baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

More tests for access

pull/143/head
baarkerlounger 4 years ago
parent
d6a40e2d9f
commit
c268854279
2 changed files with 235 additions and 207 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 87
      spec/requests/case_log_controller_spec.rb
  2. 355
      spec/requests/form_controller_spec.rb

87
spec/requests/case_log_controller_spec.rb
Unescape View File

@ -180,54 +180,63 @@ RSpec.describe CaseLogsController, type: :request do
allow(FormHandler.instance).to receive(:get_form).and_return(form) allow(FormHandler.instance).to receive(:get_form).and_return(form)
end end
context "case logs that are owned or managed by your organisation" do context "a user that is not signed in" do
before do it "does not let you get case log tasklist pages you don't have access to" do
sign_in user
get "/case-logs/#{case_log.id}", headers: headers, params: {} get "/case-logs/#{case_log.id}", headers: headers, params: {}
end expect(response).to redirect_to("/users/sign-in")
it "shows the tasklist for case logs you have access to" do
expect(response.body).to match("Case log")
expect(response.body).to match(case_log.id.to_s)
end
it "displays a section status for a case log" do
assert_select ".govuk-tag", text: /Not started/, count: 8
assert_select ".govuk-tag", text: /Completed/, count: 0
assert_select ".govuk-tag", text: /Cannot start yet/, count: 1
end end
end end
context "case log with a single section complete" do context "a signed in user" do
let(:section_completed_case_log) do context "case logs that are owned or managed by your organisation" do
FactoryBot.create( before do
:case_log, sign_in user
:conditional_section_complete, get "/case-logs/#{case_log.id}", headers: headers, params: {}
owning_organisation: organisation, end
managing_organisation: organisation,
) it "shows the tasklist for case logs you have access to" do
expect(response.body).to match("Case log")
expect(response.body).to match(case_log.id.to_s)
end
it "displays a section status for a case log" do
assert_select ".govuk-tag", text: /Not started/, count: 8
assert_select ".govuk-tag", text: /Completed/, count: 0
assert_select ".govuk-tag", text: /Cannot start yet/, count: 1
end
end end
before do context "case log with a single section complete" do
sign_in user let(:section_completed_case_log) do
get "/case-logs/#{section_completed_case_log.id}", headers: headers, params: {} FactoryBot.create(
:case_log,
:conditional_section_complete,
owning_organisation: organisation,
managing_organisation: organisation,
)
end
before do
sign_in user
get "/case-logs/#{section_completed_case_log.id}", headers: headers, params: {}
end
it "displays a section status for a case log" do
assert_select ".govuk-tag", text: /Not started/, count: 7
assert_select ".govuk-tag", text: /Completed/, count: 1
assert_select ".govuk-tag", text: /Cannot start yet/, count: 1
end
end end
it "displays a section status for a case log" do context "case logs that are not owned or managed by your organisation" do
assert_select ".govuk-tag", text: /Not started/, count: 7 before do
assert_select ".govuk-tag", text: /Completed/, count: 1 sign_in user
assert_select ".govuk-tag", text: /Cannot start yet/, count: 1 get "/case-logs/#{unauthorized_case_log.id}", headers: headers, params: {}
end end
end
context "case logs that are not owned or managed by your organisation" do
before do
sign_in user
get "/case-logs/#{unauthorized_case_log.id}", headers: headers, params: {}
end
it "does not show the tasklist for case logs you don't have access to" do it "does not show the tasklist for case logs you don't have access to" do
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:not_found)
end
end end
end end
end end

