baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Authenticate soft validations controller

pull/143/head
baarkerlounger 4 years ago
parent
1daae5b5e1
commit
a3345644d1
5 changed files with 85 additions and 52 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      app/controllers/soft_validations_controller.rb
  2. 4
      spec/requests/form_controller_spec.rb
  3. 6
      spec/requests/organisations_controller_spec.rb
  4. 15
      spec/requests/soft_validations_controller_spec.rb
  5. 8
      spec/requests/user_controller_spec.rb

2
app/controllers/soft_validations_controller.rb
Unescape View File

@ -1,4 +1,6 @@
class SoftValidationsController < ApplicationController class SoftValidationsController < ApplicationController
before_action :authenticate_user!
def show def show
@case_log = CaseLog.find(params[:case_log_id]) @case_log = CaseLog.find(params[:case_log_id])
page_id = request.env["PATH_INFO"].split("/")[-2] page_id = request.env["PATH_INFO"].split("/")[-2]

4
spec/requests/form_controller_spec.rb
Unescape View File

@ -21,6 +21,7 @@ RSpec.describe FormController, type: :request do
let(:headers) { { "Accept" => "text/html" } } let(:headers) { { "Accept" => "text/html" } }
context "a not signed in user" do context "a not signed in user" do
describe "GET" do
it "does not let you get case logs pages you don't have access to" do it "does not let you get case logs pages you don't have access to" do
get "/case-logs/#{case_log.id}/person-1-age", headers: headers, params: {} get "/case-logs/#{case_log.id}/person-1-age", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
@ -30,12 +31,15 @@ RSpec.describe FormController, type: :request do
get "/case-logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {} get "/case-logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end end
end
describe "POST" do
it "does not let you post form answers to case logs you don't have access to" do it "does not let you post form answers to case logs you don't have access to" do
post "/case-logs/#{case_log.id}/form", params: {} post "/case-logs/#{case_log.id}/form", params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end end
end end
end
context "a signed in user" do context "a signed in user" do
before do before do

6
spec/requests/organisations_controller_spec.rb
Unescape View File

@ -8,10 +8,13 @@ RSpec.describe OrganisationsController, type: :request do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { FactoryBot.create(:user, :data_coordinator) }
context "a not signed in user" do context "a not signed in user" do
it "does not let you see organisation details" do describe "#show" do
it "does not let you see organisation details from org route" do
get "/organisations/#{organisation.id}", headers: headers, params: {} get "/organisations/#{organisation.id}", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end
it "does not let you see organisation details from details route" do
get "/organisations/#{organisation.id}/details", headers: headers, params: {} get "/organisations/#{organisation.id}/details", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end end
@ -21,6 +24,7 @@ RSpec.describe OrganisationsController, type: :request do
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end end
end end
end
context "a signed in user" do context "a signed in user" do
describe "#show" do describe "#show" do

15
spec/requests/soft_validations_controller_spec.rb
Unescape View File

@ -3,8 +3,22 @@ require "rails_helper"
RSpec.describe SoftValidationsController, type: :request do RSpec.describe SoftValidationsController, type: :request do
let(:params) { { case_log_id: case_log.id } } let(:params) { { case_log_id: case_log.id } }
let(:url) { "/case-logs/#{case_log.id}/net-income/soft-validations" } let(:url) { "/case-logs/#{case_log.id}/net-income/soft-validations" }
let(:user) { FactoryBot.create(:user) }
context "a not signed in user" do
let(:case_log) { FactoryBot.create(:case_log, :in_progress) }
describe "GET #show" do
it "redirects to the sign in page" do
get url, headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
end
end
context "a signed in user" do
before do before do
sign_in user
get url, params: {} get url, params: {}
end end
@ -36,4 +50,5 @@ RSpec.describe SoftValidationsController, type: :request do
end end
end end
end end
end
end end

8
spec/requests/user_controller_spec.rb
Unescape View File

@ -10,26 +10,34 @@ RSpec.describe UsersController, type: :request do
let(:params) { { id: user.id, user: { name: new_value } } } let(:params) { { id: user.id, user: { name: new_value } } }
context "a not signed in user" do context "a not signed in user" do
describe "#show" do
it "does not let you see user details" do it "does not let you see user details" do
get "/users/#{user.id}", headers: headers, params: {} get "/users/#{user.id}", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end end
end
describe "#edit" do
it "does not let you edit user details" do it "does not let you edit user details" do
get "/users/#{user.id}/edit", headers: headers, params: {} get "/users/#{user.id}/edit", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end end
end
describe "#password" do
it "does not let you edit user passwords" do it "does not let you edit user passwords" do
get "/users/#{user.id}/password/edit", headers: headers, params: {} get "/users/#{user.id}/password/edit", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end end
end
describe "#patch" do
it "does not let you update user details" do it "does not let you update user details" do
patch "/case-logs/#{user.id}", params: {} patch "/case-logs/#{user.id}", params: {}
expect(response).to redirect_to("/users/sign-in") expect(response).to redirect_to("/users/sign-in")
end end
end end
end
describe "#show" do describe "#show" do
context "current user is user" do context "current user is user" do

Write Preview
Loading…
Cancel
Save