|
if scheme_params[key].to_s.empty?
@ -260,14 +273,10 @@ private
def find_resource
@scheme = Scheme.find_by(id: params[:id]) || Scheme.find_by(id: params[:scheme_id])
end
def authenticate_scope!
head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
raise ActiveRecord::RecordNotFound unless @scheme
if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name deactivate].include?(action_name) && !user_allowed_action?
render_not_found and return
end
@scheme
end
def user_allowed_action?

3
app/helpers/check_answers_helper.rb

@ -12,7 +12,10 @@ module CheckAnswersHelper
end
def can_change_scheme_answer?(attribute_name, scheme)
return false unless current_user.support? || current_user.data_coordinator?
editable_attributes = current_user.support? ? ["Name", "Confidential information", "Housing stock owned by"] : ["Name", "Confidential information"]
!scheme.confirmed? || editable_attributes.include?(attribute_name)
end

11
app/helpers/navigation_items_helper.rb

@ -10,20 +10,11 @@ module NavigationItemsHelper
NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)),
NavigationItem.new("Schemes", "/schemes", supported_housing_schemes_current?(path)),
].compact
elsif current_user.data_coordinator? && current_user.organisation.holds_own_stock?
[
NavigationItem.new("Lettings logs", lettings_logs_path, lettings_logs_current?(path)),
NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)),
NavigationItem.new("Schemes", "/schemes", subnav_supported_housing_schemes_path?(path)),
NavigationItem.new("Users", users_organisation_path(current_user.organisation), subnav_users_path?(path)),
NavigationItem.new("About your organisation", "/organisations/#{current_user.organisation.id}", subnav_details_path?(path)),
NavigationItem.new("Stock owners", stock_owners_organisation_path(current_user.organisation), stock_owners_path?(path)),
NavigationItem.new("Managing agents", managing_agents_organisation_path(current_user.organisation), managing_agents_path?(path)),
].compact
else
[
NavigationItem.new("Lettings logs", lettings_logs_path, lettings_logs_current?(path)),
NavigationItem.new("Sales logs", sales_logs_path, sales_logs_current?(path)),
(NavigationItem.new("Schemes", "/schemes", subnav_supported_housing_schemes_path?(path)) if current_user.organisation.holds_own_stock?),
NavigationItem.new("Users", users_organisation_path(current_user.organisation), subnav_users_path?(path)),
NavigationItem.new("About your organisation", "/organisations/#{current_user.organisation.id}", subnav_details_path?(path)),
NavigationItem.new("Stock owners", stock_owners_organisation_path(current_user.organisation), stock_owners_path?(path)),

74
app/policies/location_policy.rb

@ -0,0 +1,74 @@
class LocationPolicy
attr_reader :user, :location
def initialize(user, location)
@user = user
@location = location
end
def index?
true
end
def create?
return true if user.support?
if location == Location
user.data_coordinator?
else
user.data_coordinator? && user.organisation == scheme&.owning_organisation
end
end
def update?
return true if user.support?
user.data_coordinator? && scheme&.owning_organisation == user.organisation
end
%w[
update_postcode?
update_local_authority?
update_name?
update_units?
update_type_of_unit?
update_mobility_standards?
update_availability?
new_deactivation?
deactivate_confirm?
deactivate?
new_reactivation?
reactivate?
postcode?
local_authority?
name?
units?
type_of_unit?
mobility_standards?
availability?
confirm?
].each do |method_name|
define_method method_name do
return true if user.support?
user.data_coordinator? && scheme&.owning_organisation == user.organisation
end
end
%w[
show?
check_answers?
].each do |method_name|
define_method method_name do
return true if user.support?
user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
private
def scheme
location.scheme
end
end

61
app/policies/scheme_policy.rb

@ -0,0 +1,61 @@
class SchemePolicy
attr_reader :user, :scheme
def initialize(user, scheme)
@user = user
@scheme = scheme
end
def index?
return true if user.support?
if scheme == Scheme
true
else
user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
def new?
user.data_coordinator? || user.support?
end
def create?
user.data_coordinator? || user.support?
end
def update?
return true if user.support?
user.data_coordinator? && (scheme&.owning_organisation == user.organisation)
end
%w[
show?
check_answers?
].each do |method_name|
define_method method_name do
return true if user.support?
user.organisation.parent_organisations.exists?(scheme&.owning_organisation_id) || scheme&.owning_organisation == user.organisation
end
end
%w[
edit_name?
primary_client_group?
confirm_secondary_client_group?
secondary_client_group?
new_deactivation?
deactivate?
details?
support?
deactivate_confirm?
].each do |method_name|
define_method method_name do
return true if user.support?
user.data_coordinator? && scheme&.owning_organisation == user.organisation
end
end
end

