diff --git a/app/controllers/soft_validations_controller.rb b/app/controllers/soft_validations_controller.rb index 4f9881de6..0f0baf376 100644 --- a/app/controllers/soft_validations_controller.rb +++ b/app/controllers/soft_validations_controller.rb @@ -1,4 +1,6 @@ class SoftValidationsController < ApplicationController + before_action :authenticate_user! + def show @case_log = CaseLog.find(params[:case_log_id]) page_id = request.env["PATH_INFO"].split("/")[-2] diff --git a/spec/requests/form_controller_spec.rb b/spec/requests/form_controller_spec.rb index 6e2fa50c5..f88b1219b 100644 --- a/spec/requests/form_controller_spec.rb +++ b/spec/requests/form_controller_spec.rb @@ -21,19 +21,23 @@ RSpec.describe FormController, type: :request do let(:headers) { { "Accept" => "text/html" } } context "a not signed in user" do - it "does not let you get case logs pages you don't have access to" do - get "/case-logs/#{case_log.id}/person-1-age", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") - end + describe "GET" do + it "does not let you get case logs pages you don't have access to" do + get "/case-logs/#{case_log.id}/person-1-age", headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") + end - it "does not let you get case log check answer pages you don't have access to" do - get "/case-logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + it "does not let you get case log check answer pages you don't have access to" do + get "/case-logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") + end end - it "does not let you post form answers to case logs you don't have access to" do - post "/case-logs/#{case_log.id}/form", params: {} - expect(response).to redirect_to("/users/sign-in") + describe "POST" do + it "does not let you post form answers to case logs you don't have access to" do + post "/case-logs/#{case_log.id}/form", params: {} + expect(response).to redirect_to("/users/sign-in") + end end end diff --git a/spec/requests/organisations_controller_spec.rb b/spec/requests/organisations_controller_spec.rb index 8782aa3e2..d086452ac 100644 --- a/spec/requests/organisations_controller_spec.rb +++ b/spec/requests/organisations_controller_spec.rb @@ -8,17 +8,21 @@ RSpec.describe OrganisationsController, type: :request do let(:user) { FactoryBot.create(:user, :data_coordinator) } context "a not signed in user" do - it "does not let you see organisation details" do - get "/organisations/#{organisation.id}", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + describe "#show" do + it "does not let you see organisation details from org route" do + get "/organisations/#{organisation.id}", headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") + end - get "/organisations/#{organisation.id}/details", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") - end + it "does not let you see organisation details from details route" do + get "/organisations/#{organisation.id}/details", headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") + end - it "does not let you see organisation users" do - get "/organisations/#{organisation.id}/users", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + it "does not let you see organisation users" do + get "/organisations/#{organisation.id}/users", headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") + end end end diff --git a/spec/requests/soft_validations_controller_spec.rb b/spec/requests/soft_validations_controller_spec.rb index d387ded97..83ffc3d58 100644 --- a/spec/requests/soft_validations_controller_spec.rb +++ b/spec/requests/soft_validations_controller_spec.rb @@ -3,36 +3,51 @@ require "rails_helper" RSpec.describe SoftValidationsController, type: :request do let(:params) { { case_log_id: case_log.id } } let(:url) { "/case-logs/#{case_log.id}/net-income/soft-validations" } + let(:user) { FactoryBot.create(:user) } - before do - get url, params: {} - end - - describe "GET #show" do - context "Soft validation overide required" do - let(:case_log) { FactoryBot.create(:case_log, :soft_validations_triggered) } + context "a not signed in user" do + let(:case_log) { FactoryBot.create(:case_log, :in_progress) } - it "returns a success response" do - expect(response).to be_successful + describe "GET #show" do + it "redirects to the sign in page" do + get url, headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") end + end + end - it "returns a json with the soft validation fields" do - json_response = JSON.parse(response.body) - expect(json_response["show"]).to eq(true) - expect(json_response["label"]).to match(/Are you sure this is correct?/) - end + context "a signed in user" do + before do + sign_in user + get url, params: {} end - context "Soft validation overide not required" do - let(:case_log) { FactoryBot.create(:case_log, :in_progress) } + describe "GET #show" do + context "Soft validation overide required" do + let(:case_log) { FactoryBot.create(:case_log, :soft_validations_triggered) } + + it "returns a success response" do + expect(response).to be_successful + end - it "returns a success response" do - expect(response).to be_successful + it "returns a json with the soft validation fields" do + json_response = JSON.parse(response.body) + expect(json_response["show"]).to eq(true) + expect(json_response["label"]).to match(/Are you sure this is correct?/) + end end - it "returns a json with the soft validation fields" do - json_response = JSON.parse(response.body) - expect(json_response["show"]).to eq(false) + context "Soft validation overide not required" do + let(:case_log) { FactoryBot.create(:case_log, :in_progress) } + + it "returns a success response" do + expect(response).to be_successful + end + + it "returns a json with the soft validation fields" do + json_response = JSON.parse(response.body) + expect(json_response["show"]).to eq(false) + end end end end diff --git a/spec/requests/user_controller_spec.rb b/spec/requests/user_controller_spec.rb index 527566d27..26f7bd959 100644 --- a/spec/requests/user_controller_spec.rb +++ b/spec/requests/user_controller_spec.rb @@ -10,24 +10,32 @@ RSpec.describe UsersController, type: :request do let(:params) { { id: user.id, user: { name: new_value } } } context "a not signed in user" do - it "does not let you see user details" do - get "/users/#{user.id}", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + describe "#show" do + it "does not let you see user details" do + get "/users/#{user.id}", headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") + end end - it "does not let you edit user details" do - get "/users/#{user.id}/edit", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + describe "#edit" do + it "does not let you edit user details" do + get "/users/#{user.id}/edit", headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") + end end - it "does not let you edit user passwords" do - get "/users/#{user.id}/password/edit", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + describe "#password" do + it "does not let you edit user passwords" do + get "/users/#{user.id}/password/edit", headers: headers, params: {} + expect(response).to redirect_to("/users/sign-in") + end end - it "does not let you update user details" do - patch "/case-logs/#{user.id}", params: {} - expect(response).to redirect_to("/users/sign-in") + describe "#patch" do + it "does not let you update user details" do + patch "/case-logs/#{user.id}", params: {} + expect(response).to redirect_to("/users/sign-in") + end end end