revisions

src/registrar/migrations/0113_user_portfolio_user_portfolio_additional_permissions_and_more.py

@@ -1,4 +1,4 @@
-# Generated by Django 4.2.10 on 2024-07-18 18:09
+# Generated by Django 4.2.10 on 2024-07-22 19:19
 
 from django.conf import settings
 import django.contrib.postgres.fields
@@ -30,11 +30,13 @@ class Migration(migrations.Migration):
             field=django.contrib.postgres.fields.ArrayField(
                 base_field=models.CharField(
                     choices=[
-                        ("view_domains", "View all domains and domain reports"),
+                        ("view_all_domains", "View all domains and domain reports"),
+                        ("view_managed_domains", "View managed domains"),
                         ("edit_domains", "User is a manager on a domain"),
                         ("view_member", "View members"),
                         ("edit_member", "Create and edit members"),
-                        ("view_requests", "View requests"),
+                        ("view_all_requests", "View all requests"),
+                        ("view_created_requests", "View created requests"),
                         ("edit_requests", "Create and edit requests"),
                         ("view_portfolio", "View organization"),
                         ("edit_portfolio", "Edit organization"),

src/registrar/models/user.py

@@ -73,7 +73,8 @@ class User(AbstractUser):
     class UserPortfolioPermissionChoices(models.TextChoices):
         """ """
 
-        VIEW_DOMAINS = "view_domains", "View all domains and domain reports"
+        VIEW_ALL_DOMAINS = "view_all_domains", "View all domains and domain reports"
+        VIEW_MANAGED_DOMAINS = "view_managed_domains", "View managed domains"
         # EDIT_DOMAINS is really self.domains. We add is hear and leverage it in has_permission
         # so we have one way to test for portfolio and domain edit permissions
         # Do we need to check for portfolio domains specifically?
@@ -83,7 +84,8 @@ class User(AbstractUser):
         VIEW_MEMBER = "view_member", "View members"
         EDIT_MEMBER = "edit_member", "Create and edit members"
 
-        VIEW_REQUESTS = "view_requests", "View requests"
+        VIEW_ALL_REQUESTS = "view_all_requests", "View all requests"
+        VIEW_CREATED_REQUESTS = "view_created_requests", "View created requests"
         EDIT_REQUESTS = "edit_requests", "Create and edit requests"
 
         VIEW_PORTFOLIO = "view_portfolio", "View organization"
@@ -91,18 +93,18 @@ class User(AbstractUser):
 
     PORTFOLIO_ROLE_PERMISSIONS = {
         UserPortfolioRoleChoices.ORGANIZATION_ADMIN: [
-            UserPortfolioPermissionChoices.VIEW_DOMAINS,
+            UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
             UserPortfolioPermissionChoices.VIEW_MEMBER,
             UserPortfolioPermissionChoices.EDIT_MEMBER,
-            UserPortfolioPermissionChoices.VIEW_REQUESTS,
+            UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
             UserPortfolioPermissionChoices.EDIT_REQUESTS,
             UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
             UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
         ],
         UserPortfolioRoleChoices.ORGANIZATION_ADMIN_READ_ONLY: [
-            UserPortfolioPermissionChoices.VIEW_DOMAINS,
+            UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
             UserPortfolioPermissionChoices.VIEW_MEMBER,
-            UserPortfolioPermissionChoices.VIEW_REQUESTS,
+            UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
             UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
         ],
         UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [
@@ -262,7 +264,7 @@ class User(AbstractUser):
         return list(portfolio_permissions)  # Convert back to list if necessary
 
     def _has_portfolio_permission(self, portfolio_permission):
-        """The views should only call this guy when testing for perms and not rely on roles"""
+        """The views should only call this function when testing for perms and not rely on roles."""
 
