Skip to content

Commit

Permalink
Conditionally show the "Remove access" button
Browse files Browse the repository at this point in the history
This affects Publishing Managers as they can only remove their access
from applications if those applications have delegatable permissions.
  • Loading branch information
chrisroos committed Sep 26, 2023
1 parent 90c435d commit 3e8c58b
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 4 deletions.
10 changes: 6 additions & 4 deletions app/views/account/applications/index.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,12 @@
<% end %>
</td>
<td class="govuk-table__cell govuk-!-text-align-right">
<%= link_to delete_account_application_signin_permission_path(application),
class: "govuk-button govuk-button--warning govuk-!-margin-0",
data: { module: "govuk-button" } do %>
Remove access<span class="govuk-visually-hidden"> to <%= application.name %></span>
<% if policy([:account, application]).remove_signin_permission? %>
<%= link_to delete_account_application_signin_permission_path(application),
class: "govuk-button govuk-button--warning govuk-!-margin-0",
data: { module: "govuk-button" } do %>
Remove access<span class="govuk-visually-hidden"> to <%= application.name %></span>
<% end %>
<% end %>
</td>
</tr>
Expand Down
13 changes: 13 additions & 0 deletions test/controllers/account/applications_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,19 @@ class Account::ApplicationsControllerTest < ActionController::TestCase
assert_select "tr td", text: "app-name"
assert_select "form[action='#{account_application_signin_permission_path(application)}']", count: 0
end

should "not display the button to remove access to an application" do
application = create(:application, name: "app-name")
application.signin_permission.update!(delegatable: false)
user = create(:organisation_admin_user, with_signin_permissions_for: [application])

sign_in user

get :index

assert_select "tr td", text: "app-name"
assert_select "a[href='#{delete_account_application_signin_permission_path(application)}']", count: 0
end
end
end
end

0 comments on commit 3e8c58b

Please sign in to comment.