diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index 357a5f272..22f2f8b6d 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -152,6 +152,8 @@ class OrganisationsController < ApplicationController end end + def delete; end + def lettings_logs organisation_logs = LettingsLog.visible.filter_by_organisation(@organisation).filter_by_years_or_nil(FormHandler.instance.years_of_available_lettings_forms) unpaginated_filtered_logs = filter_manager.filtered_logs(organisation_logs, search_term, session_filters) @@ -306,7 +308,7 @@ private end def authenticate_scope! - if %w[create new lettings_logs sales_logs download_lettings_csv email_lettings_csv email_sales_csv download_sales_csv].include? action_name + if %w[create new lettings_logs sales_logs download_lettings_csv email_lettings_csv email_sales_csv download_sales_csv delete_confirmation delete].include? action_name head :unauthorized and return unless current_user.support? elsif current_user.organisation != @organisation && !current_user.support? render_not_found diff --git a/app/views/organisations/delete_confirmation.html.erb b/app/views/organisations/delete_confirmation.html.erb new file mode 100644 index 000000000..f0efe61bf --- /dev/null +++ b/app/views/organisations/delete_confirmation.html.erb @@ -0,0 +1,24 @@ +<% content_for :before_content do %> + <% content_for :title, "Are you sure you want to delete this organisation?" %> + <%= govuk_back_link(href: :back) %> +<% end %> + +
+
+ Delete <%= @organisation.postcode %> +

+ <%= content_for(:title) %> +

+ + <%= govuk_warning_text(text: "You will not be able to undo this action.") %> + +
+ <%= govuk_button_to( + "Delete this organisation", + delete_organisation_path(@organisation), + method: :delete, + ) %> + <%= govuk_button_link_to "Cancel", organisation_path(@organisation), html: { method: :get }, secondary: true %> +
+
+
\ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 5361f5733..e8932ea45 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -190,6 +190,8 @@ Rails.application.routes.draw do get "sales-logs/filters/#{filter}", to: "sales_logs_filters#organisation_#{filter.underscore}" get "sales-logs/filters/update-#{filter}", to: "sales_logs_filters#update_organisation_#{filter.underscore}" end + get "delete-confirmation", to: "organisations#delete_confirmation" + delete "delete", to: "organisations#delete" end end diff --git a/spec/requests/organisations_controller_spec.rb b/spec/requests/organisations_controller_spec.rb index f30a1e4eb..e01fff221 100644 --- a/spec/requests/organisations_controller_spec.rb +++ b/spec/requests/organisations_controller_spec.rb @@ -47,6 +47,20 @@ RSpec.describe OrganisationsController, type: :request do expect(response).to redirect_to("/account/sign-in") end end + + fdescribe "#delete-confirmation" do + let(:organisation) { create(:organisation) } + + before do + get "/organisations/#{organisation.id}/delete-confirmation" + end + + context "when not signed in" do + it "redirects to the sign in page" do + expect(response).to redirect_to("/account/sign-in") + end + end + end end context "when user is signed in" do @@ -747,6 +761,22 @@ RSpec.describe OrganisationsController, type: :request do end end end + + fdescribe "#delete-confirmation" do + let(:organisation) { user.organisation } + + before do + get "/organisations/#{organisation.id}/delete-confirmation" + end + + context "with a data provider user" do + let(:user) { create(:user) } + + it "returns 401 unauthorized" do + expect(response).to have_http_status(:unauthorized) + end + end + end end context "with a data provider user" do @@ -876,6 +906,22 @@ RSpec.describe OrganisationsController, type: :request do expect(response).to have_http_status(:unauthorized) end end + + fdescribe "#delete-confirmation" do + let(:organisation) { user.organisation } + + before do + get "/organisations/#{organisation.id}/delete-confirmation" + end + + context "with a data provider user" do + let(:user) { create(:user) } + + it "returns 401 unauthorized" do + expect(response).to have_http_status(:unauthorized) + end + end + end end context "with a support user" do @@ -1581,6 +1627,41 @@ RSpec.describe OrganisationsController, type: :request do end end + fdescribe "#delete-confirmation" do + let(:organisation) { create(:organisation) } + + before do + get "/organisations/#{organisation.id}/delete-confirmation" + end + + it "shows the correct title" do + expect(page.find("h1").text).to include "Are you sure you want to delete this organisation?" + end + + it "shows a warning to the user" do + expect(page).to have_selector(".govuk-warning-text", text: "You will not be able to undo this action") + end + + it "shows a button to delete the selected organisation" do + expect(page).to have_selector("form.button_to button", text: "Delete this organisation") + end + + it "the delete organisation button submits the correct data to the correct path" do + form_containing_button = page.find("form.button_to") + + expect(form_containing_button[:action]).to eq delete_organisation_path(organisation) + expect(form_containing_button).to have_field "_method", type: :hidden, with: "delete" + end + + it "shows a cancel link with the correct style" do + expect(page).to have_selector("a.govuk-button--secondary", text: "Cancel") + end + + it "shows cancel link that links back to the organisation page" do + expect(page).to have_link(text: "Cancel", href: organisation_path(organisation)) + end + end + context "when they view the lettings logs tab" do let(:tenancycode) { "42" }