Add unit test + lint

src/registrar/tests/test_views_portfolio.py

@@ -325,3 +325,51 @@ class TestPortfolio(WebTest):
 
             self.assertContains(success_result_page, "6 Downing st")
             self.assertContains(success_result_page, "London")
+
+    @less_console_noise_decorator
+    @override_flag("organization_feature", active=True)
+    def test_org_member_can_only_see_domains_with_appropriate_permissions(self):
+        """A user with the role organization_member should not have access to the domains page
+        if they do not have the right permissions.
+        """
+
+        # A default organization member should not be able to see any domains
+        self.app.set_user(self.user.username)
+        self.user.portfolio = self.portfolio
+        self.user.portfolio_roles = [UserPortfolioRoleChoices.ORGANIZATION_MEMBER]
+        self.user.save()
+        self.user.refresh_from_db()
+
+        self.assertFalse(self.user.has_domains_portfolio_permission())
+
+        response = self.app.get(reverse("no-portfolio-domains"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, "You aren’t managing any domains.")
+
+        # Test the domains page - this user should not have access
+        response = self.app.get(reverse("domains"), expect_errors=True)
+        self.assertEqual(response.status_code, 403)
+
+        # Ensure that this user can see domains with the right permissions
+        self.user.portfolio_additional_permissions = [UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS]
+        self.user.save()
+        self.user.refresh_from_db()
+
+        self.assertTrue(self.user.has_domains_portfolio_permission())
+
+        # Test the domains page - this user should have access
+        response = self.app.get(reverse("domains"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, "Domain name")
+
+        # Test the managed domains permission
+        self.user.portfolio_additional_permissions = [UserPortfolioPermissionChoices.VIEW_MANAGED_DOMAINS]
+        self.user.save()
+        self.user.refresh_from_db()
+
+        self.assertTrue(self.user.has_domains_portfolio_permission())
+
+        # Test the domains page - this user should have access
+        response = self.app.get(reverse("domains"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, "Domain name")

src/registrar/views/portfolios.py

@@ -58,11 +58,12 @@ class PortfolioNoDomainsView(NoPortfolioDomainsPermissionView, View):
                 portfolio=portfolio,
                 portfolio_roles__overlap=[
                     UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
-                    UserPortfolioRoleChoices.ORGANIZATION_ADMIN_READ_ONLY
+                    UserPortfolioRoleChoices.ORGANIZATION_ADMIN_READ_ONLY,
-                ]
+                ],
             )
         return context
 
+
 class PortfolioOrganizationView(PortfolioBasePermissionView, FormMixin):
     """
     View to handle displaying and updating the portfolio's organization details.

src/registrar/views/utility/permission_views.py

@@ -213,14 +213,16 @@ class PortfolioDomainsPermissionView(PortfolioDomainsPermission, PortfolioBasePe
     `template_name`.
     """
 
+
 class NoPortfolioDomainsPermissionView(PortfolioBasePermissionView, abc.ABC):
-    """Abstract base view for a user without access to the 
+    """Abstract base view for a user without access to the
     portfolio domains views that enforces permissions.
 
     This abstract view cannot be instantiated. Actual views must specify
     `template_name`.
     """
 
+
 class PortfolioDomainRequestsPermissionView(PortfolioDomainRequestsPermission, PortfolioBasePermissionView, abc.ABC):
     """Abstract base view for portfolio domain request views that enforces permissions.