baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Check answers access

pull/114/head
baarkerlounger 4 years ago
parent
ff312bed32
commit
fcffcbbc0d
2 changed files with 25 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      app/controllers/case_logs_controller.rb
  2. 17
      spec/requests/case_log_controller_spec.rb

12
app/controllers/case_logs_controller.rb
Unescape View File

@ -86,10 +86,14 @@ class CaseLogsController < ApplicationController
def check_answers def check_answers
form = FormHandler.instance.get_form("2021_2022") form = FormHandler.instance.get_form("2021_2022")
@case_log = CaseLog.find(params[:case_log_id]) @case_log = current_user.case_logs.find_by(id: params[:case_log_id])
current_url = request.env["PATH_INFO"] if @case_log
subsection = form.get_subsection(current_url.split("/")[-2]) current_url = request.env["PATH_INFO"]
render "form/check_answers", locals: { subsection: subsection, form: form } subsection = form.get_subsection(current_url.split("/")[-2])
render "form/check_answers", locals: { subsection: subsection, form: form }
else
render file: "#{Rails.root}/public/404.html", status: 404
end
end end
form = FormHandler.instance.get_form("2021_2022") form = FormHandler.instance.get_form("2021_2022")

17
spec/requests/case_log_controller_spec.rb
Unescape View File

@ -204,6 +204,8 @@ RSpec.describe CaseLogsController, type: :request do
end end
context "form pages" do context "form pages" do
let(:headers) { { "Accept" => "text/html" } }
context "case logs that are not owned or managed by your organisation" do context "case logs that are not owned or managed by your organisation" do
before do before do
sign_in user sign_in user
@ -215,6 +217,21 @@ RSpec.describe CaseLogsController, type: :request do
end end
end end
end end
context "check answers pages" do
let(:headers) { { "Accept" => "text/html" } }
context "case logs that are not owned or managed by your organisation" do
before do
sign_in user
get "/case_logs/#{unauthorized_case_log.id}/household_characteristics/check_answers", headers: headers, params: {}
end
it "does not show a check answers for case logs you don't have access to" do
expect(response).to have_http_status(:not_found)
end
end
end
end end
end end

Write Preview
Loading…
Cancel
Save