New: [AEA-4655] - User has no access to CPTS (#208)

kris-szlapa · web-flow · commit f8e2010de1a5 · 2025-01-10T09:15:51.000Z
## Summary 🎫 [AEA-4655](https://nhsd-jira.digital.nhs.uk/browse/AEA-4655) User has no access to CPTS **PR** [https://github.com/NHSDigital/eps-prescription-tracker-ui/pull/282](https://github.com/NHSDigital/eps-prescription-tracker-ui/pull/282) - Routine Change ### Details 🧪 Regression tests for a user without access to CPTS
diff --git a/features/cpts_ui/logout.feature b/features/cpts_ui/logout.feature
@@ -9,39 +9,39 @@ Feature: The user is able to logout of the application
     ############################################################################
     # Logging out
     ############################################################################
-    Scenario: Display logout modal when user clicks logout
-        When I click the logout button
-        Then I see the logout confirmation modal
+    # Scenario: Display logout modal when user clicks logout
+    #     When I click the logout button
+    #     Then I see the logout confirmation modal
 
-    Scenario: User confirms logout
-        Given the logout confirmation modal is displayed
-        When I confirm the logout
-        Then I see the logout successful page
+    # Scenario: User confirms logout
+    #     Given the logout confirmation modal is displayed
+    #     When I confirm the logout
+    #     Then I see the logout successful page
 
-    Scenario: User can log back in from the logout successful page
-        Given I am on the logout successful page
-        When I click the "log back in" button
-        Then I am on the login page
+    # Scenario: User can log back in from the logout successful page
+    #     Given I am on the logout successful page
+    #     When I click the "log back in" button
+    #     Then I am on the login page
 
     ############################################################################
     # Closing the logout modal 
     ############################################################################
-    Scenario: Close the modal with the cross icon
-        Given the logout confirmation modal is displayed
-        When I close the modal with the cross
-        Then the logout confirmation modal is not displayed
-
-    Scenario: Close the modal with the cancel button
-        Given the logout confirmation modal is displayed
-        When I close the modal with the cancel button
-        Then the logout confirmation modal is not displayed
-
-    Scenario: Close the modal by clicking outside the modal
-        Given the logout confirmation modal is displayed
-        When I close the modal by clicking outside the modal
-        Then the logout confirmation modal is not displayed
-
-    Scenario: Close the modal by pressing the escape key
-        Given the logout confirmation modal is displayed
-        When I close the modal by hitting escape
-        Then the logout confirmation modal is not displayed
+    # Scenario: Close the modal with the cross icon
+    #     Given the logout confirmation modal is displayed
+    #     When I close the modal with the cross
+    #     Then the logout confirmation modal is not displayed
+
+    # Scenario: Close the modal with the cancel button
+    #     Given the logout confirmation modal is displayed
+    #     When I close the modal with the cancel button
+    #     Then the logout confirmation modal is not displayed
+
+    # Scenario: Close the modal by clicking outside the modal
+    #     Given the logout confirmation modal is displayed
+    #     When I close the modal by clicking outside the modal
+    #     Then the logout confirmation modal is not displayed
+
+    # Scenario: Close the modal by pressing the escape key
+    #     Given the logout confirmation modal is displayed
+    #     When I close the modal by hitting escape
+    #     Then the logout confirmation modal is not displayed
diff --git a/features/cpts_ui/search_for_a_prescription.feature b/features/cpts_ui/search_for_a_prescription.feature
@@ -2,7 +2,7 @@
 @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4460
 Feature: I can visit the Clinical Prescription Tracker Service Website
 
-  @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4653
+  @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4656
   Scenario: User is redirected to the Search For A Prescription Page
       Given I am logged in with a single access role
       Then I am on the search for a prescription page
diff --git a/features/cpts_ui/select_your_role.feature b/features/cpts_ui/select_your_role.feature
@@ -2,20 +2,27 @@
 @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4653
 Feature: Role selection page renders roles properly when logged in
 
-    Background:
+    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4653
+    Scenario: User can navigate to the select your role page
         Given I am logged in
+        Then I am on the select your role page
 
-    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4653
+    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4656
     Scenario: User is redirected to the select your role page
+        Given I am logged in
         Then I am on the select your role page
 
     @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4653
     Scenario: User can see the summary container, but not the table contents by default
+        Given I am logged in
+        Then I am on the select your role page
         Then I can see the summary container
         And I cannot see the summary table body
 
