-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow GOV.UK Admins to view their app permissions
This adds the `/account/applications/<id>/permissions` page which lists all app permissions and whether the current user has that permission or not. This new page is currently only accessible to GOV.UK Admins that have the signin permission to the app. The list of permissions has "signin" first, followed by: - other permissions the user has been granted; ordered alphabetically - other permissions the user has not been granted; ordered alphabetically
- Loading branch information
Showing
10 changed files
with
202 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
class Account::PermissionsController < ApplicationController | ||
include PermissionsHelper | ||
|
||
layout "admin_layout" | ||
|
||
before_action :authenticate_user! | ||
|
||
def index | ||
@application = Doorkeeper::Application.not_retired.find(params[:application_id]) | ||
|
||
authorize current_user, :view_permissions? | ||
|
||
@permissions = permissions_for(@application).sort_by { |permission| current_user.has_permission?(permission) ? 0 : 1 } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
<% content_for :title, "My permissions for #{@application.name}" %> | ||
|
||
<% content_for :breadcrumbs, | ||
render("govuk_publishing_components/components/breadcrumbs", { | ||
collapse_on_mobile: true, | ||
breadcrumbs: [ | ||
{ | ||
title: "Dashboard", | ||
url: root_path, | ||
}, | ||
{ | ||
title: "GOV.UK apps", | ||
url: account_applications_path, | ||
}, | ||
{ | ||
title: "My permissions for #{@application.name}", | ||
}, | ||
] | ||
}) | ||
%> | ||
|
||
<table class="govuk-table"> | ||
<thead class="govuk-table__head"> | ||
<tr class="govuk-table__row"> | ||
<th scope="col" class="govuk-table__header">Name</th> | ||
<th scope="col" class="govuk-table__header">Has this permission?</th> | ||
</tr> | ||
</thead> | ||
<tbody class="govuk-table__body"> | ||
<% @permissions.each do |permission| %> | ||
<tr class="govuk-table__row"> | ||
<td class="govuk-table__cell"><%= permission.name %></td> | ||
<td class="govuk-table__cell"> | ||
<% if current_user.has_permission?(permission) %> | ||
<strong class="govuk-tag govuk-tag--green"> | ||
Yes | ||
</strong> | ||
<% else %> | ||
<strong class="govuk-tag govuk-tag--grey"> | ||
No | ||
</strong> | ||
<% end %> | ||
</td> | ||
</tr> | ||
<% end %> | ||
</tbody> | ||
</table> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
require "test_helper" | ||
|
||
class Account::PermissionsControllerTest < ActionController::TestCase | ||
context "#index" do | ||
should "prevent unauthenticated users" do | ||
application = create(:application) | ||
|
||
get :index, params: { application_id: application.id } | ||
|
||
assert_redirected_to "/users/sign_in" | ||
end | ||
|
||
should "exclude permissions that aren't grantable from the UI" do | ||
application = create(:application, | ||
with_supported_permissions: %w[perm-1], | ||
with_supported_permissions_not_grantable_from_ui: %w[perm-2]) | ||
user = create(:admin_user, with_signin_permissions_for: [application]) | ||
|
||
sign_in user | ||
|
||
get :index, params: { application_id: application.id } | ||
|
||
assert_select "td", text: "perm-1" | ||
assert_select "td", text: "perm-2", count: 0 | ||
end | ||
|
||
should "exclude retired applications" do | ||
sign_in create(:admin_user) | ||
|
||
application = create(:application, retired: true) | ||
|
||
assert_raises(ActiveRecord::RecordNotFound) do | ||
get :index, params: { application_id: application.id } | ||
end | ||
end | ||
|
||
should "order permissions by whether the user has access and then alphabetically" do | ||
application = create(:application, | ||
with_supported_permissions: %w[aaa bbb ttt uuu]) | ||
user = create(:admin_user, | ||
with_signin_permissions_for: [application], | ||
with_permissions: { application => %w[aaa ttt] }) | ||
|
||
sign_in user | ||
|
||
get :index, params: { application_id: application.id } | ||
|
||
assert_equal %w[signin aaa ttt bbb uuu], assigns(:permissions).map(&:name) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters