Release-157

CHANGELOG.md

@@ -4,6 +4,12 @@
 
 [Full changelog][unreleased]
 
+## Release 157 - 2024-12-16
+
+[Full changelog][157]
+
+- Dropdown switcher component for users with multiple organisations
+
 ## Release 156 - 2024-12-12
 
 [Full changelog][156]
@@ -1741,7 +1747,8 @@
 - Planned start and end dates are mandatory
 - Actual start and end dates must not be in the future
 
-[unreleased]: https://github.com/UKGovernmentBEIS/beis-report-official-development-assistance/compare/release-156...HEAD
+[unreleased]: https://github.com/UKGovernmentBEIS/beis-report-official-development-assistance/compare/release-157...HEAD
+[157]: https://github.com/UKGovernmentBEIS/beis-report-official-development-assistance/compare/release-156...release-157
 [156]: https://github.com/UKGovernmentBEIS/beis-report-official-development-assistance/compare/release-155...release-156
 [155]: https://github.com/UKGovernmentBEIS/beis-report-official-development-assistance/compare/release-154...release-155
 [154]: https://github.com/UKGovernmentBEIS/beis-report-official-development-assistance/compare/release-153...release-154

Gemfile.lock

@@ -71,7 +71,7 @@ GEM
       activerecord (>= 5.0, < 7.2)
       request_store (~> 1.2)
     aws-eventstream (1.3.0)
-    aws-partitions (1.1017.0)
+    aws-partitions (1.1022.0)
     aws-sdk-core (3.214.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
@@ -80,7 +80,7 @@ GEM
     aws-sdk-kms (1.96.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.176.0)
+    aws-sdk-s3 (1.176.1)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -155,10 +155,10 @@ GEM
       rotp (~> 6.0)
     diff-lcs (1.5.1)
     docile (1.4.0)
-    dotenv (2.8.1)
-    dotenv-rails (2.8.1)
-      dotenv (= 2.8.1)
-      railties (>= 3.2)
+    dotenv (3.1.6)
+    dotenv-rails (3.1.6)
+      dotenv (= 3.1.6)
+      railties (>= 6.1)
     encryptor (3.0.0)
     erubi (1.13.0)
     erubis (2.7.0)
@@ -285,14 +285,14 @@ GEM
     net-smtp (0.5.0)
       net-protocol
     nio4r (2.7.4)
-    nokogiri (1.16.8)
+    nokogiri (1.17.2)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.16.8-arm64-darwin)
+    nokogiri (1.17.2-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.8-x86_64-darwin)
+    nokogiri (1.17.2-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.8-x86_64-linux)
+    nokogiri (1.17.2-x86_64-linux)
       racc (~> 1.4)
     notifications-ruby-client (6.2.0)
       jwt (>= 1.5, < 3)
@@ -354,7 +354,7 @@ GEM
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.1)
+    rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
       nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
     rails-i18n (7.0.10)

app/controllers/application_controller.rb

@@ -2,8 +2,19 @@ class ApplicationController < ActionController::Base
   include Auth
   include Ip
 
+  before_action :set_organisation_list_and_current_organisation
+
   private
 
+  def set_organisation_list_and_current_organisation
+    return unless user_signed_in?
+
+    @organisation_list = current_user.all_organisations
+    if session[:current_user_organisation]
+      Current.user_organisation = session[:current_user_organisation]
+    end
+  end
+
   def add_breadcrumb(name, path, options = {})
     super(name, path, options.merge(title: name))
   end

app/controllers/users/organisation_session_controller.rb

@@ -0,0 +1,14 @@
+class Users::OrganisationSessionController < ApplicationController
+  include Secured
+
+  def update
+    desired_organisation_id = params[:current_user_organisation]
+
+    if desired_organisation_id
+      if current_user.all_organisations.pluck(:id).include?(desired_organisation_id)
+        session[:current_user_organisation] = desired_organisation_id
+      end
+    end
+    redirect_to current_user.service_owner? ? request.referer : root_path
+  end
+end

app/models/user.rb

@@ -38,6 +38,10 @@ def additional_organisations?
     additional_organisations.any?
   end
 
