From e8a3055f56e090ab10bde02cf0b454ea444e6204 Mon Sep 17 00:00:00 2001 From: baarkerlounger Date: Thu, 31 Mar 2022 15:24:02 +0100 Subject: [PATCH] Allow data coordinators to change user roles --- app/views/users/edit.html.erb | 4 ++ app/views/users/show.html.erb | 6 ++- spec/requests/users_controller_spec.rb | 51 ++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 1 deletion(-) diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index 6582903d1..985dd4d6d 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -27,6 +27,10 @@ %> <% if current_user.data_coordinator? %> + <%= roles = User::ROLES.map { |key, _| OpenStruct.new(id: key, name: key.to_s.humanize) } + f.govuk_collection_radio_buttons :role, roles, :id, :name, legend: { text: "Role", size: "m" } + %> + <%= f.govuk_collection_radio_buttons :is_dpo, [OpenStruct.new(id: false, name: "No"), OpenStruct.new(id: true, name: "Yes")], :id, diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index 61a8c8c09..81265ba4b 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -42,7 +42,11 @@ <%= summary_list.row do |row| row.key { 'Role' } row.value { @user.role.humanize } - row.action() + if current_user.data_coordinator? + row.action(visually_hidden_text: "role", href: edit_user_path, html_attributes: { "data-qa": "role" }) + else + row.action() + end end %> <%= summary_list.row do |row| diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 3c06aef5f..717301e7b 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -121,6 +121,15 @@ RSpec.describe UsersController, type: :request do it "show the user details" do expect(page).to have_content("Your account") end + + it "allows changing name, email and password" do + expect(page).to have_link("Change", text: "name") + expect(page).to have_link("Change", text: "email address") + expect(page).to have_link("Change", text: "password") + expect(page).not_to have_link("Change", text: "role") + expect(page).not_to have_link("Change", text: "are you a data protection officer?") + expect(page).not_to have_link("Change", text: "are you a key contact?") + end end context "when the current user does not matches the user ID" do @@ -149,6 +158,14 @@ RSpec.describe UsersController, type: :request do it "show the edit personal details page" do expect(page).to have_content("Change your personal details") end + + it "has fields for name and email" do + expect(page).to have_field("user[name]") + expect(page).to have_field("user[email]") + expect(page).not_to have_field("user[role]") + expect(page).not_to have_field("user[is_dpo]") + expect(page).not_to have_field("user[is_key_contact]") + end end context "when the current user does not matches the user ID" do @@ -308,6 +325,15 @@ RSpec.describe UsersController, type: :request do it "show the user details" do expect(page).to have_content("Your account") end + + it "allows changing name, email, password, role, dpo and key contact" do + expect(page).to have_link("Change", text: "name") + expect(page).to have_link("Change", text: "email address") + expect(page).to have_link("Change", text: "password") + expect(page).to have_link("Change", text: "role") + expect(page).to have_link("Change", text: "are you a data protection officer?") + expect(page).to have_link("Change", text: "are you a key contact?") + end end context "when the current user does not matches the user ID" do @@ -324,6 +350,15 @@ RSpec.describe UsersController, type: :request do it "shows the user details page" do expect(page).to have_content("#{other_user.name}’s account") end + + it "allows changing name, email, role, dpo and key contact" do + expect(page).to have_link("Change", text: "name") + expect(page).to have_link("Change", text: "email address") + expect(page).not_to have_link("Change", text: "password") + expect(page).to have_link("Change", text: "role") + expect(page).to have_link("Change", text: "are they a data protection officer?") + expect(page).to have_link("Change", text: "are they a key contact?") + end end context "when the user is not part of the same organisation as the current user" do @@ -350,6 +385,14 @@ RSpec.describe UsersController, type: :request do it "show the edit personal details page" do expect(page).to have_content("Change your personal details") end + + it "has fields for name, email, role, dpo and key contact" do + expect(page).to have_field("user[name]") + expect(page).to have_field("user[email]") + expect(page).to have_field("user[role]") + expect(page).to have_field("user[is_dpo]") + expect(page).to have_field("user[is_key_contact]") + end end context "when the current user does not matches the user ID" do @@ -366,6 +409,14 @@ RSpec.describe UsersController, type: :request do it "shows the user details page" do expect(page).to have_content("Change #{other_user.name}’s personal details") end + + it "has fields for name, email, role, dpo and key contact" do + expect(page).to have_field("user[name]") + expect(page).to have_field("user[email]") + expect(page).to have_field("user[role]") + expect(page).to have_field("user[is_dpo]") + expect(page).to have_field("user[is_key_contact]") + end end context "when the user is not part of the same organisation as the current user" do