From a0f50465f8604822b7df10a411bcca49242b32d5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 16 Aug 2023 15:30:59 -0600
Subject: [PATCH 001/110] Update home.html

---
 src/registrar/templates/home.html | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/registrar/templates/home.html b/src/registrar/templates/home.html
index 792beec43..a1a54376a 100644
--- a/src/registrar/templates/home.html
+++ b/src/registrar/templates/home.html
@@ -43,13 +43,13 @@
           <td data-label="Status">{{ domain.application_status|title }}</td>
           <td>
             <a href="{% url "domain" pk=domain.pk %}">
-              <svg 
-                class="usa-icon" 
-                aria-hidden="true" 
-                focusable="false" 
-                role="img" 
+              <svg
+                class="usa-icon"
+                aria-hidden="true"
+                focusable="false"
+                role="img"
                 width="24"
-              > 
+              >
                 <use xlink:href="{%static 'img/sprite.svg'%}#settings"></use>
               </svg>
                 Manage <span class="usa-sr-only">{{ domain.name }}</span>
@@ -115,14 +115,16 @@
       aria-live="polite"
     ></div>
     {% else %}
-    <p>You don't have any active domain requests right now</p> 
+    <p>You don't have any active domain requests right now</p>
     {% endif %}
     <p><a href="{% url 'application:' %}" class="usa-button">Start a new domain request</a></p>
   </section>
 
+  {# Note: Reimplement this later after MVP #}
+  <!--
   <section class="section--outlined tablet:grid-col-11 desktop:grid-col-10">
     <h2>Archived domains</h2>
-    <p>You don't have any archived domains</p> 
+    <p>You don't have any archived domains</p>
   </section>
 
   <section class="tablet:grid-col-11 desktop:grid-col-10">
@@ -132,7 +134,7 @@
       Export domains as csv
     </a>
   </section>
-
+  -->
 </div>
 
 {% else %} {# not user.is_authenticated #}

From f4b4c2e0e31df0bd025b460c223a5e019cfbe936 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 16 Aug 2023 15:34:56 -0600
Subject: [PATCH 002/110] Merge was a bit funky, fixing

---
 src/registrar/templates/home.html | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/home.html b/src/registrar/templates/home.html
index a24ae97d6..6daaf35ba 100644
--- a/src/registrar/templates/home.html
+++ b/src/registrar/templates/home.html
@@ -126,6 +126,7 @@
     <h2>Archived domains</h2>
     <p>You don't have any archived domains</p>
   </section>
+  -->
 
   <!-- Note: Uncomment below when this is being implemented post-MVP -->
   <!-- <section class="tablet:grid-col-11 desktop:grid-col-10">
@@ -134,8 +135,8 @@
     <a href="{% url 'todo' %}" class="usa-button usa-button--outline">
       Export domains as csv
     </a>
-  </section> -->
-
+  </section>
+  -->
 </div>
 
 {% else %} {# not user.is_authenticated #}

From e384b03d3610c1e6fc9b3bf9daf6235fd2138a23 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 17 Aug 2023 07:34:12 -0600
Subject: [PATCH 003/110] Domain Request Button

---
 src/registrar/templates/home.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/home.html b/src/registrar/templates/home.html
index 6daaf35ba..b2f784ebd 100644
--- a/src/registrar/templates/home.html
+++ b/src/registrar/templates/home.html
@@ -116,8 +116,8 @@
     ></div>
     {% else %}
     <p>You don't have any active domain requests right now</p>
-    {% endif %}
     <p><a href="{% url 'application:' %}" class="usa-button">Start a new domain request</a></p>
+    {% endif %}
   </section>
 
   {# Note: Reimplement this later after MVP #}

From 16c70d555c04d2cc3636193b69cdfda528028f1b Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 17 Aug 2023 08:38:09 -0600
Subject: [PATCH 004/110] Verbiage change

---
 src/registrar/templates/home.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/home.html b/src/registrar/templates/home.html
index b2f784ebd..86fefef4a 100644
--- a/src/registrar/templates/home.html
+++ b/src/registrar/templates/home.html
@@ -120,7 +120,7 @@
     {% endif %}
   </section>
 
-  {# Note: Reimplement this later after MVP #}
+  {# Note: Reimplement this after MVP #}
   <!--
   <section class="section--outlined tablet:grid-col-11 desktop:grid-col-10">
     <h2>Archived domains</h2>

From f212d01ad478fee74b159348e1479b5655542361 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Thu, 17 Aug 2023 13:47:23 -0500
Subject: [PATCH 005/110] Update bl environment

---
 ops/manifests/manifest-bl.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ops/manifests/manifest-bl.yaml b/ops/manifests/manifest-bl.yaml
index ec6d627ce..bff347709 100644
--- a/ops/manifests/manifest-bl.yaml
+++ b/ops/manifests/manifest-bl.yaml
@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-bl.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-bl.app.cloud.gov
   services:

From ca99231165e5c9bbec92daa91ffb488e6661ede5 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Thu, 17 Aug 2023 14:21:24 -0500
Subject: [PATCH 006/110] Update org name in github sandbox workflow

---
 .github/workflows/deploy-sandbox.yaml |   2 +-
 ops/scripts/create_environment.sh     | 145 ++++++++++++++++++++++++++
 2 files changed, 146 insertions(+), 1 deletion(-)
 create mode 100755 ops/scripts/create_environment.sh

diff --git a/.github/workflows/deploy-sandbox.yaml b/.github/workflows/deploy-sandbox.yaml
index 3b418c4d5..6bf06c85b 100644
--- a/.github/workflows/deploy-sandbox.yaml
+++ b/.github/workflows/deploy-sandbox.yaml
@@ -52,7 +52,7 @@ jobs:
         with:
           cf_username: ${{ secrets[env.CF_USERNAME] }}
           cf_password: ${{ secrets[env.CF_PASSWORD] }}
-          cf_org: cisa-getgov-prototyping
+          cf_org: cisa-dotgov
           cf_space: ${{ env.ENVIRONMENT }}
           push_arguments: "-f ops/manifests/manifest-${{ env.ENVIRONMENT }}.yaml"
   comment:
diff --git a/ops/scripts/create_environment.sh b/ops/scripts/create_environment.sh
new file mode 100755
index 000000000..761a94905
--- /dev/null
+++ b/ops/scripts/create_environment.sh
@@ -0,0 +1,145 @@
+# This script sets up a completely new Cloud.gov CF Space with all the corresponding
+# infrastructure needed to run get.gov. It can serve for documentation for running
+# NOTE: This script was written for MacOS and to be run at the root directory
+# of the repository.
+
+if [ -z "$1" ]; then
+    echo 'Please specify a name on the command line for the new space (i.e. lmm)' >&2
+    exit 1
+fi
+
+if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
+    echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
+    exit 1
+fi
+
+upcase_name=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]')
+
+read -p "Are you on a new branch? We will have to commit this work. (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    git checkout -b new-environment-$1
+fi
+
+cf target -o cisa-dotgov
+
+read -p "Are you logged in to the cisa-dotgov CF org above? (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    cf login -a https://api.fr.cloud.gov --sso
+fi
+
+gh auth status
+read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    gh auth login
+fi
+
+echo "Creating manifest for $1..."
+cp ops/scripts/manifest-sandbox-template.yaml ops/manifests/manifest-$1.yaml
+sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml"
+
+echo "Adding new environment to settings.py..."
+sed -i '' '/getgov-staging.app.cloud.gov/ {a\
+    '\"getgov-$1.app.cloud.gov\"',
+}' src/registrar/config/settings.py
+
+echo "Creating new cloud.gov space for $1..."
+cf create-space $1
+cf target -o "cisa-dotgov" -s $1
+cf bind-security-group public_networks_egress cisa-dotgov --space $1
+cf bind-security-group trusted_local_networks_egress cisa-dotgov --space $1
+
+echo "Creating new cloud.gov DB for $1. This usually takes about 5 minutes..."
+cf create-service aws-rds micro-psql getgov-$1-database
+
+until cf service getgov-$1-database | grep -q 'The service instance status is succeeded'
+do
+  echo "Database not up yet, waiting..."
+  sleep 30
+done
+
+echo "Creating new cloud.gov credentials for $1..."
+django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())')
+openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt
+login_key=$(base64 -i private-$1.pem)
+jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json
+cf cups getgov-credentials -p credentials-$1.json
+
+echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/."
+echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?"
+echo "There are two things to update."
+echo "1. You need to upload the public-$1.crt file generated as part of the previous command."
+echo "2. You need to add two redirect URIs: https://getgov-$1.app.cloud.gov/openid/callback/login/ and
+https://getgov-$1.app.cloud.gov/openid/callback/logout/ to the list of URIs."
+read -p "Please confirm when this is done (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    exit 1
+fi
+
+echo "Database create succeeded and credentials created. Deploying the get.gov application to the new space $1..."
+echo "Building assets..."
+open -a Docker
+cd src/
+./build.sh
+cd ..
+cf push getgov-$1 -f ops/manifests/manifest-$1.yaml
+
+read -p "Please provide the email of the space developer: " -r
+cf set-space-role $REPLY cisa-dotgov $1 SpaceDeveloper
+
+read -p "Should we run migrations? (y/n) " -n 1 -r
+echo
+if [[ $REPLY =~ ^[Yy]$ ]]
+then
+    cf run-task getgov-$1 --command 'python manage.py migrate' --name migrate
+fi
+
+echo "Alright, your app is up and running at https://getgov-$1.app.cloud.gov!"
+echo
+echo "Moving on to setup Github automation..."
+
+echo "Adding new environment to Github Actions..."
+sed -i '' '/          - staging/ {a\
+          - '"$1"'
+}' .github/workflows/reset-db.yaml
+
+sed -i '' '/          - staging/ {a\
+          - '"$1"'
+}' .github/workflows/migrate.yaml
+
+sed -i '' '/${{startsWith(github.head_ref, / {a\
+        || startsWith(github.head_ref, '"'$1'"')
+}' .github/workflows/deploy-sandbox.yaml
+
+echo "Creating space deployer for Github deploys..."
+cf create-service cloud-gov-service-account space-deployer github-cd-account
+cf create-service-key github-cd-account github-cd-key
+cf service-key github-cd-account github-cd-key
+read -p "Please confirm we should set the above username and key to Github secrets. (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    exit 1
+fi
+
+cf service-key github-cd-account github-cd-key | sed 1,2d  | jq -r '[.username, .password]|@tsv' | 
+while read -r username password; do
+    gh secret --repo cisagov/getgov set CF_${upcase_name}_USERNAME --body $username
+    gh secret --repo cisagov/getgov set CF_${upcase_name}_PASSWORD --body $password
+done
+
+read -p "All done! Should we open a PR with these changes? (y/n) " -n 1 -r
+echo
+if [[ $REPLY =~ ^[Yy]$ ]]
+then
+    git add ops/manifests/manifest-$1.yaml .github/workflows/ src/registrar/config/settings.py 
+    git commit -m "Add new developer sandbox '"$1"' infrastructure"
+    gh pr create
+fi

From 6460bd1cc63e13b9f8344828f196aee9b3aaefd5 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Thu, 17 Aug 2023 14:42:32 -0500
Subject: [PATCH 007/110] Try harder to get migration right

---
 ...nment.sh => create_environment_migrate.sh} |  4 +--
 .../manifest-sandbox-template-migrate.yaml    | 30 +++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)
 rename ops/scripts/{create_environment.sh => create_environment_migrate.sh} (97%)
 create mode 100644 ops/scripts/manifest-sandbox-template-migrate.yaml

diff --git a/ops/scripts/create_environment.sh b/ops/scripts/create_environment_migrate.sh
similarity index 97%
rename from ops/scripts/create_environment.sh
rename to ops/scripts/create_environment_migrate.sh
index 761a94905..52b80909e 100755
--- a/ops/scripts/create_environment.sh
+++ b/ops/scripts/create_environment_migrate.sh
@@ -40,7 +40,7 @@ then
 fi
 
 echo "Creating manifest for $1..."
-cp ops/scripts/manifest-sandbox-template.yaml ops/manifests/manifest-$1.yaml
+cp ops/scripts/manifest-sandbox-template-migrate.yaml ops/manifests/manifest-$1.yaml
 sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml"
 
 echo "Adding new environment to settings.py..."
@@ -129,7 +129,7 @@ then
     exit 1
 fi
 
-cf service-key github-cd-account github-cd-key | sed 1,2d  | jq -r '[.username, .password]|@tsv' | 
+cf service-key github-cd-account github-cd-key | sed 1,2d  | jq -r '[.credentials.username, .credentials.password]|@tsv' | 
 while read -r username password; do
     gh secret --repo cisagov/getgov set CF_${upcase_name}_USERNAME --body $username
     gh secret --repo cisagov/getgov set CF_${upcase_name}_PASSWORD --body $password
diff --git a/ops/scripts/manifest-sandbox-template-migrate.yaml b/ops/scripts/manifest-sandbox-template-migrate.yaml
new file mode 100644
index 000000000..8789effa5
--- /dev/null
+++ b/ops/scripts/manifest-sandbox-template-migrate.yaml
@@ -0,0 +1,30 @@
+---
+applications:
+- name: getgov-ENVIRONMENT
+  buildpacks:
+    - python_buildpack
+  path: ../../src
+  instances: 1
+  memory: 512M
+  stack: cflinuxfs4
+  timeout: 180
+  command: ./run.sh
+  health-check-type: http
+  health-check-http-endpoint: /health
+  env:
+    # Send stdout and stderr straight to the terminal without buffering
+    PYTHONUNBUFFERED: yup
+    # Tell Django where to find its configuration
+    DJANGO_SETTINGS_MODULE: registrar.config.settings
+    # Tell Django where it is being hosted
+    DJANGO_BASE_URL: https://getgov-ENVIRONMENT.app.cloud.gov
+    # Tell Django how much stuff to log
+    DJANGO_LOG_LEVEL: INFO
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+  # use a non-default route to avoid conflicts
+  routes:
+    - route: getgov-ENVIRONMENT-migrate.app.cloud.gov
+  services:
+  - getgov-credentials
+  - getgov-ENVIRONMENT-database

From 85bfaed1ff59eb09cbf9dca1c09bc2d1c7db2bf2 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Thu, 17 Aug 2023 14:45:48 -0500
Subject: [PATCH 008/110] More cloud.gov org changes

---
 .github/ISSUE_TEMPLATE/developer-onboarding.md | 2 +-
 .github/workflows/migrate.yaml                 | 2 +-
 .github/workflows/reset-db.yaml                | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/developer-onboarding.md b/.github/ISSUE_TEMPLATE/developer-onboarding.md
index 11b2d86fc..6f9c894a9 100644
--- a/.github/ISSUE_TEMPLATE/developer-onboarding.md
+++ b/.github/ISSUE_TEMPLATE/developer-onboarding.md
@@ -37,7 +37,7 @@ cf login -a api.fr.cloud.gov  --sso
 - [ ] Optional- add yourself as a codeowner if desired. See the [Developer readme](https://github.com/cisagov/getgov/blob/main/docs/developer/README.md) for how to do this and what it does.
 
 ### Steps for the onboarder
-- [ ] Add the onboardee to cloud.gov org (cisa-getgov-prototyping) 
+- [ ] Add the onboardee to cloud.gov org (cisa-dotgov) 
 - [ ] Setup a [developer specific space for the new developer](#setting-up-developer-sandbox)
 - [ ] Add the onboardee to our login.gov sandbox team (`.gov registrar poc`) via the [dashboard](https://dashboard.int.identitysandbox.gov/)
 
diff --git a/.github/workflows/migrate.yaml b/.github/workflows/migrate.yaml
index fbfc7f17a..c1cec9206 100644
--- a/.github/workflows/migrate.yaml
+++ b/.github/workflows/migrate.yaml
@@ -37,6 +37,6 @@ jobs:
         with:
           cf_username: ${{ secrets[env.CF_USERNAME] }}
           cf_password: ${{ secrets[env.CF_PASSWORD] }}
-          cf_org: cisa-getgov-prototyping
+          cf_org: cisa-dotgov
           cf_space: ${{ github.event.inputs.environment }}
           full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --command 'python manage.py migrate' --name migrate"
diff --git a/.github/workflows/reset-db.yaml b/.github/workflows/reset-db.yaml
index fea4f19e2..006ab840c 100644
--- a/.github/workflows/reset-db.yaml
+++ b/.github/workflows/reset-db.yaml
@@ -38,7 +38,7 @@ jobs:
         with:
           cf_username: ${{ secrets[env.CF_USERNAME] }}
           cf_password: ${{ secrets[env.CF_PASSWORD] }}
-          cf_org: cisa-getgov-prototyping
+          cf_org: cisa-dotgov
           cf_space: ${{ github.event.inputs.environment }}
           full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --command 'python manage.py flush --no-input' --name flush"
 
@@ -47,7 +47,7 @@ jobs:
         with:
           cf_username: ${{ secrets[env.CF_USERNAME] }}
           cf_password: ${{ secrets[env.CF_PASSWORD] }}
-          cf_org: cisa-getgov-prototyping
+          cf_org: cisa-dotgov
           cf_space: ${{ github.event.inputs.environment }}
           full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --command 'python manage.py migrate' --name migrate"
 
@@ -56,6 +56,6 @@ jobs:
         with:
           cf_username: ${{ secrets[env.CF_USERNAME] }}
           cf_password: ${{ secrets[env.CF_PASSWORD] }}
-          cf_org: cisa-getgov-prototyping
+          cf_org: cisa-dotgov
           cf_space: ${{ github.event.inputs.environment }}
           full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --command 'python manage.py load' --name loaddata"

From 0d2a9eee802986cd3debab45ca08cd1121e6af79 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Thu, 17 Aug 2023 14:55:08 -0500
Subject: [PATCH 009/110] Even more cloud.gov org changes

---
 ops/scripts/create_dev_sandbox.sh  | 12 ++++++------
 ops/scripts/destroy_dev_sandbox.sh |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/ops/scripts/create_dev_sandbox.sh b/ops/scripts/create_dev_sandbox.sh
index f180ada8d..5eeed9c10 100755
--- a/ops/scripts/create_dev_sandbox.sh
+++ b/ops/scripts/create_dev_sandbox.sh
@@ -21,9 +21,9 @@ then
     git checkout -b new-dev-sandbox-$1
 fi
 
-cf target -o cisa-getgov-prototyping
+cf target -o cisa-dotgov
 
-read -p "Are you logged in to the cisa-getgov-prototyping CF org above? (y/n) " -n 1 -r
+read -p "Are you logged in to the cisa-dotgov CF org above? (y/n) " -n 1 -r
 echo
 if [[ ! $REPLY =~ ^[Yy]$ ]]
 then
@@ -49,9 +49,9 @@ sed -i '' '/getgov-staging.app.cloud.gov/ {a\
 
 echo "Creating new cloud.gov space for $1..."
 cf create-space $1
-cf target -o "cisa-getgov-prototyping" -s $1
-cf bind-security-group public_networks_egress cisa-getgov-prototyping --space $1
-cf bind-security-group trusted_local_networks_egress cisa-getgov-prototyping --space $1
+cf target -o "cisa-dotgov" -s $1
+cf bind-security-group public_networks_egress cisa-dotgov --space $1
+cf bind-security-group trusted_local_networks_egress cisa-dotgov --space $1
 
 echo "Creating new cloud.gov DB for $1. This usually takes about 5 minutes..."
 cf create-service aws-rds micro-psql getgov-$1-database
@@ -91,7 +91,7 @@ cd ..
 cf push getgov-$1 -f ops/manifests/manifest-$1.yaml
 
 read -p "Please provide the email of the space developer: " -r
-cf set-space-role $REPLY cisa-getgov-prototyping $1 SpaceDeveloper
+cf set-space-role $REPLY cisa-dotgov $1 SpaceDeveloper
 
 read -p "Should we run migrations? (y/n) " -n 1 -r
 echo
diff --git a/ops/scripts/destroy_dev_sandbox.sh b/ops/scripts/destroy_dev_sandbox.sh
index 47a7f26d8..9e233b2f1 100755
--- a/ops/scripts/destroy_dev_sandbox.sh
+++ b/ops/scripts/destroy_dev_sandbox.sh
@@ -20,9 +20,9 @@ then
     git checkout -b remove-dev-sandbox-$1
 fi
 
-cf target -o cisa-getgov-prototyping -s $1
+cf target -o cisa-dotgov -s $1
 
-read -p "Are you logged in to the cisa-getgov-prototyping CF org above? (y/n) " -n 1 -r
+read -p "Are you logged in to the cisa-dotgov CF org above? (y/n) " -n 1 -r
 echo
 if [[ ! $REPLY =~ ^[Yy]$ ]]
 then

From 4246bab870cb7ce7302f999a1fbf72b0a1d4ca27 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Fri, 18 Aug 2023 12:59:12 -0500
Subject: [PATCH 010/110] More migration scripts

---
 ops/scripts/create_environment_migrate.sh | 18 --------------
 ops/scripts/migrate_new_old.sh            | 30 +++++++++++++++++++++++
 2 files changed, 30 insertions(+), 18 deletions(-)
 create mode 100755 ops/scripts/migrate_new_old.sh

diff --git a/ops/scripts/create_environment_migrate.sh b/ops/scripts/create_environment_migrate.sh
index 52b80909e..77571ca6c 100755
--- a/ops/scripts/create_environment_migrate.sh
+++ b/ops/scripts/create_environment_migrate.sh
@@ -43,11 +43,6 @@ echo "Creating manifest for $1..."
 cp ops/scripts/manifest-sandbox-template-migrate.yaml ops/manifests/manifest-$1.yaml
 sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml"
 
-echo "Adding new environment to settings.py..."
-sed -i '' '/getgov-staging.app.cloud.gov/ {a\
-    '\"getgov-$1.app.cloud.gov\"',
-}' src/registrar/config/settings.py
-
 echo "Creating new cloud.gov space for $1..."
 cf create-space $1
 cf target -o "cisa-dotgov" -s $1
@@ -105,19 +100,6 @@ echo "Alright, your app is up and running at https://getgov-$1.app.cloud.gov!"
 echo
 echo "Moving on to setup Github automation..."
 
-echo "Adding new environment to Github Actions..."
-sed -i '' '/          - staging/ {a\
-          - '"$1"'
-}' .github/workflows/reset-db.yaml
-
-sed -i '' '/          - staging/ {a\
-          - '"$1"'
-}' .github/workflows/migrate.yaml
-
-sed -i '' '/${{startsWith(github.head_ref, / {a\
-        || startsWith(github.head_ref, '"'$1'"')
-}' .github/workflows/deploy-sandbox.yaml
-
 echo "Creating space deployer for Github deploys..."
 cf create-service cloud-gov-service-account space-deployer github-cd-account
 cf create-service-key github-cd-account github-cd-key
diff --git a/ops/scripts/migrate_new_old.sh b/ops/scripts/migrate_new_old.sh
new file mode 100755
index 000000000..99cadb0b2
--- /dev/null
+++ b/ops/scripts/migrate_new_old.sh
@@ -0,0 +1,30 @@
+# This script sets up a completely new Cloud.gov CF Space with all the corresponding
+# infrastructure needed to run get.gov. It can serve for documentation for running
+# NOTE: This script was written for MacOS and to be run at the root directory
+# of the repository.
+
+if [ -z "$1" ]; then
+    echo 'Please specify a name on the command line for the new space (i.e. lmm)' >&2
+    exit 1
+fi
+
+# The user running this script has to be a SpaceDeveloper on both the
+# new and old org/spaces.
+
+OLD_ORG="cisa-getgov-prototyping"
+NEW_ORG="cisa-dotgov"
+
+#
+# delete old route
+cf target -o $OLD_ORG -s $1
+cf delete-route app.cloud.gov -n getgov-$1
+
+# re-claim the route on new orf
+cf target -o $NEW_ORG -s $1
+cf map-route getgov-$1 app.cloud.gov -n getgov-$1
+
+# delete old app
+cf target -o $OLD_ORG -s $1
+cf delete getgov-$1
+
+printf "Remove -migrate from ops/manifests/manifest-$1.yaml"

From 3c09cb70f3cfa398a04212e91f77ab8806288af4 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Fri, 18 Aug 2023 12:59:27 -0500
Subject: [PATCH 011/110] Migrated rjm

---
 ops/manifests/manifest-rjm.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ops/manifests/manifest-rjm.yaml b/ops/manifests/manifest-rjm.yaml
index 9622f09bc..1942414ef 100644
--- a/ops/manifests/manifest-rjm.yaml
+++ b/ops/manifests/manifest-rjm.yaml
@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-rjm.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-rjm.app.cloud.gov
   services:

From 2c1960e8ce8b313e25b647fdcbe28c39ee556329 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Fri, 18 Aug 2023 12:59:43 -0500
Subject: [PATCH 012/110] More dotgov org changes

---
 .github/workflows/deploy-stable.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-stable.yaml b/.github/workflows/deploy-stable.yaml
index 2f1a2a6b4..0a40ac097 100644
--- a/.github/workflows/deploy-stable.yaml
+++ b/.github/workflows/deploy-stable.yaml
@@ -36,6 +36,6 @@ jobs:
         with:
           cf_username: ${{ secrets.CF_STABLE_USERNAME }}
           cf_password: ${{ secrets.CF_STABLE_PASSWORD }}
-          cf_org: cisa-getgov-prototyping
+          cf_org: cisa-dotgov
           cf_space: stable
           push_arguments: "-f ops/manifests/manifest-stable.yaml"

From c98392baacfcdf365469e4804b6cd18d8dfacb37 Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Fri, 18 Aug 2023 17:24:34 -0400
Subject: [PATCH 013/110] Add ineligible status on domain application, on user.
 Trigger fsm transition on domain application which triggers status ineligible
 on user. Edit permissions on domains and newly created application wizard
 perm class to block access to ineligible users. Run migrations.

---
 src/registrar/admin.py                        | 12 +++
 ...r_status_alter_domainapplication_status.py | 42 ++++++++
 src/registrar/models/domain_application.py    | 15 ++-
 src/registrar/models/user.py                  | 27 +++++
 src/registrar/tests/test_models.py            | 99 +++++++++++++++++++
 src/registrar/views/application.py            |  6 +-
 src/registrar/views/utility/__init__.py       |  1 +
 src/registrar/views/utility/mixins.py         | 23 ++++-
 .../views/utility/permission_views.py         | 18 +++-
 9 files changed, 236 insertions(+), 7 deletions(-)
 create mode 100644 src/registrar/migrations/0029_user_status_alter_domainapplication_status.py

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 96b8aaa33..8426b7e40 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -98,6 +98,15 @@ class MyUserAdmin(BaseUserAdmin):
     """Custom user admin class to use our inlines."""
 
     inlines = [UserContactInline]
+    
+    list_display = ("email", "first_name", "last_name", "is_staff", "is_superuser", "status")
+    
+    fieldsets = (
+        (None, {'fields': ('username', 'password', 'status')}), # Add the 'status' field here
+        ('Personal Info', {'fields': ('first_name', 'last_name', 'email')}),
+        ('Permissions', {'fields': ('is_active', 'is_staff', 'is_superuser', 'groups', 'user_permissions')}),
+        ('Important dates', {'fields': ('last_login', 'date_joined')}),
+    )
 
     def get_list_display(self, request):
         if not request.user.is_superuser:
@@ -295,6 +304,9 @@ class DomainApplicationAdmin(ListHeaderAdmin):
                 elif obj.status == models.DomainApplication.REJECTED:
                     obj.status = original_obj.status
                     obj.reject()
+                elif obj.status == models.DomainApplication.INELIGIBLE:
+                    obj.status = original_obj.status
+                    obj.reject_with_prejudice()
                 else:
                     logger.warning("Unknown status selected in django admin")
 
diff --git a/src/registrar/migrations/0029_user_status_alter_domainapplication_status.py b/src/registrar/migrations/0029_user_status_alter_domainapplication_status.py
new file mode 100644
index 000000000..504358665
--- /dev/null
+++ b/src/registrar/migrations/0029_user_status_alter_domainapplication_status.py
@@ -0,0 +1,42 @@
+# Generated by Django 4.2.1 on 2023-08-18 16:59
+
+from django.db import migrations, models
+import django_fsm
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("registrar", "0028_alter_domainapplication_status"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="status",
+            field=models.CharField(
+                blank=True,
+                choices=[("ineligible", "ineligible")],
+                default=None,
+                max_length=10,
+                null=True,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="domainapplication",
+            name="status",
+            field=django_fsm.FSMField(
+                choices=[
+                    ("started", "started"),
+                    ("submitted", "submitted"),
+                    ("in review", "in review"),
+                    ("action needed", "action needed"),
+                    ("approved", "approved"),
+                    ("withdrawn", "withdrawn"),
+                    ("rejected", "rejected"),
+                    ("ineligible", "ineligible"),
+                ],
+                default="started",
+                max_length=50,
+            ),
+        ),
+    ]
diff --git a/src/registrar/models/domain_application.py b/src/registrar/models/domain_application.py
index 67f1ee5d9..7a52d3185 100644
--- a/src/registrar/models/domain_application.py
+++ b/src/registrar/models/domain_application.py
@@ -26,6 +26,7 @@ class DomainApplication(TimeStampedModel):
     APPROVED = "approved"
     WITHDRAWN = "withdrawn"
     REJECTED = "rejected"
+    INELIGIBLE = "ineligible"
     STATUS_CHOICES = [
         (STARTED, STARTED),
         (SUBMITTED, SUBMITTED),
@@ -34,6 +35,7 @@ class DomainApplication(TimeStampedModel):
         (APPROVED, APPROVED),
         (WITHDRAWN, WITHDRAWN),
         (REJECTED, REJECTED),
+        (INELIGIBLE, INELIGIBLE)
     ]
 
     class StateTerritoryChoices(models.TextChoices):
@@ -554,7 +556,7 @@ class DomainApplication(TimeStampedModel):
         )
 
     @transition(
-        field="status", source=[SUBMITTED, IN_REVIEW, REJECTED], target=APPROVED
+        field="status", source=[SUBMITTED, IN_REVIEW, REJECTED, INELIGIBLE], target=APPROVED
     )
     def approve(self):
         """Approve an application that has been submitted.
@@ -602,6 +604,17 @@ class DomainApplication(TimeStampedModel):
             "emails/status_change_rejected.txt",
             "emails/status_change_rejected_subject.txt",
         )
+        
+    @transition(field="status", source=[IN_REVIEW, APPROVED], target=INELIGIBLE)
+    def reject_with_prejudice(self):
+        """The applicant is a bad actor, reject with prejudice.
+
+        No email As a side effect, but we block the applicant from editing
+        any existing domains and from submitting new apllications"""
+        
+        self.creator.block_user()
+
+
 
     # ## Form policies ###
     #
diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py
index 4cd8b6c90..b6402a2bf 100644
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@@ -16,6 +16,20 @@ class User(AbstractUser):
     A custom user model that performs identically to the default user model
     but can be customized later.
     """
+    
+    # #### Constants for choice fields ####
+    INELIGIBLE = 'ineligible'
+    STATUS_CHOICES = (
+        (INELIGIBLE, INELIGIBLE),
+    )
+    
+    status = models.CharField(
+        max_length=10,
+        choices=STATUS_CHOICES,
+        default=None,  # Set the default value to None
+        null=True,     # Allow the field to be null
+        blank=True,    # Allow the field to be blank
+    )
 
     domains = models.ManyToManyField(
         "registrar.Domain",
@@ -38,6 +52,19 @@ class User(AbstractUser):
             return self.email
         else:
             return self.username
+        
+    def block_user(self):
+        self.status = "ineligible"
+        self.save()
+        
+    def unblock_user(self):
+        self.status = None
+        self.save()
+        
+    def is_blocked(self):
+        if self.status == "ineligible":
+            return True
+        return False
 
     def first_login(self):
         """Callback when the user is authenticated for the very first time.
diff --git a/src/registrar/tests/test_models.py b/src/registrar/tests/test_models.py
index 997d5f4e2..8274908fa 100644
--- a/src/registrar/tests/test_models.py
+++ b/src/registrar/tests/test_models.py
@@ -170,6 +170,15 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.submit()
+            
+    def test_transition_not_allowed_ineligible_submitted(self):
+        """Create an application with status ineligible and call submit
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.INELIGIBLE)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.submit()
 
     def test_transition_not_allowed_started_in_review(self):
         """Create an application with status started and call in_review
@@ -224,6 +233,15 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.in_review()
+            
+    def test_transition_not_allowed_ineligible_in_review(self):
+        """Create an application with status ineligible and call in_review
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.INELIGIBLE)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.in_review()
 
     def test_transition_not_allowed_started_action_needed(self):
         """Create an application with status started and call action_needed
@@ -269,6 +287,15 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.action_needed()
+            
+    def test_transition_not_allowed_ineligible_action_needed(self):
+        """Create an application with status ineligible and call action_needed
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.INELIGIBLE)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.action_needed()
 
     def test_transition_not_allowed_started_approved(self):
         """Create an application with status started and call approve
@@ -350,6 +377,15 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.withdraw()
+            
+    def test_transition_not_allowed_ineligible_withdrawn(self):
+        """Create an application with status ineligible and call withdraw
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.INELIGIBLE)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.withdraw()
 
     def test_transition_not_allowed_started_rejected(self):
         """Create an application with status started and call reject
@@ -395,6 +431,69 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.reject()
+            
+    def test_transition_not_allowed_ineligible_rejected(self):
+        """Create an application with status ineligible and call reject
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.INELIGIBLE)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.reject_with_prejudice()
+            
+    def test_transition_not_allowed_started_ineligible(self):
+        """Create an application with status started and call reject
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.STARTED)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.reject_with_prejudice()
+
+    def test_transition_not_allowed_submitted_ineligible(self):
+        """Create an application with status submitted and call reject
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.SUBMITTED)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.reject_with_prejudice()
+
+    def test_transition_not_allowed_action_needed_ineligible(self):
+        """Create an application with status action needed and call reject
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.ACTION_NEEDED)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.reject_with_prejudice()
+
+    def test_transition_not_allowed_withdrawn_ineligible(self):
+        """Create an application with status withdrawn and call reject
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.WITHDRAWN)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.reject_with_prejudice()
+
+    def test_transition_not_allowed_rejected_ineligible(self):
+        """Create an application with status rejected and call reject
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.REJECTED)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.reject_with_prejudice()
+            
+    def test_transition_not_allowed_ineligible_ineligible(self):
+        """Create an application with status ineligible and call reject
+        against transition rules"""
+
+        application = completed_application(status=DomainApplication.INELIGIBLE)
+
+        with self.assertRaises(TransitionNotAllowed):
+            application.reject_with_prejudice()
 
 
 class TestPermissions(TestCase):
diff --git a/src/registrar/views/application.py b/src/registrar/views/application.py
index 256f4be40..fc9443847 100644
--- a/src/registrar/views/application.py
+++ b/src/registrar/views/application.py
@@ -12,7 +12,7 @@ from registrar.models import DomainApplication
 from registrar.utility import StrEnum
 from registrar.views.utility import StepsHelper
 
-from .utility import DomainApplicationPermissionView
+from .utility import DomainApplicationPermissionView, ApplicationWizardPermissionView
 
 logger = logging.getLogger(__name__)
 
@@ -43,7 +43,7 @@ class Step(StrEnum):
     REVIEW = "review"
 
 
-class ApplicationWizard(TemplateView):
+class ApplicationWizard(ApplicationWizardPermissionView, TemplateView):
     """
     A common set of methods and configuration.
 
