require "rails_helper" RSpec.describe OrganisationsController, type: :request do let(:organisation) { user.organisation } let!(:unauthorised_organisation) { FactoryBot.create(:organisation) } let(:headers) { { "Accept" => "text/html" } } let(:page) { Capybara::Node::Simple.new(response.body) } let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:new_value) { "Test Name 35" } let(:params) { { id: organisation.id, organisation: { name: new_value } } } context "when user is not signed in" do describe "#show" do it "does not let you see organisation details from org route" do get "/organisations/#{organisation.id}", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisation details from details route" do get "/organisations/#{organisation.id}/details", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisation users" do get "/organisations/#{organisation.id}/users", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisations list" do get "/organisations", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end it "does not let you see schemes list" do get "/organisations/#{organisation.id}/schemes", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end end end context "when user is signed in" do describe "#schemes" do context "when support user" do let(:user) { FactoryBot.create(:user, :support) } let!(:schemes) { FactoryBot.create_list(:scheme, 5) } let!(:same_org_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user get "/organisations/#{organisation.id}/schemes", headers:, params: {} end it "has page heading" do expect(page).to have_content("Schemes") end it "shows a search bar" do expect(page).to have_field("search", type: "search") end it "has hidden accessibility field with description" do expected_field = "" expect(CGI.unescape_html(response.body)).to include(expected_field) end it "shows only schemes belonging to the same organisation" do expect(page).to have_content(same_org_scheme.id_to_display) schemes.each do |scheme| expect(page).not_to have_content(scheme.id_to_display) end end context "when searching" do let!(:searched_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:search_param) { searched_scheme.id } before do FactoryBot.create(:location, scheme: searched_scheme) allow(user).to receive(:need_two_factor_authentication?).and_return(false) get "/organisations/#{organisation.id}/schemes?search=#{search_param}" end it "returns matching results" do expect(page).to have_content(searched_scheme.id_to_display) schemes.each do |scheme| expect(page).not_to have_content(scheme.id_to_display) end end it "updates the table caption" do expect(page).to have_content("1 scheme found matching ‘#{search_param}’") end it "has search in the title" do expect(page).to have_title("#{user.organisation.name} (1 scheme matching ‘#{search_param}’) - Submit social housing lettings and sales data (CORE) - GOV.UK") end end end context "when data coordinator user" do let(:user) { FactoryBot.create(:user, :data_coordinator) } let!(:schemes) { FactoryBot.create_list(:scheme, 5) } let!(:same_org_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } before do sign_in user get "/organisations/#{organisation.id}/schemes", headers:, params: {} end it "has page heading" do expect(page).to have_content("Schemes") end it "shows a search bar" do expect(page).to have_field("search", type: "search") end it "shows only schemes belonging to the same organisation" do expect(page).to have_content(same_org_scheme.id_to_display) schemes.each do |scheme| expect(page).not_to have_content(scheme.id_to_display) end end it "shows incomplete schemes at the top" do schemes[0].update!(confirmed: nil, owning_organisation: user.organisation) schemes[2].update!(confirmed: false, owning_organisation: user.organisation) schemes[4].update!(confirmed: false, owning_organisation: user.organisation) get "/organisations/#{organisation.id}/schemes", headers:, params: {} expect(page.all(".govuk-tag")[1].text).to eq("Incomplete") expect(page.all(".govuk-tag")[2].text).to eq("Incomplete") expect(page.all(".govuk-tag")[3].text).to eq("Incomplete") end context "with schemes that are not in scope for the user, i.e. that they do not belong to" do let!(:unauthorised_organisation) { FactoryBot.create(:organisation) } before do get "/organisations/#{unauthorised_organisation.id}/schemes", headers:, params: {} end it "returns not found 404 from org details route" do expect(response).to have_http_status(:not_found) end end context "when searching" do let!(:searched_scheme) { FactoryBot.create(:scheme, owning_organisation: user.organisation) } let(:search_param) { searched_scheme.id_to_display } before do FactoryBot.create(:location, scheme: searched_scheme) get "/organisations/#{organisation.id}/schemes?search=#{search_param}" end it "returns matching results" do expect(page).to have_content(searched_scheme.id_to_display) schemes.each do |scheme| expect(page).not_to have_content(scheme.id_to_display) end end it "updates the table caption" do expect(page).to have_content("1 scheme found matching ‘#{search_param}’") end it "has search in the title" do expect(page).to have_title("Supported housing schemes (1 scheme matching ‘#{search_param}’) - Submit social housing lettings and sales data (CORE) - GOV.UK") end end end end describe "#show" do context "with an organisation that the user belongs to" do before do sign_in user get "/organisations/#{organisation.id}", headers:, params: {} end it "redirects to details" do expect(response).to have_http_status(:redirect) end end context "with an organisation that are not in scope for the user, i.e. that they do not belong to" do before do sign_in user get "/organisations/#{unauthorised_organisation.id}", headers:, params: {} end it "returns not found 404 from org route" do expect(response).to have_http_status(:not_found) end it "shows the 404 view" do expect(page).to have_content("Page not found") end end end context "with a data coordinator user" do before do sign_in user end context "when we access the details tab" do context "with an organisation that the user belongs to" do before do get "/organisations/#{organisation.id}/details", headers:, params: {} end it "shows the tab navigation" do expected_html = "

