From 7d03772521c92fc77de167271a542fc1638371df Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Thu, 2 Dec 2021 13:52:13 +0000
Subject: [PATCH] Users have roles

---
 app/controllers/organisations_controller.rb   |   6 +-
 app/models/constants/user.rb                  |   7 ++
 app/models/user.rb                            |   4 +
 app/views/users/show.html.erb                 |   2 +-
 ...20211202124802_change_user_role_to_enum.rb |  15 +++
 db/schema.rb                                  |   4 +-
 db/seeds.rb                                   |  15 ++-
 spec/factories/user.rb                        |   5 +-
 spec/models/user_spec.rb                      |   6 +
 .../requests/organisations_controller_spec.rb | 113 ++++++++++++------
 10 files changed, 135 insertions(+), 42 deletions(-)
 create mode 100644 app/models/constants/user.rb
 create mode 100644 db/migrate/20211202124802_change_user_role_to_enum.rb

diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb
index 87b075e15..28d17eff6 100644
--- a/app/controllers/organisations_controller.rb
+++ b/app/controllers/organisations_controller.rb
@@ -3,7 +3,11 @@ class OrganisationsController < ApplicationController
   before_action :find_organisation
 
   def users
-    render "users"
+    if current_user.data_coordinator?
+      render "users"
+    else
+      head :unauthorized
+    end
   end
 
 private
diff --git a/app/models/constants/user.rb b/app/models/constants/user.rb
new file mode 100644
index 000000000..d0a24cbeb
--- /dev/null
+++ b/app/models/constants/user.rb
@@ -0,0 +1,7 @@
+module Constants::User
+  ROLES = {
+    "data_accessor" => 0,
+    "data_provider" => 1,
+    "data_coordinator" => 2,
+  }.freeze
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 81d3d2d9c..8e18a55db 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,4 +1,6 @@
 class User < ApplicationRecord
+  include Constants::User
+
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :recoverable, :rememberable, :validatable,
@@ -8,6 +10,8 @@ class User < ApplicationRecord
   has_many :owned_case_logs, through: :organisation
   has_many :managed_case_logs, through: :organisation
 
+  enum role: ROLES
+
   def case_logs
     CaseLog.for_organisation(organisation)
   end
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 7b2dae5c2..97fa5963c 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -34,7 +34,7 @@
 
       <%= summary_list.row do |row|
         row.key { 'Role' }
-        row.value { current_user.role }
+        row.value { current_user.role.humanize }
         row.action()
       end %>
     <% end %>
diff --git a/db/migrate/20211202124802_change_user_role_to_enum.rb b/db/migrate/20211202124802_change_user_role_to_enum.rb
new file mode 100644
index 000000000..7eaa5ecd9
--- /dev/null
+++ b/db/migrate/20211202124802_change_user_role_to_enum.rb
@@ -0,0 +1,15 @@
+class ChangeUserRoleToEnum < ActiveRecord::Migration[6.1]
+  def up
+    change_table :users, bulk: true do |t|
+      t.remove :role
+      t.column :role, :integer
+    end
+  end
+
+  def down
+    change_table :users, bulk: true do |t|
+      t.remove :role
+      t.column :role, :string
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 8b85217f5..fe6ed0955 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2021_12_01_144335) do
+ActiveRecord::Schema.define(version: 2021_12_02_124802) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -198,13 +198,13 @@ ActiveRecord::Schema.define(version: 2021_12_01_144335) do
     t.datetime "created_at", precision: 6, null: false
     t.datetime "updated_at", precision: 6, null: false
     t.string "name"
-    t.string "role"
     t.bigint "organisation_id"
     t.integer "sign_in_count", default: 0, null: false
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
     t.string "current_sign_in_ip"
     t.string "last_sign_in_ip"
+    t.integer "role"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["organisation_id"], name: "index_users_on_organisation_id"
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
diff --git a/db/seeds.rb b/db/seeds.rb
index 6ff200682..a59808694 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -16,5 +16,18 @@ org = Organisation.create!(
   other_stock_owners: "None",
   managing_agents: "None",
 )
-User.create!(email: "test@example.com", password: "password", organisation: org)
+User.create!(
+  email: "test@example.com",
+  password: "password",
+  organisation: org,
+  role: "data_provider",
+)
+
+User.create!(
+  email: "coordinator@example.com",
+  password: "password",
+  organisation: org,
+  role: "data_coordinator",
+)
+
 AdminUser.create!(email: "admin@example.com", password: "password")
diff --git a/spec/factories/user.rb b/spec/factories/user.rb
index 36789715a..aa08b1d99 100644
--- a/spec/factories/user.rb
+++ b/spec/factories/user.rb
@@ -4,7 +4,10 @@ FactoryBot.define do
     name { "Danny Rojas" }
     password { "pAssword1" }
     organisation
-    role { "Data Provider" }
+    role { "data_provider" }
+    trait :data_coordinator do
+      role { "data_coordinator" }
+    end
     created_at { Time.zone.now }
     updated_at { Time.zone.now }
   end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index bec457e7f..3195b73a0 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -40,5 +40,11 @@ RSpec.describe User, type: :model do
       expect(user.completed_case_logs.to_a).to eq([owned_case_log])
       expect(user.not_completed_case_logs.to_a).to eq([managed_case_log])
     end
+
+    it "has a role" do
+      expect(user.role).to eq("data_provider")
+      expect(user.data_provider?).to be true
+      expect(user.data_coordinator?).to be false
+    end
   end
 end
diff --git a/spec/requests/organisations_controller_spec.rb b/spec/requests/organisations_controller_spec.rb
index cd07845ac..6081c625a 100644
--- a/spec/requests/organisations_controller_spec.rb
+++ b/spec/requests/organisations_controller_spec.rb
@@ -1,58 +1,99 @@
 require "rails_helper"
 
