From 995f5896f2482817c6d2f9497adb79065af741c3 Mon Sep 17 00:00:00 2001
From: Jack S <jacopo.scotti@softwire.com>
Date: Thu, 11 May 2023 10:28:19 +0100
Subject: [PATCH] Add LogPolicy

---
 app/models/log.rb                |  3 ++
 app/models/sales_log.rb          |  4 --
 app/policies/log_policy.rb       | 22 ++++++++
 spec/policies/log_policy_spec.rb | 90 ++++++++++++++++++++++++++++++++
 4 files changed, 115 insertions(+), 4 deletions(-)
 create mode 100644 app/policies/log_policy.rb
 create mode 100644 spec/policies/log_policy_spec.rb

diff --git a/app/models/log.rb b/app/models/log.rb
index 6ef5dabf5..ef8785cde 100644
--- a/app/models/log.rb
+++ b/app/models/log.rb
@@ -166,6 +166,9 @@ class Log < ApplicationRecord
     bulk_upload_id.present?
   end
 
+  def setup_completed?
+    form.setup_sections.all? { |sections| sections.subsections.all? { |subsection| subsection.status(self) == :completed } }
+  end
 private
 
   # Handle logs that are older than previous collection start date
diff --git a/app/models/sales_log.rb b/app/models/sales_log.rb
index 70ac41535..243b6bd09 100644
--- a/app/models/sales_log.rb
+++ b/app/models/sales_log.rb
@@ -103,10 +103,6 @@ class SalesLog < Log
     collection_start_year < 2023
   end
 
-  def setup_completed?
-    form.setup_sections.all? { |sections| sections.subsections.all? { |subsection| subsection.status(self) == :completed } }
-  end
-
   def unresolved
     false
   end
diff --git a/app/policies/log_policy.rb b/app/policies/log_policy.rb
new file mode 100644
index 000000000..80c7dceb8
--- /dev/null
+++ b/app/policies/log_policy.rb
@@ -0,0 +1,22 @@
+class LogPolicy
+  attr_reader :user, :log
+
+  def initialize(user, log)
+    @user = user
+    @log = log
+  end
+
+  def destroy?
+    # Return false if the log is not editable.
+    return false unless log.collection_period_open?
+
+    # This button should not appear if the Set up section is not started.
+    return false unless log.setup_completed?
+
+    # Data coordinators and support users can see this button on any log.
+    return true if user.data_coordinator? || user.support?
+
+    # Data providers can only see this button if the log is assigned to them, even if it belongs to a parent org.
+    log.created_by == user
+  end
+end
diff --git a/spec/policies/log_policy_spec.rb b/spec/policies/log_policy_spec.rb
new file mode 100644
index 000000000..8d219535c
--- /dev/null
+++ b/spec/policies/log_policy_spec.rb
@@ -0,0 +1,90 @@
+require "rails_helper"
+
+RSpec.describe LogPolicy do
+  subject(:policy) { described_class }
+
+  permissions :destroy? do
+    let(:log) { create(:lettings_log, :setup_completed) }
+
+    context "when collection period closed" do
+      before do
+        allow(log).to receive(:collection_period_open?).and_return(false)
+      end
+
+      it "does not allow deletion of log" do
+        expect(log).to receive(:collection_period_open?)
+
+        expect(policy).not_to permit(nil, log)
+      end
+    end
+
+    context "when collection period open" do
+      before do
+        allow(log).to receive(:collection_period_open?).and_return(true)
+      end
+
+      context "when setup_completed false" do
+        before do
+          allow(log).to receive(:setup_completed?).and_return(false)
+        end
+
+        it "does not allow deletion of log" do
+          expect(log).to receive(:setup_completed?)
+          expect(log).to receive(:collection_period_open?)
+
+          expect(policy).not_to permit(nil, log)
+        end
+      end
+
+      context "when setup_completed true" do
+        before do
+          allow(log).to receive(:setup_completed?).and_return(true)
+        end
+
+        context "when user is data coordinator" do
+          let(:user) { create(:user, :data_coordinator) }
+
+          it "does allow deletion of log" do
+            expect(log).to receive(:setup_completed?)
+            expect(log).to receive(:collection_period_open?)
+
+            expect(policy).to permit(user, log)
+          end
+        end
+
+        context "when user is support" do
+          let(:user) { create(:user, :support) }
+
+          it "does allow deletion of log" do
+            expect(log).to receive(:setup_completed?)
+            expect(log).to receive(:collection_period_open?)
+
+            expect(policy).to permit(user, log)
+          end
+        end
+
+        context "when user is data provider" do
+          let(:user) { create(:user) }
+
+          it "does not allow deletion of log" do
+            expect(log).to receive(:setup_completed?)
+            expect(log).to receive(:collection_period_open?)
+
+            expect(policy).not_to permit(user, log)
+          end
+
+          context "when the log is assigned to the user" do
+            let(:log) { create(:lettings_log, :setup_completed, created_by: user) }
+
+            it "does allow deletion of log" do
+              expect(log).to receive(:setup_completed?)
+              expect(log).to receive(:collection_period_open?)
+
+              expect(policy).to permit(user, log)
+            end
+          end
+        end
+      end
+    end
+  end
+end