Ignore restricted patients from sorting and filtering (#2827)

This prevents information about restricted patients being leaked inadvertently, as although the information itself was not shown, by using the sorting and filtering functionality it's possible to guess what the value might be. Instead we now treat restricted patients as having no postcode for the purpose of filtering and sorting.
nhsuk · Jan 10, 2025 · 7404bb1 · 7404bb1
2 parents 8159b6f + 9e209e0
commit 7404bb1
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 13 deletions.
diff --git a/app/controllers/concerns/patient_sorting_concern.rb b/app/controllers/concerns/patient_sorting_concern.rb
@@ -28,11 +28,9 @@ def sort_by_value(obj, key)
     when "status"
       obj.try(:status) || "not_in_session"
     when "postcode"
-      if obj.respond_to?(:address_postcode)
-        obj.address_postcode
-      else
-        obj.patient.address_postcode
-      end || ""
+      patient = obj.is_a?(Patient) ? obj : obj.patient
+
+      patient.restricted? ? "" : patient.address_postcode || ""
     when "year_group"
       [
         obj.try(:year_group) || obj.patient.year_group || "",
@@ -57,13 +55,11 @@ def filter_patients!(patients_or_patient_sessions)
 
     if (postcode = params[:postcode]).present?
       patients_or_patient_sessions.select! do |obj|
-        value =
-          if obj.respond_to?(:address_postcode)
-            obj.address_postcode
-          else
-            obj.patient.address_postcode
-          end
-        value&.downcase&.include?(postcode.downcase)
+        patient = obj.is_a?(Patient) ? obj : obj.patient
+
+        next false if patient.restricted?
+
+        patient.address_postcode&.downcase&.include?(postcode.downcase)
       end
     end
 

diff --git a/spec/controllers/concerns/patient_sorting_concern_spec.rb b/spec/controllers/concerns/patient_sorting_concern_spec.rb
@@ -106,6 +106,17 @@ def initialize(params)
           %w[Blair Alex Casey]
         )
       end
+
+      context "when a patient is restricted" do
+        before { blair.update!(restricted_at: Time.current) }
+
+        it "they are treated as though they have no postcode" do
+          controller.sort_patients!(patient_sessions)
+          expect(patient_sessions.map(&:patient).map(&:given_name)).to eq(
+            %w[Alex Casey Blair]
+          )
+        end
+      end
     end
 
     context "when sort parameter is missing" do
@@ -139,6 +150,15 @@ def initialize(params)
         expect(patient_sessions.size).to eq(1)
         expect(patient_sessions.first.patient.given_name).to eq("Blair")
       end
+
+      context "when a patient is restricted" do
+        before { blair.update!(restricted_at: Time.current) }
+
+        it "excludes the patient from the result" do
+          controller.filter_patients!(patient_sessions)
+          expect(patient_sessions.size).to eq(0)
+        end
+      end
     end
 
     context "when filtering by year group" do

diff --git a/spec/features/patient_sorting_filtering_spec.rb b/spec/features/patient_sorting_filtering_spec.rb
@@ -194,7 +194,7 @@ def then_i_see_patients_ordered_by_dob_desc
 
   def when_i_filter_by_dob
     alex = Patient.find_by(given_name: "Alex")
-    fill_in "Date of birth", with: alex.date_of_birth.year
+    fill_in "Date of birth", with: alex.date_of_birth.strftime("%d/%m/%Y")
   end
 
   def then_i_see_patients_with_dob