${markupForSuborganizationRow}
@@ -77,3 +80,30 @@ export function initDomainsTable() {
}
});
}
+
+// For clicking the "Expiring" checkbox
+document.addEventListener('DOMContentLoaded', () => {
+ const expiringLink = document.getElementById('link-expiring-domains');
+
+ if (expiringLink) {
+ // Grab the selection for the status filter by
+ const statusCheckboxes = document.querySelectorAll('input[name="filter-status"]');
+
+ expiringLink.addEventListener('click', (event) => {
+ event.preventDefault();
+ // Loop through all statuses
+ statusCheckboxes.forEach(checkbox => {
+ // To find the for checkbox for "Expiring soon"
+ if (checkbox.value === "expiring") {
+ // If the checkbox is not already checked, check it
+ if (!checkbox.checked) {
+ checkbox.checked = true;
+ // Do the checkbox action
+ let event = new Event('change');
+ checkbox.dispatchEvent(event)
+ }
+ }
+ });
+ });
+ }
+});
\ No newline at end of file
diff --git a/src/registrar/assets/src/js/getgov/table-edit-member-domains.js b/src/registrar/assets/src/js/getgov/table-edit-member-domains.js
index 95492d46f..86aa39c37 100644
--- a/src/registrar/assets/src/js/getgov/table-edit-member-domains.js
+++ b/src/registrar/assets/src/js/getgov/table-edit-member-domains.js
@@ -1,5 +1,6 @@
import { BaseTable } from './table-base.js';
+import { hideElement, showElement } from './helpers.js';
/**
* EditMemberDomainsTable is used for PortfolioMember and PortfolioInvitedMember
@@ -18,8 +19,14 @@ export class EditMemberDomainsTable extends BaseTable {
this.initialDomainAssignmentsOnlyMember = []; // list of initially assigned domains which are readonly
this.addedDomains = []; // list of domains added to member
this.removedDomains = []; // list of domains removed from member
+ this.editModeContainer = document.getElementById('domain-assignments-edit-view');
+ this.readonlyModeContainer = document.getElementById('domain-assignments-readonly-view');
+ this.reviewButton = document.getElementById('review-domain-assignments');
+ this.backButton = document.getElementById('back-to-edit-domain-assignments');
+ this.saveButton = document.getElementById('save-domain-assignments');
this.initializeDomainAssignments();
this.initCancelEditDomainAssignmentButton();
+ this.initEventListeners();
}
getBaseUrl() {
return document.getElementById("get_member_domains_json_url");
@@ -55,6 +62,14 @@ export class EditMemberDomainsTable extends BaseTable {
getSearchParams(page, sortBy, order, searchTerm, status, portfolio) {
let searchParams = super.getSearchParams(page, sortBy, order, searchTerm, status, portfolio);
// Add checkedDomains to searchParams
+ let checkedDomains = this.getCheckedDomains();
+ // Append updated checkedDomain IDs to searchParams
+ if (checkedDomains.length > 0) {
+ searchParams.append("checkedDomainIds", checkedDomains.join(","));
+ }
+ return searchParams;
+ }
+ getCheckedDomains() {
// Clone the initial domains to avoid mutating them
let checkedDomains = [...this.initialDomainAssignments];
// Add IDs from addedDomains that are not already in checkedDomains
@@ -70,11 +85,7 @@ export class EditMemberDomainsTable extends BaseTable {
checkedDomains.splice(index, 1);
}
});
- // Append updated checkedDomain IDs to searchParams
- if (checkedDomains.length > 0) {
- searchParams.append("checkedDomainIds", checkedDomains.join(","));
- }
- return searchParams;
+ return checkedDomains
}
addRow(dataObject, tbody, customTableOptions) {
const domain = dataObject;
@@ -217,7 +228,123 @@ export class EditMemberDomainsTable extends BaseTable {
}
});
}
+
+ updateReadonlyDisplay() {
+ let totalAssignedDomains = this.getCheckedDomains().length;
+
+ // Create unassigned domains list
+ const unassignedDomainsList = document.createElement('ul');
+ unassignedDomainsList.classList.add('usa-list', 'usa-list--unstyled');
+ this.removedDomains.forEach(removedDomain => {
+ const removedDomainListItem = document.createElement('li');
+ removedDomainListItem.textContent = removedDomain.name; // Use textContent for security
+ unassignedDomainsList.appendChild(removedDomainListItem);
+ });
+
+ // Create assigned domains list
+ const assignedDomainsList = document.createElement('ul');
+ assignedDomainsList.classList.add('usa-list', 'usa-list--unstyled');
+ this.addedDomains.forEach(addedDomain => {
+ const addedDomainListItem = document.createElement('li');
+ addedDomainListItem.textContent = addedDomain.name; // Use textContent for security
+ assignedDomainsList.appendChild(addedDomainListItem);
+ });
+
+ // Get the summary container
+ const domainAssignmentSummary = document.getElementById('domain-assignments-summary');
+ // Clear existing content
+ domainAssignmentSummary.innerHTML = '';
+
+ // Append unassigned domains section
+ if (this.removedDomains.length) {
+ const unassignedHeader = document.createElement('h3');
+ unassignedHeader.classList.add('header--body', 'text-primary', 'margin-bottom-1');
+ unassignedHeader.textContent = 'Unassigned domains';
+ domainAssignmentSummary.appendChild(unassignedHeader);
+ domainAssignmentSummary.appendChild(unassignedDomainsList);
+ }
+
+ // Append assigned domains section
+ if (this.addedDomains.length) {
+ const assignedHeader = document.createElement('h3');
+ assignedHeader.classList.add('header--body', 'text-primary', 'margin-bottom-1');
+ assignedHeader.textContent = 'Assigned domains';
+ domainAssignmentSummary.appendChild(assignedHeader);
+ domainAssignmentSummary.appendChild(assignedDomainsList);
+ }
+
+ // Append total assigned domains section
+ const totalHeader = document.createElement('h3');
+ totalHeader.classList.add('header--body', 'text-primary', 'margin-bottom-1');
+ totalHeader.textContent = 'Total assigned domains';
+ domainAssignmentSummary.appendChild(totalHeader);
+ const totalCount = document.createElement('p');
+ totalCount.classList.add('margin-y-0');
+ totalCount.textContent = totalAssignedDomains;
+ domainAssignmentSummary.appendChild(totalCount);
+ }
+
+ showReadonlyMode() {
+ this.updateReadonlyDisplay();
+ hideElement(this.editModeContainer);
+ showElement(this.readonlyModeContainer);
+ }
+
+ showEditMode() {
+ hideElement(this.readonlyModeContainer);
+ showElement(this.editModeContainer);
+ }
+
+ submitChanges() {
+ let memberDomainsEditForm = document.getElementById("member-domains-edit-form");
+ if (memberDomainsEditForm) {
+ // Serialize data to send
+ const addedDomainIds = this.addedDomains.map(domain => domain.id);
+ const addedDomainsInput = document.createElement('input');
+ addedDomainsInput.type = 'hidden';
+ addedDomainsInput.name = 'added_domains'; // Backend will use this key to retrieve data
+ addedDomainsInput.value = JSON.stringify(addedDomainIds); // Stringify the array
+
+ const removedDomainsIds = this.removedDomains.map(domain => domain.id);
+ const removedDomainsInput = document.createElement('input');
+ removedDomainsInput.type = 'hidden';
+ removedDomainsInput.name = 'removed_domains'; // Backend will use this key to retrieve data
+ removedDomainsInput.value = JSON.stringify(removedDomainsIds); // Stringify the array
+
+ // Append input to the form
+ memberDomainsEditForm.appendChild(addedDomainsInput);
+ memberDomainsEditForm.appendChild(removedDomainsInput);
+
+ memberDomainsEditForm.submit();
+ }
+ }
+
+ initEventListeners() {
+ if (this.reviewButton) {
+ this.reviewButton.addEventListener('click', () => {
+ this.showReadonlyMode();
+ });
+ } else {