355
spec/requests/form_controller_spec.rb
Unescape View File

@ -20,136 +20,111 @@ RSpec.describe FormController, type: :request do
end end
let(:headers) { { "Accept" => "text/html" } } let(:headers) { { "Accept" => "text/html" } }
before do context "a not signed in user" do
sign_in user it "does not let you get case logs pages you don't have access to" do
end get "/case-logs/#{case_log.id}/person-1-age", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
end
describe "GET" do it "does not let you get case log check answer pages you don't have access to" do
context "form pages" do get "/case-logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {}
context "case logs that are not owned or managed by your organisation" do expect(response).to redirect_to("/users/sign-in")
it "does not show form pages for case logs you don't have access to" do
get "/case-logs/#{unauthorized_case_log.id}/person-1-age", headers: headers, params: {}
expect(response).to have_http_status(:not_found)
end
end
end end
context "check answers pages" do it "does not let you post form answers to case logs you don't have access to" do
context "case logs that are not owned or managed by your organisation" do post "/case-logs/#{case_log.id}/form", params: {}
it "does not show a check answers for case logs you don't have access to" do expect(response).to redirect_to("/users/sign-in")
get "/case-logs/#{unauthorized_case_log.id}/household-characteristics/check-answers", headers: headers, params: {}
expect(response).to have_http_status(:not_found)
end
end
end end
end end
describe "Submit Form" do context "a signed in user" do
context "a form page" do before do
let(:user) { FactoryBot.create(:user) } sign_in user
let(:form) { Form.new("spec/fixtures/forms/test_form.json") } end
let(:organisation) { user.organisation }
let(:case_log) do
FactoryBot.create(
:case_log,
owning_organisation: organisation,
managing_organisation: organisation,
)
end
let(:page_id) { "person_1_age" }
let(:params) do
{
id: case_log.id,
case_log: {
page: page_id,
age1: answer,
},
}
end
before do describe "GET" do
allow(FormHandler.instance).to receive(:get_form).and_return(form) context "form pages" do
post "/case-logs/#{case_log.id}/form", params: params context "case logs that are not owned or managed by your organisation" do
it "does not show form pages for case logs you don't have access to" do
get "/case-logs/#{unauthorized_case_log.id}/person-1-age", headers: headers, params: {}
expect(response).to have_http_status(:not_found)
end
end
end end
context "invalid answers" do context "check answers pages" do
let(:answer) { 2000 } context "case logs that are not owned or managed by your organisation" do
it "does not show a check answers for case logs you don't have access to" do
it "re-renders the same page with errors if validation fails" do get "/case-logs/#{unauthorized_case_log.id}/household-characteristics/check-answers", headers: headers, params: {}
expect(response).to have_http_status(:unprocessable_entity) expect(response).to have_http_status(:not_found)
end
end end
end end
end
context "valid answers" do describe "Submit Form" do
let(:answer) { 20 } context "a form page" do
let(:user) { FactoryBot.create(:user) }
it "re-renders the same page with errors if validation fails" do let(:form) { Form.new("spec/fixtures/forms/test_form.json") }
expect(response).to have_http_status(:redirect) let(:organisation) { user.organisation }
let(:case_log) do
FactoryBot.create(
:case_log,
owning_organisation: organisation,
managing_organisation: organisation,
)
end end
let(:page_id) { "person_1_age" }
let(:params) do let(:params) do
{ {
id: case_log.id, id: case_log.id,
case_log: { case_log: {
page: page_id, page: page_id,
age1: answer, age1: answer,
age2: 2000,
}, },
} }
end end
it "only updates answers that apply to the page being submitted" do before do
case_log.reload allow(FormHandler.instance).to receive(:get_form).and_return(form)
expect(case_log.age1).to eq(answer) post "/case-logs/#{case_log.id}/form", params: params
