Add readonly view

2025-07-25 12:08:40 +02:00 · 2024-08-02 14:38:45 -06:00 · 2024-08-02 14:38:45 -06:00 · 03e184e261
commit 03e184e261
parent 7b811895b3
8 changed files with 44 additions and 12 deletions
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@ -73,12 +73,17 @@ class User(AbstractUser):
            UserPortfolioPermissionChoices.EDIT_REQUESTS,
            UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
            UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
+            # Domain: field specific permissions
+            UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION,
+            UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION,
        ],
        UserPortfolioRoleChoices.ORGANIZATION_ADMIN_READ_ONLY: [
            UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
            UserPortfolioPermissionChoices.VIEW_MEMBER,
            UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
            UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
+            # Domain: field specific permissions
+            UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION,
        ],
        UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [
            UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
@ -255,9 +260,6 @@ class User(AbstractUser):
    def has_edit_org_portfolio_permission(self):
        return self._has_portfolio_permission(UserPortfolioPermissionChoices.EDIT_PORTFOLIO)

-    def has_edit_org_portfolio_permission(self):
-        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_PORTFOLIO)
-
    def has_domains_portfolio_permission(self):
        return self._has_portfolio_permission(
            UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS
@ -268,6 +270,13 @@ class User(AbstractUser):
            UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS
        ) or self._has_portfolio_permission(UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS)

+    # Field specific permission checks
+    def has_view_suborganization(self):
+        return self._has_portfolio_permission(UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION)
+    
+    def has_edit_suborganization(self):
+        return self._has_portfolio_permission(UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION)
+
    @classmethod
    def needs_identity_verification(cls, email, uuid):
        """A method used by our oidc classes to test whether a user needs email/uuid verification
--- a/src/registrar/models/utility/portfolio_helper.py
+++ b/src/registrar/models/utility/portfolio_helper.py
@ -26,3 +26,8 @@ class UserPortfolioPermissionChoices(models.TextChoices):

    VIEW_PORTFOLIO = "view_portfolio", "View organization"
    EDIT_PORTFOLIO = "edit_portfolio", "Edit organization"
+
+    # TODO - think of other solutions
+    # Domain: field specific permissions
+    VIEW_SUBORGANIZATION = "view_suborganization", "View suborganization"
+    EDIT_SUBORGANIZATION = "edit_suborganization", "Edit suborganization"
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@ -1,5 +1,6 @@
 {% extends "domain_base.html" %}
 {% load static url_helpers %}
+{% load custom_filters %}

 {% block domain_content %}
  {{ block.super }}
@ -64,9 +65,9 @@
      {% endif %}
    {% endif %}

-    {% if is_org_user %}
+    {% if portfolio and has_domains_portfolio_permission and request.user.has_view_suborganization %}
      {% url 'domain-suborganization' pk=domain.id as url %}
-      {% include "includes/summary_item.html" with title='Suborganization' value=domain.domain_info.sub_organization edit_link=url editable=is_editable %} 
+      {% include "includes/summary_item.html" with title='Suborganization' value=domain.domain_info.sub_organization edit_link=url editable=is_editable|and:request.user.has_edit_suborganization %}
    {% else %}
      {% url 'domain-org-name-address' pk=domain.id as url %}
      {% include "includes/summary_item.html" with title='Organization name and mailing address' value=domain.domain_info address='true' edit_link=url editable=is_editable %}
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@ -11,9 +11,12 @@
      {% if is_editable %}

      {% if portfolio %}
-          {% with url_name="domain-suborganization" %}
-            {% include "includes/domain_sidenav_item.html" with item_text="Suborganization" %}
-          {% endwith %}
+          {% comment %} Only show this menu option if the user has the perms to do so {% endcomment %}
+          {% if has_domains_portfolio_permission and request.user.has_view_suborganization %}
+            {% with url_name="domain-suborganization" %}
+              {% include "includes/domain_sidenav_item.html" with item_text="Suborganization" %}
+            {% endwith %}
+          {% endif %}
      {% else %}
        {% with url_name="domain-org-name-address" %}
          {% include "includes/domain_sidenav_item.html" with item_text="Organization name and mailing address" %}
--- a/src/registrar/templates/domain_suborganization.html
+++ b/src/registrar/templates/domain_suborganization.html
@ -7,7 +7,7 @@
    {# this is right after the messages block in the parent template #}
    {% include "includes/form_errors.html" with form=form %}

-    <h1>Organization name and mailing address </h1>
+    <h1>Suborganization</h1>

    <p>
        The name of your suborganization will be publicly listed as the domain registrant. 
@ -15,7 +15,7 @@
        If you believe there is an error please contact <a href="mailto:help@get.gov" class="usa-link">help@get.gov</a>.
    </p>

-    {% if has_edit_org_portfolio_permission %}
+    {% if has_domains_portfolio_permission and request.user.has_edit_suborganization %}
    {% include "includes/required_fields.html" %}
        <form class="usa-form usa-form--large" method="post" novalidate id="form-container">
            {% csrf_token %}
@ -23,7 +23,9 @@
            <button type="submit" class="usa-button">Save</button>
        </form>
    {% else %}
-        <p>Readonly content here</p>
+        {% with description="The suborganization for this domain can only be updated by a organization administrator."%}
+            {% include "includes/input_read_only.html" with field=form.sub_organization label_description=description%}
+        {% endwith %}
    {% endif %}

 {% endblock %}
--- a/src/registrar/templates/includes/domains_table.html
+++ b/src/registrar/templates/includes/domains_table.html
@ -150,7 +150,7 @@
            <th data-sortable="name" scope="col" role="columnheader">Domain name</th>
            <th data-sortable="expiration_date" scope="col" role="columnheader">Expires</th>
            <th data-sortable="state_display" scope="col" role="columnheader">Status</th>
-            {% if has_domains_portfolio_permission %}
+            {% if has_domains_portfolio_permission and request.user.has_view_suborganization %}
              <th data-sortable="suborganization" scope="col" role="columnheader">Suborganization</th>
            {% endif %}
            <th 
--- a/src/registrar/templates/includes/input_read_only.html
+++ b/src/registrar/templates/includes/input_read_only.html
@ -4,4 +4,7 @@ Template include for read-only form fields


 <h4 class="read-only-label">{{ field.label }}</h4>
+{% if label_description %}
+    <p class="usa-hint margin-top-0 margin-bottom-05">{{ label_description }}</p>
+{% endif %}
 <p class="read-only-value">{{ field.value }}</p>
--- a/src/registrar/templatetags/custom_filters.py
+++ b/src/registrar/templatetags/custom_filters.py
@ -150,3 +150,12 @@ def format_phone(value):
@register.filter
 def in_path(url, path):
    return url in path
+
+
+@register.filter(name='and')
+def and_filter(value, arg):
+    """
+    Implements logical AND operation in templates.
+    Usage: {{ value|and:arg }}
+    """
+    return bool(value and arg)