Add delete confirmation page

app/controllers/organisations_controller.rb

@@ -152,6 +152,8 @@ class OrganisationsController < ApplicationController
     end
   end
 
+  def delete; end
+
   def lettings_logs
     organisation_logs = LettingsLog.visible.filter_by_organisation(@organisation).filter_by_years_or_nil(FormHandler.instance.years_of_available_lettings_forms)
     unpaginated_filtered_logs = filter_manager.filtered_logs(organisation_logs, search_term, session_filters)
@@ -306,7 +308,7 @@ private
   end
 
   def authenticate_scope!
-    if %w[create new lettings_logs sales_logs download_lettings_csv email_lettings_csv email_sales_csv download_sales_csv].include? action_name
+    if %w[create new lettings_logs sales_logs download_lettings_csv email_lettings_csv email_sales_csv download_sales_csv delete_confirmation delete].include? action_name
       head :unauthorized and return unless current_user.support?
     elsif current_user.organisation != @organisation && !current_user.support?
       render_not_found

app/views/organisations/delete_confirmation.html.erb

@@ -0,0 +1,24 @@
+<% content_for :before_content do %>
+  <% content_for :title, "Are you sure you want to delete this organisation?" %>
+  <%= govuk_back_link(href: :back) %>
+<% end %>
+
+<div class="govuk-grid-row">
+  <div class="govuk-grid-column-two-thirds-from-desktop">
+    <span class="govuk-caption-xl">Delete <%= @organisation.postcode %></span>
+    <h1 class="govuk-heading-xl">
+      <%= content_for(:title) %>
+    </h1>
+
+    <%= govuk_warning_text(text: "You will not be able to undo this action.") %>
+
+    <div class="govuk-button-group">
+      <%= govuk_button_to(
+        "Delete this organisation",
+        delete_organisation_path(@organisation),
+        method: :delete,
+      ) %>
+      <%= govuk_button_link_to "Cancel", organisation_path(@organisation), html: { method: :get }, secondary: true %>
+    </div>
+  </div>
+</div>

config/routes.rb

@@ -190,6 +190,8 @@ Rails.application.routes.draw do
         get "sales-logs/filters/#{filter}", to: "sales_logs_filters#organisation_#{filter.underscore}"
         get "sales-logs/filters/update-#{filter}", to: "sales_logs_filters#update_organisation_#{filter.underscore}"
       end
+      get "delete-confirmation", to: "organisations#delete_confirmation"
+      delete "delete", to: "organisations#delete"
     end
   end
 

spec/requests/organisations_controller_spec.rb

@@ -47,6 +47,20 @@ RSpec.describe OrganisationsController, type: :request do
         expect(response).to redirect_to("/account/sign-in")
       end
     end
+
+    fdescribe "#delete-confirmation" do
+      let(:organisation) { create(:organisation) }
+  
+      before do
+        get "/organisations/#{organisation.id}/delete-confirmation"
+      end
+  
+      context "when not signed in" do
+        it "redirects to the sign in page" do
+          expect(response).to redirect_to("/account/sign-in")
+        end
+      end
+    end
   end
 
   context "when user is signed in" do
@@ -747,6 +761,22 @@ RSpec.describe OrganisationsController, type: :request do
           end
         end
       end
+
+      fdescribe "#delete-confirmation" do
+        let(:organisation) { user.organisation }
+  
+        before do
+          get "/organisations/#{organisation.id}/delete-confirmation"
+        end
+  
+        context "with a data provider user" do
+          let(:user) { create(:user) }
+  
+          it "returns 401 unauthorized" do
+            expect(response).to have_http_status(:unauthorized)
+          end
+        end
+      end
     end
 
     context "with a data provider user" do
@@ -876,6 +906,22 @@ RSpec.describe OrganisationsController, type: :request do
           expect(response).to have_http_status(:unauthorized)
         end
       end
+
+      fdescribe "#delete-confirmation" do
+        let(:organisation) { user.organisation }
+  
+        before do
+          get "/organisations/#{organisation.id}/delete-confirmation"
+        end
+  
+        context "with a data provider user" do
+          let(:user) { create(:user) }
+  
+          it "returns 401 unauthorized" do
+            expect(response).to have_http_status(:unauthorized)
+          end
+        end
+      end
     end
 
     context "with a support user" do
@@ -1581,6 +1627,41 @@ RSpec.describe OrganisationsController, type: :request do
         end
       end
 
+      fdescribe "#delete-confirmation" do
+        let(:organisation) { create(:organisation) }
+    
+        before do
+          get "/organisations/#{organisation.id}/delete-confirmation"
+        end
+
+        it "shows the correct title" do
+          expect(page.find("h1").text).to include "Are you sure you want to delete this organisation?"
+        end
+
+        it "shows a warning to the user" do
+          expect(page).to have_selector(".govuk-warning-text", text: "You will not be able to undo this action")
+        end
+
+        it "shows a button to delete the selected organisation" do
+          expect(page).to have_selector("form.button_to button", text: "Delete this organisation")
+        end
+
+        it "the delete organisation button submits the correct data to the correct path" do
+          form_containing_button = page.find("form.button_to")
+
+          expect(form_containing_button[:action]).to eq delete_organisation_path(organisation)
+          expect(form_containing_button).to have_field "_method", type: :hidden, with: "delete"
+        end
+
+        it "shows a cancel link with the correct style" do
+          expect(page).to have_selector("a.govuk-button--secondary", text: "Cancel")
+        end
+
+        it "shows cancel link that links back to the organisation page" do
+          expect(page).to have_link(text: "Cancel", href: organisation_path(organisation))
+        end
+      end
+
       context "when they view the lettings logs tab" do
         let(:tenancycode) { "42" }