require "rails_helper" RSpec.describe SalesLogsController, type: :request do let(:user) { FactoryBot.create(:user) } let(:owning_organisation) { user.organisation } let(:api_username) { "test_user" } let(:api_password) { "test_password" } let(:basic_credentials) do ActionController::HttpAuthentication::Basic .encode_credentials(api_username, api_password) end let(:params) do { "owning_organisation_id": owning_organisation.id, "created_by_id": user.id, } end let(:headers) do { "Content-Type" => "application/json", "Accept" => "application/json", "Authorization" => basic_credentials, } end before do allow(ENV).to receive(:[]) allow(ENV).to receive(:[]).with("API_USER").and_return(api_username) allow(ENV).to receive(:[]).with("API_KEY").and_return(api_password) end describe "POST #create" do context "when API" do before do post "/sales-logs", headers:, params: params.to_json end it "returns http success" do expect(response).to have_http_status(:success) end it "returns a serialized sales log" do json_response = JSON.parse(response.body) expect(json_response.keys).to match_array(SalesLog.new.attributes.keys) end it "creates a sales log with the values passed" do json_response = JSON.parse(response.body) expect(json_response["owning_organisation_id"]).to eq(owning_organisation.id) expect(json_response["created_by_id"]).to eq(user.id) end context "with a request containing invalid credentials" do let(:basic_credentials) do ActionController::HttpAuthentication::Basic.encode_credentials(api_username, "Oops") end it "returns 401" do expect(response).to have_http_status(:unauthorized) end end context "with a request containing invalid json parameters" do let(:params) do { "saledate": Time.zone.today, "purchid": "1", "ownershipsch": 1, "type": 2, "jointpur": 1, "jointmore": 1, "beds": 2, "proptype": 2, } end before do post "/sales-logs", headers:, params: params.to_json end it "validates sales log parameters" do json_response = JSON.parse(response.body) expect(response).to have_http_status(:unprocessable_entity) expect(json_response["errors"]).to match_array([["beds", ["Number of bedrooms must be 1 if the property is a bedsit"]], ["proptype", ["Answer cannot be 'Bedsit' if the property has 2 or more bedrooms"]]]) end end end context "when UI" do let(:user) { FactoryBot.create(:user) } let(:headers) { { "Accept" => "text/html" } } before do RequestHelper.stub_http_requests sign_in user post "/sales-logs", headers: end it "tracks who created the record" do created_id = response.location.match(/[0-9]+/)[0] whodunnit_actor = SalesLog.find_by(id: created_id).versions.last.actor expect(whodunnit_actor).to be_a(User) expect(whodunnit_actor.id).to eq(user.id) end end end describe "GET" do let(:page) { Capybara::Node::Simple.new(response.body) } let(:user) { FactoryBot.create(:user) } let(:organisation) { user.organisation } let(:other_organisation) { FactoryBot.create(:organisation) } let(:purchaser_code) { "coop123" } let!(:sales_log) do FactoryBot.create( :sales_log, purchid: purchaser_code, owning_organisation: organisation, ) end let!(:unauthorized_sales_log) do FactoryBot.create( :sales_log, owning_organisation: other_organisation, ) end context "when displaying a collection of logs" do let(:headers) { { "Accept" => "text/html" } } context "when the user is a customer support user" do let(:user) { FactoryBot.create(:user, :support) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end it "does have organisation values" do get "/sales-logs", headers: headers, params: {} expect(page).to have_content("Owned by") expect(page).not_to have_content("Managed by") end it "shows sales logs for all organisations" do get "/sales-logs", headers: headers, params: {} expect(page).to have_content(organisation.name) expect(page).to have_content(other_organisation.name) end it "shows a link for labelled CSV download of logs" do get "/sales-logs", headers: headers, params: {} expect(page).to have_link("Download (CSV)", href: "/sales-logs/csv-download?codes_only=false") end it "shows a link for codes only CSV download of logs" do get "/sales-logs", headers: headers, params: {} expect(page).to have_link("Download (CSV, codes only)", href: "/sales-logs/csv-download?codes_only=true") end context "when there are no logs in the database" do before do SalesLog.destroy_all end it "page has correct title" do get "/sales-logs", headers: headers, params: {} expect(page).to have_title("Logs - Submit social housing lettings and sales data (CORE) - GOV.UK") end it "does not show CSV download links" do get "/sales-logs", headers: headers, params: {} expect(page).not_to have_link("Download (CSV)") expect(page).not_to have_link("Download (CSV, codes only)") end end context "and the state of filters and search is such that display_delete_logs returns true" do before do allow_any_instance_of(LogListHelper).to receive(:display_delete_logs?).and_return(true) # rubocop:disable RSpec/AnyInstance end it "displays the delete logs button with the correct path if there are logs visibile" do get sales_logs_path(search: purchaser_code) expect(page).to have_link "Delete logs", href: delete_logs_sales_logs_path(search: purchaser_code) end it "does not display the delete logs button if there are no logs displayed" do SalesLog.destroy_all get sales_logs_path(search: "gibberish_e9o87tvbyc4875g") expect(page).not_to have_selector "article.app-log-summary" expect(page).not_to have_link "Delete logs" end end context "and the state of filters and search is such that display_delete_logs returns false" do before do allow_any_instance_of(LogListHelper).to receive(:display_delete_logs?).and_return(false) # rubocop:disable RSpec/AnyInstance end it "does not display the delete logs button even if there are logs displayed" do get sales_logs_path expect(page).to have_selector "article.app-log-summary" expect(page).not_to have_link "Delete logs" end end context "when there is a pending log" do let!(:invisible_log) do FactoryBot.create( :sales_log, owning_organisation: organisation, status: "pending", skip_update_status: true, ) end it "does not render pending logs" do get "/sales-logs", headers: headers, params: {} expect(page).not_to have_link(invisible_log.id, href: "sales-logs/#{invisible_log.id}") end end context "when filtering" do context "with status filter" do let(:organisation_2) { FactoryBot.create(:organisation) } let(:user_2) { FactoryBot.create(:user, organisation: organisation_2) } let!(:not_started_sales_log) do FactoryBot.create(:sales_log, owning_organisation: organisation, created_by: user) end let!(:completed_sales_log) do FactoryBot.create(:sales_log, :completed, owning_organisation: organisation_2, created_by: user_2) end it "shows sales logs for multiple selected statuses" do get "/sales-logs?status[]=not_started&status[]=completed", headers: headers, params: {} expect(page).to have_link(not_started_sales_log.id.to_s) expect(page).to have_link(completed_sales_log.id.to_s) end it "shows sales logs for one selected status" do get "/sales-logs?status[]=not_started", headers: headers, params: {} expect(page).to have_link(not_started_sales_log.id.to_s) expect(page).not_to have_link(completed_sales_log.id.to_s) end it "filters on organisation" do get "/sales-logs?organisation[]=#{organisation_2.id}", headers: headers, params: {} expect(page).to have_link(completed_sales_log.id.to_s) expect(page).not_to have_link(not_started_sales_log.id.to_s) end it "does not reset the filters" do get "/sales-logs?status[]=not_started", headers: headers, params: {} expect(page).to have_link(not_started_sales_log.id.to_s) expect(page).not_to have_link(completed_sales_log.id.to_s) get "/sales-logs", headers: headers, params: {} expect(page).to have_link(not_started_sales_log.id.to_s) expect(page).not_to have_link(completed_sales_log.id.to_s) end end context "with year filter" do around do |example| Timecop.freeze(2022, 12, 1) do example.run end Timecop.return end before do Timecop.freeze(2022, 4, 1) sales_log_2022.update!(saledate: Time.zone.local(2022, 4, 1)) Timecop.freeze(2023, 1, 1) sales_log_2022.update!(saledate: Time.zone.local(2023, 1, 1)) end after do Timecop.unfreeze end let!(:sales_log_2022) do FactoryBot.create(:sales_log, :completed, owning_organisation: organisation, created_by: user, saledate: Time.zone.today) end let!