Merge pull request #4464 from nhsuk/prescriber-permissions

Update policies for prescribers

Author: thomasleese

app/models/session.rb

@@ -219,7 +219,7 @@ def programmes_for(year_group: nil, patient: nil, academic_year: nil)
   end
 
   def vaccine_methods_for(user:)
-    if user.is_nurse?
+    if user.is_nurse? || user.is_prescriber?
       vaccine_methods
     elsif user.is_healthcare_assistant? && pgd_supply_enabled?
       %w[nasal]

app/policies/gillick_assessment_policy.rb

@@ -2,18 +2,10 @@
 
 class GillickAssessmentPolicy < ApplicationPolicy
   def create?
-    user.is_nurse?
-  end
-
-  def new?
-    create?
-  end
-
-  def edit?
-    user.is_nurse?
+    user.is_nurse? || user.is_prescriber?
   end
 
   def update?
-    edit?
+    user.is_nurse? || user.is_prescriber?
   end
 end

app/policies/session_attendance_policy.rb

@@ -2,11 +2,11 @@
 
 class SessionAttendancePolicy < ApplicationPolicy
   def create?
-    super && !already_vaccinated? && !was_seen_by_nurse?
+    !already_vaccinated? && !was_seen_by_nurse?
   end
 
   def update?
-    super && !already_vaccinated? && !was_seen_by_nurse?
+    !already_vaccinated? && !was_seen_by_nurse?
   end
 
   private

app/policies/session_policy.rb

@@ -1,10 +1,6 @@
 # frozen_string_literal: true
 
 class SessionPolicy < ApplicationPolicy
-  def update?
-    user.is_nurse? || user.is_admin?
-  end
-
   def import? = show?
 
   def make_in_progress? = edit?

app/policies/triage_policy.rb

@@ -2,11 +2,11 @@
 
 class TriagePolicy < ApplicationPolicy
   def create?
-    user.is_nurse?
+    user.is_nurse? || user.is_prescriber?
   end
 
   def update?
-    user.is_nurse?
+    user.is_nurse? || user.is_prescriber?
   end
 
   class Scope < ApplicationPolicy::Scope

app/policies/vaccination_record_policy.rb

@@ -2,7 +2,7 @@
 
 class VaccinationRecordPolicy < ApplicationPolicy
   def create?
-    user.is_nurse? ||
+    user.is_nurse? || user.is_prescriber? ||
       (
         patient.approved_vaccine_methods(programme:, academic_year:) &
           session.vaccine_methods_for(user:)
@@ -12,13 +12,15 @@ def create?
   def new? = create?
 
   def record_already_vaccinated?
-    user.is_nurse? && !session.today? &&
+    (user.is_nurse? || user.is_prescriber?) && !session.today? &&
       patient.vaccination_status(programme:, academic_year:).none_yet?
   end
 
   def edit?
-    (record.performed_by_user_id == user.id || user.is_nurse?) &&
-      record.recorded_in_service? &&
+    (
+      record.performed_by_user_id == user.id || user.is_nurse? ||
+        user.is_prescriber?
+    ) && record.recorded_in_service? &&
       record.performed_ods_code == user.selected_organisation.ods_code
   end
 

spec/models/session_spec.rb

@@ -309,6 +309,12 @@
       it { should match_array(%w[nasal injection]) }
     end
 
+    context "with a prescriber" do
+      let(:user) { create(:prescriber) }
+
+      it { should match_array(%w[nasal injection]) }
+    end
+
     context "with a healthcare assistant" do
       let(:user) { create(:healthcare_assistant) }
 

spec/policies/gillick_assessment_policy_spec.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+describe GillickAssessmentPolicy do
+  subject(:policy) { described_class.new(user, GillickAssessment) }
+
+  shared_examples "only nurses or prescribers" do
+    context "with an admin" do
+      let(:user) { create(:admin) }
+
+      it { should be(false) }
+    end
+
+    context "with a healthcare assistant" do
+      let(:user) { create(:healthcare_assistant) }
+
+      it { should be(false) }
+    end
+
+    context "with a nurse" do
+      let(:user) { create(:nurse) }
+
+      it { should be(true) }
+    end
+
+    context "with a prescriber" do
+      let(:user) { create(:prescriber) }
+
+      it { should be(true) }
+    end
+  end
+
+  describe "#new?" do
+    subject { policy.new? }
+
+    include_examples "only nurses or prescribers"
+  end
+
+  describe "#create?" do
+    subject { policy.create? }
+
+    include_examples "only nurses or prescribers"
+  end
+
+  describe "#edit?" do
+    subject { policy.edit? }
+
+    include_examples "only nurses or prescribers"
+  end
+
+  describe "#update?" do
+    subject { policy.update? }
+
+    include_examples "only nurses or prescribers"
+  end
+end

spec/policies/session_policy_spec.rb

@@ -42,13 +42,29 @@
       context "with a scheduled session" do
         let(:session) { create(:session, :scheduled) }
 
-        it { should be(false) }
+        it { should be(true) }
+      end
+
+      context "with an unscheduled session" do
+        let(:session) { create(:session, :unscheduled) }
+
+        it { should be(true) }
+      end
+    end
+
+    context "with a prescriber" do
+      let(:user) { create(:prescriber) }
+
+      context "with a scheduled session" do
+        let(:session) { create(:session, :scheduled) }
+
+        it { should be(true) }
       end
 
       context "with an unscheduled session" do
         let(:session) { create(:session, :unscheduled) }
 
-        it { should be(false) }
+        it { should be(true) }
       end
     end
   end

spec/policies/triage_policy_spec.rb

@@ -1,16 +1,70 @@
 # frozen_string_literal: true
 
 describe TriagePolicy do
-  describe "Scope#resolve" do
-    subject { TriagePolicy::Scope.new(user, Triage).resolve }
+  subject(:policy) { described_class.new(user, Triage) }
 
-    let(:team) { create(:team) }
-    let(:user) { create(:user, team:) }
+  shared_examples "only nurses or prescribers" do
+    context "with an admin" do
+      let(:user) { create(:admin) }
 
-    let(:team_batch) { create(:triage, team:) }
-    let(:non_team_batch) { create(:triage) }
+      it { should be(false) }
+    end
 
-    it { should include(team_batch) }
-    it { should_not include(non_team_batch) }
+    context "with a healthcare assistant" do
+      let(:user) { create(:healthcare_assistant) }
+
+      it { should be(false) }
+    end
+
+    context "with a nurse" do
+      let(:user) { create(:nurse) }
+
+      it { should be(true) }
+    end
+
+    context "with a prescriber" do
+      let(:user) { create(:prescriber) }
+
+      it { should be(true) }
+    end
+  end
+
+  describe "#new?" do
+    subject { policy.new? }
+
+    include_examples "only nurses or prescribers"
+  end
+
+  describe "#create?" do
+    subject { policy.create? }
+
+    include_examples "only nurses or prescribers"
+  end
+
+  describe "#edit?" do
+    subject { policy.edit? }
+
+    include_examples "only nurses or prescribers"
+  end
+
+  describe "#update?" do
+    subject { policy.update? }
+
+    include_examples "only nurses or prescribers"
+  end
+
+  describe TriagePolicy::Scope do
+    describe "#resolve" do
+      subject { described_class.new(user, Triage).resolve }
+
+      let(:team) { create(:team) }
+      let(:user) { create(:user, team:) }
+
+      let(:team_batch) { create(:triage, team:) }
+      let(:non_team_batch) { create(:triage) }
+
+      it { should include(team_batch) }
+      it { should_not include(non_team_batch) }
+    end
   end
 end