Merge pull request #1704 from DFE-Digital/feature/168448-dao-revocati…

…on-authorisation (168448) DAO revoked projects cannot be edited
DFE-Digital · Jun 27, 2024 · 3eca88b · 3eca88b
2 parents 97224e6 + 41ded4b
commit 3eca88b
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 76 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   transfer date only.
 - The pre conversion grants export includes a new column that shows the DAO
   revocation state of a project as applicable.
+- Once a project has it's DAO revoked, it can no longer be edited, except by
+  Service Support.
 
 ## [Release-76][release-76]
 

diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
@@ -3,115 +3,126 @@ class ProjectPolicy
 
   def initialize(user, project)
     @user = user
-    @record = project
+    @project = project
   end
 
   def index?
     true
   end
 
   def show?
-    return false if @record.deleted?
+    return false if @project.deleted?
 
     true
   end
 
-  def create?
+  def new?
     user.add_new_project?
   end
 
-  def edit?
-    return false if @record.deleted?
-    return true if @user.is_service_support?
-    return false if @record.completed?
-
-    true
+  def create?
+    new?
   end
 
-  def dao_revocation?
-    update?
+  def new_mat?
+    new?
   end
 
-  def check?
-    edit?
+  def create_mat?
+    new?
   end
 
-  def update_academy_urn?
-    edit?
-  end
+  def edit?
+    return false if @project.deleted?
 
-  def new?
-    create?
+    return true if @user.is_service_support?
+
+    return false if @project.completed?
+    return false if @project.dao_revoked?
+
+    project_assigned_to_user?
   end
 
-  def new_mat?
-    new?
+  def update?
+    edit?
   end
 
-  def create_mat?
-    create?
+  def dao_revocation?
+    edit?
   end
 
-  def update?
-    return true if @user.is_service_support?
-    return false if @record.completed?
+  def check?
+    edit?
+  end
 
-    project_assigned_to_user?
+  def update_academy_urn?
+    edit?
   end
 
   def change_significant_date?
-    return true if @user.is_service_support?
-    return false if @record.significant_date_provisional?
+    return false if @project.significant_date_provisional?
 
-    project_assigned_to_user?
+    edit?
   end
 
   def change_conversion_date?
-    @record.is_a?(Conversion::Project) && change_significant_date?
+    change_significant_date?
   end
 
   def change_transfer_date?
-    @record.is_a?(Transfer::Project) && change_significant_date?
+    change_significant_date?
   end
 
   def new_note?
     return false unless @user.has_role?
+    return false if project_finished?
 
-    edit_project_closed?
+    true
   end
 
   def new_contact?
     return false unless @user.has_role?
+    return false if project_finished?
 
-    edit_project_closed?
+    true
   end
 
   def update_assigned_to?
-    edit_project_closed?
+    re_assignable?
   end
 
   def update_regional_delivery_officer?
-    edit_project_closed?
+    re_assignable?
   end
 
+  def delete?
+    @user.is_service_support?
+  end
+
+  # Unassigned action in Team::ProjectsController
   def unassigned?
     @user.manage_team?
   end
 
+  # Handed over action in Team::ProjectsController
   def handed_over?
     @user.team != "regional_casework_services"
   end
 
-  def delete?
-    @user.is_service_support?
+  private def project_assigned_to_user?
+    @project.assigned_to == @user
   end
 
-  private def project_assigned_to_user?
-    @record.assigned_to == @user
+  private def project_finished?
+    return true if @project.completed?
+    return true if @project.deleted?
+    return true if @project.dao_revoked?
+
+    false
   end
 
-  private def edit_project_closed?
-    return false if @record.completed?
+  private def re_assignable?
+    return false if project_finished?
 
     true
   end

diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
@@ -19,7 +19,7 @@
     end
   end
 
