diff --git a/app/helpers/user_helper.rb b/app/helpers/user_helper.rb
index fc82b26cb..e887929de 100644
--- a/app/helpers/user_helper.rb
+++ b/app/helpers/user_helper.rb
@@ -34,4 +34,8 @@ module UserHelper
def can_edit_org?(current_user)
current_user.data_coordinator? || current_user.support?
end
+
+ def can_toggle_active?(user, current_user)
+ current_user != user && (current_user.support? || current_user.data_coordinator?)
+ end
end
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 94446f9d0..416e83958 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -5,6 +5,9 @@
<%= content_for(:title) %>
+ <% if can_toggle_active?(@user, current_user) %>
+ <%= govuk_link_to "Deactivate user", "/users/#{@user.id}/deactivate" %>
+ <% end %>
Personal details
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index 1a297d6ab..ca82fb7b6 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -133,6 +133,10 @@ RSpec.describe UsersController, type: :request do
expect(page).not_to have_link("Change", text: "are you a data protection officer?")
expect(page).not_to have_link("Change", text: "are you a key contact?")
end
+
+ it "does not allow deactivating the user" do
+ expect(page).not_to have_link("Deactivate user", href: "/users/#{user.id}/deactivate")
+ end
end
context "when the current user does not match the user ID" do
@@ -157,6 +161,10 @@ RSpec.describe UsersController, type: :request do
expect(page).not_to have_link("Change", text: "are you a data protection officer?")
expect(page).not_to have_link("Change", text: "are you a key contact?")
end
+
+ it "does not allow deactivating the user" do
+ expect(page).not_to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
+ end
end
context "when the user is not part of the same organisation" do
@@ -457,6 +465,10 @@ RSpec.describe UsersController, type: :request do
expect(page).to have_link("Change", text: "are you a data protection officer?")
expect(page).to have_link("Change", text: "are you a key contact?")
end
+
+ it "does not allow deactivating the user" do
+ expect(page).not_to have_link("Deactivate user", href: "/users/#{user.id}/deactivate")
+ end
end
context "when the current user does not match the user ID" do
@@ -482,6 +494,10 @@ RSpec.describe UsersController, type: :request do
expect(page).to have_link("Change", text: "are they a data protection officer?")
expect(page).to have_link("Change", text: "are they a key contact?")
end
+
+ it "allows deactivating the user" do
+ expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
+ end
end
context "when the user is not part of the same organisation as the current user" do
@@ -985,6 +1001,10 @@ RSpec.describe UsersController, type: :request do
expect(page).to have_link("Change", text: "are you a data protection officer?")
expect(page).to have_link("Change", text: "are you a key contact?")
end
+
+ it "does not allow deactivating the user" do
+ expect(page).not_to have_link("Deactivate user", href: "/users/#{user.id}/deactivate")
+ end
end
context "when the current user does not match the user ID" do
@@ -1010,6 +1030,10 @@ RSpec.describe UsersController, type: :request do
expect(page).to have_link("Change", text: "are they a data protection officer?")
expect(page).to have_link("Change", text: "are they a key contact?")
end
+
+ it "allows deactivating the user" do
+ expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
+ end
end
context "when the user is not part of the same organisation as the current user" do