From 8ebd000c4aa42404959ea6d821a1d063977cbe9a Mon Sep 17 00:00:00 2001
From: Richard Pattinson <richie.pattinson@googlemail.com>
Date: Fri, 12 Jul 2024 10:46:41 +0100
Subject: [PATCH] Allow unauthenticated user to view the terms and conditions
 page

---
 app/controllers/terms_and_conditions_controller.rb |  2 ++
 app/views/terms_and_conditions/show.html.erb       |  6 ++++--
 spec/system/user_accepts_terms_and_conditions.rb   | 13 +++++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/app/controllers/terms_and_conditions_controller.rb b/app/controllers/terms_and_conditions_controller.rb
index 2cbdd9f..08f77fe 100644
--- a/app/controllers/terms_and_conditions_controller.rb
+++ b/app/controllers/terms_and_conditions_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class TermsAndConditionsController < ApplicationController
+  skip_before_action :authenticate_dsi_user!
+  skip_before_action :handle_expired_session!
   skip_before_action :enforce_terms_and_conditions_acceptance!
 
   def show
diff --git a/app/views/terms_and_conditions/show.html.erb b/app/views/terms_and_conditions/show.html.erb
index b3f7647..0c0bc4f 100644
--- a/app/views/terms_and_conditions/show.html.erb
+++ b/app/views/terms_and_conditions/show.html.erb
@@ -204,8 +204,10 @@
     <p class="govuk-body"><a class="govuk-link" mailto="teaching.status@education.gov.uk">Email: teaching.status@education.gov.uk</a></p>
 
     <p class="govuk-body">Website: <a class="govuk-link" href="https://www.gov.uk/government/organisations/teaching-regulation-agency">https://www.gov.uk/government/organisations/teaching-regulation-agency</a></p>
-    <%= form_with url: terms_and_conditions_path, method: :patch do |f| %>
-      <%= f.govuk_submit "Accept" %>
+    <% if current_dsi_user %>
+      <%= form_with url: terms_and_conditions_path, method: :patch do |f| %>
+        <%= f.govuk_submit "Accept" %>
+      <% end %>
     <% end %>
   </div>
 </div>
\ No newline at end of file
diff --git a/spec/system/user_accepts_terms_and_conditions.rb b/spec/system/user_accepts_terms_and_conditions.rb
index 8ba9c28..095ce8c 100644
--- a/spec/system/user_accepts_terms_and_conditions.rb
+++ b/spec/system/user_accepts_terms_and_conditions.rb
@@ -7,6 +7,11 @@
 
   scenario "User accepts terms and conditions", test: :with_stubbed_auth do
     given_the_service_is_open
+    when_i_visit_the_sign_in_page
+    and_i_click_on_terms_and_conditions_footer_link
+    then_i_am_redirected_to_the_terms_and_conditions_page
+    and_the_accept_button_is_hidden
+
     when_i_sign_in_via_dsi(accept_terms_and_conditions: false)
     then_i_am_signed_in
     and_i_am_redirected_to_the_terms_and_conditions_page
@@ -49,6 +54,14 @@ def and_i_am_redirected_to_the_terms_and_conditions_page
     :and_i_am_redirected_to_the_terms_and_conditions_page,
     )
 
+  def and_i_click_on_terms_and_conditions_footer_link
+    click_link "Terms and conditions"
+  end
+
+  def and_the_accept_button_is_hidden
+    expect(page).not_to have_link "Accept"
+  end
+
   def when_i_click_accept
     click_on "Accept"
   end