Users have roles

4 years ago · 7d03772521
10 changed files with 135 additions and 42 deletions
--- a/app/controllers/organisations_controller.rb
+++ b/app/controllers/organisations_controller.rb
@ -3,7 +3,11 @@ class OrganisationsController < ApplicationController
  before_action :find_organisation

  def users
-    render "users"
+    if current_user.data_coordinator?
+      render "users"
+    else
+      head :unauthorized
+    end
  end

 private
--- a/app/models/constants/user.rb
+++ b/app/models/constants/user.rb
@ -0,0 +1,7 @@
+module Constants::User
+  ROLES = {
+    "data_accessor" => 0,
+    "data_provider" => 1,
+    "data_coordinator" => 2,
+  }.freeze
+end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -1,4 +1,6 @@
 class User < ApplicationRecord
+  include Constants::User
+
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :recoverable, :rememberable, :validatable,
@ -8,6 +10,8 @@ class User < ApplicationRecord
  has_many :owned_case_logs, through: :organisation
  has_many :managed_case_logs, through: :organisation

+  enum role: ROLES
+
  def case_logs
    CaseLog.for_organisation(organisation)
  end
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@ -34,7 +34,7 @@

      <%= summary_list.row do |row|
        row.key { 'Role' }
-        row.value { current_user.role }
+        row.value { current_user.role.humanize }
        row.action()
      end %>
    <% end %>
--- a/db/migrate/20211202124802_change_user_role_to_enum.rb
+++ b/db/migrate/20211202124802_change_user_role_to_enum.rb
@ -0,0 +1,15 @@
+class ChangeUserRoleToEnum < ActiveRecord::Migration[6.1]
+  def up
+    change_table :users, bulk: true do |t|
+      t.remove :role
+      t.column :role, :integer
+    end
+  end
+
+  def down
+    change_table :users, bulk: true do |t|
+      t.remove :role
+      t.column :role, :string
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 2021_12_01_144335) do
+ActiveRecord::Schema.define(version: 2021_12_02_124802) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -198,13 +198,13 @@ ActiveRecord::Schema.define(version: 2021_12_01_144335) do
    t.datetime "created_at", precision: 6, null: false
    t.datetime "updated_at", precision: 6, null: false
    t.string "name"
-    t.string "role"
    t.bigint "organisation_id"
    t.integer "sign_in_count", default: 0, null: false
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string "current_sign_in_ip"
    t.string "last_sign_in_ip"
+    t.integer "role"
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["organisation_id"], name: "index_users_on_organisation_id"
    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -16,5 +16,18 @@ org = Organisation.create!(
  other_stock_owners: "None",
  managing_agents: "None",
 )
-User.create!(email: "test@example.com", password: "password", organisation: org)
+User.create!(
+  email: "test@example.com",
+  password: "password",
+  organisation: org,
+  role: "data_provider",
+)
+
+User.create!(
+  email: "coordinator@example.com",
+  password: "password",
+  organisation: org,
+  role: "data_coordinator",
+)
+
 AdminUser.create!(email: "admin@example.com", password: "password")
--- a/spec/factories/user.rb
+++ b/spec/factories/user.rb
@ -4,7 +4,10 @@ FactoryBot.define do
    name { "Danny Rojas" }
    password { "pAssword1" }
    organisation
-    role { "Data Provider" }
+    role { "data_provider" }
+    trait :data_coordinator do
+      role { "data_coordinator" }
+    end
    created_at { Time.zone.now }
    updated_at { Time.zone.now }
  end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -40,5 +40,11 @@ RSpec.describe User, type: :model do
      expect(user.completed_case_logs.to_a).to eq([owned_case_log])
      expect(user.not_completed_case_logs.to_a).to eq([managed_case_log])
    end
+
+    it "has a role" do
+      expect(user.role).to eq("data_provider")
+      expect(user.data_provider?).to be true
+      expect(user.data_coordinator?).to be false
+    end
  end
 end
--- a/spec/requests/organisations_controller_spec.rb
+++ b/spec/requests/organisations_controller_spec.rb
@ -1,58 +1,99 @@
 require "rails_helper"

