require "rails_helper" RSpec.describe OrganisationsController, type: :request do let(:organisation) { user.organisation } let!(:unauthorised_organisation) { FactoryBot.create(:organisation) } let(:headers) { { "Accept" => "text/html" } } let(:page) { Capybara::Node::Simple.new(response.body) } let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:new_value) { "Test Name 35" } let(:params) { { id: organisation.id, organisation: { name: new_value } } } context "when user is not signed in" do describe "#show" do it "does not let you see organisation details from org route" do get "/organisations/#{organisation.id}", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisation details from details route" do get "/organisations/#{organisation.id}/details", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisation users" do get "/organisations/#{organisation.id}/users", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisations list" do get "/organisations", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end it "does not let you see schemes list" do get "/organisations/#{organisation.id}/schemes", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end end end context "when user is signed in" do describe "#schemes" do context "when support user" do let(:user) { FactoryBot.create(:user, :support) } let!(:schemes) { FactoryBot.create_list(:scheme, 5) } let!(:same_org_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user get "/organisations/#{organisation.id}/schemes", headers:, params: {} end it "has page heading" do expect(page).to have_content("Schemes") end it "shows a search bar" do expect(page).to have_field("search", type: "search") end it "has hidden accebility field with description" do expected_field = "

Supported housing schemes

" expect(CGI.unescape_html(response.body)).to include(expected_field) end it "shows only schemes belonging to the same organisation" do expect(page).to have_content(same_org_scheme.id_to_display) schemes.each do |scheme| expect(page).not_to have_content(scheme.id_to_display) end end context "when searching" do let!(:searched_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:search_param) { searched_scheme.id } before do FactoryBot.create(:location, scheme: searched_scheme) allow(user).to receive(:need_two_factor_authentication?).and_return(false) get "/organisations/#{organisation.id}/schemes?search=#{search_param}" end it "returns matching results" do expect(page).to have_content(searched_scheme.id_to_display) schemes.each do |scheme| expect(page).not_to have_content(scheme.id_to_display) end end it "updates the table caption" do expect(page).to have_content("1 scheme found matching ‘#{search_param}’") end it "has search in the title" do expect(page).to have_title("#{user.organisation.name} (1 scheme matching ‘#{search_param}’) - Submit social housing lettings and sales data (CORE) - GOV.UK") end end end context "when data coordinator user" do let(:user) { FactoryBot.create(:user, :data_coordinator) } let!(:schemes) { FactoryBot.create_list(:scheme, 5) } let!(:same_org_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } before do sign_in user get "/organisations/#{organisation.id}/schemes", headers:, params: {} end it "has page heading" do expect(page).to have_content("Schemes") end it "shows a search bar" do expect(page).to have_field("search", type: "search") end it "has hidden accessibility field with description" do expected_field = "

Supported housing schemes

" expect(CGI.unescape_html(response.body)).to include(expected_field) end it "shows only schemes belonging to the same organisation" do expect(page).to have_content(same_org_scheme.id_to_display) schemes.each do |scheme| expect(page).not_to have_content(scheme.id_to_display) end end context "with schemes that are not in scope for the user, i.e. that they do not belong to" do let!(:unauthorised_organisation) { FactoryBot.create(:organisation) } before do get "/organisations/#{unauthorised_organisation.id}/schemes", headers:, params: {} end it "returns not found 404 from org details route" do expect(response).to have_http_status(:not_found) end end context "when searching" do let!(:searched_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:search_param) { searched_scheme.id_to_display } before do FactoryBot.create(:location, scheme: searched_scheme) get "/organisations/#{organisation.id}/schemes?search=#{search_param}" end it "returns matching results" do expect(page).to have_content(searched_scheme.id_to_display) schemes.each do |scheme| expect(page).not_to have_content(scheme.id_to_display) end end it "updates the table caption" do expect(page).to have_content("1 scheme found matching ‘#{search_param}’") end it "has search in the title" do expect(page).to have_title("Supported housing schemes (1 scheme matching ‘#{search_param}’) - Submit social housing lettings and sales data (CORE) - GOV.UK") end end end end describe "#show" do context "with an organisation that the user belongs to" do before do sign_in user get "/organisations/#{organisation.id}", headers:, params: {} end it "redirects to details" do expect(response).to have_http_status(:redirect) end end context "with an organisation that are not in scope for the user, i.e. that they do not belong to" do before do sign_in user get "/organisations/#{unauthorised_organisation.id}", headers:, params: {} end it "returns not found 404 from org route" do expect(response).to have_http_status(:not_found) end it "shows the 404 view" do expect(page).to have_content("Page not found") end end end context "with a data coordinator user" do before do sign_in user end context "when we access the details tab" do context "with an organisation that the user belongs to" do before do get "/organisations/#{organisation.id}/details", headers:, params: {} end it "shows the tab navigation" do expected_html = "