From 84793fadbb49d60ae3e2b7412078520b3bde3484 Mon Sep 17 00:00:00 2001
From: Kat <54268893+kosiakkatrina@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:53:30 +0000
Subject: [PATCH] Add a page to view the download

---
 app/controllers/csv_downloads_controller.rb   |  7 ++
 app/jobs/email_csv_job.rb                     |  3 +-
 app/jobs/scheme_email_csv_job.rb              |  2 +-
 app/policies/csv_download_policy.rb           |  4 ++
 app/views/csv_downloads/show.html.erb         | 10 +++
 config/routes.rb                              |  1 +
 .../requests/csv_downloads_controller_spec.rb | 68 +++++++++++++++++++
 7 files changed, 93 insertions(+), 2 deletions(-)
 create mode 100644 app/views/csv_downloads/show.html.erb

diff --git a/app/controllers/csv_downloads_controller.rb b/app/controllers/csv_downloads_controller.rb
index c78cf5860..25f70026f 100644
--- a/app/controllers/csv_downloads_controller.rb
+++ b/app/controllers/csv_downloads_controller.rb
@@ -1,6 +1,13 @@
 class CsvDownloadsController < ApplicationController
   before_action :authenticate_user!
 
+  def show
+    @csv_download = CsvDownload.find(params[:id])
+    authorize @csv_download
+
+    return render "errors/download_link_expired" if @csv_download.expired?
+  end
+
   def download
     csv_download = CsvDownload.find(params[:id])
     authorize csv_download
diff --git a/app/jobs/email_csv_job.rb b/app/jobs/email_csv_job.rb
index 05e6c0cbb..dbdc9a99b 100644
--- a/app/jobs/email_csv_job.rb
+++ b/app/jobs/email_csv_job.rb
@@ -30,7 +30,8 @@ class EmailCsvJob < ApplicationJob
     storage_service.write_file(filename, BYTE_ORDER_MARK + csv_string)
     csv_download = CsvDownload.create!(user:, organisation: user.organisation, filename:, download_type: log_type, expiration_time: EXPIRATION_TIME)
 
-    url = download_csv_download_url(csv_download.id, host: ENV["APP_HOST"])
+    binding.pry
+    url = csv_download_url(csv_download.id, host: ENV["APP_HOST"])
 
     CsvDownloadMailer.new.send_csv_download_mail(user, url, EXPIRATION_TIME)
   end
diff --git a/app/jobs/scheme_email_csv_job.rb b/app/jobs/scheme_email_csv_job.rb
index 50c5119a3..803d3dce3 100644
--- a/app/jobs/scheme_email_csv_job.rb
+++ b/app/jobs/scheme_email_csv_job.rb
@@ -33,7 +33,7 @@ class SchemeEmailCsvJob < ApplicationJob
     storage_service.write_file(filename, BYTE_ORDER_MARK + csv_string)
     csv_download = CsvDownload.create!(user:, organisation: user.organisation, filename:, download_type:, expiration_time: EXPIRATION_TIME)
 
-    url = download_csv_download_url(csv_download.id, host: ENV["APP_HOST"])
+    url = csv_download_url(csv_download.id, host: ENV["APP_HOST"])
 
     CsvDownloadMailer.new.send_csv_download_mail(user, url, EXPIRATION_TIME)
   end
diff --git a/app/policies/csv_download_policy.rb b/app/policies/csv_download_policy.rb
index 72d815b58..04471ccd0 100644
--- a/app/policies/csv_download_policy.rb
+++ b/app/policies/csv_download_policy.rb
@@ -6,6 +6,10 @@ class CsvDownloadPolicy
     @csv_download = csv_download
   end
 
+  def show?
+    @current_user == @csv_download.user || @current_user.support? || @current_user.organisation == @csv_download.organisation
+  end
+
   def download?
     @current_user == @csv_download.user || @current_user.support? || @current_user.organisation == @csv_download.organisation
   end
diff --git a/app/views/csv_downloads/show.html.erb b/app/views/csv_downloads/show.html.erb
new file mode 100644
index 000000000..96fe28093
--- /dev/null
+++ b/app/views/csv_downloads/show.html.erb
@@ -0,0 +1,10 @@
+<% title = "Downlaod CSV file" %>
+<% content_for :title, title %>
+
+<div class="govuk-grid-row">
+  <div class="govuk-grid-column-two-thirds-from-desktop">
+    <h1 class="govuk-heading-l govuk-!-margin-bottom-6">You are about to download a CSV file</h1>
+    <p class="govuk-body-m">Filename: <%= @csv_download.filename%></p>
+    <%= govuk_button_link_to "Download CSV", download_csv_download_path(@csv_download) %>
+  </div>
+</div>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 9b855880d..1c7af8c59 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -384,6 +384,7 @@ Rails.application.routes.draw do
 
   resources :csv_downloads, path: "csv-downloads" do
     member do
+      get "/", to: "csv_downloads#show", as: "show"
       get "download", to: "csv_downloads#download"
     end
   end
diff --git a/spec/requests/csv_downloads_controller_spec.rb b/spec/requests/csv_downloads_controller_spec.rb
index 64862cd71..982077a12 100644
--- a/spec/requests/csv_downloads_controller_spec.rb
+++ b/spec/requests/csv_downloads_controller_spec.rb
@@ -1,6 +1,74 @@
 require "rails_helper"
 
 RSpec.describe CsvDownloadsController, type: :request do
+  describe "GET #show" do
+    let(:page) { Capybara::Node::Simple.new(response.body) }
+    let(:csv_user) { create(:user) }
+    let(:csv_download) { create(:csv_download, user: csv_user, organisation: csv_user.organisation) }
+    let(:get_file_io) do
+      io = StringIO.new
+      io.write("hello")
+      io.rewind
+      io
+    end
+    let(:mock_storage_service) { instance_double(Storage::S3Service, get_file_io:, get_presigned_url: "https://example.com") }
+
+    before do
+      allow(Storage::S3Service).to receive(:new).and_return(mock_storage_service)
+    end
+
+    context "when user is not signed in" do
+      it "redirects to sign in page" do
+        get "/csv-downloads/#{csv_download.id}"
+        expect(response).to redirect_to("/account/sign-in")
+      end
+    end
+
+    context "when user is signed in" do
+      before do
+        sign_in user
+      end
+
+      context "and the user is from a different organisation" do
+        let(:user) { create(:user) }
+
+        before do
+          get "/csv-downloads/#{csv_download.id}"
+        end
+
+        it "returns page not found" do
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+
+      context "and is the user who generated the csv" do
+        let(:user) { csv_user }
+
+        before do
+          get "/csv-downloads/#{csv_download.id}"
+        end
+
+        it "allows downloading the csv" do
+          expect(response).to have_http_status(:ok)
+          expect(page).to have_link("Download CSV", href: "/csv-downloads/#{csv_download.id}/download")
+        end
+      end
+
+      context "and is the user is from the same organisation" do
+        let(:user) { create(:user, organisation: csv_user.organisation) }
+
+        before do
+          get "/csv-downloads/#{csv_download.id}"
+        end
+
+        it "allows downloading the csv" do
+          expect(response).to have_http_status(:ok)
+          expect(page).to have_link("Download CSV", href: "/csv-downloads/#{csv_download.id}/download")
+        end
+      end
+    end
+  end
+
   describe "GET #download" do
     let(:csv_user) { create(:user) }
     let(:csv_download) { create(:csv_download, user: csv_user, organisation: csv_user.organisation) }