@@ -59,6 +59,8 @@ class ApplicationWizard(TemplateView):
     Any method not marked as internal can be overridden in a subclass,
     although not without consulting the base implementation, first.
     """
+    
+    template_name = ""
 
     # uniquely namespace the wizard in urls.py
     # (this is not seen _in_ urls, only for Django's internal naming)
diff --git a/src/registrar/views/utility/__init__.py b/src/registrar/views/utility/__init__.py
index 6c656c614..b782f59fd 100644
--- a/src/registrar/views/utility/__init__.py
+++ b/src/registrar/views/utility/__init__.py
@@ -5,4 +5,5 @@ from .permission_views import (
     DomainPermissionView,
     DomainApplicationPermissionView,
     DomainInvitationPermissionDeleteView,
+    ApplicationWizardPermissionView
 )
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 05da75d35..715514bd8 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -39,9 +39,9 @@ class DomainPermission(PermissionsLoginMixin):
         ).exists():
             return False
 
-        # ticket 796
-        # if domain.application__status != 'approved'
-        #     return false
+        # The user has an ineligible flag
+        if self.request.user.is_blocked():
+            return False
 
         # if we need to check more about the nature of role, do it here.
         return True
@@ -69,6 +69,23 @@ class DomainApplicationPermission(PermissionsLoginMixin):
             return False
 
         return True
+    
+
+class ApplicationWizardPermission(PermissionsLoginMixin):
+
+    """Does the logged-in user have permission to start or edit an application?"""
+
+    def has_permission(self):
+        """Check if this user has permission to start or edit an application.
+
+        The user is in self.request.user
+        """
+        
+        # The user has an ineligible flag
+        if self.request.user.is_blocked():
+            return False
+
+        return True
 
 
 class DomainInvitationPermission(PermissionsLoginMixin):
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index e52ed102c..d7b846377 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -2,7 +2,7 @@
 
 import abc  # abstract base class
 
-from django.views.generic import DetailView, DeleteView
+from django.views.generic import DetailView, DeleteView, TemplateView
 
 from registrar.models import Domain, DomainApplication, DomainInvitation
 
@@ -10,6 +10,7 @@ from .mixins import (
     DomainPermission,
     DomainApplicationPermission,
     DomainInvitationPermission,
+    ApplicationWizardPermission
 )
 
 
@@ -51,6 +52,21 @@ class DomainApplicationPermissionView(DomainApplicationPermission, DetailView, a
     @abc.abstractmethod
     def template_name(self):
         raise NotImplementedError
+    
+    
+class ApplicationWizardPermissionView(ApplicationWizardPermission, TemplateView, abc.ABC):
+
+    """Abstract base view for the application form that enforces permissions
+
+    This abstract view cannot be instantiated. Actual views must specify
+    `template_name`.
+    """
+
+    # Abstract property enforces NotImplementedError on an attribute.
+    @property
+    @abc.abstractmethod
+    def template_name(self):
+        raise NotImplementedError
 
 
 class DomainInvitationPermissionDeleteView(

From bd0edf7203748fafdfae282a0d05422bce1d0796 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 18 Aug 2023 15:29:03 -0600
Subject: [PATCH 014/110] Redirect and basic changes

---
 src/registrar/admin.py                        | 11 +++++
 src/registrar/assets/sass/_theme/_admin.scss  | 45 ++++++++++++++-----
 .../django/admin/domain_change_form.html      |  1 +
 src/registrar/templates/domain_base.html      | 29 ++++++++----
 src/registrar/templates/domain_detail.html    | 28 +++++++++---
 src/registrar/templates/domain_sidebar.html   | 21 ++++-----
 src/registrar/views/domain.py                 |  1 -
 src/registrar/views/utility/mixins.py         | 16 +++++--
 .../views/utility/permission_views.py         | 16 ++++++-
 9 files changed, 124 insertions(+), 44 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 96b8aaa33..a0894c203 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -160,6 +160,17 @@ class DomainAdmin(ListHeaderAdmin):
 
         return super().response_change(request, obj)
 
+    # Sets domain_id as a context var
+    def change_view(self, request, object_id, form_url="", extra_context=None):
+        extra_context = extra_context or {}
+        extra_context["domain_id"] = object_id
+        return super().change_view(
+            request,
+            object_id,
+            form_url,
+            extra_context=extra_context,
+        )
+
 
 class ContactAdmin(ListHeaderAdmin):
 
diff --git a/src/registrar/assets/sass/_theme/_admin.scss b/src/registrar/assets/sass/_theme/_admin.scss
index b87257344..204d335e9 100644
--- a/src/registrar/assets/sass/_theme/_admin.scss
+++ b/src/registrar/assets/sass/_theme/_admin.scss
@@ -1,7 +1,7 @@
 @use "cisa_colors" as *;
 @use "uswds-core" as *;
 
-// We'll use Django's CSS vars: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/#theming-support 
+// We'll use Django's CSS vars: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/#theming-support
 // and assign USWDS theme vars whenever possible
 // If needed (see below), we'll use the USWDS hex value
 // As a last resort, we'll use CISA colors to supplement the palette
@@ -72,34 +72,34 @@ html[data-theme="light"] {
 @media (prefers-color-scheme: dark) {
     :root,
     html[data-theme="dark"] {
-      // Edit the primary to meet accessibility requ.  
+      // Edit the primary to meet accessibility requ.
       --primary: #23485a;
       --primary-fg: #f7f7f7;
-  
+
       --body-fg: #eeeeee;
       --body-bg: #121212;
       --body-quiet-color: #e0e0e0;
       --body-loud-color: #ffffff;
-  
+
       --breadcrumbs-link-fg: #e0e0e0;
       --breadcrumbs-bg: var(--primary);
-  
+
       --link-fg: #81d4fa;
       --link-hover-color: #4ac1f7;
       --link-selected-fg: #6f94c6;
-  
+
       --hairline-color: #272727;
       --border-color: #353535;
-  
+
       --error-fg: #e35f5f;
       --message-success-bg: #006b1b;
       --message-warning-bg: #583305;
       --message-error-bg: #570808;
-  
+
       --darkened-bg: #212121;
       --selected-bg: #1b1b1b;
       --selected-row: #00363a;
-  
+
       --close-button-bg: #333333;
       --close-button-hover-bg: #666666;
     }
@@ -108,7 +108,7 @@ html[data-theme="light"] {
     .change-list .usa-table,
     .change-list .usa-table--striped tbody tr:nth-child(odd) td,
     .change-list .usa-table--borderless thead th,
-    .change-list .usa-table thead td, 
+    .change-list .usa-table thead td,
     .change-list .usa-table thead th,
     body.dashboard,
     body.change-list,
@@ -122,7 +122,7 @@ html[data-theme="dark"] {
     .change-list .usa-table,
     .change-list .usa-table--striped tbody tr:nth-child(odd) td,
     .change-list .usa-table--borderless thead th,
-    .change-list .usa-table thead td, 
+    .change-list .usa-table thead td,
     .change-list .usa-table thead th,
     body.dashboard,
     body.change-list,
@@ -163,10 +163,31 @@ table > caption > a {
     height: auto!important;
 }
 
-// Keep th from collapsing 
+// Keep th from collapsing
 .min-width-25 {
     min-width: 25px;
 }
 .min-width-81 {
     min-width: 81px;
 }
+
+.buttonAdminPadding {
+    background: var(--button-bg);
+    padding: 10px 15px;
+    border: none;
+    border-radius: 4px;
+    color: var(--button-fg);
+    cursor: pointer;
+    transition: background 0.15s;
+
+}
+
+.submit-row input {
+    height: 2.1875rem;
+    line-height: 0.9375rem;
+}
+
+a.button{
+    font-size: 100% !important;
+    padding: 9px 15px !important;
+}
\ No newline at end of file
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 5fa89f20a..e8eaeaf78 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -2,6 +2,7 @@
 
 {% block field_sets %}
     <div class="submit-row">
+        <a href="{% url 'domain' domain_id %}" class="button" >Edit domain</a>
         <input type="submit" value="Place hold" name="_place_client_hold">
     </div>
     {{ block.super }}
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index ac1f8c7a9..41273fe92 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -5,11 +5,11 @@
 
 {% block content %}
 <div class="grid-container">
-  <div class="grid-row"> 
-    <p class="font-body-md margin-top-0 margin-bottom-2 
+  <div class="grid-row">
+    <p class="font-body-md margin-top-0 margin-bottom-2
               text-primary-darker text-semibold"
     >
-      <span class="usa-sr-only"> Domain name:</span> {{ domain.name }} 
+      <span class="usa-sr-only"> Domain name:</span> {{ domain.name }}
     </p>
   </div>
   <div class="grid-row grid-gap">
@@ -19,16 +19,29 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-
+    {% if not is_analyst_or_superuser %}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
         </svg>
-        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains 
-        </p>
-      </a>
 
+        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
+        Back to manage your domains
+        </p>
+
+      </a>
+      {% elif is_analyst_or_superuser%}
+      <a href="{% url 'admin:registrar_domain_change' domain.id%}" class="breadcrumb__back">
+        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
+        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
+        </svg>
+
+        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
+        Back to manage your domains
+        </p>
+
+      </a>
+      {% endif %}
       {# messages block is under the back breadcrumb link #}
       {% if messages %}
       {% for message in messages %}
diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index dd176c862..256e09f2b 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -4,24 +4,38 @@
 {% block domain_content %}
   {{ block.super }}
   <div class="margin-top-4 tablet:grid-col-10">
-
     {% url 'domain-nameservers' pk=domain.id as url %}
-    {% if domain.nameservers %} 
-      {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
+    {% if domain.nameservers %}
+      {% if is_original_creator %}
+        {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
+      {% else %}
+        {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' %}
+      {% endif %}
     {% else %}
       <h2 class="margin-top-neg-1"> DNS name servers </h2>
+      {% if is_original_creator %}
       <p> No DNS name servers have been added yet. Before your domain can be used we’ll need information about your domain name servers.</p>
-      <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a> 
+      <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a>
+      {% else %}
+        <p>No DNS name servers have been added yet.</p>
+      {% endif %}
     {% endif %}
 
     {% url 'domain-org-name-address' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Organization name and mailing address' value=domain.domain_info address='true' edit_link=url %}
 
     {% url 'domain-authorizing-official' pk=domain.id as url %}
-    {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
-
+    {% if is_original_creator %}
+      {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
+    {% else %}
+      {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true'%}
+    {% endif %}
     {% url 'domain-your-contact-information' pk=domain.id as url %}
-    {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
+    {% if is_original_creator %}
+      {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
+    {% else %}
+      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' %}
+    {% endif %}
 
     {% url 'domain-security-email' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Security email' value=domain.security_email edit_link=url %}
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index 1e4cd1882..7b47a64aa 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -4,23 +4,23 @@
   <nav aria-label="Domain sections">
     <ul class="usa-sidenav">
       <li class="usa-sidenav__item">
-        {% url 'domain' pk=domain.id as url %} 
-        <a href="{{ url }}" 
+        {% url 'domain' pk=domain.id as url %}
+        <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
           Domain overview
         </a>
       </li>
-
+      {% if is_original_creator %}
       <li class="usa-sidenav__item">
-        {% url 'domain-nameservers' pk=domain.id as url %} 
+        {% url 'domain-nameservers' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
             DNS name servers
         </a>
       </li>
-
+      {% endif %}
       <li class="usa-sidenav__item">
         {% url 'domain-org-name-address' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -28,8 +28,8 @@
         >
             Organization name and mailing address
         </a>
-      </li>      
-
+      </li>
+      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-authorizing-official' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -38,16 +38,17 @@
             Authorizing official
         </a>
       </li>
-
+      {% endif %}
+      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-your-contact-information' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
-            Your contact information
+          Your contact information
         </a>
       </li>
-
+      {% endif %}
       <li class="usa-sidenav__item">
         {% url 'domain-security-email' pk=domain.id as url %}
         <a href="{{ url }}"
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 6a33ec994..ee66ceade 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -38,7 +38,6 @@ logger = logging.getLogger(__name__)
 class DomainView(DomainPermissionView):
 
     """Domain detail overview page."""
-
     template_name = "domain_detail.html"
 
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 05da75d35..00c53bd1b 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -3,7 +3,8 @@
 from django.contrib.auth.mixins import PermissionRequiredMixin
 
 from registrar.models import UserDomainRole, DomainApplication, DomainInvitation
-
+import logging
+logger = logging.getLogger(__name__)
 
 class PermissionsLoginMixin(PermissionRequiredMixin):
 
@@ -23,6 +24,8 @@ class DomainPermission(PermissionsLoginMixin):
 
         The user is in self.request.user and the domain needs to be looked
         up from the domain's primary key in self.kwargs["pk"]
+
+        analysts and superusers are exempt
         """
 
         # ticket 806
@@ -33,10 +36,15 @@ class DomainPermission(PermissionsLoginMixin):
         if not self.request.user.is_authenticated:
             return False
 
+        # user needs to be the creator of the application
+        # this query is empty if there isn't a domain application with this
+        # id and this user as creator
+        user_is_creator: bool = DomainApplication.objects.filter(
+            creator=self.request.user, id=self.kwargs["pk"]
+        ).exists()
+        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
         # user needs to have a role on the domain
-        if not UserDomainRole.objects.filter(
-            user=self.request.user, domain__id=self.kwargs["pk"]
-        ).exists():
+        if not user_is_creator and not user_is_analyst_or_superuser:
             return False
 
         # ticket 796
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index e52ed102c..990ec47e0 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -5,14 +5,15 @@ import abc  # abstract base class
 from django.views.generic import DetailView, DeleteView
 
 from registrar.models import Domain, DomainApplication, DomainInvitation
+from registrar.models.domain_information import DomainInformation
 
 from .mixins import (
     DomainPermission,
     DomainApplicationPermission,
     DomainInvitationPermission,
 )
-
-
+import logging
+logger = logging.getLogger(__name__)
 class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
     """Abstract base view for domains that enforces permissions.
@@ -26,6 +27,17 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
     # variable name in template context for the model object
     context_object_name = "domain"
 
+    # Adds context information for user permissions
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        user = self.request.user
+        context['primary_key'] = self.kwargs["pk"]
+        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
+        context['is_original_creator'] = DomainInformation.objects.filter(
+            creator=self.request.user, id=self.kwargs["pk"]
+        ).exists()
+        return context
+
     # Abstract property enforces NotImplementedError on an attribute.
     @property
     @abc.abstractmethod

From 96ea396da4f710c9eecc62f0b2d094f85069d764 Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Fri, 18 Aug 2023 18:52:47 -0400
Subject: [PATCH 015/110] Unit tests for transition sets user status to
 ineligible and deomain and application permissions

---
 src/registrar/models/domain_application.py |  4 +-
 src/registrar/tests/test_admin.py          | 27 +++++++++++++
 src/registrar/tests/test_views.py          | 47 ++++++++++++++++++++++
 3 files changed, 77 insertions(+), 1 deletion(-)

diff --git a/src/registrar/models/domain_application.py b/src/registrar/models/domain_application.py
index 7a52d3185..e020676af 100644
--- a/src/registrar/models/domain_application.py
+++ b/src/registrar/models/domain_application.py
@@ -610,7 +610,9 @@ class DomainApplication(TimeStampedModel):
         """The applicant is a bad actor, reject with prejudice.
 
         No email As a side effect, but we block the applicant from editing
-        any existing domains and from submitting new apllications"""
+        any existing domains/applications and from submitting new aplications.
+        We do this by setting an ineligible status on the user, which the
+        permissions classes test against"""
         
         self.creator.block_user()
 
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 5f78eac3c..cc860e41c 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -274,6 +274,33 @@ class TestDomainApplicationAdmin(TestCase):
 
         # Perform assertions on the mock call itself
         mock_client_instance.send_email.assert_called_once()
+        
+    def test_save_model_sets_ineligible_status_on_user(self):
+        # make sure there is no user with this email
+        EMAIL = "mayor@igorville.gov"
+        User.objects.filter(email=EMAIL).delete()
+
+        # Create a sample application
+        application = completed_application(status=DomainApplication.IN_REVIEW)
+
+        # Create a mock request
+        request = self.factory.post(
+            "/admin/registrar/domainapplication/{}/change/".format(application.pk)
+        )
+
+        # Create an instance of the model admin
+        model_admin = DomainApplicationAdmin(DomainApplication, self.site)
+
+        # Modify the application's property
+        application.status = DomainApplication.INELIGIBLE
+
+        # Use the model admin's save_model method
+        model_admin.save_model(request, application, form=None, change=True)
+
+        # Test that approved domain exists and equals requested domain
+        self.assertEqual(
+            application.creator.status, "ineligible"
+        )
 
     def tearDown(self):
         DomainInformation.objects.all().delete()
diff --git a/src/registrar/tests/test_views.py b/src/registrar/tests/test_views.py
index feb553bf7..eccf769ea 100644
--- a/src/registrar/tests/test_views.py
+++ b/src/registrar/tests/test_views.py
@@ -100,6 +100,18 @@ class LoggedInTests(TestWithUser):
             response,
             "What kind of U.S.-based government organization do you represent?",
         )
+        
+    def test_domain_application_form_with_ineligible_user(self):
+        """Application form not accessible for an ineligible user.
+        This test should be solid enough since all application wizard
+        views share the same permissions class"""
+        self.user.status = "ineligible"
+        self.user.save()
+        
+        with less_console_noise():
+            response = self.client.get("/register/", follow=True)
+            print(response.status_code)
+            self.assertEqual(response.status_code, 403)
 
 
 class DomainApplicationTests(TestWithUser, WebTest):
@@ -1422,6 +1434,20 @@ class TestDomainDetail(TestWithDomainPermissions, WebTest):
         self.assertContains(
             success_page, "The security email for this domain have been updated"
         )
+        
+    def test_domain_overview_blocked_for_ineligible_user(self):
+        """We could easily duplicate this test for all domain management
+        views, but a single url test should be solid enough since all domain
+        management pages share the same permissions class"""
+        self.user.status = "ineligible"
+        self.user.save()
+        home_page = self.app.get("/")
+        self.assertContains(home_page, "igorville.gov")
+        with less_console_noise():   
+            response = self.client.get(
+                reverse("domain", kwargs={"pk": self.domain.id})
+            )        
+            self.assertEqual(response.status_code, 403)
 
 
 class TestApplicationStatus(TestWithUser, WebTest):
@@ -1446,6 +1472,27 @@ class TestApplicationStatus(TestWithUser, WebTest):
         self.assertContains(detail_page, "testy@town.com")
         self.assertContains(detail_page, "Admin Tester")
         self.assertContains(detail_page, "Status:")
+        
+    def test_application_status_with_ineligible_user(self):
+        """Checking application status page whith a blocked user.
+        The user should still have access to view."""
+        self.user.status = "ineligible"
+        self.user.save()
+        
+        application = completed_application(
+            status=DomainApplication.SUBMITTED, user=self.user
+        )
+        application.save()
+
+        home_page = self.app.get("/")
+        self.assertContains(home_page, "city.gov")
+        # click the "Manage" link
+        detail_page = home_page.click("Manage")
+        self.assertContains(detail_page, "city.gov")
+        self.assertContains(detail_page, "Chief Tester")
+        self.assertContains(detail_page, "testy@town.com")
+        self.assertContains(detail_page, "Admin Tester")
+        self.assertContains(detail_page, "Status:")
 
     def test_application_withdraw(self):
         """Checking application status page"""

From c2abdc37105ad7aa0abf0a84dd82a8968e34b106 Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Sun, 20 Aug 2023 14:52:23 -0700
Subject: [PATCH 016/110] Add in subject, text, and implementation of an email
 for withdrawl

---
 src/registrar/models/domain_application.py    |  5 ++
 .../emails/domain_request_withdrawn.txt       | 69 +++++++++++++++++++
 .../domain_request_withdrawn_subject.txt      |  1 +
 src/zap.conf                                  |  2 +-
 4 files changed, 76 insertions(+), 1 deletion(-)
 create mode 100644 src/registrar/templates/emails/domain_request_withdrawn.txt
 create mode 100644 src/registrar/templates/emails/domain_request_withdrawn_subject.txt

diff --git a/src/registrar/models/domain_application.py b/src/registrar/models/domain_application.py
index 67f1ee5d9..a335688f4 100644
--- a/src/registrar/models/domain_application.py
+++ b/src/registrar/models/domain_application.py
@@ -590,6 +590,11 @@ class DomainApplication(TimeStampedModel):
     @transition(field="status", source=[SUBMITTED, IN_REVIEW], target=WITHDRAWN)
     def withdraw(self):
         """Withdraw an application that has been submitted."""
+        self._send_status_update_email(
+            "action needed",
+            "emails/domain_request_withdrawn.txt",
+            "emails/domain_request_withdrawn_subject.txt",
+        )
 
     @transition(field="status", source=[IN_REVIEW, APPROVED], target=REJECTED)
     def reject(self):
diff --git a/src/registrar/templates/emails/domain_request_withdrawn.txt b/src/registrar/templates/emails/domain_request_withdrawn.txt
new file mode 100644
index 000000000..6c671394b
--- /dev/null
+++ b/src/registrar/templates/emails/domain_request_withdrawn.txt
@@ -0,0 +1,69 @@
+{% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
+Hi {{ application.submitter.first_name }}.
+
+Your .gov domain request has been withdrawn.
+DOMAIN REQUESTED: {{ application.requested_domain.name }}
+REQUEST #: {{ application.id }}
+STATUS: Withdrawn
+
+
+YOU CAN EDIT YOUR WITHDRAWN REQUEST
+The details of your withdrawn request are included below. You can edit and resubmit this application by logging into the registrar. <https://manage.get.gov/>.
+THANK YOU
+.Gov helps the public identify official, trusted information. Thank you for requesting a .gov domain.
+
+----------------------------------------------------------------
+SUMMARY OF YOUR DOMAIN REQUEST
+Type of organization:
+
+Organization name and mailing address:
+{{ application.organization_name }}
+{{ application.address_line1 }}
+{{ application.address_line2 }}
+{{ application.city }}
+{{ application.state_territory }}
+{{ application.zipcode }}
+
+Type of work:
+{{ application.type_of_work }}
+
+Authorizing official:
+{{ application.authorizing_official }}
+
+Current website for your organization:
+just current_websites
+{{ application.current_websites }}
+all
+{{ application.current_websites.all }}
+
+
+.gov domain:
+{{ application.requested_domain.name }}
+
+Purpose of your domain:
+{{ application.purpose }}
+
+Your contact information:
+{{ application.submitter.title }}
+{{ application.submitter }}
+{{ application.submitter.email }}
+{{ application.submitter.phone }}
+
+Other employees from your organization: 
+all
+{{ application.other_contacts.all }}
+name
+{{ application.other_contacts.name }}
+
+Anything else we should know?:
+{{ application.anything_else }}
+
+Requirements for operating .gov domains:
+{{ application.more_organization_information }}
+
+----------------------------------------------------------------
+
+The .gov team
+Contact us: <https://get.gov/contact/>
+Visit <https://get.gov>
+{% endautoescape %}
\ No newline at end of file
diff --git a/src/registrar/templates/emails/domain_request_withdrawn_subject.txt b/src/registrar/templates/emails/domain_request_withdrawn_subject.txt
new file mode 100644
index 000000000..ab935fb1d
--- /dev/null
+++ b/src/registrar/templates/emails/domain_request_withdrawn_subject.txt
@@ -0,0 +1 @@
+Your .gov domain request has been withdrawn
\ No newline at end of file
diff --git a/src/zap.conf b/src/zap.conf
index bdd6b017d..b4e037ae4 100644
--- a/src/zap.conf
+++ b/src/zap.conf
@@ -31,7 +31,7 @@
 10027	OUTOFSCOPE	http://app:8080/public/js/uswds-init.min.js
 # get-gov.js contains suspicious word "from" as in `Array.from()`
 10027	OUTOFSCOPE	http://app:8080/public/js/get-gov.js
-# Ignore wording of "TODO"
+# Ignores suspicious word "TODO"
 10027	OUTOFSCOPE	http://app:8080.*$
 10028	FAIL	(Open Redirect - Passive/beta)
 10029	FAIL	(Cookie Poisoning - Passive/beta)

From 130dacdf6f9a73bedcec15332c8be0f50cf76e05 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Mon, 21 Aug 2023 14:32:45 -0500
Subject: [PATCH 017/110] Clean up old cloud.gov services

---
 ops/manifests/manifest-dk.yaml | 29 +++++++++++++++++++++++++++++
 ops/scripts/migrate_new_old.sh |  8 +++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 ops/manifests/manifest-dk.yaml

diff --git a/ops/manifests/manifest-dk.yaml b/ops/manifests/manifest-dk.yaml
new file mode 100644
index 000000000..249eab119
--- /dev/null
+++ b/ops/manifests/manifest-dk.yaml
@@ -0,0 +1,29 @@
+---
+applications:
+- name: getgov-dk
+  buildpacks:
+    - python_buildpack
+  path: ../../src
+  instances: 1
+  memory: 512M
+  stack: cflinuxfs4
+  timeout: 180
+  command: ./run.sh
+  health-check-type: http
+  health-check-http-endpoint: /health
+  env:
+    # Send stdout and stderr straight to the terminal without buffering
+    PYTHONUNBUFFERED: yup
+    # Tell Django where to find its configuration
+    DJANGO_SETTINGS_MODULE: registrar.config.settings
+    # Tell Django where it is being hosted
+    DJANGO_BASE_URL: https://getgov-dk.app.cloud.gov
+    # Tell Django how much stuff to log
+    DJANGO_LOG_LEVEL: INFO
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+  routes:
+    - route: getgov-dk.app.cloud.gov
+  services:
+  - getgov-credentials
+  - getgov-dk-database
diff --git a/ops/scripts/migrate_new_old.sh b/ops/scripts/migrate_new_old.sh
index 99cadb0b2..1ed56dcbf 100755
--- a/ops/scripts/migrate_new_old.sh
+++ b/ops/scripts/migrate_new_old.sh
@@ -22,9 +22,15 @@ cf delete-route app.cloud.gov -n getgov-$1
 # re-claim the route on new orf
 cf target -o $NEW_ORG -s $1
 cf map-route getgov-$1 app.cloud.gov -n getgov-$1
+cf delete-route app.cloud.gov -n getgov-$1-migrate
 
-# delete old app
+# delete old app and services
 cf target -o $OLD_ORG -s $1
 cf delete getgov-$1
+cf delete-service getgov-$1-database
+cf delete-service getgov-credentials
+cf delete-service getgov-cd-account
+cf delete-space $1
+
 
 printf "Remove -migrate from ops/manifests/manifest-$1.yaml"

From 56d53072a21a1a3142cbc414ba3e7b7f5662f2f0 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Mon, 21 Aug 2023 15:03:34 -0500
Subject: [PATCH 018/110] Add dk

---
 .github/workflows/migrate.yaml   | 1 +
 .github/workflows/reset-db.yaml  | 1 +
 src/registrar/config/settings.py | 1 +
 3 files changed, 3 insertions(+)

diff --git a/.github/workflows/migrate.yaml b/.github/workflows/migrate.yaml
index c1cec9206..3e2386a6b 100644
--- a/.github/workflows/migrate.yaml
+++ b/.github/workflows/migrate.yaml
@@ -15,6 +15,7 @@ on:
         options:
           - stable
           - staging
+          - dk
           - nl
           - rh
           - za
diff --git a/.github/workflows/reset-db.yaml b/.github/workflows/reset-db.yaml
index 006ab840c..fa9b281af 100644
--- a/.github/workflows/reset-db.yaml
+++ b/.github/workflows/reset-db.yaml
@@ -16,6 +16,7 @@ on:
         options:
           - stable
           - staging
+          - dk
           - nl
           - rh
           - za
diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index f6873b226..65a5b06be 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -571,6 +571,7 @@ SECURE_SSL_REDIRECT = True
 ALLOWED_HOSTS = [
     "getgov-stable.app.cloud.gov",
     "getgov-staging.app.cloud.gov",
+    "getgov-dk.app.cloud.gov",
     "getgov-nl.app.cloud.gov",
     "getgov-rh.app.cloud.gov",
     "getgov-za.app.cloud.gov",

From fc101e86761ee7cb45c74a9954b4a418227ba579 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 21 Aug 2023 14:04:31 -0600
Subject: [PATCH 019/110] Progress save

---
 src/registrar/templates/domain_base.html      |  6 +--
 src/registrar/templates/domain_detail.html    |  2 +-
 .../templates/domain_org_name_address.html    |  5 +-
 src/registrar/templates/domain_sidebar.html   |  7 ++-
 src/registrar/views/utility/mixins.py         | 53 ++++++++++++-------
 .../views/utility/permission_views.py         | 15 ++++--
 6 files changed, 60 insertions(+), 28 deletions(-)

diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 41273fe92..ab1b38a83 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -19,7 +19,7 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser %}
+    {% if not is_analyst_or_superuser or is_original_creator %}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
@@ -35,9 +35,9 @@
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
         </svg>
-
+        {# Q: should this be 'Back to .gov admin' or  'Back to manage your domains'? #}
         <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains
+        Back to change domain
         </p>
 
       </a>
diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 256e09f2b..77ac44d3e 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -34,7 +34,7 @@
     {% if is_original_creator %}
       {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
     {% else %}
-      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' %}
+      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' edit_link=url %}
     {% endif %}
 
     {% url 'domain-security-email' pk=domain.id as url %}
diff --git a/src/registrar/templates/domain_org_name_address.html b/src/registrar/templates/domain_org_name_address.html
index 587ba4782..a9691fc08 100644
--- a/src/registrar/templates/domain_org_name_address.html
+++ b/src/registrar/templates/domain_org_name_address.html
@@ -8,8 +8,11 @@
   {% include "includes/form_errors.html" with form=form %}
 
   <h1>Organization name and mailing address </h1>
-
+  {% if is_original_creator %}
   <p>The name of your organization will be publicly listed as the domain registrant.</p>
+  {% else %}
+  <p>The name of the organization will be publicly listed as the domain registrant.</p>
+  {% endif %}
 
   {% include "includes/required_fields.html" %}
 
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index 7b47a64aa..e5f9e045a 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -39,16 +39,19 @@
         </a>
       </li>
       {% endif %}
-      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-your-contact-information' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
+        {% if is_original_creator %}
           Your contact information
+        {% else %}
+          Contact information
+        {% endif %}
         </a>
       </li>
-      {% endif %}
+
       <li class="usa-sidenav__item">
         {% url 'domain-security-email' pk=domain.id as url %}
         <a href="{{ url }}"
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 00c53bd1b..f1acf4265 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -1,9 +1,12 @@
 """Permissions-related mixin classes."""
 
 from django.contrib.auth.mixins import PermissionRequiredMixin
+from django.http import Http404
 
-from registrar.models import UserDomainRole, DomainApplication, DomainInvitation
+from registrar.models import DomainApplication, DomainInvitation
 import logging
+
+from registrar.models.domain_information import DomainInformation
 logger = logging.getLogger(__name__)
 
 class PermissionsLoginMixin(PermissionRequiredMixin):
@@ -24,35 +27,49 @@ class DomainPermission(PermissionsLoginMixin):
 
         The user is in self.request.user and the domain needs to be looked
         up from the domain's primary key in self.kwargs["pk"]
-
-        analysts and superusers are exempt
         """
 
-        # ticket 806
-        # if self.request.user is staff or admin and
-        # domain.application__status = 'approved' or 'rejected' or 'action needed'
-        #     return True
-
         if not self.request.user.is_authenticated:
             return False
 
-        # user needs to be the creator of the application
-        # this query is empty if there isn't a domain application with this
-        # id and this user as creator
-        user_is_creator: bool = DomainApplication.objects.filter(
-            creator=self.request.user, id=self.kwargs["pk"]
-        ).exists()
-        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
+        pk = self.kwargs["pk"]
+        if pk is None:
+            raise ValueError("Primary key is null for Domain")
+
+        requested_domain = None
+
+        try:
+            requested_domain = DomainInformation.objects.get(
+                id=pk
+            )
+
+        # This should never happen in normal flow.
+        # If it does, then it likely means something bad happened...
+        except DomainInformation.DoesNotExist:
+            raise Http404()
+
+        # Checks if the creator is the user requesting this item
+        user_is_creator: bool = requested_domain.creator.username == self.request.user.username
+        
         # user needs to have a role on the domain
-        if not user_is_creator and not user_is_analyst_or_superuser:
-            return False
+        if user_is_creator:
+            return True
+
+        # ticket 806
+        # Analysts may manage domains, when they are in these statuses:
+        valid_domain_statuses = [DomainApplication.APPROVED, DomainApplication.IN_REVIEW, DomainApplication.REJECTED, DomainApplication.ACTION_NEEDED]
+        # Check if the user is permissioned...
+        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
+
+        if user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
+            return True
 
         # ticket 796
         # if domain.application__status != 'approved'
         #     return false
 
         # if we need to check more about the nature of role, do it here.
-        return True
+        return False
 
 
 class DomainApplicationPermission(PermissionsLoginMixin):
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 990ec47e0..b48e0f4f3 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -31,11 +31,20 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         user = self.request.user
+        # Q: is there a more efficent way to do this?
+        # Searches by creator_id instead of creator,
+        # should be slightly faster than by creator...
+        is_original_creator = DomainInformation.objects.filter(
+            creator_id=self.request.user.id, id=self.kwargs["pk"]
+        ).exists()
+
         context['primary_key'] = self.kwargs["pk"]
         context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
-        context['is_original_creator'] = DomainInformation.objects.filter(
-            creator=self.request.user, id=self.kwargs["pk"]
-        ).exists()
+        context['is_original_creator'] = is_original_creator
+        context['is_active_user'] = DomainInformation.objects.filter(
+            id=self.kwargs["pk"]
+        )
+
         return context
 
     # Abstract property enforces NotImplementedError on an attribute.

From 7722b81d36e8416be50dd54bec7855a91633dee6 Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Mon, 21 Aug 2023 17:16:00 -0400
Subject: [PATCH 020/110] lint

---
 src/registrar/views/index.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/views/index.py b/src/registrar/views/index.py
index 273ba8cb0..186535aa3 100644
--- a/src/registrar/views/index.py
+++ b/src/registrar/views/index.py
@@ -10,7 +10,7 @@ def index(request):
     if request.user.is_authenticated:
         applications = DomainApplication.objects.filter(creator=request.user)
         # Let's exclude the approved applications since our
-        # domain_applications context will be used to populate 
+        # domain_applications context will be used to populate
         # the active applications table
         context["domain_applications"] = applications.exclude(status="approved")
 

From 15761e251f97d2e1f5da5c8a93ad32421e29434f Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Mon, 21 Aug 2023 15:36:12 -0700
Subject: [PATCH 021/110] Update simplified text call

---
 .../emails/domain_request_withdrawn.txt       | 50 ++-----------------
 1 file changed, 4 insertions(+), 46 deletions(-)

diff --git a/src/registrar/templates/emails/domain_request_withdrawn.txt b/src/registrar/templates/emails/domain_request_withdrawn.txt
index 6c671394b..e1c8d174e 100644
--- a/src/registrar/templates/emails/domain_request_withdrawn.txt
+++ b/src/registrar/templates/emails/domain_request_withdrawn.txt
@@ -8,58 +8,16 @@ STATUS: Withdrawn
 
 
 YOU CAN EDIT YOUR WITHDRAWN REQUEST
+
 The details of your withdrawn request are included below. You can edit and resubmit this application by logging into the registrar. <https://manage.get.gov/>.
+
 THANK YOU
+
 .Gov helps the public identify official, trusted information. Thank you for requesting a .gov domain.
 