User #{user.email}" unauthorized_case_row_log = "#{other_org_user.email}" expect(CGI.unescape_html(response.body)).to include(expected_case_row_log) expect(CGI.unescape_html(response.body)).not_to include(unauthorized_case_row_log) end it "shows only active users in the current user's organisation" do expect(page).to have_content(user.name) expect(page).to have_content(other_user.name) expect(page).to have_content(inactive_user.name) expect(page).not_to have_content(other_org_user.name) end it "shows the pagination count" do expect(page).to have_content("3 total users") end end context "with an organisation that are not in scope for the user, i.e. that they do not belong to" do before do get "/organisations/#{unauthorised_organisation.id}/users", headers:, params: {} end it "returns not found 404 from users page" do expect(response).to have_http_status(:not_found) end end end describe "#edit" do context "with an organisation that the user belongs to" do before do get "/organisations/#{organisation.id}/edit", headers:, params: {} end it "shows an edit form" do expect(response.body).to include("Change #{organisation.name}’s details") expect(page).to have_field("organisation-name-field") expect(page).to have_field("organisation-phone-field") end end context "with an organisation that the user does not belong to" do before do get "/organisations/#{unauthorised_organisation.id}/edit", headers:, params: {} end it "returns a 404 not found" do expect(response).to have_http_status(:not_found) end it "shows the 404 view" do expect(page).to have_content("Page not found") end end end describe "#update" do context "with an organisation that the user belongs to" do before do patch "/organisations/#{organisation.id}", headers:, params: end it "updates the org" do organisation.reload expect(organisation.name).to eq(new_value) end it "redirects to the organisation details page" do expect(response).to redirect_to("/organisations/#{organisation.id}/details") end it "shows a success banner" do follow_redirect! expect(page).to have_css(".govuk-notification-banner.govuk-notification-banner--success") end it "tracks who updated the record" do organisation.reload whodunnit_actor = organisation.versions.last.actor expect(whodunnit_actor).to be_a(User) expect(whodunnit_actor.id).to eq(user.id) end end context "with an organisation that the user does not belong to" do before do patch "/organisations/#{unauthorised_organisation.id}", headers:, params: {} end it "returns a 404 not found" do expect(response).to have_http_status(:not_found) end end end context "when viewing logs for other organisation" do it "does not display the lettings logs" do get "/organisations/#{unauthorised_organisation.id}/lettings-logs", headers:, params: {} expect(response).to have_http_status(:unauthorized) end it "prevents CSV download" do expect { post "/organisations/#{unauthorised_organisation.id}/logs/email-csv", headers:, params: {} }.not_to enqueue_job(EmailCsvJob) expect(response).to have_http_status(:unauthorized) end end context "when viewing logs for your organisation" do it "does not display the logs" do get "/organisations/#{organisation.id}/lettings-logs", headers:, params: {} expect(response).to have_http_status(:unauthorized) end it "prevents CSV download" do expect { post "/organisations/#{organisation.id}/logs/email-csv", headers:, params: {} }.not_to enqueue_job(EmailCsvJob) expect(response).to have_http_status(:unauthorized) end end describe "#index" do before do get "/organisations", headers:, params: end it "redirects to the user's organisation" do expect(response).to redirect_to("/organisations/#{user.organisation.id}") end end describe "#new" do let(:request) { get "/organisations/new", headers:, params: } it "returns 401 unauthorized" do request expect(response).to have_http_status(:unauthorized) end end describe "#create" do let(:params) do { "organisation": { name: "new organisation", address_line1: "12 Random Street", address_line2: "Manchester", postcode: "MD1 5TR", phone: "011101101", provider_type: "LA", holds_own_stock: "true", housing_registration_no: "7917937", }, } end let(:request) { post "/organisations", headers:, params: } it "returns 401 unauthorized" do request expect(response).to have_http_status(:unauthorized) end it "does not create an organisation" do expect { request }.not_to change(Organisation, :count) end end end context "with a data provider user" do let(:user) { FactoryBot.create(:user) } before do sign_in user end context "when accessing the details tab" do context "with an organisation that the user belongs to" do before do get "/organisations/#{organisation.id}/details", headers:, params: {} end it "shows the tab navigation" do expected_html = "