5
app/views/locations/check_answers.html.erb

@ -21,13 +21,18 @@
<%= summary_list.row do |row| %>
<% row.key { attr[:name] } %>
<% row.value { details_html(attr) } %>
<% if LocationPolicy.new(current_user, @location).update? %>
<% row.action(text: action_text_helper(attr, @location), href: location_edit_path(@location, attr[:attribute])) %>
<% end %>
<% end %>
<% end %>
<% end %>
</div>
</div>
<% if LocationPolicy.new(current_user, @location).create? %>
<div class="govuk-button-group">
<%= govuk_button_to "Save and return to locations", scheme_location_confirm_path(@scheme, @location, route: params[:route]), method: :patch %>
<%= govuk_button_link_to "Cancel", scheme_locations_path(@scheme), secondary: true %>
</div>
<% end %>

4
app/views/locations/index.html.erb

@ -64,12 +64,12 @@
<% end %>
<% end %>
<% end %>
<% if user_can_edit_scheme?(current_user, @scheme) %>
<% if LocationPolicy.new(current_user, @scheme.locations.new).create? %>
<%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
<% end %>
</div>
</div>
<% else %>
<%= govuk_table do |table| %>
<%= table.caption(classes: %w[govuk-!-font-size-19 govuk-!-font-weight-regular]) do |caption| %>

9
app/views/locations/show.html.erb

@ -16,12 +16,17 @@
<%= summary_list.row do |row| %>
<% row.key { attr[:name] } %>
<% row.value { attr[:attribute].eql?("status") ? status_tag(attr[:value]) : details_html(attr) } %>
<% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" && user_can_edit_scheme?(current_user, @scheme) %>
<% if LocationPolicy.new(current_user, @location).update? %>
<% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" %>
<% end %>
<% end %>
<% end %>
<% end %>
</div>
</div>
<% if FeatureToggle.location_toggle_enabled? && user_can_edit_scheme?(current_user, @scheme) %>
<% if FeatureToggle.location_toggle_enabled? %>
<% if LocationPolicy.new(current_user, @location).deactivate? %>
<%= toggle_location_link(@location) %>
<% end %>
<% end %>

2
app/views/organisations/schemes.html.erb

@ -12,7 +12,9 @@
<h2 class="govuk-visually-hidden">Supported housing schemes</h2>
<% end %>
<% if SchemePolicy.new(current_user, nil).create? %>
<%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %>
<% end %>
<%= govuk_details(
classes: "govuk-!-width-two-thirds",

1
app/views/schemes/_scheme_summary_list_row.html.erb

@ -14,6 +14,7 @@
<%= details_html(attribute) %>
</dd>
<% end %>
<% if can_change_scheme_answer?(attribute[:name], scheme) %>
<dd class="govuk-summary-list__actions">
<a class="govuk-link" href="<%= change_link %>">Change</a>

7
app/views/schemes/check_answers.html.erb

@ -12,17 +12,21 @@
<% next if current_user.data_coordinator? && attr[:name] == ("owned by") %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: @scheme.confirmed? ? scheme_edit_name_path(@scheme) : scheme_details_path(@scheme, check_answers: true) } %>
<% end %>
<% @scheme.check_primary_client_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_primary_client_group_path(@scheme, check_answers: true) } %>
<% end %>
<% @scheme.check_secondary_client_confirmation_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_confirm_secondary_client_group_path(@scheme, check_answers: true) } %>
<% end %>
<% if @scheme.has_other_client_group == "Yes" %>
<% @scheme.check_secondary_client_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_secondary_client_group_path(@scheme, check_answers: true) } %>
<% end %>
<% end %>
<% @scheme.check_support_attributes.each do |attr| %>
<%= render partial: "scheme_summary_list_row", locals: { scheme: @scheme, attribute: attr, change_link: scheme_support_path(@scheme, check_answers: true) } %>
<% end %>
@ -32,5 +36,8 @@
<%= f.hidden_field :page, value: "check-answers" %>
<%= f.hidden_field :confirmed, value: "true" %>
<% button_label = @scheme.confirmed? ? "Save" : "Create scheme" %>
<% if SchemePolicy.new(current_user, @scheme).create? %>
<%= f.govuk_submit button_label %>
<% end %>
<% end %>

2
app/views/schemes/index.html.erb

@ -5,7 +5,9 @@
<%= render partial: "organisations/headings", locals: current_user.support? ? { main: "Supported housing schemes", sub: nil } : { main: "Supported housing schemes", sub: current_user.organisation.name } %>
<% if SchemePolicy.new(current_user, nil).create? %>
<%= govuk_button_link_to "Create a new supported housing scheme", new_scheme_path, html: { method: :post } %>
<% end %>
<%= render SearchComponent.new(current_user:, search_label: "Search by scheme name, code, postcode or location name", value: @searched) %>

8
app/views/schemes/show.html.erb

@ -22,7 +22,9 @@
<%= summary_list.row do |row| %>
<% row.key { attr[:name] } %>
<% row.value { details_html(attr) } %>
<% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] && user_can_edit_scheme?(current_user, @scheme) %>
<% if SchemePolicy.new(current_user, @scheme).update? %>
<% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] %>
<% end %>
<% end %>
<% end %>
<% end %>
@ -32,6 +34,8 @@
</div>
<% end %>
<% if FeatureToggle.scheme_toggle_enabled? && user_can_edit_scheme?(current_user, @scheme) %>
<% if FeatureToggle.scheme_toggle_enabled? %>
<% if SchemePolicy.new(current_user, @scheme).deactivate? %>
<%= toggle_scheme_link(@scheme) %>
<% end %>
<% end %>

