From 81d14d426b8985fef005e278cdbf884265f28b81 Mon Sep 17 00:00:00 2001 From: baarkerlounger Date: Thu, 21 Apr 2022 09:08:30 +0100 Subject: [PATCH] Refactor org edit permissions to helper --- app/helpers/user_helper.rb | 4 ++++ app/views/organisations/show.html.erb | 2 +- spec/helpers/user_helper_spec.rb | 24 ++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/app/helpers/user_helper.rb b/app/helpers/user_helper.rb index 329920346..fc82b26cb 100644 --- a/app/helpers/user_helper.rb +++ b/app/helpers/user_helper.rb @@ -30,4 +30,8 @@ module UserHelper def can_edit_key_contact?(_user, current_user) current_user.data_coordinator? || current_user.support? end + + def can_edit_org?(current_user) + current_user.data_coordinator? || current_user.support? + end end diff --git a/app/views/organisations/show.html.erb b/app/views/organisations/show.html.erb index f98ea86a9..0cd186f2e 100644 --- a/app/views/organisations/show.html.erb +++ b/app/views/organisations/show.html.erb @@ -9,7 +9,7 @@ <%= govuk_summary_list do |summary_list| %> <% @organisation.display_attributes.each do |attr| %> - <% if current_user.data_coordinator? && attr[:editable] %> + <% if can_edit_org?(current_user) && attr[:editable] %> <%= summary_list.row do |row| %> <% row.key { attr[:name].to_s.humanize } %> <% row.value { simple_format(attr[:value].to_s, {}, wrapper_tag: "div") } %> diff --git a/spec/helpers/user_helper_spec.rb b/spec/helpers/user_helper_spec.rb index 5ec525c69..87d99f5ed 100644 --- a/spec/helpers/user_helper_spec.rb +++ b/spec/helpers/user_helper_spec.rb @@ -135,5 +135,29 @@ RSpec.describe UserHelper do end end end + + context "when the user is a data provider viewing organisation details" do + let(:current_user) { FactoryBot.create(:user, :data_provider) } + + it "does not allow changing details" do + expect(can_edit_org?(current_user)).to be false + end + end + + context "when the user is a data coordinator viewing organisation details" do + let(:current_user) { FactoryBot.create(:user, :data_coordinator) } + + it "does not allow changing details" do + expect(can_edit_org?(current_user)).to be true + end + end + + context "when the user is a support user viewing organisation details" do + let(:current_user) { FactoryBot.create(:user, :support) } + + it "does not allow changing details" do + expect(can_edit_org?(current_user)).to be true + end + end end end