Add a page to view the download

7 months ago · 84793fadbb
7 changed files with 93 additions and 2 deletions
--- a/app/controllers/csv_downloads_controller.rb
+++ b/app/controllers/csv_downloads_controller.rb
@ -1,6 +1,13 @@
 class CsvDownloadsController < ApplicationController
  before_action :authenticate_user!

+  def show
+    @csv_download = CsvDownload.find(params[:id])
+    authorize @csv_download
+
+    return render "errors/download_link_expired" if @csv_download.expired?
+  end
+
  def download
    csv_download = CsvDownload.find(params[:id])
    authorize csv_download
--- a/app/jobs/email_csv_job.rb
+++ b/app/jobs/email_csv_job.rb
@ -30,7 +30,8 @@ class EmailCsvJob < ApplicationJob
    storage_service.write_file(filename, BYTE_ORDER_MARK + csv_string)
    csv_download = CsvDownload.create!(user:, organisation: user.organisation, filename:, download_type: log_type, expiration_time: EXPIRATION_TIME)

-    url = download_csv_download_url(csv_download.id, host: ENV["APP_HOST"])
+    binding.pry
+    url = csv_download_url(csv_download.id, host: ENV["APP_HOST"])

    CsvDownloadMailer.new.send_csv_download_mail(user, url, EXPIRATION_TIME)
  end
--- a/app/jobs/scheme_email_csv_job.rb
+++ b/app/jobs/scheme_email_csv_job.rb
@ -33,7 +33,7 @@ class SchemeEmailCsvJob < ApplicationJob
    storage_service.write_file(filename, BYTE_ORDER_MARK + csv_string)
    csv_download = CsvDownload.create!(user:, organisation: user.organisation, filename:, download_type:, expiration_time: EXPIRATION_TIME)

-    url = download_csv_download_url(csv_download.id, host: ENV["APP_HOST"])
+    url = csv_download_url(csv_download.id, host: ENV["APP_HOST"])

    CsvDownloadMailer.new.send_csv_download_mail(user, url, EXPIRATION_TIME)
  end
--- a/app/policies/csv_download_policy.rb
+++ b/app/policies/csv_download_policy.rb
@ -6,6 +6,10 @@ class CsvDownloadPolicy
    @csv_download = csv_download
  end

+  def show?
+    @current_user == @csv_download.user || @current_user.support? || @current_user.organisation == @csv_download.organisation
+  end
+
  def download?
    @current_user == @csv_download.user || @current_user.support? || @current_user.organisation == @csv_download.organisation
  end
--- a/app/views/csv_downloads/show.html.erb
+++ b/app/views/csv_downloads/show.html.erb
@ -0,0 +1,10 @@
+<% title = "Downlaod CSV file" %>
+<% content_for :title, title %>
+
+<div class="govuk-grid-row">
+  <div class="govuk-grid-column-two-thirds-from-desktop">
+    <h1 class="govuk-heading-l govuk-!-margin-bottom-6">You are about to download a CSV file</h1>
+    <p class="govuk-body-m">Filename: <%= @csv_download.filename%></p>
+    <%= govuk_button_link_to "Download CSV", download_csv_download_path(@csv_download) %>
+  </div>
+</div>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -384,6 +384,7 @@ Rails.application.routes.draw do

  resources :csv_downloads, path: "csv-downloads" do
    member do
+      get "/", to: "csv_downloads#show", as: "show"
      get "download", to: "csv_downloads#download"
    end
  end
--- a/spec/requests/csv_downloads_controller_spec.rb
+++ b/spec/requests/csv_downloads_controller_spec.rb
@ -1,6 +1,74 @@
 require "rails_helper"

 RSpec.describe CsvDownloadsController, type: :request do
+  describe "GET #show" do
+    let(:page) { Capybara::Node::Simple.new(response.body) }
+    let(:csv_user) { create(:user) }
+    let(:csv_download) { create(:csv_download, user: csv_user, organisation: csv_user.organisation) }
+    let(:get_file_io) do
+      io = StringIO.new
+      io.write("hello")
+      io.rewind
+      io
+    end
+    let(:mock_storage_service) { instance_double(Storage::S3Service, get_file_io:, get_presigned_url: "https://example.com") }
+
+    before do
+      allow(Storage::S3Service).to receive(:new).and_return(mock_storage_service)
+    end
+
+    context "when user is not signed in" do
+      it "redirects to sign in page" do
+        get "/csv-downloads/#{csv_download.id}"
+        expect(response).to redirect_to("/account/sign-in")
+      end
+    end
+
+    context "when user is signed in" do
+      before do
+        sign_in user
+      end
+
+      context "and the user is from a different organisation" do
+        let(:user) { create(:user) }
+
+        before do
+          get "/csv-downloads/#{csv_download.id}"
+        end
+
+        it "returns page not found" do
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+
+      context "and is the user who generated the csv" do
+        let(:user) { csv_user }
+
+        before do
+          get "/csv-downloads/#{csv_download.id}"
+        end
+
+        it "allows downloading the csv" do
+          expect(response).to have_http_status(:ok)
+          expect(page).to have_link("Download CSV", href: "/csv-downloads/#{csv_download.id}/download")
+        end
+      end
+
+      context "and is the user is from the same organisation" do
+        let(:user) { create(:user, organisation: csv_user.organisation) }
+
+        before do
+          get "/csv-downloads/#{csv_download.id}"
+        end
+
+        it "allows downloading the csv" do
+          expect(response).to have_http_status(:ok)
+          expect(page).to have_link("Download CSV", href: "/csv-downloads/#{csv_download.id}/download")
+        end
+      end
+    end
+  end
+
  describe "GET #download" do
    let(:csv_user) { create(:user) }
    let(:csv_download) { create(:csv_download, user: csv_user, organisation: csv_user.organisation) }