Hide support navigation items from unauthorised users

DFE-Digital · Dec 6, 2023 · 5648b14 · 5648b14
1 parent 4a5d6f1
commit 5648b14
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 11 deletions.
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -7,17 +7,17 @@ def navigation
     govuk_header(service_name: t("service.name")) do |header|
       case current_namespace
       when "support"
-        header.with_navigation_item(
-          active: current_page?(main_app.support_interface_feature_flags_path),
-          href: main_app.support_interface_feature_flags_path,
-          text: "Features"
-        )
-        header.with_navigation_item(
-          active: request.path.start_with?("/support/staff"),
-          text: "Staff",
-          href: main_app.support_interface_staff_index_path
-        )
         if current_staff
+          header.with_navigation_item(
+            active: current_page?(main_app.support_interface_feature_flags_path),
+            href: main_app.support_interface_feature_flags_path,
+            text: "Features"
+          )
+          header.with_navigation_item(
+            active: request.path.start_with?("/support/staff"),
+            text: "Staff",
+            href: main_app.support_interface_staff_index_path
+          )
           header.with_navigation_item(href: main_app.support_interface_sign_out_path, text: "Sign out")
         end
       when "qualifications"

diff --git a/spec/system/support/staff_user_signs_in_spec.rb b/spec/system/support/staff_user_signs_in_spec.rb
@@ -15,7 +15,11 @@
   private
 
   def then_i_am_signed_in
-    within("header") { expect(page).to have_content "Sign out" }
+    within("header") do
+      expect(page).to have_link("Features")
+      expect(page).to have_link("Staff")
+      expect(page).to have_content "Sign out"
+    end
     expect(DsiUser.count).to eq 1
     expect(DsiUserSession.count).to eq 1
   end

diff --git a/spec/system/support/unauthorised_user_signs_in_spec.rb b/spec/system/support/unauthorised_user_signs_in_spec.rb
@@ -20,6 +20,8 @@ def then_i_am_redirected_to_the_unauthorised_page
     expect(page).to have_link("sign out and start again", href: "/support/auth/staff/sign-out?id_token_hint=abc123")
 
     within(".govuk-header__content") do
+      expect(page).not_to have_link("Features")
+      expect(page).not_to have_link("Staff")
       expect(page).not_to have_link("Sign in")
       expect(page).not_to have_link("Sign out")
     end