diff --git a/app/form_builders/authorization_request_form_builder.rb b/app/form_builders/authorization_request_form_builder.rb index 8663cda1a..061c1e523 100644 --- a/app/form_builders/authorization_request_form_builder.rb +++ b/app/form_builders/authorization_request_form_builder.rb @@ -97,12 +97,21 @@ def dsfr_scope(scope, opts = {}) nil ), dsfr_scope_label(scope), - scope.included? ? scope_hidden_field(scope) : nil + include_scope_hidden_field?(scope, disabled) ? scope_hidden_field(scope) : nil ].compact ) end end + def include_scope_hidden_field?(scope, disabled) + if disabled + scope.included? || + @object.scopes.include?(scope.value) + else + scope.included? + end + end + def dsfr_scope_options(scope, disabled: false) { disabled: disabled || check_box_disabled || scope.included?, diff --git a/spec/features/authorization_requests/scopes_spec.rb b/spec/features/authorization_requests/scopes_spec.rb index edc1c87f9..2681ef939 100644 --- a/spec/features/authorization_requests/scopes_spec.rb +++ b/spec/features/authorization_requests/scopes_spec.rb @@ -1,54 +1,83 @@ -RSpec.describe 'Authorization request with a scope step' do - let(:user) { create(:user) } - let(:authorization_request) do - authorization_request = create(:authorization_request, :api_particulier, fill_all_attributes: true, applicant: user) - authorization_request.current_build_step = 'basic_infos' - authorization_request.scopes = nil - authorization_request.save! - authorization_request - end - let(:authorization_request_form) { authorization_request.form } +RSpec.describe 'Authorization request with scopes' do + describe 'at the scope step' do + let(:user) { create(:user) } + let(:authorization_request) do + authorization_request = create(:authorization_request, :api_particulier, fill_all_attributes: true, applicant: user) + authorization_request.current_build_step = 'basic_infos' + authorization_request.scopes = nil + authorization_request.save! + authorization_request + end + let(:authorization_request_form) { authorization_request.form } - let(:scope_step_name) { I18n.t('wicked.scopes') } + let(:scope_step_name) { I18n.t('wicked.scopes') } - before do - sign_in(user) + before do + sign_in(user) - visit authorization_request_form_build_path(form_uid: authorization_request_form.uid, authorization_request_id: authorization_request.id, id: scope_step_name) - end + visit authorization_request_form_build_path(form_uid: authorization_request_form.uid, authorization_request_id: authorization_request.id, id: scope_step_name) + end - describe 'submitting no scope' do - subject(:submitting_without_scope) do - within(css_id(authorization_request)) do - click_link_or_button 'next_authorization_request' + describe 'submitting no scope' do + subject(:submitting_without_scope) do + within(css_id(authorization_request)) do + click_link_or_button 'next_authorization_request' + end + end + + it 'does not change scopes and displays an error' do + expect { + submitting_without_scope + }.not_to change { authorization_request.reload.scopes } + + expect(page).to have_css('.fr-alert') end end - it 'does not change scopes and displays an error' do - expect { - submitting_without_scope - }.not_to change { authorization_request.reload.scopes } + describe 'submitting with one scope' do + subject(:submitting_without_scope) do + within(css_id(authorization_request)) do + check 'authorization_request_api_particulier_scopes_cnaf_quotient_familial' - expect(page).to have_css('.fr-alert') + click_link_or_button 'next_authorization_request' + end + end + + it 'changes scopes and change step' do + expect { + submitting_without_scope + }.to change { authorization_request.reload.scopes }.to(['cnaf_quotient_familial']) + + expect(page).to have_no_css('.fr-alert') + expect(page).to have_no_current_path(authorization_request_form_build_path(form_uid: authorization_request_form.uid, authorization_request_id: authorization_request.id, id: scope_step_name)) + end end end - describe 'submitting with one scope' do - subject(:submitting_without_scope) do - within(css_id(authorization_request)) do - check 'authorization_request_api_particulier_scopes_cnaf_quotient_familial' + describe 'at the review step, with some scopes defined' do + let(:user) { create(:user) } + let(:authorization_request) do + authorization_request = create(:authorization_request, :api_entreprise, fill_all_attributes: true, applicant: user) + authorization_request.scopes = default_scopes + additional_scopes + authorization_request.save! + authorization_request + end + let(:default_scopes) { AuthorizationDefinition.find('api_entreprise').scopes.select(&:included?).map(&:value) } + let(:additional_scopes) { %w[unites_legales_etablissements_insee] } - click_link_or_button 'next_authorization_request' - end + before do + sign_in(user) + + visit summary_authorization_request_form_path(form_uid: authorization_request.form.uid, id: authorization_request.id) end - it 'changes scopes and change step' do - expect { - submitting_without_scope - }.to change { authorization_request.reload.scopes }.to(['cnaf_quotient_familial']) + it 'keeps the scopes on submit' do + check 'authorization_request_api_entreprise_terms_of_service_accepted' + check 'authorization_request_api_entreprise_data_protection_officer_informed' + + click_on 'submit_authorization_request' - expect(page).to have_no_css('.fr-alert') - expect(page).to have_no_current_path(authorization_request_form_build_path(form_uid: authorization_request_form.uid, authorization_request_id: authorization_request.id, id: scope_step_name)) + expect(authorization_request.reload.scopes).to match_array((default_scopes + additional_scopes)) end end end