+ console.warn('Missing DOM element. Expected element with id review-domain-assignments');
+ }
+
+ if (this.backButton) {
+ this.backButton.addEventListener('click', () => {
+ this.showEditMode();
+ });
+ } else {
+ console.warn('Missing DOM element. Expected element with id back-to-edit-domain-assignments');
+ }
+
+ if (this.saveButton) {
+ this.saveButton.addEventListener('click', () => {
+ this.submitChanges();
+ });
+ } else {
+ console.warn('Missing DOM element. Expected element with id save-domain-assignments');
+ }
+ }
}
export function initEditMemberDomainsTable() {
diff --git a/src/registrar/assets/src/js/getgov/table-member-domains.js b/src/registrar/assets/src/js/getgov/table-member-domains.js
index 54e9d1212..7f89eee52 100644
--- a/src/registrar/assets/src/js/getgov/table-member-domains.js
+++ b/src/registrar/assets/src/js/getgov/table-member-domains.js
@@ -1,4 +1,5 @@
+import { showElement, hideElement } from './helpers.js';
import { BaseTable } from './table-base.js';
export class MemberDomainsTable extends BaseTable {
@@ -24,7 +25,28 @@ export class MemberDomainsTable extends BaseTable {
`;
tbody.appendChild(row);
}
-
+ updateDisplay = (data, dataWrapper, noDataWrapper, noSearchResultsWrapper) => {
+ const { unfiltered_total, total } = data;
+ const searchSection = document.getElementById('edit-member-domains__search');
+ if (!searchSection) console.warn('MemberDomainsTable updateDisplay expected an element with id edit-member-domains__search but none was found');
+ if (unfiltered_total) {
+ showElement(searchSection);
+ if (total) {
+ showElement(dataWrapper);
+ hideElement(noSearchResultsWrapper);
+ hideElement(noDataWrapper);
+ } else {
+ hideElement(dataWrapper);
+ showElement(noSearchResultsWrapper);
+ hideElement(noDataWrapper);
+ }
+ } else {
+ hideElement(searchSection);
+ hideElement(dataWrapper);
+ hideElement(noSearchResultsWrapper);
+ showElement(noDataWrapper);
+ }
+ };
}
export function initMemberDomainsTable() {
diff --git a/src/registrar/assets/src/sass/_theme/_accordions.scss b/src/registrar/assets/src/sass/_theme/_accordions.scss
index df4f686d8..762618415 100644
--- a/src/registrar/assets/src/sass/_theme/_accordions.scss
+++ b/src/registrar/assets/src/sass/_theme/_accordions.scss
@@ -40,7 +40,11 @@
top: 30px;
}
-tr:last-child .usa-accordion--more-actions .usa-accordion__content {
+// Special positioning for the kabob menu popup in the last row on a given page
+// This won't work on the Members table rows because that table has show-more rows
+// Currently, that's not an issue since that Members table is not wrapped in the
+// reponsive wrapper.
+tr:last-of-type .usa-accordion--more-actions .usa-accordion__content {
top: auto;
bottom: -10px;
right: 30px;
diff --git a/src/registrar/assets/src/sass/_theme/_admin.scss b/src/registrar/assets/src/sass/_theme/_admin.scss
index 58ce1e4df..5bb523cac 100644
--- a/src/registrar/assets/src/sass/_theme/_admin.scss
+++ b/src/registrar/assets/src/sass/_theme/_admin.scss
@@ -176,7 +176,16 @@ html[data-theme="dark"] {
color: var(--primary-fg);
}
+// Reset the USWDS styles for alerts
+@include at-media(desktop) {
+ .dashboard .usa-alert__body--widescreen {
+ padding-left: 4rem !important;
+ }
+ .dashboard .usa-alert__body--widescreen::before {
+ left: 1.5rem !important;
+ }
+}
#branding h1,
h1, h2, h3,
diff --git a/src/registrar/assets/src/sass/_theme/_alerts.scss b/src/registrar/assets/src/sass/_theme/_alerts.scss
index 9579cc057..3164358b7 100644
--- a/src/registrar/assets/src/sass/_theme/_alerts.scss
+++ b/src/registrar/assets/src/sass/_theme/_alerts.scss
@@ -1,21 +1,18 @@
@use "uswds-core" as *;
@use "base" as *;
-// Fixes some font size disparities with the Figma
-// for usa-alert alert elements
-.usa-alert {
- .usa-alert__heading.larger-font-sizing {
- font-size: units(3);
- }
-}
-.usa-alert__text.measure-none {
- max-width: measure(none);
-}
+/*----------------
+ Alert Layout
+-----------------*/
// The icon was off center for some reason
// Fixes that issue
-@media (min-width: 64em){
+@include at-media(desktop) {
+ // NOTE: !important is used because _font.scss overrides this
+ .usa-alert__body {
+ max-width: $widescreen-max-width !important;
+ }
.usa-alert--warning{
.usa-alert__body::before {
left: 1rem !important;
@@ -24,13 +21,29 @@
.usa-alert__body.margin-left-1 {
margin-left: 0.5rem!important;
}
+
+ .usa-alert__body--widescreen::before {
+ left: 4rem !important;
+ }
+ .usa-alert__body--widescreen {
+ padding-left: 7rem!important;
+ }
}
-// NOTE: !important is used because _font.scss overrides this
-.usa-alert__body--widescreen {
- max-width: $widescreen-max-width !important;
+/*----------------
+ Alert Fonts
+-----------------*/
+// Fixes some font size disparities with the Figma
+// for usa-alert alert elements
+.usa-alert {
+ .usa-alert__heading.larger-font-sizing {
+ font-size: 1.5rem;
+ }
}
+/*----------------
+ Alert Coloring
+-----------------*/
.usa-site-alert--hot-pink {
.usa-alert {
background-color: $hot-pink;
@@ -47,3 +60,8 @@
background-color: color('base-darkest');
}
}
+
+// Override the specificity of USWDS css to enable no max width on admin alerts
+.usa-alert__body.maxw-none {
+ max-width: none;
+}
diff --git a/src/registrar/assets/src/sass/_theme/_base.scss b/src/registrar/assets/src/sass/_theme/_base.scss
index 8d475270b..d73becd75 100644
--- a/src/registrar/assets/src/sass/_theme/_base.scss
+++ b/src/registrar/assets/src/sass/_theme/_base.scss
@@ -2,6 +2,8 @@
@use "cisa_colors" as *;
$widescreen-max-width: 1920px;
+$widescreen-x-padding: 4.5rem;
+
$hot-pink: #FFC3F9;
/* Styles for making visible to screen reader / AT users only. */
@@ -39,7 +41,8 @@ body {
padding-top: units(5)!important;
}
-#wrapper.dashboard--grey-1 {
+#wrapper.dashboard--grey-1,
+.bg-gray-1 {
background-color: color('gray-1');
}
@@ -149,6 +152,11 @@ footer {
color: color('primary');
}
+.usa-radio {
+ margin-top: 1rem;
+ font-size: 1.06rem;
+}
+
abbr[title] {
// workaround for underlining abbr element
border-bottom: none;
@@ -247,6 +255,15 @@ abbr[title] {
max-width: $widescreen-max-width;
}
+// This is used in cases where we want to align content to widescreen margins
+// but we don't want the content itself to have widescreen widths
+@include at-media(desktop) {
+ .padding-x--widescreen {
+ padding-left: $widescreen-x-padding !important;
+ padding-right: $widescreen-x-padding !important;
+ }
+}
+
.margin-right-neg-4px {
margin-right: -4px;
}
@@ -260,4 +277,8 @@ abbr[title] {
margin: 0;
height: 1.5em;
width: 1.5em;
+}
+
+.maxw-fit-content {
+ max-width: fit-content;
}
\ No newline at end of file
diff --git a/src/registrar/assets/src/sass/_theme/_containers.scss b/src/registrar/assets/src/sass/_theme/_containers.scss
index 7473615ad..24ad480f2 100644
--- a/src/registrar/assets/src/sass/_theme/_containers.scss
+++ b/src/registrar/assets/src/sass/_theme/_containers.scss
@@ -6,3 +6,21 @@
.usa-identifier__container--widescreen {
max-width: $widescreen-max-width !important;
}
+
+
+// NOTE: !important is used because we are overriding default
+// USWDS paddings in a few locations
+@include at-media(desktop) {
+ .grid-container--widescreen {
+ padding-left: $widescreen-x-padding !important;
+ padding-right: $widescreen-x-padding !important;
+ }
+}
+
+// matches max-width to equal the max-width of .grid-container
+// used to trick the eye into thinking we have left-aligned a
+// regular grid-container within a widescreen (see instances
+// where is_widescreen_centered is used in the html).