16
spec/helpers/navigation_items_helper_spec.rb

@ -1,13 +1,12 @@
require "rails_helper"
RSpec.describe NavigationItemsHelper do
let(:current_user) { FactoryBot.create(:user, :data_coordinator) }
let(:current_user) { create(:user, :data_coordinator) }
let(:users_path) { "/organisations/#{current_user.organisation.id}/users" }
let(:organisation_path) { "/organisations/#{current_user.organisation.id}" }
describe "#primary items" do
context "when the sales log feature flag is enabled" do
describe "#primary_items" do
context "when the user is a data coordinator" do
context "when the user is on the lettings logs page" do
let(:expected_navigation_items) do
@ -136,8 +135,16 @@ RSpec.describe NavigationItemsHelper do
end
end
context "when a data provider" do
let(:current_user) { create(:user, :data_provider) }
it "includes schemes" do
expect(primary_items("/", current_user)).to include(NavigationItemsHelper::NavigationItem.new("Schemes", "/schemes", false))
end
end
context "when the user is a support user" do
let(:current_user) { FactoryBot.create(:user, :support) }
let(:current_user) { create(:user, :support) }
context "when the user is on the lettings logs page" do
let(:expected_navigation_items) do
@ -407,4 +414,3 @@ RSpec.describe NavigationItemsHelper do
end
end
end
end

