From 18f7269cf061eba008a03750a4f45da899e7b504 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 24 Mar 2025 12:58:32 -0600
Subject: [PATCH] #3620

---
 .../migrations/0144_create_groups_v19.py      | 37 +++++++++++++++++++
 src/registrar/models/user_group.py            |  8 ++++
 2 files changed, 45 insertions(+)
 create mode 100644 src/registrar/migrations/0144_create_groups_v19.py

diff --git a/src/registrar/migrations/0144_create_groups_v19.py b/src/registrar/migrations/0144_create_groups_v19.py
new file mode 100644
index 000000000..726ea9cc9
--- /dev/null
+++ b/src/registrar/migrations/0144_create_groups_v19.py
@@ -0,0 +1,37 @@
+# This migration creates the create_full_access_group and create_cisa_analyst_group groups
+# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS
+# in the user_group model then:
+# [NOT RECOMMENDED]
+# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
+# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
+# step 3: fake run the latest migration in the migrations list
+# [RECOMMENDED]
+# Alternatively:
+# step 1: duplicate the migration that loads data
+# step 2: docker-compose exec app ./manage.py migrate
+
+from django.db import migrations
+from registrar.models import UserGroup
+from typing import Any
+
+
+# For linting: RunPython expects a function reference,
+# so let's give it one
+def create_groups(apps, schema_editor) -> Any:
+    UserGroup.create_cisa_analyst_group(apps, schema_editor)
+    UserGroup.create_omb_analyst_group(apps, schema_editor)
+    UserGroup.create_full_access_group(apps, schema_editor)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("registrar", "0143_create_groups_v18"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            create_groups,
+            reverse_code=migrations.RunPython.noop,
+            atomic=True,
+        ),
+    ]
diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py
index 331e36605..9aa4345c9 100644
--- a/src/registrar/models/user_group.py
+++ b/src/registrar/models/user_group.py
@@ -90,6 +90,14 @@ class UserGroup(Group):
                     "delete_userportfoliopermission",
                 ],
             },
+            {
+                "app_label": "registrar",
+                "model": "portfolioinvitation",
+                "permissions": [
+                    "add_portfolioinvitation",
+                    "view_portfolioinvitation",
+                ],
+            },
         ]
 
         # Avoid error: You can't execute queries until the end