+.max-width--grid-container {
+ max-width: 960px;
+}
\ No newline at end of file
diff --git a/src/registrar/assets/src/sass/_theme/_forms.scss b/src/registrar/assets/src/sass/_theme/_forms.scss
index 9158de174..4138c5878 100644
--- a/src/registrar/assets/src/sass/_theme/_forms.scss
+++ b/src/registrar/assets/src/sass/_theme/_forms.scss
@@ -78,3 +78,7 @@ legend.float-left-tablet + button.float-right-tablet {
.read-only-value {
margin-top: units(0);
}
+
+.bg-gray-1 .usa-radio {
+ background: color('gray-1');
+}
diff --git a/src/registrar/assets/src/sass/_theme/_header.scss b/src/registrar/assets/src/sass/_theme/_header.scss
index 53eab90d8..ffb880a7b 100644
--- a/src/registrar/assets/src/sass/_theme/_header.scss
+++ b/src/registrar/assets/src/sass/_theme/_header.scss
@@ -110,8 +110,8 @@
}
}
.usa-nav__secondary {
- // I don't know why USWDS has this at 2 rem, which puts it out of alignment
- right: 3rem;
+ right: 1rem;
+ padding-right: $widescreen-x-padding;
color: color('white');
bottom: 4.3rem;
.usa-nav-link,
diff --git a/src/registrar/assets/src/sass/_theme/_register-form.scss b/src/registrar/assets/src/sass/_theme/_register-form.scss
index 41d2980e3..fcc5b5ae6 100644
--- a/src/registrar/assets/src/sass/_theme/_register-form.scss
+++ b/src/registrar/assets/src/sass/_theme/_register-form.scss
@@ -12,7 +12,7 @@
margin-top: units(1);
}
-// register-form-review-header is used on the summary page and
+// header--body is used on the summary page and
// should not be styled like the register form headers
.register-form-step h3 {
color: color('primary-dark');
@@ -25,15 +25,6 @@
}
}
-.register-form-review-header {
- color: color('primary-dark');
- margin-top: units(2);
- margin-bottom: 0;
- font-weight: font-weight('semibold');
- // The units mixin can only get us close, so it's between
- // hardcoding the value and using in markup
- font-size: 16.96px;
-}
.register-form-step h4 {
margin-bottom: 0;
diff --git a/src/registrar/assets/src/sass/_theme/_tables.scss b/src/registrar/assets/src/sass/_theme/_tables.scss
index 45f0b5245..ea160396e 100644
--- a/src/registrar/assets/src/sass/_theme/_tables.scss
+++ b/src/registrar/assets/src/sass/_theme/_tables.scss
@@ -88,8 +88,14 @@ th {
}
@include at-media(tablet-lg) {
- th[data-sortable]:not([aria-sort]) .usa-table__header__button {
+ th[data-sortable] .usa-table__header__button {
right: auto;
+
+ &[aria-sort=ascending],
+ &[aria-sort=descending],
+ &:not([aria-sort]) {
+ right: auto;
+ }
}
}
}
diff --git a/src/registrar/assets/src/sass/_theme/_typography.scss b/src/registrar/assets/src/sass/_theme/_typography.scss
index 466b6f975..db19a595b 100644
--- a/src/registrar/assets/src/sass/_theme/_typography.scss
+++ b/src/registrar/assets/src/sass/_theme/_typography.scss
@@ -23,6 +23,14 @@ h2 {
color: color('primary-darker');
}
+.header--body {
+ margin-top: units(2);
+ font-weight: font-weight('semibold');
+ // The units mixin can only get us close, so it's between
+ // hardcoding the value and using in markup
+ font-size: 16.96px;
+}
+
.h4--sm-05 {
font-size: size('body', 'sm');
font-weight: normal;
@@ -34,6 +42,9 @@ h2 {
.usa-form,
.usa-form fieldset {
font-size: 1rem;
+ .usa-legend {
+ font-size: 1rem;
+ }
}
.p--blockquote {
diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index 050950c9b..0111245a1 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -251,7 +251,7 @@ TEMPLATES = [
"registrar.context_processors.org_user_status",
"registrar.context_processors.add_path_to_context",
"registrar.context_processors.portfolio_permissions",
- "registrar.context_processors.is_widescreen_mode",
+ "registrar.context_processors.is_widescreen_centered",
],
},
},
diff --git a/src/registrar/config/urls.py b/src/registrar/config/urls.py
index 66708c571..ef5f7f40a 100644
--- a/src/registrar/config/urls.py
+++ b/src/registrar/config/urls.py
@@ -146,7 +146,7 @@ urlpatterns = [
# ),
path(
"members/new-member/",
- views.NewMemberView.as_view(),
+ views.PortfolioAddMemberView.as_view(),
name="new-member",
),
path(
diff --git a/src/registrar/context_processors.py b/src/registrar/context_processors.py
index 9f5d0162f..b3d9c3727 100644
--- a/src/registrar/context_processors.py
+++ b/src/registrar/context_processors.py
@@ -69,9 +69,19 @@ def portfolio_permissions(request):
"has_organization_requests_flag": False,
"has_organization_members_flag": False,
"is_portfolio_admin": False,
+ "has_domain_renewal_flag": False,
}
try:
portfolio = request.session.get("portfolio")
+
+ # These feature flags will display and doesn't depend on portfolio
+ portfolio_context.update(
+ {
+ "has_organization_feature_flag": True,
+ "has_domain_renewal_flag": request.user.has_domain_renewal_flag(),
+ }
+ )
+
# Linting: line too long
view_suborg = request.user.has_view_suborganization_portfolio_permission(portfolio)
edit_suborg = request.user.has_edit_suborganization_portfolio_permission(portfolio)
@@ -90,6 +100,7 @@ def portfolio_permissions(request):
"has_organization_requests_flag": request.user.has_organization_requests_flag(),
"has_organization_members_flag": request.user.has_organization_members_flag(),
"is_portfolio_admin": request.user.is_portfolio_admin(portfolio),
+ "has_domain_renewal_flag": request.user.has_domain_renewal_flag(),
}
return portfolio_context
@@ -98,31 +109,21 @@ def portfolio_permissions(request):
return portfolio_context
-def is_widescreen_mode(request):
- widescreen_paths = [] # If this list is meant to include specific paths, populate it.
- portfolio_widescreen_paths = [
+def is_widescreen_centered(request):
+ include_paths = [
"/domains/",
"/requests/",
- "/request/",
- "/no-organization-requests/",
- "/no-organization-domains/",
- "/domain-request/",
+ "/members/",
]
- # widescreen_paths can be a bear as it trickles down sub-urls. exclude_paths gives us a way out.
exclude_paths = [
"/domains/edit",
+ "members/new-member/",
]
- # Check if the current path matches a widescreen path or the root path.
- is_widescreen = any(path in request.path for path in widescreen_paths) or request.path == "/"
+ is_excluded = any(exclude_path in request.path for exclude_path in exclude_paths)
- # Check if the user is an organization user and the path matches portfolio paths.
- is_portfolio_widescreen = (
- hasattr(request.user, "is_org_user")
- and request.user.is_org_user(request)
- and any(path in request.path for path in portfolio_widescreen_paths)
- and not any(exclude_path in request.path for exclude_path in exclude_paths)
- )
+ # Check if the current path matches a path in included_paths or the root path.
+ is_widescreen_centered = any(path in request.path for path in include_paths) or request.path == "/"
# Return a dictionary with the widescreen mode status.
- return {"is_widescreen_mode": is_widescreen or is_portfolio_widescreen}
+ return {"is_widescreen_centered": is_widescreen_centered and not is_excluded}
diff --git a/src/registrar/fixtures/fixtures_user_portfolio_permissions.py b/src/registrar/fixtures/fixtures_user_portfolio_permissions.py
index 15265cfa8..5f9fd64ef 100644
--- a/src/registrar/fixtures/fixtures_user_portfolio_permissions.py
+++ b/src/registrar/fixtures/fixtures_user_portfolio_permissions.py
@@ -60,7 +60,10 @@ class UserPortfolioPermissionFixture:
user=user,
portfolio=portfolio,
roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
- additional_permissions=[UserPortfolioPermissionChoices.EDIT_MEMBERS],
+ additional_permissions=[
+ UserPortfolioPermissionChoices.EDIT_MEMBERS,
+ UserPortfolioPermissionChoices.EDIT_REQUESTS,
+ ],
)
user_portfolio_permissions_to_create.append(user_portfolio_permission)
else:
diff --git a/src/registrar/fixtures/fixtures_users.py b/src/registrar/fixtures/fixtures_users.py
index a8cdb5b9a..e40998231 100644
--- a/src/registrar/fixtures/fixtures_users.py
+++ b/src/registrar/fixtures/fixtures_users.py
@@ -151,6 +151,27 @@ class UserFixture:
"email": "skey@truss.works",
"title": "Designer",
},
+ {
+ "username": "f20b7a53-f40d-48f8-8c12-f42f35eede92",
+ "first_name": "Kimberly",
+ "last_name": "Aralar",
+ "email": "kimberly.aralar@gsa.gov",
+ "title": "Designer",
+ },
+ {
+ "username": "4aa78480-6272-42f9-ac29-a034ebdd9231",
+ "first_name": "Kaitlin",
+ "last_name": "Abbitt",
+ "email": "kaitlin.abbitt@cisa.dhs.gov",
+ "title": "Product Manager",
+ },
+ {
+ "username": "5e54fd98-6c11-4cb3-82b6-93ed8be50a61",
+ "first_name": "Gina",
+ "last_name": "Summers",
+ "email": "gina.summers@ecstech.com",
+ "title": "Scrum Master",
+ },
]
STAFF = [
@@ -257,6 +278,18 @@ class UserFixture:
"last_name": "Key-Analyst",
"email": "skey+1@truss.works",
},
+ {
+ "username": "cf2b32fe-280d-4bc0-96c2-99eec09ba4da",
+ "first_name": "Kimberly-Analyst",
+ "last_name": "Aralar-Analyst",
+ "email": "kimberly.aralar+1@gsa.gov",
+ },
+ {
+ "username": "80db923e-ac64-4128-9b6f-e54b2174a09b",
+ "first_name": "Kaitlin-Analyst",
+ "last_name": "Abbitt-Analyst",
+ "email": "kaitlin.abbitt@gwe.cisa.dhs.gov",
+ },
]
# Additional emails to add to the AllowedEmail whitelist.
diff --git a/src/registrar/forms/domain_request_wizard.py b/src/registrar/forms/domain_request_wizard.py
index 572ef6399..3b4e3d2ab 100644
--- a/src/registrar/forms/domain_request_wizard.py
+++ b/src/registrar/forms/domain_request_wizard.py
@@ -17,6 +17,7 @@ from registrar.models import Contact, DomainRequest, DraftDomain, Domain, Federa
from registrar.templatetags.url_helpers import public_site_url
from registrar.utility.enums import ValidationReturnType
from registrar.utility.constants import BranchChoices
+from django.core.exceptions import ValidationError
logger = logging.getLogger(__name__)
@@ -78,6 +79,20 @@ class RequestingEntityForm(RegistrarForm):
# Otherwise just return the suborg as normal
return self.cleaned_data.get("sub_organization")
+ def clean_requested_suborganization(self):
+ name = self.cleaned_data.get("requested_suborganization")
+ if (
+ name
+ and Suborganization.objects.filter(
+ name__iexact=name, portfolio=self.domain_request.portfolio, name__isnull=False, portfolio__isnull=False
+ ).exists()
+ ):
+ raise ValidationError(
+ "This suborganization already exists. "
+ "Choose a new name, or select it directly if you would like to use it."
+ )
+ return name
+
def full_clean(self):
"""Validation logic to remove the custom suborganization value before clean is triggered.
Without this override, the form will throw an 'invalid option' error."""
@@ -114,7 +129,7 @@ class RequestingEntityForm(RegistrarForm):
if requesting_entity_is_suborganization == "True":
if is_requesting_new_suborganization:
# Validate custom suborganization fields
- if not cleaned_data.get("requested_suborganization"):
+ if not cleaned_data.get("requested_suborganization") and "requested_suborganization" not in self.errors:
self.add_error("requested_suborganization", "Enter the name of your suborganization.")
if not cleaned_data.get("suborganization_city"):
self.add_error("suborganization_city", "Enter the city where your suborganization is located.")
@@ -530,7 +545,7 @@ class PurposeForm(RegistrarForm):
widget=forms.Textarea(
attrs={
"aria-label": "What is the purpose of your requested domain? Describe how you’ll use your .gov domain. \
- Will it be used for a website, email, or something else? You can enter up to 2000 characters."
+ Will it be used for a website, email, or something else?"