         # EDIT_DOMAINS === user is a manager on a domain (has UserDomainRole)
         # NOTE: Should we check whether the domain is in the portfolio?
@@ -282,13 +284,13 @@ class User(AbstractUser):
         return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO)
 
     def has_domains_portfolio_permission(self):
-        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_DOMAINS)
+        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS)
 
     def has_edit_domains_portfolio_permission(self):
         return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
 
     def has_domain_requests_portfolio_permission(self):
-        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_REQUESTS)
+        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS)
 
     @classmethod
     def needs_identity_verification(cls, email, uuid):

src/registrar/tests/test_models.py

@@ -1227,52 +1227,52 @@ class TestUser(TestCase):
         """
         portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Hotel California")
 
-        self.user.portfolio_additional_permissions = [User.UserPortfolioPermissionChoices.VIEW_DOMAINS]
+        self.user.portfolio_additional_permissions = [User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS]
         self.user.save()
         self.user.refresh_from_db()
 
-        user_can_view_domains = self.user.has_domains_portfolio_permission()
-        user_can_view_requests = self.user.has_domain_requests_portfolio_permission()
+        user_can_view_all_domains = self.user.has_domains_portfolio_permission()
+        user_can_view_all_requests = self.user.has_domain_requests_portfolio_permission()
         user_can_edit_domains = self.user.has_edit_domains_portfolio_permission()
 
-        self.assertFalse(user_can_view_domains)
-        self.assertFalse(user_can_view_requests)
+        self.assertFalse(user_can_view_all_domains)
+        self.assertFalse(user_can_view_all_requests)
         self.assertFalse(user_can_edit_domains)
 
         self.user.portfolio = portfolio
         self.user.save()
         self.user.refresh_from_db()
 
-        user_can_view_domains = self.user.has_domains_portfolio_permission()
-        user_can_view_requests = self.user.has_domain_requests_portfolio_permission()
+        user_can_view_all_domains = self.user.has_domains_portfolio_permission()
+        user_can_view_all_requests = self.user.has_domain_requests_portfolio_permission()
         user_can_edit_domains = self.user.has_edit_domains_portfolio_permission()
 
-        self.assertTrue(user_can_view_domains)
-        self.assertFalse(user_can_view_requests)
+        self.assertTrue(user_can_view_all_domains)
+        self.assertFalse(user_can_view_all_requests)
         self.assertFalse(user_can_edit_domains)
 
         self.user.portfolio_roles = [User.UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
         self.user.save()
         self.user.refresh_from_db()
 
-        user_can_view_domains = self.user.has_domains_portfolio_permission()
-        user_can_view_requests = self.user.has_domain_requests_portfolio_permission()
+        user_can_view_all_domains = self.user.has_domains_portfolio_permission()
+        user_can_view_all_requests = self.user.has_domain_requests_portfolio_permission()
         user_can_edit_domains = self.user.has_edit_domains_portfolio_permission()
 
-        self.assertTrue(user_can_view_domains)
-        self.assertTrue(user_can_view_requests)
+        self.assertTrue(user_can_view_all_domains)
+        self.assertTrue(user_can_view_all_requests)
         self.assertFalse(user_can_edit_domains)
 
         UserDomainRole.objects.all().get_or_create(
             user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER
         )
 
-        user_can_view_domains = self.user.has_domains_portfolio_permission()
-        user_can_view_requests = self.user.has_domain_requests_portfolio_permission()
+        user_can_view_all_domains = self.user.has_domains_portfolio_permission()
+        user_can_view_all_requests = self.user.has_domain_requests_portfolio_permission()
         user_can_edit_domains = self.user.has_edit_domains_portfolio_permission()
 
-        self.assertTrue(user_can_view_domains)
-        self.assertTrue(user_can_view_requests)
+        self.assertTrue(user_can_view_all_domains)
+        self.assertTrue(user_can_view_all_requests)
         self.assertTrue(user_can_edit_domains)
 
         Portfolio.objects.all().delete()

src/registrar/tests/test_views_portfolio.py

@@ -77,7 +77,7 @@ class TestPortfolioViews(TestWithUser, WebTest):
         self.user.portfolio = self.portfolio
         self.user.portfolio_additional_permissions = [
             User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
-            User.UserPortfolioPermissionChoices.VIEW_DOMAINS,
+            User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
         ]
         self.user.save()
         self.user.refresh_from_db()
@@ -148,8 +148,8 @@ class TestPortfolioViews(TestWithUser, WebTest):
         self.user.portfolio = self.portfolio
         self.user.portfolio_additional_permissions = [
             User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
-            User.UserPortfolioPermissionChoices.VIEW_DOMAINS,
-            User.UserPortfolioPermissionChoices.VIEW_REQUESTS,
+            User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
+            User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
         ]
         self.user.save()
         self.user.refresh_from_db()