362
spec/requests/locations_controller_spec.rb

@ -2,8 +2,8 @@ require "rails_helper"
RSpec.describe LocationsController, type: :request do
let(:page) { Capybara::Node::Simple.new(response.body) }
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:fake_2021_2022_form) { Form.new("spec/fixtures/forms/2021_2022.json") }
before do
@ -19,22 +19,21 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
before do
sign_in user
get "/schemes/1/locations/create"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 404" do
expect(response).to be_not_found
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do
sign_in user
@ -56,18 +55,18 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to add a new location to a scheme that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_scheme) { create(:scheme) }
it "displays the new page with an error message" do
post scheme_locations_path(another_scheme)
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -90,11 +89,11 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to add a new location to a scheme that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_scheme) { create(:scheme) }
it "displays the new page with an error message" do
post scheme_locations_path(another_scheme)
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
@ -109,23 +108,23 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider user" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do
sign_in user
get "/schemes/#{scheme.id}/locations"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 200" do
expect(response).to be_successful
end
end
context "when signed in as a data coordinator user" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:locations) { FactoryBot.create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:locations) { create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) }
before do
sign_in user
@ -133,15 +132,15 @@ RSpec.describe LocationsController, type: :request do
end
context "when coordinator attempts to see scheme belonging to a different organisation" do
let!(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_scheme) { create(:scheme) }
before do
FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2022, 4, 1))
create(:location, scheme:, startdate: Time.zone.local(2022, 4, 1))
end
it "returns 404 not found" do
it "returns 401" do
get "/schemes/#{another_scheme.id}/locations"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
@ -177,7 +176,7 @@ RSpec.describe LocationsController, type: :request do
end
context "when paginating over 20 results" do
let!(:locations) { FactoryBot.create_list(:location, 25, scheme:) }
let!(:locations) { create_list(:location, 25, scheme:) }
context "when on the first page" do
before do
@ -275,9 +274,9 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme) }
let!(:locations) { FactoryBot.create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme) }
let!(:locations) { create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -318,7 +317,7 @@ RSpec.describe LocationsController, type: :request do
end
context "when paginating over 20 results" do
let!(:locations) { FactoryBot.create_list(:location, 25, scheme:) }
let!(:locations) { create_list(:location, 25, scheme:) }
context "when on the first page" do
before do
@ -401,23 +400,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
get "/schemes/1/locations/1/postcode"
get "/schemes/#{scheme.id}/locations/#{location.id}/postcode"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
@ -464,20 +464,20 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to edit postcode of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) }
let(:another_scheme) { create(:scheme) }
let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/postcode"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -543,23 +543,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
get "/schemes/1/locations/1/local-authority"
get "/schemes/#{scheme.id}/locations/#{location.id}/local-authority"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
@ -590,20 +591,20 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to edit local authority of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) }
let(:another_scheme) { create(:scheme) }
let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/local-authority"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -653,23 +654,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
get "/schemes/1/locations/1/name"
get "/schemes/#{scheme.id}/locations/#{location.id}/name"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
@ -699,20 +701,20 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to edit name of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) }
let(:another_scheme) { create(:scheme) }
let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/name"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -761,23 +763,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
get "/schemes/1/locations/1/units"
get "/schemes/#{scheme.id}/locations/#{location.id}/units"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
@ -807,20 +810,20 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to edit units of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) }
let(:another_scheme) { create(:scheme) }
let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/units"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -869,23 +872,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
get "/schemes/1/locations/1/type-of-unit"
get "/schemes/#{scheme.id}/locations/#{location.id}/type-of-unit"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
@ -915,20 +919,20 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to edit type_of_unit of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) }
let(:another_scheme) { create(:scheme) }
let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/type-of-unit"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -977,23 +981,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
get "/schemes/1/locations/1/mobility-standards"
get "/schemes/#{scheme.id}/locations/#{location.id}/mobility-standards"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
@ -1023,20 +1028,20 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to edit mobility_standards of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) }
let(:another_scheme) { create(:scheme) }
let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/mobility-standards"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1085,23 +1090,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
get "/schemes/1/locations/1/availability"
get "/schemes/#{scheme.id}/locations/#{location.id}/availability"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
@ -1161,20 +1167,20 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to edit startdate of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) }
let(:another_scheme) { create(:scheme) }
let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/availability"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1253,23 +1259,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) }
