diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index fdb5a3434..f7e7c5a81 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -86,6 +86,12 @@ class UsersController < ApplicationController end end + def reactivate + unless current_user != @user && (current_user.support? || current_user.data_coordinator?) + redirect_to user_path(@user) + end + end + private def format_error_messages diff --git a/app/views/users/deactivate.html.erb b/app/views/users/deactivate.html.erb index b78303ba7..ce5b64f1e 100644 --- a/app/views/users/deactivate.html.erb +++ b/app/views/users/deactivate.html.erb @@ -9,7 +9,6 @@

Deactivating this user will mean they can no longer access this service to submit CORE data.

Any logs this user has already submitted will not be affected.

- <%= f.govuk_text_field :active, value: false, hidden: true %> diff --git a/app/views/users/reactivate.html.erb b/app/views/users/reactivate.html.erb new file mode 100644 index 000000000..4bda0ca4d --- /dev/null +++ b/app/views/users/reactivate.html.erb @@ -0,0 +1,20 @@ +<% content_for :title, current_user == @user ? "Your account" : "#{@user.name.presence || @user.email}’s account" %> + +
+ <%= form_for(@user, as: :user, html: { method: :patch }) do |f| %> +
+

+ <%= @user.name %> + Are you sure you want to reactivate this user? +

+ <%= f.govuk_text_field :active, + value: true, + hidden: true %> + <%= f.govuk_submit "I’m sure - reactivate this user" %> +

+ <%= govuk_link_to("No - I’ve changed my mind", user_path(@user)) %> +

+
+
+ <% end %> + diff --git a/config/routes.rb b/config/routes.rb index 587621749..1dd94e8bb 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -64,6 +64,7 @@ Rails.application.routes.draw do end get "/users/:id/deactivate", to: "users#deactivate" + get "/users/:id/reactivate", to: "users#reactivate" resources :organisations do member do diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 82f69eb0f..35f3ec0c6 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -118,6 +118,13 @@ RSpec.describe UsersController, type: :request do expect(response).to redirect_to("/account/sign-in") end end + + describe "#reactivate" do + it "does not let you see reactivate page" do + get "/users/#{user.id}/reactivate", headers: headers, params: {} + expect(response).to redirect_to("/account/sign-in") + end + end end context "when user is signed in as a data provider" do @@ -144,6 +151,17 @@ RSpec.describe UsersController, type: :request do it "does not allow deactivating the user" do expect(page).not_to have_link("Deactivate user", href: "/users/#{user.id}/deactivate") end + + context "when user is deactivated" do + before do + user.update!(active: false) + get "/users/#{user.id}", headers:, params: {} + end + + it "does not allow reactivating the user" do + expect(page).not_to have_link("Reactivate user", href: "/users/#{user.id}/reactivate") + end + end end context "when the current user does not match the user ID" do @@ -172,6 +190,17 @@ RSpec.describe UsersController, type: :request do it "does not allow deactivating the user" do expect(page).not_to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate") end + + context "when user is deactivated" do + before do + other_user.update!(active: false) + get "/users/#{other_user.id}", headers:, params: {} + end + + it "does not allow reactivating the user" do + expect(page).not_to have_link("Reactivate user", href: "/users/#{other_user.id}/reactivate") + end + end end context "when the user is not part of the same organisation" do @@ -476,6 +505,17 @@ RSpec.describe UsersController, type: :request do it "does not allow deactivating the user" do expect(page).not_to have_link("Deactivate user", href: "/users/#{user.id}/deactivate") end + + context "when user is deactivated" do + before do + user.update!(active: false) + get "/users/#{user.id}", headers:, params: {} + end + + it "does not allow reactivating the user" do + expect(page).not_to have_link("Reactivate user", href: "/users/#{user.id}/reactivate") + end + end end context "when the current user does not match the user ID" do @@ -876,7 +916,7 @@ RSpec.describe UsersController, type: :request do end it "shows deactivation page with deactivate and cancel buttons for the user" do - expect(path).to include("/users/#{other_user.id}") + expect(path).to include("/users/#{other_user.id}/deactivate") expect(page).to have_content(other_user.name) expect(page).to have_content("Are you sure you want to deactivate this user?") expect(page).to have_button("I’m sure - deactivate this user") @@ -884,6 +924,27 @@ RSpec.describe UsersController, type: :request do end end end + + describe "#reactivate" do + before do + sign_in user + end + + context "when the current user does not match the user ID" do + before do + other_user.update!(active: false) + get "/users/#{other_user.id}/reactivate", headers: headers, params: {} + end + + it "shows reactivation page with reactivate and cancel buttons for the user" do + expect(path).to include("/users/#{other_user.id}/reactivate") + expect(page).to have_content(other_user.name) + expect(page).to have_content("Are you sure you want to reactivate this user?") + expect(page).to have_button("I’m sure - reactivate this user") + expect(page).to have_link("No - I’ve changed my mind", href: "/users/#{other_user.id}") + end + end + end end context "when user is signed in as a support user" do