alphagov · GDSNewt · Dec 31, 2024 · Feb 26, 2025 · Feb 26, 2025 · Dec 31, 2024
diff --git a/app/models/aaib_report.rb b/app/models/aaib_report.rb
@@ -1,4 +1,5 @@
 class AaibReport < Document
+  apply_validations
   validates :date_of_occurrence,
             presence: true,
             unless: lambda { |report|

diff --git a/app/models/ai_assurance_portfolio_technique.rb b/app/models/ai_assurance_portfolio_technique.rb
@@ -1,4 +1,5 @@
 class AiAssurancePortfolioTechnique < Document
+  apply_validations
   FORMAT_SPECIFIC_FIELDS = format_specific_fields
 
   attr_accessor(*FORMAT_SPECIFIC_FIELDS)

diff --git a/app/models/countryside_stewardship_grant.rb b/app/models/countryside_stewardship_grant.rb
@@ -1,4 +1,5 @@
 class CountrysideStewardshipGrant < Document
+  apply_validations
   FORMAT_SPECIFIC_FIELDS = format_specific_fields
 
   attr_accessor(*FORMAT_SPECIFIC_FIELDS)

diff --git a/app/models/data_ethics_guidance_document.rb b/app/models/data_ethics_guidance_document.rb
@@ -1,4 +1,5 @@
 class DataEthicsGuidanceDocument < Document
+  apply_validations
   FORMAT_SPECIFIC_FIELDS = format_specific_fields
 
   attr_accessor(*FORMAT_SPECIFIC_FIELDS)

diff --git a/app/models/drug_safety_update.rb b/app/models/drug_safety_update.rb
@@ -1,4 +1,5 @@
 class DrugSafetyUpdate < Document
+  apply_validations
   FORMAT_SPECIFIC_FIELDS = format_specific_fields
 
   attr_accessor(*FORMAT_SPECIFIC_FIELDS)

diff --git a/app/models/esi_fund.rb b/app/models/esi_fund.rb
@@ -1,4 +1,5 @@
 class EsiFund < Document
+  apply_validations
   FORMAT_SPECIFIC_FIELDS = format_specific_fields
 
   attr_accessor(*FORMAT_SPECIFIC_FIELDS)

diff --git a/app/models/international_development_fund.rb b/app/models/international_development_fund.rb
@@ -1,4 +1,5 @@
 class InternationalDevelopmentFund < Document
+  apply_validations
   FORMAT_SPECIFIC_FIELDS = format_specific_fields
 
   attr_accessor(*FORMAT_SPECIFIC_FIELDS)

diff --git a/app/models/marine_equipment_approved_recommendation.rb b/app/models/marine_equipment_approved_recommendation.rb
@@ -1,4 +1,5 @@
 class MarineEquipmentApprovedRecommendation < Document
+  apply_validations
   validates :year_adopted, format: /\A$|[1-9][0-9]{3}\z/
 
   FORMAT_SPECIFIC_FIELDS = format_specific_fields

diff --git a/app/models/service_standard_report.rb b/app/models/service_standard_report.rb
@@ -1,4 +1,5 @@
 class ServiceStandardReport < Document
+  apply_validations
   FORMAT_SPECIFIC_FIELDS = format_specific_fields
 
   attr_accessor(*FORMAT_SPECIFIC_FIELDS)

diff --git a/app/models/veterans_support_organisation.rb b/app/models/veterans_support_organisation.rb
@@ -1,4 +1,5 @@
 class VeteransSupportOrganisation < Document
+  apply_validations
   FORMAT_SPECIFIC_FIELDS = format_specific_fields
 
   attr_accessor(*FORMAT_SPECIFIC_FIELDS)

diff --git a/lib/documents/schemas/esi_funds.json b/lib/documents/schemas/esi_funds.json
@@ -180,7 +180,7 @@
     }
   ],
   "filter": {
-    "format": "european_structural_investment_fund"
+    "format": "esi_fund"
   },
   "name": "European Structural and Investment Funds (ESIF)",
   "organisations": [

diff --git a/spec/features/access_control_spec.rb b/spec/features/access_control_spec.rb
@@ -1,126 +1,60 @@
 require "spec_helper"
 