}
),
validators=[
@@ -736,7 +751,13 @@ class NoOtherContactsForm(BaseDeletableRegistrarForm):
required=True,
# label has to end in a space to get the label_suffix to show
label=("No other employees rationale"),
- widget=forms.Textarea(),
+ widget=forms.Textarea(
+ attrs={
+ "aria-label": "You don’t need to provide names of other employees now, \
+ but it may slow down our assessment of your eligibility. Describe \
+ why there are no other employees who can help verify your request."
+ }
+ ),
validators=[
MaxLengthValidator(
1000,
@@ -784,7 +805,12 @@ class AnythingElseForm(BaseDeletableRegistrarForm):
anything_else = forms.CharField(
required=True,
label="Anything else?",
- widget=forms.Textarea(),
+ widget=forms.Textarea(
+ attrs={
+ "aria-label": "Is there anything else you’d like us to know about your domain request? \
+ Provide details below. You can enter up to 2000 characters"
+ }
+ ),
validators=[
MaxLengthValidator(
2000,
diff --git a/src/registrar/forms/portfolio.py b/src/registrar/forms/portfolio.py
index 5309f7263..0a8c4d623 100644
--- a/src/registrar/forms/portfolio.py
+++ b/src/registrar/forms/portfolio.py
@@ -4,6 +4,7 @@ import logging
from django import forms
from django.core.validators import RegexValidator
from django.core.validators import MaxLengthValidator
+from django.utils.safestring import mark_safe
from registrar.models import (
PortfolioInvitation,
@@ -11,7 +12,6 @@ from registrar.models import (
DomainInformation,
Portfolio,
SeniorOfficial,
- User,
)
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
@@ -110,102 +110,218 @@ class PortfolioSeniorOfficialForm(forms.ModelForm):
return cleaned_data
-class PortfolioMemberForm(forms.ModelForm):
- """
- Form for updating a portfolio member.
- """
+class BasePortfolioMemberForm(forms.ModelForm):
+ """Base form for the PortfolioMemberForm and PortfolioInvitedMemberForm"""
- roles = forms.MultipleChoiceField(
- choices=UserPortfolioRoleChoices.choices,
- widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
- required=False,
- label="Roles",
- )
-
- additional_permissions = forms.MultipleChoiceField(
- choices=UserPortfolioPermissionChoices.choices,
- widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
- required=False,
- label="Additional Permissions",
- )
-
- class Meta:
- model = UserPortfolioPermission
- fields = [
- "roles",
- "additional_permissions",
- ]
-
-
-class PortfolioInvitedMemberForm(forms.ModelForm):
- """
- Form for updating a portfolio invited member.
- """
-
- roles = forms.MultipleChoiceField(
- choices=UserPortfolioRoleChoices.choices,
- widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
- required=False,
- label="Roles",
- )
-
- additional_permissions = forms.MultipleChoiceField(
- choices=UserPortfolioPermissionChoices.choices,
- widget=forms.SelectMultiple(attrs={"class": "usa-select"}),
- required=False,
- label="Additional Permissions",
- )
-
- class Meta:
- model = PortfolioInvitation
- fields = [
- "roles",
- "additional_permissions",
- ]
-
-
-class NewMemberForm(forms.ModelForm):
- member_access_level = forms.ChoiceField(
- label="Select permission",
- choices=[("admin", "Admin Access"), ("basic", "Basic Access")],
- widget=forms.RadioSelect(attrs={"class": "usa-radio__input usa-radio__input--tile"}),
+ # The label for each of these has a red "required" star. We can just embed that here for simplicity.
+ required_star = '*'
+ role = forms.ChoiceField(
+ choices=[
+ # Uses .value because the choice has a different label (on /admin)
+ (UserPortfolioRoleChoices.ORGANIZATION_ADMIN.value, "Admin access"),
+ (UserPortfolioRoleChoices.ORGANIZATION_MEMBER.value, "Basic access"),
+ ],
+ widget=forms.RadioSelect,
required=True,
error_messages={
"required": "Member access level is required",
},
)
- admin_org_domain_request_permissions = forms.ChoiceField(
- label="Select permission",
- choices=[("view_only", "View all requests"), ("view_and_create", "View all requests plus create requests")],
+
+ domain_request_permission_admin = forms.ChoiceField(
+ label=mark_safe(f"Select permission {required_star}"), # nosec
+ choices=[
+ (UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value, "View all requests"),
+ (UserPortfolioPermissionChoices.EDIT_REQUESTS.value, "View all requests plus create requests"),
+ ],
widget=forms.RadioSelect,
- required=True,
+ required=False,
error_messages={
"required": "Admin domain request permission is required",
},
)
- admin_org_members_permissions = forms.ChoiceField(
- label="Select permission",
- choices=[("view_only", "View all members"), ("view_and_create", "View all members plus manage members")],
+
+ member_permission_admin = forms.ChoiceField(
+ label=mark_safe(f"Select permission {required_star}"), # nosec
+ choices=[
+ (UserPortfolioPermissionChoices.VIEW_MEMBERS.value, "View all members"),
+ (UserPortfolioPermissionChoices.EDIT_MEMBERS.value, "View all members plus manage members"),
+ ],
widget=forms.RadioSelect,
- required=True,
+ required=False,
error_messages={
"required": "Admin member permission is required",
},
)
- basic_org_domain_request_permissions = forms.ChoiceField(
- label="Select permission",
+
+ domain_request_permission_member = forms.ChoiceField(
+ label=mark_safe(f"Select permission {required_star}"), # nosec
choices=[
- ("view_only", "View all requests"),
- ("view_and_create", "View all requests plus create requests"),
+ (UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value, "View all requests"),
+ (UserPortfolioPermissionChoices.EDIT_REQUESTS.value, "View all requests plus create requests"),
("no_access", "No access"),
],
widget=forms.RadioSelect,
- required=True,
+ required=False,
error_messages={
"required": "Basic member permission is required",
},
)
+ # Tracks what form elements are required for a given role choice.
+ # All of the fields included here have "required=False" by default as they are conditionally required.
+ # see def clean() for more details.
+ ROLE_REQUIRED_FIELDS = {
+ UserPortfolioRoleChoices.ORGANIZATION_ADMIN: [
+ "domain_request_permission_admin",
+ "member_permission_admin",
+ ],
+ UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [
+ "domain_request_permission_member",
+ ],
+ }
+
+ class Meta:
+ model = None
+ fields = ["roles", "additional_permissions"]
+
+ def __init__(self, *args, **kwargs):
+ """
+ Override the form's initialization.
+
+ Map existing model values to custom form fields.
+ Update field descriptions.
+ """
+ super().__init__(*args, **kwargs)
+ # Adds a
description beneath each role option
+ self.fields["role"].descriptions = {
+ "organization_admin": UserPortfolioRoleChoices.get_role_description(
+ UserPortfolioRoleChoices.ORGANIZATION_ADMIN
+ ),
+ "organization_member": UserPortfolioRoleChoices.get_role_description(
+ UserPortfolioRoleChoices.ORGANIZATION_MEMBER
+ ),
+ }
+ # Map model instance values to custom form fields
+ if self.instance:
+ self.map_instance_to_initial()
+
+ def clean(self):
+ """Validates form data based on selected role and its required fields.
+ Updates roles and additional_permissions in cleaned_data so they can be properly
+ mapped to the model.
+ """
+ cleaned_data = super().clean()
+ role = cleaned_data.get("role")
+
+ # Get required fields for the selected role. Then validate all required fields for the role.
