From f989d34261f8fcc4b6414631613b96fab26b3a8c Mon Sep 17 00:00:00 2001 From: Steven Lorek Date: Fri, 12 Jun 2020 14:19:44 +0100 Subject: [PATCH] Only show complainant details on case added activity if user is collaborating on the case (#696) * Only show complainant details on case added activity if user is collaborating on the case * Change copy when user cannot view contact details on case created activity --- CHANGELOG.md | 3 +++ .../investigations/display_text_helper.rb | 2 +- .../models/audit_activity/investigation/add.rb | 2 +- psd-web/app/models/complainant.rb | 12 ------------ .../investigation/_add_project.html.erb | 2 -- .../investigation/_complainant.html.erb | 5 ++--- .../create_allegation_as_opss_user_spec.rb | 3 +-- .../create_enquiry_as_opss_user_spec.rb | 3 +-- .../support/audit_activity_investigation.rb | 18 ++++++++++++------ 9 files changed, 21 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 316543c013..edf09fef7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ # Changelog All notable changes to this project will be documented in this file. +## 2020-06-12 +- Users of all teams added to a case can now view complainant contact details on the case activity page. + ## 2020-06-05 – Added the ability to view the details of correspondence added to the case on their own page. diff --git a/psd-web/app/helpers/investigations/display_text_helper.rb b/psd-web/app/helpers/investigations/display_text_helper.rb index e33727281e..d8ed9d68f1 100644 --- a/psd-web/app/helpers/investigations/display_text_helper.rb +++ b/psd-web/app/helpers/investigations/display_text_helper.rb @@ -84,7 +84,7 @@ def gdpr_restriction_text def should_be_hidden(result, source, investigation) return true if correspondence_should_be_hidden(result, source, investigation) - return true if (source.include? "complainant") && !investigation&.complainant&.can_be_displayed?(current_user) + return true if (source.include? "complainant") && !policy(investigation).view_protected_details? false end diff --git a/psd-web/app/models/audit_activity/investigation/add.rb b/psd-web/app/models/audit_activity/investigation/add.rb index f3074f05dd..321a7f4a7c 100644 --- a/psd-web/app/models/audit_activity/investigation/add.rb +++ b/psd-web/app/models/audit_activity/investigation/add.rb @@ -45,7 +45,7 @@ def title(_user) def can_display_all_data?(user) return true if self[:metadata].present? || investigation.complainant.blank? - investigation.complainant.can_be_displayed?(user) + Pundit.policy(user, investigation).view_protected_details? end # Only used for old records prior to metadata implementation diff --git a/psd-web/app/models/complainant.rb b/psd-web/app/models/complainant.rb index 07eb278a8f..fa416dc06e 100644 --- a/psd-web/app/models/complainant.rb +++ b/psd-web/app/models/complainant.rb @@ -19,16 +19,4 @@ class Complainant < ApplicationRecord validates :name, length: { maximum: 100 } validates :other_details, length: { maximum: 10_000 } - - def can_be_displayed?(user) - can_be_seen_by_user?(user) || investigation.child_should_be_displayed?(user) - end - -private - - def can_be_seen_by_user?(user) - return true if investigation.creator_user.has_gdpr_access?(user) - - complainant_type != "Consumer" - end end diff --git a/psd-web/app/views/investigations/activities/investigation/_add_project.html.erb b/psd-web/app/views/investigations/activities/investigation/_add_project.html.erb index f197c42b84..5af490aa7c 100644 --- a/psd-web/app/views/investigations/activities/investigation/_add_project.html.erb +++ b/psd-web/app/views/investigations/activities/investigation/_add_project.html.erb @@ -1,7 +1,5 @@

Project details

- - <% if activity.metadata['investigation']['coronavirus_related'] %>

<%= t("audit_activity.investigation.coronavirus_related") %> diff --git a/psd-web/app/views/investigations/activities/investigation/_complainant.html.erb b/psd-web/app/views/investigations/activities/investigation/_complainant.html.erb index 94895a107a..9e38454fdc 100644 --- a/psd-web/app/views/investigations/activities/investigation/_complainant.html.erb +++ b/psd-web/app/views/investigations/activities/investigation/_complainant.html.erb @@ -8,11 +8,10 @@ <% end %> <%# Teams not involved in a case shouldn't complianant contact details %> -<% if !complainant.can_be_displayed?(current_user) %> - <%= render "restricted", activity: activity %> +<% if !policy(@investigation).view_protected_details? %> +

<%= t("case.protected_details", data_type: "#{@investigation.case_type} contact details") %>

<% else %> - <% complainant_info = [] %> <% if complainant.name.present? %> diff --git a/psd-web/spec/features/create_allegation_as_opss_user_spec.rb b/psd-web/spec/features/create_allegation_as_opss_user_spec.rb index eb7b5dc178..dd773f0452 100644 --- a/psd-web/spec/features/create_allegation_as_opss_user_spec.rb +++ b/psd-web/spec/features/create_allegation_as_opss_user_spec.rb @@ -191,8 +191,7 @@ def expect_case_activity_page_to_show_restricted_information(allegation) expect(page).to have_text("Hazard type: #{allegation.fetch(:hazard_type)}") expect(page).to have_text(allegation.fetch(:description)) - expect(page).to have_text("Restricted access") - expect(page).to have_text("Consumer contact details hidden to comply with GDPR legislation. Contact test organisation, who created this activity, to obtain these details if required.") + expect(page).to have_css("p", text: "Only teams added to the case can view allegation contact details") expect(page).not_to have_text("Name") expect(page).not_to have_text("Email address") diff --git a/psd-web/spec/features/create_enquiry_as_opss_user_spec.rb b/psd-web/spec/features/create_enquiry_as_opss_user_spec.rb index ddd7df95c7..30285998b2 100644 --- a/psd-web/spec/features/create_enquiry_as_opss_user_spec.rb +++ b/psd-web/spec/features/create_enquiry_as_opss_user_spec.rb @@ -171,8 +171,7 @@ def expect_case_activity_page_to_show_restricted_information(enquiry) expect(page).to have_css("p", text: "Case is related to the coronavirus outbreak.") expect(page).to have_css("p", text: enquiry.fetch(:enquiry_description)) - expect(page).to have_text("Restricted access") - expect(page).to have_text("Consumer contact details hidden to comply with GDPR legislation. Contact test organisation, who created this activity, to obtain these details if required.") + expect(page).to have_css("p", text: "Only teams added to the case can view enquiry contact details") expect(page).not_to have_text("Name") expect(page).not_to have_text("Email address") diff --git a/psd-web/spec/support/audit_activity_investigation.rb b/psd-web/spec/support/audit_activity_investigation.rb index 2c4c96b0e0..8fd8130cf9 100644 --- a/psd-web/spec/support/audit_activity_investigation.rb +++ b/psd-web/spec/support/audit_activity_investigation.rb @@ -155,15 +155,21 @@ context "when there is a complainant" do let(:factory_trait) { :with_complainant } - let(:complainant) { investigation.complainant } - before do - allow(complainant).to receive(:can_be_displayed?).with(user).and_return(true) + context "when the user is on a team collaborating on the case" do + before do + create(:collaboration_edit_access, investigation: investigation, collaborator: user.team) + end + + it "returns true" do + expect(can_display).to be true + end end - it "returns the value of complainant#can_be_displayed?", :aggregate_failures do - expect(can_display).to be true - expect(complainant).to have_received(:can_be_displayed?).with(user).once + context "when the user is not on a team collaborating on the case" do + it "returns false" do + expect(can_display).to be false + end end end end