added helpers for role and permissions displays in templates

src/registrar/models/portfolio_invitation.py

@@ -9,6 +9,10 @@ from .utility.portfolio_helper import (
     UserPortfolioPermissionChoices,
     UserPortfolioRoleChoices,
     cleanup_after_portfolio_member_deletion,
+    get_domain_requests_display,
+    get_domains_display,
+    get_members_display,
+    get_role_display,
     validate_portfolio_invitation,
 )  # type: ignore
 from .utility.time_stamped_model import TimeStampedModel
@@ -85,6 +89,60 @@ class PortfolioInvitation(TimeStampedModel):
         """
         return UserPortfolioPermission.get_portfolio_permissions(self.roles, self.additional_permissions)
 
+    @property
+    def role_display(self):
+        """
+        Returns a human-readable display name for the user's role.
+
+        Uses the `get_role_display` function to determine if the user is an "Admin",
+        "Basic" member, or has no role assigned.
+
+        Returns:
+            str: The display name of the user's role.
+        """
+        return get_role_display(self.roles)
+    
+    @property
+    def domains_display(self):
+        """
+        Returns a string representation of the user's domain access level.
+
+        Uses the `get_domains_display` function to determine whether the user has 
+        "Viewer, all" access (can view all domains) or "Viewer, limited" access.
+
+        Returns:
+            str: The display name of the user's domain permissions.
+        """
+        return get_domains_display(self.roles, self.additional_permissions)
+    
+    @property
+    def domain_requests_display(self):
+        """
+        Returns a string representation of the user's access to domain requests.
+
+        Uses the `get_domain_requests_display` function to determine if the user 
+        is a "Creator" (can create and edit requests), a "Viewer" (can only view requests), 
+        or has "No access" to domain requests.
+
+        Returns:
+            str: The display name of the user's domain request permissions.
+        """
+        return get_domain_requests_display(self.roles, self.additional_permissions)
+    
+    @property
+    def members_display(self):
+        """
+        Returns a string representation of the user's access to managing members.
+
+        Uses the `get_members_display` function to determine if the user is a 
+        "Manager" (can edit members), a "Viewer" (can view members), or has "No access" 
+        to member management.
+
+        Returns:
+            str: The display name of the user's member management permissions.
+        """
+        return get_members_display(self.roles, self.additional_permissions)
+
     @transition(field="status", source=PortfolioInvitationStatus.INVITED, target=PortfolioInvitationStatus.RETRIEVED)
     def retrieve(self):
         """When an invitation is retrieved, create the corresponding permission.

src/registrar/models/user_portfolio_permission.py

@@ -6,6 +6,10 @@ from registrar.models.utility.portfolio_helper import (
     DomainRequestPermissionDisplay,
     MemberPermissionDisplay,
     cleanup_after_portfolio_member_deletion,
+    get_domain_requests_display,
+    get_domains_display,
+    get_members_display,
+    get_role_display,
     validate_user_portfolio_permission,
 )
 from .utility.time_stamped_model import TimeStampedModel
@@ -185,6 +189,60 @@ class UserPortfolioPermission(TimeStampedModel):
         # This is the same as portfolio_permissions & common_forbidden_perms.
         return portfolio_permissions.intersection(common_forbidden_perms)
 
