Add delete user button and update policy

2 years ago · 550824a209
4 changed files with 25 additions and 2 deletions
--- a/app/helpers/user_helper.rb
+++ b/app/helpers/user_helper.rb
@ -10,4 +10,8 @@ module UserHelper
  def can_edit_org?(current_user)
    current_user.data_coordinator? || current_user.support?
  end
  def delete_user_link(user)
    govuk_button_link_to "Delete this user", delete_confirmation_user_path(user), warning: true
  end
 end
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@ -39,6 +39,6 @@ class UserPolicy
  end
  def delete?
-    current_user.support?
+    current_user.support? && user.status == :deactivated
  end
 end
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@ -133,6 +133,9 @@
          </span>
        <% end %>
      <% end %>
      <% if UserPolicy.new(current_user, @user).delete? %>
        <%= delete_user_link(@user) %>
      <% end %>
    </div>
  </div>
 </div>
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@ -600,6 +600,10 @@ RSpec.describe UsersController, type: :request do
          it "does not allow resending invitation emails" do
            expect(page).not_to have_button("Resend invite link")
          end
          it "does not allow deleting the the user" do
            expect(page).not_to have_link("Delete this user", href: "/users/#{user.id}/delete-confirmation")
          end
        end
      end
@ -1432,6 +1436,10 @@ RSpec.describe UsersController, type: :request do
            expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
          end
          it "does not alow deleting the the user" do
            expect(page).not_to have_link("Delete this user", href: "/users/#{other_user.id}/delete-confirmation")
          end
          context "when user never logged in" do
            before do
              other_user.update!(last_sign_in_at: nil)
@ -1463,6 +1471,10 @@ RSpec.describe UsersController, type: :request do
            it "allows you to resend invitation emails" do
              expect(page).to have_button("Resend invite link")
            end
            it "does not allow deleting the the user" do
              expect(page).not_to have_link("Delete this user", href: "/users/#{other_user.id}/delete-confirmation")
            end
          end
          context "when user is deactivated" do
@ -1478,6 +1490,10 @@ RSpec.describe UsersController, type: :request do
            it "allows reactivating the user" do
              expect(page).to have_link("Reactivate user", href: "/users/#{other_user.id}/reactivate")
            end
            it "allows deleting the the user" do
              expect(page).to have_link("Delete this user", href: "/users/#{other_user.id}/delete-confirmation")
            end
          end
        end
@ -2032,7 +2048,7 @@ RSpec.describe UsersController, type: :request do
    end
    describe "#delete" do
-      let(:other_user) { create(:user, name: "User to be deleted") }
+      let(:other_user) { create(:user, name: "User to be deleted", active: false) }
      before do
        delete "/users/#{other_user.id}/delete"