+ Created by: {{DomainRequest.creator.email|default:DomainRequest.creator.get_formatted_name }} +
+ {% else %} ++ No creator found: this is an error, please email help@get.gov. +
+ {% endif %} + {% endif %} {% with statuses=DomainRequest.DomainRequestStatus last_submitted=DomainRequest.last_submitted_date|date:"F j, Y" first_submitted=DomainRequest.first_submitted_date|date:"F j, Y" last_status_update=DomainRequest.last_status_update|date:"F j, Y" %} {% comment %} @@ -103,13 +122,18 @@ {% endif %} {% endwith %} - {% endblock status_summary %} + {% endblock status_metadata %} + + {% block status_blurb %} + {% if DomainRequest.status == 'submitted' %} +{% include "includes/domain_request.html" %}
+ {% endif %} + {% endblock status_blurb %} {% block modify_request %} - {% if DomainRequest.status != 'rejected' %} -{% include "includes/domain_request.html" %}
+ {% if DomainRequest.status != 'withdrawn' or DomainRequest.status != 'rejected' %}- Withdraw request + Withdraw request
{% endif %} {% endblock modify_request %} diff --git a/src/registrar/templates/includes/domain_request_status_view.html b/src/registrar/templates/includes/domain_request_status_view.html index 244842321..16e499549 100644 --- a/src/registrar/templates/includes/domain_request_status_view.html +++ b/src/registrar/templates/includes/domain_request_status_view.html @@ -4,4 +4,4 @@ {% comment %} Do not show the withdraw button {% endcomment %} {% block modify_request %} -{% endblock modify_request %} \ No newline at end of file +{% endblock modify_request %} diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py index b2b65a5b4..469310850 100644 --- a/src/registrar/views/domain_request.py +++ b/src/registrar/views/domain_request.py @@ -20,6 +20,7 @@ from .utility import ( DomainRequestPermissionView, DomainRequestPermissionWithdrawView, DomainRequestWizardPermissionView, + DomainRequestPortfolioViewonlyView, ) logger = logging.getLogger(__name__) @@ -765,22 +766,8 @@ class DomainRequestStatus(DomainRequestPermissionView): return True -class DomainRequestStatusViewOnly(DomainRequestPermissionView): +class DomainRequestStatusViewOnly(DomainRequestPortfolioViewonlyView): template_name = "domain_request_status_viewonly.html" - def has_permission(self): - """ - Override of the base has_permission class to account for portfolio permissions - """ - has_base_perms = super().has_permission() - if not has_base_perms: - return False - - if self.request.user.is_org_user(self.request): - portfolio = self.request.session.get("portfolio") - if not self.request.user.has_view_all_requests_portfolio_permission(portfolio): - return False - - return True class DomainRequestWithdrawConfirmation(DomainRequestPermissionWithdrawView): diff --git a/src/registrar/views/utility/__init__.py b/src/registrar/views/utility/__init__.py index 7e4e19085..bb135b3d3 100644 --- a/src/registrar/views/utility/__init__.py +++ b/src/registrar/views/utility/__init__.py @@ -8,5 +8,6 @@ from .permission_views import ( DomainInvitationPermissionDeleteView, DomainRequestWizardPermissionView, PortfolioMembersPermission, + DomainRequestPortfolioViewonlyView, ) from .api_views import get_senior_official_from_federal_agency_json diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py index 4552008de..d8c48e01e 100644 --- a/src/registrar/views/utility/mixins.py +++ b/src/registrar/views/utility/mixins.py @@ -289,6 +289,29 @@ class DomainRequestPermission(PermissionsLoginMixin): return True +class DomainRequestPortfolioViewonlyPermission(PermissionsLoginMixin): + """Permission mixin that redirects to domain request if user + has access, otherwise 403""" + + def has_permission(self): + """Check if this user has access to this domain request. + + The user is in self.request.user and the domain needs to be looked + up from the domain's primary key in self.kwargs["pk"] + """ + if not self.request.user.is_authenticated: + return False + + if not self.request.user.is_org_user(self.request): + return False + + portfolio = self.request.session.get("portfolio") + if not self.request.user.has_view_all_requests_portfolio_permission(portfolio): + return False + + return True + + class UserDeleteDomainRolePermission(PermissionsLoginMixin): """Permission mixin for UserDomainRole if user has access, otherwise 403""" diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py index e7031cf0d..414e58275 100644 --- a/src/registrar/views/utility/permission_views.py +++ b/src/registrar/views/utility/permission_views.py @@ -19,6 +19,7 @@ from .mixins import ( UserProfilePermission, PortfolioBasePermission, PortfolioMembersPermission, + DomainRequestPortfolioViewonlyPermission, ) import logging @@ -100,6 +101,25 @@ class DomainRequestPermissionView(DomainRequestPermission, DetailView, abc.ABC): raise NotImplementedError +class DomainRequestPortfolioViewonlyView(DomainRequestPortfolioViewonlyPermission, DetailView, abc.ABC): + """Abstract base view for domain requests that enforces permissions + + This abstract view cannot be instantiated. Actual views must specify + `template_name`. + """ + + # DetailView property for what model this is viewing + model = DomainRequest + # variable name in template context for the model object + context_object_name = "DomainRequest" + + # Abstract property enforces NotImplementedError on an attribute. + @property + @abc.abstractmethod + def template_name(self): + raise NotImplementedError + + class DomainRequestPermissionWithdrawView(DomainRequestPermissionWithdraw, DetailView, abc.ABC): """Abstract base view for domain request withdraw function