unit tests, add cisa_analyst permission in the cisa_analysts_group for better grannular hasPerm testing in admin.py

2025-07-21 02:06:03 +02:00 · 2023-09-29 13:40:06 -04:00 · 2023-09-29 13:40:06 -04:00 · 155baa0200
commit 155baa0200
parent cd14eb2584
11 changed files with 142 additions and 64 deletions
--- a/src/registrar/models/user_group.py
+++ b/src/registrar/models/user_group.py
@ -3,14 +3,15 @@ import logging

 logger = logging.getLogger(__name__)

-class UserGroup(Group):

+class UserGroup(Group):
    class Meta:
        verbose_name = "User group"
        verbose_name_plural = "User groups"
-    
+
    def create_cisa_analyst_group(apps, schema_editor):
-        
+        """This method gets run from a data migration."""
+
        # Hard to pass self to these methods as the calls from migrations
        # are only expecting apps and schema_editor, so we'll just define
        # apps, schema_editor in the local scope instead
@ -20,7 +21,11 @@ class UserGroup(Group):
                "model": "logentry",
                "permissions": ["view_logentry"],
            },
-            {"app_label": "registrar", "model": "contact", "permissions": ["view_contact"]},
+            {
+                "app_label": "registrar",
+                "model": "contact",
+                "permissions": ["view_contact"],
+            },
            {
                "app_label": "registrar",
                "model": "domaininformation",
@ -31,16 +36,24 @@ class UserGroup(Group):
                "model": "domainapplication",
                "permissions": ["change_domainapplication"],
            },
-            {"app_label": "registrar", "model": "domain", "permissions": ["view_domain"]},
+            {
+                "app_label": "registrar",
+                "model": "domain",
+                "permissions": ["view_domain"],
+            },
            {
                "app_label": "registrar",
                "model": "draftdomain",
                "permissions": ["change_draftdomain"],
            },
-            {"app_label": "registrar", "model": "user", "permissions": ["change_user"]},
+            {
+                "app_label": "registrar",
+                "model": "user",
+                "permissions": ["analyst_access_permission", "change_user"],
+            },
        ]
-        
-        # Avoid error: You can't execute queries until the end 
+
+        # Avoid error: You can't execute queries until the end
        # of the 'atomic' block.
        # From django docs:
        # https://docs.djangoproject.com/en/4.2/topics/migrations/#data-migrations
@ -49,15 +62,15 @@ class UserGroup(Group):
        ContentType = apps.get_model("contenttypes", "ContentType")
        Permission = apps.get_model("auth", "Permission")
        UserGroup = apps.get_model("registrar", "UserGroup")
-        
+
        logger.info("Going to create the Analyst Group")
        try:
            cisa_analysts_group, _ = UserGroup.objects.get_or_create(
                name="cisa_analysts_group",
            )
-            
+
            cisa_analysts_group.permissions.clear()
-            
+
            for permission in CISA_ANALYST_GROUP_PERMISSIONS:
                app_label = permission["app_label"]
                model_name = permission["model"]
@ -67,19 +80,17 @@ class UserGroup(Group):
                content_type = ContentType.objects.get(
                    app_label=app_label, model=model_name
                )
-                
+
                # Retrieve the permissions based on their codenames
                permissions = Permission.objects.filter(
                    content_type=content_type, codename__in=permissions
                )
-                
+
                # Assign the permissions to the group
                cisa_analysts_group.permissions.add(*permissions)

                # Convert the permissions QuerySet to a list of codenames
-                permission_list = list(
-                    permissions.values_list("codename", flat=True)
-                )
+                permission_list = list(permissions.values_list("codename", flat=True))

                logger.debug(
                    app_label
@ -92,14 +103,18 @@ class UserGroup(Group):
                )

                cisa_analysts_group.save()
-                logger.debug("CISA Analyt permissions added to group " + cisa_analysts_group.name)
+                logger.debug(
+                    "CISA Analyt permissions added to group " + cisa_analysts_group.name
+                )
        except Exception as e:
            logger.error(f"Error creating analyst permissions group: {e}")
-                    
+
    def create_full_access_group(apps, schema_editor):
+        """This method gets run from a data migration."""
+
        Permission = apps.get_model("auth", "Permission")
        UserGroup = apps.get_model("registrar", "UserGroup")
-        
+
        logger.info("Going to create the Full Access Group")
        try:
            full_access_group, _ = UserGroup.objects.get_or_create(
@ -107,10 +122,10 @@ class UserGroup(Group):
            )
            # Get all available permissions
            all_permissions = Permission.objects.all()
-                    
+
            # Assign all permissions to the group
            full_access_group.permissions.add(*all_permissions)
-            
+
            full_access_group.save()
            logger.debug("All permissions added to group " + full_access_group.name)
        except Exception as e: