From 8bd6b1ca87ad7c675a9c190e77a624342dd88e2a Mon Sep 17 00:00:00 2001 From: RyanEddyIC Date: Thu, 25 Jul 2024 12:36:01 -0400 Subject: [PATCH] add check for broker agency account on employee role --- app/policies/person_policy.rb | 11 ++++++++- spec/policies/person_policy_spec.rb | 36 +++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/app/policies/person_policy.rb b/app/policies/person_policy.rb index b935bb851c9..a184f1402dc 100644 --- a/app/policies/person_policy.rb +++ b/app/policies/person_policy.rb @@ -85,7 +85,16 @@ def can_broker_modify? end def broker_agency_profile_matches? - associated_family.active_broker_agency_account.present? && associated_family.active_broker_agency_account.benefit_sponsors_broker_agency_profile_id == role.benefit_sponsors_broker_agency_profile_id + agency_id = role.benefit_sponsors_broker_agency_profile_id + + family_active_broker = associated_family&.active_broker_agency_account + family_active_broker_matches = family_active_broker.present? && family_active_broker.benefit_sponsors_broker_agency_profile_id == agency_id + + active_er = associated_family.primary_person&.active_employee_roles&.first + employer_active_broker = active_er&.employer_profile&.active_broker_agency_account + employer_active_broker_matches = employer_active_broker.present? && employer_active_broker.benefit_sponsors_broker_agency_profile_id == agency_id + + family_active_broker_matches || employer_active_broker_matches end def role diff --git a/spec/policies/person_policy_spec.rb b/spec/policies/person_policy_spec.rb index 5e086e5d5be..fa35e1355ee 100644 --- a/spec/policies/person_policy_spec.rb +++ b/spec/policies/person_policy_spec.rb @@ -74,6 +74,7 @@ end end + context "for broker login" do let(:site) { FactoryBot.create(:benefit_sponsors_site, :with_benefit_market, :as_hbx_profile, :cca) } let(:broker_organization) { FactoryBot.build(:benefit_sponsors_organizations_general_organization, site: site) } @@ -105,5 +106,40 @@ end end end + + context 'modify family permissions' do + let(:organization) {FactoryBot.build(:organization)} + let(:employer_profile) {FactoryBot.create(:employer_profile, organization: organization)} + let(:person_2) {FactoryBot.create(:person, :with_family, :with_employee_role)} + let(:employee_role) {person_2.employee_roles.first} + let(:census_employee) {FactoryBot.create(:census_employee)} + + let(:broker_organization_3) { FactoryBot.build(:benefit_sponsors_organizations_general_organization, site: site) } + let(:broker_agency_profile_3) { FactoryBot.create(:benefit_sponsors_organizations_broker_agency_profile, organization: broker_organization_3, market_kind: 'shop', legal_name: 'Legal Name 3') } + let(:writing_agent) { FactoryBot.create(:broker_role, aasm_state: 'active', benefit_sponsors_broker_agency_profile_id: broker_agency_profile_3.id) } + let!(:broker_role_3) { FactoryBot.create(:broker_role, benefit_sponsors_broker_agency_profile_id: broker_agency_profile_3.id, aasm_state: :active) } + let!(:broker_role_user_3) {FactoryBot.create(:user, :person => broker_role_3.person, roles: ['broker_role'])} + let!(:broker_agency_account) { FactoryBot.create(:benefit_sponsors_accounts_broker_agency_account, broker_agency_profile: broker_agency_profile_3) } + + context 'family has associated active broker agency account' do + let(:policy) {PersonPolicy.new(broker_role_user_3, person_2)} + + before do + person_2.primary_family.broker_agency_accounts = [broker_agency_account] + end + + it 'should allow broker to update' do + expect(policy.can_update?).to be true + end + end + + context 'unauthorized broker' do + let(:policy) {PersonPolicy.new(broker_role_user_2, person_2)} + + it 'should not allow broker to update' do + expect(policy.can_update?).to be false + end + end + end end end