(:sales_log_2023) do FactoryBot.create(:sales_log, owning_organisation: organisation, created_by: user, saledate: Time.zone.today) end it "shows sales logs for multiple selected years" do get "/sales-logs?years[]=2021&years[]=2022", headers: headers, params: {} expect(page).to have_link(sales_log_2022.id.to_s) expect(page).to have_link(sales_log_2023.id.to_s) end it "shows sales logs for one selected year" do get "/sales-logs?years[]=2022", headers: headers, params: {} expect(page).to have_link(sales_log_2022.id.to_s) expect(page).to have_link(sales_log_2023.id.to_s) end end context "with year and status filter" do around do |example| Timecop.freeze(2022, 12, 1) do example.run end Timecop.return end before do Timecop.freeze(2022, 4, 1) sales_log_2022.update!(saledate: Time.zone.local(2022, 4, 1)) Timecop.freeze(2023, 1, 1) sales_log_2022.update!(saledate: Time.zone.local(2023, 1, 1)) end after do Timecop.unfreeze end let!(:sales_log_2022) do FactoryBot.create(:sales_log, :completed, owning_organisation: organisation, created_by: user, saledate: Time.zone.today) end let!(:sales_log_2023) do FactoryBot.create(:sales_log, owning_organisation: organisation, created_by: user, saledate: Time.zone.today) end it "shows sales logs for multiple selected statuses and years" do get "/sales-logs?years[]=2021&years[]=2022&status[]=in_progress&status[]=completed", headers: headers, params: {} expect(page).to have_link(sales_log_2022.id.to_s) expect(page).to have_link(sales_log_2023.id.to_s) end end end end context "when the user is not a customer support user" do before do sign_in user end it "does not have organisation columns" do get "/sales-logs", headers: headers, params: {} expect(page).not_to have_content("Owning organisation") expect(page).not_to have_content("Managing organisation") end it "displays standard CSV download link only, with the correct path" do get "/sales-logs", headers:, params: {} expect(page).to have_link("Download (CSV)", href: "/sales-logs/csv-download?codes_only=false") expect(page).not_to have_link("Download (CSV, codes only)") end it "does not display CSV download links if there are no logs" do SalesLog.destroy_all get "/sales-logs", headers:, params: {} expect(page).not_to have_link("Download (CSV)") expect(page).not_to have_link("Download (CSV, codes only)") end context "when using a search query" do let(:logs) { FactoryBot.create_list(:sales_log, 3, :completed, owning_organisation: user.organisation, created_by: user) } let(:log_to_search) { FactoryBot.create(:sales_log, :completed, owning_organisation: user.organisation, created_by: user) } let(:log_total_count) { SalesLog.where(owning_organisation: user.organisation).count } it "has search results in the title" do get "/sales-logs?search=#{log_to_search.id}", headers: headers, params: {} expect(page).to have_title("Logs (1 logs matching ‘#{log_to_search.id}’) - Submit social housing lettings and sales data (CORE) - GOV.UK") end it "shows sales logs matching the id" do get "/sales-logs?search=#{log_to_search.id}", headers: headers, params: {} expect(page).to have_link(log_to_search.id.to_s) logs.each do |log| expect(page).not_to have_link(log.id.to_s) end end it "displays the labelled CSV download link, with the search included in the query params" do get "/sales-logs?search=#{log_to_search.id}", headers:, params: {} download_link = page.find_link("Download (CSV)") download_link_params = CGI.parse(URI.parse(download_link[:href]).query) expect(download_link_params).to include("search" => [log_to_search.id.to_s]) end context "when search query doesn't match any logs" do it "doesn't display any logs" do get "/sales-logs?search=foobar", headers:, params: {} logs.each do |log| expect(page).not_to have_link(log.id.to_s) end expect(page).not_to have_link(log_to_search.id.to_s) end end context "when search query is empty" do it "doesn't display any logs" do get "/sales-logs?search=", headers:, params: {} logs.each do |log| expect(page).not_to have_link(log.id.to_s) end expect(page).not_to have_link(log_to_search.id.to_s) end end context "when search and filter is present" do let(:matching_status) { "completed" } let!(:log_matching_filter_and_search) { FactoryBot.create(:sales_log, :completed, owning_organisation: user.organisation, created_by: user) } let(:matching_id) { log_matching_filter_and_search.id } it "shows only logs matching both search and filters" do get "/sales-logs?search=#{matching_id}&status[]=#{matching_status}", headers: headers, params: {} expect(page).to have_link(log_matching_filter_and_search.id.to_s) expect(page).not_to have_link(log_to_search.id.to_s) logs.each do |log| expect(page).not_to have_link(log.id.to_s) end end end end context "when there are fewer than 20 logs" do before do get "/sales-logs", headers:, params: {} end it "shows a table of logs" do expect(CGI.unescape_html(response.body)).to match(/
