Allow GOV.UK Admins to manage their permissions in their account page #2355
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chrisroos
force-pushed
the
allow-govuk-admins-to-manage-their-access-to-apps
branch
13 times, most recently
from
8a2897d to
f210537
Compare
chrisroos
changed the title
chrisroos
force-pushed
the
allow-govuk-admins-to-manage-their-access-to-apps
branch
5 times, most recently
from
de12cf6 to
267beca
Compare
chrisroos
changed the title
floehopper
approved these changes
Sep 21, 2023
There was a problem hiding this comment.
Overall this looks great to me - good work! 🎉
I've added quite a few minor/subjective comments which I'm happy for you to address or not as you see fit.
I think the only one that should block merging is what I think are a couple of copy/paste errors in test/policies/account_applications_policy_test.rb for the show? method.
|
Thanks for reviewing, @floehopper 👍 I'm working through your comments now. |
chrisroos
force-pushed
the
allow-govuk-admins-to-manage-their-access-to-apps
branch
6 times, most recently
from
c1d2887 to
a370877
Compare
chrisroos
force-pushed
the
allow-govuk-admins-to-manage-their-access-to-apps
branch
2 times, most recently
from
f44b8d3 to
8cec3ff
Compare
This adds a "Grant access" button next to each app in the list of "Apps you don't have access to" on /account/applications. This page is currently only available to GOV.UK Admins and this functionality replicates what they're already able to do on their /users/<id>/edit page. I experimented with using the button component for the "Grant access" button but couldn't work out how to pass the visually hidden span into it. I considered using a more generic `PermissionsController` (instead of `SigninPermissionsController`) given that the signin permission is modelled the same as all other permissions, and that we're going to allow users to manage other permissions in future. I decided against it for now because the signin permission feels conceptually different to the other permissions. We can revisit this decision in future if it turns out there's a better approach.
Although not strictly necessary I've chosen to add a route for `/account/applications/<id>` so that we have hackable URLs. This route currently redirects to `/account/applications` but we might want to present something at this location in future.
chrisroos
force-pushed
the
allow-govuk-admins-to-manage-their-access-to-apps
branch
from
8990e8c to
99a3927
Compare
Users are required to confirm the removal of access to avoid the problem that exists in the current `/users/<id>/edit` page where Publishing Managers can accidentally remove their access to an application but then have to open a support request to get that access back again. NOTE. The functionality in this PR is currently restricted to GOV.UK Admins but will be made available to Publishing Managers soon. I experimented with using the button component for the "Remove access" button but couldn't work out how to pass the visually hidden span into it.
In preparation for using this helper in the /account pages. There's nothing specific to batch invitations in this method and moving it won't break any existing functionality because we currently include all helpers into every view.
This adds the `/account/applications/<id>/permissions` page which lists all app permissions and whether the current user has that permission or not. This new page is currently only accessible to GOV.UK Admins that have the signin permission to the app. The list of permissions has "signin" first, followed by: - other permissions the user has been granted; ordered alphabetically - other permissions the user has not been granted; ordered alphabetically
chrisroos
force-pushed
the
allow-govuk-admins-to-manage-their-access-to-apps
branch
from
99a3927 to
32826fe
Compare
floehopper
approved these changes
Sep 26, 2023
|
Thanks, @floehopper! |
chrisroos
deleted the
allow-govuk-admins-to-manage-their-access-to-apps
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://trello.com/c/7Hfe7eu0
This PR adds functionality that allows GOV.UK Admins (users with role of "superadmin" or "admin") to manage their access to applications and to view their permissions for those applications that they have access to.
Routes added
/account/applications/<id>/account/applications/<id>/permissions/account/applications/<id>/signin_permission/account/applications/<id>/signin_permission/deleteScreenshots
/account/applications/account/applications/<id>/signin_permission/delete/account/applications/<id>/permissions