GovWifi · iram-shehzadi · Feb 20, 2024 · Jan 16, 2024
diff --git a/app/controllers/super_admin/organisations_controller.rb b/app/controllers/super_admin/organisations_controller.rb
@@ -1,6 +1,8 @@
 class SuperAdmin::OrganisationsController < SuperAdminController
   helper_method :sort_column, :sort_direction
 
+  before_action :set_organisation, only: %i[toggle_cba_feature]
+
   def index
     @organisations = Organisation.sortable_with_child_counts(sort_column, sort_direction)
 
@@ -31,8 +33,17 @@ def destroy
     redirect_to super_admin_organisations_path, notice: "Organisation has been removed"
   end
 
+  def toggle_cba_feature
+    @organisation.update!(cba_enabled: !@organisation.cba_enabled)
+    redirect_to super_admin_organisation_path, notice: "Cba feature flag toggled successfully"
+  end
+
 private
 
+  def set_organisation
+    @organisation = Organisation.find(params[:id])
+  end
+
   def sortable_columns
     %w[name created_at locations_count ips_count active_storage_attachments.created_at last_sign_in_at email sign_in_count]
   end

diff --git a/app/models/organisation.rb b/app/models/organisation.rb
@@ -10,6 +10,8 @@ class Organisation < ApplicationRecord
   validates :service_email, format: { with: Devise.email_regexp }
   validate :validate_in_register?, unless: proc { |org| org.name.blank? }
 
+  validates :cba_enabled, inclusion: { in: [true, false] }, allow_nil: true
+
   validates_associated :locations
 
   scope :sortable_with_child_counts, lambda { |sort_column, sort_direction|
@@ -19,6 +21,14 @@ class Organisation < ApplicationRecord
       .order(sort_column => sort_direction)
   }
 
+  def enable_cba_feature!
+    update(cba_enabled: true)
+  end
+
+  def disable_cba_feature!
+    update(cba_enabled: false)
+  end
+
   def meets_invited_admin_user_minimum?
     memberships.count(&:administrator?) >= 2
   end

diff --git a/app/views/logs/index.html.erb b/app/views/logs/index.html.erb
@@ -59,6 +59,7 @@
               <% end %>
             </td>
           <% end %>
+
           <td class="govuk-table__cell"><%= log.ap %></td>
           <td class="govuk-table__cell"><%= log.mac %></td>
           <% unless log_search_form.ip %>

diff --git a/app/views/super_admin/organisations/_cba_form.html.erb b/app/views/super_admin/organisations/_cba_form.html.erb
@@ -0,0 +1,21 @@
+<% cba_enabled = organisation.cba_enabled %>
+
+  <p class="govuk-body">
+    Show both EAP/TLS and MS-CHAPv2 authentication attempts in the logs. This is for organisations using Certificate Based Authentication (CBA)
+  </p>
+  <% if cba_enabled %>
+    <p class="govuk-body">
+      This organisation can see the CBA logs.
+    </p>
+  <% else %>
+    <p class="govuk-body">
+      This organisation cannot see the CBA logs.
+    </p>
+  <% end %>
+
+<div id="cba-form">
+  <%= form_with(model: @organisation, url: toggle_cba_feature_super_admin_organisation_path(@organisation), method: :patch) do |form| %>
+    <%= form.hidden_field :cba_enabled, value: !@organisation.cba_enabled %>
+    <%= form.submit(@organisation.cba_enabled ? "Turn off CBA logs" : "Turn on CBA logs", class: @organisation.cba_enabled ? "govuk-button govuk-button--secondary" : "govuk-button") %>
+  <% end %>
+</div>
diff --git a/app/views/super_admin/organisations/show.html.erb b/app/views/super_admin/organisations/show.html.erb
@@ -35,6 +35,10 @@
       <%= render "mou_form", organisation: @organisation %>
     <% end %>
 
+    <%= render "section", heading: "CBA" do %>
+      <%= render "cba_form", organisation: @organisation %>
+    <% end %>
+
     <%= render "section", heading: "Locations" do %>
       <%== pagy_nav_govuk(@pagy) %>
       <%= render "locations", locations: @locations %>

diff --git a/config/routes.rb b/config/routes.rb
@@ -70,6 +70,7 @@
     end
     resources :mou, only: %i[index update create]
     resources :organisations, only: %i[index show destroy] do
+      patch "toggle_cba_feature", to: "organisations#toggle_cba_feature", on: :member
       collection do
         get "service_emails", to: "organisations#service_emails", constraints: { format: "csv" }
       end

diff --git a/db/migrate/20231228135538_add_cba_enabled_to_organisations.rb b/db/migrate/20231228135538_add_cba_enabled_to_organisations.rb
@@ -0,0 +1,5 @@
+class AddCbaEnabledToOrganisations < ActiveRecord::Migration[7.0]
+  def change
+    add_column :organisations, :cba_enabled, :boolean
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_06_19_161245) do
+ActiveRecord::Schema[7.0].define(version: 2023_12_28_135538) do
   create_table "active_storage_attachments", charset: "utf8", force: :cascade do |t|
     t.string "name", null: false
     t.string "record_type", null: false
@@ -96,6 +96,7 @@
     t.datetime "created_at", precision: nil, null: false
     t.datetime "updated_at", precision: nil, null: false
     t.string "service_email"
+    t.boolean "cba_enabled"
     t.index ["name"], name: "index_organisations_on_name", unique: true
   end
 

diff --git a/db/seeds.rb b/db/seeds.rb
@@ -120,3 +120,7 @@ def create_user_for_organisations(
 end
 
 MouTemplate.create!
+
+Organisation.all.each do |org|
+  org.update(cba_enabled: false)
+end