/) expect(CGI.unescape_html(response.body)).to match(/logs/) end it "only shows sales logs for your organisation" do expected_case_row_log = "Log #{sales_log.id}" unauthorized_case_row_log = "Log #{unauthorized_sales_log.id}" expect(CGI.unescape_html(response.body)).to include(expected_case_row_log) expect(CGI.unescape_html(response.body)).not_to include(unauthorized_case_row_log) end it "shows the formatted created at date for each log" do formatted_date = sales_log.created_at.to_formatted_s(:govuk_date) expect(CGI.unescape_html(response.body)).to include(formatted_date) end it "shows the log's status" do expect(CGI.unescape_html(response.body)).to include(sales_log.status.humanize) end it "shows the total log count" do expect(CGI.unescape_html(response.body)).to match("1 total logs") end it "does not show the pagination links" do expect(page).not_to have_link("Previous") expect(page).not_to have_link("Next") end it "does not show the pagination result line" do expect(CGI.unescape_html(response.body)).not_to match("Showing 1 to 20 of 26 logs") end it "does not have pagination in the title" do expect(page).to have_title("Logs - Submit social housing lettings and sales data (CORE) - GOV.UK") end it "does not show the organisation filter" do expect(page).not_to have_field("organisation-field") end end context "when there are more than 20 logs" do before do FactoryBot.create_list(:sales_log, 25, owning_organisation: organisation) end context "when on the first page" do before do get "/sales-logs", headers:, params: {} end it "has pagination links" do expect(page).not_to have_content("Previous") expect(page).not_to have_link("Previous") expect(page).to have_content("Next") expect(page).to have_link("Next") end it "shows which logs are being shown on the current page" do expect(CGI.unescape_html(response.body)).to match("Showing 1 to 20 of 26 logs") end it "has pagination in the title" do expect(page).to have_title("Logs (page 1 of 2) - Submit social housing lettings and sales data (CORE) - GOV.UK") end end context "when on the second page" do before do get "/sales-logs?page=2", headers:, params: {} end it "shows the total log count" do expect(CGI.unescape_html(response.body)).to match("26 total logs") end it "has pagination links" do expect(page).to have_content("Previous") expect(page).to have_link("Previous") expect(page).not_to have_content("Next") expect(page).not_to have_link("Next") end it "shows which logs are being shown on the current page" do expect(CGI.unescape_html(response.body)).to match("Showing 21 to 26 of 26 logs") end it "has pagination in the title" do expect(page).to have_title("Logs (page 2 of 2) - Submit social housing lettings and sales data (CORE) - GOV.UK") end end end end end context "when you visit the index page" do let(:headers) { { "Accept" => "text/html" } } let(:user) { FactoryBot.create(:user, :support) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end it "does not have a button for creating lettings logs" do get "/sales-logs", headers:, params: {} page.assert_selector(".govuk-button", text: "Create a new sales log", count: 1) page.assert_selector(".govuk-button", text: "Create a new lettings log", count: 0) end end context "when viewing a sales log" do let(:headers) { { "Accept" => "text/html" } } let(:completed_sales_log) { FactoryBot.create(:sales_log, :completed, owning_organisation: user.organisation, created_by: user) } before do sign_in user Timecop.freeze(2021, 4, 1) Singleton.__init__(FormHandler) completed_sales_log.update!