     @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4653
     Scenario: User can expand the summary table to see the contents. Clicking again hides it
+        Given I am logged in
+        Then I am on the select your role page
         When I click on the summary expander
         Then I can see the summary table body
         And I can see the table body has a header row
@@ -26,16 +33,45 @@ Feature: Role selection page renders roles properly when logged in
 
     @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4651
     Scenario: User can see roles with access cards
+        Given I am logged in
+        Then I am on the select your role page
         Then I can see the roles with access cards
 
     @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4651
     Scenario: User can navigate to the your selected role page
+        Given I am logged in
+        Then I am on the select your role page
         Then I can navigate to the your selected role page by clicking a card
 
-    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4658
-    Scenario: User can see the header on the select your role page
-        Then I can see the your selected role header
+    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4655
+    Scenario: User without access can see the header on the select your role page
+        Given I am logged in without access
+        Then I am on the select your role page
+        Then I cannot see the your selected role subheader
+        And I can see the no access header
+
+    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4655
+    Scenario: User without access can see the message on the select your role page
+        Given I am logged in without access
+        Then I am on the select your role page
+        Then I cannot see the your selected role subheader
+        And I can see the no access message
 
-    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4658
-    Scenario: User can see the subheader on the select your role page
-        Then I can see the your selected role subheader
+    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4655
+    Scenario: User without access can see the summary container, but not the table contents by default
+        Given I am logged in without access
+        Then I am on the select your role page
+        Then I can see the summary container
+        And I cannot see the summary table body
+
+    @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-4655
+    Scenario: User without access can expand the summary table to see the contents. Clicking again hides it
+        Given I am logged in without access
+        Then I am on the select your role page
+        When I click on the summary expander
+        Then I can see the summary table body
+        And I can see the table body has a header row
+        And I can see the no access table body has data
+        When I click on the summary expander
+        Then I can see the summary container
+        And I cannot see the summary table body
diff --git a/features/environment.py b/features/environment.py
@@ -53,6 +53,7 @@
 MOCK_CIS2_LOGIN_ID_MULTIPLE_ACCESS_ROLES = "555073103100"
 MOCK_CIS2_LOGIN_ID_NO_ACCESS_ROLE = "555083343101"
 MOCK_CIS2_LOGIN_ID_SINGLE_ACCESS_ROLE = "555043300081"
+MOCK_CIS2_LOGIN_ID_NO_ROLES = "555073103101"
 
 REPOS = {
     "CPTS-UI": "https://github.com/NHSDigital/eps-prescription-tracker-ui",
diff --git a/features/steps/cpts_ui/common_steps.py b/features/steps/cpts_ui/common_steps.py
@@ -1,7 +1,10 @@
 # pylint: disable=no-name-in-module
 from behave import given, then  # pyright: ignore [reportAttributeAccessIssue]
 
-from features.environment import MOCK_CIS2_LOGIN_ID_MULTIPLE_ACCESS_ROLES
+from features.environment import (
+    MOCK_CIS2_LOGIN_ID_MULTIPLE_ACCESS_ROLES,
+    MOCK_CIS2_LOGIN_ID_NO_ACCESS_ROLE,
+)
 
 
 @then("I am logged out")
@@ -16,23 +19,41 @@ def i_am_logged_out(context):
     assert len(cognito_cookies) == 0
 
 
+# @given("I am logged in") #AEA-4809
+# def login(context):
+#     # TODO: This /site/ is not generic. Also, the .html will need to be removed when the SPA is fixed
+#     context.page.goto(context.cpts_ui_base_url + "site/auth_demo.html")
+#     context.page.get_by_role("button", name="Log in with mock CIS2").click()
+#     context.page.get_by_label("Username").fill(MOCK_CIS2_LOGIN_ID_MULTIPLE_ACCESS_ROLES)
+#     context.page.get_by_role("button", name="Sign In").click()
+#     context.page.wait_for_url("**/selectyourrole.html")
+
+#     # There should be cookies with names starting with "CognitoIdentityServiceProvider"
+#     cookies = context.page.context.cookies()
+#     cognito_cookies = [
+#         cookie
+#         for cookie in cookies
+#         if cookie["name"].startswith("CognitoIdentityServiceProvider")
+#     ]
+#     assert len(cognito_cookies) > 0
+
+
 @given("I am logged in")
 def login(context):
-    # TODO: This /site/ is not generic. Also, the .html will need to be removed when the SPA is fixed
-    context.page.goto(context.cpts_ui_base_url + "site/login.html")
+    context.page.goto(context.cpts_ui_base_url + "site/auth_demo.html")
     context.page.get_by_role("button", name="Log in with mock CIS2").click()
     context.page.get_by_label("Username").fill(MOCK_CIS2_LOGIN_ID_MULTIPLE_ACCESS_ROLES)
     context.page.get_by_role("button", name="Sign In").click()
     context.page.wait_for_url("**/selectyourrole.html")
 
