Handle already verified claims

We want to prevent providers from submitting mulitple verifications.
We've had to move the `Authorisation` concern so it runs before the form
callback stuff such that the answers haven't yet been updated when we
check if the claim has been verified on POST.

app/controllers/claims_controller.rb

@@ -12,9 +12,9 @@ class ClaimsController < BasePublicController
   before_action :persist_claim, only: [:new, :create]
   before_action :handle_magic_link, only: [:new], if: -> { journey.start_with_magic_link? }
 
+  include AuthorisedSlugs
   include FormSubmittable
   include ClaimsFormCallbacks
-  include AuthorisedSlugs
 
   def existing_session
     @existing_session = journey_sessions.first

app/forms/journeys/further_education_payments/provider/verify_claim_form.rb

@@ -33,7 +33,7 @@ class VerifyClaimForm < Form
 
         validate :all_assertions_answered
 
-        # validate claim not already verified
+        validate :claim_not_already_verified
 
         delegate :claim, to: :answers
 
@@ -122,6 +122,12 @@ def all_assertions_answered
           end
         end
 
+        def claim_not_already_verified
+          if claim.eligibility.verified?
+            errors.add(:base, "Claim has already been verified")
+          end
+        end
+
         class AssertionForm
           include ActiveModel::Model
           include ActiveModel::Attributes

app/models/journeys/further_education_payments/provider/authorisation.rb

@@ -12,6 +12,7 @@ def failure_reason
           return :no_service_access unless answers.dfe_sign_in_service_access?
           return :claim_admin if claim_admin?
           return :incorrect_role unless role_permits_access?
+          return :already_verified if already_verified? && slug != "complete"
 
           nil
         end
@@ -43,6 +44,10 @@ def claim_admin_roles
             DfeSignIn::User::PAYROLL_OPERATOR_DFE_SIGN_IN_ROLE_CODE
           ]
         end
+
+        def already_verified?
+          answers.claim.eligibility.verified?
+        end
       end
     end
   end

app/models/policies/further_education_payments/eligibility.rb

@@ -49,6 +49,10 @@ def courses
       def fixed_contract?
         contract_type != "variable_hours"
       end
+
+      def verified?
+        verification.present?
+      end
     end
   end
 end

app/views/further_education_payments/provider/claims/_unauthorised_already_verified.html.erb

@@ -0,0 +1,21 @@
+<h1 class="govuk-heading-xl">
+  This claim has already been verified
+</h1>
+
+<p class="govuk-body govuk-!-margin-top-6">
+  Email <%= govuk_mail_to("[email protected]") %>
+  if you need to:
+</p>
+
+<%= govuk_list(
+  [
+    "view the verification form",
+    "make changes to the details provided in the verification form"
+  ],
+  type: :bullet
+) %>
+
+<p class="govuk-body govuk-!-margin-top-6">
+  Make sure you include the claim reference number in your email so we can find
+  the claim and process any changes promptly.
+</p>

app/views/further_education_payments/provider/claims/unauthorised.html.erb

@@ -17,6 +17,8 @@
     <%= render "unauthorised_incorrect_role" %>
    <% when "claim_admin" %>
     <%= render "unauthorised_claim_admin" %>
+   <% when "already_verified" %>
+     <%= render "unauthorised_already_verified" %>
   <% end %>
   </div>
 </div>

spec/factories/policies/further_education_payments/eligibilities.rb

@@ -5,5 +5,45 @@
 
     trait :eligible do
     end
+
+    trait :verified do
+      verification do
+        {
+          "assertions" => [
+            {
+              "name" => "contract_type",
+              "outcome" => true
+            },
+            {
+              "name" => "teaching_responsibilities",
+              "outcome" => true
+            },
+            {
+              "name" => "further_education_teaching_start_year",
+              "outcome" => true
+            },
+            {
+              "name" => "teaching_hours_per_week",
+              "outcome" => true
+            },
+            {
+              "name" => "hours_teaching_eligible_subjects",
+              "outcome" => false
+            },
+            {
+              "name" => "subjects_taught",
+              "outcome" => false
+            }
+          ],
+          "verifier" => {
+            "dfe_sign_in_uid" => "123",
+            "first_name" => "Seymoure",
+            "last_name" => "Skinner",
+            "email" => "[email protected]"
+          },
+          "created_at" => "2024-01-01T12:00:00.000+00:00"
+        }
+      end
+    end
   end
 end

spec/features/further_education_payments/provider/provider_verifying_claims_spec.rb

@@ -325,6 +325,60 @@
     expect(page).to have_text "Claim referenceCLAIM2"
   end
 
+  scenario "provider visits a claim that has already been verified" do
+    fe_provider = create(:school, :further_education, name: "Springfield A and M")
+
+    claim = create(
+      :claim,
+      first_name: "Edna",
+      surname: "Krabappel",
+      date_of_birth: Date.new(1945, 7, 3),
+      reference: "AB123456",
+      created_at: DateTime.new(2024, 8, 1, 9, 0, 0)
+    )
+
+    create(
+      :further_education_payments_eligibility,
+      :verified,
+      claim: claim,
+      school: fe_provider
+    )
+
+    mock_dfe_sign_in_auth_session(
+      provider: :dfe_fe_provider,
+      auth_hash: {
+        uid: "11111",
+        extra: {
+          raw_info: {
+            organisation: {
+              id: "22222",
+              ukprn: fe_provider.ukprn
+            }
+          }
+        }
+      }
+    )
+
+    stub_dfe_sign_in_user_info_request(
+      "11111",
+      "22222",
+      Journeys::FurtherEducationPayments::Provider::CLAIM_VERIFIER_DFE_SIGN_IN_ROLE_CODE
+    )
+
+    claim_link = Journeys::FurtherEducationPayments::Provider::SlugSequence.verify_claim_url(claim)
+
+    visit claim_link
+
+    click_on "Start now"
+
+    expect(page).to have_text "This claim has already been verified"
+
+    # Try to visit the restricted slug directly
+    visit "/further-education-payments-provider/verify-claim"
+
+    expect(page).to have_text "This claim has already been verified"
+  end
+
   scenario "provider approves a fixed contract claim" do
     fe_provider = create(:school, :further_education, name: "Springfield A and M")
 

spec/forms/journeys/further_education_payments/provider/verify_claim_form_spec.rb

@@ -44,6 +44,20 @@
         expect(assertion.errors[:outcome]).to eq(["Select an option"])
       end
     end
+
+    it "validates the claim hasn't already been verified" do
+      eligibility.update!(
+        verification: {
+          assertions: [
+            {name: "contract_type", outcome: true}
+          ]
+        }
+      )
+
+      form.validate
+
+      expect(form.errors[:base]).to eq(["Claim has already been verified"])
+    end
   end
 
   describe "#assertions" do

spec/models/journeys/further_education_payments/provider/authorisation_spec.rb

@@ -69,5 +69,23 @@
 
       it { is_expected.to eq(:claim_admin) }
     end
+
+    context "when the claim has already been verified" do
+      let(:answers) do
+        {
+          dfe_sign_in_service_access: true,
+          dfe_sign_in_organisation_ukprn: organisation.ukprn,
+          dfe_sign_in_role_codes: [
+            Journeys::FurtherEducationPayments::Provider::CLAIM_VERIFIER_DFE_SIGN_IN_ROLE_CODE
+          ]
+        }
+      end
+
+      let(:eligibility) do
+        create(:further_education_payments_eligibility, :verified)
+      end
+
+      it { is_expected.to eq(:already_verified) }
+    end
   end
 end