+ required_fields = self.ROLE_REQUIRED_FIELDS.get(role, [])
+ for field_name in required_fields:
+ # Helpful error for if this breaks
+ if field_name not in self.fields:
+ raise ValueError(f"ROLE_REQUIRED_FIELDS referenced a non-existent field: {field_name}.")
+
+ if not cleaned_data.get(field_name):
+ self.add_error(field_name, self.fields.get(field_name).error_messages.get("required"))
+
+ # Edgecase: Member uses a special form value for None called "no_access".
+ if cleaned_data.get("domain_request_permission_member") == "no_access":
+ cleaned_data["domain_request_permission_member"] = None
+
+ # Handle roles
+ cleaned_data["roles"] = [role]
+
+ # Handle additional_permissions
+ valid_fields = self.ROLE_REQUIRED_FIELDS.get(role, [])
+ additional_permissions = {cleaned_data.get(field) for field in valid_fields if cleaned_data.get(field)}
+
+ # Handle EDIT permissions (should be accompanied with a view permission)
+ if UserPortfolioPermissionChoices.EDIT_MEMBERS in additional_permissions:
+ additional_permissions.add(UserPortfolioPermissionChoices.VIEW_MEMBERS)
+
+ if UserPortfolioPermissionChoices.EDIT_REQUESTS in additional_permissions:
+ additional_permissions.add(UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS)
+
+ # Only set unique permissions not already defined in the base role
+ role_permissions = UserPortfolioPermission.get_portfolio_permissions(cleaned_data["roles"], [], get_list=False)
+ cleaned_data["additional_permissions"] = list(additional_permissions - role_permissions)
+
+ return cleaned_data
+
+ def map_instance_to_initial(self):
+ """
+ Maps self.instance to self.initial, handling roles and permissions.
+ Updates self.initial dictionary with appropriate permission levels based on user role:
+ {
+ "role": "organization_admin" or "organization_member",
+ "member_permission_admin": permission level if admin,
+ "domain_request_permission_admin": permission level if admin,
+ "domain_request_permission_member": permission level if member
+ }
+ """
+ if self.initial is None:
+ self.initial = {}
+ # Function variables
+ perms = UserPortfolioPermission.get_portfolio_permissions(
+ self.instance.roles, self.instance.additional_permissions, get_list=False
+ )
+ # Get the available options for roles, domains, and member.
+ roles = [
+ UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
+ UserPortfolioRoleChoices.ORGANIZATION_MEMBER,
+ ]
+ domain_perms = [
+ UserPortfolioPermissionChoices.EDIT_REQUESTS,
+ UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
+ ]
+ member_perms = [
+ UserPortfolioPermissionChoices.EDIT_MEMBERS,
+ UserPortfolioPermissionChoices.VIEW_MEMBERS,
+ ]
+
+ # Build form data based on role (which options are available).
+ # Get which one should be "selected" by assuming that EDIT takes precedence over view,
+ # and ADMIN takes precedence over MEMBER.
+ roles = self.instance.roles or []
+ selected_role = next((role for role in roles if role in roles), None)
+ self.initial["role"] = selected_role
+ is_admin = selected_role == UserPortfolioRoleChoices.ORGANIZATION_ADMIN
+ if is_admin:
+ selected_domain_permission = next((perm for perm in domain_perms if perm in perms), None)
+ selected_member_permission = next((perm for perm in member_perms if perm in perms), None)
+ self.initial["domain_request_permission_admin"] = selected_domain_permission
+ self.initial["member_permission_admin"] = selected_member_permission
+ else:
+ # Edgecase: Member uses a special form value for None called "no_access". This ensures a form selection.
+ selected_domain_permission = next((perm for perm in domain_perms if perm in perms), "no_access")
+ self.initial["domain_request_permission_member"] = selected_domain_permission
+
+
+class PortfolioMemberForm(BasePortfolioMemberForm):
+ """
+ Form for updating a portfolio member.
+ """
+
+ class Meta:
+ model = UserPortfolioPermission
+ fields = ["roles", "additional_permissions"]
+
+
+class PortfolioInvitedMemberForm(BasePortfolioMemberForm):
+ """
+ Form for updating a portfolio invited member.
+ """
+
+ class Meta:
+ model = PortfolioInvitation
+ fields = ["roles", "additional_permissions"]
+
+
+class PortfolioNewMemberForm(BasePortfolioMemberForm):
+ """
+ Form for adding a portfolio invited member.
+ """
+
email = forms.EmailField(
label="Enter the email of the member you'd like to invite",
max_length=None,
@@ -223,51 +339,5 @@ class NewMemberForm(forms.ModelForm):
)
class Meta:
- model = User
- fields = ["email"]
-
- def clean(self):
- cleaned_data = super().clean()
-
- # Lowercase the value of the 'email' field
- email_value = cleaned_data.get("email")
- if email_value:
- cleaned_data["email"] = email_value.lower()
-
- ##########################################
- # TODO: future ticket
- # (invite new member)
- ##########################################
- # Check for an existing user (if there isn't any, send an invite)
- # if email_value:
- # try:
- # existingUser = User.objects.get(email=email_value)
- # except User.DoesNotExist:
- # raise forms.ValidationError("User with this email does not exist.")
-
- member_access_level = cleaned_data.get("member_access_level")
-
- # Intercept the error messages so that we don't validate hidden inputs
- if not member_access_level:
- # If no member access level has been selected, delete error messages
- # for all hidden inputs (which is everything except the e-mail input
- # and member access selection)
- for field in self.fields:
- if field in self.errors and field != "email" and field != "member_access_level":
- del self.errors[field]
- return cleaned_data
-
- basic_dom_req_error = "basic_org_domain_request_permissions"
- admin_dom_req_error = "admin_org_domain_request_permissions"
- admin_member_error = "admin_org_members_permissions"
-
- if member_access_level == "admin" and basic_dom_req_error in self.errors:
- # remove the error messages pertaining to basic permission inputs
- del self.errors[basic_dom_req_error]
- elif member_access_level == "basic":
- # remove the error messages pertaining to admin permission inputs
- if admin_dom_req_error in self.errors:
- del self.errors[admin_dom_req_error]
- if admin_member_error in self.errors:
- del self.errors[admin_member_error]
- return cleaned_data
+ model = PortfolioInvitation
+ fields = ["portfolio", "email", "roles", "additional_permissions"]
diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 19e96719f..6eb2fac07 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -2,7 +2,7 @@ from itertools import zip_longest
import logging
import ipaddress
import re
-from datetime import date
+from datetime import date, timedelta
from typing import Optional
from django_fsm import FSMField, transition, TransitionNotAllowed # type: ignore
@@ -40,6 +40,7 @@ from .utility.time_stamped_model import TimeStampedModel
from .public_contact import PublicContact
from .user_domain_role import UserDomainRole
+from waffle.decorators import flag_is_active
logger = logging.getLogger(__name__)
@@ -1152,14 +1153,29 @@ class Domain(TimeStampedModel, DomainHelper):
now = timezone.now().date()
return self.expiration_date < now
- def state_display(self):
+ def is_expiring(self):
+ """
+ Check if the domain's expiration date is within 60 days.