 RSpec.feature "Access control", type: :feature do
-  before do
-    stub_publishing_api_has_content([], hash_including(document_type: CmaCase.document_type))
-    stub_publishing_api_has_content([], hash_including(document_type: AaibReport.document_type))
-    stub_publishing_api_has_content([], hash_including(document_type: StatutoryInstrument.document_type))
-    stub_publishing_api_has_content([], hash_including(document_type: Organisation.document_type))
+  context "as an editor of an organisation that doesn't have access to the application" do
+    before do
+      log_in_as_editor(:incorrect_id_editor)
+    end
+
+    scenario "visiting homepage shows a permissions error" do
+      visit "/"
+
+      expect(page.status_code).to eq(200)
+      expect(page).to have_content("Sorry, you don't have permission to access this application")
+      expect(page).to have_content("Please contact your main GDS contact if you need access.")
+    end
   end
 
   context "as a CMA Editor" do
     before do
+      stub_publishing_api_has_content([], hash_including(document_type: CmaCase.document_type))
+      stub_publishing_api_has_content([], hash_including(document_type: Organisation.document_type))
       log_in_as_editor(:cma_editor)
     end
 
-    scenario "visiting /cma-cases" do
+    scenario "visiting /cma-cases is allowed" do
       visit "/cma-cases"
 
       expect(page.status_code).to eq(200)
       expect(page).to have_content("CMA Cases")
     end
 
-    scenario "visiting admin/cma-cases" do
+    scenario "visiting admin/cma-cases is allowed" do
       visit "admin/cma-cases"
 
       expect(page.status_code).to eq(200)
       expect(page).to have_content("CMA Case finder")
     end
 
-    scenario "visiting /aaib-reports" do
+    scenario "visiting /aaib-reports is rejected" do
       visit "/aaib-reports"
 
       expect(page.current_path).to eq("/cma-cases")
       expect(page).to have_content("You aren't permitted to access AAIB Reports")
     end
 
-    scenario "visiting admin/aaib-reports" do
+    scenario "visiting admin/aaib-reports is rejected" do
       visit "admin/aaib-reports"
 
       expect(page.current_path).to eq("/cma-cases")
       expect(page).to have_content("You aren't permitted to access AAIB Reports")
     end
 
-    scenario "visiting a format which doesn't exist" do
+    scenario "visiting a format which doesn't exist gives an error message" do
       visit "/a-format-which-doesnt-exist"
 
       expect(page.current_path).to eq("/cma-cases")
       expect(page).to have_content("That format doesn't exist.")
     end
   end
-
-  context "as an AAIB Editor" do
-    before do
-      log_in_as_editor(:aaib_editor)
-    end
-
-    scenario "visiting /aaib-reports" do
-      visit "/aaib-reports"
-
-      expect(page.status_code).to eq(200)
-      expect(page).to have_content("AAIB Reports")
-    end
-
-    scenario "visiting admin/aaib-reports" do
-      visit "admin/aaib-reports"
-
-      expect(page.status_code).to eq(200)
-      expect(page).to have_content("AAIB Report finder")
-    end
-
-    scenario "visiting /cma-cases" do
-      visit "/cma-cases"
-
-      expect(page.current_path).to eq("/aaib-reports")
-      expect(page).to have_content("You aren't permitted to access CMA Cases")
-    end
-
-    scenario "visiting admin/cma-cases" do
-      visit "admin/cma-cases"
-
-      expect(page.current_path).to eq("/aaib-reports")
-      expect(page).to have_content("You aren't permitted to access CMA Cases")
-    end
-  end
-
-  context "as a statutory instrument editor" do
-    before do
-      stub_publishing_api_has_content([], hash_including(document_type: Organisation.document_type))
-      log_in_as_editor(:statutory_instrument_editor)
-    end
-
-    scenario "visiting the statutory instruments format" do
-      visit "/eu-withdrawal-act-2018-statutory-instruments"
-
-      expect(page.status_code).to eq(200)
-      expect(page).to have_content("EU Withdrawal Act 2018 statutory instruments")
-    end
-
-    scenario "visiting another format" do
-      visit "/cma-cases"
-
-      expect(page.current_path).to eq("/eu-withdrawal-act-2018-statutory-instruments")
-      expect(page).to have_content("You aren't permitted to access CMA Cases")
-    end
-
-    scenario "visiting the home page" do
-      visit "/"
-
-      expect(page.current_path).to eq("/eu-withdrawal-act-2018-statutory-instruments")
-    end
-  end
-
-  context "as an editor with incorrect organisation_content_id" do
-    before do
-      log_in_as_editor(:incorrect_id_editor)
-    end
-
-    scenario "visiting /" do
-      visit "/"
-
-      expect(page.status_code).to eq(200)
-      expect(page).to have_content("Sorry, you don't have permission to access this application")
-      expect(page).to have_content("Please contact your main GDS contact if you need access.")
-    end
-  end
 end