Merge pull request #459 from cisagov/nmb/rbac

Role-based Access Control
2025-07-25 20:18:38 +02:00 · 2023-03-20 12:04:34 -05:00 · 2023-03-20 12:04:34 -05:00 · 1e69eb3c10
commit 1e69eb3c10
parent 789ac91eeb 7423ba3023
18 changed files with 413 additions and 8 deletions
--- a/src/registrar/models/domain_application.py
+++ b/src/registrar/models/domain_application.py
@ -502,6 +502,25 @@ class DomainApplication(TimeStampedModel):
        # This is a side-effect of the state transition
        self._send_confirmation_email()

+    @transition(field="status", source=[SUBMITTED, INVESTIGATING], target=APPROVED)
+    def approve(self):
+        """Approve an application that has been submitted.
+
+        This has substantial side-effects because it creates another database
+        object for the approved Domain and makes the user who created the
+        application into an admin on that domain.
+        """
+
+        # create the domain if it doesn't exist
+        Domain = apps.get_model("registrar.Domain")
+        created_domain, _ = Domain.objects.get_or_create(name=self.requested_domain)
+
+        # create the permission for the user
+        UserDomainRole = apps.get_model("registrar.UserDomainRole")
+        UserDomainRole.objects.get_or_create(
+            user=self.creator, domain=created_domain, role=UserDomainRole.Roles.ADMIN
+        )
+
    # ## Form policies ###
    #
    # These methods control what questions need to be answered by applicants