+ Return True if domain expiration date exists and within 60 days
+ and otherwise False bc there's no expiration date meaning so not expiring
+ """
+ if self.expiration_date is None:
+ return False
+
+ now = timezone.now().date()
+
+ threshold_date = now + timedelta(days=60)
+ return now < self.expiration_date <= threshold_date
+
+ def state_display(self, request=None):
"""Return the display status of the domain."""
- if self.is_expired() and self.state != self.State.UNKNOWN:
+ if self.is_expired() and (self.state != self.State.UNKNOWN):
return "Expired"
+ elif flag_is_active(request, "domain_renewal") and self.is_expiring():
+ return "Expiring soon"
elif self.state == self.State.UNKNOWN or self.state == self.State.DNS_NEEDED:
return "DNS needed"
- else:
- return self.state.capitalize()
+ return self.state.capitalize()
def map_epp_contact_to_public_contact(self, contact: eppInfo.InfoContactResultData, contact_id, contact_type):
"""Maps the Epp contact representation to a PublicContact object.
diff --git a/src/registrar/models/domain_request.py b/src/registrar/models/domain_request.py
index 44d8511b0..3d3aac769 100644
--- a/src/registrar/models/domain_request.py
+++ b/src/registrar/models/domain_request.py
@@ -12,6 +12,7 @@ from registrar.models.utility.generic_helper import CreateOrUpdateOrganizationTy
from registrar.utility.errors import FSMDomainRequestError, FSMErrorCodes
from registrar.utility.constants import BranchChoices
from auditlog.models import LogEntry
+from django.core.exceptions import ValidationError
from registrar.utility.waffle import flag_is_active_for_user
@@ -671,6 +672,59 @@ class DomainRequest(TimeStampedModel):
# Store original values for caching purposes. Used to compare them on save.
self._cache_status_and_status_reasons()
+ def clean(self):
+ """
+ Validates suborganization-related fields in two scenarios:
+ 1. New suborganization request: Prevents duplicate names within same portfolio
+ 2. Partial suborganization data: Enforces a all-or-nothing rule for city/state/name fields
+ when portfolio exists without selected suborganization
+
+ Add new domain request validation rules here to ensure they're
+ enforced during both model save and form submission.
+ Not presently used on the domain request wizard, though.
+ """
+ super().clean()
+ # Validation logic for a suborganization request
+ if self.is_requesting_new_suborganization():
+ # Raise an error if this suborganization already exists
+ Suborganization = apps.get_model("registrar.Suborganization")
+ if (
+ self.requested_suborganization
+ and Suborganization.objects.filter(
+ name__iexact=self.requested_suborganization,
+ portfolio=self.portfolio,
+ name__isnull=False,
+ portfolio__isnull=False,
+ ).exists()
+ ):
+ # Add a field-level error to requested_suborganization.
+ # To pass in field-specific errors, we need to embed a dict of
+ # field: validationerror then pass that into a validation error itself.
+ # This is slightly confusing, but it just adds it at that level.
+ msg = (
+ "This suborganization already exists. "
+ "Choose a new name, or select it directly if you would like to use it."
+ )
+ errors = {"requested_suborganization": ValidationError(msg)}
+ raise ValidationError(errors)
+ elif self.portfolio and not self.sub_organization:
+ # You cannot create a new suborganization without these fields
+ required_suborg_fields = {
+ "requested_suborganization": self.requested_suborganization,
+ "suborganization_city": self.suborganization_city,
+ "suborganization_state_territory": self.suborganization_state_territory,
+ }
+ # If at least one value is populated, enforce a all-or-nothing rule
+ if any(bool(value) for value in required_suborg_fields.values()):
+ # Find which fields are empty and throw an error on the field
+ errors = {}
+ for field_name, value in required_suborg_fields.items():
+ if not value:
+ errors[field_name] = ValidationError(
+ "This field is required when creating a new suborganization.",
+ )
+ raise ValidationError(errors)
+
def save(self, *args, **kwargs):
"""Save override for custom properties"""
self.sync_organization_type()
@@ -690,6 +744,18 @@ class DomainRequest(TimeStampedModel):
# Update the cached values after saving
self._cache_status_and_status_reasons()
+ def create_requested_suborganization(self):
+ """Creates the requested suborganization.
+ Adds the name, portfolio, city, and state_territory fields.
+ Returns the created suborganization."""
+ Suborganization = apps.get_model("registrar.Suborganization")
+ return Suborganization.objects.create(
+ name=self.requested_suborganization,
+ portfolio=self.portfolio,
+ city=self.suborganization_city,
+ state_territory=self.suborganization_state_territory,
+ )
+
def send_custom_status_update_email(self, status):
"""Helper function to send out a second status email when the status remains the same,
but the reason has changed."""
@@ -784,7 +850,9 @@ class DomainRequest(TimeStampedModel):
return True
def delete_and_clean_up_domain(self, called_from):
+ # Delete the approved domain
try:
+ # Clean up the approved domain
domain_state = self.approved_domain.state
# Only reject if it exists on EPP
if domain_state != Domain.State.UNKNOWN:
@@ -796,6 +864,39 @@ class DomainRequest(TimeStampedModel):
logger.error(err)
logger.error(f"Can't query an approved domain while attempting {called_from}")
+ # Delete the suborg as long as this is the only place it is used
+ self._cleanup_dangling_suborg()
+
+ def _cleanup_dangling_suborg(self):
+ """Deletes the existing suborg if its only being used by the deleted record"""
+ # Nothing to delete, so we just smile and walk away
+ if self.sub_organization is None:
+ return
+
+ Suborganization = apps.get_model("registrar.Suborganization")
+
+ # Stored as so because we need to set the reference to none first,
+ # so we can't just use the self.sub_organization property
+ suborg = Suborganization.objects.get(id=self.sub_organization.id)
+ requests = suborg.request_sub_organization
+ domain_infos = suborg.information_sub_organization
+
+ # Check if this is the only reference to the suborganization
+ if requests.count() != 1 or domain_infos.count() > 1:
+ return
+
+ # Remove the suborganization reference from request.
+ self.sub_organization = None
+ self.save()
+
+ # Remove the suborganization reference from domain if it exists.
+ if domain_infos.count() == 1:
+ domain_infos.update(sub_organization=None)
+
+ # Delete the now-orphaned suborganization
+ logger.info(f"_cleanup_dangling_suborg() -> Deleting orphan suborganization: {suborg}")
+ suborg.delete()
+
def _send_status_update_email(
self,
new_status,
@@ -984,6 +1085,7 @@ class DomainRequest(TimeStampedModel):
if self.status == self.DomainRequestStatus.APPROVED:
self.delete_and_clean_up_domain("action_needed")
+
elif self.status == self.DomainRequestStatus.REJECTED:
self.rejection_reason = None
@@ -1014,8 +1116,16 @@ class DomainRequest(TimeStampedModel):
domain request into an admin on that domain. It also triggers an email
notification."""
+ should_save = False
if self.federal_agency is None:
self.federal_agency = FederalAgency.objects.filter(agency="Non-Federal Agency").first()
+ should_save = True
+
+ if self.is_requesting_new_suborganization():
+ self.sub_organization = self.create_requested_suborganization()
+ should_save = True
+
+ if should_save:
self.save()
# create the domain
@@ -1148,7 +1258,7 @@ class DomainRequest(TimeStampedModel):
def is_requesting_new_suborganization(self) -> bool:
"""Determines if a user is trying to request
a new suborganization using the domain request form, rather than one that already exists.
- Used for the RequestingEntity page.