(saledate: Time.zone.local(2021, 4, 1)) completed_sales_log.reload end context "with sales logs that are owned by your organisation" do before do get "/sales-logs/#{completed_sales_log.id}", headers:, params: {} end after do Timecop.return Singleton.__init__(FormHandler) end it "shows the tasklist for sales logs you have access to" do expect(response.body).to match("Log") expect(response.body).to match(completed_sales_log.id.to_s) end it "displays a link to update the log for currently editable logs" do completed_sales_log.update!(saledate: Time.zone.local(2021, 4, 1)) completed_sales_log.reload get "/sales-logs/#{completed_sales_log.id}", headers:, params: {} expect(completed_sales_log.form.new_logs_end_date).to eq(Time.zone.local(2022, 12, 31)) expect(completed_sales_log.status).to eq("completed") expect(page).to have_link("review and make changes to this log", href: "/sales-logs/#{completed_sales_log.id}/review?sales_log=true") end end context "with sales logs from a closed collection period before the previous collection" do before do sign_in user Timecop.return Singleton.__init__(FormHandler) get "/sales-logs/#{completed_sales_log.id}", headers:, params: {} end it "redirects to review page" do expect(response).to redirect_to("/sales-logs/#{completed_sales_log.id}/review?sales_log=true") end end context "with sales logs from a closed previous collection period" do before do sign_in user Timecop.freeze(2023, 2, 1) Singleton.__init__(FormHandler) get "/sales-logs/#{completed_sales_log.id}", headers:, params: {} end after do Timecop.return Singleton.__init__(FormHandler) end it "redirects to review page" do expect(response).to redirect_to("/sales-logs/#{completed_sales_log.id}/review?sales_log=true") end it "displays a closed collection window message for previous collection year logs" do get "/sales-logs/#{completed_sales_log.id}", headers:, params: {} expect(completed_sales_log.form.new_logs_end_date).to eq(Time.zone.local(2022, 12, 31)) expect(completed_sales_log.status).to eq("completed") follow_redirect! expect(page).to have_content("This log is from the 2021/2022 collection window, which is now closed.") end end end context "when requesting CSV download" do let(:headers) { { "Accept" => "text/html" } } let(:search_term) { "foot" } let(:codes_only) { false } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user get "/sales-logs/csv-download?search=#{search_term}&codes_only=#{codes_only}", headers: end it "returns http success" do expect(response).to have_http_status(:success) end it "shows a confirmation button" do expect(page).to have_button("Send email") end it "has a hidden field with the search term" do expect(page).to have_field("search", type: "hidden", with: search_term) end context "when user is not support" do context "and export type is not codes only" do it "has a hidden field with the export type" do expect(page).to have_field("codes_only", type: "hidden", with: codes_only) end end context "and export type is codes only" do let(:codes_only) { true } it "the user is not authorised" do expect(response).to have_http_status(:unauthorized) end end end context "when user is support" do let(:user) { FactoryBot.create(:user, :support) } context "and export type is not codes only" do it "has a hidden field with the export type" do expect(page).to have_field("codes_only", type: "hidden", with: codes_only) end end context "and export type is codes only" do let(:codes_only) { true } it "has a hidden field with the export type" do expect(page).to have_field("codes_only", type: "hidden", with: codes_only) end end end end context "when confirming the CSV email" do let(:headers) { { "Accept" => "text/html" } } it "confirms that the user will receive an email with the requested CSV" do sign_in user get "/sales-logs/csv-confirmation" expect(CGI.unescape_html(response.body)).to include("We’re sending you an email") end end end describe "POST #email-csv" do let(:other_organisation) { FactoryBot.create(:organisation) } let(:user) { FactoryBot.create(:user, :support) } let!(:sales_log) do FactoryBot.create( :sales_log, created_by: user, ) end before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user FactoryBot.create(:sales_log) FactoryBot.create(:sales_log, :completed, owning_organisation:, created_by: user) end it "creates an E-mail job with the correct log type" do expect { post "/sales-logs/email-csv?codes_only=true", headers:, params: {} }.to enqueue_job(EmailCsvJob).with(user, nil, {}, false, nil, true, "sales") end it "redirects to the confirmation page" do post "/sales-logs/email-csv?codes_only=true", headers:, params: {} expect(response).to redirect_to(csv_confirmation_sales_logs_path) end it "passes the search term" do expect { post "/sales-logs/email-csv?search=#{sales_log.id}&codes_only=false", headers:, params: {} }.to enqueue_job(EmailCsvJob).with(user, sales_log.id.to_s, {}, false, nil, false, "sales") end it "passes filter parameters" do expect { post "/sales-logs/email-csv?status[]=completed&codes_only=true", headers:, params: {} }.to enqueue_job(EmailCsvJob).with(user, nil, { "status" => %w[completed] }, false, nil, true, "sales") end it "passes export type flag" do expect { post "/sales-logs/email-csv?codes_only=true", headers:, params: {} }.to enqueue_job(EmailCsvJob).with(user, nil, {}, false, nil, true, "sales") expect { post "/sales-logs/email-csv?codes_only=false", headers:, params: {} }.to enqueue_job(EmailCsvJob).with(user, nil, {}, false, nil, false, "sales") end it "passes a combination of search term, export type and filter parameters" do postcode = "XX1 1TG" expect { post "/sales-logs/email-csv?status[]=completed&search=#{postcode}&codes_only=false", headers:, params: {} }.to enqueue_job(EmailCsvJob).with(user, postcode, { "status" => %w[completed] }, false, nil, false, "sales") end context "when the user is not a support user" do let(:user) { FactoryBot.create(:user, :data_coordinator) } it "has permission to download human readable csv" do codes_only_export = false expect { post "/sales-logs/email-csv?codes_only=#{codes_only_export}", headers:, params: {} }.to enqueue_job(EmailCsvJob).with(user, nil, {}, false, nil, false, "sales") end it "is not authorized to download codes only csv" do codes_only_export = true post "/sales-logs/email-csv?codes_only=#{codes_only_export}", headers:, params: {} expect(response).to have_http_status(:unauthorized) end end end describe "DELETE" do let(:headers) { { "Accept" => "text/html" } } let(:page) { Capybara::Node::Simple.new(response.body) } let(:user) { create(:user, :support) } let!(:sales_log) do create(:sales_log, :completed) end let(:id) { sales_log.id } let(:delete_request) { delete "/sales-logs/#{id}", headers: } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end context "when delete permitted" do it "redirects to sales logs and shows message" do delete_request expect(response).to redirect_to(sales_logs_path) follow_redirect! expect(page).to have_content("Log #{id} has been deleted") end it "marks the log as deleted" do expect { delete_request }.to change { sales_log.reload.status }.from("completed").to("deleted") end end context "when log does not exist" do let(:id) { -1 } it "returns 404" do delete_request expect(response).to have_http_status(:not_found) end end context "when user not authorised" do let(:user) { create(:user) } it "returns 404" do delete_request expect(response).to have_http_status(:unauthorized) end end end describe "GET delete-confirmation" do let(:headers) { { "Accept" => "text/html" } } let(:page) { Capybara::Node::Simple.new(response.body) } let(:user) { create(:user, :support) } let!(:sales_log) do create(:sales_log, :completed) end let(:id) { sales_log.id } let(:request) { get "/sales-logs/#{id}/delete-confirmation", headers: } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end context "when delete permitted" do it "renders page" do request expect(response).to have_http_status(:ok) expect(page).to have_content("Are you sure you want to delete this log?") expect(page).to have_button(text: "Delete this log") expect(page).to have_link(text: "Cancel", href: sales_log_path(id)) end end context "when log does not exist" do let(:id) { -1 } it "returns 404" do request expect(response).to have_http_status(:not_found) end end context "when user not authorised" do let(:user) { create(:user) } it "returns 404" do request expect(response).to have_http_status(:unauthorized) end end end end