-  permissions :update? do
+  permissions :update?, :edit?, :check?, :update_academy_urn?, :dao_revocation? do
     it "grants access if project is assigned to the same user" do
       expect(subject).to permit(application_user, build(:conversion_project, assigned_to: application_user, conversion_date_provisional: false))
     end
@@ -44,25 +44,6 @@
       project = build(:conversion_project, :completed, assigned_to: application_user, conversion_date_provisional: false)
       expect(subject).not_to permit(application_user, project)
     end
-  end
-
-  permissions :edit?, :check?, :update_academy_urn? do
-    it "grants access if project is assigned to the same user" do
-      expect(subject).to permit(application_user, build(:conversion_project, assigned_to: application_user, conversion_date_provisional: false))
-    end
-
-    it "grants access if the project is assigned to another user" do
-      expect(subject).to permit(application_user, build(:conversion_project, assigned_to: build(:user), conversion_date_provisional: false))
-    end
-
-    it "grants access if project is assigned to nil" do
-      expect(subject).to permit(application_user, build(:conversion_project, assigned_to: nil, conversion_date_provisional: false))
-    end
-
-    it "denies access if the project is completed" do
-      project = build(:conversion_project, :completed, assigned_to: application_user, conversion_date_provisional: false)
-      expect(subject).not_to permit(application_user, project)
-    end
 
     it "denies access if the project is deleted" do
       project = build(:conversion_project, :deleted, assigned_to: application_user)
@@ -71,18 +52,23 @@
 
     context "when the user is service support" do
       it "grants access if the project is completed" do
-        project = build(:conversion_project, :completed, assigned_to: application_user, conversion_date_provisional: false)
+        project = build(:conversion_project, :completed)
+        expect(subject).to permit(service_support_user, project)
+      end
+
+      it "grants access if the project is dao revoked" do
+        project = build(:conversion_project, state: :dao_revoked)
         expect(subject).to permit(service_support_user, project)
       end
 
       it "denies access if the project is deleted" do
-        project = build(:conversion_project, :deleted, assigned_to: application_user)
+        project = build(:conversion_project, :deleted)
         expect(subject).not_to permit(service_support_user, project)
       end
     end
   end
 
-  permissions :change_conversion_date? do
+  permissions :change_conversion_date?, :change_transfer_date? do
     context "when the conversion date is not provisional" do
       it "grants access if project is assigned to the same user" do
         expect(subject).to permit(application_user, build(:conversion_project, assigned_to: application_user, conversion_date_provisional: false))
@@ -121,8 +107,8 @@
   end
 
   permissions :new_note?, :new_contact? do
-    it "grants access if project is not completed" do
-      project = build(:conversion_project, assigned_to: application_user)
+    it "grants access if project is active" do
+      project = build(:conversion_project, state: :active, assigned_to: application_user)
       expect(subject).to permit(application_user, project)
     end
 
@@ -131,6 +117,16 @@
       expect(subject).not_to permit(application_user, project)
     end
 
+    it "denies access if project has been dao revoked" do
+      project = build(:conversion_project, state: :dao_revoked, assigned_to: application_user)
+      expect(subject).not_to permit(application_user, project)
+    end
+
+    it "denies access if project is deleted" do
+      project = build(:conversion_project, state: :deleted, assigned_to: application_user)
+      expect(subject).not_to permit(application_user, project)
+    end
+
     it "denies access if the user has no role" do
       user = build(:user)
       project = build(:conversion_project)
@@ -177,19 +173,13 @@
     end
   end
 
-  permissions :new_mat?, :create_mat? do
+  permissions :new?, :create?, :new_mat?, :create_mat? do
     it "grants access if the user can add a new project" do
-      expect(subject).to permit(application_user, build(:conversion_project, assigned_to: application_user))
-    end
-  end
-
-  permissions :dao_revocation? do
-    it "grants access if the user is assigned to the project" do
-      expect(subject).to permit(application_user, build(:conversion_project, assigned_to: application_user))
+      expect(subject).to permit(application_user)
     end
 
-    it "denies access if the user is not assigned to the project" do
-      expect(subject).not_to permit(application_user, build(:conversion_project))
+    it "denies access if the user cannot add projects" do
+      expect(subject).not_to permit(create(:user))
     end
   end
 end