|
|
|
|
@ -2,12 +2,14 @@ require "rails_helper"
|
|
|
|
|
|
|
|
|
|
RSpec.describe OrganisationsController, type: :request do |
|
|
|
|
let(:organisation) { user.organisation } |
|
|
|
|
let(:unauthorised_organisation) { FactoryBot.create(:organisation) } |
|
|
|
|
let(:headers) { { "Accept" => "text/html" } } |
|
|
|
|
let(:page) { Capybara::Node::Simple.new(response.body) } |
|
|
|
|
|
|
|
|
|
describe "#show" do |
|
|
|
|
let(:user) { FactoryBot.create(:user, :data_coordinator) } |
|
|
|
|
|
|
|
|
|
context "organisation that the user belongs to" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
get "/organisations/#{organisation.id}", headers: headers, params: {} |
|
|
|
|
@ -18,10 +20,23 @@ RSpec.describe OrganisationsController, type: :request do
|
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context "organisation that are not in scope for the user, i.e. that they do not belong to" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}", headers: headers, params: {} |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
it "returns unauthorised from org route" do |
|
|
|
|
expect(response).to have_http_status(:unauthorized) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context "As a data coordinator user" do |
|
|
|
|
let(:user) { FactoryBot.create(:user, :data_coordinator) } |
|
|
|
|
|
|
|
|
|
context "details tab" do |
|
|
|
|
context "organisation that the user belongs to" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
get "/organisations/#{organisation.id}/details", headers: headers, params: {} |
|
|
|
|
@ -44,7 +59,20 @@ RSpec.describe OrganisationsController, type: :request do
|
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context "organisation that are not in scope for the user, i.e. that they do not belong to" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}/details", headers: headers, params: {} |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
it "returns unauthorised from org details route" do |
|
|
|
|
expect(response).to have_http_status(:unauthorized) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context "users tab" do |
|
|
|
|
context "organisation that the user belongs to" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
get "/organisations/#{organisation.id}/users", headers: headers, params: {} |
|
|
|
|
@ -70,12 +98,25 @@ RSpec.describe OrganisationsController, type: :request do
|
|
|
|
|
expect(response.body).to include(expected_html) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context "organisation that are not in scope for the user, i.e. that they do not belong to" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}/users", headers: headers, params: {} |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
it "returns unauthorised from users page" do |
|
|
|
|
expect(response).to have_http_status(:unauthorized) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context "As a data provider user" do |
|
|
|
|
let(:user) { FactoryBot.create(:user) } |
|
|
|
|
|
|
|
|
|
context "details tab" do |
|
|
|
|
context "organisation that the user belongs to" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
get "/organisations/#{organisation.id}/details", headers: headers, params: {} |
|
|
|
|
@ -98,6 +139,18 @@ RSpec.describe OrganisationsController, type: :request do
|
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context "organisation that are not in scope for the user, i.e. that they do not belong to" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
get "/organisations/#{unauthorised_organisation.id}/details", headers: headers, params: {} |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
it "returns unauthorised" do |
|
|
|
|
expect(response).to have_http_status(:unauthorized) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context "users tab" do |
|
|
|
|
before do |
|
|
|
|
sign_in user |
|
|
|
|
|