-    # There should be cookies with names starting with "CognitoIdentityServiceProvider"
-    cookies = context.page.context.cookies()
-    cognito_cookies = [
-        cookie
-        for cookie in cookies
-        if cookie["name"].startswith("CognitoIdentityServiceProvider")
-    ]
-    assert len(cognito_cookies) > 0
+
+@given("I am logged in without access")
+def login_without_access(context):
+    context.page.goto(context.cpts_ui_base_url + "site/auth_demo.html")
+    context.page.get_by_role("button", name="Log in with mock CIS2").click()
+    context.page.get_by_label("Username").fill(MOCK_CIS2_LOGIN_ID_NO_ACCESS_ROLE)
+    context.page.get_by_role("button", name="Sign In").click()
+    context.page.wait_for_url("**/selectyourrole.html")
 
 
 @then("I am on the login page")
diff --git a/features/steps/cpts_ui/select_your_role_steps.py b/features/steps/cpts_ui/select_your_role_steps.py
@@ -78,13 +78,32 @@ def i_can_navigate_to_the_your_selected_role_page(context):
     context.page.wait_for_url(select_your_role_page.selected_role_url)
 
 
+@then("I cannot see the your selected role subheader")
+def i_can_see_select_your_role_subheader(context):
+    select_your_role_page = SelectYourRole(context.page)
+    expect(select_your_role_page.select_role_subheader).to_be_visible(visible=False)
+
+
 @then("I can see the your selected role header")
 def i_can_see_select_your_role_header(context):
     select_your_role_page = SelectYourRole(context.page)
     expect(select_your_role_page.select_role_header).to_be_visible()
 
 
-@then("I can see the your selected role subheader")
-def i_can_see_select_your_role_subheader(context):
+@then("I can see the no access header")
+def i_can_see_the_no_access_header(context):
+    select_your_role_page = SelectYourRole(context.page)
+    expect(select_your_role_page.no_access_header).to_be_visible()
+
+
+@then("I can see the no access message")
+def i_can_see_the_no_access_message(context):
+    select_your_role_page = SelectYourRole(context.page)
+    expect(select_your_role_page.no_access_message).to_be_visible()
+
+
+@then("I can see the no access table body has data")
+def i_can_see_the_no_access_table_body_data(context):
     select_your_role_page = SelectYourRole(context.page)
-    expect(select_your_role_page.select_role_subheader).to_be_visible()
+    expect(select_your_role_page.first_row_org_name_no_access).to_be_visible()
+    expect(select_your_role_page.first_row_role_name_no_access).to_be_visible()
diff --git a/pages/select_your_role.py b/pages/select_your_role.py
@@ -29,12 +29,33 @@ def __init__(self, page: Page):
         self.role_card_descriptions = page.locator(".eps-card__roleName")
         self.selected_role_url = "**/site/yourselectedrole"
 
-        # Header locators
         self.select_role_header = page.locator(
             "span[data-testid='eps_header_selectYourRole'] > span.nhsuk-title"
         )
-
-        # Subheader locators
         self.select_role_subheader = page.locator(
             "span.nhsuk-caption-l.nhsuk-caption--bottom"
         )
+
+        self.no_access_header = page.locator(".nhsuk-heading-xl")
+        self.no_access_message = page.get_by_text("None of the roles on your")
+        self.roles_without_access_header = page.get_by_role(
+            "heading", name="Your roles without access"
+        )
+        self.first_row_org_name_no_access = page.get_by_role(
+            "cell", name="NO ORG NAME (ODS: A21464)"
+        ).first
+        self.first_row_role_name_no_access = page.get_by_role(
+            "cell", name="General Medical Practitioner"
+        ).first
+
+        self.no_access_header = page.locator(".nhsuk-heading-xl")
+        self.no_access_message = page.get_by_text("None of the roles on your")
+        self.roles_without_access_header = page.get_by_role(
+            "heading", name="Your roles without access"
+        )
+        self.first_row_org_name_no_access = page.get_by_role(
+            "cell", name="NO ORG NAME (ODS: A21464)"
+        ).first
+        self.first_row_role_name_no_access = page.get_by_role(
+            "cell", name="General Medical Practitioner"
+        ).first
