diff --git a/src/registrar/migrations/0113_user_portfolio_user_portfolio_additional_permissions_and_more.py b/src/registrar/migrations/0113_user_portfolio_user_portfolio_additional_permissions_and_more.py index d4e1de5b2..d5a1168e7 100644 --- a/src/registrar/migrations/0113_user_portfolio_user_portfolio_additional_permissions_and_more.py +++ b/src/registrar/migrations/0113_user_portfolio_user_portfolio_additional_permissions_and_more.py @@ -1,4 +1,4 @@ -# Generated by Django 4.2.10 on 2024-07-18 18:09 +# Generated by Django 4.2.10 on 2024-07-22 19:19 from django.conf import settings import django.contrib.postgres.fields @@ -30,11 +30,13 @@ class Migration(migrations.Migration): field=django.contrib.postgres.fields.ArrayField( base_field=models.CharField( choices=[ - ("view_domains", "View all domains and domain reports"), + ("view_all_domains", "View all domains and domain reports"), + ("view_managed_domains", "View managed domains"), ("edit_domains", "User is a manager on a domain"), ("view_member", "View members"), ("edit_member", "Create and edit members"), - ("view_requests", "View requests"), + ("view_all_requests", "View all requests"), + ("view_created_requests", "View created requests"), ("edit_requests", "Create and edit requests"), ("view_portfolio", "View organization"), ("edit_portfolio", "Edit organization"), diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py index 3b5a382f7..26b96765e 100644 --- a/src/registrar/models/user.py +++ b/src/registrar/models/user.py @@ -73,7 +73,8 @@ class User(AbstractUser): class UserPortfolioPermissionChoices(models.TextChoices): """ """ - VIEW_DOMAINS = "view_domains", "View all domains and domain reports" + VIEW_ALL_DOMAINS = "view_all_domains", "View all domains and domain reports" + VIEW_MANAGED_DOMAINS = "view_managed_domains", "View managed domains" # EDIT_DOMAINS is really self.domains. We add is hear and leverage it in has_permission # so we have one way to test for portfolio and domain edit permissions # Do we need to check for portfolio domains specifically? @@ -83,7 +84,8 @@ class User(AbstractUser): VIEW_MEMBER = "view_member", "View members" EDIT_MEMBER = "edit_member", "Create and edit members" - VIEW_REQUESTS = "view_requests", "View requests" + VIEW_ALL_REQUESTS = "view_all_requests", "View all requests" + VIEW_CREATED_REQUESTS = "view_created_requests", "View created requests" EDIT_REQUESTS = "edit_requests", "Create and edit requests" VIEW_PORTFOLIO = "view_portfolio", "View organization" @@ -91,18 +93,18 @@ class User(AbstractUser): PORTFOLIO_ROLE_PERMISSIONS = { UserPortfolioRoleChoices.ORGANIZATION_ADMIN: [ - UserPortfolioPermissionChoices.VIEW_DOMAINS, + UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS, UserPortfolioPermissionChoices.VIEW_MEMBER, UserPortfolioPermissionChoices.EDIT_MEMBER, - UserPortfolioPermissionChoices.VIEW_REQUESTS, + UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS, UserPortfolioPermissionChoices.EDIT_REQUESTS, UserPortfolioPermissionChoices.VIEW_PORTFOLIO, UserPortfolioPermissionChoices.EDIT_PORTFOLIO, ], UserPortfolioRoleChoices.ORGANIZATION_ADMIN_READ_ONLY: [ - UserPortfolioPermissionChoices.VIEW_DOMAINS, + UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS, UserPortfolioPermissionChoices.VIEW_MEMBER, - UserPortfolioPermissionChoices.VIEW_REQUESTS, + UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS, UserPortfolioPermissionChoices.VIEW_PORTFOLIO, ], UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [ @@ -262,7 +264,7 @@ class User(AbstractUser): return list(portfolio_permissions) # Convert back to list if necessary def _has_portfolio_permission(self, portfolio_permission): - """The views should only call this guy when testing for perms and not rely on roles""" + """The views should only call this function when testing for perms and not rely on roles.""" # EDIT_DOMAINS === user is a manager on a domain (has UserDomainRole) # NOTE: Should we check whether the domain is in the portfolio? @@ -282,13 +284,13 @@ class User(AbstractUser): return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO) def has_domains_portfolio_permission(self): - return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_DOMAINS) + return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS) def has_edit_domains_portfolio_permission(self): return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS) def has_domain_requests_portfolio_permission(self): - return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_REQUESTS) + return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS) @classmethod