diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index c7ac06de1..b04510f0a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -30,6 +30,10 @@ class UsersController < ApplicationController def show; end + def dpo; end + + def key_contact; end + def edit redirect_to user_path(@user) unless @user.active? end diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index 06c528703..e6cb9fd3e 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -81,7 +81,7 @@ if can_edit_dpo?(@user, current_user) row.action( visually_hidden_text: "if data protection officer", - href: aliased_user_edit(@user, current_user), + href: user_edit_dpo_path(@user), html_attributes: { "data-qa": "change-data-protection-officer" }, ) else @@ -95,7 +95,7 @@ if can_edit_key_contact?(@user, current_user) row.action( visually_hidden_text: "if a key contact", - href: aliased_user_edit(@user, current_user), + href: user_edit_key_contact_path(@user), html_attributes: { "data-qa": "change-key-contact" }, ) else diff --git a/config/routes.rb b/config/routes.rb index dc6588142..803d9bd09 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -53,6 +53,9 @@ Rails.application.routes.draw do end resources :users do + get "edit_dpo", to: "users#dpo" + get "edit_key_contact", to: "users#key_contact" + member do get "deactivate", to: "users#deactivate" get "reactivate", to: "users#reactivate" diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb index d1199038c..f3c0b7c01 100644 --- a/spec/features/user_spec.rb +++ b/spec/features/user_spec.rb @@ -363,6 +363,28 @@ RSpec.describe "User Features" do role: "data_provider", )).to be_a(User) end + + context "when updating other user DPO and key contact information" do + it "allows updating users dpo details" do + visit("/organisations/#{user.organisation.id}") + click_link("Users") + click_link(other_user.name) + find("a[href='#{user_edit_dpo_path(other_user)}']").click + choose("Yes") + click_button("Save changes") + expect(User.find_by(name: "Other name", role: "data_provider", is_dpo: true)).to be_a(User) + end + + it "allows updating users key contact details" do + visit("/organisations/#{user.organisation.id}") + click_link("Users") + click_link(other_user.name) + find("a[href='#{user_edit_key_contact_path(other_user)}']").click + choose("Yes") + click_button("Save changes") + expect(User.find_by(name: "Other name", role: "data_provider", is_key_contact: true)).to be_a(User) + end + end end context "when deactivating a user" do