 ----------------------------------------------------------------
-SUMMARY OF YOUR DOMAIN REQUEST
-Type of organization:
 
-Organization name and mailing address:
-{{ application.organization_name }}
-{{ application.address_line1 }}
-{{ application.address_line2 }}
-{{ application.city }}
-{{ application.state_territory }}
-{{ application.zipcode }}
-
-Type of work:
-{{ application.type_of_work }}
-
-Authorizing official:
-{{ application.authorizing_official }}
-
-Current website for your organization:
-just current_websites
-{{ application.current_websites }}
-all
-{{ application.current_websites.all }}
-
-
-.gov domain:
-{{ application.requested_domain.name }}
-
-Purpose of your domain:
-{{ application.purpose }}
-
-Your contact information:
-{{ application.submitter.title }}
-{{ application.submitter }}
-{{ application.submitter.email }}
-{{ application.submitter.phone }}
-
-Other employees from your organization: 
-all
-{{ application.other_contacts.all }}
-name
-{{ application.other_contacts.name }}
-
-Anything else we should know?:
-{{ application.anything_else }}
-
-Requirements for operating .gov domains:
-{{ application.more_organization_information }}
+{% include 'emails/includes/application_summary.txt' %}
 
 ----------------------------------------------------------------
 

From 0fc7fc44a9c7445259e5861d137f7daa3e8d25aa Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Mon, 21 Aug 2023 16:02:31 -0700
Subject: [PATCH 022/110] Fix spacing

---
 src/registrar/templates/emails/domain_request_withdrawn.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/registrar/templates/emails/domain_request_withdrawn.txt b/src/registrar/templates/emails/domain_request_withdrawn.txt
index e1c8d174e..333fdb3b7 100644
--- a/src/registrar/templates/emails/domain_request_withdrawn.txt
+++ b/src/registrar/templates/emails/domain_request_withdrawn.txt
@@ -18,7 +18,6 @@ THANK YOU
 ----------------------------------------------------------------
 
 {% include 'emails/includes/application_summary.txt' %}
-
 ----------------------------------------------------------------
 
 The .gov team

From 0c7ddd6054b47570efff22ec8a2742ffb10a723a Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Tue, 22 Aug 2023 11:10:39 -0500
Subject: [PATCH 023/110] Update for ab sandbox

---
 ops/manifests/manifest-ab.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ops/manifests/manifest-ab.yaml b/ops/manifests/manifest-ab.yaml
index 463563a15..fb8b02b03 100644
--- a/ops/manifests/manifest-ab.yaml
+++ b/ops/manifests/manifest-ab.yaml
@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-ab.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-ab.app.cloud.gov
   services:

From 667bffe76d8164a9b6359f1c60b459a9e1fe8991 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Tue, 22 Aug 2023 11:48:32 -0500
Subject: [PATCH 024/110] whitespace only change

---
 ops/scripts/create_environment_migrate.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ops/scripts/create_environment_migrate.sh b/ops/scripts/create_environment_migrate.sh
index 77571ca6c..21219364a 100755
--- a/ops/scripts/create_environment_migrate.sh
+++ b/ops/scripts/create_environment_migrate.sh
@@ -111,7 +111,7 @@ then
     exit 1
 fi
 
-cf service-key github-cd-account github-cd-key | sed 1,2d  | jq -r '[.credentials.username, .credentials.password]|@tsv' | 
+cf service-key github-cd-account github-cd-key | sed 1,2d  | jq -r '[.credentials.username, .credentials.password]|@tsv' |
 while read -r username password; do
     gh secret --repo cisagov/getgov set CF_${upcase_name}_USERNAME --body $username
     gh secret --repo cisagov/getgov set CF_${upcase_name}_PASSWORD --body $password
@@ -121,7 +121,7 @@ read -p "All done! Should we open a PR with these changes? (y/n) " -n 1 -r
 echo
 if [[ $REPLY =~ ^[Yy]$ ]]
 then
-    git add ops/manifests/manifest-$1.yaml .github/workflows/ src/registrar/config/settings.py 
+    git add ops/manifests/manifest-$1.yaml .github/workflows/ src/registrar/config/settings.py
     git commit -m "Add new developer sandbox '"$1"' infrastructure"
     gh pr create
 fi

From 00d475f3a616e036b9363d608db6af6e5a065594 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 22 Aug 2023 10:53:52 -0600
Subject: [PATCH 025/110] Changes

---
 src/registrar/admin.py                        | 17 ++++++++++----
 .../django/admin/domain_change_form.html      |  4 +++-
 src/registrar/templates/domain_base.html      |  8 +++----
 src/registrar/templates/domain_detail.html    | 22 +++----------------
 .../templates/domain_org_name_address.html    |  5 +----
 src/registrar/templates/domain_sidebar.html   | 10 +--------
 src/registrar/views/domain.py                 | 22 +++++++++++++++++++
 .../views/utility/permission_views.py         | 13 ++++++-----
 8 files changed, 54 insertions(+), 47 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index a0894c203..26002a5e8 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -6,6 +6,7 @@ from django.http.response import HttpResponseRedirect
 from django.urls import reverse
 from . import models
 
+
 logger = logging.getLogger(__name__)
 
 
@@ -141,8 +142,10 @@ class DomainAdmin(ListHeaderAdmin):
     readonly_fields = ["state"]
 
     def response_change(self, request, obj):
-        ACTION_BUTTON = "_place_client_hold"
-        if ACTION_BUTTON in request.POST:
+        PLACE_HOLD = "_place_client_hold"
+        EDIT_DOMAIN = "_edit_domain"
+        if PLACE_HOLD in request.POST:
+            logger.debug("Hit!")
             try:
                 obj.place_client_hold()
             except Exception as err:
@@ -157,11 +160,17 @@ class DomainAdmin(ListHeaderAdmin):
                     % obj.name,
                 )
             return HttpResponseRedirect(".")
-
+        elif EDIT_DOMAIN in request.POST:
+            # We want to know, globally, when an edit action occurs
+            request.session['analyst_action'] = 'edit'
+            return HttpResponseRedirect(reverse('domain', args=(obj.id,)))
         return super().response_change(request, obj)
-
     # Sets domain_id as a context var
     def change_view(self, request, object_id, form_url="", extra_context=None):
+        if 'analyst_action' in request.session:
+            # If an analyst performed an edit action,
+            # delete the session variable
+            del request.session['analyst_action']
         extra_context = extra_context or {}
         extra_context["domain_id"] = object_id
         return super().change_view(
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index e8eaeaf78..5461cc82a 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -2,7 +2,9 @@
 
 {% block field_sets %}
     <div class="submit-row">
-        <a href="{% url 'domain' domain_id %}" class="button" >Edit domain</a>
+
+        <input type="hidden" value="edit" name="analyst_action">
+        <input type="submit" value="Edit Domain" name="_edit_domain">
         <input type="submit" value="Place hold" name="_place_client_hold">
     </div>
     {{ block.super }}
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index ab1b38a83..335c88980 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -19,7 +19,7 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser or is_original_creator %}
+    {% if not is_analyst_or_superuser or not analyst_action%}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
@@ -30,14 +30,14 @@
         </p>
 
       </a>
-      {% elif is_analyst_or_superuser%}
+      {% elif is_analyst_or_superuser and analyst_action == 'edit' %}
       <a href="{% url 'admin:registrar_domain_change' domain.id%}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
         </svg>
-        {# Q: should this be 'Back to .gov admin' or  'Back to manage your domains'? #}
+        {# Q: For analysts, should this be 'Back to .gov admin' or  'Back to change domain'? #}
         <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to change domain
+        Back to manage your domains
         </p>
 
       </a>
diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 77ac44d3e..4bae384f5 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -6,36 +6,20 @@
   <div class="margin-top-4 tablet:grid-col-10">
     {% url 'domain-nameservers' pk=domain.id as url %}
     {% if domain.nameservers %}
-      {% if is_original_creator %}
-        {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
-      {% else %}
-        {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' %}
-      {% endif %}
+      {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
     {% else %}
       <h2 class="margin-top-neg-1"> DNS name servers </h2>
-      {% if is_original_creator %}
       <p> No DNS name servers have been added yet. Before your domain can be used we’ll need information about your domain name servers.</p>
       <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a>
-      {% else %}
-        <p>No DNS name servers have been added yet.</p>
-      {% endif %}
     {% endif %}
 
     {% url 'domain-org-name-address' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Organization name and mailing address' value=domain.domain_info address='true' edit_link=url %}
 
     {% url 'domain-authorizing-official' pk=domain.id as url %}
-    {% if is_original_creator %}
-      {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
-    {% else %}
-      {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true'%}
-    {% endif %}
+    {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
     {% url 'domain-your-contact-information' pk=domain.id as url %}
-    {% if is_original_creator %}
-      {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
-    {% else %}
-      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' edit_link=url %}
-    {% endif %}
+    {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
 
     {% url 'domain-security-email' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Security email' value=domain.security_email edit_link=url %}
diff --git a/src/registrar/templates/domain_org_name_address.html b/src/registrar/templates/domain_org_name_address.html
index a9691fc08..587ba4782 100644
--- a/src/registrar/templates/domain_org_name_address.html
+++ b/src/registrar/templates/domain_org_name_address.html
@@ -8,11 +8,8 @@
   {% include "includes/form_errors.html" with form=form %}
 
   <h1>Organization name and mailing address </h1>
-  {% if is_original_creator %}
+
   <p>The name of your organization will be publicly listed as the domain registrant.</p>
-  {% else %}
-  <p>The name of the organization will be publicly listed as the domain registrant.</p>
-  {% endif %}
 
   {% include "includes/required_fields.html" %}
 
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index e5f9e045a..2260a586d 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -11,7 +11,6 @@
           Domain overview
         </a>
       </li>
-      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-nameservers' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -20,7 +19,6 @@
             DNS name servers
         </a>
       </li>
-      {% endif %}
       <li class="usa-sidenav__item">
         {% url 'domain-org-name-address' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -29,7 +27,6 @@
             Organization name and mailing address
         </a>
       </li>
-      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-authorizing-official' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -38,17 +35,12 @@
             Authorizing official
         </a>
       </li>
-      {% endif %}
       <li class="usa-sidenav__item">
         {% url 'domain-your-contact-information' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
-        {% if is_original_creator %}
-          Your contact information
-        {% else %}
-          Contact information
-        {% endif %}
+        Your contact information
         </a>
       </li>
 
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index ee66ceade..6274767fe 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -78,6 +78,28 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "The organization name and mailing address has been updated."
         )
+
+        # If the user is not privileged, don't do any special checks
+        if not self.request.user.is_staff and not self.request.user.is_superuser:
+            # superclass has the redirect
+            return super().form_valid(form)
+
+        # Otherwise, if they are editing from an '/admin' redirect, log their actions
+        # Q: do we want to be logging on every changed field?
+        # I could see that becoming spammy log-wise, but it may also be important.
+        # To do so, I'd likely have to override some of the save() functionality of ModelForm.
+        if 'analyst_action' in self.request.session:
+            action = self.request.session['analyst_action']
+
+            # Template for future expansion,
+            # in the event we want more logging granularity.
+            # Could include things such as 'view'
+            # or 'copy', for instance.
+            match action:
+                case 'edit':
+                    if(self.request.user.is_staff):
+                        logger.info("Analyst {} edited {} for {}".format(self.request.user, type(form_class).__name__, self.get_object().domain_info))
+
         # superclass has the redirect
         return super().form_valid(form)
 
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index b48e0f4f3..30a421ce9 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -37,13 +37,14 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         is_original_creator = DomainInformation.objects.filter(
             creator_id=self.request.user.id, id=self.kwargs["pk"]
         ).exists()
-
-        context['primary_key'] = self.kwargs["pk"]
-        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
         context['is_original_creator'] = is_original_creator
-        context['is_active_user'] = DomainInformation.objects.filter(
-            id=self.kwargs["pk"]
-        )
+        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
+
+        # Flag to see if an analyst is attempting to make edits
+        if 'analyst_action' in self.request.session:
+            context['analyst_action'] = self.request.session['analyst_action']
+            # Clear the session variable after use
+            # del self.request.session['analyst_action']
 
         return context
 

From f2d342845dabae1364b5d709881ace9885936e6d Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Tue, 22 Aug 2023 13:44:32 -0500
Subject: [PATCH 026/110] Correct double dk merge issues

---
 .github/workflows/migrate.yaml   | 1 -
 .github/workflows/reset-db.yaml  | 1 -
 src/registrar/config/settings.py | 1 -
 3 files changed, 3 deletions(-)

diff --git a/.github/workflows/migrate.yaml b/.github/workflows/migrate.yaml
index 1b611b879..705014af1 100644
--- a/.github/workflows/migrate.yaml
+++ b/.github/workflows/migrate.yaml
@@ -15,7 +15,6 @@ on:
         options:
           - stable
           - staging
-          - dk
           - nl
           - rh
           - za
diff --git a/.github/workflows/reset-db.yaml b/.github/workflows/reset-db.yaml
index 97cd9dfc2..0bf1af2d9 100644
--- a/.github/workflows/reset-db.yaml
+++ b/.github/workflows/reset-db.yaml
@@ -16,7 +16,6 @@ on:
         options:
           - stable
           - staging
-          - dk
           - nl
           - rh
           - za
diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index 2f6ecbe23..8b53fa82a 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -571,7 +571,6 @@ SECURE_SSL_REDIRECT = True
 ALLOWED_HOSTS = [
     "getgov-stable.app.cloud.gov",
     "getgov-staging.app.cloud.gov",
-    "getgov-dk.app.cloud.gov",
     "getgov-nl.app.cloud.gov",
     "getgov-rh.app.cloud.gov",
     "getgov-za.app.cloud.gov",

From 73b2bf6a252cdea269f988e00e710a3e95fbdb32 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 22 Aug 2023 12:45:36 -0600
Subject: [PATCH 027/110] Logging

---
 src/registrar/admin.py                        |  7 ++-
 src/registrar/views/domain.py                 | 51 +++++++++++--------
 src/registrar/views/utility/mixins.py         | 14 +++--
 .../views/utility/permission_views.py         | 24 ++++++++-
 4 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 26002a5e8..98d1cc553 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -145,7 +145,6 @@ class DomainAdmin(ListHeaderAdmin):
         PLACE_HOLD = "_place_client_hold"
         EDIT_DOMAIN = "_edit_domain"
         if PLACE_HOLD in request.POST:
-            logger.debug("Hit!")
             try:
                 obj.place_client_hold()
             except Exception as err:
@@ -163,6 +162,9 @@ class DomainAdmin(ListHeaderAdmin):
         elif EDIT_DOMAIN in request.POST:
             # We want to know, globally, when an edit action occurs
             request.session['analyst_action'] = 'edit'
+            # Restricts this action to this domain only
+            request.session['analyst_action_location'] = obj.id
+
             return HttpResponseRedirect(reverse('domain', args=(obj.id,)))
         return super().response_change(request, obj)
     # Sets domain_id as a context var
@@ -171,6 +173,9 @@ class DomainAdmin(ListHeaderAdmin):
             # If an analyst performed an edit action,
             # delete the session variable
             del request.session['analyst_action']
+            # delete the associated location
+            del request.session['analyst_action_location']
+
         extra_context = extra_context or {}
         extra_context["domain_id"] = object_id
         return super().change_view(
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 6274767fe..5eee3e41b 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -79,26 +79,9 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
             self.request, "The organization name and mailing address has been updated."
         )
 
-        # If the user is not privileged, don't do any special checks
-        if not self.request.user.is_staff and not self.request.user.is_superuser:
-            # superclass has the redirect
-            return super().form_valid(form)
-
-        # Otherwise, if they are editing from an '/admin' redirect, log their actions
-        # Q: do we want to be logging on every changed field?
-        # I could see that becoming spammy log-wise, but it may also be important.
-        # To do so, I'd likely have to override some of the save() functionality of ModelForm.
-        if 'analyst_action' in self.request.session:
-            action = self.request.session['analyst_action']
-
-            # Template for future expansion,
-            # in the event we want more logging granularity.
-            # Could include things such as 'view'
-            # or 'copy', for instance.
-            match action:
-                case 'edit':
-                    if(self.request.user.is_staff):
-                        logger.info("Analyst {} edited {} for {}".format(self.request.user, type(form_class).__name__, self.get_object().domain_info))
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -142,6 +125,11 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "The authorizing official for this domain has been updated."
         )
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -208,6 +196,11 @@ class DomainNameserversView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "The name servers for this domain have been updated."
         )
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         # superclass has the redirect
         return super().form_valid(formset)
 
@@ -248,6 +241,11 @@ class DomainYourContactInformationView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "Your contact information for this domain has been updated."
         )
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -293,6 +291,11 @@ class DomainSecurityEmailView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "The security email for this domain have been updated."
         )
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         # superclass has the redirect
         return redirect(self.get_success_url())
 
@@ -368,6 +371,9 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
                 messages.success(
                     self.request, f"Invited {email_address} to this domain."
                 )
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
         return redirect(self.get_success_url())
 
     def form_valid(self, form):
@@ -389,6 +395,11 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
             pass
 
         messages.success(self.request, f"Added user {requested_email}.")
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         return redirect(self.get_success_url())
 
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index f1acf4265..33d70ae32 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -44,13 +44,13 @@ class DomainPermission(PermissionsLoginMixin):
             )
 
         # This should never happen in normal flow.
-        # If it does, then it likely means something bad happened...
+        # That said, it does need to be raised here.
         except DomainInformation.DoesNotExist:
             raise Http404()
 
         # Checks if the creator is the user requesting this item
         user_is_creator: bool = requested_domain.creator.username == self.request.user.username
-        
+
         # user needs to have a role on the domain
         if user_is_creator:
             return True
@@ -58,10 +58,18 @@ class DomainPermission(PermissionsLoginMixin):
         # ticket 806
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [DomainApplication.APPROVED, DomainApplication.IN_REVIEW, DomainApplication.REJECTED, DomainApplication.ACTION_NEEDED]
+
         # Check if the user is permissioned...
         user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
 
-        if user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
+        session = self.request.session
+
+        # Check if the user is attempting a valid edit action.
+        # If analyst_action is present, analyst_action_location will be present.
+        # if it isn't, then it either suggests tampering or a larger omnipresent issue with sessions.
+        can_do_action = 'analyst_action' in session and session['analyst_action_location'] == pk
+
+        if can_do_action and user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
             return True
 
         # ticket 796
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 30a421ce9..faabc171d 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -43,11 +43,31 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         # Flag to see if an analyst is attempting to make edits
         if 'analyst_action' in self.request.session:
             context['analyst_action'] = self.request.session['analyst_action']
-            # Clear the session variable after use
-            # del self.request.session['analyst_action']
 
         return context
 
+    def log_analyst_form_actions(self, form_class_name, printable_object_info):
+        """ Generates a log for when 'analyst_action' exists on the session """
+        if 'analyst_action' in self.request.session:
+            action = self.request.session['analyst_action']
+
+            user_type = "Analyst"
+            if(self.request.user.is_superuser):
+                user_type = "Superuser"
+
+            # Template for potential future expansion,
+            # in the event we want more logging granularity.
+            # Could include things such as 'view'
+            # or 'copy', for instance.
+            match action:
+                case 'edit':
+                    # Q: do we want to be logging on every changed field?
+                    # I could see that becoming spammy log-wise, but it may also be important.
+                    # To do so, I'd likely have to override some of the save() functionality of ModelForm.
+                    logger.info(f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}")
+        else:
+            logger.debug("'analyst_action' does not exist on the session")
+
     # Abstract property enforces NotImplementedError on an attribute.
     @property
     @abc.abstractmethod

From 65384710910664433fb4942ffd121ee1ba876951 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 22 Aug 2023 12:58:37 -0600
Subject: [PATCH 028/110] Black and lint changes

---
 src/registrar/admin.py                        | 13 +++----
 src/registrar/views/domain.py                 | 29 +++++++++++----
 src/registrar/views/utility/mixins.py         | 36 ++++++++++++++-----
 .../views/utility/permission_views.py         | 31 +++++++++-------
 4 files changed, 75 insertions(+), 34 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 98d1cc553..4ea37e6e8 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -161,20 +161,21 @@ class DomainAdmin(ListHeaderAdmin):
             return HttpResponseRedirect(".")
         elif EDIT_DOMAIN in request.POST:
             # We want to know, globally, when an edit action occurs
-            request.session['analyst_action'] = 'edit'
+            request.session["analyst_action"] = "edit"
             # Restricts this action to this domain only
-            request.session['analyst_action_location'] = obj.id
+            request.session["analyst_action_location"] = obj.id
 
-            return HttpResponseRedirect(reverse('domain', args=(obj.id,)))
+            return HttpResponseRedirect(reverse("domain", args=(obj.id,)))
         return super().response_change(request, obj)
+
     # Sets domain_id as a context var
     def change_view(self, request, object_id, form_url="", extra_context=None):
-        if 'analyst_action' in request.session:
+        if "analyst_action" in request.session:
             # If an analyst performed an edit action,
             # delete the session variable
-            del request.session['analyst_action']
+            del request.session["analyst_action"]
             # delete the associated location
-            del request.session['analyst_action_location']
+            del request.session["analyst_action_location"]
 
         extra_context = extra_context or {}
         extra_context["domain_id"] = object_id
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 5eee3e41b..6f649661b 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -38,6 +38,7 @@ logger = logging.getLogger(__name__)
 class DomainView(DomainPermissionView):
 
     """Domain detail overview page."""
+
     template_name = "domain_detail.html"
 
 
@@ -81,7 +82,9 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -128,7 +131,9 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -199,7 +204,9 @@ class DomainNameserversView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return super().form_valid(formset)
@@ -244,7 +251,9 @@ class DomainYourContactInformationView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -294,7 +303,9 @@ class DomainSecurityEmailView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return redirect(self.get_success_url())
@@ -373,7 +384,9 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
                 )
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
         return redirect(self.get_success_url())
 
     def form_valid(self, form):
@@ -398,7 +411,9 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         return redirect(self.get_success_url())
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 33d70ae32..7644ef7cf 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -7,8 +7,10 @@ from registrar.models import DomainApplication, DomainInvitation
 import logging
 
 from registrar.models.domain_information import DomainInformation
+
 logger = logging.getLogger(__name__)
 
+
 class PermissionsLoginMixin(PermissionRequiredMixin):
 
     """Mixin that redirects to login page if not logged in, otherwise 403."""
@@ -39,9 +41,7 @@ class DomainPermission(PermissionsLoginMixin):
         requested_domain = None
 
         try:
-            requested_domain = DomainInformation.objects.get(
-                id=pk
-            )
+            requested_domain = DomainInformation.objects.get(id=pk)
 
         # This should never happen in normal flow.
         # That said, it does need to be raised here.
@@ -49,7 +49,9 @@ class DomainPermission(PermissionsLoginMixin):
             raise Http404()
 
         # Checks if the creator is the user requesting this item
-        user_is_creator: bool = requested_domain.creator.username == self.request.user.username
+        user_is_creator: bool = (
+            requested_domain.creator.username == self.request.user.username
+        )
 
         # user needs to have a role on the domain
         if user_is_creator:
@@ -57,19 +59,35 @@ class DomainPermission(PermissionsLoginMixin):
 
         # ticket 806
         # Analysts may manage domains, when they are in these statuses:
-        valid_domain_statuses = [DomainApplication.APPROVED, DomainApplication.IN_REVIEW, DomainApplication.REJECTED, DomainApplication.ACTION_NEEDED]
+        valid_domain_statuses = [
+            DomainApplication.APPROVED,
+            DomainApplication.IN_REVIEW,
+            DomainApplication.REJECTED,
+            DomainApplication.ACTION_NEEDED,
+        ]
 
         # Check if the user is permissioned...
-        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
+        user_is_analyst_or_superuser = (
+            self.request.user.is_staff or self.request.user.is_superuser
+        )
 
         session = self.request.session
 
         # Check if the user is attempting a valid edit action.
         # If analyst_action is present, analyst_action_location will be present.
-        # if it isn't, then it either suggests tampering or a larger omnipresent issue with sessions.
-        can_do_action = 'analyst_action' in session and session['analyst_action_location'] == pk
+        # if it isn't, then it either suggests tampering
+        # or a larger omnipresent issue with sessions.
+        can_do_action = (
+            "analyst_action" in session and session["analyst_action_location"] == pk
+        )
 
-        if can_do_action and user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
+        # If the valid session keys exist, if the user is permissioned,
+        # and if its in a valid status
+        if (
+            can_do_action
+            and user_is_analyst_or_superuser
+            and requested_domain.domain_application.status in valid_domain_statuses
+        ):
             return True
 
         # ticket 796
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index faabc171d..6a991d016 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -13,7 +13,10 @@ from .mixins import (
     DomainInvitationPermission,
 )
 import logging
+
 logger = logging.getLogger(__name__)
+
+
 class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
     """Abstract base view for domains that enforces permissions.
@@ -37,22 +40,22 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         is_original_creator = DomainInformation.objects.filter(
             creator_id=self.request.user.id, id=self.kwargs["pk"]
         ).exists()
-        context['is_original_creator'] = is_original_creator
-        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
+        context["is_original_creator"] = is_original_creator
+        context["is_analyst_or_superuser"] = user.is_superuser or user.is_staff
 
         # Flag to see if an analyst is attempting to make edits
-        if 'analyst_action' in self.request.session:
-            context['analyst_action'] = self.request.session['analyst_action']
+        if "analyst_action" in self.request.session:
+            context["analyst_action"] = self.request.session["analyst_action"]
 
         return context
 
     def log_analyst_form_actions(self, form_class_name, printable_object_info):
-        """ Generates a log for when 'analyst_action' exists on the session """
-        if 'analyst_action' in self.request.session:
-            action = self.request.session['analyst_action']
+        """Generates a log for when 'analyst_action' exists on the session"""
+        if "analyst_action" in self.request.session:
+            action = self.request.session["analyst_action"]
 
             user_type = "Analyst"
-            if(self.request.user.is_superuser):
+            if self.request.user.is_superuser:
                 user_type = "Superuser"
 
             # Template for potential future expansion,
@@ -60,11 +63,15 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
             # Could include things such as 'view'
             # or 'copy', for instance.
             match action:
-                case 'edit':
+                case "edit":
                     # Q: do we want to be logging on every changed field?
-                    # I could see that becoming spammy log-wise, but it may also be important.
-                    # To do so, I'd likely have to override some of the save() functionality of ModelForm.
-                    logger.info(f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}")
+                    # I could see that becoming spammy log-wise,
+                    # but it may also be important.
+
+                    # noqa here as breaking this up further leaves it hard to read
+                    logger.info(
+                        f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
+                    )
         else:
             logger.debug("'analyst_action' does not exist on the session")
 

From 28ae74111e3e55f9a20b3523762c592fb9b066c4 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Tue, 22 Aug 2023 15:00:55 -0500
Subject: [PATCH 029/110] update the stable manifest

---
 ops/manifests/manifest-stable.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ops/manifests/manifest-stable.yaml b/ops/manifests/manifest-stable.yaml
index 72726cd08..7cfa1417d 100644
--- a/ops/manifests/manifest-stable.yaml
+++ b/ops/manifests/manifest-stable.yaml
@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-stable.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-stable.app.cloud.gov
   services:

From eb4788b3e1f69dd080e09ba7c933eb009026111d Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 23 Aug 2023 07:37:07 -0600
Subject: [PATCH 030/110] Update home.html

---
 src/registrar/templates/home.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/home.html b/src/registrar/templates/home.html
index 86fefef4a..fd197bfba 100644
--- a/src/registrar/templates/home.html
+++ b/src/registrar/templates/home.html
@@ -120,7 +120,7 @@
     {% endif %}
   </section>
 
-  {# Note: Reimplement this after MVP #}
+  {# Note: Reimplement this after MVP.. #}
   <!--
   <section class="section--outlined tablet:grid-col-11 desktop:grid-col-10">
     <h2>Archived domains</h2>

From 60232aebb2b4021f37ed9cf9aff0baf707209749 Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Wed, 23 Aug 2023 09:17:14 -0700
Subject: [PATCH 031/110] Update logging wording

---
 src/registrar/models/domain_application.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/models/domain_application.py b/src/registrar/models/domain_application.py
index a335688f4..32657a49d 100644
--- a/src/registrar/models/domain_application.py
+++ b/src/registrar/models/domain_application.py
@@ -591,7 +591,7 @@ class DomainApplication(TimeStampedModel):
     def withdraw(self):
         """Withdraw an application that has been submitted."""
         self._send_status_update_email(
-            "action needed",
+            "withdraw",
             "emails/domain_request_withdrawn.txt",
             "emails/domain_request_withdrawn_subject.txt",
         )

From 6b6e62aeb35005a7e939674fb3fbbf727c0f4f8a Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Wed, 23 Aug 2023 14:37:41 -0500
Subject: [PATCH 032/110] Review feedback: docker compose down comment

---
 ops/scripts/create_environment_migrate.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ops/scripts/create_environment_migrate.sh b/ops/scripts/create_environment_migrate.sh
index 21219364a..0e9d8aff7 100755
--- a/ops/scripts/create_environment_migrate.sh
+++ b/ops/scripts/create_environment_migrate.sh
@@ -1,7 +1,8 @@
 # This script sets up a completely new Cloud.gov CF Space with all the corresponding
 # infrastructure needed to run get.gov. It can serve for documentation for running
 # NOTE: This script was written for MacOS and to be run at the root directory
-# of the repository.
+# of the repository. It uses `docker compose` to compile assets, so it is
+# safest to `docker compose down` before using this script. 
 
 if [ -z "$1" ]; then
     echo 'Please specify a name on the command line for the new space (i.e. lmm)' >&2

From 274e31cc3716747c26c8b7d2f2a753d61b4529a9 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 23 Aug 2023 14:07:54 -0600
Subject: [PATCH 033/110] Small Refactoring

---
 src/registrar/admin.py                        | 12 +++++-
 .../django/admin/domain_change_form.html      |  2 -
 src/registrar/templates/domain_base.html      |  3 +-
 src/registrar/views/utility/mixins.py         | 39 +++++++++++--------
 .../views/utility/permission_views.py         | 17 +++-----
 5 files changed, 40 insertions(+), 33 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 4ea37e6e8..503b6abbd 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -6,7 +6,6 @@ from django.http.response import HttpResponseRedirect
 from django.urls import reverse
 from . import models
 
-
 logger = logging.getLogger(__name__)
 
 
@@ -162,7 +161,7 @@ class DomainAdmin(ListHeaderAdmin):
         elif EDIT_DOMAIN in request.POST:
             # We want to know, globally, when an edit action occurs
             request.session["analyst_action"] = "edit"
-            # Restricts this action to this domain only
+            # Restricts this action to this domain (pk) only
             request.session["analyst_action_location"] = obj.id
 
             return HttpResponseRedirect(reverse("domain", args=(obj.id,)))
@@ -179,6 +178,7 @@ class DomainAdmin(ListHeaderAdmin):
 
         extra_context = extra_context or {}
         extra_context["domain_id"] = object_id
+
         return super().change_view(
             request,
             object_id,
@@ -186,6 +186,14 @@ class DomainAdmin(ListHeaderAdmin):
             extra_context=extra_context,
         )
 
+    def has_change_permission(self, request, obj=None):
+        # Fixes a bug wherein users which are only is_staff can access 'change' when GET,
+        # but cannot access this page when it is a request of type POST.
+        if request.user.is_staff:
+            return True
+
+        return super().has_change_permission(request, obj)
+
 
 class ContactAdmin(ListHeaderAdmin):
 
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 5461cc82a..6c5fc1384 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -2,8 +2,6 @@
 
 {% block field_sets %}
     <div class="submit-row">
-
-        <input type="hidden" value="edit" name="analyst_action">
         <input type="submit" value="Edit Domain" name="_edit_domain">
         <input type="submit" value="Place hold" name="_place_client_hold">
     </div>
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 335c88980..3208350b7 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -19,7 +19,7 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser or not analyst_action%}
+    {% if not is_analyst_or_superuser or not analyst_action %}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
@@ -39,7 +39,6 @@
         <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
         Back to manage your domains
         </p>
-
       </a>
       {% endif %}
       {# messages block is under the back breadcrumb link #}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 7644ef7cf..e0bf381cd 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -4,9 +4,9 @@ from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.http import Http404
 
 from registrar.models import DomainApplication, DomainInvitation
-import logging
 
-from registrar.models.domain_information import DomainInformation
+from registrar.models import DomainInformation, UserDomainRole
+import logging
 
 logger = logging.getLogger(__name__)
 
@@ -35,29 +35,36 @@ class DomainPermission(PermissionsLoginMixin):
             return False
 
         pk = self.kwargs["pk"]
+
+        # If pk is none then something went very wrong...
         if pk is None:
-            raise ValueError("Primary key is null for Domain")
-
-        requested_domain = None
-
-        try:
-            requested_domain = DomainInformation.objects.get(id=pk)
-
-        # This should never happen in normal flow.
-        # That said, it does need to be raised here.
-        except DomainInformation.DoesNotExist:
-            raise Http404()
+            raise ValueError("Primary key is None")
 
         # Checks if the creator is the user requesting this item
-        user_is_creator: bool = (
-            requested_domain.creator.username == self.request.user.username
-        )
+
+        user_is_creator: bool = UserDomainRole.objects.filter(
+            user=self.request.user, domain__id=pk
+        ).exists()
 
         # user needs to have a role on the domain
         if user_is_creator:
             return True
 
         # ticket 806
+        requested_domain: DomainInformation = None
+
+        try:
+            requested_domain = DomainInformation.objects.get(id=pk)
+
+        except DomainInformation.DoesNotExist:
+            # Q: While testing, I saw that, application-wide, if you go to a domain
+            # that does not exist (i.e: https://getgov-staging.app.cloud.gov/domain/73333),
+            # the page throws a 403 error,
+            # instead of a 404. This fixes that behaviour,
+            # but do we want it to throw a 403 instead?
+            # Basically, should this be logger.debug()?
+            raise Http404()
+
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [
             DomainApplication.APPROVED,
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 6a991d016..d7543d375 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -34,23 +34,20 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         user = self.request.user
-        # Q: is there a more efficent way to do this?
-        # Searches by creator_id instead of creator,
-        # should be slightly faster than by creator...
-        is_original_creator = DomainInformation.objects.filter(
-            creator_id=self.request.user.id, id=self.kwargs["pk"]
-        ).exists()
-        context["is_original_creator"] = is_original_creator
-        context["is_analyst_or_superuser"] = user.is_superuser or user.is_staff
 
+        context["is_analyst_or_superuser"] = user.is_superuser or user.is_staff
         # Flag to see if an analyst is attempting to make edits
         if "analyst_action" in self.request.session:
             context["analyst_action"] = self.request.session["analyst_action"]
+            context["analyst_action_location"] = self.request.session["analyst_action_location"]
 
         return context
 
     def log_analyst_form_actions(self, form_class_name, printable_object_info):
-        """Generates a log for when 'analyst_action' exists on the session"""
+        """Generates a log for when key 'analyst_action' exists on the session.
+            Follows this format: f"{user_type} {self.request.user}
+            edited {form_class_name} in {printable_object_info}"
+        """
         if "analyst_action" in self.request.session:
             action = self.request.session["analyst_action"]
 
@@ -72,8 +69,6 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
                     logger.info(
                         f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
                     )
-        else:
-            logger.debug("'analyst_action' does not exist on the session")
 
     # Abstract property enforces NotImplementedError on an attribute.
     @property

From f26bb9ea6e7892bf0f3e3be6d4c67fc9f206ee03 Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Wed, 23 Aug 2023 22:38:03 -0700
Subject: [PATCH 034/110] Fix spacing for username in top right corner

---
 src/registrar/templates/base.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/base.html b/src/registrar/templates/base.html
index 977366e47..72c30f323 100644
--- a/src/registrar/templates/base.html
+++ b/src/registrar/templates/base.html
@@ -149,12 +149,12 @@
         <button type="button" class="usa-nav__close">
           <img src="/public/img/usa-icons/close.svg" role="img" alt="Close" />
         </button>
-        <ul class="usa-nav__primary usa-accordion">
+        <ul class="usa-nav__primary usa-accordion display-flex flex-align-center">
           <li class="usa-nav__primary-item">
             {% if user.is_authenticated %}
             <span>{{ user.email }}</span>
           </li>
-          <li class="usa-nav__primary-item display-flex flex-align-center">
+          <li class="usa-nav__primary-item display-flex flex-align-center margin-left-2">
             <span class="text-base"> | </span>
             <a href="{% url 'logout' %}"><span class="text-primary">Sign out</span></a>
           </li>

From 8ef3cd95d39f559dd9bb3f6736478d202a05805e Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 24 Aug 2023 10:14:52 -0600
Subject: [PATCH 035/110] Stash push - prepping for PR

---
 src/registrar/assets/js/get-gov.js            |  3 ++-
 src/registrar/assets/sass/_theme/_admin.scss  | 21 -----------------
 .../_theme/_uswds-theme-custom-styles.scss    | 23 +++++++++++++------
 .../django/admin/domain_change_form.html      |  8 ++++++-
 src/registrar/templates/domain_base.html      | 19 +++++++--------
 5 files changed, 35 insertions(+), 39 deletions(-)

diff --git a/src/registrar/assets/js/get-gov.js b/src/registrar/assets/js/get-gov.js
index 57dc6d2e3..9c0df7c71 100644
--- a/src/registrar/assets/js/get-gov.js
+++ b/src/registrar/assets/js/get-gov.js
@@ -211,7 +211,7 @@ function handleValidationClick(e) {
  * An IIFE that will attach validators to inputs.
  *
  * It looks for elements with `validate="<type> <type>"` and adds change handlers.
- * 
+ *
  * These handlers know about two other attributes:
  *  - `validate-for="<id>"` creates a button which will run the validator(s) on <id>
  *  - `auto-validate` will run validator(s) when the user stops typing (otherwise,
@@ -261,3 +261,4 @@ function handleValidationClick(e) {
       totalForms.setAttribute('value', `${formNum+1}`)
   }
 })();
+
diff --git a/src/registrar/assets/sass/_theme/_admin.scss b/src/registrar/assets/sass/_theme/_admin.scss
index 204d335e9..91d0d5e3c 100644
--- a/src/registrar/assets/sass/_theme/_admin.scss
+++ b/src/registrar/assets/sass/_theme/_admin.scss
@@ -170,24 +170,3 @@ table > caption > a {
 .min-width-81 {
     min-width: 81px;
 }
-
-.buttonAdminPadding {
-    background: var(--button-bg);
-    padding: 10px 15px;
-    border: none;
-    border-radius: 4px;
-    color: var(--button-fg);
-    cursor: pointer;
-    transition: background 0.15s;
-
-}
-
-.submit-row input {
-    height: 2.1875rem;
-    line-height: 0.9375rem;
-}
-
-a.button{
-    font-size: 100% !important;
-    padding: 9px 15px !important;
-}
\ No newline at end of file
diff --git a/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss b/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
index 905ab872c..678084d00 100644
--- a/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
+++ b/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
@@ -26,6 +26,7 @@ $letter-space--xs: .0125em;
 @use "uswds-core" as *;
 
 /* Styles for making visible to screen reader / AT users only. */
+
 .sr-only {
    @include sr-only;
  }
@@ -61,9 +62,9 @@ body {
 }
 
 p,
-address, 
-.usa-list li { 
-  @include typeset('sans', 'sm', 5); 
+address,
+.usa-list li {
+  @include typeset('sans', 'sm', 5);
   max-width: measure(5);
 }
 
@@ -118,7 +119,7 @@ h2 {
     color: color('violet-70v'); //USWDS default
   }
 }
-.register-form-step .usa-form-group:first-of-type, 
+.register-form-step .usa-form-group:first-of-type,
 .register-form-step .usa-label:first-of-type {
   margin-top: units(1);
 }
@@ -180,7 +181,7 @@ a.withdraw:active {
       a.link_usa-checked {
         padding: 0;
       }
-    }    
+    }
   }
 }
 
@@ -242,7 +243,7 @@ a.withdraw:active {
 
 .usa-form .usa-button {
   margin-top: units(3);
-} 
+}
 
 .usa-button--unstyled .usa-icon {
   vertical-align: bottom;
@@ -395,7 +396,7 @@ a.usa-button--unstyled:visited {
 }
 
 .dotgov-status-box {
-  background-color: color('primary-lightest'); 
+  background-color: color('primary-lightest');
   border-color: color('accent-cool-lighter');
 }
 
