Skip to content

Commit

Permalink
Conditionally display the "Remove access" button
Browse files Browse the repository at this point in the history
Publishing Managers can only remove their access from applications that
have delegatable permissions. We should only display the button if
they're allowed to remove their access.
  • Loading branch information
chrisroos committed Sep 26, 2023
1 parent aeb1ba7 commit f1c4cfd
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 4 deletions.
10 changes: 6 additions & 4 deletions app/views/account/applications/index.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,12 @@
<% end %>
</td>
<td class="govuk-table__cell govuk-!-text-align-right">
<%= link_to delete_account_application_signin_permission_path(application),
class: "govuk-button govuk-button--warning govuk-!-margin-0",
data: { module: "govuk-button" } do %>
Remove access<span class="govuk-visually-hidden"> to <%= application.name %></span>
<% if policy([:account, application]).remove_signin_permission? %>
<%= link_to delete_account_application_signin_permission_path(application),
class: "govuk-button govuk-button--warning govuk-!-margin-0",
data: { module: "govuk-button" } do %>
Remove access<span class="govuk-visually-hidden"> to <%= application.name %></span>
<% end %>
<% end %>
</td>
</tr>
Expand Down
13 changes: 13 additions & 0 deletions test/controllers/account/applications_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,19 @@ class Account::ApplicationsControllerTest < ActionController::TestCase
assert_select "tr td", text: "app-name"
assert_select "form[action='#{account_application_signin_permission_path(application)}']", count: 0
end

should "not display the button to remove access to an application" do
application = create(:application, name: "app-name")
application.signin_permission.update!(delegatable: false)
user = create(:organisation_admin_user, with_signin_permissions_for: [application])

sign_in user

get :index

assert_select "tr td", text: "app-name"
assert_select "a[href='#{delete_account_application_signin_permission_path(application)}']", count: 0
end
end
end
end

0 comments on commit f1c4cfd

Please sign in to comment.