alphagov · CristinaRO · Sep 11, 2023 · Aug 30, 2023 · Sep 5, 2023 · Sep 5, 2023
diff --git a/app/assets/stylesheets/application.scss b/app/assets/stylesheets/application.scss
@@ -33,6 +33,7 @@
 @import "hits";
 @import "mappings";
 @import "organisations";
+@import "site";
 @import "style";
 @import "versions";
 @import "glossary";
diff --git a/app/assets/stylesheets/site.scss b/app/assets/stylesheets/site.scss
@@ -0,0 +1,8 @@
+.highlight-danger {
+  background-color: #f5f5f5;
+
+  a, a:active, a:hover, a:visited {
+    color: #cf222e;
+    text-decoration: underline;
+  }
+}
diff --git a/app/controllers/sites_controller.rb b/app/controllers/sites_controller.rb
@@ -1,8 +1,10 @@
+require "./lib/transition/import/revert_entirely_unsafe"
+
 class SitesController < ApplicationController
-  before_action :find_site, only: %i[edit update show]
+  before_action :find_site, only: %i[edit update show confirm_destroy destroy]
   before_action :find_organisation, only: %i[new create]
   before_action :check_user_is_gds_editor, only: %i[edit update]
-  before_action :check_user_is_site_manager, only: %i[new create]
+  before_action :check_user_is_site_manager, only: %i[new create confirm_destroy destroy]
 
   def new
     @site_form = SiteForm.new(organisation_slug: @organisation.whitehall_slug)
@@ -34,6 +36,17 @@ def show
     @unresolved_mappings_count = @site.mappings.unresolved.count
   end
 
+  def confirm_destroy; end
+
+  def destroy
+    if params[:confirm_destroy] == @site.abbr
+      Transition::Import::RevertEntirelyUnsafe::RevertSite.new(@site).revert_all_data!
+      redirect_to organisation_path(@site.organisation), flash: { success: "The site and all its data have been successfully deleted" }
+    else
+      redirect_to confirm_destroy_site_path(@site), flash: { alert: "The confirmation did not match" }
+    end
+  end
+
 private
 
   def find_site
@@ -77,7 +90,15 @@ def check_user_is_gds_editor
   def check_user_is_site_manager
     unless current_user.site_manager?
       message = "Only Site Managers can access that."
-      redirect_to organisation_path(@organisation), alert: message
+      redirect_to redirect_path, alert: message
+    end
+  end
+
+  def redirect_path
+    if @site
+      site_path(@site)
+    else
+      organisation_path(@organisation)
     end
   end
 end
diff --git a/app/views/sites/confirm_destroy.html.erb b/app/views/sites/confirm_destroy.html.erb
@@ -0,0 +1,46 @@
+<% content_for(:page_title, @site.default_host.hostname) %>
+
+<div class="page-title-with-border">
+  <h1>
+    <small><%= @site.default_host.hostname %></small>
+    <br />
+    Delete this site and all its associated data
+  </h1>
+</div>
+
+<div class="callout callout-danger">
+  <div class="callout-title">
+    WAIT!
+  </div>
+  <div class="callout-body">
+    <p>
+      This will delete the site <strong><%= @site.abbr %></strong> and all the data that is associated with it:
+    </p>
+    <ul>
+      <li><%= t("site.confirm_destroy.hosts", count: @site.hosts.count) %></li>
+      <li><%= t("site.confirm_destroy.mappings", count: @site.mappings.count) %></li>
+    </ul>
+    <p>Redirects will stop working.</p>
+    <p>
+      Restoring this site would require readding the site, the host(s), and all the mappings. The hits cannot be restored.
+    </p>
+  </div>
+</div>
+
+<%= form_for @site, method: :delete, html: { role: 'form' } do |f| %>
+  <div class="form-group row add-top-margin">
+    <div class="col-md-8">
+      <div class="input-group">
+        <dl>
+          <dt>
+            <%= label_tag :confirm_destroy, "Please enter the site slug, #{@site.abbr}, to confirm that you want to delete this site and all its data." %>
+          </dt>
+          <dd>
+            <%= text_field_tag(:confirm_destroy, {}, { class: 'form-control input' }) %>
+          </dd>
+        </dl>
+      </div>
+      <%= f.submit t("site.confirm_destroy.confirm"), class: 'add-top-margin btn btn-danger' %>
+    </div>
+  </div>
+<% end %>
diff --git a/app/views/sites/show.html.erb b/app/views/sites/show.html.erb
@@ -30,5 +30,11 @@
         <span class="small"><%= link_to 'Edit date', edit_site_path(@site), class: 'link-inherit' %></span>
       <% end %>
     </div>
+
+    <% if current_user.site_manager? %>
+      <div class="highlight highlight-danger">
+        <%= link_to 'Delete', confirm_destroy_site_path(@site) %>
+      </div>
+    <% end %>
   </div>
 </div>
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -48,6 +48,15 @@ en:
         global_redirect_append_path: Should the path the user supplied be appended to the URL for the global redirect?
         special_redirect_strategy: When the transition is partial, some tools or content will be left behind and managed by the previous supplier. If "Via aka", the supplier is redirecting some paths to our aka domain. If "supplier", the supplier is managing redirects to gov.uk. No traffic comes through Bouncer for this site.
         aliases: This is a list of alias domains. Enter as a comma-separated list.
+  site:
+    confirm_destroy:
+      confirm: I understand the consequences, delete this site
+      hosts:
+        one: '%{count} host and its associated host paths, daily hit counts, and hits'
+        other: '%{count} hosts and their associated host paths, daily hit counts, and hits'
+      mappings:
+        one: '%{count} mappings and all its versions'
+        other: '%{count} mappings and all their versions'
   mappings:
     success:
       all_created: '%{created}%{tagged_with}'

