From 03e184e2616ecd9e9dcc55bed02a795d2dc87892 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 2 Aug 2024 14:38:45 -0600
Subject: [PATCH] Add readonly view

---
 src/registrar/models/user.py                      | 15 ++++++++++++---
 src/registrar/models/utility/portfolio_helper.py  |  5 +++++
 src/registrar/templates/domain_detail.html        |  5 +++--
 src/registrar/templates/domain_sidebar.html       |  9 ++++++---
 .../templates/domain_suborganization.html         |  8 +++++---
 .../templates/includes/domains_table.html         |  2 +-
 .../templates/includes/input_read_only.html       |  3 +++
 src/registrar/templatetags/custom_filters.py      |  9 +++++++++
 8 files changed, 44 insertions(+), 12 deletions(-)

diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py
index 6dc86df25..451a52213 100644
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@@ -73,12 +73,17 @@ class User(AbstractUser):
             UserPortfolioPermissionChoices.EDIT_REQUESTS,
             UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
             UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
+            # Domain: field specific permissions
+            UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION,
+            UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION,
         ],
         UserPortfolioRoleChoices.ORGANIZATION_ADMIN_READ_ONLY: [
             UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
             UserPortfolioPermissionChoices.VIEW_MEMBER,
             UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
             UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
+            # Domain: field specific permissions
+            UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION,
         ],
         UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [
             UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
@@ -255,9 +260,6 @@ class User(AbstractUser):
     def has_edit_org_portfolio_permission(self):
         return self._has_portfolio_permission(UserPortfolioPermissionChoices.EDIT_PORTFOLIO)
 
-    def has_edit_org_portfolio_permission(self):
-        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_PORTFOLIO)
-
     def has_domains_portfolio_permission(self):
         return self._has_portfolio_permission(
             UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS
@@ -268,6 +270,13 @@ class User(AbstractUser):
             UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS
         ) or self._has_portfolio_permission(UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS)
 
+    # Field specific permission checks
+    def has_view_suborganization(self):
+        return self._has_portfolio_permission(UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION)
+    
+    def has_edit_suborganization(self):
+        return self._has_portfolio_permission(UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION)
+
     @classmethod
     def needs_identity_verification(cls, email, uuid):
         """A method used by our oidc classes to test whether a user needs email/uuid verification
diff --git a/src/registrar/models/utility/portfolio_helper.py b/src/registrar/models/utility/portfolio_helper.py
index 70977f312..2edca3422 100644
--- a/src/registrar/models/utility/portfolio_helper.py
+++ b/src/registrar/models/utility/portfolio_helper.py
@@ -26,3 +26,8 @@ class UserPortfolioPermissionChoices(models.TextChoices):
 
     VIEW_PORTFOLIO = "view_portfolio", "View organization"
     EDIT_PORTFOLIO = "edit_portfolio", "Edit organization"
+
+    # TODO - think of other solutions
+    # Domain: field specific permissions
+    VIEW_SUBORGANIZATION = "view_suborganization", "View suborganization"
+    EDIT_SUBORGANIZATION = "edit_suborganization", "Edit suborganization"
diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index aa3f7efbb..af7fee363 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -1,5 +1,6 @@
 {% extends "domain_base.html" %}
 {% load static url_helpers %}
+{% load custom_filters %}
 
 {% block domain_content %}
   {{ block.super }}
@@ -64,9 +65,9 @@
       {% endif %}
     {% endif %}
 
-    {% if is_org_user %}
+    {% if portfolio and has_domains_portfolio_permission and request.user.has_view_suborganization %}
       {% url 'domain-suborganization' pk=domain.id as url %}
-      {% include "includes/summary_item.html" with title='Suborganization' value=domain.domain_info.sub_organization edit_link=url editable=is_editable %} 
+      {% include "includes/summary_item.html" with title='Suborganization' value=domain.domain_info.sub_organization edit_link=url editable=is_editable|and:request.user.has_edit_suborganization %}
     {% else %}
       {% url 'domain-org-name-address' pk=domain.id as url %}
       {% include "includes/summary_item.html" with title='Organization name and mailing address' value=domain.domain_info address='true' edit_link=url editable=is_editable %}
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index 274f17a25..fad2d82a0 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -11,9 +11,12 @@
       {% if is_editable %}
 
