Fix removal methods and add tests

alphagov · Nov 27, 2024 · 2002965 · 2002965
1 parent 3dd049a
commit 2002965
Show file tree

Hide file tree

Showing 2 changed files with 96 additions and 0 deletions.
diff --git a/lib/tasks/access_and_permissions.rake b/lib/tasks/access_and_permissions.rake
@@ -50,4 +50,46 @@ namespace :permissions do
       log_file.close
     end
   end
+
+  desc "Remove an organisation from an document's access permissions list"
+  task :remove_organisation_access, %i[document_content_id org_content_id] => :environment do |_, args|
+    document = Artefact.find_by(id: args[:document_content_id])
+
+    if document.nil?
+      message = "Document not found, no permissions changed."
+    elsif !document.latest_edition.owning_org_content_ids.include?(args[:org_content_id])
+      message = "Organisation with ID #{args[:organisation_id]} did not have access to document with ID - #{document.id} no change made"
+    else
+      Edition.where(panopticon_id: document.id).each do |edition|
+        edition.owning_org_content_ids.delete(args[:org_content_id])
+        edition.save!(validate: false)
+      end
+      document.save_as_task!("PermissionsRemoval")
+      message = "Access permission for successfully removed for the organisation with ID #{args[:organisation_id]} from document with ID - #{document.id}"
+    end
+    puts message
+  rescue Mongoid::Errors::DocumentNotFound => e
+    error_message = "An error occurred while processing document with ID #{args[:document_content_id]}: #{e.message}"
+    puts error_message
+  end
+
+  desc "Remove all access permissions from an document"
+  task :remove_all_access_flags, %i[document_content_id] => :environment do |_, args|
+    document = Artefact.find_by(id: args[:document_content_id])
+
+    if document.nil?
+      message = "Document not found, no permissions changed."
+    else
+      Edition.where(panopticon_id: document.id).each do |edition|
+        edition.owning_org_content_ids.clear
+        edition.save!(validate: false)
+      end
+      document.save_as_task!("PermissionsClear")
+      message = "All access permissions for all organisations successfully removed from document with ID - #{document.id}"
+    end
+    puts message
+  rescue Mongoid::Errors::DocumentNotFound => e
+    error_message = "An error occurred while processing document with ID #{args[:document_content_id]}: #{e.message}"
+    puts error_message
+  end
 end
diff --git a/test/unit/tasks/access_and_permissions_test.rb b/test/unit/tasks/access_and_permissions_test.rb
@@ -6,13 +6,20 @@ class AccessAndPermissionsTaskTest < ActiveSupport::TestCase
     @add_organisation_access_task = Rake::Task["permissions:add_organisation_access"]
     @bulk_process_task = Rake::Task["permissions:bulk_process_access_flags"]
 
+    @remove_organisation_access_task = Rake::Task["permissions:remove_organisation_access"]
+    @remove_all_access_flags_task = Rake::Task["permissions:remove_all_access_flags"]
+
     @add_organisation_access_task.reenable
     @bulk_process_task.reenable
+    @remove_organisation_access_task.reenable
+    @remove_all_access_flags_task.reenable
 
     @artefact1 = FactoryBot.create(:artefact, slug: "example-slug-1")
     @artefact2 = FactoryBot.create(:artefact, slug: "example-slug-2")
+
     @edition1 = FactoryBot.create(:edition, panopticon_id: @artefact1.id, owning_org_content_ids: [])
     @edition2 = FactoryBot.create(:edition, panopticon_id: @artefact2.id, owning_org_content_ids: [])
+
     @csv_file_path = Rails.root.join("tmp/test_bulk_access.csv")
     CSV.open(@csv_file_path, "w") do |csv|
       csv << %w[Header1 URL]
@@ -52,4 +59,51 @@ class AccessAndPermissionsTaskTest < ActiveSupport::TestCase
     assert_includes @edition1.owning_org_content_ids, organisation_id
     assert_includes @edition2.owning_org_content_ids, organisation_id
   end
+
+  test "remove_organisation_access removes permissions correctly" do
+    organisation_id = "org-id-to-remove"
+
+    @add_organisation_access_task.invoke(@artefact1.id, organisation_id)
+    @edition1.reload
+    assert_includes @edition1.owning_org_content_ids, organisation_id
+
+    @remove_organisation_access_task.invoke(@artefact1.id, organisation_id)
+    @edition1.reload
+
+    assert_not_includes @edition1.owning_org_content_ids, organisation_id
+  end
+
+  test "remove_organisation_access does not affect other organisation permissions" do
+    org_id_to_keep = "saved-org-id"
+    org_id_to_remove = "removable-org-id"
+    artefact3 = FactoryBot.create(:artefact, slug: "example-slug-3")
+    edition3 = FactoryBot.create(:edition, panopticon_id: artefact3.id, owning_org_content_ids: [org_id_to_keep, org_id_to_remove])
+    assert_includes edition3.owning_org_content_ids, org_id_to_keep
+    assert_includes edition3.owning_org_content_ids, org_id_to_remove
+
+    @remove_organisation_access_task.invoke(artefact3.id, org_id_to_remove)
+    edition3.reload
+
+    assert_not_includes edition3.owning_org_content_ids, org_id_to_remove
+    assert_includes edition3.owning_org_content_ids, org_id_to_keep
+  end
+
+  test "remove_all_access_flags removes all permissions" do
+    organisation_id1 = "org-id-one"
+    organisation_id2 = "org-id-two"
+
+    @add_organisation_access_task.invoke(@artefact1.id, organisation_id1)
+    @add_organisation_access_task.reenable
+    @add_organisation_access_task.invoke(@artefact1.id, organisation_id2)
+    @edition1.reload
+
+    assert_includes @edition1.owning_org_content_ids, organisation_id1
+    assert_includes @edition1.owning_org_content_ids, organisation_id2
+
+    @remove_all_access_flags_task.invoke(@artefact1.id, organisation_id2)
+    @edition1.reload
+
+    assert_not_includes @edition1.owning_org_content_ids, organisation_id1
+    assert_not_includes @edition1.owning_org_content_ids, organisation_id2
+  end
 end