Show success banner when removing access from an application

alphagov · Sep 23, 2024 · 658aa6d · 658aa6d
1 parent d8ceb8a
commit 658aa6d
Show file tree

Hide file tree

Showing 7 changed files with 87 additions and 0 deletions.
diff --git a/app/controllers/account/signin_permissions_controller.rb b/app/controllers/account/signin_permissions_controller.rb
@@ -23,6 +23,7 @@ def destroy
     params = { supported_permission_ids: current_user.supported_permissions.map(&:id) - [application.signin_permission.id] }
     UserUpdate.new(current_user, params, current_user, user_ip_address).call
 
+    flash[:success_alert] = { message: "Access removed", description: access_removed_description(application.id) }
     redirect_to account_applications_path
   end
 

diff --git a/app/controllers/users/signin_permissions_controller.rb b/app/controllers/users/signin_permissions_controller.rb
@@ -26,6 +26,7 @@ def destroy
     params = { supported_permission_ids: @user.supported_permissions.map(&:id) - [@application.signin_permission.id] }
     UserUpdate.new(@user, params, current_user, user_ip_address).call
 
+    flash[:success_alert] = { message: "Access removed", description: access_removed_description(@application.id, @user) }
     redirect_to user_applications_path(@user)
   end
 

diff --git a/app/helpers/application_access_helper.rb b/app/helpers/application_access_helper.rb
@@ -7,4 +7,13 @@ def access_granted_description(application_id, user = current_user)
 
     "#{user.name} has been granted access to #{application.name}."
   end
+
+  def access_removed_description(application_id, user = current_user)
+    application = Doorkeeper::Application.find_by(id: application_id)
+    return nil unless application
+
+    return "Your access to #{application.name} has been removed." if user == current_user
+
+    "#{user.name}'s access to #{application.name} has been removed."
+  end
 end
diff --git a/test/controllers/account/signin_permissions_controller_test.rb b/test/controllers/account/signin_permissions_controller_test.rb
@@ -66,6 +66,31 @@ class Account::SigninPermissionsControllerTest < ActionController::TestCase
   end
 
   context "#destroy" do
+    should "assign the success alert hash to flash" do
+      current_user = create(:admin_user)
+      sign_in current_user
+
+      application = create(:application)
+      current_user.grant_application_signin_permission(application)
+
+      stub_policy(
+        current_user,
+        application,
+        policy_class: Account::ApplicationPolicy,
+        remove_signin_permission?: true,
+      )
+
+      Account::SigninPermissionsController
+        .any_instance
+        .expects(:access_removed_description)
+        .with(application.id).returns("Removed access from myself")
+
+      delete :destroy, params: { application_id: application.id }
+
+      expected = { message: "Access removed", description: "Removed access from myself" }
+      assert_equal expected, flash[:success_alert]
+    end
+
     should "prevent unauthenticated users" do
       application = create(:application)
 

diff --git a/test/controllers/users/signin_permissions_controller_test.rb b/test/controllers/users/signin_permissions_controller_test.rb
@@ -274,6 +274,32 @@ class Users::SigninPermissionsControllerTest < ActionController::TestCase
       assert_redirected_to user_applications_path(user)
     end
 
+    should "assign the success alert hash to flash" do
+      current_user = create(:admin_user)
+      sign_in current_user
+
+      user = create(:user)
+      application = create(:application)
+      user.grant_application_signin_permission(application)
+
+      stub_policy(
+        current_user,
+        { application:, user: },
+        policy_class: Users::ApplicationPolicy,
+        remove_signin_permission?: true,
+      )
+
+      Users::SigninPermissionsController
+        .any_instance
+        .expects(:access_removed_description)
+        .with(application.id, user).returns("Removed access from another user")
+
+      delete :destroy, params: { user_id: user, application_id: application.id }
+
+      expected = { message: "Access removed", description: "Removed access from another user" }
+      assert_equal expected, flash[:success_alert]
+    end
+
     should "prevent unauthenticated users" do
       user = create(:user)
       application = create(:application)

diff --git a/test/helpers/application_access_helper_test.rb b/test/helpers/application_access_helper_test.rb
@@ -26,4 +26,25 @@ class ApplicationAccessHelperTest < ActionView::TestCase
       end
     end
   end
+
+  context "#access_removed_description" do
+    context "when the user is removing their own access" do
+      should "return a message informing them that they no longer have access to the application" do
+        assert_equal "Your access to Whitehall has been removed.", access_removed_description(@application)
+      end
+    end
+
+    context "when the user is removing another's access" do
+      should "return a message informing them that the other user no longer has access to the application" do
+        user = create(:user, name: "Gerald")
+        assert_equal "Gerald's access to Whitehall has been removed.", access_removed_description(@application, user)
+      end
+    end
+
+    context "when the application does not exist" do
+      should "return nil" do
+        assert_nil access_removed_description(:made_up_id)
+      end
+    end
+  end
 end
diff --git a/test/support/removing_access_helpers.rb b/test/support/removing_access_helpers.rb
@@ -30,6 +30,10 @@ def assert_remove_access(application, grantee, grantee_is_self: false)
 
     assert apps_without_access_table.has_content?(application.name)
     assert_not grantee.has_access_to?(application)
+
+    success_alert_description = grantee_is_self ? "Your access to #{application.name} has been removed." : "#{grantee.name}'s access to #{application.name} has been removed."
+    assert_flash_content("Access removed")
+    assert_flash_content(success_alert_description)
   end
 
   def refute_remove_access(application)