diff --git a/config/routes.rb b/config/routes.rb
@@ -29,7 +29,10 @@
 
   get "leaderboard", to: "leaderboard#index"
 
-  resources :sites, only: %i[edit update show] do
+  resources :sites, only: %i[edit update show destroy] do
+    member do
+      get :confirm_destroy
+    end
     get "mappings/find", as: "mapping_find"
     resources :mappings, only: %i[index edit update] do
       resources :versions, only: [:index]

diff --git a/db/seeds.rb b/db/seeds.rb
@@ -7,7 +7,7 @@
     u             = User.new
     u.email       = "[email protected]"
     u.name        = "Test User"
-    u.permissions = ["signin", "admin", "GDS Editor"]
+    u.permissions = ["signin", "admin", "GDS Editor", "Site Manager"]
     u.organisation_content_id = cabinet_office_content_id
     u.save!
   end

diff --git a/features/site.feature b/features/site.feature
@@ -133,3 +133,25 @@ Scenario: Editing a site's transition date as a non-GDS Editor
   When I visit the path /sites/dclg/edit
   Then I should be redirected to the site dashboard
   And I should see "Only GDS Editors can access that."
+
+Scenario: Deleting a site as a Site Manager
+  Given I have logged in as a Site Manager
+  And a site bis exists
+  And I visit this site page
+  When I delete this site
+  Then I should be prompted to confirm the deletion
+  When I fail to confirm the deletion
+  Then I should see "The confirmation did not match"
+  And I should be prompted to confirm the deletion
+  When I confirm the deletion
+  Then I should be redirected to the organisation dashboard
+  And I should see the deletion confirmation message
+
+Scenario: Deleting a site as a non-Site Manager
+  Given I have logged in as a member of DCLG
+  And a site dclg exists
+  And I visit this site page
+  Then I should not see "Delete"
+  When I visit the path /sites/dclg/confirm_destroy
+  Then I should be redirected to the site dashboard
+  And I should see "Only Site Managers can access that."
diff --git a/features/step_definitions/site_assertion_steps.rb b/features/step_definitions/site_assertion_steps.rb
@@ -86,3 +86,15 @@
     end
   end
 end
+
+Then(/^I should be prompted to confirm the deletion$/) do
+  expect(page).to have_content("confirm that you want to delete this site and all its data")
+end
+
+Then(/^I should see the deletion confirmation message$/) do
+  expect(page).to have_content("The site and all its data have been successfully deleted")
+end
+
+Then(/^I should be redirected to the organisation dashboard$/) do
+  i_should_be_on_the_path organisation_path(@site.organisation)
+end
diff --git a/features/step_definitions/site_interaction_steps.rb b/features/step_definitions/site_interaction_steps.rb
@@ -39,3 +39,17 @@
 Then(/^I should be redirected to the new site$/) do
   i_should_be_on_the_path site_path(Site.last)
 end
+
+When(/^I delete this site$/) do
+  click_link "Delete"
+end
+
+When(/^I confirm the deletion$/) do
+  fill_in :confirm_destroy, with: @site.abbr
+  click_button I18n.t("site.confirm_destroy.confirm")
+end
+
+When(/^I fail to confirm the deletion$/) do
+  fill_in :confirm_destroy, with: "bogus"
+  click_button I18n.t("site.confirm_destroy.confirm")
+end
diff --git a/spec/controllers/sites_controller_spec.rb b/spec/controllers/sites_controller_spec.rb
@@ -66,4 +66,24 @@ def make_request
       it_behaves_like "disallows editing by non-GDS Editors"
     end
   end
+
+  describe "#confirm_destroy" do
+    context "when the user does have permission" do
+      before { login_as site_manager }
+
+      it "displays the form" do
+        get :confirm_destroy, params: { id: site.abbr }
+        expect(response.status).to eql(200)
+      end
+    end
+
+    context "when the user does not have permission" do
+      before { login_as stub_user }
+
+      it "disallows deleting by non-Site Managers" do
+        get :confirm_destroy, params: { id: site.abbr }
+        expect(response.status).to eql(302)
+      end
+    end
+  end
 end