+    @property
+    def role_display(self):
+        """
+        Returns a human-readable display name for the user's role.
+
+        Uses the `get_role_display` function to determine if the user is an "Admin",
+        "Basic" member, or has no role assigned.
+
+        Returns:
+            str: The display name of the user's role.
+        """
+        return get_role_display(self.roles)
+    
+    @property
+    def domains_display(self):
+        """
+        Returns a string representation of the user's domain access level.
+
+        Uses the `get_domains_display` function to determine whether the user has 
+        "Viewer, all" access (can view all domains) or "Viewer, limited" access.
+
+        Returns:
+            str: The display name of the user's domain permissions.
+        """
+        return get_domains_display(self.roles, self.additional_permissions)
+    
+    @property
+    def domain_requests_display(self):
+        """
+        Returns a string representation of the user's access to domain requests.
+
+        Uses the `get_domain_requests_display` function to determine if the user 
+        is a "Creator" (can create and edit requests), a "Viewer" (can only view requests), 
+        or has "No access" to domain requests.
+
+        Returns:
+            str: The display name of the user's domain request permissions.
+        """
+        return get_domain_requests_display(self.roles, self.additional_permissions)
+    
+    @property
+    def members_display(self):
+        """
+        Returns a string representation of the user's access to managing members.
+
+        Uses the `get_members_display` function to determine if the user is a 
+        "Manager" (can edit members), a "Viewer" (can view members), or has "No access" 
+        to member management.
+
+        Returns:
+            str: The display name of the user's member management permissions.
+        """
+        return get_members_display(self.roles, self.additional_permissions)
+
     def clean(self):
         """Extends clean method to perform additional validation, which can raise errors in django admin."""
         super().clean()

src/registrar/models/utility/portfolio_helper.py

@@ -82,6 +82,95 @@ class MemberPermissionDisplay(StrEnum):
     VIEWER = "Viewer"
     NONE = "None"
 
+def get_role_display(roles):
+    """
+    Returns a user-friendly display name for a given list of user roles.
+
+    - If the user has the ORGANIZATION_ADMIN role, return "Admin".
+    - If the user has the ORGANIZATION_MEMBER role, return "Basic".
+    - If the user has neither role, return "-".
+
+    Args:
+        roles (list): A list of role strings assigned to the user.
+
+    Returns:
+        str: The display name for the highest applicable role.
+    """
+    if UserPortfolioRoleChoices.ORGANIZATION_ADMIN in roles:
+        return "Admin"
+    elif UserPortfolioRoleChoices.ORGANIZATION_MEMBER in roles:
+        return "Basic"
+    else:
+        return "-"
+
+def get_domains_display(roles, permissions):
+    """
+    Determines the display name for a user's domain viewing permissions.
+
+    - If the user has the VIEW_ALL_DOMAINS permission, return "Viewer, all".
+    - Otherwise, return "Viewer, limited".
+
+    Args:
+        roles (list): A list of role strings assigned to the user.
+        permissions (list): A list of additional permissions assigned to the user.
+
+    Returns:
+        str: A string representing the user's domain viewing access.
+    """
+    UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
+    all_permissions = UserPortfolioPermission.get_portfolio_permissions(roles, permissions)
+    if UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS in all_permissions:
+        return "Viewer, all"
+    else:
+        return "Viewer, limited"
+
+def get_domain_requests_display(roles, permissions):
+    """
+    Determines the display name for a user's domain request permissions.
+
+    - If the user has the EDIT_REQUESTS permission, return "Creator".
+    - If the user has the VIEW_ALL_REQUESTS permission, return "Viewer".
+    - Otherwise, return "No access".
+
+    Args:
+        roles (list): A list of role strings assigned to the user.
+        permissions (list): A list of additional permissions assigned to the user.
+
+    Returns:
+        str: A string representing the user's domain request access level.
+    """
+    UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
+    all_permissions = UserPortfolioPermission.get_portfolio_permissions(roles, permissions)
+    if UserPortfolioPermissionChoices.EDIT_REQUESTS in all_permissions:
+        return "Creator"
+    elif UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS in all_permissions:
+        return "Viewer"
+    else:
+        return "No access"
+
+def get_members_display(roles, permissions):
+    """
+    Determines the display name for a user's member management permissions.
+
+    - If the user has the EDIT_MEMBERS permission, return "Manager".
+    - If the user has the VIEW_MEMBERS permission, return "Viewer".
+    - Otherwise, return "No access".
+
+    Args:
+        roles (list): A list of role strings assigned to the user.
+        permissions (list): A list of additional permissions assigned to the user.
+
+    Returns:
+        str: A string representing the user's member management access level.
+    """
+    UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
+    all_permissions = UserPortfolioPermission.get_portfolio_permissions(roles, permissions)
+    if UserPortfolioPermissionChoices.EDIT_MEMBERS in all_permissions:
+        return "Manager"
+    elif UserPortfolioPermissionChoices.VIEW_MEMBERS in all_permissions:
+        return "Viewer"
+    else:
+        return "No access"
 
