From 6a76971bc8eb0b02b1e3a38bc1591025ea851942 Mon Sep 17 00:00:00 2001
From: JG <moarpheus@gmail.com>
Date: Wed, 15 Jun 2022 12:36:24 +0100
Subject: [PATCH] small refactoring

---
 app/controllers/schemes_controller.rb    |  5 +++--
 spec/requests/schemes_controller_spec.rb | 11 ++++++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/app/controllers/schemes_controller.rb b/app/controllers/schemes_controller.rb
index 22d1aa247..e97a08e4b 100644
--- a/app/controllers/schemes_controller.rb
+++ b/app/controllers/schemes_controller.rb
@@ -37,8 +37,9 @@ private
 
   def authenticate_scope!
     head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
-    if %w[show locations].include? action_name
-      render_not_found and return unless (current_user.organisation == @scheme.organisation) || current_user.support?
+
+    if %w[show locations].include?(action_name) && !((current_user.organisation == @scheme.organisation) || current_user.support?)
+      render_not_found and return
     end
   end
 end
diff --git a/spec/requests/schemes_controller_spec.rb b/spec/requests/schemes_controller_spec.rb
index e32acc908..8c8413766 100644
--- a/spec/requests/schemes_controller_spec.rb
+++ b/spec/requests/schemes_controller_spec.rb
@@ -283,7 +283,10 @@ RSpec.describe SchemesController, type: :request do
 
       context "when coordinator attempts to see scheme belonging to a different organisation" do
         let!(:specific_scheme) { FactoryBot.create(:scheme) }
-        let!(:locations) { FactoryBot.create(:location, scheme: specific_scheme) }
+
+        before do
+          FactoryBot.create(:location, scheme: specific_scheme)
+        end
 
         it "returns 404 not found" do
           get "/schemes/#{specific_scheme.id}/locations"
@@ -313,10 +316,9 @@ RSpec.describe SchemesController, type: :request do
       end
 
       context "when paginating over 20 results" do
-        let!(:locations) { FactoryBot.create_list(:location, 25, scheme:) }
-
         context "when on the first page" do
           before do
+            FactoryBot.create_list(:location, 25, scheme:)
             get "/schemes/#{scheme.id}/locations"
           end
 
@@ -392,10 +394,9 @@ RSpec.describe SchemesController, type: :request do
       end
 
       context "when paginating over 20 results" do
-        let!(:locations) { FactoryBot.create_list(:location, 25, scheme:) }
-
         context "when on the first page" do
           before do
+            FactoryBot.create_list(:location, 25, scheme:)
             get "/schemes/#{scheme.id}/locations"
           end