+  def current_organisation_id
+    Current.user_organisation || organisation.id
+  end
+
   def active_for_authentication?
     active
   end

app/views/layouts/application.html.haml

@@ -62,6 +62,9 @@
             = t("header.feedback.html")
 
       = render 'layouts/messages'
+
+      = render "shared/organisation_switcher"
+
       = breadcrumb_tags
 
       = yield

app/views/shared/_navigation.html.haml

@@ -9,8 +9,8 @@
       %li{ class: navigation_item_class(reports_path) }
         = link_to t("page_title.report.index"), reports_path, class: "govuk-header__link"
 
-      %li{ class: navigation_item_class(organisation_activities_path(organisation_id: current_user.organisation_id)) }
-        = link_to t("page_title.activity.index"), organisation_activities_path(organisation_id: current_user.organisation_id), class: "govuk-header__link"
+      %li{ class: navigation_item_class(organisation_activities_path(organisation_id: current_user.organisation.id)) }
+        = link_to t("page_title.activity.index"), organisation_activities_path(organisation_id: current_user.organisation.id), class: "govuk-header__link"
 
       - if policy(:level_b).budget_upload?
         %li{ class: navigation_item_class(new_level_b_budgets_upload_path) }
@@ -20,8 +20,8 @@
         %li{ class: navigation_item_class(exports_path) }
           = link_to t("page_title.export.index"), exports_path, class: "govuk-header__link"
       - elsif policy([:export, current_user.organisation]).show?
-        %li{ class: navigation_item_class(exports_organisation_path(id: current_user.organisation_id)) }
-          = link_to t("page_title.export.index"), exports_organisation_path(id: current_user.organisation_id), class: "govuk-header__link"
+        %li{ class: navigation_item_class(exports_organisation_path(id: current_user.organisation.id)) }
+          = link_to t("page_title.export.index"), exports_organisation_path(id: current_user.organisation.id), class: "govuk-header__link"
 
       - if policy(Organisation).index?
         %li{ class: navigation_item_class(organisations_path) }

app/views/shared/_organisation_switcher.html.haml

@@ -0,0 +1,7 @@
+- if authenticated? && current_user.additional_organisations?
+  .govuk-grid-row
+    .govuk-grid-column-full{:class => "govuk-!-padding-top-4"}
+      =form_with url: users_session_organisation_path, method: :patch do |form|
+        =form.label t("organisation_switcher.label"), class: "govuk-label", for: "current_user_organisation"
+        =form.select :current_user_organisation, options_for_select(@organisation_list.pluck(:name, :id), current_user.current_organisation_id), {}, class: "govuk-select"
+        =form.submit t("organisation_switcher.submit"), class: "govuk-button govuk-!-margin-bottom-1", "data-module": "govuk-button"

config/locales/views/organisation_switcher.en.yml

@@ -0,0 +1,5 @@
+---
+en:
+  organisation_switcher:
+    label: "Available organisations"
+    submit: "Set organisation" 

config/routes.rb

@@ -32,6 +32,10 @@
   resources :users, except: [:index]
   resources :activities, only: [:index]
 
+  namespace :users do
+    patch "session/organisation" => "organisation_session#update", :as => :session_organisation
+  end
+
   roles = %w[implementing_organisations partner_organisations matched_effort_providers external_income_providers]
   constraints role: /#{roles.join("|")}/ do
     get "organisations/(:role)", to: "organisations#index", defaults: {role: "partner_organisations"}, as: :organisations

spec/controllers/activities_controller_spec.rb

@@ -184,6 +184,7 @@
     before do
       allow(controller).to receive(:current_user).and_return(user)
       allow(ActivityPolicy).to receive(:new).and_return(policy)
+      allow(user).to receive(:all_organisations).and_return([])
     end
 
     describe "#confirm_destroy" do

spec/controllers/application_controller_spec.rb

@@ -1,5 +1,7 @@
 require "rails_helper"
 
