Update page for sales logs

app/controllers/sales_logs_controller.rb

@@ -62,6 +62,14 @@ class SalesLogsController < LogsController
     render "logs/delete_confirmation"
   end
 
+  def delete_duplicates
+    @log = SalesLog.visible.find(params[:sales_log_id])
+    authorize @log
+
+    @duplicate_logs = SalesLog.duplicate_logs_for_organisation(current_user.organisation, @log)
+    render "logs/delete_duplicates"
+  end
+
   def download_csv
     unpaginated_filtered_logs = filter_manager.filtered_logs(current_user.sales_logs, search_term, session_filters)
 

app/policies/sales_log_policy.rb

@@ -21,4 +21,8 @@ class SalesLogPolicy
     # Data providers can only delete the log if it is assigned to them
     log.created_by == user
   end
+
+  def delete_duplicates?
+    user.support? || log.owning_organisation == user.organisation
+  end
 end

app/views/logs/delete_duplicates.html.erb

@@ -16,7 +16,7 @@
     </p>
 
     <% @duplicate_logs.each do |duplicate_log| %>
-      <%= govuk_link_to "Log #{duplicate_log.id}", lettings_log_path(duplicate_log) %>
+      <%= govuk_link_to "Log #{duplicate_log.id}", duplicate_log.lettings? ? lettings_log_path(duplicate_log) : sales_log_path(duplicate_log) %>
     <% end %>
 
     <div class="govuk-button-group">

config/routes.rb

@@ -238,6 +238,7 @@ Rails.application.routes.draw do
   resources :sales_logs, path: "/sales-logs" do
     get "delete-confirmation", to: "sales_logs#delete_confirmation"
     get "duplicate-logs", to: "duplicate_logs#show"
+    get "delete-duplicates", to: "duplicate_logs#delete_duplicates"
 
     collection do
       get "csv-download", to: "sales_logs#download_csv"

spec/requests/sales_logs_controller_spec.rb

@@ -872,4 +872,83 @@ RSpec.describe SalesLogsController, type: :request do
       end
     end
   end
+
+  describe "GET delete-duplicates" do
+    let(:headers) { { "Accept" => "text/html" } }
+    let(:page) { Capybara::Node::Simple.new(response.body) }
+    let(:user) { create(:user, :data_coordinator) }
+    let!(:sales_log) do
+      create(:sales_log, :completed, owning_organisation: user.organisation)
+    end
+    let(:id) { sales_log.id }
+    let!(:duplicate_log) do
+      duplicate = sales_log.dup
+      duplicate.id = nil
+      duplicate.save!
+      duplicate
+    end
+    let(:request) { get "/sales-logs/#{id}/delete-duplicates", headers: }
+
+    before do
+      allow(user).to receive(:need_two_factor_authentication?).and_return(false)
+      sign_in user
+    end
+
+    context "when there is 1 duplicate log being deleted" do
+      it "renders page" do
+        request
+        expect(response).to have_http_status(:ok)
+
+        expect(page).to have_content("Are you sure you want to delete this duplicate log?")
+        expect(page).to have_button(text: "Delete this log")
+        expect(page).to have_link(text: "Log #{duplicate_log.id}", href: sales_log_path(duplicate_log.id))
+        expect(page).not_to have_link(text: "Log #{id}", href: sales_log_path(id))
+        expect(page).to have_link(text: "Cancel", href: sales_log_path(id)) # update with correct path when known
+      end
+    end
+
+    context "when there are multiple duplicate logs being deleted" do
+      let!(:duplicate_log_2) do
+        duplicate = sales_log.dup
+        duplicate.id = nil
+        duplicate.save!
+        duplicate
+      end
+
+      it "renders page" do
+        request
+        expect(response).to have_http_status(:ok)
+
+        expect(page).to have_content("Are you sure you want to delete these duplicate logs?")
+        expect(page).to have_content("These logs will be deleted:")
+        expect(page).to have_button(text: "Delete these logs")
+        expect(page).to have_link(text: "Log #{duplicate_log.id}", href: sales_log_path(duplicate_log.id))
+        expect(page).to have_link(text: "Log #{duplicate_log_2.id}", href: sales_log_path(duplicate_log_2.id))
+        expect(page).to have_link(text: "Cancel", href: sales_log_path(id)) # update with correct path when known
+      end
+    end
+
+    context "when log does not exist" do
+      let(:id) { -1 }
+
+      it "returns 404" do
+        request
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+
+    context "when user is not authorised" do
+      let(:other_user) { create(:user) }
+
+      before do
+        allow(other_user).to receive(:need_two_factor_authentication?).and_return(false)
+        sign_in other_user
+      end
+
+      it "returns 404" do
+        request
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
 end