diff --git a/src/registrar/models/portfolio_invitation.py b/src/registrar/models/portfolio_invitation.py index 22c4c881e..2c8caaee3 100644 --- a/src/registrar/models/portfolio_invitation.py +++ b/src/registrar/models/portfolio_invitation.py @@ -76,6 +76,23 @@ class PortfolioInvitation(TimeStampedModel): domain__domain_info__portfolio=self.portfolio ).count() return managed_domains + + def get_portfolio_permissions(self): + """ + Retrieve the permissions for the user's portfolio roles from the invite. + This is similar logic to _get_portfolio_permissions in user_portfolio_permission + """ + # Use a set to avoid duplicate permissions + portfolio_permissions = set() + + if self.roles: + for role in self.roles: + portfolio_permissions.update(UserPortfolioPermission.PORTFOLIO_ROLE_PERMISSIONS.get(role, [])) + + if self.additional_permissions: + portfolio_permissions.update(self.additional_permissions) + + return list(portfolio_permissions) @transition(field="status", source=PortfolioInvitationStatus.INVITED, target=PortfolioInvitationStatus.RETRIEVED) def retrieve(self): diff --git a/src/registrar/templates/includes/member_permissions.html b/src/registrar/templates/includes/member_permissions.html index 0d38e2073..8cf75cfbf 100644 --- a/src/registrar/templates/includes/member_permissions.html +++ b/src/registrar/templates/includes/member_permissions.html @@ -8,18 +8,18 @@ {% endif %}

Organization domain requests

-{% if permissions.roles and 'organization_admin' in permissions.roles or 'edit_requests' in permissions.additional_permissions %} +{% if member_has_edit_request_portfolio_permission %}

View all requests plus create requests

-{% elif permissions.additional_permissions and 'view_all_requests' in permissions.additional_permissions %} +{% elif member_has_view_all_requests_portfolio_permission %}

View all requests

{% else %}

No access

{% endif %}

Organization members

-{% if permissions.additional_permissions and 'edit_members' in permissions.additional_permissions %} +{% if member_has_edit_members_portfolio_permission %}

View all members plus manage members

-{% elif permissions.additional_permissions and 'view_members' in permissions.additional_permissions %} +{% elif member_has_view_members_portfolio_permission %}

View all members

{% else %}

No access

diff --git a/src/registrar/templates/portfolio_member.html b/src/registrar/templates/portfolio_member.html index fe3039967..727b14497 100644 --- a/src/registrar/templates/portfolio_member.html +++ b/src/registrar/templates/portfolio_member.html @@ -109,9 +109,9 @@ {% if portfolio_permission %} - {% include "includes/summary_item.html" with title='Member access and permissions' permissions='true' value=portfolio_permission edit_link=edit_url editable=has_edit_members_portfolio_permission %} + {% include "includes/summary_item.html" with title='Member access and permissions' permissions='true' value=portfolio_permission member_has_view_all_requests_portfolio_permission=member_has_view_all_requests_portfolio_permission member_has_edit_request_portfolio_permission=member_has_edit_request_portfolio_permission member_has_view_members_portfolio_permission=member_has_view_members_portfolio_permission member_has_edit_members_portfolio_permission=member_has_edit_members_portfolio_permission edit_link=edit_url editable=has_edit_members_portfolio_permission %} {% elif portfolio_invitation %} - {% include "includes/summary_item.html" with title='Member access and permissions' permissions='true' value=portfolio_invitation edit_link=edit_url editable=has_edit_members_portfolio_permission %} + {% include "includes/summary_item.html" with title='Member access and permissions' permissions='true' value=portfolio_invitation member_has_view_all_requests_portfolio_permission=member_has_view_all_requests_portfolio_permission member_has_edit_request_portfolio_permission=member_has_edit_request_portfolio_permission member_has_view_members_portfolio_permission=member_has_view_members_portfolio_permission member_has_edit_members_portfolio_permission=member_has_edit_members_portfolio_permission edit_link=edit_url editable=has_edit_members_portfolio_permission %} {% endif %} {% if portfolio_permission %} diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py index 2b231a0b9..cd7923668 100644 --- a/src/registrar/views/portfolios.py +++ b/src/registrar/views/portfolios.py @@ -7,7 +7,7 @@ from registrar.forms.portfolio import PortfolioInvitedMemberForm, PortfolioMembe from registrar.models import Portfolio, User from registrar.models.portfolio_invitation import PortfolioInvitation from registrar.models.user_portfolio_permission import UserPortfolioPermission -from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices +from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices from registrar.views.utility.permission_views import ( PortfolioDomainRequestsPermissionView, PortfolioDomainsPermissionView, @@ -62,12 +62,22 @@ class PortfolioMemberView(PortfolioMemberPermissionView, View): def get(self, request, pk): portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk) - user = portfolio_permission.user - + member = portfolio_permission.user + + # We have to explicitely name these with member_ otherwise we'll have conflicts with context preprocessors + member_has_view_all_requests_portfolio_permission = member.has_view_all_requests_portfolio_permission(portfolio_permission.portfolio) + member_has_edit_request_portfolio_permission = member.has_edit_request_portfolio_permission(portfolio_permission.portfolio) + member_has_view_members_portfolio_permission = member.has_view_members_portfolio_permission(portfolio_permission.portfolio) + member_has_edit_members_portfolio_permission = member.has_edit_members_portfolio_permission(portfolio_permission.portfolio) + return render(request, self.template_name, { 'edit_url': reverse('member-permissions', args=[pk]), 'portfolio_permission': portfolio_permission, - 'member': user, + 'member': member, + 'member_has_view_all_requests_portfolio_permission': member_has_view_all_requests_portfolio_permission, + 'member_has_edit_request_portfolio_permission': member_has_edit_request_portfolio_permission, + 'member_has_view_members_portfolio_permission': member_has_view_members_portfolio_permission, + 'member_has_edit_members_portfolio_permission': member_has_edit_members_portfolio_permission }) @@ -112,9 +122,19 @@ class PortfolioInvitedMemberView(PortfolioInvitedMemberPermissionView, View): portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk) # form = self.form_class(instance=portfolio_invitation) + # We have to explicitely name these with member_ otherwise we'll have conflicts with context preprocessors + member_has_view_all_requests_portfolio_permission = UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS in portfolio_invitation.get_portfolio_permissions() + member_has_edit_request_portfolio_permission = UserPortfolioPermissionChoices.EDIT_REQUESTS in portfolio_invitation.get_portfolio_permissions() + member_has_view_members_portfolio_permission = UserPortfolioPermissionChoices.VIEW_MEMBERS in portfolio_invitation.get_portfolio_permissions() + member_has_edit_members_portfolio_permission = UserPortfolioPermissionChoices.EDIT_MEMBERS in portfolio_invitation.get_portfolio_permissions() + return render(request, self.template_name, { 'edit_url': reverse('invitedmember-permissions', args=[pk]), 'portfolio_invitation': portfolio_invitation, + 'member_has_view_all_requests_portfolio_permission': member_has_view_all_requests_portfolio_permission, + 'member_has_edit_request_portfolio_permission': member_has_edit_request_portfolio_permission, + 'member_has_view_members_portfolio_permission': member_has_view_members_portfolio_permission, + 'member_has_edit_members_portfolio_permission': member_has_edit_members_portfolio_permission })