 RSpec.describe OrganisationsController, type: :request do
-  let(:user) { FactoryBot.create(:user) }
   let(:organisation) { user.organisation }
   let(:headers) { { "Accept" => "text/html" } }
   let(:page) { Capybara::Node::Simple.new(response.body) }
 
-  context "details tab" do
-    before do
-      sign_in user
-      get "/organisations/#{organisation.id}", headers: headers, params: {}
-    end
+  context "As a data coordinator user" do
+    let(:user) { FactoryBot.create(:user, :data_coordinator) }
 
-    it "shows the tab navigation" do
-      expected_html = "<nav class=\"app-tab-navigation\""
-      expect(response.body).to include(expected_html)
-    end
+    context "details tab" do
+      before do
+        sign_in user
+        get "/organisations/#{organisation.id}", headers: headers, params: {}
+      end
+
+      it "shows the tab navigation" do
+        expected_html = "<nav class=\"app-tab-navigation\""
+        expect(response.body).to include(expected_html)
+      end
+
+      it "shows a summary list of org details" do
+        expected_html = "<dl class=\"govuk-summary-list\""
+        expect(response.body).to include(expected_html)
+        expect(response.body).to include(organisation.name)
+      end
 
-    it "shows a summary list of org details" do
-      expected_html = "<dl class=\"govuk-summary-list\""
-      expect(response.body).to include(expected_html)
-      expect(response.body).to include(organisation.name)
+      it "has a hidden header title" do
+        expected_html = "<h2 class=\"govuk-visually-hidden\">  Details"
+        expect(response.body).to include(expected_html)
+      end
     end
 
-    it "has a hidden header title" do
-      expected_html = "<h2 class=\"govuk-visually-hidden\">  Details"
-      expect(response.body).to include(expected_html)
+    context "users tab" do
+      before do
+        sign_in user
+        get "/organisations/#{organisation.id}/users", headers: headers, params: {}
+      end
+
+      it "shows the tab navigation" do
+        expected_html = "<nav class=\"app-tab-navigation\""
+        expect(response.body).to include(expected_html)
+      end
+
+      it "shows a new user button" do
+        expect(page).to have_link("Invite user")
+      end
+
+      it "shows a table of users" do
+        expected_html = "<table class=\"govuk-table\""
+        expect(response.body).to include(expected_html)
+        expect(response.body).to include(user.email)
+      end
+
+      it "has a hidden header title" do
+        expected_html = "<h2 class=\"govuk-visually-hidden\">  Users"
+        expect(response.body).to include(expected_html)
+      end
     end
   end
 
-  context "users tab" do
-    before do
-      sign_in user
-      get "/organisations/#{organisation.id}/users", headers: headers, params: {}
-    end
+  context "As a data provider user" do
+    let(:user) { FactoryBot.create(:user) }
 
-    it "shows the tab navigation" do
-      expected_html = "<nav class=\"app-tab-navigation\""
-      expect(response.body).to include(expected_html)
-    end
+    context "details tab" do
+      before do
+        sign_in user
+        get "/organisations/#{organisation.id}", headers: headers, params: {}
+      end
 
-    it "shows a new user button" do
-      expect(page).to have_link("Invite user")
-    end
+      it "shows the tab navigation" do
+        expected_html = "<nav class=\"app-tab-navigation\""
+        expect(response.body).to include(expected_html)
+      end
+
+      it "shows a summary list of org details" do
+        expected_html = "<dl class=\"govuk-summary-list\""
+        expect(response.body).to include(expected_html)
+        expect(response.body).to include(organisation.name)
+      end
 
-    it "shows a table of users" do
-      expected_html = "<table class=\"govuk-table\""
-      expect(response.body).to include(expected_html)
-      expect(response.body).to include(user.email)
+      it "has a hidden header title" do
+        expected_html = "<h2 class=\"govuk-visually-hidden\">  Details"
+        expect(response.body).to include(expected_html)
+      end
     end
 
-    it "has a hidden header title" do
-      expected_html = "<h2 class=\"govuk-visually-hidden\">  Users"
-      expect(response.body).to include(expected_html)
+    context "users tab" do
+      before do
+        sign_in user
+        get "/organisations/#{organisation.id}/users", headers: headers, params: {}
+      end
+
+      it "should return unauthorised 401" do
+        expect(response).to have_http_status(:unauthorized)
+      end
     end
   end
 end