before do
sign_in user
get "/schemes/1/locations/1/check-answers"
get "/schemes/#{scheme.id}/locations/#{location.id}/check-answers"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 200" do
expect(response).to be_successful
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) }
before do
sign_in user
@ -1301,7 +1308,7 @@ RSpec.describe LocationsController, type: :request do
end
context "when location is not complete" do
let(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) }
let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) }
it "does not confirm location" do
expect(Location.last.confirmed).to eq(false)
@ -1316,20 +1323,20 @@ RSpec.describe LocationsController, type: :request do
end
context "when trying to edit check_answers of location that belongs to another organisation" do
let(:another_scheme) { FactoryBot.create(:scheme) }
let(:another_location) { FactoryBot.create(:location, scheme: another_scheme) }
let(:another_scheme) { create(:scheme) }
let(:another_location) { create(:location, scheme: another_scheme) }
it "displays the new page with an error message" do
get "/schemes/#{another_scheme.id}/locations/#{another_location.id}/check-answers"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) }
let(:user) { create(:user, :support) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1)) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1362,7 +1369,7 @@ RSpec.describe LocationsController, type: :request do
end
context "when location is not complete" do
let(:location) { FactoryBot.create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) }
let(:location) { create(:location, scheme:, startdate: Time.zone.local(2000, 1, 1), postcode: nil) }
it "does not confirm location" do
expect(Location.last.confirmed).to eq(false)
@ -1395,25 +1402,26 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) }
before do
sign_in user
patch "/schemes/1/locations/1/deactivate"
patch "/schemes/#{scheme.id}/locations/#{location.id}/deactivate"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) }
let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:location) { create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) }
let(:deactivation_date) { Time.utc(2022, 10, 10) }
let!(:lettings_log) { FactoryBot.create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation) }
let!(:lettings_log) { create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation) }
let(:startdate) { Time.utc(2022, 10, 11) }
let(:add_deactivations) { nil }
let(:setup_locations) { nil }
@ -1487,12 +1495,12 @@ RSpec.describe LocationsController, type: :request do
let(:params) { { deactivation_date:, confirm: true, deactivation_date_type: "other" } }
let(:mailer) { instance_double(LocationOrSchemeDeactivationMailer) }
let(:user_a) { FactoryBot.create(:user, email: "user_a@example.com") }
let(:user_b) { FactoryBot.create(:user, email: "user_b@example.com") }
let(:user_a) { create(:user, email: "user_a@example.com") }
let(:user_b) { create(:user, email: "user_b@example.com") }
before do
FactoryBot.create_list(:lettings_log, 1, :sh, location:, scheme:, startdate:, created_by: user_a)
FactoryBot.create_list(:lettings_log, 3, :sh, location:, scheme:, startdate:, created_by: user_b)
create_list(:lettings_log, 1, :sh, location:, scheme:, startdate:, created_by: user_a)
create_list(:lettings_log, 3, :sh, location:, scheme:, startdate:, created_by: user_b)
Timecop.freeze(Time.utc(2022, 10, 10))
sign_in user
@ -1615,7 +1623,7 @@ RSpec.describe LocationsController, type: :request do
context "when deactivation date is during a deactivated period" do
let(:deactivation_date) { Time.zone.local(2022, 10, 10) }
let(:params) { { location_deactivation_period: { deactivation_date_type: "other", "deactivation_date(3i)": "8", "deactivation_date(2i)": "9", "deactivation_date(1i)": "2022" } } }
let(:add_deactivations) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 5, 5), reactivation_date: Time.zone.local(2022, 10, 12), location:) }
let(:add_deactivations) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 5, 5), reactivation_date: Time.zone.local(2022, 10, 12), location:) }
it "displays page with an error message" do
expect(response).to have_http_status(:unprocessable_entity)
@ -1634,23 +1642,24 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
get "/schemes/1/locations/1"
get "/schemes/#{scheme.id}/locations/#{location.id}"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 200" do
expect(response).to be_successful
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
let(:add_deactivations) { location.location_deactivation_periods << location_deactivation_period }
before do
@ -1675,7 +1684,7 @@ RSpec.describe LocationsController, type: :request do
end
context "with deactivated location" do
let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), location:) }
let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), location:) }
it "renders reactivate this location" do
expect(response).to have_http_status(:ok)
@ -1684,7 +1693,7 @@ RSpec.describe LocationsController, type: :request do
end
context "with location that's deactivating soon" do
let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), location:) }
let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), location:) }
it "does not render toggle location link" do
expect(response).to have_http_status(:ok)
@ -1694,7 +1703,7 @@ RSpec.describe LocationsController, type: :request do
end
context "with location that's reactivating soon" do
let(:location_deactivation_period) { FactoryBot.create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 4, 12), reactivation_date: Time.zone.local(2022, 10, 12), location:) }
let(:location_deactivation_period) { create(:location_deactivation_period, deactivation_date: Time.zone.local(2022, 4, 12), reactivation_date: Time.zone.local(2022, 10, 12), location:) }
it "does not render toggle location link" do
expect(response).to have_http_status(:ok)
@ -1714,6 +1723,8 @@ RSpec.describe LocationsController, type: :request do
end
it "shows the location" do
get "/schemes/#{scheme.id}/locations/#{location.id}"
expect(page).to have_content("Location name")
expect(page).to have_content(location.name)
end
@ -1735,30 +1746,31 @@ RSpec.describe LocationsController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
before do
sign_in user
patch "/schemes/1/locations/1/reactivate"
patch "/schemes/#{scheme.id}/locations/#{location.id}/reactivate"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:location) { create(:location, scheme:) }
let(:deactivation_date) { Time.zone.local(2022, 4, 1) }
let(:startdate) { Time.utc(2022, 10, 11) }
before do
Timecop.freeze(Time.utc(2022, 10, 10))
sign_in user
FactoryBot.create(:location_deactivation_period, deactivation_date:, location:)
create(:location_deactivation_period, deactivation_date:, location:)
location.save!
patch "/schemes/#{scheme.id}/locations/#{location.id}/reactivate", params:
end

