baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Authenticate soft validations controller

pull/143/head
baarkerlounger 4 years ago
parent
1daae5b5e1
commit
a3345644d1
5 changed files with 85 additions and 52 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      app/controllers/soft_validations_controller.rb
  2. 4
      spec/requests/form_controller_spec.rb
  3. 6
      spec/requests/organisations_controller_spec.rb
  4. 15
      spec/requests/soft_validations_controller_spec.rb
  5. 8
      spec/requests/user_controller_spec.rb

2
app/controllers/soft_validations_controller.rb
Unescape View File

@ -1,4 +1,6 @@
class SoftValidationsController < ApplicationController
before_action :authenticate_user!
def show
@case_log = CaseLog.find(params[:case_log_id])
page_id = request.env["PATH_INFO"].split("/")[-2]

4
spec/requests/form_controller_spec.rb
Unescape View File

@ -21,6 +21,7 @@ RSpec.describe FormController, type: :request do
let(:headers) { { "Accept" => "text/html" } }
context "a not signed in user" do
describe "GET" do
it "does not let you get case logs pages you don't have access to" do
get "/case-logs/#{case_log.id}/person-1-age", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
@ -30,12 +31,15 @@ RSpec.describe FormController, type: :request do
get "/case-logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
end
describe "POST" do
it "does not let you post form answers to case logs you don't have access to" do
post "/case-logs/#{case_log.id}/form", params: {}
expect(response).to redirect_to("/users/sign-in")
end
end
end
context "a signed in user" do
before do

6
spec/requests/organisations_controller_spec.rb
Unescape View File

@ -8,10 +8,13 @@ RSpec.describe OrganisationsController, type: :request do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
context "a not signed in user" do
it "does not let you see organisation details" do
describe "#show" do
it "does not let you see organisation details from org route" do
get "/organisations/#{organisation.id}", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
it "does not let you see organisation details from details route" do
get "/organisations/#{organisation.id}/details", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
@ -21,6 +24,7 @@ RSpec.describe OrganisationsController, type: :request do
expect(response).to redirect_to("/users/sign-in")
end
end
end
context "a signed in user" do
describe "#show" do

15
spec/requests/soft_validations_controller_spec.rb
Unescape View File

@ -3,8 +3,22 @@ require "rails_helper"
RSpec.describe SoftValidationsController, type: :request do
let(:params) { { case_log_id: case_log.id } }
let(:url) { "/case-logs/#{case_log.id}/net-income/soft-validations" }
let(:user) { FactoryBot.create(:user) }
context "a not signed in user" do
let(:case_log) { FactoryBot.create(:case_log, :in_progress) }
describe "GET #show" do
it "redirects to the sign in page" do
get url, headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
end
end
context "a signed in user" do
before do
sign_in user
get url, params: {}
end
@ -37,3 +51,4 @@ RSpec.describe SoftValidationsController, type: :request do
end
end
end
end

8
spec/requests/user_controller_spec.rb
Unescape View File

@ -10,26 +10,34 @@ RSpec.describe UsersController, type: :request do
let(:params) { { id: user.id, user: { name: new_value } } }
context "a not signed in user" do
describe "#show" do
it "does not let you see user details" do
get "/users/#{user.id}", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
end
describe "#edit" do
it "does not let you edit user details" do
get "/users/#{user.id}/edit", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
end
describe "#password" do
it "does not let you edit user passwords" do
get "/users/#{user.id}/password/edit", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
end
describe "#patch" do
it "does not let you update user details" do
patch "/case-logs/#{user.id}", params: {}
expect(response).to redirect_to("/users/sign-in")
end
end
end
describe "#show" do
context "current user is user" do

Write Preview
Loading…
Cancel
Save