From 2d10c9139f244d815c98beb29658acb5bff4505a Mon Sep 17 00:00:00 2001 From: Chris Roos Date: Thu, 21 Sep 2023 12:51:53 +0100 Subject: [PATCH] Allow Publishing Managers to view /account/applications Publishing Managers can do everything that GOV.UK admins can except for granting themselves access to applications. --- app/policies/account_applications_policy.rb | 9 ++++++--- .../policies/account_applications_policy_test.rb | 16 ++++++++-------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/app/policies/account_applications_policy.rb b/app/policies/account_applications_policy.rb index ea1f58eae..e2695be9e 100644 --- a/app/policies/account_applications_policy.rb +++ b/app/policies/account_applications_policy.rb @@ -1,13 +1,16 @@ class AccountApplicationsPolicy < BasePolicy def index? - current_user.govuk_admin? + current_user.govuk_admin? || current_user.publishing_manager? end alias_method :show?, :index? - alias_method :grant_signin_permission?, :index? + + def grant_signin_permission? + current_user.govuk_admin? + end def remove_signin_permission? - current_user.govuk_admin? && current_user.has_access_to?(record) + (current_user.govuk_admin? || current_user.publishing_manager?) && current_user.has_access_to?(record) end alias_method :view_permissions?, :remove_signin_permission? diff --git a/test/policies/account_applications_policy_test.rb b/test/policies/account_applications_policy_test.rb index 56a1bcca8..e0205e1a6 100644 --- a/test/policies/account_applications_policy_test.rb +++ b/test/policies/account_applications_policy_test.rb @@ -5,7 +5,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase include PolicyHelpers context "accessing index?" do - %i[superadmin admin].each do |user_role| + %i[superadmin admin super_organisation_admin organisation_admin].each do |user_role| context "for #{user_role} users" do setup do @current_user = FactoryBot.build(:"#{user_role}_user") @@ -17,7 +17,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase end end - %i[super_organisation_admin organisation_admin normal].each do |user_role| + %i[normal].each do |user_role| context "for #{user_role} users" do setup do @current_user = FactoryBot.build(:"#{user_role}_user") @@ -31,7 +31,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase end context "show?" do - %i[superadmin admin].each do |user_role| + %i[superadmin admin super_organisation_admin organisation_admin].each do |user_role| context "for #{user_role} users" do setup do @current_user = build(:"#{user_role}_user") @@ -43,7 +43,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase end end - %i[super_organisation_admin organisation_admin normal].each do |user_role| + %i[normal].each do |user_role| context "for #{user_role} users" do setup do @current_user = build(:"#{user_role}_user") @@ -83,7 +83,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase end context "#remove_signin_permission?" do - %i[superadmin admin].each do |user_role| + %i[superadmin admin super_organisation_admin organisation_admin].each do |user_role| context "for #{user_role} users" do setup do @current_user = create(:"#{user_role}_user") @@ -108,7 +108,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase end end - %i[super_organisation_admin organisation_admin normal].each do |user_role| + %i[normal].each do |user_role| context "for #{user_role} users" do setup do @current_user = build(:"#{user_role}_user") @@ -122,7 +122,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase end context "#view_permissions?" do - %i[superadmin admin].each do |user_role| + %i[superadmin admin super_organisation_admin organisation_admin].each do |user_role| context "for #{user_role} users" do setup do @current_user = create(:"#{user_role}_user") @@ -147,7 +147,7 @@ class AccountApplicationsPolicyTest < ActiveSupport::TestCase end end - %i[super_organisation_admin organisation_admin normal].each do |user_role| + %i[normal].each do |user_role| context "for #{user_role} users" do setup do @current_user = build(:"#{user_role}_user")