@@ -432,3 +433,11 @@ abbr[title] {
     height: units('mobile');
   }
 }
+
+// Fixes some font size disparities with the Figma
+// for usa-alert alert elements
+.usa-alert {
+  .usa-alert__heading.larger-font-sizing {
+    font-size: units(3);
+  }
+}
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 6c5fc1384..e7363851a 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -1,8 +1,14 @@
 {% extends 'admin/change_form.html' %}
+{% load i18n static %}
+
+{% block extrahead %}
+{{ block.super }}
+<script src="{% static 'js/get-gov-admin.js' %}" defer></script>
+{% endblock %}
 
 {% block field_sets %}
     <div class="submit-row">
-        <input type="submit" value="Edit Domain" name="_edit_domain">
+        <input id="manageDomainSubmitButton" type="submit" value="Manage Domain" name="_edit_domain">
         <input type="submit" value="Place hold" name="_place_client_hold">
     </div>
     {{ block.super }}
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 3208350b7..4ecee908a 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -6,11 +6,13 @@
 {% block content %}
 <div class="grid-container">
   <div class="grid-row">
+    {% if not is_analyst_or_superuser or not analyst_action %}
     <p class="font-body-md margin-top-0 margin-bottom-2
               text-primary-darker text-semibold"
     >
       <span class="usa-sr-only"> Domain name:</span> {{ domain.name }}
     </p>
+    {% endif %}
   </div>
   <div class="grid-row grid-gap">
     <div class="tablet:grid-col-3">
@@ -31,15 +33,14 @@
 
       </a>
       {% elif is_analyst_or_superuser and analyst_action == 'edit' %}
-      <a href="{% url 'admin:registrar_domain_change' domain.id%}" class="breadcrumb__back">
-        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
-        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
-        </svg>
-        {# Q: For analysts, should this be 'Back to .gov admin' or  'Back to change domain'? #}
-        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains
-        </p>
-      </a>
+      <div class="usa-alert usa-alert--warning">
+        <div class="usa-alert__body">
+          <h4 class="usa-alert__heading larger-font-sizing ">Attention!</h4>
+          <p class="usa-alert__text ">
+            You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates
+          </p>
+        </div>
+      </div>
       {% endif %}
       {# messages block is under the back breadcrumb link #}
       {% if messages %}

From 376aa30e1ec66d91b5c80248a9029830f53889da Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 24 Aug 2023 11:38:46 -0600
Subject: [PATCH 036/110] Linter, reordered logic

---
 src/registrar/admin.py                        |  3 ++-
 src/registrar/templates/domain_base.html      | 24 +++++++++----------
 src/registrar/views/utility/mixins.py         |  8 +++----
 .../views/utility/permission_views.py         | 10 ++++----
 4 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index fb79a6b46..5d6b8c9b8 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -191,7 +191,8 @@ class DomainAdmin(ListHeaderAdmin):
         )
 
     def has_change_permission(self, request, obj=None):
-        # Fixes a bug wherein users which are only is_staff can access 'change' when GET,
+        # Fixes a bug wherein users which are only is_staff
+        # can access 'change' when GET,
         # but cannot access this page when it is a request of type POST.
         if request.user.is_staff:
             return True
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 4ecee908a..0810a422e 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -6,7 +6,7 @@
 {% block content %}
 <div class="grid-container">
   <div class="grid-row">
-    {% if not is_analyst_or_superuser or not analyst_action %}
+    {% if not is_analyst_or_superuser or not analyst_action or analyst_action_location != domain.pk %}
     <p class="font-body-md margin-top-0 margin-bottom-2
               text-primary-darker text-semibold"
     >
@@ -21,18 +21,8 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser or not analyst_action %}
-	  <a href="{% url 'home' %}" class="breadcrumb__back">
-        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
-        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
-        </svg>
 
-        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains
-        </p>
-
-      </a>
-      {% elif is_analyst_or_superuser and analyst_action == 'edit' %}
+      {% if is_analyst_or_superuser and analyst_action == 'edit' and analyst_action_location == domain.pk %}
       <div class="usa-alert usa-alert--warning">
         <div class="usa-alert__body">
           <h4 class="usa-alert__heading larger-font-sizing ">Attention!</h4>
@@ -41,6 +31,16 @@
           </p>
         </div>
       </div>
+      {% else %}
+      <a href="{% url 'home' %}" class="breadcrumb__back">
+        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
+        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
+        </svg>
+
+        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
+        Back to manage your domains
+        </p>
+      </a>
       {% endif %}
       {# messages block is under the back breadcrumb link #}
       {% if messages %}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index e0bf381cd..ef8cfc7fb 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -58,10 +58,10 @@ class DomainPermission(PermissionsLoginMixin):
 
         except DomainInformation.DoesNotExist:
             # Q: While testing, I saw that, application-wide, if you go to a domain
-            # that does not exist (i.e: https://getgov-staging.app.cloud.gov/domain/73333),
-            # the page throws a 403 error,
-            # instead of a 404. This fixes that behaviour,
-            # but do we want it to throw a 403 instead?
+            # that does not exist, for example,
+            # https://getgov-staging.app.cloud.gov/domain/73333,
+            # the page throws a 403 error, instead of a 404.
+            # This fixes that behaviour, but do we want it to throw a 403 instead?
             # Basically, should this be logger.debug()?
             raise Http404()
 
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index d7543d375..22ca6863b 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -5,7 +5,7 @@ import abc  # abstract base class
 from django.views.generic import DetailView, DeleteView
 
 from registrar.models import Domain, DomainApplication, DomainInvitation
-from registrar.models.domain_information import DomainInformation
+
 
 from .mixins import (
     DomainPermission,
@@ -35,11 +35,13 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         context = super().get_context_data(**kwargs)
         user = self.request.user
 
-        context["is_analyst_or_superuser"] = user.is_superuser or user.is_staff
+        context["is_analyst_or_superuser"] = user.is_staff or user.is_superuser
         # Flag to see if an analyst is attempting to make edits
         if "analyst_action" in self.request.session:
-            context["analyst_action"] = self.request.session["analyst_action"]
-            context["analyst_action_location"] = self.request.session["analyst_action_location"]
+            # Stored in a variable for the linter
+            action = "analyst_action"
+            context[action] = self.request.session[action]
+            context[f"{action}_location"] = self.request.session[f"{action}_location"]
 
         return context
 

From 09c336c1da8825eb6ff30809579c23d0b63165d1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 24 Aug 2023 11:39:50 -0600
Subject: [PATCH 037/110] Update get-gov.js

---
 src/registrar/assets/js/get-gov.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/registrar/assets/js/get-gov.js b/src/registrar/assets/js/get-gov.js
index 9c0df7c71..0b67df825 100644
--- a/src/registrar/assets/js/get-gov.js
+++ b/src/registrar/assets/js/get-gov.js
@@ -261,4 +261,3 @@ function handleValidationClick(e) {
       totalForms.setAttribute('value', `${formNum+1}`)
   }
 })();
-

From dc0420998be627526cf7d643363bd6ed22938f0a Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 24 Aug 2023 12:58:08 -0600
Subject: [PATCH 038/110] Linting / test

---
 src/registrar/views/utility/mixins.py           | 8 ++++----
 src/registrar/views/utility/permission_views.py | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index ef8cfc7fb..13ea70684 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -1,7 +1,6 @@
 """Permissions-related mixin classes."""
 
 from django.contrib.auth.mixins import PermissionRequiredMixin
-from django.http import Http404
 
 from registrar.models import DomainApplication, DomainInvitation
 
@@ -61,9 +60,10 @@ class DomainPermission(PermissionsLoginMixin):
             # that does not exist, for example,
             # https://getgov-staging.app.cloud.gov/domain/73333,
             # the page throws a 403 error, instead of a 404.
-            # This fixes that behaviour, but do we want it to throw a 403 instead?
-            # Basically, should this be logger.debug()?
-            raise Http404()
+            # Do we want it to throw a 404 instead?
+            # Basically, should this be Http404()?
+            logger.warning(f"Domain with PK {pk} does not exist")
+            return False
 
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 22ca6863b..89cc62299 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -47,8 +47,8 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
     def log_analyst_form_actions(self, form_class_name, printable_object_info):
         """Generates a log for when key 'analyst_action' exists on the session.
-            Follows this format: f"{user_type} {self.request.user}
-            edited {form_class_name} in {printable_object_info}"
+        Follows this format: f"{user_type} {self.request.user}
+        edited {form_class_name} in {printable_object_info}"
         """
         if "analyst_action" in self.request.session:
             action = self.request.session["analyst_action"]

From 4b82f5e131cdb885f5e61a2b9b78b27993703148 Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Thu, 24 Aug 2023 18:53:20 -0400
Subject: [PATCH 039/110] Add constraint on admin saving a domain application
 when its creator is ineligible, make all fields readonly when creator is
 ineligible

---
 src/registrar/admin.py            | 138 +++++++++++++++++++++---------
 src/registrar/tests/test_admin.py |  96 ++++++++++++++-------
 2 files changed, 163 insertions(+), 71 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 8426b7e40..ccdb7be3e 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -4,11 +4,43 @@ from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 from django.contrib.contenttypes.models import ContentType
 from django.http.response import HttpResponseRedirect
 from django.urls import reverse
+# from django.forms.widgets import CheckboxSelectMultiple
+# from django import forms
 from . import models
 
 logger = logging.getLogger(__name__)
 
 
+# class TextDisplayWidget(forms.Widget):
+#     def render(self, name, value, attrs=None, renderer=None):
+#         if value:
+#             choices_dict = dict(self.choices)
+#             selected_values = set(value)
+#             display_values = [choices_dict[val] for val in selected_values]
+#             return ', '.join(display_values)
+#         return ''
+
+
+# class DomainApplicationForm(forms.ModelForm):
+#     class Meta:
+#         model = models.DomainApplication
+#         fields = '__all__'
+
+#     def __init__(self, *args, **kwargs):
+#         super().__init__(*args, **kwargs)
+        
+#         # Replace the current_websites field with text if a condition is met
+#         if self.instance and self.instance.creator.status == 'ineligible':
+#             self.fields['current_websites'].widget = TextDisplayWidget()
+#             self.fields['current_websites'].widget.choices = self.fields['current_websites'].choices
+            
+#             self.fields['other_contacts'].widget = TextDisplayWidget()
+#             self.fields['other_contacts'].widget.choices = self.fields['other_contacts'].choices
+            
+#             self.fields['alternative_domains'].widget = TextDisplayWidget()
+#             self.fields['alternative_domains'].widget.choices = self.fields['alternative_domains'].choices
+
+
 class AuditedAdmin(admin.ModelAdmin):
 
     """Custom admin to make auditing easier."""
@@ -181,6 +213,10 @@ class ContactAdmin(ListHeaderAdmin):
 class DomainApplicationAdmin(ListHeaderAdmin):
 
     """Customize the applications listing view."""
+    
+    # Set multi-selects 'read-only' (hide selects and show data)
+    # based on user perms and application creator's status
+    #form = DomainApplicationForm
 
     # Columns
     list_display = [
@@ -255,7 +291,7 @@ class DomainApplicationAdmin(ListHeaderAdmin):
     ]
 
     # Read only that we'll leverage for CISA Analysts
-    readonly_fields = [
+    analyst_readonly_fields = [
         "creator",
         "type_of_work",
         "more_organization_information",
@@ -273,52 +309,72 @@ class DomainApplicationAdmin(ListHeaderAdmin):
 
     # Trigger action when a fieldset is changed
     def save_model(self, request, obj, form, change):
-        if change:  # Check if the application is being edited
-            # Get the original application from the database
-            original_obj = models.DomainApplication.objects.get(pk=obj.pk)
+        if obj and obj.creator.status != "ineligible":
+            if change:  # Check if the application is being edited
+                # Get the original application from the database
+                original_obj = models.DomainApplication.objects.get(pk=obj.pk)
 
-            if obj.status != original_obj.status:
-                if obj.status == models.DomainApplication.STARTED:
-                    # No conditions
-                    pass
-                elif obj.status == models.DomainApplication.SUBMITTED:
-                    # This is an fsm in model which will throw an error if the
-                    # transition condition is violated, so we roll back the
-                    # status to what it was before the admin user changed it and
-                    # let the fsm method set it. Same comment applies to
-                    # transition method calls below.
-                    obj.status = original_obj.status
-                    obj.submit()
-                elif obj.status == models.DomainApplication.IN_REVIEW:
-                    obj.status = original_obj.status
-                    obj.in_review()
-                elif obj.status == models.DomainApplication.ACTION_NEEDED:
-                    obj.status = original_obj.status
-                    obj.action_needed()
-                elif obj.status == models.DomainApplication.APPROVED:
-                    obj.status = original_obj.status
-                    obj.approve()
-                elif obj.status == models.DomainApplication.WITHDRAWN:
-                    obj.status = original_obj.status
-                    obj.withdraw()
-                elif obj.status == models.DomainApplication.REJECTED:
-                    obj.status = original_obj.status
-                    obj.reject()
-                elif obj.status == models.DomainApplication.INELIGIBLE:
-                    obj.status = original_obj.status
-                    obj.reject_with_prejudice()
-                else:
-                    logger.warning("Unknown status selected in django admin")
+                if obj.status != original_obj.status:
+                    if obj.status == models.DomainApplication.STARTED:
+                        # No conditions
+                        pass
+                    elif obj.status == models.DomainApplication.SUBMITTED:
+                        # This is an fsm in model which will throw an error if the
+                        # transition condition is violated, so we roll back the
+                        # status to what it was before the admin user changed it and
+                        # let the fsm method set it. Same comment applies to
+                        # transition method calls below.
+                        obj.status = original_obj.status
+                        obj.submit()
+                    elif obj.status == models.DomainApplication.IN_REVIEW:
+                        obj.status = original_obj.status
+                        obj.in_review()
+                    elif obj.status == models.DomainApplication.ACTION_NEEDED:
+                        obj.status = original_obj.status
+                        obj.action_needed()
+                    elif obj.status == models.DomainApplication.APPROVED:
+                        obj.status = original_obj.status
+                        obj.approve()
+                    elif obj.status == models.DomainApplication.WITHDRAWN:
+                        obj.status = original_obj.status
+                        obj.withdraw()
+                    elif obj.status == models.DomainApplication.REJECTED:
+                        obj.status = original_obj.status
+                        obj.reject()
+                    elif obj.status == models.DomainApplication.INELIGIBLE:
+                        obj.status = original_obj.status
+                        obj.reject_with_prejudice()
+                    else:
+                        logger.warning("Unknown status selected in django admin")
 
-        super().save_model(request, obj, form, change)
+            super().save_model(request, obj, form, change)
+        else:    
+            messages.error(request, "This action is not permitted for applications with an ineligible creator.")
 
     def get_readonly_fields(self, request, obj=None):
+        
+        """Set the read-only state on form elements. 
+        We have 2 conditions that determine which fields are read-only:
+        admin user permissions and the application creator's status, so
+        we'll use the baseline readonly_fields and extend it as needed.
+        """
+        
+        readonly_fields = list(self.readonly_fields)
+        
+        # Check if the creator is ineligible
+        if obj and obj.creator.status == "ineligible":
+            # For fields like CharField, IntegerField, etc., the widget used is straightforward,
+            # and the readonly_fields list can control their behavior
+            readonly_fields.extend([field.name for field in self.model._meta.fields])
+            # Add the multi-select fields to readonly_fields:
+            # Complex fields like ManyToManyField require special handling
+            readonly_fields.extend(["current_websites", "other_contacts", "alternative_domains"])
+        
         if request.user.is_superuser:
-            # Superusers have full access, no fields are read-only
-            return []
+            return readonly_fields
         else:
-            # Regular users can only view the specified fields
-            return self.readonly_fields
+            readonly_fields.extend([field for field in self.analyst_readonly_fields])
+            return readonly_fields
 
 
 admin.site.register(models.User, MyUserAdmin)
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index cc860e41c..6b6be1bd5 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -4,6 +4,7 @@ from registrar.admin import DomainApplicationAdmin, ListHeaderAdmin, MyUserAdmin
 from registrar.models import DomainApplication, DomainInformation, User
 from .common import completed_application, mock_user, create_superuser, create_user
 from django.contrib.auth import get_user_model
+from unittest.mock import patch
 
 from django.conf import settings
 from unittest.mock import MagicMock
@@ -14,6 +15,9 @@ class TestDomainApplicationAdmin(TestCase):
     def setUp(self):
         self.site = AdminSite()
         self.factory = RequestFactory()
+        self.admin = DomainApplicationAdmin(model=DomainApplication, admin_site=self.site)
+        self.superuser = create_superuser()
+        self.staffuser = create_user()
 
     @boto3_mocking.patching
     def test_save_model_sends_submitted_email(self):
@@ -33,14 +37,11 @@ class TestDomainApplicationAdmin(TestCase):
                 "/admin/registrar/domainapplication/{}/change/".format(application.pk)
             )
 
-            # Create an instance of the model admin
-            model_admin = DomainApplicationAdmin(DomainApplication, self.site)
-
             # Modify the application's property
             application.status = DomainApplication.SUBMITTED
 
             # Use the model admin's save_model method
-            model_admin.save_model(request, application, form=None, change=True)
+            self.admin.save_model(request, application, form=None, change=True)
 
         # Access the arguments passed to send_email
         call_args = mock_client_instance.send_email.call_args
@@ -79,14 +80,11 @@ class TestDomainApplicationAdmin(TestCase):
                 "/admin/registrar/domainapplication/{}/change/".format(application.pk)
             )
 
-            # Create an instance of the model admin
-            model_admin = DomainApplicationAdmin(DomainApplication, self.site)
-
             # Modify the application's property
             application.status = DomainApplication.IN_REVIEW
 
             # Use the model admin's save_model method
-            model_admin.save_model(request, application, form=None, change=True)
+            self.admin.save_model(request, application, form=None, change=True)
 
         # Access the arguments passed to send_email
         call_args = mock_client_instance.send_email.call_args
@@ -125,14 +123,11 @@ class TestDomainApplicationAdmin(TestCase):
                 "/admin/registrar/domainapplication/{}/change/".format(application.pk)
             )
 
-            # Create an instance of the model admin
-            model_admin = DomainApplicationAdmin(DomainApplication, self.site)
-
             # Modify the application's property
             application.status = DomainApplication.APPROVED
 
             # Use the model admin's save_model method
-            model_admin.save_model(request, application, form=None, change=True)
+            self.admin.save_model(request, application, form=None, change=True)
 
         # Access the arguments passed to send_email
         call_args = mock_client_instance.send_email.call_args
@@ -166,14 +161,11 @@ class TestDomainApplicationAdmin(TestCase):
             "/admin/registrar/domainapplication/{}/change/".format(application.pk)
         )
 
-        # Create an instance of the model admin
-        model_admin = DomainApplicationAdmin(DomainApplication, self.site)
-
         # Modify the application's property
         application.status = DomainApplication.APPROVED
 
         # Use the model admin's save_model method
-        model_admin.save_model(request, application, form=None, change=True)
+        self.admin.save_model(request, application, form=None, change=True)
 
         # Test that approved domain exists and equals requested domain
         self.assertEqual(
@@ -198,14 +190,11 @@ class TestDomainApplicationAdmin(TestCase):
                 "/admin/registrar/domainapplication/{}/change/".format(application.pk)
             )
 
-            # Create an instance of the model admin
-            model_admin = DomainApplicationAdmin(DomainApplication, self.site)
-
             # Modify the application's property
             application.status = DomainApplication.ACTION_NEEDED
 
             # Use the model admin's save_model method
-            model_admin.save_model(request, application, form=None, change=True)
+            self.admin.save_model(request, application, form=None, change=True)
 
         # Access the arguments passed to send_email
         call_args = mock_client_instance.send_email.call_args
@@ -247,14 +236,11 @@ class TestDomainApplicationAdmin(TestCase):
                 "/admin/registrar/domainapplication/{}/change/".format(application.pk)
             )
 
-            # Create an instance of the model admin
-            model_admin = DomainApplicationAdmin(DomainApplication, self.site)
-
             # Modify the application's property
             application.status = DomainApplication.REJECTED
 
             # Use the model admin's save_model method
-            model_admin.save_model(request, application, form=None, change=True)
+            self.admin.save_model(request, application, form=None, change=True)
 
         # Access the arguments passed to send_email
         call_args = mock_client_instance.send_email.call_args
@@ -288,19 +274,70 @@ class TestDomainApplicationAdmin(TestCase):
             "/admin/registrar/domainapplication/{}/change/".format(application.pk)
         )
 
-        # Create an instance of the model admin
-        model_admin = DomainApplicationAdmin(DomainApplication, self.site)
-
         # Modify the application's property
         application.status = DomainApplication.INELIGIBLE
 
         # Use the model admin's save_model method
-        model_admin.save_model(request, application, form=None, change=True)
+        self.admin.save_model(request, application, form=None, change=True)
 
         # Test that approved domain exists and equals requested domain
         self.assertEqual(
             application.creator.status, "ineligible"
         )
+        
+    def test_readonly_when_ineligible_creator(self):
+        application = completed_application(status=DomainApplication.IN_REVIEW)
+        application.creator.status = 'ineligible'
+        application.creator.save()
+        
+        request = self.factory.get('/')
+        request.user = self.superuser
+        
+        readonly_fields = self.admin.get_readonly_fields(request, application)
+                
+        expected_fields = ['id', 'created_at', 'updated_at', 'status', 'creator', 'investigator', 'organization_type', 'federally_recognized_tribe', 'state_recognized_tribe', 'tribe_name', 'federal_agency', 'federal_type', 'is_election_board', 'organization_name', 'address_line1', 'address_line2', 'city', 'state_territory', 'zipcode', 'urbanization', 'type_of_work', 'more_organization_information', 'authorizing_official', 'approved_domain', 'requested_domain', 'submitter', 'purpose', 'no_other_contacts_rationale', 'anything_else', 'is_policy_acknowledged', 'current_websites', 'other_contacts', 'alternative_domains']
+        
+        self.assertEqual(readonly_fields, expected_fields)
+        
+    def test_readonly_fields_for_analyst(self):
+        request = self.factory.get('/')  # Use the correct method and path
+        request.user = self.staffuser
+        
+        readonly_fields = self.admin.get_readonly_fields(request)
+                
+        expected_fields = ['creator', 'type_of_work', 'more_organization_information', 'address_line1', 'address_line2', 'zipcode', 'requested_domain', 'alternative_domains', 'purpose', 'submitter', 'no_other_contacts_rationale', 'anything_else', 'is_policy_acknowledged']
+    
+        self.assertEqual(readonly_fields, expected_fields)
+        
+    def test_readonly_fields_for_superuser(self):
+        request = self.factory.get('/')  # Use the correct method and path
+        request.user = self.superuser
+        
+        readonly_fields = self.admin.get_readonly_fields(request)
+                
+        expected_fields = []
+    
+        self.assertEqual(readonly_fields, expected_fields)
+        
+    def test_saving_when_ineligible_creator(self):
+        # Create an instance of the model
+        application = completed_application(status=DomainApplication.IN_REVIEW)
+        application.creator.status = 'ineligible'
+        application.creator.save()
+        
+        # Create a request object with a superuser
+        request = self.factory.get('/')
+        request.user = self.superuser
+        
+        with patch('django.contrib.messages.error') as mock_error:
+            # Simulate saving the model
+            self.admin.save_model(request, application, None, False)
+            
+            # Assert that the error message was called with the correct argument
+            mock_error.assert_called_once_with(request, "This action is not permitted for applications with an ineligible creator.")
+
+        # Assert that the status has not changed
+        self.assertEqual(application.status, DomainApplication.IN_REVIEW)
 
     def tearDown(self):
         DomainInformation.objects.all().delete()
@@ -381,8 +418,7 @@ class ListHeaderAdminTest(TestCase):
         DomainInformation.objects.all().delete()
         DomainApplication.objects.all().delete()
         User.objects.all().delete()
-        self.superuser.delete()
-
+        
 
 class MyUserAdminTest(TestCase):
     def setUp(self):

From 91d1b9c1cc4cc3683d715d9af8d79b5012c15f2c Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Thu, 24 Aug 2023 19:09:57 -0400
Subject: [PATCH 040/110] Lint

---
 src/registrar/admin.py                        | 175 ++++++++++--------
 src/registrar/models/domain_application.py    |  12 +-
 src/registrar/models/user.py                  |  20 +-
 src/registrar/tests/test_admin.py             | 118 ++++++++----
 src/registrar/tests/test_models.py            |  14 +-
 src/registrar/tests/test_views.py             |  16 +-
 src/registrar/views/application.py            |   2 +-
 src/registrar/views/utility/__init__.py       |   2 +-
 src/registrar/views/utility/mixins.py         |   4 +-
 .../views/utility/permission_views.py         |  10 +-
 10 files changed, 218 insertions(+), 155 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index ccdb7be3e..eeb9a9375 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -4,43 +4,12 @@ from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 from django.contrib.contenttypes.models import ContentType
 from django.http.response import HttpResponseRedirect
 from django.urls import reverse
-# from django.forms.widgets import CheckboxSelectMultiple
-# from django import forms
+
 from . import models
 
 logger = logging.getLogger(__name__)
 
 
-# class TextDisplayWidget(forms.Widget):
-#     def render(self, name, value, attrs=None, renderer=None):
-#         if value:
-#             choices_dict = dict(self.choices)
-#             selected_values = set(value)
-#             display_values = [choices_dict[val] for val in selected_values]
-#             return ', '.join(display_values)
-#         return ''
-
-
-# class DomainApplicationForm(forms.ModelForm):
-#     class Meta:
-#         model = models.DomainApplication
-#         fields = '__all__'
-
-#     def __init__(self, *args, **kwargs):
-#         super().__init__(*args, **kwargs)
-        
-#         # Replace the current_websites field with text if a condition is met
-#         if self.instance and self.instance.creator.status == 'ineligible':
-#             self.fields['current_websites'].widget = TextDisplayWidget()
-#             self.fields['current_websites'].widget.choices = self.fields['current_websites'].choices
-            
-#             self.fields['other_contacts'].widget = TextDisplayWidget()
-#             self.fields['other_contacts'].widget.choices = self.fields['other_contacts'].choices
-            
-#             self.fields['alternative_domains'].widget = TextDisplayWidget()
-#             self.fields['alternative_domains'].widget.choices = self.fields['alternative_domains'].choices
-
-
 class AuditedAdmin(admin.ModelAdmin):
 
     """Custom admin to make auditing easier."""
@@ -130,14 +99,35 @@ class MyUserAdmin(BaseUserAdmin):
     """Custom user admin class to use our inlines."""
 
     inlines = [UserContactInline]
-    
-    list_display = ("email", "first_name", "last_name", "is_staff", "is_superuser", "status")
-    
+
+    list_display = (
+        "email",
+        "first_name",
+        "last_name",
+        "is_staff",
+        "is_superuser",
+        "status",
+    )
+
     fieldsets = (
-        (None, {'fields': ('username', 'password', 'status')}), # Add the 'status' field here
-        ('Personal Info', {'fields': ('first_name', 'last_name', 'email')}),
-        ('Permissions', {'fields': ('is_active', 'is_staff', 'is_superuser', 'groups', 'user_permissions')}),
-        ('Important dates', {'fields': ('last_login', 'date_joined')}),
+        (
+            None,
+            {"fields": ("username", "password", "status")},
+        ),  # Add the 'status' field here
+        ("Personal Info", {"fields": ("first_name", "last_name", "email")}),
+        (
+            "Permissions",
+            {
+                "fields": (
+                    "is_active",
+                    "is_staff",
+                    "is_superuser",
+                    "groups",
+                    "user_permissions",
+                )
+            },
+        ),
+        ("Important dates", {"fields": ("last_login", "date_joined")}),
     )
 
     def get_list_display(self, request):
@@ -213,10 +203,10 @@ class ContactAdmin(ListHeaderAdmin):
 class DomainApplicationAdmin(ListHeaderAdmin):
 
     """Customize the applications listing view."""
-    
+
     # Set multi-selects 'read-only' (hide selects and show data)
     # based on user perms and application creator's status
-    #form = DomainApplicationForm
+    # form = DomainApplicationForm
 
     # Columns
     list_display = [
@@ -314,62 +304,85 @@ class DomainApplicationAdmin(ListHeaderAdmin):
                 # Get the original application from the database
                 original_obj = models.DomainApplication.objects.get(pk=obj.pk)
 
+                # if obj.status != original_obj.status:
+                #     if obj.status == models.DomainApplication.STARTED:
+                #         # No conditions
+                #         pass
+                #     elif obj.status == models.DomainApplication.SUBMITTED:
+                #         # This is an fsm in model which will throw an error if the
+                #         # transition condition is violated, so we roll back the
+                #         # status to what it was before the admin user changed it and
+                #         # let the fsm method set it. Same comment applies to
+                #         # transition method calls below.
+                #         obj.status = original_obj.status
+                #         obj.submit()
+                #     elif obj.status == models.DomainApplication.IN_REVIEW:
+                #         obj.status = original_obj.status
+                #         obj.in_review()
+                #     elif obj.status == models.DomainApplication.ACTION_NEEDED:
+                #         obj.status = original_obj.status
+                #         obj.action_needed()
+                #     elif obj.status == models.DomainApplication.APPROVED:
+                #         obj.status = original_obj.status
+                #         obj.approve()
+                #     elif obj.status == models.DomainApplication.WITHDRAWN:
+                #         obj.status = original_obj.status
+                #         obj.withdraw()
+                #     elif obj.status == models.DomainApplication.REJECTED:
+                #         obj.status = original_obj.status
+                #         obj.reject()
+                #     elif obj.status == models.DomainApplication.INELIGIBLE:
+                #         obj.status = original_obj.status
+                #         obj.reject_with_prejudice()
+                #     else:
+                #         logger.warning("Unknown status selected in django admin")
+
                 if obj.status != original_obj.status:
-                    if obj.status == models.DomainApplication.STARTED:
-                        # No conditions
-                        pass
-                    elif obj.status == models.DomainApplication.SUBMITTED:
-                        # This is an fsm in model which will throw an error if the
-                        # transition condition is violated, so we roll back the
-                        # status to what it was before the admin user changed it and
-                        # let the fsm method set it. Same comment applies to
-                        # transition method calls below.
-                        obj.status = original_obj.status
-                        obj.submit()
-                    elif obj.status == models.DomainApplication.IN_REVIEW:
-                        obj.status = original_obj.status
-                        obj.in_review()
-                    elif obj.status == models.DomainApplication.ACTION_NEEDED:
-                        obj.status = original_obj.status
-                        obj.action_needed()
-                    elif obj.status == models.DomainApplication.APPROVED:
-                        obj.status = original_obj.status
-                        obj.approve()
-                    elif obj.status == models.DomainApplication.WITHDRAWN:
-                        obj.status = original_obj.status
-                        obj.withdraw()
-                    elif obj.status == models.DomainApplication.REJECTED:
-                        obj.status = original_obj.status
-                        obj.reject()
-                    elif obj.status == models.DomainApplication.INELIGIBLE:
-                        obj.status = original_obj.status
-                        obj.reject_with_prejudice()
-                    else:
+                    status_method_mapping = {
+                        models.DomainApplication.STARTED: None,
+                        models.DomainApplication.SUBMITTED: obj.submit,
+                        models.DomainApplication.IN_REVIEW: obj.in_review,
+                        models.DomainApplication.ACTION_NEEDED: obj.action_needed,
+                        models.DomainApplication.APPROVED: obj.approve,
+                        models.DomainApplication.WITHDRAWN: obj.withdraw,
+                        models.DomainApplication.REJECTED: obj.reject,
+                        models.DomainApplication.INELIGIBLE: obj.reject_with_prejudice,
+                    }
+                    selected_method = status_method_mapping.get(obj.status)
+                    if selected_method is None:
                         logger.warning("Unknown status selected in django admin")
+                    else:
+                        obj.status = original_obj.status
+                        selected_method()
 
             super().save_model(request, obj, form, change)
-        else:    
-            messages.error(request, "This action is not permitted for applications with an ineligible creator.")
+        else:
+            messages.error(
+                request,
+                "This action is not permitted for applications "
+                + "with an ineligible creator.",
+            )
 
     def get_readonly_fields(self, request, obj=None):
-        
-        """Set the read-only state on form elements. 
+        """Set the read-only state on form elements.
         We have 2 conditions that determine which fields are read-only:
         admin user permissions and the application creator's status, so
         we'll use the baseline readonly_fields and extend it as needed.
         """
-        
+
         readonly_fields = list(self.readonly_fields)
-        
+
         # Check if the creator is ineligible
         if obj and obj.creator.status == "ineligible":
-            # For fields like CharField, IntegerField, etc., the widget used is straightforward,
-            # and the readonly_fields list can control their behavior
+            # For fields like CharField, IntegerField, etc., the widget used is
+            # straightforward and the readonly_fields list can control their behavior
             readonly_fields.extend([field.name for field in self.model._meta.fields])
             # Add the multi-select fields to readonly_fields:
             # Complex fields like ManyToManyField require special handling
-            readonly_fields.extend(["current_websites", "other_contacts", "alternative_domains"])
-        
+            readonly_fields.extend(
+                ["current_websites", "other_contacts", "alternative_domains"]
+            )
+
         if request.user.is_superuser:
             return readonly_fields
         else:
diff --git a/src/registrar/models/domain_application.py b/src/registrar/models/domain_application.py
index e020676af..7d017ab38 100644
--- a/src/registrar/models/domain_application.py
+++ b/src/registrar/models/domain_application.py
@@ -35,7 +35,7 @@ class DomainApplication(TimeStampedModel):
         (APPROVED, APPROVED),
         (WITHDRAWN, WITHDRAWN),
         (REJECTED, REJECTED),
-        (INELIGIBLE, INELIGIBLE)
+        (INELIGIBLE, INELIGIBLE),
     ]
 
     class StateTerritoryChoices(models.TextChoices):
@@ -556,7 +556,9 @@ class DomainApplication(TimeStampedModel):
         )
 
     @transition(
-        field="status", source=[SUBMITTED, IN_REVIEW, REJECTED, INELIGIBLE], target=APPROVED
+        field="status",
+        source=[SUBMITTED, IN_REVIEW, REJECTED, INELIGIBLE],
+        target=APPROVED,
     )
     def approve(self):
         """Approve an application that has been submitted.
@@ -604,7 +606,7 @@ class DomainApplication(TimeStampedModel):
             "emails/status_change_rejected.txt",
             "emails/status_change_rejected_subject.txt",
         )
-        
+
     @transition(field="status", source=[IN_REVIEW, APPROVED], target=INELIGIBLE)
     def reject_with_prejudice(self):
         """The applicant is a bad actor, reject with prejudice.
@@ -613,11 +615,9 @@ class DomainApplication(TimeStampedModel):
         any existing domains/applications and from submitting new aplications.
         We do this by setting an ineligible status on the user, which the
         permissions classes test against"""
-        
+
         self.creator.block_user()
 
-
-
     # ## Form policies ###
     #
     # These methods control what questions need to be answered by applicants
diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py
index b6402a2bf..9b3ba9162 100644
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@@ -16,19 +16,17 @@ class User(AbstractUser):
     A custom user model that performs identically to the default user model
     but can be customized later.
     """
-    
+
     # #### Constants for choice fields ####
-    INELIGIBLE = 'ineligible'
-    STATUS_CHOICES = (
-        (INELIGIBLE, INELIGIBLE),
-    )
-    
+    INELIGIBLE = "ineligible"
+    STATUS_CHOICES = ((INELIGIBLE, INELIGIBLE),)
+
     status = models.CharField(
         max_length=10,
         choices=STATUS_CHOICES,
         default=None,  # Set the default value to None
-        null=True,     # Allow the field to be null
-        blank=True,    # Allow the field to be blank
+        null=True,  # Allow the field to be null
+        blank=True,  # Allow the field to be blank
     )
 
     domains = models.ManyToManyField(
@@ -52,15 +50,15 @@ class User(AbstractUser):
             return self.email
         else:
             return self.username
-        
+
     def block_user(self):
         self.status = "ineligible"
         self.save()
-        
+
     def unblock_user(self):
         self.status = None
         self.save()
-        
+
     def is_blocked(self):
         if self.status == "ineligible":
             return True
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 6b6be1bd5..7da38cb8a 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -15,7 +15,9 @@ class TestDomainApplicationAdmin(TestCase):
     def setUp(self):
         self.site = AdminSite()
         self.factory = RequestFactory()
-        self.admin = DomainApplicationAdmin(model=DomainApplication, admin_site=self.site)
+        self.admin = DomainApplicationAdmin(
+            model=DomainApplication, admin_site=self.site
+        )
         self.superuser = create_superuser()
         self.staffuser = create_user()
 
@@ -260,7 +262,7 @@ class TestDomainApplicationAdmin(TestCase):
 
         # Perform assertions on the mock call itself
         mock_client_instance.send_email.assert_called_once()
-        
+
     def test_save_model_sets_ineligible_status_on_user(self):
         # make sure there is no user with this email
         EMAIL = "mayor@igorville.gov"
@@ -281,60 +283,110 @@ class TestDomainApplicationAdmin(TestCase):
         self.admin.save_model(request, application, form=None, change=True)
 
