Add assigned_(users|categories)_only functionality

Users with assigned_categories_only will only see staff features on a report page in their assigned categories. Users will only see staff features on a report page in a category with assigned_users_only if it is in their assigned categories.
author: Matthew Somerville <matthew@mysociety.org> 2020-04-15 19:12:31 +0100
committer: Matthew Somerville <matthew@mysociety.org> 2020-05-08 08:35:42 +0100
commit: ecc5a7b9ca20418f1bdb45cdc3ce5b41a11f3593 (patch)
tree: 32e1397d2f156d735a822775f9880610e7cce34f /t/app/controller
parent: 7d395d5ca8049a904473e90957115ce675e57db7 (diff)
3 files changed, 68 insertions, 4 deletions
diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index d3e4074f9..883386380 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -261,6 +261,16 @@ subtest 'open311 protection editing' => sub {
     is $contact->get_extra_metadata('open311_protect'), 1, 'Open311 protect flag set';
 };
 
+subtest 'test assigned_users_only setting' => sub {
+    $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
+    $mech->submit_form_ok( { with_fields => {
+        assigned_users_only => 1,
+    } } );
+    $mech->content_contains('Values updated');
+    my $contact = $body->contacts->find({ category => 'test category' });
+    is $contact->get_extra_metadata('assigned_users_only'), 1;
+};
+
 subtest 'updates disabling' => sub {
     $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
     $mech->submit_form_ok( { with_fields => {
diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index 4f0298103..bc8d28e2d 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -299,6 +299,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -320,6 +321,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -341,6 +343,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -365,6 +368,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
@@ -385,6 +389,7 @@ FixMyStreet::override_config {
                 flagged => 'on',
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
@@ -394,7 +399,7 @@ FixMyStreet::override_config {
             log_entries => [qw/edit edit edit edit/],
         },
         {
-            desc => 'edit user add is_superuser',
+            desc => 'edit user add is_superuser and assigned_categories_only',
             fields => {
                 name => 'Changed User',
                 email => 'changed@example.com',
@@ -405,10 +410,12 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
                 is_superuser => 'on',
+                assigned_categories_only => 'on',
             },
             removed => [
                 keys %default_perms,
@@ -428,6 +435,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => 'on',
                 area_ids => undef,
+                assigned_categories_only => 'on',
             },
             changes => {
                 is_superuser => undef,
diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index 8deb2667e..2852f8d18 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -822,7 +822,53 @@ FixMyStreet::override_config {
     };
 };
 
+FixMyStreet::override_config {
+    MAPIT_URL => 'http://mapit.uk/',
+    ALLOWED_COBRANDS => 'oxfordshire',
+}, sub {
+    subtest 'test relevant staff user display' => sub {
+        $user->user_body_permissions->create({ body => $oxon, permission_type => 'planned_reports' });
+        $user->user_body_permissions->create({ body => $oxon, permission_type => 'moderate' });
+        $mech->log_in_ok('body@example.com');
 
-END {
-    done_testing();
-}
+        # First, check user can see staff things on reports 2 and 3
+        $mech->get_ok("/report/$report2_id");
+        $mech->content_contains('<select class="form-control" name="state"  id="state">');
+        $mech->content_contains('<div class="inspect-section">');
+        $mech->get_ok("/report/$report3_id");
+        $mech->content_contains('<select class="form-control" name="state"  id="state">');
+        $mech->content_contains('<div class="inspect-section">');
+
+        # User's categories are ["Cows"], which is currently report 2
+        # So should be able to see staff things on 2, but no longer on 3
+        $user->set_extra_metadata(assigned_categories_only => 1);
+        $user->update;
+        $mech->get_ok("/report/$report2_id");
+        $mech->content_contains('<select class="form-control" name="state"  id="state">');
+        $mech->content_contains('<div class="inspect-section">');
+        $mech->get_ok("/report/$report3_id");
+        $mech->content_lacks('<select class="form-control" name="state"  id="state">');
+        $mech->content_lacks('<div class="inspect-section">');
+        $mech->content_lacks('Moderate this report');
+        $mech->content_lacks('shortlist');
+        $user->unset_extra_metadata('assigned_categories_only');
+        $user->update;
+
+        # Contact 2 is "Sheep", which is currently report 3
+        # So again, should be able to see staff things on 2, but no longer on 3
+        $contact2->set_extra_metadata(assigned_users_only => 1);
+        $contact2->update;
+        $mech->get_ok("/report/$report2_id");
+        $mech->content_contains('<select class="form-control" name="state"  id="state">');
+        $mech->content_contains('<div class="inspect-section">');
+        $mech->get_ok("/report/$report3_id");
+        $mech->content_lacks('<select class="form-control" name="state"  id="state">');
+        $mech->content_lacks('<div class="inspect-section">');
+        $mech->content_lacks('Moderate this report');
+        $mech->content_lacks('shortlist');
+        $contact2->unset_extra_metadata('assigned_users_only');
+        $contact2->update;
+    };
+};
+
+done_testing();
author	Matthew Somerville <matthew@mysociety.org>	2020-04-15 19:12:31 +0100
committer	Matthew Somerville <matthew@mysociety.org>	2020-05-08 08:35:42 +0100
commit	ecc5a7b9ca20418f1bdb45cdc3ce5b41a11f3593 (patch)
tree	32e1397d2f156d735a822775f9880610e7cce34f /t/app/controller
parent	7d395d5ca8049a904473e90957115ce675e57db7 (diff)