move the logic from templates into the views when testing for permissions

src/registrar/models/portfolio_invitation.py

@@ -76,6 +76,23 @@ class PortfolioInvitation(TimeStampedModel):
             domain__domain_info__portfolio=self.portfolio
         ).count()
         return managed_domains
+    
+    def get_portfolio_permissions(self):
+        """
+        Retrieve the permissions for the user's portfolio roles from the invite.
+        This is similar logic to _get_portfolio_permissions in user_portfolio_permission
+        """
+        # Use a set to avoid duplicate permissions
+        portfolio_permissions = set()
+
+        if self.roles:
+            for role in self.roles:
+                portfolio_permissions.update(UserPortfolioPermission.PORTFOLIO_ROLE_PERMISSIONS.get(role, []))
+
+        if self.additional_permissions:
+            portfolio_permissions.update(self.additional_permissions)
+
+        return list(portfolio_permissions)
 
     @transition(field="status", source=PortfolioInvitationStatus.INVITED, target=PortfolioInvitationStatus.RETRIEVED)
     def retrieve(self):

src/registrar/templates/includes/member_permissions.html

@@ -8,18 +8,18 @@
 {% endif %}
 
 <h4 class="margin-bottom-0 text-primary">Organization domain requests</h4>
-{% if permissions.roles and 'organization_admin' in permissions.roles or 'edit_requests' in permissions.additional_permissions %}
+{% if member_has_edit_request_portfolio_permission %}
     <p class="margin-top-0">View all requests plus create requests</p>
-{% elif permissions.additional_permissions and 'view_all_requests' in permissions.additional_permissions %}
+{% elif member_has_view_all_requests_portfolio_permission %}
     <p class="margin-top-0">View all requests</p>
 {% else %}
     <p class="margin-top-0">No access</p>
 {% endif %}
 
 <h4 class="margin-bottom-0 text-primary">Organization members</h4>
-{% if permissions.additional_permissions and 'edit_members' in permissions.additional_permissions %}
+{% if member_has_edit_members_portfolio_permission %}
     <p class="margin-top-0">View all members plus manage members</p>
-{% elif permissions.additional_permissions and 'view_members' in permissions.additional_permissions %}
+{% elif member_has_view_members_portfolio_permission %}
     <p class="margin-top-0">View all members</p>
 {% else %}
     <p class="margin-top-0">No access</p>

src/registrar/templates/portfolio_member.html

@@ -109,9 +109,9 @@
   </address>
 
   {% if portfolio_permission %}
-    {% include "includes/summary_item.html" with title='Member access and permissions' permissions='true' value=portfolio_permission edit_link=edit_url editable=has_edit_members_portfolio_permission %}
+    {% include "includes/summary_item.html" with title='Member access and permissions' permissions='true' value=portfolio_permission member_has_view_all_requests_portfolio_permission=member_has_view_all_requests_portfolio_permission member_has_edit_request_portfolio_permission=member_has_edit_request_portfolio_permission member_has_view_members_portfolio_permission=member_has_view_members_portfolio_permission member_has_edit_members_portfolio_permission=member_has_edit_members_portfolio_permission edit_link=edit_url editable=has_edit_members_portfolio_permission %}
   {% elif portfolio_invitation %}
-    {% include "includes/summary_item.html" with title='Member access and permissions' permissions='true' value=portfolio_invitation edit_link=edit_url editable=has_edit_members_portfolio_permission %}
+    {% include "includes/summary_item.html" with title='Member access and permissions' permissions='true' value=portfolio_invitation member_has_view_all_requests_portfolio_permission=member_has_view_all_requests_portfolio_permission member_has_edit_request_portfolio_permission=member_has_edit_request_portfolio_permission member_has_view_members_portfolio_permission=member_has_view_members_portfolio_permission member_has_edit_members_portfolio_permission=member_has_edit_members_portfolio_permission edit_link=edit_url editable=has_edit_members_portfolio_permission %}
   {% endif %}
 
   {% if portfolio_permission %}

src/registrar/views/portfolios.py

@@ -7,7 +7,7 @@ from registrar.forms.portfolio import PortfolioInvitedMemberForm, PortfolioMembe
 from registrar.models import Portfolio, User
 from registrar.models.portfolio_invitation import PortfolioInvitation
 from registrar.models.user_portfolio_permission import UserPortfolioPermission
-from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
+from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
 from registrar.views.utility.permission_views import (
     PortfolioDomainRequestsPermissionView,
     PortfolioDomainsPermissionView,
@@ -62,12 +62,22 @@ class PortfolioMemberView(PortfolioMemberPermissionView, View):
 
     def get(self, request, pk):
         portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk)
-        user = portfolio_permission.user
-        
+        member = portfolio_permission.user
+
+        # We have to explicitely name these with member_ otherwise we'll have conflicts with context preprocessors
+        member_has_view_all_requests_portfolio_permission =  member.has_view_all_requests_portfolio_permission(portfolio_permission.portfolio)
+        member_has_edit_request_portfolio_permission = member.has_edit_request_portfolio_permission(portfolio_permission.portfolio)
+        member_has_view_members_portfolio_permission =  member.has_view_members_portfolio_permission(portfolio_permission.portfolio)
+        member_has_edit_members_portfolio_permission = member.has_edit_members_portfolio_permission(portfolio_permission.portfolio)
+
         return render(request, self.template_name, {
             'edit_url': reverse('member-permissions', args=[pk]),
             'portfolio_permission': portfolio_permission,
-            'member': user,
+            'member': member,
+            'member_has_view_all_requests_portfolio_permission': member_has_view_all_requests_portfolio_permission,
+            'member_has_edit_request_portfolio_permission': member_has_edit_request_portfolio_permission,
+            'member_has_view_members_portfolio_permission': member_has_view_members_portfolio_permission,
+            'member_has_edit_members_portfolio_permission': member_has_edit_members_portfolio_permission
         })
 
     
@@ -112,9 +122,19 @@ class PortfolioInvitedMemberView(PortfolioInvitedMemberPermissionView, View):
         portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
         # form = self.form_class(instance=portfolio_invitation)
 
+        # We have to explicitely name these with member_ otherwise we'll have conflicts with context preprocessors
+        member_has_view_all_requests_portfolio_permission = UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS in portfolio_invitation.get_portfolio_permissions()
+        member_has_edit_request_portfolio_permission = UserPortfolioPermissionChoices.EDIT_REQUESTS in portfolio_invitation.get_portfolio_permissions()
+        member_has_view_members_portfolio_permission = UserPortfolioPermissionChoices.VIEW_MEMBERS in portfolio_invitation.get_portfolio_permissions()
+        member_has_edit_members_portfolio_permission = UserPortfolioPermissionChoices.EDIT_MEMBERS in portfolio_invitation.get_portfolio_permissions()
+
         return render(request, self.template_name, {
             'edit_url': reverse('invitedmember-permissions', args=[pk]),
             'portfolio_invitation': portfolio_invitation,
+            'member_has_view_all_requests_portfolio_permission': member_has_view_all_requests_portfolio_permission,
+            'member_has_edit_request_portfolio_permission': member_has_edit_request_portfolio_permission,
+            'member_has_view_members_portfolio_permission': member_has_view_members_portfolio_permission,
+            'member_has_edit_members_portfolio_permission': member_has_edit_members_portfolio_permission
         })