         # Test that approved domain exists and equals requested domain
-        self.assertEqual(
-            application.creator.status, "ineligible"
-        )
-        
+        self.assertEqual(application.creator.status, "ineligible")
+
     def test_readonly_when_ineligible_creator(self):
         application = completed_application(status=DomainApplication.IN_REVIEW)
-        application.creator.status = 'ineligible'
+        application.creator.status = "ineligible"
         application.creator.save()
-        
-        request = self.factory.get('/')
+
+        request = self.factory.get("/")
         request.user = self.superuser
-        
+
         readonly_fields = self.admin.get_readonly_fields(request, application)
-                
-        expected_fields = ['id', 'created_at', 'updated_at', 'status', 'creator', 'investigator', 'organization_type', 'federally_recognized_tribe', 'state_recognized_tribe', 'tribe_name', 'federal_agency', 'federal_type', 'is_election_board', 'organization_name', 'address_line1', 'address_line2', 'city', 'state_territory', 'zipcode', 'urbanization', 'type_of_work', 'more_organization_information', 'authorizing_official', 'approved_domain', 'requested_domain', 'submitter', 'purpose', 'no_other_contacts_rationale', 'anything_else', 'is_policy_acknowledged', 'current_websites', 'other_contacts', 'alternative_domains']
-        
+
+        expected_fields = [
+            "id",
+            "created_at",
+            "updated_at",
+            "status",
+            "creator",
+            "investigator",
+            "organization_type",
+            "federally_recognized_tribe",
+            "state_recognized_tribe",
+            "tribe_name",
+            "federal_agency",
+            "federal_type",
+            "is_election_board",
+            "organization_name",
+            "address_line1",
+            "address_line2",
+            "city",
+            "state_territory",
+            "zipcode",
+            "urbanization",
+            "type_of_work",
+            "more_organization_information",
+            "authorizing_official",
+            "approved_domain",
+            "requested_domain",
+            "submitter",
+            "purpose",
+            "no_other_contacts_rationale",
+            "anything_else",
+            "is_policy_acknowledged",
+            "current_websites",
+            "other_contacts",
+            "alternative_domains",
+        ]
+
         self.assertEqual(readonly_fields, expected_fields)
-        
+
     def test_readonly_fields_for_analyst(self):
-        request = self.factory.get('/')  # Use the correct method and path
+        request = self.factory.get("/")  # Use the correct method and path
         request.user = self.staffuser
-        
+
         readonly_fields = self.admin.get_readonly_fields(request)
-                
-        expected_fields = ['creator', 'type_of_work', 'more_organization_information', 'address_line1', 'address_line2', 'zipcode', 'requested_domain', 'alternative_domains', 'purpose', 'submitter', 'no_other_contacts_rationale', 'anything_else', 'is_policy_acknowledged']
-    
+
+        expected_fields = [
+            "creator",
+            "type_of_work",
+            "more_organization_information",
+            "address_line1",
+            "address_line2",
+            "zipcode",
+            "requested_domain",
+            "alternative_domains",
+            "purpose",
+            "submitter",
+            "no_other_contacts_rationale",
+            "anything_else",
+            "is_policy_acknowledged",
+        ]
+
         self.assertEqual(readonly_fields, expected_fields)
-        
+
     def test_readonly_fields_for_superuser(self):
-        request = self.factory.get('/')  # Use the correct method and path
+        request = self.factory.get("/")  # Use the correct method and path
         request.user = self.superuser
-        
+
         readonly_fields = self.admin.get_readonly_fields(request)
-                
+
         expected_fields = []
-    
+
         self.assertEqual(readonly_fields, expected_fields)
-        
+
     def test_saving_when_ineligible_creator(self):
         # Create an instance of the model
         application = completed_application(status=DomainApplication.IN_REVIEW)
-        application.creator.status = 'ineligible'
+        application.creator.status = "ineligible"
         application.creator.save()
-        
+
         # Create a request object with a superuser
-        request = self.factory.get('/')
+        request = self.factory.get("/")
         request.user = self.superuser
-        
-        with patch('django.contrib.messages.error') as mock_error:
+
+        with patch("django.contrib.messages.error") as mock_error:
             # Simulate saving the model
             self.admin.save_model(request, application, None, False)
-            
+
             # Assert that the error message was called with the correct argument
-            mock_error.assert_called_once_with(request, "This action is not permitted for applications with an ineligible creator.")
+            mock_error.assert_called_once_with(
+                request,
+                "This action is not permitted for applications with "
+                + "an ineligible creator.",
+            )
 
         # Assert that the status has not changed
         self.assertEqual(application.status, DomainApplication.IN_REVIEW)
@@ -418,7 +470,7 @@ class ListHeaderAdminTest(TestCase):
         DomainInformation.objects.all().delete()
         DomainApplication.objects.all().delete()
         User.objects.all().delete()
-        
+
 
 class MyUserAdminTest(TestCase):
     def setUp(self):
diff --git a/src/registrar/tests/test_models.py b/src/registrar/tests/test_models.py
index 8274908fa..ca1191061 100644
--- a/src/registrar/tests/test_models.py
+++ b/src/registrar/tests/test_models.py
@@ -170,7 +170,7 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.submit()
-            
+
     def test_transition_not_allowed_ineligible_submitted(self):
         """Create an application with status ineligible and call submit
         against transition rules"""
@@ -233,7 +233,7 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.in_review()
-            
+
     def test_transition_not_allowed_ineligible_in_review(self):
         """Create an application with status ineligible and call in_review
         against transition rules"""
@@ -287,7 +287,7 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.action_needed()
-            
+
     def test_transition_not_allowed_ineligible_action_needed(self):
         """Create an application with status ineligible and call action_needed
         against transition rules"""
@@ -377,7 +377,7 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.withdraw()
-            
+
     def test_transition_not_allowed_ineligible_withdrawn(self):
         """Create an application with status ineligible and call withdraw
         against transition rules"""
@@ -431,7 +431,7 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.reject()
-            
+
     def test_transition_not_allowed_ineligible_rejected(self):
         """Create an application with status ineligible and call reject
         against transition rules"""
@@ -440,7 +440,7 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.reject_with_prejudice()
-            
+
     def test_transition_not_allowed_started_ineligible(self):
         """Create an application with status started and call reject
         against transition rules"""
@@ -485,7 +485,7 @@ class TestDomainApplication(TestCase):
 
         with self.assertRaises(TransitionNotAllowed):
             application.reject_with_prejudice()
-            
+
     def test_transition_not_allowed_ineligible_ineligible(self):
         """Create an application with status ineligible and call reject
         against transition rules"""
diff --git a/src/registrar/tests/test_views.py b/src/registrar/tests/test_views.py
index eccf769ea..0d1239cf3 100644
--- a/src/registrar/tests/test_views.py
+++ b/src/registrar/tests/test_views.py
@@ -100,14 +100,14 @@ class LoggedInTests(TestWithUser):
             response,
             "What kind of U.S.-based government organization do you represent?",
         )
-        
+
     def test_domain_application_form_with_ineligible_user(self):
         """Application form not accessible for an ineligible user.
         This test should be solid enough since all application wizard
         views share the same permissions class"""
         self.user.status = "ineligible"
         self.user.save()
-        
+
         with less_console_noise():
             response = self.client.get("/register/", follow=True)
             print(response.status_code)
@@ -1434,7 +1434,7 @@ class TestDomainDetail(TestWithDomainPermissions, WebTest):
         self.assertContains(
             success_page, "The security email for this domain have been updated"
         )
-        
+
     def test_domain_overview_blocked_for_ineligible_user(self):
         """We could easily duplicate this test for all domain management
         views, but a single url test should be solid enough since all domain
@@ -1443,10 +1443,8 @@ class TestDomainDetail(TestWithDomainPermissions, WebTest):
         self.user.save()
         home_page = self.app.get("/")
         self.assertContains(home_page, "igorville.gov")
-        with less_console_noise():   
-            response = self.client.get(
-                reverse("domain", kwargs={"pk": self.domain.id})
-            )        
+        with less_console_noise():
+            response = self.client.get(reverse("domain", kwargs={"pk": self.domain.id}))
             self.assertEqual(response.status_code, 403)
 
 
@@ -1472,13 +1470,13 @@ class TestApplicationStatus(TestWithUser, WebTest):
         self.assertContains(detail_page, "testy@town.com")
         self.assertContains(detail_page, "Admin Tester")
         self.assertContains(detail_page, "Status:")
-        
+
     def test_application_status_with_ineligible_user(self):
         """Checking application status page whith a blocked user.
         The user should still have access to view."""
         self.user.status = "ineligible"
         self.user.save()
-        
+
         application = completed_application(
             status=DomainApplication.SUBMITTED, user=self.user
         )
diff --git a/src/registrar/views/application.py b/src/registrar/views/application.py
index fc9443847..23d7348e9 100644
--- a/src/registrar/views/application.py
+++ b/src/registrar/views/application.py
@@ -59,7 +59,7 @@ class ApplicationWizard(ApplicationWizardPermissionView, TemplateView):
     Any method not marked as internal can be overridden in a subclass,
     although not without consulting the base implementation, first.
     """
-    
+
     template_name = ""
 
     # uniquely namespace the wizard in urls.py
diff --git a/src/registrar/views/utility/__init__.py b/src/registrar/views/utility/__init__.py
index b782f59fd..71d3edb91 100644
--- a/src/registrar/views/utility/__init__.py
+++ b/src/registrar/views/utility/__init__.py
@@ -5,5 +5,5 @@ from .permission_views import (
     DomainPermissionView,
     DomainApplicationPermissionView,
     DomainInvitationPermissionDeleteView,
-    ApplicationWizardPermissionView
+    ApplicationWizardPermissionView,
 )
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 715514bd8..e85348d6c 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -69,7 +69,7 @@ class DomainApplicationPermission(PermissionsLoginMixin):
             return False
 
         return True
-    
+
 
 class ApplicationWizardPermission(PermissionsLoginMixin):
 
@@ -80,7 +80,7 @@ class ApplicationWizardPermission(PermissionsLoginMixin):
 
         The user is in self.request.user
         """
-        
+
         # The user has an ineligible flag
         if self.request.user.is_blocked():
             return False
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index d7b846377..0ef4ff4e5 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -10,7 +10,7 @@ from .mixins import (
     DomainPermission,
     DomainApplicationPermission,
     DomainInvitationPermission,
-    ApplicationWizardPermission
+    ApplicationWizardPermission,
 )
 
 
@@ -52,9 +52,11 @@ class DomainApplicationPermissionView(DomainApplicationPermission, DetailView, a
     @abc.abstractmethod
     def template_name(self):
         raise NotImplementedError
-    
-    
-class ApplicationWizardPermissionView(ApplicationWizardPermission, TemplateView, abc.ABC):
+
+
+class ApplicationWizardPermissionView(
+    ApplicationWizardPermission, TemplateView, abc.ABC
+):
 
     """Abstract base view for the application form that enforces permissions
 

From 639ffdbf0eb831ea33650a1f58d1274675061e96 Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Thu, 24 Aug 2023 19:59:15 -0400
Subject: [PATCH 041/110] Add action needed and rejected fixtures, add
 Katherine as analyst

---
 src/registrar/fixtures.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 0b1b8926d..3d90f2bc1 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -86,6 +86,12 @@ class UserFixture:
             "first_name": "Alysia-Analyst",
             "last_name": "Alysia-Analyst",
         },
+        {
+            "username": "91a9b97c-bd0a-458d-9823-babfde7ebf44",
+            "first_name": "katherine-Analyst",
+            "last_name": "Osos-Analyst",
+            "email": "kosos@truss.works",
+        },
         {
             "username": "2cc0cde8-8313-4a50-99d8-5882e71443e8",
             "first_name": "Zander-Analyst",
@@ -248,6 +254,14 @@ class DomainApplicationFixture:
             "status": "withdrawn",
             "organization_name": "Example - Withdrawn",
         },
+        {
+            "status": "action needed",
+            "organization_name": "Example - Action Needed",
+        },
+        {
+            "status": "rejected",
+            "organization_name": "Example - Rejected",
+        },
     ]
 
     @classmethod

From c46f27d53b2b9a802504e71410cb7bd42d8bc00b Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 07:42:34 -0600
Subject: [PATCH 042/110] Test cases

---
 src/registrar/templates/domain_base.html |  2 +-
 src/registrar/tests/common.py            |  7 ++
 src/registrar/tests/test_admin.py        | 95 ++++++++++++++++++++++++
 3 files changed, 103 insertions(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 0810a422e..6f79adeb5 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -25,7 +25,7 @@
       {% if is_analyst_or_superuser and analyst_action == 'edit' and analyst_action_location == domain.pk %}
       <div class="usa-alert usa-alert--warning">
         <div class="usa-alert__body">
-          <h4 class="usa-alert__heading larger-font-sizing ">Attention!</h4>
+          <h4 class="usa-alert__heading larger-font-sizing">Attention!</h4>
           <p class="usa-alert__text ">
             You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates
           </p>
diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index c4a2772b0..4e9375d29 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -518,3 +518,10 @@ def multiple_unalphabetical_domain_objects(
         application = mock.create_full_dummy_domain_object(domain_type, object_name)
         applications.append(application)
     return applications
+
+def generic_domain_object(domain_type, object_name):
+    """Returns a generic domain object of
+    domain_type 'application', 'information', or 'invitation'"""
+    mock = AuditedAdminMockData()
+    application = mock.create_full_dummy_domain_object(domain_type, object_name)
+    return application
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index a27dcb741..9d60e6ba3 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -1,7 +1,9 @@
 from django.test import TestCase, RequestFactory, Client
 from django.contrib.admin.sites import AdminSite
+from django.urls import reverse
 
 from registrar.admin import (
+    DomainAdmin,
     DomainApplicationAdmin,
     ListHeaderAdmin,
     MyUserAdmin,
@@ -13,14 +15,19 @@ from registrar.models import (
     User,
     DomainInvitation,
 )
+from registrar.models.domain import Domain
 from .common import (
+    AuditedAdminMockData,
     completed_application,
+    generic_domain_object,
     mock_user,
     create_superuser,
     create_user,
     multiple_unalphabetical_domain_objects,
 )
 
+from django.contrib.sessions.backends.db import SessionStore
+
 from django.contrib.auth import get_user_model
 
 from django.conf import settings
@@ -636,3 +643,91 @@ class AuditedAdminTest(TestCase):
         DomainInformation.objects.all().delete()
         DomainApplication.objects.all().delete()
         DomainInvitation.objects.all().delete()
+
+
+class DomainSessionVariableTest(TestCase):
+    """Test cases for session variables in Django Admin"""
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.admin = DomainAdmin(Domain, None)
+        self.client = Client(HTTP_HOST="localhost:8080")
+        self.superuser = create_superuser()
+
+    def test_session_variables_set_correctly(self):
+        """Checks if session variables are being set correctly"""
+
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        dummy_domain_information: DomainInformation = generic_domain_object("information", "session")
+        request = self.factory.post(
+            reverse('admin:registrar_domain_change', args=(dummy_domain_information.domain.pk,)),
+            {'_edit_domain': 'true'},
+            follow=True
+        )
+
+        self.populate_session_values(request, dummy_domain_information.domain)
+
+        self.assertEqual(request.session['analyst_action'], 'edit')
+        self.assertEqual(request.session['analyst_action_location'], dummy_domain_information.domain.pk)
+
+    def test_session_variables_retain_information(self):
+        """ Checks to see if session variables retain old information """
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        # We need to create multiple of these to ensure data is consistent across all of them
+        dummy_domain_information_list: [DomainInformation] = multiple_unalphabetical_domain_objects("invitation")
+        for item in dummy_domain_information_list:
+            request = self.factory.post(
+                reverse('admin:registrar_domain_change', args=(item.pk,)),
+                {'_edit_domain': 'true'},
+                follow=True
+            )
+
+            self.populate_session_values(request, item)
+
+            self.assertEqual(request.session['analyst_action'], 'edit')
+            self.assertEqual(request.session['analyst_action_location'], item.pk)
+
+    def test_session_variables_concurrent_requests(self):
+        """ Simulates two requests at once """
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        info_first: DomainInformation = generic_domain_object("information", "session")
+        info_second: DomainInformation = generic_domain_object("information", "session2")
+
+        request_first = self.factory.post(
+            reverse('admin:registrar_domain_change', args=(info_first.domain.pk,)),
+            {'_edit_domain': 'true'},
+            follow=True
+        )
+        request_second = self.factory.post(
+            reverse('admin:registrar_domain_change', args=(info_second.domain.pk,)),
+            {'_edit_domain': 'true'},
+            follow=True
+        )
+
+        self.populate_session_values(request_first, info_first.domain)
+        self.populate_session_values(request_second, info_second.domain)
+
+        # Check if anything got nulled out
+        self.assertNotEqual(request_first.session['analyst_action'], None)
+        self.assertNotEqual(request_second.session['analyst_action'], None)
+        self.assertNotEqual(request_first.session['analyst_action_location'], None)
+        self.assertNotEqual(request_second.session['analyst_action_location'], None)
+
+        # Check if they are both the same action 'type'
+        self.assertEqual(request_first.session['analyst_action'], 'edit')
+        self.assertEqual(request_second.session['analyst_action'], 'edit')
+
+        # Check their locations, and ensure they aren't the same across both
+        self.assertNotEqual(request_first.session['analyst_action_location'], request_second.session['analyst_action_location'])
+
+    def populate_session_values(self, request, domain_object):
+        """Boilerplate for creating mock sessions"""
+        request.user = self.client
+        request.session = SessionStore()
+        request.session.create()
+        self.admin.response_change(request, domain_object)
\ No newline at end of file

From 026222327cccfd9b348b8aad0cb1d011a4124f5b Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 07:53:28 -0600
Subject: [PATCH 043/110] Fixing some commit weirdness

---
 src/registrar/templates/domain_detail.html  | 2 ++
 src/registrar/templates/domain_sidebar.html | 6 +++++-
 src/registrar/views/domain.py               | 4 ++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 4bae384f5..7fbca7c02 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -4,6 +4,7 @@
 {% block domain_content %}
   {{ block.super }}
   <div class="margin-top-4 tablet:grid-col-10">
+    
     {% url 'domain-nameservers' pk=domain.id as url %}
     {% if domain.nameservers %}
       {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
@@ -18,6 +19,7 @@
 
     {% url 'domain-authorizing-official' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
+
     {% url 'domain-your-contact-information' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
 
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index 2260a586d..ac3461b5e 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -11,6 +11,7 @@
           Domain overview
         </a>
       </li>
+
       <li class="usa-sidenav__item">
         {% url 'domain-nameservers' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -19,6 +20,7 @@
             DNS name servers
         </a>
       </li>
+
       <li class="usa-sidenav__item">
         {% url 'domain-org-name-address' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -27,6 +29,7 @@
             Organization name and mailing address
         </a>
       </li>
+
       <li class="usa-sidenav__item">
         {% url 'domain-authorizing-official' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -35,12 +38,13 @@
             Authorizing official
         </a>
       </li>
+
       <li class="usa-sidenav__item">
         {% url 'domain-your-contact-information' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
-        Your contact information
+            Your contact information
         </a>
       </li>
 
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 6f649661b..471bd4092 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -80,6 +80,10 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
             self.request, "The organization name and mailing address has been updated."
         )
 
+        # Q: Is there a more efficent way to do this?
+        # I don't like repeating code across these functions,
+        # But I can't figure out a way to do this without installing
+        # middleware...
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
             self.log_analyst_form_actions(

From d0ccd18732468a0d294ec30f0d458973b3f003ed Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 07:55:34 -0600
Subject: [PATCH 044/110] Update domain_detail.html

---
 src/registrar/templates/domain_detail.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 7fbca7c02..97c1971ca 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -4,14 +4,14 @@
 {% block domain_content %}
   {{ block.super }}
   <div class="margin-top-4 tablet:grid-col-10">
-    
+
     {% url 'domain-nameservers' pk=domain.id as url %}
     {% if domain.nameservers %}
       {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
     {% else %}
       <h2 class="margin-top-neg-1"> DNS name servers </h2>
       <p> No DNS name servers have been added yet. Before your domain can be used we’ll need information about your domain name servers.</p>
-      <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a>
+      <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a> 
     {% endif %}
 
     {% url 'domain-org-name-address' pk=domain.id as url %}

From 4075d827559802d938824c43b250413ddac328a1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 07:56:05 -0600
Subject: [PATCH 045/110] Fixing whitespace difference after merge

---
 src/registrar/templates/domain_detail.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 97c1971ca..dd176c862 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -6,7 +6,7 @@
   <div class="margin-top-4 tablet:grid-col-10">
 
     {% url 'domain-nameservers' pk=domain.id as url %}
-    {% if domain.nameservers %}
+    {% if domain.nameservers %} 
       {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
     {% else %}
       <h2 class="margin-top-neg-1"> DNS name servers </h2>

From 0378f1570e821ff1ea43f36d4f8a50b8c59a861e Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 08:34:13 -0600
Subject: [PATCH 046/110] Code cleanup

Had some older code lying around
---
 src/registrar/admin.py                | 17 +++---------
 src/registrar/tests/test_admin.py     | 38 +++++++++++----------------
 src/registrar/views/utility/mixins.py | 20 ++++----------
 3 files changed, 24 insertions(+), 51 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 5d6b8c9b8..80f39dad6 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -171,24 +171,14 @@ class DomainAdmin(ListHeaderAdmin):
             return HttpResponseRedirect(reverse("domain", args=(obj.id,)))
         return super().response_change(request, obj)
 
-    # Sets domain_id as a context var
-    def change_view(self, request, object_id, form_url="", extra_context=None):
+    def change_view(self, request, object_id):
+        # If the analyst was recently editing
         if "analyst_action" in request.session:
-            # If an analyst performed an edit action,
             # delete the session variable
             del request.session["analyst_action"]
             # delete the associated location
             del request.session["analyst_action_location"]
-
-        extra_context = extra_context or {}
-        extra_context["domain_id"] = object_id
-
-        return super().change_view(
-            request,
-            object_id,
-            form_url,
-            extra_context=extra_context,
-        )
+        return super().change_view(request, object_id)
 
     def has_change_permission(self, request, obj=None):
         # Fixes a bug wherein users which are only is_staff
@@ -196,7 +186,6 @@ class DomainAdmin(ListHeaderAdmin):
         # but cannot access this page when it is a request of type POST.
         if request.user.is_staff:
             return True
-
         return super().has_change_permission(request, obj)
 
 
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 9d60e6ba3..35e64582d 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -14,10 +14,9 @@ from registrar.models import (
     DomainInformation,
     User,
     DomainInvitation,
+    Domain
 )
-from registrar.models.domain import Domain
 from .common import (
-    AuditedAdminMockData,
     completed_application,
     generic_domain_object,
     mock_user,
@@ -25,11 +24,8 @@ from .common import (
     create_user,
     multiple_unalphabetical_domain_objects,
 )
-
 from django.contrib.sessions.backends.db import SessionStore
-
 from django.contrib.auth import get_user_model
-
 from django.conf import settings
 from unittest.mock import MagicMock
 import boto3_mocking  # type: ignore
@@ -651,7 +647,6 @@ class DomainSessionVariableTest(TestCase):
         self.factory = RequestFactory()
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
-        self.superuser = create_superuser()
 
     def test_session_variables_set_correctly(self):
         """Checks if session variables are being set correctly"""
@@ -660,12 +655,7 @@ class DomainSessionVariableTest(TestCase):
         self.client.login(username="superuser", password=p)
 
         dummy_domain_information: DomainInformation = generic_domain_object("information", "session")
-        request = self.factory.post(
-            reverse('admin:registrar_domain_change', args=(dummy_domain_information.domain.pk,)),
-            {'_edit_domain': 'true'},
-            follow=True
-        )
-
+        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
         self.populate_session_values(request, dummy_domain_information.domain)
 
         self.assertEqual(request.session['analyst_action'], 'edit')
@@ -676,19 +666,13 @@ class DomainSessionVariableTest(TestCase):
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        # We need to create multiple of these to ensure data is consistent across all of them
-        dummy_domain_information_list: [DomainInformation] = multiple_unalphabetical_domain_objects("invitation")
+        dummy_domain_information_list: [DomainInformation] = multiple_unalphabetical_domain_objects("information")
         for item in dummy_domain_information_list:
-            request = self.factory.post(
-                reverse('admin:registrar_domain_change', args=(item.pk,)),
-                {'_edit_domain': 'true'},
-                follow=True
-            )
-
+            request = self.get_factory_post_edit_domain(item.domain.pk)
             self.populate_session_values(request, item)
 
             self.assertEqual(request.session['analyst_action'], 'edit')
-            self.assertEqual(request.session['analyst_action_location'], item.pk)
+            self.assertEqual(request.session['analyst_action_location'], item.domain.pk)
 
     def test_session_variables_concurrent_requests(self):
         """ Simulates two requests at once """
@@ -730,4 +714,14 @@ class DomainSessionVariableTest(TestCase):
         request.user = self.client
         request.session = SessionStore()
         request.session.create()
-        self.admin.response_change(request, domain_object)
\ No newline at end of file
+        self.admin.response_change(request, domain_object)
+
+    def get_factory_post_edit_domain(self, primary_key):
+        """Posts to registrar domain change
+        with the edit domain button 'clicked',
+        then returns the factory object"""
+        return self.factory.post(
+            reverse('admin:registrar_domain_change', args=(primary_key,)),
+            {'_edit_domain': 'true'},
+            follow=True
+        )
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 13ea70684..5d1101422 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -2,9 +2,7 @@
 
 from django.contrib.auth.mixins import PermissionRequiredMixin
 
-from registrar.models import DomainApplication, DomainInvitation
-
-from registrar.models import DomainInformation, UserDomainRole
+from registrar.models import DomainApplication, DomainInvitation, DomainInformation, UserDomainRole
 import logging
 
 logger = logging.getLogger(__name__)
@@ -34,27 +32,20 @@ class DomainPermission(PermissionsLoginMixin):
             return False
 
         pk = self.kwargs["pk"]
-
         # If pk is none then something went very wrong...
         if pk is None:
             raise ValueError("Primary key is None")
 
-        # Checks if the creator is the user requesting this item
-
-        user_is_creator: bool = UserDomainRole.objects.filter(
-            user=self.request.user, domain__id=pk
-        ).exists()
-
         # user needs to have a role on the domain
-        if user_is_creator:
+        if UserDomainRole.objects.filter(
+            user=self.request.user, domain__id=pk
+        ).exists():
             return True
 
         # ticket 806
         requested_domain: DomainInformation = None
-
         try:
             requested_domain = DomainInformation.objects.get(id=pk)
-
         except DomainInformation.DoesNotExist:
             # Q: While testing, I saw that, application-wide, if you go to a domain
             # that does not exist, for example,
@@ -62,7 +53,7 @@ class DomainPermission(PermissionsLoginMixin):
             # the page throws a 403 error, instead of a 404.
             # Do we want it to throw a 404 instead?
             # Basically, should this be Http404()?
-            logger.warning(f"Domain with PK {pk} does not exist")
+            logger.debug(f"Domain with PK {pk} does not exist")
             return False
 
         # Analysts may manage domains, when they are in these statuses:
@@ -79,7 +70,6 @@ class DomainPermission(PermissionsLoginMixin):
         )
 
         session = self.request.session
-
         # Check if the user is attempting a valid edit action.
         # If analyst_action is present, analyst_action_location will be present.
         # if it isn't, then it either suggests tampering

From 81e5f5f8bb81720e3d9ee19e03d3366dde6279c2 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 08:43:47 -0600
Subject: [PATCH 047/110] More code cleanup

---
 src/registrar/admin.py            |  6 ++----
 src/registrar/tests/test_admin.py | 22 ++++++++--------------
 src/registrar/views/domain.py     |  4 +---
 3 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 80f39dad6..d2df04d3a 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -167,16 +167,14 @@ class DomainAdmin(ListHeaderAdmin):
             request.session["analyst_action"] = "edit"
             # Restricts this action to this domain (pk) only
             request.session["analyst_action_location"] = obj.id
-
             return HttpResponseRedirect(reverse("domain", args=(obj.id,)))
         return super().response_change(request, obj)
 
     def change_view(self, request, object_id):
-        # If the analyst was recently editing
+        # If the analyst was recently editing a domain page,
+        # delete any associated session values
         if "analyst_action" in request.session:
-            # delete the session variable
             del request.session["analyst_action"]
-            # delete the associated location
             del request.session["analyst_action_location"]
         return super().change_view(request, object_id)
 
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 35e64582d..84b4535b6 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -654,7 +654,7 @@ class DomainSessionVariableTest(TestCase):
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        dummy_domain_information: DomainInformation = generic_domain_object("information", "session")
+        dummy_domain_information = generic_domain_object("information", "session")
         request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
         self.populate_session_values(request, dummy_domain_information.domain)
 
@@ -663,10 +663,11 @@ class DomainSessionVariableTest(TestCase):
 
     def test_session_variables_retain_information(self):
         """ Checks to see if session variables retain old information """
+
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        dummy_domain_information_list: [DomainInformation] = multiple_unalphabetical_domain_objects("information")
+        dummy_domain_information_list = multiple_unalphabetical_domain_objects("information")
         for item in dummy_domain_information_list:
             request = self.get_factory_post_edit_domain(item.domain.pk)
             self.populate_session_values(request, item)
@@ -676,22 +677,15 @@ class DomainSessionVariableTest(TestCase):
 
     def test_session_variables_concurrent_requests(self):
         """ Simulates two requests at once """
+
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        info_first: DomainInformation = generic_domain_object("information", "session")
-        info_second: DomainInformation = generic_domain_object("information", "session2")
+        info_first = generic_domain_object("information", "session")
+        info_second = generic_domain_object("information", "session2")
 
-        request_first = self.factory.post(
-            reverse('admin:registrar_domain_change', args=(info_first.domain.pk,)),
-            {'_edit_domain': 'true'},
-            follow=True
-        )
-        request_second = self.factory.post(
-            reverse('admin:registrar_domain_change', args=(info_second.domain.pk,)),
-            {'_edit_domain': 'true'},
-            follow=True
-        )
+        request_first = self.get_factory_post_edit_domain(info_first.domain.pk)
+        request_second = self.get_factory_post_edit_domain(info_second.domain.pk)
 
         self.populate_session_values(request_first, info_first.domain)
         self.populate_session_values(request_second, info_second.domain)
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 471bd4092..804948ae9 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -81,9 +81,7 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
         )
 
         # Q: Is there a more efficent way to do this?
-        # I don't like repeating code across these functions,
-        # But I can't figure out a way to do this without installing
-        # middleware...
+        # It would be ideal if we didn't have to repeat this.
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
             self.log_analyst_form_actions(

From c6c58ab04ba8929d8ef683a74edb0dd896fd53b6 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 25 Aug 2023 10:51:47 -0400
Subject: [PATCH 048/110] add analyst and admin roles for David Kennedy

---
 src/registrar/fixtures.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 0b1b8926d..f7168dbf3 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -72,6 +72,11 @@ class UserFixture:
             "first_name": "Rebecca",
             "last_name": "Hsieh",
         },
+        {
+            "username": "fa69c8e8-da83-4798-a4f2-263c9ce93f52",
+            "first_name": "David",
+            "last_name": "Kennedy",
+        },
     ]
 
     STAFF = [
@@ -101,6 +106,11 @@ class UserFixture:
             "first_name": "Rebecca-Analyst",
             "last_name": "Hsieh-Analyst",
         },
+        {
+            "username": "5dc6c9a6-61d9-42b4-ba54-4beff28bac3c",
+            "first_name": "David-Analyst",
+            "last_name": "Kennedy-Analyst",
+        },
     ]
 
     STAFF_PERMISSIONS = [

From 7fafecab0a2062fc7c620f986e10ae2693396ff2 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 09:34:01 -0600
Subject: [PATCH 049/110] Matched figma padding

---
 src/registrar/assets/js/get-gov.js            |  2 +-
 src/registrar/assets/sass/_theme/_admin.scss  | 24 +++++++++---------
 .../_theme/_uswds-theme-custom-styles.scss    | 25 +++++++++++++------
 src/registrar/templates/domain_base.html      |  2 +-
 src/registrar/templates/domain_sidebar.html   |  8 +++---
 src/registrar/views/utility/mixins.py         | 14 +++++++----
 .../views/utility/permission_views.py         | 11 ++++----
 7 files changed, 50 insertions(+), 36 deletions(-)

diff --git a/src/registrar/assets/js/get-gov.js b/src/registrar/assets/js/get-gov.js
index 0b67df825..57dc6d2e3 100644
--- a/src/registrar/assets/js/get-gov.js
+++ b/src/registrar/assets/js/get-gov.js
@@ -211,7 +211,7 @@ function handleValidationClick(e) {
  * An IIFE that will attach validators to inputs.
  *
  * It looks for elements with `validate="<type> <type>"` and adds change handlers.
- *
+ * 
  * These handlers know about two other attributes:
  *  - `validate-for="<id>"` creates a button which will run the validator(s) on <id>
  *  - `auto-validate` will run validator(s) when the user stops typing (otherwise,
diff --git a/src/registrar/assets/sass/_theme/_admin.scss b/src/registrar/assets/sass/_theme/_admin.scss
index 91d0d5e3c..b87257344 100644
--- a/src/registrar/assets/sass/_theme/_admin.scss
+++ b/src/registrar/assets/sass/_theme/_admin.scss
@@ -1,7 +1,7 @@
 @use "cisa_colors" as *;
 @use "uswds-core" as *;
 
-// We'll use Django's CSS vars: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/#theming-support
+// We'll use Django's CSS vars: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/#theming-support 
 // and assign USWDS theme vars whenever possible
 // If needed (see below), we'll use the USWDS hex value
 // As a last resort, we'll use CISA colors to supplement the palette
@@ -72,34 +72,34 @@ html[data-theme="light"] {
 @media (prefers-color-scheme: dark) {
     :root,
     html[data-theme="dark"] {
-      // Edit the primary to meet accessibility requ.
+      // Edit the primary to meet accessibility requ.  
       --primary: #23485a;
       --primary-fg: #f7f7f7;
-
+  
       --body-fg: #eeeeee;
       --body-bg: #121212;
       --body-quiet-color: #e0e0e0;
       --body-loud-color: #ffffff;
-
+  
       --breadcrumbs-link-fg: #e0e0e0;
       --breadcrumbs-bg: var(--primary);
-
+  
       --link-fg: #81d4fa;
       --link-hover-color: #4ac1f7;
       --link-selected-fg: #6f94c6;
-
+  
       --hairline-color: #272727;
       --border-color: #353535;
-
+  
       --error-fg: #e35f5f;
       --message-success-bg: #006b1b;
       --message-warning-bg: #583305;
       --message-error-bg: #570808;
-
+  
       --darkened-bg: #212121;
       --selected-bg: #1b1b1b;
       --selected-row: #00363a;
-
+  
       --close-button-bg: #333333;
       --close-button-hover-bg: #666666;
     }
@@ -108,7 +108,7 @@ html[data-theme="light"] {
     .change-list .usa-table,
     .change-list .usa-table--striped tbody tr:nth-child(odd) td,
     .change-list .usa-table--borderless thead th,
-    .change-list .usa-table thead td,
+    .change-list .usa-table thead td, 
     .change-list .usa-table thead th,
     body.dashboard,
     body.change-list,
@@ -122,7 +122,7 @@ html[data-theme="dark"] {
     .change-list .usa-table,
     .change-list .usa-table--striped tbody tr:nth-child(odd) td,
     .change-list .usa-table--borderless thead th,
-    .change-list .usa-table thead td,
+    .change-list .usa-table thead td, 
     .change-list .usa-table thead th,
     body.dashboard,
     body.change-list,
@@ -163,7 +163,7 @@ table > caption > a {
     height: auto!important;
 }
 
-// Keep th from collapsing
+// Keep th from collapsing 
 .min-width-25 {
     min-width: 25px;
 }
diff --git a/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss b/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
index 678084d00..4878235a9 100644
--- a/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
+++ b/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
@@ -26,7 +26,6 @@ $letter-space--xs: .0125em;
 @use "uswds-core" as *;
 
 /* Styles for making visible to screen reader / AT users only. */
-
 .sr-only {
    @include sr-only;
  }
@@ -62,9 +61,9 @@ body {
 }
 
 p,
-address,
-.usa-list li {
-  @include typeset('sans', 'sm', 5);
+address, 
+.usa-list li { 
+  @include typeset('sans', 'sm', 5); 
   max-width: measure(5);
 }
 
@@ -119,7 +118,7 @@ h2 {
     color: color('violet-70v'); //USWDS default
   }
 }
-.register-form-step .usa-form-group:first-of-type,
+.register-form-step .usa-form-group:first-of-type, 
 .register-form-step .usa-label:first-of-type {
   margin-top: units(1);
 }
@@ -181,7 +180,7 @@ a.withdraw:active {
       a.link_usa-checked {
         padding: 0;
       }
-    }
+    }    
   }
 }
 
@@ -243,7 +242,7 @@ a.withdraw:active {
 
 .usa-form .usa-button {
   margin-top: units(3);
-}
+} 
 
 .usa-button--unstyled .usa-icon {
   vertical-align: bottom;
@@ -396,7 +395,7 @@ a.usa-button--unstyled:visited {
 }
 
 .dotgov-status-box {
-  background-color: color('primary-lightest');
+  background-color: color('primary-lightest'); 
   border-color: color('accent-cool-lighter');
 }
 
