From acabe91aba65f75b9b5c33f4eb22f6cd23c0b068 Mon Sep 17 00:00:00 2001
From: Chris Roos <chris@seagul.co.uk>
Date: Thu, 7 Sep 2023 17:26:40 +0100
Subject: [PATCH] WIP: Add ability for (super)admins to give themselves access
 to apps

TODO:

- Style the button - should it look like a link?
- I feel like I should include the name of the app in the button for
  accessibility reasons but it'll become repetitive. Is this a real
concern?
- Should there be a special route for granting access to an app?
  Although signin is modelled like all other permissions it feels as
though it's treated as a special case nearly everywhere within the app
---
 .../account/permissions_controller.rb         |  5 +++++
 app/views/account/applications/index.html.erb |  4 +++-
 config/routes.rb                              |  4 +++-
 test/integration/account_applications_test.rb | 20 +++++++++++++++++++
 4 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 app/controllers/account/permissions_controller.rb

diff --git a/app/controllers/account/permissions_controller.rb b/app/controllers/account/permissions_controller.rb
new file mode 100644
index 0000000000..19a8c6dbb1
--- /dev/null
+++ b/app/controllers/account/permissions_controller.rb
@@ -0,0 +1,5 @@
+class Account::PermissionsController < ApplicationController
+  # before_action :authenticate_user!
+  def create
+  end
+end
diff --git a/app/views/account/applications/index.html.erb b/app/views/account/applications/index.html.erb
index 8f619ade9b..df4dbab65e 100644
--- a/app/views/account/applications/index.html.erb
+++ b/app/views/account/applications/index.html.erb
@@ -39,7 +39,8 @@
   <thead class="govuk-table__head">
     <tr class="govuk-table__row">
       <th scope="col" class="govuk-table__header govuk-!-width-one-quarter">Name</th>
-      <th scope="col" class="govuk-table__header govuk-!-width-three-quarters">Description</th>
+      <th scope="col" class="govuk-table__header govuk-!-width-two-quarters">Description</th>
+      <th scope="col" class="govuk-table__header govuk-!-width-one-quarter"></th>
     </tr>
   </thead>
   <tbody class="govuk-table__body">
@@ -47,6 +48,7 @@
       <tr class="govuk-table__row">
         <td class="govuk-table__cell"><%= application.name %></td>
         <td class="govuk-table__cell"><%= application.description %></td>
+        <td class="govuk-table__cell"><%= button_to "Grant access to #{application.name}", account_application_permissions_path(application) %></td>
       </tr>
     <% end %>
   </tbody>
diff --git a/config/routes.rb b/config/routes.rb
index 6ee78fad9d..0243101321 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -51,7 +51,9 @@
 
   resource :account, only: [:show]
   namespace :account do
-    resources :applications, only: [:index]
+    resources :applications, only: [:index] do
+      resource :permissions, only: [:create]
+    end
   end
 
   resources :batch_invitations, only: %i[new create show]
diff --git a/test/integration/account_applications_test.rb b/test/integration/account_applications_test.rb
index c237bbe00b..405ab32dc4 100644
--- a/test/integration/account_applications_test.rb
+++ b/test/integration/account_applications_test.rb
@@ -60,4 +60,24 @@ class AccountApplicationsTest < ActionDispatch::IntegrationTest
       assert_not page.has_content?("retired-app-name")
     end
   end
+
+  context "granting access to apps" do
+    setup do
+      @application = create(:application, name: "app-name", description: "app-description")
+      @retired_application = create(:application, retired: true, name: "retired-app-name")
+      @user = FactoryBot.create(:admin_user)
+    end
+
+    should "foo" do
+      visit new_user_session_path
+      signin_with @user
+
+      visit account_applications_path
+
+      click_on "Grant access to app-name"
+
+      table = find("table caption[text()='Apps you have access to']").ancestor("table")
+      assert table.has_content?("app-name")
+    end
+  end
 end