def needs_identity_verification(cls, email, uuid): diff --git a/src/registrar/tests/test_models.py b/src/registrar/tests/test_models.py index 78cb3258b..8daf15933 100644 --- a/src/registrar/tests/test_models.py +++ b/src/registrar/tests/test_models.py @@ -1227,52 +1227,52 @@ class TestUser(TestCase): """ portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Hotel California") - self.user.portfolio_additional_permissions = [User.UserPortfolioPermissionChoices.VIEW_DOMAINS] + self.user.portfolio_additional_permissions = [User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS] self.user.save() self.user.refresh_from_db() - user_can_view_domains = self.user.has_domains_portfolio_permission() - user_can_view_requests = self.user.has_domain_requests_portfolio_permission() + user_can_view_all_domains = self.user.has_domains_portfolio_permission() + user_can_view_all_requests = self.user.has_domain_requests_portfolio_permission() user_can_edit_domains = self.user.has_edit_domains_portfolio_permission() - self.assertFalse(user_can_view_domains) - self.assertFalse(user_can_view_requests) + self.assertFalse(user_can_view_all_domains) + self.assertFalse(user_can_view_all_requests) self.assertFalse(user_can_edit_domains) self.user.portfolio = portfolio self.user.save() self.user.refresh_from_db() - user_can_view_domains = self.user.has_domains_portfolio_permission() - user_can_view_requests = self.user.has_domain_requests_portfolio_permission() + user_can_view_all_domains = self.user.has_domains_portfolio_permission() + user_can_view_all_requests = self.user.has_domain_requests_portfolio_permission() user_can_edit_domains = self.user.has_edit_domains_portfolio_permission() - self.assertTrue(user_can_view_domains) - self.assertFalse(user_can_view_requests) + self.assertTrue(user_can_view_all_domains) + self.assertFalse(user_can_view_all_requests) self.assertFalse(user_can_edit_domains) self.user.portfolio_roles = [User.UserPortfolioRoleChoices.ORGANIZATION_ADMIN] self.user.save() self.user.refresh_from_db() - user_can_view_domains = self.user.has_domains_portfolio_permission() - user_can_view_requests = self.user.has_domain_requests_portfolio_permission() + user_can_view_all_domains = self.user.has_domains_portfolio_permission() + user_can_view_all_requests = self.user.has_domain_requests_portfolio_permission() user_can_edit_domains = self.user.has_edit_domains_portfolio_permission() - self.assertTrue(user_can_view_domains) - self.assertTrue(user_can_view_requests) + self.assertTrue(user_can_view_all_domains) + self.assertTrue(user_can_view_all_requests) self.assertFalse(user_can_edit_domains) UserDomainRole.objects.all().get_or_create( user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER ) - user_can_view_domains = self.user.has_domains_portfolio_permission() - user_can_view_requests = self.user.has_domain_requests_portfolio_permission() + user_can_view_all_domains = self.user.has_domains_portfolio_permission() + user_can_view_all_requests = self.user.has_domain_requests_portfolio_permission() user_can_edit_domains = self.user.has_edit_domains_portfolio_permission() - self.assertTrue(user_can_view_domains) - self.assertTrue(user_can_view_requests) + self.assertTrue(user_can_view_all_domains) + self.assertTrue(user_can_view_all_requests) self.assertTrue(user_can_edit_domains) Portfolio.objects.all().delete() diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py index 47459722a..2348cb218 100644 --- a/src/registrar/tests/test_views_portfolio.py +++ b/src/registrar/tests/test_views_portfolio.py @@ -77,7 +77,7 @@ class TestPortfolioViews(TestWithUser, WebTest): self.user.portfolio = self.portfolio self.user.portfolio_additional_permissions = [ User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO, - User.UserPortfolioPermissionChoices.VIEW_DOMAINS, + User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS, ] self.user.save() self.user.refresh_from_db() @@ -148,8 +148,8 @@ class TestPortfolioViews(TestWithUser, WebTest): self.user.portfolio = self.portfolio self.user.portfolio_additional_permissions = [ User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO, - User.UserPortfolioPermissionChoices.VIEW_DOMAINS, - User.UserPortfolioPermissionChoices.VIEW_REQUESTS, + User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS, + User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS, ] self.user.save() self.user.refresh_from_db()