WIP Add Users::PermissionsController#edit

Co-authored-by: Chris Roos <[email protected]>
alphagov · Nov 30, 2023 · 55f91f0 · 55f91f0
1 parent 22a17b9
commit 55f91f0
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 0 deletions.
diff --git a/app/controllers/users/permissions_controller.rb b/app/controllers/users/permissions_controller.rb
@@ -13,6 +13,11 @@ def show
       .sort_by { |permission| @user.has_permission?(permission) ? 0 : 1 }
   end
 
+  def edit
+    # authorize [:account, @application], :edit_permissions?
+    # @permissions = @application.sorted_supported_permissions_grantable_from_ui(include_signin: false)
+  end
+
   def update
     user = User.find(params[:user_id])
     signin_permission = user.application_permissions.find_by!(supported_permission: @application.signin_permission)

diff --git a/app/views/users/permissions/edit.html.erb b/app/views/users/permissions/edit.html.erb
@@ -0,0 +1,43 @@
+<% content_for :title_caption, "Manage other users" %>
+<% content_for :title, "Update #{@user.name}'s permissions for #{@application.name}" %>
+
+<% content_for :breadcrumbs,
+   render("govuk_publishing_components/components/breadcrumbs", {
+     collapse_on_mobile: true,
+     breadcrumbs: [
+       {
+         title: "Dashboard",
+         url: root_path,
+       },
+       {
+         title: "Users",
+         url: users_path,
+       },
+       {
+         title: @user.name,
+         url: edit_user_path(@user),
+       },
+       {
+        title: "Update #{@user.name}'s permissions for #{@application.name}",
+       }
+     ]
+   })
+%>
+
+<%= form_tag user_application_permissions_path(@user, @application), method: :patch do |f| %>
+  <%= render "govuk_publishing_components/components/checkboxes", {
+      name: "application[supported_permission_ids][]",
+      heading: "Permissions",
+      items: @permissions.map { |permission| { label: permission.name, value: permission.id, checked: @user.has_permission?(permission) } },
+  } %>
+
+  <%= hidden_field_tag "application[supported_permission_ids][]", @application.signin_permission.id, id: "checkboxes-signin" %>
+
+  <div class="govuk-button-group">
+    <%= render "govuk_publishing_components/components/button", {
+        text: "Update permissions"
+    } %>
+
+    <%= link_to "Cancel", edit_user_path(@user), class: "govuk-link govuk-link--no-visited-state" %>
+  </div>
+<% end %>
diff --git a/test/controllers/users/permissions_controller_test.rb b/test/controllers/users/permissions_controller_test.rb
@@ -72,6 +72,31 @@ class Users::PermissionsControllerTest < ActionController::TestCase
     end
   end
 
+  context "#edit" do
+    should "prevent unauthenticated users" do
+      application = create(:application)
+      user = create(:user)
+
+      get :edit, params: { user_id: user, application_id: application.id }
+
+      assert_redirected_to "/users/sign_in"
+    end
+
+    should "prevent unauthorized users" do
+      application = create(:application)
+      user = create(:user)
+
+      current_user = create(:admin_user)
+      sign_in current_user
+
+      stub_policy current_user, signin_permission, edit?: false
+
+      get :edit, params: { user_id: user, application_id: application.id }
+
+      assert_not_authorised
+    end
+  end
+
   context "#update" do
     should "prevent unauthenticated users" do
       application = create(:application)