From 51b0c643cb2fb2b689490a98bc9219e7c626db06 Mon Sep 17 00:00:00 2001
From: Jack S <jacopo.scotti@softwire.com>
Date: Fri, 12 May 2023 10:41:56 +0100
Subject: [PATCH] Add delete sales log flow

---
 app/controllers/sales_logs_controller.rb    | 24 ++++++
 config/routes.rb                            |  2 +
 spec/requests/sales_logs_controller_spec.rb | 90 +++++++++++++++++++++
 3 files changed, 116 insertions(+)

diff --git a/app/controllers/sales_logs_controller.rb b/app/controllers/sales_logs_controller.rb
index 246d61b8c..6a5bebd78 100644
--- a/app/controllers/sales_logs_controller.rb
+++ b/app/controllers/sales_logs_controller.rb
@@ -40,6 +40,30 @@ class SalesLogsController < LogsController
     end
   end
 
+  def destroy
+    @log = SalesLog.visible.find_by(id: params[:id])
+
+    render_not_found and return unless @log
+
+    authorize @log, policy_class: LogPolicy
+
+    if @log.delete
+      redirect_to sales_logs_path, notice: "Log #{@log.id} has been deleted"
+    else
+      render_not_found
+    end
+  end
+
+  def delete_confirmation
+    @log = SalesLog.visible.find_by(id: params[:sales_log_id])
+
+    render_not_found and return unless @log
+
+    authorize @log, :destroy?, policy_class: LogPolicy
+
+    render "logs/delete_confirmation"
+  end
+
   def download_csv
     unpaginated_filtered_logs = filtered_logs(current_user.sales_logs, search_term, @session_filters)
 
diff --git a/config/routes.rb b/config/routes.rb
index 39f5068b4..fa2c37ef1 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -203,6 +203,8 @@ Rails.application.routes.draw do
   end
 
   resources :sales_logs, path: "/sales-logs" do
+    get "delete-confirmation", to: "sales_logs#delete_confirmation"
+
     collection do
       get "csv-download", to: "sales_logs#download_csv"
       post "email-csv", to: "sales_logs#email_csv"
diff --git a/spec/requests/sales_logs_controller_spec.rb b/spec/requests/sales_logs_controller_spec.rb
index 6927d294a..f12f4aa8c 100644
--- a/spec/requests/sales_logs_controller_spec.rb
+++ b/spec/requests/sales_logs_controller_spec.rb
@@ -652,4 +652,94 @@ RSpec.describe SalesLogsController, type: :request do
       end
     end
   end
+
+  describe "DELETE" do
+    let(:headers) { { "Accept" => "text/html" } }
+    let(:page) { Capybara::Node::Simple.new(response.body) }
+    let(:user) { create(:user, :support) }
+    let!(:sales_log) do
+      create(:sales_log, :completed)
+    end
+    let(:id) { sales_log.id }
+    let(:delete_request) { delete "/sales-logs/#{id}", headers: }
+
+    before do
+      allow(user).to receive(:need_two_factor_authentication?).and_return(false)
+      sign_in user
+    end
+
+    context "when delete permitted" do
+      it "redirects to sales logs and shows message" do
+        delete_request
+        expect(response).to redirect_to(sales_logs_path)
+        follow_redirect!
+        expect(page).to have_content("Log #{id} has been deleted")
+      end
+
+      it "deletes the log" do
+        expect { delete_request }.to change { SalesLog.exists?(id) }.from(true).to(false)
+      end
+    end
+
+    context "when log does not exist" do
+      let(:id) { -1 }
+
+      it "returns 404" do
+        delete_request
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+
+    context "when user not authorised" do
+      let(:user) { create(:user) }
+
+      it "returns 404" do
+        delete_request
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+
+  describe "GET delete-confirmation" do
+    let(:headers) { { "Accept" => "text/html" } }
+    let(:page) { Capybara::Node::Simple.new(response.body) }
+    let(:user) { create(:user, :support) }
+    let!(:sales_log) do
+      create(:sales_log, :completed)
+    end
+    let(:id) { sales_log.id }
+    let(:request) { get "/sales-logs/#{id}/delete-confirmation", headers: }
+
+    before do
+      allow(user).to receive(:need_two_factor_authentication?).and_return(false)
+      sign_in user
+    end
+
+    context "when delete permitted" do
+      it "renders page" do
+        request
+        expect(response).to have_http_status(:ok)
+
+        expect(page).to have_content("Are you sure you want to delete this log?")
+      end
+    end
+
+    context "when log does not exist" do
+      let(:id) { -1 }
+
+      it "returns 404" do
+        request
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+
+    context "when user not authorised" do
+      let(:user) { create(:user) }
+
+      it "returns 404" do
+        request
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
 end