 def validate_user_portfolio_permission(user_portfolio_permission):
     """

src/registrar/templates/emails/portfolio_update.txt

@@ -0,0 +1,35 @@
+{% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
+Hi,{% if requested_user and requested_user.first_name %} {{ requested_user.first_name }}.{% endif %}
+
+Your permissions were updated in the .gov registrar.
+
+ORGANIZATION: {{ portfolio.organization_name }}
+UPDATED BY: {{ requestor_email }}
+UPDATED ON: {{ date }}
+YOUR PERMISSIONS: {{ permissions.role_display }}
+  Domains - {{ permissions.domains_display }}
+  Domain requests - {{ permissions.domain_requests_display }}
+  Members - {{ permissions.members_display }}
+
+Your updated permissions are now active in the .gov registrar <https://manage.get.gov>.
+
+----------------------------------------------------------------
+
+SOMETHING WRONG?
+If you have questions or concerns, reach out to the person who updated your
+permissions, or reply to this email.
+
+
+THANK YOU
+.Gov helps the public identify official, trusted information. Thank you for using a .gov
+domain.
+
+----------------------------------------------------------------
+
+The .gov team
+Contact us: <https://get.gov/contact/>
+Learn about .gov <https://get.gov>
+
+The .gov registry is a part of the Cybersecurity and Infrastructure Security Agency
+(CISA) <https://cisa.gov/>
+{% endautoescape %}

src/registrar/templates/emails/portfolio_update_subject.txt

@@ -0,0 +1 @@
+Your permissions were updated in the .gov registrar

src/registrar/templates/includes/member_permissions_summary.html

@@ -1,33 +1,11 @@
 <h4 class="margin-bottom-0">Member access</h4>
-{% if permissions.roles and 'organization_admin' in permissions.roles %}
+    <p class="margin-top-0">{{ permissions.role_display }}</p>
-    <p class="margin-top-0">Admin</p>
-{% elif permissions.roles and 'organization_member' in permissions.roles %}
-    <p class="margin-top-0">Basic</p>
-{% else %}
-    <p class="margin-top-0">⎯</p>
-{% endif %}
 
 <h4 class="margin-bottom-0 text-primary">Domains</h4>
-{% if member_has_view_all_domains_portfolio_permission %}
+    <p class="margin-top-0">{{ permissions.domains_display }}</p>
-    <p class="margin-top-0">Viewer, all</p>
-{% else %}
-    <p class="margin-top-0">Viewer, limited</p>
-{% endif %}
 
 <h4 class="margin-bottom-0 text-primary">Domain requests</h4>
-{% if member_has_edit_request_portfolio_permission %}
+    <p class="margin-top-0">{{ permissions.domain_requests_display }}</p>
-    <p class="margin-top-0">Creator</p>
-{% elif member_has_view_all_requests_portfolio_permission %}
-    <p class="margin-top-0">Viewer</p>
-{% else %}
-    <p class="margin-top-0">No access</p>
-{% endif %}
 
 <h4 class="margin-bottom-0 text-primary">Members</h4>
-{% if member_has_edit_members_portfolio_permission %}
+    <p class="margin-top-0">{{ permissions.members_display }}</p>
-    <p class="margin-top-0">Manager</p>
-{% elif member_has_view_members_portfolio_permission %}
-    <p class="margin-top-0">Viewer</p>
-{% else %}
-    <p class="margin-top-0">No access</p>
-{% endif %}