Add LogPolicy

app/models/log.rb

@@ -166,6 +166,9 @@ class Log < ApplicationRecord
     bulk_upload_id.present?
   end
 
+  def setup_completed?
+    form.setup_sections.all? { |sections| sections.subsections.all? { |subsection| subsection.status(self) == :completed } }
+  end
 private
 
   # Handle logs that are older than previous collection start date

app/models/sales_log.rb

@@ -103,10 +103,6 @@ class SalesLog < Log
     collection_start_year < 2023
   end
 
-  def setup_completed?
-    form.setup_sections.all? { |sections| sections.subsections.all? { |subsection| subsection.status(self) == :completed } }
-  end
-
   def unresolved
     false
   end

app/policies/log_policy.rb

@@ -0,0 +1,22 @@
+class LogPolicy
+  attr_reader :user, :log
+
+  def initialize(user, log)
+    @user = user
+    @log = log
+  end
+
+  def destroy?
+    # Return false if the log is not editable.
+    return false unless log.collection_period_open?
+
+    # This button should not appear if the Set up section is not started.
+    return false unless log.setup_completed?
+
+    # Data coordinators and support users can see this button on any log.
+    return true if user.data_coordinator? || user.support?
+
+    # Data providers can only see this button if the log is assigned to them, even if it belongs to a parent org.
+    log.created_by == user
+  end
+end

spec/policies/log_policy_spec.rb

@@ -0,0 +1,90 @@
+require "rails_helper"
+
+RSpec.describe LogPolicy do
+  subject(:policy) { described_class }
+
+  permissions :destroy? do
+    let(:log) { create(:lettings_log, :setup_completed) }
+
+    context "when collection period closed" do
+      before do
+        allow(log).to receive(:collection_period_open?).and_return(false)
+      end
+
+      it "does not allow deletion of log" do
+        expect(log).to receive(:collection_period_open?)
+
+        expect(policy).not_to permit(nil, log)
+      end
+    end
+
+    context "when collection period open" do
+      before do
+        allow(log).to receive(:collection_period_open?).and_return(true)
+      end
+
+      context "when setup_completed false" do
+        before do
+          allow(log).to receive(:setup_completed?).and_return(false)
+        end
+
+        it "does not allow deletion of log" do
+          expect(log).to receive(:setup_completed?)
+          expect(log).to receive(:collection_period_open?)
+
+          expect(policy).not_to permit(nil, log)
+        end
+      end
+
+      context "when setup_completed true" do
+        before do
+          allow(log).to receive(:setup_completed?).and_return(true)
+        end
+
+        context "when user is data coordinator" do
+          let(:user) { create(:user, :data_coordinator) }
+
+          it "does allow deletion of log" do
+            expect(log).to receive(:setup_completed?)
+            expect(log).to receive(:collection_period_open?)
+
+            expect(policy).to permit(user, log)
+          end
+        end
+
+        context "when user is support" do
+          let(:user) { create(:user, :support) }
+
+          it "does allow deletion of log" do
+            expect(log).to receive(:setup_completed?)
+            expect(log).to receive(:collection_period_open?)
+
+            expect(policy).to permit(user, log)
+          end
+        end
+
+        context "when user is data provider" do
+          let(:user) { create(:user) }
+
+          it "does not allow deletion of log" do
+            expect(log).to receive(:setup_completed?)
+            expect(log).to receive(:collection_period_open?)
+
+            expect(policy).not_to permit(user, log)
+          end
+
+          context "when the log is assigned to the user" do
+            let(:log) { create(:lettings_log, :setup_completed, created_by: user) }
+
+            it "does allow deletion of log" do
+              expect(log).to receive(:setup_completed?)
+              expect(log).to receive(:collection_period_open?)
+
+              expect(policy).to permit(user, log)
+            end
+          end
+        end
+      end
+    end
+  end
+end