diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index 6582903d1..985dd4d6d 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -27,6 +27,10 @@
%>
<% if current_user.data_coordinator? %>
+ <%= roles = User::ROLES.map { |key, _| OpenStruct.new(id: key, name: key.to_s.humanize) }
+ f.govuk_collection_radio_buttons :role, roles, :id, :name, legend: { text: "Role", size: "m" }
+ %>
+
<%= f.govuk_collection_radio_buttons :is_dpo,
[OpenStruct.new(id: false, name: "No"), OpenStruct.new(id: true, name: "Yes")],
:id,
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 61a8c8c09..81265ba4b 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -42,7 +42,11 @@
<%= summary_list.row do |row|
row.key { 'Role' }
row.value { @user.role.humanize }
- row.action()
+ if current_user.data_coordinator?
+ row.action(visually_hidden_text: "role", href: edit_user_path, html_attributes: { "data-qa": "role" })
+ else
+ row.action()
+ end
end %>
<%= summary_list.row do |row|
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index 3c06aef5f..717301e7b 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -121,6 +121,15 @@ RSpec.describe UsersController, type: :request do
it "show the user details" do
expect(page).to have_content("Your account")
end
+
+ it "allows changing name, email and password" do
+ expect(page).to have_link("Change", text: "name")
+ expect(page).to have_link("Change", text: "email address")
+ expect(page).to have_link("Change", text: "password")
+ expect(page).not_to have_link("Change", text: "role")
+ expect(page).not_to have_link("Change", text: "are you a data protection officer?")
+ expect(page).not_to have_link("Change", text: "are you a key contact?")
+ end
end
context "when the current user does not matches the user ID" do
@@ -149,6 +158,14 @@ RSpec.describe UsersController, type: :request do
it "show the edit personal details page" do
expect(page).to have_content("Change your personal details")
end
+
+ it "has fields for name and email" do
+ expect(page).to have_field("user[name]")
+ expect(page).to have_field("user[email]")
+ expect(page).not_to have_field("user[role]")
+ expect(page).not_to have_field("user[is_dpo]")
+ expect(page).not_to have_field("user[is_key_contact]")
+ end
end
context "when the current user does not matches the user ID" do
@@ -308,6 +325,15 @@ RSpec.describe UsersController, type: :request do
it "show the user details" do
expect(page).to have_content("Your account")
end
+
+ it "allows changing name, email, password, role, dpo and key contact" do
+ expect(page).to have_link("Change", text: "name")
+ expect(page).to have_link("Change", text: "email address")
+ expect(page).to have_link("Change", text: "password")
+ expect(page).to have_link("Change", text: "role")
+ expect(page).to have_link("Change", text: "are you a data protection officer?")
+ expect(page).to have_link("Change", text: "are you a key contact?")
+ end
end
context "when the current user does not matches the user ID" do
@@ -324,6 +350,15 @@ RSpec.describe UsersController, type: :request do
it "shows the user details page" do
expect(page).to have_content("#{other_user.name}’s account")
end
+
+ it "allows changing name, email, role, dpo and key contact" do
+ expect(page).to have_link("Change", text: "name")
+ expect(page).to have_link("Change", text: "email address")
+ expect(page).not_to have_link("Change", text: "password")
+ expect(page).to have_link("Change", text: "role")
+ expect(page).to have_link("Change", text: "are they a data protection officer?")
+ expect(page).to have_link("Change", text: "are they a key contact?")
+ end
end
context "when the user is not part of the same organisation as the current user" do
@@ -350,6 +385,14 @@ RSpec.describe UsersController, type: :request do
it "show the edit personal details page" do
expect(page).to have_content("Change your personal details")
end
+
+ it "has fields for name, email, role, dpo and key contact" do
+ expect(page).to have_field("user[name]")
+ expect(page).to have_field("user[email]")
+ expect(page).to have_field("user[role]")
+ expect(page).to have_field("user[is_dpo]")
+ expect(page).to have_field("user[is_key_contact]")
+ end
end
context "when the current user does not matches the user ID" do
@@ -366,6 +409,14 @@ RSpec.describe UsersController, type: :request do
it "shows the user details page" do
expect(page).to have_content("Change #{other_user.name}’s personal details")
end
+
+ it "has fields for name, email, role, dpo and key contact" do
+ expect(page).to have_field("user[name]")
+ expect(page).to have_field("user[email]")
+ expect(page).to have_field("user[role]")
+ expect(page).to have_field("user[is_dpo]")
+ expect(page).to have_field("user[is_key_contact]")
+ end
end
context "when the user is not part of the same organisation as the current user" do