294
spec/requests/schemes_controller_spec.rb

@ -4,12 +4,12 @@ RSpec.describe SchemesController, type: :request do
let(:organisation) { user.organisation }
let(:headers) { { "Accept" => "text/html" } }
let(:page) { Capybara::Node::Simple.new(response.body) }
let(:user) { FactoryBot.create(:user, :support) }
let!(:schemes) { FactoryBot.create_list(:scheme, 5) }
let(:user) { create(:user, :support) }
let!(:schemes) { create_list(:scheme, 5) }
before do
schemes.each do |scheme|
FactoryBot.create(:location, scheme:)
create(:location, scheme:)
end
end
@ -22,21 +22,20 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider user" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
before do
sign_in user
get "/schemes"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 200 success" do
expect(response).to redirect_to(schemes_organisation_path(user.organisation.id))
end
end
context "when signed in as a data coordinator user" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let(:user) { create(:user, :data_coordinator) }
before do
schemes.each do |scheme|
@ -47,8 +46,7 @@ RSpec.describe SchemesController, type: :request do
end
it "redirects to the organisation schemes path" do
follow_redirect!
expect(path).to match("/organisations/#{user.organisation.id}/schemes")
expect(response).to redirect_to(schemes_organisation_path(user.organisation.id))
end
it "shows a list of schemes for the organisation" do
@ -136,7 +134,7 @@ RSpec.describe SchemesController, type: :request do
let(:total_schemes_count) { Scheme.count }
before do
FactoryBot.create_list(:scheme, 20)
create_list(:scheme, 20)
end
context "when on the first page" do
@ -191,11 +189,11 @@ RSpec.describe SchemesController, type: :request do
end
context "when searching" do
let!(:searched_scheme) { FactoryBot.create(:scheme) }
let!(:searched_scheme) { create(:scheme) }
let(:search_param) { searched_scheme.id_to_display }
before do
FactoryBot.create(:location, scheme: searched_scheme)
create(:location, scheme: searched_scheme)
get "/schemes?search=#{search_param}"
end
@ -207,7 +205,7 @@ RSpec.describe SchemesController, type: :request do
end
it "returns results with no location" do
scheme_without_location = FactoryBot.create(:scheme)
scheme_without_location = create(:scheme)
get "/schemes?search=#{scheme_without_location.id}"
expect(page).to have_content(scheme_without_location.id_to_display)
schemes.each do |scheme|
@ -237,22 +235,22 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider user" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do
sign_in user
get "/schemes/#{specific_scheme.id}"
get "/schemes/#{scheme.id}"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 200" do
expect(response).to be_successful
end
end
context "when signed in as a data coordinator user" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:specific_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let(:user) { create(:user, :data_coordinator) }
let!(:specific_scheme) { create(:scheme, owning_organisation: user.organisation) }
before do
sign_in user
@ -272,11 +270,11 @@ RSpec.describe SchemesController, type: :request do
end
context "when coordinator attempts to see scheme belonging to a different organisation" do
let!(:specific_scheme) { FactoryBot.create(:scheme) }
let!(:specific_scheme) { create(:scheme) }
it "returns 404 not found" do
it "returns 401" do
get "/schemes/#{specific_scheme.id}"
expect(response).to have_http_status(:not_found)
expect(response).to be_unauthorized
end
end
@ -288,12 +286,12 @@ RSpec.describe SchemesController, type: :request do
end
context "when looking at scheme details" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let(:add_deactivations) { scheme.scheme_deactivation_periods << scheme_deactivation_period }
before do
FactoryBot.create(:location, scheme:)
create(:location, scheme:)
Timecop.freeze(Time.utc(2022, 10, 10))
sign_in user
add_deactivations
@ -315,7 +313,7 @@ RSpec.describe SchemesController, type: :request do
end
context "with deactivated scheme" do
let(:scheme_deactivation_period) { FactoryBot.create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), scheme:) }
let(:scheme_deactivation_period) { create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 9), scheme:) }
it "renders reactivate this scheme" do
expect(response).to have_http_status(:ok)
@ -324,7 +322,7 @@ RSpec.describe SchemesController, type: :request do
end
context "with scheme that's deactivating soon" do
let(:scheme_deactivation_period) { FactoryBot.create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), scheme:) }
let(:scheme_deactivation_period) { create(:scheme_deactivation_period, deactivation_date: Time.zone.local(2022, 10, 12), scheme:) }
it "does not render toggle scheme link" do
expect(response).to have_http_status(:ok)
@ -390,21 +388,20 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
before do
sign_in user
get "/schemes/new"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let(:user) { create(:user, :data_coordinator) }
before do
sign_in user
@ -418,7 +415,7 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let(:user) { create(:user, :support) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -442,21 +439,28 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:params) do
{ scheme: { service_name: "asd",
sensitive: "1",
scheme_type: "Foyer",
registered_under_care_act: "No",
arrangement_type: "D" } }
end
before do
sign_in user
post "/schemes"
post "/schemes", params:
end
it "returns 401 unauthorized" do
request
it "returns 401" do
expect(response).to have_http_status(:unauthorized)
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let(:user) { create(:user, :data_coordinator) }
let(:params) do
{ scheme: { service_name: " testy ",
sensitive: "1",
@ -547,7 +551,7 @@ RSpec.describe SchemesController, type: :request do
end
context "when the organisation id param is included" do
let(:organisation) { FactoryBot.create(:organisation) }
let(:organisation) { create(:organisation) }
let(:params) { { scheme: { owning_organisation: organisation } } }
it "sets the owning organisation correctly" do
@ -558,8 +562,8 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a support user" do
let(:organisation) { FactoryBot.create(:organisation) }
let(:user) { FactoryBot.create(:user, :support) }
let(:organisation) { create(:organisation) }
let(:user) { create(:user, :support) }
let(:params) do
{ scheme: { service_name: "testy",
sensitive: "1",
@ -654,7 +658,7 @@ RSpec.describe SchemesController, type: :request do
end
context "when organisation id param refers to a non-stock-owning organisation" do
let(:organisation_which_does_not_own_stock) { FactoryBot.create(:organisation, holds_own_stock: false) }
let(:organisation_which_does_not_own_stock) { create(:organisation, holds_own_stock: false) }
let(:params) { { scheme: { owning_organisation_id: organisation_which_does_not_own_stock.id } } }
it "displays the new page with an error message" do
@ -675,7 +679,7 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
before do
sign_in user
@ -683,14 +687,13 @@ RSpec.describe SchemesController, type: :request do
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let(:scheme_to_update) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme_to_update) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do
sign_in user
@ -979,11 +982,11 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let(:scheme_to_update) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let(:user) { create(:user, :support) }
let(:scheme_to_update) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do
FactoryBot.create(:location, scheme: scheme_to_update)
