WIP Show notice when there are non-delegatable perms

TODO: add tests This will be shown to publishing managers on the edit permissions page when there are non-delegatable non-signin permissions so that they are aware that they aren't seeing all permissions for the given app
alphagov · Aug 7, 2024 · 3d73238 · 3d73238
1 parent d3cc0cc
commit 3d73238
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 0 deletions.
diff --git a/app/controllers/account/permissions_controller.rb b/app/controllers/account/permissions_controller.rb
@@ -3,6 +3,8 @@ class Account::PermissionsController < ApplicationController
   before_action :set_application
   before_action :set_permissions, only: %i[edit update]
 
+  include ApplicationPermissionsHelper
+
   def show
     authorize [:account, @application], :view_permissions?
 
@@ -14,6 +16,8 @@ def show
   def edit
     authorize [:account, @application], :edit_permissions?
 
+    @notice_about_non_delegatable_permissions = notice_about_non_delegatable_permissions(current_user, @application)
+
     @shared_permissions_form_locals = {
       action: account_application_permissions_path(@application),
       application: @application,

diff --git a/app/controllers/users/permissions_controller.rb b/app/controllers/users/permissions_controller.rb
@@ -4,6 +4,8 @@ class Users::PermissionsController < ApplicationController
   before_action :set_application
   before_action :set_permissions, only: %i[edit update]
 
+  include ApplicationPermissionsHelper
+
   def show
     authorize @user, :edit?
 
@@ -15,6 +17,8 @@ def show
   def edit
     authorize [{ application: @application, user: @user }], :edit_permissions?, policy_class: Users::ApplicationPolicy
 
+    @notice_about_non_delegatable_permissions = notice_about_non_delegatable_permissions(current_user, @application, @user)
+
     @shared_permissions_form_locals = {
       action: user_application_permissions_path(@user, @application),
       application: @application,

diff --git a/app/helpers/application_permissions_helper.rb b/app/helpers/application_permissions_helper.rb
@@ -22,4 +22,25 @@ def message_for_success(application_id, user = current_user)
 
     paragraph + list
   end
+
+  def notice_about_non_delegatable_permissions(current_user, application, other_grantee = nil)
+    return nil if current_user.govuk_admin?
+    return nil unless application.has_non_delegatable_non_signin_permissions_grantable_from_ui?
+
+    link = if other_grantee
+             link_to(
+               "view all the permissions #{other_grantee.name} has for #{application.name}",
+               user_application_permissions_path(other_grantee, application),
+               class: "govuk-link",
+             )
+           else
+             link_to(
+               "view all the permissions you have for #{@application.name}",
+               account_application_permissions_path(application),
+               class: "govuk-link",
+             )
+           end
+
+    "Below, you will only see permissions that you are authorised to manage. You can also #{link}."
+  end
 end
diff --git a/app/models/doorkeeper/application.rb b/app/models/doorkeeper/application.rb
@@ -65,6 +65,10 @@ def has_delegatable_non_signin_permissions_grantable_from_ui?
     (supported_permissions.delegatable.grantable_from_ui - [signin_permission]).any?
   end
 
+  def has_non_delegatable_non_signin_permissions_grantable_from_ui?
+    (supported_permissions.grantable_from_ui.where(delegatable: false) - [signin_permission]).any?
+  end
+
   def url_without_path
     parsed_url = URI.parse(redirect_uri)
     "#{parsed_url.scheme}://#{parsed_url.host}:#{parsed_url.port}"

diff --git a/app/views/account/permissions/edit.html.erb b/app/views/account/permissions/edit.html.erb
@@ -29,6 +29,12 @@
   <% end %>
 <% end %>
 
+<% if @notice_about_non_delegatable_permissions %>
+  <%= render "govuk_publishing_components/components/inset_text", {
+    text: @notice_about_non_delegatable_permissions,
+  } %>
+<% end %>
+
 <%= render "shared/permissions_forms", {
   assigned_permissions: @assigned_permissions,
   unassigned_permission_options: @unassigned_permission_options,

diff --git a/app/views/users/permissions/edit.html.erb b/app/views/users/permissions/edit.html.erb
@@ -34,6 +34,12 @@
   <% end %>
 <% end %>
 
+<% if @notice_about_non_delegatable_permissions %>
+  <%= render "govuk_publishing_components/components/inset_text", {
+    text: @notice_about_non_delegatable_permissions,
+  } %>
+<% end %>
+
 <%= render "shared/permissions_forms", {
   assigned_permissions: @assigned_permissions,
   unassigned_permission_options: @unassigned_permission_options,