Don't grant default permissions when batch creating users

In the previous commit we exposed the default permissions via the
batch invitation form's checkboxes. To allow the inviting user to deselect
these default permissions this commit stops granting them
automatically.

app/controllers/batch_invitation_permissions_controller.rb

@@ -11,7 +11,6 @@ def new; end
 
   def create
     @batch_invitation.supported_permission_ids = params[:user][:supported_permission_ids] if params[:user]
-    grant_default_permissions(@batch_invitation)
 
     @batch_invitation.save!
 
@@ -36,10 +35,4 @@ def prevent_updating
       redirect_to batch_invitation_path(@batch_invitation)
     end
   end
-
-  def grant_default_permissions(batch_invitation)
-    SupportedPermission.default.each do |default_permission|
-      batch_invitation.grant_permission(default_permission)
-    end
-  end
 end

test/controllers/batch_invitation_permissions_controller_test.rb

@@ -90,29 +90,13 @@ class BatchInvitationPermissionsControllerTest < ActionController::TestCase
       assert_redirected_to "/batch_invitations/#{@batch_invitation.id}"
     end
 
-    should "grant selected permissions and default permissions to BatchInvitation" do
-      support_app = create(:application, name: "Support")
-      support_app.signin_permission.update!(default: true)
-
+    should "grant selected permissions to BatchInvitation" do
       post :create, params: {
         batch_invitation_id: @batch_invitation.id,
         user: { supported_permission_ids: [@app.signin_permission.id] },
       }
 
-      assert_equal [@app.signin_permission, support_app.signin_permission],
-                   @batch_invitation.supported_permissions
-    end
-
-    context "with no permissions selected" do
-      should "still grant default permissions to BatchInvitation" do
-        support_app = create(:application, name: "Support")
-        support_app.signin_permission.update!(default: true)
-
-        post :create, params: { batch_invitation_id: @batch_invitation.id }
-
-        assert_equal [support_app.signin_permission],
-                     @batch_invitation.supported_permissions
-      end
+      assert_equal [@app.signin_permission], @batch_invitation.supported_permissions
     end
 
     should "send an email to signon-alerts" do

test/integration/batch_inviting_users_test.rb

@@ -97,32 +97,6 @@ class BatchInvitingUsersTest < ActionDispatch::IntegrationTest
     end
   end
 
-  should "ensure that batch invited users get default permissions even when not checked in UI" do
-    create(:supported_permission, application: @application, name: "reader", default: true)
-    support_app = create(:application, name: "support", with_supported_permissions: [SupportedPermission::SIGNIN_NAME])
-    support_app.signin_permission.update!(default: true)
-    user = create(:admin_user)
-
-    visit root_path
-    signin_with(user)
-
-    perform_enqueued_jobs do
-      visit new_batch_invitation_path
-      path = Rails.root.join("test/fixtures/users.csv")
-      attach_file("Upload a CSV file", path)
-      click_button "Manage permissions for new users"
-
-      uncheck "Has access to #{support_app.name}?"
-      check "Has access to #{@application.name}?"
-      uncheck "reader"
-      click_button "Create users and send emails"
-
-      invited_user = User.find_by(email: "fred@example.com")
-      assert invited_user.has_access_to?(support_app)
-      assert invited_user.permissions_for(@application).include? "reader"
-    end
-  end
-
   context "when the organisation mandates 2sv" do
     setup do
       @user = create(:superadmin_user)