WIP: Add ability for (super)admins to give themselves access to apps

TODO: - Style the button - should it look like a link? - I feel like I should include the name of the app in the button for accessibility reasons but it'll become repetitive. Is this a real concern? - Should there be a special route for granting access to an app? Although signin is modelled like all other permissions it feels as though it's treated as a special case nearly everywhere within the app
alphagov · Sep 7, 2023 · acabe91 · acabe91
1 parent 9218913
commit acabe91
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 2 deletions.
diff --git a/app/controllers/account/permissions_controller.rb b/app/controllers/account/permissions_controller.rb
@@ -0,0 +1,5 @@
+class Account::PermissionsController < ApplicationController
+  # before_action :authenticate_user!
+  def create
+  end
+end
diff --git a/app/views/account/applications/index.html.erb b/app/views/account/applications/index.html.erb
@@ -39,14 +39,16 @@
   <thead class="govuk-table__head">
     <tr class="govuk-table__row">
       <th scope="col" class="govuk-table__header govuk-!-width-one-quarter">Name</th>
-      <th scope="col" class="govuk-table__header govuk-!-width-three-quarters">Description</th>
+      <th scope="col" class="govuk-table__header govuk-!-width-two-quarters">Description</th>
+      <th scope="col" class="govuk-table__header govuk-!-width-one-quarter"></th>
     </tr>
   </thead>
   <tbody class="govuk-table__body">
     <% @applications_without_signin.each do |application| %>
       <tr class="govuk-table__row">
         <td class="govuk-table__cell"><%= application.name %></td>
         <td class="govuk-table__cell"><%= application.description %></td>
+        <td class="govuk-table__cell"><%= button_to "Grant access to #{application.name}", account_application_permissions_path(application) %></td>
       </tr>
     <% end %>
   </tbody>

diff --git a/config/routes.rb b/config/routes.rb
@@ -51,7 +51,9 @@
 
   resource :account, only: [:show]
   namespace :account do
-    resources :applications, only: [:index]
+    resources :applications, only: [:index] do
+      resource :permissions, only: [:create]
+    end
   end
 
   resources :batch_invitations, only: %i[new create show]

diff --git a/test/integration/account_applications_test.rb b/test/integration/account_applications_test.rb
@@ -60,4 +60,24 @@ class AccountApplicationsTest < ActionDispatch::IntegrationTest
       assert_not page.has_content?("retired-app-name")
     end
   end
+
+  context "granting access to apps" do
+    setup do
+      @application = create(:application, name: "app-name", description: "app-description")
+      @retired_application = create(:application, retired: true, name: "retired-app-name")
+      @user = FactoryBot.create(:admin_user)
+    end
+
+    should "foo" do
+      visit new_user_session_path
+      signin_with @user
+
+      visit account_applications_path
+
+      click_on "Grant access to app-name"
+
+      table = find("table caption[text()='Apps you have access to']").ancestor("table")
+      assert table.has_content?("app-name")
+    end
+  end
 end