Add a link to deactivate page

app/helpers/user_helper.rb

@@ -34,4 +34,8 @@ module UserHelper
   def can_edit_org?(current_user)
     current_user.data_coordinator? || current_user.support?
   end
+
+  def can_toggle_active?(user, current_user)
+    current_user != user && (current_user.support? || current_user.data_coordinator?)
+  end
 end

app/views/users/show.html.erb

@@ -5,6 +5,9 @@
     <h1 class="govuk-heading-l">
       <%= content_for(:title) %>
     </h1>
+    <% if can_toggle_active?(@user, current_user) %>
+      <%= govuk_link_to "Deactivate user", "/users/#{@user.id}/deactivate" %>
+    <% end %>
 
     <h2 class="govuk-heading-m">
       Personal details

spec/requests/users_controller_spec.rb

@@ -133,6 +133,10 @@ RSpec.describe UsersController, type: :request do
           expect(page).not_to have_link("Change", text: "are you a data protection officer?")
           expect(page).not_to have_link("Change", text: "are you a key contact?")
         end
+
+        it "does not allow deactivating the user" do
+          expect(page).not_to have_link("Deactivate user", href: "/users/#{user.id}/deactivate")
+        end
       end
 
       context "when the current user does not match the user ID" do
@@ -157,6 +161,10 @@ RSpec.describe UsersController, type: :request do
             expect(page).not_to have_link("Change", text: "are you a data protection officer?")
             expect(page).not_to have_link("Change", text: "are you a key contact?")
           end
+
+          it "does not allow deactivating the user" do
+            expect(page).not_to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
+          end
         end
 
         context "when the user is not part of the same organisation" do
@@ -457,6 +465,10 @@ RSpec.describe UsersController, type: :request do
           expect(page).to have_link("Change", text: "are you a data protection officer?")
           expect(page).to have_link("Change", text: "are you a key contact?")
         end
+
+        it "does not allow deactivating the user" do
+          expect(page).not_to have_link("Deactivate user", href: "/users/#{user.id}/deactivate")
+        end
       end
 
       context "when the current user does not match the user ID" do
@@ -482,6 +494,10 @@ RSpec.describe UsersController, type: :request do
             expect(page).to have_link("Change", text: "are they a data protection officer?")
             expect(page).to have_link("Change", text: "are they a key contact?")
           end
+
+          it "allows deactivating the user" do
+            expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
+          end
         end
 
         context "when the user is not part of the same organisation as the current user" do
@@ -985,6 +1001,10 @@ RSpec.describe UsersController, type: :request do
           expect(page).to have_link("Change", text: "are you a data protection officer?")
           expect(page).to have_link("Change", text: "are you a key contact?")
         end
+
+        it "does not allow deactivating the user" do
+          expect(page).not_to have_link("Deactivate user", href: "/users/#{user.id}/deactivate")
+        end
       end
 
       context "when the current user does not match the user ID" do
@@ -1010,6 +1030,10 @@ RSpec.describe UsersController, type: :request do
             expect(page).to have_link("Change", text: "are they a data protection officer?")
             expect(page).to have_link("Change", text: "are they a key contact?")
           end
+
+          it "allows deactivating the user" do
+            expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
+          end
         end
 
         context "when the user is not part of the same organisation as the current user" do