#3538: #3857: For Rejected status domain request changed Action from Manage to View - [litterbox] (#3853)

* 3538 Changed Action URL to View for Rejected Status domains. Added workaround for viewonly view. * Bump setuptools from 77.0.3 to 78.1.1 in /src (#3802) Bumps [setuptools](https://github.com/pypa/setuptools) from 77.0.3 to 78.1.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v77.0.3...v78.1.1) --- updated-dependencies: - dependency-name: setuptools dependency-version: 78.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: CuriousX <nicolle.leclair@gmail.com> * 3806: Developer Onboarding adding Abe Alam to fixtures_users.py (#3828) * adding Abe to fixtures_users.py * Updated Admin Account to ECS Email * Updated username and email for Analyst to ECS Alias email * Bump undici from 6.21.1 to 6.21.3 in /src (#3787) Bumps [undici](https://github.com/nodejs/undici) from 6.21.1 to 6.21.3. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v6.21.1...v6.21.3) --- updated-dependencies: - dependency-name: undici dependency-version: 6.21.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: CuriousX <nicolle.leclair@gmail.com> * #3455: Unlock current websites step even if there are none [litterbox] (#3840) * Update to unlock with prior step for non-org request * Update org model unlocking for current sites * Update non-org unlocking * Added a temp url fix for view only. Added rejected to the test views request. * Undid previous temp fix as it should work for others. The 403 was caused by my local setup lack of org and portfolio for the rejected domain used for testing. * updated for lint and test * Refactored test for domain_requests * Lint fixes for test. * 3857 Fix for bug around view only permissions. * fix linting * Update src/registrar/views/domain_request.py Co-authored-by: Erin Song <121973038+erinysong@users.noreply.github.com> * PR cleanup * Returning false if pk is missing and moved to the top of the function. Removed debug logs. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: CuriousX <nicolle.leclair@gmail.com> Co-authored-by: Abe Alam <143724440+abe-alam-ecs@users.noreply.github.com> Co-authored-by: Kim Allen <kim@truss.works> Co-authored-by: Erin Song <121973038+erinysong@users.noreply.github.com>
2025-08-30 04:53:09 +02:00 · 2025-07-02 09:31:50 -07:00 · 2025-07-02 09:31:50 -07:00 · 10ba59317c
commit 10ba59317c
parent b250375de0
6 changed files with 147 additions and 62 deletions
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@ -10,8 +10,8 @@ from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import DeleteView, DetailView, TemplateView
 from registrar.decorators import (
+    HAS_DOMAIN_REQUESTS_VIEW_ALL,
    HAS_PORTFOLIO_DOMAIN_REQUESTS_EDIT,
-    HAS_PORTFOLIO_DOMAIN_REQUESTS_VIEW_ALL,
    IS_DOMAIN_REQUEST_CREATOR,
    grant_access,
 )
@ -1194,9 +1194,20 @@ class DomainRequestDeleteView(PermissionRequiredMixin, DeleteView):
        return duplicates


-# region Portfolio views
-@grant_access(HAS_PORTFOLIO_DOMAIN_REQUESTS_VIEW_ALL)
-class PortfolioDomainRequestStatusViewOnly(DetailView):
+@grant_access(HAS_DOMAIN_REQUESTS_VIEW_ALL)
+class DomainRequestStatusViewOnly(DetailView):
+    """
+    View-only access for domain requests both on enterprise-mode portfolios and legacy mode.
+
+    This view provides read-only access to domain request details for users who have
+    view permissions but not edit permissions.
+
+    Access is granted via HAS_DOMAIN_REQUESTS_VIEW_ALL which handles:
+    - Portfolio members with view-all domain requests permission
+    - Non-portfolio users who are creators of the domain request
+    - Analysts with appropriate permissions
+    """
+
    template_name = "portfolio_domain_request_status_viewonly.html"
    model = DomainRequest
    pk_url_kwarg = "domain_request_pk"
@ -1204,16 +1215,35 @@ class PortfolioDomainRequestStatusViewOnly(DetailView):

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        # Create a temp wizard object to grab the step list
-        wizard = PortfolioDomainRequestWizard()
-        wizard.request = self.request
-        context["Step"] = PortfolioDomainRequestStep.__members__
-        context["steps"] = request_step_list(wizard, PortfolioDomainRequestStep)
-        context["form_titles"] = wizard.titles
-        context["requires_feb_questions"] = self.object.is_feb() and flag_is_active_for_user(
+        domain_request = self.object
+
+        # Determine if this is a portfolio request or if user is org user
+        is_portfolio = domain_request.portfolio is not None or self.request.user.is_org_user(self.request)
+
+        if is_portfolio:
+            # Create a temp wizard object to grab the step list
+            wizard = PortfolioDomainRequestWizard()
+            wizard.request = self.request
+            context["Step"] = PortfolioDomainRequestStep.__members__
+            context["steps"] = request_step_list(wizard, PortfolioDomainRequestStep)
+            context["form_titles"] = wizard.titles
+        else:
+            # For non-portfolio requests
+            wizard = DomainRequestWizard()
+            wizard.request = self.request
+            context["Step"] = Step.__members__
+            context["steps"] = request_step_list(wizard, Step)
+            context["form_titles"] = wizard.titles
+
+        # Common context
+        context["requires_feb_questions"] = domain_request.is_feb() and flag_is_active_for_user(
            self.request.user, "organization_feature"
        )
-        context["purpose_label"] = DomainRequest.FEBPurposeChoices.get_purpose_label(self.object.feb_purpose_choice)
+        context["purpose_label"] = DomainRequest.FEBPurposeChoices.get_purpose_label(domain_request.feb_purpose_choice)
+        context["view_only_mode"] = True
+        context["is_portfolio"] = is_portfolio
+        context["portfolio"] = self.request.session.get("portfolio")
+
        return context