create(:location, scheme: scheme_to_update)
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in user
patch "/schemes/#{scheme_to_update.id}", params:
@ -1220,7 +1223,7 @@ RSpec.describe SchemesController, type: :request do
end
context "when updating details" do
let(:another_organisation) { FactoryBot.create(:organisation) }
let(:another_organisation) { create(:organisation) }
let(:params) do
{ scheme: { service_name: "testy",
sensitive: "1",
@ -1266,7 +1269,7 @@ RSpec.describe SchemesController, type: :request do
end
context "when editing scheme name details" do
let(:another_organisation) { FactoryBot.create(:organisation) }
let(:another_organisation) { create(:organisation) }
let(:params) do
{ scheme: { service_name: "testy",
sensitive: "1",
@ -1299,23 +1302,23 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do
sign_in user
get "/schemes/1/primary-client-group"
get "/schemes/#{scheme.id}/primary-client-group"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let(:another_scheme) { create(:scheme, confirmed: nil) }
before do
sign_in user
@ -1332,16 +1335,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/primary-client-group"
end
it "returns 404 not_found" do
request
expect(response).to have_http_status(:not_found)
it "returns 401" do
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) }
let(:user) { create(:user, :support) }
let!(:scheme) { create(:scheme, confirmed: nil) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1380,23 +1382,23 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do
sign_in user
get "/schemes/1/confirm-secondary-client-group"
get "/schemes/#{scheme.id}/confirm-secondary-client-group"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let(:another_scheme) { create(:scheme, confirmed: nil) }
before do
sign_in user
@ -1413,16 +1415,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/confirm-secondary-client-group"
end
it "returns 404 not_found" do
request
expect(response).to have_http_status(:not_found)
it "returns 401" do
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) }
let(:user) { create(:user, :support) }
let!(:scheme) { create(:scheme, confirmed: nil) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1461,23 +1462,23 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do
sign_in user
get "/schemes/1/secondary-client-group"
get "/schemes/#{scheme.id}/secondary-client-group"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let(:another_scheme) { create(:scheme, confirmed: nil) }
before do
sign_in user
@ -1494,16 +1495,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/secondary-client-group"
end
it "returns 404 not_found" do
request
expect(response).to have_http_status(:not_found)
it "returns 401" do
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil, primary_client_group: Scheme::PRIMARY_CLIENT_GROUP[:"Homeless families with support needs"]) }
let(:user) { create(:user, :support) }
let!(:scheme) { create(:scheme, confirmed: nil, primary_client_group: Scheme::PRIMARY_CLIENT_GROUP[:"Homeless families with support needs"]) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1547,23 +1547,23 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do
sign_in user
get "/schemes/1/support"
get "/schemes/#{scheme.id}/support"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let(:another_scheme) { create(:scheme, confirmed: nil) }
before do
sign_in user
@ -1580,9 +1580,8 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/support"
end
it "returns 404 not_found" do
request
expect(response).to have_http_status(:not_found)
it "returns 401" do
expect(response).to be_unauthorized
end
end
@ -1603,8 +1602,8 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) }
let(:user) { create(:user, :support) }
let!(:scheme) { create(:scheme, confirmed: nil) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1628,23 +1627,23 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do
sign_in user
get "/schemes/1/check-answers"
get "/schemes/#{scheme.id}/check-answers"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 200" do
expect(response).to be_successful
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:another_scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:another_scheme) { create(:scheme) }
before do
sign_in user
@ -1661,16 +1660,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/check-answers"
end
it "returns 404 not_found" do
request
expect(response).to have_http_status(:not_found)
it "returns 401" do
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :support) }
let!(:scheme) { create(:scheme) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1694,23 +1692,23 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
before do
sign_in user
get "/schemes/1/details"
get "/schemes/#{scheme.id}/details"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let!(:another_scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :data_coordinator) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, confirmed: nil) }
let(:another_scheme) { create(:scheme, confirmed: nil) }
before do
sign_in user
@ -1727,9 +1725,8 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/details"
end
it "returns 404 not_found" do
request
expect(response).to have_http_status(:not_found)
it "returns 401" do
expect(response).to be_unauthorized
end
end
@ -1750,8 +1747,8 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme, confirmed: nil) }
let(:user) { create(:user, :support) }
let!(:scheme) { create(:scheme, confirmed: nil) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1775,23 +1772,23 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
before do
sign_in user
get "/schemes/1/edit-name"
get "/schemes/#{scheme.id}/edit-name"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) }
let!(:another_scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { create(:scheme, owning_organisation: user.organisation) }
let!(:another_scheme) { create(:scheme) }
before do
sign_in user
@ -1810,16 +1807,15 @@ RSpec.describe SchemesController, type: :request do
get "/schemes/#{another_scheme.id}/edit-name"
end
it "returns 404 not_found" do
request
expect(response).to have_http_status(:not_found)
it "returns 401" do
expect(response).to be_unauthorized
end
end
end
context "when signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support) }
let!(:scheme) { FactoryBot.create(:scheme) }
let(:user) { create(:user, :support) }
let!(:scheme) { create(:scheme) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
@ -1845,25 +1841,25 @@ RSpec.describe SchemesController, type: :request do
end
context "when signed in as a data provider" do
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) }
before do
sign_in user
patch "/schemes/1/new-deactivation"
patch "/schemes/#{scheme.id}/new-deactivation"
end
it "returns 401 unauthorized" do
request
expect(response).to have_http_status(:unauthorized)
it "returns 401" do
expect(response).to be_unauthorized
end
end
context "when signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) }
let!(:location) { FactoryBot.create(:location, scheme:) }
let(:user) { create(:user, :data_coordinator) }
let!(:scheme) { create(:scheme, owning_organisation: user.organisation, created_at: Time.zone.today) }
let!(:location) { create(:location, scheme:) }
let(:deactivation_date) { Time.utc(2022, 10, 10) }
let!(:lettings_log) { FactoryBot.create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation, created_by: user) }
let!(:lettings_log) { create(:lettings_log, :sh, location:, scheme:, startdate:, owning_organisation: user.organisation, created_by: user) }
let(:startdate) { Time.utc(2022, 10, 11) }
let(:setup_schemes) { nil }

69
spec/views/locations/check_answers.html.erb_spec.rb

@ -0,0 +1,69 @@
require "rails_helper"
RSpec.describe "locations/check_answers.html.erb" do
context "when a data provider" do
let(:user) { create(:user) }
let(:scheme) do
instance_double(
Scheme,
owning_organisation: user.organisation,
id: 1,
service_name: "some name",
id_to_display: "S1",
sensitive: false,
scheme_type: "some type",
registered_under_care_act: false,
arrangement_type: "some other type",
primary_client_group: false,
has_other_client_group: false,
secondary_client_group: false,
support_type: "some support type",
intended_stay: "some intended stay",
available_from: 1.week.ago,
scheme_deactivation_periods: [],
status: :active,
)
end
let(:location) do
instance_double(
Location,
name: "some location",
postcode: "EC1N 2TD",
linked_local_authorities: [],
units: "",
type_of_unit: "",
mobility_type: "",
available_from: 1.week.ago,
location_deactivation_periods: [],
status: :active,
active?: true,
scheme:,
startdate: 1.day.ago,
)
end
it "does not see create submission button" do
assign(:scheme, scheme)
assign(:location, location)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Save and return to locations")
end
it "does not see change answer links" do
assign(:scheme, scheme)
assign(:location, location)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Change")
end
end
end

43
spec/views/locations/index.html.erb_spec.rb

@ -0,0 +1,43 @@
require "rails_helper"
RSpec.describe "locations/index.html.erb" do
context "when a data provider" do
let(:user) { create(:user) }
let(:scheme) do
instance_double(
Scheme,
owning_organisation: user.organisation,
id: 1,
service_name: "some name",
id_to_display: "S1",
sensitive: false,
scheme_type: "some type",
registered_under_care_act: false,
arrangement_type: "some other type",
primary_client_group: false,
has_other_client_group: false,
secondary_client_group: false,
support_type: "some support type",
intended_stay: "some intended stay",
available_from: 1.week.ago,
scheme_deactivation_periods: [],
status: :active,
locations: Location,
)
end
it "does not see add a location button" do
assign(:pagy, Pagy.new(count: 0, page: 1))
assign(:scheme, scheme)
assign(:locations, [])
allow(view).to receive(:current_user).and_return(user)
allow(SearchComponent).to receive(:new).and_return(inline: "")
render
expect(rendered).not_to have_content("Add a location")
end
end
end

68
spec/views/locations/show.html.erb_spec.rb

@ -0,0 +1,68 @@
require "rails_helper"
RSpec.describe "locations/show.html.erb" do
context "when a data provider" do
let(:user) { create(:user) }
let(:scheme) do
instance_double(
Scheme,
owning_organisation: user.organisation,
id: 1,
service_name: "some name",
id_to_display: "S1",
sensitive: false,
scheme_type: "some type",
registered_under_care_act: false,
arrangement_type: "some other type",
primary_client_group: false,
has_other_client_group: false,
secondary_client_group: false,
support_type: "some support type",
intended_stay: "some intended stay",
available_from: 1.week.ago,
scheme_deactivation_periods: [],
status: :active,
)
end
let(:location) do
instance_double(
Location,
name: "some location",
postcode: "EC1N 2TD",
linked_local_authorities: [],
units: "",
type_of_unit: "",
mobility_type: "",
available_from: 1.week.ago,
location_deactivation_periods: [],
status: :active,
active?: true,
scheme:,
)
end
it "does not see add a location button" do
assign(:scheme, scheme)
assign(:location, location)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Deactivate this location")
end
it "does not see change answer links" do
assign(:scheme, scheme)
assign(:location, location)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Change")
end
end
end

19
spec/views/organisations/schemes.html.erb_spec.rb

@ -0,0 +1,19 @@
require "rails_helper"
RSpec.describe "organisations/schemes.html.erb" do
context "when data provider" do
let(:user) { build(:user) }
it "does not render button to create schemes" do
assign(:organisation, user.organisation)
assign(:pagy, Pagy.new(count: 0, page: 1))
assign(:schemes, [])
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Create a new supported housing scheme")
end
end
end

29
spec/views/schemes/check_answers.html.erb_spec.rb

@ -0,0 +1,29 @@
require "rails_helper"
RSpec.describe "schemes/check_answers.html.erb" do
let(:organisation) { create(:organisation, holds_own_stock: true) }
let(:user) { build(:user, organisation:) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
context "when a data provider" do
it "does not render change links" do
assign(:scheme, scheme)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Change")
end
it "does not render submit button" do
assign(:scheme, scheme)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Create scheme")
end
end
end

18
spec/views/schemes/index.html.erb_spec.rb

@ -0,0 +1,18 @@
require "rails_helper"
RSpec.describe "schemes/index.html.erb" do
context "when data provider" do
let(:user) { build(:user) }
it "does not render button to create schemes" do
assign(:pagy, Pagy.new(count: 0, page: 1))
assign(:schemes, [])
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Create a new supported housing scheme")
end
end
end

29
spec/views/schemes/show.html.erb_spec.rb

@ -0,0 +1,29 @@
require "rails_helper"
RSpec.describe "schemes/show.html.erb" do
context "when data provider" do
let(:organisation) { create(:organisation, holds_own_stock: true) }
let(:user) { build(:user, organisation:) }
let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
it "does not render button to deactivate schemes" do
assign(:scheme, scheme)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Deactivate this scheme")
end
it "does not see change answer links" do
assign(:scheme, scheme)
allow(view).to receive(:current_user).and_return(user)
render
expect(rendered).not_to have_content("Change")
end
end
end
Loading…
Cancel
Save