expect(case_log.age2).to be nil
end end
end
end
context "checkbox questions" do context "invalid answers" do
let(:case_log_form_params) do let(:answer) { 2000 }
{
id: case_log.id,
case_log: {
page: "accessibility_requirements",
accessibility_requirements:
%w[ housingneeds_a
housingneeds_b
housingneeds_c],
},
}
end
let(:new_case_log_form_params) do it "re-renders the same page with errors if validation fails" do
{ expect(response).to have_http_status(:unprocessable_entity)
id: case_log.id, end
case_log: { end
page: "accessibility_requirements",
accessibility_requirements: %w[housingneeds_c],
},
}
end
it "sets checked items to true" do context "valid answers" do
post "/case-logs/#{case_log.id}/form", params: case_log_form_params let(:answer) { 20 }
case_log.reload
expect(case_log.housingneeds_a).to eq("Yes") it "re-renders the same page with errors if validation fails" do
expect(case_log.housingneeds_b).to eq("Yes") expect(response).to have_http_status(:redirect)
expect(case_log.housingneeds_c).to eq("Yes") end
end
it "sets previously submitted items to false when resubmitted with new values" do let(:params) do
post "/case-logs/#{case_log.id}/form", params: new_case_log_form_params {
case_log.reload id: case_log.id,
case_log: {
page: page_id,
age1: answer,
age2: 2000,
},
}
end
expect(case_log.housingneeds_a).to eq("No") it "only updates answers that apply to the page being submitted" do
expect(case_log.housingneeds_b).to eq("No") case_log.reload
expect(case_log.housingneeds_c).to eq("Yes") expect(case_log.age1).to eq(answer)
expect(case_log.age2).to be nil
end
end
end end
context "given a page with checkbox and non-checkbox questions" do context "checkbox questions" do
let(:tenant_code) { "BZ355" }
let(:case_log_form_params) do let(:case_log_form_params) do
{ {
id: case_log.id, id: case_log.id,
@ -159,96 +134,140 @@ RSpec.describe FormController, type: :request do
%w[ housingneeds_a %w[ housingneeds_a
housingneeds_b housingneeds_b
housingneeds_c], housingneeds_c],
tenant_code: tenant_code,
}, },
} }
end end
let(:questions_for_page) do
[ let(:new_case_log_form_params) do
Form::Question.new( {
"accessibility_requirements", id: case_log.id,
{ case_log: {
"type" => "checkbox", page: "accessibility_requirements",
"answer_options" => accessibility_requirements: %w[housingneeds_c],
{ "housingneeds_a" => "Fully wheelchair accessible housing", },
"housingneeds_b" => "Wheelchair access to essential rooms", }
"housingneeds_c" => "Level access housing", end
"housingneeds_f" => "Other disability requirements",
"housingneeds_g" => "No disability requirements", it "sets checked items to true" do
"divider_a" => true,
"housingneeds_h" => "Do not know",
"divider_b" => true,
"accessibility_requirements_prefer_not_to_say" => "Prefer not to say" },
}, nil
),
Form::Question.new("tenant_code", { "type" => "text" }, nil),
]
end
it "updates both question fields" do
allow_any_instance_of(Form::Page).to receive(:expected_responses).and_return(questions_for_page)
post "/case-logs/#{case_log.id}/form", params: case_log_form_params post "/case-logs/#{case_log.id}/form", params: case_log_form_params
case_log.reload case_log.reload
expect(case_log.housingneeds_a).to eq("Yes") expect(case_log.housingneeds_a).to eq("Yes")
expect(case_log.housingneeds_b).to eq("Yes") expect(case_log.housingneeds_b).to eq("Yes")
expect(case_log.housingneeds_c).to eq("Yes") expect(case_log.housingneeds_c).to eq("Yes")
expect(case_log.tenant_code).to eq(tenant_code)
end end
end
end
context "conditional routing" do it "sets previously submitted items to false when resubmitted with new values" do
before do post "/case-logs/#{case_log.id}/form", params: new_case_log_form_params
allow_any_instance_of(CaseLogValidator).to receive(:validate_pregnancy).and_return(true) case_log.reload
end
let(:case_log_form_conditional_question_yes_params) do expect(case_log.housingneeds_a).to eq("No")
{ expect(case_log.housingneeds_b).to eq("No")
id: case_log.id, expect(case_log.housingneeds_c).to eq("Yes")
