From 3c75f5435745352d1770ddfd2f25c951385f374c Mon Sep 17 00:00:00 2001
From: Kat <katrina@kosiak.co.uk>
Date: Fri, 1 Mar 2024 12:31:49 +0000
Subject: [PATCH] Add delete confirmation page

---
 app/controllers/locations_controller.rb       |  2 +
 app/policies/location_policy.rb               |  8 +++
 .../locations/delete_confirmation.html.erb    | 24 +++++++
 config/routes.rb                              |  2 +
 spec/requests/locations_controller_spec.rb    | 70 +++++++++++++++++++
 5 files changed, 106 insertions(+)
 create mode 100644 app/views/locations/delete_confirmation.html.erb

diff --git a/app/controllers/locations_controller.rb b/app/controllers/locations_controller.rb
index b84185b51..2a254bfa3 100644
--- a/app/controllers/locations_controller.rb
+++ b/app/controllers/locations_controller.rb
@@ -230,6 +230,8 @@ class LocationsController < ApplicationController
     end
   end
 
+  def delete; end
+
 private
 
   def authorize_user
diff --git a/app/policies/location_policy.rb b/app/policies/location_policy.rb
index 5d6d6d467..5371df19e 100644
--- a/app/policies/location_policy.rb
+++ b/app/policies/location_policy.rb
@@ -26,6 +26,14 @@ class LocationPolicy
     user.data_coordinator? && scheme_owned_by_user_org_or_stock_owner
   end
 
+  def delete_confirmation?
+    user.support?
+  end
+
+  def delete?
+    user.support?
+  end
+
   %w[
     update_postcode?
     update_local_authority?
diff --git a/app/views/locations/delete_confirmation.html.erb b/app/views/locations/delete_confirmation.html.erb
new file mode 100644
index 000000000..0eea3adc8
--- /dev/null
+++ b/app/views/locations/delete_confirmation.html.erb
@@ -0,0 +1,24 @@
+<% content_for :before_content do %>
+  <% content_for :title, "Are you sure you want to delete this location?" %>
+  <%= govuk_back_link(href: :back) %>
+<% end %>
+
+<div class="govuk-grid-row">
+  <div class="govuk-grid-column-two-thirds-from-desktop">
+    <span class="govuk-caption-xl">Delete <%= @location.postcode %></span>
+    <h1 class="govuk-heading-xl">
+      <%= content_for(:title) %>
+    </h1>
+
+    <%= govuk_warning_text(text: "You will not be able to undo this action.") %>
+
+    <div class="govuk-button-group">
+      <%= govuk_button_to(
+        "Delete this location",
+        scheme_location_delete_path(@scheme, @location),
+        method: :delete,
+      ) %>
+      <%= govuk_button_link_to "Cancel", scheme_location_path(@scheme, @location), html: { method: :get }, secondary: true %>
+    </div>
+  </div>
+</div>
diff --git a/config/routes.rb b/config/routes.rb
index 99ac0cc31..f7778f589 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -111,6 +111,8 @@ Rails.application.routes.draw do
       patch "new-deactivation", to: "locations#new_deactivation"
       patch "deactivate", to: "locations#deactivate"
       patch "reactivate", to: "locations#reactivate"
+      get "delete-confirmation", to: "locations#delete_confirmation"
+      delete "delete", to: "locations#delete"
     end
   end
   get "scheme-changes", to: "schemes#changes"
diff --git a/spec/requests/locations_controller_spec.rb b/spec/requests/locations_controller_spec.rb
index 996dd3de0..f4db5bb71 100644
--- a/spec/requests/locations_controller_spec.rb
+++ b/spec/requests/locations_controller_spec.rb
@@ -2040,4 +2040,74 @@ RSpec.describe LocationsController, type: :request do
       end
     end
   end
+
+  describe "#delete-confirmation" do
+    let(:scheme) { create(:scheme, owning_organisation: user.organisation) }
+    let(:location) { create(:location, scheme:, created_at: Time.zone.local(2022, 4, 1)) }
+
+    before do
+      get "/schemes/#{scheme.id}/locations/#{location.id}/delete-confirmation"
+    end
+
+    context "when not signed in" do
+      it "redirects to the sign in page" do
+        expect(response).to redirect_to("/account/sign-in")
+      end
+    end
+
+    context "when signed in" do
+      before do
+        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
+        sign_in user
+        get "/schemes/#{scheme.id}/locations/#{location.id}/delete-confirmation"
+      end
+
+      context "with a data provider user" do
+        let(:user) { create(:user) }
+
+        it "returns 401 unauthorized" do
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+
+      context "with a data coordinator user" do
+        let(:user) { create(:user, :data_coordinator) }
+
+        it "returns 401 unauthorized" do
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+
+      context "with a support user user" do
+        let(:user) { create(:user, :support) }
+
+        it "shows the correct title" do
+          expect(page.find("h1").text).to include "Are you sure you want to delete this location?"
+        end
+
+        it "shows a warning to the user" do
+          expect(page).to have_selector(".govuk-warning-text", text: "You will not be able to undo this action")
+        end
+
+        it "shows a button to delete the selected location" do
+          expect(page).to have_selector("form.button_to button", text: "Delete this location")
+        end
+
+        it "the delete location button submits the correct data to the correct path" do
+          form_containing_button = page.find("form.button_to")
+
+          expect(form_containing_button[:action]).to eq scheme_location_delete_path(scheme, location)
+          expect(form_containing_button).to have_field "_method", type: :hidden, with: "delete"
+        end
+
+        it "shows a cancel link with the correct style" do
+          expect(page).to have_selector("a.govuk-button--secondary", text: "Cancel")
+        end
+
+        it "shows cancel link that links back to the location page" do
+          expect(page).to have_link(text: "Cancel", href: scheme_location_path(scheme, location))
+        end
+      end
+    end
+  end
 end