zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-19 10:59:21 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add corrected delete logic

Browse source
This commit is contained in:
zandercymatics 2024-09-13 13:48:47 -06:00
parent c1daa455ae
commit 4b8f77436d
No known key found for this signature in database
GPG key ID: FF4636ABEC9682B7
2 changed files with 19 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/registrar/views/domain_request.py
View file

@ -796,6 +796,12 @@ class DomainRequestDeleteView(DomainRequestPermissionDeleteView):
if status not in valid_statuses: if status not in valid_statuses:
return False return False
# Portfolio users cannot delete their requests if they aren't permissioned to do so
if self.request.user.is_org_user(self.request):
portfolio = self.request.session.get("portfolio")
if not self.request.user.has_edit_request_portfolio_permission(portfolio):
return False
return True return True
def get_success_url(self): def get_success_url(self):

18
src/registrar/views/domain_requests_json.py
View file

@ -25,9 +25,8 @@ def get_domain_requests_json(request):
paginator = Paginator(objects, 10) paginator = Paginator(objects, 10)
page_number = request.GET.get("page", 1) page_number = request.GET.get("page", 1)
page_obj = paginator.get_page(page_number) page_obj = paginator.get_page(page_number)
domain_requests = [ domain_requests = [
serialize_domain_request(domain_request, request.user) for domain_request in page_obj.object_list serialize_domain_request(request, domain_request, request.user) for domain_request in page_obj.object_list
] ]
return JsonResponse( return JsonResponse(
@ -90,13 +89,22 @@ def apply_sorting(queryset, request):
return queryset.order_by(sort_by) return queryset.order_by(sort_by)
def serialize_domain_request(domain_request, user): def serialize_domain_request(request, domain_request, user):
# Determine if the request is deletable
is_deletable = domain_request.status in [ deletable_statuses = [
DomainRequest.DomainRequestStatus.STARTED, DomainRequest.DomainRequestStatus.STARTED,
DomainRequest.DomainRequestStatus.WITHDRAWN, DomainRequest.DomainRequestStatus.WITHDRAWN,
] ]
# Determine if the request is deletable
if not user.is_org_user(request):
is_deletable = domain_request.status in deletable_statuses
else:
portfolio = request.session.get("portfolio")
is_deletable = (
domain_request.status in deletable_statuses and user.has_edit_request_portfolio_permission(portfolio)
) and domain_request.creator == user
# Determine action label based on user permissions and request status # Determine action label based on user permissions and request status
editable_statuses = [ editable_statuses = [
DomainRequest.DomainRequestStatus.STARTED, DomainRequest.DomainRequestStatus.STARTED,