@@ -441,3 +440,13 @@ abbr[title] {
     font-size: units(3);
   }
 }
+
+// The icon was off center for some reason
+// Fixes that issue
+@media (min-width: 64em){
+  .usa-alert--warning{
+    .usa-alert__body::before {
+      left: 1rem !important;
+    }
+  } 
+}
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 6f79adeb5..78c493a9c 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -23,7 +23,7 @@
       <main id="main-content" class="grid-container">
 
       {% if is_analyst_or_superuser and analyst_action == 'edit' and analyst_action_location == domain.pk %}
-      <div class="usa-alert usa-alert--warning">
+      <div class="usa-alert usa-alert--warning margin-bottom-2">
         <div class="usa-alert__body">
           <h4 class="usa-alert__heading larger-font-sizing">Attention!</h4>
           <p class="usa-alert__text ">
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index ac3461b5e..1e4cd1882 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -4,8 +4,8 @@
   <nav aria-label="Domain sections">
     <ul class="usa-sidenav">
       <li class="usa-sidenav__item">
-        {% url 'domain' pk=domain.id as url %}
-        <a href="{{ url }}"
+        {% url 'domain' pk=domain.id as url %} 
+        <a href="{{ url }}" 
           {% if request.path == url %}class="usa-current"{% endif %}
         >
           Domain overview
@@ -13,7 +13,7 @@
       </li>
 
       <li class="usa-sidenav__item">
-        {% url 'domain-nameservers' pk=domain.id as url %}
+        {% url 'domain-nameservers' pk=domain.id as url %} 
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
@@ -28,7 +28,7 @@
         >
             Organization name and mailing address
         </a>
-      </li>
+      </li>      
 
       <li class="usa-sidenav__item">
         {% url 'domain-authorizing-official' pk=domain.id as url %}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 5d1101422..51fb32d0f 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -2,7 +2,12 @@
 
 from django.contrib.auth.mixins import PermissionRequiredMixin
 
-from registrar.models import DomainApplication, DomainInvitation, DomainInformation, UserDomainRole
+from registrar.models import (
+    DomainApplication,
+    DomainInvitation,
+    DomainInformation,
+    UserDomainRole,
+)
 import logging
 
 logger = logging.getLogger(__name__)
@@ -71,11 +76,10 @@ class DomainPermission(PermissionsLoginMixin):
 
         session = self.request.session
         # Check if the user is attempting a valid edit action.
-        # If analyst_action is present, analyst_action_location will be present.
-        # if it isn't, then it either suggests tampering
-        # or a larger omnipresent issue with sessions.
         can_do_action = (
-            "analyst_action" in session and session["analyst_action_location"] == pk
+            "analyst_action" in session
+            and "analyst_action_location" in session
+            and session["analyst_action_location"] == pk
         )
 
         # If the valid session keys exist, if the user is permissioned,
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 89cc62299..f5a8365d4 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -34,14 +34,15 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         user = self.request.user
-
         context["is_analyst_or_superuser"] = user.is_staff or user.is_superuser
+        # Stored in a variable for the linter
+        action = "analyst_action"
+        action_location = "analyst_action_location"
         # Flag to see if an analyst is attempting to make edits
-        if "analyst_action" in self.request.session:
-            # Stored in a variable for the linter
-            action = "analyst_action"
+        if action in self.request.session:
             context[action] = self.request.session[action]
-            context[f"{action}_location"] = self.request.session[f"{action}_location"]
+        if action_location in self.request.session:
+            context[action_location] = self.request.session[action_location]
 
         return context
 

From 6c308332b06d9e403d3d5347d204b61f57fab62b Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Fri, 25 Aug 2023 12:13:41 -0400
Subject: [PATCH 050/110] Add more controls and messaging, unit tests

---
 src/registrar/admin.py            | 52 +++++++++++--------------------
 src/registrar/tests/test_admin.py | 21 +++++++++++++
 2 files changed, 40 insertions(+), 33 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index eeb9a9375..4063efb5f 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -304,39 +304,6 @@ class DomainApplicationAdmin(ListHeaderAdmin):
                 # Get the original application from the database
                 original_obj = models.DomainApplication.objects.get(pk=obj.pk)
 
-                # if obj.status != original_obj.status:
-                #     if obj.status == models.DomainApplication.STARTED:
-                #         # No conditions
-                #         pass
-                #     elif obj.status == models.DomainApplication.SUBMITTED:
-                #         # This is an fsm in model which will throw an error if the
-                #         # transition condition is violated, so we roll back the
-                #         # status to what it was before the admin user changed it and
-                #         # let the fsm method set it. Same comment applies to
-                #         # transition method calls below.
-                #         obj.status = original_obj.status
-                #         obj.submit()
-                #     elif obj.status == models.DomainApplication.IN_REVIEW:
-                #         obj.status = original_obj.status
-                #         obj.in_review()
-                #     elif obj.status == models.DomainApplication.ACTION_NEEDED:
-                #         obj.status = original_obj.status
-                #         obj.action_needed()
-                #     elif obj.status == models.DomainApplication.APPROVED:
-                #         obj.status = original_obj.status
-                #         obj.approve()
-                #     elif obj.status == models.DomainApplication.WITHDRAWN:
-                #         obj.status = original_obj.status
-                #         obj.withdraw()
-                #     elif obj.status == models.DomainApplication.REJECTED:
-                #         obj.status = original_obj.status
-                #         obj.reject()
-                #     elif obj.status == models.DomainApplication.INELIGIBLE:
-                #         obj.status = original_obj.status
-                #         obj.reject_with_prejudice()
-                #     else:
-                #         logger.warning("Unknown status selected in django admin")
-
                 if obj.status != original_obj.status:
                     status_method_mapping = {
                         models.DomainApplication.STARTED: None,
@@ -352,11 +319,18 @@ class DomainApplicationAdmin(ListHeaderAdmin):
                     if selected_method is None:
                         logger.warning("Unknown status selected in django admin")
                     else:
+                        # This is an fsm in model which will throw an error if the
+                        # transition condition is violated, so we roll back the
+                        # status to what it was before the admin user changed it and
+                        # let the fsm method set it.
                         obj.status = original_obj.status
                         selected_method()
 
             super().save_model(request, obj, form, change)
         else:
+            # Clear the success message
+            messages.set_level(request, messages.ERROR)
+
             messages.error(
                 request,
                 "This action is not permitted for applications "
@@ -389,6 +363,18 @@ class DomainApplicationAdmin(ListHeaderAdmin):
             readonly_fields.extend([field for field in self.analyst_readonly_fields])
             return readonly_fields
 
+    def display_ineligible_warning(self, request, obj):
+        if obj and obj.creator.status == "ineligible":
+            messages.warning(
+                request,
+                "Cannot edit an application when its creator has a status of ineligible.",
+            )
+
+    def change_view(self, request, object_id, form_url="", extra_context=None):
+        obj = self.get_object(request, object_id)
+        self.display_ineligible_warning(request, obj)
+        return super().change_view(request, object_id, form_url, extra_context)
+
 
 admin.site.register(models.User, MyUserAdmin)
 admin.site.register(models.UserDomainRole, AuditedAdmin)
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 7da38cb8a..79d0501be 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -391,6 +391,27 @@ class TestDomainApplicationAdmin(TestCase):
         # Assert that the status has not changed
         self.assertEqual(application.status, DomainApplication.IN_REVIEW)
 
+    def test_change_view_with_ineligible_creator(self):
+        # Create an instance of the model
+        application = completed_application(status=DomainApplication.IN_REVIEW)
+        application.creator.status = "ineligible"
+        application.creator.save()
+
+        with patch("django.contrib.messages.warning") as mock_warning:
+            # Create a request object with a superuser
+            request = self.factory.get(
+                "/admin/your_app/domainapplication/{}/change/".format(application.pk)
+            )
+            request.user = self.superuser
+
+            self.admin.display_ineligible_warning(request, application)
+
+            # Assert that the error message was called with the correct argument
+            mock_warning.assert_called_once_with(
+                request,
+                "Cannot edit an application when its creator has a status of ineligible.",
+            )
+
     def tearDown(self):
         DomainInformation.objects.all().delete()
         DomainApplication.objects.all().delete()

From 1b8de424b3038d3a13b3452b6e1e9cdcd333c2c5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 11:09:03 -0600
Subject: [PATCH 051/110] Mime type

---
 src/registrar/templates/django/admin/domain_change_form.html | 2 +-
 src/registrar/views/utility/mixins.py                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index e7363851a..22b1182e0 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -3,7 +3,7 @@
 
 {% block extrahead %}
 {{ block.super }}
-<script src="{% static 'js/get-gov-admin.js' %}" defer></script>
+<script type="text/javascript" src="{% static 'js/get-gov-admin.js' %}" defer></script>
 {% endblock %}
 
 {% block field_sets %}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 51fb32d0f..c815092bd 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -81,7 +81,7 @@ class DomainPermission(PermissionsLoginMixin):
             and "analyst_action_location" in session
             and session["analyst_action_location"] == pk
         )
-
+        
         # If the valid session keys exist, if the user is permissioned,
         # and if its in a valid status
         if (

From a676da486ac186f40ff8c8feeef84d09af18297b Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Fri, 25 Aug 2023 14:26:50 -0400
Subject: [PATCH 052/110] lint

---
 src/registrar/admin.py            | 3 ++-
 src/registrar/tests/test_admin.py | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 4063efb5f..2d42fec07 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -367,7 +367,8 @@ class DomainApplicationAdmin(ListHeaderAdmin):
         if obj and obj.creator.status == "ineligible":
             messages.warning(
                 request,
-                "Cannot edit an application when its creator has a status of ineligible.",
+                "Cannot edit an application when its creator "
+                + "has a status of ineligible.",
             )
 
     def change_view(self, request, object_id, form_url="", extra_context=None):
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 79d0501be..0ae1c660f 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -409,7 +409,8 @@ class TestDomainApplicationAdmin(TestCase):
             # Assert that the error message was called with the correct argument
             mock_warning.assert_called_once_with(
                 request,
-                "Cannot edit an application when its creator has a status of ineligible.",
+                "Cannot edit an application when its creator "
+                + "has a status of ineligible.",
             )
 
     def tearDown(self):

From 8066bceceda2b7a5f5727491aa609df16466ecd9 Mon Sep 17 00:00:00 2001
From: rachidatecs <rachid.mrad@ecstech.com>
Date: Fri, 25 Aug 2023 15:55:52 -0400
Subject: [PATCH 053/110] add test_approved_application_not_in_active_requests
 unit test and lint

---
 src/registrar/tests/test_views.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/registrar/tests/test_views.py b/src/registrar/tests/test_views.py
index feb553bf7..b4795de72 100644
--- a/src/registrar/tests/test_views.py
+++ b/src/registrar/tests/test_views.py
@@ -1500,3 +1500,18 @@ class TestApplicationStatus(TestWithUser, WebTest):
                         reverse(url_name, kwargs={"pk": application.pk})
                     )
                     self.assertEqual(page.status_code, 403)
+
+    def test_approved_application_not_in_active_requests(self):
+        """An approved application is not shown in the Active
+        Requests table on home.html."""
+        application = completed_application(
+            status=DomainApplication.APPROVED, user=self.user
+        )
+        application.save()
+
+        home_page = self.app.get("/")
+        # This works in our test environment because creating
+        # an approved application here does not generate a
+        # domain object, so we do not expect to see 'city.gov'
+        # in either the Domains or Requests tables.
+        self.assertNotContains(home_page, "city.gov")

From 045717cf85814ebe6712e82517d8bba0e6039501 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 14:01:30 -0600
Subject: [PATCH 054/110] Unauthorized bug fix

Some pages returned an unauthorized when it should not have, because there was no associated DomainInformation object with them
---
 .../django/admin/domain_change_form.html      |  2 +-
 src/registrar/views/utility/mixins.py         | 25 +++++++++----------
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 22b1182e0..09d724881 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -3,7 +3,7 @@
 
 {% block extrahead %}
 {{ block.super }}
-<script type="text/javascript" src="{% static 'js/get-gov-admin.js' %}" defer></script>
+<script type="application/javascript" src="{% static 'js/get-gov-admin.js' %}" defer></script>
 {% endblock %}
 
 {% block field_sets %}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index c815092bd..86d6c681e 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -48,18 +48,9 @@ class DomainPermission(PermissionsLoginMixin):
             return True
 
         # ticket 806
-        requested_domain: DomainInformation = None
-        try:
+        requested_domain = None
+        if(DomainInformation.objects.filter(id=pk).exists()):
             requested_domain = DomainInformation.objects.get(id=pk)
-        except DomainInformation.DoesNotExist:
-            # Q: While testing, I saw that, application-wide, if you go to a domain
-            # that does not exist, for example,
-            # https://getgov-staging.app.cloud.gov/domain/73333,
-            # the page throws a 403 error, instead of a 404.
-            # Do we want it to throw a 404 instead?
-            # Basically, should this be Http404()?
-            logger.debug(f"Domain with PK {pk} does not exist")
-            return False
 
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [
@@ -81,13 +72,21 @@ class DomainPermission(PermissionsLoginMixin):
             and "analyst_action_location" in session
             and session["analyst_action_location"] == pk
         )
-        
+
+        # Edge case - some domains do not have
+        # a status or DomainInformation... aka a status of 'None'
+        # This checks that it has a status, before checking if it does
+        # Otherwise, analysts can edit these domains
+        if (requested_domain is not None):
+            can_do_action = (
+                can_do_action 
+                and requested_domain.domain_application.status in valid_domain_statuses
+            )
         # If the valid session keys exist, if the user is permissioned,
         # and if its in a valid status
         if (
             can_do_action
             and user_is_analyst_or_superuser
-            and requested_domain.domain_application.status in valid_domain_statuses
         ):
             return True
 

From a92ad17856eb9ed6c6b4d5fc551a4223f9178e93 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 09:01:12 -0600
Subject: [PATCH 055/110] Better logging / test cases

---
 src/registrar/tests/common.py                 |   1 +
 src/registrar/tests/test_admin.py             | 112 ++++++++++++++----
 src/registrar/views/domain.py                 |   3 +-
 src/registrar/views/utility/mixins.py         |  11 +-
 .../views/utility/permission_views.py         |  36 ++++--
 5 files changed, 124 insertions(+), 39 deletions(-)

diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 4e9375d29..940183646 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -519,6 +519,7 @@ def multiple_unalphabetical_domain_objects(
         applications.append(application)
     return applications
 
+
 def generic_domain_object(domain_type, object_name):
     """Returns a generic domain object of
     domain_type 'application', 'information', or 'invitation'"""
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 84b4535b6..f4e7dae3a 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -14,7 +14,7 @@ from registrar.models import (
     DomainInformation,
     User,
     DomainInvitation,
-    Domain
+    Domain,
 )
 from .common import (
     completed_application,
@@ -643,12 +643,13 @@ class AuditedAdminTest(TestCase):
 
 class DomainSessionVariableTest(TestCase):
     """Test cases for session variables in Django Admin"""
+
     def setUp(self):
         self.factory = RequestFactory()
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
 
-    def test_session_variables_set_correctly(self):
+    def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 
         p = "adminpass"
@@ -657,26 +658,85 @@ class DomainSessionVariableTest(TestCase):
         dummy_domain_information = generic_domain_object("information", "session")
         request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
         self.populate_session_values(request, dummy_domain_information.domain)
+        self.assertEqual(request.session["analyst_action"], "edit")
+        self.assertEqual(
+            request.session["analyst_action_location"],
+            dummy_domain_information.domain.pk,
+        )
 
-        self.assertEqual(request.session['analyst_action'], 'edit')
-        self.assertEqual(request.session['analyst_action_location'], dummy_domain_information.domain.pk)
-
-    def test_session_variables_retain_information(self):
-        """ Checks to see if session variables retain old information """
+    def test_session_vars_set_correctly_hardcoded_domain(self):
+        """Checks if session variables are being set correctly"""
 
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        dummy_domain_information_list = multiple_unalphabetical_domain_objects("information")
+        dummy_domain_information: Domain = generic_domain_object(
+            "information", "session"
+        )
+        dummy_domain_information.domain.pk = 1
+        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
+        self.populate_session_values(request, dummy_domain_information.domain)
+        self.assertEqual(request.session["analyst_action"], "edit")
+        self.assertEqual(request.session["analyst_action_location"], 1)
+
+    def test_session_variables_reset_correctly(self):
+        """Checks if incorrect session variables get overridden"""
+
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        dummy_domain_information = generic_domain_object("information", "session")
+        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
+
+        self.populate_session_values(
+            request, dummy_domain_information.domain, preloadBadData=True
+        )
+
+        self.assertEqual(request.session["analyst_action"], "edit")
+        self.assertEqual(
+            request.session["analyst_action_location"],
+            dummy_domain_information.domain.pk,
+        )
+
+    def test_unauthorized_user(self):
+        """Checks for when a user has invalid perms"""
+
+        p = "userpass"
+        self.client.login(username="staffuser", password=p)
+
+        dummy_domain_information = generic_domain_object("information", "session")
+        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
+        self.populate_session_values(request, dummy_domain_information.domain)
+
+        self.assertEqual(request.session["analyst_action"], "edit")
+        self.assertEqual(
+            request.session["analyst_action_location"],
+            dummy_domain_information.domain.pk,
+        )
+
+    def test_session_variables_retain_information(self):
+        """Checks to see if session variables retain old information"""
+
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        dummy_domain_information_list = multiple_unalphabetical_domain_objects(
+            "information"
+        )
         for item in dummy_domain_information_list:
             request = self.get_factory_post_edit_domain(item.domain.pk)
+            logger.debug(
+                f"Before populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
+            )
             self.populate_session_values(request, item)
-
-            self.assertEqual(request.session['analyst_action'], 'edit')
-            self.assertEqual(request.session['analyst_action_location'], item.domain.pk)
+            logger.debug(
+                f"After populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
+            )
+            self.assertEqual(request.session["analyst_action"], "edit")
+            self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
 
     def test_session_variables_concurrent_requests(self):
-        """ Simulates two requests at once """
+        """Simulates two requests at once"""
 
         p = "adminpass"
         self.client.login(username="superuser", password=p)
@@ -691,23 +751,29 @@ class DomainSessionVariableTest(TestCase):
         self.populate_session_values(request_second, info_second.domain)
 
         # Check if anything got nulled out
-        self.assertNotEqual(request_first.session['analyst_action'], None)
-        self.assertNotEqual(request_second.session['analyst_action'], None)
-        self.assertNotEqual(request_first.session['analyst_action_location'], None)
-        self.assertNotEqual(request_second.session['analyst_action_location'], None)
+        self.assertNotEqual(request_first.session["analyst_action"], None)
+        self.assertNotEqual(request_second.session["analyst_action"], None)
+        self.assertNotEqual(request_first.session["analyst_action_location"], None)
+        self.assertNotEqual(request_second.session["analyst_action_location"], None)
 
         # Check if they are both the same action 'type'
-        self.assertEqual(request_first.session['analyst_action'], 'edit')
-        self.assertEqual(request_second.session['analyst_action'], 'edit')
+        self.assertEqual(request_first.session["analyst_action"], "edit")
+        self.assertEqual(request_second.session["analyst_action"], "edit")
 
         # Check their locations, and ensure they aren't the same across both
-        self.assertNotEqual(request_first.session['analyst_action_location'], request_second.session['analyst_action_location'])
+        self.assertNotEqual(
+            request_first.session["analyst_action_location"],
+            request_second.session["analyst_action_location"],
+        )
 
-    def populate_session_values(self, request, domain_object):
+    def populate_session_values(self, request, domain_object, preloadBadData=False):
         """Boilerplate for creating mock sessions"""
         request.user = self.client
         request.session = SessionStore()
         request.session.create()
+        if preloadBadData:
+            request.session["analyst_action"] = "invalid"
+            request.session["analyst_action_location"] = "bad location"
         self.admin.response_change(request, domain_object)
 
     def get_factory_post_edit_domain(self, primary_key):
@@ -715,7 +781,7 @@ class DomainSessionVariableTest(TestCase):
         with the edit domain button 'clicked',
         then returns the factory object"""
         return self.factory.post(
-            reverse('admin:registrar_domain_change', args=(primary_key,)),
-            {'_edit_domain': 'true'},
-            follow=True
+            reverse("admin:registrar_domain_change", args=(primary_key,)),
+            {"_edit_domain": "true"},
+            follow=True,
         )
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 804948ae9..559ea4517 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -83,9 +83,10 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
         # Q: Is there a more efficent way to do this?
         # It would be ideal if we didn't have to repeat this.
         if self.request.user.is_staff or self.request.user.is_superuser:
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             # if they are editing from an '/admin' redirect, log their actions
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes
             )
 
         # superclass has the redirect
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 86d6c681e..38d4233f9 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -49,7 +49,7 @@ class DomainPermission(PermissionsLoginMixin):
 
         # ticket 806
         requested_domain = None
-        if(DomainInformation.objects.filter(id=pk).exists()):
+        if DomainInformation.objects.filter(id=pk).exists():
             requested_domain = DomainInformation.objects.get(id=pk)
 
         # Analysts may manage domains, when they are in these statuses:
@@ -77,17 +77,14 @@ class DomainPermission(PermissionsLoginMixin):
         # a status or DomainInformation... aka a status of 'None'
         # This checks that it has a status, before checking if it does
         # Otherwise, analysts can edit these domains
-        if (requested_domain is not None):
+        if requested_domain is not None:
             can_do_action = (
-                can_do_action 
+                can_do_action
                 and requested_domain.domain_application.status in valid_domain_statuses
             )
         # If the valid session keys exist, if the user is permissioned,
         # and if its in a valid status
-        if (
-            can_do_action
-            and user_is_analyst_or_superuser
-        ):
+        if can_do_action and user_is_analyst_or_superuser:
             return True
 
         # ticket 796
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index f5a8365d4..0d88d8e06 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -46,10 +46,17 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
         return context
 
-    def log_analyst_form_actions(self, form_class_name, printable_object_info):
+    def log_analyst_form_actions(
+        self, form_class_name, printable_object_info, changes=None
+    ):
         """Generates a log for when key 'analyst_action' exists on the session.
-        Follows this format: f"{user_type} {self.request.user}
-        edited {form_class_name} in {printable_object_info}"
+        Follows this format:
+
+        for field, new_value in changes.items():
+                "{user_type} '{self.request.user}'
+                set field '{field}': '{new_value}'
+                under class '{form_class_name}'
+                in domain '{printable_object_info}'"
         """
         if "analyst_action" in self.request.session:
             action = self.request.session["analyst_action"]
@@ -67,11 +74,24 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
                     # Q: do we want to be logging on every changed field?
                     # I could see that becoming spammy log-wise,
                     # but it may also be important.
-
-                    # noqa here as breaking this up further leaves it hard to read
-                    logger.info(
-                        f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
-                    )
+                    if changes is not None:
+                        # Logs every change made to the domain field
+                        # noqa for readability/format
+                        for field, new_value in changes.items():
+                            logger.info(
+                                f"""
+                                An analyst or superuser made alterations to a domain: 
+                                {user_type} '{self.request.user}' 
+                                set field '{field}': '{new_value}' 
+                                under class '{form_class_name}' 
+                                in domain '{printable_object_info}'
+                                """  # noqa
+                            )
+                    else:
+                        # noqa here as breaking this up further leaves it hard to read
+                        logger.info(
+                            f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
+                        )
 
     # Abstract property enforces NotImplementedError on an attribute.
     @property

From 88f5eb96e96d2bcf317bd766ae804d5be7b79b52 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 09:08:48 -0600
Subject: [PATCH 056/110] Logger for sandbox

---
 src/registrar/tests/test_admin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index f4e7dae3a..cc3b422d6 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -725,11 +725,11 @@ class DomainSessionVariableTest(TestCase):
         )
         for item in dummy_domain_information_list:
             request = self.get_factory_post_edit_domain(item.domain.pk)
-            logger.debug(
+            logger.info(
                 f"Before populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
             )
             self.populate_session_values(request, item)
-            logger.debug(
+            logger.info(
                 f"After populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
             )
             self.assertEqual(request.session["analyst_action"], "edit")

From a3fd7bb44e8e5e53d6f95c7861416a60a9b0c8b0 Mon Sep 17 00:00:00 2001
From: rachidatecs <107004823+rachidatecs@users.noreply.github.com>
Date: Mon, 28 Aug 2023 11:42:13 -0400
Subject: [PATCH 057/110] Update src/registrar/fixtures.py

Co-authored-by: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
---
 src/registrar/fixtures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 3d90f2bc1..6fea2a377 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -88,7 +88,7 @@ class UserFixture:
         },
         {
             "username": "91a9b97c-bd0a-458d-9823-babfde7ebf44",
-            "first_name": "katherine-Analyst",
+            "first_name": "Katherine-Analyst",
             "last_name": "Osos-Analyst",
             "email": "kosos@truss.works",
         },

From 5384bb1fe706419a8096a913bf7a911e8a80068a Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 10:00:36 -0600
Subject: [PATCH 058/110] Snake case

---
 src/registrar/tests/test_admin.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index cc3b422d6..637d86718 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -689,7 +689,7 @@ class DomainSessionVariableTest(TestCase):
         request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
 
         self.populate_session_values(
-            request, dummy_domain_information.domain, preloadBadData=True
+            request, dummy_domain_information.domain, preload_bad_data=True
         )
 
         self.assertEqual(request.session["analyst_action"], "edit")
@@ -747,8 +747,8 @@ class DomainSessionVariableTest(TestCase):
         request_first = self.get_factory_post_edit_domain(info_first.domain.pk)
         request_second = self.get_factory_post_edit_domain(info_second.domain.pk)
 
-        self.populate_session_values(request_first, info_first.domain)
-        self.populate_session_values(request_second, info_second.domain)
+        self.populate_session_values(request_first, info_first.domain, True)
+        self.populate_session_values(request_second, info_second.domain, True)
 
         # Check if anything got nulled out
         self.assertNotEqual(request_first.session["analyst_action"], None)
@@ -766,12 +766,12 @@ class DomainSessionVariableTest(TestCase):
             request_second.session["analyst_action_location"],
         )
 
-    def populate_session_values(self, request, domain_object, preloadBadData=False):
+    def populate_session_values(self, request, domain_object, preload_bad_data=False):
         """Boilerplate for creating mock sessions"""
         request.user = self.client
         request.session = SessionStore()
         request.session.create()
-        if preloadBadData:
+        if preload_bad_data:
             request.session["analyst_action"] = "invalid"
             request.session["analyst_action_location"] = "bad location"
         self.admin.response_change(request, domain_object)

From b1f2b4a6633932e845cfb65295c83c680785f216 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 10:22:43 -0600
Subject: [PATCH 059/110] Sandbox unit test fix attempt

---
 src/registrar/tests/test_admin.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 637d86718..ea4eaeb62 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -649,6 +649,11 @@ class DomainSessionVariableTest(TestCase):
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
 
+        # Test data seems to linger in the sandbox for tests.
+        # We delete this here for these tests.
+        DomainInformation.objects.all().delete()
+        Domain.objects.all().delete()
+
     def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 

From 21beb7fc82378e170951906165b1ba22674666ef Mon Sep 17 00:00:00 2001
From: Gaby Disarli <gaby@truss.works>
Date: Mon, 28 Aug 2023 10:20:42 -0700
Subject: [PATCH 060/110] updates to domain dashboard

---
 src/registrar/templates/home.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/home.html b/src/registrar/templates/home.html
index 6163a1ce0..c56fd45e6 100644
--- a/src/registrar/templates/home.html
+++ b/src/registrar/templates/home.html
@@ -19,7 +19,7 @@
   </p>
 
   <section class="section--outlined tablet:grid-col-11 desktop:grid-col-10">
-    <h2>Registered domains</h2>
+    <h2>Domains</h2>
     {% if domains %}
     <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked">
       <caption class="sr-only">Your registered domains</caption>
@@ -67,7 +67,7 @@
   </section>
 
   <section class="section--outlined tablet:grid-col-11 desktop:grid-col-10">
-    <h2>Active domain requests</h2>
+    <h2>Domain requests</h2>
     {% if domain_applications %}
     <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked">
       <caption class="sr-only">Your domain applications</caption>

From a0ed174e7a457a55dbff3c3e49e1006da132e1e1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 12:29:11 -0600
Subject: [PATCH 061/110] Remove 'www.'

---
 src/registrar/templates/includes/input_with_errors.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/includes/input_with_errors.html b/src/registrar/templates/includes/input_with_errors.html
index b35ab1b7a..7540766af 100644
--- a/src/registrar/templates/includes/input_with_errors.html
+++ b/src/registrar/templates/includes/input_with_errors.html
@@ -57,9 +57,11 @@ error messages, if necessary.
 
   {% if www_gov %}
     <div class="display-flex flex-align-center">
-      <span class="padding-top-05 padding-right-2px">www.</span>
+      {# Commented out for ticket #720: https://github.com/cisagov/getgov/issues/720 #}
+      <!--
+        <span class="padding-top-05 padding-right-2px">www.</span>
+      -->
   {% endif %}
-
   {# this is the input field, itself #}
   {% include widget.template_name %}
 

From a7a07c81902bac8f6c182368d2015f94988149de Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 12:51:19 -0600
Subject: [PATCH 062/110] Split www_gov into two vars

---
 .../templates/application_dotgov_domain.html       |  4 ++--
 .../templates/includes/input_with_errors.html      | 14 ++++++++------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/registrar/templates/application_dotgov_domain.html b/src/registrar/templates/application_dotgov_domain.html
index b2ee6cab6..fd6ce9604 100644
--- a/src/registrar/templates/application_dotgov_domain.html
+++ b/src/registrar/templates/application_dotgov_domain.html
@@ -51,7 +51,7 @@
 
     {% with attr_aria_describedby="domain_instructions domain_instructions2" %}
       {# attr_validate / validate="domain" invokes code in get-gov.js #}
-      {% with www_gov=True attr_validate="domain" add_label_class="usa-sr-only" %}
+      {% with append_gov=True attr_validate="domain" add_label_class="usa-sr-only" %}
         {% input_with_errors forms.0.requested_domain %}
       {% endwith %}
     {% endwith %}
@@ -75,7 +75,7 @@
     {% with attr_aria_describedby="alt_domain_instructions" %}
       {# attr_validate / validate="domain" invokes code in get-gov.js #}
       {# attr_auto_validate likewise triggers behavior in get-gov.js #}
-      {% with www_gov=True attr_validate="domain" attr_auto_validate=True %}
+      {% with append_gov=True attr_validate="domain" attr_auto_validate=True %}
         {% for form in forms.1 %}
           {% input_with_errors form.alternative_domain %}
         {% endfor %}
diff --git a/src/registrar/templates/includes/input_with_errors.html b/src/registrar/templates/includes/input_with_errors.html
index 7540766af..2a4420327 100644
--- a/src/registrar/templates/includes/input_with_errors.html
+++ b/src/registrar/templates/includes/input_with_errors.html
@@ -55,18 +55,20 @@ error messages, if necessary.
     </div>
   {% endif %}
 
-  {% if www_gov %}
+  {% if prepend_www or append_gov %}
     <div class="display-flex flex-align-center">
-      {# Commented out for ticket #720: https://github.com/cisagov/getgov/issues/720 #}
-      <!--
-        <span class="padding-top-05 padding-right-2px">www.</span>
-      -->
+      {# ticket #720: https://github.com/cisagov/getgov/issues/720 #}
+      {% if prepend_www %}
+      <span class="padding-top-05 padding-right-2px">www.</span>
+      {% endif %}
   {% endif %}
   {# this is the input field, itself #}
   {% include widget.template_name %}
 
-  {% if www_gov %}
+  {% if prepend_www or append_gov %}
+      {% if append_gov %}
       <span class="padding-top-05 padding-left-2px">.gov </span>
+      {% endif %}
     </div>
   {% endif %}
 

From 36e00d4020e541d0be58e9c15b3d9430946a6eb2 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 13:57:59 -0600
Subject: [PATCH 063/110] Removed comment and prepend_www

---
 .../templates/includes/input_with_errors.html          | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/registrar/templates/includes/input_with_errors.html b/src/registrar/templates/includes/input_with_errors.html
index 2a4420327..2adc08984 100644
--- a/src/registrar/templates/includes/input_with_errors.html
+++ b/src/registrar/templates/includes/input_with_errors.html
@@ -55,20 +55,14 @@ error messages, if necessary.
     </div>
   {% endif %}
 
-  {% if prepend_www or append_gov %}
+  {% if append_gov %}
     <div class="display-flex flex-align-center">
-      {# ticket #720: https://github.com/cisagov/getgov/issues/720 #}
-      {% if prepend_www %}
-      <span class="padding-top-05 padding-right-2px">www.</span>
-      {% endif %}
   {% endif %}
   {# this is the input field, itself #}
   {% include widget.template_name %}
 
-  {% if prepend_www or append_gov %}
-      {% if append_gov %}
+  {% if append_gov %}
       <span class="padding-top-05 padding-left-2px">.gov </span>
-      {% endif %}
     </div>
   {% endif %}
 

From 7d404d54945b6d6c753ab93c97d4b458c2e147d2 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 14:43:40 -0600
Subject: [PATCH 064/110] Logging test

Temporarily removed assertEqual to log weird values
---
 src/registrar/tests/test_admin.py | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index ea4eaeb62..fadff2393 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -649,11 +649,6 @@ class DomainSessionVariableTest(TestCase):
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
 
-        # Test data seems to linger in the sandbox for tests.
-        # We delete this here for these tests.
-        DomainInformation.objects.all().delete()
-        Domain.objects.all().delete()
-
     def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 
@@ -737,8 +732,8 @@ class DomainSessionVariableTest(TestCase):
             logger.info(
                 f"After populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
             )
-            self.assertEqual(request.session["analyst_action"], "edit")
-            self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
+            #self.assertEqual(request.session["analyst_action"], "edit")
+            #self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
 
     def test_session_variables_concurrent_requests(self):
         """Simulates two requests at once"""

From 4ea8ea4c08bda01da3e758767341f76ad1785403 Mon Sep 17 00:00:00 2001
From: Cameron Dixon <cameron.dixon@cisa.dhs.gov>
Date: Mon, 28 Aug 2023 16:51:06 -0400
Subject: [PATCH 065/110] Update default mail-sending address

Short and sweet: help@get.gov
---
 src/registrar/config/settings.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index 8b53fa82a..f0468999e 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -251,8 +251,7 @@ AWS_MAX_ATTEMPTS = 3
 BOTO_CONFIG = Config(retries={"mode": AWS_RETRY_MODE, "max_attempts": AWS_MAX_ATTEMPTS})
 
 # email address to use for various automated correspondence
-# TODO: pick something sensible here
-DEFAULT_FROM_EMAIL = "registrar@get.gov"
+DEFAULT_FROM_EMAIL = "help@get.gov"
 
 # connect to an (external) SMTP server for sending email
 EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"

From 666e17e4ba09e876fcb0672f05dc4eb2df96fd1a Mon Sep 17 00:00:00 2001
From: Cameron Dixon <cameron.dixon@cisa.dhs.gov>
Date: Mon, 28 Aug 2023 17:22:10 -0400
Subject: [PATCH 066/110] wrap email in < >

Co-authored-by: rachidatecs <107004823+rachidatecs@users.noreply.github.com>
---
 src/registrar/config/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index f0468999e..e272e6622 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -251,7 +251,7 @@ AWS_MAX_ATTEMPTS = 3
 BOTO_CONFIG = Config(retries={"mode": AWS_RETRY_MODE, "max_attempts": AWS_MAX_ATTEMPTS})
 
 # email address to use for various automated correspondence
-DEFAULT_FROM_EMAIL = "help@get.gov"
+DEFAULT_FROM_EMAIL = "help@get.gov <help@get.gov>"
 
 # connect to an (external) SMTP server for sending email
 EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"

From 31d4bfb5a7f04a9858d8181eda086bc39fa83180 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 15:23:27 -0600
Subject: [PATCH 067/110] Test case fix / remove redundant

---
 src/registrar/tests/test_admin.py | 31 +++++--------------------------
 1 file changed, 5 insertions(+), 26 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index fadff2393..5cad9c646 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -648,7 +648,7 @@ class DomainSessionVariableTest(TestCase):
         self.factory = RequestFactory()
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
-
+        
     def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 
@@ -698,22 +698,6 @@ class DomainSessionVariableTest(TestCase):
             dummy_domain_information.domain.pk,
         )
 
-    def test_unauthorized_user(self):
-        """Checks for when a user has invalid perms"""
-
-        p = "userpass"
-        self.client.login(username="staffuser", password=p)
-
-        dummy_domain_information = generic_domain_object("information", "session")
-        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
-        self.populate_session_values(request, dummy_domain_information.domain)
-
-        self.assertEqual(request.session["analyst_action"], "edit")
-        self.assertEqual(
-            request.session["analyst_action_location"],
-            dummy_domain_information.domain.pk,
-        )
-
     def test_session_variables_retain_information(self):
         """Checks to see if session variables retain old information"""
 
@@ -725,15 +709,10 @@ class DomainSessionVariableTest(TestCase):
         )
         for item in dummy_domain_information_list:
             request = self.get_factory_post_edit_domain(item.domain.pk)
-            logger.info(
-                f"Before populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
-            )
-            self.populate_session_values(request, item)
-            logger.info(
-                f"After populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
-            )
-            #self.assertEqual(request.session["analyst_action"], "edit")
-            #self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
+            self.populate_session_values(request, item.domain)
+
+            self.assertEqual(request.session["analyst_action"], "edit")
+            self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
 
     def test_session_variables_concurrent_requests(self):
         """Simulates two requests at once"""

From 6ac58525465671955ac57df2161536ca3edf8286 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 15:31:14 -0600
Subject: [PATCH 068/110] Linter

---
 src/registrar/tests/test_admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 5cad9c646..df967414b 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -648,7 +648,7 @@ class DomainSessionVariableTest(TestCase):
         self.factory = RequestFactory()
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
-        
+
     def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 

From 5f5289faa3fa233f452ff9fac0813870e6249e4f Mon Sep 17 00:00:00 2001
From: Cameron Dixon <cameron.dixon@cisa.dhs.gov>
Date: Mon, 28 Aug 2023 17:48:51 -0400
Subject: [PATCH 069/110] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 2685a8ec3..f457e7e69 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-# Get (your very own) .gov
+# Infrastructure as a (public) service
 
-Welcome to the repo for a WIP brand new registrar for .gov domains. Get.gov intends to serve all government entities in the United States looking for a .gov domain to use publicly (for a website, for an email address, etc.). Here you can find the code for the registrar and other artifacts about our product strategy and research. 
+The .gov domain helps U.S.-based government organizations gain public trust by being easily recognized online. This repo contains the code for the new .gov registrar – where governments request and manage domains – and other artifacts about our product strategy and research.
 