1 to 20 of #{total_organisations_count} organisations") end it "has pagination in the title" do expect(page).to have_title("Organisations (page 1 of 2)") end end context "when on the second page" do before do get "/organisations?page=2", headers:, params: {} end it "shows the total organisations count" do expect(CGI.unescape_html(response.body)).to match("#{total_organisations_count} total organisations") end it "has pagination links" do expect(page).to have_content("Previous") expect(page).to have_link("Previous") expect(page).not_to have_content("Next") expect(page).not_to have_link("Next") end it "shows which logs are being shown on the current page" do expect(CGI.unescape_html(response.body)).to match("Showing 21 to #{total_organisations_count} of #{total_organisations_count} organisations") end it "has pagination in the title" do expect(page).to have_title("Organisations (page 2 of 2)") end end context "when searching" do let!(:searched_organisation) { FactoryBot.create(:organisation, name: "Unusual name") } let!(:other_organisation) { FactoryBot.create(:organisation, name: "Some other name") } let(:search_param) { "Unusual" } before do get "/organisations?search=#{search_param}" end it "returns matching results" do expect(page).to have_content(searched_organisation.name) expect(page).not_to have_content(other_organisation.name) end it "updates the table caption" do expect(page).to have_content("1 organisations found matching ‘#{search_param}’") end it "has search in the title" do expect(page).to have_title("Organisations (1 organisations matching ‘#{search_param}’) - Submit social housing lettings and sales data (CORE) - GOV.UK") end context "when the search term matches more than 1 result" do let(:search_param) { "name" } it "returns matching results" do expect(page).to have_content(searched_organisation.name) expect(page).to have_content(other_organisation.name) end it "updates the table caption" do expect(page).to have_content("2 organisations found matching ‘#{search_param}’") end it "has search in the title" do expect(page).to have_title("Organisations (2 organisations matching ‘#{search_param}’) - Submit social housing lettings and sales data (CORE) - GOV.UK") end end context "when search results require pagination" do let(:search_param) { "DLUHC" } it "has search and pagination in the title" do expect(page).to have_title("Organisations (27 organisations matching ‘#{search_param}’) (page 1 of 2) - Submit social housing lettings and sales data (CORE) - GOV.UK") end end end end end describe "#create" do let(:name) { " Unique new org name" } let(:address_line1) { "12 Random Street" } let(:address_line2) { "Manchester" } let(:postcode) { "MD1 5TR" } let(:phone) { "011101101" } let(:provider_type) { "LA" } let(:holds_own_stock) { "true" } let(:housing_registration_no) { "7917937" } let(:params) do { "organisation": { name:, address_line1:, address_line2:, postcode:, phone:, provider_type:, holds_own_stock:, housing_registration_no:, }, } end let(:request) { post "/organisations", headers:, params: } it "creates a new organisation" do expect { request }.to change(Organisation, :count).by(1) end it "sets the organisation attributes correctly" do request organisation = Organisation.find_by(housing_registration_no:) expect(organisation.name).to eq("Unique new org name") expect(organisation.address_line1).to eq(address_line1) expect(organisation.address_line2).to eq(address_line2) expect(organisation.postcode).to eq(postcode) expect(organisation.phone).to eq(phone) expect(organisation.holds_own_stock).to be true end it "redirects to the organisation list" do request expect(response).to redirect_to("/organisations") end context "when required params are missing" do let(:name) { "" } let(:provider_type) { "" } it "displays the form with an error message" do request expect(response).to have_http_status(:unprocessable_entity) expect(page).to have_content(I18n.t("validations.organisation.name_missing")) expect(page).to have_content(I18n.t("validations.organisation.provider_type_missing")) end end end end end context "when the user is a support user" do let(:user) { FactoryBot.create(:user, :support) } before do allow(user).to receive(:need_two_factor_authentication?).and_return(false) sign_in user end context "when they view the logs tab" do before do FactoryBot.create(:lettings_log, owning_organisation: organisation) get "/organisations/#{organisation.id}/lettings-logs" end it "has a CSV download button with the correct path if at least 1 log exists" do expect(page).to have_link("Download (CSV)", href: "/organisations/#{organisation.id}/logs/csv-download") end context "when you download the CSV" do let(:other_organisation) { FactoryBot.create(:organisation) } before do FactoryBot.create_list(:lettings_log, 2, owning_organisation: organisation) FactoryBot.create_list(:lettings_log, 2, owning_organisation: other_organisation) end it "only includes logs from that organisation" do get "/organisations/#{organisation.id}/logs/csv-download" expect(page).to have_text("You've selected 3 logs.") end it "provides the organisation to the mail job" do expect { post "/organisations/#{organisation.id}/logs/email-csv?status[]=completed", headers:, params: {} }.to enqueue_job(EmailCsvJob).with(user, nil, { "status" => %w[completed] }, false, organisation) end end end context "when they view the users tab" do before do get "/organisations/#{organisation.id}/users" end it "has a CSV download button with the correct path" do expect(page).to have_link("Download (CSV)", href: "/organisations/#{organisation.id}/users.csv") end context "when you download the CSV" do let(:headers) { { "Accept" => "text/csv" } } let(:other_organisation) { FactoryBot.create(:organisation) } before do FactoryBot.create_list(:user, 3, organisation:) FactoryBot.create_list(:user, 2, organisation: other_organisation) end it "only includes users from that organisation" do get "/organisations/#{other_organisation.id}/users", headers:, params: {} csv = CSV.parse(response.body) expect(csv.count).to eq(3) end end end end end