       {% if portfolio %}
-          {% with url_name="domain-suborganization" %}
-            {% include "includes/domain_sidenav_item.html" with item_text="Suborganization" %}
-          {% endwith %}
+          {% comment %} Only show this menu option if the user has the perms to do so {% endcomment %}
+          {% if has_domains_portfolio_permission and request.user.has_view_suborganization %}
+            {% with url_name="domain-suborganization" %}
+              {% include "includes/domain_sidenav_item.html" with item_text="Suborganization" %}
+            {% endwith %}
+          {% endif %}
       {% else %}
         {% with url_name="domain-org-name-address" %}
           {% include "includes/domain_sidenav_item.html" with item_text="Organization name and mailing address" %}
diff --git a/src/registrar/templates/domain_suborganization.html b/src/registrar/templates/domain_suborganization.html
index 29cda3492..6dbf2f0ff 100644
--- a/src/registrar/templates/domain_suborganization.html
+++ b/src/registrar/templates/domain_suborganization.html
@@ -7,7 +7,7 @@
     {# this is right after the messages block in the parent template #}
     {% include "includes/form_errors.html" with form=form %}
 
-    <h1>Organization name and mailing address </h1>
+    <h1>Suborganization</h1>
 
     <p>
         The name of your suborganization will be publicly listed as the domain registrant. 
@@ -15,7 +15,7 @@
         If you believe there is an error please contact <a href="mailto:help@get.gov" class="usa-link">help@get.gov</a>.
     </p>
 
-    {% if has_edit_org_portfolio_permission %}
+    {% if has_domains_portfolio_permission and request.user.has_edit_suborganization %}
     {% include "includes/required_fields.html" %}
         <form class="usa-form usa-form--large" method="post" novalidate id="form-container">
             {% csrf_token %}
@@ -23,7 +23,9 @@
             <button type="submit" class="usa-button">Save</button>
         </form>
     {% else %}
-        <p>Readonly content here</p>
+        {% with description="The suborganization for this domain can only be updated by a organization administrator."%}
+            {% include "includes/input_read_only.html" with field=form.sub_organization label_description=description%}
+        {% endwith %}
     {% endif %}
 
 {% endblock %}
\ No newline at end of file
diff --git a/src/registrar/templates/includes/domains_table.html b/src/registrar/templates/includes/domains_table.html
index 64eddec41..3982e2d32 100644
--- a/src/registrar/templates/includes/domains_table.html
+++ b/src/registrar/templates/includes/domains_table.html
@@ -150,7 +150,7 @@
             <th data-sortable="name" scope="col" role="columnheader">Domain name</th>
             <th data-sortable="expiration_date" scope="col" role="columnheader">Expires</th>
             <th data-sortable="state_display" scope="col" role="columnheader">Status</th>
-            {% if has_domains_portfolio_permission %}
+            {% if has_domains_portfolio_permission and request.user.has_view_suborganization %}
               <th data-sortable="suborganization" scope="col" role="columnheader">Suborganization</th>
             {% endif %}
             <th 
diff --git a/src/registrar/templates/includes/input_read_only.html b/src/registrar/templates/includes/input_read_only.html
index b76f82e8b..0e25a9a1f 100644
--- a/src/registrar/templates/includes/input_read_only.html
+++ b/src/registrar/templates/includes/input_read_only.html
@@ -4,4 +4,7 @@ Template include for read-only form fields
 
 
 <h4 class="read-only-label">{{ field.label }}</h4>
+{% if label_description %}
+    <p class="usa-hint margin-top-0 margin-bottom-05">{{ label_description }}</p>
+{% endif %}
 <p class="read-only-value">{{ field.value }}</p>
diff --git a/src/registrar/templatetags/custom_filters.py b/src/registrar/templatetags/custom_filters.py
index 8338eaf9d..5dcdecef6 100644
--- a/src/registrar/templatetags/custom_filters.py
+++ b/src/registrar/templatetags/custom_filters.py
@@ -150,3 +150,12 @@ def format_phone(value):
 @register.filter
 def in_path(url, path):
     return url in path
+
+
+@register.filter(name='and')
+def and_filter(value, arg):
+    """
+    Implements logical AND operation in templates.
+    Usage: {{ value|and:arg }}
+    """
+    return bool(value and arg)
\ No newline at end of file