 ## Onboarding
 

From df090b06f4058436a9cc9eb148616c2d7f5e90e4 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 29 Aug 2023 10:49:40 -0600
Subject: [PATCH 070/110] Added get-gov-admin.js

---
 src/registrar/assets/js/get-gov-admin.js | 37 ++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 src/registrar/assets/js/get-gov-admin.js

diff --git a/src/registrar/assets/js/get-gov-admin.js b/src/registrar/assets/js/get-gov-admin.js
new file mode 100644
index 000000000..d7d589214
--- /dev/null
+++ b/src/registrar/assets/js/get-gov-admin.js
@@ -0,0 +1,37 @@
+/**
+ * @file get-gov-admin.js includes custom code for the .gov registrar admin portal.
+ *
+ * Constants and helper functions are at the top.
+ * Event handlers are in the middle.
+ * Initialization (run-on-load) stuff goes at the bottom.
+ */
+
+// <<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
+// Helper functions.
+/** Either sets attribute target="_blank" to a given element, or removes it */
+function openInNewTab(el, removeAttribute = false){
+    if(removeAttribute){
+        el.setAttribute("target", "_blank");
+    }else{
+        el.removeAttribute("target", "_blank");
+    }
+};
+
+// <<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
+// Event handlers.
+
+// <<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
+// Initialization code.
+
+/** An IIFE for pages in DjangoAdmin which may need custom JS implementation.
+ * Currently only appends target="_blank" to the domain_form object,
+ * but this can be expanded.
+*/
+(function prepareDjangoAdmin(){
+    let domainFormElement = document.getElementById("domain_form");
+    let domainSubmitButton = document.getElementById("manageDomainSubmitButton");
+    if(domainSubmitButton && domainFormElement){
+      domainSubmitButton.addEventListener("mouseover", () => openInNewTab(domainFormElement, true));
+      domainSubmitButton.addEventListener("mouseout", () => openInNewTab(domainFormElement, false));
+    }
+})();
\ No newline at end of file

From 501cddebde7172cdf91ae05c458cf571df733f9e Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Tue, 29 Aug 2023 14:16:39 -0400
Subject: [PATCH 071/110] Change ineligible to restricted on User, fix status
 tempplate for DAs

---
 src/registrar/admin.py                        | 19 +++++++-------
 .../migrations/0030_alter_user_status.py      | 23 +++++++++++++++++
 src/registrar/models/domain_application.py    |  2 +-
 src/registrar/models/user.py                  | 16 ++++++------
 .../templates/application_status.html         |  1 +
 src/registrar/tests/test_admin.py             | 25 +++++++++----------
 src/registrar/tests/test_views.py             |  4 +--
 src/registrar/views/utility/mixins.py         |  4 +--
 8 files changed, 57 insertions(+), 37 deletions(-)
 create mode 100644 src/registrar/migrations/0030_alter_user_status.py

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index a832d34bd..4696a15bf 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -116,7 +116,7 @@ class MyUserAdmin(BaseUserAdmin):
         (
             None,
             {"fields": ("username", "password", "status")},
-        ),  # Add the 'status' field here
+        ),
         ("Personal Info", {"fields": ("first_name", "last_name", "email")}),
         (
             "Permissions",
@@ -301,7 +301,7 @@ class DomainApplicationAdmin(ListHeaderAdmin):
 
     # Trigger action when a fieldset is changed
     def save_model(self, request, obj, form, change):
-        if obj and obj.creator.status != "ineligible":
+        if obj and obj.creator.status != models.User.RESTRICTED:
             if change:  # Check if the application is being edited
                 # Get the original application from the database
                 original_obj = models.DomainApplication.objects.get(pk=obj.pk)
@@ -336,7 +336,7 @@ class DomainApplicationAdmin(ListHeaderAdmin):
             messages.error(
                 request,
                 "This action is not permitted for applications "
-                + "with an ineligible creator.",
+                + "with a restricted creator.",
             )
 
     def get_readonly_fields(self, request, obj=None):
@@ -348,8 +348,8 @@ class DomainApplicationAdmin(ListHeaderAdmin):
 
         readonly_fields = list(self.readonly_fields)
 
-        # Check if the creator is ineligible
-        if obj and obj.creator.status == "ineligible":
+        # Check if the creator is restricted
+        if obj and obj.creator.status == models.User.RESTRICTED:
             # For fields like CharField, IntegerField, etc., the widget used is
             # straightforward and the readonly_fields list can control their behavior
             readonly_fields.extend([field.name for field in self.model._meta.fields])
@@ -365,17 +365,16 @@ class DomainApplicationAdmin(ListHeaderAdmin):
             readonly_fields.extend([field for field in self.analyst_readonly_fields])
             return readonly_fields
 
-    def display_ineligible_warning(self, request, obj):
-        if obj and obj.creator.status == "ineligible":
+    def display_restricted_warning(self, request, obj):
+        if obj and obj.creator.status == models.User.RESTRICTED:
             messages.warning(
                 request,
-                "Cannot edit an application when its creator "
-                + "has a status of ineligible.",
+                "Cannot edit an application with a restricted creator.",
             )
 
     def change_view(self, request, object_id, form_url="", extra_context=None):
         obj = self.get_object(request, object_id)
-        self.display_ineligible_warning(request, obj)
+        self.display_restricted_warning(request, obj)
         return super().change_view(request, object_id, form_url, extra_context)
 
 
diff --git a/src/registrar/migrations/0030_alter_user_status.py b/src/registrar/migrations/0030_alter_user_status.py
new file mode 100644
index 000000000..7dd27bfa4
--- /dev/null
+++ b/src/registrar/migrations/0030_alter_user_status.py
@@ -0,0 +1,23 @@
+# Generated by Django 4.2.1 on 2023-08-29 17:09
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("registrar", "0029_user_status_alter_domainapplication_status"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="user",
+            name="status",
+            field=models.CharField(
+                blank=True,
+                choices=[("restricted", "restricted")],
+                default=None,
+                max_length=10,
+                null=True,
+            ),
+        ),
+    ]
diff --git a/src/registrar/models/domain_application.py b/src/registrar/models/domain_application.py
index c06985079..b1230b703 100644
--- a/src/registrar/models/domain_application.py
+++ b/src/registrar/models/domain_application.py
@@ -621,7 +621,7 @@ class DomainApplication(TimeStampedModel):
         We do this by setting an ineligible status on the user, which the
         permissions classes test against"""
 
-        self.creator.block_user()
+        self.creator.restrict_user()
 
     # ## Form policies ###
     #
diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py
index 9b3ba9162..5cf1dd71f 100644
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@@ -18,8 +18,8 @@ class User(AbstractUser):
     """
 
     # #### Constants for choice fields ####
-    INELIGIBLE = "ineligible"
-    STATUS_CHOICES = ((INELIGIBLE, INELIGIBLE),)
+    RESTRICTED = "restricted"
+    STATUS_CHOICES = ((RESTRICTED, RESTRICTED),)
 
     status = models.CharField(
         max_length=10,
@@ -51,18 +51,16 @@ class User(AbstractUser):
         else:
             return self.username
 
-    def block_user(self):
-        self.status = "ineligible"
+    def restrict_user(self):
+        self.status = self.RESTRICTED
         self.save()
 
-    def unblock_user(self):
+    def unrestrict_user(self):
         self.status = None
         self.save()
 
-    def is_blocked(self):
-        if self.status == "ineligible":
-            return True
-        return False
+    def is_restricted(self):
+        return self.status == self.RESTRICTED
 
     def first_login(self):
         """Callback when the user is authenticated for the very first time.
diff --git a/src/registrar/templates/application_status.html b/src/registrar/templates/application_status.html
index 99f6a1d4c..c95f6a98d 100644
--- a/src/registrar/templates/application_status.html
+++ b/src/registrar/templates/application_status.html
@@ -23,6 +23,7 @@
           {% elif domainapplication.status == 'in review' %} In Review 
           {% elif domainapplication.status == 'rejected' %} Rejected
           {% elif domainapplication.status == 'submitted' %} Submitted
+          {% elif domainapplication.status == 'ineligible' %} Ineligible
           {% else %}ERROR Please contact technical support/dev
           {% endif %}
         </p>
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 4a38d3576..fc5478dd9 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -284,7 +284,7 @@ class TestDomainApplicationAdmin(TestCase):
         # Perform assertions on the mock call itself
         mock_client_instance.send_email.assert_called_once()
 
-    def test_save_model_sets_ineligible_status_on_user(self):
+    def test_save_model_sets_restricted_status_on_user(self):
         # make sure there is no user with this email
         EMAIL = "mayor@igorville.gov"
         User.objects.filter(email=EMAIL).delete()
@@ -304,11 +304,11 @@ class TestDomainApplicationAdmin(TestCase):
         self.admin.save_model(request, application, form=None, change=True)
 
         # Test that approved domain exists and equals requested domain
-        self.assertEqual(application.creator.status, "ineligible")
+        self.assertEqual(application.creator.status, "restricted")
 
-    def test_readonly_when_ineligible_creator(self):
+    def test_readonly_when_restricted_creator(self):
         application = completed_application(status=DomainApplication.IN_REVIEW)
-        application.creator.status = "ineligible"
+        application.creator.status = User.RESTRICTED
         application.creator.save()
 
         request = self.factory.get("/")
@@ -388,10 +388,10 @@ class TestDomainApplicationAdmin(TestCase):
 
         self.assertEqual(readonly_fields, expected_fields)
 
-    def test_saving_when_ineligible_creator(self):
+    def test_saving_when_restricted_creator(self):
         # Create an instance of the model
         application = completed_application(status=DomainApplication.IN_REVIEW)
-        application.creator.status = "ineligible"
+        application.creator.status = User.RESTRICTED
         application.creator.save()
 
         # Create a request object with a superuser
@@ -405,17 +405,17 @@ class TestDomainApplicationAdmin(TestCase):
             # Assert that the error message was called with the correct argument
             mock_error.assert_called_once_with(
                 request,
-                "This action is not permitted for applications with "
-                + "an ineligible creator.",
+                "This action is not permitted for applications "
+                + "with a restricted creator.",
             )
 
         # Assert that the status has not changed
         self.assertEqual(application.status, DomainApplication.IN_REVIEW)
 
-    def test_change_view_with_ineligible_creator(self):
+    def test_change_view_with_restricted_creator(self):
         # Create an instance of the model
         application = completed_application(status=DomainApplication.IN_REVIEW)
-        application.creator.status = "ineligible"
+        application.creator.status = User.RESTRICTED
         application.creator.save()
 
         with patch("django.contrib.messages.warning") as mock_warning:
@@ -425,13 +425,12 @@ class TestDomainApplicationAdmin(TestCase):
             )
             request.user = self.superuser
 
-            self.admin.display_ineligible_warning(request, application)
+            self.admin.display_restricted_warning(request, application)
 
             # Assert that the error message was called with the correct argument
             mock_warning.assert_called_once_with(
                 request,
-                "Cannot edit an application when its creator "
-                + "has a status of ineligible.",
+                "Cannot edit an application with a restricted creator.",
             )
 
     def tearDown(self):
diff --git a/src/registrar/tests/test_views.py b/src/registrar/tests/test_views.py
index 0d1239cf3..017cb4d8d 100644
--- a/src/registrar/tests/test_views.py
+++ b/src/registrar/tests/test_views.py
@@ -105,7 +105,7 @@ class LoggedInTests(TestWithUser):
         """Application form not accessible for an ineligible user.
         This test should be solid enough since all application wizard
         views share the same permissions class"""
-        self.user.status = "ineligible"
+        self.user.status = User.RESTRICTED
         self.user.save()
 
         with less_console_noise():
@@ -1439,7 +1439,7 @@ class TestDomainDetail(TestWithDomainPermissions, WebTest):
         """We could easily duplicate this test for all domain management
         views, but a single url test should be solid enough since all domain
         management pages share the same permissions class"""
-        self.user.status = "ineligible"
+        self.user.status = User.RESTRICTED
         self.user.save()
         home_page = self.app.get("/")
         self.assertContains(home_page, "igorville.gov")
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index e85348d6c..363709a21 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -40,7 +40,7 @@ class DomainPermission(PermissionsLoginMixin):
             return False
 
         # The user has an ineligible flag
-        if self.request.user.is_blocked():
+        if self.request.user.is_restricted():
             return False
 
         # if we need to check more about the nature of role, do it here.
@@ -82,7 +82,7 @@ class ApplicationWizardPermission(PermissionsLoginMixin):
         """
 
         # The user has an ineligible flag
-        if self.request.user.is_blocked():
+        if self.request.user.is_restricted():
             return False
 
         return True

From f5300053dc3b47e8ba0882ce5a272bed8259d9e1 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 29 Aug 2023 15:29:02 -0400
Subject: [PATCH 072/110] show requested domain and alternate domains on manage
 screen; formatting conditional based on existence of alternate domains; add
 check for alternate domains in test_views

---
 src/registrar/templates/application_status.html   |  4 ++++
 .../templates/includes/summary_item.html          | 15 +++++++++++++++
 src/registrar/tests/test_views.py                 |  2 ++
 3 files changed, 21 insertions(+)

diff --git a/src/registrar/templates/application_status.html b/src/registrar/templates/application_status.html
index 99f6a1d4c..7e23cfe32 100644
--- a/src/registrar/templates/application_status.html
+++ b/src/registrar/templates/application_status.html
@@ -83,6 +83,10 @@
       {% include "includes/summary_item.html" with title='Current website for your organization' value=domainapplication.current_websites.all list='true' heading_level=heading_level %}
     {% endif %}
 
+    {% if domainapplication.requested_domain %}
+      {% include "includes/summary_item.html" with title='.gov domain' value=domainapplication requested_domain='true' heading_level=heading_level %}
+    {% endif %}
+
     {% if domainapplication.purpose %}
       {% include "includes/summary_item.html" with title='Purpose of your domain' value=domainapplication.purpose heading_level=heading_level %}
     {% endif %}
diff --git a/src/registrar/templates/includes/summary_item.html b/src/registrar/templates/includes/summary_item.html
index a2035b227..3295963ed 100644
--- a/src/registrar/templates/includes/summary_item.html
+++ b/src/registrar/templates/includes/summary_item.html
@@ -43,6 +43,21 @@
         {% else %}
           {% include "includes/contact.html" with contact=value %}
         {% endif %}
+      {% elif requested_domain %}
+        {% if value.alternative_domains.all %}
+          <ul class="usa-list usa-list--unstyled margin-bottom-105">
+            <li>{{ value.requested_domain.name|default:"Incomplete" }}</li>
+          </ul>
+          <ul class="usa-list usa-list--unstyled">
+          {% for domain in value.alternative_domains.all %}
+            <li>{{ domain.website }}</li>
+          {% endfor %}
+          </ul>
+        {% else %}
+          <p class="margin-top-0 margin-bottom-0">
+            {{ value.requested_domain }}
+          </p>
+        {% endif %}
       {% elif list %}
         {% if value|length == 1 %}
             {% if users %}
diff --git a/src/registrar/tests/test_views.py b/src/registrar/tests/test_views.py
index b4795de72..1a4d2197f 100644
--- a/src/registrar/tests/test_views.py
+++ b/src/registrar/tests/test_views.py
@@ -1442,6 +1442,7 @@ class TestApplicationStatus(TestWithUser, WebTest):
         # click the "Manage" link
         detail_page = home_page.click("Manage")
         self.assertContains(detail_page, "city.gov")
+        self.assertContains(detail_page, "city1.gov")
         self.assertContains(detail_page, "Chief Tester")
         self.assertContains(detail_page, "testy@town.com")
         self.assertContains(detail_page, "Admin Tester")
@@ -1459,6 +1460,7 @@ class TestApplicationStatus(TestWithUser, WebTest):
         # click the "Manage" link
         detail_page = home_page.click("Manage")
         self.assertContains(detail_page, "city.gov")
+        self.assertContains(detail_page, "city1.gov")
         self.assertContains(detail_page, "Chief Tester")
         self.assertContains(detail_page, "testy@town.com")
         self.assertContains(detail_page, "Admin Tester")

From 1a81d75170963eca872ddf3c330e1b062959d23b Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Wed, 30 Aug 2023 07:02:18 -0400
Subject: [PATCH 073/110] show requested domain and alternate domains on manage
 screen; formatting conditional based on existence of alternative domains;
 check added for alternative domains in test_views

---
 src/registrar/templates/application_status.html   |  6 +++++-
 .../templates/includes/summary_item.html          | 15 ---------------
 2 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/src/registrar/templates/application_status.html b/src/registrar/templates/application_status.html
index 7e23cfe32..dcae617a8 100644
--- a/src/registrar/templates/application_status.html
+++ b/src/registrar/templates/application_status.html
@@ -84,7 +84,11 @@
     {% endif %}
 
     {% if domainapplication.requested_domain %}
-      {% include "includes/summary_item.html" with title='.gov domain' value=domainapplication requested_domain='true' heading_level=heading_level %}
+      {% include "includes/summary_item.html" with title='.gov domain' value=domainapplication.requested_domain heading_level=heading_level %}
+    {% endif %}
+
+    {% if domainapplication.alternative_domains.all %}
+      {% include "includes/summary_item.html" with title='Alternative domains' value=domainapplication.alternative_domains.all list='true' heading_level=heading_level %}
     {% endif %}
 
     {% if domainapplication.purpose %}
diff --git a/src/registrar/templates/includes/summary_item.html b/src/registrar/templates/includes/summary_item.html
index 3295963ed..a2035b227 100644
--- a/src/registrar/templates/includes/summary_item.html
+++ b/src/registrar/templates/includes/summary_item.html
@@ -43,21 +43,6 @@
         {% else %}
           {% include "includes/contact.html" with contact=value %}
         {% endif %}
-      {% elif requested_domain %}
-        {% if value.alternative_domains.all %}
-          <ul class="usa-list usa-list--unstyled margin-bottom-105">
-            <li>{{ value.requested_domain.name|default:"Incomplete" }}</li>
-          </ul>
-          <ul class="usa-list usa-list--unstyled">
-          {% for domain in value.alternative_domains.all %}
-            <li>{{ domain.website }}</li>
-          {% endfor %}
-          </ul>
-        {% else %}
-          <p class="margin-top-0 margin-bottom-0">
-            {{ value.requested_domain }}
-          </p>
-        {% endif %}
       {% elif list %}
         {% if value|length == 1 %}
             {% if users %}

From 4dd175f2a06f6ce6b2825669aab50ec65dfc1882 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 07:43:26 -0600
Subject: [PATCH 074/110] Rebuild sandbox

---
 src/registrar/tests/test_admin.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index df967414b..7d9b1d9ae 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -674,6 +674,7 @@ class DomainSessionVariableTest(TestCase):
             "information", "session"
         )
         dummy_domain_information.domain.pk = 1
+
         request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
         self.populate_session_values(request, dummy_domain_information.domain)
         self.assertEqual(request.session["analyst_action"], "edit")

From 19d173efd4496dd34ccbe65c066b2df4b3bd0a39 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 09:32:08 -0600
Subject: [PATCH 075/110] Fixed merge issues

---
 src/registrar/views/utility/mixins.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 8617f8acb..1fd21b18e 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -41,11 +41,15 @@ class DomainPermission(PermissionsLoginMixin):
         if pk is None:
             raise ValueError("Primary key is None")
 
-        # user needs to have a role on the domain
+        # user needs to have a role on the domain,
+        # and user cannot be restricted
         if UserDomainRole.objects.filter(
             user=self.request.user, domain__id=pk
-        ).exists():
+        ).exists() and not self.request.user.is_restricted():
             return True
+        elif self.request.user.is_restricted():
+            return False
+
 
         # ticket 806
         requested_domain = None
@@ -87,10 +91,6 @@ class DomainPermission(PermissionsLoginMixin):
         if can_do_action and user_is_analyst_or_superuser:
             return True
 
-        # The user has an ineligible flag
-        if self.request.user.is_restricted():
-            return False
-
         # if we need to check more about the nature of role, do it here.
         return False
 

From 560d2c3ac56153c37b07e573ace55abfcb22dea6 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 12:34:11 -0600
Subject: [PATCH 076/110] Update oidc.py

---
 src/djangooidc/oidc.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/djangooidc/oidc.py b/src/djangooidc/oidc.py
index 26eb54d3d..2f08a0177 100644
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@@ -238,6 +238,10 @@ class Client(oic.Client):
                     "client_secret": self.client_secret,
                 },
                 authn_method=self.registration_response["token_endpoint_auth_method"],
+                # There is a time desync issue between login.gov and cloud, 
+                # this addresses that by adding a clock skew.
+                # See here: https://github.com/GSA-TTS/FAC/pull/1968#pullrequestreview-1601224051
+                skew=10,
             )
         except Exception as err:
             logger.error(err)

From a5ee50627d9e509a2a53479c680e4db0a4b44063 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 30 Aug 2023 14:37:55 -0400
Subject: [PATCH 077/110] Fix test against checkbox in django admin by using a
 custom filter

---
 .../templates/admin/change_list_results.html  |  2 +-
 src/registrar/templatetags/custom_filters.py  |  8 ++++++++
 src/registrar/tests/test_templatetags.py      | 19 +++++++++++++++++++
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/registrar/templates/admin/change_list_results.html b/src/registrar/templates/admin/change_list_results.html
index 9ee3f9f59..831350888 100644
--- a/src/registrar/templates/admin/change_list_results.html
+++ b/src/registrar/templates/admin/change_list_results.html
@@ -17,7 +17,7 @@ Load our custom filters to extract info from the django generated markup.
 <thead>
 <tr>
 
-{% if results.0.form %}
+{% if results.0|contains_checkbox %}
     {# .gov - hardcode the select all checkbox #}
     <th scope="col" class="action-checkbox-column" title="Toggle all">
         <div class="text">
diff --git a/src/registrar/templatetags/custom_filters.py b/src/registrar/templatetags/custom_filters.py
index f16408bf8..3614db18e 100644
--- a/src/registrar/templatetags/custom_filters.py
+++ b/src/registrar/templatetags/custom_filters.py
@@ -40,3 +40,11 @@ def slice_after(value, substring):
         result = value[index + len(substring) :]
         return result
     return value
+
+
+@register.filter
+def contains_checkbox(html_list):
+    for html_string in html_list:
+        if re.search(r'<input[^>]*type="checkbox"', html_string):
+            return True
+    return False
diff --git a/src/registrar/tests/test_templatetags.py b/src/registrar/tests/test_templatetags.py
index 36325ab5d..d5f8523c8 100644
--- a/src/registrar/tests/test_templatetags.py
+++ b/src/registrar/tests/test_templatetags.py
@@ -8,6 +8,7 @@ from registrar.templatetags.custom_filters import (
     extract_a_text,
     find_index,
     slice_after,
+    contains_checkbox,
 )
 
 
@@ -83,3 +84,21 @@ class CustomFiltersTestCase(TestCase):
         self.assertEqual(
             result, value
         )  # Should return the original value if substring not found
+
+    def test_contains_checkbox_with_checkbox(self):
+        # Test the filter when HTML list contains a checkbox
+        html_list = [
+            '<input type="checkbox" name="_selected_action">',
+            "<div>Some other HTML content</div>",
+        ]
+        result = contains_checkbox(html_list)
+        self.assertTrue(result)  # Expecting True
+
+    def test_contains_checkbox_without_checkbox(self):
+        # Test the filter when HTML list does not contain a checkbox
+        html_list = [
+            "<div>Some HTML content without checkbox</div>",
+            "<p>More HTML content</p>",
+        ]
+        result = contains_checkbox(html_list)
+        self.assertFalse(result)  # Expecting False

From 107cdc3b0e06234778443358c2dbb72dcc88fdf0 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 12:54:12 -0600
Subject: [PATCH 078/110] Linter change

---
 src/djangooidc/oidc.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/djangooidc/oidc.py b/src/djangooidc/oidc.py
index 2f08a0177..9907e4ee4 100644
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@@ -238,7 +238,7 @@ class Client(oic.Client):
                     "client_secret": self.client_secret,
                 },
                 authn_method=self.registration_response["token_endpoint_auth_method"],
-                # There is a time desync issue between login.gov and cloud, 
+                # There is a time desync issue between login.gov and cloud,
                 # this addresses that by adding a clock skew.
                 # See here: https://github.com/GSA-TTS/FAC/pull/1968#pullrequestreview-1601224051
                 skew=10,

From 6be3725612c16d16e3f4b2542e1d63add95a4f72 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 13:08:37 -0600
Subject: [PATCH 079/110] Fix linter issue

---
 src/djangooidc/oidc.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/djangooidc/oidc.py b/src/djangooidc/oidc.py
index 9907e4ee4..03745e056 100644
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@@ -238,7 +238,7 @@ class Client(oic.Client):
                     "client_secret": self.client_secret,
                 },
                 authn_method=self.registration_response["token_endpoint_auth_method"],
-                # There is a time desync issue between login.gov and cloud,
+                # There is a time desync issue between login.gov and cloud
                 # this addresses that by adding a clock skew.
                 # See here: https://github.com/GSA-TTS/FAC/pull/1968#pullrequestreview-1601224051
                 skew=10,

From 1a347b5ed7d08bd82ed5523542a074e8664581ff Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 13:11:04 -0600
Subject: [PATCH 080/110] Fix lint real

---
 src/djangooidc/oidc.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/djangooidc/oidc.py b/src/djangooidc/oidc.py
index 03745e056..286e519a4 100644
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@@ -240,7 +240,6 @@ class Client(oic.Client):
                 authn_method=self.registration_response["token_endpoint_auth_method"],
                 # There is a time desync issue between login.gov and cloud
                 # this addresses that by adding a clock skew.
-                # See here: https://github.com/GSA-TTS/FAC/pull/1968#pullrequestreview-1601224051
                 skew=10,
             )
         except Exception as err:

From 98ab0180a4862a30458821f83a09bc82204954c1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 13:14:53 -0600
Subject: [PATCH 081/110] Updated Pauls userid

---
 src/registrar/fixtures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index f7168dbf3..58a03045b 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -63,7 +63,7 @@ class UserFixture:
             "last_name": "Adkinson",
         },
         {
-            "username": "bb21f687-c773-4df3-9243-111cfd4c0be4",
+            "username": "2bf518c2-485a-4c42-ab1a-f5a8b0a08484",
             "first_name": "Paul",
             "last_name": "Kuykendall",
         },

From a564fe017c1b3c51be87a078be844ac0e042984e Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Wed, 30 Aug 2023 15:15:43 -0400
Subject: [PATCH 082/110] skew fix

---
 src/djangooidc/oidc.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/djangooidc/oidc.py b/src/djangooidc/oidc.py
index 26eb54d3d..9907e4ee4 100644
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@@ -238,6 +238,10 @@ class Client(oic.Client):
                     "client_secret": self.client_secret,
                 },
                 authn_method=self.registration_response["token_endpoint_auth_method"],
+                # There is a time desync issue between login.gov and cloud,
+                # this addresses that by adding a clock skew.
+                # See here: https://github.com/GSA-TTS/FAC/pull/1968#pullrequestreview-1601224051
+                skew=10,
             )
         except Exception as err:
             logger.error(err)

From aa41df0ca465703587a7a17b3be7739faf84d484 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Wed, 30 Aug 2023 15:21:12 -0400
Subject: [PATCH 083/110] fixed lint feedback

---
 src/djangooidc/oidc.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/djangooidc/oidc.py b/src/djangooidc/oidc.py
index 9907e4ee4..0d196194d 100644
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@@ -240,7 +240,6 @@ class Client(oic.Client):
                 authn_method=self.registration_response["token_endpoint_auth_method"],
                 # There is a time desync issue between login.gov and cloud,
                 # this addresses that by adding a clock skew.
-                # See here: https://github.com/GSA-TTS/FAC/pull/1968#pullrequestreview-1601224051
                 skew=10,
             )
         except Exception as err:

From 56eda2922563a01109182454455d560861f4f4a8 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 13:25:21 -0600
Subject: [PATCH 084/110] Linting for recent changes

---
 src/registrar/views/utility/mixins.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 1fd21b18e..aff82699a 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -43,14 +43,16 @@ class DomainPermission(PermissionsLoginMixin):
 
         # user needs to have a role on the domain,
         # and user cannot be restricted
-        if UserDomainRole.objects.filter(
-            user=self.request.user, domain__id=pk
-        ).exists() and not self.request.user.is_restricted():
+        if (
+            UserDomainRole.objects.filter(
+                user=self.request.user, domain__id=pk
+            ).exists()
+            and not self.request.user.is_restricted()
+        ):
             return True
         elif self.request.user.is_restricted():
             return False
 
-
         # ticket 806
         requested_domain = None
         if DomainInformation.objects.filter(id=pk).exists():

From 4df52e5a45b968a39dafcadc01de4c7769ed0e65 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 30 Aug 2023 18:41:43 -0400
Subject: [PATCH 085/110] Change ul and li to p for django admin object-tools
 links

---
 src/registrar/templates/admin/change_form.html        | 11 +++++++++++
 .../templates/admin/change_form_object_tools.html     |  7 +++++++
 src/registrar/templates/admin/change_list.html        |  8 ++++++++
 .../templates/admin/change_list_object_tools.html     | 10 ++++++++++
 4 files changed, 36 insertions(+)
 create mode 100644 src/registrar/templates/admin/change_form.html
 create mode 100644 src/registrar/templates/admin/change_form_object_tools.html
 create mode 100644 src/registrar/templates/admin/change_list_object_tools.html

diff --git a/src/registrar/templates/admin/change_form.html b/src/registrar/templates/admin/change_form.html
new file mode 100644
index 000000000..dbb4c6a4a
--- /dev/null
+++ b/src/registrar/templates/admin/change_form.html
@@ -0,0 +1,11 @@
+{% extends "admin/change_form.html" %}
+
+{% block object-tools %}
+{% if change and not is_popup %}
+    <p class="object-tools">
+        {% block object-tools-items %}
+            {{ block.super }}
+        {% endblock %}
+    </p>
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/src/registrar/templates/admin/change_form_object_tools.html b/src/registrar/templates/admin/change_form_object_tools.html
new file mode 100644
index 000000000..8e462c0c3
--- /dev/null
+++ b/src/registrar/templates/admin/change_form_object_tools.html
@@ -0,0 +1,7 @@
+{% load i18n admin_urls %}
+
+{% block object-tools-items %}
+{% url opts|admin_urlname:'history' original.pk|admin_urlquote as history_url %}
+<a href="{% add_preserved_filters history_url %}" class="historylink">{% translate "History" %}</a>
+{% if has_absolute_url %}<a href="{{ absolute_url }}" class="viewsitelink">{% translate "View on site" %}</a>{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/src/registrar/templates/admin/change_list.html b/src/registrar/templates/admin/change_list.html
index 1026e7d60..535493815 100644
--- a/src/registrar/templates/admin/change_list.html
+++ b/src/registrar/templates/admin/change_list.html
@@ -24,3 +24,11 @@
         {% endif %}
     </h2>    
 {% endblock %}
+
+{% block object-tools %}
+    <p class="object-tools">
+        {% block object-tools-items %}
+            {{ block.super }}
+        {% endblock %}
+    </p>
+{% endblock %}
\ No newline at end of file
diff --git a/src/registrar/templates/admin/change_list_object_tools.html b/src/registrar/templates/admin/change_list_object_tools.html
new file mode 100644
index 000000000..e0f67acea
--- /dev/null
+++ b/src/registrar/templates/admin/change_list_object_tools.html
@@ -0,0 +1,10 @@
+{% load i18n admin_urls %}
+
+{% block object-tools-items %}
+  {% if has_add_permission %}
+    {% url cl.opts|admin_urlname:'add' as add_url %}
+    <a href="{% add_preserved_filters add_url is_popup to_field %}" class="addlink">
+      {% blocktranslate with cl.opts.verbose_name as name %}Add {{ name }}{% endblocktranslate %}
+    </a>
+  {% endif %}
+{% endblock %}
\ No newline at end of file

From c9269a56e000baf6df5f9e4c844e4de7dad862ec Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 30 Aug 2023 19:02:59 -0400
Subject: [PATCH 086/110] Comment out rejected fixture

---
 src/registrar/fixtures.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 2a1df7d0d..e288a21d4 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -268,10 +268,11 @@ class DomainApplicationFixture:
             "status": "action needed",
             "organization_name": "Example - Action Needed",
         },
-        {
-            "status": "rejected",
-            "organization_name": "Example - Rejected",
-        },
+        # Pa11y does not like this fixture
+        # {
+        #     "status": "rejected",
+        #     "organization_name": "Example - Rejected",
+        # },
     ]
 
     @classmethod

From 2f77ddf6de44961899feb58bc50df86fc202953d Mon Sep 17 00:00:00 2001
From: Gaby Disarli <gaby@truss.works>
Date: Wed, 30 Aug 2023 17:12:23 -0700
Subject: [PATCH 087/110] Add myslef to fixtures.py

---
 src/registrar/fixtures.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 2a1df7d0d..5fbf3454a 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -116,6 +116,12 @@ class UserFixture:
             "username": "5dc6c9a6-61d9-42b4-ba54-4beff28bac3c",
             "first_name": "David-Analyst",
             "last_name": "Kennedy-Analyst",
+        }
+        {
+           "username": "0eb6f326-a3d4-410f-a521-aa4c1fad4e47",
+           "first_name": "Gaby-Analyst",
+           "last_name": "DiSarli-Analyst",
+           "email": "gaby@truss.works"
         },
     ]
 

From c94458dcd7c4cf0214a21609aac166efc57c40c7 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 31 Aug 2023 08:23:16 -0600
Subject: [PATCH 088/110] Added missing comma

---
 src/registrar/templates/domain_base.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 78c493a9c..d2870a82c 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -27,7 +27,7 @@
         <div class="usa-alert__body">
           <h4 class="usa-alert__heading larger-font-sizing">Attention!</h4>
           <p class="usa-alert__text ">
-            You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates
+            You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates.
           </p>
         </div>
       </div>

From f4df0a2bc498a453273b62ffa6655a1c51b2f177 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 31 Aug 2023 11:26:47 -0400
Subject: [PATCH 089/110] Implement isActive method on Domain

---
 src/registrar/models/domain.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index a7e46f888..5421c13cc 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -337,6 +337,9 @@ class Domain(TimeStampedModel, DomainHelper):
         protected=True,  # cannot change state directly, particularly in Django admin
         help_text="Very basic info about the lifecycle of this domain object",
     )
+    
+    def isActive(self):
+        return self.state == Domain.State.CREATED 
 
     # ForeignKey on UserDomainRole creates a "permissions" member for
     # all of the user-roles that are in place for this domain

From 0a5d4e5f77c04d9bdb88539166e4682888824bac Mon Sep 17 00:00:00 2001
From: Gabriela DiSarli <107440934+gabydisarli@users.noreply.github.com>
Date: Thu, 31 Aug 2023 09:38:23 -0700
Subject: [PATCH 090/110] Update src/registrar/fixtures.py

fixing comma, thanks Rebecca!

