baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Allow providers to update roles on staging (#2697)

pull/2677/head^2
kosiakkatrina 4 months ago committed by GitHub
parent
731dcc9325
commit
a655be63ca
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 29 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      app/policies/user_policy.rb
  2. 2
      app/views/users/edit.html.erb
  3. 27
      spec/policies/user_policy_spec.rb

3
app/policies/user_policy.rb
Unescape View File

@ -17,8 +17,9 @@ class UserPolicy
].each do |method_name|
define_method method_name do
return true if @current_user.support?
return true if @current_user.data_coordinator? && @user.active?
@current_user.data_coordinator? && @user.active?
Rails.env.staging? && Rails.application.credentials[:staging_role_update_email_allowlist].include?(@current_user.email.split("@").last.downcase)
end
end

2
app/views/users/edit.html.erb
Unescape View File

@ -51,7 +51,7 @@
<% end %>
<% end %>
<% if current_user.data_coordinator? || current_user.support? %>
<% if UserPolicy.new(current_user, @user).edit_roles? %>
<% roles = current_user.assignable_roles.map { |key, _| OpenStruct.new(id: key, name: key.to_s.humanize) } %>
<%= f.govuk_collection_radio_buttons :role,

27
spec/policies/user_policy_spec.rb
Unescape View File

@ -4,7 +4,7 @@ require "rails_helper"
RSpec.describe UserPolicy do
subject(:policy) { described_class }
let(:data_provider) { FactoryBot.create(:user, :data_provider) }
let(:data_provider) { FactoryBot.create(:user, :data_provider, email: "provider@example.com") }
let(:data_coordinator) { FactoryBot.create(:user, :data_coordinator) }
let(:support) { FactoryBot.create(:user, :support) }
@ -63,6 +63,11 @@ RSpec.describe UserPolicy do
expect(policy).not_to permit(data_provider, data_provider)
end
it "as a provider it does not allow changing roles when user is in email allowlist" do
allow(Rails.application.credentials).to receive(:[]).with(:staging_role_update_email_allowlist).and_return(["example.com"])
expect(policy).not_to permit(data_provider, data_provider)
end
it "as a coordinator allows changing other user's roles" do
expect(policy).to permit(data_coordinator, data_provider)
end
@ -70,6 +75,26 @@ RSpec.describe UserPolicy do
it "as a support user allows changing other user's roles" do
expect(policy).to permit(support, data_provider)
end
context "when on staging" do
context "and user is in the email allowlist" do
it "allows changing roles" do
allow(Rails.env).to receive(:staging?).and_return(true)
allow(Rails.application.credentials).to receive(:[]).with(:staging_role_update_email_allowlist).and_return(["example.com"])
expect(policy).to permit(data_provider, data_provider)
end
end
context "and user is not in the email allowlist" do
it "does not allow changing roles" do
allow(Rails.env).to receive(:staging?).and_return(true)
allow(Rails.application.credentials).to receive(:[]).with(:staging_role_update_email_allowlist).and_return(["something.com"])
expect(policy).not_to permit(data_provider, data_provider)
end
end
end
end
permissions :edit_dpo? do

Write Preview
Loading…
Cancel
Save