 RSpec.describe OrganisationsController, type: :request do
-  let(:user) { FactoryBot.create(:user) }
  let(:organisation) { user.organisation }
  let(:headers) { { "Accept" => "text/html" } }
  let(:page) { Capybara::Node::Simple.new(response.body) }

-  context "details tab" do
-    before do
-      sign_in user
-      get "/organisations/#{organisation.id}", headers: headers, params: {}
-    end
+  context "As a data coordinator user" do
+    let(:user) { FactoryBot.create(:user, :data_coordinator) }

-    it "shows the tab navigation" do
-      expected_html = "<nav class=\"app-tab-navigation\""
-      expect(response.body).to include(expected_html)
-    end
+    context "details tab" do
+      before do
+        sign_in user
+        get "/organisations/#{organisation.id}", headers: headers, params: {}
+      end
+
+      it "shows the tab navigation" do
+        expected_html = "<nav class=\"app-tab-navigation\""
+        expect(response.body).to include(expected_html)
+      end
+
+      it "shows a summary list of org details" do
+        expected_html = "<dl class=\"govuk-summary-list\""
+        expect(response.body).to include(expected_html)
+        expect(response.body).to include(organisation.name)
+      end

-    it "shows a summary list of org details" do
-      expected_html = "<dl class=\"govuk-summary-list\""
-      expect(response.body).to include(expected_html)
-      expect(response.body).to include(organisation.name)
+      it "has a hidden header title" do
+        expected_html = "<h2 class=\"govuk-visually-hidden\">  Details"
+        expect(response.body).to include(expected_html)
+      end
    end

-    it "has a hidden header title" do
-      expected_html = "<h2 class=\"govuk-visually-hidden\">  Details"
-      expect(response.body).to include(expected_html)
+    context "users tab" do
+      before do
+        sign_in user
+        get "/organisations/#{organisation.id}/users", headers: headers, params: {}
+      end
+
+      it "shows the tab navigation" do
+        expected_html = "<nav class=\"app-tab-navigation\""
+        expect(response.body).to include(expected_html)
+      end
+
+      it "shows a new user button" do
+        expect(page).to have_link("Invite user")
+      end
+
+      it "shows a table of users" do
+        expected_html = "<table class=\"govuk-table\""
+        expect(response.body).to include(expected_html)
+        expect(response.body).to include(user.email)
+      end
+
+      it "has a hidden header title" do
+        expected_html = "<h2 class=\"govuk-visually-hidden\">  Users"
+        expect(response.body).to include(expected_html)
+      end
    end
  end

-  context "users tab" do
-    before do
-      sign_in user
-      get "/organisations/#{organisation.id}/users", headers: headers, params: {}
-    end
+  context "As a data provider user" do
+    let(:user) { FactoryBot.create(:user) }

-    it "shows the tab navigation" do
-      expected_html = "<nav class=\"app-tab-navigation\""
-      expect(response.body).to include(expected_html)
-    end
+    context "details tab" do
+      before do
+        sign_in user
+        get "/organisations/#{organisation.id}", headers: headers, params: {}
+      end

-    it "shows a new user button" do
-      expect(page).to have_link("Invite user")
-    end
+      it "shows the tab navigation" do
+        expected_html = "<nav class=\"app-tab-navigation\""
+        expect(response.body).to include(expected_html)
+      end
+
+      it "shows a summary list of org details" do
+        expected_html = "<dl class=\"govuk-summary-list\""
+        expect(response.body).to include(expected_html)
+        expect(response.body).to include(organisation.name)
+      end

-    it "shows a table of users" do
-      expected_html = "<table class=\"govuk-table\""
-      expect(response.body).to include(expected_html)
-      expect(response.body).to include(user.email)
+      it "has a hidden header title" do
+        expected_html = "<h2 class=\"govuk-visually-hidden\">  Details"
+        expect(response.body).to include(expected_html)
+      end
    end

-    it "has a hidden header title" do
-      expected_html = "<h2 class=\"govuk-visually-hidden\">  Users"
-      expect(response.body).to include(expected_html)
+    context "users tab" do
+      before do
+        sign_in user
+        get "/organisations/#{organisation.id}/users", headers: headers, params: {}
+      end
+
+      it "should return unauthorised 401" do
+        expect(response).to have_http_status(:unauthorized)
+      end
    end
  end
 end