Co-authored-by: Rebecca H. <rebecca.hsieh@truss.works>
---
 src/registrar/fixtures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 5fbf3454a..4351d9b93 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -121,7 +121,7 @@ class UserFixture:
            "username": "0eb6f326-a3d4-410f-a521-aa4c1fad4e47",
            "first_name": "Gaby-Analyst",
            "last_name": "DiSarli-Analyst",
-           "email": "gaby@truss.works"
+           "email": "gaby@truss.works",
         },
     ]
 

From 5dbbf59c1340a8ba3cf78815f9107d00bb92304f Mon Sep 17 00:00:00 2001
From: Gabriela DiSarli <107440934+gabydisarli@users.noreply.github.com>
Date: Thu, 31 Aug 2023 09:38:44 -0700
Subject: [PATCH 091/110] Update src/registrar/fixtures.py

Co-authored-by: rachidatecs <107004823+rachidatecs@users.noreply.github.com>
---
 src/registrar/fixtures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 4351d9b93..2685fc72f 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -116,7 +116,7 @@ class UserFixture:
             "username": "5dc6c9a6-61d9-42b4-ba54-4beff28bac3c",
             "first_name": "David-Analyst",
             "last_name": "Kennedy-Analyst",
-        }
+        },
         {
            "username": "0eb6f326-a3d4-410f-a521-aa4c1fad4e47",
            "first_name": "Gaby-Analyst",

From 2708b3baea5f34216e9cdec09e825ad06ee30d92 Mon Sep 17 00:00:00 2001
From: Gaby Disarli <gaby@truss.works>
Date: Thu, 31 Aug 2023 10:29:08 -0700
Subject: [PATCH 092/110] fixed formatting error

---
 src/registrar/fixtures.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 2685fc72f..3fea25033 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -118,10 +118,10 @@ class UserFixture:
             "last_name": "Kennedy-Analyst",
         },
         {
-           "username": "0eb6f326-a3d4-410f-a521-aa4c1fad4e47",
-           "first_name": "Gaby-Analyst",
-           "last_name": "DiSarli-Analyst",
-           "email": "gaby@truss.works",
+            "username": "0eb6f326-a3d4-410f-a521-aa4c1fad4e47",
+            "first_name": "Gaby-Analyst",
+            "last_name": "DiSarli-Analyst",
+            "email": "gaby@truss.works",
         },
     ]
 

From 3cfa7f8b034854ed529f1da8d9809138328ebd0d Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 31 Aug 2023 13:15:40 -0600
Subject: [PATCH 093/110] Changed permission flow for mixins / Made logging a
 bit more detailed

---
 src/registrar/views/domain.py                 | 21 +++--
 src/registrar/views/utility/mixins.py         | 92 +++++++++++--------
 .../views/utility/permission_views.py         | 24 +++--
 3 files changed, 82 insertions(+), 55 deletions(-)

diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 559ea4517..dd4b9d791 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -83,10 +83,10 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
         # Q: Is there a more efficent way to do this?
         # It would be ideal if we didn't have to repeat this.
         if self.request.user.is_staff or self.request.user.is_superuser:
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -134,8 +134,9 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -207,8 +208,9 @@ class DomainNameserversView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: formset.cleaned_data[field] for field in formset.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -254,8 +256,9 @@ class DomainYourContactInformationView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -306,8 +309,9 @@ class DomainSecurityEmailView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -388,7 +392,7 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, obj=self.get_object()
             )
         return redirect(self.get_success_url())
 
@@ -414,8 +418,9 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         return redirect(self.get_success_url())
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index aff82699a..9a19d78d1 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -36,27 +36,55 @@ class DomainPermission(PermissionsLoginMixin):
         if not self.request.user.is_authenticated:
             return False
 
+        if self.request.user.is_restricted():
+            return False
+
         pk = self.kwargs["pk"]
         # If pk is none then something went very wrong...
         if pk is None:
             raise ValueError("Primary key is None")
 
+        # ticket 806
+        if self.can_access_other_user_domains(pk):
+            return True
+
         # user needs to have a role on the domain,
         # and user cannot be restricted
-        if (
-            UserDomainRole.objects.filter(
-                user=self.request.user, domain__id=pk
-            ).exists()
-            and not self.request.user.is_restricted()
-        ):
-            return True
-        elif self.request.user.is_restricted():
+        if not UserDomainRole.objects.filter(
+            user=self.request.user, domain__id=pk
+        ).exists():
             return False
 
-        # ticket 806
-        requested_domain = None
-        if DomainInformation.objects.filter(id=pk).exists():
-            requested_domain = DomainInformation.objects.get(id=pk)
+        # if we need to check more about the nature of role, do it here.
+        return True
+
+    def can_access_other_user_domains(self, pk):
+        """Checks to see if an authorized user (staff or superuser)
+        can access a domain that they did not create or was invited to.
+        """
+
+        # Check if the user is permissioned...
+        user_is_analyst_or_superuser = (
+            self.request.user.is_staff or self.request.user.is_superuser
+        )
+        logger.debug(f"is auth {user_is_analyst_or_superuser}")
+
+        if not user_is_analyst_or_superuser:
+            return False
+
+        # Check if the user is attempting a valid edit action.
+        # In other words, if the analyst/admin did not click
+        # the 'Manage Domain' button in /admin,
+        # then they cannot access this page.
+        session = self.request.session
+        can_do_action = (
+            "analyst_action" in session
+            and "analyst_action_location" in session
+            and session["analyst_action_location"] == pk
+        )
+        logger.debug(f"can do {can_do_action}")
+        if not can_do_action:
+            return False
 
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [
@@ -64,37 +92,23 @@ class DomainPermission(PermissionsLoginMixin):
             DomainApplication.IN_REVIEW,
             DomainApplication.REJECTED,
             DomainApplication.ACTION_NEEDED,
+            # Edge case - some domains do not have
+            # a status or DomainInformation... aka a status of 'None'.
+            # It is necessary to access those to correct errors.
+            None,
         ]
 
-        # Check if the user is permissioned...
-        user_is_analyst_or_superuser = (
-            self.request.user.is_staff or self.request.user.is_superuser
-        )
+        requested_domain = None
+        if DomainInformation.objects.filter(id=pk).exists():
+            requested_domain = DomainInformation.objects.get(id=pk)
 
-        session = self.request.session
-        # Check if the user is attempting a valid edit action.
-        can_do_action = (
-            "analyst_action" in session
-            and "analyst_action_location" in session
-            and session["analyst_action_location"] == pk
-        )
+        if not requested_domain.domain_application.status in valid_domain_statuses:
+            return False
 
-        # Edge case - some domains do not have
-        # a status or DomainInformation... aka a status of 'None'
-        # This checks that it has a status, before checking if it does
-        # Otherwise, analysts can edit these domains
-        if requested_domain is not None:
-            can_do_action = (
-                can_do_action
-                and requested_domain.domain_application.status in valid_domain_statuses
-            )
-        # If the valid session keys exist, if the user is permissioned,
-        # and if its in a valid status
-        if can_do_action and user_is_analyst_or_superuser:
-            return True
-
-        # if we need to check more about the nature of role, do it here.
-        return False
+        # Valid session keys exist,
+        # the user is permissioned,
+        # and it is in a valid status
+        return True
 
 
 class DomainApplicationPermission(PermissionsLoginMixin):
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index a42238150..920ec6212 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -3,9 +3,9 @@
 import abc  # abstract base class
 
 from django.views.generic import DetailView, DeleteView, TemplateView
-
+from django.contrib.contenttypes.models import ContentType
 from registrar.models import Domain, DomainApplication, DomainInvitation
-
+from django.contrib.admin.models import LogEntry, CHANGE
 
 from .mixins import (
     DomainPermission,
@@ -48,7 +48,7 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         return context
 
     def log_analyst_form_actions(
-        self, form_class_name, printable_object_info, changes=None
+        self, form_class_name, printable_object_info, changes=None, obj=None
     ):
         """Generates a log for when key 'analyst_action' exists on the session.
         Follows this format:
@@ -72,12 +72,20 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
             # or 'copy', for instance.
             match action:
                 case "edit":
-                    # Q: do we want to be logging on every changed field?
-                    # I could see that becoming spammy log-wise,
-                    # but it may also be important.
+                    if obj is not None:
+                        content_type = ContentType.objects.get_for_model(obj)
+                        LogEntry.objects.log_action(
+                            user_id=self.request.user.id,
+                            content_type_id=content_type.pk,
+                            object_id=obj.id,
+                            object_repr=str(obj),
+                            action_flag=CHANGE,
+                        )
+
                     if changes is not None:
-                        # Logs every change made to the domain field
-                        # noqa for readability/format
+                        # Logs every change made to the domain field.
+                        # noqa for readability/format.
+                        # Used to manually capture changes, if need be.
                         for field, new_value in changes.items():
                             logger.info(
                                 f"""

From 2c2d6dfaeb557e0b1cae67c186047f780cf73217 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 31 Aug 2023 17:09:13 -0400
Subject: [PATCH 094/110] lint

---
 src/registrar/models/domain.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 5421c13cc..59563d3d8 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -337,9 +337,9 @@ class Domain(TimeStampedModel, DomainHelper):
         protected=True,  # cannot change state directly, particularly in Django admin
         help_text="Very basic info about the lifecycle of this domain object",
     )
-    
+
     def isActive(self):
-        return self.state == Domain.State.CREATED 
+        return self.state == Domain.State.CREATED
 
     # ForeignKey on UserDomainRole creates a "permissions" member for
     # all of the user-roles that are in place for this domain

From 9ca424d30c5a5937132d4e86ef43412750240ccf Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 1 Sep 2023 14:20:06 -0400
Subject: [PATCH 095/110] Remove load fixtures signal on migrate, add load
 command to docker compose, add DEBUG env check to load.py

---
 src/docker-compose.yml                    |  1 +
 src/registrar/management/commands/load.py | 14 +++++++++-----
 src/registrar/signals.py                  | 10 ----------
 3 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/src/docker-compose.yml b/src/docker-compose.yml
index 82642bc93..786f4c24b 100644
--- a/src/docker-compose.yml
+++ b/src/docker-compose.yml
@@ -54,6 +54,7 @@ services:
     # command: "python"
     command: >
       bash -c " python manage.py migrate &&
+      python manage.py load &&
       python manage.py runserver 0.0.0.0:8080"
 
   db:
diff --git a/src/registrar/management/commands/load.py b/src/registrar/management/commands/load.py
index e48d3f211..69e7e9ec8 100644
--- a/src/registrar/management/commands/load.py
+++ b/src/registrar/management/commands/load.py
@@ -2,6 +2,7 @@ import logging
 
 from django.core.management.base import BaseCommand
 from auditlog.context import disable_auditlog  # type: ignore
+from django.conf import settings
 
 from registrar.fixtures import UserFixture, DomainApplicationFixture, DomainFixture
 
@@ -12,8 +13,11 @@ class Command(BaseCommand):
     def handle(self, *args, **options):
         # django-auditlog has some bugs with fixtures
         # https://github.com/jazzband/django-auditlog/issues/17
-        with disable_auditlog():
-            UserFixture.load()
-            DomainApplicationFixture.load()
-            DomainFixture.load()
-            logger.info("All fixtures loaded.")
+        if settings.DEBUG:
+            with disable_auditlog():
+                UserFixture.load()
+                DomainApplicationFixture.load()
+                DomainFixture.load()
+                logger.info("All fixtures loaded.")
+        else:
+            logger.warn("Refusing to load fixture data in a non DEBUG env")
diff --git a/src/registrar/signals.py b/src/registrar/signals.py
index 62c5873f0..45c4c4f97 100644
--- a/src/registrar/signals.py
+++ b/src/registrar/signals.py
@@ -1,6 +1,5 @@
 import logging
 
-from django.conf import settings
 from django.core.management import call_command
 from django.db.models.signals import post_save, post_migrate
 from django.dispatch import receiver
@@ -56,12 +55,3 @@ def handle_profile(sender, instance, **kwargs):
                 f" Picking #{contacts[0].id} for User #{instance.id}."
             )
 
-
-@receiver(post_migrate)
-def handle_loaddata(**kwargs):
-    """Attempt to load test fixtures when in DEBUG mode."""
-    if settings.DEBUG:
-        try:
-            call_command("load")
-        except Exception as e:
-            logger.warning(e)

From cc9745ba68fed94f980d6adea5a911dca5f33e00 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 1 Sep 2023 14:40:59 -0400
Subject: [PATCH 096/110] lint

---
 src/registrar/signals.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/registrar/signals.py b/src/registrar/signals.py
index 45c4c4f97..9a1787227 100644
--- a/src/registrar/signals.py
+++ b/src/registrar/signals.py
@@ -54,4 +54,3 @@ def handle_profile(sender, instance, **kwargs):
                 "There are multiple Contacts with the same email address."
                 f" Picking #{contacts[0].id} for User #{instance.id}."
             )
-

From 72a2e989844ff6ba81e13870085007dc29bc2ff2 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 1 Sep 2023 14:51:58 -0400
Subject: [PATCH 097/110] lint

---
 src/registrar/signals.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/registrar/signals.py b/src/registrar/signals.py
index 9a1787227..4e7768ef4 100644
--- a/src/registrar/signals.py
+++ b/src/registrar/signals.py
@@ -1,7 +1,6 @@
 import logging
 
-from django.core.management import call_command
-from django.db.models.signals import post_save, post_migrate
+from django.db.models.signals import post_save
 from django.dispatch import receiver
 
 from .models import User, Contact

From 410cbd1130d787ba8d4f9acc3995d6e4435477d1 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 1 Sep 2023 15:11:17 -0400
Subject: [PATCH 098/110] Refactor to make more resilient in case of more than
 one item in change_form_object_tools, add comments

---
 src/registrar/fixtures.py                     |  9 ++++-----
 .../templates/admin/change_form.html          |  5 +++--
 .../admin/change_form_object_tools.html       | 19 ++++++++++++++++---
 .../templates/admin/change_list.html          |  5 +++--
 .../admin/change_list_object_tools.html       | 11 +++++++----
 5 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index e288a21d4..2a1df7d0d 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -268,11 +268,10 @@ class DomainApplicationFixture:
             "status": "action needed",
             "organization_name": "Example - Action Needed",
         },
-        # Pa11y does not like this fixture
-        # {
-        #     "status": "rejected",
-        #     "organization_name": "Example - Rejected",
-        # },
+        {
+            "status": "rejected",
+            "organization_name": "Example - Rejected",
+        },
     ]
 
     @classmethod
diff --git a/src/registrar/templates/admin/change_form.html b/src/registrar/templates/admin/change_form.html
index dbb4c6a4a..2df780aaa 100644
--- a/src/registrar/templates/admin/change_form.html
+++ b/src/registrar/templates/admin/change_form.html
@@ -1,11 +1,12 @@
 {% extends "admin/change_form.html" %}
 
+{% comment %} Replace the Django ul markup with a div. We'll edit the child markup accordingly in form_list_object_tools {% endcomment %}
 {% block object-tools %}
 {% if change and not is_popup %}
-    <p class="object-tools">
+    <div class="object-tools">
         {% block object-tools-items %}
             {{ block.super }}
         {% endblock %}
-    </p>
+    </div>
 {% endif %}
 {% endblock %}
\ No newline at end of file
diff --git a/src/registrar/templates/admin/change_form_object_tools.html b/src/registrar/templates/admin/change_form_object_tools.html
index 8e462c0c3..28c655bbc 100644
--- a/src/registrar/templates/admin/change_form_object_tools.html
+++ b/src/registrar/templates/admin/change_form_object_tools.html
@@ -1,7 +1,20 @@
 {% load i18n admin_urls %}
 
+{% comment %} Replace li with p for more semantic HTML if we have a single child {% endcomment %}
 {% block object-tools-items %}
-{% url opts|admin_urlname:'history' original.pk|admin_urlquote as history_url %}
-<a href="{% add_preserved_filters history_url %}" class="historylink">{% translate "History" %}</a>
-{% if has_absolute_url %}<a href="{{ absolute_url }}" class="viewsitelink">{% translate "View on site" %}</a>{% endif %}
+    {% url opts|admin_urlname:'history' original.pk|admin_urlquote as history_url %}
+    {% if has_absolute_url %}
+        <ul>
+            <li>
+                <a href="{% add_preserved_filters history_url %}" class="historylink">{% translate "History" %}</a>
+            </li>
+            <li>
+                <a href="{{ absolute_url }}" class="viewsitelink">{% translate "View on site" %}</a>
+            </li>
+        </ul>
+    {% else %}
+        <p class="margin-0 padding-0">
+            <a href="{% add_preserved_filters history_url %}" class="historylink">{% translate "History" %}</a>
+        </p>
+    {% endif %}
 {% endblock %}
\ No newline at end of file
diff --git a/src/registrar/templates/admin/change_list.html b/src/registrar/templates/admin/change_list.html
index 535493815..4a58a4b7e 100644
--- a/src/registrar/templates/admin/change_list.html
+++ b/src/registrar/templates/admin/change_list.html
@@ -25,10 +25,11 @@
     </h2>    
 {% endblock %}
 
+{% comment %} Replace the Django ul markup with a div. We'll replace the li with a p in change_list_object_tools {% endcomment %}
 {% block object-tools %}
-    <p class="object-tools">
+    <div class="object-tools">
         {% block object-tools-items %}
             {{ block.super }}
         {% endblock %}
-    </p>
+    </div>
 {% endblock %}
\ No newline at end of file
diff --git a/src/registrar/templates/admin/change_list_object_tools.html b/src/registrar/templates/admin/change_list_object_tools.html
index e0f67acea..9a046b4bb 100644
--- a/src/registrar/templates/admin/change_list_object_tools.html
+++ b/src/registrar/templates/admin/change_list_object_tools.html
@@ -1,10 +1,13 @@
 {% load i18n admin_urls %}
 
+{% comment %} Replace li with p for more semantic HTML {% endcomment %}
 {% block object-tools-items %}
   {% if has_add_permission %}
-    {% url cl.opts|admin_urlname:'add' as add_url %}
-    <a href="{% add_preserved_filters add_url is_popup to_field %}" class="addlink">
-      {% blocktranslate with cl.opts.verbose_name as name %}Add {{ name }}{% endblocktranslate %}
-    </a>
+    <p class="margin-0 padding-0">
+      {% url cl.opts|admin_urlname:'add' as add_url %}
+      <a href="{% add_preserved_filters add_url is_popup to_field %}" class="addlink">
+        {% blocktranslate with cl.opts.verbose_name as name %}Add {{ name }}{% endblocktranslate %}
+      </a>
+    </p>  
   {% endif %}
 {% endblock %}
\ No newline at end of file

From d2d5e291dc53e6658a23fa6af49791189e92444d Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 1 Sep 2023 15:37:13 -0400
Subject: [PATCH 099/110] Fix typo in comment

---
 src/registrar/templates/admin/change_form.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/admin/change_form.html b/src/registrar/templates/admin/change_form.html
index 2df780aaa..e0f9ae1a4 100644
--- a/src/registrar/templates/admin/change_form.html
+++ b/src/registrar/templates/admin/change_form.html
@@ -1,6 +1,6 @@
 {% extends "admin/change_form.html" %}
 
-{% comment %} Replace the Django ul markup with a div. We'll edit the child markup accordingly in form_list_object_tools {% endcomment %}
+{% comment %} Replace the Django ul markup with a div. We'll edit the child markup accordingly in change_form_object_tools {% endcomment %}
 {% block object-tools %}
 {% if change and not is_popup %}
     <div class="object-tools">

From 11bed39dd8a0e2d2d209027d755dc005f75f0ca5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 1 Sep 2023 14:16:44 -0600
Subject: [PATCH 100/110] Remove custom logging / cleanup

---
 src/registrar/assets/js/get-gov-admin.js      | 17 ++++--
 src/registrar/views/domain.py                 | 49 +----------------
 src/registrar/views/utility/mixins.py         |  8 +--
 .../views/utility/permission_views.py         | 55 -------------------
 4 files changed, 16 insertions(+), 113 deletions(-)

diff --git a/src/registrar/assets/js/get-gov-admin.js b/src/registrar/assets/js/get-gov-admin.js
index d7d589214..d193b2fb6 100644
--- a/src/registrar/assets/js/get-gov-admin.js
+++ b/src/registrar/assets/js/get-gov-admin.js
@@ -27,11 +27,16 @@ function openInNewTab(el, removeAttribute = false){
  * Currently only appends target="_blank" to the domain_form object,
  * but this can be expanded.
 */
-(function prepareDjangoAdmin(){
-    let domainFormElement = document.getElementById("domain_form");
-    let domainSubmitButton = document.getElementById("manageDomainSubmitButton");
-    if(domainSubmitButton && domainFormElement){
-      domainSubmitButton.addEventListener("mouseover", () => openInNewTab(domainFormElement, true));
-      domainSubmitButton.addEventListener("mouseout", () => openInNewTab(domainFormElement, false));
+(function (){
+    // Keep scope tight and allow for scalability
+    function prepareDjangoAdmin() {
+        let domainFormElement = document.getElementById("domain_form");
+        let domainSubmitButton = document.getElementById("manageDomainSubmitButton");
+        if(domainSubmitButton && domainFormElement){
+          domainSubmitButton.addEventListener("mouseover", () => openInNewTab(domainFormElement, true));
+          domainSubmitButton.addEventListener("mouseout", () => openInNewTab(domainFormElement, false));
+        }
     }
+
+    prepareDjangoAdmin();
 })();
\ No newline at end of file
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index dd4b9d791..29d06da39 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -80,15 +80,6 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
             self.request, "The organization name and mailing address has been updated."
         )
 
-        # Q: Is there a more efficent way to do this?
-        # It would be ideal if we didn't have to repeat this.
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
-
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -132,12 +123,7 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
             self.request, "The authorizing official for this domain has been updated."
         )
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
+
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -206,13 +192,6 @@ class DomainNameserversView(DomainPermissionView, FormMixin):
             self.request, "The name servers for this domain have been updated."
         )
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: formset.cleaned_data[field] for field in formset.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
-
         # superclass has the redirect
         return super().form_valid(formset)
 
@@ -254,13 +233,6 @@ class DomainYourContactInformationView(DomainPermissionView, FormMixin):
             self.request, "Your contact information for this domain has been updated."
         )
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
-
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -307,13 +279,6 @@ class DomainSecurityEmailView(DomainPermissionView, FormMixin):
             self.request, "The security email for this domain have been updated."
         )
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
-
         # superclass has the redirect
         return redirect(self.get_success_url())
 
@@ -389,11 +354,7 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
                 messages.success(
                     self.request, f"Invited {email_address} to this domain."
                 )
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, obj=self.get_object()
-            )
+
         return redirect(self.get_success_url())
 
     def form_valid(self, form):
@@ -416,12 +377,6 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
 
         messages.success(self.request, f"Added user {requested_email}.")
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
 
         return redirect(self.get_success_url())
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 9a19d78d1..57bb97be6 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -10,6 +10,7 @@ from registrar.models import (
 )
 import logging
 
+
 logger = logging.getLogger(__name__)
 
 
@@ -44,12 +45,10 @@ class DomainPermission(PermissionsLoginMixin):
         if pk is None:
             raise ValueError("Primary key is None")
 
-        # ticket 806
         if self.can_access_other_user_domains(pk):
             return True
 
-        # user needs to have a role on the domain,
-        # and user cannot be restricted
+        # user needs to have a role on the domain
         if not UserDomainRole.objects.filter(
             user=self.request.user, domain__id=pk
         ).exists():
@@ -67,7 +66,6 @@ class DomainPermission(PermissionsLoginMixin):
         user_is_analyst_or_superuser = (
             self.request.user.is_staff or self.request.user.is_superuser
         )
-        logger.debug(f"is auth {user_is_analyst_or_superuser}")
 
         if not user_is_analyst_or_superuser:
             return False
@@ -82,7 +80,7 @@ class DomainPermission(PermissionsLoginMixin):
             and "analyst_action_location" in session
             and session["analyst_action_location"] == pk
         )
-        logger.debug(f"can do {can_do_action}")
+
         if not can_do_action:
             return False
 
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 920ec6212..aa4c79690 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -47,61 +47,6 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
         return context
 
-    def log_analyst_form_actions(
-        self, form_class_name, printable_object_info, changes=None, obj=None
-    ):
-        """Generates a log for when key 'analyst_action' exists on the session.
-        Follows this format:
-
-        for field, new_value in changes.items():
-                "{user_type} '{self.request.user}'
-                set field '{field}': '{new_value}'
-                under class '{form_class_name}'
-                in domain '{printable_object_info}'"
-        """
-        if "analyst_action" in self.request.session:
-            action = self.request.session["analyst_action"]
-
-            user_type = "Analyst"
-            if self.request.user.is_superuser:
-                user_type = "Superuser"
-
-            # Template for potential future expansion,
-            # in the event we want more logging granularity.
-            # Could include things such as 'view'
-            # or 'copy', for instance.
-            match action:
-                case "edit":
-                    if obj is not None:
-                        content_type = ContentType.objects.get_for_model(obj)
-                        LogEntry.objects.log_action(
-                            user_id=self.request.user.id,
-                            content_type_id=content_type.pk,
-                            object_id=obj.id,
-                            object_repr=str(obj),
-                            action_flag=CHANGE,
-                        )
-
-                    if changes is not None:
-                        # Logs every change made to the domain field.
-                        # noqa for readability/format.
-                        # Used to manually capture changes, if need be.
-                        for field, new_value in changes.items():
-                            logger.info(
-                                f"""
-                                An analyst or superuser made alterations to a domain: 
-                                {user_type} '{self.request.user}' 
-                                set field '{field}': '{new_value}' 
-                                under class '{form_class_name}' 
-                                in domain '{printable_object_info}'
-                                """  # noqa
-                            )
-                    else:
-                        # noqa here as breaking this up further leaves it hard to read
-                        logger.info(
-                            f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
-                        )
-
     # Abstract property enforces NotImplementedError on an attribute.
     @property
     @abc.abstractmethod

From 6617ecb8a0cb4901458d67ee6583d0e7d5a0a985 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 1 Sep 2023 17:39:58 -0400
Subject: [PATCH 101/110] concatenate the value + extracted text for both label
 for attribute and checkbox id attribute

---
 src/registrar/templates/admin/change_list_results.html | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/registrar/templates/admin/change_list_results.html b/src/registrar/templates/admin/change_list_results.html
index 831350888..1d0c70c30 100644
--- a/src/registrar/templates/admin/change_list_results.html
+++ b/src/registrar/templates/admin/change_list_results.html
@@ -60,12 +60,11 @@ Load our custom filters to extract info from the django generated markup.
         <tr><td colspan="{{ result|length }}">{{ result.form.non_field_errors }}</td></tr>
     {% endif %}
     <tr>
-
         {% with result_value=result.0|extract_value %}
             {% with result_label=result.1|extract_a_text %}
                 <td>
-                    <input type="checkbox" name="_selected_action" value="{{ result_value|default:'value' }}" id="{{ result_label|default:result_value }}" class="action-select">
-                    <label class="usa-sr-only" for="{{ result_label|default:result_value }}">{{ result_label|default:'label' }}</label>
+                    <input type="checkbox" name="_selected_action" value="{{ result_value|default:'value' }}" id="{{ result_value|default:'value' }} {{ result_label|default:'label' }}" class="action-select">
+                    <label class="usa-sr-only" for="{{ result_value|default:'value' }} {{ result_label|default:'label' }}">{{ result_label|default:'label' }}</label>
                 </td>
                 {% endwith %}
         {% endwith %}

From 7a5438e3d000834952241fec2d32e019e7a7b6ce Mon Sep 17 00:00:00 2001
From: rachidatecs <107004823+rachidatecs@users.noreply.github.com>
Date: Tue, 5 Sep 2023 11:59:33 -0400
Subject: [PATCH 102/110] Update
 src/registrar/templates/admin/change_list_results.html

Co-authored-by: Neil MartinsenBurrell <neil.martinsen-burrell@gsa.gov>
---
 src/registrar/templates/admin/change_list_results.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/admin/change_list_results.html b/src/registrar/templates/admin/change_list_results.html
index 1d0c70c30..4ced73eb3 100644
--- a/src/registrar/templates/admin/change_list_results.html
+++ b/src/registrar/templates/admin/change_list_results.html
@@ -63,8 +63,8 @@ Load our custom filters to extract info from the django generated markup.
         {% with result_value=result.0|extract_value %}
             {% with result_label=result.1|extract_a_text %}
                 <td>
-                    <input type="checkbox" name="_selected_action" value="{{ result_value|default:'value' }}" id="{{ result_value|default:'value' }} {{ result_label|default:'label' }}" class="action-select">
-                    <label class="usa-sr-only" for="{{ result_value|default:'value' }} {{ result_label|default:'label' }}">{{ result_label|default:'label' }}</label>
+                    <input type="checkbox" name="_selected_action" value="{{ result_value|default:'value' }}" id="{{ result_value|default:'value' }}-{{ result_label|default:'label' }}" class="action-select">
+                    <label class="usa-sr-only" for="{{ result_value|default:'value' }}-{{ result_label|default:'label' }}">{{ result_label|default:'label' }}</label>
                 </td>
                 {% endwith %}
         {% endwith %}

From 6d2b397a1bf71be3695c80003a07909e7b3428b5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 5 Sep 2023 14:07:35 -0600
Subject: [PATCH 103/110] Linter fixes

---
 src/registrar/views/domain.py                   | 3 ---
 src/registrar/views/utility/mixins.py           | 2 +-
 src/registrar/views/utility/permission_views.py | 2 --
 3 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 29d06da39..f945bc443 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -123,8 +123,6 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
             self.request, "The authorizing official for this domain has been updated."
         )
 
-
-
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -377,7 +375,6 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
 
         messages.success(self.request, f"Added user {requested_email}.")
 
-
         return redirect(self.get_success_url())
 
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 57bb97be6..fd58b3475 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -100,7 +100,7 @@ class DomainPermission(PermissionsLoginMixin):
         if DomainInformation.objects.filter(id=pk).exists():
             requested_domain = DomainInformation.objects.get(id=pk)
 
-        if not requested_domain.domain_application.status in valid_domain_statuses:
+        if requested_domain.domain_application.status not in valid_domain_statuses:
             return False
 
         # Valid session keys exist,
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index aa4c79690..417ee8417 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -3,9 +3,7 @@
 import abc  # abstract base class
 
 from django.views.generic import DetailView, DeleteView, TemplateView
-from django.contrib.contenttypes.models import ContentType
 from registrar.models import Domain, DomainApplication, DomainInvitation
-from django.contrib.admin.models import LogEntry, CHANGE
 
 from .mixins import (
     DomainPermission,

From 48e56724acbe5ccb544d2b776c4142818b9b0aae Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 6 Sep 2023 10:00:37 -0600
Subject: [PATCH 104/110] Added comments on get-gov-admin.js

---
 src/registrar/assets/js/get-gov-admin.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/registrar/assets/js/get-gov-admin.js b/src/registrar/assets/js/get-gov-admin.js
index d193b2fb6..3b9f19a49 100644
--- a/src/registrar/assets/js/get-gov-admin.js
+++ b/src/registrar/assets/js/get-gov-admin.js
@@ -28,7 +28,15 @@ function openInNewTab(el, removeAttribute = false){
  * but this can be expanded.
 */
 (function (){
-    // Keep scope tight and allow for scalability
+    /*
+    On mouseover, appends target="_blank" on domain_form under the Domain page.
+    The reason for this is that the template has a form that contains multiple buttons.
+    The structure of that template complicates seperating those buttons 
+    out of the form (while maintaining the same position on the page).
+    However, if we want to open one of those submit actions to a new tab - 
+    such as the manage domain button - we need to dynamically append target.
+    As there is no built-in django method which handles this, we do it here. 
+    */
     function prepareDjangoAdmin() {
         let domainFormElement = document.getElementById("domain_form");
         let domainSubmitButton = document.getElementById("manageDomainSubmitButton");

From d663e46fbbcd9678e5f531cab3418546474e4b17 Mon Sep 17 00:00:00 2001
From: Gaby Disarli <gaby@truss.works>
Date: Wed, 6 Sep 2023 17:12:28 -0700
Subject: [PATCH 105/110] changes to domain contact information

---
 src/registrar/templates/domain_your_contact_information.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_your_contact_information.html b/src/registrar/templates/domain_your_contact_information.html
index e18deeb50..1976a6def 100644
--- a/src/registrar/templates/domain_your_contact_information.html
+++ b/src/registrar/templates/domain_your_contact_information.html
@@ -7,7 +7,8 @@
 
   <h1>Domain contact information</h1>
 
-  <p>If you’d like us to use a different name, email, or phone number you can make those changes below. Changing your contact information here won’t affect your Login.gov account information.</p>
+<p>If you’d like us to use a different name, email, or phone number you can make those changes below. <strong>Please note that updating your contact information here will update the contact information for all domains in your account.</strong> However, it won’t affect your Login.gov account information.
+</p>
 
   {% include "includes/required_fields.html" %}
 

From b77bffd4835cf263dfc384dc571120dd987a5ed8 Mon Sep 17 00:00:00 2001
From: Gaby Disarli <gaby@truss.works>
Date: Thu, 7 Sep 2023 08:56:02 -0700
Subject: [PATCH 106/110] remove  'please note that'

---
 src/registrar/templates/domain_your_contact_information.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_your_contact_information.html b/src/registrar/templates/domain_your_contact_information.html
index 1976a6def..81c62584c 100644
--- a/src/registrar/templates/domain_your_contact_information.html
+++ b/src/registrar/templates/domain_your_contact_information.html
@@ -7,7 +7,7 @@
 
   <h1>Domain contact information</h1>
 
-<p>If you’d like us to use a different name, email, or phone number you can make those changes below. <strong>Please note that updating your contact information here will update the contact information for all domains in your account.</strong> However, it won’t affect your Login.gov account information.
+<p>If you’d like us to use a different name, email, or phone number you can make those changes below. <strong>Updating your contact information here will update the contact information for all domains in your account.</strong> However, it won’t affect your Login.gov account information.
 </p>
 
   {% include "includes/required_fields.html" %}

From 3d254c0f90f0c32395a1b7ead4c9ab68d97d9d71 Mon Sep 17 00:00:00 2001
From: Katherine-Osos <119689946+Katherine-Osos@users.noreply.github.com>
Date: Thu, 7 Sep 2023 11:06:44 -0500
Subject: [PATCH 107/110] Update AO description to match updates in request
 form

---
 src/registrar/templates/domain_authorizing_official.html | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/registrar/templates/domain_authorizing_official.html b/src/registrar/templates/domain_authorizing_official.html
index c08dbb237..c12f1f290 100644
--- a/src/registrar/templates/domain_authorizing_official.html
+++ b/src/registrar/templates/domain_authorizing_official.html
@@ -10,8 +10,7 @@
   <h1>Authorizing official</h1>
 
   <p>Your authorizing official is the person within your organization who can
-  authorize domain requests. This is generally the highest-ranking or
-  highest-elected official in your organization. Read more about <a class="usa-link" href="{% public_site_url 'domains/eligibility/#you-must-have-approval-from-an-authorizing-official-within-your-organization' %}">who can serve as an authorizing official</a>.</p>
+  authorize domain requests. This person must be in a role of significant, executive responsibility within the organization. Read more about <a class="usa-link" href="{% public_site_url 'domains/eligibility/#you-must-have-approval-from-an-authorizing-official-within-your-organization' %}">who can serve as an authorizing official</a>.</p>
 
   {% include "includes/required_fields.html" %}
 

From f5506c76cb043080f75eeaac9e990b65b4f40da1 Mon Sep 17 00:00:00 2001
From: CuriousX <nicolle.leclair@gmail.com>
Date: Fri, 8 Sep 2023 14:11:28 -0600
Subject: [PATCH 108/110] add Nicolle LeClair to admin and staff

---
 src/registrar/fixtures.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 76b01abf7..ccf60e591 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -77,6 +77,11 @@ class UserFixture:
             "first_name": "David",
             "last_name": "Kennedy",
         },
+        {
+            "username": "f14433d8-f0e9-41bf-9c72-b99b110e665d",
+            "first_name": "Nicolle",
+            "last_name": "LeClair",
+        },
     ]
 
     STAFF = [
@@ -123,6 +128,12 @@ class UserFixture:
             "last_name": "DiSarli-Analyst",
             "email": "gaby@truss.works",
         },
+        {
+            "username": "cfe7c2fc-e24a-480e-8b78-28645a1459b3",
+            "first_name": "Nicolle",
+            "last_name": "LeClair",
+            "email": "nicolle.leclair@ecstech.com", 
+        },
     ]
 
     STAFF_PERMISSIONS = [

From 8be7608c6cd74bd290d0dde1ded3ca020ff114ad Mon Sep 17 00:00:00 2001
From: CuriousX <nicolle.leclair@gmail.com>
Date: Fri, 8 Sep 2023 15:31:30 -0600
Subject: [PATCH 109/110] linted fixtures file

---
 src/registrar/fixtures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index ccf60e591..531cc5b2a 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -132,7 +132,7 @@ class UserFixture:
             "username": "cfe7c2fc-e24a-480e-8b78-28645a1459b3",
             "first_name": "Nicolle",
             "last_name": "LeClair",
-            "email": "nicolle.leclair@ecstech.com", 
+            "email": "nicolle.leclair@ecstech.com",
         },
     ]
 

From bfd466db03b897f150b15e9cc4ec7b7554ea37ff Mon Sep 17 00:00:00 2001
From: CuriousX <nicolle.leclair@gmail.com>
Date: Fri, 8 Sep 2023 15:35:23 -0600
Subject: [PATCH 110/110] updated analyst name

---
 src/registrar/fixtures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index 531cc5b2a..f37474e71 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -130,7 +130,7 @@ class UserFixture:
         },
         {
             "username": "cfe7c2fc-e24a-480e-8b78-28645a1459b3",
-            "first_name": "Nicolle",
+            "first_name": "Nicolle-Analyst",
             "last_name": "LeClair",
             "email": "nicolle.leclair@ecstech.com",
         },