zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-19 19:09:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1149 from cisagov/es/1052-add-analyst-domain-invitation-permission

Browse source 
#1052 Add analyst permissions to add and view domain invitations
This commit is contained in:
Erin Song 2023-10-12 11:19:59 -07:00 committed by GitHub
commit 1904c7e461
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 58 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/django-admin/roles.md
View file

@ -13,7 +13,8 @@ For more details, refer to the [user group model](../../src/registrar/models/use
We can edit and deploy new group permissions by: We can edit and deploy new group permissions by:
1. editing `user_group` then: 1. Editing `user_group` then:
2. Duplicating migration `0036_create_groups_01` 2. Duplicating migration `0036_create_groups_01`
and running migrations (append the name with a version number and running migrations (append the name with a version number
to help django detect the migration eg 0037_create_groups_02) to help django detect the migration eg 0037_create_groups_02)
3. Making sure to update the dependency on the new migration with the previous migration

6
src/registrar/admin.py
View file

@ -342,6 +342,12 @@ class DomainInvitationAdmin(ListHeaderAdmin):
] ]
search_help_text = "Search by email or domain." search_help_text = "Search by email or domain."
# Mark the FSM field 'status' as readonly
# to allow admin users to create Domain Invitations
# without triggering the FSM Transition Not Allowed
# error.
readonly_fields = ["status"]
class DomainInformationAdmin(ListHeaderAdmin): class DomainInformationAdmin(ListHeaderAdmin):
"""Customize domain information admin class.""" """Customize domain information admin class."""

5
src/registrar/migrations/0037_create_groups_v01.py
View file

@ -2,11 +2,14 @@
# It is dependent on 0035 (which populates ContentType and Permissions) # It is dependent on 0035 (which populates ContentType and Permissions)
# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS # If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS
# in the user_group model then: # in the user_group model then:
# [NOT RECOMMENDED]
# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions # step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups # step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
# step 3: fake run the latest migration in the migrations list # step 3: fake run the latest migration in the migrations list
# [RECOMMENDED]
# Alternatively: # Alternatively:
# Only step: duplicate the migtation that loads data and run: docker-compose exec app ./manage.py migrate # step 1: duplicate the migration that loads data
# step 2: docker-compose exec app ./manage.py migrate
from django.db import migrations from django.db import migrations
from registrar.models import UserGroup from registrar.models import UserGroup

37
src/registrar/migrations/0038_create_groups_v02.py Normal file
View file

@ -0,0 +1,37 @@
# This migration creates the create_full_access_group and create_cisa_analyst_group groups
# It is dependent on 0035 (which populates ContentType and Permissions)
# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS
# in the user_group model then:
# [NOT RECOMMENDED]
# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
# step 3: fake run the latest migration in the migrations list
# [RECOMMENDED]
# Alternatively:
# step 1: duplicate the migration that loads data
# step 2: docker-compose exec app ./manage.py migrate
from django.db import migrations
from registrar.models import UserGroup
from typing import Any
# For linting: RunPython expects a function reference,
# so let's give it one
def create_groups(apps, schema_editor) -> Any:
UserGroup.create_cisa_analyst_group(apps, schema_editor)
UserGroup.create_full_access_group(apps, schema_editor)
class Migration(migrations.Migration):
dependencies = [
("registrar", "0037_create_groups_v01"),
]
operations = [
migrations.RunPython(
create_groups,
reverse_code=migrations.RunPython.noop,
atomic=True,
),
]

5
src/registrar/models/user_group.py
View file

@ -51,6 +51,11 @@ class UserGroup(Group):
"model": "user", "model": "user",
"permissions": ["analyst_access_permission", "change_user"], "permissions": ["analyst_access_permission", "change_user"],
}, },
{
"app_label": "registrar",
"model": "domaininvitation",
"permissions": ["add_domaininvitation", "view_domaininvitation"],
},
] ]
# Avoid error: You can't execute queries until the end # Avoid error: You can't execute queries until the end

3
src/registrar/tests/test_migrations.py
View file

@ -32,6 +32,7 @@ class TestGroups(TestCase):
) )
# Test permissions for cisa_analysts_group # Test permissions for cisa_analysts_group
# Verifies permission data migrations ran as expected.
# Define the expected permission codenames # Define the expected permission codenames
expected_permissions = [ expected_permissions = [
"view_logentry", "view_logentry",
@ -39,6 +40,8 @@ class TestGroups(TestCase):
"view_domain", "view_domain",
"change_domainapplication", "change_domainapplication",
"change_domaininformation", "change_domaininformation",
"add_domaininvitation",
"view_domaininvitation",
"change_draftdomain", "change_draftdomain",
"analyst_access_permission", "analyst_access_permission",
"change_user", "change_user",