diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index e156fbffd..bf4130bf9 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -10,8 +10,10 @@ class UsersController < ApplicationController if @user == current_user bypass_sign_in @user flash[:notice] = I18n.t("devise.passwords.updated") if user_params.key?("password") + redirect_to account_path + else + redirect_to user_path(@user) end - redirect_to user_path(@user) elsif user_params.key?("password") format_error_messages @minimum_password_length = User.password_length.min @@ -87,7 +89,7 @@ private end def find_resource - @user = User.find_by(id: params[:id]) + @user = params[:id] ? User.find_by(id: params[:id]) : current_user end def authenticate_scope! diff --git a/app/helpers/user_helper.rb b/app/helpers/user_helper.rb new file mode 100644 index 000000000..a9f6c920d --- /dev/null +++ b/app/helpers/user_helper.rb @@ -0,0 +1,9 @@ +module UserHelper + def aliased_user_edit(user, current_user) + current_user == user ? edit_account_path : edit_user_path(user) + end + + def pronoun(user, current_user) + current_user == user ? "you" : "they" + end +end diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 84814d199..aabcbc173 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -52,7 +52,7 @@ elsif component.navigation_item(text: 'Logs', href: case_logs_path) component.navigation_item(text: 'Your organisation', href: "/organisations/#{current_user.organisation.id}") - component.navigation_item(text: 'Your account', href: user_path(current_user)) + component.navigation_item(text: 'Your account', href: account_path) component.navigation_item(text: 'Sign out', href: destroy_user_session_path) end end diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index 985dd4d6d..fb7a885ba 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -36,7 +36,7 @@ :id, :name, inline: true, - legend: { text: "Are #{current_user == @user ? "you" : "they"} a data protection officer?", size: "m" } + legend: { text: "Are #{pronoun(@user, current_user)} a data protection officer?", size: "m" } %> <%= f.govuk_collection_radio_buttons :is_key_contact, @@ -44,7 +44,7 @@ :id, :name, inline: true, - legend: { text: "Are #{current_user == @user ? "you" : "they"} a key contact?", size: "m" } + legend: { text: "Are #{pronoun(@user, current_user)} a key contact?", size: "m" } %> <% end %> diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb index bc9e0b1f0..7af8daa0c 100644 --- a/app/views/users/new.html.erb +++ b/app/views/users/new.html.erb @@ -37,7 +37,7 @@ :id, :name, inline: true, - legend: { text: "Are #{current_user == @user ? "you" : "they"} a data protection officer?", size: "m" } + legend: { text: "Are #{pronoun(@user, current_user)} a data protection officer?", size: "m" } %> <%= f.govuk_collection_radio_buttons :is_key_contact, @@ -45,7 +45,7 @@ :id, :name, inline: true, - legend: { text: "Are #{current_user == @user ? "you" : "they"} a key contact?", size: "m" } + legend: { text: "Are #{pronoun(@user, current_user)} a key contact?", size: "m" } %> <% end %> diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index 319ab692d..bcb96b581 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -15,7 +15,7 @@ row.key { 'Name' } row.value { @user.name } if current_user == @user || current_user.data_coordinator? - row.action(visually_hidden_text: 'name', href: edit_user_path, html_attributes: { 'data-qa': 'change-name' }) + row.action(visually_hidden_text: 'name', href: aliased_user_edit(@user, current_user), html_attributes: { 'data-qa': 'change-name' }) else row.action() end @@ -25,7 +25,7 @@ row.key { 'Email address' } row.value { @user.email } if current_user == @user || current_user.data_coordinator? - row.action(visually_hidden_text: 'email address', href: edit_user_path, html_attributes: { 'data-qa': 'change-email' }) + row.action(visually_hidden_text: 'email address', href: aliased_user_edit(@user, current_user), html_attributes: { 'data-qa': 'change-email' }) else row.action() end @@ -35,7 +35,7 @@ row.key { 'Password' } row.value { '••••••••' } if current_user == @user - row.action(visually_hidden_text: 'password', href: password_edit_user_path, html_attributes: { 'data-qa': 'change-password' }) + row.action(visually_hidden_text: 'password', href: password_edit_account_path, html_attributes: { 'data-qa': 'change-password' }) else row.action() end @@ -51,7 +51,7 @@ row.key { 'Role' } row.value { @user.role.humanize } if current_user.data_coordinator? - row.action(visually_hidden_text: "role", href: edit_user_path, html_attributes: { "data-qa": "role" }) + row.action(visually_hidden_text: "role", href: aliased_user_edit(@user, current_user), html_attributes: { "data-qa": "role" }) else row.action() end @@ -61,7 +61,7 @@ row.key { 'Data protection officer' } row.value { @user.is_data_protection_officer? ? "Yes" : "No" } if current_user.data_coordinator? - row.action(visually_hidden_text: "are #{current_user == @user ? "you" : "they"} a data protection officer?", href: edit_user_path, html_attributes: { "data-qa": "change-are-#{current_user == @user ? "you" : "they"}-a-data-protection-officer" }) + row.action(visually_hidden_text: "are #{pronoun(@user, current_user)} a data protection officer?", href: aliased_user_edit(@user, current_user), html_attributes: { "data-qa": "change-are-#{pronoun(@user, current_user)}-a-data-protection-officer" }) else row.action() end @@ -71,7 +71,7 @@ row.key { 'Key contact' } row.value { @user.is_key_contact? ? "Yes" : "No" } if current_user.data_coordinator? - row.action(visually_hidden_text: "are #{current_user == @user ? "you" : "they"} a key contact?", href: edit_user_path, html_attributes: { "data-qa": "change-are-#{current_user == @user ? "you" : "they"}-a-key-contact" }) + row.action(visually_hidden_text: "are #{pronoun(@user, current_user)} a key contact?", href: aliased_user_edit(@user, current_user), html_attributes: { "data-qa": "change-are-#{pronoun(@user, current_user)}-a-key-contact" }) else row.action() end diff --git a/config/routes.rb b/config/routes.rb index 25a0a8e43..55385299f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -22,6 +22,10 @@ Rails.application.routes.draw do get "admin/two-factor-authentication/resend", to: "auth/two_factor_authentication#show_resend" end + resource :account, only: %i[show edit], controller: "users" do + get "password/edit", to: "users#edit_password" + end + devise_for :users, { path: :account, controllers: { @@ -48,11 +52,7 @@ Rails.application.routes.draw do get "/privacy-notice", to: "content#privacy_notice" get "/data-sharing-agreement", to: "content#data_sharing_agreement" - resources :users do - member do - get "password/edit", to: "users#edit_password" - end - end + resources :users resources :organisations do member do diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb index 8ff9bed98..d7326dd7e 100644 --- a/spec/features/user_spec.rb +++ b/spec/features/user_spec.rb @@ -182,13 +182,13 @@ RSpec.describe "User Features" do end it "does not have change links for dpo and key contact" do - visit("/users/#{user.id}") + visit("/account") expect(page).not_to have_selector('[data-qa="change-are-you-a-data-protection-officer"]') expect(page).not_to have_selector('[data-qa="change-are-you-a-key-contact"]') end it "does not have dpo and key contact as editable fields" do - visit("/users/#{user.id}/edit") + visit("/account/edit") expect(page).not_to have_field("user[is_dpo]") expect(page).not_to have_field("user[is_key_contact]") end @@ -210,31 +210,31 @@ RSpec.describe "User Features" do visit("/logs") expect(page).to have_link("Your account") click_link("Your account") - expect(page).to have_current_path("/users/#{user.id}") + expect(page).to have_current_path("/account") end it "can navigate to change your password page from main account page" do - visit("/users/#{user.id}") + visit("/account") find('[data-qa="change-password"]').click expect(page).to have_content("Change your password") fill_in("user[password]", with: "Password123!") fill_in("user[password_confirmation]", with: "Password123!") click_button("Update") - expect(page).to have_current_path("/users/#{user.id}") + expect(page).to have_current_path("/account") end it "allow user to change name" do - visit("/users/#{user.id}") + visit("/account") find('[data-qa="change-name"]').click expect(page).to have_content("Change your personal details") fill_in("user[name]", with: "Test New") click_button("Save changes") - expect(page).to have_current_path("/users/#{user.id}") + expect(page).to have_current_path("/account") expect(page).to have_content("Test New") end it "has dpo and key contact as editable fields" do - visit("/users/#{user.id}") + visit("/account") expect(page).to have_selector('[data-qa="change-are-you-a-data-protection-officer"]') expect(page).to have_selector('[data-qa="change-are-you-a-key-contact"]') end