Allow Publishing Managers to view /account/applications

Publishing Managers can do everything that GOV.UK admins can except for
granting themselves access to applications.

app/policies/account_applications_policy.rb

@@ -1,13 +1,16 @@
 class AccountApplicationsPolicy < BasePolicy
   def index?
-    current_user.govuk_admin?
+    current_user.govuk_admin? || current_user.publishing_manager?
   end
 
   alias_method :show?, :index?
-  alias_method :grant_signin_permission?, :index?
+
+  def grant_signin_permission?
+    current_user.govuk_admin?
+  end
 
   def remove_signin_permission?
-    current_user.govuk_admin? && current_user.has_access_to?(record)
+    (current_user.govuk_admin? || current_user.publishing_manager?) && current_user.has_access_to?(record)
   end
 
   alias_method :view_permissions?, :remove_signin_permission?

test/policies/account_applications_policy_test.rb

@@ -5,7 +5,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase
   include PolicyHelpers
 
   context "accessing index?" do
-    %i[superadmin admin].each do |user_role|
+    %i[superadmin admin super_organisation_admin organisation_admin].each do |user_role|
       context "for #{user_role} users" do
         setup do
           @current_user = FactoryBot.build(:"#{user_role}_user")
@@ -17,7 +17,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase
       end
     end
 
-    %i[super_organisation_admin organisation_admin normal].each do |user_role|
+    %i[normal].each do |user_role|
       context "for #{user_role} users" do
         setup do
           @current_user = FactoryBot.build(:"#{user_role}_user")
@@ -31,7 +31,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase
   end
 
   context "show?" do
-    %i[superadmin admin].each do |user_role|
+    %i[superadmin admin super_organisation_admin organisation_admin].each do |user_role|
       context "for #{user_role} users" do
         setup do
           @current_user = build(:"#{user_role}_user")
@@ -43,7 +43,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase
       end
     end
 
-    %i[super_organisation_admin organisation_admin normal].each do |user_role|
+    %i[normal].each do |user_role|
       context "for #{user_role} users" do
         setup do
           @current_user = build(:"#{user_role}_user")
@@ -83,7 +83,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase
   end
 
   context "#remove_signin_permission?" do
-    %i[superadmin admin].each do |user_role|
+    %i[superadmin admin super_organisation_admin organisation_admin].each do |user_role|
       context "for #{user_role} users" do
         setup do
           @current_user = create(:"#{user_role}_user")
@@ -108,7 +108,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase
       end
     end
 
-    %i[super_organisation_admin organisation_admin normal].each do |user_role|
+    %i[normal].each do |user_role|
       context "for #{user_role} users" do
         setup do
           @current_user = build(:"#{user_role}_user")
@@ -122,7 +122,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase
   end
 
   context "#view_permissions?" do
-    %i[superadmin admin].each do |user_role|
+    %i[superadmin admin super_organisation_admin organisation_admin].each do |user_role|
       context "for #{user_role} users" do
         setup do
           @current_user = create(:"#{user_role}_user")
@@ -147,7 +147,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase
       end
     end
 
-    %i[super_organisation_admin organisation_admin normal].each do |user_role|
+    %i[normal].each do |user_role|
       context "for #{user_role} users" do
         setup do
           @current_user = build(:"#{user_role}_user")