+ Used for the RequestingEntity page and on DomainInformation.create_from_da().
Returns True if a sub_organization does not exist and if requested_suborganization,
suborganization_city, and suborganization_state_territory all exist.
diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py
index bdfc6f804..2b5b56a78 100644
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@@ -14,6 +14,8 @@ from .domain import Domain
from .domain_request import DomainRequest
from registrar.utility.waffle import flag_is_active_for_user
from waffle.decorators import flag_is_active
+from django.utils import timezone
+from datetime import timedelta
from phonenumber_field.modelfields import PhoneNumberField # type: ignore
@@ -163,6 +165,20 @@ class User(AbstractUser):
active_requests_count = self.domain_requests_created.filter(status__in=allowed_states).count()
return active_requests_count
+ def get_num_expiring_domains(self, request):
+ """Return number of expiring domains"""
+ domain_ids = self.get_user_domain_ids(request)
+ now = timezone.now().date()
+ expiration_window = 60
+ threshold_date = now + timedelta(days=expiration_window)
+ num_of_expiring_domains = Domain.objects.filter(
+ id__in=domain_ids,
+ expiration_date__isnull=False,
+ expiration_date__lte=threshold_date,
+ expiration_date__gt=now,
+ ).count()
+ return num_of_expiring_domains
+
def get_rejected_requests_count(self):
"""Return count of rejected requests"""
return self.domain_requests_created.filter(status=DomainRequest.DomainRequestStatus.REJECTED).count()
@@ -259,6 +275,9 @@ class User(AbstractUser):
def is_portfolio_admin(self, portfolio):
return "Admin" in self.portfolio_role_summary(portfolio)
+ def has_domain_renewal_flag(self):
+ return flag_is_active_for_user(self, "domain_renewal")
+
def get_first_portfolio(self):
permission = self.portfolio_permissions.first()
if permission:
diff --git a/src/registrar/models/user_portfolio_permission.py b/src/registrar/models/user_portfolio_permission.py
index a149a9476..03a01b80d 100644
--- a/src/registrar/models/user_portfolio_permission.py
+++ b/src/registrar/models/user_portfolio_permission.py
@@ -110,8 +110,13 @@ class UserPortfolioPermission(TimeStampedModel):
return self.get_portfolio_permissions(self.roles, self.additional_permissions)
@classmethod
- def get_portfolio_permissions(cls, roles, additional_permissions):
- """Class method to return a list of permissions based on roles and addtl permissions"""
+ def get_portfolio_permissions(cls, roles, additional_permissions, get_list=True):
+ """Class method to return a list of permissions based on roles and addtl permissions.
+ Params:
+ roles => An array of roles
+ additional_permissions => An array of additional_permissions
+ get_list => If true, returns a list of perms. If false, returns a set of perms.
+ """
# Use a set to avoid duplicate permissions
portfolio_permissions = set()
if roles:
@@ -119,7 +124,7 @@ class UserPortfolioPermission(TimeStampedModel):
portfolio_permissions.update(cls.PORTFOLIO_ROLE_PERMISSIONS.get(role, []))
if additional_permissions:
portfolio_permissions.update(additional_permissions)
- return list(portfolio_permissions)
+ return list(portfolio_permissions) if get_list else portfolio_permissions
@classmethod
def get_domain_request_permission_display(cls, roles, additional_permissions):
@@ -166,8 +171,10 @@ class UserPortfolioPermission(TimeStampedModel):
# The solution to this is to only grab what is only COMMONLY "forbidden".
# This will scale if we add more roles in the future.
# This is thes same as applying the `&` operator across all sets for each role.
- common_forbidden_perms = set.intersection(
- *[set(cls.FORBIDDEN_PORTFOLIO_ROLE_PERMISSIONS.get(role, [])) for role in roles]
+ common_forbidden_perms = (
+ set.intersection(*[set(cls.FORBIDDEN_PORTFOLIO_ROLE_PERMISSIONS.get(role, [])) for role in roles])
+ if roles
+ else set()
)
# Check if the users current permissions overlap with any forbidden permissions
diff --git a/src/registrar/models/utility/portfolio_helper.py b/src/registrar/models/utility/portfolio_helper.py
index 3768aa77a..cde28e4bd 100644
--- a/src/registrar/models/utility/portfolio_helper.py
+++ b/src/registrar/models/utility/portfolio_helper.py
@@ -4,6 +4,9 @@ from django.apps import apps
from django.forms import ValidationError
from registrar.utility.waffle import flag_is_active_for_user
from django.contrib.auth import get_user_model
+import logging
+
+logger = logging.getLogger(__name__)
class UserPortfolioRoleChoices(models.TextChoices):
@@ -16,7 +19,28 @@ class UserPortfolioRoleChoices(models.TextChoices):
@classmethod
def get_user_portfolio_role_label(cls, user_portfolio_role):
- return cls(user_portfolio_role).label if user_portfolio_role else None
+ try:
+ return cls(user_portfolio_role).label if user_portfolio_role else None
+ except ValueError:
+ logger.warning(f"Invalid portfolio role: {user_portfolio_role}")
+ return f"Unknown ({user_portfolio_role})"
+
+ @classmethod
+ def get_role_description(cls, user_portfolio_role):
+ """Returns a detailed description for a given role."""
+ descriptions = {
+ cls.ORGANIZATION_ADMIN: (
+ "Grants this member access to the organization-wide information "
+ "on domains, domain requests, and members. Domain management can be assigned separately."
+ ),
+ cls.ORGANIZATION_MEMBER: (
+ "Grants this member access to the organization. They can be given extra permissions to view all "
+ "organization domain requests and submit domain requests on behalf of the organization. Basic access "
+ "members can’t view all members of an organization or manage them. "
+ "Domain management can be assigned separately."
+ ),
+ }
+ return descriptions.get(user_portfolio_role)
class UserPortfolioPermissionChoices(models.TextChoices):
diff --git a/src/registrar/templates/401.html b/src/registrar/templates/401.html
index d7c7f83ae..7698c4f82 100644
--- a/src/registrar/templates/401.html
+++ b/src/registrar/templates/401.html
@@ -5,8 +5,8 @@
{% block title %}{% translate "Unauthorized | " %}{% endblock %}
{% block content %}
-
-
+
+
{% translate "You are not authorized to view this page" %}
diff --git a/src/registrar/templates/403.html b/src/registrar/templates/403.html
index 999d5f98e..a04453fe9 100644
--- a/src/registrar/templates/403.html
+++ b/src/registrar/templates/403.html
@@ -5,8 +5,8 @@
{% block title %}{% translate "Forbidden | " %}{% endblock %}
{% block content %}
-
-
+
+
{% translate "You're not authorized to view this page." %}
diff --git a/src/registrar/templates/404.html b/src/registrar/templates/404.html
index 471575558..2bf9ecf02 100644
--- a/src/registrar/templates/404.html
+++ b/src/registrar/templates/404.html
@@ -5,8 +5,8 @@
{% block title %}{% translate "Page not found | " %}{% endblock %}
{% block content %}
-
-
{% translate "We're having some trouble." %}
diff --git a/src/registrar/templates/admin/app_list.html b/src/registrar/templates/admin/app_list.html
index 49fb59e79..aaf3dc423 100644
--- a/src/registrar/templates/admin/app_list.html
+++ b/src/registrar/templates/admin/app_list.html
@@ -39,7 +39,7 @@
{% for model in app.models %}
{}