case_log: { end
page: "conditional_question",
preg_occ: "Yes",
},
}
end
let(:case_log_form_conditional_question_no_params) do context "given a page with checkbox and non-checkbox questions" do
{ let(:tenant_code) { "BZ355" }
id: case_log.id, let(:case_log_form_params) do
case_log: { {
page: "conditional_question", id: case_log.id,
preg_occ: "No", case_log: {
}, page: "accessibility_requirements",
} accessibility_requirements:
end %w[ housingneeds_a
housingneeds_b
housingneeds_c],
tenant_code: tenant_code,
},
}
end
let(:questions_for_page) do
[
Form::Question.new(
"accessibility_requirements",
{
"type" => "checkbox",
"answer_options" =>
{ "housingneeds_a" => "Fully wheelchair accessible housing",
"housingneeds_b" => "Wheelchair access to essential rooms",
"housingneeds_c" => "Level access housing",
"housingneeds_f" => "Other disability requirements",
"housingneeds_g" => "No disability requirements",
"divider_a" => true,
"housingneeds_h" => "Do not know",
"divider_b" => true,
"accessibility_requirements_prefer_not_to_say" => "Prefer not to say" },
}, nil
),
Form::Question.new("tenant_code", { "type" => "text" }, nil),
]
end
it "routes to the appropriate conditional page based on the question answer of the current page" do it "updates both question fields" do
post "/case-logs/#{case_log.id}/form", params: case_log_form_conditional_question_yes_params allow_any_instance_of(Form::Page).to receive(:expected_responses).and_return(questions_for_page)
expect(response).to redirect_to("/case-logs/#{case_log.id}/conditional-question-yes-page") post "/case-logs/#{case_log.id}/form", params: case_log_form_params
case_log.reload
post "/case-logs/#{case_log.id}/form", params: case_log_form_conditional_question_no_params expect(case_log.housingneeds_a).to eq("Yes")
expect(response).to redirect_to("/case-logs/#{case_log.id}/conditional-question-no-page") expect(case_log.housingneeds_b).to eq("Yes")
expect(case_log.housingneeds_c).to eq("Yes")
expect(case_log.tenant_code).to eq(tenant_code)
end
end
end end
end
context "case logs that are not owned or managed by your organisation" do context "conditional routing" do
let(:answer) { 25 } before do
let(:other_organisation) { FactoryBot.create(:organisation) } allow_any_instance_of(CaseLogValidator).to receive(:validate_pregnancy).and_return(true)
let(:unauthorized_case_log) do end
FactoryBot.create(
:case_log,
owning_organisation: other_organisation,
managing_organisation: other_organisation,
)
end
before do let(:case_log_form_conditional_question_yes_params) do
post "/case-logs/#{unauthorized_case_log.id}/form", params: {} {
id: case_log.id,
case_log: {
page: "conditional_question",
preg_occ: "Yes",
},
}
end
let(:case_log_form_conditional_question_no_params) do
{
id: case_log.id,
case_log: {
page: "conditional_question",
preg_occ: "No",
},
}
end
it "routes to the appropriate conditional page based on the question answer of the current page" do
post "/case-logs/#{case_log.id}/form", params: case_log_form_conditional_question_yes_params
expect(response).to redirect_to("/case-logs/#{case_log.id}/conditional-question-yes-page")
post "/case-logs/#{case_log.id}/form", params: case_log_form_conditional_question_no_params
expect(response).to redirect_to("/case-logs/#{case_log.id}/conditional-question-no-page")
end
end end
it "does not let you post form answers to case logs you don't have access to" do context "case logs that are not owned or managed by your organisation" do
expect(response).to have_http_status(:not_found) let(:answer) { 25 }
let(:other_organisation) { FactoryBot.create(:organisation) }
let(:unauthorized_case_log) do
FactoryBot.create(
:case_log,
owning_organisation: other_organisation,
managing_organisation: other_organisation,
)
end
before do
post "/case-logs/#{unauthorized_case_log.id}/form", params: {}
end
it "does not let you post form answers to case logs you don't have access to" do
expect(response).to have_http_status(:not_found)
end
end end
end end
end end

Write Preview
Loading…
Cancel
Save