Display a notification banner if the application has no permissions

This improves the usability of the page in the case where the application has no permissions (other than the signin permission which is required to view this page). I considered removing the "update permissions" link from the show page that links to this edit page in this case, but I think it would potentially be confusing as there are other reasons why that link might not be shown (for example the user doesn't have permissions to edit their permissions). This seems like a reasonable compromise.
alphagov · Nov 20, 2023 · 5f3246a · 5f3246a
1 parent a1eb5f3
commit 5f3246a
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 11 deletions.
diff --git a/app/views/account/permissions/edit.html.erb b/app/views/account/permissions/edit.html.erb
@@ -19,20 +19,30 @@
    })
 %>
 
-<%= form_tag account_application_permissions_path(@application), method: :patch do |f| %>
-  <%= render "govuk_publishing_components/components/checkboxes", {
-      name: "application[supported_permission_ids][]",
-      heading: "Permissions",
-      items: @permissions.map { |permission| { label: permission.name, value: permission.id, checked: current_user.has_permission?(permission) } },
-  } %>
+<% if @permissions.any? %>
+  <%= form_tag account_application_permissions_path(@application), method: :patch do |f| %>
+    <%= render "govuk_publishing_components/components/checkboxes", {
+        name: "application[supported_permission_ids][]",
+        heading: "Permissions",
+        items: @permissions.map { |permission| { label: permission.name, value: permission.id, checked: current_user.has_permission?(permission) } },
+    } %>
 
-  <%= hidden_field_tag "application[supported_permission_ids][]", @application.signin_permission.id, id: "checkboxes-signin" %>
+    <%= hidden_field_tag "application[supported_permission_ids][]", @application.signin_permission.id, id: "checkboxes-signin" %>
 
-  <div class="govuk-button-group">
-    <%= render "govuk_publishing_components/components/button", {
-        text: "Update permissions"
-    } %>
+    <div class="govuk-button-group">
+      <%= render "govuk_publishing_components/components/button", {
+          text: "Update permissions"
+      } %>
 
+      <%= link_to "Cancel", account_applications_path, class: "govuk-link govuk-link--no-visited-state" %>
+    </div>
+  <% end %>
+<% else %>
+  <%= render "govuk_publishing_components/components/notice", {
+    title: "#{@application.name} does not have any additional permissions."
+  } %>
+
+  <div class="govuk-button-group">
     <%= link_to "Cancel", account_applications_path, class: "govuk-link govuk-link--no-visited-state" %>
   </div>
 <% end %>
diff --git a/test/controllers/account/permissions_controller_test.rb b/test/controllers/account/permissions_controller_test.rb
@@ -113,6 +113,17 @@ class Account::PermissionsControllerTest < ActionController::TestCase
 
       assert_select "input[type='hidden'][value='#{application.signin_permission.id}']"
     end
+
+    should "display a notification banner if there are no permissions to edit" do
+      application = create(:application)
+      user = create(:admin_user, with_signin_permissions_for: [application])
+
+      sign_in user
+
+      get :edit, params: { application_id: application.id }
+
+      assert_select ".govuk-notification-banner", text: "#{application.name} does not have any additional permissions."
+    end
   end
 
   context "#update" do