+class DummyController < ApplicationController; end
+
 RSpec.describe ApplicationController, type: :controller do
   describe "#request_ip" do
     it "returns the anonymized v4 IP with the last octet zero padded" do
@@ -27,4 +29,49 @@
       end
     end
   end
+
+  describe "before_action" do
+    controller DummyController do
+      def custom_action
+        head 200
+      end
+    end
+
+    before(:each) do
+      routes.draw do
+        get "custom_action" => "dummy#custom_action"
+      end
+    end
+
+    context "user is not signed in" do
+      it "does not set Current.user_organisation" do
+        get "custom_action"
+
+        expect(Current.user_organisation).to be(nil)
+      end
+    end
+
+    context "user is signed in" do
+      let(:user) { create(:partner_organisation_user) }
+
+      before do
+        allow(controller).to receive(:current_user).and_return(user)
+      end
+
+      it "does not set Current.user_organisation if `current_user_organisation` is not in the session" do
+        get "custom_action"
+
+        expect(Current.user_organisation).to be(nil)
+      end
+
+      it "sets Current.user_organisation if `current_user_organisation` is in the session" do
+        id = SecureRandom.uuid
+        session[:current_user_organisation] = id
+
+        get "custom_action"
+
+        expect(Current.user_organisation).to be(id)
+      end
+    end
+  end
 end

spec/controllers/organisation_session_controller.rb

@@ -0,0 +1,47 @@
+require "rails_helper"
+
+RSpec.describe OrganisationSessionController do
+  let(:user) { create(:partner_organisation_user, organisation: organisation) }
+  let(:organisation) { create(:partner_organisation) }
+  let(:other_organisation) { create(:partner_organisation) }
+
+  before do
+    allow(controller).to receive(:current_user).and_return(user)
+
+    user.additional_organisations << [create(:partner_organisation), create(:partner_organisation)]
+  end
+
+  describe "#update" do
+    it "sets the session `current_user_organisation` to the user's primary organisation's ID" do
+      put :update, params: build_params(user.primary_organisation.id)
+
+      expect(session[:current_user_organisation]).to eq(user.primary_organisation.id)
+    end
+
+    it "sets the session `current_user_organisation` to an ID from the user's additional organisations" do
+      id = user.additional_organisations.pluck(:id).sample
+
+      put :update, params: build_params(id)
+
+      expect(session[:current_user_organisation]).to eq(id)
+    end
+
+    it "does not set the session `current_user_organisation` to a random ID" do
+      random_id = SecureRandom.uuid
+
+      put :update, params: build_params(random_id)
+
+      expect(session[:current_user_organisation]).not_to eq(random_id)
+    end
+
+    it "does not set the session `current_user_organisation` to an organisation ID not in the user's additional organisations" do
+      put :update, params: build_params(other_organisation.id)
+
+      expect(session[:current_user_organisation]).not_to eq(other_organisation.id)
+    end
+
+    def build_params(id)
+      {current_user_organisation: id}
+    end
+  end
+end

spec/features/users_can_edit_a_comment_spec.rb

@@ -1,4 +1,6 @@
 RSpec.describe "Users can edit a comment" do
+  include HideFromBullet
+
   let(:beis_user) { create(:beis_user) }
   let(:partner_org_user) { create(:partner_organisation_user) }
 
@@ -77,7 +79,9 @@
           scenario "the user can edit comments on actuals belonging to the same organisation" do
             actual = create(:actual, :with_comment, report: project_activity_report, parent_activity: project_activity)
 
-            visit organisation_activity_comments_path(project_activity_comment.commentable.organisation, project_activity_comment.commentable)
+            skip_bullet do
+              visit organisation_activity_comments_path(project_activity_comment.commentable.organisation, project_activity_comment.commentable)
+            end
 
             expect(page).to have_link("Edit", href: edit_activity_actual_path(project_activity, actual))
           end